diff -ruN openssh-3.8p1/auth2-pubkey.c openssh-3.8p1+x509g3/auth2-pubkey.c --- openssh-3.8p1/auth2-pubkey.c 2004-01-21 02:02:50.000000000 +0200 +++ openssh-3.8p1+x509g3/auth2-pubkey.c 2004-02-25 09:06:01.000000000 +0200 @@ -1,5 +1,7 @@ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. + * X509 certificates support, + * Copyright (c) 2003 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -23,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth2-pubkey.c,v 1.6 2004/01/19 21:25:15 markus Exp $"); +RCSID("$OpenBSD$"); #include "ssh2.h" #include "xmalloc.h" @@ -40,6 +42,7 @@ #include "auth-options.h" #include "canohost.h" #include "monitor_wrap.h" +#include "ssh-x509.h" /* import */ extern ServerOptions options; @@ -241,6 +244,13 @@ fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); verbose("Found matching %s key: %s", key_type(found), fp); + if ((key->type == KEY_X509_RSA) || + (key->type == KEY_X509_DSA)) { + if (ssh_x509cert_check(key->x509) != 1) { + found_key = 0; + verbose("x509 certificate check reject matching key"); + } + } xfree(fp); break; } diff -ruN openssh-3.8p1/authfd.c openssh-3.8p1+x509g3/authfd.c --- openssh-3.8p1/authfd.c 2003-11-21 14:56:47.000000000 +0200 +++ openssh-3.8p1+x509g3/authfd.c 2004-02-25 09:06:01.000000000 +0200 @@ -12,6 +12,8 @@ * * SSH2 implementation, * Copyright (c) 2000 Markus Friedl. All rights reserved. + * X509 certificate support, + * Copyright (c) 2002 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -35,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfd.c,v 1.63 2003/11/21 11:57:03 djm Exp $"); +RCSID("$OpenBSD$"); #include @@ -475,6 +477,7 @@ buffer_put_cstring(b, key_ssh_name(key)); switch (key->type) { case KEY_RSA: + case KEY_X509_RSA: buffer_put_bignum2(b, key->rsa->n); buffer_put_bignum2(b, key->rsa->e); buffer_put_bignum2(b, key->rsa->d); @@ -483,6 +486,7 @@ buffer_put_bignum2(b, key->rsa->q); break; case KEY_DSA: + case KEY_X509_DSA: buffer_put_bignum2(b, key->dsa->p); buffer_put_bignum2(b, key->dsa->q); buffer_put_bignum2(b, key->dsa->g); @@ -490,6 +494,21 @@ buffer_put_bignum2(b, key->dsa->priv_key); break; } + if ((key->type == KEY_X509_RSA) || (key->type == KEY_X509_DSA)) { + int len; + void* str; + unsigned char *p; + + len = i2d_X509(key->x509, NULL); + str = xmalloc(len); + if (str == NULL) + { error("ssh_encode_identity_ssh2: out of memory"); return; } + + p = str; + i2d_X509(key->x509, &p); + buffer_put_string(b, str, len); + xfree(str); + } buffer_put_cstring(b, comment); } @@ -517,6 +536,8 @@ break; case KEY_RSA: case KEY_DSA: + case KEY_X509_RSA: + case KEY_X509_DSA: type = constrained ? SSH2_AGENTC_ADD_ID_CONSTRAINED : SSH2_AGENTC_ADD_IDENTITY; @@ -571,7 +592,7 @@ buffer_put_int(&msg, BN_num_bits(key->rsa->n)); buffer_put_bignum(&msg, key->rsa->e); buffer_put_bignum(&msg, key->rsa->n); - } else if (key->type == KEY_DSA || key->type == KEY_RSA) { + } else if (key->type == KEY_DSA || key->type == KEY_RSA || key->type == KEY_X509_DSA || key->type == KEY_X509_RSA ) { key_to_blob(key, &blob, &blen); buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); buffer_put_string(&msg, blob, blen); diff -ruN openssh-3.8p1/authfile.c openssh-3.8p1+x509g3/authfile.c --- openssh-3.8p1/authfile.c 2003-09-22 14:01:27.000000000 +0300 +++ openssh-3.8p1+x509g3/authfile.c 2004-02-25 09:06:01.000000000 +0200 @@ -13,6 +13,8 @@ * * * Copyright (c) 2000 Markus Friedl. All rights reserved. + * X509 certificate support, + * Copyright (c) 2002 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -36,7 +38,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: authfile.c,v 1.55 2003/09/18 07:56:05 markus Exp $"); +RCSID("$OpenBSD$"); #include #include @@ -51,6 +53,7 @@ #include "log.h" #include "authfile.h" #include "rsa.h" +#include "ssh-x509.h" /* Version identification string for SSH v1 identity files. */ static const char authfile_id_string[] = @@ -196,6 +199,10 @@ success = PEM_write_RSAPrivateKey(fp, key->rsa, cipher, passphrase, len, NULL, NULL); break; + case KEY_X509_RSA: + case KEY_X509_DSA: + success = x509key_save_pem(fp, key, cipher, passphrase, len); + break; } fclose(fp); return success; @@ -212,6 +219,8 @@ break; case KEY_DSA: case KEY_RSA: + case KEY_X509_RSA: + case KEY_X509_DSA: return key_save_private_pem(key, filename, passphrase, comment); break; @@ -448,6 +457,7 @@ Key *prv = NULL; char *name = ""; + debug("read PEM private key begin"); fp = fdopen(fd, "r"); if (fp == NULL) { error("fdopen failed: %s", strerror(errno)); @@ -485,6 +495,8 @@ error("PEM_read_PrivateKey: mismatch or " "unknown EVP_PKEY save_type %d", pk->save_type); } + if (prv) + x509key_load_cert(prv, fp); fclose(fp); if (pk != NULL) EVP_PKEY_free(pk); @@ -631,6 +643,7 @@ char file[MAXPATHLEN]; /* try rsa1 private key */ + debug3("key_load_public(%.200s,...)", filename); pub = key_load_public_type(KEY_RSA1, filename, commentp); if (pub != NULL) return pub; diff -ruN openssh-3.8p1/compat.c openssh-3.8p1+x509g3/compat.c --- openssh-3.8p1/compat.c 2003-11-03 11:09:03.000000000 +0200 +++ openssh-3.8p1+x509g3/compat.c 2004-02-25 09:06:01.000000000 +0200 @@ -1,5 +1,7 @@ /* * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. + * X509 certificate support, + * Copyright (c) 2003 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -23,7 +25,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: compat.c,v 1.70 2003/11/02 11:01:03 markus Exp $"); +RCSID("$OpenBSD$"); #include "buffer.h" #include "packet.h" @@ -36,6 +38,8 @@ int compat20 = 0; int datafellows = 0; +int x509rsasigtype = SSH_X509RSA_MD5; + void enable_compat20(void) { @@ -223,3 +227,19 @@ return(fix_ciphers); } + +int +ssh_x509rsasig(int _x509rsasigtype) { + switch(_x509rsasigtype) { + case SSH_X509RSA_MD5 : + case SSH_X509RSA_SHA1: + x509rsasigtype = _x509rsasigtype; + break; + default : + x509rsasigtype = SSH_X509RSA_MD5; + logit("invalid x509rsa sigtype=%d, switched to default=%d", _x509rsasigtype, x509rsasigtype); + break; + } + debug3("x509rsa sigtype=%d", x509rsasigtype); + return (x509rsasigtype); +} diff -ruN openssh-3.8p1/compat.h openssh-3.8p1+x509g3/compat.h --- openssh-3.8p1/compat.h 2003-11-03 11:09:03.000000000 +0200 +++ openssh-3.8p1+x509g3/compat.h 2004-02-25 09:06:00.000000000 +0200 @@ -1,7 +1,9 @@ -/* $OpenBSD: compat.h,v 1.37 2003/11/02 11:01:03 markus Exp $ */ +/* $OpenBSD$ */ /* * Copyright (c) 1999, 2000, 2001 Markus Friedl. All rights reserved. + * X509 certificate support, + * Copyright (c) 2003 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -65,4 +67,12 @@ extern int compat13; extern int compat20; extern int datafellows; + + +#define SSH_X509RSA_MD5 0 +#define SSH_X509RSA_SHA1 1 +int ssh_x509rsasig(int _x509rsasigtype); + +extern int x509rsasigtype; + #endif diff -ruN openssh-3.8p1/config.h.in openssh-3.8p1+x509g3/config.h.in --- openssh-3.8p1/config.h.in 2004-02-24 08:22:45.000000000 +0200 +++ openssh-3.8p1+x509g3/config.h.in 2004-02-25 09:06:01.000000000 +0200 @@ -1017,6 +1017,16 @@ /* The size of a `short int', as computed by sizeof. */ #undef SIZEOF_SHORT_INT +/* Specify location of ssh CA root */ +#undef SSHCADIR + +/* Define if your openssl library don't support Email in X.509 'Distinguished + Name' */ +#undef SSH_OPENSSL_DN_WITHOUT_EMAIL + +/* Define if you don't want to verify certificates */ +#undef SSH_X509STORE_DISABLED + /* Define if you have the ANSI C header files. */ #undef STDC_HEADERS diff -ruN openssh-3.8p1/configure openssh-3.8p1+x509g3/configure --- openssh-3.8p1/configure 2004-02-24 08:22:59.000000000 +0200 +++ openssh-3.8p1+x509g3/configure 2004-02-25 09:06:02.000000000 +0200 @@ -670,6 +670,7 @@ --disable-largefile omit support for large files --disable-strip Disable calling strip(1) on install --disable-etc-default-login Disable using PATH from /etc/default/login no + --disable-x509store Disable X.509 store --disable-lastlog disable use of lastlog even if detected no --disable-utmp disable use of utmp even if detected no --disable-utmpx disable use of utmpx even if detected no @@ -714,6 +715,7 @@ --with-superuser-path= Specify different path for super-user --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses --with-bsd-auth Enable BSD auth support + --with-sshca-dir=PATH Specify location of ssh CA root --with-pid-dir=PATH Specify location of ssh.pid file --with-lastlog=FILE|DIR specify lastlog location common locations @@ -909,7 +911,7 @@ fi for ac_site_file in $CONFIG_SITE; do if test -r "$ac_site_file"; then - { echo "$as_me:912: loading site script $ac_site_file" >&5 + { echo "$as_me:914: loading site script $ac_site_file" >&5 echo "$as_me: loading site script $ac_site_file" >&6;} cat "$ac_site_file" >&5 . "$ac_site_file" @@ -920,7 +922,7 @@ # Some versions of bash will fail to source /dev/null (special # files actually), so we avoid doing that. if test -f "$cache_file"; then - { echo "$as_me:923: loading cache $cache_file" >&5 + { echo "$as_me:925: loading cache $cache_file" >&5 echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . $cache_file;; @@ -928,7 +930,7 @@ esac fi else - { echo "$as_me:931: creating cache $cache_file" >&5 + { echo "$as_me:933: creating cache $cache_file" >&5 echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi @@ -944,21 +946,21 @@ eval ac_new_val="\$ac_env_${ac_var}_value" case $ac_old_set,$ac_new_set in set,) - { echo "$as_me:947: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 + { echo "$as_me:949: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) - { echo "$as_me:951: error: \`$ac_var' was not set in the previous run" >&5 + { echo "$as_me:953: error: \`$ac_var' was not set in the previous run" >&5 echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then - { echo "$as_me:957: error: \`$ac_var' has changed since the previous run:" >&5 + { echo "$as_me:959: error: \`$ac_var' has changed since the previous run:" >&5 echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} - { echo "$as_me:959: former value: $ac_old_val" >&5 + { echo "$as_me:961: former value: $ac_old_val" >&5 echo "$as_me: former value: $ac_old_val" >&2;} - { echo "$as_me:961: current value: $ac_new_val" >&5 + { echo "$as_me:963: current value: $ac_new_val" >&5 echo "$as_me: current value: $ac_new_val" >&2;} ac_cache_corrupted=: fi;; @@ -977,9 +979,9 @@ fi done if $ac_cache_corrupted; then - { echo "$as_me:980: error: changes in the environment can compromise the build" >&5 + { echo "$as_me:982: error: changes in the environment can compromise the build" >&5 echo "$as_me: error: changes in the environment can compromise the build" >&2;} - { { echo "$as_me:982: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 + { { echo "$as_me:984: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&5 echo "$as_me: error: run \`make distclean' and/or \`rm $cache_file' and start over" >&2;} { (exit 1); exit 1; }; } fi @@ -999,10 +1001,10 @@ echo "#! $SHELL" >conftest.sh echo "exit 0" >>conftest.sh chmod +x conftest.sh -if { (echo "$as_me:1002: PATH=\".;.\"; conftest.sh") >&5 +if { (echo "$as_me:1004: PATH=\".;.\"; conftest.sh") >&5 (PATH=".;."; conftest.sh) 2>&5 ac_status=$? - echo "$as_me:1005: \$? = $ac_status" >&5 + echo "$as_me:1007: \$? = $ac_status" >&5 (exit $ac_status); }; then ac_path_separator=';' else @@ -1021,7 +1023,7 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 -echo "$as_me:1024: checking for $ac_word" >&5 +echo "$as_me:1026: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -1036,7 +1038,7 @@ test -z "$ac_dir" && ac_dir=. $as_executable_p "$ac_dir/$ac_word" || continue ac_cv_prog_CC="${ac_tool_prefix}gcc" -echo "$as_me:1039: found $ac_dir/$ac_word" >&5 +echo "$as_me:1041: found $ac_dir/$ac_word" >&5 break done @@ -1044,10 +1046,10 @@ fi CC=$ac_cv_prog_CC if test -n "$CC"; then - echo "$as_me:1047: result: $CC" >&5 + echo "$as_me:1049: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else - echo "$as_me:1050: result: no" >&5 + echo "$as_me:1052: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -1056,7 +1058,7 @@ ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 -echo "$as_me:1059: checking for $ac_word" >&5 +echo "$as_me:1061: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -1071,7 +1073,7 @@ test -z "$ac_dir" && ac_dir=. $as_executable_p "$ac_dir/$ac_word" || continue ac_cv_prog_ac_ct_CC="gcc" -echo "$as_me:1074: found $ac_dir/$ac_word" >&5 +echo "$as_me:1076: found $ac_dir/$ac_word" >&5 break done @@ -1079,10 +1081,10 @@ fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then - echo "$as_me:1082: result: $ac_ct_CC" >&5 + echo "$as_me:1084: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else - echo "$as_me:1085: result: no" >&5 + echo "$as_me:1087: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -1095,7 +1097,7 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 -echo "$as_me:1098: checking for $ac_word" >&5 +echo "$as_me:1100: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -1110,7 +1112,7 @@ test -z "$ac_dir" && ac_dir=. $as_executable_p "$ac_dir/$ac_word" || continue ac_cv_prog_CC="${ac_tool_prefix}cc" -echo "$as_me:1113: found $ac_dir/$ac_word" >&5 +echo "$as_me:1115: found $ac_dir/$ac_word" >&5 break done @@ -1118,10 +1120,10 @@ fi CC=$ac_cv_prog_CC if test -n "$CC"; then - echo "$as_me:1121: result: $CC" >&5 + echo "$as_me:1123: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else - echo "$as_me:1124: result: no" >&5 + echo "$as_me:1126: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -1130,7 +1132,7 @@ ac_ct_CC=$CC # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 -echo "$as_me:1133: checking for $ac_word" >&5 +echo "$as_me:1135: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -1145,7 +1147,7 @@ test -z "$ac_dir" && ac_dir=. $as_executable_p "$ac_dir/$ac_word" || continue ac_cv_prog_ac_ct_CC="cc" -echo "$as_me:1148: found $ac_dir/$ac_word" >&5 +echo "$as_me:1150: found $ac_dir/$ac_word" >&5 break done @@ -1153,10 +1155,10 @@ fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then - echo "$as_me:1156: result: $ac_ct_CC" >&5 + echo "$as_me:1158: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else - echo "$as_me:1159: result: no" >&5 + echo "$as_me:1161: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -1169,7 +1171,7 @@ if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 -echo "$as_me:1172: checking for $ac_word" >&5 +echo "$as_me:1174: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -1189,7 +1191,7 @@ continue fi ac_cv_prog_CC="cc" -echo "$as_me:1192: found $ac_dir/$ac_word" >&5 +echo "$as_me:1194: found $ac_dir/$ac_word" >&5 break done @@ -1211,10 +1213,10 @@ fi CC=$ac_cv_prog_CC if test -n "$CC"; then - echo "$as_me:1214: result: $CC" >&5 + echo "$as_me:1216: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else - echo "$as_me:1217: result: no" >&5 + echo "$as_me:1219: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -1225,7 +1227,7 @@ do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 -echo "$as_me:1228: checking for $ac_word" >&5 +echo "$as_me:1230: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -1240,7 +1242,7 @@ test -z "$ac_dir" && ac_dir=. $as_executable_p "$ac_dir/$ac_word" || continue ac_cv_prog_CC="$ac_tool_prefix$ac_prog" -echo "$as_me:1243: found $ac_dir/$ac_word" >&5 +echo "$as_me:1245: found $ac_dir/$ac_word" >&5 break done @@ -1248,10 +1250,10 @@ fi CC=$ac_cv_prog_CC if test -n "$CC"; then - echo "$as_me:1251: result: $CC" >&5 + echo "$as_me:1253: result: $CC" >&5 echo "${ECHO_T}$CC" >&6 else - echo "$as_me:1254: result: no" >&5 + echo "$as_me:1256: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -1264,7 +1266,7 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -echo "$as_me:1267: checking for $ac_word" >&5 +echo "$as_me:1269: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -1279,7 +1281,7 @@ test -z "$ac_dir" && ac_dir=. $as_executable_p "$ac_dir/$ac_word" || continue ac_cv_prog_ac_ct_CC="$ac_prog" -echo "$as_me:1282: found $ac_dir/$ac_word" >&5 +echo "$as_me:1284: found $ac_dir/$ac_word" >&5 break done @@ -1287,10 +1289,10 @@ fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then - echo "$as_me:1290: result: $ac_ct_CC" >&5 + echo "$as_me:1292: result: $ac_ct_CC" >&5 echo "${ECHO_T}$ac_ct_CC" >&6 else - echo "$as_me:1293: result: no" >&5 + echo "$as_me:1295: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -1302,32 +1304,32 @@ fi -test -z "$CC" && { { echo "$as_me:1305: error: no acceptable cc found in \$PATH" >&5 +test -z "$CC" && { { echo "$as_me:1307: error: no acceptable cc found in \$PATH" >&5 echo "$as_me: error: no acceptable cc found in \$PATH" >&2;} { (exit 1); exit 1; }; } # Provide some information about the compiler. -echo "$as_me:1310:" \ +echo "$as_me:1312:" \ "checking for C compiler version" >&5 ac_compiler=`set X $ac_compile; echo $2` -{ (eval echo "$as_me:1313: \"$ac_compiler --version &5\"") >&5 +{ (eval echo "$as_me:1315: \"$ac_compiler --version &5\"") >&5 (eval $ac_compiler --version &5) 2>&5 ac_status=$? - echo "$as_me:1316: \$? = $ac_status" >&5 + echo "$as_me:1318: \$? = $ac_status" >&5 (exit $ac_status); } -{ (eval echo "$as_me:1318: \"$ac_compiler -v &5\"") >&5 +{ (eval echo "$as_me:1320: \"$ac_compiler -v &5\"") >&5 (eval $ac_compiler -v &5) 2>&5 ac_status=$? - echo "$as_me:1321: \$? = $ac_status" >&5 + echo "$as_me:1323: \$? = $ac_status" >&5 (exit $ac_status); } -{ (eval echo "$as_me:1323: \"$ac_compiler -V &5\"") >&5 +{ (eval echo "$as_me:1325: \"$ac_compiler -V &5\"") >&5 (eval $ac_compiler -V &5) 2>&5 ac_status=$? - echo "$as_me:1326: \$? = $ac_status" >&5 + echo "$as_me:1328: \$? = $ac_status" >&5 (exit $ac_status); } cat >conftest.$ac_ext <<_ACEOF -#line 1330 "configure" +#line 1332 "configure" #include "confdefs.h" int @@ -1343,13 +1345,13 @@ # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. -echo "$as_me:1346: checking for C compiler default output" >&5 +echo "$as_me:1348: checking for C compiler default output" >&5 echo $ECHO_N "checking for C compiler default output... $ECHO_C" >&6 ac_link_default=`echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` -if { (eval echo "$as_me:1349: \"$ac_link_default\"") >&5 +if { (eval echo "$as_me:1351: \"$ac_link_default\"") >&5 (eval $ac_link_default) 2>&5 ac_status=$? - echo "$as_me:1352: \$? = $ac_status" >&5 + echo "$as_me:1354: \$? = $ac_status" >&5 (exit $ac_status); }; then # Find the output, starting from the most likely. This scheme is # not robust to junk in `.', hence go to wildcards (a.*) only as a last @@ -1372,34 +1374,34 @@ else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 -{ { echo "$as_me:1375: error: C compiler cannot create executables" >&5 +{ { echo "$as_me:1377: error: C compiler cannot create executables" >&5 echo "$as_me: error: C compiler cannot create executables" >&2;} { (exit 77); exit 77; }; } fi ac_exeext=$ac_cv_exeext -echo "$as_me:1381: result: $ac_file" >&5 +echo "$as_me:1383: result: $ac_file" >&5 echo "${ECHO_T}$ac_file" >&6 # Check the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. -echo "$as_me:1386: checking whether the C compiler works" >&5 +echo "$as_me:1388: checking whether the C compiler works" >&5 echo $ECHO_N "checking whether the C compiler works... $ECHO_C" >&6 # FIXME: These cross compiler hacks should be removed for Autoconf 3.0 # If not cross compiling, check that we can run a simple program. if test "$cross_compiling" != yes; then if { ac_try='./$ac_file' - { (eval echo "$as_me:1392: \"$ac_try\"") >&5 + { (eval echo "$as_me:1394: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:1395: \$? = $ac_status" >&5 + echo "$as_me:1397: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else - { { echo "$as_me:1402: error: cannot run C compiled programs. + { { echo "$as_me:1404: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'." >&5 echo "$as_me: error: cannot run C compiled programs. If you meant to cross compile, use \`--host'." >&2;} @@ -1407,24 +1409,24 @@ fi fi fi -echo "$as_me:1410: result: yes" >&5 +echo "$as_me:1412: result: yes" >&5 echo "${ECHO_T}yes" >&6 rm -f a.out a.exe conftest$ac_cv_exeext ac_clean_files=$ac_clean_files_save # Check the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. -echo "$as_me:1417: checking whether we are cross compiling" >&5 +echo "$as_me:1419: checking whether we are cross compiling" >&5 echo $ECHO_N "checking whether we are cross compiling... $ECHO_C" >&6 -echo "$as_me:1419: result: $cross_compiling" >&5 +echo "$as_me:1421: result: $cross_compiling" >&5 echo "${ECHO_T}$cross_compiling" >&6 -echo "$as_me:1422: checking for executable suffix" >&5 +echo "$as_me:1424: checking for executable suffix" >&5 echo $ECHO_N "checking for executable suffix... $ECHO_C" >&6 -if { (eval echo "$as_me:1424: \"$ac_link\"") >&5 +if { (eval echo "$as_me:1426: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:1427: \$? = $ac_status" >&5 + echo "$as_me:1429: \$? = $ac_status" >&5 (exit $ac_status); }; then # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will @@ -1440,25 +1442,25 @@ esac done else - { { echo "$as_me:1443: error: cannot compute EXEEXT: cannot compile and link" >&5 + { { echo "$as_me:1445: error: cannot compute EXEEXT: cannot compile and link" >&5 echo "$as_me: error: cannot compute EXEEXT: cannot compile and link" >&2;} { (exit 1); exit 1; }; } fi rm -f conftest$ac_cv_exeext -echo "$as_me:1449: result: $ac_cv_exeext" >&5 +echo "$as_me:1451: result: $ac_cv_exeext" >&5 echo "${ECHO_T}$ac_cv_exeext" >&6 rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT -echo "$as_me:1455: checking for object suffix" >&5 +echo "$as_me:1457: checking for object suffix" >&5 echo $ECHO_N "checking for object suffix... $ECHO_C" >&6 if test "${ac_cv_objext+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 1461 "configure" +#line 1463 "configure" #include "confdefs.h" int @@ -1470,10 +1472,10 @@ } _ACEOF rm -f conftest.o conftest.obj -if { (eval echo "$as_me:1473: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:1475: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:1476: \$? = $ac_status" >&5 + echo "$as_me:1478: \$? = $ac_status" >&5 (exit $ac_status); }; then for ac_file in `(ls conftest.o conftest.obj; ls conftest.*) 2>/dev/null`; do case $ac_file in @@ -1485,24 +1487,24 @@ else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 -{ { echo "$as_me:1488: error: cannot compute OBJEXT: cannot compile" >&5 +{ { echo "$as_me:1490: error: cannot compute OBJEXT: cannot compile" >&5 echo "$as_me: error: cannot compute OBJEXT: cannot compile" >&2;} { (exit 1); exit 1; }; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi -echo "$as_me:1495: result: $ac_cv_objext" >&5 +echo "$as_me:1497: result: $ac_cv_objext" >&5 echo "${ECHO_T}$ac_cv_objext" >&6 OBJEXT=$ac_cv_objext ac_objext=$OBJEXT -echo "$as_me:1499: checking whether we are using the GNU C compiler" >&5 +echo "$as_me:1501: checking whether we are using the GNU C compiler" >&5 echo $ECHO_N "checking whether we are using the GNU C compiler... $ECHO_C" >&6 if test "${ac_cv_c_compiler_gnu+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 1505 "configure" +#line 1507 "configure" #include "confdefs.h" int @@ -1517,16 +1519,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:1520: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:1522: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:1523: \$? = $ac_status" >&5 + echo "$as_me:1525: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:1526: \"$ac_try\"") >&5 + { (eval echo "$as_me:1528: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:1529: \$? = $ac_status" >&5 + echo "$as_me:1531: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_compiler_gnu=yes else @@ -1538,19 +1540,19 @@ ac_cv_c_compiler_gnu=$ac_compiler_gnu fi -echo "$as_me:1541: result: $ac_cv_c_compiler_gnu" >&5 +echo "$as_me:1543: result: $ac_cv_c_compiler_gnu" >&5 echo "${ECHO_T}$ac_cv_c_compiler_gnu" >&6 GCC=`test $ac_compiler_gnu = yes && echo yes` ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS CFLAGS="-g" -echo "$as_me:1547: checking whether $CC accepts -g" >&5 +echo "$as_me:1549: checking whether $CC accepts -g" >&5 echo $ECHO_N "checking whether $CC accepts -g... $ECHO_C" >&6 if test "${ac_cv_prog_cc_g+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 1553 "configure" +#line 1555 "configure" #include "confdefs.h" int @@ -1562,16 +1564,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:1565: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:1567: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:1568: \$? = $ac_status" >&5 + echo "$as_me:1570: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:1571: \"$ac_try\"") >&5 + { (eval echo "$as_me:1573: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:1574: \$? = $ac_status" >&5 + echo "$as_me:1576: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_prog_cc_g=yes else @@ -1581,7 +1583,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:1584: result: $ac_cv_prog_cc_g" >&5 +echo "$as_me:1586: result: $ac_cv_prog_cc_g" >&5 echo "${ECHO_T}$ac_cv_prog_cc_g" >&6 if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS @@ -1608,16 +1610,16 @@ #endif _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:1611: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:1613: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:1614: \$? = $ac_status" >&5 + echo "$as_me:1616: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:1617: \"$ac_try\"") >&5 + { (eval echo "$as_me:1619: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:1620: \$? = $ac_status" >&5 + echo "$as_me:1622: \$? = $ac_status" >&5 (exit $ac_status); }; }; then for ac_declaration in \ ''\ @@ -1629,7 +1631,7 @@ 'void exit (int);' do cat >conftest.$ac_ext <<_ACEOF -#line 1632 "configure" +#line 1634 "configure" #include "confdefs.h" #include $ac_declaration @@ -1642,16 +1644,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:1645: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:1647: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:1648: \$? = $ac_status" >&5 + echo "$as_me:1650: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:1651: \"$ac_try\"") >&5 + { (eval echo "$as_me:1653: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:1654: \$? = $ac_status" >&5 + echo "$as_me:1656: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else @@ -1661,7 +1663,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext cat >conftest.$ac_ext <<_ACEOF -#line 1664 "configure" +#line 1666 "configure" #include "confdefs.h" $ac_declaration int @@ -1673,16 +1675,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:1676: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:1678: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:1679: \$? = $ac_status" >&5 + echo "$as_me:1681: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:1682: \"$ac_try\"") >&5 + { (eval echo "$as_me:1684: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:1685: \$? = $ac_status" >&5 + echo "$as_me:1687: \$? = $ac_status" >&5 (exit $ac_status); }; }; then break else @@ -1726,7 +1728,7 @@ fi done if test -z "$ac_aux_dir"; then - { { echo "$as_me:1729: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5 + { { echo "$as_me:1731: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5 echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;} { (exit 1); exit 1; }; } fi @@ -1736,11 +1738,11 @@ # Make sure we can run config.sub. $ac_config_sub sun4 >/dev/null 2>&1 || - { { echo "$as_me:1739: error: cannot run $ac_config_sub" >&5 + { { echo "$as_me:1741: error: cannot run $ac_config_sub" >&5 echo "$as_me: error: cannot run $ac_config_sub" >&2;} { (exit 1); exit 1; }; } -echo "$as_me:1743: checking build system type" >&5 +echo "$as_me:1745: checking build system type" >&5 echo $ECHO_N "checking build system type... $ECHO_C" >&6 if test "${ac_cv_build+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -1749,23 +1751,23 @@ test -z "$ac_cv_build_alias" && ac_cv_build_alias=`$ac_config_guess` test -z "$ac_cv_build_alias" && - { { echo "$as_me:1752: error: cannot guess build type; you must specify one" >&5 + { { echo "$as_me:1754: error: cannot guess build type; you must specify one" >&5 echo "$as_me: error: cannot guess build type; you must specify one" >&2;} { (exit 1); exit 1; }; } ac_cv_build=`$ac_config_sub $ac_cv_build_alias` || - { { echo "$as_me:1756: error: $ac_config_sub $ac_cv_build_alias failed." >&5 + { { echo "$as_me:1758: error: $ac_config_sub $ac_cv_build_alias failed." >&5 echo "$as_me: error: $ac_config_sub $ac_cv_build_alias failed." >&2;} { (exit 1); exit 1; }; } fi -echo "$as_me:1761: result: $ac_cv_build" >&5 +echo "$as_me:1763: result: $ac_cv_build" >&5 echo "${ECHO_T}$ac_cv_build" >&6 build=$ac_cv_build build_cpu=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` build_vendor=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` build_os=`echo $ac_cv_build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` -echo "$as_me:1768: checking host system type" >&5 +echo "$as_me:1770: checking host system type" >&5 echo $ECHO_N "checking host system type... $ECHO_C" >&6 if test "${ac_cv_host+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -1774,19 +1776,19 @@ test -z "$ac_cv_host_alias" && ac_cv_host_alias=$ac_cv_build_alias ac_cv_host=`$ac_config_sub $ac_cv_host_alias` || - { { echo "$as_me:1777: error: $ac_config_sub $ac_cv_host_alias failed" >&5 + { { echo "$as_me:1779: error: $ac_config_sub $ac_cv_host_alias failed" >&5 echo "$as_me: error: $ac_config_sub $ac_cv_host_alias failed" >&2;} { (exit 1); exit 1; }; } fi -echo "$as_me:1782: result: $ac_cv_host" >&5 +echo "$as_me:1784: result: $ac_cv_host" >&5 echo "${ECHO_T}$ac_cv_host" >&6 host=$ac_cv_host host_cpu=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` host_vendor=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` host_os=`echo $ac_cv_host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` -echo "$as_me:1789: checking whether byte ordering is bigendian" >&5 +echo "$as_me:1791: checking whether byte ordering is bigendian" >&5 echo $ECHO_N "checking whether byte ordering is bigendian... $ECHO_C" >&6 if test "${ac_cv_c_bigendian+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -1794,7 +1796,7 @@ ac_cv_c_bigendian=unknown # See if sys/param.h defines the BYTE_ORDER macro. cat >conftest.$ac_ext <<_ACEOF -#line 1797 "configure" +#line 1799 "configure" #include "confdefs.h" #include #include @@ -1811,20 +1813,20 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:1814: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:1816: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:1817: \$? = $ac_status" >&5 + echo "$as_me:1819: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:1820: \"$ac_try\"") >&5 + { (eval echo "$as_me:1822: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:1823: \$? = $ac_status" >&5 + echo "$as_me:1825: \$? = $ac_status" >&5 (exit $ac_status); }; }; then # It does; now see whether it defined to BIG_ENDIAN or not. cat >conftest.$ac_ext <<_ACEOF -#line 1827 "configure" +#line 1829 "configure" #include "confdefs.h" #include #include @@ -1841,16 +1843,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:1844: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:1846: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:1847: \$? = $ac_status" >&5 + echo "$as_me:1849: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:1850: \"$ac_try\"") >&5 + { (eval echo "$as_me:1852: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:1853: \$? = $ac_status" >&5 + echo "$as_me:1855: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_c_bigendian=yes else @@ -1866,12 +1868,12 @@ rm -f conftest.$ac_objext conftest.$ac_ext if test $ac_cv_c_bigendian = unknown; then if test "$cross_compiling" = yes; then - { { echo "$as_me:1869: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:1871: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 1874 "configure" +#line 1876 "configure" #include "confdefs.h" int main () @@ -1887,15 +1889,15 @@ } _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:1890: \"$ac_link\"") >&5 +if { (eval echo "$as_me:1892: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:1893: \$? = $ac_status" >&5 + echo "$as_me:1895: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:1895: \"$ac_try\"") >&5 + { (eval echo "$as_me:1897: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:1898: \$? = $ac_status" >&5 + echo "$as_me:1900: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_c_bigendian=no else @@ -1908,7 +1910,7 @@ fi fi fi -echo "$as_me:1911: result: $ac_cv_c_bigendian" >&5 +echo "$as_me:1913: result: $ac_cv_c_bigendian" >&5 echo "${ECHO_T}$ac_cv_c_bigendian" >&6 if test $ac_cv_c_bigendian = yes; then @@ -1923,7 +1925,7 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -echo "$as_me:1926: checking for $ac_word" >&5 +echo "$as_me:1928: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_AWK+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -1938,7 +1940,7 @@ test -z "$ac_dir" && ac_dir=. $as_executable_p "$ac_dir/$ac_word" || continue ac_cv_prog_AWK="$ac_prog" -echo "$as_me:1941: found $ac_dir/$ac_word" >&5 +echo "$as_me:1943: found $ac_dir/$ac_word" >&5 break done @@ -1946,10 +1948,10 @@ fi AWK=$ac_cv_prog_AWK if test -n "$AWK"; then - echo "$as_me:1949: result: $AWK" >&5 + echo "$as_me:1951: result: $AWK" >&5 echo "${ECHO_T}$AWK" >&6 else - echo "$as_me:1952: result: no" >&5 + echo "$as_me:1954: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -1961,7 +1963,7 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -echo "$as_me:1964: checking how to run the C preprocessor" >&5 +echo "$as_me:1966: checking how to run the C preprocessor" >&5 echo $ECHO_N "checking how to run the C preprocessor... $ECHO_C" >&6 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then @@ -1982,18 +1984,18 @@ # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF -#line 1985 "configure" +#line 1987 "configure" #include "confdefs.h" #include Syntax error _ACEOF -if { (eval echo "$as_me:1990: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:1992: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:1996: \$? = $ac_status" >&5 + echo "$as_me:1998: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -2016,17 +2018,17 @@ # OK, works on sane cases. Now check whether non-existent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF -#line 2019 "configure" +#line 2021 "configure" #include "confdefs.h" #include _ACEOF -if { (eval echo "$as_me:2023: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:2025: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:2029: \$? = $ac_status" >&5 + echo "$as_me:2031: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -2063,7 +2065,7 @@ else ac_cv_prog_CPP=$CPP fi -echo "$as_me:2066: result: $CPP" >&5 +echo "$as_me:2068: result: $CPP" >&5 echo "${ECHO_T}$CPP" >&6 ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes @@ -2073,18 +2075,18 @@ # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat >conftest.$ac_ext <<_ACEOF -#line 2076 "configure" +#line 2078 "configure" #include "confdefs.h" #include Syntax error _ACEOF -if { (eval echo "$as_me:2081: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:2083: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:2087: \$? = $ac_status" >&5 + echo "$as_me:2089: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -2107,17 +2109,17 @@ # OK, works on sane cases. Now check whether non-existent headers # can be detected and how. cat >conftest.$ac_ext <<_ACEOF -#line 2110 "configure" +#line 2112 "configure" #include "confdefs.h" #include _ACEOF -if { (eval echo "$as_me:2114: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:2116: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:2120: \$? = $ac_status" >&5 + echo "$as_me:2122: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -2145,7 +2147,7 @@ if $ac_preproc_ok; then : else - { { echo "$as_me:2148: error: C preprocessor \"$CPP\" fails sanity check" >&5 + { { echo "$as_me:2150: error: C preprocessor \"$CPP\" fails sanity check" >&5 echo "$as_me: error: C preprocessor \"$CPP\" fails sanity check" >&2;} { (exit 1); exit 1; }; } fi @@ -2159,7 +2161,7 @@ if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. set dummy ${ac_tool_prefix}ranlib; ac_word=$2 -echo "$as_me:2162: checking for $ac_word" >&5 +echo "$as_me:2164: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_RANLIB+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2174,7 +2176,7 @@ test -z "$ac_dir" && ac_dir=. $as_executable_p "$ac_dir/$ac_word" || continue ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" -echo "$as_me:2177: found $ac_dir/$ac_word" >&5 +echo "$as_me:2179: found $ac_dir/$ac_word" >&5 break done @@ -2182,10 +2184,10 @@ fi RANLIB=$ac_cv_prog_RANLIB if test -n "$RANLIB"; then - echo "$as_me:2185: result: $RANLIB" >&5 + echo "$as_me:2187: result: $RANLIB" >&5 echo "${ECHO_T}$RANLIB" >&6 else - echo "$as_me:2188: result: no" >&5 + echo "$as_me:2190: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -2194,7 +2196,7 @@ ac_ct_RANLIB=$RANLIB # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 -echo "$as_me:2197: checking for $ac_word" >&5 +echo "$as_me:2199: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2209,7 +2211,7 @@ test -z "$ac_dir" && ac_dir=. $as_executable_p "$ac_dir/$ac_word" || continue ac_cv_prog_ac_ct_RANLIB="ranlib" -echo "$as_me:2212: found $ac_dir/$ac_word" >&5 +echo "$as_me:2214: found $ac_dir/$ac_word" >&5 break done @@ -2218,10 +2220,10 @@ fi ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB if test -n "$ac_ct_RANLIB"; then - echo "$as_me:2221: result: $ac_ct_RANLIB" >&5 + echo "$as_me:2223: result: $ac_ct_RANLIB" >&5 echo "${ECHO_T}$ac_ct_RANLIB" >&6 else - echo "$as_me:2224: result: no" >&5 + echo "$as_me:2226: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -2242,7 +2244,7 @@ # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # ./install, which can be erroneously created by make from ./install.sh. -echo "$as_me:2245: checking for a BSD compatible install" >&5 +echo "$as_me:2247: checking for a BSD compatible install" >&5 echo $ECHO_N "checking for a BSD compatible install... $ECHO_C" >&6 if test -z "$INSTALL"; then if test "${ac_cv_path_install+set}" = set; then @@ -2291,7 +2293,7 @@ INSTALL=$ac_install_sh fi fi -echo "$as_me:2294: result: $INSTALL" >&5 +echo "$as_me:2296: result: $INSTALL" >&5 echo "${ECHO_T}$INSTALL" >&6 # Use test -z because SunOS4 sh mishandles braces in ${var-val}. @@ -2304,7 +2306,7 @@ # Extract the first word of "ar", so it can be a program name with args. set dummy ar; ac_word=$2 -echo "$as_me:2307: checking for $ac_word" >&5 +echo "$as_me:2309: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_AR+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2321,7 +2323,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_AR="$ac_dir/$ac_word" - echo "$as_me:2324: found $ac_dir/$ac_word" >&5 + echo "$as_me:2326: found $ac_dir/$ac_word" >&5 break fi done @@ -2332,10 +2334,10 @@ AR=$ac_cv_path_AR if test -n "$AR"; then - echo "$as_me:2335: result: $AR" >&5 + echo "$as_me:2337: result: $AR" >&5 echo "${ECHO_T}$AR" >&6 else - echo "$as_me:2338: result: no" >&5 + echo "$as_me:2340: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -2343,7 +2345,7 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -echo "$as_me:2346: checking for $ac_word" >&5 +echo "$as_me:2348: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PERL+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2360,7 +2362,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PERL="$ac_dir/$ac_word" - echo "$as_me:2363: found $ac_dir/$ac_word" >&5 + echo "$as_me:2365: found $ac_dir/$ac_word" >&5 break fi done @@ -2371,10 +2373,10 @@ PERL=$ac_cv_path_PERL if test -n "$PERL"; then - echo "$as_me:2374: result: $PERL" >&5 + echo "$as_me:2376: result: $PERL" >&5 echo "${ECHO_T}$PERL" >&6 else - echo "$as_me:2377: result: no" >&5 + echo "$as_me:2379: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -2383,7 +2385,7 @@ # Extract the first word of "sed", so it can be a program name with args. set dummy sed; ac_word=$2 -echo "$as_me:2386: checking for $ac_word" >&5 +echo "$as_me:2388: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_SED+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2400,7 +2402,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_SED="$ac_dir/$ac_word" - echo "$as_me:2403: found $ac_dir/$ac_word" >&5 + echo "$as_me:2405: found $ac_dir/$ac_word" >&5 break fi done @@ -2411,16 +2413,16 @@ SED=$ac_cv_path_SED if test -n "$SED"; then - echo "$as_me:2414: result: $SED" >&5 + echo "$as_me:2416: result: $SED" >&5 echo "${ECHO_T}$SED" >&6 else - echo "$as_me:2417: result: no" >&5 + echo "$as_me:2419: result: no" >&5 echo "${ECHO_T}no" >&6 fi # Extract the first word of "ent", so it can be a program name with args. set dummy ent; ac_word=$2 -echo "$as_me:2423: checking for $ac_word" >&5 +echo "$as_me:2425: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_ENT+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2437,7 +2439,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_ENT="$ac_dir/$ac_word" - echo "$as_me:2440: found $ac_dir/$ac_word" >&5 + echo "$as_me:2442: found $ac_dir/$ac_word" >&5 break fi done @@ -2448,16 +2450,16 @@ ENT=$ac_cv_path_ENT if test -n "$ENT"; then - echo "$as_me:2451: result: $ENT" >&5 + echo "$as_me:2453: result: $ENT" >&5 echo "${ECHO_T}$ENT" >&6 else - echo "$as_me:2454: result: no" >&5 + echo "$as_me:2456: result: no" >&5 echo "${ECHO_T}no" >&6 fi # Extract the first word of "bash", so it can be a program name with args. set dummy bash; ac_word=$2 -echo "$as_me:2460: checking for $ac_word" >&5 +echo "$as_me:2462: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_TEST_MINUS_S_SH+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2474,7 +2476,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_TEST_MINUS_S_SH="$ac_dir/$ac_word" - echo "$as_me:2477: found $ac_dir/$ac_word" >&5 + echo "$as_me:2479: found $ac_dir/$ac_word" >&5 break fi done @@ -2485,16 +2487,16 @@ TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH if test -n "$TEST_MINUS_S_SH"; then - echo "$as_me:2488: result: $TEST_MINUS_S_SH" >&5 + echo "$as_me:2490: result: $TEST_MINUS_S_SH" >&5 echo "${ECHO_T}$TEST_MINUS_S_SH" >&6 else - echo "$as_me:2491: result: no" >&5 + echo "$as_me:2493: result: no" >&5 echo "${ECHO_T}no" >&6 fi # Extract the first word of "ksh", so it can be a program name with args. set dummy ksh; ac_word=$2 -echo "$as_me:2497: checking for $ac_word" >&5 +echo "$as_me:2499: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_TEST_MINUS_S_SH+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2511,7 +2513,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_TEST_MINUS_S_SH="$ac_dir/$ac_word" - echo "$as_me:2514: found $ac_dir/$ac_word" >&5 + echo "$as_me:2516: found $ac_dir/$ac_word" >&5 break fi done @@ -2522,16 +2524,16 @@ TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH if test -n "$TEST_MINUS_S_SH"; then - echo "$as_me:2525: result: $TEST_MINUS_S_SH" >&5 + echo "$as_me:2527: result: $TEST_MINUS_S_SH" >&5 echo "${ECHO_T}$TEST_MINUS_S_SH" >&6 else - echo "$as_me:2528: result: no" >&5 + echo "$as_me:2530: result: no" >&5 echo "${ECHO_T}no" >&6 fi # Extract the first word of "sh", so it can be a program name with args. set dummy sh; ac_word=$2 -echo "$as_me:2534: checking for $ac_word" >&5 +echo "$as_me:2536: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_TEST_MINUS_S_SH+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2548,7 +2550,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_TEST_MINUS_S_SH="$ac_dir/$ac_word" - echo "$as_me:2551: found $ac_dir/$ac_word" >&5 + echo "$as_me:2553: found $ac_dir/$ac_word" >&5 break fi done @@ -2559,16 +2561,16 @@ TEST_MINUS_S_SH=$ac_cv_path_TEST_MINUS_S_SH if test -n "$TEST_MINUS_S_SH"; then - echo "$as_me:2562: result: $TEST_MINUS_S_SH" >&5 + echo "$as_me:2564: result: $TEST_MINUS_S_SH" >&5 echo "${ECHO_T}$TEST_MINUS_S_SH" >&6 else - echo "$as_me:2565: result: no" >&5 + echo "$as_me:2567: result: no" >&5 echo "${ECHO_T}no" >&6 fi # Extract the first word of "sh", so it can be a program name with args. set dummy sh; ac_word=$2 -echo "$as_me:2571: checking for $ac_word" >&5 +echo "$as_me:2573: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_SH+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2585,7 +2587,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_SH="$ac_dir/$ac_word" - echo "$as_me:2588: found $ac_dir/$ac_word" >&5 + echo "$as_me:2590: found $ac_dir/$ac_word" >&5 break fi done @@ -2596,10 +2598,10 @@ SH=$ac_cv_path_SH if test -n "$SH"; then - echo "$as_me:2599: result: $SH" >&5 + echo "$as_me:2601: result: $SH" >&5 echo "${ECHO_T}$SH" >&6 else - echo "$as_me:2602: result: no" >&5 + echo "$as_me:2604: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -2611,7 +2613,7 @@ fi; if test "$enable_largefile" != no; then - echo "$as_me:2614: checking for special C compiler options needed for large files" >&5 + echo "$as_me:2616: checking for special C compiler options needed for large files" >&5 echo $ECHO_N "checking for special C compiler options needed for large files... $ECHO_C" >&6 if test "${ac_cv_sys_largefile_CC+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2623,7 +2625,7 @@ # IRIX 6.2 and later do not support large files by default, # so use the C compiler's -n32 option if that helps. cat >conftest.$ac_ext <<_ACEOF -#line 2626 "configure" +#line 2628 "configure" #include "confdefs.h" #include /* Check that off_t can represent 2**63 - 1 correctly. @@ -2643,16 +2645,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:2646: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:2648: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:2649: \$? = $ac_status" >&5 + echo "$as_me:2651: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:2652: \"$ac_try\"") >&5 + { (eval echo "$as_me:2654: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:2655: \$? = $ac_status" >&5 + echo "$as_me:2657: \$? = $ac_status" >&5 (exit $ac_status); }; }; then break else @@ -2662,16 +2664,16 @@ rm -f conftest.$ac_objext CC="$CC -n32" rm -f conftest.$ac_objext -if { (eval echo "$as_me:2665: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:2667: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:2668: \$? = $ac_status" >&5 + echo "$as_me:2670: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:2671: \"$ac_try\"") >&5 + { (eval echo "$as_me:2673: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:2674: \$? = $ac_status" >&5 + echo "$as_me:2676: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sys_largefile_CC=' -n32'; break else @@ -2685,13 +2687,13 @@ rm -f conftest.$ac_ext fi fi -echo "$as_me:2688: result: $ac_cv_sys_largefile_CC" >&5 +echo "$as_me:2690: result: $ac_cv_sys_largefile_CC" >&5 echo "${ECHO_T}$ac_cv_sys_largefile_CC" >&6 if test "$ac_cv_sys_largefile_CC" != no; then CC=$CC$ac_cv_sys_largefile_CC fi - echo "$as_me:2694: checking for _FILE_OFFSET_BITS value needed for large files" >&5 + echo "$as_me:2696: checking for _FILE_OFFSET_BITS value needed for large files" >&5 echo $ECHO_N "checking for _FILE_OFFSET_BITS value needed for large files... $ECHO_C" >&6 if test "${ac_cv_sys_file_offset_bits+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2699,7 +2701,7 @@ while :; do ac_cv_sys_file_offset_bits=no cat >conftest.$ac_ext <<_ACEOF -#line 2702 "configure" +#line 2704 "configure" #include "confdefs.h" #include /* Check that off_t can represent 2**63 - 1 correctly. @@ -2719,16 +2721,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:2722: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:2724: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:2725: \$? = $ac_status" >&5 + echo "$as_me:2727: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:2728: \"$ac_try\"") >&5 + { (eval echo "$as_me:2730: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:2731: \$? = $ac_status" >&5 + echo "$as_me:2733: \$? = $ac_status" >&5 (exit $ac_status); }; }; then break else @@ -2737,7 +2739,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext cat >conftest.$ac_ext <<_ACEOF -#line 2740 "configure" +#line 2742 "configure" #include "confdefs.h" #define _FILE_OFFSET_BITS 64 #include @@ -2758,16 +2760,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:2761: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:2763: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:2764: \$? = $ac_status" >&5 + echo "$as_me:2766: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:2767: \"$ac_try\"") >&5 + { (eval echo "$as_me:2769: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:2770: \$? = $ac_status" >&5 + echo "$as_me:2772: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sys_file_offset_bits=64; break else @@ -2778,7 +2780,7 @@ break done fi -echo "$as_me:2781: result: $ac_cv_sys_file_offset_bits" >&5 +echo "$as_me:2783: result: $ac_cv_sys_file_offset_bits" >&5 echo "${ECHO_T}$ac_cv_sys_file_offset_bits" >&6 if test "$ac_cv_sys_file_offset_bits" != no; then @@ -2788,7 +2790,7 @@ fi rm -f conftest* - echo "$as_me:2791: checking for _LARGE_FILES value needed for large files" >&5 + echo "$as_me:2793: checking for _LARGE_FILES value needed for large files" >&5 echo $ECHO_N "checking for _LARGE_FILES value needed for large files... $ECHO_C" >&6 if test "${ac_cv_sys_large_files+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2796,7 +2798,7 @@ while :; do ac_cv_sys_large_files=no cat >conftest.$ac_ext <<_ACEOF -#line 2799 "configure" +#line 2801 "configure" #include "confdefs.h" #include /* Check that off_t can represent 2**63 - 1 correctly. @@ -2816,16 +2818,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:2819: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:2821: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:2822: \$? = $ac_status" >&5 + echo "$as_me:2824: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:2825: \"$ac_try\"") >&5 + { (eval echo "$as_me:2827: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:2828: \$? = $ac_status" >&5 + echo "$as_me:2830: \$? = $ac_status" >&5 (exit $ac_status); }; }; then break else @@ -2834,7 +2836,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext cat >conftest.$ac_ext <<_ACEOF -#line 2837 "configure" +#line 2839 "configure" #include "confdefs.h" #define _LARGE_FILES 1 #include @@ -2855,16 +2857,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:2858: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:2860: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:2861: \$? = $ac_status" >&5 + echo "$as_me:2863: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:2864: \"$ac_try\"") >&5 + { (eval echo "$as_me:2866: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:2867: \$? = $ac_status" >&5 + echo "$as_me:2869: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sys_large_files=1; break else @@ -2875,7 +2877,7 @@ break done fi -echo "$as_me:2878: result: $ac_cv_sys_large_files" >&5 +echo "$as_me:2880: result: $ac_cv_sys_large_files" >&5 echo "${ECHO_T}$ac_cv_sys_large_files" >&6 if test "$ac_cv_sys_large_files" != no; then @@ -2888,7 +2890,7 @@ fi if test -z "$AR" ; then - { { echo "$as_me:2891: error: *** 'ar' missing, please install or fix your \$PATH ***" >&5 + { { echo "$as_me:2893: error: *** 'ar' missing, please install or fix your \$PATH ***" >&5 echo "$as_me: error: *** 'ar' missing, please install or fix your \$PATH ***" >&2;} { (exit 1); exit 1; }; } fi @@ -2903,7 +2905,7 @@ # Search for login # Extract the first word of "login", so it can be a program name with args. set dummy login; ac_word=$2 -echo "$as_me:2906: checking for $ac_word" >&5 +echo "$as_me:2908: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_LOGIN_PROGRAM_FALLBACK+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2920,7 +2922,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_LOGIN_PROGRAM_FALLBACK="$ac_dir/$ac_word" - echo "$as_me:2923: found $ac_dir/$ac_word" >&5 + echo "$as_me:2925: found $ac_dir/$ac_word" >&5 break fi done @@ -2931,10 +2933,10 @@ LOGIN_PROGRAM_FALLBACK=$ac_cv_path_LOGIN_PROGRAM_FALLBACK if test -n "$LOGIN_PROGRAM_FALLBACK"; then - echo "$as_me:2934: result: $LOGIN_PROGRAM_FALLBACK" >&5 + echo "$as_me:2936: result: $LOGIN_PROGRAM_FALLBACK" >&5 echo "${ECHO_T}$LOGIN_PROGRAM_FALLBACK" >&6 else - echo "$as_me:2937: result: no" >&5 + echo "$as_me:2939: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -2948,7 +2950,7 @@ # Extract the first word of "passwd", so it can be a program name with args. set dummy passwd; ac_word=$2 -echo "$as_me:2951: checking for $ac_word" >&5 +echo "$as_me:2953: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PATH_PASSWD_PROG+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -2965,7 +2967,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PATH_PASSWD_PROG="$ac_dir/$ac_word" - echo "$as_me:2968: found $ac_dir/$ac_word" >&5 + echo "$as_me:2970: found $ac_dir/$ac_word" >&5 break fi done @@ -2976,10 +2978,10 @@ PATH_PASSWD_PROG=$ac_cv_path_PATH_PASSWD_PROG if test -n "$PATH_PASSWD_PROG"; then - echo "$as_me:2979: result: $PATH_PASSWD_PROG" >&5 + echo "$as_me:2981: result: $PATH_PASSWD_PROG" >&5 echo "${ECHO_T}$PATH_PASSWD_PROG" >&6 else - echo "$as_me:2982: result: no" >&5 + echo "$as_me:2984: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -2994,7 +2996,7 @@ LD=$CC fi -echo "$as_me:2997: checking for $CC option to accept ANSI C" >&5 +echo "$as_me:2999: checking for $CC option to accept ANSI C" >&5 echo $ECHO_N "checking for $CC option to accept ANSI C... $ECHO_C" >&6 if test "${ac_cv_prog_cc_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -3002,7 +3004,7 @@ ac_cv_prog_cc_stdc=no ac_save_CC=$CC cat >conftest.$ac_ext <<_ACEOF -#line 3005 "configure" +#line 3007 "configure" #include "confdefs.h" #include #include @@ -3051,16 +3053,16 @@ do CC="$ac_save_CC $ac_arg" rm -f conftest.$ac_objext -if { (eval echo "$as_me:3054: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:3056: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:3057: \$? = $ac_status" >&5 + echo "$as_me:3059: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:3060: \"$ac_try\"") >&5 + { (eval echo "$as_me:3062: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:3063: \$? = $ac_status" >&5 + echo "$as_me:3065: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_prog_cc_stdc=$ac_arg break @@ -3077,15 +3079,15 @@ case "x$ac_cv_prog_cc_stdc" in x|xno) - echo "$as_me:3080: result: none needed" >&5 + echo "$as_me:3082: result: none needed" >&5 echo "${ECHO_T}none needed" >&6 ;; *) - echo "$as_me:3083: result: $ac_cv_prog_cc_stdc" >&5 + echo "$as_me:3085: result: $ac_cv_prog_cc_stdc" >&5 echo "${ECHO_T}$ac_cv_prog_cc_stdc" >&6 CC="$CC $ac_cv_prog_cc_stdc" ;; esac -echo "$as_me:3088: checking for inline" >&5 +echo "$as_me:3090: checking for inline" >&5 echo $ECHO_N "checking for inline... $ECHO_C" >&6 if test "${ac_cv_c_inline+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -3093,7 +3095,7 @@ ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat >conftest.$ac_ext <<_ACEOF -#line 3096 "configure" +#line 3098 "configure" #include "confdefs.h" #ifndef __cplusplus static $ac_kw int static_foo () {return 0; } @@ -3102,16 +3104,16 @@ _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:3105: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:3107: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:3108: \$? = $ac_status" >&5 + echo "$as_me:3110: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:3111: \"$ac_try\"") >&5 + { (eval echo "$as_me:3113: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:3114: \$? = $ac_status" >&5 + echo "$as_me:3116: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_c_inline=$ac_kw; break else @@ -3122,7 +3124,7 @@ done fi -echo "$as_me:3125: result: $ac_cv_c_inline" >&5 +echo "$as_me:3127: result: $ac_cv_c_inline" >&5 echo "${ECHO_T}$ac_cv_c_inline" >&6 case $ac_cv_c_inline in inline | yes) ;; @@ -3157,7 +3159,7 @@ # Check for some target-specific stuff case "$host" in *-*-aix*) - echo "$as_me:3160: checking how to specify blibpath for linker ($LD)" >&5 + echo "$as_me:3162: checking how to specify blibpath for linker ($LD)" >&5 echo $ECHO_N "checking how to specify blibpath for linker ($LD)... $ECHO_C" >&6 if (test -z "$blibpath"); then blibpath="/usr/lib:/lib" @@ -3167,7 +3169,7 @@ if (test -z "$blibflags"); then LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" cat >conftest.$ac_ext <<_ACEOF -#line 3170 "configure" +#line 3172 "configure" #include "confdefs.h" int @@ -3179,16 +3181,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:3182: \"$ac_link\"") >&5 +if { (eval echo "$as_me:3184: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:3185: \$? = $ac_status" >&5 + echo "$as_me:3187: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:3188: \"$ac_try\"") >&5 + { (eval echo "$as_me:3190: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:3191: \$? = $ac_status" >&5 + echo "$as_me:3193: \$? = $ac_status" >&5 (exit $ac_status); }; }; then blibflags=$tryflags else @@ -3199,23 +3201,23 @@ fi done if (test -z "$blibflags"); then - echo "$as_me:3202: result: not found" >&5 + echo "$as_me:3204: result: not found" >&5 echo "${ECHO_T}not found" >&6 - { { echo "$as_me:3204: error: *** must be able to specify blibpath on AIX - check config.log" >&5 + { { echo "$as_me:3206: error: *** must be able to specify blibpath on AIX - check config.log" >&5 echo "$as_me: error: *** must be able to specify blibpath on AIX - check config.log" >&2;} { (exit 1); exit 1; }; } else - echo "$as_me:3208: result: $blibflags" >&5 + echo "$as_me:3210: result: $blibflags" >&5 echo "${ECHO_T}$blibflags" >&6 fi LDFLAGS="$saved_LDFLAGS" - echo "$as_me:3212: checking for authenticate" >&5 + echo "$as_me:3214: checking for authenticate" >&5 echo $ECHO_N "checking for authenticate... $ECHO_C" >&6 if test "${ac_cv_func_authenticate+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 3218 "configure" +#line 3220 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char authenticate (); below. */ @@ -3246,16 +3248,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:3249: \"$ac_link\"") >&5 +if { (eval echo "$as_me:3251: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:3252: \$? = $ac_status" >&5 + echo "$as_me:3254: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:3255: \"$ac_try\"") >&5 + { (eval echo "$as_me:3257: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:3258: \$? = $ac_status" >&5 + echo "$as_me:3260: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_func_authenticate=yes else @@ -3265,7 +3267,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:3268: result: $ac_cv_func_authenticate" >&5 +echo "$as_me:3270: result: $ac_cv_func_authenticate" >&5 echo "${ECHO_T}$ac_cv_func_authenticate" >&6 if test $ac_cv_func_authenticate = yes; then cat >>confdefs.h <<\EOF @@ -3273,7 +3275,7 @@ EOF else - echo "$as_me:3276: checking for authenticate in -ls" >&5 + echo "$as_me:3278: checking for authenticate in -ls" >&5 echo $ECHO_N "checking for authenticate in -ls... $ECHO_C" >&6 if test "${ac_cv_lib_s_authenticate+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -3281,7 +3283,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-ls $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 3284 "configure" +#line 3286 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -3300,16 +3302,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:3303: \"$ac_link\"") >&5 +if { (eval echo "$as_me:3305: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:3306: \$? = $ac_status" >&5 + echo "$as_me:3308: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:3309: \"$ac_try\"") >&5 + { (eval echo "$as_me:3311: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:3312: \$? = $ac_status" >&5 + echo "$as_me:3314: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_s_authenticate=yes else @@ -3320,7 +3322,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:3323: result: $ac_cv_lib_s_authenticate" >&5 +echo "$as_me:3325: result: $ac_cv_lib_s_authenticate" >&5 echo "${ECHO_T}$ac_cv_lib_s_authenticate" >&6 if test $ac_cv_lib_s_authenticate = yes; then cat >>confdefs.h <<\EOF @@ -3333,13 +3335,13 @@ fi - echo "$as_me:3336: checking whether loginfailed is declared" >&5 + echo "$as_me:3338: checking whether loginfailed is declared" >&5 echo $ECHO_N "checking whether loginfailed is declared... $ECHO_C" >&6 if test "${ac_cv_have_decl_loginfailed+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 3342 "configure" +#line 3344 "configure" #include "confdefs.h" #include @@ -3355,16 +3357,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:3358: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:3360: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:3361: \$? = $ac_status" >&5 + echo "$as_me:3363: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:3364: \"$ac_try\"") >&5 + { (eval echo "$as_me:3366: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:3367: \$? = $ac_status" >&5 + echo "$as_me:3369: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_decl_loginfailed=yes else @@ -3374,13 +3376,13 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:3377: result: $ac_cv_have_decl_loginfailed" >&5 +echo "$as_me:3379: result: $ac_cv_have_decl_loginfailed" >&5 echo "${ECHO_T}$ac_cv_have_decl_loginfailed" >&6 if test $ac_cv_have_decl_loginfailed = yes; then - echo "$as_me:3380: checking if loginfailed takes 4 arguments" >&5 + echo "$as_me:3382: checking if loginfailed takes 4 arguments" >&5 echo $ECHO_N "checking if loginfailed takes 4 arguments... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 3383 "configure" +#line 3385 "configure" #include "confdefs.h" #include int @@ -3392,18 +3394,18 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:3395: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:3397: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:3398: \$? = $ac_status" >&5 + echo "$as_me:3400: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:3401: \"$ac_try\"") >&5 + { (eval echo "$as_me:3403: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:3404: \$? = $ac_status" >&5 + echo "$as_me:3406: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:3406: result: yes" >&5 + echo "$as_me:3408: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define AIX_LOGINFAILED_4ARG 1 @@ -3412,7 +3414,7 @@ else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 -echo "$as_me:3415: result: no" >&5 +echo "$as_me:3417: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -3422,13 +3424,13 @@ for ac_func in setauthdb do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:3425: checking for $ac_func" >&5 +echo "$as_me:3427: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 3431 "configure" +#line 3433 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -3459,16 +3461,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:3462: \"$ac_link\"") >&5 +if { (eval echo "$as_me:3464: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:3465: \$? = $ac_status" >&5 + echo "$as_me:3467: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:3468: \"$ac_try\"") >&5 + { (eval echo "$as_me:3470: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:3471: \$? = $ac_status" >&5 + echo "$as_me:3473: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -3478,7 +3480,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:3481: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:3483: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 + echo "$as_me:3581: checking if we have working getaddrinfo" >&5 echo $ECHO_N "checking if we have working getaddrinfo... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - echo "$as_me:3582: result: assume it is working" >&5 + echo "$as_me:3584: result: assume it is working" >&5 echo "${ECHO_T}assume it is working" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 3586 "configure" +#line 3588 "configure" #include "confdefs.h" #include main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) @@ -3593,23 +3595,23 @@ } _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:3596: \"$ac_link\"") >&5 +if { (eval echo "$as_me:3598: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:3599: \$? = $ac_status" >&5 + echo "$as_me:3601: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:3601: \"$ac_try\"") >&5 + { (eval echo "$as_me:3603: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:3604: \$? = $ac_status" >&5 + echo "$as_me:3606: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:3606: result: working" >&5 + echo "$as_me:3608: result: working" >&5 echo "${ECHO_T}working" >&6 else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 -echo "$as_me:3612: result: buggy" >&5 +echo "$as_me:3614: result: buggy" >&5 echo "${ECHO_T}buggy" >&6 cat >>confdefs.h <<\EOF #define BROKEN_GETADDRINFO 1 @@ -3667,7 +3669,7 @@ LIBS="$LIBS -lsec -lsecpw" -echo "$as_me:3670: checking for t_error in -lxnet" >&5 +echo "$as_me:3672: checking for t_error in -lxnet" >&5 echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6 if test "${ac_cv_lib_xnet_t_error+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -3675,7 +3677,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lxnet $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 3678 "configure" +#line 3680 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -3694,16 +3696,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:3697: \"$ac_link\"") >&5 +if { (eval echo "$as_me:3699: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:3700: \$? = $ac_status" >&5 + echo "$as_me:3702: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:3703: \"$ac_try\"") >&5 + { (eval echo "$as_me:3705: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:3706: \$? = $ac_status" >&5 + echo "$as_me:3708: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_xnet_t_error=yes else @@ -3714,7 +3716,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:3717: result: $ac_cv_lib_xnet_t_error" >&5 +echo "$as_me:3719: result: $ac_cv_lib_xnet_t_error" >&5 echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6 if test $ac_cv_lib_xnet_t_error = yes; then cat >>confdefs.h <&5 + { { echo "$as_me:3729: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} { (exit 1); exit 1; }; } fi @@ -3759,7 +3761,7 @@ LIBS="$LIBS -lsec" -echo "$as_me:3762: checking for t_error in -lxnet" >&5 +echo "$as_me:3764: checking for t_error in -lxnet" >&5 echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6 if test "${ac_cv_lib_xnet_t_error+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -3767,7 +3769,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lxnet $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 3770 "configure" +#line 3772 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -3786,16 +3788,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:3789: \"$ac_link\"") >&5 +if { (eval echo "$as_me:3791: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:3792: \$? = $ac_status" >&5 + echo "$as_me:3794: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:3795: \"$ac_try\"") >&5 + { (eval echo "$as_me:3797: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:3798: \$? = $ac_status" >&5 + echo "$as_me:3800: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_xnet_t_error=yes else @@ -3806,7 +3808,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:3809: result: $ac_cv_lib_xnet_t_error" >&5 +echo "$as_me:3811: result: $ac_cv_lib_xnet_t_error" >&5 echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6 if test $ac_cv_lib_xnet_t_error = yes; then cat >>confdefs.h <&5 + { { echo "$as_me:3821: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} { (exit 1); exit 1; }; } fi @@ -3862,7 +3864,7 @@ esac LIBS="$LIBS -lsec" -echo "$as_me:3865: checking for t_error in -lxnet" >&5 +echo "$as_me:3867: checking for t_error in -lxnet" >&5 echo $ECHO_N "checking for t_error in -lxnet... $ECHO_C" >&6 if test "${ac_cv_lib_xnet_t_error+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -3870,7 +3872,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lxnet $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 3873 "configure" +#line 3875 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -3889,16 +3891,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:3892: \"$ac_link\"") >&5 +if { (eval echo "$as_me:3894: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:3895: \$? = $ac_status" >&5 + echo "$as_me:3897: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:3898: \"$ac_try\"") >&5 + { (eval echo "$as_me:3900: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:3901: \$? = $ac_status" >&5 + echo "$as_me:3903: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_xnet_t_error=yes else @@ -3909,7 +3911,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:3912: result: $ac_cv_lib_xnet_t_error" >&5 +echo "$as_me:3914: result: $ac_cv_lib_xnet_t_error" >&5 echo "${ECHO_T}$ac_cv_lib_xnet_t_error" >&6 if test $ac_cv_lib_xnet_t_error = yes; then cat >>confdefs.h <&5 + { { echo "$as_me:3924: error: *** -lxnet needed on HP-UX - check config.log ***" >&5 echo "$as_me: error: *** -lxnet needed on HP-UX - check config.log ***" >&2;} { (exit 1); exit 1; }; } fi @@ -3966,13 +3968,13 @@ #define WITH_IRIX_AUDIT 1 EOF - echo "$as_me:3969: checking for jlimit_startjob" >&5 + echo "$as_me:3971: checking for jlimit_startjob" >&5 echo $ECHO_N "checking for jlimit_startjob... $ECHO_C" >&6 if test "${ac_cv_func_jlimit_startjob+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 3975 "configure" +#line 3977 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char jlimit_startjob (); below. */ @@ -4003,16 +4005,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:4006: \"$ac_link\"") >&5 +if { (eval echo "$as_me:4008: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:4009: \$? = $ac_status" >&5 + echo "$as_me:4011: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:4012: \"$ac_try\"") >&5 + { (eval echo "$as_me:4014: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:4015: \$? = $ac_status" >&5 + echo "$as_me:4017: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_func_jlimit_startjob=yes else @@ -4022,7 +4024,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:4025: result: $ac_cv_func_jlimit_startjob" >&5 +echo "$as_me:4027: result: $ac_cv_func_jlimit_startjob" >&5 echo "${ECHO_T}$ac_cv_func_jlimit_startjob" >&6 if test $ac_cv_func_jlimit_startjob = yes; then cat >>confdefs.h <<\EOF @@ -4068,10 +4070,18 @@ #define PAM_TTY_KLUDGE 1 EOF - cat >>confdefs.h <<\EOF + case "$host" in + *-slackware-*) + cat >>confdefs.h <<\EOF +#define LOCKED_PASSWD_PREFIX "!" +EOF +;; + *) + cat >>confdefs.h <<\EOF #define LOCKED_PASSWD_PREFIX "!!" EOF - +;; + esac cat >>confdefs.h <<\EOF #define SPT_TYPE SPT_REUSEARGV EOF @@ -4167,11 +4177,11 @@ external_path_file=/etc/default/login # hardwire lastlog location (can't detect it on some versions) conf_lastlog_location="/var/adm/lastlog" - echo "$as_me:4170: checking for obsolete utmp and wtmp in solaris2.x" >&5 + echo "$as_me:4180: checking for obsolete utmp and wtmp in solaris2.x" >&5 echo $ECHO_N "checking for obsolete utmp and wtmp in solaris2.x... $ECHO_C" >&6 sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'` if test "$sol2ver" -ge 8; then - echo "$as_me:4174: result: yes" >&5 + echo "$as_me:4184: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define DISABLE_UTMP 1 @@ -4182,7 +4192,7 @@ EOF else - echo "$as_me:4185: result: no" >&5 + echo "$as_me:4195: result: no" >&5 echo "${ECHO_T}no" >&6 fi ;; @@ -4192,13 +4202,13 @@ for ac_func in getpwanam do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:4195: checking for $ac_func" >&5 +echo "$as_me:4205: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 4201 "configure" +#line 4211 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -4229,16 +4239,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:4232: \"$ac_link\"") >&5 +if { (eval echo "$as_me:4242: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:4235: \$? = $ac_status" >&5 + echo "$as_me:4245: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:4238: \"$ac_try\"") >&5 + { (eval echo "$as_me:4248: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:4241: \$? = $ac_status" >&5 + echo "$as_me:4251: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -4248,7 +4258,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:4251: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:4261: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:4309: checking for dlsym in -ldl" >&5 echo $ECHO_N "checking for dlsym in -ldl... $ECHO_C" >&6 if test "${ac_cv_lib_dl_dlsym+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -4304,7 +4314,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 4307 "configure" +#line 4317 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -4323,16 +4333,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:4326: \"$ac_link\"") >&5 +if { (eval echo "$as_me:4336: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:4329: \$? = $ac_status" >&5 + echo "$as_me:4339: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:4332: \"$ac_try\"") >&5 + { (eval echo "$as_me:4342: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:4335: \$? = $ac_status" >&5 + echo "$as_me:4345: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_dl_dlsym=yes else @@ -4343,7 +4353,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:4346: result: $ac_cv_lib_dl_dlsym" >&5 +echo "$as_me:4356: result: $ac_cv_lib_dl_dlsym" >&5 echo "${ECHO_T}$ac_cv_lib_dl_dlsym" >&6 if test $ac_cv_lib_dl_dlsym = yes; then cat >>confdefs.h <&5 +echo "$as_me:4467: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 4463 "configure" +#line 4473 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -4491,16 +4501,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:4494: \"$ac_link\"") >&5 +if { (eval echo "$as_me:4504: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:4497: \$? = $ac_status" >&5 + echo "$as_me:4507: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:4500: \"$ac_try\"") >&5 + { (eval echo "$as_me:4510: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:4503: \$? = $ac_status" >&5 + echo "$as_me:4513: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -4510,7 +4520,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:4513: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:4523: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:4577: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 4573 "configure" +#line 4583 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -4601,16 +4611,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:4604: \"$ac_link\"") >&5 +if { (eval echo "$as_me:4614: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:4607: \$? = $ac_status" >&5 + echo "$as_me:4617: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:4610: \"$ac_try\"") >&5 + { (eval echo "$as_me:4620: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:4613: \$? = $ac_status" >&5 + echo "$as_me:4623: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -4620,7 +4630,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:4623: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:4633: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 + echo "$as_me:4733: checking for Digital Unix SIA" >&5 echo $ECHO_N "checking for Digital Unix SIA... $ECHO_C" >&6 no_osfsia="" @@ -4729,7 +4739,7 @@ withval="$with_osfsia" if test "x$withval" = "xno" ; then - echo "$as_me:4732: result: disabled" >&5 + echo "$as_me:4742: result: disabled" >&5 echo "${ECHO_T}disabled" >&6 no_osfsia=1 fi @@ -4737,7 +4747,7 @@ fi; if test -z "$no_osfsia" ; then if test -f /etc/sia/matrix.conf; then - echo "$as_me:4740: result: yes" >&5 + echo "$as_me:4750: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define HAVE_OSF_SIA 1 @@ -4753,7 +4763,7 @@ LIBS="$LIBS -lsecurity -ldb -lm -laud" else - echo "$as_me:4756: result: no" >&5 + echo "$as_me:4766: result: no" >&5 echo "${ECHO_T}no" >&6 cat >>confdefs.h <<\EOF #define LOCKED_PASSWD_SUBSTR "Nologin" @@ -4845,15 +4855,15 @@ fi; -echo "$as_me:4848: checking compiler and flags for sanity" >&5 +echo "$as_me:4858: checking compiler and flags for sanity" >&5 echo $ECHO_N "checking compiler and flags for sanity... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:4851: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:4861: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 4856 "configure" +#line 4866 "configure" #include "confdefs.h" #include @@ -4861,26 +4871,26 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:4864: \"$ac_link\"") >&5 +if { (eval echo "$as_me:4874: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:4867: \$? = $ac_status" >&5 + echo "$as_me:4877: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:4869: \"$ac_try\"") >&5 + { (eval echo "$as_me:4879: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:4872: \$? = $ac_status" >&5 + echo "$as_me:4882: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:4874: result: yes" >&5 + echo "$as_me:4884: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:4881: result: no" >&5 + echo "$as_me:4891: result: no" >&5 echo "${ECHO_T}no" >&6 - { { echo "$as_me:4883: error: *** compiler cannot create working executables, check config.log ***" >&5 + { { echo "$as_me:4893: error: *** compiler cannot create working executables, check config.log ***" >&5 echo "$as_me: error: *** compiler cannot create working executables, check config.log ***" >&2;} { (exit 1); exit 1; }; } @@ -4902,23 +4912,23 @@ util.h utime.h utmp.h utmpx.h vis.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -echo "$as_me:4905: checking for $ac_header" >&5 +echo "$as_me:4915: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 4911 "configure" +#line 4921 "configure" #include "confdefs.h" #include <$ac_header> _ACEOF -if { (eval echo "$as_me:4915: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:4925: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:4921: \$? = $ac_status" >&5 + echo "$as_me:4931: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -4937,7 +4947,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:4940: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "$as_me:4950: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:4961: checking for yp_match" >&5 echo $ECHO_N "checking for yp_match... $ECHO_C" >&6 if test "${ac_cv_func_yp_match+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 4957 "configure" +#line 4967 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char yp_match (); below. */ @@ -4985,16 +4995,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:4988: \"$ac_link\"") >&5 +if { (eval echo "$as_me:4998: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:4991: \$? = $ac_status" >&5 + echo "$as_me:5001: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:4994: \"$ac_try\"") >&5 + { (eval echo "$as_me:5004: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:4997: \$? = $ac_status" >&5 + echo "$as_me:5007: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_func_yp_match=yes else @@ -5004,13 +5014,13 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:5007: result: $ac_cv_func_yp_match" >&5 +echo "$as_me:5017: result: $ac_cv_func_yp_match" >&5 echo "${ECHO_T}$ac_cv_func_yp_match" >&6 if test $ac_cv_func_yp_match = yes; then : else -echo "$as_me:5013: checking for yp_match in -lnsl" >&5 +echo "$as_me:5023: checking for yp_match in -lnsl" >&5 echo $ECHO_N "checking for yp_match in -lnsl... $ECHO_C" >&6 if test "${ac_cv_lib_nsl_yp_match+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -5018,7 +5028,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 5021 "configure" +#line 5031 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -5037,16 +5047,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:5040: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5050: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5043: \$? = $ac_status" >&5 + echo "$as_me:5053: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:5046: \"$ac_try\"") >&5 + { (eval echo "$as_me:5056: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5049: \$? = $ac_status" >&5 + echo "$as_me:5059: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_nsl_yp_match=yes else @@ -5057,7 +5067,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:5060: result: $ac_cv_lib_nsl_yp_match" >&5 +echo "$as_me:5070: result: $ac_cv_lib_nsl_yp_match" >&5 echo "${ECHO_T}$ac_cv_lib_nsl_yp_match" >&6 if test $ac_cv_lib_nsl_yp_match = yes; then cat >>confdefs.h <&5 +echo "$as_me:5083: checking for setsockopt" >&5 echo $ECHO_N "checking for setsockopt... $ECHO_C" >&6 if test "${ac_cv_func_setsockopt+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 5079 "configure" +#line 5089 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char setsockopt (); below. */ @@ -5107,16 +5117,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:5110: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5120: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5113: \$? = $ac_status" >&5 + echo "$as_me:5123: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:5116: \"$ac_try\"") >&5 + { (eval echo "$as_me:5126: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5119: \$? = $ac_status" >&5 + echo "$as_me:5129: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_func_setsockopt=yes else @@ -5126,13 +5136,13 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:5129: result: $ac_cv_func_setsockopt" >&5 +echo "$as_me:5139: result: $ac_cv_func_setsockopt" >&5 echo "${ECHO_T}$ac_cv_func_setsockopt" >&6 if test $ac_cv_func_setsockopt = yes; then : else -echo "$as_me:5135: checking for setsockopt in -lsocket" >&5 +echo "$as_me:5145: checking for setsockopt in -lsocket" >&5 echo $ECHO_N "checking for setsockopt in -lsocket... $ECHO_C" >&6 if test "${ac_cv_lib_socket_setsockopt+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -5140,7 +5150,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lsocket $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 5143 "configure" +#line 5153 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -5159,16 +5169,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:5162: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5172: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5165: \$? = $ac_status" >&5 + echo "$as_me:5175: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:5168: \"$ac_try\"") >&5 + { (eval echo "$as_me:5178: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5171: \$? = $ac_status" >&5 + echo "$as_me:5181: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_socket_setsockopt=yes else @@ -5179,7 +5189,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:5182: result: $ac_cv_lib_socket_setsockopt" >&5 +echo "$as_me:5192: result: $ac_cv_lib_socket_setsockopt" >&5 echo "${ECHO_T}$ac_cv_lib_socket_setsockopt" >&6 if test $ac_cv_lib_socket_setsockopt = yes; then cat >>confdefs.h <&5 + echo "$as_me:5207: checking for innetgr in -lrpc" >&5 echo $ECHO_N "checking for innetgr in -lrpc... $ECHO_C" >&6 if test "${ac_cv_lib_rpc_innetgr+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -5202,7 +5212,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lrpc -lyp -lrpc $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 5205 "configure" +#line 5215 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -5221,16 +5231,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:5224: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5234: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5227: \$? = $ac_status" >&5 + echo "$as_me:5237: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:5230: \"$ac_try\"") >&5 + { (eval echo "$as_me:5240: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5233: \$? = $ac_status" >&5 + echo "$as_me:5243: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_rpc_innetgr=yes else @@ -5241,7 +5251,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:5244: result: $ac_cv_lib_rpc_innetgr" >&5 +echo "$as_me:5254: result: $ac_cv_lib_rpc_innetgr" >&5 echo "${ECHO_T}$ac_cv_lib_rpc_innetgr" >&6 if test $ac_cv_lib_rpc_innetgr = yes; then LIBS="-lrpc -lyp -lrpc $LIBS" @@ -5253,13 +5263,13 @@ for ac_func in dirname do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:5256: checking for $ac_func" >&5 +echo "$as_me:5266: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 5262 "configure" +#line 5272 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -5290,16 +5300,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:5293: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5303: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5296: \$? = $ac_status" >&5 + echo "$as_me:5306: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:5299: \"$ac_try\"") >&5 + { (eval echo "$as_me:5309: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5302: \$? = $ac_status" >&5 + echo "$as_me:5312: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -5309,7 +5319,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:5312: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:5322: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:5332: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 5328 "configure" +#line 5338 "configure" #include "confdefs.h" #include <$ac_header> _ACEOF -if { (eval echo "$as_me:5332: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:5342: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:5338: \$? = $ac_status" >&5 + echo "$as_me:5348: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -5354,7 +5364,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:5357: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "$as_me:5367: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <&5 + echo "$as_me:5379: checking for dirname in -lgen" >&5 echo $ECHO_N "checking for dirname in -lgen... $ECHO_C" >&6 if test "${ac_cv_lib_gen_dirname+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -5374,7 +5384,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lgen $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 5377 "configure" +#line 5387 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -5393,16 +5403,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:5396: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5406: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5399: \$? = $ac_status" >&5 + echo "$as_me:5409: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:5402: \"$ac_try\"") >&5 + { (eval echo "$as_me:5412: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5405: \$? = $ac_status" >&5 + echo "$as_me:5415: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_gen_dirname=yes else @@ -5413,11 +5423,11 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:5416: result: $ac_cv_lib_gen_dirname" >&5 +echo "$as_me:5426: result: $ac_cv_lib_gen_dirname" >&5 echo "${ECHO_T}$ac_cv_lib_gen_dirname" >&6 if test $ac_cv_lib_gen_dirname = yes; then - echo "$as_me:5420: checking for broken dirname" >&5 + echo "$as_me:5430: checking for broken dirname" >&5 echo $ECHO_N "checking for broken dirname... $ECHO_C" >&6 if test "${ac_cv_have_broken_dirname+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -5426,12 +5436,12 @@ save_LIBS="$LIBS" LIBS="$LIBS -lgen" if test "$cross_compiling" = yes; then - { { echo "$as_me:5429: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:5439: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 5434 "configure" +#line 5444 "configure" #include "confdefs.h" #include @@ -5451,15 +5461,15 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:5454: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5464: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5457: \$? = $ac_status" >&5 + echo "$as_me:5467: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:5459: \"$ac_try\"") >&5 + { (eval echo "$as_me:5469: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5462: \$? = $ac_status" >&5 + echo "$as_me:5472: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_broken_dirname="no" else @@ -5474,7 +5484,7 @@ LIBS="$save_LIBS" fi -echo "$as_me:5477: result: $ac_cv_have_broken_dirname" >&5 +echo "$as_me:5487: result: $ac_cv_have_broken_dirname" >&5 echo "${ECHO_T}$ac_cv_have_broken_dirname" >&6 if test "x$ac_cv_have_broken_dirname" = "xno" ; then LIBS="$LIBS -lgen" @@ -5485,23 +5495,23 @@ for ac_header in libgen.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -echo "$as_me:5488: checking for $ac_header" >&5 +echo "$as_me:5498: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 5494 "configure" +#line 5504 "configure" #include "confdefs.h" #include <$ac_header> _ACEOF -if { (eval echo "$as_me:5498: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:5508: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:5504: \$? = $ac_status" >&5 + echo "$as_me:5514: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -5520,7 +5530,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:5523: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "$as_me:5533: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:5550: checking for getspnam" >&5 echo $ECHO_N "checking for getspnam... $ECHO_C" >&6 if test "${ac_cv_func_getspnam+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 5546 "configure" +#line 5556 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char getspnam (); below. */ @@ -5574,16 +5584,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:5577: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5587: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5580: \$? = $ac_status" >&5 + echo "$as_me:5590: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:5583: \"$ac_try\"") >&5 + { (eval echo "$as_me:5593: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5586: \$? = $ac_status" >&5 + echo "$as_me:5596: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_func_getspnam=yes else @@ -5593,12 +5603,12 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:5596: result: $ac_cv_func_getspnam" >&5 +echo "$as_me:5606: result: $ac_cv_func_getspnam" >&5 echo "${ECHO_T}$ac_cv_func_getspnam" >&6 if test $ac_cv_func_getspnam = yes; then : else - echo "$as_me:5601: checking for getspnam in -lgen" >&5 + echo "$as_me:5611: checking for getspnam in -lgen" >&5 echo $ECHO_N "checking for getspnam in -lgen... $ECHO_C" >&6 if test "${ac_cv_lib_gen_getspnam+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -5606,7 +5616,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lgen $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 5609 "configure" +#line 5619 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -5625,16 +5635,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:5628: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5638: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5631: \$? = $ac_status" >&5 + echo "$as_me:5641: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:5634: \"$ac_try\"") >&5 + { (eval echo "$as_me:5644: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5637: \$? = $ac_status" >&5 + echo "$as_me:5647: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_gen_getspnam=yes else @@ -5645,7 +5655,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:5648: result: $ac_cv_lib_gen_getspnam" >&5 +echo "$as_me:5658: result: $ac_cv_lib_gen_getspnam" >&5 echo "${ECHO_T}$ac_cv_lib_gen_getspnam" >&6 if test $ac_cv_lib_gen_getspnam = yes; then LIBS="$LIBS -lgen" @@ -5653,7 +5663,7 @@ fi -echo "$as_me:5656: checking for library containing basename" >&5 +echo "$as_me:5666: checking for library containing basename" >&5 echo $ECHO_N "checking for library containing basename... $ECHO_C" >&6 if test "${ac_cv_search_basename+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -5661,7 +5671,7 @@ ac_func_search_save_LIBS=$LIBS ac_cv_search_basename=no cat >conftest.$ac_ext <<_ACEOF -#line 5664 "configure" +#line 5674 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -5680,16 +5690,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:5683: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5693: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5686: \$? = $ac_status" >&5 + echo "$as_me:5696: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:5689: \"$ac_try\"") >&5 + { (eval echo "$as_me:5699: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5692: \$? = $ac_status" >&5 + echo "$as_me:5702: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_basename="none required" else @@ -5701,7 +5711,7 @@ for ac_lib in gen; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 5704 "configure" +#line 5714 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -5720,16 +5730,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:5723: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5733: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5726: \$? = $ac_status" >&5 + echo "$as_me:5736: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:5729: \"$ac_try\"") >&5 + { (eval echo "$as_me:5739: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5732: \$? = $ac_status" >&5 + echo "$as_me:5742: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_basename="-l$ac_lib" break @@ -5742,7 +5752,7 @@ fi LIBS=$ac_func_search_save_LIBS fi -echo "$as_me:5745: result: $ac_cv_search_basename" >&5 +echo "$as_me:5755: result: $ac_cv_search_basename" >&5 echo "${ECHO_T}$ac_cv_search_basename" >&6 if test "$ac_cv_search_basename" != no; then test "$ac_cv_search_basename" = "none required" || LIBS="$ac_cv_search_basename $LIBS" @@ -5757,7 +5767,7 @@ withval="$with_zlib" if test "x$withval" = "xno" ; then - { { echo "$as_me:5760: error: *** zlib is required ***" >&5 + { { echo "$as_me:5770: error: *** zlib is required ***" >&5 echo "$as_me: error: *** zlib is required ***" >&2;} { (exit 1); exit 1; }; } fi @@ -5782,7 +5792,7 @@ fi; -echo "$as_me:5785: checking for deflate in -lz" >&5 +echo "$as_me:5795: checking for deflate in -lz" >&5 echo $ECHO_N "checking for deflate in -lz... $ECHO_C" >&6 if test "${ac_cv_lib_z_deflate+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -5790,7 +5800,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lz $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 5793 "configure" +#line 5803 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -5809,16 +5819,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:5812: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5822: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5815: \$? = $ac_status" >&5 + echo "$as_me:5825: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:5818: \"$ac_try\"") >&5 + { (eval echo "$as_me:5828: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5821: \$? = $ac_status" >&5 + echo "$as_me:5831: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_z_deflate=yes else @@ -5829,7 +5839,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:5832: result: $ac_cv_lib_z_deflate" >&5 +echo "$as_me:5842: result: $ac_cv_lib_z_deflate" >&5 echo "${ECHO_T}$ac_cv_lib_z_deflate" >&6 if test $ac_cv_lib_z_deflate = yes; then cat >>confdefs.h <conftest.$ac_ext <<_ACEOF -#line 5854 "configure" +#line 5864 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -5870,16 +5880,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:5873: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5883: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5876: \$? = $ac_status" >&5 + echo "$as_me:5886: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:5879: \"$ac_try\"") >&5 + { (eval echo "$as_me:5889: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5882: \$? = $ac_status" >&5 + echo "$as_me:5892: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF #define HAVE_LIBZ 1 @@ -5889,7 +5899,7 @@ echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - { { echo "$as_me:5892: error: *** zlib missing - please install first or check config.log ***" >&5 + { { echo "$as_me:5902: error: *** zlib missing - please install first or check config.log ***" >&5 echo "$as_me: error: *** zlib missing - please install first or check config.log ***" >&2;} { (exit 1); exit 1; }; } @@ -5898,23 +5908,23 @@ fi -echo "$as_me:5901: checking for zlib.h" >&5 +echo "$as_me:5911: checking for zlib.h" >&5 echo $ECHO_N "checking for zlib.h... $ECHO_C" >&6 if test "${ac_cv_header_zlib_h+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 5907 "configure" +#line 5917 "configure" #include "confdefs.h" #include _ACEOF -if { (eval echo "$as_me:5911: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:5921: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:5917: \$? = $ac_status" >&5 + echo "$as_me:5927: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -5933,12 +5943,12 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:5936: result: $ac_cv_header_zlib_h" >&5 +echo "$as_me:5946: result: $ac_cv_header_zlib_h" >&5 echo "${ECHO_T}$ac_cv_header_zlib_h" >&6 if test $ac_cv_header_zlib_h = yes; then : else - { { echo "$as_me:5941: error: *** zlib.h missing - please install first or check config.log ***" >&5 + { { echo "$as_me:5951: error: *** zlib.h missing - please install first or check config.log ***" >&5 echo "$as_me: error: *** zlib.h missing - please install first or check config.log ***" >&2;} { (exit 1); exit 1; }; } fi @@ -5952,15 +5962,15 @@ fi; -echo "$as_me:5955: checking for zlib 1.1.4 or greater" >&5 +echo "$as_me:5965: checking for zlib 1.1.4 or greater" >&5 echo $ECHO_N "checking for zlib 1.1.4 or greater... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:5958: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:5968: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 5963 "configure" +#line 5973 "configure" #include "confdefs.h" #include @@ -5977,26 +5987,26 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:5980: \"$ac_link\"") >&5 +if { (eval echo "$as_me:5990: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:5983: \$? = $ac_status" >&5 + echo "$as_me:5993: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:5985: \"$ac_try\"") >&5 + { (eval echo "$as_me:5995: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:5988: \$? = $ac_status" >&5 + echo "$as_me:5998: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:5990: result: yes" >&5 + echo "$as_me:6000: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:5996: result: no" >&5 + echo "$as_me:6006: result: no" >&5 echo "${ECHO_T}no" >&6 if test -z "$zlib_check_nonfatal" ; then - { { echo "$as_me:5999: error: *** zlib too old - check config.log *** + { { echo "$as_me:6009: error: *** zlib too old - check config.log *** Your reported zlib version has known security problems. It's possible your vendor has fixed these problems without changing the version number. If you are sure this is the case, you can disable the check by running @@ -6010,7 +6020,7 @@ If you are in doubt, upgrade zlib to version 1.1.4 or greater." >&2;} { (exit 1); exit 1; }; } else - { echo "$as_me:6013: WARNING: zlib version may have security problems" >&5 + { echo "$as_me:6023: WARNING: zlib version may have security problems" >&5 echo "$as_me: WARNING: zlib version may have security problems" >&2;} fi @@ -6018,13 +6028,13 @@ rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:6021: checking for strcasecmp" >&5 +echo "$as_me:6031: checking for strcasecmp" >&5 echo $ECHO_N "checking for strcasecmp... $ECHO_C" >&6 if test "${ac_cv_func_strcasecmp+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 6027 "configure" +#line 6037 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char strcasecmp (); below. */ @@ -6055,16 +6065,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:6058: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6068: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6061: \$? = $ac_status" >&5 + echo "$as_me:6071: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:6064: \"$ac_try\"") >&5 + { (eval echo "$as_me:6074: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6067: \$? = $ac_status" >&5 + echo "$as_me:6077: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_func_strcasecmp=yes else @@ -6074,12 +6084,12 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:6077: result: $ac_cv_func_strcasecmp" >&5 +echo "$as_me:6087: result: $ac_cv_func_strcasecmp" >&5 echo "${ECHO_T}$ac_cv_func_strcasecmp" >&6 if test $ac_cv_func_strcasecmp = yes; then : else - echo "$as_me:6082: checking for strcasecmp in -lresolv" >&5 + echo "$as_me:6092: checking for strcasecmp in -lresolv" >&5 echo $ECHO_N "checking for strcasecmp in -lresolv... $ECHO_C" >&6 if test "${ac_cv_lib_resolv_strcasecmp+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -6087,7 +6097,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lresolv $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 6090 "configure" +#line 6100 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -6106,16 +6116,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:6109: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6119: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6112: \$? = $ac_status" >&5 + echo "$as_me:6122: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:6115: \"$ac_try\"") >&5 + { (eval echo "$as_me:6125: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6118: \$? = $ac_status" >&5 + echo "$as_me:6128: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_resolv_strcasecmp=yes else @@ -6126,7 +6136,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:6129: result: $ac_cv_lib_resolv_strcasecmp" >&5 +echo "$as_me:6139: result: $ac_cv_lib_resolv_strcasecmp" >&5 echo "${ECHO_T}$ac_cv_lib_resolv_strcasecmp" >&6 if test $ac_cv_lib_resolv_strcasecmp = yes; then LIBS="$LIBS -lresolv" @@ -6134,13 +6144,13 @@ fi -echo "$as_me:6137: checking for utimes" >&5 +echo "$as_me:6147: checking for utimes" >&5 echo $ECHO_N "checking for utimes... $ECHO_C" >&6 if test "${ac_cv_func_utimes+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 6143 "configure" +#line 6153 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char utimes (); below. */ @@ -6171,16 +6181,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:6174: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6184: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6177: \$? = $ac_status" >&5 + echo "$as_me:6187: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:6180: \"$ac_try\"") >&5 + { (eval echo "$as_me:6190: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6183: \$? = $ac_status" >&5 + echo "$as_me:6193: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_func_utimes=yes else @@ -6190,12 +6200,12 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:6193: result: $ac_cv_func_utimes" >&5 +echo "$as_me:6203: result: $ac_cv_func_utimes" >&5 echo "${ECHO_T}$ac_cv_func_utimes" >&6 if test $ac_cv_func_utimes = yes; then : else - echo "$as_me:6198: checking for utimes in -lc89" >&5 + echo "$as_me:6208: checking for utimes in -lc89" >&5 echo $ECHO_N "checking for utimes in -lc89... $ECHO_C" >&6 if test "${ac_cv_lib_c89_utimes+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -6203,7 +6213,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lc89 $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 6206 "configure" +#line 6216 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -6222,16 +6232,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:6225: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6235: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6228: \$? = $ac_status" >&5 + echo "$as_me:6238: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:6231: \"$ac_try\"") >&5 + { (eval echo "$as_me:6241: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6234: \$? = $ac_status" >&5 + echo "$as_me:6244: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_c89_utimes=yes else @@ -6242,7 +6252,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:6245: result: $ac_cv_lib_c89_utimes" >&5 +echo "$as_me:6255: result: $ac_cv_lib_c89_utimes" >&5 echo "${ECHO_T}$ac_cv_lib_c89_utimes" >&6 if test $ac_cv_lib_c89_utimes = yes; then cat >>confdefs.h <<\EOF @@ -6257,23 +6267,23 @@ for ac_header in libutil.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -echo "$as_me:6260: checking for $ac_header" >&5 +echo "$as_me:6270: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 6266 "configure" +#line 6276 "configure" #include "confdefs.h" #include <$ac_header> _ACEOF -if { (eval echo "$as_me:6270: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:6280: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:6276: \$? = $ac_status" >&5 + echo "$as_me:6286: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -6292,7 +6302,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:6295: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "$as_me:6305: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:6315: checking for library containing login" >&5 echo $ECHO_N "checking for library containing login... $ECHO_C" >&6 if test "${ac_cv_search_login+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -6310,7 +6320,7 @@ ac_func_search_save_LIBS=$LIBS ac_cv_search_login=no cat >conftest.$ac_ext <<_ACEOF -#line 6313 "configure" +#line 6323 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -6329,16 +6339,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:6332: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6342: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6335: \$? = $ac_status" >&5 + echo "$as_me:6345: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:6338: \"$ac_try\"") >&5 + { (eval echo "$as_me:6348: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6341: \$? = $ac_status" >&5 + echo "$as_me:6351: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_login="none required" else @@ -6350,7 +6360,7 @@ for ac_lib in util bsd; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 6353 "configure" +#line 6363 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -6369,16 +6379,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:6372: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6382: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6375: \$? = $ac_status" >&5 + echo "$as_me:6385: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:6378: \"$ac_try\"") >&5 + { (eval echo "$as_me:6388: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6381: \$? = $ac_status" >&5 + echo "$as_me:6391: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_login="-l$ac_lib" break @@ -6391,7 +6401,7 @@ fi LIBS=$ac_func_search_save_LIBS fi -echo "$as_me:6394: result: $ac_cv_search_login" >&5 +echo "$as_me:6404: result: $ac_cv_search_login" >&5 echo "${ECHO_T}$ac_cv_search_login" >&6 if test "$ac_cv_search_login" != no; then test "$ac_cv_search_login" = "none required" || LIBS="$ac_cv_search_login $LIBS" @@ -6404,13 +6414,13 @@ for ac_func in logout updwtmp logwtmp do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:6407: checking for $ac_func" >&5 +echo "$as_me:6417: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 6413 "configure" +#line 6423 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -6441,16 +6451,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:6444: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6454: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6447: \$? = $ac_status" >&5 + echo "$as_me:6457: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:6450: \"$ac_try\"") >&5 + { (eval echo "$as_me:6460: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6453: \$? = $ac_status" >&5 + echo "$as_me:6463: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -6460,7 +6470,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:6463: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:6473: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:6486: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 6482 "configure" +#line 6492 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -6510,16 +6520,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:6513: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6523: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6516: \$? = $ac_status" >&5 + echo "$as_me:6526: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:6519: \"$ac_try\"") >&5 + { (eval echo "$as_me:6529: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6522: \$? = $ac_status" >&5 + echo "$as_me:6532: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -6529,7 +6539,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:6532: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:6542: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:6551: checking for strftime in -lintl" >&5 echo $ECHO_N "checking for strftime in -lintl... $ECHO_C" >&6 if test "${ac_cv_lib_intl_strftime+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -6546,7 +6556,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lintl $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 6549 "configure" +#line 6559 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -6565,16 +6575,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:6568: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6578: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6571: \$? = $ac_status" >&5 + echo "$as_me:6581: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:6574: \"$ac_try\"") >&5 + { (eval echo "$as_me:6584: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6577: \$? = $ac_status" >&5 + echo "$as_me:6587: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_intl_strftime=yes else @@ -6585,7 +6595,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:6588: result: $ac_cv_lib_intl_strftime" >&5 +echo "$as_me:6598: result: $ac_cv_lib_intl_strftime" >&5 echo "${ECHO_T}$ac_cv_lib_intl_strftime" >&6 if test $ac_cv_lib_intl_strftime = yes; then cat >>confdefs.h <<\EOF @@ -6599,10 +6609,10 @@ done # Check for ALTDIRFUNC glob() extension -echo "$as_me:6602: checking for GLOB_ALTDIRFUNC support" >&5 +echo "$as_me:6612: checking for GLOB_ALTDIRFUNC support" >&5 echo $ECHO_N "checking for GLOB_ALTDIRFUNC support... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 6605 "configure" +#line 6615 "configure" #include "confdefs.h" #include @@ -6618,22 +6628,22 @@ #define GLOB_HAS_ALTDIRFUNC 1 EOF - echo "$as_me:6621: result: yes" >&5 + echo "$as_me:6631: result: yes" >&5 echo "${ECHO_T}yes" >&6 else - echo "$as_me:6626: result: no" >&5 + echo "$as_me:6636: result: no" >&5 echo "${ECHO_T}no" >&6 fi rm -f conftest* # Check for g.gl_matchc glob() extension -echo "$as_me:6633: checking for gl_matchc field in glob_t" >&5 +echo "$as_me:6643: checking for gl_matchc field in glob_t" >&5 echo $ECHO_N "checking for gl_matchc field in glob_t... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 6636 "configure" +#line 6646 "configure" #include "confdefs.h" #include @@ -6647,26 +6657,26 @@ #define GLOB_HAS_GL_MATCHC 1 EOF - echo "$as_me:6650: result: yes" >&5 + echo "$as_me:6660: result: yes" >&5 echo "${ECHO_T}yes" >&6 else - echo "$as_me:6655: result: no" >&5 + echo "$as_me:6665: result: no" >&5 echo "${ECHO_T}no" >&6 fi rm -f conftest* -echo "$as_me:6661: checking whether struct dirent allocates space for d_name" >&5 +echo "$as_me:6671: checking whether struct dirent allocates space for d_name" >&5 echo $ECHO_N "checking whether struct dirent allocates space for d_name... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:6664: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:6674: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 6669 "configure" +#line 6679 "configure" #include "confdefs.h" #include @@ -6675,24 +6685,24 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:6678: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6688: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6681: \$? = $ac_status" >&5 + echo "$as_me:6691: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:6683: \"$ac_try\"") >&5 + { (eval echo "$as_me:6693: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6686: \$? = $ac_status" >&5 + echo "$as_me:6696: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:6688: result: yes" >&5 + echo "$as_me:6698: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:6695: result: no" >&5 + echo "$as_me:6705: result: no" >&5 echo "${ECHO_T}no" >&6 cat >>confdefs.h <<\EOF #define BROKEN_ONE_BYTE_DIRENT_D_NAME 1 @@ -6723,15 +6733,15 @@ LIBS="-lskey $LIBS" SKEY_MSG="yes" - echo "$as_me:6726: checking for s/key support" >&5 + echo "$as_me:6736: checking for s/key support" >&5 echo $ECHO_N "checking for s/key support... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:6729: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:6739: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 6734 "configure" +#line 6744 "configure" #include "confdefs.h" #include @@ -6740,26 +6750,26 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:6743: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6753: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6746: \$? = $ac_status" >&5 + echo "$as_me:6756: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:6748: \"$ac_try\"") >&5 + { (eval echo "$as_me:6758: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6751: \$? = $ac_status" >&5 + echo "$as_me:6761: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:6753: result: yes" >&5 + echo "$as_me:6763: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:6760: result: no" >&5 + echo "$as_me:6770: result: no" >&5 echo "${ECHO_T}no" >&6 - { { echo "$as_me:6762: error: ** Incomplete or missing s/key libraries." >&5 + { { echo "$as_me:6772: error: ** Incomplete or missing s/key libraries." >&5 echo "$as_me: error: ** Incomplete or missing s/key libraries." >&2;} { (exit 1); exit 1; }; } @@ -6803,10 +6813,10 @@ fi LIBWRAP="-lwrap" LIBS="$LIBWRAP $LIBS" - echo "$as_me:6806: checking for libwrap" >&5 + echo "$as_me:6816: checking for libwrap" >&5 echo $ECHO_N "checking for libwrap... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 6809 "configure" +#line 6819 "configure" #include "confdefs.h" #include @@ -6821,19 +6831,19 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:6824: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6834: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6827: \$? = $ac_status" >&5 + echo "$as_me:6837: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:6830: \"$ac_try\"") >&5 + { (eval echo "$as_me:6840: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6833: \$? = $ac_status" >&5 + echo "$as_me:6843: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:6836: result: yes" >&5 + echo "$as_me:6846: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define LIBWRAP 1 @@ -6845,7 +6855,7 @@ echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - { { echo "$as_me:6848: error: *** libwrap missing" >&5 + { { echo "$as_me:6858: error: *** libwrap missing" >&5 echo "$as_me: error: *** libwrap missing" >&2;} { (exit 1); exit 1; }; } @@ -6872,13 +6882,13 @@ do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:6875: checking for $ac_func" >&5 +echo "$as_me:6885: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 6881 "configure" +#line 6891 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -6909,16 +6919,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:6912: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6922: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6915: \$? = $ac_status" >&5 + echo "$as_me:6925: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:6918: \"$ac_try\"") >&5 + { (eval echo "$as_me:6928: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6921: \$? = $ac_status" >&5 + echo "$as_me:6931: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -6928,7 +6938,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:6931: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:6941: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:6956: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 6952 "configure" +#line 6962 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -6980,16 +6990,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:6983: \"$ac_link\"") >&5 +if { (eval echo "$as_me:6993: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:6986: \$? = $ac_status" >&5 + echo "$as_me:6996: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:6989: \"$ac_try\"") >&5 + { (eval echo "$as_me:6999: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:6992: \$? = $ac_status" >&5 + echo "$as_me:7002: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -6999,7 +7009,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:7002: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:7012: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <conftest.$ac_ext <<_ACEOF -#line 7014 "configure" +#line 7024 "configure" #include "confdefs.h" #include @@ -7031,16 +7041,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:7034: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:7044: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:7037: \$? = $ac_status" >&5 + echo "$as_me:7047: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:7040: \"$ac_try\"") >&5 + { (eval echo "$as_me:7050: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7043: \$? = $ac_status" >&5 + echo "$as_me:7053: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF @@ -7055,7 +7065,7 @@ fi done -echo "$as_me:7058: checking for library containing nanosleep" >&5 +echo "$as_me:7068: checking for library containing nanosleep" >&5 echo $ECHO_N "checking for library containing nanosleep... $ECHO_C" >&6 if test "${ac_cv_search_nanosleep+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -7063,7 +7073,7 @@ ac_func_search_save_LIBS=$LIBS ac_cv_search_nanosleep=no cat >conftest.$ac_ext <<_ACEOF -#line 7066 "configure" +#line 7076 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -7082,16 +7092,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:7085: \"$ac_link\"") >&5 +if { (eval echo "$as_me:7095: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:7088: \$? = $ac_status" >&5 + echo "$as_me:7098: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:7091: \"$ac_try\"") >&5 + { (eval echo "$as_me:7101: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7094: \$? = $ac_status" >&5 + echo "$as_me:7104: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_nanosleep="none required" else @@ -7103,7 +7113,7 @@ for ac_lib in rt posix4; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 7106 "configure" +#line 7116 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -7122,16 +7132,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:7125: \"$ac_link\"") >&5 +if { (eval echo "$as_me:7135: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:7128: \$? = $ac_status" >&5 + echo "$as_me:7138: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:7131: \"$ac_try\"") >&5 + { (eval echo "$as_me:7141: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7134: \$? = $ac_status" >&5 + echo "$as_me:7144: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_nanosleep="-l$ac_lib" break @@ -7144,7 +7154,7 @@ fi LIBS=$ac_func_search_save_LIBS fi -echo "$as_me:7147: result: $ac_cv_search_nanosleep" >&5 +echo "$as_me:7157: result: $ac_cv_search_nanosleep" >&5 echo "${ECHO_T}$ac_cv_search_nanosleep" >&6 if test "$ac_cv_search_nanosleep" != no; then test "$ac_cv_search_nanosleep" = "none required" || LIBS="$ac_cv_search_nanosleep $LIBS" @@ -7154,13 +7164,13 @@ fi -echo "$as_me:7157: checking for ANSI C header files" >&5 +echo "$as_me:7167: checking for ANSI C header files" >&5 echo $ECHO_N "checking for ANSI C header files... $ECHO_C" >&6 if test "${ac_cv_header_stdc+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 7163 "configure" +#line 7173 "configure" #include "confdefs.h" #include #include @@ -7168,13 +7178,13 @@ #include _ACEOF -if { (eval echo "$as_me:7171: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:7181: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:7177: \$? = $ac_status" >&5 + echo "$as_me:7187: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -7196,7 +7206,7 @@ if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF -#line 7199 "configure" +#line 7209 "configure" #include "confdefs.h" #include @@ -7214,7 +7224,7 @@ if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat >conftest.$ac_ext <<_ACEOF -#line 7217 "configure" +#line 7227 "configure" #include "confdefs.h" #include @@ -7235,7 +7245,7 @@ : else cat >conftest.$ac_ext <<_ACEOF -#line 7238 "configure" +#line 7248 "configure" #include "confdefs.h" #include #if ((' ' & 0x0FF) == 0x020) @@ -7261,15 +7271,15 @@ } _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:7264: \"$ac_link\"") >&5 +if { (eval echo "$as_me:7274: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:7267: \$? = $ac_status" >&5 + echo "$as_me:7277: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:7269: \"$ac_try\"") >&5 + { (eval echo "$as_me:7279: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7272: \$? = $ac_status" >&5 + echo "$as_me:7282: \$? = $ac_status" >&5 (exit $ac_status); }; }; then : else @@ -7282,7 +7292,7 @@ fi fi fi -echo "$as_me:7285: result: $ac_cv_header_stdc" >&5 +echo "$as_me:7295: result: $ac_cv_header_stdc" >&5 echo "${ECHO_T}$ac_cv_header_stdc" >&6 if test $ac_cv_header_stdc = yes; then @@ -7298,28 +7308,28 @@ inttypes.h stdint.h unistd.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -echo "$as_me:7301: checking for $ac_header" >&5 +echo "$as_me:7311: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 7307 "configure" +#line 7317 "configure" #include "confdefs.h" $ac_includes_default #include <$ac_header> _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:7313: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:7323: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:7316: \$? = $ac_status" >&5 + echo "$as_me:7326: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:7319: \"$ac_try\"") >&5 + { (eval echo "$as_me:7329: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7322: \$? = $ac_status" >&5 + echo "$as_me:7332: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_Header=yes" else @@ -7329,7 +7339,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:7332: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "$as_me:7342: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:7352: checking whether strsep is declared" >&5 echo $ECHO_N "checking whether strsep is declared... $ECHO_C" >&6 if test "${ac_cv_have_decl_strsep+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 7348 "configure" +#line 7358 "configure" #include "confdefs.h" $ac_includes_default int @@ -7360,16 +7370,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:7363: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:7373: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:7366: \$? = $ac_status" >&5 + echo "$as_me:7376: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:7369: \"$ac_try\"") >&5 + { (eval echo "$as_me:7379: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7372: \$? = $ac_status" >&5 + echo "$as_me:7382: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_decl_strsep=yes else @@ -7379,20 +7389,20 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:7382: result: $ac_cv_have_decl_strsep" >&5 +echo "$as_me:7392: result: $ac_cv_have_decl_strsep" >&5 echo "${ECHO_T}$ac_cv_have_decl_strsep" >&6 if test $ac_cv_have_decl_strsep = yes; then for ac_func in strsep do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:7389: checking for $ac_func" >&5 +echo "$as_me:7399: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 7395 "configure" +#line 7405 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -7423,16 +7433,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:7426: \"$ac_link\"") >&5 +if { (eval echo "$as_me:7436: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:7429: \$? = $ac_status" >&5 + echo "$as_me:7439: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:7432: \"$ac_try\"") >&5 + { (eval echo "$as_me:7442: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7435: \$? = $ac_status" >&5 + echo "$as_me:7445: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -7442,7 +7452,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:7445: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:7455: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:7467: checking whether getrusage is declared" >&5 echo $ECHO_N "checking whether getrusage is declared... $ECHO_C" >&6 if test "${ac_cv_have_decl_getrusage+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 7463 "configure" +#line 7473 "configure" #include "confdefs.h" $ac_includes_default int @@ -7475,16 +7485,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:7478: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:7488: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:7481: \$? = $ac_status" >&5 + echo "$as_me:7491: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:7484: \"$ac_try\"") >&5 + { (eval echo "$as_me:7494: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7487: \$? = $ac_status" >&5 + echo "$as_me:7497: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_decl_getrusage=yes else @@ -7494,20 +7504,20 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:7497: result: $ac_cv_have_decl_getrusage" >&5 +echo "$as_me:7507: result: $ac_cv_have_decl_getrusage" >&5 echo "${ECHO_T}$ac_cv_have_decl_getrusage" >&6 if test $ac_cv_have_decl_getrusage = yes; then for ac_func in getrusage do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:7504: checking for $ac_func" >&5 +echo "$as_me:7514: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 7510 "configure" +#line 7520 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -7538,16 +7548,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:7541: \"$ac_link\"") >&5 +if { (eval echo "$as_me:7551: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:7544: \$? = $ac_status" >&5 + echo "$as_me:7554: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:7547: \"$ac_try\"") >&5 + { (eval echo "$as_me:7557: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7550: \$? = $ac_status" >&5 + echo "$as_me:7560: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -7557,7 +7567,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:7560: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:7570: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:7582: checking whether tcsendbreak is declared" >&5 echo $ECHO_N "checking whether tcsendbreak is declared... $ECHO_C" >&6 if test "${ac_cv_have_decl_tcsendbreak+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 7578 "configure" +#line 7588 "configure" #include "confdefs.h" #include @@ -7591,16 +7601,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:7594: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:7604: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:7597: \$? = $ac_status" >&5 + echo "$as_me:7607: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:7600: \"$ac_try\"") >&5 + { (eval echo "$as_me:7610: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7603: \$? = $ac_status" >&5 + echo "$as_me:7613: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_decl_tcsendbreak=yes else @@ -7610,7 +7620,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:7613: result: $ac_cv_have_decl_tcsendbreak" >&5 +echo "$as_me:7623: result: $ac_cv_have_decl_tcsendbreak" >&5 echo "${ECHO_T}$ac_cv_have_decl_tcsendbreak" >&6 if test $ac_cv_have_decl_tcsendbreak = yes; then cat >>confdefs.h <<\EOF @@ -7622,13 +7632,13 @@ for ac_func in tcsendbreak do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:7625: checking for $ac_func" >&5 +echo "$as_me:7635: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 7631 "configure" +#line 7641 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -7659,16 +7669,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:7662: \"$ac_link\"") >&5 +if { (eval echo "$as_me:7672: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:7665: \$? = $ac_status" >&5 + echo "$as_me:7675: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:7668: \"$ac_try\"") >&5 + { (eval echo "$as_me:7678: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7671: \$? = $ac_status" >&5 + echo "$as_me:7681: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -7678,7 +7688,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:7681: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:7691: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:7706: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 7702 "configure" +#line 7712 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -7730,16 +7740,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:7733: \"$ac_link\"") >&5 +if { (eval echo "$as_me:7743: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:7736: \$? = $ac_status" >&5 + echo "$as_me:7746: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:7739: \"$ac_try\"") >&5 + { (eval echo "$as_me:7749: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7742: \$? = $ac_status" >&5 + echo "$as_me:7752: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -7749,22 +7759,22 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:7752: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:7762: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 + echo "$as_me:7769: checking if setresuid seems to work" >&5 echo $ECHO_N "checking if setresuid seems to work... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:7762: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:7772: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 7767 "configure" +#line 7777 "configure" #include "confdefs.h" #include @@ -7773,17 +7783,17 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:7776: \"$ac_link\"") >&5 +if { (eval echo "$as_me:7786: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:7779: \$? = $ac_status" >&5 + echo "$as_me:7789: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:7781: \"$ac_try\"") >&5 + { (eval echo "$as_me:7791: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7784: \$? = $ac_status" >&5 + echo "$as_me:7794: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:7786: result: yes" >&5 + echo "$as_me:7796: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: program exited with status $ac_status" >&5 @@ -7793,7 +7803,7 @@ #define BROKEN_SETRESUID 1 EOF - echo "$as_me:7796: result: not implemented" >&5 + echo "$as_me:7806: result: not implemented" >&5 echo "${ECHO_T}not implemented" >&6 fi @@ -7806,13 +7816,13 @@ for ac_func in setresgid do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:7809: checking for $ac_func" >&5 +echo "$as_me:7819: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 7815 "configure" +#line 7825 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -7843,16 +7853,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:7846: \"$ac_link\"") >&5 +if { (eval echo "$as_me:7856: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:7849: \$? = $ac_status" >&5 + echo "$as_me:7859: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:7852: \"$ac_try\"") >&5 + { (eval echo "$as_me:7862: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7855: \$? = $ac_status" >&5 + echo "$as_me:7865: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -7862,22 +7872,22 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:7865: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:7875: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 + echo "$as_me:7882: checking if setresgid seems to work" >&5 echo $ECHO_N "checking if setresgid seems to work... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:7875: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:7885: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 7880 "configure" +#line 7890 "configure" #include "confdefs.h" #include @@ -7886,17 +7896,17 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:7889: \"$ac_link\"") >&5 +if { (eval echo "$as_me:7899: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:7892: \$? = $ac_status" >&5 + echo "$as_me:7902: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:7894: \"$ac_try\"") >&5 + { (eval echo "$as_me:7904: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7897: \$? = $ac_status" >&5 + echo "$as_me:7907: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:7899: result: yes" >&5 + echo "$as_me:7909: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: program exited with status $ac_status" >&5 @@ -7906,7 +7916,7 @@ #define BROKEN_SETRESGID 1 EOF - echo "$as_me:7909: result: not implemented" >&5 + echo "$as_me:7919: result: not implemented" >&5 echo "${ECHO_T}not implemented" >&6 fi @@ -7919,13 +7929,13 @@ for ac_func in gettimeofday time do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:7922: checking for $ac_func" >&5 +echo "$as_me:7932: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 7928 "configure" +#line 7938 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -7956,16 +7966,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:7959: \"$ac_link\"") >&5 +if { (eval echo "$as_me:7969: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:7962: \$? = $ac_status" >&5 + echo "$as_me:7972: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:7965: \"$ac_try\"") >&5 + { (eval echo "$as_me:7975: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:7968: \$? = $ac_status" >&5 + echo "$as_me:7978: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -7975,7 +7985,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:7978: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:7988: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:8001: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 7997 "configure" +#line 8007 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -8025,16 +8035,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:8028: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8038: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8031: \$? = $ac_status" >&5 + echo "$as_me:8041: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:8034: \"$ac_try\"") >&5 + { (eval echo "$as_me:8044: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8037: \$? = $ac_status" >&5 + echo "$as_me:8047: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -8044,7 +8054,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:8047: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:8057: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:8070: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 8066 "configure" +#line 8076 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -8094,16 +8104,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:8097: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8107: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8100: \$? = $ac_status" >&5 + echo "$as_me:8110: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:8103: \"$ac_try\"") >&5 + { (eval echo "$as_me:8113: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8106: \$? = $ac_status" >&5 + echo "$as_me:8116: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -8113,7 +8123,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:8116: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:8126: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:8139: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 8135 "configure" +#line 8145 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -8163,16 +8173,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:8166: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8176: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8169: \$? = $ac_status" >&5 + echo "$as_me:8179: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:8172: \"$ac_try\"") >&5 + { (eval echo "$as_me:8182: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8175: \$? = $ac_status" >&5 + echo "$as_me:8185: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -8182,7 +8192,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:8185: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:8195: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:8208: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 8204 "configure" +#line 8214 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -8232,16 +8242,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:8235: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8245: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8238: \$? = $ac_status" >&5 + echo "$as_me:8248: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:8241: \"$ac_try\"") >&5 + { (eval echo "$as_me:8251: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8244: \$? = $ac_status" >&5 + echo "$as_me:8254: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -8251,7 +8261,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:8254: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:8264: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:8274: checking for daemon" >&5 echo $ECHO_N "checking for daemon... $ECHO_C" >&6 if test "${ac_cv_func_daemon+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 8270 "configure" +#line 8280 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char daemon (); below. */ @@ -8298,16 +8308,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:8301: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8311: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8304: \$? = $ac_status" >&5 + echo "$as_me:8314: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:8307: \"$ac_try\"") >&5 + { (eval echo "$as_me:8317: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8310: \$? = $ac_status" >&5 + echo "$as_me:8320: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_func_daemon=yes else @@ -8317,7 +8327,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:8320: result: $ac_cv_func_daemon" >&5 +echo "$as_me:8330: result: $ac_cv_func_daemon" >&5 echo "${ECHO_T}$ac_cv_func_daemon" >&6 if test $ac_cv_func_daemon = yes; then cat >>confdefs.h <<\EOF @@ -8325,7 +8335,7 @@ EOF else - echo "$as_me:8328: checking for daemon in -lbsd" >&5 + echo "$as_me:8338: checking for daemon in -lbsd" >&5 echo $ECHO_N "checking for daemon in -lbsd... $ECHO_C" >&6 if test "${ac_cv_lib_bsd_daemon+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -8333,7 +8343,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lbsd $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 8336 "configure" +#line 8346 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -8352,16 +8362,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:8355: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8365: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8358: \$? = $ac_status" >&5 + echo "$as_me:8368: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:8361: \"$ac_try\"") >&5 + { (eval echo "$as_me:8371: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8364: \$? = $ac_status" >&5 + echo "$as_me:8374: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_bsd_daemon=yes else @@ -8372,7 +8382,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:8375: result: $ac_cv_lib_bsd_daemon" >&5 +echo "$as_me:8385: result: $ac_cv_lib_bsd_daemon" >&5 echo "${ECHO_T}$ac_cv_lib_bsd_daemon" >&6 if test $ac_cv_lib_bsd_daemon = yes; then LIBS="$LIBS -lbsd"; cat >>confdefs.h <<\EOF @@ -8383,13 +8393,13 @@ fi -echo "$as_me:8386: checking for getpagesize" >&5 +echo "$as_me:8396: checking for getpagesize" >&5 echo $ECHO_N "checking for getpagesize... $ECHO_C" >&6 if test "${ac_cv_func_getpagesize+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 8392 "configure" +#line 8402 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char getpagesize (); below. */ @@ -8420,16 +8430,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:8423: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8433: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8426: \$? = $ac_status" >&5 + echo "$as_me:8436: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:8429: \"$ac_try\"") >&5 + { (eval echo "$as_me:8439: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8432: \$? = $ac_status" >&5 + echo "$as_me:8442: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_func_getpagesize=yes else @@ -8439,7 +8449,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:8442: result: $ac_cv_func_getpagesize" >&5 +echo "$as_me:8452: result: $ac_cv_func_getpagesize" >&5 echo "${ECHO_T}$ac_cv_func_getpagesize" >&6 if test $ac_cv_func_getpagesize = yes; then cat >>confdefs.h <<\EOF @@ -8447,7 +8457,7 @@ EOF else - echo "$as_me:8450: checking for getpagesize in -lucb" >&5 + echo "$as_me:8460: checking for getpagesize in -lucb" >&5 echo $ECHO_N "checking for getpagesize in -lucb... $ECHO_C" >&6 if test "${ac_cv_lib_ucb_getpagesize+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -8455,7 +8465,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lucb $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 8458 "configure" +#line 8468 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -8474,16 +8484,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:8477: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8487: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8480: \$? = $ac_status" >&5 + echo "$as_me:8490: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:8483: \"$ac_try\"") >&5 + { (eval echo "$as_me:8493: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8486: \$? = $ac_status" >&5 + echo "$as_me:8496: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_ucb_getpagesize=yes else @@ -8494,7 +8504,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:8497: result: $ac_cv_lib_ucb_getpagesize" >&5 +echo "$as_me:8507: result: $ac_cv_lib_ucb_getpagesize" >&5 echo "${ECHO_T}$ac_cv_lib_ucb_getpagesize" >&6 if test $ac_cv_lib_ucb_getpagesize = yes; then LIBS="$LIBS -lucb"; cat >>confdefs.h <<\EOF @@ -8507,15 +8517,15 @@ # Check for broken snprintf if test "x$ac_cv_func_snprintf" = "xyes" ; then - echo "$as_me:8510: checking whether snprintf correctly terminates long strings" >&5 + echo "$as_me:8520: checking whether snprintf correctly terminates long strings" >&5 echo $ECHO_N "checking whether snprintf correctly terminates long strings... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:8513: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:8523: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 8518 "configure" +#line 8528 "configure" #include "confdefs.h" #include @@ -8523,30 +8533,30 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:8526: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8536: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8529: \$? = $ac_status" >&5 + echo "$as_me:8539: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:8531: \"$ac_try\"") >&5 + { (eval echo "$as_me:8541: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8534: \$? = $ac_status" >&5 + echo "$as_me:8544: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:8536: result: yes" >&5 + echo "$as_me:8546: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: program exited with status $ac_status" >&5 echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:8543: result: no" >&5 + echo "$as_me:8553: result: no" >&5 echo "${ECHO_T}no" >&6 cat >>confdefs.h <<\EOF #define BROKEN_SNPRINTF 1 EOF - { echo "$as_me:8549: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5 + { echo "$as_me:8559: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&5 echo "$as_me: WARNING: ****** Your snprintf() function is broken, complain to your vendor" >&2;} fi @@ -8555,11 +8565,11 @@ fi if test "x$ac_cv_func_mkdtemp" = "xyes" ; then -echo "$as_me:8558: checking for (overly) strict mkstemp" >&5 +echo "$as_me:8568: checking for (overly) strict mkstemp" >&5 echo $ECHO_N "checking for (overly) strict mkstemp... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - echo "$as_me:8562: result: yes" >&5 + echo "$as_me:8572: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define HAVE_STRICT_MKSTEMP 1 @@ -8567,7 +8577,7 @@ else cat >conftest.$ac_ext <<_ACEOF -#line 8570 "configure" +#line 8580 "configure" #include "confdefs.h" #include @@ -8579,18 +8589,18 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:8582: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8592: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8585: \$? = $ac_status" >&5 + echo "$as_me:8595: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:8587: \"$ac_try\"") >&5 + { (eval echo "$as_me:8597: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8590: \$? = $ac_status" >&5 + echo "$as_me:8600: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:8593: result: no" >&5 + echo "$as_me:8603: result: no" >&5 echo "${ECHO_T}no" >&6 else @@ -8598,7 +8608,7 @@ echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:8601: result: yes" >&5 + echo "$as_me:8611: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define HAVE_STRICT_MKSTEMP 1 @@ -8610,15 +8620,15 @@ fi if test ! -z "$check_for_openpty_ctty_bug"; then - echo "$as_me:8613: checking if openpty correctly handles controlling tty" >&5 + echo "$as_me:8623: checking if openpty correctly handles controlling tty" >&5 echo $ECHO_N "checking if openpty correctly handles controlling tty... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:8616: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:8626: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 8621 "configure" +#line 8631 "configure" #include "confdefs.h" #include @@ -8655,18 +8665,18 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:8658: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8668: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8661: \$? = $ac_status" >&5 + echo "$as_me:8671: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:8663: \"$ac_try\"") >&5 + { (eval echo "$as_me:8673: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8666: \$? = $ac_status" >&5 + echo "$as_me:8676: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:8669: result: yes" >&5 + echo "$as_me:8679: result: yes" >&5 echo "${ECHO_T}yes" >&6 else @@ -8674,7 +8684,7 @@ echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:8677: result: no" >&5 + echo "$as_me:8687: result: no" >&5 echo "${ECHO_T}no" >&6 cat >>confdefs.h <<\EOF #define SSHD_ACQUIRES_CTTY 1 @@ -8685,14 +8695,14 @@ fi fi -echo "$as_me:8688: checking whether getpgrp takes no argument" >&5 +echo "$as_me:8698: checking whether getpgrp takes no argument" >&5 echo $ECHO_N "checking whether getpgrp takes no argument... $ECHO_C" >&6 if test "${ac_cv_func_getpgrp_void+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else # Use it with a single arg. cat >conftest.$ac_ext <<_ACEOF -#line 8695 "configure" +#line 8705 "configure" #include "confdefs.h" $ac_includes_default int @@ -8704,16 +8714,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:8707: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:8717: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:8710: \$? = $ac_status" >&5 + echo "$as_me:8720: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:8713: \"$ac_try\"") >&5 + { (eval echo "$as_me:8723: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8716: \$? = $ac_status" >&5 + echo "$as_me:8726: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_func_getpgrp_1=yes else @@ -8724,7 +8734,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext # Use it with no arg. cat >conftest.$ac_ext <<_ACEOF -#line 8727 "configure" +#line 8737 "configure" #include "confdefs.h" $ac_includes_default int @@ -8736,16 +8746,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:8739: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:8749: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:8742: \$? = $ac_status" >&5 + echo "$as_me:8752: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:8745: \"$ac_try\"") >&5 + { (eval echo "$as_me:8755: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8748: \$? = $ac_status" >&5 + echo "$as_me:8758: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_func_getpgrp_0=yes else @@ -8759,12 +8769,12 @@ yes:no) ac_cv_func_getpgrp_void=yes;; no:yes) ac_cv_func_getpgrp_void=false;; *) if test "$cross_compiling" = yes; then - { { echo "$as_me:8762: error: cannot check getpgrp if cross compiling" >&5 + { { echo "$as_me:8772: error: cannot check getpgrp if cross compiling" >&5 echo "$as_me: error: cannot check getpgrp if cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 8767 "configure" +#line 8777 "configure" #include "confdefs.h" $ac_includes_default @@ -8818,15 +8828,15 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:8821: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8831: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8824: \$? = $ac_status" >&5 + echo "$as_me:8834: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:8826: \"$ac_try\"") >&5 + { (eval echo "$as_me:8836: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8829: \$? = $ac_status" >&5 + echo "$as_me:8839: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_func_getpgrp_void=yes else @@ -8840,7 +8850,7 @@ esac # $ac_func_getpgrp_0:$ac_func_getpgrp_1 fi -echo "$as_me:8843: result: $ac_cv_func_getpgrp_void" >&5 +echo "$as_me:8853: result: $ac_cv_func_getpgrp_void" >&5 echo "${ECHO_T}$ac_cv_func_getpgrp_void" >&6 if test $ac_cv_func_getpgrp_void = yes; then @@ -8860,12 +8870,12 @@ if test "x$withval" != "xno" ; then if test "x$ac_cv_header_security_pam_appl_h" != "xyes" && \ test "x$ac_cv_header_pam_pam_appl_h" != "xyes" ; then - { { echo "$as_me:8863: error: PAM headers not found" >&5 + { { echo "$as_me:8873: error: PAM headers not found" >&5 echo "$as_me: error: PAM headers not found" >&2;} { (exit 1); exit 1; }; } fi -echo "$as_me:8868: checking for dlopen in -ldl" >&5 +echo "$as_me:8878: checking for dlopen in -ldl" >&5 echo $ECHO_N "checking for dlopen in -ldl... $ECHO_C" >&6 if test "${ac_cv_lib_dl_dlopen+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -8873,7 +8883,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-ldl $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 8876 "configure" +#line 8886 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -8892,16 +8902,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:8895: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8905: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8898: \$? = $ac_status" >&5 + echo "$as_me:8908: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:8901: \"$ac_try\"") >&5 + { (eval echo "$as_me:8911: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8904: \$? = $ac_status" >&5 + echo "$as_me:8914: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_dl_dlopen=yes else @@ -8912,7 +8922,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:8915: result: $ac_cv_lib_dl_dlopen" >&5 +echo "$as_me:8925: result: $ac_cv_lib_dl_dlopen" >&5 echo "${ECHO_T}$ac_cv_lib_dl_dlopen" >&6 if test $ac_cv_lib_dl_dlopen = yes; then cat >>confdefs.h <&5 +echo "$as_me:8936: checking for pam_set_item in -lpam" >&5 echo $ECHO_N "checking for pam_set_item in -lpam... $ECHO_C" >&6 if test "${ac_cv_lib_pam_pam_set_item+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -8931,7 +8941,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lpam $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 8934 "configure" +#line 8944 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -8950,16 +8960,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:8953: \"$ac_link\"") >&5 +if { (eval echo "$as_me:8963: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:8956: \$? = $ac_status" >&5 + echo "$as_me:8966: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:8959: \"$ac_try\"") >&5 + { (eval echo "$as_me:8969: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:8962: \$? = $ac_status" >&5 + echo "$as_me:8972: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_pam_pam_set_item=yes else @@ -8970,7 +8980,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:8973: result: $ac_cv_lib_pam_pam_set_item" >&5 +echo "$as_me:8983: result: $ac_cv_lib_pam_pam_set_item" >&5 echo "${ECHO_T}$ac_cv_lib_pam_pam_set_item" >&6 if test $ac_cv_lib_pam_pam_set_item = yes; then cat >>confdefs.h <&5 + { { echo "$as_me:8993: error: *** libpam missing" >&5 echo "$as_me: error: *** libpam missing" >&2;} { (exit 1); exit 1; }; } fi @@ -8988,13 +8998,13 @@ for ac_func in pam_getenvlist do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:8991: checking for $ac_func" >&5 +echo "$as_me:9001: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 8997 "configure" +#line 9007 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -9025,16 +9035,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:9028: \"$ac_link\"") >&5 +if { (eval echo "$as_me:9038: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:9031: \$? = $ac_status" >&5 + echo "$as_me:9041: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:9034: \"$ac_try\"") >&5 + { (eval echo "$as_me:9044: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:9037: \$? = $ac_status" >&5 + echo "$as_me:9047: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -9044,7 +9054,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:9047: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:9057: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:9070: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 9066 "configure" +#line 9076 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -9094,16 +9104,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:9097: \"$ac_link\"") >&5 +if { (eval echo "$as_me:9107: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:9100: \$? = $ac_status" >&5 + echo "$as_me:9110: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:9103: \"$ac_try\"") >&5 + { (eval echo "$as_me:9113: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:9106: \$? = $ac_status" >&5 + echo "$as_me:9116: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -9113,7 +9123,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:9116: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:9126: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 + echo "$as_me:9155: checking whether pam_strerror takes only one argument" >&5 echo $ECHO_N "checking whether pam_strerror takes only one argument... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 9148 "configure" +#line 9158 "configure" #include "confdefs.h" #include @@ -9164,18 +9174,18 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:9167: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:9177: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:9170: \$? = $ac_status" >&5 + echo "$as_me:9180: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:9173: \"$ac_try\"") >&5 + { (eval echo "$as_me:9183: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:9176: \$? = $ac_status" >&5 + echo "$as_me:9186: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:9178: result: no" >&5 + echo "$as_me:9188: result: no" >&5 echo "${ECHO_T}no" >&6 else echo "$as_me: failed program was:" >&5 @@ -9185,7 +9195,7 @@ #define HAVE_OLD_PAM 1 EOF - echo "$as_me:9188: result: yes" >&5 + echo "$as_me:9198: result: yes" >&5 echo "${ECHO_T}yes" >&6 PAM_MSG="yes (old library)" @@ -9225,7 +9235,7 @@ fi; LIBS="-lcrypto $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 9228 "configure" +#line 9238 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -9244,16 +9254,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:9247: \"$ac_link\"") >&5 +if { (eval echo "$as_me:9257: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:9250: \$? = $ac_status" >&5 + echo "$as_me:9260: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:9253: \"$ac_try\"") >&5 + { (eval echo "$as_me:9263: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:9256: \$? = $ac_status" >&5 + echo "$as_me:9266: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF #define HAVE_OPENSSL 1 @@ -9270,7 +9280,7 @@ fi CPPFLAGS="-I/usr/local/ssl/include ${saved_CPPFLAGS}" cat >conftest.$ac_ext <<_ACEOF -#line 9273 "configure" +#line 9283 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -9289,16 +9299,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:9292: \"$ac_link\"") >&5 +if { (eval echo "$as_me:9302: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:9295: \$? = $ac_status" >&5 + echo "$as_me:9305: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:9298: \"$ac_try\"") >&5 + { (eval echo "$as_me:9308: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:9301: \$? = $ac_status" >&5 + echo "$as_me:9311: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF #define HAVE_OPENSSL 1 @@ -9308,7 +9318,7 @@ echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - { { echo "$as_me:9311: error: *** Can't find recent OpenSSL libcrypto (see config.log for details) ***" >&5 + { { echo "$as_me:9321: error: *** Can't find recent OpenSSL libcrypto (see config.log for details) ***" >&5 echo "$as_me: error: *** Can't find recent OpenSSL libcrypto (see config.log for details) ***" >&2;} { (exit 1); exit 1; }; } @@ -9319,15 +9329,15 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext # Determine OpenSSL header version -echo "$as_me:9322: checking OpenSSL header version" >&5 +echo "$as_me:9332: checking OpenSSL header version" >&5 echo $ECHO_N "checking OpenSSL header version... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:9325: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:9335: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 9330 "configure" +#line 9340 "configure" #include "confdefs.h" #include @@ -9350,19 +9360,19 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:9353: \"$ac_link\"") >&5 +if { (eval echo "$as_me:9363: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:9356: \$? = $ac_status" >&5 + echo "$as_me:9366: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:9358: \"$ac_try\"") >&5 + { (eval echo "$as_me:9368: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:9361: \$? = $ac_status" >&5 + echo "$as_me:9371: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ssl_header_ver=`cat conftest.sslincver` - echo "$as_me:9365: result: $ssl_header_ver" >&5 + echo "$as_me:9375: result: $ssl_header_ver" >&5 echo "${ECHO_T}$ssl_header_ver" >&6 else @@ -9370,9 +9380,9 @@ echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:9373: result: not found" >&5 + echo "$as_me:9383: result: not found" >&5 echo "${ECHO_T}not found" >&6 - { { echo "$as_me:9375: error: OpenSSL version header not found." >&5 + { { echo "$as_me:9385: error: OpenSSL version header not found." >&5 echo "$as_me: error: OpenSSL version header not found." >&2;} { (exit 1); exit 1; }; } @@ -9381,15 +9391,15 @@ fi # Determine OpenSSL library version -echo "$as_me:9384: checking OpenSSL library version" >&5 +echo "$as_me:9394: checking OpenSSL library version" >&5 echo $ECHO_N "checking OpenSSL library version... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:9387: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:9397: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 9392 "configure" +#line 9402 "configure" #include "confdefs.h" #include @@ -9413,19 +9423,19 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:9416: \"$ac_link\"") >&5 +if { (eval echo "$as_me:9426: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:9419: \$? = $ac_status" >&5 + echo "$as_me:9429: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:9421: \"$ac_try\"") >&5 + { (eval echo "$as_me:9431: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:9424: \$? = $ac_status" >&5 + echo "$as_me:9434: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ssl_library_ver=`cat conftest.ssllibver` - echo "$as_me:9428: result: $ssl_library_ver" >&5 + echo "$as_me:9438: result: $ssl_library_ver" >&5 echo "${ECHO_T}$ssl_library_ver" >&6 else @@ -9433,9 +9443,9 @@ echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:9436: result: not found" >&5 + echo "$as_me:9446: result: not found" >&5 echo "${ECHO_T}not found" >&6 - { { echo "$as_me:9438: error: OpenSSL library not found." >&5 + { { echo "$as_me:9448: error: OpenSSL library not found." >&5 echo "$as_me: error: OpenSSL library not found." >&2;} { (exit 1); exit 1; }; } @@ -9444,15 +9454,15 @@ fi # Sanity check OpenSSL headers -echo "$as_me:9447: checking whether OpenSSL's headers match the library" >&5 +echo "$as_me:9457: checking whether OpenSSL's headers match the library" >&5 echo $ECHO_N "checking whether OpenSSL's headers match the library... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:9450: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:9460: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 9455 "configure" +#line 9465 "configure" #include "confdefs.h" #include @@ -9461,18 +9471,18 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:9464: \"$ac_link\"") >&5 +if { (eval echo "$as_me:9474: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:9467: \$? = $ac_status" >&5 + echo "$as_me:9477: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:9469: \"$ac_try\"") >&5 + { (eval echo "$as_me:9479: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:9472: \$? = $ac_status" >&5 + echo "$as_me:9482: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:9475: result: yes" >&5 + echo "$as_me:9485: result: yes" >&5 echo "${ECHO_T}yes" >&6 else @@ -9480,9 +9490,9 @@ echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:9483: result: no" >&5 + echo "$as_me:9493: result: no" >&5 echo "${ECHO_T}no" >&6 - { { echo "$as_me:9485: error: Your OpenSSL headers do not match your library. + { { echo "$as_me:9495: error: Your OpenSSL headers do not match your library. Check config.log for details. Also see contrib/findssl.sh for help identifying header/library mismatches." >&5 echo "$as_me: error: Your OpenSSL headers do not match your library. @@ -9498,7 +9508,7 @@ # because the system crypt() is more featureful. if test "x$check_for_libcrypt_before" = "x1"; then -echo "$as_me:9501: checking for crypt in -lcrypt" >&5 +echo "$as_me:9511: checking for crypt in -lcrypt" >&5 echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6 if test "${ac_cv_lib_crypt_crypt+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9506,7 +9516,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypt $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 9509 "configure" +#line 9519 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -9525,16 +9535,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:9528: \"$ac_link\"") >&5 +if { (eval echo "$as_me:9538: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:9531: \$? = $ac_status" >&5 + echo "$as_me:9541: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:9534: \"$ac_try\"") >&5 + { (eval echo "$as_me:9544: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:9537: \$? = $ac_status" >&5 + echo "$as_me:9547: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_crypt_crypt=yes else @@ -9545,7 +9555,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:9548: result: $ac_cv_lib_crypt_crypt" >&5 +echo "$as_me:9558: result: $ac_cv_lib_crypt_crypt" >&5 echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6 if test $ac_cv_lib_crypt_crypt = yes; then cat >>confdefs.h <&5 + echo "$as_me:9574: checking for crypt in -lcrypt" >&5 echo $ECHO_N "checking for crypt in -lcrypt... $ECHO_C" >&6 if test "${ac_cv_lib_crypt_crypt+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9569,7 +9579,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lcrypt $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 9572 "configure" +#line 9582 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -9588,16 +9598,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:9591: \"$ac_link\"") >&5 +if { (eval echo "$as_me:9601: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:9594: \$? = $ac_status" >&5 + echo "$as_me:9604: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:9597: \"$ac_try\"") >&5 + { (eval echo "$as_me:9607: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:9600: \$? = $ac_status" >&5 + echo "$as_me:9610: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_crypt_crypt=yes else @@ -9608,7 +9618,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:9611: result: $ac_cv_lib_crypt_crypt" >&5 +echo "$as_me:9621: result: $ac_cv_lib_crypt_crypt" >&5 echo "${ECHO_T}$ac_cv_lib_crypt_crypt" >&6 if test $ac_cv_lib_crypt_crypt = yes; then LIBS="$LIBS -lcrypt" @@ -9619,15 +9629,15 @@ ### Configure cryptographic random number support # Check wheter OpenSSL seeds itself -echo "$as_me:9622: checking whether OpenSSL's PRNG is internally seeded" >&5 +echo "$as_me:9632: checking whether OpenSSL's PRNG is internally seeded" >&5 echo $ECHO_N "checking whether OpenSSL's PRNG is internally seeded... $ECHO_C" >&6 if test "$cross_compiling" = yes; then - { { echo "$as_me:9625: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:9635: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 9630 "configure" +#line 9640 "configure" #include "confdefs.h" #include @@ -9636,19 +9646,19 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:9639: \"$ac_link\"") >&5 +if { (eval echo "$as_me:9649: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:9642: \$? = $ac_status" >&5 + echo "$as_me:9652: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:9644: \"$ac_try\"") >&5 + { (eval echo "$as_me:9654: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:9647: \$? = $ac_status" >&5 + echo "$as_me:9657: \$? = $ac_status" >&5 (exit $ac_status); }; }; then OPENSSL_SEEDS_ITSELF=yes - echo "$as_me:9651: result: yes" >&5 + echo "$as_me:9661: result: yes" >&5 echo "${ECHO_T}yes" >&6 else @@ -9656,7 +9666,7 @@ echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:9659: result: no" >&5 + echo "$as_me:9669: result: no" >&5 echo "${ECHO_T}no" >&6 # Default to use of the rand helper if OpenSSL doesn't # seed itself @@ -9676,7 +9686,7 @@ # Force use of OpenSSL's internal RNG, even if # the previous test showed it to be unseeded. if test -z "$OPENSSL_SEEDS_ITSELF" ; then - { echo "$as_me:9679: WARNING: *** Forcing use of OpenSSL's non-self-seeding PRNG" >&5 + { echo "$as_me:9689: WARNING: *** Forcing use of OpenSSL's non-self-seeding PRNG" >&5 echo "$as_me: WARNING: *** Forcing use of OpenSSL's non-self-seeding PRNG" >&2;} OPENSSL_SEEDS_ITSELF=yes USE_RAND_HELPER="" @@ -9717,7 +9727,7 @@ [0-9]*) ;; *) - { { echo "$as_me:9720: error: You must specify a numeric port number for --with-prngd-port" >&5 + { { echo "$as_me:9730: error: You must specify a numeric port number for --with-prngd-port" >&5 echo "$as_me: error: You must specify a numeric port number for --with-prngd-port" >&2;} { (exit 1); exit 1; }; } ;; @@ -9748,7 +9758,7 @@ /*) ;; *) - { { echo "$as_me:9751: error: You must specify an absolute path to the entropy socket" >&5 + { { echo "$as_me:9761: error: You must specify an absolute path to the entropy socket" >&5 echo "$as_me: error: You must specify an absolute path to the entropy socket" >&2;} { (exit 1); exit 1; }; } ;; @@ -9756,12 +9766,12 @@ if test ! -z "$withval" ; then if test ! -z "$PRNGD_PORT" ; then - { { echo "$as_me:9759: error: You may not specify both a PRNGD/EGD port and socket" >&5 + { { echo "$as_me:9769: error: You may not specify both a PRNGD/EGD port and socket" >&5 echo "$as_me: error: You may not specify both a PRNGD/EGD port and socket" >&2;} { (exit 1); exit 1; }; } fi if test ! -r "$withval" ; then - { echo "$as_me:9764: WARNING: Entropy socket is not readable" >&5 + { echo "$as_me:9774: WARNING: Entropy socket is not readable" >&5 echo "$as_me: WARNING: Entropy socket is not readable" >&2;} fi PRNGD_SOCKET="$withval" @@ -9775,7 +9785,7 @@ # Check for existing socket only if we don't have a random device already if test "$USE_RAND_HELPER" = yes ; then - echo "$as_me:9778: checking for PRNGD/EGD socket" >&5 + echo "$as_me:9788: checking for PRNGD/EGD socket" >&5 echo $ECHO_N "checking for PRNGD/EGD socket... $ECHO_C" >&6 # Insert other locations here for sock in /var/run/egd-pool /dev/egd-pool /etc/entropy; do @@ -9789,10 +9799,10 @@ fi done if test ! -z "$PRNGD_SOCKET" ; then - echo "$as_me:9792: result: $PRNGD_SOCKET" >&5 + echo "$as_me:9802: result: $PRNGD_SOCKET" >&5 echo "${ECHO_T}$PRNGD_SOCKET" >&6 else - echo "$as_me:9795: result: not found" >&5 + echo "$as_me:9805: result: not found" >&5 echo "${ECHO_T}not found" >&6 fi fi @@ -9848,7 +9858,7 @@ # Extract the first word of "ls", so it can be a program name with args. set dummy ls; ac_word=$2 -echo "$as_me:9851: checking for $ac_word" >&5 +echo "$as_me:9861: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_LS+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9865,7 +9875,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_LS="$ac_dir/$ac_word" - echo "$as_me:9868: found $ac_dir/$ac_word" >&5 + echo "$as_me:9878: found $ac_dir/$ac_word" >&5 break fi done @@ -9876,10 +9886,10 @@ PROG_LS=$ac_cv_path_PROG_LS if test -n "$PROG_LS"; then - echo "$as_me:9879: result: $PROG_LS" >&5 + echo "$as_me:9889: result: $PROG_LS" >&5 echo "${ECHO_T}$PROG_LS" >&6 else - echo "$as_me:9882: result: no" >&5 + echo "$as_me:9892: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9889,7 +9899,7 @@ # Extract the first word of "netstat", so it can be a program name with args. set dummy netstat; ac_word=$2 -echo "$as_me:9892: checking for $ac_word" >&5 +echo "$as_me:9902: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_NETSTAT+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9906,7 +9916,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_NETSTAT="$ac_dir/$ac_word" - echo "$as_me:9909: found $ac_dir/$ac_word" >&5 + echo "$as_me:9919: found $ac_dir/$ac_word" >&5 break fi done @@ -9917,10 +9927,10 @@ PROG_NETSTAT=$ac_cv_path_PROG_NETSTAT if test -n "$PROG_NETSTAT"; then - echo "$as_me:9920: result: $PROG_NETSTAT" >&5 + echo "$as_me:9930: result: $PROG_NETSTAT" >&5 echo "${ECHO_T}$PROG_NETSTAT" >&6 else - echo "$as_me:9923: result: no" >&5 + echo "$as_me:9933: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9930,7 +9940,7 @@ # Extract the first word of "arp", so it can be a program name with args. set dummy arp; ac_word=$2 -echo "$as_me:9933: checking for $ac_word" >&5 +echo "$as_me:9943: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_ARP+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9947,7 +9957,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_ARP="$ac_dir/$ac_word" - echo "$as_me:9950: found $ac_dir/$ac_word" >&5 + echo "$as_me:9960: found $ac_dir/$ac_word" >&5 break fi done @@ -9958,10 +9968,10 @@ PROG_ARP=$ac_cv_path_PROG_ARP if test -n "$PROG_ARP"; then - echo "$as_me:9961: result: $PROG_ARP" >&5 + echo "$as_me:9971: result: $PROG_ARP" >&5 echo "${ECHO_T}$PROG_ARP" >&6 else - echo "$as_me:9964: result: no" >&5 + echo "$as_me:9974: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -9971,7 +9981,7 @@ # Extract the first word of "ifconfig", so it can be a program name with args. set dummy ifconfig; ac_word=$2 -echo "$as_me:9974: checking for $ac_word" >&5 +echo "$as_me:9984: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_IFCONFIG+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -9988,7 +9998,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_IFCONFIG="$ac_dir/$ac_word" - echo "$as_me:9991: found $ac_dir/$ac_word" >&5 + echo "$as_me:10001: found $ac_dir/$ac_word" >&5 break fi done @@ -9999,10 +10009,10 @@ PROG_IFCONFIG=$ac_cv_path_PROG_IFCONFIG if test -n "$PROG_IFCONFIG"; then - echo "$as_me:10002: result: $PROG_IFCONFIG" >&5 + echo "$as_me:10012: result: $PROG_IFCONFIG" >&5 echo "${ECHO_T}$PROG_IFCONFIG" >&6 else - echo "$as_me:10005: result: no" >&5 + echo "$as_me:10015: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10012,7 +10022,7 @@ # Extract the first word of "jstat", so it can be a program name with args. set dummy jstat; ac_word=$2 -echo "$as_me:10015: checking for $ac_word" >&5 +echo "$as_me:10025: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_JSTAT+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10029,7 +10039,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_JSTAT="$ac_dir/$ac_word" - echo "$as_me:10032: found $ac_dir/$ac_word" >&5 + echo "$as_me:10042: found $ac_dir/$ac_word" >&5 break fi done @@ -10040,10 +10050,10 @@ PROG_JSTAT=$ac_cv_path_PROG_JSTAT if test -n "$PROG_JSTAT"; then - echo "$as_me:10043: result: $PROG_JSTAT" >&5 + echo "$as_me:10053: result: $PROG_JSTAT" >&5 echo "${ECHO_T}$PROG_JSTAT" >&6 else - echo "$as_me:10046: result: no" >&5 + echo "$as_me:10056: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10053,7 +10063,7 @@ # Extract the first word of "ps", so it can be a program name with args. set dummy ps; ac_word=$2 -echo "$as_me:10056: checking for $ac_word" >&5 +echo "$as_me:10066: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_PS+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10070,7 +10080,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_PS="$ac_dir/$ac_word" - echo "$as_me:10073: found $ac_dir/$ac_word" >&5 + echo "$as_me:10083: found $ac_dir/$ac_word" >&5 break fi done @@ -10081,10 +10091,10 @@ PROG_PS=$ac_cv_path_PROG_PS if test -n "$PROG_PS"; then - echo "$as_me:10084: result: $PROG_PS" >&5 + echo "$as_me:10094: result: $PROG_PS" >&5 echo "${ECHO_T}$PROG_PS" >&6 else - echo "$as_me:10087: result: no" >&5 + echo "$as_me:10097: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10094,7 +10104,7 @@ # Extract the first word of "sar", so it can be a program name with args. set dummy sar; ac_word=$2 -echo "$as_me:10097: checking for $ac_word" >&5 +echo "$as_me:10107: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_SAR+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10111,7 +10121,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_SAR="$ac_dir/$ac_word" - echo "$as_me:10114: found $ac_dir/$ac_word" >&5 + echo "$as_me:10124: found $ac_dir/$ac_word" >&5 break fi done @@ -10122,10 +10132,10 @@ PROG_SAR=$ac_cv_path_PROG_SAR if test -n "$PROG_SAR"; then - echo "$as_me:10125: result: $PROG_SAR" >&5 + echo "$as_me:10135: result: $PROG_SAR" >&5 echo "${ECHO_T}$PROG_SAR" >&6 else - echo "$as_me:10128: result: no" >&5 + echo "$as_me:10138: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10135,7 +10145,7 @@ # Extract the first word of "w", so it can be a program name with args. set dummy w; ac_word=$2 -echo "$as_me:10138: checking for $ac_word" >&5 +echo "$as_me:10148: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_W+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10152,7 +10162,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_W="$ac_dir/$ac_word" - echo "$as_me:10155: found $ac_dir/$ac_word" >&5 + echo "$as_me:10165: found $ac_dir/$ac_word" >&5 break fi done @@ -10163,10 +10173,10 @@ PROG_W=$ac_cv_path_PROG_W if test -n "$PROG_W"; then - echo "$as_me:10166: result: $PROG_W" >&5 + echo "$as_me:10176: result: $PROG_W" >&5 echo "${ECHO_T}$PROG_W" >&6 else - echo "$as_me:10169: result: no" >&5 + echo "$as_me:10179: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10176,7 +10186,7 @@ # Extract the first word of "who", so it can be a program name with args. set dummy who; ac_word=$2 -echo "$as_me:10179: checking for $ac_word" >&5 +echo "$as_me:10189: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_WHO+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10193,7 +10203,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_WHO="$ac_dir/$ac_word" - echo "$as_me:10196: found $ac_dir/$ac_word" >&5 + echo "$as_me:10206: found $ac_dir/$ac_word" >&5 break fi done @@ -10204,10 +10214,10 @@ PROG_WHO=$ac_cv_path_PROG_WHO if test -n "$PROG_WHO"; then - echo "$as_me:10207: result: $PROG_WHO" >&5 + echo "$as_me:10217: result: $PROG_WHO" >&5 echo "${ECHO_T}$PROG_WHO" >&6 else - echo "$as_me:10210: result: no" >&5 + echo "$as_me:10220: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10217,7 +10227,7 @@ # Extract the first word of "last", so it can be a program name with args. set dummy last; ac_word=$2 -echo "$as_me:10220: checking for $ac_word" >&5 +echo "$as_me:10230: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_LAST+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10234,7 +10244,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_LAST="$ac_dir/$ac_word" - echo "$as_me:10237: found $ac_dir/$ac_word" >&5 + echo "$as_me:10247: found $ac_dir/$ac_word" >&5 break fi done @@ -10245,10 +10255,10 @@ PROG_LAST=$ac_cv_path_PROG_LAST if test -n "$PROG_LAST"; then - echo "$as_me:10248: result: $PROG_LAST" >&5 + echo "$as_me:10258: result: $PROG_LAST" >&5 echo "${ECHO_T}$PROG_LAST" >&6 else - echo "$as_me:10251: result: no" >&5 + echo "$as_me:10261: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10258,7 +10268,7 @@ # Extract the first word of "lastlog", so it can be a program name with args. set dummy lastlog; ac_word=$2 -echo "$as_me:10261: checking for $ac_word" >&5 +echo "$as_me:10271: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_LASTLOG+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10275,7 +10285,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_LASTLOG="$ac_dir/$ac_word" - echo "$as_me:10278: found $ac_dir/$ac_word" >&5 + echo "$as_me:10288: found $ac_dir/$ac_word" >&5 break fi done @@ -10286,10 +10296,10 @@ PROG_LASTLOG=$ac_cv_path_PROG_LASTLOG if test -n "$PROG_LASTLOG"; then - echo "$as_me:10289: result: $PROG_LASTLOG" >&5 + echo "$as_me:10299: result: $PROG_LASTLOG" >&5 echo "${ECHO_T}$PROG_LASTLOG" >&6 else - echo "$as_me:10292: result: no" >&5 + echo "$as_me:10302: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10299,7 +10309,7 @@ # Extract the first word of "df", so it can be a program name with args. set dummy df; ac_word=$2 -echo "$as_me:10302: checking for $ac_word" >&5 +echo "$as_me:10312: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_DF+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10316,7 +10326,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_DF="$ac_dir/$ac_word" - echo "$as_me:10319: found $ac_dir/$ac_word" >&5 + echo "$as_me:10329: found $ac_dir/$ac_word" >&5 break fi done @@ -10327,10 +10337,10 @@ PROG_DF=$ac_cv_path_PROG_DF if test -n "$PROG_DF"; then - echo "$as_me:10330: result: $PROG_DF" >&5 + echo "$as_me:10340: result: $PROG_DF" >&5 echo "${ECHO_T}$PROG_DF" >&6 else - echo "$as_me:10333: result: no" >&5 + echo "$as_me:10343: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10340,7 +10350,7 @@ # Extract the first word of "vmstat", so it can be a program name with args. set dummy vmstat; ac_word=$2 -echo "$as_me:10343: checking for $ac_word" >&5 +echo "$as_me:10353: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_VMSTAT+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10357,7 +10367,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_VMSTAT="$ac_dir/$ac_word" - echo "$as_me:10360: found $ac_dir/$ac_word" >&5 + echo "$as_me:10370: found $ac_dir/$ac_word" >&5 break fi done @@ -10368,10 +10378,10 @@ PROG_VMSTAT=$ac_cv_path_PROG_VMSTAT if test -n "$PROG_VMSTAT"; then - echo "$as_me:10371: result: $PROG_VMSTAT" >&5 + echo "$as_me:10381: result: $PROG_VMSTAT" >&5 echo "${ECHO_T}$PROG_VMSTAT" >&6 else - echo "$as_me:10374: result: no" >&5 + echo "$as_me:10384: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10381,7 +10391,7 @@ # Extract the first word of "uptime", so it can be a program name with args. set dummy uptime; ac_word=$2 -echo "$as_me:10384: checking for $ac_word" >&5 +echo "$as_me:10394: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_UPTIME+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10398,7 +10408,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_UPTIME="$ac_dir/$ac_word" - echo "$as_me:10401: found $ac_dir/$ac_word" >&5 + echo "$as_me:10411: found $ac_dir/$ac_word" >&5 break fi done @@ -10409,10 +10419,10 @@ PROG_UPTIME=$ac_cv_path_PROG_UPTIME if test -n "$PROG_UPTIME"; then - echo "$as_me:10412: result: $PROG_UPTIME" >&5 + echo "$as_me:10422: result: $PROG_UPTIME" >&5 echo "${ECHO_T}$PROG_UPTIME" >&6 else - echo "$as_me:10415: result: no" >&5 + echo "$as_me:10425: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10422,7 +10432,7 @@ # Extract the first word of "ipcs", so it can be a program name with args. set dummy ipcs; ac_word=$2 -echo "$as_me:10425: checking for $ac_word" >&5 +echo "$as_me:10435: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_IPCS+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10439,7 +10449,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_IPCS="$ac_dir/$ac_word" - echo "$as_me:10442: found $ac_dir/$ac_word" >&5 + echo "$as_me:10452: found $ac_dir/$ac_word" >&5 break fi done @@ -10450,10 +10460,10 @@ PROG_IPCS=$ac_cv_path_PROG_IPCS if test -n "$PROG_IPCS"; then - echo "$as_me:10453: result: $PROG_IPCS" >&5 + echo "$as_me:10463: result: $PROG_IPCS" >&5 echo "${ECHO_T}$PROG_IPCS" >&6 else - echo "$as_me:10456: result: no" >&5 + echo "$as_me:10466: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10463,7 +10473,7 @@ # Extract the first word of "tail", so it can be a program name with args. set dummy tail; ac_word=$2 -echo "$as_me:10466: checking for $ac_word" >&5 +echo "$as_me:10476: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_PROG_TAIL+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10480,7 +10490,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_PROG_TAIL="$ac_dir/$ac_word" - echo "$as_me:10483: found $ac_dir/$ac_word" >&5 + echo "$as_me:10493: found $ac_dir/$ac_word" >&5 break fi done @@ -10491,10 +10501,10 @@ PROG_TAIL=$ac_cv_path_PROG_TAIL if test -n "$PROG_TAIL"; then - echo "$as_me:10494: result: $PROG_TAIL" >&5 + echo "$as_me:10504: result: $PROG_TAIL" >&5 echo "${ECHO_T}$PROG_TAIL" >&6 else - echo "$as_me:10497: result: no" >&5 + echo "$as_me:10507: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -10525,13 +10535,13 @@ fi # Checks for data types -echo "$as_me:10528: checking for char" >&5 +echo "$as_me:10538: checking for char" >&5 echo $ECHO_N "checking for char... $ECHO_C" >&6 if test "${ac_cv_type_char+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 10534 "configure" +#line 10544 "configure" #include "confdefs.h" $ac_includes_default int @@ -10546,16 +10556,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10549: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10559: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10552: \$? = $ac_status" >&5 + echo "$as_me:10562: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10555: \"$ac_try\"") >&5 + { (eval echo "$as_me:10565: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10558: \$? = $ac_status" >&5 + echo "$as_me:10568: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_char=yes else @@ -10565,10 +10575,10 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:10568: result: $ac_cv_type_char" >&5 +echo "$as_me:10578: result: $ac_cv_type_char" >&5 echo "${ECHO_T}$ac_cv_type_char" >&6 -echo "$as_me:10571: checking size of char" >&5 +echo "$as_me:10581: checking size of char" >&5 echo $ECHO_N "checking size of char... $ECHO_C" >&6 if test "${ac_cv_sizeof_char+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10577,7 +10587,7 @@ if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat >conftest.$ac_ext <<_ACEOF -#line 10580 "configure" +#line 10590 "configure" #include "confdefs.h" $ac_includes_default int @@ -10589,21 +10599,21 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10592: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10602: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10595: \$? = $ac_status" >&5 + echo "$as_me:10605: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10598: \"$ac_try\"") >&5 + { (eval echo "$as_me:10608: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10601: \$? = $ac_status" >&5 + echo "$as_me:10611: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=0 ac_mid=0 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 10606 "configure" +#line 10616 "configure" #include "confdefs.h" $ac_includes_default int @@ -10615,16 +10625,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10618: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10628: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10621: \$? = $ac_status" >&5 + echo "$as_me:10631: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10624: \"$ac_try\"") >&5 + { (eval echo "$as_me:10634: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10627: \$? = $ac_status" >&5 + echo "$as_me:10637: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid; break else @@ -10640,7 +10650,7 @@ ac_hi=-1 ac_mid=-1 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 10643 "configure" +#line 10653 "configure" #include "confdefs.h" $ac_includes_default int @@ -10652,16 +10662,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10655: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10665: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10658: \$? = $ac_status" >&5 + echo "$as_me:10668: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10661: \"$ac_try\"") >&5 + { (eval echo "$as_me:10671: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10664: \$? = $ac_status" >&5 + echo "$as_me:10674: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=$ac_mid; break else @@ -10677,7 +10687,7 @@ while test "x$ac_lo" != "x$ac_hi"; do ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` cat >conftest.$ac_ext <<_ACEOF -#line 10680 "configure" +#line 10690 "configure" #include "confdefs.h" $ac_includes_default int @@ -10689,16 +10699,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10692: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10702: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10695: \$? = $ac_status" >&5 + echo "$as_me:10705: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10698: \"$ac_try\"") >&5 + { (eval echo "$as_me:10708: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10701: \$? = $ac_status" >&5 + echo "$as_me:10711: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid else @@ -10711,12 +10721,12 @@ ac_cv_sizeof_char=$ac_lo else if test "$cross_compiling" = yes; then - { { echo "$as_me:10714: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:10724: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 10719 "configure" +#line 10729 "configure" #include "confdefs.h" $ac_includes_default int @@ -10732,15 +10742,15 @@ } _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:10735: \"$ac_link\"") >&5 +if { (eval echo "$as_me:10745: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:10738: \$? = $ac_status" >&5 + echo "$as_me:10748: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:10740: \"$ac_try\"") >&5 + { (eval echo "$as_me:10750: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10743: \$? = $ac_status" >&5 + echo "$as_me:10753: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sizeof_char=`cat conftest.val` else @@ -10756,19 +10766,19 @@ ac_cv_sizeof_char=0 fi fi -echo "$as_me:10759: result: $ac_cv_sizeof_char" >&5 +echo "$as_me:10769: result: $ac_cv_sizeof_char" >&5 echo "${ECHO_T}$ac_cv_sizeof_char" >&6 cat >>confdefs.h <&5 +echo "$as_me:10775: checking for short int" >&5 echo $ECHO_N "checking for short int... $ECHO_C" >&6 if test "${ac_cv_type_short_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 10771 "configure" +#line 10781 "configure" #include "confdefs.h" $ac_includes_default int @@ -10783,16 +10793,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10786: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10796: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10789: \$? = $ac_status" >&5 + echo "$as_me:10799: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10792: \"$ac_try\"") >&5 + { (eval echo "$as_me:10802: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10795: \$? = $ac_status" >&5 + echo "$as_me:10805: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_short_int=yes else @@ -10802,10 +10812,10 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:10805: result: $ac_cv_type_short_int" >&5 +echo "$as_me:10815: result: $ac_cv_type_short_int" >&5 echo "${ECHO_T}$ac_cv_type_short_int" >&6 -echo "$as_me:10808: checking size of short int" >&5 +echo "$as_me:10818: checking size of short int" >&5 echo $ECHO_N "checking size of short int... $ECHO_C" >&6 if test "${ac_cv_sizeof_short_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -10814,7 +10824,7 @@ if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat >conftest.$ac_ext <<_ACEOF -#line 10817 "configure" +#line 10827 "configure" #include "confdefs.h" $ac_includes_default int @@ -10826,21 +10836,21 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10829: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10839: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10832: \$? = $ac_status" >&5 + echo "$as_me:10842: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10835: \"$ac_try\"") >&5 + { (eval echo "$as_me:10845: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10838: \$? = $ac_status" >&5 + echo "$as_me:10848: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=0 ac_mid=0 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 10843 "configure" +#line 10853 "configure" #include "confdefs.h" $ac_includes_default int @@ -10852,16 +10862,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10855: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10865: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10858: \$? = $ac_status" >&5 + echo "$as_me:10868: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10861: \"$ac_try\"") >&5 + { (eval echo "$as_me:10871: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10864: \$? = $ac_status" >&5 + echo "$as_me:10874: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid; break else @@ -10877,7 +10887,7 @@ ac_hi=-1 ac_mid=-1 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 10880 "configure" +#line 10890 "configure" #include "confdefs.h" $ac_includes_default int @@ -10889,16 +10899,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10892: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10902: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10895: \$? = $ac_status" >&5 + echo "$as_me:10905: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10898: \"$ac_try\"") >&5 + { (eval echo "$as_me:10908: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10901: \$? = $ac_status" >&5 + echo "$as_me:10911: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=$ac_mid; break else @@ -10914,7 +10924,7 @@ while test "x$ac_lo" != "x$ac_hi"; do ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` cat >conftest.$ac_ext <<_ACEOF -#line 10917 "configure" +#line 10927 "configure" #include "confdefs.h" $ac_includes_default int @@ -10926,16 +10936,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:10929: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:10939: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:10932: \$? = $ac_status" >&5 + echo "$as_me:10942: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:10935: \"$ac_try\"") >&5 + { (eval echo "$as_me:10945: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10938: \$? = $ac_status" >&5 + echo "$as_me:10948: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid else @@ -10948,12 +10958,12 @@ ac_cv_sizeof_short_int=$ac_lo else if test "$cross_compiling" = yes; then - { { echo "$as_me:10951: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:10961: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 10956 "configure" +#line 10966 "configure" #include "confdefs.h" $ac_includes_default int @@ -10969,15 +10979,15 @@ } _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:10972: \"$ac_link\"") >&5 +if { (eval echo "$as_me:10982: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:10975: \$? = $ac_status" >&5 + echo "$as_me:10985: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:10977: \"$ac_try\"") >&5 + { (eval echo "$as_me:10987: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:10980: \$? = $ac_status" >&5 + echo "$as_me:10990: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sizeof_short_int=`cat conftest.val` else @@ -10993,19 +11003,19 @@ ac_cv_sizeof_short_int=0 fi fi -echo "$as_me:10996: result: $ac_cv_sizeof_short_int" >&5 +echo "$as_me:11006: result: $ac_cv_sizeof_short_int" >&5 echo "${ECHO_T}$ac_cv_sizeof_short_int" >&6 cat >>confdefs.h <&5 +echo "$as_me:11012: checking for int" >&5 echo $ECHO_N "checking for int... $ECHO_C" >&6 if test "${ac_cv_type_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11008 "configure" +#line 11018 "configure" #include "confdefs.h" $ac_includes_default int @@ -11020,16 +11030,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11023: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11033: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11026: \$? = $ac_status" >&5 + echo "$as_me:11036: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11029: \"$ac_try\"") >&5 + { (eval echo "$as_me:11039: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11032: \$? = $ac_status" >&5 + echo "$as_me:11042: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_int=yes else @@ -11039,10 +11049,10 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11042: result: $ac_cv_type_int" >&5 +echo "$as_me:11052: result: $ac_cv_type_int" >&5 echo "${ECHO_T}$ac_cv_type_int" >&6 -echo "$as_me:11045: checking size of int" >&5 +echo "$as_me:11055: checking size of int" >&5 echo $ECHO_N "checking size of int... $ECHO_C" >&6 if test "${ac_cv_sizeof_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -11051,7 +11061,7 @@ if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat >conftest.$ac_ext <<_ACEOF -#line 11054 "configure" +#line 11064 "configure" #include "confdefs.h" $ac_includes_default int @@ -11063,21 +11073,21 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11066: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11076: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11069: \$? = $ac_status" >&5 + echo "$as_me:11079: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11072: \"$ac_try\"") >&5 + { (eval echo "$as_me:11082: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11075: \$? = $ac_status" >&5 + echo "$as_me:11085: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=0 ac_mid=0 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 11080 "configure" +#line 11090 "configure" #include "confdefs.h" $ac_includes_default int @@ -11089,16 +11099,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11092: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11102: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11095: \$? = $ac_status" >&5 + echo "$as_me:11105: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11098: \"$ac_try\"") >&5 + { (eval echo "$as_me:11108: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11101: \$? = $ac_status" >&5 + echo "$as_me:11111: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid; break else @@ -11114,7 +11124,7 @@ ac_hi=-1 ac_mid=-1 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 11117 "configure" +#line 11127 "configure" #include "confdefs.h" $ac_includes_default int @@ -11126,16 +11136,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11129: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11139: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11132: \$? = $ac_status" >&5 + echo "$as_me:11142: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11135: \"$ac_try\"") >&5 + { (eval echo "$as_me:11145: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11138: \$? = $ac_status" >&5 + echo "$as_me:11148: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=$ac_mid; break else @@ -11151,7 +11161,7 @@ while test "x$ac_lo" != "x$ac_hi"; do ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` cat >conftest.$ac_ext <<_ACEOF -#line 11154 "configure" +#line 11164 "configure" #include "confdefs.h" $ac_includes_default int @@ -11163,16 +11173,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11166: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11176: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11169: \$? = $ac_status" >&5 + echo "$as_me:11179: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11172: \"$ac_try\"") >&5 + { (eval echo "$as_me:11182: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11175: \$? = $ac_status" >&5 + echo "$as_me:11185: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid else @@ -11185,12 +11195,12 @@ ac_cv_sizeof_int=$ac_lo else if test "$cross_compiling" = yes; then - { { echo "$as_me:11188: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:11198: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 11193 "configure" +#line 11203 "configure" #include "confdefs.h" $ac_includes_default int @@ -11206,15 +11216,15 @@ } _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:11209: \"$ac_link\"") >&5 +if { (eval echo "$as_me:11219: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:11212: \$? = $ac_status" >&5 + echo "$as_me:11222: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:11214: \"$ac_try\"") >&5 + { (eval echo "$as_me:11224: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11217: \$? = $ac_status" >&5 + echo "$as_me:11227: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sizeof_int=`cat conftest.val` else @@ -11230,19 +11240,19 @@ ac_cv_sizeof_int=0 fi fi -echo "$as_me:11233: result: $ac_cv_sizeof_int" >&5 +echo "$as_me:11243: result: $ac_cv_sizeof_int" >&5 echo "${ECHO_T}$ac_cv_sizeof_int" >&6 cat >>confdefs.h <&5 +echo "$as_me:11249: checking for long int" >&5 echo $ECHO_N "checking for long int... $ECHO_C" >&6 if test "${ac_cv_type_long_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11245 "configure" +#line 11255 "configure" #include "confdefs.h" $ac_includes_default int @@ -11257,16 +11267,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11260: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11270: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11263: \$? = $ac_status" >&5 + echo "$as_me:11273: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11266: \"$ac_try\"") >&5 + { (eval echo "$as_me:11276: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11269: \$? = $ac_status" >&5 + echo "$as_me:11279: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_long_int=yes else @@ -11276,10 +11286,10 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11279: result: $ac_cv_type_long_int" >&5 +echo "$as_me:11289: result: $ac_cv_type_long_int" >&5 echo "${ECHO_T}$ac_cv_type_long_int" >&6 -echo "$as_me:11282: checking size of long int" >&5 +echo "$as_me:11292: checking size of long int" >&5 echo $ECHO_N "checking size of long int... $ECHO_C" >&6 if test "${ac_cv_sizeof_long_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -11288,7 +11298,7 @@ if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat >conftest.$ac_ext <<_ACEOF -#line 11291 "configure" +#line 11301 "configure" #include "confdefs.h" $ac_includes_default int @@ -11300,21 +11310,21 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11303: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11313: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11306: \$? = $ac_status" >&5 + echo "$as_me:11316: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11309: \"$ac_try\"") >&5 + { (eval echo "$as_me:11319: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11312: \$? = $ac_status" >&5 + echo "$as_me:11322: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=0 ac_mid=0 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 11317 "configure" +#line 11327 "configure" #include "confdefs.h" $ac_includes_default int @@ -11326,16 +11336,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11329: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11339: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11332: \$? = $ac_status" >&5 + echo "$as_me:11342: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11335: \"$ac_try\"") >&5 + { (eval echo "$as_me:11345: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11338: \$? = $ac_status" >&5 + echo "$as_me:11348: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid; break else @@ -11351,7 +11361,7 @@ ac_hi=-1 ac_mid=-1 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 11354 "configure" +#line 11364 "configure" #include "confdefs.h" $ac_includes_default int @@ -11363,16 +11373,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11366: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11376: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11369: \$? = $ac_status" >&5 + echo "$as_me:11379: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11372: \"$ac_try\"") >&5 + { (eval echo "$as_me:11382: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11375: \$? = $ac_status" >&5 + echo "$as_me:11385: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=$ac_mid; break else @@ -11388,7 +11398,7 @@ while test "x$ac_lo" != "x$ac_hi"; do ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` cat >conftest.$ac_ext <<_ACEOF -#line 11391 "configure" +#line 11401 "configure" #include "confdefs.h" $ac_includes_default int @@ -11400,16 +11410,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11403: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11413: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11406: \$? = $ac_status" >&5 + echo "$as_me:11416: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11409: \"$ac_try\"") >&5 + { (eval echo "$as_me:11419: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11412: \$? = $ac_status" >&5 + echo "$as_me:11422: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid else @@ -11422,12 +11432,12 @@ ac_cv_sizeof_long_int=$ac_lo else if test "$cross_compiling" = yes; then - { { echo "$as_me:11425: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:11435: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 11430 "configure" +#line 11440 "configure" #include "confdefs.h" $ac_includes_default int @@ -11443,15 +11453,15 @@ } _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:11446: \"$ac_link\"") >&5 +if { (eval echo "$as_me:11456: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:11449: \$? = $ac_status" >&5 + echo "$as_me:11459: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:11451: \"$ac_try\"") >&5 + { (eval echo "$as_me:11461: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11454: \$? = $ac_status" >&5 + echo "$as_me:11464: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sizeof_long_int=`cat conftest.val` else @@ -11467,19 +11477,19 @@ ac_cv_sizeof_long_int=0 fi fi -echo "$as_me:11470: result: $ac_cv_sizeof_long_int" >&5 +echo "$as_me:11480: result: $ac_cv_sizeof_long_int" >&5 echo "${ECHO_T}$ac_cv_sizeof_long_int" >&6 cat >>confdefs.h <&5 +echo "$as_me:11486: checking for long long int" >&5 echo $ECHO_N "checking for long long int... $ECHO_C" >&6 if test "${ac_cv_type_long_long_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11482 "configure" +#line 11492 "configure" #include "confdefs.h" $ac_includes_default int @@ -11494,16 +11504,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11497: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11507: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11500: \$? = $ac_status" >&5 + echo "$as_me:11510: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11503: \"$ac_try\"") >&5 + { (eval echo "$as_me:11513: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11506: \$? = $ac_status" >&5 + echo "$as_me:11516: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_long_long_int=yes else @@ -11513,10 +11523,10 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11516: result: $ac_cv_type_long_long_int" >&5 +echo "$as_me:11526: result: $ac_cv_type_long_long_int" >&5 echo "${ECHO_T}$ac_cv_type_long_long_int" >&6 -echo "$as_me:11519: checking size of long long int" >&5 +echo "$as_me:11529: checking size of long long int" >&5 echo $ECHO_N "checking size of long long int... $ECHO_C" >&6 if test "${ac_cv_sizeof_long_long_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -11525,7 +11535,7 @@ if test "$cross_compiling" = yes; then # Depending upon the size, compute the lo and hi bounds. cat >conftest.$ac_ext <<_ACEOF -#line 11528 "configure" +#line 11538 "configure" #include "confdefs.h" $ac_includes_default int @@ -11537,21 +11547,21 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11540: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11550: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11543: \$? = $ac_status" >&5 + echo "$as_me:11553: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11546: \"$ac_try\"") >&5 + { (eval echo "$as_me:11556: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11549: \$? = $ac_status" >&5 + echo "$as_me:11559: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=0 ac_mid=0 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 11554 "configure" +#line 11564 "configure" #include "confdefs.h" $ac_includes_default int @@ -11563,16 +11573,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11566: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11576: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11569: \$? = $ac_status" >&5 + echo "$as_me:11579: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11572: \"$ac_try\"") >&5 + { (eval echo "$as_me:11582: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11575: \$? = $ac_status" >&5 + echo "$as_me:11585: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid; break else @@ -11588,7 +11598,7 @@ ac_hi=-1 ac_mid=-1 while :; do cat >conftest.$ac_ext <<_ACEOF -#line 11591 "configure" +#line 11601 "configure" #include "confdefs.h" $ac_includes_default int @@ -11600,16 +11610,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11603: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11613: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11606: \$? = $ac_status" >&5 + echo "$as_me:11616: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11609: \"$ac_try\"") >&5 + { (eval echo "$as_me:11619: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11612: \$? = $ac_status" >&5 + echo "$as_me:11622: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_lo=$ac_mid; break else @@ -11625,7 +11635,7 @@ while test "x$ac_lo" != "x$ac_hi"; do ac_mid=`expr '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo` cat >conftest.$ac_ext <<_ACEOF -#line 11628 "configure" +#line 11638 "configure" #include "confdefs.h" $ac_includes_default int @@ -11637,16 +11647,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11640: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11650: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11643: \$? = $ac_status" >&5 + echo "$as_me:11653: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11646: \"$ac_try\"") >&5 + { (eval echo "$as_me:11656: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11649: \$? = $ac_status" >&5 + echo "$as_me:11659: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_hi=$ac_mid else @@ -11659,12 +11669,12 @@ ac_cv_sizeof_long_long_int=$ac_lo else if test "$cross_compiling" = yes; then - { { echo "$as_me:11662: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:11672: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 11667 "configure" +#line 11677 "configure" #include "confdefs.h" $ac_includes_default int @@ -11680,15 +11690,15 @@ } _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:11683: \"$ac_link\"") >&5 +if { (eval echo "$as_me:11693: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:11686: \$? = $ac_status" >&5 + echo "$as_me:11696: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:11688: \"$ac_try\"") >&5 + { (eval echo "$as_me:11698: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11691: \$? = $ac_status" >&5 + echo "$as_me:11701: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_sizeof_long_long_int=`cat conftest.val` else @@ -11704,7 +11714,7 @@ ac_cv_sizeof_long_long_int=0 fi fi -echo "$as_me:11707: result: $ac_cv_sizeof_long_long_int" >&5 +echo "$as_me:11717: result: $ac_cv_sizeof_long_long_int" >&5 echo "${ECHO_T}$ac_cv_sizeof_long_long_int" >&6 cat >>confdefs.h <&5 +echo "$as_me:11729: checking for u_int type" >&5 echo $ECHO_N "checking for u_int type... $ECHO_C" >&6 if test "${ac_cv_have_u_int+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11726 "configure" +#line 11736 "configure" #include "confdefs.h" #include int @@ -11735,16 +11745,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11738: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11748: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11741: \$? = $ac_status" >&5 + echo "$as_me:11751: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11744: \"$ac_try\"") >&5 + { (eval echo "$as_me:11754: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11747: \$? = $ac_status" >&5 + echo "$as_me:11757: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_u_int="yes" else @@ -11756,7 +11766,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11759: result: $ac_cv_have_u_int" >&5 +echo "$as_me:11769: result: $ac_cv_have_u_int" >&5 echo "${ECHO_T}$ac_cv_have_u_int" >&6 if test "x$ac_cv_have_u_int" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -11766,14 +11776,14 @@ have_u_int=1 fi -echo "$as_me:11769: checking for intXX_t types" >&5 +echo "$as_me:11779: checking for intXX_t types" >&5 echo $ECHO_N "checking for intXX_t types... $ECHO_C" >&6 if test "${ac_cv_have_intxx_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11776 "configure" +#line 11786 "configure" #include "confdefs.h" #include int @@ -11785,16 +11795,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11788: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11798: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11791: \$? = $ac_status" >&5 + echo "$as_me:11801: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11794: \"$ac_try\"") >&5 + { (eval echo "$as_me:11804: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11797: \$? = $ac_status" >&5 + echo "$as_me:11807: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_intxx_t="yes" else @@ -11806,7 +11816,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11809: result: $ac_cv_have_intxx_t" >&5 +echo "$as_me:11819: result: $ac_cv_have_intxx_t" >&5 echo "${ECHO_T}$ac_cv_have_intxx_t" >&6 if test "x$ac_cv_have_intxx_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -11819,10 +11829,10 @@ if (test -z "$have_intxx_t" && \ test "x$ac_cv_header_stdint_h" = "xyes") then - echo "$as_me:11822: checking for intXX_t types in stdint.h" >&5 + echo "$as_me:11832: checking for intXX_t types in stdint.h" >&5 echo $ECHO_N "checking for intXX_t types in stdint.h... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 11825 "configure" +#line 11835 "configure" #include "confdefs.h" #include int @@ -11834,43 +11844,43 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11837: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11847: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11840: \$? = $ac_status" >&5 + echo "$as_me:11850: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11843: \"$ac_try\"") >&5 + { (eval echo "$as_me:11853: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11846: \$? = $ac_status" >&5 + echo "$as_me:11856: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF #define HAVE_INTXX_T 1 EOF - echo "$as_me:11853: result: yes" >&5 + echo "$as_me:11863: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:11859: result: no" >&5 + echo "$as_me:11869: result: no" >&5 echo "${ECHO_T}no" >&6 fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11866: checking for int64_t type" >&5 +echo "$as_me:11876: checking for int64_t type" >&5 echo $ECHO_N "checking for int64_t type... $ECHO_C" >&6 if test "${ac_cv_have_int64_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11873 "configure" +#line 11883 "configure" #include "confdefs.h" #include @@ -11891,16 +11901,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11894: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11904: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11897: \$? = $ac_status" >&5 + echo "$as_me:11907: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11900: \"$ac_try\"") >&5 + { (eval echo "$as_me:11910: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11903: \$? = $ac_status" >&5 + echo "$as_me:11913: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_int64_t="yes" else @@ -11912,7 +11922,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11915: result: $ac_cv_have_int64_t" >&5 +echo "$as_me:11925: result: $ac_cv_have_int64_t" >&5 echo "${ECHO_T}$ac_cv_have_int64_t" >&6 if test "x$ac_cv_have_int64_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -11921,14 +11931,14 @@ fi -echo "$as_me:11924: checking for u_intXX_t types" >&5 +echo "$as_me:11934: checking for u_intXX_t types" >&5 echo $ECHO_N "checking for u_intXX_t types... $ECHO_C" >&6 if test "${ac_cv_have_u_intxx_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 11931 "configure" +#line 11941 "configure" #include "confdefs.h" #include int @@ -11940,16 +11950,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11943: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:11953: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11946: \$? = $ac_status" >&5 + echo "$as_me:11956: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11949: \"$ac_try\"") >&5 + { (eval echo "$as_me:11959: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11952: \$? = $ac_status" >&5 + echo "$as_me:11962: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_u_intxx_t="yes" else @@ -11961,7 +11971,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:11964: result: $ac_cv_have_u_intxx_t" >&5 +echo "$as_me:11974: result: $ac_cv_have_u_intxx_t" >&5 echo "${ECHO_T}$ac_cv_have_u_intxx_t" >&6 if test "x$ac_cv_have_u_intxx_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -11972,10 +11982,10 @@ fi if test -z "$have_u_intxx_t" ; then - echo "$as_me:11975: checking for u_intXX_t types in sys/socket.h" >&5 + echo "$as_me:11985: checking for u_intXX_t types in sys/socket.h" >&5 echo $ECHO_N "checking for u_intXX_t types in sys/socket.h... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 11978 "configure" +#line 11988 "configure" #include "confdefs.h" #include int @@ -11987,43 +11997,43 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:11990: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12000: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:11993: \$? = $ac_status" >&5 + echo "$as_me:12003: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:11996: \"$ac_try\"") >&5 + { (eval echo "$as_me:12006: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:11999: \$? = $ac_status" >&5 + echo "$as_me:12009: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF #define HAVE_U_INTXX_T 1 EOF - echo "$as_me:12006: result: yes" >&5 + echo "$as_me:12016: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:12012: result: no" >&5 + echo "$as_me:12022: result: no" >&5 echo "${ECHO_T}no" >&6 fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12019: checking for u_int64_t types" >&5 +echo "$as_me:12029: checking for u_int64_t types" >&5 echo $ECHO_N "checking for u_int64_t types... $ECHO_C" >&6 if test "${ac_cv_have_u_int64_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12026 "configure" +#line 12036 "configure" #include "confdefs.h" #include int @@ -12035,16 +12045,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12038: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12048: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12041: \$? = $ac_status" >&5 + echo "$as_me:12051: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12044: \"$ac_try\"") >&5 + { (eval echo "$as_me:12054: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12047: \$? = $ac_status" >&5 + echo "$as_me:12057: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_u_int64_t="yes" else @@ -12056,7 +12066,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12059: result: $ac_cv_have_u_int64_t" >&5 +echo "$as_me:12069: result: $ac_cv_have_u_int64_t" >&5 echo "${ECHO_T}$ac_cv_have_u_int64_t" >&6 if test "x$ac_cv_have_u_int64_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12067,10 +12077,10 @@ fi if test -z "$have_u_int64_t" ; then - echo "$as_me:12070: checking for u_int64_t type in sys/bitypes.h" >&5 + echo "$as_me:12080: checking for u_int64_t type in sys/bitypes.h" >&5 echo $ECHO_N "checking for u_int64_t type in sys/bitypes.h... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 12073 "configure" +#line 12083 "configure" #include "confdefs.h" #include int @@ -12082,29 +12092,29 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12085: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12095: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12088: \$? = $ac_status" >&5 + echo "$as_me:12098: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12091: \"$ac_try\"") >&5 + { (eval echo "$as_me:12101: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12094: \$? = $ac_status" >&5 + echo "$as_me:12104: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF #define HAVE_U_INT64_T 1 EOF - echo "$as_me:12101: result: yes" >&5 + echo "$as_me:12111: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:12107: result: no" >&5 + echo "$as_me:12117: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -12112,14 +12122,14 @@ fi if test -z "$have_u_intxx_t" ; then - echo "$as_me:12115: checking for uintXX_t types" >&5 + echo "$as_me:12125: checking for uintXX_t types" >&5 echo $ECHO_N "checking for uintXX_t types... $ECHO_C" >&6 if test "${ac_cv_have_uintxx_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12122 "configure" +#line 12132 "configure" #include "confdefs.h" #include @@ -12133,16 +12143,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12136: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12146: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12139: \$? = $ac_status" >&5 + echo "$as_me:12149: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12142: \"$ac_try\"") >&5 + { (eval echo "$as_me:12152: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12145: \$? = $ac_status" >&5 + echo "$as_me:12155: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_uintxx_t="yes" else @@ -12154,7 +12164,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12157: result: $ac_cv_have_uintxx_t" >&5 +echo "$as_me:12167: result: $ac_cv_have_uintxx_t" >&5 echo "${ECHO_T}$ac_cv_have_uintxx_t" >&6 if test "x$ac_cv_have_uintxx_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12165,10 +12175,10 @@ fi if test -z "$have_uintxx_t" ; then - echo "$as_me:12168: checking for uintXX_t types in stdint.h" >&5 + echo "$as_me:12178: checking for uintXX_t types in stdint.h" >&5 echo $ECHO_N "checking for uintXX_t types in stdint.h... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 12171 "configure" +#line 12181 "configure" #include "confdefs.h" #include int @@ -12180,29 +12190,29 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12183: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12193: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12186: \$? = $ac_status" >&5 + echo "$as_me:12196: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12189: \"$ac_try\"") >&5 + { (eval echo "$as_me:12199: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12192: \$? = $ac_status" >&5 + echo "$as_me:12202: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF #define HAVE_UINTXX_T 1 EOF - echo "$as_me:12199: result: yes" >&5 + echo "$as_me:12209: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:12205: result: no" >&5 + echo "$as_me:12215: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -12212,10 +12222,10 @@ if (test -z "$have_u_intxx_t" || test -z "$have_intxx_t" && \ test "x$ac_cv_header_sys_bitypes_h" = "xyes") then - echo "$as_me:12215: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 + echo "$as_me:12225: checking for intXX_t and u_intXX_t types in sys/bitypes.h" >&5 echo $ECHO_N "checking for intXX_t and u_intXX_t types in sys/bitypes.h... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 12218 "configure" +#line 12228 "configure" #include "confdefs.h" #include @@ -12233,16 +12243,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12236: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12246: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12239: \$? = $ac_status" >&5 + echo "$as_me:12249: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12242: \"$ac_try\"") >&5 + { (eval echo "$as_me:12252: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12245: \$? = $ac_status" >&5 + echo "$as_me:12255: \$? = $ac_status" >&5 (exit $ac_status); }; }; then cat >>confdefs.h <<\EOF @@ -12253,27 +12263,27 @@ #define HAVE_INTXX_T 1 EOF - echo "$as_me:12256: result: yes" >&5 + echo "$as_me:12266: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 -echo "$as_me:12262: result: no" >&5 +echo "$as_me:12272: result: no" >&5 echo "${ECHO_T}no" >&6 fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12269: checking for u_char" >&5 +echo "$as_me:12279: checking for u_char" >&5 echo $ECHO_N "checking for u_char... $ECHO_C" >&6 if test "${ac_cv_have_u_char+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12276 "configure" +#line 12286 "configure" #include "confdefs.h" #include @@ -12287,16 +12297,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12290: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12300: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12293: \$? = $ac_status" >&5 + echo "$as_me:12303: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12296: \"$ac_try\"") >&5 + { (eval echo "$as_me:12306: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12299: \$? = $ac_status" >&5 + echo "$as_me:12309: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_u_char="yes" else @@ -12308,7 +12318,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12311: result: $ac_cv_have_u_char" >&5 +echo "$as_me:12321: result: $ac_cv_have_u_char" >&5 echo "${ECHO_T}$ac_cv_have_u_char" >&6 if test "x$ac_cv_have_u_char" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12317,13 +12327,13 @@ fi - echo "$as_me:12320: checking for socklen_t" >&5 + echo "$as_me:12330: checking for socklen_t" >&5 echo $ECHO_N "checking for socklen_t... $ECHO_C" >&6 if test "${ac_cv_type_socklen_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12326 "configure" +#line 12336 "configure" #include "confdefs.h" #include #include @@ -12340,16 +12350,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12343: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12353: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12346: \$? = $ac_status" >&5 + echo "$as_me:12356: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12349: \"$ac_try\"") >&5 + { (eval echo "$as_me:12359: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12352: \$? = $ac_status" >&5 + echo "$as_me:12362: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_socklen_t=yes else @@ -12359,13 +12369,13 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12362: result: $ac_cv_type_socklen_t" >&5 +echo "$as_me:12372: result: $ac_cv_type_socklen_t" >&5 echo "${ECHO_T}$ac_cv_type_socklen_t" >&6 if test $ac_cv_type_socklen_t = yes; then : else - echo "$as_me:12368: checking for socklen_t equivalent" >&5 + echo "$as_me:12378: checking for socklen_t equivalent" >&5 echo $ECHO_N "checking for socklen_t equivalent... $ECHO_C" >&6 if test "${curl_cv_socklen_t_equiv+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -12377,7 +12387,7 @@ for arg2 in "struct sockaddr" void; do for t in int size_t unsigned long "unsigned long"; do cat >conftest.$ac_ext <<_ACEOF -#line 12380 "configure" +#line 12390 "configure" #include "confdefs.h" #include @@ -12397,16 +12407,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12400: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12410: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12403: \$? = $ac_status" >&5 + echo "$as_me:12413: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12406: \"$ac_try\"") >&5 + { (eval echo "$as_me:12416: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12409: \$? = $ac_status" >&5 + echo "$as_me:12419: \$? = $ac_status" >&5 (exit $ac_status); }; }; then curl_cv_socklen_t_equiv="$t" @@ -12421,14 +12431,14 @@ done if test "x$curl_cv_socklen_t_equiv" = x; then - { { echo "$as_me:12424: error: Cannot find a type to use in place of socklen_t" >&5 + { { echo "$as_me:12434: error: Cannot find a type to use in place of socklen_t" >&5 echo "$as_me: error: Cannot find a type to use in place of socklen_t" >&2;} { (exit 1); exit 1; }; } fi fi - echo "$as_me:12431: result: $curl_cv_socklen_t_equiv" >&5 + echo "$as_me:12441: result: $curl_cv_socklen_t_equiv" >&5 echo "${ECHO_T}$curl_cv_socklen_t_equiv" >&6 cat >>confdefs.h <&5 +echo "$as_me:12450: checking for sig_atomic_t" >&5 echo $ECHO_N "checking for sig_atomic_t... $ECHO_C" >&6 if test "${ac_cv_type_sig_atomic_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12446 "configure" +#line 12456 "configure" #include "confdefs.h" #include @@ -12459,16 +12469,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12462: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12472: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12465: \$? = $ac_status" >&5 + echo "$as_me:12475: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12468: \"$ac_try\"") >&5 + { (eval echo "$as_me:12478: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12471: \$? = $ac_status" >&5 + echo "$as_me:12481: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_sig_atomic_t=yes else @@ -12478,7 +12488,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12481: result: $ac_cv_type_sig_atomic_t" >&5 +echo "$as_me:12491: result: $ac_cv_type_sig_atomic_t" >&5 echo "${ECHO_T}$ac_cv_type_sig_atomic_t" >&6 if test $ac_cv_type_sig_atomic_t = yes; then @@ -12488,14 +12498,14 @@ fi -echo "$as_me:12491: checking for size_t" >&5 +echo "$as_me:12501: checking for size_t" >&5 echo $ECHO_N "checking for size_t... $ECHO_C" >&6 if test "${ac_cv_have_size_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12498 "configure" +#line 12508 "configure" #include "confdefs.h" #include @@ -12509,16 +12519,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12512: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12522: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12515: \$? = $ac_status" >&5 + echo "$as_me:12525: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12518: \"$ac_try\"") >&5 + { (eval echo "$as_me:12528: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12521: \$? = $ac_status" >&5 + echo "$as_me:12531: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_size_t="yes" else @@ -12530,7 +12540,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12533: result: $ac_cv_have_size_t" >&5 +echo "$as_me:12543: result: $ac_cv_have_size_t" >&5 echo "${ECHO_T}$ac_cv_have_size_t" >&6 if test "x$ac_cv_have_size_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12539,14 +12549,14 @@ fi -echo "$as_me:12542: checking for ssize_t" >&5 +echo "$as_me:12552: checking for ssize_t" >&5 echo $ECHO_N "checking for ssize_t... $ECHO_C" >&6 if test "${ac_cv_have_ssize_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12549 "configure" +#line 12559 "configure" #include "confdefs.h" #include @@ -12560,16 +12570,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12563: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12573: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12566: \$? = $ac_status" >&5 + echo "$as_me:12576: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12569: \"$ac_try\"") >&5 + { (eval echo "$as_me:12579: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12572: \$? = $ac_status" >&5 + echo "$as_me:12582: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_ssize_t="yes" else @@ -12581,7 +12591,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12584: result: $ac_cv_have_ssize_t" >&5 +echo "$as_me:12594: result: $ac_cv_have_ssize_t" >&5 echo "${ECHO_T}$ac_cv_have_ssize_t" >&6 if test "x$ac_cv_have_ssize_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12590,14 +12600,14 @@ fi -echo "$as_me:12593: checking for clock_t" >&5 +echo "$as_me:12603: checking for clock_t" >&5 echo $ECHO_N "checking for clock_t... $ECHO_C" >&6 if test "${ac_cv_have_clock_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12600 "configure" +#line 12610 "configure" #include "confdefs.h" #include @@ -12611,16 +12621,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12614: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12624: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12617: \$? = $ac_status" >&5 + echo "$as_me:12627: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12620: \"$ac_try\"") >&5 + { (eval echo "$as_me:12630: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12623: \$? = $ac_status" >&5 + echo "$as_me:12633: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_clock_t="yes" else @@ -12632,7 +12642,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12635: result: $ac_cv_have_clock_t" >&5 +echo "$as_me:12645: result: $ac_cv_have_clock_t" >&5 echo "${ECHO_T}$ac_cv_have_clock_t" >&6 if test "x$ac_cv_have_clock_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12641,14 +12651,14 @@ fi -echo "$as_me:12644: checking for sa_family_t" >&5 +echo "$as_me:12654: checking for sa_family_t" >&5 echo $ECHO_N "checking for sa_family_t... $ECHO_C" >&6 if test "${ac_cv_have_sa_family_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12651 "configure" +#line 12661 "configure" #include "confdefs.h" #include @@ -12663,23 +12673,23 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12666: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12676: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12669: \$? = $ac_status" >&5 + echo "$as_me:12679: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12672: \"$ac_try\"") >&5 + { (eval echo "$as_me:12682: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12675: \$? = $ac_status" >&5 + echo "$as_me:12685: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_sa_family_t="yes" else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 cat >conftest.$ac_ext <<_ACEOF -#line 12682 "configure" +#line 12692 "configure" #include "confdefs.h" #include @@ -12695,16 +12705,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12698: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12708: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12701: \$? = $ac_status" >&5 + echo "$as_me:12711: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12704: \"$ac_try\"") >&5 + { (eval echo "$as_me:12714: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12707: \$? = $ac_status" >&5 + echo "$as_me:12717: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_sa_family_t="yes" else @@ -12719,7 +12729,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12722: result: $ac_cv_have_sa_family_t" >&5 +echo "$as_me:12732: result: $ac_cv_have_sa_family_t" >&5 echo "${ECHO_T}$ac_cv_have_sa_family_t" >&6 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12728,14 +12738,14 @@ fi -echo "$as_me:12731: checking for pid_t" >&5 +echo "$as_me:12741: checking for pid_t" >&5 echo $ECHO_N "checking for pid_t... $ECHO_C" >&6 if test "${ac_cv_have_pid_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12738 "configure" +#line 12748 "configure" #include "confdefs.h" #include @@ -12749,16 +12759,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12752: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12762: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12755: \$? = $ac_status" >&5 + echo "$as_me:12765: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12758: \"$ac_try\"") >&5 + { (eval echo "$as_me:12768: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12761: \$? = $ac_status" >&5 + echo "$as_me:12771: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_pid_t="yes" else @@ -12770,7 +12780,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12773: result: $ac_cv_have_pid_t" >&5 +echo "$as_me:12783: result: $ac_cv_have_pid_t" >&5 echo "${ECHO_T}$ac_cv_have_pid_t" >&6 if test "x$ac_cv_have_pid_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12779,14 +12789,14 @@ fi -echo "$as_me:12782: checking for mode_t" >&5 +echo "$as_me:12792: checking for mode_t" >&5 echo $ECHO_N "checking for mode_t... $ECHO_C" >&6 if test "${ac_cv_have_mode_t+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12789 "configure" +#line 12799 "configure" #include "confdefs.h" #include @@ -12800,16 +12810,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12803: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12813: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12806: \$? = $ac_status" >&5 + echo "$as_me:12816: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12809: \"$ac_try\"") >&5 + { (eval echo "$as_me:12819: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12812: \$? = $ac_status" >&5 + echo "$as_me:12822: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_mode_t="yes" else @@ -12821,7 +12831,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12824: result: $ac_cv_have_mode_t" >&5 +echo "$as_me:12834: result: $ac_cv_have_mode_t" >&5 echo "${ECHO_T}$ac_cv_have_mode_t" >&6 if test "x$ac_cv_have_mode_t" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12830,14 +12840,14 @@ fi -echo "$as_me:12833: checking for struct sockaddr_storage" >&5 +echo "$as_me:12843: checking for struct sockaddr_storage" >&5 echo $ECHO_N "checking for struct sockaddr_storage... $ECHO_C" >&6 if test "${ac_cv_have_struct_sockaddr_storage+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12840 "configure" +#line 12850 "configure" #include "confdefs.h" #include @@ -12852,16 +12862,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12855: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12865: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12858: \$? = $ac_status" >&5 + echo "$as_me:12868: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12861: \"$ac_try\"") >&5 + { (eval echo "$as_me:12871: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12864: \$? = $ac_status" >&5 + echo "$as_me:12874: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_struct_sockaddr_storage="yes" else @@ -12873,7 +12883,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12876: result: $ac_cv_have_struct_sockaddr_storage" >&5 +echo "$as_me:12886: result: $ac_cv_have_struct_sockaddr_storage" >&5 echo "${ECHO_T}$ac_cv_have_struct_sockaddr_storage" >&6 if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12882,14 +12892,14 @@ fi -echo "$as_me:12885: checking for struct sockaddr_in6" >&5 +echo "$as_me:12895: checking for struct sockaddr_in6" >&5 echo $ECHO_N "checking for struct sockaddr_in6... $ECHO_C" >&6 if test "${ac_cv_have_struct_sockaddr_in6+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12892 "configure" +#line 12902 "configure" #include "confdefs.h" #include @@ -12904,16 +12914,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12907: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12917: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12910: \$? = $ac_status" >&5 + echo "$as_me:12920: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12913: \"$ac_try\"") >&5 + { (eval echo "$as_me:12923: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12916: \$? = $ac_status" >&5 + echo "$as_me:12926: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_struct_sockaddr_in6="yes" else @@ -12925,7 +12935,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12928: result: $ac_cv_have_struct_sockaddr_in6" >&5 +echo "$as_me:12938: result: $ac_cv_have_struct_sockaddr_in6" >&5 echo "${ECHO_T}$ac_cv_have_struct_sockaddr_in6" >&6 if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12934,14 +12944,14 @@ fi -echo "$as_me:12937: checking for struct in6_addr" >&5 +echo "$as_me:12947: checking for struct in6_addr" >&5 echo $ECHO_N "checking for struct in6_addr... $ECHO_C" >&6 if test "${ac_cv_have_struct_in6_addr+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12944 "configure" +#line 12954 "configure" #include "confdefs.h" #include @@ -12956,16 +12966,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:12959: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:12969: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:12962: \$? = $ac_status" >&5 + echo "$as_me:12972: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:12965: \"$ac_try\"") >&5 + { (eval echo "$as_me:12975: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:12968: \$? = $ac_status" >&5 + echo "$as_me:12978: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_struct_in6_addr="yes" else @@ -12977,7 +12987,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:12980: result: $ac_cv_have_struct_in6_addr" >&5 +echo "$as_me:12990: result: $ac_cv_have_struct_in6_addr" >&5 echo "${ECHO_T}$ac_cv_have_struct_in6_addr" >&6 if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -12986,14 +12996,14 @@ fi -echo "$as_me:12989: checking for struct addrinfo" >&5 +echo "$as_me:12999: checking for struct addrinfo" >&5 echo $ECHO_N "checking for struct addrinfo... $ECHO_C" >&6 if test "${ac_cv_have_struct_addrinfo+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 12996 "configure" +#line 13006 "configure" #include "confdefs.h" #include @@ -13009,16 +13019,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:13012: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:13022: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:13015: \$? = $ac_status" >&5 + echo "$as_me:13025: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:13018: \"$ac_try\"") >&5 + { (eval echo "$as_me:13028: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13021: \$? = $ac_status" >&5 + echo "$as_me:13031: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_struct_addrinfo="yes" else @@ -13030,7 +13040,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:13033: result: $ac_cv_have_struct_addrinfo" >&5 +echo "$as_me:13043: result: $ac_cv_have_struct_addrinfo" >&5 echo "${ECHO_T}$ac_cv_have_struct_addrinfo" >&6 if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -13039,14 +13049,14 @@ fi -echo "$as_me:13042: checking for struct timeval" >&5 +echo "$as_me:13052: checking for struct timeval" >&5 echo $ECHO_N "checking for struct timeval... $ECHO_C" >&6 if test "${ac_cv_have_struct_timeval+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13049 "configure" +#line 13059 "configure" #include "confdefs.h" #include int @@ -13058,16 +13068,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:13061: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:13071: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:13064: \$? = $ac_status" >&5 + echo "$as_me:13074: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:13067: \"$ac_try\"") >&5 + { (eval echo "$as_me:13077: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13070: \$? = $ac_status" >&5 + echo "$as_me:13080: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_struct_timeval="yes" else @@ -13079,7 +13089,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:13082: result: $ac_cv_have_struct_timeval" >&5 +echo "$as_me:13092: result: $ac_cv_have_struct_timeval" >&5 echo "${ECHO_T}$ac_cv_have_struct_timeval" >&6 if test "x$ac_cv_have_struct_timeval" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -13089,13 +13099,13 @@ have_struct_timeval=1 fi -echo "$as_me:13092: checking for struct timespec" >&5 +echo "$as_me:13102: checking for struct timespec" >&5 echo $ECHO_N "checking for struct timespec... $ECHO_C" >&6 if test "${ac_cv_type_struct_timespec+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13098 "configure" +#line 13108 "configure" #include "confdefs.h" $ac_includes_default int @@ -13110,16 +13120,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:13113: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:13123: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:13116: \$? = $ac_status" >&5 + echo "$as_me:13126: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:13119: \"$ac_try\"") >&5 + { (eval echo "$as_me:13129: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13122: \$? = $ac_status" >&5 + echo "$as_me:13132: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_type_struct_timespec=yes else @@ -13129,7 +13139,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:13132: result: $ac_cv_type_struct_timespec" >&5 +echo "$as_me:13142: result: $ac_cv_type_struct_timespec" >&5 echo "${ECHO_T}$ac_cv_type_struct_timespec" >&6 if test $ac_cv_type_struct_timespec = yes; then @@ -13149,12 +13159,12 @@ exit 1; else if test "$cross_compiling" = yes; then - { { echo "$as_me:13152: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:13162: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 13157 "configure" +#line 13167 "configure" #include "confdefs.h" #include @@ -13182,15 +13192,15 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:13185: \"$ac_link\"") >&5 +if { (eval echo "$as_me:13195: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:13188: \$? = $ac_status" >&5 + echo "$as_me:13198: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:13190: \"$ac_try\"") >&5 + { (eval echo "$as_me:13200: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13193: \$? = $ac_status" >&5 + echo "$as_me:13203: \$? = $ac_status" >&5 (exit $ac_status); }; }; then true else @@ -13209,14 +13219,14 @@ # look for field 'ut_host' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host - echo "$as_me:13212: checking for ut_host field in utmp.h" >&5 + echo "$as_me:13222: checking for ut_host field in utmp.h" >&5 echo $ECHO_N "checking for ut_host field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13219 "configure" +#line 13229 "configure" #include "confdefs.h" #include @@ -13233,7 +13243,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13236: result: $ossh_result" >&5 + echo "$as_me:13246: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13242,21 +13252,21 @@ fi else - echo "$as_me:13245: result: no" >&5 + echo "$as_me:13255: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_host' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_host - echo "$as_me:13252: checking for ut_host field in utmpx.h" >&5 + echo "$as_me:13262: checking for ut_host field in utmpx.h" >&5 echo $ECHO_N "checking for ut_host field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13259 "configure" +#line 13269 "configure" #include "confdefs.h" #include @@ -13273,7 +13283,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13276: result: $ossh_result" >&5 + echo "$as_me:13286: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13282,21 +13292,21 @@ fi else - echo "$as_me:13285: result: no" >&5 + echo "$as_me:13295: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'syslen' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"syslen - echo "$as_me:13292: checking for syslen field in utmpx.h" >&5 + echo "$as_me:13302: checking for syslen field in utmpx.h" >&5 echo $ECHO_N "checking for syslen field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13299 "configure" +#line 13309 "configure" #include "confdefs.h" #include @@ -13313,7 +13323,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13316: result: $ossh_result" >&5 + echo "$as_me:13326: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13322,21 +13332,21 @@ fi else - echo "$as_me:13325: result: no" >&5 + echo "$as_me:13335: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_pid' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_pid - echo "$as_me:13332: checking for ut_pid field in utmp.h" >&5 + echo "$as_me:13342: checking for ut_pid field in utmp.h" >&5 echo $ECHO_N "checking for ut_pid field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13339 "configure" +#line 13349 "configure" #include "confdefs.h" #include @@ -13353,7 +13363,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13356: result: $ossh_result" >&5 + echo "$as_me:13366: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13362,21 +13372,21 @@ fi else - echo "$as_me:13365: result: no" >&5 + echo "$as_me:13375: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_type' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type - echo "$as_me:13372: checking for ut_type field in utmp.h" >&5 + echo "$as_me:13382: checking for ut_type field in utmp.h" >&5 echo $ECHO_N "checking for ut_type field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13379 "configure" +#line 13389 "configure" #include "confdefs.h" #include @@ -13393,7 +13403,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13396: result: $ossh_result" >&5 + echo "$as_me:13406: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13402,21 +13412,21 @@ fi else - echo "$as_me:13405: result: no" >&5 + echo "$as_me:13415: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_type' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_type - echo "$as_me:13412: checking for ut_type field in utmpx.h" >&5 + echo "$as_me:13422: checking for ut_type field in utmpx.h" >&5 echo $ECHO_N "checking for ut_type field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13419 "configure" +#line 13429 "configure" #include "confdefs.h" #include @@ -13433,7 +13443,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13436: result: $ossh_result" >&5 + echo "$as_me:13446: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13442,21 +13452,21 @@ fi else - echo "$as_me:13445: result: no" >&5 + echo "$as_me:13455: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_tv' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv - echo "$as_me:13452: checking for ut_tv field in utmp.h" >&5 + echo "$as_me:13462: checking for ut_tv field in utmp.h" >&5 echo $ECHO_N "checking for ut_tv field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13459 "configure" +#line 13469 "configure" #include "confdefs.h" #include @@ -13473,7 +13483,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13476: result: $ossh_result" >&5 + echo "$as_me:13486: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13482,21 +13492,21 @@ fi else - echo "$as_me:13485: result: no" >&5 + echo "$as_me:13495: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_id' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id - echo "$as_me:13492: checking for ut_id field in utmp.h" >&5 + echo "$as_me:13502: checking for ut_id field in utmp.h" >&5 echo $ECHO_N "checking for ut_id field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13499 "configure" +#line 13509 "configure" #include "confdefs.h" #include @@ -13513,7 +13523,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13516: result: $ossh_result" >&5 + echo "$as_me:13526: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13522,21 +13532,21 @@ fi else - echo "$as_me:13525: result: no" >&5 + echo "$as_me:13535: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_id' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_id - echo "$as_me:13532: checking for ut_id field in utmpx.h" >&5 + echo "$as_me:13542: checking for ut_id field in utmpx.h" >&5 echo $ECHO_N "checking for ut_id field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13539 "configure" +#line 13549 "configure" #include "confdefs.h" #include @@ -13553,7 +13563,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13556: result: $ossh_result" >&5 + echo "$as_me:13566: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13562,21 +13572,21 @@ fi else - echo "$as_me:13565: result: no" >&5 + echo "$as_me:13575: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_addr' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr - echo "$as_me:13572: checking for ut_addr field in utmp.h" >&5 + echo "$as_me:13582: checking for ut_addr field in utmp.h" >&5 echo $ECHO_N "checking for ut_addr field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13579 "configure" +#line 13589 "configure" #include "confdefs.h" #include @@ -13593,7 +13603,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13596: result: $ossh_result" >&5 + echo "$as_me:13606: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13602,21 +13612,21 @@ fi else - echo "$as_me:13605: result: no" >&5 + echo "$as_me:13615: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_addr' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr - echo "$as_me:13612: checking for ut_addr field in utmpx.h" >&5 + echo "$as_me:13622: checking for ut_addr field in utmpx.h" >&5 echo $ECHO_N "checking for ut_addr field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13619 "configure" +#line 13629 "configure" #include "confdefs.h" #include @@ -13633,7 +13643,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13636: result: $ossh_result" >&5 + echo "$as_me:13646: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13642,21 +13652,21 @@ fi else - echo "$as_me:13645: result: no" >&5 + echo "$as_me:13655: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_addr_v6' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 - echo "$as_me:13652: checking for ut_addr_v6 field in utmp.h" >&5 + echo "$as_me:13662: checking for ut_addr_v6 field in utmp.h" >&5 echo $ECHO_N "checking for ut_addr_v6 field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13659 "configure" +#line 13669 "configure" #include "confdefs.h" #include @@ -13673,7 +13683,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13676: result: $ossh_result" >&5 + echo "$as_me:13686: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13682,21 +13692,21 @@ fi else - echo "$as_me:13685: result: no" >&5 + echo "$as_me:13695: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_addr_v6' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_addr_v6 - echo "$as_me:13692: checking for ut_addr_v6 field in utmpx.h" >&5 + echo "$as_me:13702: checking for ut_addr_v6 field in utmpx.h" >&5 echo $ECHO_N "checking for ut_addr_v6 field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13699 "configure" +#line 13709 "configure" #include "confdefs.h" #include @@ -13713,7 +13723,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13716: result: $ossh_result" >&5 + echo "$as_me:13726: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13722,21 +13732,21 @@ fi else - echo "$as_me:13725: result: no" >&5 + echo "$as_me:13735: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_exit' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_exit - echo "$as_me:13732: checking for ut_exit field in utmp.h" >&5 + echo "$as_me:13742: checking for ut_exit field in utmp.h" >&5 echo $ECHO_N "checking for ut_exit field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13739 "configure" +#line 13749 "configure" #include "confdefs.h" #include @@ -13753,7 +13763,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13756: result: $ossh_result" >&5 + echo "$as_me:13766: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13762,21 +13772,21 @@ fi else - echo "$as_me:13765: result: no" >&5 + echo "$as_me:13775: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_time' in header 'utmp.h' ossh_safe=`echo "utmp.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time - echo "$as_me:13772: checking for ut_time field in utmp.h" >&5 + echo "$as_me:13782: checking for ut_time field in utmp.h" >&5 echo $ECHO_N "checking for ut_time field in utmp.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13779 "configure" +#line 13789 "configure" #include "confdefs.h" #include @@ -13793,7 +13803,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13796: result: $ossh_result" >&5 + echo "$as_me:13806: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13802,21 +13812,21 @@ fi else - echo "$as_me:13805: result: no" >&5 + echo "$as_me:13815: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_time' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_time - echo "$as_me:13812: checking for ut_time field in utmpx.h" >&5 + echo "$as_me:13822: checking for ut_time field in utmpx.h" >&5 echo $ECHO_N "checking for ut_time field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13819 "configure" +#line 13829 "configure" #include "confdefs.h" #include @@ -13833,7 +13843,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13836: result: $ossh_result" >&5 + echo "$as_me:13846: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13842,21 +13852,21 @@ fi else - echo "$as_me:13845: result: no" >&5 + echo "$as_me:13855: result: no" >&5 echo "${ECHO_T}no" >&6 fi # look for field 'ut_tv' in header 'utmpx.h' ossh_safe=`echo "utmpx.h" | sed 'y%./+-%__p_%'` ossh_varname="ossh_cv_$ossh_safe""_has_"ut_tv - echo "$as_me:13852: checking for ut_tv field in utmpx.h" >&5 + echo "$as_me:13862: checking for ut_tv field in utmpx.h" >&5 echo $ECHO_N "checking for ut_tv field in utmpx.h... $ECHO_C" >&6 if eval "test \"\${$ossh_varname+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13859 "configure" +#line 13869 "configure" #include "confdefs.h" #include @@ -13873,7 +13883,7 @@ ossh_result=`eval 'echo $'"$ossh_varname"` if test -n "`echo $ossh_varname`"; then - echo "$as_me:13876: result: $ossh_result" >&5 + echo "$as_me:13886: result: $ossh_result" >&5 echo "${ECHO_T}$ossh_result" >&6 if test "x$ossh_result" = "xyes"; then cat >>confdefs.h <<\EOF @@ -13882,17 +13892,17 @@ fi else - echo "$as_me:13885: result: no" >&5 + echo "$as_me:13895: result: no" >&5 echo "${ECHO_T}no" >&6 fi -echo "$as_me:13889: checking for struct stat.st_blksize" >&5 +echo "$as_me:13899: checking for struct stat.st_blksize" >&5 echo $ECHO_N "checking for struct stat.st_blksize... $ECHO_C" >&6 if test "${ac_cv_member_struct_stat_st_blksize+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13895 "configure" +#line 13905 "configure" #include "confdefs.h" $ac_includes_default int @@ -13906,16 +13916,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:13909: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:13919: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:13912: \$? = $ac_status" >&5 + echo "$as_me:13922: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:13915: \"$ac_try\"") >&5 + { (eval echo "$as_me:13925: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13918: \$? = $ac_status" >&5 + echo "$as_me:13928: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_member_struct_stat_st_blksize=yes else @@ -13925,7 +13935,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:13928: result: $ac_cv_member_struct_stat_st_blksize" >&5 +echo "$as_me:13938: result: $ac_cv_member_struct_stat_st_blksize" >&5 echo "${ECHO_T}$ac_cv_member_struct_stat_st_blksize" >&6 if test $ac_cv_member_struct_stat_st_blksize = yes; then @@ -13935,14 +13945,14 @@ fi -echo "$as_me:13938: checking for ss_family field in struct sockaddr_storage" >&5 +echo "$as_me:13948: checking for ss_family field in struct sockaddr_storage" >&5 echo $ECHO_N "checking for ss_family field in struct sockaddr_storage... $ECHO_C" >&6 if test "${ac_cv_have_ss_family_in_struct_ss+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13945 "configure" +#line 13955 "configure" #include "confdefs.h" #include @@ -13957,16 +13967,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:13960: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:13970: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:13963: \$? = $ac_status" >&5 + echo "$as_me:13973: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:13966: \"$ac_try\"") >&5 + { (eval echo "$as_me:13976: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:13969: \$? = $ac_status" >&5 + echo "$as_me:13979: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_ss_family_in_struct_ss="yes" else @@ -13977,7 +13987,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:13980: result: $ac_cv_have_ss_family_in_struct_ss" >&5 +echo "$as_me:13990: result: $ac_cv_have_ss_family_in_struct_ss" >&5 echo "${ECHO_T}$ac_cv_have_ss_family_in_struct_ss" >&6 if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -13986,14 +13996,14 @@ fi -echo "$as_me:13989: checking for __ss_family field in struct sockaddr_storage" >&5 +echo "$as_me:13999: checking for __ss_family field in struct sockaddr_storage" >&5 echo $ECHO_N "checking for __ss_family field in struct sockaddr_storage... $ECHO_C" >&6 if test "${ac_cv_have___ss_family_in_struct_ss+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 13996 "configure" +#line 14006 "configure" #include "confdefs.h" #include @@ -14008,16 +14018,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:14011: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:14021: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:14014: \$? = $ac_status" >&5 + echo "$as_me:14024: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:14017: \"$ac_try\"") >&5 + { (eval echo "$as_me:14027: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14020: \$? = $ac_status" >&5 + echo "$as_me:14030: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have___ss_family_in_struct_ss="yes" else @@ -14029,7 +14039,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:14032: result: $ac_cv_have___ss_family_in_struct_ss" >&5 +echo "$as_me:14042: result: $ac_cv_have___ss_family_in_struct_ss" >&5 echo "${ECHO_T}$ac_cv_have___ss_family_in_struct_ss" >&6 if test "x$ac_cv_have___ss_family_in_struct_ss" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14038,14 +14048,14 @@ fi -echo "$as_me:14041: checking for pw_class field in struct passwd" >&5 +echo "$as_me:14051: checking for pw_class field in struct passwd" >&5 echo $ECHO_N "checking for pw_class field in struct passwd... $ECHO_C" >&6 if test "${ac_cv_have_pw_class_in_struct_passwd+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14048 "configure" +#line 14058 "configure" #include "confdefs.h" #include @@ -14059,16 +14069,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:14062: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:14072: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:14065: \$? = $ac_status" >&5 + echo "$as_me:14075: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:14068: \"$ac_try\"") >&5 + { (eval echo "$as_me:14078: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14071: \$? = $ac_status" >&5 + echo "$as_me:14081: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_pw_class_in_struct_passwd="yes" else @@ -14080,7 +14090,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:14083: result: $ac_cv_have_pw_class_in_struct_passwd" >&5 +echo "$as_me:14093: result: $ac_cv_have_pw_class_in_struct_passwd" >&5 echo "${ECHO_T}$ac_cv_have_pw_class_in_struct_passwd" >&6 if test "x$ac_cv_have_pw_class_in_struct_passwd" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14089,14 +14099,14 @@ fi -echo "$as_me:14092: checking for pw_expire field in struct passwd" >&5 +echo "$as_me:14102: checking for pw_expire field in struct passwd" >&5 echo $ECHO_N "checking for pw_expire field in struct passwd... $ECHO_C" >&6 if test "${ac_cv_have_pw_expire_in_struct_passwd+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14099 "configure" +#line 14109 "configure" #include "confdefs.h" #include @@ -14110,16 +14120,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:14113: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:14123: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:14116: \$? = $ac_status" >&5 + echo "$as_me:14126: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:14119: \"$ac_try\"") >&5 + { (eval echo "$as_me:14129: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14122: \$? = $ac_status" >&5 + echo "$as_me:14132: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_pw_expire_in_struct_passwd="yes" else @@ -14131,7 +14141,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:14134: result: $ac_cv_have_pw_expire_in_struct_passwd" >&5 +echo "$as_me:14144: result: $ac_cv_have_pw_expire_in_struct_passwd" >&5 echo "${ECHO_T}$ac_cv_have_pw_expire_in_struct_passwd" >&6 if test "x$ac_cv_have_pw_expire_in_struct_passwd" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14140,14 +14150,14 @@ fi -echo "$as_me:14143: checking for pw_change field in struct passwd" >&5 +echo "$as_me:14153: checking for pw_change field in struct passwd" >&5 echo $ECHO_N "checking for pw_change field in struct passwd... $ECHO_C" >&6 if test "${ac_cv_have_pw_change_in_struct_passwd+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14150 "configure" +#line 14160 "configure" #include "confdefs.h" #include @@ -14161,16 +14171,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:14164: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:14174: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:14167: \$? = $ac_status" >&5 + echo "$as_me:14177: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:14170: \"$ac_try\"") >&5 + { (eval echo "$as_me:14180: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14173: \$? = $ac_status" >&5 + echo "$as_me:14183: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_pw_change_in_struct_passwd="yes" else @@ -14182,7 +14192,7 @@ rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:14185: result: $ac_cv_have_pw_change_in_struct_passwd" >&5 +echo "$as_me:14195: result: $ac_cv_have_pw_change_in_struct_passwd" >&5 echo "${ECHO_T}$ac_cv_have_pw_change_in_struct_passwd" >&6 if test "x$ac_cv_have_pw_change_in_struct_passwd" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14191,19 +14201,19 @@ fi -echo "$as_me:14194: checking for msg_accrights field in struct msghdr" >&5 +echo "$as_me:14204: checking for msg_accrights field in struct msghdr" >&5 echo $ECHO_N "checking for msg_accrights field in struct msghdr... $ECHO_C" >&6 if test "${ac_cv_have_accrights_in_msghdr+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test "$cross_compiling" = yes; then - { { echo "$as_me:14201: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:14211: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 14206 "configure" +#line 14216 "configure" #include "confdefs.h" #include @@ -14220,15 +14230,15 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:14223: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14233: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14226: \$? = $ac_status" >&5 + echo "$as_me:14236: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:14228: \"$ac_try\"") >&5 + { (eval echo "$as_me:14238: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14231: \$? = $ac_status" >&5 + echo "$as_me:14241: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_accrights_in_msghdr="yes" else @@ -14242,7 +14252,7 @@ fi fi -echo "$as_me:14245: result: $ac_cv_have_accrights_in_msghdr" >&5 +echo "$as_me:14255: result: $ac_cv_have_accrights_in_msghdr" >&5 echo "${ECHO_T}$ac_cv_have_accrights_in_msghdr" >&6 if test "x$ac_cv_have_accrights_in_msghdr" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14251,19 +14261,19 @@ fi -echo "$as_me:14254: checking for msg_control field in struct msghdr" >&5 +echo "$as_me:14264: checking for msg_control field in struct msghdr" >&5 echo $ECHO_N "checking for msg_control field in struct msghdr... $ECHO_C" >&6 if test "${ac_cv_have_control_in_msghdr+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else if test "$cross_compiling" = yes; then - { { echo "$as_me:14261: error: cannot run test program while cross compiling" >&5 + { { echo "$as_me:14271: error: cannot run test program while cross compiling" >&5 echo "$as_me: error: cannot run test program while cross compiling" >&2;} { (exit 1); exit 1; }; } else cat >conftest.$ac_ext <<_ACEOF -#line 14266 "configure" +#line 14276 "configure" #include "confdefs.h" #include @@ -14280,15 +14290,15 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:14283: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14293: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14286: \$? = $ac_status" >&5 + echo "$as_me:14296: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:14288: \"$ac_try\"") >&5 + { (eval echo "$as_me:14298: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14291: \$? = $ac_status" >&5 + echo "$as_me:14301: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_control_in_msghdr="yes" else @@ -14302,7 +14312,7 @@ fi fi -echo "$as_me:14305: result: $ac_cv_have_control_in_msghdr" >&5 +echo "$as_me:14315: result: $ac_cv_have_control_in_msghdr" >&5 echo "${ECHO_T}$ac_cv_have_control_in_msghdr" >&6 if test "x$ac_cv_have_control_in_msghdr" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14311,14 +14321,14 @@ fi -echo "$as_me:14314: checking if libc defines __progname" >&5 +echo "$as_me:14324: checking if libc defines __progname" >&5 echo $ECHO_N "checking if libc defines __progname... $ECHO_C" >&6 if test "${ac_cv_libc_defines___progname+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14321 "configure" +#line 14331 "configure" #include "confdefs.h" int @@ -14330,16 +14340,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14333: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14343: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14336: \$? = $ac_status" >&5 + echo "$as_me:14346: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14339: \"$ac_try\"") >&5 + { (eval echo "$as_me:14349: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14342: \$? = $ac_status" >&5 + echo "$as_me:14352: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_libc_defines___progname="yes" else @@ -14351,7 +14361,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:14354: result: $ac_cv_libc_defines___progname" >&5 +echo "$as_me:14364: result: $ac_cv_libc_defines___progname" >&5 echo "${ECHO_T}$ac_cv_libc_defines___progname" >&6 if test "x$ac_cv_libc_defines___progname" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14360,14 +14370,14 @@ fi -echo "$as_me:14363: checking whether $CC implements __FUNCTION__" >&5 +echo "$as_me:14373: checking whether $CC implements __FUNCTION__" >&5 echo $ECHO_N "checking whether $CC implements __FUNCTION__... $ECHO_C" >&6 if test "${ac_cv_cc_implements___FUNCTION__+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14370 "configure" +#line 14380 "configure" #include "confdefs.h" #include @@ -14381,16 +14391,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14384: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14394: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14387: \$? = $ac_status" >&5 + echo "$as_me:14397: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14390: \"$ac_try\"") >&5 + { (eval echo "$as_me:14400: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14393: \$? = $ac_status" >&5 + echo "$as_me:14403: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_cc_implements___FUNCTION__="yes" else @@ -14402,7 +14412,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:14405: result: $ac_cv_cc_implements___FUNCTION__" >&5 +echo "$as_me:14415: result: $ac_cv_cc_implements___FUNCTION__" >&5 echo "${ECHO_T}$ac_cv_cc_implements___FUNCTION__" >&6 if test "x$ac_cv_cc_implements___FUNCTION__" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14411,14 +14421,14 @@ fi -echo "$as_me:14414: checking whether $CC implements __func__" >&5 +echo "$as_me:14424: checking whether $CC implements __func__" >&5 echo $ECHO_N "checking whether $CC implements __func__... $ECHO_C" >&6 if test "${ac_cv_cc_implements___func__+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14421 "configure" +#line 14431 "configure" #include "confdefs.h" #include @@ -14432,16 +14442,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14435: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14445: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14438: \$? = $ac_status" >&5 + echo "$as_me:14448: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14441: \"$ac_try\"") >&5 + { (eval echo "$as_me:14451: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14444: \$? = $ac_status" >&5 + echo "$as_me:14454: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_cc_implements___func__="yes" else @@ -14453,7 +14463,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:14456: result: $ac_cv_cc_implements___func__" >&5 +echo "$as_me:14466: result: $ac_cv_cc_implements___func__" >&5 echo "${ECHO_T}$ac_cv_cc_implements___func__" >&6 if test "x$ac_cv_cc_implements___func__" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14462,14 +14472,14 @@ fi -echo "$as_me:14465: checking whether getopt has optreset support" >&5 +echo "$as_me:14475: checking whether getopt has optreset support" >&5 echo $ECHO_N "checking whether getopt has optreset support... $ECHO_C" >&6 if test "${ac_cv_have_getopt_optreset+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14472 "configure" +#line 14482 "configure" #include "confdefs.h" #include @@ -14483,16 +14493,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14486: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14496: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14489: \$? = $ac_status" >&5 + echo "$as_me:14499: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14492: \"$ac_try\"") >&5 + { (eval echo "$as_me:14502: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14495: \$? = $ac_status" >&5 + echo "$as_me:14505: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_have_getopt_optreset="yes" else @@ -14504,7 +14514,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:14507: result: $ac_cv_have_getopt_optreset" >&5 +echo "$as_me:14517: result: $ac_cv_have_getopt_optreset" >&5 echo "${ECHO_T}$ac_cv_have_getopt_optreset" >&6 if test "x$ac_cv_have_getopt_optreset" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14513,14 +14523,14 @@ fi -echo "$as_me:14516: checking if libc defines sys_errlist" >&5 +echo "$as_me:14526: checking if libc defines sys_errlist" >&5 echo $ECHO_N "checking if libc defines sys_errlist... $ECHO_C" >&6 if test "${ac_cv_libc_defines_sys_errlist+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14523 "configure" +#line 14533 "configure" #include "confdefs.h" int @@ -14532,16 +14542,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14535: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14545: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14538: \$? = $ac_status" >&5 + echo "$as_me:14548: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14541: \"$ac_try\"") >&5 + { (eval echo "$as_me:14551: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14544: \$? = $ac_status" >&5 + echo "$as_me:14554: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_libc_defines_sys_errlist="yes" else @@ -14553,7 +14563,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:14556: result: $ac_cv_libc_defines_sys_errlist" >&5 +echo "$as_me:14566: result: $ac_cv_libc_defines_sys_errlist" >&5 echo "${ECHO_T}$ac_cv_libc_defines_sys_errlist" >&6 if test "x$ac_cv_libc_defines_sys_errlist" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14562,14 +14572,14 @@ fi -echo "$as_me:14565: checking if libc defines sys_nerr" >&5 +echo "$as_me:14575: checking if libc defines sys_nerr" >&5 echo $ECHO_N "checking if libc defines sys_nerr... $ECHO_C" >&6 if test "${ac_cv_libc_defines_sys_nerr+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14572 "configure" +#line 14582 "configure" #include "confdefs.h" int @@ -14581,16 +14591,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14584: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14594: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14587: \$? = $ac_status" >&5 + echo "$as_me:14597: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14590: \"$ac_try\"") >&5 + { (eval echo "$as_me:14600: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14593: \$? = $ac_status" >&5 + echo "$as_me:14603: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_libc_defines_sys_nerr="yes" else @@ -14602,7 +14612,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:14605: result: $ac_cv_libc_defines_sys_nerr" >&5 +echo "$as_me:14615: result: $ac_cv_libc_defines_sys_nerr" >&5 echo "${ECHO_T}$ac_cv_libc_defines_sys_nerr" >&6 if test "x$ac_cv_libc_defines_sys_nerr" = "xyes" ; then cat >>confdefs.h <<\EOF @@ -14633,23 +14643,23 @@ for ac_header in sectok.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -echo "$as_me:14636: checking for $ac_header" >&5 +echo "$as_me:14646: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 14642 "configure" +#line 14652 "configure" #include "confdefs.h" #include <$ac_header> _ACEOF -if { (eval echo "$as_me:14646: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:14656: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:14652: \$? = $ac_status" >&5 + echo "$as_me:14662: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -14668,7 +14678,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:14671: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "$as_me:14681: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <&5 + { { echo "$as_me:14692: error: Can't find sectok.h" >&5 echo "$as_me: error: Can't find sectok.h" >&2;} { (exit 1); exit 1; }; } fi -echo "$as_me:14687: checking for sectok_open in -lsectok" >&5 +echo "$as_me:14697: checking for sectok_open in -lsectok" >&5 echo $ECHO_N "checking for sectok_open in -lsectok... $ECHO_C" >&6 if test "${ac_cv_lib_sectok_sectok_open+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -14692,7 +14702,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lsectok $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 14695 "configure" +#line 14705 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14711,16 +14721,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14714: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14724: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14717: \$? = $ac_status" >&5 + echo "$as_me:14727: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14720: \"$ac_try\"") >&5 + { (eval echo "$as_me:14730: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14723: \$? = $ac_status" >&5 + echo "$as_me:14733: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_sectok_sectok_open=yes else @@ -14731,7 +14741,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:14734: result: $ac_cv_lib_sectok_sectok_open" >&5 +echo "$as_me:14744: result: $ac_cv_lib_sectok_sectok_open" >&5 echo "${ECHO_T}$ac_cv_lib_sectok_sectok_open" >&6 if test $ac_cv_lib_sectok_sectok_open = yes; then cat >>confdefs.h <&5 + { { echo "$as_me:14756: error: Can't find libsectok" >&5 echo "$as_me: error: Can't find libsectok" >&2;} { (exit 1); exit 1; }; } fi @@ -14773,7 +14783,7 @@ OPENSC_CONFIG=$opensc_config_prefix/bin/opensc-config # Extract the first word of "opensc-config", so it can be a program name with args. set dummy opensc-config; ac_word=$2 -echo "$as_me:14776: checking for $ac_word" >&5 +echo "$as_me:14786: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_OPENSC_CONFIG+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -14790,7 +14800,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_OPENSC_CONFIG="$ac_dir/$ac_word" - echo "$as_me:14793: found $ac_dir/$ac_word" >&5 + echo "$as_me:14803: found $ac_dir/$ac_word" >&5 break fi done @@ -14802,10 +14812,10 @@ OPENSC_CONFIG=$ac_cv_path_OPENSC_CONFIG if test -n "$OPENSC_CONFIG"; then - echo "$as_me:14805: result: $OPENSC_CONFIG" >&5 + echo "$as_me:14815: result: $OPENSC_CONFIG" >&5 echo "${ECHO_T}$OPENSC_CONFIG" >&6 else - echo "$as_me:14808: result: no" >&5 + echo "$as_me:14818: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -14827,7 +14837,7 @@ fi # Check libraries needed by DNS fingerprint support -echo "$as_me:14830: checking for library containing getrrsetbyname" >&5 +echo "$as_me:14840: checking for library containing getrrsetbyname" >&5 echo $ECHO_N "checking for library containing getrrsetbyname... $ECHO_C" >&6 if test "${ac_cv_search_getrrsetbyname+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -14835,7 +14845,7 @@ ac_func_search_save_LIBS=$LIBS ac_cv_search_getrrsetbyname=no cat >conftest.$ac_ext <<_ACEOF -#line 14838 "configure" +#line 14848 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14854,16 +14864,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14857: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14867: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14860: \$? = $ac_status" >&5 + echo "$as_me:14870: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14863: \"$ac_try\"") >&5 + { (eval echo "$as_me:14873: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14866: \$? = $ac_status" >&5 + echo "$as_me:14876: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_getrrsetbyname="none required" else @@ -14875,7 +14885,7 @@ for ac_lib in resolv; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 14878 "configure" +#line 14888 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14894,16 +14904,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14897: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14907: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14900: \$? = $ac_status" >&5 + echo "$as_me:14910: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14903: \"$ac_try\"") >&5 + { (eval echo "$as_me:14913: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14906: \$? = $ac_status" >&5 + echo "$as_me:14916: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_getrrsetbyname="-l$ac_lib" break @@ -14916,7 +14926,7 @@ fi LIBS=$ac_func_search_save_LIBS fi -echo "$as_me:14919: result: $ac_cv_search_getrrsetbyname" >&5 +echo "$as_me:14929: result: $ac_cv_search_getrrsetbyname" >&5 echo "${ECHO_T}$ac_cv_search_getrrsetbyname" >&6 if test "$ac_cv_search_getrrsetbyname" != no; then test "$ac_cv_search_getrrsetbyname" = "none required" || LIBS="$ac_cv_search_getrrsetbyname $LIBS" @@ -14927,7 +14937,7 @@ else # Needed by our getrrsetbyname() - echo "$as_me:14930: checking for library containing res_query" >&5 + echo "$as_me:14940: checking for library containing res_query" >&5 echo $ECHO_N "checking for library containing res_query... $ECHO_C" >&6 if test "${ac_cv_search_res_query+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -14935,7 +14945,7 @@ ac_func_search_save_LIBS=$LIBS ac_cv_search_res_query=no cat >conftest.$ac_ext <<_ACEOF -#line 14938 "configure" +#line 14948 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14954,16 +14964,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14957: \"$ac_link\"") >&5 +if { (eval echo "$as_me:14967: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:14960: \$? = $ac_status" >&5 + echo "$as_me:14970: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:14963: \"$ac_try\"") >&5 + { (eval echo "$as_me:14973: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:14966: \$? = $ac_status" >&5 + echo "$as_me:14976: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_res_query="none required" else @@ -14975,7 +14985,7 @@ for ac_lib in resolv; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 14978 "configure" +#line 14988 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -14994,16 +15004,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:14997: \"$ac_link\"") >&5 +if { (eval echo "$as_me:15007: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:15000: \$? = $ac_status" >&5 + echo "$as_me:15010: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:15003: \"$ac_try\"") >&5 + { (eval echo "$as_me:15013: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15006: \$? = $ac_status" >&5 + echo "$as_me:15016: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_res_query="-l$ac_lib" break @@ -15016,14 +15026,14 @@ fi LIBS=$ac_func_search_save_LIBS fi -echo "$as_me:15019: result: $ac_cv_search_res_query" >&5 +echo "$as_me:15029: result: $ac_cv_search_res_query" >&5 echo "${ECHO_T}$ac_cv_search_res_query" >&6 if test "$ac_cv_search_res_query" != no; then test "$ac_cv_search_res_query" = "none required" || LIBS="$ac_cv_search_res_query $LIBS" fi - echo "$as_me:15026: checking for library containing dn_expand" >&5 + echo "$as_me:15036: checking for library containing dn_expand" >&5 echo $ECHO_N "checking for library containing dn_expand... $ECHO_C" >&6 if test "${ac_cv_search_dn_expand+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -15031,7 +15041,7 @@ ac_func_search_save_LIBS=$LIBS ac_cv_search_dn_expand=no cat >conftest.$ac_ext <<_ACEOF -#line 15034 "configure" +#line 15044 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -15050,16 +15060,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:15053: \"$ac_link\"") >&5 +if { (eval echo "$as_me:15063: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:15056: \$? = $ac_status" >&5 + echo "$as_me:15066: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:15059: \"$ac_try\"") >&5 + { (eval echo "$as_me:15069: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15062: \$? = $ac_status" >&5 + echo "$as_me:15072: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_dn_expand="none required" else @@ -15071,7 +15081,7 @@ for ac_lib in resolv; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 15074 "configure" +#line 15084 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -15090,16 +15100,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:15093: \"$ac_link\"") >&5 +if { (eval echo "$as_me:15103: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:15096: \$? = $ac_status" >&5 + echo "$as_me:15106: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:15099: \"$ac_try\"") >&5 + { (eval echo "$as_me:15109: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15102: \$? = $ac_status" >&5 + echo "$as_me:15112: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_dn_expand="-l$ac_lib" break @@ -15112,7 +15122,7 @@ fi LIBS=$ac_func_search_save_LIBS fi -echo "$as_me:15115: result: $ac_cv_search_dn_expand" >&5 +echo "$as_me:15125: result: $ac_cv_search_dn_expand" >&5 echo "${ECHO_T}$ac_cv_search_dn_expand" >&6 if test "$ac_cv_search_dn_expand" != no; then test "$ac_cv_search_dn_expand" = "none required" || LIBS="$ac_cv_search_dn_expand $LIBS" @@ -15122,13 +15132,13 @@ for ac_func in _getshort _getlong do as_ac_var=`echo "ac_cv_func_$ac_func" | $as_tr_sh` -echo "$as_me:15125: checking for $ac_func" >&5 +echo "$as_me:15135: checking for $ac_func" >&5 echo $ECHO_N "checking for $ac_func... $ECHO_C" >&6 if eval "test \"\${$as_ac_var+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 15131 "configure" +#line 15141 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func (); below. */ @@ -15159,16 +15169,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:15162: \"$ac_link\"") >&5 +if { (eval echo "$as_me:15172: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:15165: \$? = $ac_status" >&5 + echo "$as_me:15175: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:15168: \"$ac_try\"") >&5 + { (eval echo "$as_me:15178: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15171: \$? = $ac_status" >&5 + echo "$as_me:15181: \$? = $ac_status" >&5 (exit $ac_status); }; }; then eval "$as_ac_var=yes" else @@ -15178,7 +15188,7 @@ fi rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext fi -echo "$as_me:15181: result: `eval echo '${'$as_ac_var'}'`" >&5 +echo "$as_me:15191: result: `eval echo '${'$as_ac_var'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_var'}'`" >&6 if test `eval echo '${'$as_ac_var'}'` = yes; then cat >>confdefs.h <&5 + echo "$as_me:15201: checking for HEADER.ad" >&5 echo $ECHO_N "checking for HEADER.ad... $ECHO_C" >&6 if test "${ac_cv_member_HEADER_ad+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 15197 "configure" +#line 15207 "configure" #include "confdefs.h" #include @@ -15209,16 +15219,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:15212: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:15222: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:15215: \$? = $ac_status" >&5 + echo "$as_me:15225: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:15218: \"$ac_try\"") >&5 + { (eval echo "$as_me:15228: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15221: \$? = $ac_status" >&5 + echo "$as_me:15231: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_member_HEADER_ad=yes else @@ -15228,7 +15238,7 @@ fi rm -f conftest.$ac_objext conftest.$ac_ext fi -echo "$as_me:15231: result: $ac_cv_member_HEADER_ad" >&5 +echo "$as_me:15241: result: $ac_cv_member_HEADER_ad" >&5 echo "${ECHO_T}$ac_cv_member_HEADER_ad" >&6 if test $ac_cv_member_HEADER_ad = yes; then cat >>confdefs.h <<\EOF @@ -15258,17 +15268,17 @@ KRB5_MSG="yes" - echo "$as_me:15261: checking for krb5-config" >&5 + echo "$as_me:15271: checking for krb5-config" >&5 echo $ECHO_N "checking for krb5-config... $ECHO_C" >&6 if test -x $KRB5ROOT/bin/krb5-config ; then KRB5CONF=$KRB5ROOT/bin/krb5-config - echo "$as_me:15265: result: $KRB5CONF" >&5 + echo "$as_me:15275: result: $KRB5CONF" >&5 echo "${ECHO_T}$KRB5CONF" >&6 - echo "$as_me:15268: checking for gssapi support" >&5 + echo "$as_me:15278: checking for gssapi support" >&5 echo $ECHO_N "checking for gssapi support... $ECHO_C" >&6 if $KRB5CONF | grep gssapi >/dev/null ; then - echo "$as_me:15271: result: yes" >&5 + echo "$as_me:15281: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define GSSAPI 1 @@ -15276,17 +15286,17 @@ k5confopts=gssapi else - echo "$as_me:15279: result: no" >&5 + echo "$as_me:15289: result: no" >&5 echo "${ECHO_T}no" >&6 k5confopts="" fi K5CFLAGS="`$KRB5CONF --cflags $k5confopts`" K5LIBS="`$KRB5CONF --libs $k5confopts`" CPPFLAGS="$CPPFLAGS $K5CFLAGS" - echo "$as_me:15286: checking whether we are using Heimdal" >&5 + echo "$as_me:15296: checking whether we are using Heimdal" >&5 echo $ECHO_N "checking whether we are using Heimdal... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 15289 "configure" +#line 15299 "configure" #include "confdefs.h" #include int @@ -15298,18 +15308,18 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:15301: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:15311: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:15304: \$? = $ac_status" >&5 + echo "$as_me:15314: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:15307: \"$ac_try\"") >&5 + { (eval echo "$as_me:15317: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15310: \$? = $ac_status" >&5 + echo "$as_me:15320: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:15312: result: yes" >&5 + echo "$as_me:15322: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define HEIMDAL 1 @@ -15318,20 +15328,20 @@ else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 -echo "$as_me:15321: result: no" >&5 +echo "$as_me:15331: result: no" >&5 echo "${ECHO_T}no" >&6 fi rm -f conftest.$ac_objext conftest.$ac_ext else - echo "$as_me:15327: result: no" >&5 + echo "$as_me:15337: result: no" >&5 echo "${ECHO_T}no" >&6 CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include" LDFLAGS="$LDFLAGS -L${KRB5ROOT}/lib" - echo "$as_me:15331: checking whether we are using Heimdal" >&5 + echo "$as_me:15341: checking whether we are using Heimdal" >&5 echo $ECHO_N "checking whether we are using Heimdal... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 15334 "configure" +#line 15344 "configure" #include "confdefs.h" #include int @@ -15343,18 +15353,18 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:15346: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:15356: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:15349: \$? = $ac_status" >&5 + echo "$as_me:15359: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:15352: \"$ac_try\"") >&5 + { (eval echo "$as_me:15362: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15355: \$? = $ac_status" >&5 + echo "$as_me:15365: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:15357: result: yes" >&5 + echo "$as_me:15367: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define HEIMDAL 1 @@ -15365,13 +15375,13 @@ else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:15368: result: no" >&5 + echo "$as_me:15378: result: no" >&5 echo "${ECHO_T}no" >&6 K5LIBS="-lkrb5 -lk5crypto -lcom_err" fi rm -f conftest.$ac_objext conftest.$ac_ext - echo "$as_me:15374: checking for library containing dn_expand" >&5 + echo "$as_me:15384: checking for library containing dn_expand" >&5 echo $ECHO_N "checking for library containing dn_expand... $ECHO_C" >&6 if test "${ac_cv_search_dn_expand+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -15379,7 +15389,7 @@ ac_func_search_save_LIBS=$LIBS ac_cv_search_dn_expand=no cat >conftest.$ac_ext <<_ACEOF -#line 15382 "configure" +#line 15392 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -15398,16 +15408,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:15401: \"$ac_link\"") >&5 +if { (eval echo "$as_me:15411: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:15404: \$? = $ac_status" >&5 + echo "$as_me:15414: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:15407: \"$ac_try\"") >&5 + { (eval echo "$as_me:15417: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15410: \$? = $ac_status" >&5 + echo "$as_me:15420: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_dn_expand="none required" else @@ -15419,7 +15429,7 @@ for ac_lib in resolv; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 15422 "configure" +#line 15432 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -15438,16 +15448,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:15441: \"$ac_link\"") >&5 +if { (eval echo "$as_me:15451: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:15444: \$? = $ac_status" >&5 + echo "$as_me:15454: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:15447: \"$ac_try\"") >&5 + { (eval echo "$as_me:15457: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15450: \$? = $ac_status" >&5 + echo "$as_me:15460: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_dn_expand="-l$ac_lib" break @@ -15460,14 +15470,14 @@ fi LIBS=$ac_func_search_save_LIBS fi -echo "$as_me:15463: result: $ac_cv_search_dn_expand" >&5 +echo "$as_me:15473: result: $ac_cv_search_dn_expand" >&5 echo "${ECHO_T}$ac_cv_search_dn_expand" >&6 if test "$ac_cv_search_dn_expand" != no; then test "$ac_cv_search_dn_expand" = "none required" || LIBS="$ac_cv_search_dn_expand $LIBS" fi - echo "$as_me:15470: checking for gss_init_sec_context in -lgssapi" >&5 + echo "$as_me:15480: checking for gss_init_sec_context in -lgssapi" >&5 echo $ECHO_N "checking for gss_init_sec_context in -lgssapi... $ECHO_C" >&6 if test "${ac_cv_lib_gssapi_gss_init_sec_context+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -15475,7 +15485,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lgssapi $K5LIBS $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 15478 "configure" +#line 15488 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -15494,16 +15504,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:15497: \"$ac_link\"") >&5 +if { (eval echo "$as_me:15507: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:15500: \$? = $ac_status" >&5 + echo "$as_me:15510: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:15503: \"$ac_try\"") >&5 + { (eval echo "$as_me:15513: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15506: \$? = $ac_status" >&5 + echo "$as_me:15516: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_gssapi_gss_init_sec_context=yes else @@ -15514,7 +15524,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:15517: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5 +echo "$as_me:15527: result: $ac_cv_lib_gssapi_gss_init_sec_context" >&5 echo "${ECHO_T}$ac_cv_lib_gssapi_gss_init_sec_context" >&6 if test $ac_cv_lib_gssapi_gss_init_sec_context = yes; then cat >>confdefs.h <<\EOF @@ -15523,7 +15533,7 @@ K5LIBS="-lgssapi $K5LIBS" else - echo "$as_me:15526: checking for gss_init_sec_context in -lgssapi_krb5" >&5 + echo "$as_me:15536: checking for gss_init_sec_context in -lgssapi_krb5" >&5 echo $ECHO_N "checking for gss_init_sec_context in -lgssapi_krb5... $ECHO_C" >&6 if test "${ac_cv_lib_gssapi_krb5_gss_init_sec_context+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -15531,7 +15541,7 @@ ac_check_lib_save_LIBS=$LIBS LIBS="-lgssapi_krb5 $K5LIBS $LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 15534 "configure" +#line 15544 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -15550,16 +15560,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:15553: \"$ac_link\"") >&5 +if { (eval echo "$as_me:15563: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:15556: \$? = $ac_status" >&5 + echo "$as_me:15566: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:15559: \"$ac_try\"") >&5 + { (eval echo "$as_me:15569: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15562: \$? = $ac_status" >&5 + echo "$as_me:15572: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_lib_gssapi_krb5_gss_init_sec_context=yes else @@ -15570,7 +15580,7 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -echo "$as_me:15573: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5 +echo "$as_me:15583: result: $ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&5 echo "${ECHO_T}$ac_cv_lib_gssapi_krb5_gss_init_sec_context" >&6 if test $ac_cv_lib_gssapi_krb5_gss_init_sec_context = yes; then cat >>confdefs.h <<\EOF @@ -15579,29 +15589,29 @@ K5LIBS="-lgssapi_krb5 $K5LIBS" else - { echo "$as_me:15582: WARNING: Cannot find any suitable gss-api library - build may fail" >&5 + { echo "$as_me:15592: WARNING: Cannot find any suitable gss-api library - build may fail" >&5 echo "$as_me: WARNING: Cannot find any suitable gss-api library - build may fail" >&2;} fi fi - echo "$as_me:15588: checking for gssapi.h" >&5 + echo "$as_me:15598: checking for gssapi.h" >&5 echo $ECHO_N "checking for gssapi.h... $ECHO_C" >&6 if test "${ac_cv_header_gssapi_h+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 15594 "configure" +#line 15604 "configure" #include "confdefs.h" #include _ACEOF -if { (eval echo "$as_me:15598: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:15608: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:15604: \$? = $ac_status" >&5 + echo "$as_me:15614: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -15620,7 +15630,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:15623: result: $ac_cv_header_gssapi_h" >&5 +echo "$as_me:15633: result: $ac_cv_header_gssapi_h" >&5 echo "${ECHO_T}$ac_cv_header_gssapi_h" >&6 if test $ac_cv_header_gssapi_h = yes; then : @@ -15631,23 +15641,23 @@ for ac_header in gssapi.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -echo "$as_me:15634: checking for $ac_header" >&5 +echo "$as_me:15644: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 15640 "configure" +#line 15650 "configure" #include "confdefs.h" #include <$ac_header> _ACEOF -if { (eval echo "$as_me:15644: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:15654: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:15650: \$? = $ac_status" >&5 + echo "$as_me:15660: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -15666,7 +15676,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:15669: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "$as_me:15679: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <&5 + { echo "$as_me:15687: WARNING: Cannot find any suitable gss-api header - build may fail" >&5 echo "$as_me: WARNING: Cannot find any suitable gss-api header - build may fail" >&2;} fi @@ -15684,23 +15694,23 @@ oldCPP="$CPPFLAGS" CPPFLAGS="$CPPFLAGS -I${KRB5ROOT}/include/gssapi" - echo "$as_me:15687: checking for gssapi_krb5.h" >&5 + echo "$as_me:15697: checking for gssapi_krb5.h" >&5 echo $ECHO_N "checking for gssapi_krb5.h... $ECHO_C" >&6 if test "${ac_cv_header_gssapi_krb5_h+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 15693 "configure" +#line 15703 "configure" #include "confdefs.h" #include _ACEOF -if { (eval echo "$as_me:15697: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:15707: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:15703: \$? = $ac_status" >&5 + echo "$as_me:15713: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -15719,7 +15729,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:15722: result: $ac_cv_header_gssapi_krb5_h" >&5 +echo "$as_me:15732: result: $ac_cv_header_gssapi_krb5_h" >&5 echo "${ECHO_T}$ac_cv_header_gssapi_krb5_h" >&6 if test $ac_cv_header_gssapi_krb5_h = yes; then : @@ -15739,23 +15749,23 @@ for ac_header in gssapi.h gssapi/gssapi.h do as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` -echo "$as_me:15742: checking for $ac_header" >&5 +echo "$as_me:15752: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 15748 "configure" +#line 15758 "configure" #include "confdefs.h" #include <$ac_header> _ACEOF -if { (eval echo "$as_me:15752: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:15762: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:15758: \$? = $ac_status" >&5 + echo "$as_me:15768: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -15774,7 +15784,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:15777: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "$as_me:15787: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:15800: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 15796 "configure" +#line 15806 "configure" #include "confdefs.h" #include <$ac_header> _ACEOF -if { (eval echo "$as_me:15800: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:15810: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:15806: \$? = $ac_status" >&5 + echo "$as_me:15816: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -15822,7 +15832,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:15825: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "$as_me:15835: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <&5 +echo "$as_me:15848: checking for $ac_header" >&5 echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6 if eval "test \"\${$as_ac_Header+set}\" = set"; then echo $ECHO_N "(cached) $ECHO_C" >&6 else cat >conftest.$ac_ext <<_ACEOF -#line 15844 "configure" +#line 15854 "configure" #include "confdefs.h" #include <$ac_header> _ACEOF -if { (eval echo "$as_me:15848: \"$ac_cpp conftest.$ac_ext\"") >&5 +if { (eval echo "$as_me:15858: \"$ac_cpp conftest.$ac_ext\"") >&5 (eval $ac_cpp conftest.$ac_ext) 2>conftest.er1 ac_status=$? egrep -v '^ *\+' conftest.er1 >conftest.err rm -f conftest.er1 cat conftest.err >&5 - echo "$as_me:15854: \$? = $ac_status" >&5 + echo "$as_me:15864: \$? = $ac_status" >&5 (exit $ac_status); } >/dev/null; then if test -s conftest.err; then ac_cpp_err=$ac_c_preproc_warn_flag @@ -15870,7 +15880,7 @@ fi rm -f conftest.err conftest.$ac_ext fi -echo "$as_me:15873: result: `eval echo '${'$as_ac_Header'}'`" >&5 +echo "$as_me:15883: result: `eval echo '${'$as_ac_Header'}'`" >&5 echo "${ECHO_T}`eval echo '${'$as_ac_Header'}'`" >&6 if test `eval echo '${'$as_ac_Header'}'` = yes; then cat >>confdefs.h <&5 + echo "$as_me:15894: checking for library containing k_hasafs" >&5 echo $ECHO_N "checking for library containing k_hasafs... $ECHO_C" >&6 if test "${ac_cv_search_k_hasafs+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -15889,7 +15899,7 @@ ac_func_search_save_LIBS=$LIBS ac_cv_search_k_hasafs=no cat >conftest.$ac_ext <<_ACEOF -#line 15892 "configure" +#line 15902 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -15908,16 +15918,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:15911: \"$ac_link\"") >&5 +if { (eval echo "$as_me:15921: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:15914: \$? = $ac_status" >&5 + echo "$as_me:15924: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:15917: \"$ac_try\"") >&5 + { (eval echo "$as_me:15927: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15920: \$? = $ac_status" >&5 + echo "$as_me:15930: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_k_hasafs="none required" else @@ -15929,7 +15939,7 @@ for ac_lib in kafs; do LIBS="-l$ac_lib $ac_func_search_save_LIBS" cat >conftest.$ac_ext <<_ACEOF -#line 15932 "configure" +#line 15942 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ @@ -15948,16 +15958,16 @@ } _ACEOF rm -f conftest.$ac_objext conftest$ac_exeext -if { (eval echo "$as_me:15951: \"$ac_link\"") >&5 +if { (eval echo "$as_me:15961: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:15954: \$? = $ac_status" >&5 + echo "$as_me:15964: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest$ac_exeext' - { (eval echo "$as_me:15957: \"$ac_try\"") >&5 + { (eval echo "$as_me:15967: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:15960: \$? = $ac_status" >&5 + echo "$as_me:15970: \$? = $ac_status" >&5 (exit $ac_status); }; }; then ac_cv_search_k_hasafs="-l$ac_lib" break @@ -15970,7 +15980,7 @@ fi LIBS=$ac_func_search_save_LIBS fi -echo "$as_me:15973: result: $ac_cv_search_k_hasafs" >&5 +echo "$as_me:15983: result: $ac_cv_search_k_hasafs" >&5 echo "${ECHO_T}$ac_cv_search_k_hasafs" >&6 if test "$ac_cv_search_k_hasafs" != no; then test "$ac_cv_search_k_hasafs" = "none required" || LIBS="$ac_cv_search_k_hasafs $LIBS" @@ -16013,7 +16023,7 @@ TestPath="${TestPath}${PATH_SEPARATOR}/usr/openwin/bin" # Extract the first word of "xauth", so it can be a program name with args. set dummy xauth; ac_word=$2 -echo "$as_me:16016: checking for $ac_word" >&5 +echo "$as_me:16026: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_xauth_path+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -16030,7 +16040,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_xauth_path="$ac_dir/$ac_word" - echo "$as_me:16033: found $ac_dir/$ac_word" >&5 + echo "$as_me:16043: found $ac_dir/$ac_word" >&5 break fi done @@ -16041,10 +16051,10 @@ xauth_path=$ac_cv_path_xauth_path if test -n "$xauth_path"; then - echo "$as_me:16044: result: $xauth_path" >&5 + echo "$as_me:16054: result: $xauth_path" >&5 echo "${ECHO_T}$xauth_path" >&6 else - echo "$as_me:16047: result: no" >&5 + echo "$as_me:16057: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -16088,13 +16098,13 @@ if test -z "$no_dev_ptmx" ; then if test "x$disable_ptmx_check" != "xyes" ; then - echo "$as_me:16091: checking for \"/dev/ptmx\"" >&5 + echo "$as_me:16101: checking for \"/dev/ptmx\"" >&5 echo $ECHO_N "checking for \"/dev/ptmx\"... $ECHO_C" >&6 if test "${ac_cv_file___dev_ptmx_+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else test "$cross_compiling" = yes && - { { echo "$as_me:16097: error: cannot check for file existence when cross compiling" >&5 + { { echo "$as_me:16107: error: cannot check for file existence when cross compiling" >&5 echo "$as_me: error: cannot check for file existence when cross compiling" >&2;} { (exit 1); exit 1; }; } if test -r ""/dev/ptmx""; then @@ -16103,7 +16113,7 @@ ac_cv_file___dev_ptmx_=no fi fi -echo "$as_me:16106: result: $ac_cv_file___dev_ptmx_" >&5 +echo "$as_me:16116: result: $ac_cv_file___dev_ptmx_" >&5 echo "${ECHO_T}$ac_cv_file___dev_ptmx_" >&6 if test $ac_cv_file___dev_ptmx_ = yes; then @@ -16117,13 +16127,13 @@ fi fi -echo "$as_me:16120: checking for \"/dev/ptc\"" >&5 +echo "$as_me:16130: checking for \"/dev/ptc\"" >&5 echo $ECHO_N "checking for \"/dev/ptc\"... $ECHO_C" >&6 if test "${ac_cv_file___dev_ptc_+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else test "$cross_compiling" = yes && - { { echo "$as_me:16126: error: cannot check for file existence when cross compiling" >&5 + { { echo "$as_me:16136: error: cannot check for file existence when cross compiling" >&5 echo "$as_me: error: cannot check for file existence when cross compiling" >&2;} { (exit 1); exit 1; }; } if test -r ""/dev/ptc""; then @@ -16132,7 +16142,7 @@ ac_cv_file___dev_ptc_=no fi fi -echo "$as_me:16135: result: $ac_cv_file___dev_ptc_" >&5 +echo "$as_me:16145: result: $ac_cv_file___dev_ptc_" >&5 echo "${ECHO_T}$ac_cv_file___dev_ptc_" >&6 if test $ac_cv_file___dev_ptc_ = yes; then @@ -16155,7 +16165,7 @@ MANTYPE=$withval ;; *) - { { echo "$as_me:16158: error: invalid man type: $withval" >&5 + { { echo "$as_me:16168: error: invalid man type: $withval" >&5 echo "$as_me: error: invalid man type: $withval" >&2;} { (exit 1); exit 1; }; } ;; @@ -16168,7 +16178,7 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 -echo "$as_me:16171: checking for $ac_word" >&5 +echo "$as_me:16181: checking for $ac_word" >&5 echo $ECHO_N "checking for $ac_word... $ECHO_C" >&6 if test "${ac_cv_path_NROFF+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 @@ -16185,7 +16195,7 @@ test -z "$ac_dir" && ac_dir=. if $as_executable_p "$ac_dir/$ac_word"; then ac_cv_path_NROFF="$ac_dir/$ac_word" - echo "$as_me:16188: found $ac_dir/$ac_word" >&5 + echo "$as_me:16198: found $ac_dir/$ac_word" >&5 break fi done @@ -16196,10 +16206,10 @@ NROFF=$ac_cv_path_NROFF if test -n "$NROFF"; then - echo "$as_me:16199: result: $NROFF" >&5 + echo "$as_me:16209: result: $NROFF" >&5 echo "${ECHO_T}$NROFF" >&6 else - echo "$as_me:16202: result: no" >&5 + echo "$as_me:16212: result: no" >&5 echo "${ECHO_T}no" >&6 fi @@ -16256,10 +16266,10 @@ fi; if test -z "$disable_shadow" ; then - echo "$as_me:16259: checking if the systems has expire shadow information" >&5 + echo "$as_me:16269: checking if the systems has expire shadow information" >&5 echo $ECHO_N "checking if the systems has expire shadow information... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 16262 "configure" +#line 16272 "configure" #include "confdefs.h" #include @@ -16275,16 +16285,16 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:16278: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:16288: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:16281: \$? = $ac_status" >&5 + echo "$as_me:16291: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:16284: \"$ac_try\"") >&5 + { (eval echo "$as_me:16294: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:16287: \$? = $ac_status" >&5 + echo "$as_me:16297: \$? = $ac_status" >&5 (exit $ac_status); }; }; then sp_expire_available=yes else @@ -16295,14 +16305,14 @@ rm -f conftest.$ac_objext conftest.$ac_ext if test "x$sp_expire_available" = "xyes" ; then - echo "$as_me:16298: result: yes" >&5 + echo "$as_me:16308: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define HAS_SHADOW_EXPIRE 1 EOF else - echo "$as_me:16305: result: no" >&5 + echo "$as_me:16315: result: no" >&5 echo "${ECHO_T}no" >&6 fi fi @@ -16339,13 +16349,13 @@ else -echo "$as_me:16342: checking for \"/etc/default/login\"" >&5 +echo "$as_me:16352: checking for \"/etc/default/login\"" >&5 echo $ECHO_N "checking for \"/etc/default/login\"... $ECHO_C" >&6 if test "${ac_cv_file___etc_default_login_+set}" = set; then echo $ECHO_N "(cached) $ECHO_C" >&6 else test "$cross_compiling" = yes && - { { echo "$as_me:16348: error: cannot check for file existence when cross compiling" >&5 + { { echo "$as_me:16358: error: cannot check for file existence when cross compiling" >&5 echo "$as_me: error: cannot check for file existence when cross compiling" >&2;} { (exit 1); exit 1; }; } if test -r ""/etc/default/login""; then @@ -16354,7 +16364,7 @@ ac_cv_file___etc_default_login_=no fi fi -echo "$as_me:16357: result: $ac_cv_file___etc_default_login_" >&5 +echo "$as_me:16367: result: $ac_cv_file___etc_default_login_" >&5 echo "${ECHO_T}$ac_cv_file___etc_default_login_" >&6 if test $ac_cv_file___etc_default_login_ = yes; then external_path_file=/etc/default/login @@ -16382,7 +16392,7 @@ withval="$with_default_path" if test "x$external_path_file" = "x/etc/login.conf" ; then - { echo "$as_me:16385: WARNING: + { echo "$as_me:16395: WARNING: --with-default-path=PATH has no effect on this system. Edit /etc/login.conf instead." >&5 echo "$as_me: WARNING: @@ -16390,7 +16400,7 @@ Edit /etc/login.conf instead." >&2;} elif test "x$withval" != "xno" ; then if test ! -z "$external_path_file" ; then - { echo "$as_me:16393: WARNING: + { echo "$as_me:16403: WARNING: --with-default-path=PATH will only be used if PATH is not defined in $external_path_file ." >&5 echo "$as_me: WARNING: @@ -16403,11 +16413,11 @@ else if test "x$external_path_file" = "x/etc/login.conf" ; then - { echo "$as_me:16406: WARNING: Make sure the path to scp is in /etc/login.conf" >&5 + { echo "$as_me:16416: WARNING: Make sure the path to scp is in /etc/login.conf" >&5 echo "$as_me: WARNING: Make sure the path to scp is in /etc/login.conf" >&2;} else if test ! -z "$external_path_file" ; then - { echo "$as_me:16410: WARNING: + { echo "$as_me:16420: WARNING: If PATH is defined in $external_path_file, ensure the path to scp is included, otherwise scp will not work." >&5 echo "$as_me: WARNING: @@ -16419,7 +16429,7 @@ else cat >conftest.$ac_ext <<_ACEOF -#line 16422 "configure" +#line 16432 "configure" #include "confdefs.h" /* find out what STDPATH is */ @@ -16456,15 +16466,15 @@ _ACEOF rm -f conftest$ac_exeext -if { (eval echo "$as_me:16459: \"$ac_link\"") >&5 +if { (eval echo "$as_me:16469: \"$ac_link\"") >&5 (eval $ac_link) 2>&5 ac_status=$? - echo "$as_me:16462: \$? = $ac_status" >&5 + echo "$as_me:16472: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (eval echo "$as_me:16464: \"$ac_try\"") >&5 + { (eval echo "$as_me:16474: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:16467: \$? = $ac_status" >&5 + echo "$as_me:16477: \$? = $ac_status" >&5 (exit $ac_status); }; }; then user_path=`cat conftest.stdpath` else @@ -16488,7 +16498,7 @@ echo $user_path | grep "^$t_bindir" > /dev/null 2>&1 if test $? -ne 0 ; then user_path=$user_path:$t_bindir - echo "$as_me:16491: result: Adding $t_bindir to USER_PATH so scp will work" >&5 + echo "$as_me:16501: result: Adding $t_bindir to USER_PATH so scp will work" >&5 echo "${ECHO_T}Adding $t_bindir to USER_PATH so scp will work" >&6 fi fi @@ -16518,7 +16528,7 @@ fi; -echo "$as_me:16521: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5 +echo "$as_me:16531: checking if we need to convert IPv4 in IPv6-mapped addresses" >&5 echo $ECHO_N "checking if we need to convert IPv4 in IPv6-mapped addresses... $ECHO_C" >&6 IPV4_IN6_HACK_MSG="no" @@ -16527,7 +16537,7 @@ withval="$with_4in6" if test "x$withval" != "xno" ; then - echo "$as_me:16530: result: yes" >&5 + echo "$as_me:16540: result: yes" >&5 echo "${ECHO_T}yes" >&6 cat >>confdefs.h <<\EOF #define IPV4_IN_IPV6 1 @@ -16535,14 +16545,14 @@ IPV4_IN6_HACK_MSG="yes" else - echo "$as_me:16538: result: no" >&5 + echo "$as_me:16548: result: no" >&5 echo "${ECHO_T}no" >&6 fi else if test "x$inet6_default_4in6" = "xyes"; then - echo "$as_me:16545: result: yes (default)" >&5 + echo "$as_me:16555: result: yes (default)" >&5 echo "${ECHO_T}yes (default)" >&6 cat >>confdefs.h <<\EOF #define IPV4_IN_IPV6 1 @@ -16550,7 +16560,7 @@ IPV4_IN6_HACK_MSG="yes" else - echo "$as_me:16553: result: no (default)" >&5 + echo "$as_me:16563: result: no (default)" >&5 echo "${ECHO_T}no (default)" >&6 fi @@ -16573,6 +16583,108 @@ fi; +# Where to place ssh CA root +sshcadir='${sysconfdir}/ca' +sshcadir=`eval echo ${sshcadir}` +sshcadir=`eval echo ${sshcadir}` +case $sshcadir in + NONE/*) sshcadir=`echo $sshcadir | sed "s~NONE~$ac_default_prefix~"` ;; +esac + +# Check whether --with-sshca-dir or --without-sshca-dir was given. +if test "${with_sshca_dir+set}" = set; then + withval="$with_sshca_dir" + + if test "x$withval" != "xno" ; then + sshcadir=$withval + fi + +fi; + +cat >>confdefs.h <>confdefs.h <&5 +echo $ECHO_N "checking for Email in X.509 'Distinguished Name'... $ECHO_C" >&6 + if test "$cross_compiling" = yes; then + { { echo "$as_me:16632: error: cannot run test program while cross compiling" >&5 +echo "$as_me: error: cannot run test program while cross compiling" >&2;} + { (exit 1); exit 1; }; } +else + cat >conftest.$ac_ext <<_ACEOF +#line 16637 "configure" +#include "confdefs.h" + +#include + +int main(void) { + int nid; + nid = OBJ_txt2nid("Email"); + if (nid == NID_undef) + exit (1); + exit (0); + return (0); +} + +_ACEOF +rm -f conftest$ac_exeext +if { (eval echo "$as_me:16653: \"$ac_link\"") >&5 + (eval $ac_link) 2>&5 + ac_status=$? + echo "$as_me:16656: \$? = $ac_status" >&5 + (exit $ac_status); } && { ac_try='./conftest$ac_exeext' + { (eval echo "$as_me:16658: \"$ac_try\"") >&5 + (eval $ac_try) 2>&5 + ac_status=$? + echo "$as_me:16661: \$? = $ac_status" >&5 + (exit $ac_status); }; }; then + + echo "$as_me:16664: result: yes" >&5 +echo "${ECHO_T}yes" >&6 + +else + echo "$as_me: program exited with status $ac_status" >&5 +echo "$as_me: failed program was:" >&5 +cat conftest.$ac_ext >&5 + + echo "$as_me:16672: result: no" >&5 +echo "${ECHO_T}no" >&6 + ssh_x509dn_email="no" + +fi +rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext +fi +fi +if test "x$ssh_x509dn_email" = "xno"; then + +cat >>confdefs.h <&5 + { echo "$as_me:16705: WARNING: ** no $piddir directory on this system **" >&5 echo "$as_me: WARNING: ** no $piddir directory on this system **" >&2;} fi fi @@ -16713,10 +16825,10 @@ fi; -echo "$as_me:16716: checking if your system defines LASTLOG_FILE" >&5 +echo "$as_me:16828: checking if your system defines LASTLOG_FILE" >&5 echo $ECHO_N "checking if your system defines LASTLOG_FILE... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 16719 "configure" +#line 16831 "configure" #include "confdefs.h" #include @@ -16740,29 +16852,29 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:16743: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:16855: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:16746: \$? = $ac_status" >&5 + echo "$as_me:16858: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:16749: \"$ac_try\"") >&5 + { (eval echo "$as_me:16861: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:16752: \$? = $ac_status" >&5 + echo "$as_me:16864: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:16754: result: yes" >&5 + echo "$as_me:16866: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:16760: result: no" >&5 + echo "$as_me:16872: result: no" >&5 echo "${ECHO_T}no" >&6 - echo "$as_me:16762: checking if your system defines _PATH_LASTLOG" >&5 + echo "$as_me:16874: checking if your system defines _PATH_LASTLOG" >&5 echo $ECHO_N "checking if your system defines _PATH_LASTLOG... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 16765 "configure" +#line 16877 "configure" #include "confdefs.h" #include @@ -16783,24 +16895,24 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:16786: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:16898: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:16789: \$? = $ac_status" >&5 + echo "$as_me:16901: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:16792: \"$ac_try\"") >&5 + { (eval echo "$as_me:16904: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:16795: \$? = $ac_status" >&5 + echo "$as_me:16907: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:16797: result: yes" >&5 + echo "$as_me:16909: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:16803: result: no" >&5 + echo "$as_me:16915: result: no" >&5 echo "${ECHO_T}no" >&6 system_lastlog_path=no @@ -16818,7 +16930,7 @@ fi done if test -z "$conf_lastlog_location"; then - { echo "$as_me:16821: WARNING: ** Cannot find lastlog **" >&5 + { echo "$as_me:16933: WARNING: ** Cannot find lastlog **" >&5 echo "$as_me: WARNING: ** Cannot find lastlog **" >&2;} fi fi @@ -16831,10 +16943,10 @@ fi -echo "$as_me:16834: checking if your system defines UTMP_FILE" >&5 +echo "$as_me:16946: checking if your system defines UTMP_FILE" >&5 echo $ECHO_N "checking if your system defines UTMP_FILE... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 16837 "configure" +#line 16949 "configure" #include "confdefs.h" #include @@ -16852,23 +16964,23 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:16855: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:16967: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:16858: \$? = $ac_status" >&5 + echo "$as_me:16970: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:16861: \"$ac_try\"") >&5 + { (eval echo "$as_me:16973: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:16864: \$? = $ac_status" >&5 + echo "$as_me:16976: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:16866: result: yes" >&5 + echo "$as_me:16978: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:16871: result: no" >&5 + echo "$as_me:16983: result: no" >&5 echo "${ECHO_T}no" >&6 system_utmp_path=no @@ -16896,10 +17008,10 @@ fi -echo "$as_me:16899: checking if your system defines WTMP_FILE" >&5 +echo "$as_me:17011: checking if your system defines WTMP_FILE" >&5 echo $ECHO_N "checking if your system defines WTMP_FILE... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 16902 "configure" +#line 17014 "configure" #include "confdefs.h" #include @@ -16917,23 +17029,23 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:16920: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:17032: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:16923: \$? = $ac_status" >&5 + echo "$as_me:17035: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:16926: \"$ac_try\"") >&5 + { (eval echo "$as_me:17038: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:16929: \$? = $ac_status" >&5 + echo "$as_me:17041: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:16931: result: yes" >&5 + echo "$as_me:17043: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:16936: result: no" >&5 + echo "$as_me:17048: result: no" >&5 echo "${ECHO_T}no" >&6 system_wtmp_path=no @@ -16961,10 +17073,10 @@ fi -echo "$as_me:16964: checking if your system defines UTMPX_FILE" >&5 +echo "$as_me:17076: checking if your system defines UTMPX_FILE" >&5 echo $ECHO_N "checking if your system defines UTMPX_FILE... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 16967 "configure" +#line 17079 "configure" #include "confdefs.h" #include @@ -16985,23 +17097,23 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:16988: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:17100: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:16991: \$? = $ac_status" >&5 + echo "$as_me:17103: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:16994: \"$ac_try\"") >&5 + { (eval echo "$as_me:17106: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:16997: \$? = $ac_status" >&5 + echo "$as_me:17109: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:16999: result: yes" >&5 + echo "$as_me:17111: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:17004: result: no" >&5 + echo "$as_me:17116: result: no" >&5 echo "${ECHO_T}no" >&6 system_utmpx_path=no @@ -17021,10 +17133,10 @@ fi -echo "$as_me:17024: checking if your system defines WTMPX_FILE" >&5 +echo "$as_me:17136: checking if your system defines WTMPX_FILE" >&5 echo $ECHO_N "checking if your system defines WTMPX_FILE... $ECHO_C" >&6 cat >conftest.$ac_ext <<_ACEOF -#line 17027 "configure" +#line 17139 "configure" #include "confdefs.h" #include @@ -17045,23 +17157,23 @@ } _ACEOF rm -f conftest.$ac_objext -if { (eval echo "$as_me:17048: \"$ac_compile\"") >&5 +if { (eval echo "$as_me:17160: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? - echo "$as_me:17051: \$? = $ac_status" >&5 + echo "$as_me:17163: \$? = $ac_status" >&5 (exit $ac_status); } && { ac_try='test -s conftest.$ac_objext' - { (eval echo "$as_me:17054: \"$ac_try\"") >&5 + { (eval echo "$as_me:17166: \"$ac_try\"") >&5 (eval $ac_try) 2>&5 ac_status=$? - echo "$as_me:17057: \$? = $ac_status" >&5 + echo "$as_me:17169: \$? = $ac_status" >&5 (exit $ac_status); }; }; then - echo "$as_me:17059: result: yes" >&5 + echo "$as_me:17171: result: yes" >&5 echo "${ECHO_T}yes" >&6 else echo "$as_me: failed program was:" >&5 cat conftest.$ac_ext >&5 - echo "$as_me:17064: result: no" >&5 + echo "$as_me:17176: result: no" >&5 echo "${ECHO_T}no" >&6 system_wtmpx_path=no @@ -17083,7 +17195,7 @@ if test ! -z "$blibpath" ; then LDFLAGS="$LDFLAGS $blibflags$blibpath" - { echo "$as_me:17086: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 + { echo "$as_me:17198: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&5 echo "$as_me: WARNING: Please check and edit blibpath in LDFLAGS in Makefile" >&2;} fi @@ -17094,7 +17206,7 @@ LIBS=`echo $LIBS | sed 's/-ldl //'` fi -ac_config_files="$ac_config_files Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds" +ac_config_files="$ac_config_files Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds tests/CA/Makefile" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure @@ -17175,7 +17287,7 @@ : ${CONFIG_STATUS=./config.status} ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" -{ echo "$as_me:17178: creating $CONFIG_STATUS" >&5 +{ echo "$as_me:17290: creating $CONFIG_STATUS" >&5 echo "$as_me: creating $CONFIG_STATUS" >&6;} cat >$CONFIG_STATUS <<_ACEOF #! $SHELL @@ -17348,7 +17460,7 @@ echo "$ac_cs_version"; exit 0 ;; --he | --h) # Conflict between --help and --header - { { echo "$as_me:17351: error: ambiguous option: $1 + { { echo "$as_me:17463: error: ambiguous option: $1 Try \`$0 --help' for more information." >&5 echo "$as_me: error: ambiguous option: $1 Try \`$0 --help' for more information." >&2;} @@ -17367,7 +17479,7 @@ ac_need_defaults=false;; # This is an error. - -*) { { echo "$as_me:17370: error: unrecognized option: $1 + -*) { { echo "$as_me:17482: error: unrecognized option: $1 Try \`$0 --help' for more information." >&5 echo "$as_me: error: unrecognized option: $1 Try \`$0 --help' for more information." >&2;} @@ -17406,8 +17518,9 @@ "openbsd-compat/Makefile" ) CONFIG_FILES="$CONFIG_FILES openbsd-compat/Makefile" ;; "scard/Makefile" ) CONFIG_FILES="$CONFIG_FILES scard/Makefile" ;; "ssh_prng_cmds" ) CONFIG_FILES="$CONFIG_FILES ssh_prng_cmds" ;; + "tests/CA/Makefile" ) CONFIG_FILES="$CONFIG_FILES tests/CA/Makefile" ;; "config.h" ) CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; - *) { { echo "$as_me:17410: error: invalid argument: $ac_config_target" >&5 + *) { { echo "$as_me:17523: error: invalid argument: $ac_config_target" >&5 echo "$as_me: error: invalid argument: $ac_config_target" >&2;} { (exit 1); exit 1; }; };; esac @@ -17549,6 +17662,7 @@ s,@MANTYPE@,$MANTYPE,;t t s,@mansubdir@,$mansubdir,;t t s,@user_path@,$user_path,;t t +s,@sshcadir@,$sshcadir,;t t s,@piddir@,$piddir,;t t CEOF @@ -17664,7 +17778,7 @@ esac if test x"$ac_file" != x-; then - { echo "$as_me:17667: creating $ac_file" >&5 + { echo "$as_me:17781: creating $ac_file" >&5 echo "$as_me: creating $ac_file" >&6;} rm -f "$ac_file" fi @@ -17682,7 +17796,7 @@ -) echo $tmp/stdin ;; [\\/$]*) # Absolute (can't be DOS-style, as IFS=:) - test -f "$f" || { { echo "$as_me:17685: error: cannot find input file: $f" >&5 + test -f "$f" || { { echo "$as_me:17799: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } echo $f;; @@ -17695,7 +17809,7 @@ echo $srcdir/$f else # /dev/null tree - { { echo "$as_me:17698: error: cannot find input file: $f" >&5 + { { echo "$as_me:17812: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } fi;; @@ -17756,7 +17870,7 @@ * ) ac_file_in=$ac_file.in ;; esac - test x"$ac_file" != x- && { echo "$as_me:17759: creating $ac_file" >&5 + test x"$ac_file" != x- && { echo "$as_me:17873: creating $ac_file" >&5 echo "$as_me: creating $ac_file" >&6;} # First look for the input files in the build tree, otherwise in the @@ -17767,7 +17881,7 @@ -) echo $tmp/stdin ;; [\\/$]*) # Absolute (can't be DOS-style, as IFS=:) - test -f "$f" || { { echo "$as_me:17770: error: cannot find input file: $f" >&5 + test -f "$f" || { { echo "$as_me:17884: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } echo $f;; @@ -17780,7 +17894,7 @@ echo $srcdir/$f else # /dev/null tree - { { echo "$as_me:17783: error: cannot find input file: $f" >&5 + { { echo "$as_me:17897: error: cannot find input file: $f" >&5 echo "$as_me: error: cannot find input file: $f" >&2;} { (exit 1); exit 1; }; } fi;; @@ -17897,7 +18011,7 @@ rm -f $tmp/in if test x"$ac_file" != x-; then if cmp -s $ac_file $tmp/config.h 2>/dev/null; then - { echo "$as_me:17900: $ac_file is unchanged" >&5 + { echo "$as_me:18014: $ac_file is unchanged" >&5 echo "$as_me: $ac_file is unchanged" >&6;} else ac_dir=`$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ @@ -17983,6 +18097,7 @@ echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" +echo " CA root: $sshcadir" echo " Askpass program: $E" echo " Manual pages: $F" echo " PID file: $G" @@ -18007,6 +18122,7 @@ echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" +echo " X.509 store support: $ssh_x509store" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" diff -ruN openssh-3.8p1/configure.ac openssh-3.8p1+x509g3/configure.ac --- openssh-3.8p1/configure.ac 2004-02-24 07:47:04.000000000 +0200 +++ openssh-3.8p1+x509g3/configure.ac 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.202 2004/02/24 05:47:04 tim Exp $ +# $Id$ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -230,7 +230,12 @@ check_for_openpty_ctty_bug=1 AC_DEFINE(DONT_TRY_OTHER_AF) AC_DEFINE(PAM_TTY_KLUDGE) - AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!") + case "$host" in + *-slackware-*) + AC_DEFINE(LOCKED_PASSWD_PREFIX, "!");; + *) + AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!");; + esac AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) inet6_default_4in6=yes case `uname -r` in @@ -2479,6 +2484,75 @@ ] ) +# Where to place ssh CA root +sshcadir='${sysconfdir}/ca' +sshcadir=`eval echo ${sshcadir}` +sshcadir=`eval echo ${sshcadir}` +case $sshcadir in + NONE/*) sshcadir=`echo $sshcadir | sed "s~NONE~$ac_default_prefix~"` ;; +esac + +AC_ARG_WITH(sshca-dir, + [ --with-sshca-dir=PATH Specify location of ssh CA root], + [ + if test "x$withval" != "xno" ; then + sshcadir=$withval + fi + ] +) + +AC_DEFINE_UNQUOTED(SSHCADIR, "$sshcadir", [Specify location of ssh CA root]) +AC_SUBST(sshcadir) + + +ssh_x509store="yes" +AC_ARG_ENABLE(x509store, + [ --disable-x509store Disable X.509 store], + [ + if test "x$enableval" = "xno"; then + ssh_x509store="no" + fi + ] +) +if test "x$ssh_x509store" = "xno"; then + AC_DEFINE_UNQUOTED( + SSH_X509STORE_DISABLED, 1, + [Define if you don't want to verify certificates]) +fi + + +ssh_x509dn_email="yes" +if test "x$ssh_x509store" = "xyes"; then + # Check for Email in X.509 'Distinguished Name' + AC_MSG_CHECKING([for Email in X.509 'Distinguished Name']) + AC_TRY_RUN( + [ +#include + +int main(void) { + int nid; + nid = OBJ_txt2nid("Email"); + if (nid == NID_undef) + exit (1); + exit (0); + return (0); +} + ], + [ + AC_MSG_RESULT(yes) + ], + [ + AC_MSG_RESULT(no) + ssh_x509dn_email="no" + ] +) +fi +if test "x$ssh_x509dn_email" = "xno"; then + AC_DEFINE_UNQUOTED( + SSH_OPENSSL_DN_WITHOUT_EMAIL, 1, + [Define if your openssl library don't support Email in X.509 'Distinguished Name']) +fi + # Where to place sshd.pid piddir=/var/run # make sure the directory exists @@ -2771,7 +2845,7 @@ fi AC_EXEEXT -AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds]) +AC_CONFIG_FILES([Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds tests/CA/Makefile]) AC_OUTPUT # Print summary of options @@ -2793,6 +2867,7 @@ echo " User binaries: $B" echo " System binaries: $C" echo " Configuration files: $D" +echo " CA root: $sshcadir" echo " Askpass program: $E" echo " Manual pages: $F" echo " PID file: $G" @@ -2817,6 +2892,7 @@ echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" +echo " X.509 store support: $ssh_x509store" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" diff -ruN openssh-3.8p1/hostfile.c openssh-3.8p1+x509g3/hostfile.c --- openssh-3.8p1/hostfile.c 2003-11-17 12:18:23.000000000 +0200 +++ openssh-3.8p1+x509g3/hostfile.c 2004-02-25 09:06:01.000000000 +0200 @@ -13,6 +13,8 @@ * * Copyright (c) 1999, 2000 Markus Friedl. All rights reserved. * Copyright (c) 1999 Niels Provos. All rights reserved. + * X509 certificates support, + * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -36,13 +38,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: hostfile.c,v 1.32 2003/11/10 16:23:41 jakob Exp $"); +RCSID("$OpenBSD$"); #include "packet.h" #include "match.h" #include "key.h" #include "hostfile.h" #include "log.h" +#include "ssh-x509.h" /* * Parses an RSA (number of bits, e, n) or DSA key from a string. Moves the @@ -221,7 +224,17 @@ if (!f) return 0; fprintf(f, "%s ", host); - if (key_write(key, f)) { +#ifndef SSH_X509STORE_DISABLED + if ((key->type == KEY_X509_RSA) || (key->type == KEY_X509_DSA)) { + /* key_write will print x509 certificate in blob format :-( */ + success = x509key_write_subject(key, f); + } else { +#endif /*ndef SSH_X509STORE_DISABLED*/ + success = key_write(key, f); +#ifndef SSH_X509STORE_DISABLED + } +#endif /*ndef SSH_X509STORE_DISABLED*/ + if (success) { success = 1; } else { error("add_host_to_hostfile: saving key in %s failed", filename); diff -ruN openssh-3.8p1/INSTALL openssh-3.8p1+x509g3/INSTALL --- openssh-3.8p1/INSTALL 2003-11-21 14:48:55.000000000 +0200 +++ openssh-3.8p1+x509g3/INSTALL 2004-02-25 09:06:00.000000000 +0200 @@ -56,6 +56,9 @@ installed. No other current S/Key library is currently known to be supported. +X.509 certificate support: +http://roumenpetrov.info/openssh + 2. Building / Installation -------------------------- @@ -160,6 +163,15 @@ --with-sectok=DIR allows for OpenSC or sectok smartcard libraries to be used with OpenSSH. See 'README.smartcard' for more details. +--with-sshca-dir=PATH allows you to specify location of ssh CA root +used by ssh "x509 store" to verify certificates. + +--disable-x509store allows you to disable ssh "x509 store". In that +case ssh don't verify certificates. Format "Distinguished Name" for a +certificate in ssh files is disabled too. In that case ssh accept only +blob format of certificate in files (aka format of pub files). +See 'README.x509v3' for more details. + If you need to pass special options to the compiler or linker, you can specify these as environment variables before running ./configure. For example: @@ -200,4 +212,4 @@ http://www.openssh.com/ -$Id: INSTALL,v 1.63 2003/11/21 12:48:55 djm Exp $ +$Id$ diff -ruN openssh-3.8p1/key.c openssh-3.8p1+x509g3/key.c --- openssh-3.8p1/key.c 2003-11-17 12:18:23.000000000 +0200 +++ openssh-3.8p1+x509g3/key.c 2004-02-25 09:06:01.000000000 +0200 @@ -10,6 +10,8 @@ * * * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * X509 certificates support, + * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -32,13 +34,14 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: key.c,v 1.55 2003/11/10 16:23:41 jakob Exp $"); +RCSID("$OpenBSD$"); #include #include "xmalloc.h" #include "key.h" #include "rsa.h" +#include "ssh-x509.h" #include "uuencode.h" #include "buffer.h" #include "bufaux.h" @@ -55,9 +58,11 @@ k->flags = 0; k->dsa = NULL; k->rsa = NULL; + k->x509 = NULL; switch (k->type) { case KEY_RSA1: case KEY_RSA: + case KEY_X509_RSA: if ((rsa = RSA_new()) == NULL) fatal("key_new: RSA_new failed"); if ((rsa->n = BN_new()) == NULL) @@ -65,8 +70,13 @@ if ((rsa->e = BN_new()) == NULL) fatal("key_new: BN_new failed"); k->rsa = rsa; + if (k->type == KEY_X509_RSA) { + if ((k->x509 = X509_new()) == NULL) + fatal("key_new: X509_new failed"); + } break; case KEY_DSA: + case KEY_X509_DSA: if ((dsa = DSA_new()) == NULL) fatal("key_new: DSA_new failed"); if ((dsa->p = BN_new()) == NULL) @@ -78,6 +88,10 @@ if ((dsa->pub_key = BN_new()) == NULL) fatal("key_new: BN_new failed"); k->dsa = dsa; + if (k->type == KEY_X509_DSA) { + if ((k->x509 = X509_new()) == NULL) + fatal("key_new: X509_new failed"); + } break; case KEY_UNSPEC: break; @@ -95,6 +109,7 @@ switch (k->type) { case KEY_RSA1: case KEY_RSA: + case KEY_X509_RSA: if ((k->rsa->d = BN_new()) == NULL) fatal("key_new_private: BN_new failed"); if ((k->rsa->iqmp = BN_new()) == NULL) @@ -107,10 +122,25 @@ fatal("key_new_private: BN_new failed"); if ((k->rsa->dmp1 = BN_new()) == NULL) fatal("key_new_private: BN_new failed"); + if (k->type == KEY_X509_RSA) { + debug3("key_new_private: X509(rsa) MORE ...?"); + /* + if ((k->x509 = X509_new()) == NULL) + fatal("key_new: X509_new failed"); + */ + } break; case KEY_DSA: + case KEY_X509_DSA: if ((k->dsa->priv_key = BN_new()) == NULL) fatal("key_new_private: BN_new failed"); + if (k->type == KEY_X509_DSA) { + debug3("key_new_private: X509(dsa) MORE ...?"); + /* + if ((k->x509 = X509_new()) == NULL) + fatal("key_new: X509_new failed"); + */ + } break; case KEY_UNSPEC: break; @@ -135,6 +165,21 @@ DSA_free(k->dsa); k->dsa = NULL; break; + case KEY_X509_RSA: + case KEY_X509_DSA: + if (k->dsa != NULL) { + DSA_free(k->dsa); + k->dsa = NULL; + } + if (k->rsa != NULL) { + RSA_free(k->rsa); + k->rsa = NULL; + } + if (k->x509 != NULL) { + X509_free(k->x509); + k->x509 = NULL; + } + break; case KEY_UNSPEC: break; default: @@ -152,17 +197,29 @@ switch (a->type) { case KEY_RSA1: case KEY_RSA: +#ifdef SSH_X509STORE_DISABLED + case KEY_X509_RSA: +#endif return a->rsa != NULL && b->rsa != NULL && BN_cmp(a->rsa->e, b->rsa->e) == 0 && BN_cmp(a->rsa->n, b->rsa->n) == 0; break; case KEY_DSA: +#ifdef SSH_X509STORE_DISABLED + case KEY_X509_DSA: +#endif return a->dsa != NULL && b->dsa != NULL && BN_cmp(a->dsa->p, b->dsa->p) == 0 && BN_cmp(a->dsa->q, b->dsa->q) == 0 && BN_cmp(a->dsa->g, b->dsa->g) == 0 && BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; break; +#ifndef SSH_X509STORE_DISABLED + case KEY_X509_RSA: + case KEY_X509_DSA: + return ssh_x509_equal(a, b) == 0; + break; +#endif /*ndef SSH_X509STORE_DISABLED*/ default: fatal("key_equal: bad key type %d", a->type); break; @@ -205,6 +262,8 @@ break; case KEY_DSA: case KEY_RSA: + case KEY_X509_RSA: + case KEY_X509_DSA: key_to_blob(k, &blob, &len); break; case KEY_UNSPEC: @@ -410,6 +469,8 @@ case KEY_UNSPEC: case KEY_RSA: case KEY_DSA: + case KEY_X509_RSA: + case KEY_X509_DSA: space = strchr(cp, ' '); if (space == NULL) { debug3("key_read: missing whitespace"); @@ -434,6 +495,11 @@ debug3("key_read: type mismatch"); return -1; } +#ifndef SSH_X509STORE_DISABLED + k = x509key_from_subject(type, cp); + if(k != NULL) + goto noblob; +#endif /*ndef SSH_X509STORE_DISABLED*/ len = 2*strlen(cp); blob = xmalloc(len); n = uudecode(cp, blob, len); @@ -453,7 +519,30 @@ key_free(k); return -1; } +noblob: /*XXXX*/ + if (ret->type == KEY_X509_RSA || + ret->type == KEY_X509_DSA ) { + if (ret->rsa != NULL) + RSA_free(ret->rsa); + ret->rsa = k->rsa; + k->rsa = NULL; + if (ret->dsa != NULL) + DSA_free(ret->dsa); + ret->dsa = k->dsa; + k->dsa = NULL; + if (ret->x509 != NULL) + X509_free(ret->x509); + ret->x509 = k->x509; + k->x509 = NULL; +#ifdef DEBUG_PK + if (ret->type == KEY_X509_RSA) + RSA_print_fp(stderr, ret->rsa, 8); + else + DSA_print_fp(stderr, ret->dsa, 8); +#endif + success = 1; + } else if (ret->type == KEY_RSA) { if (ret->rsa != NULL) RSA_free(ret->rsa); @@ -520,6 +609,8 @@ } xfree(blob); xfree(uu); + } else if ( (key->type == KEY_X509_RSA) || (key->type == KEY_X509_DSA) ) { + success = x509key_write(key, f); } return success; } @@ -537,6 +628,14 @@ case KEY_DSA: return "DSA"; break; + case KEY_X509_RSA: + if(k->rsa) return "RSA+cert"; + return "X509(rsa)"; + break; + case KEY_X509_DSA: + if(k->dsa) return "DSA+cert"; + return "X509(dsa)"; + break; } return "unknown"; } @@ -551,6 +650,12 @@ case KEY_DSA: return "ssh-dss"; break; + case KEY_X509_RSA: + return "x509v3-sign-rsa"; + break; + case KEY_X509_DSA: + return "x509v3-sign-dss"; + break; } return "ssh-unknown"; } @@ -566,6 +671,10 @@ case KEY_DSA: return BN_num_bits(k->dsa->p); break; + case KEY_X509_RSA: + case KEY_X509_DSA: + return ssh_x509_key_size(k); + break; } return 0; } @@ -640,6 +749,7 @@ int key_type_from_name(char *name) { + debug3("call key_type_from_name(%.200s) ...", name); if (strcmp(name, "rsa1") == 0) { return KEY_RSA1; } else if (strcmp(name, "rsa") == 0) { @@ -650,6 +760,10 @@ return KEY_RSA; } else if (strcmp(name, "ssh-dss") == 0) { return KEY_DSA; + } else if (strcmp(name, "x509v3-sign-rsa") == 0) { + return KEY_X509_RSA; + } else if (strcmp(name, "x509v3-sign-dss") == 0) { + return KEY_X509_DSA; } debug2("key_type_from_name: unknown key type '%s'", name); return KEY_UNSPEC; @@ -684,14 +798,19 @@ char *ktype; int rlen, type; Key *key = NULL; + debug3("key_from_blob(..., %d)", blen); #ifdef DEBUG_PK dump_base64(stderr, blob, blen); #endif + if ((key = x509key_from_blob(blob, blen)) != NULL) { + return key; + } buffer_init(&b); buffer_append(&b, blob, blen); ktype = buffer_get_string(&b, NULL); type = key_type_from_name(ktype); + debug3("key_from_blob(..., ...) ktype=%.30s", ktype); switch (type) { case KEY_RSA: @@ -751,6 +870,11 @@ buffer_put_bignum2(&b, key->rsa->e); buffer_put_bignum2(&b, key->rsa->n); break; + case KEY_X509_RSA: + case KEY_X509_DSA: + if (!x509key_to_blob(key, &b)) + return 0; + break; default: error("key_to_blob: unsupported key type %d", key->type); buffer_free(&b); @@ -781,6 +905,10 @@ case KEY_RSA: return ssh_rsa_sign(key, sigp, lenp, data, datalen); break; + case KEY_X509_RSA: + case KEY_X509_DSA: + return ssh_x509_sign(key, sigp, lenp, data, datalen); + break; default: error("key_sign: illegal key type %d", key->type); return -1; @@ -808,6 +936,10 @@ case KEY_RSA: return ssh_rsa_verify(key, signature, signaturelen, data, datalen); break; + case KEY_X509_RSA: + case KEY_X509_DSA: + return ssh_x509_verify(key, signature, signaturelen, data, datalen); + break; default: error("key_verify: illegal key type %d", key->type); return -1; @@ -830,6 +962,7 @@ switch (k->type) { case KEY_RSA1: case KEY_RSA: + case KEY_X509_RSA: if ((pk->rsa = RSA_new()) == NULL) fatal("key_demote: RSA_new failed"); if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) @@ -838,6 +971,7 @@ fatal("key_demote: BN_dup failed"); break; case KEY_DSA: + case KEY_X509_DSA: if ((pk->dsa = DSA_new()) == NULL) fatal("key_demote: DSA_new failed"); if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) @@ -850,9 +984,19 @@ fatal("key_demote: BN_dup failed"); break; default: - fatal("key_free: bad key type %d", k->type); + fatal("key_demote: bad key type %d", k->type); break; } + switch (k->type) { + case KEY_X509_RSA: + case KEY_X509_DSA: + if(k->x509) { + if ((pk->x509 = X509_dup(k->x509)) == NULL) + fatal("key_demote: X509_dup failed"); + } else + fatal("key_demote: no X509 data"); + break; + } return (pk); } diff -ruN openssh-3.8p1/key.h openssh-3.8p1+x509g3/key.h --- openssh-3.8p1/key.h 2003-11-17 12:18:23.000000000 +0200 +++ openssh-3.8p1+x509g3/key.h 2004-02-25 09:06:00.000000000 +0200 @@ -1,7 +1,9 @@ -/* $OpenBSD: key.h,v 1.23 2003/11/10 16:23:41 jakob Exp $ */ +/* $OpenBSD$ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * X509 certificates support, + * Copyright (c) 2002 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -28,12 +30,15 @@ #include #include +#include typedef struct Key Key; enum types { KEY_RSA1, KEY_RSA, KEY_DSA, + KEY_X509_RSA, + KEY_X509_DSA, KEY_UNSPEC }; enum fp_type { @@ -53,6 +58,7 @@ int flags; RSA *rsa; DSA *dsa; + X509 *x509; }; Key *key_new(int); diff -ruN openssh-3.8p1/LICENCE openssh-3.8p1+x509g3/LICENCE --- openssh-3.8p1/LICENCE 2004-02-10 04:01:14.000000000 +0200 +++ openssh-3.8p1+x509g3/LICENCE 2004-02-25 09:06:00.000000000 +0200 @@ -181,6 +181,7 @@ Per Allansson Nils Nordman Simon Wilkinson + Roumen Petrov Portable OpenSSH additionally includes code from the following copyright holders, also under the 2-term BSD license: diff -ruN openssh-3.8p1/log.c openssh-3.8p1+x509g3/log.c --- openssh-3.8p1/log.c 2004-02-18 13:59:43.000000000 +0200 +++ openssh-3.8p1+x509g3/log.c 2004-02-25 09:06:01.000000000 +0200 @@ -34,7 +34,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: log.c,v 1.29 2003/09/23 20:17:11 markus Exp $"); +RCSID("$OpenBSD$"); #include "log.h" #include "xmalloc.h" @@ -260,6 +260,11 @@ } } +LogLevel +get_log_level(void) { + return log_level; +} + #define MSGBUFSIZ 1024 void diff -ruN openssh-3.8p1/log.h openssh-3.8p1+x509g3/log.h --- openssh-3.8p1/log.h 2003-10-02 09:12:37.000000000 +0300 +++ openssh-3.8p1+x509g3/log.h 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: log.h,v 1.10 2003/09/23 20:17:11 markus Exp $ */ +/* $OpenBSD$ */ /* * Author: Tatu Ylonen @@ -49,6 +49,7 @@ } LogLevel; void log_init(char *, LogLevel, SyslogFacility, int); +LogLevel get_log_level(void); SyslogFacility log_facility_number(char *); LogLevel log_level_number(char *); diff -ruN openssh-3.8p1/Makefile.in openssh-3.8p1+x509g3/Makefile.in --- openssh-3.8p1/Makefile.in 2004-02-18 05:35:11.000000000 +0200 +++ openssh-3.8p1+x509g3/Makefile.in 2004-02-25 09:06:01.000000000 +0200 @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.257 2004/02/18 03:35:11 djm Exp $ +# $Id$ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -14,6 +14,7 @@ mandir=@mandir@ mansubdir=@mansubdir@ sysconfdir=@sysconfdir@ +sshcadir=@sshcadir@ piddir=@piddir@ srcdir=@srcdir@ top_srcdir=@top_srcdir@ @@ -30,6 +31,7 @@ STRIP_OPT=@STRIP_OPT@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \ + -DSSHCADIR=\"$(sshcadir)\" \ -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ -D_PATH_SSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\" \ -D_PATH_SFTP_SERVER=\"$(SFTP_SERVER)\" \ @@ -59,6 +61,8 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ +X509_OBJS=ssh-x509.o x509store.o + TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \ @@ -70,7 +74,7 @@ atomicio.o key.o dispatch.o kex.o mac.o uuencode.o misc.o \ rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \ kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \ - entropy.o scard-opensc.o gss-genr.o + entropy.o scard-opensc.o gss-genr.o $(X509_OBJS) SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o @@ -104,6 +108,10 @@ -e 's|/etc/ssh/ssh_host_key|$(sysconfdir)/ssh_host_key|g' \ -e 's|/etc/ssh/ssh_host_dsa_key|$(sysconfdir)/ssh_host_dsa_key|g' \ -e 's|/etc/ssh/ssh_host_rsa_key|$(sysconfdir)/ssh_host_rsa_key|g' \ + -e 's|/etc/ssh/ca/ca-bundle.crt|$(sshcadir)/ca-bundle.crt|g' \ + -e 's|/etc/ssh/ca/crt|$(sshcadir)/crt|g' \ + -e 's|/etc/ssh/ca/ca-bundle.crl|$(sshcadir)/ca-bundle.crl|g' \ + -e 's|/etc/ssh/ca/crl|$(sshcadir)/crl|g' \ -e 's|/var/run/sshd.pid|$(piddir)/sshd.pid|g' \ -e 's|/etc/ssh/moduli|$(sysconfdir)/moduli|g' \ -e 's|/etc/sshrc|$(sysconfdir)/sshrc|g' \ @@ -244,6 +252,8 @@ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) + $(srcdir)/mkinstalldirs $(DESTDIR)$(sshcadir) + $(srcdir)/mkinstalldirs $(DESTDIR)$(piddir) (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) $(INSTALL) -m 0755 $(STRIP_OPT) ssh $(DESTDIR)$(bindir)/ssh $(INSTALL) -m 0755 $(STRIP_OPT) scp $(DESTDIR)$(bindir)/scp @@ -370,7 +380,14 @@ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 -tests: $(TARGETS) + +tests: check + +# Target check is more common for projects using autoXXXX tools + +check: check-regress check-certs + +check-regress: $(TARGETS) BUILDDIR=`pwd`; \ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress; \ [ -f `pwd`/regress/Makefile ] || \ @@ -401,9 +418,29 @@ TEST_SSH_SFTP="$${TEST_SSH_SFTP}" \ TEST_SSH_SFTPSERVER="$${TEST_SSH_SFTPSERVER}" \ EXEEXT="$(EXEEXT)" \ - $@ + tests + + +check-certs: $(TARGETS) + @if test ! -d "tests/CA"; then \ + mkdir -p "tests/CA" || exit 1; \ + fi + @BUILDDIR="`pwd`"; \ + ( cd "tests/CA" && \ + $(MAKE) \ + TEST_SSH_SSH="$${BUILDDIR}/ssh" \ + TEST_SSH_SSHD="$${BUILDDIR}/sshd" \ + TEST_SSH_SSHAGENT="$${BUILDDIR}/ssh-agent" \ + TEST_SSH_SSHADD="$${BUILDDIR}/ssh-add" \ + TEST_SSH_SSHKEYGEN="$${BUILDDIR}/ssh-keygen" \ + TEST_SSH_SSHKEYSCAN="$${BUILDDIR}/ssh-keyscan" \ + TEST_SSH_SFTP="$${BUILDDIR}/sftp" \ + TEST_SSH_SFTPSERVER="$${BUILDDIR}/sftp-server" \ + $@ ) + regressclean: if [ -f regress/Makefile -a -r regress/Makefile ]; then \ (cd regress && $(MAKE) clean) \ fi + (cd tests/CA && $(MAKE) clean) diff -ruN openssh-3.8p1/myproposal.h openssh-3.8p1+x509g3/myproposal.h --- openssh-3.8p1/myproposal.h 2003-05-18 13:54:00.000000000 +0300 +++ openssh-3.8p1+x509g3/myproposal.h 2004-02-25 09:06:00.000000000 +0200 @@ -1,7 +1,9 @@ -/* $OpenBSD: myproposal.h,v 1.15 2003/05/17 04:27:52 markus Exp $ */ +/* $OpenBSD$ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. + * X509 certificates support, + * Copyright (c) 2002 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -24,7 +26,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #define KEX_DEFAULT_KEX "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1" -#define KEX_DEFAULT_PK_ALG "ssh-rsa,ssh-dss" +#define KEX_DEFAULT_PK_ALG "x509v3-sign-rsa,x509v3-sign-dss,ssh-rsa,ssh-dss" #define KEX_DEFAULT_ENCRYPT \ "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour," \ "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \ diff -ruN openssh-3.8p1/pathnames.h openssh-3.8p1+x509g3/pathnames.h --- openssh-3.8p1/pathnames.h 2004-02-06 07:38:16.000000000 +0200 +++ openssh-3.8p1+x509g3/pathnames.h 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.14 2004/01/30 09:48:57 markus Exp $ */ +/* $OpenBSD$ */ /* * Author: Tatu Ylonen @@ -10,6 +10,29 @@ * software must be clearly marked as such, and if the derived work is * incompatible with the protocol description in the RFC file, it must be * called by a name other than "ssh" or "Secure Shell". + * + * X509 certificates support, + * Copyright (c) 2002 Roumen Petrov. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #define ETCDIR "/etc" @@ -172,3 +195,20 @@ #ifndef ASKPASS_PROGRAM #define ASKPASS_PROGRAM "/usr/lib/ssh/ssh-askpass" #endif /* ASKPASS_PROGRAM */ + + +#ifndef SSHCADIR +#define SSHCADIR SSHDIR "/ca" +#endif + +/* x509 user store */ +#define _PATH_USERCA_CERTIFICATE_FILE "~/" _PATH_SSH_USER_DIR "/ca-bundle.crt" +#define _PATH_USERCA_CERTIFICATE_PATH "~/" _PATH_SSH_USER_DIR "/crt" +#define _PATH_USERCA_REVOCATION_FILE "~/" _PATH_SSH_USER_DIR "/ca-bundle.crl" +#define _PATH_USERCA_REVOCATION_PATH "~/" _PATH_SSH_USER_DIR "/crl" + +/* x509 global store */ +#define _PATH_CA_CERTIFICATE_FILE SSHCADIR "/ca-bundle.crt" +#define _PATH_CA_CERTIFICATE_PATH SSHCADIR "/crt" +#define _PATH_CA_REVOCATION_FILE SSHCADIR "/ca-bundle.crl" +#define _PATH_CA_REVOCATION_PATH SSHCADIR "/crl" diff -ruN openssh-3.8p1/readconf.c openssh-3.8p1+x509g3/readconf.c --- openssh-3.8p1/readconf.c 2003-12-17 07:33:11.000000000 +0200 +++ openssh-3.8p1+x509g3/readconf.c 2004-02-25 09:06:01.000000000 +0200 @@ -9,10 +9,33 @@ * software must be clearly marked as such, and if the derived work is * incompatible with the protocol description in the RFC file, it must be * called by a name other than "ssh" or "Secure Shell". + * + * X509 certificate support, + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.127 2003/12/16 15:49:51 markus Exp $"); +RCSID("$OpenBSD$"); #include "ssh.h" #include "xmalloc.h" @@ -25,6 +48,7 @@ #include "misc.h" #include "kex.h" #include "mac.h" +#include "tildexpand.h" /* Format of the configuration file: @@ -106,6 +130,12 @@ oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, oAddressFamily, oGssAuthentication, oGssDelegateCreds, oServerAliveInterval, oServerAliveCountMax, + oX509rsaSigType, + oAllowedServerCertPurpose, + oCACertificateFile, oCACertificatePath, + oCARevocationFile, oCARevocationPath, + oUserCACertificateFile, oUserCACertificatePath, + oUserCARevocationFile, oUserCARevocationPath, oDeprecated, oUnsupported } OpCodes; @@ -192,6 +222,16 @@ { "addressfamily", oAddressFamily }, { "serveraliveinterval", oServerAliveInterval }, { "serveralivecountmax", oServerAliveCountMax }, + { "x509rsasigtype", oX509rsaSigType }, + { "allowedcertpurpose", oAllowedServerCertPurpose }, + { "cacertificatefile", oCACertificateFile }, + { "cacertificatepath", oCACertificatePath }, + { "carevocationfile", oCARevocationFile }, + { "carevocationpath", oCARevocationPath }, + { "usercacertificatefile", oUserCACertificateFile }, + { "usercacertificatepath", oUserCACertificatePath }, + { "usercarevocationfile", oUserCARevocationFile }, + { "usercarevocationpath", oUserCARevocationPath }, { NULL, oBadOption } }; @@ -744,11 +784,92 @@ intptr = &options->server_alive_count_max; goto parse_int; + case oX509rsaSigType: + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%s line %d: Missing argument.", filename, linenum); + + if (strcasecmp(arg, "md5") == 0) + options->x509rsasigtype = SSH_X509RSA_MD5; + else if (strcasecmp(arg, "sha1") == 0) + options->x509rsasigtype = SSH_X509RSA_SHA1; + + if (options->x509rsasigtype < 0) { + fatal("%s line %d: Unsupported argument for X509rsaSigType.", + filename, linenum); + } + break; + + case oAllowedServerCertPurpose: + arg = strdelim(&s); + if (arg && *arg) { + if (strcasecmp(arg, "skip") == 0) goto skip_purpose; + + { /* convert string to OpenSSL index */ + int purpose_index; + purpose_index = ssh_get_x509purpose_s (0, arg); + if (purpose_index < 0) + fatal("config error: unsupported purpose '%.30s' in file %s line %d.", arg, filename, linenum); + + options->allowedcertpurpose = purpose_index; + } + } else { +skip_purpose: + options->allowedcertpurpose = -2; + verbose("config warning: option is set to don`t check certificate purpose in file %s line %d.", filename, linenum); + } + break; + +#ifndef SSH_X509STORE_DISABLED + case oCACertificateFile: + case oCACertificatePath: + case oCARevocationFile: + case oCARevocationPath: + case oUserCACertificateFile: + case oUserCACertificatePath: + case oUserCARevocationFile: + case oUserCARevocationPath: + arg = strdelim(&s); + if (!arg || *arg == '\0') + fatal("%s line %d: Missing argument.", filename, linenum); + switch (opcode) { + case oCACertificateFile: + options->ca.certificate_file = xstrdup(arg); break; + case oCACertificatePath: + options->ca.certificate_path = xstrdup(arg); break; + case oCARevocationFile: + options->ca.revocation_file = xstrdup(arg); break; + case oCARevocationPath: + options->ca.revocation_path = xstrdup(arg); break; + case oUserCACertificateFile: + options->userca.certificate_file = xstrdup(arg); break; + case oUserCACertificatePath: + options->userca.certificate_path = xstrdup(arg); break; + case oUserCARevocationFile: + options->userca.revocation_file = xstrdup(arg); break; + case oUserCARevocationPath: + options->userca.revocation_path = xstrdup(arg); break; + default: + break; + } + break; +#endif /*ndef SSH_X509STORE_DISABLED*/ + case oDeprecated: debug("%s line %d: Deprecated option \"%s\"", filename, linenum, keyword); return 0; +#ifdef SSH_X509STORE_DISABLED + case oCACertificateFile: + case oCACertificatePath: + case oCARevocationFile: + case oCARevocationPath: + case oUserCACertificateFile: + case oUserCACertificatePath: + case oUserCARevocationFile: + case oUserCARevocationPath: +#endif /*def SSH_X509STORE_DISABLED*/ case oUnsupported: error("%s line %d: Unsupported option \"%s\"", filename, linenum, keyword); @@ -873,7 +994,50 @@ options->verify_host_key_dns = -1; options->server_alive_interval = -1; options->server_alive_count_max = -1; + options->x509rsasigtype = -1; + options->allowedcertpurpose = -1; +#ifndef SSH_X509STORE_DISABLED + options->ca.certificate_file = NULL; + options->ca.certificate_path = NULL; + options->ca.revocation_file = NULL; + options->ca.revocation_path = NULL; + options->userca.certificate_file = NULL; + options->userca.certificate_path = NULL; + options->userca.revocation_file = NULL; + options->userca.revocation_path = NULL; +#endif /*ndef SSH_X509STORE_DISABLED*/ +} + +#ifndef SSH_X509STORE_DISABLED +static int +ssh_x509store_init (Options *options) { + int x509_store_loaded = 0; + + if(ssh_x509store_addlocations(&options->userca)) { + x509_store_loaded = 1; + } + if(ssh_x509store_addlocations(&options->ca)) { + x509_store_loaded = 1; + } + + return x509_store_loaded; } +#endif /*ndef SSH_X509STORE_DISABLED*/ + +#ifndef SSH_X509STORE_DISABLED +static void +tilde_expand_filename2(const char **_fn, const char* _default) { + extern uid_t original_real_uid; + + if (*_fn == NULL) { + *_fn = tilde_expand_filename(_default, original_real_uid); + } else { + const char *p = *_fn; + *_fn = tilde_expand_filename(p, original_real_uid); + xfree((void*)p); + } +} +#endif /*ndef SSH_X509STORE_DISABLED*/ /* * Called after processing other sources of option data, this fills those @@ -996,4 +1160,28 @@ /* options->hostname will be set in the main program if appropriate */ /* options->host_key_alias should not be set by default */ /* options->preferred_authentications will be set in ssh */ + + if (options->x509rsasigtype == -1) + options->x509rsasigtype = SSH_X509RSA_MD5; + options->x509rsasigtype = ssh_x509rsasig(options->x509rsasigtype); + if (options->allowedcertpurpose == -1) + options->allowedcertpurpose = ssh_get_default_x509purpose(0); + ssh_set_x509purpose(0, options->allowedcertpurpose); +#ifndef SSH_X509STORE_DISABLED + if (options->ca.certificate_file == NULL) + options->ca.certificate_file = _PATH_CA_CERTIFICATE_FILE; + if (options->ca.certificate_path == NULL) + options->ca.certificate_path = _PATH_CA_CERTIFICATE_PATH; + if (options->ca.revocation_file == NULL) + options->ca.revocation_file = _PATH_CA_REVOCATION_FILE; + if (options->ca.revocation_path == NULL) + options->ca.revocation_path = _PATH_CA_REVOCATION_PATH; + + tilde_expand_filename2(&options->userca.certificate_file, _PATH_USERCA_CERTIFICATE_FILE); + tilde_expand_filename2(&options->userca.certificate_path, _PATH_USERCA_CERTIFICATE_PATH); + tilde_expand_filename2(&options->userca.revocation_file , _PATH_USERCA_REVOCATION_FILE ); + tilde_expand_filename2(&options->userca.revocation_path , _PATH_USERCA_REVOCATION_PATH ); + + ssh_x509store_init(options); +#endif /*ndef SSH_X509STORE_DISABLED*/ } diff -ruN openssh-3.8p1/readconf.h openssh-3.8p1+x509g3/readconf.h --- openssh-3.8p1/readconf.h 2003-12-17 07:33:11.000000000 +0200 +++ openssh-3.8p1+x509g3/readconf.h 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.59 2003/12/16 15:49:51 markus Exp $ */ +/* $OpenBSD$ */ /* * Author: Tatu Ylonen @@ -11,12 +11,36 @@ * software must be clearly marked as such, and if the derived work is * incompatible with the protocol description in the RFC file, it must be * called by a name other than "ssh" or "Secure Shell". + * + * X509 certificate support, + * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef READCONF_H #define READCONF_H #include "key.h" +#include "x509store.h" /* Data structure for representing a forwarding request. */ @@ -102,6 +126,17 @@ int no_host_authentication_for_localhost; int server_alive_interval; int server_alive_count_max; + + /* rumen-XXX: X509 RSA signature type: md5=0, sha1=1 */ + int x509rsasigtype; + /* allowed server certificate purpose */ + int allowedcertpurpose; +#ifndef SSH_X509STORE_DISABLED + /* sshd PKI(X509) global store */ + X509StoreOptions ca; + /* sshd PKI(X509) user store */ + X509StoreOptions userca; +#endif /*ndef SSH_X509STORE_DISABLED*/ } Options; diff -ruN openssh-3.8p1/README.x509v3 openssh-3.8p1+x509g3/README.x509v3 --- openssh-3.8p1/README.x509v3 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/README.x509v3 2004-02-15 15:26:24.000000000 +0200 @@ -0,0 +1,361 @@ + Roumen Petrov + Sofia, Bulgaria + Tue Jun 11 2003 + +How to use X.509 certificates with OpenSSH? + + +Identity or hostkey file for protocol version 2 can contain private key +plus x509 certificate in PEM format. Note that protocol version 2 keys +are in PEM format. To use X.509 certificate as identity or hostkey user +should convert certificate in PEM format and append to file. After this +with "ssh-keygen -y ..." user must update "pub" file. +File (identity or hostkey) with X.509 certificate (RSA key): +-----BEGIN RSA PRIVATE KEY----- +..... +-----END RSA PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +..... +-----END CERTIFICATE----- +Note that to use X.509 certificates in OpenSSH files must contain +private key followed by certificate. + + +1.) server configuration: +1.1.) .../sshd_config +1.1.1.) +AllowedCertPurpose sslclient + The intended use off the X.509 client certificate. + +1.1.2.) "X509 store". Server use "X509 store" to verify client keys. +CACertificateFile /etc/ssh/ca/ca-bundle.crt + This file contain multiple certificates of certificate signers in PEM +format concatenated together. You can get a copy from openssl, apache, +KDE, mutt, etc. packages. Original file might is exported from Netscape +certificate database and one download URL is: + http://www.modssl.org/contrib/ca-bundle.crt.tar.gz + +CACertificatePath /etc/ssh/ca/crt + "Hash dir" with certificates of certificate signers. Each certificate +should be stored in separate file with name [HASH].[NUMBER], where +[HASH] is certificate hash value and [NUMBER] is an integer starting +from zero. Hash is result from command like this: +$ openssl x509 -in certificate_file_name -noout -hash + +CARevocationFile /etc/ssh/ca/ca-bundle.crl + This file contain multiple "Certificate Revocation List" (CRL) of +certificate signers in PEM format concatenated together. + +CARevocationPath /etc/ssh/ca/crl + "Hash dir" with "Certificate Revocation List" (CRL) of certificate +signers. Each CRL should be stored in separate file with name +[HASH].r[NUMBER], where [HASH] is CRL hash value and [NUMBER] is an +integer starting from zero. Hash is result from command like this: +$ openssl crl -in crl_file_name -noout -hash + +1.1.3.) HostKey files... + Host key for protocol version 2 can contain private key plus x509 +certificate in PEM format. + +1.1.4.) +X509rsaSigType=md5 + Specifies prefered signature digest type for "x509v3-sign-rsa" keys. +The possible values are "md5" and "sha1". When X.509 certificate +signature blob fail with specified value, server try other and print +log message like this: +... X509COMPAT: RSA succeed for sha1 digest ... +This options is intended to collect information about default +signature digest type in other SecSH implementations. +When you see this PLEASE send a EMAIL with "X509COMPAT" lines +from log files. + + +1.2.) append in USER_HOME/.ssh/authorized_keys a record with following +format: +{|CertBlob} +where: +KEY_TYPE:=x509v3-sign-rsa|x509v3-sign-dss (case sensitive !) +WORDDN:={Distinguished Name| + Distinguished-Name| + Distinguished_Name| + DistinguishedName| + DN| + Subject} +WORDDNSUFF:='='|':'|'' +NOTES: +- WORDDN is case insensitive ! + +- is like output from command: +$ openssl x509 -noout -subject -in A_CERTIFICATE_FILE + +- can be in RFC2253 format like output from command: +$ openssl x509 -noout -subject -in A_CERTIFICATE_FILE -nameopt RFC2253 + +- Order of items in is not important and separator +can be symbol "/", "," or mixed. All following subjects are equal: +a)CN=dsa test certificate,OU=OpenSSH Testers,O=Test Team,ST=World,C=XX +b)/C=XX/ST=World/O=Test Team/OU=OpenSSH Testers/CN=dsa test certificate +c)/O=Test Team/OU=OpenSSH Testers/C=XX/ST=World/CN=dsa test certificate +d)O=Test Team,OU=OpenSSH Testers/C=XX,ST=World/CN=dsa test certificate + +- CertBlob is uuencoded sequence of bytes in only one line. + +Shell sample: +- "Distinguished Name" format: +$ ( printf 'x509v3-sign-rsa '; + openssl x509 -noout -subject \ + -in A_OPENSSH_IDENTITY_FILE \ + ) >> $HOME/.ssh/authorized_keys + +- "blob" format: +$ cat A_OPENSSH_IDENTITY_FILE.pub \ + >> $HOME/.ssh/authorized_keys + +NOTES: +- adjust user authorized_keys file ownership - user must have at least +read access. +- SecSH x509v3 key type is "x509v3-sign-rsa" or "x509v3-sign-dss". +- When OpenSSH is build with "--disable-x509store" YOU CANNOT USE +"Distinguished Name" format. You shold use ONLY "blob" format. + +2.) client settings: +2.1.) IdentityFile + Depends from client. To use X.509 certificate "OpenSSH id-file" must +contain both sections - private key and certificate in PEM format: +Note: Don't forget to update public key file with command: +$ ssh-keygen -y -f IDENTITY_FILE > IDENTITY_FILE.pub +Command ssh-add use public key file! + +2.2.) global ssh_config, $HOME/.ssh/config or command line + +2.2.1.) +AllowedCertPurpose sslserver + The intended use off the X.509 server certificate. + +2.2.2.) "X509 store". Client use "x509 store" to verify server hostkey. + Check options: +- [User]CACertificatePath; +- [User]CACertificateFile; +- [User]CARevocationFile; +- [User]CARevocationPath. + See p. 1.1.2.). + +Note: When we use own CA we must import CA certificate[s] to +"x509 store". More info on: + http://roumenpetrov.info/domino_CA/#dca2bundle + +2.2.3.) +X509rsaSigType=md5 + Temporary option. Specifies signature digest type for +'x509v3-sign-rsa' keys. The possible values are "md5" and "sha1". Use +this option only in session with other SecSH servers with X.509 +certificates as identity or host key. When ssh print message like this +... X509COMPAT: RSA succeed for sha1 digest ... +PLEASE send a EMAIL with this message. +When you cannot use X.509 certificate as identity in session with other +SecSH implementations try this option. Example: +$ ssh -o X509rsaSigType=sha1 .... non_openssh_host + +Note: ssh-agent use only md5 digest for X.509 certificates. + + +3.) test x509 certificates. + +3.1.) In openssh build dir run "make check". +If x509 test scripts fail edit file OPENSSH_SOURCE_PATH/tests/CA/config +or set some environment variables. +Output from make check is in color and when is redirected to file later +we can see content best with command "less -r ...". +When script run a test command print star '*' followed by simple +information about command. When command succeed script print at right +"done" in GREEN(!) otherwise "failed" in RED(!). After failed command +script show on next lines in RED(!) response, skip execution of next +command/script, print message like this: +.... +Testing OpenSSH client with certificates finished. + status: failed +.... +Note that failed is in RED(!) and exit code is NONZERO(!). +Some command in a test script must fail. Part of "simple information" +about command expected to fail is in RED(!). When command fail script +print "done" (THIS IS CORRECT - COMMAND MUST FAIL) and on next lines +print in GREEN(!) response. Usually this occur when server reject logon. +WHEN ALL TESTS SUCCEED output is: +.... +Testing OpenSSH client with certificates finished. + status: done +.... +Note that "done" is in GREEN(!) and exit code is ZERO(!). + + + +3.1.1.) Description of variables in Makefile file: + - SHELL + Used shell to run tests. Supported shell are bash, ksh, zsh and ash. + Example: + $ make check SHELL=/bin/zsh + +3.1.2.) Description of variables in config file: + +3.1.2.1.) main variables: + - SUDO + (only in config) + on some system sshd must be started as root. + If necessary set variable to sudo and configure sudo'ers. + - TMPDIR + (environment or config) + directory for temporary files. If not set its value is selected + from /tmp, /var/tmp or /usr/tmp. + - SSH_X509TESTS + (environment or config) + list with test scripts. A test script is in file with following + name: test-.sh.inc. + +3.1.2.2.) openssl: + - OPENSSL + (environment or config) + path to openssl binary. The default is result from command: + `which openssl`. + - RSA_DIGEST_LIST + (environment or config) + list with RSA digests in support of openssl. The default value is + build at run time from following digest list "md5 sha1 md2 md4 + rmd160" and contain only supported from openssl. + +3.1.2.3.) server section: + Read sshd_config.5 manual page for valid values. + - SSHD_PORT + (environment or config) + specifies the port number that server listens on and client connect + to on localhost. The default is 20022. + - SSHD_LISTENADDRESS + (only in config) + Same as sshd option "ListenAddress" but without(!) port number. + The default is "127.0.0.1". + - SSHSERVER_USEPRIVILEGESEPARATION="yes": + (only in config) + sshd "UsePrivilegeSeparation" option. + if necessary set to "no", to disable privilege separation. + - SSHSERVER_SYSLOGFACILITY=AUTH + (only in config) + sshd "SyslogFacility" option. + - SSHSERVER_LOGLEVEL=INFO + (only in config) + sshd 'LogLevel' option. + +3.1.2.4.) certificates: + - Variables related to test certificates and CA. + (only in config) + +3.1.3.) Sample commands to run tests: +$ OPENSSL=/usr/local/ssl/bin/openssl make check +$ SSHD_PORT=1122 SSH_X509TESTS="agent blob_auth" make check +$ RSA_DIGEST_LIST="md5 sha1" make check +$ make check SHELL=/bin/ksh + +When check fail see "Troubleshooting" later in document. + + +3.2.) Current test scripts uses only rsa as server hostkey. + To test sshd with x509 certificate please find in file +openssh_tests.sh variable TEST_SSHD_HOSTKEY and change it. Sample: +TEST_SSH_HOSTKEY="${CWD}/testhostkey_rsa-rsa_md5" + + +3.3.) Test SecSH from "Microsoft Windows OSes". + This is not part of document. +Tips: use created after make check files: +- convert OPENSSH_BUILD_PATH/tests/CA/ca-test/crt/*crt.pem CA + certificates from PEM to DER format and import in + "Windows keystore" +- import OPENSSH_BUILD_PATH/tests/CA/testid_*.p12 in + "Windows keystore" +- setup your client to use certificate[s](see SecSH client manuals). +DON'T FORGET TO REMOVE entries from "Windows keystore" after test! + + +3.4.) Go to OPENSSH_BUILD_PATH/tests/CA and run command "make clean" to +remove all client/server and CA files. + + +3.5.) files in OPENSSH_SOURCE_PATH/tests/CA directory: +config : configuration file + +1-cre_cadb.sh: + create "Test CA" directories and files. + +2-cre_cakeys.sh: + create "Test CA" private keys and certificates. + +3-cre_certs.sh: + create client/server certificates. + this command create files with mask + "PATH_TO_KEYFILEn-[.]" + , where is in format "rsa_" or "dsa". + DIGEST are form variable "RSA_DIGEST_LIST" specified in "config" + file. Files without extention are openssh identity or hostkey files. + File with .pub extention contain openssh public key (BLOB format). + File with .crt extention contain openssl "text output" for identity + files. Files with .p12 extention are for "Microsoft Windows keystore". +Note: .p12 = .pfx for Windows. + +verify.sh: + to check certificates against "Test CA". Note: check only + testid_*.crt and testhostkey_*.crt files in current directory. + +functions: + common usefull functions + +openssh_tests.sh: + main test script - call other testscripts. + +test-blob_auth.sh.inc, +test-dn_auth_file.sh.inc, +test-dn_auth_path.sh.inc, +test-agent.sh.inc, +test-crl.sh.inc: + see DESCRIPTION in each file. + +Note that hostbased authentication we cannot test without to install. +Generated testhostkey_* certificates are with sslserver and sslclient +purposes and you can use them to test manually hostbased authentication. + + +4.) Troubleshooting +make check fails on: + +4.1.) "... 1-cre_cadb.sh: local: not found" +try other shell: [ENVSETTINGS] make check SHELL=/bin/ksh + +4.2.) "generating a new ... private key for the TEST CA ..." +Usually this happen on system without /dev/{u}random. +In file [BUILDDIR]/tests/CA/openssh_ca-2.log we can see a message: +"... PRNG not seeded ...". +Read again WARNING.RNG from OpenSSH sourcedir and/or +http://www.openssl.org/support/faq.html + +4.2.1.) reconfigure your system and/or openssl +4.2.2.) or do next +4.2.2.1.) install OpenSSH :-( otherwise later "make check" +(ssh-keygen) fail with message: +"couldn't exec '.../libexec/ssh-rand-helper': ..." +and second ./ssh-rand-helper fail with message: +"couldn't read entropy commands file ../ssh_prng_cmds: ..." +Tip: configure OpenSSH with prefix for example $HOME/test + +4.2.2.2.) run: +ssh-rand-helper +rm -f $HOME/.rnd +ln -s .ssh/prng_seed $HOME/.rnd + +4.2.2.3.) test openssl with command: +/usr/local/ssl/bin/openssl genrsa -des3 -passout pass:change_it +Tip: before to create every key with OpenSSL run ssh-rand-helper ! + +4.2.2.4.) run again "... make check ..." + +4.3.) fail on first check: "* rsa_md5 valid blob failed" +Usually SUDO command is not set. See p. 3.1.2.1. + + +Enjoy ;-) diff -ruN openssh-3.8p1/scp.0 openssh-3.8p1+x509g3/scp.0 --- openssh-3.8p1/scp.0 2004-02-24 08:22:59.000000000 +0200 +++ openssh-3.8p1+x509g3/scp.0 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -SCP(1) OpenBSD Reference Manual SCP(1) +SCP(1) System General Commands Manual SCP(1) NAME scp - secure copy (remote file copy program) @@ -28,8 +28,8 @@ -6 Forces scp to use IPv6 addresses only. - -B Selects batch mode (prevents asking for passwords or passphras- - es). + -B Selects batch mode (prevents asking for passwords or + passphrases). -C Compression enable. Passes the -C flag to ssh(1) to enable com- pression. @@ -135,4 +135,4 @@ Timo Rinne Tatu Ylonen -OpenBSD 3.4 September 25, 1999 3 +BSD September 25, 1999 BSD diff -ruN openssh-3.8p1/servconf.c openssh-3.8p1+x509g3/servconf.c --- openssh-3.8p1/servconf.c 2004-01-23 13:03:10.000000000 +0200 +++ openssh-3.8p1+x509g3/servconf.c 2004-02-25 09:06:01.000000000 +0200 @@ -7,10 +7,33 @@ * software must be clearly marked as such, and if the derived work is * incompatible with the protocol description in the RFC file, it must be * called by a name other than "ssh" or "Secure Shell". + * + * X509 certificate support, + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.130 2003/12/23 16:12:10 jakob Exp $"); +RCSID("$OpenBSD$"); #include "ssh.h" #include "log.h" @@ -101,6 +124,14 @@ options->client_alive_count_max = -1; options->authorized_keys_file = NULL; options->authorized_keys_file2 = NULL; + options->x509rsasigtype = -1; + options->allowedcertpurpose = -1; +#ifndef SSH_X509STORE_DISABLED + options->ca.certificate_file = NULL; + options->ca.certificate_path = NULL; + options->ca.revocation_file = NULL; + options->ca.revocation_path = NULL; +#endif /*ndef SSH_X509STORE_DISABLED*/ /* Needs to be accessable in many places */ use_privsep = -1; @@ -228,6 +259,24 @@ if (options->authorized_keys_file == NULL) options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS; + if (options->x509rsasigtype == -1) + options->x509rsasigtype = SSH_X509RSA_MD5; + options->x509rsasigtype = ssh_x509rsasig(options->x509rsasigtype); + if (options->allowedcertpurpose == -1) + options->allowedcertpurpose = ssh_get_default_x509purpose(1); + ssh_set_x509purpose(1, options->allowedcertpurpose); +#ifndef SSH_X509STORE_DISABLED + if (options->ca.certificate_file == NULL) + options->ca.certificate_file = _PATH_CA_CERTIFICATE_FILE; + if (options->ca.certificate_path == NULL) + options->ca.certificate_path = _PATH_CA_CERTIFICATE_PATH; + if (options->ca.revocation_file == NULL) + options->ca.revocation_file = _PATH_CA_REVOCATION_FILE; + if (options->ca.revocation_path == NULL) + options->ca.revocation_path = _PATH_CA_REVOCATION_PATH; + ssh_x509store_addlocations(&options->ca); +#endif /*ndef SSH_X509STORE_DISABLED*/ + /* Turn privilege separation on by default */ if (use_privsep == -1) use_privsep = 1; @@ -240,7 +289,6 @@ options->compression = 0; } #endif - } /* Keyword tokens. */ @@ -268,6 +316,10 @@ sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, sGssAuthentication, sGssCleanupCreds, sUsePrivilegeSeparation, + sX509rsaSigType, + sAllowedClientCertPurpose, + sCACertificateFile, sCACertificatePath, + sCARevocationFile, sCARevocationPath, sDeprecated, sUnsupported } ServerOpCodes; @@ -366,6 +418,12 @@ { "authorizedkeysfile", sAuthorizedKeysFile }, { "authorizedkeysfile2", sAuthorizedKeysFile2 }, { "useprivilegeseparation", sUsePrivilegeSeparation}, + { "x509rsasigtype", sX509rsaSigType }, + { "allowedcertpurpose", sAllowedClientCertPurpose }, + { "cacertificatefile", sCACertificateFile }, + { "cacertificatepath", sCACertificatePath }, + { "carevocationfile", sCARevocationFile }, + { "carevocationpath", sCARevocationPath }, { NULL, sBadOption } }; @@ -892,6 +950,64 @@ intptr = &options->client_alive_count_max; goto parse_int; + case sX509rsaSigType: + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: Missing argument.", filename, linenum); + + if (strcasecmp(arg, "md5") == 0) + options->x509rsasigtype = SSH_X509RSA_MD5; + else if (strcasecmp(arg, "sha1") == 0) + options->x509rsasigtype = SSH_X509RSA_SHA1; + + if (options->x509rsasigtype < 0) { + fatal("config error: unsupported X509rsaSigType '%.30s' in file %s line %d.", arg, filename, linenum); + } + break; + + case sAllowedClientCertPurpose: + arg = strdelim(&cp); + if (arg && *arg) { + if (strcasecmp(arg, "skip") == 0) goto skip_purpose; + + { /* convert string to OpenSSL index */ + int purpose_index; + purpose_index = ssh_get_x509purpose_s (1, arg); + if (purpose_index < 0) + fatal("config error: unsupported purpose '%.30s' in file %s line %d.", arg, filename, linenum); + + options->allowedcertpurpose = purpose_index; + } + } else { +skip_purpose: + options->allowedcertpurpose = -2; + verbose("config warning: option is set to don't check certificate purpose in file %s line %d.", filename, linenum); + } + break; + +#ifndef SSH_X509STORE_DISABLED + case sCACertificateFile: + case sCACertificatePath: + case sCARevocationFile: + case sCARevocationPath: + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: Missing argument.", filename, linenum); + switch (opcode) { + case sCACertificateFile: + options->ca.certificate_file = xstrdup(arg); break; + case sCACertificatePath: + options->ca.certificate_path = xstrdup(arg); break; + case sCARevocationFile: + options->ca.revocation_file = xstrdup(arg); break; + case sCARevocationPath: + options->ca.revocation_path = xstrdup(arg); break; + default: + break; + } + break; +#endif /*ndef SSH_X509STORE_DISABLED*/ + case sDeprecated: logit("%s line %d: Deprecated option %s", filename, linenum, arg); diff -ruN openssh-3.8p1/servconf.h openssh-3.8p1+x509g3/servconf.h --- openssh-3.8p1/servconf.h 2003-12-31 02:37:34.000000000 +0200 +++ openssh-3.8p1+x509g3/servconf.h 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.67 2003/12/23 16:12:10 jakob Exp $ */ +/* $OpenBSD$ */ /* * Author: Tatu Ylonen @@ -11,11 +11,36 @@ * software must be clearly marked as such, and if the derived work is * incompatible with the protocol description in the RFC file, it must be * called by a name other than "ssh" or "Secure Shell". + * + * X509 certificate support, + * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef SERVCONF_H #define SERVCONF_H +#include "x509store.h" + #define MAX_PORTS 256 /* Max # ports. */ #define MAX_ALLOW_USERS 256 /* Max # users on allow list. */ @@ -125,6 +150,15 @@ char *authorized_keys_file; /* File containing public keys */ char *authorized_keys_file2; int use_pam; /* Enable auth via PAM */ + + /* rumen-XXX: X509 RSA signature type: md5=0, sha1=1 */ + int x509rsasigtype; + /* allowed client certificate purpose */ + int allowedcertpurpose; +#ifndef SSH_X509STORE_DISABLED + /* sshd PKI(X509) global store */ + X509StoreOptions ca; +#endif /*ndef SSH_X509STORE_DISABLED*/ } ServerOptions; void initialize_server_options(ServerOptions *); diff -ruN openssh-3.8p1/sftp.0 openssh-3.8p1+x509g3/sftp.0 --- openssh-3.8p1/sftp.0 2004-02-24 08:23:05.000000000 +0200 +++ openssh-3.8p1+x509g3/sftp.0 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -SFTP(1) OpenBSD Reference Manual SFTP(1) +SFTP(1) System General Commands Manual SFTP(1) NAME sftp - secure file transfer program @@ -15,8 +15,8 @@ sftp is an interactive file transfer program, similar to ftp(1), which performs all operations over an encrypted ssh(1) transport. It may also use many features of ssh, such as public key authentication and compres- - sion. sftp connects and logs into the specified host, then enters an in- - teractive command mode. + sion. sftp connects and logs into the specified host, then enters an + interactive command mode. The second usage format will retrieve files automatically if a non-inter- active authentication method is used; otherwise it will do so after suc- @@ -38,8 +38,8 @@ higher memory consumption. The default is 32768 bytes. -b batchfile - Batch mode reads a series of commands from an input batchfile in- - stead of stdin. Since it lacks user interaction it should be + Batch mode reads a series of commands from an input batchfile + instead of stdin. Since it lacks user interaction it should be used in conjunction with non-interactive authentication. A batchfile of `-' may be used to indicate standard input. sftp will abort if any of the following commands fail: get, put, @@ -127,8 +127,8 @@ INTERACTIVE COMMANDS Once in interactive mode, sftp understands a set of commands similar to - those of ftp(1). Commands are case insensitive and pathnames may be en- - closed in quotes if they contain spaces. + those of ftp(1). Commands are case insensitive and pathnames may be + enclosed in quotes if they contain spaces. bye Quit sftp. @@ -157,8 +157,8 @@ lcd path Change local directory to path. lls [ls-options [path]] - Display local directory listing of either path or current di- - rectory if path is not specified. + Display local directory listing of either path or current + directory if path is not specified. lmkdir path Create local directory specified by path. @@ -214,7 +214,7 @@ ftp(1), scp(1), ssh(1), ssh-add(1), ssh-keygen(1), ssh_config(5), sftp-server(8), sshd(8) - T. Ylonen, and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- + T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- filexfer-00.txt, January 2001, work in progress material. -OpenBSD 3.4 February 4, 2001 4 +BSD February 4, 2001 BSD diff -ruN openssh-3.8p1/sftp-server.0 openssh-3.8p1+x509g3/sftp-server.0 --- openssh-3.8p1/sftp-server.0 2004-02-24 08:23:04.000000000 +0200 +++ openssh-3.8p1+x509g3/sftp-server.0 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -SFTP-SERVER(8) OpenBSD System Manager's Manual SFTP-SERVER(8) +SFTP-SERVER(8) System Manager's Manual SFTP-SERVER(8) NAME sftp-server - SFTP server subsystem @@ -8,14 +8,14 @@ DESCRIPTION sftp-server is a program that speaks the server side of SFTP protocol to - stdout and expects client requests from stdin. sftp-server is not in- - tended to be called directly, but from sshd(8) using the Subsystem op- - tion. See sshd_config(5) for more information. + stdout and expects client requests from stdin. sftp-server is not + intended to be called directly, but from sshd(8) using the Subsystem + option. See sshd_config(5) for more information. SEE ALSO sftp(1), ssh(1), sshd_config(5), sshd(8) - T. Ylonen, and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- + T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh- filexfer-00.txt, January 2001, work in progress material. AUTHORS @@ -24,4 +24,4 @@ HISTORY sftp-server first appeared in OpenBSD 2.8 . -OpenBSD 3.4 August 30, 2000 1 +BSD August 30, 2000 BSD diff -ruN openssh-3.8p1/ssh.0 openssh-3.8p1+x509g3/ssh.0 --- openssh-3.8p1/ssh.0 2004-02-24 08:23:03.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh.0 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -SSH(1) OpenBSD Reference Manual SSH(1) +SSH(1) System General Commands Manual SSH(1) NAME ssh - OpenSSH SSH client (remote login program) @@ -12,9 +12,9 @@ DESCRIPTION ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to replace rlogin - and rsh, and provide secure encrypted communications between two untrust- - ed hosts over an insecure network. X11 connections and arbitrary TCP/IP - ports can also be forwarded over the secure channel. + and rsh, and provide secure encrypted communications between two + untrusted hosts over an insecure network. X11 connections and arbitrary + TCP/IP ports can also be forwarded over the secure channel. ssh connects and logs into the specified hostname (with optional user name). The user must prove his/her identity to the remote machine using @@ -54,11 +54,11 @@ The file $HOME/.ssh/authorized_keys lists the public keys that are per- mitted for logging in. When the user logs in, the ssh program tells the - server which key pair it would like to use for authentication. The serv- - er checks if this key is permitted, and if so, sends the user (actually - the ssh program running on behalf of the user) a challenge, a random num- - ber, encrypted by the user's public key. The challenge can only be de- - crypted using the proper private key. The user's client then decrypts + server which key pair it would like to use for authentication. The + server checks if this key is permitted, and if so, sends the user (actu- + ally the ssh program running on behalf of the user) a challenge, a random + number, encrypted by the user's public key. The challenge can only be + decrypted using the proper private key. The user's client then decrypts the challenge using the private key, proving that he/she knows the pri- vate key but without disclosing it to the server. @@ -91,13 +91,16 @@ The public key method is similar to RSA authentication described in the previous section and allows the RSA or DSA algorithm to be used: The - client uses his private key, $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa, to - sign the session identifier and sends the result to the server. The - server checks whether the matching public key is listed in + client uses his private key, $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa, + which can contain a x509 certificate in addition to key to sign the ses- + sion identifier and sends the result to the server. The server checks + whether the matching public key or certificate is listed in $HOME/.ssh/authorized_keys and grants access if both the key is found and - the signature is correct. The session identifier is derived from a - shared Diffie-Hellman value and is only known to the client and the serv- - er. + the signature is correct. In case with x509 certificate server perform + additional verification of that certificate through database with cer- + tificates and CRLs of certificate signers. The session identifier is + derived from a shared Diffie-Hellman value and is only known to the + client and the server. If public key authentication fails or is not available, a password can be sent encrypted to the remote host to prove the user's identity. @@ -111,8 +114,8 @@ ensuring the integrity of the connection. Login session and remote execution - When the user's identity has been accepted by the server, the server ei- - ther executes the given command, or logs into the machine and gives the + When the user's identity has been accepted by the server, the server + either executes the given command, or logs into the machine and gives the user a normal shell on the remote machine. All communication with the remote command or shell will be automatically encrypted. @@ -165,11 +168,11 @@ the -X and -x options described later) and the user is using X11 (the DISPLAY environment variable is set), the connection to the X11 display is automatically forwarded to the remote side in such a way that any X11 - programs started from the shell (or command) will go through the encrypt- - ed channel, and the connection to the real X server will be made from the - local machine. The user should not manually set DISPLAY. Forwarding of - X11 connections can be configured on the command line or in configuration - files. + programs started from the shell (or command) will go through the + encrypted channel, and the connection to the real X server will be made + from the local machine. The user should not manually set DISPLAY. For- + warding of X11 connections can be configured on the command line or in + configuration files. The DISPLAY value set by ssh will point to the server machine, but with a display number greater than zero. This is normal, and happens because @@ -285,26 +288,27 @@ default for the per-user configuration file is $HOME/.ssh/config. -f Requests ssh to go to background just before command execution. - This is useful if ssh is going to ask for passwords or passphras- - es, but the user wants it in the background. This implies -n. - The recommended way to start X11 programs at a remote site is - with something like ssh -f host xterm. + This is useful if ssh is going to ask for passwords or + passphrases, but the user wants it in the background. This + implies -n. The recommended way to start X11 programs at a + remote site is with something like ssh -f host xterm. -g Allows remote hosts to connect to local forwarded ports. -I smartcard_device - Specifies which smartcard device to use. The argument is the de- - vice ssh should use to communicate with a smartcard used for + Specifies which smartcard device to use. The argument is the + device ssh should use to communicate with a smartcard used for storing the user's private RSA key. -i identity_file Selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is $HOME/.ssh/identity for protocol version 1, and $HOME/.ssh/id_rsa and - $HOME/.ssh/id_dsa for protocol version 2. Identity files may al- - so be specified on a per-host basis in the configuration file. - It is possible to have multiple -i options (and multiple identi- - ties specified in configuration files). + $HOME/.ssh/id_dsa for protocol version 2. For protocol version 2 + is possible identity to contain in addition a x509 certificate. + Identity files may also be specified on a per-host basis in the + configuration file. It is possible to have multiple -i options + (and multiple identities specified in configuration files). -k Disables forwarding (delegation) of GSSAPI credentials to the server. @@ -334,18 +338,20 @@ -n Redirects stdin from /dev/null (actually, prevents reading from stdin). This must be used when ssh is run in the background. A - common trick is to use this to run X11 programs on a remote ma- - chine. For example, ssh -n shadows.cs.hut.fi emacs & will start - an emacs on shadows.cs.hut.fi, and the X11 connection will be au- - tomatically forwarded over an encrypted channel. The ssh program - will be put in the background. (This does not work if ssh needs - to ask for a password or passphrase; see also the -f option.) + common trick is to use this to run X11 programs on a remote + machine. For example, ssh -n shadows.cs.hut.fi emacs & will + start an emacs on shadows.cs.hut.fi, and the X11 connection will + be automatically forwarded over an encrypted channel. The ssh + program will be put in the background. (This does not work if + ssh needs to ask for a password or passphrase; see also the -f + option.) -o option Can be used to give options in the format used in the configura- tion file. This is useful for specifying options for which there - is no separate command-line flag. For full details of the op- - tions listed below, and their possible values, see ssh_config(5). + is no separate command-line flag. For full details of the + options listed below, and their possible values, see + ssh_config(5). AddressFamily BatchMode @@ -419,9 +425,9 @@ syntax: port/host/hostport. -s May be used to request invocation of a subsystem on the remote - system. Subsystems are a feature of the SSH2 protocol which fa- - cilitate the use of SSH as a secure transport for other applica- - tions (eg. sftp(1)). The subsystem is specified as the remote + system. Subsystems are a feature of the SSH2 protocol which + facilitate the use of SSH as a secure transport for other appli- + cations (eg. sftp(1)). The subsystem is specified as the remote command. -T Disable pseudo-tty allocation. @@ -493,8 +499,8 @@ SSH_CONNECTION Identifies the client and server ends of the connection. The - variable contains four space-separated values: client ip-ad- - dress, client port number, server ip-address and server port + variable contains four space-separated values: client ip- + address, client port number, server ip-address and server port number. SSH_ORIGINAL_COMMAND @@ -525,23 +531,29 @@ $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa Contains the authentication identity of the user. They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. - These files contain sensitive data and should be readable by the - user but not accessible by others (read/write/execute). Note - that ssh ignores a private key file if it is accessible by oth- - ers. It is possible to specify a passphrase when generating the - key; the passphrase will be used to encrypt the sensitive part of - this file using 3DES. + It is possible protocol version 2 identity to contain identity + plus x509 certificate. These files contain sensitive data and + should be readable by the user but not accessible by others + (read/write/execute). Note that ssh ignores a private key file + if it is accessible by others. It is possible to specify a + passphrase when generating the key; the passphrase will be used + to encrypt the sensitive part of this file using 3DES. $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub Contains the public key for authentication (public part of the - identity file in human-readable form). The contents of the + identity file in human-readable form). Note that protocol ver- + sion 2 while a identity contain private key and x509 certificate + this file must contain that certificate. The contents of the $HOME/.ssh/identity.pub file should be added to the file $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using protocol version 1 RSA authentication. The con- tents of the $HOME/.ssh/id_dsa.pub and $HOME/.ssh/id_rsa.pub file should be added to $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using protocol version 2 DSA/RSA - authentication. These files are not sensitive and can (but need + authentication. In case with x509 certificates user can use + ``new style''. Instead to add content of file to authorized_keys + user can write certificate ``Distinguished Name''. See sshd(8) + manual page. These files are not sensitive and can (but need not) be readable by anyone. These files are never used automati- cally and are not necessary; they are only provided for the con- venience of the user. @@ -551,12 +563,12 @@ configuration options are described in ssh_config(5). $HOME/.ssh/authorized_keys - Lists the public keys (RSA/DSA) that can be used for logging in - as this user. The format of this file is described in the - sshd(8) manual page. In the simplest form the format is the same - as the .pub identity files. This file is not highly sensitive, - but the recommended permissions are read/write for the user, and - not accessible by others. + Lists the public keys (RSA/DSA) or certificates that can be used + for logging in as this user. The format of this file is + described in the sshd(8) manual page. In the simplest form the + format is the same as the .pub identity files. This file is not + highly sensitive, but the recommended permissions are read/write + for the user, and not accessible by others. /etc/ssh/ssh_known_hosts Systemwide list of known host keys. This file should be prepared @@ -564,17 +576,19 @@ all machines in the organization. This file should be world- readable. This file contains public keys, one per line, in the following format (fields separated by spaces): system name, pub- - lic key and optional comment field. When different names are - used for the same machine, all such names should be listed, sepa- - rated by commas. The format is described in the sshd(8) manual - page. + lic key and optional comment field. When a x509 certificate is + used as host key instead of public key line contain certificate + (old style) or certificate ``Distinguished Name''. When differ- + ent names are used for the same machine, all such names should be + listed, separated by commas. The format is described in the + sshd(8) manual page. The canonical system name (as returned by name servers) is used by sshd(8) to verify the client host when logging in; other names are needed because ssh does not convert the user-supplied name to a canonical name before checking the key, because someone with - access to the name servers would then be able to fool host au- - thentication. + access to the name servers would then be able to fool host + authentication. /etc/ssh/ssh_config Systemwide configuration file. The file format and configuration @@ -584,12 +598,39 @@ /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys and are used for RhostsRSAAuthentication and HostbasedAuthentication. - If the protocol version 1 RhostsRSAAuthentication method is used, - ssh must be setuid root, since the host key is readable only by - root. For protocol version 2, ssh uses ssh-keysign(8) to access - the host keys for HostbasedAuthentication. This eliminates the - requirement that ssh be setuid root when that authentication - method is used. By default ssh is not setuid root. + It is possible files to contain private part plus x509 certifi- + cate for protocol version 2 keys. If the protocol version 1 + RhostsRSAAuthentication method is used, ssh must be setuid root, + since the host key is readable only by root. For protocol ver- + sion 2, ssh uses ssh-keysign(8) to access the host keys for + HostbasedAuthentication. This eliminates the requirement that + ssh be setuid root when that authentication method is used. By + default ssh is not setuid root. When a certificate is used as + host key for hostbased authentication that certificate must have + client purpose too or server configuration must permit connection + without client purpose. For allowed client certificate purposes + see sshd_config(5). + + /etc/ssh/ca/ca-bundle.crt and /etc/ssh/ca/ca-bundle.crl + Part of systemwide ``X509 store''. The first file contain multi- + ple certificates and the second ``Certificate Revocation List'' + (CRLs) of certificate signers in PEM format concatenated + together. Used in verification of server host key certificate. + + /etc/ssh/ca/crt and /etc/ssh/ca/crl + Part of systemwide ``X509 store''. ``Hash dirs'' with certifi- + cates, the first file or CLRs, the second of certificate signers. + Each certificate should be stored in separate file with name + [HASH].[NUMBER] or [HASH].r[NUMBER] for the CRL, where [HASH] is + certificate or CRL hash value and [NUMBER] is an integer starting + from zero. Used in verification of server host key certificate. + + ~/.ssh/ca/ca-bundle.crt and ~/.ssh/ca/ca-bundle.crl + Part of user ``X509 store''. Same as above systemwide files. + + ~/.ssh/ca/crt and ~/.ssh/ca/crl + Part of user ``X509 store''. Same as above systemwide directo- + ries. $HOME/.rhosts This file is used in rhosts authentication to list the host/user @@ -604,8 +645,8 @@ for anyone else. The recommended permission for most machines is read/write for the user, and not accessible by others. - Note that by default sshd(8) will be installed so that it re- - quires successful RSA host authentication before permitting + Note that by default sshd(8) will be installed so that it + requires successful RSA host authentication before permitting rhosts authentication. If the server machine does not have the client's host key in /etc/ssh/ssh_known_hosts, it can be stored in $HOME/.ssh/known_hosts. The easiest way to do this is to con- @@ -622,8 +663,8 @@ canonical hosts names, one per line (the full format is described in the sshd(8) manual page). If the client host is found in this file, login is automatically permitted provided client and server - user names are the same. Additionally, successful RSA host au- - thentication is normally required. This file should only be + user names are the same. Additionally, successful RSA host + authentication is normally required. This file should only be writable by root. /etc/shosts.equiv @@ -661,8 +702,9 @@ AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo - de Raadt and Dug Song removed many bugs, re-added newer features and - created OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. + de Raadt and Dug Song removed many bugs, re-added newer features and cre- + ated OpenSSH. Markus Friedl contributed the support for SSH protocol + versions 1.5 and 2.0. Roumen Petrov contributed support for x509 cer- + tificates. -OpenBSD 3.4 September 25, 1999 11 +BSD September 25, 1999 BSD diff -ruN openssh-3.8p1/ssh.1 openssh-3.8p1+x509g3/ssh.1 --- openssh-3.8p1/ssh.1 2003-12-17 07:33:11.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh.1 2004-02-25 09:06:00.000000000 +0200 @@ -13,6 +13,7 @@ .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. .\" Copyright (c) 1999 Aaron Campbell. All rights reserved. .\" Copyright (c) 1999 Theo de Raadt. All rights reserved. +.\" Copyright (c) 2002 Roumen Petrov. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -34,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.181 2003/12/16 15:49:51 markus Exp $ +.\" $OpenBSD$ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -226,10 +227,15 @@ .Pa $HOME/.ssh/id_dsa or .Pa $HOME/.ssh/id_rsa , +which can contain a x509 certificate in addition to key to sign the session identifier and sends the result to the server. -The server checks whether the matching public key is listed in +The server checks whether the matching public key or certificate +is listed in .Pa $HOME/.ssh/authorized_keys and grants access if both the key is found and the signature is correct. +In case with x509 certificate server perform additional verification of +that certificate through database with certificates and CRLs of certificate +signers. The session identifier is derived from a shared Diffie-Hellman value and is only known to the client and the server. .Pp @@ -532,6 +538,8 @@ and .Pa $HOME/.ssh/id_dsa for protocol version 2. +For protocol version 2 is possible identity to contain in addition +a x509 certificate. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple @@ -849,6 +857,8 @@ .It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa Contains the authentication identity of the user. They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. +It is possible protocol version 2 identity to contain identity plus +x509 certificate. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). @@ -861,6 +871,8 @@ .It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub Contains the public key for authentication (public part of the identity file in human-readable form). +Note that protocol version 2 while a identity contain private key and +x509 certificate this file must contain that certificate. The contents of the .Pa $HOME/.ssh/identity.pub file should be added to the file @@ -875,6 +887,14 @@ .Pa $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using protocol version 2 DSA/RSA authentication. +In case with x509 certificates user can use +.Dq "new style" . +Instead to add content of file to authorized_keys user can write +certificate +.Dq "Distinguished Name" . +See +.Xr sshd 8 +manual page. These files are not sensitive and can (but need not) be readable by anyone. These files are @@ -885,7 +905,8 @@ The file format and configuration options are described in .Xr ssh_config 5 . .It Pa $HOME/.ssh/authorized_keys -Lists the public keys (RSA/DSA) that can be used for logging in as this user. +Lists the public keys (RSA/DSA) or certificates that can be used for +logging in as this user. The format of this file is described in the .Xr sshd 8 manual page. @@ -903,6 +924,9 @@ This file contains public keys, one per line, in the following format (fields separated by spaces): system name, public key and optional comment field. +When a x509 certificate is used as host key instead of public key line +contain certificate (old style) or certificate +.Dq "Distinguished Name" . When different names are used for the same machine, all such names should be listed, separated by commas. @@ -927,6 +951,8 @@ .Cm RhostsRSAAuthentication and .Cm HostbasedAuthentication . +It is possible files to contain private part plus x509 certificate for +protocol version 2 keys. If the protocol version 1 .Cm RhostsRSAAuthentication method is used, @@ -944,6 +970,37 @@ By default .Nm is not setuid root. +When a certificate is used as host key for hostbased authentication +that certificate must have client purpose too or server configuration +must permit connection without client purpose. For allowed client +certificate purposes see +.Xr sshd_config 5 . +.It Pa "/etc/ssh/ca/ca-bundle.crt" and "/etc/ssh/ca/ca-bundle.crl" +Part of systemwide +.Dq "X509 store" . +The first file contain multiple certificates and the second +.Dq "Certificate Revocation List" +(CRLs) of certificate signers in PEM format concatenated together. +Used in verification of server host key certificate. +.It Pa "/etc/ssh/ca/crt" and Pa "/etc/ssh/ca/crl" +Part of systemwide +.Dq "X509 store" . +.Dq "Hash dirs" +with certificates, the first file or CLRs, the second of +certificate signers. +Each certificate should be stored in separate file with name +[HASH].[NUMBER] or [HASH].r[NUMBER] for the CRL, where [HASH] is +certificate or CRL hash value and [NUMBER] is an integer starting +from zero. +Used in verification of server host key certificate. +.It Pa "~/.ssh/ca/ca-bundle.crt" and "~/.ssh/ca/ca-bundle.crl" +Part of user +.Dq "X509 store" . +Same as above systemwide files. +.It Pa "~/.ssh/ca/crt" and Pa "~/.ssh/ca/crl" +Part of user +.Dq "X509 store" . +Same as above systemwide directories. .It Pa $HOME/.rhosts This file is used in .Em rhosts @@ -1066,3 +1123,4 @@ created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. +Roumen Petrov contributed support for x509 certificates. diff -ruN openssh-3.8p1/ssh-add.0 openssh-3.8p1+x509g3/ssh-add.0 --- openssh-3.8p1/ssh-add.0 2004-02-24 08:23:00.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh-add.0 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -SSH-ADD(1) OpenBSD Reference Manual SSH-ADD(1) +SSH-ADD(1) System General Commands Manual SSH-ADD(1) NAME ssh-add - adds RSA or DSA identities to the authentication agent @@ -76,11 +76,13 @@ $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of - the user. + the user. It is possible to contain identity plus x509 certifi- + cate. $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of - the user. + the user. It is possible to contain identity plus x509 certifi- + cate. Identity files should not be readable by anyone but the user. Note that ssh-add ignores identity files if they are accessible by others. @@ -97,6 +99,7 @@ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer features and cre- ated OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. + versions 1.5 and 2.0. Roumen Petrov contributed support for x509 cer- + tificates. -OpenBSD 3.4 September 25, 1999 2 +BSD September 25, 1999 BSD diff -ruN openssh-3.8p1/ssh-add.1 openssh-3.8p1+x509g3/ssh-add.1 --- openssh-3.8p1/ssh-add.1 2003-12-09 10:01:52.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh-add.1 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.40 2003/11/25 23:10:08 matthieu Exp $ +.\" $OpenBSD$ .\" .\" -*- nroff -*- .\" @@ -16,6 +16,7 @@ .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. .\" Copyright (c) 1999 Aaron Campbell. All rights reserved. .\" Copyright (c) 1999 Theo de Raadt. All rights reserved. +.\" Copyright (c) 2002 Roumen Petrov. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -145,8 +146,10 @@ Contains the protocol version 1 RSA authentication identity of the user. .It Pa $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. +It is possible to contain identity plus x509 certificate. .It Pa $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. +It is possible to contain identity plus x509 certificate. .El .Pp Identity files should not be readable by anyone but the user. @@ -172,3 +175,4 @@ created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. +Roumen Petrov contributed support for x509 certificates. diff -ruN openssh-3.8p1/ssh-add.c openssh-3.8p1+x509g3/ssh-add.c --- openssh-3.8p1/ssh-add.c 2003-11-21 14:48:56.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh-add.c 2004-02-25 09:06:01.000000000 +0200 @@ -12,6 +12,8 @@ * * SSH2 implementation, * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * X509 certificates support, + * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -35,7 +37,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.69 2003/11/21 11:57:03 djm Exp $"); +RCSID("$OpenBSD$"); #include @@ -49,6 +51,7 @@ #include "pathnames.h" #include "readpass.h" #include "misc.h" +#include "ssh-x509.h" #ifdef HAVE___PROGNAME extern char *__progname; @@ -235,9 +238,20 @@ key_size(key), fp, comment, key_type(key)); xfree(fp); } else { +#ifndef SSH_X509STORE_DISABLED + if ((key->type == KEY_X509_RSA) || (key->type == KEY_X509_DSA)) { + /* key_write will print x509 certificate in blob format :-( */ + if(!x509key_write_subject(key, stdout)) + fprintf(stderr, "x509key_write_subject failed"); + fprintf(stdout, "\n"); + } else { +#endif /*ndef SSH_X509STORE_DISABLED*/ if (!key_write(key, stdout)) fprintf(stderr, "key_write failed"); fprintf(stdout, " %s\n", comment); +#ifndef SSH_X509STORE_DISABLED + } +#endif /*ndef SSH_X509STORE_DISABLED*/ } key_free(key); xfree(comment); diff -ruN openssh-3.8p1/ssh-agent.0 openssh-3.8p1+x509g3/ssh-agent.0 --- openssh-3.8p1/ssh-agent.0 2004-02-24 08:23:00.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh-agent.0 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -SSH-AGENT(1) OpenBSD Reference Manual SSH-AGENT(1) +SSH-AGENT(1) System General Commands Manual SSH-AGENT(1) NAME ssh-agent - authentication agent @@ -18,8 +18,8 @@ The options are as follows: -a bind_address - Bind the agent to the unix-domain socket bind_address. The de- - fault is /tmp/ssh-XXXXXXXX/agent.. + Bind the agent to the unix-domain socket bind_address. The + default is /tmp/ssh-XXXXXXXX/agent.. -c Generate C-shell commands on stdout. This is the default if SHELL looks like it's a csh style of shell. @@ -34,8 +34,8 @@ Set a default value for the maximum lifetime of identities added to the agent. The lifetime may be specified in seconds or in a time format specified in sshd(8). A lifetime specified for an - identity with ssh-add(1) overrides this value. Without this op- - tion the default maximum lifetime is forever. + identity with ssh-add(1) overrides this value. Without this + option the default maximum lifetime is forever. -d Debug mode. When this option is specified ssh-agent will not fork. @@ -67,15 +67,15 @@ looks at these variables and uses them to establish a connection to the agent. - The agent will never send a private key over its request channel. In- - stead, operations that require a private key will be performed by the + The agent will never send a private key over its request channel. + Instead, operations that require a private key will be performed by the agent, and the result will be returned to the requester. This way, pri- vate keys are not exposed to clients using the agent. A unix-domain socket is created and the name of this socket is stored in the SSH_AUTH_SOCK environment variable. The socket is made accessible - only to the current user. This method is easily abused by root or anoth- - er instance of the same user. + only to the current user. This method is easily abused by root or + another instance of the same user. The SSH_AGENT_PID environment variable holds the agent's process ID. @@ -89,11 +89,13 @@ $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of - the user. + the user. It is possible to contain identity plus x509 certifi- + cate. $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of - the user. + the user. It is possible to contain identity plus x509 certifi- + cate. /tmp/ssh-XXXXXXXX/agent. Unix-domain sockets used to contain the connection to the authen- @@ -109,6 +111,7 @@ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer features and cre- ated OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. + versions 1.5 and 2.0. Roumen Petrov contributed support for x509 cer- + tificates. -OpenBSD 3.4 September 25, 1999 2 +BSD September 25, 1999 BSD diff -ruN openssh-3.8p1/ssh-agent.1 openssh-3.8p1+x509g3/ssh-agent.1 --- openssh-3.8p1/ssh-agent.1 2003-06-11 15:04:39.000000000 +0300 +++ openssh-3.8p1+x509g3/ssh-agent.1 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.39 2003/06/10 09:12:11 jmc Exp $ +.\" $OpenBSD$ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -13,6 +13,7 @@ .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. .\" Copyright (c) 1999 Aaron Campbell. All rights reserved. .\" Copyright (c) 1999 Theo de Raadt. All rights reserved. +.\" Copyright (c) 2002 Roumen Petrov. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -171,8 +172,10 @@ Contains the protocol version 1 RSA authentication identity of the user. .It Pa $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. +It is possible to contain identity plus x509 certificate. .It Pa $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. +It is possible to contain identity plus x509 certificate. .It Pa /tmp/ssh-XXXXXXXX/agent. Unix-domain sockets used to contain the connection to the authentication agent. @@ -193,3 +196,4 @@ created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. +Roumen Petrov contributed support for x509 certificates. diff -ruN openssh-3.8p1/ssh-agent.c openssh-3.8p1+x509g3/ssh-agent.c --- openssh-3.8p1/ssh-agent.c 2003-12-09 10:15:11.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh-agent.c 2004-02-25 09:06:01.000000000 +0200 @@ -11,6 +11,8 @@ * called by a name other than "ssh" or "Secure Shell". * * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. + * X509 certificates support, + * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -35,7 +37,7 @@ #include "includes.h" #include "openbsd-compat/sys-queue.h" -RCSID("$OpenBSD: ssh-agent.c,v 1.117 2003/12/02 17:01:15 markus Exp $"); +RCSID("$OpenBSD$"); #include #include @@ -50,6 +52,7 @@ #include "authfd.h" #include "compat.h" #include "log.h" +#include "ssh-x509.h" #include "readpass.h" #include "misc.h" @@ -458,6 +461,7 @@ xfree(type_name); switch (type) { case KEY_DSA: + case KEY_X509_DSA: k = key_new_private(type); buffer_get_bignum2(&e->request, k->dsa->p); buffer_get_bignum2(&e->request, k->dsa->q); @@ -466,6 +470,7 @@ buffer_get_bignum2(&e->request, k->dsa->priv_key); break; case KEY_RSA: + case KEY_X509_RSA: k = key_new_private(type); buffer_get_bignum2(&e->request, k->rsa->n); buffer_get_bignum2(&e->request, k->rsa->e); @@ -481,10 +486,29 @@ buffer_clear(&e->request); goto send; } + switch (type) { + case KEY_X509_RSA: + case KEY_X509_DSA: { + u_char *blob = NULL; + u_int blen = 0; + Key *key = NULL; + + blob = buffer_get_string(&e->request, &blen); + key = x509key_from_blob(blob, blen); + if(key == NULL) { + fatal("process_add_identity() x509key_from_blob fail"); + } + k->x509 = key->x509; + key->x509 = NULL; + key_free(key); + } + break; + } break; } /* enable blinding */ switch (k->type) { + case KEY_X509_RSA: case KEY_RSA: case KEY_RSA1: if (RSA_blinding_on(k->rsa, NULL) != 1) { diff -ruN openssh-3.8p1/ssh_config openssh-3.8p1+x509g3/ssh_config --- openssh-3.8p1/ssh_config 2003-08-13 13:37:05.000000000 +0300 +++ openssh-3.8p1+x509g3/ssh_config 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -# $OpenBSD: ssh_config,v 1.19 2003/08/13 08:46:31 markus Exp $ +# $OpenBSD$ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for @@ -35,3 +35,13 @@ # Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc # EscapeChar ~ +# X509rsaSigType=md5 +# AllowedCertPurpose sslserver +# CACertificateFile /etc/ssh/ca/ca-bundle.crt +# CACertificatePath /etc/ssh/ca/crt +# CARevocationFile /etc/ssh/ca/ca-bundle.crl +# CARevocationPath /etc/ssh/ca/crl +# UserCACertificateFile ~/.ssh/ca-bundle.crt +# UserCACertificatePath ~/.ssh/crt +# UserCARevocationFile ~/.ssh/ca-bundle.crl +# UserCARevocationPath ~/.ssh/crl diff -ruN openssh-3.8p1/ssh_config.0 openssh-3.8p1+x509g3/ssh_config.0 --- openssh-3.8p1/ssh_config.0 2004-02-24 08:23:07.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh_config.0 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -SSH_CONFIG(5) OpenBSD Programmer's Manual SSH_CONFIG(5) +SSH_CONFIG(5) System File Formats Manual SSH_CONFIG(5) NAME ssh_config - OpenSSH SSH client configuration files @@ -46,10 +46,20 @@ canonicalized host name before matching). AddressFamily - Specifies which address family to use when connecting. Valid ar- - guments are ``any'', ``inet'' (Use IPv4 only) or ``inet6'' (Use + Specifies which address family to use when connecting. Valid + arguments are ``any'', ``inet'' (Use IPv4 only) or ``inet6'' (Use IPv6 only.) + AllowedCertPurpose + The intended use for the X509 server certificate. Without this + option no chain verification will be done. Currently accepted + uses are case insensitive: + - `sslserver' , `SSL server' , `SSL_server' or `server' ; + - `any' , `Any Purpose' , `Any_Purpose' or `AnyPurpose' ; + - `skip' or `' (empty): do not check purpose. + + The default is ``sslserver''. + BatchMode If set to ``yes'', passphrase/password querying will be disabled. This option is useful in scripts and other batch jobs where no @@ -61,6 +71,29 @@ interfaces or aliased addresses. Note that this option does not work if UsePrivilegedPort is set to ``yes''. + CACertificateFile + This file contain multiple certificates of certificate signers in + PEM format concatenated together. The default is + /etc/ssh/ca/ca-bundle.crt + + CACertificatePath + ``Hash dir'' with certificates of certificate signers. Each cer- + tificate should be stored in separate file with name [HASH].[NUM- + BER], where [HASH] is certificate hash value and [NUMBER] is an + integer starting from zero. The default is /etc/ssh/ca/crt + + CARevocationFile + This file contain multiple ``Certificate Revocation List'' (CRL) + of certificate signers in PEM format concatenated together. The + default is /etc/ssh/ca/ca-bundle.crl + + CARevocationPath + ``Hash dir'' with ``Certificate Revocation List'' (CRL) of cer- + tificate signers. Each CRL should be stored in separate file with + name [HASH].r[NUMBER], where [HASH] is CRL hash value and [NUM- + BER] is an integer starting from zero. The default is + /etc/ssh/ca/crl + ChallengeResponseAuthentication Specifies whether to use challenge response authentication. The argument to this keyword must be ``yes'' or ``no''. The default @@ -68,22 +101,22 @@ CheckHostIP If this flag is set to ``yes'', ssh will additionally check the - host IP address in the known_hosts file. This allows ssh to de- - tect if a host key changed due to DNS spoofing. If the option is - set to ``no'', the check will not be executed. The default is + host IP address in the known_hosts file. This allows ssh to + detect if a host key changed due to DNS spoofing. If the option + is set to ``no'', the check will not be executed. The default is ``yes''. Cipher Specifies the cipher to use for encrypting the session in proto- col version 1. Currently, ``blowfish'', ``3des'', and ``des'' - are supported. des is only supported in the ssh client for in- - teroperability with legacy protocol 1 implementations that do not - support the 3des cipher. Its use is strongly discouraged due to - cryptographic weaknesses. The default is ``3des''. + are supported. des is only supported in the ssh client for + interoperability with legacy protocol 1 implementations that do + not support the 3des cipher. Its use is strongly discouraged due + to cryptographic weaknesses. The default is ``3des''. Ciphers Specifies the ciphers allowed for protocol version 2 in order of - preference. Multiple ciphers must be comma-separated. The de- - fault is + preference. Multiple ciphers must be comma-separated. The + default is ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, aes192-cbc,aes256-cbc'' @@ -108,24 +141,24 @@ option applies to protocol version 1 only. ConnectionAttempts - Specifies the number of tries (one per second) to make before ex- - iting. The argument must be an integer. This may be useful in + Specifies the number of tries (one per second) to make before + exiting. The argument must be an integer. This may be useful in scripts if the connection sometimes fails. The default is 1. ConnectTimeout Specifies the timeout (in seconds) used when connecting to the ssh server, instead of using the default system TCP timeout. - This value is used only when the target is down or really un- - reachable, not when it refuses the connection. + This value is used only when the target is down or really + unreachable, not when it refuses the connection. DynamicForward Specifies that a TCP/IP port on the local machine be forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. The argument must be a port number. Currently the SOCKS4 and - SOCKS5 protocols are supported, and ssh will act as a SOCKS serv- - er. Multiple forwardings may be specified, and additional for- - wardings can be given on the command line. Only the superuser + SOCKS5 protocols are supported, and ssh will act as a SOCKS + server. Multiple forwardings may be specified, and additional + forwardings can be given on the command line. Only the superuser can forward privileged ports. EnableSSHKeysign @@ -157,9 +190,9 @@ the agent. ForwardX11 - Specifies whether X11 connections will be automatically redirect- - ed over the secure channel and DISPLAY set. The argument must be - ``yes'' or ``no''. The default is ``no''. + Specifies whether X11 connections will be automatically redi- + rected over the secure channel and DISPLAY set. The argument + must be ``yes'' or ``no''. The default is ``no''. X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the @@ -171,9 +204,9 @@ ForwardX11Trusted If the this option is set to ``yes'' then remote X11 clients will have full access to the original X11 display. If this option is - set to ``no'' then remote X11 clients will be considered untrust- - ed and prevented from stealing or tampering with data belonging - to trusted X11 clients. + set to ``no'' then remote X11 clients will be considered + untrusted and prevented from stealing or tampering with data + belonging to trusted X11 clients. The default is ``no''. @@ -185,9 +218,10 @@ forwarded ports. By default, ssh binds local port forwardings to the loopback address. This prevents other remote hosts from con- necting to forwarded ports. GatewayPorts can be used to specify - that ssh should bind local port forwardings to the wildcard ad- - dress, thus allowing remote hosts to connect to forwarded ports. - The argument must be ``yes'' or ``no''. The default is ``no''. + that ssh should bind local port forwardings to the wildcard + address, thus allowing remote hosts to connect to forwarded + ports. The argument must be ``yes'' or ``no''. The default is + ``no''. GlobalKnownHostsFile Specifies a file to use for the global host key database instead @@ -200,19 +234,19 @@ GSSAPIDelegateCredentials Forward (delegate) credentials to the server. The default is - ``no''. Note that this option applies to protocol version 2 on- - ly. + ``no''. Note that this option applies to protocol version 2 + only. HostbasedAuthentication Specifies whether to try rhosts based authentication with public key authentication. The argument must be ``yes'' or ``no''. The - default is ``no''. This option applies to protocol version 2 on- - ly and is similar to RhostsRSAAuthentication. + default is ``no''. This option applies to protocol version 2 + only and is similar to RhostsRSAAuthentication. HostKeyAlgorithms Specifies the protocol version 2 host key algorithms that the client wants to use in order of preference. The default for this - option is: ``ssh-rsa,ssh-dss''. + option is: ``x509v3-sign-rsa,x509v3-sign-dss,ssh-rsa,ssh-dss''. HostKeyAlias Specifies an alias that should be used instead of the real host @@ -231,12 +265,13 @@ Specifies a file from which the user's RSA or DSA authentication identity is read. The default is $HOME/.ssh/identity for proto- col version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for - protocol version 2. Additionally, any identities represented by - the authentication agent will be used for authentication. The - file name may use the tilde syntax to refer to a user's home di- - rectory. It is possible to have multiple identity files speci- - fied in configuration files; all these identities will be tried - in sequence. + protocol version 2. For version 2 is possible identity file to + contain key plus x509 certificate. Additionally, any identities + represented by the authentication agent will be used for authen- + tication. The file name may use the tilde syntax to refer to a + user's home directory. It is possible to have multiple identity + files specified in configuration files; all these identities will + be tried in sequence. LocalForward Specifies that a TCP/IP port on the local machine be forwarded @@ -254,20 +289,20 @@ DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify higher levels of verbose output. - MACs Specifies the MAC (message authentication code) algorithms in or- - der of preference. The MAC algorithm is used in protocol version - 2 for data integrity protection. Multiple algorithms must be - comma-separated. The default is ``hmac-md5,hmac-sha1,hmac- - ripemd160,hmac-sha1-96,hmac-md5-96''. + MACs Specifies the MAC (message authentication code) algorithms in + order of preference. The MAC algorithm is used in protocol ver- + sion 2 for data integrity protection. Multiple algorithms must + be comma-separated. The default is + ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96''. NoHostAuthenticationForLocalhost This option can be used if the home directory is shared across - machines. In this case localhost will refer to a different ma- - chine on each of the machines and the user will get many warnings - about changed host keys. However, this option disables host au- - thentication for localhost. The argument to this keyword must be - ``yes'' or ``no''. The default is to check the host key for lo- - calhost. + machines. In this case localhost will refer to a different + machine on each of the machines and the user will get many warn- + ings about changed host keys. However, this option disables host + authentication for localhost. The argument to this keyword must + be ``yes'' or ``no''. The default is to check the host key for + localhost. NumberOfPasswordPrompts Specifies the number of password prompts before giving up. The @@ -282,11 +317,11 @@ is 22. PreferredAuthentications - Specifies the order in which the client should try protocol 2 au- - thentication methods. This allows a client to prefer one method - (e.g. keyboard-interactive) over another method (e.g. password) - The default for this option is: ``hostbased,publickey,keyboard- - interactive,password''. + Specifies the order in which the client should try protocol 2 + authentication methods. This allows a client to prefer one + method (e.g. keyboard-interactive) over another method (e.g. + password) The default for this option is: + ``hostbased,publickey,keyboard-interactive,password''. Protocol Specifies the protocol versions ssh should support in order of @@ -304,10 +339,10 @@ write to its standard output. It should eventually connect an sshd(8) server running on some machine, or execute sshd -i some- where. Host key management will be done using the HostName of - the host being connected (defaulting to the name typed by the us- - er). Setting the command to ``none'' disables this option en- - tirely. Note that CheckHostIP is not available for connects with - a proxy command. + the host being connected (defaulting to the name typed by the + user). Setting the command to ``none'' disables this option + entirely. Note that CheckHostIP is not available for connects + with a proxy command. PubkeyAuthentication Specifies whether to try public key authentication. The argument @@ -357,9 +392,9 @@ tion has become inactive. The default value is 3. If, for example, ServerAliveInterval - (above) is set to 15, and ServerAliveCountMax is left at the de- - fault, if the server becomes unresponsive ssh will disconnect af- - ter approximately 45 seconds. + (above) is set to 15, and ServerAliveCountMax is left at the + default, if the server becomes unresponsive ssh will disconnect + after approximately 45 seconds. SmartcardDevice Specifies which smartcard device to use. The argument to this @@ -410,6 +445,18 @@ trouble of having to remember to give the user name on the com- mand line. + UserCACertificateFile + User CACertificateFile , the default is ~/.ssh/ca-bundle.crt + + UserCACertificatePath + User CACertificatePath , the default is ~/.ssh/crt + + UserCARevocationFile + User CARevocationFile , the default is ~/.ssh/ca-bundle.crl + + UserCARevocationPath + User CARevocationPath , the default is ~/.ssh/crl + UserKnownHostsFile Specifies a file to use for the user host key database instead of $HOME/.ssh/known_hosts. @@ -430,13 +477,20 @@ Specifies the full pathname of the xauth(1) program. The default is /usr/X11R6/bin/xauth. + X509rsaSigType + Temporary option. Specifies signature digest type for + `x509v3-sign-rsa keys'. The possible values are ``md5'' and + ``sha1''. Use this option only in session with other SecSH + servers with X.509 certificates as identity or host key. The + default is ``md5''. + FILES $HOME/.ssh/config This is the per-user configuration file. The format of this file is described above. This file is used by the ssh client. This file does not usually contain any sensitive information, but the - recommended permissions are read/write for the user, and not ac- - cessible by others. + recommended permissions are read/write for the user, and not + accessible by others. /etc/ssh/ssh_config Systemwide configuration file. This file provides defaults for @@ -452,6 +506,7 @@ Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer features and cre- ated OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. + versions 1.5 and 2.0. Roumen Petrov contributed support for x509 cer- + tificates. -OpenBSD 3.4 September 25, 1999 7 +BSD September 25, 1999 BSD diff -ruN openssh-3.8p1/ssh_config.5 openssh-3.8p1+x509g3/ssh_config.5 --- openssh-3.8p1/ssh_config.5 2003-12-17 07:33:11.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh_config.5 2004-02-25 09:06:00.000000000 +0200 @@ -13,6 +13,7 @@ .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. .\" Copyright (c) 1999 Aaron Campbell. All rights reserved. .\" Copyright (c) 1999 Theo de Raadt. All rights reserved. +.\" Copyright (c) 2002 Roumen Petrov. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -34,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.28 2003/12/16 15:49:51 markus Exp $ +.\" $OpenBSD$ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -123,6 +124,39 @@ (Use IPv4 only) or .Dq inet6 (Use IPv6 only.) +.It Cm AllowedCertPurpose +The intended use for the X509 server certificate. Without this option +no chain verification will be done. Currently accepted uses are case +insensitive: +.Bl -hyphen -compact +.It +.Sq sslserver +, +.Sq SSL server +, +.Sq SSL_server +or +.Sq server +; +.It +.Sq any +, +.Sq Any Purpose +, +.Sq Any_Purpose +or +.Sq AnyPurpose +; +.It +.Sq skip +or +.Sq +.. +(empty): do not check purpose. +.El +.Pp +The default is +.Dq sslserver . .It Cm BatchMode If set to .Dq yes , @@ -142,6 +176,35 @@ .Cm UsePrivilegedPort is set to .Dq yes . +.Pp +.It Cm CACertificateFile +This file contain multiple certificates of certificate signers in +PEM format concatenated together. The default is +.Pa /etc/ssh/ca/ca-bundle.crt +.Pp +.It Cm CACertificatePath +.Dq "Hash dir" +with certificates of certificate signers. Each certificate should be +stored in separate file with name [HASH].[NUMBER], where [HASH] is +certificate hash value and [NUMBER] is an integer starting from zero. +The default is +.Pa /etc/ssh/ca/crt +.Pp +.It Cm CARevocationFile +This file contain multiple +.Dq "Certificate Revocation List" +(CRL) of certificate signers in PEM format concatenated together. +The default is +.Pa /etc/ssh/ca/ca-bundle.crl +.Pp +.It Cm CARevocationPath +.Dq "Hash dir" +with +.Dq "Certificate Revocation List" +(CRL) of certificate signers. Each CRL should be stored in separate +file with name [HASH].r[NUMBER], where [HASH] is CRL hash value and +[NUMBER] is an integer starting from zero. The default is +.Pa /etc/ssh/ca/crl .It Cm ChallengeResponseAuthentication Specifies whether to use challenge response authentication. The argument to this keyword must be @@ -375,7 +438,7 @@ Specifies the protocol version 2 host key algorithms that the client wants to use in order of preference. The default for this option is: -.Dq ssh-rsa,ssh-dss . +.Dq x509v3-sign-rsa,x509v3-sign-dss,ssh-rsa,ssh-dss . .It Cm HostKeyAlias Specifies an alias that should be used instead of the real host name when looking up or saving the host key @@ -399,6 +462,7 @@ and .Pa $HOME/.ssh/id_dsa for protocol version 2. +For version 2 is possible identity file to contain key plus x509 certificate. Additionally, any identities represented by the authentication agent will be used for authentication. The file name may use the tilde @@ -669,6 +733,30 @@ This can be useful when a different user name is used on different machines. This saves the trouble of having to remember to give the user name on the command line. +.Pp +.It Cm UserCACertificateFile +User +.Cm CACertificateFile +, the default is +.Pa ~/.ssh/ca-bundle.crt +.Pp +.It Cm UserCACertificatePath +User +.Cm CACertificatePath +, the default is +.Pa ~/.ssh/crt +.Pp +.It Cm UserCARevocationFile +User +.Cm CARevocationFile +, the default is +.Pa ~/.ssh/ca-bundle.crl +.Pp +.It Cm UserCARevocationPath +User +.Cm CARevocationPath +, the default is +.Pa ~/.ssh/crl .It Cm UserKnownHostsFile Specifies a file to use for the user host key database instead of @@ -702,6 +790,18 @@ program. The default is .Pa /usr/X11R6/bin/xauth . +.It Cm X509rsaSigType +Temporary option. +Specifies signature digest type for +.Sq x509v3-sign-rsa keys . +The possible values are +.Dq md5 +and +.Dq sha1 . +Use this option only in session with other SecSH servers +with X.509 certificates as identity or host key. +The default is +.Dq md5 . .El .Sh FILES .Bl -tag -width Ds @@ -732,3 +832,4 @@ created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. +Roumen Petrov contributed support for x509 certificates. diff -ruN openssh-3.8p1/sshconnect.c openssh-3.8p1+x509g3/sshconnect.c --- openssh-3.8p1/sshconnect.c 2004-01-27 12:21:27.000000000 +0200 +++ openssh-3.8p1+x509g3/sshconnect.c 2004-02-25 09:06:01.000000000 +0200 @@ -10,10 +10,13 @@ * software must be clearly marked as such, and if the derived work is * incompatible with the protocol description in the RFC file, it must be * called by a name other than "ssh" or "Secure Shell". + * + * X509 certificates support, + * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. */ #include "includes.h" -RCSID("$OpenBSD: sshconnect.c,v 1.156 2004/01/25 03:49:09 djm Exp $"); +RCSID("$OpenBSD$"); #include @@ -32,12 +35,24 @@ #include "atomicio.h" #include "misc.h" #include "readpass.h" +#include "ssh-x509.h" #include "dns.h" char *client_version_string = NULL; char *server_version_string = NULL; +/* rumen-XXX: X.509 RSASIG check */ +extern void (*plogx509rsasig)(const char *msg); +static void logx509rsasig(const char *msg) { + logit("%.400s: server=%.200s (client=%.200s)", + msg, + (server_version_string ? server_version_string : "undefined"), + (client_version_string ? client_version_string : "undefined") + ); +} +/* rumen-XXX^ */ + int matching_host_key_dns = 0; /* import */ @@ -528,6 +543,8 @@ chop(client_version_string); chop(server_version_string); debug("Local version string %.100s", client_version_string); + + plogx509rsasig = logx509rsasig; /* rumen-XXX: X.509 RSASIG check */ } /* defaults to 'no' */ @@ -575,6 +592,7 @@ char msg[1024]; int len, host_line, ip_line; const char *host_file = NULL, *ip_file = NULL; + char extramsg[1024], *subject = NULL; /* * Force accepting of the host key for loopback/localhost. The @@ -738,13 +756,27 @@ "No matching host key fingerprint" " found in DNS.\n"); } + if ((host_key->type == KEY_X509_RSA) || (host_key->type == KEY_X509_DSA)) { + subject = x509key_subject(host_key); + snprintf(extramsg, sizeof(extramsg), + "Distinguished name is %.*s.\n", + X509KEY_SUBJECT_MAXLEN, subject); + } else { + subject = NULL; + *extramsg = '\0'; + } snprintf(msg, sizeof(msg), "The authenticity of host '%.200s (%s)' can't be " "established%s\n" "%s key fingerprint is %s.\n%s" + "%s" "Are you sure you want to continue connecting " "(yes/no)? ", - host, ip, msg1, type, fp, msg2); + host, ip, msg1, type, fp, msg2, extramsg); + if(subject != NULL) { + xfree(subject); + subject = NULL; + } xfree(fp); if (!confirm(msg)) goto fail; @@ -1011,7 +1043,8 @@ static int show_other_keys(const char *host, Key *key) { - int type[] = { KEY_RSA1, KEY_RSA, KEY_DSA, -1}; + int type[] = { KEY_RSA1, KEY_RSA, KEY_DSA, KEY_X509_RSA, KEY_X509_DSA, -1}; + int i, found = 0; for (i = 0; type[i] != -1; i++) { @@ -1056,6 +1089,12 @@ error("It is also possible that the %s host key has just been changed.", type); error("The fingerprint for the %s key sent by the remote host is\n%s.", type, fp); + if ((host_key->type == KEY_X509_RSA) || (host_key->type == KEY_X509_DSA)) { + char *subject = x509key_subject(host_key); + error("Distinguished name sent by remote host is\n%.*s.", + X509KEY_SUBJECT_MAXLEN, subject); + xfree(subject); + } error("Please contact your system administrator."); xfree(fp); diff -ruN openssh-3.8p1/sshd.0 openssh-3.8p1+x509g3/sshd.0 --- openssh-3.8p1/sshd.0 2004-02-24 08:23:04.000000000 +0200 +++ openssh-3.8p1+x509g3/sshd.0 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -SSHD(8) OpenBSD System Manager's Manual SSHD(8) +SSHD(8) System Manager's Manual SSHD(8) NAME sshd - OpenSSH SSH daemon @@ -14,8 +14,8 @@ intended to be as easy to install and use as possible. sshd is the daemon that listens for connections from clients. It is nor- - mally started at boot from /etc/rc. It forks a new daemon for each in- - coming connection. The forked daemons handle key exchange, encryption, + mally started at boot from /etc/rc. It forks a new daemon for each + incoming connection. The forked daemons handle key exchange, encryption, authentication, command execution, and data exchange. This implementa- tion of sshd supports both SSH protocol version 1 and 2 simultaneously. sshd works as follows: @@ -23,15 +23,15 @@ SSH protocol version 1 Each host has a host-specific RSA key (normally 1024 bits) used to iden- tify the host. Additionally, when the daemon starts, it generates a - server RSA key (normally 768 bits). This key is normally regenerated ev- - ery hour if it has been used, and is never stored on disk. + server RSA key (normally 768 bits). This key is normally regenerated + every hour if it has been used, and is never stored on disk. Whenever a client connects, the daemon responds with its public host and server keys. The client compares the RSA host key against its own database to verify that it has not changed. The client then generates a 256-bit random number. It encrypts this random number using both the - host key and the server key, and sends the encrypted number to the serv- - er. Both sides then use this random number as a session key which is + host key and the server key, and sends the encrypted number to the + server. Both sides then use this random number as a session key which is used to encrypt all further communications in the session. The rest of the session is encrypted using a conventional cipher, currently Blowfish or 3DES, with 3DES being used by default. The client selects the encryp- @@ -39,8 +39,8 @@ Next, the server and the client enter an authentication dialog. The client tries to authenticate itself using .rhosts authentication, .rhosts - authentication combined with RSA host authentication, RSA challenge-re- - sponse authentication, or password based authentication. + authentication combined with RSA host authentication, RSA challenge- + response authentication, or password based authentication. Regardless of the authentication type, the account is checked to ensure that it is accessible. An account is not accessible if it is locked, @@ -60,16 +60,17 @@ SSH protocol version 2 Version 2 works similarly: Each host has a host-specific key (RSA or DSA) - used to identify the host. However, when the daemon starts, it does not - generate a server key. Forward security is provided through a Diffie- - Hellman key agreement. This key agreement results in a shared session - key. + used to identify the host. It is possible host key to contain key plus + x509 certificate. However, when the daemon starts, it does not generate + a server key. Forward security is provided through a Diffie-Hellman key + agreement. This key agreement results in a shared session key. The rest of the session is encrypted using a symmetric cipher, currently 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit - AES. The client selects the encryption algorithm to use from those of- - fered by the server. Additionally, session integrity is provided through - a cryptographic message authentication code (hmac-sha1 or hmac-md5). + AES. The client selects the encryption algorithm to use from those + offered by the server. Additionally, session integrity is provided + through a cryptographic message authentication code (hmac-sha1 or hmac- + md5). Protocol version 2 provides a public key based user (PubkeyAuthentica- tion) or client host (HostbasedAuthentication) authentication method, @@ -116,8 +117,8 @@ -d Debug mode. The server sends verbose debug output to the system log, and does not put itself in the background. The server also will not fork and will only process one connection. This option - is only intended for debugging for the server. Multiple -d op- - tions increase the debugging level. Maximum is 3. + is only intended for debugging for the server. Multiple -d + options increase the debugging level. Maximum is 3. -e When this option is specified, sshd will send the output to the standard error instead of the system log. @@ -128,10 +129,10 @@ figuration file. -g login_grace_time - Gives the grace time for clients to authenticate themselves (de- - fault 120 seconds). If the client fails to authenticate the user - within this many seconds, the server disconnects and exits. A - value of zero indicates no limit. + Gives the grace time for clients to authenticate themselves + (default 120 seconds). If the client fails to authenticate the + user within this many seconds, the server disconnects and exits. + A value of zero indicates no limit. -h host_key_file Specifies a file from which a host key is read. This option must @@ -140,14 +141,16 @@ /etc/ssh/ssh_host_key for protocol version 1, and /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for pro- tocol version 2. It is possible to have multiple host key files - for the different protocol versions and host key algorithms. + for the different protocol versions and host key algorithms. It + is possible host key for protocol version 2 to contain key plus + x509 certificate. -i Specifies that sshd is being run from inetd(8). sshd is normally not run from inetd because it needs to generate the server key before it can respond to the client, and this may take tens of - seconds. Clients would have to wait too long if the key was re- - generated every time. However, with small key sizes (e.g., 512) - using sshd from inetd may be feasible. + seconds. Clients would have to wait too long if the key was + regenerated every time. However, with small key sizes (e.g., + 512) using sshd from inetd may be feasible. -k key_gen_time Specifies how often the ephemeral protocol version 1 server key @@ -155,14 +158,14 @@ tion for regenerating the key fairly often is that the key is not stored anywhere, and after about an hour it becomes impossible to recover the key for decrypting intercepted communications even if - the machine is cracked into or physically seized. A value of ze- - ro indicates that the key will never be regenerated. + the machine is cracked into or physically seized. A value of + zero indicates that the key will never be regenerated. -o option Can be used to give options in the format used in the configura- tion file. This is useful for specifying options for which there - is no separate command-line flag. For full details of the op- - tions, and their values, see sshd_config(5). + is no separate command-line flag. For full details of the + options, and their values, see sshd_config(5). -p port Specifies the port on which the server listens for connections @@ -170,8 +173,8 @@ fied in the configuration file are ignored when a command-line port is specified. - -q Quiet mode. Nothing is sent to the system log. Normally the be- - ginning, authentication, and termination of each connection is + -q Quiet mode. Nothing is sent to the system log. Normally the + beginning, authentication, and termination of each connection is logged. -t Test mode. Only check the validity of the configuration file and @@ -186,10 +189,10 @@ indicates that only dotted decimal addresses should be put into the utmp file. -u0 may also be used to prevent sshd from making DNS requests unless the authentication mechanism or configuration - requires it. Authentication mechanisms that may require DNS in- - clude RhostsRSAAuthentication, HostbasedAuthentication and using - a from="pattern-list" option in a key file. Configuration op- - tions that require DNS include using a USER@HOST pattern in + requires it. Authentication mechanisms that may require DNS + include RhostsRSAAuthentication, HostbasedAuthentication and + using a from="pattern-list" option in a key file. Configuration + options that require DNS include using a USER@HOST pattern in AllowUsers or DenyUsers. CONFIGURATION FILE @@ -220,8 +223,8 @@ 7. Changes to user's home directory. - 8. If $HOME/.ssh/rc exists, runs it; else if /etc/ssh/sshrc ex- - ists, runs it; otherwise runs xauth. The ``rc'' files are + 8. If $HOME/.ssh/rc exists, runs it; else if /etc/ssh/sshrc + exists, runs it; otherwise runs xauth. The ``rc'' files are given the X11 authentication protocol and cookie in standard input. @@ -231,7 +234,9 @@ $HOME/.ssh/authorized_keys is the default file that lists the public keys that are permitted for RSA authentication in protocol version 1 and for public key authentication (PubkeyAuthentication) in protocol version 2. - AuthorizedKeysFile may be used to specify an alternative file. + It is posible for protocol version 2 to contain x509 certificate or cer- + tificate ``Distinguished Name''. AuthorizedKeysFile may be used to spec- + ify an alternative file. Each line of the file contains one key (empty lines and lines starting with a `#' are ignored as comments). Each RSA public key consists of the @@ -243,10 +248,19 @@ ulus and comment fields give the RSA key for protocol version 1; the com- ment field is not used for anything (but may be convenient for the user to identify the key). For protocol version 2 the keytype is ``ssh-dss'' - or ``ssh-rsa''. + or ``ssh-rsa''. In addition for protocol version 2 user can use x509 + certificates. In that case keytype is ``x509v3-sign-rsa'' or + ``x509v3-sign-dss''. Instead of ``base64 encoded key'' line must contain + base64 encoded certicate (old style) or a keyword (new style), optional + followed by symbol `=' (equal) or `:' (colon), zero or more spaces and + certificate ``Distinguished Name'' (Subject). Keyword is case insensitive + and can be one of `Subject' , `Distinguished Name' , `Distinguished-Name' + , `Distinguished_Name' , `DistinguishedName' or `DN'. Separator of Sub- + ject items can be `/' (slash), `,' (comma) or mixed and order is not + important. - Note that lines in this file are usually several hundred bytes long (be- - cause of the size of the public key encoding). You don't want to type + Note that lines in this file are usually several hundred bytes long + (because of the size of the public key encoding). You don't want to type them in; instead, copy the identity.pub, id_dsa.pub or the id_rsa.pub file and edit it. @@ -267,25 +281,25 @@ key is not accepted. The purpose of this option is to optionally increase security: public key authentication by itself does not trust the network or name servers or anything (but the key); how- - ever, if somebody somehow steals the key, the key permits an in- - truder to log in from anywhere in the world. This additional op- - tion makes using a stolen key more difficult (name servers and/or - routers would have to be compromised in addition to just the - key). + ever, if somebody somehow steals the key, the key permits an + intruder to log in from anywhere in the world. This additional + option makes using a stolen key more difficult (name servers + and/or routers would have to be compromised in addition to just + the key). command="command" Specifies that the command is executed whenever this key is used for authentication. The command supplied by the user (if any) is ignored. The command is run on a pty if the client requests a pty; otherwise it is run without a tty. If an 8-bit clean chan- - nel is required, one must not request a pty or should specify no- - pty. A quote may be included in the command by quoting it with a - backslash. This option might be useful to restrict certain pub- - lic keys to perform just a specific operation. An example might - be a key that permits remote backups but nothing else. Note that - the client may specify TCP/IP and/or X11 forwarding unless they - are explicitly prohibited. Note that this option applies to - shell, command or subsystem execution. + nel is required, one must not request a pty or should specify + no-pty. A quote may be included in the command by quoting it + with a backslash. This option might be useful to restrict cer- + tain public keys to perform just a specific operation. An exam- + ple might be a key that permits remote backups but nothing else. + Note that the client may specify TCP/IP and/or X11 forwarding + unless they are explicitly prohibited. Note that this option + applies to shell, command or subsystem execution. environment="NAME=value" Specifies that the string is to be added to the environment when @@ -297,8 +311,8 @@ no-port-forwarding Forbids TCP/IP forwarding when this key is used for authentica- - tion. Any port forward requests by the client will return an er- - ror. This might be used, e.g., in connection with the command + tion. Any port forward requests by the client will return an + error. This might be used, e.g., in connection with the command option. no-X11-forwarding @@ -316,25 +330,28 @@ nect to the specified host and port. IPv6 addresses can be spec- ified with an alternative syntax: host/port. Multiple permitopen options may be applied separated by commas. No pattern matching - is performed on the specified hostnames, they must be literal do- - mains or addresses. + is performed on the specified hostnames, they must be literal + domains or addresses. Examples 1024 33 12121...312314325 ylo@foo.bar from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula - command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 back- - up.hut.fi + command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 + backup.hut.fi permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 + x509v3-sign-dss subject= /C=XX/ST=World/O=OpenSSH Test Team... + SSH_KNOWN_HOSTS FILE FORMAT The /etc/ssh/ssh_known_hosts and $HOME/.ssh/known_hosts files contain - host public keys for all known hosts. The global file should be prepared - by the administrator (optional), and the per-user file is maintained au- - tomatically: whenever the user connects from an unknown host its key is - added to the per-user file. + host public keys, certificates (old style) or certificate ``Distinguished + Name'' for all known hosts. The global file should be prepared by the + administrator (optional), and the per-user file is maintained automati- + cally: whenever the user connects from an unknown host its key is added + to the per-user file. Each line in these files contains the following fields: hostnames, bits, exponent, modulus, comment. The fields are separated by spaces. @@ -343,8 +360,8 @@ cards); each pattern in turn is matched against the canonical host name (when authenticating a client) or against the user-supplied name (when authenticating a server). A pattern may also be preceded by `!' to indi- - cate negation: if the host name matches a negated pattern, it is not ac- - cepted (by that line) even if it matched another pattern on the line. + cate negation: if the host name matches a negated pattern, it is not + accepted (by that line) even if it matched another pattern on the line. Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, e.g., from /etc/ssh/ssh_host_key.pub. The optional @@ -369,6 +386,7 @@ closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= + x509host x509v3-sign-rsa Subject:/C=XX..... FILES /etc/ssh/sshd_config @@ -377,19 +395,22 @@ /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key - These three files contain the private parts of the host keys. - These files should only be owned by root, readable only by root, - and not accessible to others. Note that sshd does not start if - this file is group/world-accessible. + These three files contain the private parts of the host keys. It + is possible to contain private part plus x509 certificate for + protocol version 2 keys. These files should only be owned by + root, readable only by root, and not accessible to others. Note + that sshd does not start if this file is group/world-accessible. /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub, /etc/ssh/ssh_host_rsa_key.pub These three files contain the public parts of the host keys. These files should be world-readable but writable only by root. - Their contents should match the respective private parts. These - files are not really used for anything; they are provided for the - convenience of the user so their contents can be copied to known - hosts files. These files are created using ssh-keygen(1). + Their contents should match the respective private parts. Note + that when corresponding host key contain a certificate in addi- + tion these file must contains that certificate. These files are + not really used for anything; they are provided for the conve- + nience of the user so their contents can be copied to known hosts + files. These files are created using ssh-keygen(1). /etc/moduli Contains Diffie-Hellman groups used for the "Diffie-Hellman Group @@ -409,25 +430,40 @@ able. $HOME/.ssh/authorized_keys - Lists the public keys (RSA or DSA) that can be used to log into - the user's account. This file must be readable by root (which - may on some machines imply it being world-readable if the user's - home directory resides on an NFS volume). It is recommended that - it not be accessible by others. The format of this file is de- - scribed above. Users will place the contents of their + Lists the public keys (RSA or DSA), certificates or certificate + ``Distinguished Names'' (recommendet) that can be used to log + into the user's account. This file must be readable by root + (which may on some machines imply it being world-readable if the + user's home directory resides on an NFS volume). It is recom- + mended that it not be accessible by others. The format of this + file is described above. Users will place the contents of their identity.pub, id_dsa.pub and/or id_rsa.pub files into this file, as described in ssh-keygen(1). /etc/ssh/ssh_known_hosts, $HOME/.ssh/known_hosts These files are consulted when using rhosts with RSA host authen- tication or protocol version 2 hostbased authentication to check - the public key of the host. The key must be listed in one of - these files to be accepted. The client uses the same files to - verify that it is connecting to the correct remote host. These - files should be writable only by root/the owner. + the public key or certificate of the host. The key must be + listed in one of these files to be accepted. The client uses the + same files to verify that it is connecting to the correct remote + host. These files should be writable only by root/the owner. /etc/ssh/ssh_known_hosts should be world-readable, and $HOME/.ssh/known_hosts can, but need not be, world-readable. + /etc/ssh/ca/ca-bundle.crt and /etc/ssh/ca/ca-bundle.crl + The first file contain multiple certificates and the second + ``Certificate Revocation List'' (CRLs) of certificate signers in + PEM format concatenated together. Used to verify client certifi- + cate. + + /etc/ssh/ca/crt and /etc/ssh/ca/crl + ``Hash dirs'' with certificates, the first directory or CLRs, the + second of certificate signers. Each certificate should be stored + in separate file with name [HASH].[NUMBER] or [HASH].r[NUMBER] + for the CRL, where [HASH] is certificate or CRL hash value and + [NUMBER] is an integer starting from zero. Used to verify client + certificate. + /etc/nologin If this file exists, sshd refuses to let anyone except root log in. The contents of the file are displayed to anyone trying to @@ -435,8 +471,8 @@ world-readable. /etc/hosts.allow, /etc/hosts.deny - Access controls that should be enforced by tcp-wrappers are de- - fined here. Further details are described in hosts_access(5). + Access controls that should be enforced by tcp-wrappers are + defined here. Further details are described in hosts_access(5). $HOME/.rhosts This file contains host-username pairs, separated by a space, one @@ -461,21 +497,22 @@ they have the same user name on both machines. The host name may also be followed by a user name; such users are permitted to log in as any user on this machine (except root). Additionally, the - syntax ``+@group'' can be used to specify netgroups. Negated en- - tries start with `-'. + syntax ``+@group'' can be used to specify netgroups. Negated + entries start with `-'. - If the client host/user is successfully matched in this file, lo- - gin is automatically permitted provided the client and server us- - er names are the same. Additionally, successful RSA host authen- - tication is normally required. This file must be writable only - by root; it is recommended that it be world-readable. + If the client host/user is successfully matched in this file, + login is automatically permitted provided the client and server + user names are the same. Additionally, successful RSA host + authentication is normally required. This file must be writable + only by root; it is recommended that it be world-readable. Warning: It is almost never a good idea to use user names in hosts.equiv. Beware that it really means that the named user(s) can log in as anybody, which includes bin, daemon, adm, and other - accounts that own critical binaries and directories. Using a us- - er name practically grants the user root access. The only valid - use for user names that I can think of is in negative entries. + accounts that own critical binaries and directories. Using a + user name practically grants the user root access. The only + valid use for user names that I can think of is in negative + entries. Note that this warning also applies to rsh/rlogin. @@ -493,18 +530,18 @@ is controlled via the PermitUserEnvironment option. $HOME/.ssh/rc - If this file exists, it is run with /bin/sh after reading the en- - vironment files but before starting the user's shell or command. - It must not produce any output on stdout; stderr must be used in- - stead. If X11 forwarding is in use, it will receive the "proto - cookie" pair in its standard input (and DISPLAY in its environ- - ment). The script must call xauth(1) because sshd will not run - xauth automatically to add X11 cookies. + If this file exists, it is run with /bin/sh after reading the + environment files but before starting the user's shell or com- + mand. It must not produce any output on stdout; stderr must be + used instead. If X11 forwarding is in use, it will receive the + "proto cookie" pair in its standard input (and DISPLAY in its + environment). The script must call xauth(1) because sshd will + not run xauth automatically to add X11 cookies. The primary purpose of this file is to run any initialization - routines which may be needed before the user's home directory be- - comes accessible; AFS is a particular example of such an environ- - ment. + routines which may be needed before the user's home directory + becomes accessible; AFS is a particular example of such an envi- + ronment. This file will probably contain some initialization code followed by something similar to: @@ -547,9 +584,10 @@ AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo - de Raadt and Dug Song removed many bugs, re-added newer features and - created OpenSSH. Markus Friedl contributed the support for SSH protocol + de Raadt and Dug Song removed many bugs, re-added newer features and cre- + ated OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support - for privilege separation. + for privilege separation. Roumen Petrov contributed support for x509 + certificates. -OpenBSD 3.4 September 25, 1999 9 +BSD September 25, 1999 BSD diff -ruN openssh-3.8p1/sshd.8 openssh-3.8p1+x509g3/sshd.8 --- openssh-3.8p1/sshd.8 2003-10-15 08:50:43.000000000 +0300 +++ openssh-3.8p1+x509g3/sshd.8 2004-02-25 09:06:00.000000000 +0200 @@ -13,6 +13,7 @@ .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. .\" Copyright (c) 1999 Aaron Campbell. All rights reserved. .\" Copyright (c) 1999 Theo de Raadt. All rights reserved. +.\" Copyright (c) 2002 Roumen Petrov. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -34,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.200 2003/10/08 08:27:36 jmc Exp $ +.\" $OpenBSD$ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -152,6 +153,7 @@ .Ss SSH protocol version 2 Version 2 works similarly: Each host has a host-specific key (RSA or DSA) used to identify the host. +It is possible host key to contain key plus x509 certificate. However, when the daemon starts, it does not generate a server key. Forward security is provided through a Diffie-Hellman key agreement. This key agreement results in a shared session key. @@ -259,6 +261,8 @@ for protocol version 2. It is possible to have multiple host key files for the different protocol versions and host key algorithms. +It is possible host key for protocol version 2 to contain key plus x509 +certificate. .It Fl i Specifies that .Nm @@ -402,6 +406,9 @@ permitted for RSA authentication in protocol version 1 and for public key authentication (PubkeyAuthentication) in protocol version 2. +It is posible for protocol version 2 to contain x509 certificate +or certificate +.Dq "Distinguished Name" . .Cm AuthorizedKeysFile may be used to specify an alternative file. .Pp @@ -425,6 +432,37 @@ .Dq ssh-dss or .Dq ssh-rsa . +In addition for protocol version 2 user can use x509 certificates. +In that case keytype is +.Dq x509v3-sign-rsa +or +.Dq x509v3-sign-dss . +Instead of +.Dq "base64 encoded key" +line must contain base64 encoded certicate (old style) or +a keyword (new style), optional followed by symbol +.Ql = +(equal) or +.Ql \&: +(colon), zero or more spaces and certificate +.Dq "Distinguished Name" +(Subject). Keyword is case insensitive and can be one of +.Sq Subject +, +.Sq "Distinguished Name" +, +.Sq Distinguished-Name +, +.Sq Distinguished_Name +, +.Sq DistinguishedName +or +.Sq DN . +Separator of Subject items can be +.Ql / +(slash), +.Ql \&, +(comma) or mixed and order is not important. .Pp Note that lines in this file are usually several hundred bytes long (because of the size of the public key encoding). @@ -529,12 +567,16 @@ command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi .Pp permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323 +.Pp +x509v3-sign-dss subject= /C=XX/ST=World/O=OpenSSH Test Team.\|.\|.\| .Sh SSH_KNOWN_HOSTS FILE FORMAT The .Pa /etc/ssh/ssh_known_hosts and .Pa $HOME/.ssh/known_hosts -files contain host public keys for all known hosts. +files contain host public keys, certificates (old style) or certificate +.Dq "Distinguished Name" +for all known hosts. The global file should be prepared by the administrator (optional), and the per-user file is maintained automatically: whenever the user connects from an unknown host @@ -588,6 +630,7 @@ .Bd -literal closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= +x509host x509v3-sign-rsa Subject:/C=XX..... .Ed .Sh FILES .Bl -tag -width Ds @@ -598,6 +641,8 @@ .Xr sshd_config 5 . .It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys. +It is possible to contain private part plus x509 certificate for +protocol version 2 keys. These files should only be owned by root, readable only by root, and not accessible to others. Note that @@ -608,6 +653,8 @@ These files should be world-readable but writable only by root. Their contents should match the respective private parts. +Note that when corresponding host key contain a certificate +in addition these file must contains that certificate. These files are not really used for anything; they are provided for the convenience of the user so their contents can be copied to known hosts files. @@ -632,7 +679,10 @@ started last). The content of this file is not sensitive; it can be world-readable. .It Pa $HOME/.ssh/authorized_keys -Lists the public keys (RSA or DSA) that can be used to log into the user's account. +Lists the public keys (RSA or DSA), certificates or certificate +.Dq "Distinguished Names" +(recommendet) +that can be used to log into the user's account. This file must be readable by root (which may on some machines imply it being world-readable if the user's home directory resides on an NFS volume). @@ -648,7 +698,7 @@ .It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts" These files are consulted when using rhosts with RSA host authentication or protocol version 2 hostbased authentication -to check the public key of the host. +to check the public key or certificate of the host. The key must be listed in one of these files to be accepted. The client uses the same files to verify that it is connecting to the correct remote host. @@ -657,6 +707,20 @@ should be world-readable, and .Pa $HOME/.ssh/known_hosts can, but need not be, world-readable. +.It Pa "/etc/ssh/ca/ca-bundle.crt" and "/etc/ssh/ca/ca-bundle.crl" +The first file contain multiple certificates and the second +.Dq "Certificate Revocation List" +(CRLs) of certificate signers in PEM format concatenated together. +Used to verify client certificate. +.It Pa "/etc/ssh/ca/crt" and Pa "/etc/ssh/ca/crl" +.Dq "Hash dirs" +with certificates, the first directory or CLRs, the second of +certificate signers. +Each certificate should be stored in separate file with name +[HASH].[NUMBER] or [HASH].r[NUMBER] for the CRL, where [HASH] is +certificate or CRL hash value and [NUMBER] is an integer starting +from zero. +Used to verify client certificate. .It Pa /etc/nologin If this file exists, .Nm @@ -836,3 +900,4 @@ protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. +Roumen Petrov contributed support for x509 certificates. diff -ruN openssh-3.8p1/sshd.c openssh-3.8p1+x509g3/sshd.c --- openssh-3.8p1/sshd.c 2004-02-24 00:20:29.000000000 +0200 +++ openssh-3.8p1+x509g3/sshd.c 2004-02-25 09:06:01.000000000 +0200 @@ -20,6 +20,9 @@ * Copyright (c) 2000, 2001, 2002 Markus Friedl. All rights reserved. * Copyright (c) 2002 Niels Provos. All rights reserved. * + * X509 certificates support: + * Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. + * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: @@ -42,7 +45,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.286 2004/02/23 12:02:33 markus Exp $"); +RCSID("$OpenBSD$"); #include #include @@ -154,6 +157,17 @@ char *client_version_string = NULL; char *server_version_string = NULL; +/* rumen-XXX: X.509 RSASIG check */ +extern void (*plogx509rsasig)(const char *msg); +static void logx509rsasig(const char *msg) { + logit("%.400s: client=%.200s (server=%.200s)", + msg, + (client_version_string ? client_version_string : "undefined"), + (server_version_string ? server_version_string : "undefined") + ); +} +/* rumen-XXX^ */ + /* for rekeying XXX fixme */ Kex *xxx_kex; @@ -485,6 +499,8 @@ server_version_string, client_version_string); cleanup_exit(255); } + + plogx509rsasig = logx509rsasig; /* rumen-XXX: X.509 RSASIG check */ } /* Destroy the host and server keys. They will no longer be needed. */ @@ -685,6 +701,8 @@ switch (key->type) { case KEY_RSA: case KEY_DSA: + case KEY_X509_RSA: + case KEY_X509_DSA: if (buffer_len(&b) > 0) buffer_append(&b, ",", 1); p = key_ssh_name(key); @@ -989,6 +1007,8 @@ break; case KEY_RSA: case KEY_DSA: + case KEY_X509_RSA: + case KEY_X509_DSA: sensitive_data.have_ssh2_key = 1; break; } diff -ruN openssh-3.8p1/sshd_config openssh-3.8p1+x509g3/sshd_config --- openssh-3.8p1/sshd_config 2003-12-31 02:38:32.000000000 +0200 +++ openssh-3.8p1+x509g3/sshd_config 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.68 2003/12/29 16:39:50 millert Exp $ +# $OpenBSD$ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -21,6 +21,35 @@ #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key +# Signarure for "x509v3-sign-rsa" keys: md5,sha1 +#X509rsaSigType=md5 + +# The intended use for the X509 client certificate. Without this option +# no chain verification will be done. Currently accepted uses are case +# insensitive: +# - "sslclient", "SSL client", "SSL_client" or "client" +# - "any", "Any Purpose", "Any_Purpose" or "AnyPurpose" +# - "skip" or ""(empty): don`t check purpose. +#AllowedCertPurpose sslclient + +# A file with multiple certificates of certificate signers +# in PEM format concatenated together. +#CACertificateFile /etc/ssh/ca/ca-bundle.crt + +# A directory with certificates of certificate signers. +# The certificates should have name of the form: [HASH].[NUMBER] +# or have symbolic links to them of this form. +#CACertificatePath /etc/ssh/ca/crt + +# A file with multiple CRL of certificate signers +# in PEM format concatenated together. +#CARevocationFile /etc/ssh/ca/ca-bundle.crl + +# A directory with CRL of certificate signers. +# The CRL should have name of the form: [HASH].r[NUMBER] +# or have symbolic links to them of this form. +#CARevocationPath /etc/ssh/ca/crl + # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 diff -ruN openssh-3.8p1/sshd_config.0 openssh-3.8p1+x509g3/sshd_config.0 --- openssh-3.8p1/sshd_config.0 2004-02-24 08:23:06.000000000 +0200 +++ openssh-3.8p1+x509g3/sshd_config.0 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -SSHD_CONFIG(5) OpenBSD Programmer's Manual SSHD_CONFIG(5) +SSHD_CONFIG(5) System File Formats Manual SSHD_CONFIG(5) NAME sshd_config - OpenSSH SSH daemon configuration file @@ -15,6 +15,16 @@ The possible keywords and their meanings are as follows (note that key- words are case-insensitive and arguments are case-sensitive): + AllowedCertPurpose + The intended use for the X509 client certificate. Without this + option no chain verification will be done. Currently accepted + uses are case insensitive: + - `sslclient' , `SSL client' , `SSL_client' or `client' ; + - `any' , `Any Purpose' , `Any_Purpose' or `AnyPurpose' ; + - `skip' or `' (empty): do not check purpose. + + The default is ``sslclient''. + AllowGroups This keyword can be followed by a list of group name patterns, separated by spaces. If specified, login is allowed only for @@ -25,30 +35,30 @@ AllowTcpForwarding Specifies whether TCP forwarding is permitted. The default is - ``yes''. Note that disabling TCP forwarding does not improve se- - curity unless users are also denied shell access, as they can al- - ways install their own forwarders. + ``yes''. Note that disabling TCP forwarding does not improve + security unless users are also denied shell access, as they can + always install their own forwarders. AllowUsers This keyword can be followed by a list of user name patterns, - separated by spaces. If specified, login is allowed only for us- - er names that match one of the patterns. `*' and `?' can be used - as wildcards in the patterns. Only user names are valid; a nu- - merical user ID is not recognized. By default, login is allowed - for all users. If the pattern takes the form USER@HOST then USER - and HOST are separately checked, restricting logins to particular - users from particular hosts. + separated by spaces. If specified, login is allowed only for + user names that match one of the patterns. `*' and `?' can be + used as wildcards in the patterns. Only user names are valid; a + numerical user ID is not recognized. By default, login is + allowed for all users. If the pattern takes the form USER@HOST + then USER and HOST are separately checked, restricting logins to + particular users from particular hosts. AuthorizedKeysFile Specifies the file that contains the public keys that can be used for user authentication. AuthorizedKeysFile may contain tokens of the form %T which are substituted during connection set-up. The following tokens are defined: %% is replaced by a literal - '%', %h is replaced by the home directory of the user being au- - thenticated and %u is replaced by the username of that user. Af- - ter expansion, AuthorizedKeysFile is taken to be an absolute path - or one relative to the user's home directory. The default is - ``.ssh/authorized_keys''. + '%', %h is replaced by the home directory of the user being + authenticated and %u is replaced by the username of that user. + After expansion, AuthorizedKeysFile is taken to be an absolute + path or one relative to the user's home directory. The default + is ``.ssh/authorized_keys''. Banner In some jurisdictions, sending a warning message before authenti- cation may be relevant for getting legal protection. The con- @@ -56,6 +66,29 @@ authentication is allowed. This option is only available for protocol version 2. By default, no banner is displayed. + CACertificateFile + This file contain multiple certificates of certificate signers in + PEM format concatenated together. The default is + /etc/ssh/ca/ca-bundle.crt + + CACertificatePath + ``Hash dir'' with certificates of certificate signers. Each cer- + tificate should be stored in separate file with name [HASH].[NUM- + BER], where [HASH] is certificate hash value and [NUMBER] is an + integer starting from zero. The default is /etc/ssh/ca/crt + + CARevocationFile + This file contain multiple ``Certificate Revocation List'' (CRL) + of certificate signers in PEM format concatenated together. The + default is /etc/ssh/ca/ca-bundle.crl + + CARevocationPath + ``Hash dir'' with ``Certificate Revocation List'' (CRL) of cer- + tificate signers. Each CRL should be stored in separate file with + name [HASH].r[NUMBER], where [HASH] is CRL hash value and [NUM- + BER] is an integer starting from zero. The default is + /etc/ssh/ca/crl + ChallengeResponseAuthentication Specifies whether challenge response authentication is allowed. All authentication styles from login.conf(5) are supported. The @@ -78,8 +111,8 @@ ClientAliveCountMax Sets the number of client alive messages (see above) which may be sent without sshd receiving any messages back from the client. - If this threshold is reached while client alive messages are be- - ing sent, sshd will disconnect the client, terminating the ses- + If this threshold is reached while client alive messages are + being sent, sshd will disconnect the client, terminating the ses- sion. It is important to note that the use of client alive mes- sages is very different from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and there- @@ -101,8 +134,8 @@ separated by spaces. Login is disallowed for users whose primary group or supplementary group list matches one of the patterns. `*' and `?' can be used as wildcards in the patterns. Only group - names are valid; a numerical group ID is not recognized. By de- - fault, login is allowed for all groups. + names are valid; a numerical group ID is not recognized. By + default, login is allowed for all groups. DenyUsers This keyword can be followed by a list of user name patterns, @@ -135,8 +168,8 @@ applies to protocol version 2 only. HostbasedAuthentication - Specifies whether rhosts or /etc/hosts.equiv authentication to- - gether with successful public key client host authentication is + Specifies whether rhosts or /etc/hosts.equiv authentication + together with successful public key client host authentication is allowed (hostbased authentication). This option is similar to RhostsRSAAuthentication and applies to protocol version 2 only. The default is ``no''. @@ -148,14 +181,15 @@ tocol version 2. Note that sshd will refuse to use a file if it is group/world-accessible. It is possible to have multiple host key files. ``rsa1'' keys are used for version 1 and ``dsa'' or - ``rsa'' are used for version 2 of the SSH protocol. + ``rsa'' are used for version 2 of the SSH protocol. It is possi- + ble host key to contain key plus x509 certificate for version 2. IgnoreRhosts Specifies that .rhosts and .shosts files will not be used in RhostsRSAAuthentication or HostbasedAuthentication. - /etc/hosts.equiv and /etc/shosts.equiv are still used. The de- - fault is ``yes''. + /etc/hosts.equiv and /etc/shosts.equiv are still used. The + default is ``yes''. IgnoreUserKnownHosts Specifies whether sshd should ignore the user's @@ -215,15 +249,15 @@ MACs Specifies the available MAC (message authentication code) algo- rithms. The MAC algorithm is used in protocol version 2 for data - integrity protection. Multiple algorithms must be comma-separat- - ed. The default is ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac- - sha1-96,hmac-md5-96''. + integrity protection. Multiple algorithms must be comma-sepa- + rated. The default is + ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96''. MaxStartups Specifies the maximum number of concurrent unauthenticated con- nections to the sshd daemon. Additional connections will be - dropped until authentication succeeds or the LoginGraceTime ex- - pires for a connection. The default is 10. + dropped until authentication succeeds or the LoginGraceTime + expires for a connection. The default is 10. Alternatively, random early drop can be enabled by specifying the three colon separated values ``start:rate:full'' (e.g., @@ -234,8 +268,8 @@ unauthenticated connections reaches ``full'' (60). PasswordAuthentication - Specifies whether password authentication is allowed. The de- - fault is ``yes''. + Specifies whether password authentication is allowed. The + default is ``yes''. PermitEmptyPasswords When password authentication is allowed, it specifies whether the @@ -261,9 +295,9 @@ PermitUserEnvironment Specifies whether ~/.ssh/environment and environment= options in ~/.ssh/authorized_keys are processed by sshd. The default is - ``no''. Enabling environment processing may enable users to by- - pass access restrictions in some configurations using mechanisms - such as LD_PRELOAD. + ``no''. Enabling environment processing may enable users to + bypass access restrictions in some configurations using mecha- + nisms such as LD_PRELOAD. PidFile Specifies the file that contains the process ID of the sshd dae- @@ -286,25 +320,25 @@ Specifies the protocol versions sshd supports. The possible val- ues are ``1'' and ``2''. Multiple versions must be comma-sepa- rated. The default is ``2,1''. Note that the order of the pro- - tocol list does not indicate preference, because the client se- - lects among multiple protocol versions offered by the server. + tocol list does not indicate preference, because the client + selects among multiple protocol versions offered by the server. Specifying ``2,1'' is identical to ``1,2''. PubkeyAuthentication - Specifies whether public key authentication is allowed. The de- - fault is ``yes''. Note that this option applies to protocol ver- - sion 2 only. + Specifies whether public key authentication is allowed. The + default is ``yes''. Note that this option applies to protocol + version 2 only. RhostsRSAAuthentication - Specifies whether rhosts or /etc/hosts.equiv authentication to- - gether with successful RSA host authentication is allowed. The - default is ``no''. This option applies to protocol version 1 on- - ly. + Specifies whether rhosts or /etc/hosts.equiv authentication + together with successful RSA host authentication is allowed. The + default is ``no''. This option applies to protocol version 1 + only. RSAAuthentication - Specifies whether pure RSA authentication is allowed. The de- - fault is ``yes''. This option applies to protocol version 1 on- - ly. + Specifies whether pure RSA authentication is allowed. The + default is ``yes''. This option applies to protocol version 1 + only. ServerKeyBits Defines the number of bits in the ephemeral protocol version 1 @@ -319,17 +353,17 @@ Subsystem Configures an external subsystem (e.g., file transfer daemon). - Arguments should be a subsystem name and a command to execute up- - on subsystem request. The command sftp-server(8) implements the - ``sftp'' file transfer subsystem. By default no subsystems are - defined. Note that this option applies to protocol version 2 on- - ly. + Arguments should be a subsystem name and a command to execute + upon subsystem request. The command sftp-server(8) implements + the ``sftp'' file transfer subsystem. By default no subsystems + are defined. Note that this option applies to protocol version 2 + only. SyslogFacility Gives the facility code that is used when logging messages from - sshd. The possible values are: DAEMON, USER, AUTH, LOCAL0, LO- - CAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The de- - fault is AUTH. + sshd. The possible values are: DAEMON, USER, AUTH, LOCAL0, + LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The + default is AUTH. TCPKeepAlive Specifies whether the system should send TCP keepalive messages @@ -338,8 +372,8 @@ this means that connections will die if the route is down tem- porarily, and some people find it annoying. On the other hand, if TCP keepalives are not sent, sessions may hang indefinitely on - the server, leaving ``ghost'' users and consuming server re- - sources. + the server, leaving ``ghost'' users and consuming server + resources. The default is ``yes'' (to send TCP keepalive messages), and the server will notice if the network goes down or the client host @@ -355,8 +389,8 @@ UseLogin Specifies whether login(1) is used for interactive login ses- sions. The default is ``no''. Note that login(1) is never used - for remote command execution. Note also, that if this is en- - abled, X11Forwarding will be disabled because login(1) does not + for remote command execution. Note also, that if this is + enabled, X11Forwarding will be disabled because login(1) does not know how to handle xauth(1) cookies. If UsePrivilegeSeparation is specified, it will be disabled after authentication. @@ -366,8 +400,8 @@ to run sshd as a non-root user. The default is ``no''. UsePrivilegeSeparation - Specifies whether sshd separates privileges by creating an un- - privileged child process to deal with incoming network traffic. + Specifies whether sshd separates privileges by creating an + unprivileged child process to deal with incoming network traffic. After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by con- @@ -386,11 +420,11 @@ When X11 forwarding is enabled, there may be additional exposure to the server and to client displays if the sshd proxy display is configured to listen on the wildcard address (see X11UseLocalhost - below), however this is not the default. Additionally, the au- - thentication spoofing and authentication data verification and - substitution occur on the client side. The security risk of us- - ing X11 forwarding is that the client's X11 display server may be - exposed to attack when the ssh client requests forwarding (see + below), however this is not the default. Additionally, the + authentication spoofing and authentication data verification and + substitution occur on the client side. The security risk of + using X11 forwarding is that the client's X11 display server may + be exposed to attack when the ssh client requests forwarding (see the warnings for ForwardX11 in ssh_config(5)). A system adminis- trator may have a stance in which they want to protect clients that may expose themselves to attack by unwittingly requesting @@ -410,13 +444,25 @@ proxy display. However, some older X11 clients may not function with this configuration. X11UseLocalhost may be set to ``no'' to specify that the forwarding server should be bound to the wild- - card address. The argument must be ``yes'' or ``no''. The de- - fault is ``yes''. + card address. The argument must be ``yes'' or ``no''. The + default is ``yes''. XAuthLocation Specifies the full pathname of the xauth(1) program. The default is /usr/X11R6/bin/xauth. + X509rsaSigType + Temporary option. Specifies prefered signature digest type for + `x509v3-sign-rsa' keys. The possible values are ``md5'' and + ``sha1''. Server use this value to compute signature for host + X.509 RSA certificates. In new client connection with X.509 RSA + certificate as identity when signature blob fail with specified + value, server try to check signature with other possible value + and print log message containing text like this: `X509COMPAT: RSA + succeed for sha1 digest'. This options is intended to collect + information about default signature digest type in other SecSH + implementations. The default is ``md5''. + Time Formats sshd command-line arguments and configuration file options that specify time may be expressed using a sequence of the form: time[qualifier], @@ -454,6 +500,7 @@ de Raadt and Dug Song removed many bugs, re-added newer features and cre- ated OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support - for privilege separation. + for privilege separation. Roumen Petrov contributed support for x509 + certificates. -OpenBSD 3.4 September 25, 1999 7 +BSD September 25, 1999 BSD diff -ruN openssh-3.8p1/sshd_config.5 openssh-3.8p1+x509g3/sshd_config.5 --- openssh-3.8p1/sshd_config.5 2004-02-18 05:31:24.000000000 +0200 +++ openssh-3.8p1+x509g3/sshd_config.5 2004-02-25 09:06:00.000000000 +0200 @@ -13,6 +13,7 @@ .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. .\" Copyright (c) 1999 Aaron Campbell. All rights reserved. .\" Copyright (c) 1999 Theo de Raadt. All rights reserved. +.\" Copyright (c) 2002 Roumen Petrov. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -34,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.28 2004/02/17 19:35:21 jmc Exp $ +.\" $OpenBSD$ .Dd September 25, 1999 .Dt SSHD_CONFIG 5 .Os @@ -61,6 +62,40 @@ keywords and their meanings are as follows (note that keywords are case-insensitive and arguments are case-sensitive): .Bl -tag -width Ds +.It Cm AllowedCertPurpose +The intended use for the X509 client certificate. Without this option +no chain verification will be done. Currently accepted uses are case +insensitive: +.Bl -hyphen -compact +.It +.Sq sslclient +, +.Sq SSL client +, +.Sq SSL_client +or +.Sq client +; +.It +.Sq any +, +.Sq Any Purpose +, +.Sq Any_Purpose +or +.Sq AnyPurpose +; +.It +.Sq skip +or +.Sq +.. +(empty): do not check purpose. +.El +.Pp +The default is +.Dq sslclient . +.Pp .It Cm AllowGroups This keyword can be followed by a list of group name patterns, separated by spaces. @@ -121,6 +156,35 @@ This option is only available for protocol version 2. By default, no banner is displayed. .Pp +.It Cm CACertificateFile +This file contain multiple certificates of certificate signers in +PEM format concatenated together. The default is +.Pa /etc/ssh/ca/ca-bundle.crt +.Pp +.It Cm CACertificatePath +.Dq "Hash dir" +with certificates of certificate signers. Each certificate should be +stored in separate file with name [HASH].[NUMBER], where [HASH] is +certificate hash value and [NUMBER] is an integer starting from zero. +The default is +.Pa /etc/ssh/ca/crt +.Pp +.It Cm CARevocationFile +This file contain multiple +.Dq "Certificate Revocation List" +(CRL) of certificate signers in PEM format concatenated together. +The default is +.Pa /etc/ssh/ca/ca-bundle.crl +.Pp +.It Cm CARevocationPath +.Dq "Hash dir" +with +.Dq "Certificate Revocation List" +(CRL) of certificate signers. Each CRL should be stored in separate +file with name [HASH].r[NUMBER], where [HASH] is CRL hash value and +[NUMBER] is an integer starting from zero. The default is +.Pa /etc/ssh/ca/crl +.Pp .It Cm ChallengeResponseAuthentication Specifies whether challenge response authentication is allowed. All authentication styles from @@ -265,6 +329,8 @@ or .Dq rsa are used for version 2 of the SSH protocol. +It is possible host key to contain key plus x509 certificate +for version 2. .It Cm IgnoreRhosts Specifies that .Pa .rhosts @@ -693,6 +759,26 @@ program. The default is .Pa /usr/X11R6/bin/xauth . +.It Cm X509rsaSigType +Temporary option. +Specifies prefered signature digest type for +.Sq x509v3-sign-rsa +keys. The possible values are +.Dq md5 +and +.Dq sha1 . +Server use this value to compute signature for +host X.509 RSA certificates. +In new client connection with X.509 RSA certificate as identity +when signature blob fail with specified value, +server try to check signature with other possible value and +print log message containing text like this: +.Sq X509COMPAT: RSA succeed for sha1 digest . +This options is intended to collect information +about default signature digest type +in other SecSH implementations. +The default is +.Dq md5 . .El .Ss Time Formats .Nm sshd @@ -756,3 +842,4 @@ protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support for privilege separation. +Roumen Petrov contributed support for x509 certificates. diff -ruN openssh-3.8p1/ssh-keygen.0 openssh-3.8p1+x509g3/ssh-keygen.0 --- openssh-3.8p1/ssh-keygen.0 2004-02-24 08:23:01.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh-keygen.0 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -SSH-KEYGEN(1) OpenBSD Reference Manual SSH-KEYGEN(1) +SSH-KEYGEN(1) System General Commands Manual SSH-KEYGEN(1) NAME ssh-keygen - authentication key generation, management and conversion @@ -17,8 +17,8 @@ ssh-keygen -U reader [-f input_keyfile] ssh-keygen -r hostname [-f input_keyfile] [-g] ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point] - ssh-keygen -T output_file -f input_file [-v] [-a num_trials] [-W - generator] + ssh-keygen -T output_file -f input_file [-v] [-a num_trials] + [-W generator] DESCRIPTION ssh-keygen generates, manages and converts authentication keys for @@ -39,14 +39,14 @@ name but ``.pub'' appended. The program also asks for a passphrase. The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a string of arbitrary length. A - passphrase is similar to a password, except it can be a phrase with a se- - ries of words, punctuation, numbers, whitespace, or any string of charac- - ters you want. Good passphrases are 10-30 characters long, are not sim- - ple sentences or otherwise easily guessable (English prose has only 1-2 - bits of entropy per character, and provides very bad passphrases), and - contain a mix of upper and lowercase letters, numbers, and non-alphanu- - meric characters. The passphrase can be changed later by using the -p - option. + passphrase is similar to a password, except it can be a phrase with a + series of words, punctuation, numbers, whitespace, or any string of char- + acters you want. Good passphrases are 10-30 characters long, are not + simple sentences or otherwise easily guessable (English prose has only + 1-2 bits of entropy per character, and provides very bad passphrases), + and contain a mix of upper and lowercase letters, numbers, and non- + alphanumeric characters. The passphrase can be changed later by using + the -p option. There is no way to recover a lost passphrase. If the passphrase is lost or forgotten, a new key must be generated and copied to the corresponding @@ -161,9 +161,9 @@ MODULI GENERATION ssh-keygen may be used to generate groups for the Diffie-Hellman Group Exchange (DH-GEX) protocol. Generating these groups is a two-step pro- - cess: first, candidate primes are generated using a fast, but memory in- - tensive process. These candidate primes are then tested for suitability - (a CPU-intensive process). + cess: first, candidate primes are generated using a fast, but memory + intensive process. These candidate primes are then tested for suitabil- + ity (a CPU-intensive process). Generation of primes is performed using the -G option. The desired length of the primes may be specified by the -b option. For example: @@ -194,8 +194,8 @@ FILES $HOME/.ssh/identity Contains the protocol version 1 RSA authentication identity of - the user. This file should not be readable by anyone but the us- - er. It is possible to specify a passphrase when generating the + the user. This file should not be readable by anyone but the + user. It is possible to specify a passphrase when generating the key; that passphrase will be used to encrypt the private part of this file using 3DES. This file is not automatically accessed by ssh-keygen but it is offered as the default file for the private @@ -210,10 +210,11 @@ $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of - the user. This file should not be readable by anyone but the us- - er. It is possible to specify a passphrase when generating the - key; that passphrase will be used to encrypt the private part of - this file using 3DES. This file is not automatically accessed by + the user. It is possible to contain identity plus x509 certifi- + cate. This file should not be readable by anyone but the user. + It is possible to specify a passphrase when generating the key; + that passphrase will be used to encrypt the private part of this + file using 3DES. This file is not automatically accessed by ssh-keygen but it is offered as the default file for the private key. ssh(1) will read this file when a login attempt is made. @@ -222,14 +223,21 @@ tion. The contents of this file should be added to $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using public key authentication. There is no need to - keep the contents of this file secret. + keep the contents of this file secret. When file + $HOME/.ssh/id_dsa contain DSA identity plus X509 certificate this + file must contain user certificate! Use ssh-keygen(1) with option + -y to regenerate its content. Note in case with X509 certificate + you can append content to $HOME/.ssh/authorized_keys or to add + certificate ``Distinguished Name'' / ``Subject'' in corresponding + format to ``authorized keys'' file. See sshd(8). $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of - the user. This file should not be readable by anyone but the us- - er. It is possible to specify a passphrase when generating the - key; that passphrase will be used to encrypt the private part of - this file using 3DES. This file is not automatically accessed by + the user. It is possible to contain identity plus x509 certifi- + cate. This file should not be readable by anyone but the user. + It is possible to specify a passphrase when generating the key; + that passphrase will be used to encrypt the private part of this + file using 3DES. This file is not automatically accessed by ssh-keygen but it is offered as the default file for the private key. ssh(1) will read this file when a login attempt is made. @@ -238,7 +246,13 @@ tion. The contents of this file should be added to $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using public key authentication. There is no need to - keep the contents of this file secret. + keep the contents of this file secret. When file + $HOME/.ssh/id_rsa contain RSA identity plus X509 certificate this + file must contain user certificate! Use ssh-keygen(1) with option + -y to regenerate its content. Note in case with X509 certificate + you can append content to $HOME/.ssh/authorized_keys or to add + certificate ``Distinguished Name'' / ``Subject'' in corresponding + format to ``authorized keys'' file. See sshd(8). /etc/moduli Contains Diffie-Hellman groups used for DH-GEX. The file format @@ -247,14 +261,15 @@ SEE ALSO ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8) - J. Galbraith, and R. Thayer, SECSH Public Key File Format, draft-ietf- + J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf- secsh-publickeyfile-01.txt, March 2001, work in progress material. AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo - de Raadt and Dug Song removed many bugs, re-added newer features and - created OpenSSH. Markus Friedl contributed the support for SSH protocol - versions 1.5 and 2.0. + de Raadt and Dug Song removed many bugs, re-added newer features and cre- + ated OpenSSH. Markus Friedl contributed the support for SSH protocol + versions 1.5 and 2.0. Roumen Petrov contributed support for x509 cer- + tificates. -OpenBSD 3.4 September 25, 1999 4 +BSD September 25, 1999 BSD diff -ruN openssh-3.8p1/ssh-keygen.1 openssh-3.8p1+x509g3/ssh-keygen.1 --- openssh-3.8p1/ssh-keygen.1 2003-12-31 02:34:52.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh-keygen.1 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $ +.\" $OpenBSD$ .\" .\" -*- nroff -*- .\" @@ -16,6 +16,7 @@ .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. .\" Copyright (c) 1999 Aaron Campbell. All rights reserved. .\" Copyright (c) 1999 Theo de Raadt. All rights reserved. +.\" Copyright (c) 2002 Roumen Petrov. All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -355,6 +356,7 @@ There is no need to keep the contents of this file secret. .It Pa $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. +It is possible to contain identity plus x509 certificate. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be @@ -371,8 +373,25 @@ on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. +When file +.Pa $HOME/.ssh/id_dsa +contain DSA identity plus X509 certificate this file must contain +user certificate! Use +.Xr ssh-keygen 1 +with option -y to regenerate its content. +Note in case with X509 certificate you can append content to +.Pa $HOME/.ssh/authorized_keys +or to add certificate +.Dq Distinguished Name +/ +.Dq Subject +in corresponding format to +.Dq authorized keys +file. See +.Xr sshd 8 . .It Pa $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. +It is possible to contain identity plus x509 certificate. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be @@ -389,6 +408,22 @@ on all machines where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. +When file +.Pa $HOME/.ssh/id_rsa +contain RSA identity plus X509 certificate this file must contain +user certificate! Use +.Xr ssh-keygen 1 +with option -y to regenerate its content. +Note in case with X509 certificate you can append content to +.Pa $HOME/.ssh/authorized_keys +or to add certificate +.Dq Distinguished Name +/ +.Dq Subject +in corresponding format to +.Dq authorized keys +file. See +.Xr sshd 8 . .It Pa /etc/moduli Contains Diffie-Hellman groups used for DH-GEX. The file format is described in @@ -417,3 +452,4 @@ created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. +Roumen Petrov contributed support for x509 certificates. diff -ruN openssh-3.8p1/ssh-keyscan.0 openssh-3.8p1+x509g3/ssh-keyscan.0 --- openssh-3.8p1/ssh-keyscan.0 2004-02-24 08:23:01.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh-keyscan.0 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -SSH-KEYSCAN(1) OpenBSD Reference Manual SSH-KEYSCAN(1) +SSH-KEYSCAN(1) System General Commands Manual SSH-KEYSCAN(1) NAME ssh-keyscan - gather ssh public keys @@ -29,15 +29,16 @@ Set the timeout for connection attempts. If timeout seconds have elapsed since a connection was initiated to a host or since the last time anything was read from that host, then the connection - is closed and the host in question considered unavailable. De- - fault is 5 seconds. + is closed and the host in question considered unavailable. + Default is 5 seconds. -t type Specifies the type of the key to fetch from the scanned hosts. The possible values are ``rsa1'' for protocol version 1 and - ``rsa'' or ``dsa'' for protocol version 2. Multiple values may - be specified by separating them with commas. The default is - ``rsa1''. + ``rsa'' or ``ssh-rsa'' , ``dsa'' or ``ssh-dss'' , + ``x509v3-sign-rsa'' or ``x509v3-sign-dss'' for protocol version + 2. Multiple values may be specified by separating them with com- + mas. The default is ``rsa1''. -f filename Read hosts or addrlist namelist pairs from this file, one per @@ -54,9 +55,9 @@ SECURITY If a ssh_known_hosts file is constructed using ssh-keyscan without veri- fying the keys, users will be vulnerable to attacks. On the other hand, - if the security model allows such a risk, ssh-keyscan can help in the de- - tection of tampered keyfiles or man in the middle attacks which have be- - gun after the ssh_known_hosts file was created. + if the security model allows such a risk, ssh-keyscan can help in the + detection of tampered keyfiles or man in the middle attacks which have + begun after the ssh_known_hosts file was created. FILES Input format: @@ -73,6 +74,12 @@ Where keytype is either ``ssh-rsa'' or ``ssh-dss''. + Output format for rsa and dsa keys with x509 certificates: + + host-or-namelist keytype distinguished-name + + Where keytype is either ``x509v3-sign-rsa'' or ``x509v3-sign-dss''. + /etc/ssh/ssh_known_hosts EXAMPLES @@ -83,7 +90,7 @@ Find all hosts from the file ssh_hosts which have new or different keys from those in the sorted file ssh_known_hosts: - $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \ + $ ssh-keyscan -t x509v3-sign-rsa,x509v3-sign-dss,rsa,dsa -f ssh_hosts | \ sort -u - ssh_known_hosts | diff ssh_known_hosts - SEE ALSO @@ -92,7 +99,7 @@ AUTHORS David Mazieres wrote the initial version, and Wayne Davison added support for protocol - version 2. + version 2. Roumen Petrov contributed support for x509 certificates. BUGS It generates "Connection closed by remote host" messages on the consoles @@ -100,4 +107,4 @@ This is because it opens a connection to the ssh port, reads the public key, and drops the connection as soon as it gets the key. -OpenBSD 3.4 January 1, 1996 2 +BSD January 1, 1996 BSD diff -ruN openssh-3.8p1/ssh-keyscan.1 openssh-3.8p1+x509g3/ssh-keyscan.1 --- openssh-3.8p1/ssh-keyscan.1 2003-06-11 15:04:39.000000000 +0300 +++ openssh-3.8p1+x509g3/ssh-keyscan.1 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.17 2003/06/10 09:12:11 jmc Exp $ +.\" $OpenBSD$ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -6,6 +6,29 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" +.\" X509 certificates support, +.\" Copyright (c) 2002-2003 Roumen Petrov. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" .Dd January 1, 1996 .Dt SSH-KEYSCAN 1 .Os @@ -63,7 +86,15 @@ for protocol version 1 and .Dq rsa or +.Dq ssh-rsa +, .Dq dsa +or +.Dq ssh-dss +, +.Dq x509v3-sign-rsa +or +.Dq x509v3-sign-dss for protocol version 2. Multiple values may be specified by separating them with commas. The default is @@ -126,6 +157,18 @@ or .Dq ssh-dss . .Pp +.Pa Output format for rsa and dsa keys with x509 certificates: +.Bd -literal +host-or-namelist keytype distinguished-name +.Ed +.Pp +Where +.Pa keytype +is either +.Dq x509v3-sign-rsa +or +.Dq x509v3-sign-dss . +.Pp .Pa /etc/ssh/ssh_known_hosts .Sh EXAMPLES Print the @@ -141,7 +184,7 @@ which have new or different keys from those in the sorted file .Pa ssh_known_hosts : .Bd -literal -$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e +$ ssh-keyscan -t x509v3-sign-rsa,x509v3-sign-dss,rsa,dsa -f ssh_hosts | \e sort -u - ssh_known_hosts | diff ssh_known_hosts - .Ed .Sh SEE ALSO @@ -152,6 +195,7 @@ wrote the initial version, and .An Wayne Davison Aq wayned@users.sourceforge.net added support for protocol version 2. +Roumen Petrov contributed support for x509 certificates. .Sh BUGS It generates "Connection closed by remote host" messages on the consoles of all the machines it scans if the server is older than version 2.9. diff -ruN openssh-3.8p1/ssh-keyscan.c openssh-3.8p1+x509g3/ssh-keyscan.c --- openssh-3.8p1/ssh-keyscan.c 2003-12-09 15:52:38.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh-keyscan.c 2004-02-25 09:06:01.000000000 +0200 @@ -4,10 +4,33 @@ * Modification and redistribution in source and binary forms is * permitted provided that due credit is given to the author and the * OpenBSD project by leaving this copyright notice intact. + * + * X509 certificates support, + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.46 2003/11/23 23:17:34 djm Exp $"); +RCSID("$OpenBSD$"); #include "openbsd-compat/sys-queue.h" @@ -18,6 +41,7 @@ #include "ssh.h" #include "ssh1.h" #include "key.h" +#include "ssh-x509.h" #include "kex.h" #include "compat.h" #include "myproposal.h" @@ -38,6 +62,8 @@ #define KT_RSA1 1 #define KT_DSA 2 #define KT_RSA 4 +#define KT_X509DSA 8 +#define KT_X509RSA 16 int get_keytypes = KT_RSA1; /* Get only RSA1 keys by default */ @@ -75,7 +101,8 @@ int c_plen; /* Packet length field for ssh packet */ int c_len; /* Total bytes which must be read. */ int c_off; /* Length of data read so far. */ - int c_keytype; /* Only one of KT_RSA1, KT_DSA, or KT_RSA */ + int c_keytype; /* Only one of KT_RSA1, KT_DSA, KT_RSA, + KT_X509DSA or KT_X509RSA */ char *c_namebase; /* Address to free for c_name and c_namelist */ char *c_name; /* Hostname of connection for errors */ char *c_namelist; /* Pointer to other possible addresses */ @@ -345,8 +372,19 @@ packet_set_connection(c->c_fd, c->c_fd); enable_compat20(); - myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = c->c_keytype == KT_DSA? - "ssh-dss": "ssh-rsa"; + { + Key k; + switch (c->c_keytype) { + case KT_DSA: k.type = KEY_DSA; break; + case KT_RSA: k.type = KEY_RSA; break; + case KT_X509DSA: k.type = KEY_X509_DSA; break; + case KT_X509RSA: k.type = KEY_X509_RSA; break; + default: + fprintf(stderr, "keygrab_ssh2:Invalid keytype!\n"); + exit(1); + } + myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = (char*)key_ssh_name(&k); + } c->c_kex = kex_setup(myproposal); c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client; c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client; @@ -373,7 +411,16 @@ return; fprintf(stdout, "%s ", c->c_output_name ? c->c_output_name : c->c_name); +#ifndef SSH_X509STORE_DISABLED + if ((key->type == KEY_X509_RSA) || (key->type == KEY_X509_DSA)) { + /* key_write will print x509 certificate in blob format :-( */ + x509key_write_subject(key, stdout); + } else { +#endif /*ndef SSH_X509STORE_DISABLED*/ key_write(key, stdout); +#ifndef SSH_X509STORE_DISABLED + } +#endif /*ndef SSH_X509STORE_DISABLED*/ fputs("\n", stdout); } @@ -653,7 +700,7 @@ if (name == NULL) return; - for (j = KT_RSA1; j <= KT_RSA; j *= 2) { + for (j = KT_RSA1; j <= KT_X509RSA; j *= 2) { if (get_keytypes & j) { while (ncon >= MAXCON) conloop(); @@ -749,6 +796,12 @@ case KEY_RSA: get_keytypes |= KT_RSA; break; + case KEY_X509_DSA: + get_keytypes |= KT_X509DSA; + break; + case KEY_X509_RSA: + get_keytypes |= KT_X509RSA; + break; case KEY_UNSPEC: fatal("unknown key type %s", tname); } diff -ruN openssh-3.8p1/ssh-keysign.0 openssh-3.8p1+x509g3/ssh-keysign.0 --- openssh-3.8p1/ssh-keysign.0 2004-02-24 08:23:05.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh-keysign.0 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -SSH-KEYSIGN(8) OpenBSD System Manager's Manual SSH-KEYSIGN(8) +SSH-KEYSIGN(8) System Manager's Manual SSH-KEYSIGN(8) NAME ssh-keysign - ssh helper program for hostbased authentication @@ -28,7 +28,8 @@ generate the digital signature. They should be owned by root, readable only by root, and not accessible to others. Since they are readable only by root, ssh-keysign must be set-uid root if - hostbased authentication is used. + hostbased authentication is used. It is possible host key to + contain private parts plus x509 certificate. SEE ALSO ssh(1), ssh-keygen(1), ssh_config(5), sshd(8) @@ -39,4 +40,4 @@ AUTHORS Markus Friedl -OpenBSD 3.4 May 24, 2002 1 +BSD May 24, 2002 BSD diff -ruN openssh-3.8p1/ssh-keysign.8 openssh-3.8p1+x509g3/ssh-keysign.8 --- openssh-3.8p1/ssh-keysign.8 2003-06-11 15:04:39.000000000 +0300 +++ openssh-3.8p1+x509g3/ssh-keysign.8 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keysign.8,v 1.7 2003/06/10 09:12:11 jmc Exp $ +.\" $OpenBSD$ .\" .\" Copyright (c) 2002 Markus Friedl. All rights reserved. .\" @@ -68,6 +68,7 @@ Since they are readable only by root, .Nm must be set-uid root if hostbased authentication is used. +It is possible host key to contain private parts plus x509 certificate. .El .Sh SEE ALSO .Xr ssh 1 , diff -ruN openssh-3.8p1/ssh-rand-helper.0 openssh-3.8p1+x509g3/ssh-rand-helper.0 --- openssh-3.8p1/ssh-rand-helper.0 2004-02-24 08:23:05.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh-rand-helper.0 2004-02-25 09:06:00.000000000 +0200 @@ -1,4 +1,4 @@ -SSH-RAND-HELPER(8) OpenBSD System Manager's Manual SSH-RAND-HELPER(8) +SSH-RAND-HELPER(8) System Manager's Manual SSH-RAND-HELPER(8) NAME ssh-rand-helper - Random number gatherer for OpenSSH @@ -46,4 +46,4 @@ SEE ALSO ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) -OpenBSD 3.4 April 14, 2002 1 +BSD April 14, 2002 BSD diff -ruN openssh-3.8p1/ssh-x509.c openssh-3.8p1+x509g3/ssh-x509.c --- openssh-3.8p1/ssh-x509.c 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh-x509.c 2004-02-22 18:34:20.000000000 +0200 @@ -0,0 +1,984 @@ +/* + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "ssh-x509.h" +#include "log.h" +#include +#include "xmalloc.h" +#include "uuencode.h" +#include +#include "bufaux.h" +#include "x509store.h" +#include "compat.h" + +static char* +openssl_errormsg(char *buf, size_t len) { + ERR_error_string_n(ERR_get_error(), buf, len); + + /* clear rest of errors in OpenSSL "error buffer" */ + ERR_clear_error(); + return(buf); +} + + +/* rumen-XXX: X.509 RSASIG check */ +void (*plogx509rsasig)(const char *msg) = NULL; + +#ifndef SSH_X509STORE_DISABLED +static const char* +x509key_find_subject(int _keytype, const char* s) { + static const char *keywords[] = { + "subject", + "distinguished name", + "distinguished-name", + "distinguished_name", + "distinguishedname", + "dn", + NULL + }; + const char **q, *p; + size_t len; + + if (_keytype != KEY_X509_RSA && + _keytype != KEY_X509_DSA) { + debug3("x509key_find_subject: %d is not x509 key ", _keytype); + return(NULL); + } + for (q=keywords; *q; q++) { + len = strlen(*q); + if (strncasecmp(s, *q, len) != 0) continue; + + for (p = s + len; *p && isspace((int)*p); p++) + {/*skip space*/} + if (!*p) { + error("x509key_find_subject: no data after keyword"); + return(NULL); + } + if (*p == ':' || *p == '=') { + for (p++; *p && isspace((int)*p); p++) + {/*skip space*/} + if (!*p) { + error("x509key_find_subject: no data after separator"); + return(NULL); + } + } + if (*p == '/' || *p == ',') { + /*skip leading [Relative]DistinguishedName elements separator*/ + for (p++; *p && isspace((int)*p); p++) + {/*skip space*/} + if (!*p) { + error("x509key_find_subject: no data"); + return(NULL); + } + } + return(p); + } + return(NULL); +} +#endif /*ndef SSH_X509STORE_DISABLED*/ + + +#ifndef SSH_X509STORE_DISABLED +static int +x509key_str2X509NAME(const char* _str, X509_NAME *_name) { + int ret = 1; + char *p, *q, *token; + char ch; + + p = (char*)_str; + while (*p) { + int nid; + for (; *p && isspace((int)*p); p++) + {/*skip space*/} + if (!*p) break; + + /* get shortest token */ + { + char *tokenA = strchr(p, ','); + char *tokenB = strchr(p, '/'); + + if (tokenA == NULL) { + token = tokenB; + } else if (tokenB == NULL) { + token = tokenA; + } else { + token = (tokenA < tokenB) ? tokenA : tokenB; + } + } + if (token) { + ch = *token; + *token = 0; + } else { + ch = 0; + token = p + strlen(p); + } + q = strchr(p, '='); + if (!q) { + error("x509key_str2X509NAME: cannot parse '%.200s' ...", p); + ret = 0; + break; + } + *q = 0; + nid = OBJ_txt2nid(p); +#ifdef SSH_OPENSSL_DN_WITHOUT_EMAIL + if (nid == NID_undef) { + /* work around for OpenSSL 0.9.7+ */ + if (strcasecmp(p, "Email") == 0) { + nid = OBJ_txt2nid("emailAddress"); + } + } +#endif /* def SSH_OPENSSL_DN_WITHOUT_EMAIL */ + *q = '='; + if (nid == NID_undef) { + error("x509key_str2X509NAME: cannot get nid from string '%.200s'", p); + ret = 0; + } else { + p = q + 1; + if (!*p) { + error("x509key_str2X509NAME: no data"); + ret = 0; + } else { /* add */ + char save; + for (q = token - 1; (q >= p) && isspace((int)*q); q--) + {/*skip unexpected \n, etc. from end*/} + + save = *++q; + *q = 0; + ret = X509_NAME_add_entry_by_NID(_name, nid, MBSTRING_ASC, (u_char*)p, q - p, -1, 0); + if (ret <= 0) { + char ebuf[256]; + error("x509key_str2X509NAME: X509_NAME_add_entry_by_NID" + " fail with errormsg='%.256s'" + " for nid=%d/%.32s" + " and data='%.128s'" + , openssl_errormsg(ebuf, sizeof(ebuf)) + , nid, OBJ_nid2ln(nid) + , p); + } + *q = save; + } + } + *token = ch; + if (ret <= 0) { + break; + } + p = token; + if (*p) p++; + } + debug3("x509key_str2X509NAME: return %d", ret); + return(ret); +} +#endif /*ndef SSH_X509STORE_DISABLED*/ + + +#ifndef SSH_X509STORE_DISABLED +Key* +x509key_from_subject(int _keytype, char* _cp) { + int ret = 1; + Key* key = NULL; + X509_NAME *subj; + const char *subject; + + debug3("x509key_from_subject(%d, [%.200s]) called ", _keytype, _cp); + subject = x509key_find_subject(_keytype, _cp); + if (subject == NULL) + return(NULL); + + debug3("x509key_from_subject: subject=[%.200s]", subject); + key = key_new(_keytype); + if (key == NULL) { + error("x509key_from_subject: out of memory"); + return(NULL); + } + + if (ret > 0) { + subj = X509_get_subject_name(key->x509); + if (subj == NULL) { + error("x509key_from_subject: new x509 key without subject"); + ret = 0; + } + } + + if (ret > 0) { + ret = x509key_str2X509NAME(subject, subj); + } + + if (ret <= 0) { + if (key != NULL) { + key_free(key); + key = NULL; + } + } + debug3("x509key_from_subject: return %p", (void*)key); + return(key); +} +#endif /*ndef SSH_X509STORE_DISABLED*/ + + +static Key* +x509_to_key(X509 *x509) { + Key *key = NULL; + EVP_PKEY *env_pkey; + + env_pkey = X509_get_pubkey(x509); + if (env_pkey == NULL) { + char ebuf[256]; + error("x509_to_key: X509_get_pubkey fail %.256s", + openssl_errormsg(ebuf, sizeof(ebuf))); + return(NULL); + } + /*else*/ + debug3("x509_to_key: X509_get_pubkey done!"); + + switch (env_pkey->type) { + case EVP_PKEY_RSA: + key = key_new(KEY_UNSPEC); + key->x509 = x509; + key->rsa = EVP_PKEY_get1_RSA(env_pkey); + key->type = KEY_X509_RSA; +#ifdef DEBUG_PK + RSA_print_fp(stderr, key->rsa, 8); +#endif + break; + + case EVP_PKEY_DSA: + key = key_new(KEY_UNSPEC); + key->x509 = x509; + key->dsa = EVP_PKEY_get1_DSA(env_pkey); + key->type = KEY_X509_DSA; +#ifdef DEBUG_PK + DSA_print_fp(stderr, key->dsa, 8); +#endif + break; + + default: + fatal("ssh_x509_key_size: unknow env_pkey->type %d", env_pkey->type); + /*unreachable code*/ + } + + return(key); +} + + +Key* +x509key_from_blob(const u_char *blob, int blen) { + Key* key = NULL; + BIO *mbio; + + /* convert blob data to BIO certificate data */ + mbio = BIO_new(BIO_s_mem()); + if (mbio == NULL) return(NULL); + BIO_write(mbio, blob, blen); + BIO_flush(mbio); + + debug3("x509key_from_blob:We have %d bytes available in BIO", BIO_pending(mbio)); + + { /* read X509 certificate from BIO data */ + X509* x509 = NULL; + x509 = d2i_X509_bio(mbio, NULL); + if (x509 == NULL) { + /* We will print only debug info !!! + * This method is used in place where we can only check incomming data. + * If data contain x506 certificate blob we will return a key otherwise NULL. + */ + char ebuf[256]; + debug3("x509key_from_blob: read X509 from BIO fail %.256s", + openssl_errormsg(ebuf, sizeof(ebuf))); + } else { + key = x509_to_key(x509); + if (key == NULL) + X509_free(x509); + } + } + + /* This call will walk the chain freeing all the BIOs */ + BIO_free_all(mbio); + return(key); +} + + +static int +x509key_check(const char* method, const Key *key) { + if (key == NULL) + { error("%.50s: no key", method); return(0); } + + if (key->type != KEY_X509_RSA && + key->type != KEY_X509_DSA ) + { error("%.50s: cannot handle key type %d", method, key->type); return(0); } + + if (key->x509 == NULL) + { error("%.50s: no X509 key", method); return(0); } + + return(1); +} + + +int +x509key_to_blob(const Key *key, Buffer *b) { + int len; + void *str; + u_char *p; + + if (!x509key_check("x509key_to_blob", key)) return(0); + + len = i2d_X509(key->x509, NULL); + str = xmalloc(len); /*fatal on error*/ + p = str; + i2d_X509(key->x509, &p); + buffer_append(b, str, len); + xfree(str); + return(1); +} + + +char* +x509key_subject(const Key *key) { + char *buf = NULL; + + if (!x509key_check("x509key_subject", key)) return(buf); + + buf = xmalloc(X509KEY_SUBJECT_MAXLEN); /*fatal on error*/ + X509_NAME_oneline(X509_get_subject_name(key->x509), buf, X509KEY_SUBJECT_MAXLEN); + return(buf); +} + + +int +x509key_write(const Key *key, FILE *f) { + int ret = 0; + Buffer b; + size_t n; + + if (!x509key_check("x509key_write_blob", key)) return(ret); + + buffer_init(&b); + ret = x509key_to_blob(key, &b); + if (ret) { + /* write ssh key name */ + const char *ktype = key_ssh_name(key); + n = strlen(ktype); + ret = ( fwrite(ktype, 1, n, f) == n ) && + ( fwrite(" ", 1, 1, f) == 1 ); + } + if (ret) { + char uu[1<<12]; /* 4096 bytes */ + + n = uuencode(buffer_ptr(&b), buffer_len(&b), uu, sizeof(uu)); + ret = n > 0; + if (ret) { + ret = (fwrite(uu, 1, n, f) == n); + } + } + buffer_free(&b); + return(ret); +} + + +#ifndef SSH_X509STORE_DISABLED +int +x509key_write_subject(const Key *key, FILE *f) { + BIO *out; + char buf[X509KEY_SUBJECT_MAXLEN]; + + if (!x509key_check("x509key_write_subject", key)) return(0); + + out = BIO_new_fp(f, BIO_NOCLOSE); + if (out == NULL) return(0); +#ifdef VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + out = BIO_push(tmpbio, out); + } +#endif + + BIO_puts(out, key_ssh_name(key)); + BIO_puts(out, " Subject:"); + X509_NAME_oneline(X509_get_subject_name(key->x509), buf, sizeof(buf)); + BIO_puts(out, buf); + + BIO_free_all(out); + return(1); +} +#endif /*ndef SSH_X509STORE_DISABLED*/ + + +Key* +x509key_load_cert(Key *key, FILE *fp) { + if (key == NULL) return(NULL); + + if ( (key->type == KEY_RSA) || + (key->type == KEY_DSA) ) { + key->x509 = PEM_read_X509(fp, NULL, NULL, NULL); + if (key->x509 == NULL) { + char ebuf[256]; + debug3("x509key_load_cert: PEM_read_X509 fail %.256s", + openssl_errormsg(ebuf, sizeof(ebuf))); + } + else { + key->type = (key->type == KEY_RSA) ? KEY_X509_RSA : KEY_X509_DSA; + debug("read X509 certificate done: type %.40s", + key ? key_type(key) : ""); + } + } + return(key); +} + + +static int +x509key_save_cert(FILE *fp, X509 *x509) { + int ret = 0; + BIO *out; + char buf[X509KEY_SUBJECT_MAXLEN]; + + out = BIO_new_fp(fp, BIO_NOCLOSE); + if (out == NULL) return(0); +#ifdef VMS + { + BIO *tmpbio = BIO_new(BIO_f_linebuffer()); + out = BIO_push(tmpbio, out); + } +#endif + + BIO_puts(out, "issuer= "); + X509_NAME_oneline(X509_get_issuer_name(x509), buf, sizeof(buf)); + BIO_puts(out, buf); + BIO_puts(out, "\n"); + + BIO_puts(out, "subject= "); + X509_NAME_oneline(X509_get_subject_name(x509), buf, sizeof(buf)); + BIO_puts(out, buf); + BIO_puts(out, "\n"); + { + const char *alstr = (const char*)X509_alias_get0(x509, NULL); + if (alstr == NULL) alstr = ""; + BIO_puts(out, alstr); + BIO_puts(out, "\n"); + } + ret = PEM_write_bio_X509(out, x509); + if (!ret) { + char ebuf[256]; + error("x509key_save_cert: PEM_write_bio_X509 fail %.256s", + openssl_errormsg(ebuf, sizeof(ebuf))); + } + + BIO_free_all(out); + return(ret); +} + + +int +x509key_save_pem( + FILE *fp, + const Key *key, + const EVP_CIPHER *cipher, + u_char *passphrase, + int len +) { + if (!x509key_check("x509key_save_pem", key)) return(0); + + switch (key->type) { + case KEY_X509_DSA: + if (PEM_write_DSAPrivateKey(fp, key->dsa, cipher, passphrase, len, NULL, NULL)) + return(x509key_save_cert(fp, key->x509)); + break; + case KEY_X509_RSA: + if (PEM_write_RSAPrivateKey(fp, key->rsa, cipher, passphrase, len, NULL, NULL)) + return(x509key_save_cert(fp, key->x509)); + break; + } + return(0); +} + + +#ifndef SSH_X509STORE_DISABLED +static int +ssh_ASN1_OBJECT_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) { + int lmin = MIN(a->length, b->length); + + int ret = memcmp(a->data, b->data, lmin); + + return((ret == 0) + ? (b->length - a->length) + : ret); +} +#endif /*ndef SSH_X509STORE_DISABLED*/ + + +#ifndef SSH_X509STORE_DISABLED +static int +ssh_ASN1_STRING_casecmp(const ASN1_STRING *a, const ASN1_STRING *b) +{ + int la = M_ASN1_STRING_length(a); + int lb = M_ASN1_STRING_length(b); + const char *sa = (const char *)M_ASN1_STRING_data(a); + const char *sb = (const char *)M_ASN1_STRING_data(b); + + return((strncasecmp(sa, sb, MIN(la, lb)) != 0) ? (lb - la) : 0); +} +#endif /*ndef SSH_X509STORE_DISABLED*/ + + +#ifndef SSH_X509STORE_DISABLED +/* from RFC2459 + * (d) attribute values in PrintableString are compared after + * removing leading and trailing white space and converting internal + * substrings of one or more consecutive white space characters to a + * single space. + */ +static int +ssh_ASN1_PRINTABLESTRING_casecmp(const ASN1_STRING *a, const ASN1_STRING *b) +{ + int la = M_ASN1_STRING_length(a); + u_char *pa = M_ASN1_STRING_data(a); + int lb = M_ASN1_STRING_length(b); + u_char *pb = M_ASN1_STRING_data(b); + + /* skip leading spaces */ + for (; la > 0 && isspace(*pa); la--, pa++); + for (; lb > 0 && isspace(*pb); lb--, pb++); + + /* skip trailing spaces */ + { + u_char *p; + for (p = pa + la - 1; la > 0 && isspace(*p); la--, p--); + for (p = pb + lb - 1; lb > 0 && isspace(*p); lb--, p--); + } + + while (la > 0 && lb > 0) + { + int chA = tolower(*pa); + int chB = tolower(*pb); + + if (chA != chB) + return(chB - chA); + + pa++; pb++; + la--; lb--; + if (isspace(chA)) { + for (; la > 0 && isspace(*pa); la--, pa++); + for (; lb > 0 && isspace(*pb); lb--, pb++); + } + } + return(lb - la); +} +#endif /*ndef SSH_X509STORE_DISABLED*/ + + +#ifndef SSH_X509STORE_DISABLED +/* + * 1.) + * Since version 0.9.7.beta4 and 0.9.6h OpenSSL function X509_NAME_cmp + * is more restrictive but more correct (!). + * Problem is that some x509 implementation set X509_NAME entry + * incorrectly to "Printable String" :-[ . + * O.K. when one entry is "Printable String" we will compare + * to corresponding entry as "Printable String". + * 2.) + * OpenSSL functions X509_NAME_cmp check nids order in X509_NAME. + * i.e. X509_NAME{"/C=XX/O=YY"} is not equal to X509_NAME{"/O=YY/C=XX"} + */ +static int +ssh_X509_NAME_cmp(X509_NAME *_a, X509_NAME *_b) { + int k, n; + X509_NAME *b; + + + k = sk_X509_NAME_ENTRY_num(_a->entries); + n = sk_X509_NAME_ENTRY_num(_b->entries); + + if (k != n) + return(n - k); + + b = X509_NAME_dup(_b); + n = 0; + for (--k; k >= 0; k--) { + X509_NAME_ENTRY *neA; + ASN1_STRING *nvA; + int nid; + X509_NAME_ENTRY *neB; + ASN1_STRING *nvB; + int loc; + + neA = sk_X509_NAME_ENTRY_value(_a->entries, k); + nvA = neA->value; + nid = OBJ_obj2nid(neA->object); + loc = X509_NAME_get_index_by_NID(b, nid, -1); + if (loc < 0) { + char buf1[X509KEY_SUBJECT_MAXLEN]; + char buf2[X509KEY_SUBJECT_MAXLEN]; + + X509_NAME_oneline(_a, buf1, sizeof(buf1)); + X509_NAME_oneline(_b, buf2, sizeof(buf2)); + debug3("ssh_X509_NAME_cmp: insufficient entries with nid=%d(%.40s) in second name." + " na=%.*s, nb=%.*s", + nid, OBJ_nid2ln(nid), + (int) sizeof(buf1), buf1, + (int) sizeof(buf1), buf2); + n = -1; + break; + } +trynextentry: + neB = sk_X509_NAME_ENTRY_value(b->entries, loc); + nvB = neB->value; +#ifdef SSHX509TEST +{ + int la = M_ASN1_STRING_length(nvA); + u_char *pa = M_ASN1_STRING_data (nvA); + int lb = M_ASN1_STRING_length(nvB); + u_char *pb = M_ASN1_STRING_data (nvB); + + logit("nvA='%*s', nvB='%*s'", la, pa, lb, pb); +} +#endif + + if (nid == NID_pkcs9_emailAddress) { + int tag; + + tag = M_ASN1_STRING_type(nvA); + if (tag != V_ASN1_IA5STRING) { + /* to be strict and return nonzero or ... ? XXX + n = -1; + break; + */ + error("ssh_X509_NAME_cmp: incorrect type for emailAddress(a) %d(%.30s)", tag, ASN1_tag2str(tag)); + } + + tag = M_ASN1_STRING_type(nvB); + if (tag != V_ASN1_IA5STRING) { + /* to be strict and return nonzero or ... ? XXX + n = 1; + break; + */ + error("ssh_X509_NAME_cmp: incorrect type for emailAddress(b) %d(%.30s)", tag, ASN1_tag2str(tag)); + } + + n = ssh_ASN1_STRING_casecmp(nvA, nvB); + if (n == 0) goto entryisok; + + goto getnextentry; + } + if ((M_ASN1_STRING_type(nvA) == V_ASN1_PRINTABLESTRING) || + (M_ASN1_STRING_type(nvB) == V_ASN1_PRINTABLESTRING) ) { + int tag; + + tag = M_ASN1_STRING_type(nvA); + if (tag != V_ASN1_PRINTABLESTRING) + debug("ssh_X509_NAME_cmp: X509_NAME_ENTRY(a)->type=%d(%.30s) is not PrintableString", tag, ASN1_tag2str(tag)); + + tag = M_ASN1_STRING_type(nvB); + if (tag != V_ASN1_PRINTABLESTRING) + debug("ssh_X509_NAME_cmp: X509_NAME_ENTRY(b)->type=%d(%.30s) is not PrintableString", tag, ASN1_tag2str(tag)); + + n = ssh_ASN1_PRINTABLESTRING_casecmp(nvA, nvB); + if (n == 0) goto entryisok; + + goto getnextentry; + } + + n = M_ASN1_STRING_length(nvA) - M_ASN1_STRING_length(nvB); + if (n != 0) goto getnextentry; + + n = M_ASN1_STRING_length(nvA); + n = memcmp(nvA->data, nvB->data, n); + if (n != 0) goto getnextentry; + + /* openssl check object too */ + n = ssh_ASN1_OBJECT_cmp(neA->object, neB->object); + if (n != 0) goto getnextentry; + +entryisok: + { + X509_NAME_ENTRY *ne = X509_NAME_delete_entry(b, loc); + X509_NAME_ENTRY_free(ne); + } + continue; +getnextentry: + loc = X509_NAME_get_index_by_NID(b, nid, loc); + if (loc < 0) { + break; + } + goto trynextentry; + } + + X509_NAME_free(b); + return(n); +} +#endif /*ndef SSH_X509STORE_DISABLED*/ + + +#ifndef SSH_X509STORE_DISABLED +/* + * We can check only by Subject (Distinguished Name): + * - sshd receive from client only x509 certificate !!! + * - sshadd -d ... send only x509 certificate !!! + * - otherwise Key might contain private key + */ +int +ssh_x509_equal(const Key *a, const Key *b) { + if (!x509key_check("ssh_x509_equal", a)) return(1); + if (!x509key_check("ssh_x509_equal", b)) return(-1); + +#if 1 +/* + * We must use own method to compare two X509_NAMEs instead of OpenSSL + * function[s]! See notes before body of "ssh_X509_NAME_cmp()". + */ + { + X509_NAME *nameA = X509_get_subject_name(a->x509); + X509_NAME *nameB = X509_get_subject_name(b->x509); + return(ssh_X509_NAME_cmp(nameA, nameB)); + } +#else + return(X509_subject_name_cmp(a->x509, b->x509)); +#endif +} +#endif /*ndef SSH_X509STORE_DISABLED*/ + + +int +ssh_x509_sign( + const Key *key, + u_char **psignature, u_int *psignaturelen, + const u_char *data, u_int datalen +) { + int ret = -1; + u_char sigret[256]; + u_int siglen; + + if (!x509key_check("ssh_x509_sign", key)) return(ret); + if ((key->rsa == NULL) && (key->dsa == NULL)) { + error("ssh_x509_sign: missing private key"); + return(ret); + } + + debug3("ssh_x509_sign: key_type=%.20s, key_ssh_name=%.40s", key_type(key), key_ssh_name(key)); + ret = 1; + { + EVP_PKEY *privkey = EVP_PKEY_new(); + if (privkey == NULL) { + error("ssh_x509_sign: out of memory"); + ret = -1; + } + else { + ret = (key->rsa) + ? EVP_PKEY_set1_RSA(privkey, key->rsa) + : EVP_PKEY_set1_DSA(privkey, key->dsa); + + if (ret <= 0) { + char ebuf[256]; + error("ssh_x509_sign: EVP_PKEY_set1_XXX: failed %.256s", + openssl_errormsg(ebuf, sizeof(ebuf))); + } + } + + if (ret > 0) { + EVP_MD_CTX ctx; + const EVP_MD *evp_md; + if (key->rsa) { + evp_md = (x509rsasigtype == SSH_X509RSA_SHA1) ? EVP_sha1() : EVP_md5(); + } else { + evp_md = EVP_dss1(); + } + + debug3("ssh_x509_sign: evp_md { %d(%.30s), %d(%.30s), %d, ... }", + evp_md->type, OBJ_nid2ln(evp_md->type), + evp_md->pkey_type, OBJ_nid2ln(evp_md->pkey_type), + evp_md->md_size); + + EVP_SignInit(&ctx, evp_md); + EVP_SignUpdate(&ctx, data, datalen); + + if (ret > 0) { + ret = EVP_SignFinal(&ctx, sigret, &siglen, privkey); + if (ret <= 0) { + char ebuf[256]; + error("ssh_x509_sign: digest failed: %.256s", + openssl_errormsg(ebuf, sizeof(ebuf))); + } + } + } + EVP_PKEY_free(privkey); + } + if (ret > 0) { + Buffer b; + + buffer_init(&b); + buffer_put_cstring(&b, key_ssh_name(key)); + buffer_put_string(&b, sigret, siglen); + + { + u_int len = buffer_len(&b); + if (psignaturelen != NULL) + *psignaturelen = len; + + if (psignature != NULL) { + *psignature = xmalloc(len); /*fatal on error*/ + memcpy(*psignature, buffer_ptr(&b), len); + } + } + buffer_free(&b); + } + ret = ret > 0 ? 0 : -1; + debug3("ssh_x509_sign: return %d", ret); + return(ret); +} + + +int +ssh_x509_verify( + const Key *key, + const u_char *signature, u_int signaturelen, + const u_char *data, u_int datalen +) { + int ret = -1; + u_char *sigblob = NULL; + uint len = 0; + + if (!x509key_check("ssh_x509_verify", key)) return(ret); + + { /* get signature data only */ + Buffer b; + buffer_init(&b); + buffer_append(&b, signature, signaturelen); + + { /* check signature key type */ + char *ktype = buffer_get_string(&b, NULL); + debug3("ssh_x509_verify: signature key type = %.40s", ktype); + ret = strcmp("x509v3-sign-rsa", ktype) == 0 || + strcmp("x509v3-sign-dss", ktype) == 0; + if (!ret) { + error("ssh_x509_verify: cannot handle signature key type %.40s", ktype); + } + xfree(ktype); + } + + if (ret > 0) { + sigblob = buffer_get_string(&b, &len); + } + + if (ret > 0) { + int rlen = buffer_len(&b); + if (rlen != 0) { + error("ssh_x509_verify: remaining bytes in signature %d", rlen); + ret = -1; + } + } + buffer_free(&b); + } + + if (ret > 0 ) { + EVP_PKEY* pubkey = X509_get_pubkey(key->x509); + if (pubkey == NULL) { + error("ssh_x509_verify: no 'X509 Public Key'"); + ret = -1; + } + + if (ret > 0) { + EVP_MD_CTX ctx; + const EVP_MD *evp_md; + if (key->rsa) { + evp_md = (x509rsasigtype == SSH_X509RSA_SHA1) ? EVP_sha1() : EVP_md5(); + } else { + evp_md = EVP_dss1(); + } + debug3("ssh_x509_verify: evp_md { %d(%.30s), %d(%.30s), %d, ... }", + evp_md->type, OBJ_nid2ln(evp_md->type), + evp_md->pkey_type, OBJ_nid2ln(evp_md->pkey_type), + evp_md->md_size); + + EVP_VerifyInit(&ctx, evp_md); + EVP_VerifyUpdate(&ctx, data, datalen); + ret = EVP_VerifyFinal(&ctx, sigblob, len, pubkey); + if ((ret <= 0) && key->rsa) { + /* rumen-XXX: X.509 RSASIG check */ + evp_md = (x509rsasigtype == SSH_X509RSA_SHA1) ? EVP_md5() : EVP_sha1(); + debug3("ssh_x509_verify: evp_md { %d(%.30s), %d(%.30s), %d, ... }", + evp_md->type, OBJ_nid2ln(evp_md->type), + evp_md->pkey_type, OBJ_nid2ln(evp_md->pkey_type), + evp_md->md_size); + + EVP_VerifyInit(&ctx, evp_md); + EVP_VerifyUpdate(&ctx, data, datalen); + ret = EVP_VerifyFinal(&ctx, sigblob, len, pubkey); + if (ret > 0) { + const char *pmsg; + if (x509rsasigtype == SSH_X509RSA_SHA1) + pmsg = "X509COMPAT: RSA succeed for md5 digest"; + else + pmsg = "X509COMPAT: RSA succeed for sha1 digest"; + if (plogx509rsasig) + plogx509rsasig(pmsg); + else + logit(pmsg); + } + } + if (ret <= 0) { + char ebuf[256]; + error("ssh_x509_verify: verify failed: %.256s", + openssl_errormsg(ebuf, sizeof(ebuf))); + ret = 0; + } + } + EVP_PKEY_free(pubkey); /* XXX ?*/ + } + if (sigblob) { + memset(sigblob, 's', len); + xfree(sigblob); + sigblob = NULL; + } + if (ret > 0) { + ret = ssh_x509cert_check(key->x509); + } + ret = ret > 0 ? 1 : (ret < 0 ? -1 : 0); + debug3("ssh_x509_verify: return %d", ret); + return(ret); +} + + +u_int +ssh_x509_key_size(const Key *key) { + EVP_PKEY *pkey; + int k = 0; + + if (!x509key_check("key_size", key)) goto done; + + pkey = X509_get_pubkey(key->x509); + if (pkey == NULL) goto done; + + switch(pkey->type) { + case EVP_PKEY_RSA: + /* BN_num_bits return int (!): XXX */ + k = BN_num_bits(pkey->pkey.rsa->n); + break; + case EVP_PKEY_DSA: + /*OpenSSH like this*/ + k = BN_num_bits(pkey->pkey.dsa->p); + break; + default: + fatal("ssh_x509_key_size: unknow pkey->type %d", pkey->type); + /*unreachable code*/ + } + EVP_PKEY_free(pkey); +done: + return((u_int) k); +} diff -ruN openssh-3.8p1/ssh-x509.h openssh-3.8p1+x509g3/ssh-x509.h --- openssh-3.8p1/ssh-x509.h 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/ssh-x509.h 2004-02-22 18:24:36.000000000 +0200 @@ -0,0 +1,71 @@ +#ifndef SSH_X509_H +#define SSH_X509_H +/* + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + + +#include "includes.h" +#include "key.h" +#include "buffer.h" + + +#ifndef SSH_X509STORE_DISABLED +/* + * Method return a key(x509) only with "Subject"("Distinguished Name") ! + */ +Key* x509key_from_subject(int _keytype, char* _cp); +#endif /*ndef SSH_X509STORE_DISABLED*/ + + +Key* x509key_from_blob(const u_char *blob, int blen); +int x509key_to_blob(const Key *key, Buffer *b); + +#define X509KEY_SUBJECT_MAXLEN 512 +char* x509key_subject(const Key *key); + +/* + * Method write x509 certificate as blob. + */ +int x509key_write(const Key *key, FILE *f); +#ifndef SSH_X509STORE_DISABLED +/* + * Method write x509 certificate subject. + */ +int x509key_write_subject(const Key *key, FILE *f); +#endif /*ndef SSH_X509STORE_DISABLED*/ + +Key* x509key_load_cert(Key *key, FILE *fp); + +int x509key_save_pem(FILE *fp, const Key *key, const EVP_CIPHER *cipher, u_char *passphrase, int len); + + +#ifndef SSH_X509STORE_DISABLED +int ssh_x509_equal(const Key *a, const Key *b); +#endif /*ndef SSH_X509STORE_DISABLED*/ +int ssh_x509_sign(const Key *key, u_char **psignature, u_int *psignaturelen, const u_char *data, u_int datalen); +int ssh_x509_verify(const Key *key, const u_char *signature, u_int signaturelen, const u_char *data, u_int datalen); +u_int ssh_x509_key_size(const Key *key); + + +#endif /* SSH_X509_H */ diff -ruN openssh-3.8p1/tests/CA/1-cre_cadb.sh openssh-3.8p1+x509g3/tests/CA/1-cre_cadb.sh --- openssh-3.8p1/tests/CA/1-cre_cadb.sh 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/tests/CA/1-cre_cadb.sh 2004-02-16 20:59:15.000000000 +0200 @@ -0,0 +1,247 @@ +#!/bin/sh +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# DESCRIPTION: Create a new certificate authority config and database. +# + +CWD=`pwd` +SCRIPTDIR=`echo $0 | sed 's/1-cre_cadb.sh$//'` +. "${SCRIPTDIR}shell.rc" +. "${SCRIPTDIR}functions" +. "${SCRIPTDIR}config" + + +# === +# args: +# $1 type +echo_CA_common_options () { +cat < "$1" +[ ca ] +default_ca = CA_OpenSSH_rsa_md5 + + +# For the CA policy +[ policy_match ] +countryName = match +stateOrProvinceName = match +organizationName = match +organizationalUnitName = optional +commonName = supplied +emailAddress = optional + + +[ req ] +default_bits = 1024 +distinguished_name = req_distinguished_name +attributes = req_attributes +#prompt = no + +# The extensions to add to a certificate request: +#???req_extensions = usr_cert + + +[ req_distinguished_name ] +countryName = Country Name (2 letter code) +countryName_default = $SSH_DN_C +countryName_min = 2 +countryName_max = 2 + +stateOrProvinceName = State or Province Name (full name) +stateOrProvinceName_default = $SSH_DN_ST + +localityName = Locality Name (eg, city) +localityName_default = $SSH_DN_L + +0.organizationName = Organization Name (eg, company) +0.organizationName_default = $SSH_DN_O + +0.organizationalUnitName = Organizational Unit1 Name (eg, section1 - optional) +0.organizationalUnitName_default = ${SSH_DN_OU}-1 + +1.organizationalUnitName = Organizational Unit2 Name (eg, section2 - optional) +1.organizationalUnitName_default = ${SSH_DN_OU}-2 + +2.organizationalUnitName = Organizational Unit3 Name (eg, section3 - optional) +2.organizationalUnitName_default = ${SSH_DN_OU}-3 + +commonName = Common Name (eg, YOUR name) +commonName_min = 2 +commonName_max = 64 + +emailAddress = Email Address (optional) +emailAddress_max = 40 +emailAddress_default = $SSH_DN_EM + + +[ req_attributes ] +challengePassword = A challenge password +challengePassword_min = 4 +challengePassword_max = 20 +EOF + + +# X.509 extensions: SSH client certificates +cat << EOF >> "$1" + + +[ usr_cert ] +# These extensions are added when 'ca' signs a request. +basicConstraints=CA:FALSE +nsCertType = client, email + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Client Test Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +EOF + + +# X.509 extensions: SSH server certificates +cat << EOF >> "$1" + + +[ srv_cert ] +# These extensions are added when 'ca' signs a request. +basicConstraints = CA:FALSE + +# To test OpenSSH hostbased authentication we need +# following certificate purposes: +nsCertType = server,client +# Normal for server certificate is: +#nsCertType = server +# but in last case me must disable check of certificate purposes +# in sshd_config otherwise hostbased fail. + +# This is typical in keyUsage for a client certificate. +# keyUsage = nonRepudiation, digitalSignature, keyEncipherment + +# This will be displayed in Netscape's comment listbox. +nsComment = "OpenSSL Generated Server Test Certificate" + +# PKIX recommendations harmless if included in all certificates. +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +EOF + + +for DIGEST in ${RSA_DIGEST_LIST}; do +( cat << EOF + + +[ CA_OpenSSH_rsa_${DIGEST} ] +EOF + echo_CA_common_options "rsa_${DIGEST}" + cat << EOF +# which md to use: +default_md = ${DIGEST} + +# The private key (!) +private_key = "${SSH_CAKEYDIR}/${CAKEY_PREFIX}-rsa.key" + +#The CA certificate (!) +certificate = "${SSH_CACERTDIR}/${CAKEY_PREFIX}-rsa_${DIGEST}.crt.pem" +EOF +) >> "$1" +done + +( cat << EOF + + +[ CA_OpenSSH_dsa ] +EOF + echo_CA_common_options "dsa" + cat << EOF +# which md to use: +default_md = sha1 + +# The private key (!) +private_key = "${SSH_CAKEYDIR}/${CAKEY_PREFIX}-dsa.key" + +#The CA certificate (!) +certificate = "${SSH_CACERTDIR}/${CAKEY_PREFIX}-dsa.crt.pem" +EOF +) >> "$1" +} + + +# === +cre_db () { +( + var="${SSH_CAROOT}" + + if test ! -d "$var"; then + mkdir -p "$var" || exit $? + else + count=`getNextDirName "${var}"` || exit $? + if test -d "${var}"; then + printf '%s' "saving old directoty as ${attn}${var}.${warn}${count}${norm} ... " + mv "${var}" "${var}.${count}"; show_status $? || exit $? + fi + fi + + mkdir -p "$var" && + mkdir "$var/crt" && + mkdir "$var/crl" || + exit $? + + for type in ${SSH_SIGN_TYPES}; do + create_empty_file "$var/index-${type}.txt" || exit $? + done + + mkdir "$var/newcerts" && + echo '200402160906000001' > "$var/serial" +) +} + + +# === + +cre_config "${TMPDIR}/${CACONFIG}" && +cre_db && +update_file "${TMPDIR}/${CACONFIG}" "${SSH_CACFGFILE}"; retval=$? + +show_status $retval "${extd}Creating${norm} ${warn}TEST${norm} ${attn}Certificate Authority Database${norm}" diff -ruN openssh-3.8p1/tests/CA/2-cre_cakeys.sh openssh-3.8p1+x509g3/tests/CA/2-cre_cakeys.sh --- openssh-3.8p1/tests/CA/2-cre_cakeys.sh 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/tests/CA/2-cre_cakeys.sh 2004-02-16 22:24:38.000000000 +0200 @@ -0,0 +1,253 @@ +#!/bin/sh +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# DESCRIPTION: Create "Test Certificate Authority" private keys and certificates. +# + +CWD=`pwd` +SCRIPTDIR=`echo $0 | sed 's/2-cre_cakeys.sh$//'` +. "${SCRIPTDIR}shell.rc" +. "${SCRIPTDIR}functions" +. "${SCRIPTDIR}config" + + +OPENSSH_LOG="$CWD/openssh_ca-2.log" +create_empty_file .delmy && +update_file .delmy "$OPENSSH_LOG" > /dev/null || exit $? + + +# === +SSH_DN_OU="OpenSSH Test CA Root" +SSH_DN_CN_BASE="OpenSSH Test CA key" + + +echo_SSH_CA_DN () { +cat </dev/null + +$OPENSSL genrsa ${RSA_OPT} \ + -passout pass:${KEY_PASS} \ + -out "${TMPDIR}/${CAKEY_PREFIX}-rsa.key" 1024 \ + 2>> "$OPENSSH_LOG" \ +; show_status $? "generating ${extd}TEST CA${norm} ${attn}rsa${norm} private key" \ +|| return $? + +for DIGEST in ${RSA_DIGEST_LIST}; do + +rm -f "${TMPDIR}/${CAKEY_PREFIX}-rsa_${DIGEST}.crt" 2>/dev/null + +echo_SSH_CA_DN "rsa_${DIGEST}" | +$OPENSSL req \ + -new -x509 \ + -config "${SSH_CACFGFILE}" \ + -days $SSH_CACERTDAYS \ + -passin pass:${KEY_PASS} \ + -key "${TMPDIR}/${CAKEY_PREFIX}-rsa.key" \ + -${DIGEST} \ + -out "${TMPDIR}/${CAKEY_PREFIX}-rsa_${DIGEST}.crt" \ + 2>> "$OPENSSH_LOG" \ +; show_status $? "generating ${extd}TEST CA${norm} ${attn}rsa-${DIGEST}${norm} certificate" \ +|| return $? + +done + +return 0 +} + + +# === +gen_dsa () { +DSA_OPT="" +if [ -f /etc/random-seed ]; then + DSA_OPT="${DSA_OPT} -rand /etc/random-seed" +fi + +rm -f "${TMPDIR}/${CAKEY_PREFIX}-dsa.prm" 2>/dev/null +$OPENSSL dsaparam ${DSA_OPT} \ + -out "${TMPDIR}/${CAKEY_PREFIX}-dsa.prm" 1024\ + 2>> "$OPENSSH_LOG";\ +show_status $? "generating ${extd}DSA parameter file${norm}" \ +|| return $? + +rm -f "${TMPDIR}/${CAKEY_PREFIX}-dsa.key" 2>/dev/null +DSA_OPT="${DSA_OPT} -des3" +$OPENSSL gendsa ${DSA_OPT} \ + -passout pass:${KEY_PASS} \ + -out "${TMPDIR}/${CAKEY_PREFIX}-dsa.key" \ + "${TMPDIR}/${CAKEY_PREFIX}-dsa.prm" \ + 2>> "$OPENSSH_LOG" \ +; show_status $? "generating ${extd}TEST CA${norm} ${attn}dsa${norm} private key" \ +|| return $? + + +#request & ceritificate +rm -f "${TMPDIR}/${CAKEY_PREFIX}-dsa.crt" 2>/dev/null + +echo_SSH_CA_DN "dsa" | +$OPENSSL req \ + -new -x509 \ + -config "${SSH_CACFGFILE}" \ + -days $SSH_CACERTDAYS \ + -passin pass:${KEY_PASS} \ + -key "${TMPDIR}/${CAKEY_PREFIX}-dsa.key" \ + -out "${TMPDIR}/${CAKEY_PREFIX}-dsa.crt" \ + 2>> "$OPENSSH_LOG" \ +; show_status $? "generating ${extd}TEST CA${norm} ${attn}dsa-sha1${norm} certificate" \ +|| return $? + +return 0 +} + + +# === +crt2bundle () { +( + val="$1" + test -z "${val}" && { echo ${warn}missing DN${norm} >&2; return 1; } + + echo + echo ${val} + echo ${val} | sed -e 's/./=/g' + $OPENSSL x509 -inform PEM -in "${2}" -fingerprint -noout || exit $? + echo PEM data: + $OPENSSL x509 -inform PEM -in "${2}" -trustout || exit $? + echo Certificate Ingredients: + $OPENSSL x509 -inform PEM -in "${2}" -text -noout || exit $? + + exit 0 +) +} + + +# === +install () { +( + for D in \ + "${SSH_CAROOT}" \ + "${SSH_CAKEYDIR}" \ + "${SSH_CACERTDIR}" \ + ; do + if test ! -d "$D"; then + mkdir -p "${D}" || exit $? + fi + done + chmod 700 "${SSH_CAKEYDIR}" || exit $? + + update_file "${TMPDIR}/${CAKEY_PREFIX}-dsa.prm" "${SSH_CAROOT}/${CAKEY_PREFIX}-dsa.prm" && + for type in rsa dsa; do + F="${CAKEY_PREFIX}-${type}.key" + update_file "${TMPDIR}/${F}" "${SSH_CAKEYDIR}/${F}" && + chmod 400 "${SSH_CAKEYDIR}/${F}" || exit $? + done + + for type in ${SSH_SIGN_TYPES}; do + F="${CAKEY_PREFIX}-${type}.crt" + update_file "${TMPDIR}/${F}" "${SSH_CACERTDIR}/${F}.pem" || exit $? + done + + create_empty_file "${TMPDIR}/${CACERTFILE}" && + for type in ${SSH_SIGN_TYPES}; do + F="${SSH_CACERTDIR}/${CAKEY_PREFIX}-${type}.crt.pem" + crt2bundle "$SSH_DN_OU" "${F}" >> "${TMPDIR}/${CACERTFILE}" || exit $? + done + + update_file "${TMPDIR}/${CACERTFILE}" "${SSH_CAROOT}/${CACERTFILE}" +) +} + + +# === +cre_hash_link () { +( +#option -noout problem: +#exit code from .../openssl ... -noout ... is sometime nonzero !!! +#might only by .../openssl x509 ... -noout ... exit code is zero +#sample: +#a) exit code is one - INCORRECT +# .../openssl crl -in a_crl_file -hash -noout +#b) exit code is zero - correct +# .../openssl crl -in a_crl_file -hash -out /dev/null +# +#work around might is to use -out /dev/null :-/ + HASH=`$OPENSSL x509 -in "$1" -noout -hash` || exit $? + NAME=`getNextFreeName ${HASH}.` || exit $? + + echo "creating link ${attn}${NAME}${norm} to ${attn}$1${norm}" + rm -f "${NAME}" && + ln -s "$1" "${NAME}" || exit $? + #link might never fail ;-( + test -h "${NAME}" +) +} + + +cre_hashs () { +#(!) openssl script "c_rehash" is missing in some installations :-( +# c_rehash "${SSH_CACERTDIR}" +( + cd "${SSH_CACERTDIR}" || exit $? + + for F in [0-9a-f]*.[0-9]; do + # we must use test -L, but on ?-OSes ... :-( + if test -h "$F"; then + rm -f "$F" || exit $? + fi + done + + for type in ${SSH_SIGN_TYPES}; do + cre_hash_link "${CAKEY_PREFIX}-${type}.crt.pem" || exit $? + done + + exit 0 +) +} + + +# === + +gen_rsa && +gen_dsa && +install && +cre_hashs; retval=$? + +show_status $retval "${extd}Creating${norm} ${warn}TEST${norm} ${attn}Certificate Authority${norm}" +echo "${warn}password for all private keys is ${attn}${KEY_PASS}${norm}" +exit $retval diff -ruN openssh-3.8p1/tests/CA/3-cre_certs.sh openssh-3.8p1+x509g3/tests/CA/3-cre_certs.sh --- openssh-3.8p1/tests/CA/3-cre_certs.sh 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/tests/CA/3-cre_certs.sh 2004-02-21 22:09:36.000000000 +0200 @@ -0,0 +1,263 @@ +#!/bin/sh +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# DESCRIPTION: Create certificate(s). +# + +CWD=`pwd` +SCRIPTDIR=`echo $0 | sed 's/3-cre_certs.sh$//'` +. "${SCRIPTDIR}shell.rc" +. "${SCRIPTDIR}functions" +. "${SCRIPTDIR}config" + +usage () { + cat < + -f[ile] [ssh]key_file_name + -t[ype] certificate type: client or server + -n[ame] "base" common name +EOF + exit 1 +} + +test "x$TEST_SSH_SSHKEYGEN" = "x" && { echo "Please define TEST_SSH_SSHKEYGEN"; exit 1; } +test -z "$1" && usage + +while ! test -z "$1"; do + case $1 in + -f|\ + -file) + shift + if test -z "$1"; then + usage + fi + if ! test -z "${SSH_BASE_KEY}"; then + usage + fi + SSH_BASE_KEY="$1" + shift + ;; + + -t|\ + -type) + shift + if test -z "$1"; then + usage + fi + if ! test -z "$SSH_CERT_TYPE"; then + usage + fi + SSH_CERT_TYPE="$1" + shift + case $SSH_CERT_TYPE in + client) + SSH_X509V3_EXTENSIONS="usr_cert" + ;; + server) + SSH_X509V3_EXTENSIONS="srv_cert" + ;; + *) + echo "${warn}wrong type${norm}" + usage + ;; + esac + ;; + + -n|\ + -name) + shift + if test -z "$1"; then + usage + fi + if ! test -z "${SSH_BASE_DN_CN}"; then + usage + fi + SSH_BASE_DN_CN="$1" + shift + ;; + + *) + usage + ;; + esac +done + +test -z "${SSH_BASE_KEY}" && usage +test ! -r "${SSH_BASE_KEY}" && { error_file_not_readable; exit 1; } +test -z "${SSH_BASE_DN_CN}" && usage +test -z "${SSH_CERT_TYPE}" && usage + + +OPENSSH_LOG="$CWD/openssh_ca-3.${SSH_BASE_KEY}.${SSH_X509V3_EXTENSIONS}.log" +create_empty_file .delmy && +update_file .delmy "$OPENSSH_LOG" > /dev/null || exit $? + + +# === +cre_csr () { + echo "=== create a new CSR ===" >> "$OPENSSH_LOG" + ( + if test "$SSH_X509V3_EXTENSIONS" != "usr_cert"; then + SSH_DN_EM="." + fi + + cat <> "$OPENSSH_LOG" \ + ; show_status $? "- ${extd}CSR${norm}" +} + + +# === +cre_crt () { + echo "=== create a new CRT ===" >> "$OPENSSH_LOG" + $OPENSSL ca \ + -config "${SSH_CACFGFILE}" \ + -batch \ + -in "${TMPDIR}/${SSH_X509V3_EXTENSIONS}-${type}${subtype}.csr" \ + -name "CA_OpenSSH_${type}" \ + -passin pass:$KEY_PASS \ + -out "${TMPDIR}/${SSH_X509V3_EXTENSIONS}-${type}${subtype}.crt" \ + -extensions ${SSH_X509V3_EXTENSIONS} \ + 2>> "$OPENSSH_LOG" \ + ; show_status $? "- ${extd}CRT${norm}" || + { retval=$? + printf '%s' "${warn}" + grep 'ERROR:' "$OPENSSH_LOG" + printf '%s' "${norm}" + return $retval + } + + sync + $OPENSSL verify \ + -CAfile "${SSH_CACERTDIR}/${CAKEY_PREFIX}-${type}.crt.pem" \ + "${TMPDIR}/${SSH_X509V3_EXTENSIONS}-${type}${subtype}.crt" && + rm -f "${TMPDIR}/${SSH_X509V3_EXTENSIONS}-${type}${subtype}.csr" || + return $? + + printf '%s' '- ' && + update_file \ + "${TMPDIR}/${SSH_X509V3_EXTENSIONS}-${type}${subtype}.crt" \ + "${SSH_BASE_KEY}-${type}${subtype}.crt" +} + + +# === +cre_OpenSSH_Crt () { + printf '%s' "- ${extd}OpenSSH certificate${norm}" + ( cat "${SSH_BASE_KEY}" + $OPENSSL x509 -in "${SSH_BASE_KEY}-${type}${subtype}.crt" -subject -issuer -alias + ) > "${SSH_BASE_KEY}-${type}${subtype}" && + chmod 600 "${SSH_BASE_KEY}-${type}${subtype}" \ + ; show_status $? +} + + +cre_OpenSSH_PubKey () { + printf '%s' "- ${extd}OpenSSH public key${norm}" + "$TEST_SSH_SSHKEYGEN" -y -f "${SSH_BASE_KEY}-${type}${subtype}" \ + > "${SSH_BASE_KEY}-${type}${subtype}.pub" \ + ; show_status $? +} + + +cre_P12_Crt () { + printf '%s' "- ${extd}PKCS #12${norm} file" + $OPENSSL pkcs12 \ + -passin pass:"" \ + -passout pass:"" \ + -in "${SSH_BASE_KEY}-${type}${subtype}" \ + -out "${SSH_BASE_KEY}-${type}${subtype}".p12 \ + -export \ + ; show_status $? +} + + +revoke_crt () { + echo "=== revoke a CRT ===" >> "$OPENSSH_LOG" + printf '%s' "- ${extd}revoke${norm} certificate" + $OPENSSL ca \ + -config "${SSH_CACFGFILE}" \ + -name "CA_OpenSSH_${type}" \ + -passin pass:$KEY_PASS \ + -revoke "${SSH_BASE_KEY}-${type}${subtype}.crt" \ + 2>> "$OPENSSH_LOG" \ + ; show_status $? +} + + +# === +cre_all2 () { + echo + printf '%s\n' "creating ${extd}${SSH_X509V3_EXTENSIONS}${norm} for ${extd}${SSH_BASE_DN_CN}${norm}(${attn}${type}${norm}${warn}${subtype}${norm}) ..." + + cre_csr && + cre_crt || return $? + + cre_OpenSSH_Crt && + cre_OpenSSH_PubKey && + cre_P12_Crt +} + + +# === +cre_all () { +( + subtype="" + for type in ${SSH_SIGN_TYPES}; do + cre_all2 || exit $? + done + + test "$SSH_X509V3_EXTENSIONS" = "srv_cert" && exit 0 + + subtype="-revoked" + for type in ${SSH_SIGN_TYPES}; do + cre_all2 && + revoke_crt || exit $? + done + + exit 0 +) +} + +# === + +cre_all; retval=$? + +echo +show_status $retval "${extd}Creating${norm} ${attn}${SSH_BASE_DN_CN}${norm} group of ${warn}test${norm} certificates" diff -ruN openssh-3.8p1/tests/CA/4-cre_crls.sh openssh-3.8p1+x509g3/tests/CA/4-cre_crls.sh --- openssh-3.8p1/tests/CA/4-cre_crls.sh 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/tests/CA/4-cre_crls.sh 2004-02-16 21:02:12.000000000 +0200 @@ -0,0 +1,113 @@ +#!/bin/sh +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# DESCRIPTION: Create "Test Certificate Authority" CRLs. +# + +CWD=`pwd` +SCRIPTDIR=`echo $0 | sed 's/4-cre_crls.sh$//'` +. "${SCRIPTDIR}shell.rc" +. "${SCRIPTDIR}functions" +. "${SCRIPTDIR}config" + + +OPENSSH_LOG="$CWD/openssh_ca-4.log" +create_empty_file .delmy && +update_file .delmy "$OPENSSH_LOG" > /dev/null || exit $? + + +# === +cre_crlfile() { +( + type="$1" + + cd "${SSH_CACRLDIR}" || exit $? + + FILE="${CAKEY_PREFIX}-${type}.crl.pem" + + printf '%s' "- ${attn}${type}${norm} certificates" + ${OPENSSL} ca \ + -config "${SSH_CACFGFILE}" \ + -name "CA_OpenSSH_${type}" \ + -passin pass:${KEY_PASS} \ + -gencrl \ + -out "${FILE}" \ + 2>> "$OPENSSH_LOG" \ + ; show_status $? || exit $? + + HASH=`${OPENSSL} crl -out /dev/null -in "${FILE}" -hash 2>> "$OPENSSH_LOG"` || exit $? + + NAME=`getNextFreeName "${HASH}.r"` || exit $? + + ln -s "${FILE}" "${NAME}" + #link might never fail :-( + test -h "${NAME}" +) +} + + +# === +cre_crlindir () { + echo "=== create a new CRL ===" >> "$OPENSSH_LOG" + rm -f "${SSH_CACRLDIR}"/* 2>/dev/null + + printf '%s\n' "creating ${extd}CA CRL file${norm} for ..." + for type in ${SSH_SIGN_TYPES}; do + cre_crlfile "${type}" || return $? + done + + return 0 +} + + +# === +cre_CAcrlfile () { +( + crlfile="${SSH_CAROOT}/${CACRLFILE}" + + create_empty_file "${crlfile}" && + for type in ${SSH_SIGN_TYPES}; do + ( ${OPENSSL} crl \ + -in "${SSH_CACRLDIR}/${CAKEY_PREFIX}-${type}.crl.pem" \ + -text \ + 2>> "$OPENSSH_LOG" + echo; echo + ) >> "${crlfile}" || exit $? + done + + exit 0 +) +} + + +# === +cre_all () { + cre_crlindir || return $? + + printf '%s' "creating ${extd}CA CRL ${attn}common${norm} ${extd}file${norm} ..." + cre_CAcrlfile; show_status $? +} + + +# === +cre_all; retval=$? + +show_status $retval "${extd}Creating${norm} ${warn}TEST${norm} ${attn}Certificate Authority${norm} CRL files" diff -ruN openssh-3.8p1/tests/CA/config openssh-3.8p1+x509g3/tests/CA/config --- openssh-3.8p1/tests/CA/config 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/tests/CA/config 2004-02-16 22:23:19.000000000 +0200 @@ -0,0 +1,154 @@ +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# DESCRIPTION: OpenSSH CA configuration. +# + + +# === main variables: +# on some system (with pam?, AIX?, when port is below 1024, etc.) we +# might use sudo command to start sshd when current user isn`t root or +# to run tests as root. +# Prefered user for tests is NOT root :-) ! +SUDO= +#SUDO=sudo + + +#Old BSD shells, including the Ultrix `sh', don't accept the colon +#for any shell substitution, and complain and die. +##TMPDIR="${TMPDIR:-/tmp}" + +if test -n "$TMPDIR"; then + if test ! -d "$TMPDIR"; then + echo "error: $TMPDIR is not directory" + exit 1 + fi + if test ! -w "$TMPDIR"; then + echo "error: $TMPDIR is not writable" + exit 1 + fi +else + for D in /tmp /var/tmp /usr/tmp; do + test -d $D || continue + test -w $D || continue + TMPDIR=$D + break + done + if test -z "$TMPDIR"; then + echo "error: cannot set TMPDIR" + exit 1 + fi +fi + + +if test -z "${SSH_X509TESTS}"; then +SSH_X509TESTS="\ + blob_auth + dn_auth_file + dn_auth_path + agent + crl +" +fi + + +# === openssl: + +if test -z "${OPENSSL}"; then + OPENSSL=`which openssl 2>/dev/null` + if test -z "${OPENSSL}"; then + echo "error:cannot find openssl is your path !" >&2 + exit 1 + fi +fi + +printf 'OpenSSL executable version: ' +"${OPENSSL}" version || exit $? + +# These are the known patent issues with OpenSSL: +# name # expires +# mdc2: 4,908,861 13/03/2007 +# idea: 5,214,703 25/05/2010 +# rc5: 5,724,428 03/03/2015 + +if test -z "${RSA_DIGEST_LIST}"; then + for DIGEST in md5 sha1 md2 md4 rmd160; do + if "${OPENSSL}" dgst -${DIGEST} "${OPENSSL}" >/dev/null 2>&1; then + RSA_DIGEST_LIST="${RSA_DIGEST_LIST} ${DIGEST}" + fi + done +fi +if test -z "${RSA_DIGEST_LIST}"; then + echo "RSA_DIGEST_LIST is empty" >&2 + exit 1 +fi +echo "RSA digest list: ${RSA_DIGEST_LIST}" + + +SSH_SIGN_TYPES="" +for DIGEST in ${RSA_DIGEST_LIST}; do + SSH_SIGN_TYPES="${SSH_SIGN_TYPES} rsa_${DIGEST}" +done + SSH_SIGN_TYPES="${SSH_SIGN_TYPES} dsa" + + +# === server section: + +if test -z "${SSHD_PORT}"; then + SSHD_PORT=20022 +fi + +SSHD_LISTENADDRESS=127.0.0.1 +#SSHD_LISTENADDRESS=::1 + +#"yes" or "no" +SSHSERVER_USEPRIVILEGESEPARATION="yes" + +SSHSERVER_SYSLOGFACILITY=AUTH +SSHSERVER_LOGLEVEL=INFO +#SSHSERVER_SYSLOGFACILITY=LOCAL3 +#SSHSERVER_LOGLEVEL=DEBUG3 + + +# === certificates: + +KEY_PASS="change_it" +CAKEY_PREFIX="catest" + +SSH_CAROOT="`pwd`/ca-test" +SSH_CAKEYDIR="${SSH_CAROOT}/keys" + +CACERTFILE="catest-bundle.crt" +CACRLFILE="catest-bundle.crl" + +SSH_CACERTDIR="${SSH_CAROOT}/crt" +SSH_CACRLDIR="${SSH_CAROOT}/crl" + +CACONFIG="catest.config" +SSH_CACFGFILE="${SSH_CAROOT}/${CACONFIG}" + +SSH_CACERTDAYS=60 + +SSH_DN_C="XX" +SSH_DN_ST="World" +SSH_DN_L="Somewhere" +SSH_DN_O="OpenSSH Test Team" +SSH_DN_OU="OpenSSH Testers" +SSH_DN_EM="email@not.set" diff -ruN openssh-3.8p1/tests/CA/functions openssh-3.8p1+x509g3/tests/CA/functions --- openssh-3.8p1/tests/CA/functions 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/tests/CA/functions 2004-02-17 21:23:33.000000000 +0200 @@ -0,0 +1,264 @@ +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# DESCRIPTION: Usefull functions. +# + + +# === +# +# define colors and more for echo commands +# +# \033 ascii ESCape +# \033[G move to column (linux console, xterm, not vt100) +# \033[C move columns forward but only upto last column +# \033[D move columns backward but only upto first column +# \033[A move rows up +# \033[B move rows down +# \033[1m switch bold on +# \033[31m switch red on +# \033[32m switch green on +# \033[33m switch yellow on +# \033[m switch color/bold off +# \017 exit alternate mode (xterm, vt100, linux console) +# \033[10m exit alternate mode (linux console) +# \015 carriage return (without newline) +# + +if test -z "${LINES}" -o -z "${COLUMNS}" ; then + eval `stty size 2>/dev/null | (read L C; \ + if test x${L} = x; then L=24; fi; \ + if test x${C} = x; then C=80; fi; \ + echo LINES=${L} COLUMNS=${C} )` +fi +test ${LINES} -eq 0 && LINES=24 +test ${COLUMNS} -eq 0 && COLUMNS=80 +export LINES COLUMNS + +if test "${TERM}" != "dumb" ; then + esc=`printf '\033'` + extd="${esc}[1m" + warn="${esc}[1;31m" + done="${esc}[1;32m" + attn="${esc}[1;34m" + norm=`printf '%s\017' "${esc}[m"` + stat=`printf '\015%s' "${esc}[${COLUMNS}C${esc}[10D"` + + msg_done="${stat}${done}done${norm}" + msg_failed="${stat}${warn}failed${norm}" + +else + esc="" + extd="" + warn="" + done="" + attn="" + norm="" + stat="" + + msg_done="..done" + msg_failed="..failed" + +fi + + +# === +error_file_not_found () { + echo "${warn}file ${attn}${1}${warn} not found${norm}" + return 1 +} + + +# === +error_file_not_readable () { + echo "${warn}file ${attn}${1}${warn} not found or not readable${norm}" + return 1 +} + + +# === +error_dir_not_found () { + echo "${warn}directory ${attn}${1}${warn} not found${norm}" + return 1 +} + + +# === +printSeparator() { + echo "=======================================================================" +} + + +# === +show_status () { + if ! test -z "$2"; then + printf '%s' "$2" + fi + if test $1 -eq 0; then + echo "$msg_done" + else + echo "$msg_failed" + fi + return $1 +} + + +# === +getNextFreeName() { + var="$1" + limit="$2" + + if test -z "${limit}"; then + limit=10 + fi + + count=0 + while true; do + test ! -f "${var}${count}" && break + count=`expr ${count} + 1` + if test ${count} -ge ${limit}; then + echo "getNextFreeName: ${warn}limit reached${norm} for file ${attn}${var}${norm}" >&2 + + echo "" + return 33 + fi + done + + echo "${var}${count}" + return 0 +} + + +# === +getNextDirName() { + var="$1" + count=0 + while true; do + test ! -d "${var}.${count}" && break + count=`expr ${count} + 1` + done + if test ${count} -ge 10; then + echo "${warn}please remove ${attn}${var}${warn} backup directories !${norm}" >&2 + return 33 + fi + echo $count + return 0 +} + + +# === +create_empty_file () { + cat /dev/null > "$1" +} + + +# === +update_file () { + var_new="$1" + var_old="$2" + + if test ! -f "${var_old}"; then + printf '%s' "creating file ${attn}${var_old}${norm}" + mv "${var_new}" "${var_old}"; show_status $? + return $? + fi + test -r "${var_new}" || { error_file_not_readable "${var_new}"; return 1; } + + if diff "${var_old}" "${var_new}" >/dev/null 2>&1; then + echo "no changes in ${attn}${var_old}${norm}" + rm -f "${var_new}" + return 0 + fi + + backup=`getNextFreeName "${var_old}."` || return $? + printf '%s' "saving old file as ${attn}${backup}${norm}" + cp -p "${var_old}" "${backup}"; show_status $? || return $? + + printf '%s' "updating file ${attn}${var_old}${norm}" + if test ! -w "${var_old}"; then + chmod u+w "${var_old}" + not_writable="yes" + fi + cat "${var_new}" > "${var_old}"; show_status $? || return $? + if test "$not_writable" = "yes"; then + chmod u-w "${var_old}" + fi + rm -f "${var_new}" + return 0 +} + + +# === +getSSHkeyType () { + identity_file="$1" + if test ! -r "$identity_file"; then + error_file_not_readable "${identity_file}" >&2; return $? + fi + + sshkeytype="unspec" + retval=0 + + sshkeytype=`"${TEST_SSH_SSHKEYGEN}" -f "${identity_file}" -y 2>/dev/null`; retval=$? + if test $retval -ne 0 ; then + echo "${warn}command${norm} ${TEST_SSH_SSHKEYGEN} ${warn}fail${norm}" >&2 + return $retval + fi + echo "${sshkeytype}" | cut -d ' ' -f 1 + return 0 +} + + +# === +getSubject () { + identity_file="$1" +#rest of arguments passed to openssl + + if test ! -r "$identity_file"; then + error_file_not_readable "${identity_file}" >&2 + return 1 + fi + shift + + retval=0 + +#bash bug or ?: when commands are on only one line retval is always zero :-/ !!! +#unix sh don't like local :-) +# local subject=`"${OPENSSL}" x509 -noout -subject -in "${identity_file}" $*`; retval=$? + subject=`"${OPENSSL}" x509 -noout -subject -in "${identity_file}" $* 2>/dev/null`; retval=$? + if test $retval -ne 0 ; then + echo "${warn}cannot get certificate subject${norm}" >&2 + return $retval + fi + echo "$subject" | cut -d ' ' -f 2- +} + + +#=== +creX509AuthorizedKeysFile () { + identity_file="$1" + + sshkeytype=`getSSHkeyType "${identity_file}"` || return $? + subject=`getSubject "${identity_file}"` || return $? + echo "${sshkeytype} subject ${subject}" > "${AUTHORIZEDKEYSFILE}" +} + + +# === +FUNCTIONS_INCLUDED="yes" diff -ruN openssh-3.8p1/tests/CA/Makefile.in openssh-3.8p1+x509g3/tests/CA/Makefile.in --- openssh-3.8p1/tests/CA/Makefile.in 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/tests/CA/Makefile.in 2004-02-21 22:11:12.000000000 +0200 @@ -0,0 +1,91 @@ +srcdir=@srcdir@ + + +all: + + +clean: + rm -f testhostkey_* + rm -f testid_* + rm -fr ca-test/ + rm -f openssh_ca-?.log* + rm -f openssh_ca-3.*.log* + rm -f sshd_x509.log + +distclean: clean + rm -f Makefile + +# === + +check-certs: ca_files hostkeys identities crl_files + @echo + $(SHELL) $(srcdir)/openssh_tests.sh + +# === +ca_files: ca-test/catest.config ca-test/catest-bundle.crt + +#user is responsible to recreate X.509 tests files !!! +#ca-test/catest.config: $(srcdir)/config +ca-test/catest.config: + @echo + $(SHELL) $(srcdir)/1-cre_cadb.sh + +ca-test/catest-bundle.crt: ca-test/catest.config + @echo + $(SHELL) $(srcdir)/2-cre_cakeys.sh + + +# === +hostkeys: testhostkey_rsa testhostkey_rsa-rsa_md5 testhostkey_dsa testhostkey_dsa-rsa_md5 + +testhostkey_rsa: + @echo + @echo "generating RSA 'hostkey'" + $(TEST_SSH_SSHKEYGEN) -t rsa -b 1024 -f $@ -N "" + +testhostkey_rsa-rsa_md5: testhostkey_rsa ca-test/catest-bundle.crt + @echo + @echo "generating RSA server certificates, keys, etc." + $(SHELL) $(srcdir)/3-cre_certs.sh -f testhostkey_rsa -t server -n "localhost RSA" + +testhostkey_dsa: + @echo + @echo "generating DSA 'hostkey'" + $(TEST_SSH_SSHKEYGEN) -t dsa -b 1024 -f $@ -N "" + +testhostkey_dsa-rsa_md5: testhostkey_dsa ca-test/catest-bundle.crt + @echo + @echo "generating DSA server certificates, keys, etc." + $(SHELL) $(srcdir)/3-cre_certs.sh -f testhostkey_dsa -t server -n "localhost DSA" + + +# === +identities: testid_rsa testid_rsa-rsa_md5 testid_dsa testid_dsa-rsa_md5 + +testid_rsa: + @echo + @echo "generating RSA 'Identity'" + $(TEST_SSH_SSHKEYGEN) -t rsa -b 1024 -f $@ -N "" + +testid_rsa-rsa_md5: testid_rsa ca-test/catest-bundle.crt + @echo + @echo "generating RSA client certificates, keys, etc." + $(SHELL) $(srcdir)/3-cre_certs.sh -f testid_rsa -t client -n "OpenSSH RSA test certificate" + +testid_dsa: + @echo + @echo "generating DSA 'Identity'" + $(TEST_SSH_SSHKEYGEN) -t dsa -b 1024 -f $@ -N "" + +testid_dsa-rsa_md5: testid_dsa ca-test/catest-bundle.crt + @echo + @echo "generating DSA client certificates, keys, etc." + $(SHELL) $(srcdir)/3-cre_certs.sh -f testid_dsa -t client -n "OpenSSH DSA test certificate" + + +# === +crl_files: ca-test/catest-bundle.crl + +ca-test/catest-bundle.crl: testid_rsa-rsa_md5 testid_dsa-rsa_md5 + @echo + $(SHELL) $(srcdir)/4-cre_crls.sh diff -ruN openssh-3.8p1/tests/CA/openssh_tests.sh openssh-3.8p1+x509g3/tests/CA/openssh_tests.sh --- openssh-3.8p1/tests/CA/openssh_tests.sh 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/tests/CA/openssh_tests.sh 2004-02-21 22:05:17.000000000 +0200 @@ -0,0 +1,329 @@ +#!/bin/sh +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# DESCRIPTION: Test OpenSSH client and server with x509 certificates. +# + + +CWD=`pwd` +SCRIPTDIR=`echo $0 | sed 's/openssh_tests.sh//'` +. "${SCRIPTDIR}shell.rc" +. "${SCRIPTDIR}functions" +. "${SCRIPTDIR}config" + +test "x$TEST_SSH_SSH" = "x" && { echo "${warn}Please define ${attn}TEST_SSH_SSH${norm}" ; exit 1; } +test "x$TEST_SSH_SSHD" = "x" && { echo "${warn}Please define ${attn}TEST_SSH_SSHD${norm}" ; exit 1; } +test "x$TEST_SSH_SSHAGENT" = "x" && { echo "${warn}Please define ${attn}TEST_SSH_SSHAGENT${norm}" ; exit 1; } +test "x$TEST_SSH_SSHADD" = "x" && { echo "${warn}Please define ${attn}TEST_SSH_SSHADD${norm}" ; exit 1; } +#TEST_SSH_SSHKEYSCAN +#TEST_SSH_SFTP +#TEST_SSH_SFTPSERVER + + +SSHD_LOG="${CWD}/sshd_x509.log" +SSHD_PID="${CWD}/.sshd_x509.pid" +SSHD_CFG="${CWD}/sshd_config-certTests" +SSH_CFG="${CWD}/ssh_config-certTests" + +SSH_ERRLOG="${CWD}/.ssh_x509.err.log" +SSH_REPLY="${CWD}/.ssh_x509.reply" +SSH_EXTRA_OPTIONS="" + + +TEST_SSH_CLIENTKEYS="\ + testid_rsa + testid_dsa +" + +#TEST_SSHD_HOSTKEY="${CWD}/testhostkey_rsa-rsa_md5" +TEST_SSHD_HOSTKEY="${CWD}/testhostkey_rsa" + + +USERDIR="${HOME}/.ssh" +if test ! -d "${USERDIR}"; then + mkdir "${USERDIR}" || exit 1 + chmod 700 "${USERDIR}" || exit 1 +fi + +AUTHORIZEDKEYSFILE="${USERDIR}/authorized_keys-certTests" +USERKNOWNHOSTSFILE="${USERDIR}/known_hosts-certTests" + + +# === +# remove unsupported tests + +cat > "$SSHD_CFG" < "${SSHD_LOG}" 2>&1 +if grep 'Unsupported.*CACertificateFile' "${SSHD_LOG}" > /dev/null; then + SSH_X509STORE_DISABLED="yes" +else + SSH_X509STORE_DISABLED="no" +fi + +echo SSH_X509STORE_DISABLED=${SSH_X509STORE_DISABLED} +if test "x${SSH_X509STORE_DISABLED}" = "xyes"; then + SSH_X509TESTS=`echo "${SSH_X509TESTS}" | \ + sed \ + -e 's|dn_auth_file||g' \ + -e 's|dn_auth_path||g' \ + -e 's|crl||g'` +fi +echo SSH_X509TESTS=$SSH_X509TESTS + + +# === +runSSHdaemon() { + echo "=======================================================================" >> "${SSHD_LOG}" + + if test -f "${SSHD_PID}"; then + echo "${warn}sshd pid file exist!${norm}" >&2 + fi + + #NOTES: + #- without -d option sshd run in daemon mode and this command always return 0 !!! + #- bug or ?: with option -e no log to stderr in daemon mode + $SUDO "$TEST_SSH_SSHD" -f "${SSHD_CFG}" \ + -o PidFile="${SSHD_PID}" \ + -o SyslogFacility="${SSHSERVER_SYSLOGFACILITY}" \ + -o LogLevel="${SSHSERVER_LOGLEVEL}" \ + >> "${SSHD_LOG}" 2>&1 + + sleep 3 + if test ! -f "${SSHD_PID}"; then + printf "${warn}cannot start sshd:${norm} " >&2 + error_file_not_readable "${SSHD_PID}" + return 33 + fi +} + + +# === +killSSHdaemon() { +( + $SUDO kill `cat "${SSHD_PID}" 2>/dev/null` > /dev/null 2>&1 + K=0 + while test $K -le 9; do + if test ! -f "${SSHD_PID}"; then + break + fi + sleep 1 + K=`expr $K + 1` + done + rm -f "${SSHD_CFG}" + if test -f "${SSHD_PID}"; then + $SUDO kill -9 `cat "${SSHD_PID}" 2>/dev/null` > /dev/null 2>&1 + sleep 1 + $SUDO rm -f "${SSHD_PID}" > /dev/null 2>&1 + fi + exit 0 +) +} + + +# === +testEND() { + ( echo + echo "*=- The END -=*" + ) >> "${SSHD_LOG}" + + rm -f "${SSH_ERRLOG}" + rm -f "${SSH_REPLY}" + rm -f "${AUTHORIZEDKEYSFILE}" + rm -f "${USERKNOWNHOSTSFILE}" + rm -f "${SSH_CFG}" +} + +testBREAK() { + ( echo + echo "*=- BREAK -=*" + ) >> "${SSHD_LOG}" + killSSHdaemon +} + +trap testBREAK INT QUIT ABRT KILL TERM || exit 1 +trap testEND EXIT || exit 1 + + +# === +creTestSSHDcfgFile() { + cat > "${SSHD_CFG}" < "${SSH_CFG}" < "${SSH_ERRLOG}" > "${SSH_REPLY}"; retval=$? + + if test "x$must_fail" = "x1"; then + if test $retval -ne 0; then + retval=0 + else + retval=1 + fi + fi + + show_status $retval + if test $retval -ne 0; then + printf '%s' "${warn}" + cat "${SSH_ERRLOG}"; printf '%s' "${norm}" + else + if test "x$must_fail" = "x1"; then + if ! fgrep 'Permission denied (publickey)' "${SSH_ERRLOG}" > /dev/null; then + retval=33 + printf '%s' "${warn}" + else + printf '%s' "${done}" + fi + cat "${SSH_ERRLOG}"; printf '%s' "${norm}" + else + if ! fgrep "$msg" "${SSH_REPLY}" > /dev/null; then + retval=33 + printf '%s' "${warn}" + cat "${SSH_REPLY}"; printf '%s' "${norm}" + fi + fi + fi + + exit $retval +) +} + + +# === +do_all () { + printf '%s' "" > "${AUTHORIZEDKEYSFILE}" + chmod 644 "${AUTHORIZEDKEYSFILE}" || return $? + + printf '%s' "" > "${SSHD_LOG}" + if test ! -f "${TEST_SSHD_HOSTKEY}"; then + "$TEST_SSH_SSHKEYGEN" -t rsa -f "${TEST_SSHD_HOSTKEY}" -N "" + fi + if test ! -f "${TEST_SSHD_HOSTKEY}.pub"; then + echo "${warn}Public host file ${attn}${TEST_SSHD_HOSTKEY}.pub${warn} not found !${norm}" + return 3 + fi + ( printf '%s' "${SSHD_LISTENADDRESS} " + cat "${TEST_SSHD_HOSTKEY}.pub" + ) > "${USERKNOWNHOSTSFILE}" + chmod 644 "${USERKNOWNHOSTSFILE}" || return $? + + # call the test scripts + for LTEST in ${SSH_X509TESTS}; do + ( + echo + echo "using: ${attn}${SCRIPTDIR}test-${LTEST}.sh.inc${norm}" + . ${SCRIPTDIR}test-${LTEST}.sh.inc && + do_test + ) || return $? + done + + printSeparator + return 0 +} + + +# === +echo +printSeparator +echo "${extd}Testing OpenSSH client and server with certificates:${norm}" +printSeparator + +do_all; retval=$? + +echo +printSeparator +echo "${extd}Testing OpenSSH client and server with certificates finished.${norm}" +show_status $retval " ${extd}status${norm}:" +printSeparator +echo + +exit $retval diff -ruN openssh-3.8p1/tests/CA/shell.rc openssh-3.8p1+x509g3/tests/CA/shell.rc --- openssh-3.8p1/tests/CA/shell.rc 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/tests/CA/shell.rc 2004-02-14 22:16:21.000000000 +0200 @@ -0,0 +1,55 @@ +# Copyright (c) 2003-2004 Roumen Petrov, Sofia, Bulgaria +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# DESCRIPTION: Shell settings. +# + + +# === zsh: +if test -n "$ZSH_NAME"; then + unsetopt NOMATCH + # NOMATCH (+3) + # If a pattern for filename generation has no matches, print an + # error, instead of leaving it unchanged in the argument list. This + # also applies to file expansion of an initial `~' or `='. + # Check results from sample script: + # #!/bin/zsh + # for F in *notfound; do + # echo F=$F + # done + + setopt SH_WORD_SPLIT + # SH_WORD_SPLIT (-y) + # Causes field splitting to be performed on unquoted parameter + # expansions. Note that this option has nothing to do with word + # splitting. + # Check results from sample script: + # #!/bin/zsh + # VAR=" + # v1 + # v2 + # " + # for V in ${VAR}; do + # echo V=$V + # done +fi + + +# === diff -ruN openssh-3.8p1/tests/CA/test-agent.sh.inc openssh-3.8p1+x509g3/tests/CA/test-agent.sh.inc --- openssh-3.8p1/tests/CA/test-agent.sh.inc 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/tests/CA/test-agent.sh.inc 2004-02-16 21:21:41.000000000 +0200 @@ -0,0 +1,155 @@ +# +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# DESCRIPTION: Test OpenSSH client authentication: +# - add a key to agent; +# - list agent keys; +# - try to connect with key from agent; +# - remove the key from agent. +# + + +# === +#env. vars: +# SSH_CLIENTKEY +# type +testAgent () { + identity_file="${SSH_CLIENTKEY}-${type}" + if test ! -r "${identity_file}"; then + error_file_not_readable "${identity_file}"; return $? + fi + + ( + if test "x${SSH_X509STORE_DISABLED}" = "xyes"; then + cat "${identity_file}.pub" + else + sshkeytype=`getSSHkeyType "${identity_file}"` || exit $? + subject=`getSubject "${identity_file}"` || exit $? + + echo "${sshkeytype} Subject: ${subject}" + fi + ) > "${AUTHORIZEDKEYSFILE}" || return $? + +( +killAgent () { + "${TEST_SSH_SSHAGENT}" -k > /dev/null + sleep 1 + exit $1 +} + +checkEmptyListResponse () { + case $1 in + 1) return 0;; + 0) killAgent 99;; + *) killAgent $1;; + esac + return 33 +} + +showAgentMsg() { + show_status $1 "$2" + if test $1 -ne 0; then + printf '%s' "${warn}" + cat "${SSH_ERRLOG}" + printf '%s' "${norm}" + if test $1 -ne 2; then + killAgent $1 + fi + exit $1 + fi + + if test "x$3" != "x"; then + printf '%s' "${done}" + cat "$3" + printf '%s' "${norm}" + fi + return 0 +} + + eval `"${TEST_SSH_SSHAGENT}"` > /dev/null + + "${TEST_SSH_SSHADD}" -L >/dev/null; checkEmptyListResponse $? + + "${TEST_SSH_SSHADD}" "${identity_file}" 2> "${SSH_ERRLOG}" > "${SSH_REPLY}"; \ + showAgentMsg $? " add identity ${extd}${SSH_CLIENTKEY}-${attn}${type}${norm} to agent ..." + + "${TEST_SSH_SSHADD}" -L 2> "${SSH_ERRLOG}" > "${SSH_REPLY}"; \ + retval=$? + if test $retval -ne 0; then + showAgentMsg ${retval} + else + printf " ${done}-${norm} " + if test "x${SSH_X509STORE_DISABLED}" = "xyes"; then + printf '%s.......\n' "`cut -c -60 \"${SSH_REPLY}\"`" + else + cat "${SSH_REPLY}" + fi + fi + + runTest "${type}" \ + "use-only-key-from-agent" \ + "key from agent ..." || + killAgent $? + + "${TEST_SSH_SSHADD}" -d "${identity_file}".pub \ + 2> "${SSH_ERRLOG}" > "${SSH_REPLY}"; \ + showAgentMsg $? " remove identity ${extd}${SSH_CLIENTKEY}-${attn}${type}${norm} from agent ..." + + "${TEST_SSH_SSHADD}" -L > /dev/null; checkEmptyListResponse $? + + killAgent 0 +) +} + + +# === + +do_test () { + retval=0 + if test "x${SSH_X509STORE_DISABLED}" = "xyes"; then + echo "* ${extd}with x509 identity from ${attn}agent${norm}:" + else + echo "* ${extd}against ${attn}CACertificateFile${norm} and x509 identity from ${attn}agent${norm}:" + fi + + creTestSSHDcfgFile + cat >> "$SSHD_CFG" </dev/null > "${AUTHORIZEDKEYSFILE}" || return $? + runTest "${type}" "${identity_file}"\ + "${extd}valid${norm} blob" || return $? + + blob=`cat "${AUTHORIZEDKEYSFILE}"` + echo $blob | cut -c 1-50 > "${AUTHORIZEDKEYSFILE}" + runTest "${type}" "${identity_file}"\ + "${warn}invalid${norm} blob" "Yes" || return $? +} + + +# === + +do_test () { + retval=0 + if test "x${SSH_X509STORE_DISABLED}" = "xyes"; then + echo "* ${extd}with autorization by x509 ${attn}blob${norm}:" + else + echo "* ${extd}against ${attn}CACertificateFile${norm} and autorization by x509 ${attn}blob${norm}:" + fi + + creTestSSHDcfgFile + cat >> "$SSHD_CFG" <> "$SSHD_CFG" <> "$SSHD_CFG" <> "$SSHD_CFG" < /dev/null + FILE="${SSH_CACRLDIR}/${CAKEY_PREFIX}-${crltype}.crl.pem" + HASH=`${OPENSSL} crl -out /dev/null -in "${FILE}" -hash`; retval=$? + if test $retval -eq 0; then + hashfile="${CRL_TEST_DIR}/${HASH}.r0" + ln -s "${FILE}" "${hashfile}" + #link might never fail :-( + test -h "${hashfile}"; retval=$? + fi + #printf "${norm}" + show_status $retval || return $? + + ( + for type in ${SSH_SIGN_TYPES}; do + for SSH_CLIENTKEY in ${TEST_SSH_CLIENTKEYS}; do + identity_file="${SSH_CLIENTKEY}-${type}-revoked" + + creX509AuthorizedKeysFile "${identity_file}" || exit $? + + if test "${type}" = "${crltype}"; then + runTest "${SSH_CLIENTKEY}-${warn}${type}-revoked${norm}" \ + "${identity_file}" "" "Yes" + else + runTest "${identity_file}" \ + "${identity_file}" "" "" + fi || exit $? + done + done + exit 0 + ); retval=$? + + if test $retval -eq 0; then + rm -f "${hashfile}"; retval=$? + else + rm -f "${hashfile}" + fi + return $retval +} + + +#=== +test_onlyonecrl () { + retval=0 + CRL_TEST_DIR="${SSH_CAROOT}/crl-test" + + printSeparator + echo "Check ${extd}revoked${norm} with only ${attn}one CRL${norm} file in ${attn}CARevocationPath${norm} ..." + + mkdir -p "${CRL_TEST_DIR}" || return $? + + creTestSSHDcfgFile + cat >> "$SSHD_CFG" < /dev/null + if test $retval -eq 0; then + rmdir "${CRL_TEST_DIR}"; retval=$? + else + rmdir "${CRL_TEST_DIR}" + fi + return $retval +} + + +#=== + +do_test () { + echo "* ${extd}against ${attn}CA CRL${norm} file and/or hash-dir:" + + test_nocrl && + test_crlfile && + test_crldir && + test_onlyonecrl +} diff -ruN openssh-3.8p1/tests/CA/test-dn_auth_file.sh.inc openssh-3.8p1+x509g3/tests/CA/test-dn_auth_file.sh.inc --- openssh-3.8p1/tests/CA/test-dn_auth_file.sh.inc 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/tests/CA/test-dn_auth_file.sh.inc 2004-02-22 16:03:08.000000000 +0200 @@ -0,0 +1,116 @@ +# +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# DESCRIPTION: Test OpenSSH client authentication: +# - "IdentityFile" contain private key and x509 certificate; +# - "AuthorizedKeysFile" contain certificate "Distinguished Name"/ +# "Subject" in varios formats. +# + + +# === +#env. vars: +# SSH_CLIENTKEY +# type +testDNautorizations1 () { + identity_file="${SSH_CLIENTKEY}-${type}" + if test ! -r "$identity_file"; then + error_file_not_readable "${identity_file}"; return $? + fi + + sshkeytype=`getSSHkeyType "${identity_file}"` || return $? + subject=`getSubject "${identity_file}"` || return $? + + for subtype in \ + "Subject:" \ + "SuBjecT=" \ + "sUbjecT" \ + "diStinguished name:" \ + "distiNguished-nAme:" \ + "distinguiShed_naMe:" \ + "disTinguishednamE:" \ + "dN:" \ + ; do + echo "${sshkeytype} ${subtype} ${subject}" > "${AUTHORIZEDKEYSFILE}" + runTest "${type} ${subtype}" "${identity_file}" "" || return $? + done + + subtype="subject" + subject=`getSubject "${identity_file}" -nameopt RFC2253` || return $? + echo "${sshkeytype} ${subtype} ${subject}" > "${AUTHORIZEDKEYSFILE}" + runTest "${type} ${subtype} in ${attn}RFC2253${norm} format" "${identity_file}" "" || return $? + + echo "${sshkeytype} ${subtype} ${subject}" | sed -e 's/,/\//'> "${AUTHORIZEDKEYSFILE}" + runTest "${type} ${subtype} and mixed item-separator symbol" "${identity_file}" "" || return $? + + for subtype in \ + "Invalid" \ + "Subject-" \ + ; do + echo "${sshkeytype} ${subtype} ${subject}" > "${AUTHORIZEDKEYSFILE}" + runTest "${type} ${warn}${subtype}${norm}" "${identity_file}" \ + "autorization type" "Yes" || return $? + done + + subtype="Subject" + printf "${sshkeytype} ${subtype}," > "${AUTHORIZEDKEYSFILE}" + runTest "${type} ${warn}empty${norm} ${subtype}" "${identity_file}" \ + "" "Yes" || return $? + + subtype="Subject" + ( printf "${sshkeytype} ${subtype}" + echo "${subject}" | cut -c -40 + ) > "${AUTHORIZEDKEYSFILE}" + runTest "${type} ${warn}invalid${norm} ${subtype}" "${identity_file}" \ + "" "Yes" || return $? + + return 0 +} + + +# === + +do_test () { + echo "* ${extd}against ${attn}CACertificateFile${norm} and autorization by x509 ${attn}'Distinguished Name'${norm}:" + + creTestSSHDcfgFile + cat >> "$SSHD_CFG" <> "$SSHD_CFG" </dev/null + + for catype in ${SSH_SIGN_TYPES}; do + F="${SSH_CACERTDIR}/${CAKEY_PREFIX}-${catype}.crt.pem" + HASH=`$OPENSSL x509 -in "${F}" -noout -hash` + ( cd "${CRT_TEST_DIR}" || exit $? + ln -s "${F}" "$HASH.0" + #link might never fail :-( + test -h "$HASH.0" + ) && + do_test_catype; retval=$? + rm -f "${CRT_TEST_DIR}/$HASH.0" + if test $retval -ne 0; then + break + fi + done + + rmdir "${CRT_TEST_DIR}" + if test $retval -ne 0; then + exit $retval + fi + done + + exit 0 + ); retval=$? + killSSHdaemon + return $retval +} diff -ruN openssh-3.8p1/tests/CA/verify.sh openssh-3.8p1+x509g3/tests/CA/verify.sh --- openssh-3.8p1/tests/CA/verify.sh 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/tests/CA/verify.sh 2004-02-15 00:34:42.000000000 +0200 @@ -0,0 +1,43 @@ +#!/bin/sh +# Copyright (c) 2002-2004 Roumen Petrov, Sofia, Bulgaria +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# DESCRIPTION: Verify all testid_*.crt testhostkey_*.crt files in current +# directory agains openssh "Test CA". +# + +CWD=`pwd` +SCRIPTDIR=`echo $0 | sed 's/verify.sh//'` +. "${SCRIPTDIR}functions" +. "${SCRIPTDIR}config" + + +for VERIFY in \ + "${OPENSSL} verify -CAfile ${SSH_CAROOT}/${CACERTFILE}" \ + "${OPENSSL} verify -CApath ${SSH_CACERTDIR}" \ +; do + echo ${attn}${VERIFY} ....${norm} + for F in \ + testid_*.crt \ + testhostkey_*.crt \ + ; do + ${VERIFY} "$F" || exit 1 + done +done diff -ruN openssh-3.8p1/x509store.c openssh-3.8p1+x509g3/x509store.c --- openssh-3.8p1/x509store.c 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/x509store.c 2004-02-21 22:06:27.000000000 +0200 @@ -0,0 +1,647 @@ +/* + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "x509store.h" +#include "openssl/x509v3.h" +#include "log.h" + +#ifndef SSH_X509STORE_DISABLED +#include "xmalloc.h" +#include "openssl/err.h" +#endif /*ndef SSH_X509STORE_DISABLED*/ + +/* allowed client/server certificate purpose */ +typedef struct { + int is_server; + int index; +} SSHallowedX509purpose; + +static SSHallowedX509purpose sshpurpose = { + 0, -1 +}; + + +#ifndef SSH_X509STORE_DISABLED +static X509_STORE *x509store = NULL; +#define SSH_CHECK_REVOKED + + +#ifdef SSH_CHECK_REVOKED +static X509_STORE *x509revoked = NULL; +static int ssh_x509revoked_cb(int ok, X509_STORE_CTX *ctx); + + +static char * +ssh_ASN1_INTEGER_2_string(ASN1_INTEGER *_asni) { + BIO *bio; + int k; + char *p; + + if (_asni == NULL) { + error("ssh_ASN1_INTEGER_2_string: _asni is NULL"); + return(NULL); + } + + bio = BIO_new(BIO_s_mem()); + if (bio == NULL) { + fatal("ssh_ASN1_INTEGER_2_string: out of memory"); + return(NULL); /* ;-) */ + } + + i2a_ASN1_INTEGER(bio, _asni); + k = BIO_pending(bio); + p = xmalloc(k + 1); /*fatal on error*/ + k = BIO_read(bio, p, k); + p[k] = '\0'; + BIO_free_all(bio); + + return(p); +} +#endif /*def SSH_CHECK_REVOKED*/ + + +int +ssh_x509store_lookup(X509_STORE *store, int type, X509_NAME *name, X509_OBJECT *xobj) { + X509_STORE_CTX ctx; + int ret; + + X509_STORE_CTX_init(&ctx, store, NULL, NULL); + ret = X509_STORE_get_by_subject(&ctx, type, name, xobj); + X509_STORE_CTX_cleanup(&ctx); + + return(ret); +} + + +static int +ssh_x509store_cb(int ok, X509_STORE_CTX *ctx) { + if (!ok) { + char buf[512]; + X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), buf, sizeof(buf)); + error("ssh_x509store_cb: subject='%.512s', error %d at %d depth lookup:%.200s", + buf, + ctx->error, + ctx->error_depth, + X509_verify_cert_error_string(ctx->error)); + +#if 0 + if (ctx->error == X509_V_ERR_CERT_HAS_EXPIRED) ok=1; + /* since we are just checking the certificates, it is + * ok if they are self signed. But we should still warn + * the user. + */ + if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; + /* Continue after extension errors too */ + if (ctx->error == X509_V_ERR_INVALID_CA) ok=1; + if (ctx->error == X509_V_ERR_PATH_LENGTH_EXCEEDED) ok=1; + if (ctx->error == X509_V_ERR_INVALID_PURPOSE) ok=1; + if (ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT) ok=1; +#endif + } +#ifdef SSH_CHECK_REVOKED + if (ok) { + ok = ssh_x509revoked_cb(ok, ctx); + } +#endif + return(ok); +} +#endif /*ndef SSH_X509STORE_DISABLED*/ + + +typedef struct { + const char **synonyms; +} CertPurposes; + + +static const char *__purpose_any[] = { + "any", "any purpose", "any_purpose", "anypurpose", NULL +}; + + +static const char *__purpose_sslclient[] = { + "sslclient", "ssl client", "ssl_client", "client", NULL +}; + + +static const char *__purpose_sslserver[] = { + "sslserver", "ssl server", "ssl_server", "server", NULL +}; + + +static CertPurposes +sslclient_purposes[] = { + { __purpose_sslclient }, + { __purpose_any }, + { NULL } +}; + + +static CertPurposes +sslserver_purposes [] = { + { __purpose_sslserver }, + { __purpose_any }, + { NULL } +}; + + +static const char* +get_cert_purpose(const char* _purpose_synonym, CertPurposes *_purposes) { + int i; + + for (i = 0; _purposes[i].synonyms; i++) { + const char *q = _purposes[i].synonyms[0]; + if (strcasecmp(_purpose_synonym, q) == 0 ) { + return(q); + } else { + const char **p; + for (p = (_purposes[i].synonyms) + 1; *p; p++) { + if (strcasecmp(_purpose_synonym, *p) == 0 ) { + return(q); + } + } + } + } + return(NULL); +} + + + +int +ssh_get_default_x509purpose(int _is_server) { + return(ssh_get_x509purpose_s(_is_server, + (_is_server ? __purpose_sslclient[0] : __purpose_sslserver[0]))); +} + + +int +ssh_get_x509purpose_s(int _is_server, const char* _purpose_synonym) { + const char * sslpurpose; + + sslpurpose = get_cert_purpose(_purpose_synonym, + (_is_server ? sslclient_purposes : sslserver_purposes)); + if (sslpurpose != NULL) { + int purpose_index = X509_PURPOSE_get_by_sname((char*)sslpurpose); + if (purpose_index < 0) + fatal( "ssh_get_x509purpose_s(%.10s): " + "X509_PURPOSE_get_by_sname fail for argument '%.30s(%.40s)'", + (_is_server ? "server" : "client"), + sslpurpose, _purpose_synonym); + return(purpose_index); + } + return(-1); +} + + +void +ssh_set_x509purpose(int _is_server, int _sshpurpose_index) { + sshpurpose.is_server = _is_server; + sshpurpose.index = _sshpurpose_index; +} + + +#ifndef SSH_X509STORE_DISABLED +static void +ssh_x509store_initcontext(void) { + if (x509store == NULL) { + x509store = X509_STORE_new(); + if (x509store == NULL) { + fatal("cannot create x509store context"); + } + X509_STORE_set_verify_cb_func(x509store, ssh_x509store_cb); + } +#ifdef SSH_CHECK_REVOKED + if (x509revoked == NULL) { + x509revoked = X509_STORE_new(); + if (x509revoked == NULL) { + fatal("cannot create x509revoced context"); + } + } +#endif +} + + +int +ssh_x509store_addlocations(const X509StoreOptions *_locations) { + int flag = 0, flag2 = 0; + + if (_locations == NULL) { + error("ssh_x509store_addlocations: _locations is NULL"); + return(0); + } + if ((_locations->certificate_path == NULL) && + (_locations->certificate_file == NULL)) { + error("ssh_x509store_addlocations: certificate path and file are NULLs"); + return(0); + } +#ifdef SSH_CHECK_REVOKED + if ((_locations->revocation_path == NULL) && + (_locations->revocation_file == NULL)) { + error("ssh_x509store_addlocations: revocation path and file are NULLs"); + return(0); + } +#endif + ssh_x509store_initcontext(); + /* + * Note: + * After X509_LOOKUP_{add_dir|load_file} calls we must call + * ERR_clear_error() otherwise when the first call to + * X509_LOOKUP_XXXX fail the second call fail too ! + */ + if (_locations->certificate_path != NULL) { + X509_LOOKUP *lookup = X509_STORE_add_lookup(x509store, X509_LOOKUP_hash_dir()); + if (lookup == NULL) { + fatal("ssh_x509store_addlocations:cannot add hash dir lookup !"); + return(0); /* ;-) */ + } + if (X509_LOOKUP_add_dir(lookup, _locations->certificate_path, X509_FILETYPE_PEM)) { + debug2( "hash dir '%.400s' added to x509 store", _locations->certificate_path); + flag = 1; + } + ERR_clear_error(); + } + if (_locations->certificate_file != NULL) { + X509_LOOKUP *lookup = X509_STORE_add_lookup(x509store, X509_LOOKUP_file()); + if (lookup == NULL) { + fatal("ssh_x509store_addlocations:cannot add file lookup !"); + return(0); /* ;-) */ + } + if (X509_LOOKUP_load_file(lookup, _locations->certificate_file, X509_FILETYPE_PEM)) { + debug2( "file '%.400s' added to x509 store", _locations->certificate_file); + flag = 1; + } + ERR_clear_error(); + } +#ifdef SSH_CHECK_REVOKED + if (_locations->revocation_path != NULL) { + X509_LOOKUP *lookup = X509_STORE_add_lookup(x509revoked, X509_LOOKUP_hash_dir()); + if (lookup == NULL) { + fatal("ssh_x509store_addlocations:cannot add hash dir revocation lookup !"); + return(0); /* ;-) */ + } + if (X509_LOOKUP_add_dir(lookup, _locations->revocation_path, X509_FILETYPE_PEM)) { + debug2( "hash dir '%.400s' added to x509 revocation store", _locations->revocation_path); + flag2 = 1; + } + ERR_clear_error(); + } + if (_locations->revocation_file != NULL) { + X509_LOOKUP *lookup = X509_STORE_add_lookup(x509revoked, X509_LOOKUP_file()); + if (lookup == NULL) { + fatal("ssh_x509store_addlocations:cannot add file revocation lookup !"); + return(0); /* ;-) */ + } + if (X509_LOOKUP_load_file(lookup, _locations->revocation_file, X509_FILETYPE_PEM)) { + debug2( "file '%.400s' added to x509 revocation store", _locations->revocation_file); + flag2 = 1; + } + ERR_clear_error(); + } +#else + flag2 = 1; +#endif + return(flag && flag2); +} + + +static int +ssh_verify_cert(X509_STORE_CTX *_csc, X509 *_cert) { + X509_STORE_CTX_init(_csc, x509store, _cert, NULL); + + if (sshpurpose.index >= 0) { + int def_purpose = ( sshpurpose.is_server + ? X509_PURPOSE_SSL_CLIENT + : X509_PURPOSE_SSL_SERVER + ); + X509_PURPOSE *xptmp = X509_PURPOSE_get0(sshpurpose.index); + int purpose, flag; + if (xptmp == NULL) { + fatal("ssh_verify_cert: cannot get purpose from index"); + return(-1); /* ;-) */ + } + purpose = X509_PURPOSE_get_id(xptmp); + flag = X509_STORE_CTX_purpose_inherit(_csc, def_purpose, purpose, 0); + if (flag <= 0) { + /* + * By default openssl applications don't check return code from + * X509_STORE_CTX_set_purpose or X509_STORE_CTX_purpose_inherit. + * + * Both methods return 0 (zero) and don't change purpose in context when: + * -X509_STORE_CTX_set_purpose(...) + * purpose is X509_PURPOSE_ANY + * -X509_STORE_CTX_purpose_inherit(...) + * purpose is X509_PURPOSE_ANY and default purpose is zero (!) + * + * Take note when purpose is "any" check method in current + * OpenSSL code just return 1. This openssl behavior is same + * as ssh option "AllowedCertPurpose=skip". + */ + int ecode; + char ebuf[256]; + + ecode = X509_STORE_CTX_get_error(_csc); + error("ssh_verify_cert: context purpose error, code=%d, msg='%.200s'" + , ecode + , X509_verify_cert_error_string(ecode)); + + ecode = ERR_get_error(); + ERR_error_string_n(ecode, ebuf, sizeof(ebuf)); + error("ssh_verify_cert: X509_STORE_CTX_purpose_inherit failed with '%.256s'" + , ebuf); + + /* clear rest of errors in OpenSSL "error buffer" */ + ERR_clear_error(); + return(-1); + } + } + + /* + if (issuer_checks) + X509_STORE_CTX_set_flags(_csc, X509_V_FLAG_CB_ISSUER_CHECK); + */ + + if (X509_verify_cert(_csc) == 0) { + int ecode = X509_STORE_CTX_get_error(_csc); + error("ssh_verify_cert: verify error, code=%d, msg='%.200s'" + , ecode + , X509_verify_cert_error_string(ecode)); + return(-1); + } + + return(1); +} +#endif /*ndef SSH_X509STORE_DISABLED*/ + + +int +ssh_x509cert_check(X509 *_cert) { + int ret = 1; +#ifndef SSH_X509STORE_DISABLED + X509_STORE_CTX *csc; +#else /*def SSH_X509STORE_DISABLED*/ + X509_PURPOSE *xptmp; +#endif /*def SSH_X509STORE_DISABLED*/ + +#ifndef SSH_X509STORE_DISABLED + if (x509store == NULL) { + error("ssh_x509cert_check: context is NULL"); + return(-1); + } + + if (get_log_level() >= SYSLOG_LEVEL_DEBUG3) { + char buf[512]; + X509_NAME_oneline( X509_get_subject_name(_cert), buf, sizeof(buf)); + debug3("ssh_x509cert_check: for '%.512s'", buf); + } + + csc = X509_STORE_CTX_new(); + if (csc == NULL) { + int ecode = ERR_get_error(); + char ebuf[256]; + ERR_error_string_n(ecode, ebuf, sizeof(ebuf)); + error("ssh_x509cert_check:X509_STORE_CTX_new failed with '%.256s'", ebuf); + + /* clear rest of errors in OpenSSL "error buffer" */ + ERR_clear_error(); + return(-1); + } + + ret = ssh_verify_cert(csc, _cert); + X509_STORE_CTX_free(csc); + +#else /*def SSH_X509STORE_DISABLED*/ + if (sshpurpose.index >=0) { + xptmp = X509_PURPOSE_get0(sshpurpose.index); + if (xptmp == NULL) { + fatal("ssh_x509cert_check: cannot get purpose from index"); + return(-1); /* ;-) */ + } + ret = X509_check_purpose(_cert, X509_PURPOSE_get_id(xptmp), 0); + if (ret < 0) { + logit("ssh_x509cert_check: X509_check_purpose return %d", ret); + ret = 0; + } + } +#endif /*def SSH_X509STORE_DISABLED*/ + debug3("ssh_x509cert_check: return %d", ret); + return(ret); +} + + +#ifndef SSH_X509STORE_DISABLED +#ifdef SSH_CHECK_REVOKED +static int +ssh_check_crl(X509_STORE_CTX *_ctx, X509_CRL *_crl) { + X509 *cert = NULL; + time_t *pcheck_time; + int k; + + if (_crl == NULL) { + return(1); + } + + cert = X509_STORE_CTX_get_current_cert(_ctx); + if (cert == NULL) { + error("ssh_check_crl: missing current certificate in x509store context"); + return(0); + } + + if (get_log_level() >= SYSLOG_LEVEL_DEBUG3) { + BIO *bio; + char buf[512]; + char *p; + + bio = BIO_new(BIO_s_mem()); + if (bio == NULL) { + fatal("ssh_check_crl: out of memory"); + return(0); /* ;-) */ + } + + X509_NAME_oneline( X509_CRL_get_issuer(_crl), buf, sizeof(buf)); + + BIO_printf(bio, ", Last Update: "); + ASN1_UTCTIME_print(bio, X509_CRL_get_lastUpdate(_crl)); + + BIO_printf(bio, ", Next Update: "); + ASN1_UTCTIME_print(bio, X509_CRL_get_nextUpdate(_crl)); + + k = BIO_pending(bio); + p = xmalloc(k + 1); /*fatal on error*/ + k = BIO_read(bio, p, k); + p[k] = '\0'; + + debug3("ssh_check_crl: Issuer: %s%s", buf, p); + + xfree(p); + BIO_free(bio); + } + + { + EVP_PKEY *pkey = X509_get_pubkey(cert); + if (pkey == NULL) { + error("ssh_check_crl:unable to devode public key"); + X509_STORE_CTX_set_error(_ctx, X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY); + return(0); + } + + if (X509_CRL_verify(_crl, pkey) <= 0) { + error("ssh_check_crl:CRL has invalid signature"); + X509_STORE_CTX_set_error(_ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE); + return(0); + } + EVP_PKEY_free(pkey); + } + + + if (_ctx->flags & X509_V_FLAG_USE_CHECK_TIME) + pcheck_time = &_ctx->check_time; + else + pcheck_time = NULL; + + k = X509_cmp_time(X509_CRL_get_lastUpdate(_crl), pcheck_time); + if (k == 0) { + X509_STORE_CTX_set_error(_ctx, X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD); + error("ssh_check_crl:CRL has invalid lastUpdate field"); + return(0); + } + if (k > 0) { + X509_STORE_CTX_set_error(_ctx, X509_V_ERR_CRL_NOT_YET_VALID); + error("ssh_check_crl:CRL is not yet valid"); + return(0); + } + + k = X509_cmp_time(X509_CRL_get_nextUpdate(_crl), pcheck_time); + if (k == 0) { + error("ssh_check_crl:CRL has invalid nextUpdate field"); + X509_STORE_CTX_set_error(_ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD); + return(0); + } + if (k < 0) { + error("ssh_check_crl:CRL is expired"); + X509_STORE_CTX_set_error(_ctx, X509_V_ERR_CRL_HAS_EXPIRED); + return(0); + } + + return(1); +} + + +static int +ssh_check_crl_cert(X509_STORE_CTX *_ctx, X509_CRL *_crl, X509 *_cert) { + X509_REVOKED revoked; + int k; + char *p, buf1[512], buf2[512]; + + if (_crl == NULL) return(1); + revoked.serialNumber = X509_get_serialNumber(_cert); + k = sk_X509_REVOKED_find(_crl->crl->revoked, &revoked); + if (k < 0) return(1); + + X509_STORE_CTX_set_error(_ctx, X509_V_ERR_CERT_REVOKED); + /* yes, revoked. print log and ...*/ + p = ssh_ASN1_INTEGER_2_string(revoked.serialNumber); + X509_NAME_oneline(X509_get_subject_name(_cert), buf1, sizeof(buf1)); + X509_NAME_oneline(X509_CRL_get_issuer (_crl ), buf2, sizeof(buf2)); + + error("certificate '%.512s' with serial '%.40s' revoked from issuer '%.512s'", + buf1, p, buf2); + xfree(p); + + return(0); +} + + +static int +ssh_x509revoked_cb(int ok, X509_STORE_CTX *ctx) { + X509 *cert; + X509_OBJECT xobj; + + if (!ok) return(0); + if (x509revoked == NULL) + return(ok); /* XXX:hmm */ + + cert = X509_STORE_CTX_get_current_cert(ctx); + if (cert == NULL) { + error("ssh_x509revoked_cb: missing current certificate in x509store context"); + return(0); + } + + if (get_log_level() >= SYSLOG_LEVEL_DEBUG3) { + char buf[512]; + + X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf)); + debug3("ssh_x509revoked_cb:issuer =%.512s", buf); + + X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)); + debug3("ssh_x509revoked_cb:subject=%.512s", buf); + } + + memset(&xobj, 0, sizeof(xobj)); + if (ssh_x509store_lookup( + x509revoked, X509_LU_CRL, + X509_get_subject_name(cert), + &xobj) > 0) { +/* + * In callback we cannot check CRL signature at this point when we use + * X509_get_issuer_name(), because we don't know issuer public key! + * Of course we can get the public key from X509_STORE defined by + * static variable "x509store". + * Of course we can check revocation outside callback, but we should + * try to find public key in X509_STORE[s]. + * + * At this point we can get easy public key of "current certificate"! + * + * Method: "look forward" + * At this call we check CLR (signature and other) issued with "current + * certificate" ("CertA"). If all is OK with "CertA" by next call of + * callback method "current certificate" is signed from "CertA" and the + * CRL issued from "CertA", if any is already verified - cool ;-). + * + * Note that when a certificate is revoked all signed form that + * certificate are revoked automatically too. With method "look forward" + * we already know that all issuers of "current certificate" aren't + * revoked. + */ + ok = ssh_check_crl(ctx, xobj.data.crl); + } + X509_OBJECT_free_contents(&xobj); + if (!ok) return(0); + + memset(&xobj, 0, sizeof(xobj)); + if (ssh_x509store_lookup( + x509revoked, X509_LU_CRL, + X509_get_issuer_name(cert), + &xobj) > 0) { + ok = ssh_check_crl_cert(ctx, xobj.data.crl, cert); + } + X509_OBJECT_free_contents(&xobj); + /* clear rest of errors in OpenSSL "error buffer" */ + ERR_clear_error(); + + if (!ok) return(0); + + /**/ + return(ok); +} +#endif + +#endif /*ndef SSH_X509STORE_DISABLED*/ diff -ruN openssh-3.8p1/x509store.h openssh-3.8p1+x509g3/x509store.h --- openssh-3.8p1/x509store.h 1970-01-01 02:00:00.000000000 +0200 +++ openssh-3.8p1+x509g3/x509store.h 2004-02-22 00:00:47.000000000 +0200 @@ -0,0 +1,57 @@ +#ifndef X509STORE_H +#define X509STORE_H +/* + * Copyright (c) 2002-2004 Roumen Petrov. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + + +#include "includes.h" +#include + + +int ssh_x509cert_check(X509 *_cert); + +int ssh_get_default_x509purpose(int _is_server); +/* return purpose index, not purpose id (!) */ +int ssh_get_x509purpose_s(int _is_server, const char* _purpose_synonym); +void ssh_set_x509purpose(int _is_server, int _sshpurpose_index); + + +#ifndef SSH_X509STORE_DISABLED + +int ssh_x509store_lookup(X509_STORE *store, int type, X509_NAME *name, X509_OBJECT *xobj); + +typedef struct { + /* ssh PKI(X509) store */ + const char *certificate_file; + const char *certificate_path; + const char *revocation_file; + const char *revocation_path; +} X509StoreOptions; + +int ssh_x509store_addlocations(const X509StoreOptions *_locations); + +#endif /*ndef SSH_X509STORE_DISABLED*/ + + +#endif /* X509STORE_H */