diff options
| author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2002-07-16 12:27:05 +0000 |
|---|---|---|
| committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2002-07-16 12:27:05 +0000 |
| commit | 958d51720eb293fdde708f2786abfb51172e9af3 (patch) | |
| tree | a0d5e2fc9c316c79d2e775ac8a0e158284c6d8d3 | |
| parent | 3fb61e5330a65d393a2b8cfc9f76c00cec79e60c (diff) | |
Notes
107 files changed, 4638 insertions, 2610 deletions
diff --git a/Makefile.inc1 b/Makefile.inc1 index 052fd9838f58..ce6ff3b15f7c 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -744,6 +744,7 @@ includes: # libradius: libmd # libreadline: libncurses # libskey: libcrypt libmd +# libssh: libcrypto libz # libstc++: msun # libtacplus: libmd # @@ -753,7 +754,7 @@ includes: # kerberosIV/lib kerberos5/lib: lib/libcrypt # lib/libpam: secure/lib/libcrypto kerberosIV/lib/libkrb \ # secure/lib/libssh lib/libz -# secure/lib: lib/libmd +# secure/lib: secure/lib/libcrypto lib/libmd lib/libz # .if exists(${.CURDIR}/lib/csu/${MACHINE_ARCH}.pcc) _csu= lib/csu/${MACHINE_ARCH}.pcc @@ -763,8 +764,11 @@ _csu= lib/csu/i386-elf _csu= lib/csu/${MACHINE_ARCH} .endif -.if !defined(NOSECURE) && !defined(NOCRYPT) +.if exists(${.CURDIR}/secure) && !defined(NOCRYPT) && !defined(NOSECURE) _secure_lib= secure/lib +.if exists(${.CURDIR}/secure/lib/libcrypto) +_libcrypto= secure/lib/libcrypto +.endif .endif .if !defined(NOCRYPT) && defined(MAKE_KERBEROS4) @@ -785,10 +789,10 @@ _libkeycap= usr.sbin/pcvt/keycap libraries: .for _lib in ${_csu} gnu/lib/csu gnu/lib/libgcc lib/libmd lib/libcrypt \ - ${_secure_lib} ${_kerberosIV_lib} \ + lib/libz ${_libcrypto} ${_secure_lib} ${_kerberosIV_lib} \ ${_kerberos5_lib} lib/libcom_err lib/msun lib/libncurses \ lib/libopie lib/libradius lib/libskey lib/libtacplus lib/libutil \ - lib/libz lib gnu/lib ${_libperl} usr.bin/lex/lib ${_libkeycap} + lib gnu/lib ${_libperl} usr.bin/lex/lib ${_libkeycap} .if exists(${.CURDIR}/${_lib}) cd ${.CURDIR}/${_lib}; \ ${MAKE} depend; \ diff --git a/contrib/opie/BUG-REPORT b/contrib/opie/BUG-REPORT index 5373871015da..c772d2d504fe 100644 --- a/contrib/opie/BUG-REPORT +++ b/contrib/opie/BUG-REPORT @@ -1,11 +1,12 @@ -OPIE Software Distribution, Release 2.32 Bug Reporting Form -======================================== ================== +OPIE Software Distribution, Release 2.4 Bug Reporting Form +======================================= ================== Before submitting a bug report, please check the README file and make sure that your "bug" is not a known problem. Please make a copy of this file and then edit it with your favorite -text editor to include the answers to the following questions: +text editor (NOT a word processor; the end result needs to be reasonable ASCII +text) to include the answers to the following questions: 1. Your name and electronic mail address, in case we need more information. If you can provide multiple addresses, please do so in case we @@ -76,7 +77,7 @@ Copyright ========= %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/INSTALL b/contrib/opie/INSTALL index 71f0afb68aab..db23f84a2b76 100644 --- a/contrib/opie/INSTALL +++ b/contrib/opie/INSTALL @@ -1,5 +1,5 @@ -OPIE Software Distribution, Release 2.31 Installation Instructions -======================================== ========================= +OPIE Software Distribution, Release 2.4 Installation Instructions +======================================= ========================= Did you read the README file? @@ -26,11 +26,102 @@ hole, but a necessary evil for some sites), type: If you'd like the file to go somewhere else, adjust this appropriately. - There are a number of configure-time options available for OPIE. To -get a list, type: + There are a number of configure-time options available for OPIE. You +probably don't want to change the defaults. To get a complete listing of the +currently available options, type: sh configure --help + Some options that may be of interest are: + + --enable-access-file=FILENAME: Enable the OPIE access file FILENAME + The OPIE access file provides a system administrator with the ability + to make the use of OTP optional for certain hosts. Note that individual + users can create a file named ".opiealways" in their home directory to + require that OTP be used to access to their account. Note also that the + access file is based on addresses, but many of the clients that use it + are only given hostnames. This opens this entire scheme up to DNS + spoofing attacks, which is a major security problem. ALWAYS use a + package such as tcp_wrappers configured to do paranoid checking on DNS + information if you enable this option (it's good practice anyway). + + --enable-server-md4: Use MD4 instead of MD5 for the server + The old S/Key package used MD4 instead of MD5. MD4 is believed to be + less secure than MD5. Use this option only for compatibility with old + key files. + + --disable-user-locking: Disable user locking + OPIE only allows one session at a time to attempt to authenticate a + principal; this prevents a possible race attack on OTP. This locking + mechanism can cause problems in some applications, in which case you + might want to disable the locking. This option also provides a work- + around if the locking code doesn't work reliably on your system. + + --enable-user-locking[=DIR]: Put user lock files in DIR [/etc/opielocks] + The OPIE lock files need to be put in an isolated directory that is + only accessable by the super-user and has a parent directory that is + only writable by the super-user. If you are trying to use OPIE with + the key file shared by NFS, you need to make the lock directory + shared too. (But you read the README file, so you knew this) + + --enable-retype: Ask users to re-type their secret pass phrases + On the one hand, this helps prevent users from having to go generate + an OTP, type it into a remote system, and then found out they + mistyped. On the other hand, it's annoying. If this is enabled, users + can simply hit return at the second prompt and the generator will skip + the retype check, which allows users who don't like the retype check + to mostly skip it. + + --enable-su-star-check: Refuse to switch to disabled accounts + On many systems, an asterisk means one thing and one thing only: this + account is never meant for human users. Therefore, it doesn't make + much sense for anyone other than an attacker to try to su to that + account. Enabling this check causes su to refuse to switch to + accounts with an asterisk in their password field. While probably + better for security, this is not compatible with traditional *IX su + behavior, so it is disabled by default + + --disable-new-prompts: Use more compatible (but less informative) prompts + OPIE uses login prompts that tell you exactly what kind of response + (an OTP response and/or a cleartext password) it expects you to give. + This can break automatic login scripts that look for 'Password:' as + the prompt for the password. If you have users that use such scripts, + you might want to disable the more informative responses so as not to + break those scripts. + + --enable-insecure-override: Allow users to override insecure checks + While OPIE cannot determine whether or not a session is secure, it can + check for fairly common signs that it isn't secure. If it believes the + session is insecure, some programs like opiekey will refuse to run + because they prompt the user to send a secret pass phrase. Sometimes + these checks declare a session insecure when it is, and sometimes the + user wants to continue anyway even if the session is insecure. If this + option is enabled, many commands gain a '-f' option to force them to + operate even if OPIE thinks the session is insecure. + + --enable-anonymous-ftp Enable anonymous FTP support + By default, the OPIE FTP daemon does not support anonymous FTP + service. The FTP daemon contains many security related bug fixes + relative to the original source, but bugs probably remain. It was not + intended to be used for anonymous FTP, where it is more open to the + commands of potentially hostile users. If you enable this option, it + will once again support anonymous FTP, but it probably isn't secure + when that way. + + --disable-utmp Disable utmp logging + --disable-wtmp Disable wtmp logging + On some systems, logging to the utmp and/or wtmp files is just a lost + cause. If this is the case on your system, you might be better off + not having OPIE even try. + + --enable-opieauto Enable support for opieauto + opieauto is a facility that caches an intermediate result of the OTP + generator so that a user-selected number of OTPs can be generated on + demand for each time the user types in the secret pass phrase. This + is great for user convenience, as typing a twenty or thirty character + secret pass phrase can be annoying. It can also be a minor security + hole (see the README for details). + 2. Edit the Makefile The Makefile contains some options that you may wish to modify. Also @@ -75,7 +166,7 @@ Copyright ========= %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/Makefile.in b/contrib/opie/Makefile.in index 926ff4233fd3..77e0fc3b1bb1 100644 --- a/contrib/opie/Makefile.in +++ b/contrib/opie/Makefile.in @@ -2,7 +2,7 @@ # Makefile.source and Makefile: Directions for building and installing OPIE. # # %%% portions-copyright-cmetz-96 -# Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +# Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights # Reserved. The Inner Net License Version 2 applies to these portions of # the software. # You should have received a copy of the license with this software. If @@ -15,6 +15,9 @@ # # History: # +# Modified by cmetz for OPIE 2.4. Add libmissing to include header path. +# Renamed realclean to distclean. Added opieauto rules. Made +# system program install more tolerant of non-existent files. # Modified by cmetz for OPIE 2.31. Moved logwtmp.o into libopie. # Modified by cmetz for OPIE 2.3. Removed manual config -- it's # Autoconf or bust. Replaced user configuration options @@ -80,9 +83,9 @@ SHELL=/bin/sh OWNER=0 GROUP=bin -# Where should the OPIE standard and extended databases be stored? +# Where should the OPIE standard and extended databases be stored? # -# Some sites might want to put this elsewhere. If you want to use an old +# Some sites might want to put this elsewhere. If you want to use an old # S/Key database, you should create a link from /etc/skeykeys to /etc/opiekeys. KEY_FILE=/etc/opiekeys @@ -115,10 +118,11 @@ SU=@SU@ ALT_SU=@ALT_SU@ LOGIN=@LOGIN@ LOCK_DIR=@LOCK_DIR@ +OPIEAUTO=@OPIEAUTO@ BACKUP=opie.old -CFLAGS=$(DEBUG) +CFLAGS=$(DEBUG) -Ilibmissing LFLAGS=-Llibopie -Llibmissing -lopie $(LIBS) -lmissing -lopie LDEPS=libmissing/libmissing.a libopie/libopie.a @@ -128,17 +132,19 @@ all: client server ifdefs: egrep '^#*if*def' *.c *.h | cut -f2 -d: | sort | uniq -client: libopie/libopie.a libmissing/libmissing.a opietest-passed opiekey opiegen +client: libopie/libopie.a libmissing/libmissing.a opietest-passed opiekey opiegen $(OPIEAUTO) client-install: client @echo "Installing OPIE client software..." @echo "Copying OPIE key-related files" @if test ! -d $(LOCALBIN); then $(MKDIR) $(LOCALBIN); chmod 755 $(LOCALBIN); fi - @cp opiekey $(LOCALBIN) + @cp opiekey $(OPIEAUTO) $(LOCALBIN) @$(CHOWN) $(OWNER) $(LOCALBIN)/opiekey + @if test ! -z "$(OPIEAUTO)"; then $(CHOWN) $(OWNER) $(LOCALBIN)/opieauto; fi @chgrp $(GROUP) $(LOCALBIN)/opiekey @echo "Changing file permissions" @chmod 0511 $(LOCALBIN)/opiekey + @if test ! -z "$(OPIEAUTO)"; then chmod 0511 $(LOCALBIN)/opieauto; fi @echo "Symlinking aliases to opiekey" @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md4 @-ln -s $(LOCALBIN)/opiekey $(LOCALBIN)/otp-md5 @@ -160,32 +166,75 @@ server-install: server @chmod 0555 $(LOCALBIN)/opieinfo @chmod 4511 $(LOCALBIN)/opiepasswd @echo "Installing OPIE system programs..." - @if test ! $(EXISTS) $(LOGIN).$(BACKUP); then echo "Renaming existing $(LOGIN) to $(LOGIN).$(BACKUP)"; mv $(LOGIN) $(LOGIN).$(BACKUP); echo "Clearing permissions on old $(LOGIN)"; chmod 0 $(LOGIN).$(BACKUP); fi - @echo "Copying opielogin to $(LOGIN)" - @cp opielogin $(LOGIN) - @echo "Changing ownership of $(LOGIN)" - @$(CHOWN) $(OWNER) $(LOGIN) - @chgrp $(GROUP) $(LOGIN) - @echo "Changing file permissions of $(LOGIN)" - @chmod 4111 $(LOGIN) - @if test ! $(EXISTS) $(SU).$(BACKUP); then echo "Renaming existing su to su.$(BACKUP)"; mv $(SU) $(SU).$(BACKUP); echo "Clearing permissions on old su"; chmod 0 $(SU).$(BACKUP); fi - @-if test ! -z "$(ALT_SU)"; then if test ! $(EXISTS) $(ALT_SU).$(BACKUP); then echo "Renaming existing su to su.$(BACKUP)"; mv $(ALT_SU) $(ALT_SU).$(BACKUP); fi; echo "Copying opiesu to su"; cp opiesu $(ALT_SU); echo "Changing ownership"; $(CHOWN) $(OWNER) $(ALT_SU); chgrp $(GROUP) $(ALT_SU); echo "Changing file permissions"; chmod 4111 $(ALT_SU); echo "Clearning permissions on old su"; chmod 0 $(ALT_SU).$(BACKUP); fi - @echo "Copying opiesu to su" - @cp opiesu $(SU) - @echo "Changing ownership of su" - @$(CHOWN) $(OWNER) $(SU) - @chgrp $(GROUP) $(SU) - @echo "Changing file permissions of su" - @chmod 4111 $(SU) - @if test ! $(EXISTS) $(FTPD).$(BACKUP); then echo "Renaming existing ftp daemon to $(FTPD).$(BACKUP)"; mv $(FTPD) $(FTPD).$(BACKUP); echo "Clearing permissions on old ftp daemon"; chmod 0 $(FTPD).$(BACKUP); fi - @echo "Copying OPIE ftp daemon" - @cp opieftpd $(FTPD) - @echo "Changing ownership of ftpd" - @$(CHOWN) $(OWNER) $(FTPD) - @chgrp $(GROUP) $(FTPD) - @echo "Changing file permissions of ftpd" - @chmod 0100 $(FTPD) - @echo "Making sure OPIE database file exists" + @if test ! -z $(LOGIN); \ + then \ + if test ! $(EXISTS) $(LOGIN).$(BACKUP); \ + then \ + echo "Renaming existing $(LOGIN) to $(LOGIN).$(BACKUP)"; \ + mv $(LOGIN) $(LOGIN).$(BACKUP); \ + echo "Clearing permissions on $(LOGIN)"; \ + chmod 0 $(LOGIN).$(BACKUP); \ + fi; \ + echo "Copying OPIE login to $(LOGIN)"; \ + cp opielogin $(LOGIN); \ + echo "Changing ownership of $(LOGIN)"; \ + $(CHOWN) $(OWNER) $(LOGIN); \ + chgrp $(GROUP) $(LOGIN); \ + echo "Changing file permissions of $(LOGIN)"; \ + chmod 4111 $(LOGIN); \ + fi + @if test ! -z $(SU); \ + then \ + if test ! $(EXISTS) $(SU).$(BACKUP); \ + then \ + echo "Renaming existing $(SU) to $(SU).$(BACKUP)"; \ + mv $(SU) $(SU).$(BACKUP); \ + echo "Clearing permissions on $(SU)"; \ + chmod 0 $(SU).$(BACKUP); \ + fi; \ + echo "Copying OPIE su to $(SU)"; \ + cp opiesu $(SU); \ + echo "Changing ownership of $(SU)"; \ + $(CHOWN) $(OWNER) $(SU); \ + chgrp $(GROUP) $(SU); \ + echo "Changing file permissions of $(SU)"; \ + chmod 4111 $(SU); \ + fi + @if test ! -z $(ALT_SU); \ + then \ + if test ! $(EXISTS) $(ALT_SU).$(BACKUP); \ + then \ + echo "Renaming existing $(ALT_SU) to $(ALT_SU).$(BACKUP)"; \ + mv $(ALT_SU) $(ALT_SU).$(BACKUP); \ + echo "Clearing permissions on $(ALT_SU)"; \ + chmod 0 $(ALT_SU).$(BACKUP); \ + fi; \ + echo "Copying OPIE su to $(ALT_SU)"; \ + cp opiesu $(ALT_SU); \ + echo "Changing ownership of $(ALT_SU)"; \ + $(CHOWN) $(OWNER) $(ALT_SU); \ + chgrp $(GROUP) $(ALT_SU); \ + echo "Changing file permissions of $(ALT_SU)"; \ + chmod 4111 $(ALT_SU); \ + fi + @if test ! -z $(FTPD); \ + then \ + if test ! $(EXISTS) $(FTPD).$(BACKUP); \ + then \ + echo "Renaming existing $(FTPD) to $(FTPD).$(BACKUP)"; \ + mv $(FTPD) $(FTPD).$(BACKUP); \ + echo "Clearing permissions on $(FTPD).$(BACKUP)"; \ + chmod 0 $(FTPD).$(BACKUP); \ + fi; \ + echo "Copying OPIE ftp daemon to $(FTPD)"; \ + cp opieftpd $(FTPD); \ + echo "Changing ownership of $(FTPD)"; \ + $(CHOWN) $(OWNER) $(FTPD); \ + chgrp $(GROUP) $(FTPD); \ + echo "Changing file permissions of $(FTPD)"; \ + chmod 0100 $(FTPD); \ + fi + @echo "Making sure OPIE database file exists"; @touch $(KEY_FILE) @echo "Changing permissions of OPIE database file" @chmod 0644 $(KEY_FILE) @@ -230,16 +279,18 @@ libmissing/libmissing.a: libmissing/*.c clean: -rm -f *.o opiekey opiegen opielogin opiepasswd opiesu opieftpd - -rm -f opieserv opieinfo opietest *core* opietest-passed + -rm -f opieserv opieinfo opietest opieauto *core* opietest-passed -rm -f Makefile.munge configure.munger y.tab.c .gdb* (cd libopie ; $(MAKE) clean) (cd libmissing ; $(MAKE) clean) -realclean: clean +realclean: distclean + +distclean: clean -rm -f *~ core* "\#*\#" Makefile make.log -rm -f config.log config.status config.cache config.h - (cd libopie ; $(MAKE) realclean) - (cd libmissing ; $(MAKE) realclean) + (cd libopie ; $(MAKE) distclean) + (cd libmissing ; $(MAKE) distclean) opiekey: opiekey.o $(LDEPS) $(CC) $(CFLAGS) opiekey.o $(LFLAGS) -o opiekey @@ -270,3 +321,7 @@ opieinfo: opieinfo.o $(LDEPS) opietest: opietest.o $(LDEPS) $(CC) $(CFLAGS) opietest.o $(LFLAGS) -o opietest + +opieauto: opieauto.o $(LDEPS) + $(CC) $(CFLAGS) opieauto.o $(LFLAGS) -o opieauto + diff --git a/contrib/opie/README b/contrib/opie/README index dcc46a9103da..a89e168adadb 100644 --- a/contrib/opie/README +++ b/contrib/opie/README @@ -1,5 +1,5 @@ -OPIE Software Distribution, Release 2.32 Important Information -======================================== ===================== +OPIE Software Distribution, Release 2.4 Important Information +======================================= ===================== Introduction ============ @@ -75,87 +75,104 @@ original Bellcore S/Key(tm) Version 1 software: A Glance at What's New ====================== - 2.32 January 1, 1998. + 2.4 TEST VERSION -- NOT FOR REDISTRIBUTION - Indicate support for extended responses in challenges and check for - such indication before generating any extended responses. + Merged in opieauto, which is disabled by default. - Lots of portability and bug fixes. + Lots of documentation updates. - 2.31 March 20, 1997. + Portability and bug fixes. - Removed active attack protection support due to patent problems. + 2.32 January 1, 1998. - Moved user locks to a separate directory. + Indicate support for extended responses in challenges and check for such +indication before generating any extended responses. - Moved user-serviceable configuration options to the configure script. + Lots of portability and bug fixes. - Lots of portability and bug fixes. + 2.31 March 20, 1997. - 2.3 September 22, 1996 + Removed active attack protection support due to patent problems. - Autoconf is now the only supported configuration method. + Removed the supplemental key file; it did more harm than good. - Lots of internal functions got re-written in ways that will make some + Moved user locks to a separate directory. + + Moved user-serviceable configuration options to the configure script. + + Lots of portability and bug fixes. + + 2.3 September 22, 1996 + + Autoconf is now the only supported configuration method. + + Lots of internal functions got re-written in ways that will make some planned future changes easier. - OTP extended responses, such as automatic re-initialization. + OTP extended responses, such as automatic re-initialization. - Support for a supplemental key file that stores information that was -not in the original /etc/skeykeys file. This allows OPIE to store extra data -needed for things like the OTP re-initialization extended response without -breaking interoperability with other S/Key derived programs. This file is -named "/etc/opiekeys.ext" by default. Unlike the standard key file, it MUST -NOT be world readable. + Support for a supplemental key file that stores information that was not +in the original /etc/skeykeys file. This allows OPIE to store extra data needed +for things like the OTP re-initialization extended response without breaking +interoperability with other S/Key derived programs. This file is named +"/etc/opiekeys.ext" by default. Unlike the standard key file, it MUST NOT be +world readable. - OPIE should better support some of the native "features" of drain -bamaged OSs such as AIX, HP-UX, and Solaris. + OPIE should better support some of the native "features" of drain bamaged +OSs such as AIX, HP-UX, and Solaris. - OPIE's utmp/wtmp handling has been completely re-written. This should -solve many of the utmp/wtmp problems people have been having. + OPIE's utmp/wtmp handling has been completely re-written. This should solve +many of the utmp/wtmp problems people have been having. - Lots of cleanups. + Lots of cleanups. - Bug fixes. + Bug fixes. - 2.22 May 3, 1996. + 2.22 May 3, 1996. - More minor bug fixes. OPIE once again works on Solaris 2.x. + More minor bug fixes. OPIE once again works on Solaris 2.x. - 2.21 April 27, 1996. + 2.21 April 27, 1996. - Minor bug fixes. + Minor bug fixes. - 2.2 April 11, 1996. + 2.2 April 11, 1996. - opiesubr.c, opiesubr2.c, and a few other functions moved into -a subdirectory and split into files with fine granularity. Ditto with -missing function replacements. This subdirectory structure changes a lot -of things around and more splitting like this should be expected in the -near future. + opiesubr.c, opiesubr2.c, and a few other functions moved into a +subdirectory and split into files with fine granularity. Ditto with missing +function replacements. This subdirectory structure changes a lot of things +around and more splitting like this should be expected in the near future. - Added opiegenerator() library function that should make it very easy -to create OTP clients using the OPIE library (this function is subject to -change: there are a few problems remaining to be solved). Just about re-write + Added opiegenerator() library function that should make it very easy to +create OTP clients using the OPIE library (this function is subject to change: +there are a few problems remaining to be solved). Just about re-wrote opiegetpass() to use raw I/O and got most of the OPIE programs actually using that function. Autoconf build fixes. Lots of bug fixes. Lots of portability fixes. Function declarations should be ANSI style for ANSI compilers. Several -fixes to bring OPIE in line with the latest OTP spec. MJR DES key crunch +fixes to bring OPIE in line with the latest OTP spec. MJR DES key crunch de-implemented. - Added sample programs: opiegen (client) and opieserv (server). + Added sample programs: opiegen (client) and opieserv (server). + + Probably broke non-autoconf support along the way :(. I've tried to bring +this back in sync, but it may still be broken. + + 2.11 December 27, 1995. - Probably broke non-autoconf support along the way :(. I've tried to -bring this back in sync, but it may still be broken. + Minor bug fixes. - 2.11 December 27, 1995. + 2.10 December 26, 1995. - Minor bug fixes. + Optional autoconf support. opieinfo is now a normal program. Bugs fixed -- +should work much better on SunOS, HP-UX, and AIX. - 2.10 December 26, 1995. + 2.01 -- 2.04 - Optional autoconf support. opieinfo is now a normal program. -Bugs fixed -- should work much better on SunOS, HP-UX, and AIX. + Bug fix releases. + + 2.00 + + Initial release of OPIE 2.0. System Requirements =================== @@ -177,12 +194,15 @@ OPIE code. If OPIE Doesn't Work ==================== - First and foremost, make sure you have the latest version of OPIE. The -latest version is available by anonymous FTP at: + Under NO circumstances should you send trouble reports directly to the +authors or contributors. They WILL BE IGNORED. + + Make sure you have the latest version of OPIE. The latest version is +available by HTTP at: - ftp://ftp.nrl.navy.mil/pub/security/opie - and - ftp://ftp.inner.net/pub/opie + http://www.inner.net/pub/opie + + (sorry, but anonymous FTP is no longer available) If you have installed the OPIE software (either through "make test" in (7) above or "make install" in (14)), you can run "make uninstall" from the @@ -194,7 +214,8 @@ installation procedure itself did not work properly. If you are running a release version, try installing the latest public test version (look around). These frequently have already fixed the problem you are seeing, but may have new problems of their own (that's why they're -test versions!). +test versions!). Similarly, if you are running a test version, try installing +the latest released version. OPIE is NOT supported software. We don't promise to support you or even to acknowledge your mail, but we are interested in bug reports and are @@ -233,7 +254,7 @@ Gotchas ======= Solaris 2.x is just a lose. It does a lot of nonstandard and downright -broken things. If you want OPIE to be reliable on your box, upgrade to NetBSD +broken things. If you want OPIE to be reliable on your box, upgrade to OpenBSD or Linux. While an almost universal "feature", most people remain unaware that @@ -342,6 +363,25 @@ it puts them. The lock file directory must be a directory used only for OPIE lock files. It must be a directory, owned by the superuser, and must be mode 0700. + opieauto is a potential security hole. It opens a limited window of +exposure by transmitting and storing information that can be used to +generate one or more OTPs earlier than the current sequence number. Every +effort has been made to limit the potential for compromise to the user- +specified window. However, an attacker with superuser priveleges or access to +your account on the client system can still generate OTPs based on the +information cached via opieauto. In practice, there are other ways for such an +an attacker to get your entire secret pass phrase, so this is probably not +creating a significant new security problem. However, because of this +potential for problems and because opieauto uses system features that are not +present on all systems, opieauto support is not compiled in by default and +must be specifically enabled at compile time. + + Many users are running OPIE with the key file on a shared NFS volume +in order to use OTP as a single-login system for a cluster of machines. OPIE +was NOT designed to be operated this way, though it does seem to work. If it +fails or if this proves insecure, this is not OPIE's fault. Note that, if you +do this, you probably want to share the OPIE lock files too. + Gripes ====== @@ -355,14 +395,12 @@ are complying to some or other "standard." My (cmetz) conclusion is that the only thing that is standard about utmp and wtmp handling is that it will be nonstandard on any given system. I've tried a lot of things and I've wasted *a lot* of time on trying to make utmp and wtmp handling work for everybody; -my conclusion is that it will never happen. I personally am willing to stand -behind the code for utmp/wtmp handling on reasonable Linux and 4.4BSD-Lite -systems. If it breaks, tell me and I will fix it. While I am still interested -in hearing about fixes for other OSs, I'm not likely to go out of my way to fix -utmp/wtmp handling on them. If you want it fixed, the best way to do it is to -fix it yourself and give me a patch. As long as the patch is reasonable, I'll -include it in the next release. If you can't wait, use the --disable-utmp -option. +my conclusion is that it will never happen. While I am still interested in +hearing about fixes for utmp/wtmp on systems where they don't work, I'm not +likely to go out of my way to fix utmp/wtmp handling. If you want it fixed, +the best way to do it is to fix it yourself and contribute a patch. As long as +the patch is reasonable, it will be included in the next release. If you can't +wait, use the --disable-utmp option. Credits ======= @@ -396,23 +434,29 @@ community effort. These contributors include: Mowgli Assor Lawrie Brown Andrew Davis + Taso N. Devetzis + Carson Gaspar Dennis Glatting Ben Golding Axel Grewe "Hobbit" Kojima Hajime Darren Hosking - Matt Hucke + Matt Hucke + Kenji Kamizono Charles Karney Jeff Kletsky + Peter Koch Martijn Koster Osamu Kurati Ayamura Kikuchi Ronald van der Meer + Bret Musser Hiroshi Nakano Ikuo Nakagawa Angelo Neri C. R. Oldham + Ossama Othman D. Jason Penney John Perkins Steve Price @@ -429,7 +473,7 @@ City, Virginia. If you have problems with OPIE, please follow the instructions under "If OPIE Doesn't Work." Under NO circumstances should you send trouble -reports directly to the authors or contributors. +reports directly to the authors or contributors. They WILL BE IGNORED. Trademarks ========== @@ -440,12 +484,12 @@ NRL is a trademark of the U. S. Naval Research Laboratory. All other trademarks are trademarks of their respective owners. The term "OPIE" is in the public domain and hence cannot be legally -trademarked by anyone. +trademarked by anyone. Please do not abuse it. Copyrights ========== %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/acconfig.h b/contrib/opie/acconfig.h index f22ca38310bd..e33ebcf13058 100644 --- a/contrib/opie/acconfig.h +++ b/contrib/opie/acconfig.h @@ -1,7 +1,7 @@ /* acconfig.h: Extra commentary for Autoheader %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -117,6 +117,15 @@ you didn't get a copy, you may request one from <license@inner.net>. /* Define if there is a ut_host field in struct utmp */ #undef HAVE_UT_HOST +/* Define if there is a ut_id field in struct utmp */ +#undef HAVE_UT_ID + +/* Define if there is a ut_syslen field in struct utmp */ +#undef HAVE_UT_SYSLEN + +/* Define if there is a utx_syslen field in struct utmpx */ +#undef HAVE_UTX_SYSLEN + /* Define if the system has getutline() */ #undef HAVE_GETUTLINE @@ -149,3 +158,69 @@ you didn't get a copy, you may request one from <license@inner.net>. /* Defined if user locking is to be used */ #undef USER_LOCKING + +/* Defined if opieauto is to be used */ +#undef OPIEAUTO + +/* Define if you have the atexit function. */ +#undef HAVE_ATEXIT + +/* Define if you have the endutent function. */ +#undef HAVE_ENDUTENT + +/* Define if you have the initgroups function. */ +#undef HAVE_INITGROUPS + +/* Define if you have the memcmp function. */ +#undef HAVE_MEMCMP + +/* Define if you have the memcpy function. */ +#undef HAVE_MEMCPY + +/* Define if you have the memset function. */ +#undef HAVE_MEMSET + +/* Define if you have the getcwd function. */ +#undef HAVE_GETCWD + +/* Define if you have the getenv function. */ +#undef HAVE_GETENV + +/* Define if you have the getutline function. */ +#undef HAVE_GETUTLINE + +/* Define if you have the pututline function. */ +#undef HAVE_PUTUTLINE + +/* Define if you have the setenv function. */ +#undef HAVE_SETENV + +/* Define if you have the setegid function. */ +#undef HAVE_SETEGID + +/* Define if you have the seteuid function. */ +#undef HAVE_SETEUID + +/* Define if you have the setutent function. */ +#undef HAVE_SETUTENT + +/* Define if you have the sigprocmask function. */ +#undef HAVE_SIGPROCMASK + +/* Define if you have the strchr function. */ +#undef HAVE_STRCHR + +/* Define if you have the strrchr function. */ +#undef HAVE_STRRCHR + +/* Define if you have the strtoul function. */ +#undef HAVE_STRTOUL + +/* Define if you have the sysconf function. */ +#undef HAVE_SYSCONF + +/* Define if you have the uname function. */ +#undef HAVE_UNAME + +/* Define if you have the unsetenv function. */ +#undef HAVE_UNSETENV diff --git a/contrib/opie/config.h b/contrib/opie/config.h deleted file mode 100644 index bf91b2e68e8d..000000000000 --- a/contrib/opie/config.h +++ /dev/null @@ -1,379 +0,0 @@ -/* config.h. Generated automatically by configure. */ -/* config.h.in. Generated automatically from configure.in by autoheader. */ - -/* Define if on AIX 3. - System headers sometimes define this. - We just want to avoid a redefinition error message. */ -#ifndef _ALL_SOURCE -/* #undef _ALL_SOURCE */ -#endif - -/* Define if using alloca.c. */ -/* #undef C_ALLOCA */ - -/* Define to empty if the keyword does not work. */ -/* #undef const */ - -/* Define to one of _getb67, GETB67, getb67 for Cray-2 and Cray-YMP systems. - This function is required for alloca.c support on those systems. */ -/* #undef CRAY_STACKSEG_END */ - -/* Define if you have alloca, as a function or macro. */ -#define HAVE_ALLOCA 1 - -/* Define if you have <alloca.h> and it should be used (not on Ultrix). */ -/* #undef HAVE_ALLOCA_H */ - -/* Define if you have <sys/wait.h> that is POSIX.1 compatible. */ -#define HAVE_SYS_WAIT_H 1 - -/* Define if on MINIX. */ -/* #undef _MINIX */ - -/* Define if the system does not provide POSIX.1 features except - with this defined. */ -/* #undef _POSIX_1_SOURCE */ - -/* Define if you need to in order for stat and other things to work. */ -/* #undef _POSIX_SOURCE */ - -/* Define as the return type of signal handlers (int or void). */ -#define RETSIGTYPE void - -/* If using the C implementation of alloca, define if you know the - direction of stack growth for your system; otherwise it will be - automatically deduced at run-time. - STACK_DIRECTION > 0 => grows toward higher addresses - STACK_DIRECTION < 0 => grows toward lower addresses - STACK_DIRECTION = 0 => direction of growth unknown - */ -/* #undef STACK_DIRECTION */ - -/* Define if you want the FTP daemon to support anonymous logins. */ -/* #undef DOANONYMOUS */ - -/* The default value of the PATH environment variable */ -#define DEFAULT_PATH "/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin" - -/* Defined if the file /etc/default/login exists - (and, presumably, should be looked at by login) */ -/* #undef HAVE_ETC_DEFAULT_LOGIN */ - -/* Defined to the name of a file that contains a list of files whose - permissions and ownerships should be changed on login. */ -/* #undef HAVE_LOGIN_PERMFILE */ - -/* Defined to the name of a file that contains a list of environment - values that should be set on login. */ -/* #undef HAVE_LOGIN_ENVFILE */ - -/* Defined if the file /etc/securetty exists - (and, presumably, should be looked at by login) */ -/* #undef HAVE_SECURETTY */ - -/* Defined if the file /etc/shadow exists - (and, presumably, should be looked at for shadow passwords) */ -/* #undef HAVE_ETC_SHADOW */ - -/* The path to the access file, if we're going to use it */ -/* #undef PATH_ACCESS_FILE */ - -/* The path to the mail spool, if we know it */ -#define PATH_MAIL "/var/mail" - -/* The path to the utmp file, if we know it */ -#define PATH_UTMP_AC "/var/run/utmp" - -/* The path to the wtmp file, if we know it */ -#define PATH_WTMP_AC "/var/log/wtmp" - -/* The path to the wtmpx file, if we know it */ -/* #undef PATH_WTMPX_AC */ - -/* Defined if the system's profile (/etc/profile) displays - the motd file */ -/* #undef HAVE_MOTD_IN_PROFILE */ - -/* Defined if the system's profile (/etc/profile) informs the - user of new mail */ -/* #undef HAVE_MAILCHECK_IN_PROFILE */ - -/* Define if you have a nonstandard gettimeofday() that takes one argument - instead of two. */ -/* #undef HAVE_ONE_ARG_GETTIMEOFDAY */ - -/* Define if the system has the getenv function */ -#define HAVE_GETENV 1 - -/* Define if the system has the setenv function */ -#define HAVE_SETENV 1 - -/* Define if the system has the /var/adm/sulog file */ -/* #undef HAVE_SULOG */ - -/* Define if the system has the unsetenv function */ -#define HAVE_UNSETENV 1 - -/* Define if the compiler can handle ANSI-style argument lists */ -#define HAVE_ANSIDECL 1 - -/* Define if the compiler can handle ANSI-style prototypes */ -#define HAVE_ANSIPROTO 1 - -/* Define if the system has an ANSI-style printf (returns int instead of char *) */ -#define HAVE_ANSISPRINTF 1 - -/* Define if the compiler can handle ANSI-style variable argument lists */ -#define HAVE_ANSISTDARG 1 - -/* Define if the compiler can handle void argument lists to functions */ -#define HAVE_VOIDARG 1 - -/* Define if the compiler can handle void return "values" from functions */ -#define HAVE_VOIDRET 1 - -/* Define if the compiler can handle void pointers to our liking */ -#define HAVE_VOIDPTR 1 - -/* Define if the /bin/ls command seems to support the -g flag */ -/* #undef HAVE_LS_G_FLAG */ - -/* Define if there is a ut_pid field in struct utmp */ -/* #undef HAVE_UT_PID */ - -/* Define if there is a ut_type field in struct utmp */ -/* #undef HAVE_UT_TYPE */ - -/* Define if there is a ut_name field in struct utmp */ -#define HAVE_UT_NAME 1 - -/* Define if there is a ut_host field in struct utmp */ -#define HAVE_UT_HOST 1 - -/* Define if the system has getutline() */ -/* #undef HAVE_GETUTLINE */ - -/* Defined if the system has SunOS C2 security shadow passwords */ -/* #undef HAVE_SUNOS_C2_SHADOW */ - -/* Defined if you want to disable utmp support */ -/* #undef DISABLE_UTMP */ - -/* Defined if you want to allow users to override the insecure checks */ -/* #undef INSECURE_OVERRIDE */ - -/* Defined to the default hash value, always defined */ -#define MDX 5 - -/* Defined if new-style prompts are to be used */ -#define NEW_PROMPTS 1 - -/* Defined to the path of the OPIE lock directory */ -#define OPIE_LOCK_DIR "/var/spool/opielocks" - -/* Defined if users are to be asked to re-type secret pass phrases */ -/* #undef RETYPE */ - -/* Defined if su should not switch to disabled accounts */ -/* #undef SU_STAR_CHECK */ - -/* Defined if user locking is to be used */ -#define USER_LOCKING 1 - -/* Define if you have the bcopy function. */ -/* #undef HAVE_BCOPY */ - -/* Define if you have the bzero function. */ -/* #undef HAVE_BZERO */ - -/* Define if you have the endspent function. */ -/* #undef HAVE_ENDSPENT */ - -/* Define if you have the fpurge function. */ -#define HAVE_FPURGE 1 - -/* Define if you have the getdtablesize function. */ -/* #undef HAVE_GETDTABLESIZE */ - -/* Define if you have the getgroups function. */ -#define HAVE_GETGROUPS 1 - -/* Define if you have the gethostname function. */ -/* #undef HAVE_GETHOSTNAME */ - -/* Define if you have the getspnam function. */ -/* #undef HAVE_GETSPNAM */ - -/* Define if you have the gettimeofday function. */ -#define HAVE_GETTIMEOFDAY 1 - -/* Define if you have the getttynam function. */ -#define HAVE_GETTTYNAM 1 - -/* Define if you have the getusershell function. */ -#define HAVE_GETUSERSHELL 1 - -/* Define if you have the getutxline function. */ -/* #undef HAVE_GETUTXLINE */ - -/* Define if you have the getwd function. */ -/* #undef HAVE_GETWD */ - -/* Define if you have the index function. */ -/* #undef HAVE_INDEX */ - -/* Define if you have the lstat function. */ -#define HAVE_LSTAT 1 - -/* Define if you have the on_exit function. */ -/* #undef HAVE_ON_EXIT */ - -/* Define if you have the pututxline function. */ -/* #undef HAVE_PUTUTXLINE */ - -/* Define if you have the rindex function. */ -/* #undef HAVE_RINDEX */ - -/* Define if you have the setgroups function. */ -#define HAVE_SETGROUPS 1 - -/* Define if you have the setlogin function. */ -#define HAVE_SETLOGIN 1 - -/* Define if you have the setpriority function. */ -#define HAVE_SETPRIORITY 1 - -/* Define if you have the setregid function. */ -/* #undef HAVE_SETREGID */ - -/* Define if you have the setresgid function. */ -/* #undef HAVE_SETRESGID */ - -/* Define if you have the setresuid function. */ -/* #undef HAVE_SETRESUID */ - -/* Define if you have the setreuid function. */ -/* #undef HAVE_SETREUID */ - -/* Define if you have the setvbuf function. */ -#define HAVE_SETVBUF 1 - -/* Define if you have the sigaddset function. */ -#define HAVE_SIGADDSET 1 - -/* Define if you have the sigblock function. */ -/* #undef HAVE_SIGBLOCK */ - -/* Define if you have the sigemptyset function. */ -#define HAVE_SIGEMPTYSET 1 - -/* Define if you have the sigsetmask function. */ -/* #undef HAVE_SIGSETMASK */ - -/* Define if you have the socket function. */ -#define HAVE_SOCKET 1 - -/* Define if you have the strerror function. */ -#define HAVE_STRERROR 1 - -/* Define if you have the strftime function. */ -#define HAVE_STRFTIME 1 - -/* Define if you have the strncasecmp function. */ -#define HAVE_STRNCASECMP 1 - -/* Define if you have the strstr function. */ -#define HAVE_STRSTR 1 - -/* Define if you have the ttyslot function. */ -#define HAVE_TTYSLOT 1 - -/* Define if you have the usleep function. */ -#define HAVE_USLEEP 1 - -/* Define if you have the <crypt.h> header file. */ -/* #undef HAVE_CRYPT_H */ - -/* Define if you have the <dirent.h> header file. */ -#define HAVE_DIRENT_H 1 - -/* Define if you have the <fcntl.h> header file. */ -#define HAVE_FCNTL_H 1 - -/* Define if you have the <lastlog.h> header file. */ -/* #undef HAVE_LASTLOG_H */ - -/* Define if you have the <limits.h> header file. */ -#define HAVE_LIMITS_H 1 - -/* Define if you have the <ndir.h> header file. */ -/* #undef HAVE_NDIR_H */ - -/* Define if you have the <paths.h> header file. */ -#define HAVE_PATHS_H 1 - -/* Define if you have the <pwd.h> header file. */ -#define HAVE_PWD_H 1 - -/* Define if you have the <shadow.h> header file. */ -/* #undef HAVE_SHADOW_H */ - -/* Define if you have the <signal.h> header file. */ -#define HAVE_SIGNAL_H 1 - -/* Define if you have the <stdlib.h> header file. */ -#define HAVE_STDLIB_H 1 - -/* Define if you have the <string.h> header file. */ -#define HAVE_STRING_H 1 - -/* Define if you have the <sys/dir.h> header file. */ -/* #undef HAVE_SYS_DIR_H */ - -/* Define if you have the <sys/file.h> header file. */ -#define HAVE_SYS_FILE_H 1 - -/* Define if you have the <sys/ioctl.h> header file. */ -#define HAVE_SYS_IOCTL_H 1 - -/* Define if you have the <sys/ndir.h> header file. */ -/* #undef HAVE_SYS_NDIR_H */ - -/* Define if you have the <sys/param.h> header file. */ -#define HAVE_SYS_PARAM_H 1 - -/* Define if you have the <sys/select.h> header file. */ -#define HAVE_SYS_SELECT_H 1 - -/* Define if you have the <sys/signal.h> header file. */ -#define HAVE_SYS_SIGNAL_H 1 - -/* Define if you have the <sys/time.h> header file. */ -#define HAVE_SYS_TIME_H 1 - -/* Define if you have the <sys/utsname.h> header file. */ -#define HAVE_SYS_UTSNAME_H 1 - -/* Define if you have the <syslog.h> header file. */ -#define HAVE_SYSLOG_H 1 - -/* Define if you have the <termios.h> header file. */ -#define HAVE_TERMIOS_H 1 - -/* Define if you have the <unistd.h> header file. */ -#define HAVE_UNISTD_H 1 - -/* Define if you have the <utmpx.h> header file. */ -/* #undef HAVE_UTMPX_H */ - -/* Define if you have the crypt library (-lcrypt). */ -#define HAVE_LIBCRYPT 1 - -/* Define if you have the nsl library (-lnsl). */ -/* #undef HAVE_LIBNSL */ - -/* Define if you have the posix library (-lposix). */ -/* #undef HAVE_LIBPOSIX */ - -/* Define if you have the socket library (-lsocket). */ -/* #undef HAVE_LIBSOCKET */ diff --git a/contrib/opie/config.h.in b/contrib/opie/config.h.in index 7f8fe4006d67..ca700f7e7212 100644 --- a/contrib/opie/config.h.in +++ b/contrib/opie/config.h.in @@ -149,6 +149,12 @@ /* Define if there is a ut_host field in struct utmp */ #undef HAVE_UT_HOST +/* Define if there is a ut_id field in struct utmp */ +#undef HAVE_UT_ID + +/* Define if there is a utx_syslen field in struct utmpx */ +#undef HAVE_UTX_SYSLEN + /* Define if the system has getutline() */ #undef HAVE_GETUTLINE @@ -158,6 +164,9 @@ /* Defined if you want to disable utmp support */ #undef DISABLE_UTMP +/* Defined if you want to disable wtmp support */ +#undef DISABLE_WTMP + /* Defined if you want to allow users to override the insecure checks */ #undef INSECURE_OVERRIDE @@ -176,6 +185,72 @@ /* Defined if su should not switch to disabled accounts */ #undef SU_STAR_CHECK +/* Defined if opieauto is to be used */ +#undef OPIEAUTO + +/* Define if you have the atexit function. */ +#undef HAVE_ATEXIT + +/* Define if you have the endutent function. */ +#undef HAVE_ENDUTENT + +/* Define if you have the initgroups function. */ +#undef HAVE_INITGROUPS + +/* Define if you have the memcmp function. */ +#undef HAVE_MEMCMP + +/* Define if you have the memcpy function. */ +#undef HAVE_MEMCPY + +/* Define if you have the memset function. */ +#undef HAVE_MEMSET + +/* Define if you have the getcwd function. */ +#undef HAVE_GETCWD + +/* Define if you have the getenv function. */ +#undef HAVE_GETENV + +/* Define if you have the getutline function. */ +#undef HAVE_GETUTLINE + +/* Define if you have the pututline function. */ +#undef HAVE_PUTUTLINE + +/* Define if you have the setenv function. */ +#undef HAVE_SETENV + +/* Define if you have the setegid function. */ +#undef HAVE_SETEGID + +/* Define if you have the seteuid function. */ +#undef HAVE_SETEUID + +/* Define if you have the setutent function. */ +#undef HAVE_SETUTENT + +/* Define if you have the sigprocmask function. */ +#undef HAVE_SIGPROCMASK + +/* Define if you have the strchr function. */ +#undef HAVE_STRCHR + +/* Define if you have the strrchr function. */ +#undef HAVE_STRRCHR + +/* Define if you have the strtoul function. */ +#undef HAVE_STRTOUL + +/* Define if you have the sysconf function. */ +#undef HAVE_SYSCONF + +/* Define if you have the uname function. */ +#undef HAVE_UNAME + +/* Define if you have the unsetenv function. */ +#undef HAVE_UNSETENV + /* Define if you have the bcopy function. */ #undef HAVE_BCOPY diff --git a/contrib/opie/configure b/contrib/opie/configure index d69b16d10cd2..2bfce6ea8d50 100755 --- a/contrib/opie/configure +++ b/contrib/opie/configure @@ -1,7 +1,7 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated automatically using autoconf version 2.12 +# Generated automatically using autoconf version 2.13 # Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. # # This configure script is free software; the Free Software Foundation @@ -35,6 +35,8 @@ ac_help="$ac_help --disable-utmp Disable utmp logging" ac_help="$ac_help --disable-wtmp Disable wtmp logging" +ac_help="$ac_help + --enable-opieauto Enable support for opieauto" # Initialize some variables set by options. # The variables have the same names as the options, with @@ -73,6 +75,7 @@ mandir='${prefix}/man' # Initialize some other variables. subdirs= MFLAGS= MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} # Maximum number of lines to put in a shell here document. ac_max_here_lines=12 @@ -356,7 +359,7 @@ EOF verbose=yes ;; -version | --version | --versio | --versi | --vers) - echo "configure generated by autoconf version 2.12" + echo "configure generated by autoconf version 2.13" exit 0 ;; -with-* | --with-*) @@ -526,9 +529,11 @@ ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. ac_cpp='$CPP $CPPFLAGS' ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' cross_compiling=$ac_cv_prog_cc_cross +ac_exeext= +ac_objext=o if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then @@ -638,7 +643,7 @@ if test "${enable_anonymous_ftp+set}" = set; then cat >> confdefs.h <<\EOF #define DOANONYMOUS 1 EOF - echo "Enabling anonymous FTP support in ftp -- don't say we didn't warn you!" + echo "enabling anonymous FTP support in ftp -- don't say we didn't warn you!" fi # Check whether --enable-utmp or --disable-utmp was given. @@ -647,31 +652,42 @@ if test "${enable_utmp+set}" = set; then cat >> confdefs.h <<\EOF #define DISABLE_UTMP 1 EOF - echo "Disabling utmp logging" + echo "disabling utmp logging" fi # Check whether --enable-wtmp or --disable-wtmp was given. if test "${enable_wtmp+set}" = set; then enableval="$enable_wtmp" cat >> confdefs.h <<\EOF -#define DISABLE_UTMP 1 +#define DISABLE_WTMP 1 +EOF + echo "disabling wtmp logging" +fi + +# Check whether --enable-opieauto or --disable-opieauto was given. +if test "${enable_opieauto+set}" = set; then + enableval="$enable_opieauto" + cat >> confdefs.h <<\EOF +#define OPIEAUTO 1 EOF - echo "Disabling wtmp logging" + OPIEAUTO=opieauto; echo "enabling opieauto support" fi + # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:667: checking for $ac_word" >&5 +echo "configure:682: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_CC="gcc" @@ -692,16 +708,17 @@ if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:696: checking for $ac_word" >&5 +echo "configure:712: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" ac_prog_rejected=no - for ac_dir in $PATH; do + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then @@ -736,25 +753,61 @@ else echo "$ac_t""no" 1>&6 fi + if test -z "$CC"; then + case "`uname -s`" in + *win32* | *WIN32*) + # Extract the first word of "cl", so it can be a program name with args. +set dummy cl; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:763: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_CC="cl" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + ;; + esac + fi test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 -echo "configure:744: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 +echo "configure:795: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ac_ext=c # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. ac_cpp='$CPP $CPPFLAGS' ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' -ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' cross_compiling=$ac_cv_prog_cc_cross -cat > conftest.$ac_ext <<EOF -#line 754 "configure" +cat > conftest.$ac_ext << EOF + +#line 806 "configure" #include "confdefs.h" + main(){return(0);} EOF -if { (eval echo configure:758: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:811: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ac_cv_prog_cc_works=yes # If we can't run a trivial program, we are probably using a cross compiler. if (./conftest; exit) 2>/dev/null; then @@ -768,18 +821,24 @@ else ac_cv_prog_cc_works=no fi rm -fr conftest* +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 if test $ac_cv_prog_cc_works = no; then { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } fi echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 -echo "configure:778: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "configure:837: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 cross_compiling=$ac_cv_prog_cc_cross echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 -echo "configure:783: checking whether we are using GNU C" >&5 +echo "configure:842: checking whether we are using GNU C" >&5 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -788,7 +847,7 @@ else yes; #endif EOF -if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:792: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:851: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ac_cv_prog_gcc=yes else ac_cv_prog_gcc=no @@ -799,11 +858,15 @@ echo "$ac_t""$ac_cv_prog_gcc" 1>&6 if test $ac_cv_prog_gcc = yes; then GCC=yes - ac_test_CFLAGS="${CFLAGS+set}" - ac_save_CFLAGS="$CFLAGS" - CFLAGS= - echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 -echo "configure:807: checking whether ${CC-cc} accepts -g" >&5 +else + GCC= +fi + +ac_test_CFLAGS="${CFLAGS+set}" +ac_save_CFLAGS="$CFLAGS" +CFLAGS= +echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 +echo "configure:870: checking whether ${CC-cc} accepts -g" >&5 if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -818,20 +881,24 @@ rm -f conftest* fi echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 - if test "$ac_test_CFLAGS" = set; then - CFLAGS="$ac_save_CFLAGS" - elif test $ac_cv_prog_cc_g = yes; then +if test "$ac_test_CFLAGS" = set; then + CFLAGS="$ac_save_CFLAGS" +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then CFLAGS="-g -O2" else - CFLAGS="-O2" + CFLAGS="-g" fi else - GCC= - test "${CFLAGS+set}" = set || CFLAGS="-g" + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi fi echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 -echo "configure:835: checking how to run the C preprocessor" >&5 +echo "configure:902: checking how to run the C preprocessor" >&5 # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= @@ -846,14 +913,14 @@ else # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. cat > conftest.$ac_ext <<EOF -#line 850 "configure" +#line 917 "configure" #include "confdefs.h" #include <assert.h> Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:856: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` +{ (eval echo configure:923: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : else @@ -863,14 +930,31 @@ else rm -rf conftest* CPP="${CC-cc} -E -traditional-cpp" cat > conftest.$ac_ext <<EOF -#line 867 "configure" +#line 934 "configure" #include "confdefs.h" #include <assert.h> Syntax Error EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:873: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` +{ (eval echo configure:940: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP="${CC-cc} -nologo -E" + cat > conftest.$ac_ext <<EOF +#line 951 "configure" +#include "confdefs.h" +#include <assert.h> +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:957: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then : else @@ -883,6 +967,8 @@ fi rm -f conftest* fi rm -f conftest* +fi +rm -f conftest* ac_cv_prog_CPP="$CPP" fi CPP="$ac_cv_prog_CPP" @@ -892,7 +978,7 @@ fi echo "$ac_t""$CPP" 1>&6 echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6 -echo "configure:896: checking whether ln -s works" >&5 +echo "configure:982: checking whether ln -s works" >&5 if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -915,15 +1001,16 @@ fi # Extract the first word of "ranlib", so it can be a program name with args. set dummy ranlib; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:919: checking for $ac_word" >&5 +echo "configure:1005: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$RANLIB"; then ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_RANLIB="ranlib" @@ -946,15 +1033,16 @@ do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:950: checking for $ac_word" >&5 +echo "configure:1037: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else if test -n "$YACC"; then ac_cv_prog_YACC="$YACC" # Let the user override the test. else - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in $PATH; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_prog_YACC="$ac_prog" @@ -977,9 +1065,9 @@ test -n "$YACC" || YACC="yacc" echo $ac_n "checking for AIX""... $ac_c" 1>&6 -echo "configure:981: checking for AIX" >&5 +echo "configure:1069: checking for AIX" >&5 cat > conftest.$ac_ext <<EOF -#line 983 "configure" +#line 1071 "configure" #include "confdefs.h" #ifdef _AIX yes @@ -1001,7 +1089,7 @@ rm -f conftest* echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 -echo "configure:1005: checking for POSIXized ISC" >&5 +echo "configure:1093: checking for POSIXized ISC" >&5 if test -d /etc/conf/kconfig.d && grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 then @@ -1023,18 +1111,18 @@ fi ac_safe=`echo "minix/config.h" | sed 'y%./+-%__p_%'` echo $ac_n "checking for minix/config.h""... $ac_c" 1>&6 -echo "configure:1027: checking for minix/config.h" >&5 +echo "configure:1115: checking for minix/config.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1032 "configure" +#line 1120 "configure" #include "confdefs.h" #include <minix/config.h> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:1037: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` +{ (eval echo configure:1125: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" @@ -1075,7 +1163,7 @@ fi # Extract the first word of "chown", so it can be a program name with args. set dummy chown; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1079: checking for $ac_word" >&5 +echo "configure:1167: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_CHOWN'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1083,9 +1171,13 @@ else /*) ac_cv_path_CHOWN="$CHOWN" # Let the user override the test with a path. ;; + ?:/*) + ac_cv_path_CHOWN="$CHOWN" # Let the user override the test with a dos path. + ;; *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in /usr/bin /bin /usr/sbin /sbin /usr/etc /etc$ac_dummy; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="/usr/bin /bin /usr/sbin /sbin /usr/etc /etc" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_CHOWN="$ac_dir/$ac_word" @@ -1108,7 +1200,7 @@ fi # Extract the first word of "su", so it can be a program name with args. set dummy su; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1112: checking for $ac_word" >&5 +echo "configure:1204: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_SU'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1116,9 +1208,13 @@ else /*) ac_cv_path_SU="$SU" # Let the user override the test with a path. ;; + ?:/*) + ac_cv_path_SU="$SU" # Let the user override the test with a dos path. + ;; *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in /usr/bin /bin$ac_dummy; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="/usr/bin /bin" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_SU="$ac_dir/$ac_word" @@ -1140,7 +1236,7 @@ fi # Extract the first word of "su", so it can be a program name with args. set dummy su; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1144: checking for $ac_word" >&5 +echo "configure:1240: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_ALT_SU'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1148,9 +1244,13 @@ else /*) ac_cv_path_ALT_SU="$ALT_SU" # Let the user override the test with a path. ;; + ?:/*) + ac_cv_path_ALT_SU="$ALT_SU" # Let the user override the test with a dos path. + ;; *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in /usr/sbin /sbin$ac_dummy; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="/usr/sbin /sbin" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_ALT_SU="$ac_dir/$ac_word" @@ -1172,7 +1272,7 @@ fi # Extract the first word of "scheme", so it can be a program name with args. set dummy scheme; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1176: checking for $ac_word" >&5 +echo "configure:1276: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_SCHEME'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1180,9 +1280,13 @@ else /*) ac_cv_path_SCHEME="$SCHEME" # Let the user override the test with a path. ;; + ?:/*) + ac_cv_path_SCHEME="$SCHEME" # Let the user override the test with a dos path. + ;; *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in /usr/lib/iaf/scheme$ac_dummy; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="/usr/lib/iaf/scheme" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_SCHEME="$ac_dir/$ac_word" @@ -1203,7 +1307,7 @@ fi # Extract the first word of "login", so it can be a program name with args. set dummy login; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1207: checking for $ac_word" >&5 +echo "configure:1311: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_LOGIN'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1211,9 +1315,13 @@ else /*) ac_cv_path_LOGIN="$LOGIN" # Let the user override the test with a path. ;; + ?:/*) + ac_cv_path_LOGIN="$LOGIN" # Let the user override the test with a dos path. + ;; *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in /usr/bin /bin$ac_dummy; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="/usr/bin /bin" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_LOGIN="$ac_dir/$ac_word" @@ -1241,7 +1349,7 @@ fi # Extract the first word of "ftpd", so it can be a program name with args. set dummy ftpd; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1245: checking for $ac_word" >&5 +echo "configure:1353: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_FTPD'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1249,9 +1357,13 @@ else /*) ac_cv_path_FTPD="$FTPD" # Let the user override the test with a path. ;; + ?:/*) + ac_cv_path_FTPD="$FTPD" # Let the user override the test with a dos path. + ;; *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in /usr/libexec /usr/etc /etc /usr/sbin /sbin /usr/lbin$ac_dummy; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="/usr/libexec /usr/etc /etc /usr/sbin /sbin /usr/lbin" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_FTPD="$ac_dir/$ac_word" @@ -1272,7 +1384,7 @@ fi # Extract the first word of "in.ftpd", so it can be a program name with args. set dummy in.ftpd; ac_word=$2 echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 -echo "configure:1276: checking for $ac_word" >&5 +echo "configure:1388: checking for $ac_word" >&5 if eval "test \"`echo '$''{'ac_cv_path_INFTPD'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -1280,9 +1392,13 @@ else /*) ac_cv_path_INFTPD="$INFTPD" # Let the user override the test with a path. ;; + ?:/*) + ac_cv_path_INFTPD="$INFTPD" # Let the user override the test with a dos path. + ;; *) - IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" - for ac_dir in /usr/libexec /usr/etc /etc /usr/sbin /sbin /usr/lbin$ac_dummy; do + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="/usr/libexec /usr/etc /etc /usr/sbin /sbin /usr/lbin" + for ac_dir in $ac_dummy; do test -z "$ac_dir" && ac_dir=. if test -f $ac_dir/$ac_word; then ac_cv_path_INFTPD="$ac_dir/$ac_word" @@ -1310,7 +1426,7 @@ then fi echo $ac_n "checking for default PATH entries""... $ac_c" 1>&6 -echo "configure:1314: checking for default PATH entries" >&5 +echo "configure:1430: checking for default PATH entries" >&5 default_path="" save_IFS="$IFS" IFS=" " @@ -1341,7 +1457,7 @@ EOF echo "$ac_t""$default_path" 1>&6 echo $ac_n "checking for test -e flag""... $ac_c" 1>&6 -echo "configure:1345: checking for test -e flag" >&5 +echo "configure:1461: checking for test -e flag" >&5 if sh config.testeflag then result=yes @@ -1354,7 +1470,7 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking for mkdir -p flag""... $ac_c" 1>&6 -echo "configure:1358: checking for mkdir -p flag" >&5 +echo "configure:1474: checking for mkdir -p flag" >&5 if test -d config.tmpdir then rmdir config.tmpdir/foo/bar >/dev/null 2>/dev/null @@ -1390,7 +1506,7 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking for ls group field""... $ac_c" 1>&6 -echo "configure:1394: checking for ls group field" >&5 +echo "configure:1510: checking for ls group field" >&5 lsg=`/bin/ls -ldg / | wc -w | awk '{print $1}'`; ls=`/bin/ls -ld / | wc -w | awk '{print $1}'`; result="no" @@ -1410,7 +1526,7 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking for /etc/default/login""... $ac_c" 1>&6 -echo "configure:1414: checking for /etc/default/login" >&5 +echo "configure:1530: checking for /etc/default/login" >&5 if test $EXISTS /etc/default/login then result=yes @@ -1424,7 +1540,7 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking for /etc/securetty""... $ac_c" 1>&6 -echo "configure:1428: checking for /etc/securetty" >&5 +echo "configure:1544: checking for /etc/securetty" >&5 if test $EXISTS /etc/securetty then result=yes @@ -1438,7 +1554,7 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking for /etc/logindevperm""... $ac_c" 1>&6 -echo "configure:1442: checking for /etc/logindevperm" >&5 +echo "configure:1558: checking for /etc/logindevperm" >&5 if test $EXISTS /etc/logindevperm then echo "$ac_t""yes" 1>&6 @@ -1450,7 +1566,7 @@ else echo "$ac_t""no" 1>&6 echo $ac_n "checking for /etc/fbtab""... $ac_c" 1>&6 -echo "configure:1454: checking for /etc/fbtab" >&5 +echo "configure:1570: checking for /etc/fbtab" >&5 if test $EXISTS /etc/fbtab then result=yes @@ -1465,7 +1581,7 @@ EOF fi echo $ac_n "checking for /etc/environment""... $ac_c" 1>&6 -echo "configure:1469: checking for /etc/environment" >&5 +echo "configure:1585: checking for /etc/environment" >&5 if test $EXISTS /etc/environment then echo "$ac_t""yes" 1>&6 @@ -1477,7 +1593,7 @@ else echo "$ac_t""no" 1>&6 echo $ac_n "checking for /etc/src.sh""... $ac_c" 1>&6 -echo "configure:1481: checking for /etc/src.sh" >&5 +echo "configure:1597: checking for /etc/src.sh" >&5 if test $EXISTS /etc/src.sh then result=yes @@ -1492,7 +1608,7 @@ EOF fi echo $ac_n "checking for /etc/shadow""... $ac_c" 1>&6 -echo "configure:1496: checking for /etc/shadow" >&5 +echo "configure:1612: checking for /etc/shadow" >&5 if test $EXISTS /etc/shadow then result=yes @@ -1504,7 +1620,7 @@ else echo "$ac_t""no" 1>&6 echo $ac_n "checking for /etc/security/passwd.adjunct""... $ac_c" 1>&6 -echo "configure:1508: checking for /etc/security/passwd.adjunct" >&5 +echo "configure:1624: checking for /etc/security/passwd.adjunct" >&5 if test $EXISTS /etc/security/passwd.adjunct then result=yes @@ -1520,7 +1636,7 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking for /var/adm/sulog""... $ac_c" 1>&6 -echo "configure:1524: checking for /var/adm/sulog" >&5 +echo "configure:1640: checking for /var/adm/sulog" >&5 if test $EXISTS /var/adm/sulog then result=yes @@ -1534,7 +1650,7 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking mail spool location""... $ac_c" 1>&6 -echo "configure:1538: checking mail spool location" >&5 +echo "configure:1654: checking mail spool location" >&5 mail_spool="" for i in /var/mail /usr/mail /var/spool/mail /usr/spool/mail do @@ -1556,7 +1672,7 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking where your system puts the utmp file""... $ac_c" 1>&6 -echo "configure:1560: checking where your system puts the utmp file" >&5 +echo "configure:1676: checking where your system puts the utmp file" >&5 utmp_path="" for i in /var/run /var/adm /usr/adm /etc do @@ -1578,7 +1694,7 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking where your system puts the utmpx file""... $ac_c" 1>&6 -echo "configure:1582: checking where your system puts the utmpx file" >&5 +echo "configure:1698: checking where your system puts the utmpx file" >&5 utmp_path="" for i in /var/run /var/adm /usr/adm /etc do @@ -1598,7 +1714,7 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking where your system puts the wtmp file""... $ac_c" 1>&6 -echo "configure:1602: checking where your system puts the wtmp file" >&5 +echo "configure:1718: checking where your system puts the wtmp file" >&5 wtmp_path="" for i in /var/run /var/log /var/adm /usr/adm /etc do @@ -1620,7 +1736,7 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking where your system puts the wtmpx file""... $ac_c" 1>&6 -echo "configure:1624: checking where your system puts the wtmpx file" >&5 +echo "configure:1740: checking where your system puts the wtmpx file" >&5 wtmpx_path="" for i in /var/run /var/log /var/adm /usr/adm /etc do @@ -1642,7 +1758,7 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking whether the system profile displays the motd""... $ac_c" 1>&6 -echo "configure:1646: checking whether the system profile displays the motd" >&5 +echo "configure:1762: checking whether the system profile displays the motd" >&5 result=no if test $EXISTS /etc/profile then @@ -1661,7 +1777,7 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking whether the system profile checks for mail""... $ac_c" 1>&6 -echo "configure:1665: checking whether the system profile checks for mail" >&5 +echo "configure:1781: checking whether the system profile checks for mail" >&5 result=no if test $EXISTS /etc/profile then @@ -1680,12 +1796,12 @@ fi echo "$ac_t""$result" 1>&6 echo $ac_n "checking for working const""... $ac_c" 1>&6 -echo "configure:1684: checking for working const" >&5 +echo "configure:1800: checking for working const" >&5 if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1689 "configure" +#line 1805 "configure" #include "confdefs.h" int main() { @@ -1734,7 +1850,7 @@ ccp = (char const *const *) p; ; return 0; } EOF -if { (eval echo configure:1738: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1854: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_c_const=yes else @@ -1756,16 +1872,16 @@ fi echo $ac_n "checking to see if your compiler can handle void arguments""... $ac_c" 1>&6 -echo "configure:1760: checking to see if your compiler can handle void arguments" >&5 +echo "configure:1876: checking to see if your compiler can handle void arguments" >&5 cat > conftest.$ac_ext <<EOF -#line 1762 "configure" +#line 1878 "configure" #include "confdefs.h" foo(void) { } int main() { ; return 0; } EOF -if { (eval echo configure:1769: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1885: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_VOIDARG 1 @@ -1780,16 +1896,16 @@ fi rm -f conftest* echo $ac_n "checking to see if your compiler can handle void return values""... $ac_c" 1>&6 -echo "configure:1784: checking to see if your compiler can handle void return values" >&5 +echo "configure:1900: checking to see if your compiler can handle void return values" >&5 cat > conftest.$ac_ext <<EOF -#line 1786 "configure" +#line 1902 "configure" #include "confdefs.h" void foo() { } int main() { ; return 0; } EOF -if { (eval echo configure:1793: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1909: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_VOIDRET 1 @@ -1804,16 +1920,16 @@ fi rm -f conftest* echo $ac_n "checking to see if your compiler can handle void pointers""... $ac_c" 1>&6 -echo "configure:1808: checking to see if your compiler can handle void pointers" >&5 +echo "configure:1924: checking to see if your compiler can handle void pointers" >&5 cat > conftest.$ac_ext <<EOF -#line 1810 "configure" +#line 1926 "configure" #include "confdefs.h" foo() { void *bar = (void *)0x42; bar = bar + 1; } int main() { ; return 0; } EOF -if { (eval echo configure:1817: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1933: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_VOIDPTR 1 @@ -1828,16 +1944,16 @@ fi rm -f conftest* echo $ac_n "checking to see if your compiler can handle ANSI argument lists""... $ac_c" 1>&6 -echo "configure:1832: checking to see if your compiler can handle ANSI argument lists" >&5 +echo "configure:1948: checking to see if your compiler can handle ANSI argument lists" >&5 cat > conftest.$ac_ext <<EOF -#line 1834 "configure" +#line 1950 "configure" #include "confdefs.h" int foo(int bar, int baz) { return 0; } int main() { ; return 0; } EOF -if { (eval echo configure:1841: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1957: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_ANSIDECL 1 @@ -1852,16 +1968,16 @@ fi rm -f conftest* echo $ac_n "checking to see if your compiler can handle ANSI prototypes""... $ac_c" 1>&6 -echo "configure:1856: checking to see if your compiler can handle ANSI prototypes" >&5 +echo "configure:1972: checking to see if your compiler can handle ANSI prototypes" >&5 cat > conftest.$ac_ext <<EOF -#line 1858 "configure" +#line 1974 "configure" #include "confdefs.h" extern int foo(int, int); int main() { ; return 0; } EOF -if { (eval echo configure:1865: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:1981: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_ANSIPROTO 1 @@ -1876,9 +1992,9 @@ fi rm -f conftest* echo $ac_n "checking to see if your compiler can handle ANSI variable arguments""... $ac_c" 1>&6 -echo "configure:1880: checking to see if your compiler can handle ANSI variable arguments" >&5 +echo "configure:1996: checking to see if your compiler can handle ANSI variable arguments" >&5 cat > conftest.$ac_ext <<EOF -#line 1882 "configure" +#line 1998 "configure" #include "confdefs.h" #include <stdarg.h> int foo(int arg, ...) { @@ -1891,7 +2007,7 @@ int main() { ; return 0; } EOF -if { (eval echo configure:1895: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2011: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_ANSISTDARG 1 @@ -1906,12 +2022,12 @@ fi rm -f conftest* echo $ac_n "checking to see if you have an ANSI-style sprintf""... $ac_c" 1>&6 -echo "configure:1910: checking to see if you have an ANSI-style sprintf" >&5 +echo "configure:2026: checking to see if you have an ANSI-style sprintf" >&5 if test "$cross_compiling" = yes; then echo "$ac_t""no" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 1915 "configure" +#line 2031 "configure" #include "confdefs.h" #include <stdio.h> int main(argc, argv) @@ -1924,7 +2040,7 @@ char *argv[]; return (i == 6) ? 0 : -1; } EOF -if { (eval echo configure:1928: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2044: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then cat >> confdefs.h <<\EOF #define HAVE_ANSISPRINTF 1 @@ -1941,7 +2057,7 @@ fi echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 -echo "configure:1945: checking for crypt in -lcrypt" >&5 +echo "configure:2061: checking for crypt in -lcrypt" >&5 ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1949,7 +2065,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lcrypt $LIBS" cat > conftest.$ac_ext <<EOF -#line 1953 "configure" +#line 2069 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 @@ -1960,7 +2076,7 @@ int main() { crypt() ; return 0; } EOF -if { (eval echo configure:1964: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2080: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -1988,7 +2104,7 @@ else fi echo $ac_n "checking for gethostname in -lnsl""... $ac_c" 1>&6 -echo "configure:1992: checking for gethostname in -lnsl" >&5 +echo "configure:2108: checking for gethostname in -lnsl" >&5 ac_lib_var=`echo nsl'_'gethostname | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -1996,7 +2112,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lnsl $LIBS" cat > conftest.$ac_ext <<EOF -#line 2000 "configure" +#line 2116 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 @@ -2007,7 +2123,7 @@ int main() { gethostname() ; return 0; } EOF -if { (eval echo configure:2011: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2127: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2035,7 +2151,7 @@ else fi echo $ac_n "checking for main in -lposix""... $ac_c" 1>&6 -echo "configure:2039: checking for main in -lposix" >&5 +echo "configure:2155: checking for main in -lposix" >&5 ac_lib_var=`echo posix'_'main | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -2043,14 +2159,14 @@ else ac_save_LIBS="$LIBS" LIBS="-lposix $LIBS" cat > conftest.$ac_ext <<EOF -#line 2047 "configure" +#line 2163 "configure" #include "confdefs.h" int main() { main() ; return 0; } EOF -if { (eval echo configure:2054: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2170: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2078,7 +2194,7 @@ else fi echo $ac_n "checking for socket in -lsocket""... $ac_c" 1>&6 -echo "configure:2082: checking for socket in -lsocket" >&5 +echo "configure:2198: checking for socket in -lsocket" >&5 ac_lib_var=`echo socket'_'socket | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -2086,7 +2202,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lsocket $LIBS" cat > conftest.$ac_ext <<EOF -#line 2090 "configure" +#line 2206 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 @@ -2097,7 +2213,7 @@ int main() { socket() ; return 0; } EOF -if { (eval echo configure:2101: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2217: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2130,12 +2246,12 @@ for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 -echo "configure:2134: checking for $ac_hdr that defines DIR" >&5 +echo "configure:2250: checking for $ac_hdr that defines DIR" >&5 if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2139 "configure" +#line 2255 "configure" #include "confdefs.h" #include <sys/types.h> #include <$ac_hdr> @@ -2143,7 +2259,7 @@ int main() { DIR *dirp = 0; ; return 0; } EOF -if { (eval echo configure:2147: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2263: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* eval "ac_cv_header_dirent_$ac_safe=yes" else @@ -2168,7 +2284,7 @@ done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 -echo "configure:2172: checking for opendir in -ldir" >&5 +echo "configure:2288: checking for opendir in -ldir" >&5 ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -2176,7 +2292,7 @@ else ac_save_LIBS="$LIBS" LIBS="-ldir $LIBS" cat > conftest.$ac_ext <<EOF -#line 2180 "configure" +#line 2296 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 @@ -2187,7 +2303,7 @@ int main() { opendir() ; return 0; } EOF -if { (eval echo configure:2191: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2307: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2209,7 +2325,7 @@ fi else echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 -echo "configure:2213: checking for opendir in -lx" >&5 +echo "configure:2329: checking for opendir in -lx" >&5 ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'` if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 @@ -2217,7 +2333,7 @@ else ac_save_LIBS="$LIBS" LIBS="-lx $LIBS" cat > conftest.$ac_ext <<EOF -#line 2221 "configure" +#line 2337 "configure" #include "confdefs.h" /* Override any gcc2 internal prototype to avoid an error. */ /* We use char because int might match the return type of a gcc2 @@ -2228,7 +2344,7 @@ int main() { opendir() ; return 0; } EOF -if { (eval echo configure:2232: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2348: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_lib_$ac_lib_var=yes" else @@ -2251,12 +2367,12 @@ fi fi echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 -echo "configure:2255: checking for sys/wait.h that is POSIX.1 compatible" >&5 +echo "configure:2371: checking for sys/wait.h that is POSIX.1 compatible" >&5 if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2260 "configure" +#line 2376 "configure" #include "confdefs.h" #include <sys/types.h> #include <sys/wait.h> @@ -2272,7 +2388,7 @@ wait (&s); s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; ; return 0; } EOF -if { (eval echo configure:2276: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2392: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_header_sys_wait_h=yes else @@ -2296,18 +2412,18 @@ for ac_hdr in crypt.h fcntl.h limits.h termios.h sys/file.h sys/ioctl.h sys/time do ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 -echo "configure:2300: checking for $ac_hdr" >&5 +echo "configure:2416: checking for $ac_hdr" >&5 if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2305 "configure" +#line 2421 "configure" #include "confdefs.h" #include <$ac_hdr> EOF ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" -{ (eval echo configure:2310: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } -ac_err=`grep -v '^ *+' conftest.out` +{ (eval echo configure:2426: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` if test -z "$ac_err"; then rm -rf conftest* eval "ac_cv_header_$ac_safe=yes" @@ -2335,9 +2451,9 @@ done echo $ac_n "checking for ut_pid in struct utmp""... $ac_c" 1>&6 -echo "configure:2339: checking for ut_pid in struct utmp" >&5 +echo "configure:2455: checking for ut_pid in struct utmp" >&5 cat > conftest.$ac_ext <<EOF -#line 2341 "configure" +#line 2457 "configure" #include "confdefs.h" #include <sys/types.h> #include <utmp.h> @@ -2345,7 +2461,7 @@ int main() { struct utmp foo; return (int)foo.ut_pid; ; return 0; } EOF -if { (eval echo configure:2349: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2465: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_UT_PID 1 @@ -2359,9 +2475,9 @@ else fi rm -f conftest* echo $ac_n "checking for ut_type in struct utmp""... $ac_c" 1>&6 -echo "configure:2363: checking for ut_type in struct utmp" >&5 +echo "configure:2479: checking for ut_type in struct utmp" >&5 cat > conftest.$ac_ext <<EOF -#line 2365 "configure" +#line 2481 "configure" #include "confdefs.h" #include <sys/types.h> #include <utmp.h> @@ -2369,7 +2485,7 @@ int main() { struct utmp foo; return (int)foo.ut_type; ; return 0; } EOF -if { (eval echo configure:2373: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2489: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_UT_TYPE 1 @@ -2383,9 +2499,9 @@ else fi rm -f conftest* echo $ac_n "checking for ut_name in struct utmp""... $ac_c" 1>&6 -echo "configure:2387: checking for ut_name in struct utmp" >&5 +echo "configure:2503: checking for ut_name in struct utmp" >&5 cat > conftest.$ac_ext <<EOF -#line 2389 "configure" +#line 2505 "configure" #include "confdefs.h" #include <sys/types.h> #include <utmp.h> @@ -2393,7 +2509,7 @@ int main() { struct utmp foo; return (int)foo.ut_name[0]; ; return 0; } EOF -if { (eval echo configure:2397: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2513: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_UT_NAME 1 @@ -2407,9 +2523,9 @@ else fi rm -f conftest* echo $ac_n "checking for ut_host in struct utmp""... $ac_c" 1>&6 -echo "configure:2411: checking for ut_host in struct utmp" >&5 +echo "configure:2527: checking for ut_host in struct utmp" >&5 cat > conftest.$ac_ext <<EOF -#line 2413 "configure" +#line 2529 "configure" #include "confdefs.h" #include <sys/types.h> #include <utmp.h> @@ -2417,7 +2533,7 @@ int main() { struct utmp foo; return (int)foo.ut_host[0]; ; return 0; } EOF -if { (eval echo configure:2421: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2537: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_UT_HOST 1 @@ -2430,14 +2546,65 @@ else echo "$ac_t""no" 1>&6 fi rm -f conftest* +echo $ac_n "checking for ut_id in struct utmp""... $ac_c" 1>&6 +echo "configure:2551: checking for ut_id in struct utmp" >&5 +cat > conftest.$ac_ext <<EOF +#line 2553 "configure" +#include "confdefs.h" +#include <sys/types.h> +#include <utmp.h> +int main() { +struct utmp foo; return (int)foo.ut_id[0]; +; return 0; } +EOF +if { (eval echo configure:2561: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_ID 1 +EOF + echo "$ac_t""yes" 1>&6 +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + echo "$ac_t""no" 1>&6 +fi +rm -f conftest* +#AC_MSG_CHECKING(for ut_syslen in struct utmp) +#AC_TRY_COMPILE([#include <sys/types.h> +##include <utmp.h>], [struct utmp foo; return (int)foo.ut_syslen;], AC_DEFINE(HAVE_UT_SYSLEN) AC_MSG_RESULT(yes), AC_MSG_RESULT(no)) +echo $ac_n "checking for ut_syslen in struct utmpx""... $ac_c" 1>&6 +echo "configure:2578: checking for ut_syslen in struct utmpx" >&5 +cat > conftest.$ac_ext <<EOF +#line 2580 "configure" +#include "confdefs.h" +#include <sys/types.h> +#include <utmpx.h> +int main() { +struct utmpx foo; return (int)foo.ut_syslen; +; return 0; } +EOF +if { (eval echo configure:2588: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UTX_SYSLEN 1 +EOF + echo "$ac_t""yes" 1>&6 +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + echo "$ac_t""no" 1>&6 +fi +rm -f conftest* echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 -echo "configure:2436: checking return type of signal handlers" >&5 +echo "configure:2603: checking return type of signal handlers" >&5 if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2441 "configure" +#line 2608 "configure" #include "confdefs.h" #include <sys/types.h> #include <signal.h> @@ -2454,7 +2621,7 @@ int main() { int i; ; return 0; } EOF -if { (eval echo configure:2458: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:2625: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* ac_cv_type_signal=void else @@ -2475,12 +2642,12 @@ EOF for ac_func in gettimeofday socket strftime strstr setpriority getttynam setvbuf getspnam endspent setgroups getgroups fpurge setlogin lstat getutxline pututxline usleep do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2479: checking for $ac_func" >&5 +echo "configure:2646: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2484 "configure" +#line 2651 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -2503,7 +2670,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:2507: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2674: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2529,7 +2696,7 @@ done echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6 -echo "configure:2533: checking for 8-bit clean memcmp" >&5 +echo "configure:2700: checking for 8-bit clean memcmp" >&5 if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2537,7 +2704,7 @@ else ac_cv_func_memcmp_clean=no else cat > conftest.$ac_ext <<EOF -#line 2541 "configure" +#line 2708 "configure" #include "confdefs.h" main() @@ -2547,7 +2714,7 @@ main() } EOF -if { (eval echo configure:2551: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2718: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_func_memcmp_clean=yes else @@ -2562,24 +2729,24 @@ fi fi echo "$ac_t""$ac_cv_func_memcmp_clean" 1>&6 -test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.o" +test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}" # The Ultrix 4.2 mips builtin alloca declared by alloca.h only works # for constant arguments. Useless! echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6 -echo "configure:2571: checking for working alloca.h" >&5 +echo "configure:2738: checking for working alloca.h" >&5 if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2576 "configure" +#line 2743 "configure" #include "confdefs.h" #include <alloca.h> int main() { char *p = alloca(2 * sizeof(int)); ; return 0; } EOF -if { (eval echo configure:2583: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_header_alloca_h=yes else @@ -2600,25 +2767,30 @@ EOF fi echo $ac_n "checking for alloca""... $ac_c" 1>&6 -echo "configure:2604: checking for alloca" >&5 +echo "configure:2771: checking for alloca" >&5 if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2609 "configure" +#line 2776 "configure" #include "confdefs.h" #ifdef __GNUC__ # define alloca __builtin_alloca #else -# if HAVE_ALLOCA_H -# include <alloca.h> +# ifdef _MSC_VER +# include <malloc.h> +# define alloca _alloca # else -# ifdef _AIX - #pragma alloca +# if HAVE_ALLOCA_H +# include <alloca.h> # else -# ifndef alloca /* predefined by HP cc +Olibcalls */ +# ifdef _AIX + #pragma alloca +# else +# ifndef alloca /* predefined by HP cc +Olibcalls */ char *alloca (); +# endif # endif # endif # endif @@ -2628,7 +2800,7 @@ int main() { char *p = (char *) alloca(1); ; return 0; } EOF -if { (eval echo configure:2632: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2804: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* ac_cv_func_alloca_works=yes else @@ -2653,19 +2825,19 @@ if test $ac_cv_func_alloca_works = no; then # that cause trouble. Some versions do not even contain alloca or # contain a buggy version. If you still want to use their alloca, # use ar to extract alloca.o from them instead of compiling alloca.c. - ALLOCA=alloca.o + ALLOCA=alloca.${ac_objext} cat >> confdefs.h <<\EOF #define C_ALLOCA 1 EOF echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6 -echo "configure:2664: checking whether alloca needs Cray hooks" >&5 +echo "configure:2836: checking whether alloca needs Cray hooks" >&5 if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2669 "configure" +#line 2841 "configure" #include "confdefs.h" #if defined(CRAY) && ! defined(CRAY2) webecray @@ -2690,12 +2862,12 @@ echo "$ac_t""$ac_cv_os_cray" 1>&6 if test $ac_cv_os_cray = yes; then for ac_func in _getb67 GETB67 getb67; do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2694: checking for $ac_func" >&5 +echo "configure:2866: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2699 "configure" +#line 2871 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -2718,7 +2890,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:2722: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:2894: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2745,7 +2917,7 @@ done fi echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6 -echo "configure:2749: checking stack direction for C alloca" >&5 +echo "configure:2921: checking stack direction for C alloca" >&5 if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else @@ -2753,7 +2925,7 @@ else ac_cv_c_stack_direction=0 else cat > conftest.$ac_ext <<EOF -#line 2757 "configure" +#line 2929 "configure" #include "confdefs.h" find_stack_direction () { @@ -2772,7 +2944,7 @@ main () exit (find_stack_direction() < 0); } EOF -if { (eval echo configure:2776: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +if { (eval echo configure:2948: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null then ac_cv_c_stack_direction=1 else @@ -2796,12 +2968,12 @@ fi for ac_func in getusershell sigaddset sigemptyset strerror strncasecmp do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2800: checking for $ac_func" >&5 +echo "configure:2972: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2805 "configure" +#line 2977 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -2824,7 +2996,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:2828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3000: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2845,19 +3017,20 @@ EOF else echo "$ac_t""no" 1>&6 -LIBOBJS="$LIBOBJS ${ac_func}.o" +LIBOBJS="$LIBOBJS ${ac_func}.${ac_objext}" fi done MISSING="$LIBOBJS $ALLOCA " ; + echo $ac_n "checking for atexit""... $ac_c" 1>&6 -echo "configure:2856: checking for atexit" >&5 +echo "configure:3029: checking for atexit" >&5 if eval "test \"`echo '$''{'ac_cv_func_atexit'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2861 "configure" +#line 3034 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char atexit(); below. */ @@ -2880,7 +3053,7 @@ atexit(); ; return 0; } EOF -if { (eval echo configure:2884: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3057: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_atexit=yes" else @@ -2894,18 +3067,21 @@ fi if eval "test \"`echo '$ac_cv_func_'atexit`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_ATEXIT 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}atexit.o "; for ac_func in on_exit do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:2904: checking for $ac_func" >&5 +echo "configure:3080: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2909 "configure" +#line 3085 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -2928,7 +3104,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:2932: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3108: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -2955,12 +3131,12 @@ done fi echo $ac_n "checking for endutent""... $ac_c" 1>&6 -echo "configure:2959: checking for endutent" >&5 +echo "configure:3135: checking for endutent" >&5 if eval "test \"`echo '$''{'ac_cv_func_endutent'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 2964 "configure" +#line 3140 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char endutent(); below. */ @@ -2983,7 +3159,7 @@ endutent(); ; return 0; } EOF -if { (eval echo configure:2987: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3163: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_endutent=yes" else @@ -2997,19 +3173,126 @@ fi if eval "test \"`echo '$ac_cv_func_'endutent`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_ENDUTENT 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}endutent.o " fi +echo $ac_n "checking for initgroups""... $ac_c" 1>&6 +echo "configure:3187: checking for initgroups" >&5 +if eval "test \"`echo '$''{'ac_cv_func_initgroups'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 3192 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char initgroups(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char initgroups(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_initgroups) || defined (__stub___initgroups) +choke me +#else +initgroups(); +#endif + +; return 0; } +EOF +if { (eval echo configure:3215: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_initgroups=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_initgroups=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'initgroups`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_INITGROUPS 1 +EOF + +else + echo "$ac_t""no" 1>&6 +MISSING="${MISSING}initgroups.o " +fi + +echo $ac_n "checking for memcmp""... $ac_c" 1>&6 +echo "configure:3239: checking for memcmp" >&5 +if eval "test \"`echo '$''{'ac_cv_func_memcmp'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 3244 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char memcmp(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char memcmp(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_memcmp) || defined (__stub___memcmp) +choke me +#else +memcmp(); +#endif + +; return 0; } +EOF +if { (eval echo configure:3267: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_memcmp=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_memcmp=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'memcmp`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_MEMCMP 1 +EOF + +else + echo "$ac_t""no" 1>&6 +MISSING="${MISSING}memcmp.o " +fi + echo $ac_n "checking for memcpy""... $ac_c" 1>&6 -echo "configure:3008: checking for memcpy" >&5 +echo "configure:3291: checking for memcpy" >&5 if eval "test \"`echo '$''{'ac_cv_func_memcpy'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3013 "configure" +#line 3296 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char memcpy(); below. */ @@ -3032,7 +3315,7 @@ memcpy(); ; return 0; } EOF -if { (eval echo configure:3036: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3319: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_memcpy=yes" else @@ -3046,18 +3329,21 @@ fi if eval "test \"`echo '$ac_cv_func_'memcpy`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_MEMCPY 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}memcpy.o "; for ac_func in bcopy do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3056: checking for $ac_func" >&5 +echo "configure:3342: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3061 "configure" +#line 3347 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -3080,7 +3366,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:3084: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3370: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3107,12 +3393,12 @@ done fi echo $ac_n "checking for memset""... $ac_c" 1>&6 -echo "configure:3111: checking for memset" >&5 +echo "configure:3397: checking for memset" >&5 if eval "test \"`echo '$''{'ac_cv_func_memset'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3116 "configure" +#line 3402 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char memset(); below. */ @@ -3135,7 +3421,7 @@ memset(); ; return 0; } EOF -if { (eval echo configure:3139: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3425: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_memset=yes" else @@ -3149,18 +3435,21 @@ fi if eval "test \"`echo '$ac_cv_func_'memset`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_MEMSET 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}memset.o "; for ac_func in bzero do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3159: checking for $ac_func" >&5 +echo "configure:3448: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3164 "configure" +#line 3453 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -3183,7 +3472,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:3187: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3476: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3210,12 +3499,12 @@ done fi echo $ac_n "checking for getcwd""... $ac_c" 1>&6 -echo "configure:3214: checking for getcwd" >&5 +echo "configure:3503: checking for getcwd" >&5 if eval "test \"`echo '$''{'ac_cv_func_getcwd'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3219 "configure" +#line 3508 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char getcwd(); below. */ @@ -3238,7 +3527,7 @@ getcwd(); ; return 0; } EOF -if { (eval echo configure:3242: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3531: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_getcwd=yes" else @@ -3252,18 +3541,21 @@ fi if eval "test \"`echo '$ac_cv_func_'getcwd`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_GETCWD 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}getcwd.o "; for ac_func in getwd do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3262: checking for $ac_func" >&5 +echo "configure:3554: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3267 "configure" +#line 3559 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -3286,7 +3578,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:3290: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3582: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3313,12 +3605,12 @@ done fi echo $ac_n "checking for getenv""... $ac_c" 1>&6 -echo "configure:3317: checking for getenv" >&5 +echo "configure:3609: checking for getenv" >&5 if eval "test \"`echo '$''{'ac_cv_func_getenv'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3322 "configure" +#line 3614 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char getenv(); below. */ @@ -3341,7 +3633,7 @@ getenv(); ; return 0; } EOF -if { (eval echo configure:3345: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3637: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_getenv=yes" else @@ -3365,12 +3657,12 @@ MISSING="${MISSING}env.o " fi echo $ac_n "checking for getutline""... $ac_c" 1>&6 -echo "configure:3369: checking for getutline" >&5 +echo "configure:3661: checking for getutline" >&5 if eval "test \"`echo '$''{'ac_cv_func_getutline'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3374 "configure" +#line 3666 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char getutline(); below. */ @@ -3393,7 +3685,7 @@ getutline(); ; return 0; } EOF -if { (eval echo configure:3397: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3689: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_getutline=yes" else @@ -3416,12 +3708,12 @@ else MISSING="${MISSING}getutline.o "; for ac_func in ttyslot do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3420: checking for $ac_func" >&5 +echo "configure:3712: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3425 "configure" +#line 3717 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -3444,7 +3736,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:3448: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3740: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3471,12 +3763,12 @@ done fi echo $ac_n "checking for pututline""... $ac_c" 1>&6 -echo "configure:3475: checking for pututline" >&5 +echo "configure:3767: checking for pututline" >&5 if eval "test \"`echo '$''{'ac_cv_func_pututline'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3480 "configure" +#line 3772 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char pututline(); below. */ @@ -3499,7 +3791,7 @@ pututline(); ; return 0; } EOF -if { (eval echo configure:3503: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3795: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_pututline=yes" else @@ -3513,18 +3805,21 @@ fi if eval "test \"`echo '$ac_cv_func_'pututline`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_PUTUTLINE 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}pututline.o "; for ac_func in ttyslot do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3523: checking for $ac_func" >&5 +echo "configure:3818: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3528 "configure" +#line 3823 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -3547,7 +3842,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:3551: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3846: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3574,12 +3869,12 @@ done fi echo $ac_n "checking for setenv""... $ac_c" 1>&6 -echo "configure:3578: checking for setenv" >&5 +echo "configure:3873: checking for setenv" >&5 if eval "test \"`echo '$''{'ac_cv_func_setenv'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3583 "configure" +#line 3878 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char setenv(); below. */ @@ -3602,7 +3897,7 @@ setenv(); ; return 0; } EOF -if { (eval echo configure:3606: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3901: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_setenv=yes" else @@ -3626,12 +3921,12 @@ MISSING="${MISSING}env.o " fi echo $ac_n "checking for setegid""... $ac_c" 1>&6 -echo "configure:3630: checking for setegid" >&5 +echo "configure:3925: checking for setegid" >&5 if eval "test \"`echo '$''{'ac_cv_func_setegid'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3635 "configure" +#line 3930 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char setegid(); below. */ @@ -3654,7 +3949,7 @@ setegid(); ; return 0; } EOF -if { (eval echo configure:3658: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:3953: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_setegid=yes" else @@ -3668,18 +3963,21 @@ fi if eval "test \"`echo '$ac_cv_func_'setegid`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_SETEGID 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}setegid.o "; for ac_func in setregid setresgid do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3678: checking for $ac_func" >&5 +echo "configure:3976: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3683 "configure" +#line 3981 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -3702,7 +4000,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:3706: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4004: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3729,12 +4027,12 @@ done fi echo $ac_n "checking for seteuid""... $ac_c" 1>&6 -echo "configure:3733: checking for seteuid" >&5 +echo "configure:4031: checking for seteuid" >&5 if eval "test \"`echo '$''{'ac_cv_func_seteuid'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3738 "configure" +#line 4036 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char seteuid(); below. */ @@ -3757,7 +4055,7 @@ seteuid(); ; return 0; } EOF -if { (eval echo configure:3761: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4059: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_seteuid=yes" else @@ -3771,18 +4069,21 @@ fi if eval "test \"`echo '$ac_cv_func_'seteuid`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_SETEUID 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}seteuid.o "; for ac_func in setreuid setresuid do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3781: checking for $ac_func" >&5 +echo "configure:4082: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3786 "configure" +#line 4087 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -3805,7 +4106,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:3809: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4110: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3832,12 +4133,12 @@ done fi echo $ac_n "checking for setutent""... $ac_c" 1>&6 -echo "configure:3836: checking for setutent" >&5 +echo "configure:4137: checking for setutent" >&5 if eval "test \"`echo '$''{'ac_cv_func_setutent'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3841 "configure" +#line 4142 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char setutent(); below. */ @@ -3860,7 +4161,7 @@ setutent(); ; return 0; } EOF -if { (eval echo configure:3864: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4165: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_setutent=yes" else @@ -3874,19 +4175,22 @@ fi if eval "test \"`echo '$ac_cv_func_'setutent`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_SETUTENT 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}setutent.o " fi echo $ac_n "checking for sigprocmask""... $ac_c" 1>&6 -echo "configure:3885: checking for sigprocmask" >&5 +echo "configure:4189: checking for sigprocmask" >&5 if eval "test \"`echo '$''{'ac_cv_func_sigprocmask'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3890 "configure" +#line 4194 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char sigprocmask(); below. */ @@ -3909,7 +4213,7 @@ sigprocmask(); ; return 0; } EOF -if { (eval echo configure:3913: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4217: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_sigprocmask=yes" else @@ -3923,18 +4227,21 @@ fi if eval "test \"`echo '$ac_cv_func_'sigprocmask`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_SIGPROCMASK 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}sigprocmask.o "; for ac_func in sigblock sigsetmask do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:3933: checking for $ac_func" >&5 +echo "configure:4240: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3938 "configure" +#line 4245 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -3957,7 +4264,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:3961: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4268: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -3984,12 +4291,12 @@ done fi echo $ac_n "checking for strchr""... $ac_c" 1>&6 -echo "configure:3988: checking for strchr" >&5 +echo "configure:4295: checking for strchr" >&5 if eval "test \"`echo '$''{'ac_cv_func_strchr'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 3993 "configure" +#line 4300 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char strchr(); below. */ @@ -4012,7 +4319,7 @@ strchr(); ; return 0; } EOF -if { (eval echo configure:4016: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4323: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_strchr=yes" else @@ -4026,18 +4333,21 @@ fi if eval "test \"`echo '$ac_cv_func_'strchr`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_STRCHR 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}strchr.o "; for ac_func in index do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4036: checking for $ac_func" >&5 +echo "configure:4346: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4041 "configure" +#line 4351 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -4060,7 +4370,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:4064: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4374: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4087,12 +4397,12 @@ done fi echo $ac_n "checking for strrchr""... $ac_c" 1>&6 -echo "configure:4091: checking for strrchr" >&5 +echo "configure:4401: checking for strrchr" >&5 if eval "test \"`echo '$''{'ac_cv_func_strrchr'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4096 "configure" +#line 4406 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char strrchr(); below. */ @@ -4115,7 +4425,7 @@ strrchr(); ; return 0; } EOF -if { (eval echo configure:4119: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4429: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_strrchr=yes" else @@ -4129,18 +4439,21 @@ fi if eval "test \"`echo '$ac_cv_func_'strrchr`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_STRRCHR 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}strrchr.o "; for ac_func in rindex do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4139: checking for $ac_func" >&5 +echo "configure:4452: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4144 "configure" +#line 4457 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -4163,7 +4476,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:4167: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4480: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4190,12 +4503,12 @@ done fi echo $ac_n "checking for strtoul""... $ac_c" 1>&6 -echo "configure:4194: checking for strtoul" >&5 +echo "configure:4507: checking for strtoul" >&5 if eval "test \"`echo '$''{'ac_cv_func_strtoul'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4199 "configure" +#line 4512 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char strtoul(); below. */ @@ -4218,7 +4531,7 @@ strtoul(); ; return 0; } EOF -if { (eval echo configure:4222: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4535: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_strtoul=yes" else @@ -4232,19 +4545,22 @@ fi if eval "test \"`echo '$ac_cv_func_'strtoul`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_STRTOUL 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}strtoul.o " fi echo $ac_n "checking for sysconf""... $ac_c" 1>&6 -echo "configure:4243: checking for sysconf" >&5 +echo "configure:4559: checking for sysconf" >&5 if eval "test \"`echo '$''{'ac_cv_func_sysconf'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4248 "configure" +#line 4564 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char sysconf(); below. */ @@ -4267,7 +4583,7 @@ sysconf(); ; return 0; } EOF -if { (eval echo configure:4271: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4587: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_sysconf=yes" else @@ -4281,18 +4597,21 @@ fi if eval "test \"`echo '$ac_cv_func_'sysconf`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_SYSCONF 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}sysconf.o "; for ac_func in getdtablesize do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4291: checking for $ac_func" >&5 +echo "configure:4610: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4296 "configure" +#line 4615 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -4315,7 +4634,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:4319: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4638: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4342,12 +4661,12 @@ done fi echo $ac_n "checking for uname""... $ac_c" 1>&6 -echo "configure:4346: checking for uname" >&5 +echo "configure:4665: checking for uname" >&5 if eval "test \"`echo '$''{'ac_cv_func_uname'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4351 "configure" +#line 4670 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char uname(); below. */ @@ -4370,7 +4689,7 @@ uname(); ; return 0; } EOF -if { (eval echo configure:4374: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4693: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_uname=yes" else @@ -4384,18 +4703,21 @@ fi if eval "test \"`echo '$ac_cv_func_'uname`\" = yes"; then echo "$ac_t""yes" 1>&6 - : + cat >> confdefs.h <<\EOF +#define HAVE_UNAME 1 +EOF + else echo "$ac_t""no" 1>&6 MISSING="${MISSING}uname.o "; for ac_func in gethostname do echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 -echo "configure:4394: checking for $ac_func" >&5 +echo "configure:4716: checking for $ac_func" >&5 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4399 "configure" +#line 4721 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $ac_func(); below. */ @@ -4418,7 +4740,7 @@ $ac_func(); ; return 0; } EOF -if { (eval echo configure:4422: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4744: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_$ac_func=yes" else @@ -4445,12 +4767,12 @@ done fi echo $ac_n "checking for unsetenv""... $ac_c" 1>&6 -echo "configure:4449: checking for unsetenv" >&5 +echo "configure:4771: checking for unsetenv" >&5 if eval "test \"`echo '$''{'ac_cv_func_unsetenv'+set}'`\" = set"; then echo $ac_n "(cached) $ac_c" 1>&6 else cat > conftest.$ac_ext <<EOF -#line 4454 "configure" +#line 4776 "configure" #include "confdefs.h" /* System header to define __stub macros and hopefully few prototypes, which can conflict with char unsetenv(); below. */ @@ -4473,7 +4795,7 @@ unsetenv(); ; return 0; } EOF -if { (eval echo configure:4477: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then +if { (eval echo configure:4799: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then rm -rf conftest* eval "ac_cv_func_unsetenv=yes" else @@ -4499,9 +4821,9 @@ fi echo $ac_n "checking for nonstandard gettimeofday""... $ac_c" 1>&6 -echo "configure:4503: checking for nonstandard gettimeofday" >&5 +echo "configure:4825: checking for nonstandard gettimeofday" >&5 cat > conftest.$ac_ext <<EOF -#line 4505 "configure" +#line 4827 "configure" #include "confdefs.h" #if HAVE_SYS_TIME_H @@ -4516,7 +4838,7 @@ struct timeval tv; gettimeofday(&tv, NULL) ; return 0; } EOF -if { (eval echo configure:4520: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4842: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* echo "$ac_t""no" 1>&6 else @@ -4524,7 +4846,7 @@ else cat conftest.$ac_ext >&5 rm -rf conftest* echo "$ac_t""maybe" 1>&6 cat > conftest.$ac_ext <<EOF -#line 4528 "configure" +#line 4850 "configure" #include "confdefs.h" #if HAVE_SYS_TIME_H @@ -4539,7 +4861,7 @@ struct timeval tv; gettimeofday(&tv) ; return 0; } EOF -if { (eval echo configure:4543: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then +if { (eval echo configure:4865: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then rm -rf conftest* cat >> confdefs.h <<\EOF #define HAVE_ONE_ARG_GETTIMEOFDAY 1 @@ -4579,7 +4901,7 @@ EOF # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. (set) 2>&1 | - case `(ac_space=' '; set) 2>&1` in + case `(ac_space=' '; set | grep ac_space) 2>&1` in *ac_space=\ *) # `set' does not quote correctly, so add quotes (double-quote substitution # turns \\\\ into \\, and sed turns \\ into \). @@ -4646,7 +4968,7 @@ do echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; -version | --version | --versio | --versi | --vers | --ver | --ve | --v) - echo "$CONFIG_STATUS generated by autoconf version 2.12" + echo "$CONFIG_STATUS generated by autoconf version 2.13" exit 0 ;; -help | --help | --hel | --he | --h) echo "\$ac_cs_usage"; exit 0 ;; @@ -4665,9 +4987,11 @@ sed 's/%@/@@/; s/@%/@@/; s/%g\$/@g/; /@g\$/s/[\\\\&%]/\\\\&/g; s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF $ac_vpsub $extrasub +s%@SHELL@%$SHELL%g s%@CFLAGS@%$CFLAGS%g s%@CPPFLAGS@%$CPPFLAGS%g s%@CXXFLAGS@%$CXXFLAGS%g +s%@FFLAGS@%$FFLAGS%g s%@DEFS@%$DEFS%g s%@LDFLAGS@%$LDFLAGS%g s%@LIBS@%$LIBS%g @@ -4688,6 +5012,7 @@ s%@infodir@%$infodir%g s%@mandir@%$mandir%g s%@ACCESS_FILE@%$ACCESS_FILE%g s%@LOCK_DIR@%$LOCK_DIR%g +s%@OPIEAUTO@%$OPIEAUTO%g s%@CC@%$CC%g s%@CPP@%$CPP%g s%@LN_S@%$LN_S%g diff --git a/contrib/opie/configure.in b/contrib/opie/configure.in index 6fd7cd40bd63..7c2bca2e1d4f 100644 --- a/contrib/opie/configure.in +++ b/contrib/opie/configure.in @@ -1,7 +1,7 @@ dnl configure.in: Input for Autoconf dnl dnl %%% portions-copyright-cmetz-96 -dnl Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +dnl Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights dnl Reserved. The Inner Net License Version 2 applies to these portions of dnl the software. dnl You should have received a copy of the license with this software. If @@ -14,6 +14,11 @@ dnl License Agreement applies to this software. dnl dnl History: dnl +dnl Modified by cmetz for OPIE 2.4. Add --enable-opieauto option. Check +dnl for ut_id and ut_syslen. Make disable-wtmp disable wtmp not utmp. +dnl Define HAVE_foo if foo is found by the libmissing function check. +dnl Added checks for libmissing functions that were there but never +dnl actually checked for and therefore available. dnl Modified by cmetz for OPIE 2.32. Substitute default for LOCK_DIR. dnl Fix the --disable-user-locking bug. AC_DEFINE variables to 1. dnl Really check for ut_host. @@ -72,9 +77,11 @@ AC_ARG_ENABLE(su-star-check, [ --enable-su-star-check Refuse to switch to disa AC_ARG_ENABLE(new-prompts, [ --disable-new-prompts Use more compatible (but less informative) prompts],, AC_DEFINE(NEW_PROMPTS, 1)) AC_ARG_ENABLE(insecure-override, [ --enable-insecure-override Allow users to override insecure checks], AC_DEFINE(INSECURE_OVERRIDE, 1)) -AC_ARG_ENABLE(anonymous-ftp, [ --enable-anonymous-ftp Enable anonymous FTP support], AC_DEFINE(DOANONYMOUS, 1) echo "Enabling anonymous FTP support in ftp -- don't say we didn't warn you!") -AC_ARG_ENABLE(utmp, [ --disable-utmp Disable utmp logging], AC_DEFINE(DISABLE_UTMP, 1) echo "Disabling utmp logging") -AC_ARG_ENABLE(wtmp, [ --disable-wtmp Disable wtmp logging], AC_DEFINE(DISABLE_UTMP, 1) echo "Disabling wtmp logging") +AC_ARG_ENABLE(anonymous-ftp, [ --enable-anonymous-ftp Enable anonymous FTP support], AC_DEFINE(DOANONYMOUS, 1) echo "enabling anonymous FTP support in ftp -- don't say we didn't warn you!") +AC_ARG_ENABLE(utmp, [ --disable-utmp Disable utmp logging], AC_DEFINE(DISABLE_UTMP, 1) echo "disabling utmp logging") +AC_ARG_ENABLE(wtmp, [ --disable-wtmp Disable wtmp logging], AC_DEFINE(DISABLE_WTMP, 1) echo "disabling wtmp logging") +AC_ARG_ENABLE(opieauto, [ --enable-opieauto Enable support for opieauto], AC_DEFINE(OPIEAUTO, 1) OPIEAUTO=opieauto; echo "enabling opieauto support") +AC_SUBST(OPIEAUTO) dnl Checks for programs. AC_PROG_CC @@ -484,6 +491,15 @@ dnl #include <utmp.h>], [struct utmp foo; return (int)foo.ut_user[0];], AC_DEFIN AC_MSG_CHECKING(for ut_host in struct utmp) AC_TRY_COMPILE([#include <sys/types.h> #include <utmp.h>], [struct utmp foo; return (int)foo.ut_host[0];], AC_DEFINE(HAVE_UT_HOST) AC_MSG_RESULT(yes), AC_MSG_RESULT(no)) +AC_MSG_CHECKING(for ut_id in struct utmp) +AC_TRY_COMPILE([#include <sys/types.h> +#include <utmp.h>], [struct utmp foo; return (int)foo.ut_id[0];], AC_DEFINE(HAVE_UT_ID) AC_MSG_RESULT(yes), AC_MSG_RESULT(no)) +#AC_MSG_CHECKING(for ut_syslen in struct utmp) +#AC_TRY_COMPILE([#include <sys/types.h> +##include <utmp.h>], [struct utmp foo; return (int)foo.ut_syslen;], AC_DEFINE(HAVE_UT_SYSLEN) AC_MSG_RESULT(yes), AC_MSG_RESULT(no)) +AC_MSG_CHECKING(for ut_syslen in struct utmpx) +AC_TRY_COMPILE([#include <sys/types.h> +#include <utmpx.h>], [struct utmpx foo; return (int)foo.ut_syslen;], AC_DEFINE(HAVE_UTX_SYSLEN) AC_MSG_RESULT(yes), AC_MSG_RESULT(no)) dnl Checks for library functions. dnl AC_PROG_GCC_TRADITIONAL @@ -495,25 +511,29 @@ AC_FUNC_MEMCMP AC_FUNC_ALLOCA AC_REPLACE_FUNCS(getusershell sigaddset sigemptyset strerror strncasecmp) MISSING="$LIBOBJS $ALLOCA " ; -AC_CHECK_FUNC(atexit,, MISSING="${MISSING}atexit.o "; AC_CHECK_FUNCS(on_exit)) -AC_CHECK_FUNC(endutent,, MISSING="${MISSING}endutent.o ") -AC_CHECK_FUNC(memcpy,, MISSING="${MISSING}memcpy.o "; AC_CHECK_FUNCS(bcopy)) -AC_CHECK_FUNC(memset,, MISSING="${MISSING}memset.o "; AC_CHECK_FUNCS(bzero)) -AC_CHECK_FUNC(getcwd,, MISSING="${MISSING}getcwd.o "; AC_CHECK_FUNCS(getwd)) -AC_CHECK_FUNC(getenv, AC_DEFINE(HAVE_GETENV), MISSING="${MISSING}env.o ") -AC_CHECK_FUNC(getutline, AC_DEFINE(HAVE_GETUTLINE), MISSING="${MISSING}getutline.o "; AC_CHECK_FUNCS(ttyslot)) -AC_CHECK_FUNC(pututline,, MISSING="${MISSING}pututline.o "; AC_CHECK_FUNCS(ttyslot)) -AC_CHECK_FUNC(setenv, AC_DEFINE(HAVE_SETENV), MISSING="${MISSING}env.o ") -AC_CHECK_FUNC(setegid,, MISSING="${MISSING}setegid.o "; AC_CHECK_FUNCS(setregid setresgid)) -AC_CHECK_FUNC(seteuid,, MISSING="${MISSING}seteuid.o "; AC_CHECK_FUNCS(setreuid setresuid)) -AC_CHECK_FUNC(setutent,, MISSING="${MISSING}setutent.o ") -AC_CHECK_FUNC(sigprocmask,, MISSING="${MISSING}sigprocmask.o "; AC_CHECK_FUNCS(sigblock sigsetmask)) -AC_CHECK_FUNC(strchr,, MISSING="${MISSING}strchr.o "; AC_CHECK_FUNCS(index)) -AC_CHECK_FUNC(strrchr,, MISSING="${MISSING}strrchr.o "; AC_CHECK_FUNCS(rindex)) -AC_CHECK_FUNC(strtoul,, MISSING="${MISSING}strtoul.o ") -AC_CHECK_FUNC(sysconf,, MISSING="${MISSING}sysconf.o "; AC_CHECK_FUNCS(getdtablesize)) -AC_CHECK_FUNC(uname,, MISSING="${MISSING}uname.o "; AC_CHECK_FUNCS(gethostname)) -AC_CHECK_FUNC(unsetenv, AC_DEFINE(HAVE_UNSETENV), MISSING="${MISSING}env.o ") + +dnl These should be simplified by a macro +AC_CHECK_FUNC(atexit, AC_DEFINE(HAVE_ATEXIT), MISSING="${MISSING}atexit.o "; AC_CHECK_FUNCS(on_exit)) +AC_CHECK_FUNC(endutent, AC_DEFINE(HAVE_ENDUTENT), MISSING="${MISSING}endutent.o ") +AC_CHECK_FUNC(initgroups, AC_DEFINE(HAVE_INITGROUPS), MISSING="${MISSING}initgroups.o ") +AC_CHECK_FUNC(memcmp, AC_DEFINE(HAVE_MEMCMP), MISSING="${MISSING}memcmp.o ") +AC_CHECK_FUNC(memcpy, AC_DEFINE(HAVE_MEMCPY), MISSING="${MISSING}memcpy.o "; AC_CHECK_FUNCS(bcopy)) +AC_CHECK_FUNC(memset, AC_DEFINE(HAVE_MEMSET), MISSING="${MISSING}memset.o "; AC_CHECK_FUNCS(bzero)) +AC_CHECK_FUNC(getcwd, AC_DEFINE(HAVE_GETCWD), MISSING="${MISSING}getcwd.o "; AC_CHECK_FUNCS(getwd)) +AC_CHECK_FUNC(getenv, AC_DEFINE(HAVE_GETENV), MISSING="${MISSING}env.o ") +AC_CHECK_FUNC(getutline, AC_DEFINE(HAVE_GETUTLINE), MISSING="${MISSING}getutline.o "; AC_CHECK_FUNCS(ttyslot)) +AC_CHECK_FUNC(pututline, AC_DEFINE(HAVE_PUTUTLINE), MISSING="${MISSING}pututline.o "; AC_CHECK_FUNCS(ttyslot)) +AC_CHECK_FUNC(setenv, AC_DEFINE(HAVE_SETENV), MISSING="${MISSING}env.o ") +AC_CHECK_FUNC(setegid, AC_DEFINE(HAVE_SETEGID), MISSING="${MISSING}setegid.o "; AC_CHECK_FUNCS(setregid setresgid)) +AC_CHECK_FUNC(seteuid, AC_DEFINE(HAVE_SETEUID), MISSING="${MISSING}seteuid.o "; AC_CHECK_FUNCS(setreuid setresuid)) +AC_CHECK_FUNC(setutent, AC_DEFINE(HAVE_SETUTENT), MISSING="${MISSING}setutent.o ") +AC_CHECK_FUNC(sigprocmask, AC_DEFINE(HAVE_SIGPROCMASK), MISSING="${MISSING}sigprocmask.o "; AC_CHECK_FUNCS(sigblock sigsetmask)) +AC_CHECK_FUNC(strchr, AC_DEFINE(HAVE_STRCHR), MISSING="${MISSING}strchr.o "; AC_CHECK_FUNCS(index)) +AC_CHECK_FUNC(strrchr, AC_DEFINE(HAVE_STRRCHR), MISSING="${MISSING}strrchr.o "; AC_CHECK_FUNCS(rindex)) +AC_CHECK_FUNC(strtoul, AC_DEFINE(HAVE_STRTOUL), MISSING="${MISSING}strtoul.o ") +AC_CHECK_FUNC(sysconf, AC_DEFINE(HAVE_SYSCONF), MISSING="${MISSING}sysconf.o "; AC_CHECK_FUNCS(getdtablesize)) +AC_CHECK_FUNC(uname, AC_DEFINE(HAVE_UNAME), MISSING="${MISSING}uname.o "; AC_CHECK_FUNCS(gethostname)) +AC_CHECK_FUNC(unsetenv, AC_DEFINE(HAVE_UNSETENV), MISSING="${MISSING}env.o ") AC_SUBST(MISSING) AC_MSG_CHECKING(for nonstandard gettimeofday) diff --git a/contrib/opie/ftpcmd.y b/contrib/opie/ftpcmd.y index ea5bb365b581..abcffdc69568 100644 --- a/contrib/opie/ftpcmd.y +++ b/contrib/opie/ftpcmd.y @@ -1,7 +1,7 @@ /* ftpcmd.y: yacc parser for the FTP daemon. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -9,6 +9,7 @@ you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Use DOTITLE rather than SETPROCTITLE. Modified by cmetz for OPIE 2.3. Moved LS_COMMAND here. Modified by cmetz for OPIE 2.2. Fixed a *lot* of warnings. Use FUNCTION declaration et al. Removed useless strings. @@ -964,10 +965,10 @@ int yylex FUNCTION_NOARGS dologout(0); } (void) alarm(0); -#ifdef SETPROCTITLE +#if DOTITLE if (strncasecmp(cbuf, "PASS", 4) != NULL) setproctitle("%s: %s", proctitle, cbuf); -#endif /* SETPROCTITLE */ +#endif /* DOTITLE */ if ((cp = strchr(cbuf, '\r'))) { *cp++ = '\n'; *cp = '\0'; diff --git a/contrib/opie/glob.c b/contrib/opie/glob.c index 8cbe7790e1a2..c1bd65801079 100644 --- a/contrib/opie/glob.c +++ b/contrib/opie/glob.c @@ -1,8 +1,8 @@ /* glob.c: The csh et al glob pattern matching routines. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. diff --git a/contrib/opie/libmissing/Makefile.in b/contrib/opie/libmissing/Makefile.in index 3da41edad598..e4759da3098f 100644 --- a/contrib/opie/libmissing/Makefile.in +++ b/contrib/opie/libmissing/Makefile.in @@ -2,29 +2,33 @@ # Makefile.in/Makefile: Directions for building libmissing. # # %%% copyright-cmetz-96 -# This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -# The Inner Net License Version 2 applies to this software. +# This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +# The Inner Net License Version 3 applies to this software. # You should have received a copy of the license with this software. If # you didn't get a copy, you may request one from <license@inner.net>. # # History: # +# Modified by cmetz for OPIE 2.4. Add current dir to include header path. +# Use ar 'cr' instead of 'r'. Renamed realclean to distclean. # Created by cmetz for OPIE 2.3 using old Makefiles as a guide. OBJS=bogus.o @MISSING@ CC=@CC@ -CFLAGS=$(CFL) -I.. +CFLAGS=$(CFL) -I.. -I. TARGET=libmissing.a all: $(TARGET) $(TARGET): $(OBJS) - ar r $(TARGET) $(OBJS) + ar cr $(TARGET) $(OBJS) @RANLIB@ $(TARGET) clean: -rm -f $(OBJS) $(TARGET) -realclean: clean +realclean: distclean + +distclean: clean -rm -f *~ core* "\#*\#" *.o *.a Makefile diff --git a/contrib/opie/libmissing/alloca.c b/contrib/opie/libmissing/alloca.c new file mode 100644 index 000000000000..61f2eeb9d96d --- /dev/null +++ b/contrib/opie/libmissing/alloca.c @@ -0,0 +1,494 @@ +/* alloca.c -- allocate automatically reclaimed memory + (Mostly) portable public-domain implementation -- D A Gwyn + + This implementation of the PWB library alloca function, + which is used to allocate space off the run-time stack so + that it is automatically reclaimed upon procedure exit, + was inspired by discussions with J. Q. Johnson of Cornell. + J.Otto Tennant <jot@cray.com> contributed the Cray support. + + There are some preprocessor constants that can + be defined when compiling for your specific system, for + improved efficiency; however, the defaults should be okay. + + The general concept of this implementation is to keep + track of all alloca-allocated blocks, and reclaim any + that are found to be deeper in the stack than the current + invocation. This heuristic does not reclaim storage as + soon as it becomes invalid, but it will do so eventually. + + As a special case, alloca(0) reclaims storage without + allocating any. It is a good idea to use alloca(0) in + your main control loop, etc. to force garbage collection. */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#ifdef emacs +#include "blockinput.h" +#endif + +/* If compiling with GCC 2, this file's not needed. */ +#if !defined (__GNUC__) || __GNUC__ < 2 + +/* If someone has defined alloca as a macro, + there must be some other way alloca is supposed to work. */ +#ifndef alloca + +#ifdef emacs +#ifdef static +/* actually, only want this if static is defined as "" + -- this is for usg, in which emacs must undefine static + in order to make unexec workable + */ +#ifndef STACK_DIRECTION +you +lose +-- must know STACK_DIRECTION at compile-time +#endif /* STACK_DIRECTION undefined */ +#endif /* static */ +#endif /* emacs */ + +/* If your stack is a linked list of frames, you have to + provide an "address metric" ADDRESS_FUNCTION macro. */ + +#if defined (CRAY) && defined (CRAY_STACKSEG_END) +long i00afunc (); +#define ADDRESS_FUNCTION(arg) (char *) i00afunc (&(arg)) +#else +#define ADDRESS_FUNCTION(arg) &(arg) +#endif + +#if __STDC__ +typedef void *pointer; +#else +typedef char *pointer; +#endif + +#define NULL 0 + +/* Different portions of Emacs need to call different versions of + malloc. The Emacs executable needs alloca to call xmalloc, because + ordinary malloc isn't protected from input signals. On the other + hand, the utilities in lib-src need alloca to call malloc; some of + them are very simple, and don't have an xmalloc routine. + + Non-Emacs programs expect this to call use xmalloc. + + Callers below should use malloc. */ + +#if 0 +#ifndef emacs +#define malloc xmalloc +#endif +extern pointer malloc (); +#endif /* 0 */ + +/* Define STACK_DIRECTION if you know the direction of stack + growth for your system; otherwise it will be automatically + deduced at run-time. + + STACK_DIRECTION > 0 => grows toward higher addresses + STACK_DIRECTION < 0 => grows toward lower addresses + STACK_DIRECTION = 0 => direction of growth unknown */ + +#ifndef STACK_DIRECTION +#define STACK_DIRECTION 0 /* Direction unknown. */ +#endif + +#if STACK_DIRECTION != 0 + +#define STACK_DIR STACK_DIRECTION /* Known at compile-time. */ + +#else /* STACK_DIRECTION == 0; need run-time code. */ + +static int stack_dir; /* 1 or -1 once known. */ +#define STACK_DIR stack_dir + +static void +find_stack_direction () +{ + static char *addr = NULL; /* Address of first `dummy', once known. */ + auto char dummy; /* To get stack address. */ + + if (addr == NULL) + { /* Initial entry. */ + addr = ADDRESS_FUNCTION (dummy); + + find_stack_direction (); /* Recurse once. */ + } + else + { + /* Second entry. */ + if (ADDRESS_FUNCTION (dummy) > addr) + stack_dir = 1; /* Stack grew upward. */ + else + stack_dir = -1; /* Stack grew downward. */ + } +} + +#endif /* STACK_DIRECTION == 0 */ + +/* An "alloca header" is used to: + (a) chain together all alloca'ed blocks; + (b) keep track of stack depth. + + It is very important that sizeof(header) agree with malloc + alignment chunk size. The following default should work okay. */ + +#ifndef ALIGN_SIZE +#define ALIGN_SIZE sizeof(double) +#endif + +typedef union hdr +{ + char align[ALIGN_SIZE]; /* To force sizeof(header). */ + struct + { + union hdr *next; /* For chaining headers. */ + char *deep; /* For stack depth measure. */ + } h; +} header; + +static header *last_alloca_header = NULL; /* -> last alloca header. */ + +/* Return a pointer to at least SIZE bytes of storage, + which will be automatically reclaimed upon exit from + the procedure that called alloca. Originally, this space + was supposed to be taken from the current stack frame of the + caller, but that method cannot be made to work for some + implementations of C, for example under Gould's UTX/32. */ + +pointer +alloca (size) + unsigned size; +{ + auto char probe; /* Probes stack depth: */ + register char *depth = ADDRESS_FUNCTION (probe); + +#if STACK_DIRECTION == 0 + if (STACK_DIR == 0) /* Unknown growth direction. */ + find_stack_direction (); +#endif + + /* Reclaim garbage, defined as all alloca'd storage that + was allocated from deeper in the stack than currently. */ + + { + register header *hp; /* Traverses linked list. */ + +#ifdef emacs + BLOCK_INPUT; +#endif + + for (hp = last_alloca_header; hp != NULL;) + if ((STACK_DIR > 0 && hp->h.deep > depth) + || (STACK_DIR < 0 && hp->h.deep < depth)) + { + register header *np = hp->h.next; + + free ((pointer) hp); /* Collect garbage. */ + + hp = np; /* -> next header. */ + } + else + break; /* Rest are not deeper. */ + + last_alloca_header = hp; /* -> last valid storage. */ + +#ifdef emacs + UNBLOCK_INPUT; +#endif + } + + if (size == 0) + return NULL; /* No allocation required. */ + + /* Allocate combined header + user data storage. */ + + { + register pointer new = malloc (sizeof (header) + size); + /* Address of header. */ + + ((header *) new)->h.next = last_alloca_header; + ((header *) new)->h.deep = depth; + + last_alloca_header = (header *) new; + + /* User storage begins just after header. */ + + return (pointer) ((char *) new + sizeof (header)); + } +} + +#if defined (CRAY) && defined (CRAY_STACKSEG_END) + +#ifdef DEBUG_I00AFUNC +#include <stdio.h> +#endif + +#ifndef CRAY_STACK +#define CRAY_STACK +#ifndef CRAY2 +/* Stack structures for CRAY-1, CRAY X-MP, and CRAY Y-MP */ +struct stack_control_header + { + long shgrow:32; /* Number of times stack has grown. */ + long shaseg:32; /* Size of increments to stack. */ + long shhwm:32; /* High water mark of stack. */ + long shsize:32; /* Current size of stack (all segments). */ + }; + +/* The stack segment linkage control information occurs at + the high-address end of a stack segment. (The stack + grows from low addresses to high addresses.) The initial + part of the stack segment linkage control information is + 0200 (octal) words. This provides for register storage + for the routine which overflows the stack. */ + +struct stack_segment_linkage + { + long ss[0200]; /* 0200 overflow words. */ + long sssize:32; /* Number of words in this segment. */ + long ssbase:32; /* Offset to stack base. */ + long:32; + long sspseg:32; /* Offset to linkage control of previous + segment of stack. */ + long:32; + long sstcpt:32; /* Pointer to task common address block. */ + long sscsnm; /* Private control structure number for + microtasking. */ + long ssusr1; /* Reserved for user. */ + long ssusr2; /* Reserved for user. */ + long sstpid; /* Process ID for pid based multi-tasking. */ + long ssgvup; /* Pointer to multitasking thread giveup. */ + long sscray[7]; /* Reserved for Cray Research. */ + long ssa0; + long ssa1; + long ssa2; + long ssa3; + long ssa4; + long ssa5; + long ssa6; + long ssa7; + long sss0; + long sss1; + long sss2; + long sss3; + long sss4; + long sss5; + long sss6; + long sss7; + }; + +#else /* CRAY2 */ +/* The following structure defines the vector of words + returned by the STKSTAT library routine. */ +struct stk_stat + { + long now; /* Current total stack size. */ + long maxc; /* Amount of contiguous space which would + be required to satisfy the maximum + stack demand to date. */ + long high_water; /* Stack high-water mark. */ + long overflows; /* Number of stack overflow ($STKOFEN) calls. */ + long hits; /* Number of internal buffer hits. */ + long extends; /* Number of block extensions. */ + long stko_mallocs; /* Block allocations by $STKOFEN. */ + long underflows; /* Number of stack underflow calls ($STKRETN). */ + long stko_free; /* Number of deallocations by $STKRETN. */ + long stkm_free; /* Number of deallocations by $STKMRET. */ + long segments; /* Current number of stack segments. */ + long maxs; /* Maximum number of stack segments so far. */ + long pad_size; /* Stack pad size. */ + long current_address; /* Current stack segment address. */ + long current_size; /* Current stack segment size. This + number is actually corrupted by STKSTAT to + include the fifteen word trailer area. */ + long initial_address; /* Address of initial segment. */ + long initial_size; /* Size of initial segment. */ + }; + +/* The following structure describes the data structure which trails + any stack segment. I think that the description in 'asdef' is + out of date. I only describe the parts that I am sure about. */ + +struct stk_trailer + { + long this_address; /* Address of this block. */ + long this_size; /* Size of this block (does not include + this trailer). */ + long unknown2; + long unknown3; + long link; /* Address of trailer block of previous + segment. */ + long unknown5; + long unknown6; + long unknown7; + long unknown8; + long unknown9; + long unknown10; + long unknown11; + long unknown12; + long unknown13; + long unknown14; + }; + +#endif /* CRAY2 */ +#endif /* not CRAY_STACK */ + +#ifdef CRAY2 +/* Determine a "stack measure" for an arbitrary ADDRESS. + I doubt that "lint" will like this much. */ + +static long +i00afunc (long *address) +{ + struct stk_stat status; + struct stk_trailer *trailer; + long *block, size; + long result = 0; + + /* We want to iterate through all of the segments. The first + step is to get the stack status structure. We could do this + more quickly and more directly, perhaps, by referencing the + $LM00 common block, but I know that this works. */ + + STKSTAT (&status); + + /* Set up the iteration. */ + + trailer = (struct stk_trailer *) (status.current_address + + status.current_size + - 15); + + /* There must be at least one stack segment. Therefore it is + a fatal error if "trailer" is null. */ + + if (trailer == 0) + abort (); + + /* Discard segments that do not contain our argument address. */ + + while (trailer != 0) + { + block = (long *) trailer->this_address; + size = trailer->this_size; + if (block == 0 || size == 0) + abort (); + trailer = (struct stk_trailer *) trailer->link; + if ((block <= address) && (address < (block + size))) + break; + } + + /* Set the result to the offset in this segment and add the sizes + of all predecessor segments. */ + + result = address - block; + + if (trailer == 0) + { + return result; + } + + do + { + if (trailer->this_size <= 0) + abort (); + result += trailer->this_size; + trailer = (struct stk_trailer *) trailer->link; + } + while (trailer != 0); + + /* We are done. Note that if you present a bogus address (one + not in any segment), you will get a different number back, formed + from subtracting the address of the first block. This is probably + not what you want. */ + + return (result); +} + +#else /* not CRAY2 */ +/* Stack address function for a CRAY-1, CRAY X-MP, or CRAY Y-MP. + Determine the number of the cell within the stack, + given the address of the cell. The purpose of this + routine is to linearize, in some sense, stack addresses + for alloca. */ + +static long +i00afunc (long address) +{ + long stkl = 0; + + long size, pseg, this_segment, stack; + long result = 0; + + struct stack_segment_linkage *ssptr; + + /* Register B67 contains the address of the end of the + current stack segment. If you (as a subprogram) store + your registers on the stack and find that you are past + the contents of B67, you have overflowed the segment. + + B67 also points to the stack segment linkage control + area, which is what we are really interested in. */ + + stkl = CRAY_STACKSEG_END (); + ssptr = (struct stack_segment_linkage *) stkl; + + /* If one subtracts 'size' from the end of the segment, + one has the address of the first word of the segment. + + If this is not the first segment, 'pseg' will be + nonzero. */ + + pseg = ssptr->sspseg; + size = ssptr->sssize; + + this_segment = stkl - size; + + /* It is possible that calling this routine itself caused + a stack overflow. Discard stack segments which do not + contain the target address. */ + + while (!(this_segment <= address && address <= stkl)) + { +#ifdef DEBUG_I00AFUNC + fprintf (stderr, "%011o %011o %011o\n", this_segment, address, stkl); +#endif + if (pseg == 0) + break; + stkl = stkl - pseg; + ssptr = (struct stack_segment_linkage *) stkl; + size = ssptr->sssize; + pseg = ssptr->sspseg; + this_segment = stkl - size; + } + + result = address - this_segment; + + /* If you subtract pseg from the current end of the stack, + you get the address of the previous stack segment's end. + This seems a little convoluted to me, but I'll bet you save + a cycle somewhere. */ + + while (pseg != 0) + { +#ifdef DEBUG_I00AFUNC + fprintf (stderr, "%011o %011o\n", pseg, size); +#endif + stkl = stkl - pseg; + ssptr = (struct stack_segment_linkage *) stkl; + size = ssptr->sssize; + pseg = ssptr->sspseg; + result += size; + } + return (result); +} + +#endif /* not CRAY2 */ +#endif /* CRAY */ + +#endif /* no alloca */ +#endif /* not GCC version 2 */ diff --git a/contrib/opie/libmissing/endutent.c b/contrib/opie/libmissing/endutent.c index 0b4bd7a39763..e0355b7e28f8 100644 --- a/contrib/opie/libmissing/endutent.c +++ b/contrib/opie/libmissing/endutent.c @@ -1,8 +1,8 @@ /* endutent.c: A replacement for the endutent function %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. diff --git a/contrib/opie/libmissing/env.c b/contrib/opie/libmissing/env.c new file mode 100644 index 000000000000..9a445a084931 --- /dev/null +++ b/contrib/opie/libmissing/env.c @@ -0,0 +1,141 @@ +/* env.c: Replacement environment handling functions. + +%%% portions-copyright-cmetz +Portions of this software are Copyright 1996 by Craig Metz, All Rights +Reserved. The Inner Net License Version 2 applies to these portions of +the software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + +Portions of this software are Copyright 1995 by Randall Atkinson and Dan +McDonald, All Rights Reserved. All Rights under this copyright are assigned +to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and +License Agreement applies to this software. + + History: + + Modified by cmetz for OPIE 2.2. Changed ifdefs for libmissing. + Combined all env functions and made _findenv static. + Including headers is a good idea, though. Add more headers. + Modified at NRL for OPIE 2.0. + Originally from BSD. +*/ +/* + * Copyright (c) 1987 Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms are permitted + * provided that the above copyright notice and this paragraph are + * duplicated in all such forms and that any documentation, + * advertising materials, and other materials related to such + * distribution and use acknowledge that the software was developed + * by the University of California, Berkeley. The name of the + * University may not be used to endorse or promote products derived + * from this software without specific prior written permission. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#include "opie_cfg.h" +#include <stdio.h> +#if HAVE_UNISTD_H +#include <unistd.h> +#endif /* HAVE_UNISTD_H */ +#if HAVE_STDLIB_H +#include <stdlib.h> +#endif /* HAVE_STDLIB_H */ +#include "opie.h" + +static char *_findenv FUNCTION((name, offset), register char *name AND int *offset) +{ + extern char **environ; + register int len; + register char **P, *C; + + for (C = name, len = 0; *C && *C != '='; ++C, ++len); + for (P = environ; *P; ++P) + if (!strncmp(*P, name, len)) + if (*(C = *P + len) == '=') { + *offset = P - environ; + return (++C); + } + return (NULL); +} + +#if !HAVE_GETENV +char *getenv FUNCTION((name), char *name) +{ + int offset; + char *_findenv(); + + return (_findenv(name, &offset)); +} +#endif /* !HAVE_GETENV */ + +#if !HAVE_SETENV +int setenv FUNCTION((name, value, rewrite), char *name AND char *value AND int rewrite) +{ + extern char **environ; + static int alloced; /* if allocated space before */ + register char *C; + int l_value, offset; + + if (*value == '=') /* no `=' in value */ + ++value; + l_value = strlen(value); + if ((C = _findenv(name, &offset))) { /* find if already exists */ + if (!rewrite) + return (0); + if (strlen(C) >= l_value) { /* old larger; copy over */ + while (*C++ = *value++); + return (0); + } + } else { /* create new slot */ + register int cnt; + register char **P; + + for (P = environ, cnt = 0; *P; ++P, ++cnt); + if (alloced) { /* just increase size */ + environ = (char **) realloc((char *) environ, + (u_int) (sizeof(char *) * (cnt + 2))); + + if (!environ) + return (-1); + } else { /* get new space */ + alloced = 1; /* copy old entries into it */ + P = (char **) malloc((u_int) (sizeof(char *) * + (cnt + 2))); + + if (!P) + return (-1); + strncpy(P, environ, cnt * sizeof(char *)); + + environ = P; + } + environ[cnt + 1] = NULL; + offset = cnt; + } + for (C = name; *C && *C != '='; ++C); /* no `=' in name */ + if (!(environ[offset] = /* name + `=' + value */ + malloc((u_int) ((int) (C - name) + l_value + 2)))) + return (-1); + for (C = environ[offset]; (*C = *name++) && *C != '='; ++C); + for (*C++ = '='; *C++ = *value++;); + return (0); +} +#endif /* !HAVE_SETENV */ + +#if !HAVE_UNSETENV +VOIDRET unsetenv FUNCTION((name), char *name) +{ + extern char **environ; + register char **P; + int offset; + + while (_findenv(name, &offset)) /* if set multiple times */ + for (P = &environ[offset];; ++P) + if (!(*P = *(P + 1))) + break; +} +#endif /* !HAVE_UNSETENV */ diff --git a/contrib/opie/libmissing/getcwd.c b/contrib/opie/libmissing/getcwd.c new file mode 100644 index 000000000000..30ccdc0486dd --- /dev/null +++ b/contrib/opie/libmissing/getcwd.c @@ -0,0 +1,23 @@ +/* getcwd.c: A replacement for the getcwd function + +%%% copyright-cmetz +This software is Copyright 1996 by Craig Metz, All Rights Reserved. +The Inner Net License Version 2 applies to this software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + + History: + + Created by cmetz for OPIE 2.3. +*/ +#include "opie_cfg.h" +#include "opie.h" + +char *getcwd FUNCTION((c, l), char *c AND int l) +{ +#if HAVE_GETWD + return getwd(c); +#else /* HAVE_INDEX */ +#error Need getwd() to build a replacement getcwd() +#endif /* HAVE_INDEX */ +} diff --git a/contrib/opie/libmissing/getusershell.c b/contrib/opie/libmissing/getusershell.c new file mode 100644 index 000000000000..885aa04ffa5f --- /dev/null +++ b/contrib/opie/libmissing/getusershell.c @@ -0,0 +1,67 @@ +/* getusershell.c: minimal implementation of the getusershell() and + endusershell() library routines for systems that don't have them. + +%%% portions-copyright-cmetz +Portions of this software are Copyright 1996 by Craig Metz, All Rights +Reserved. The Inner Net License Version 2 applies to these portions of +the software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + +Portions of this software are Copyright 1995 by Randall Atkinson and Dan +McDonald, All Rights Reserved. All Rights under this copyright are assigned +to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and +License Agreement applies to this software. + + History: + + Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al. + Modified at NRL for OPIE 2.1. Remove trailing newlines from + /etc/shells entries. Fixed infinite loop. Fixed a bug + where second invocation on would fail. + Written at NRL for OPIE 2.0. +*/ +#include "opie_cfg.h" +#include <stdio.h> +#if HAVE_STRING_H +#include <string.h> +#endif /* HAVE_STRING_H */ +#include "opie.h" + +static FILE *fh = NULL; +static char *internal[] = {"/bin/sh", "/bin/csh", NULL}; +static int i = 0; +static char buffer[1024]; + +char *getusershell FUNCTION_NOARGS +{ + char *c; + + if (!fh) + fh = fopen("/etc/shells", "r"); + + if (fh) { + if (fgets(buffer, sizeof(buffer), fh)) { + if (c = strchr(buffer, '\n')) + *c = 0; + return buffer; + } else { + fclose(fh); + return NULL; + } + } else { + if (internal[i]) + return internal[i++]; + else + return NULL; + } +} + +VOIDRET endusershell FUNCTION_NOARGS +{ + if (fh) { + fclose(fh); + fh = NULL; + } + i = 0; +} diff --git a/contrib/opie/libmissing/getutline.c b/contrib/opie/libmissing/getutline.c index 59df92b750a1..929d024c6b6c 100644 --- a/contrib/opie/libmissing/getutline.c +++ b/contrib/opie/libmissing/getutline.c @@ -1,8 +1,8 @@ /* getutline.c: A replacement for the getutline() function %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. diff --git a/contrib/opie/libmissing/initgroups.c b/contrib/opie/libmissing/initgroups.c new file mode 100644 index 000000000000..2306a0c2e922 --- /dev/null +++ b/contrib/opie/libmissing/initgroups.c @@ -0,0 +1,129 @@ +/* initgroups.c: Replacement for the initgroups() function. + +%%% portions-copyright-cmetz +Portions of this software are Copyright 1996 by Craig Metz, All Rights +Reserved. The Inner Net License Version 2 applies to these portions of +the software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + + History: + + Modified by cmetz for OPIE 2.2. Removed useless string. + Ifdef around headers. Use FUNCTION declarations. + Not everyone has multiple groups. Work around + lack of NGROUPS. + Originally from 4.3BSD Net/2. +*/ +/* + * Copyright (c) 1983 Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * initgroups + */ +#include "opie_cfg.h" + +#if HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif /* HAVE_SYS_PARAM_H */ +#include <stdio.h> +#if HAVE_STRING_H +#include <string.h> +#endif /* HAVE_STRING */ +#if HAVE_UNISTD_H +#include <unistd.h> +#endif /* HAVE_UNISTD_H */ +#include <grp.h> + +#include "opie.h" + +struct group *getgrent(); + +int initgroups FUNCTION((uname, agroup), const char *uname AND int agroup) +{ +#if HAVE_SETGROUPS && HAVE_GETGROUPS +#if NGROUPS + int groups[NGROUPS]; +#else /* NGROUPS */ +#define STARTING_NGROUPS 32 + int groups[STARTING_NGROUPS]; +#endif /* NGROUPS */ + int ngroups; + register struct group *grp; + register int i; + + /* + * If installing primary group, duplicate it; + * the first element of groups is the effective gid + * and will be overwritten when a setgid file is executed. + */ + if (agroup >= 0) { + groups[ngroups++] = agroup; + groups[ngroups++] = agroup; + } + setgrent(); + while (grp = getgrent()) { + if (grp->gr_gid == agroup) + continue; + for (i = 0; grp->gr_mem[i]; i++) + if (!strcmp(grp->gr_mem[i], uname)) { +#if NGROUPS + if (ngroups == NGROUPS) { +#else /* NGROUPS */ + if (ngroups == STARTING_NGROUPS) { +#endif /* NGROUPS */ +fprintf(stderr, "initgroups: %s is in too many groups\n", uname); + goto toomany; + } + groups[ngroups++] = grp->gr_gid; + } + } +toomany: + endgrent(); +#if NGROUPS + if (setgroups(ngroups, groups) < 0) { + perror("setgroups"); + return (-1); + } +#else /* NGROUPS */ + ngroups++; + do { + if ((i = setgroups(--ngroups, groups) < 0) && (i != EINVAL)) { + perror("setgroups"); + return (-1); + } + } while ((i < 0) && (ngroups > 0)); +#endif /* NGROUPS */ +#endif /* HAVE_SETGROUPS && HAVE_GETGROUPS */ + return (0); +} diff --git a/contrib/opie/libmissing/memcmp.c b/contrib/opie/libmissing/memcmp.c new file mode 100644 index 000000000000..e19beafcdb95 --- /dev/null +++ b/contrib/opie/libmissing/memcmp.c @@ -0,0 +1,25 @@ +/* strncasecmp.c: A replacement for the strncasecmp function + +%%% copyright-cmetz +This software is Copyright 1996 by Craig Metz, All Rights Reserved. +The Inner Net License Version 2 applies to this software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + + History: + + Created by cmetz for OPIE 2.2. +*/ +#include "opie_cfg.h" +#include "opie.h" + +int memcmp FUNCTION((s1, s2, n), unsigned char *s1 AND unsigned char *s2 AND int n) +{ + while(n--) { + if (*s1 != *s2) + return (*s1 > *s2) ? 1 : -1; + s1++; + s2++; + } + return 0; +} diff --git a/contrib/opie/libmissing/memcpy.c b/contrib/opie/libmissing/memcpy.c new file mode 100644 index 000000000000..6d386c2d3242 --- /dev/null +++ b/contrib/opie/libmissing/memcpy.c @@ -0,0 +1,25 @@ +/* memcpy.c: A replacement for the memcpy function + +%%% copyright-cmetz +This software is Copyright 1996 by Craig Metz, All Rights Reserved. +The Inner Net License Version 2 applies to this software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + + History: + + Created by cmetz for OPIE 2.2. +*/ +#include "opie_cfg.h" +#include "opie.h" + +VOIDPTR *memcpy FUNCTION((d, s, n), unsigned char *d AND unsigned char *s AND int n) +{ +#if HAVE_BCOPY + bcopy(s, d, n); +#else /* HAVE_BCOPY */ + char *d2 = d; + while(n--) (*d2++) = (*s++); +#endif /* HAVE_BCOPY */ + return d; +} diff --git a/contrib/opie/libmissing/memset.c b/contrib/opie/libmissing/memset.c new file mode 100644 index 000000000000..678c4411e64f --- /dev/null +++ b/contrib/opie/libmissing/memset.c @@ -0,0 +1,21 @@ +/* memcpy.c: A replacement for the memcpy function + +%%% copyright-cmetz +This software is Copyright 1996 by Craig Metz, All Rights Reserved. +The Inner Net License Version 2 applies to this software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + + History: + + Created by cmetz for OPIE 2.2. +*/ +#include "opie_cfg.h" +#include "opie.h" + +VOIDPTR *memset FUNCTION((d, v, n), unsigned char *d AND int v AND int n) +{ + unsigned char *d2 = d; + while(n--) (*d2++) = (unsigned char)v; + return d; +} diff --git a/contrib/opie/libmissing/pututline.c b/contrib/opie/libmissing/pututline.c index 93f209bbc76c..718ecbaadde9 100644 --- a/contrib/opie/libmissing/pututline.c +++ b/contrib/opie/libmissing/pututline.c @@ -1,8 +1,8 @@ /* pututline.c: A replacement for the pututline() function %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. diff --git a/contrib/opie/libmissing/setutent.c b/contrib/opie/libmissing/setutent.c index ebb98e0ac4ef..865fcd16df59 100644 --- a/contrib/opie/libmissing/setutent.c +++ b/contrib/opie/libmissing/setutent.c @@ -1,8 +1,8 @@ /* setutent.c: A replacement for the setutent function %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. diff --git a/contrib/opie/libmissing/sigaddset.c b/contrib/opie/libmissing/sigaddset.c new file mode 100644 index 000000000000..56a613bf68c9 --- /dev/null +++ b/contrib/opie/libmissing/sigaddset.c @@ -0,0 +1,36 @@ +/* sigaddset.c: A replacement for the sigaddset function + +%%% copyright-cmetz +This software is Copyright 1996 by Craig Metz, All Rights Reserved. +The Inner Net License Version 2 applies to this software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + + History: + + Created by cmetz for OPIE 2.2. +*/ + +#include "opie_cfg.h" + +#ifndef _NSIG +#ifdef NSIG +#define _NSIG NSIG +#else /* NSIG */ +#define _NSIG 32 +#endif /* NSIG */ +#endif /* _NSIG */ + +#include "opie.h" + +int sigaddset FUNCTION((set, signum), sigset_t *set AND int signum) +{ +#if sizeof(sigset_t) != sizeof(int) +Sorry, we don't currently support your system. +#else /* sizeof(sigset_t) != sizeof(int) */ + if (set && (signum > 0) && (signum < _NSIG)) + *set |= 1 << (signum - 1); +#endif /* sizeof(sigset_t) != sizeof(int) */ + + return 0; +} diff --git a/contrib/opie/libmissing/sigemptyset.c b/contrib/opie/libmissing/sigemptyset.c new file mode 100644 index 000000000000..fc083f50ddc8 --- /dev/null +++ b/contrib/opie/libmissing/sigemptyset.c @@ -0,0 +1,23 @@ +/* sigemptyset.c: A replacement for the sigemptyset function + +%%% copyright-cmetz +This software is Copyright 1996 by Craig Metz, All Rights Reserved. +The Inner Net License Version 2 applies to this software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + + History: + + Created by cmetz for OPIE 2.2. +*/ + +#include "opie_cfg.h" +#include "opie.h" + +int sigemptyset FUNCTION((set), sigset_t *set) +{ + if (set) + memset(set, 0, sizeof(sigset_t)) + + return 0; +} diff --git a/contrib/opie/libmissing/sigprocmask.c b/contrib/opie/libmissing/sigprocmask.c new file mode 100644 index 000000000000..4af1559cbe71 --- /dev/null +++ b/contrib/opie/libmissing/sigprocmask.c @@ -0,0 +1,68 @@ +/* sigprocmask.c: A replacement for the sigprocmask() function + +%%% portions-copyright-cmetz +Portions of this software are Copyright 1996 by Craig Metz, All Rights +Reserved. The Inner Net License Version 2 applies to these portions of +the software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + +Portions of this software are Copyright 1995 by Randall Atkinson and Dan +McDonald, All Rights Reserved. All Rights under this copyright are assigned +to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and +License Agreement applies to this software. + + History: + + Created by cmetz for OPIE 2.2 from popen.c. Use FUNCTION + declaration et al. Include opie.h. +*/ + +#include "opie_cfg.h" + +#include <sys/types.h> +#if HAVE_SIGNAL_H +#include <signal.h> +#endif /* HAVE_SIGNAL_H */ +#if HAVE_SYS_SIGNAL_H +#include <sys/signal.h> +#endif /* HAVE_SYS_SIGNAL_H */ + +#if !HAVE_SIGBLOCK || !HAVE_SIGSETMASK +Without sigblock and sigsetmask, we can't build a replacement sigprocmask. +#endif /* !HAVE_SIGBLOCK || !HAVE_SIGSETMASK */ + +#include "opie.h" + +#ifndef sigset_t +#define sigset_t int +#endif /* sigset_t */ + +int sigprocmask FUNCTION((how, set, oset), int how AND sigset_t *set AND sigset_t *oset) +{ + int old, new; + + if (set && (set != (sigset_t *)SIG_IGN) && (set != (sigset_t *)SIG_ERR)) + new = *set; + else + new = 0; + + switch(how) { + case SIG_BLOCK: + old = sigblock(new); + if (oset && (oset != (sigset_t *)SIG_IGN) && (oset != (sigset_t *)SIG_ERR)) + *oset = old; + return 0; + + case SIG_SETMASK: + old = sigsetmask(new); + if (oset && (oset != (sigset_t *)SIG_IGN) && (oset != (sigset_t *)SIG_ERR)) + *oset = old; + return 0; + + case SIG_UNBLOCK: + /* not implemented */ + default: + return 0; + } +} diff --git a/contrib/opie/libmissing/strchr.c b/contrib/opie/libmissing/strchr.c new file mode 100644 index 000000000000..2903bc4a61f2 --- /dev/null +++ b/contrib/opie/libmissing/strchr.c @@ -0,0 +1,24 @@ +/* strchr.c: A replacement for the strchr function + +%%% copyright-cmetz +This software is Copyright 1996 by Craig Metz, All Rights Reserved. +The Inner Net License Version 2 applies to this software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + + History: + + Created by cmetz for OPIE 2.3. +*/ +#include "opie_cfg.h" +#include "opie.h" + +char *strchr FUNCTION((s, c), char *s AND int c) +{ +#if HAVE_INDEX + return index(s, c); +#else /* HAVE_INDEX */ + while(*s && (*s != c)) s++; + return *s ? s : (char *)0; +#endif /* HAVE_INDEX */ +} diff --git a/contrib/opie/libmissing/strerror.c b/contrib/opie/libmissing/strerror.c new file mode 100644 index 000000000000..89632f9fe816 --- /dev/null +++ b/contrib/opie/libmissing/strerror.c @@ -0,0 +1,34 @@ +/* strerror.c: A replacement for the strerror function + +%%% copyright-cmetz +This software is Copyright 1996 by Craig Metz, All Rights Reserved. +The Inner Net License Version 2 applies to this software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + + History: + + Created by cmetz for OPIE 2.2. +*/ + +#include "opie_cfg.h" +#include "opie.h" + +char *strerror FUNCTION((errnum), int errnum) +{ +#if HAVE_SYS_ERRLIST + extern char *sys_errlist[]; + return sys_errlist[errnum]; +#else /* NEED_STRERROR */ +#if HAVE__SYS_ERRLIST + extern char *_sys_errlist[]; + return sys_errlist[errnum]; +#else /* HAVE__SYS_ERRLIST */ + static char hexdigits[] = "0123456789abcdef"; + static char buffer[] = "System error 0x42"; + buffer[15] = hexdigits[(errnum >> 4) & 0x0f]; + buffer[16] = hexdigits[errnum & 0x0f]; + return buffer; +#endif /* HAVE__SYS_ERRLIST */ +#endif /* NEED_STRERROR */ +} diff --git a/contrib/opie/libmissing/strncasecmp.c b/contrib/opie/libmissing/strncasecmp.c new file mode 100644 index 000000000000..e90b4c038c86 --- /dev/null +++ b/contrib/opie/libmissing/strncasecmp.c @@ -0,0 +1,30 @@ +/* strncasecmp.c: A replacement for the strncasecmp function + +%%% copyright-cmetz +This software is Copyright 1996 by Craig Metz, All Rights Reserved. +The Inner Net License Version 2 applies to this software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + + History: + + Created by cmetz for OPIE 2.2. +*/ +#include "opie_cfg.h" +#include "opie.h" + +int strncasecmp FUNCTION((s1, s2, n), unsigned char *s1 AND unsigned char *s2 AND int n) +{ + unsigned char c1, c2; + while(*s1 && *s2 && n--) { + c1 = ((*s1 >= 'A') && (*s1 <= 'Z')) ? (*s1++) + ('a' - 'A') : (*s1++); + c2 = ((*s2 >= 'A') && (*s2 <= 'Z')) ? (*s2++) + ('a' - 'A') : (*s2++); + if (c1 != c2) + return (c1 > c2) ? 1 : -1; + } + if (*s1 && !*s2) + return 1; + if (!*s1 && *s2) + return -1; + return 0; +} diff --git a/contrib/opie/libmissing/strrchr.c b/contrib/opie/libmissing/strrchr.c new file mode 100644 index 000000000000..04d46cef3e08 --- /dev/null +++ b/contrib/opie/libmissing/strrchr.c @@ -0,0 +1,25 @@ +/* strrchr.c: A replacement for the strrchr function + +%%% copyright-cmetz +This software is Copyright 1996 by Craig Metz, All Rights Reserved. +The Inner Net License Version 2 applies to this software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + + History: + + Created by cmetz for OPIE 2.3. +*/ +#include "opie_cfg.h" +#include "opie.h" + +char *strrchr FUNCTION((s, c), char *s AND int c) +{ +#if HAVE_RINDEX + return rindex(s, c); +#else /* HAVE_RINDEX */ + char *s2 = (char *)0; + while(*s) { if (*s == c) s2 = s; s++ }; + return s2; +#endif /* HAVE_RINDEX */ +} diff --git a/contrib/opie/libmissing/sysconf.c b/contrib/opie/libmissing/sysconf.c new file mode 100644 index 000000000000..fb3a5bc75a54 --- /dev/null +++ b/contrib/opie/libmissing/sysconf.c @@ -0,0 +1,30 @@ +/* sysconf.c: A (partial) replacement for the sysconf function + +%%% copyright-cmetz +This software is Copyright 1996 by Craig Metz, All Rights Reserved. +The Inner Net License Version 2 applies to this software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + + History: + + Created by cmetz for OPIE 2.3. +*/ +#include "opie_cfg.h" +#if HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif /* HAVE_SYS_PARAM_H */ +#include "opie.h" + +long sysconf(int name) +{ + switch(name) { + case _SC_OPEN_MAX: +#if HAVE_GETDTABLESIZE + return getdtablesize(); +#else /* HAVE_GETDTABLESIZE */ +#error Need getdtablesize() to build a replacement sysconf() +#endif /* HAVE_GETDTABLESIZE */ + + return -1; +} diff --git a/contrib/opie/libmissing/uname.c b/contrib/opie/libmissing/uname.c new file mode 100644 index 000000000000..5b51fa55122a --- /dev/null +++ b/contrib/opie/libmissing/uname.c @@ -0,0 +1,42 @@ +/* uname.c: A replacement for the uname function (sort of) + +%%% copyright-cmetz +This software is Copyright 1996 by Craig Metz, All Rights Reserved. +The Inner Net License Version 2 applies to this software. +You should have received a copy of the license with this software. If +you didn't get a copy, you may request one from <license@inner.net>. + + History: + + Modified by cmetz for OPIE 2.3. Ifdef around gethostname(). + Created by cmetz for OPIE 2.2. +*/ +#include "opie_cfg.h" +#if HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif /* HAVE_SYS_PARAM_H */ +#include "opie.h" + +int uname FUNCTION(struct utsname *buf) +{ +#if HAVE_GETHOSTNAME + char hostname[MAXHOSTNAMELEN], *c; + + memset(buf, 0, sizeof(buf)); + + if (gethostname(hostname, sizeof(hostname)-1) < 0) + return -1; + + hostname[sizeof(hostname) - 1] = 0; + + if (c = strchr(hostname, '.')) { + *c = 0; + } + + strncpy(buf->nodename, hostname, sizeof(buf->nodename) - 1); + return 0; +#else /* HAVE_GETHOSTNAME */ + strncpy(buf->nodename, "unknown", sizeof(buf->nodename) - 1); + return 0; +#endif /* HAVE_GETHOSTNAME */ +} diff --git a/contrib/opie/libopie/Makefile.in b/contrib/opie/libopie/Makefile.in index 2b3c96c0cd85..dfc1c6f94d4b 100644 --- a/contrib/opie/libopie/Makefile.in +++ b/contrib/opie/libopie/Makefile.in @@ -2,30 +2,34 @@ # Makefile.in/Makefile: Directions for building libopie. # # %%% copyright-cmetz-96 -# This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -# The Inner Net License Version 2 applies to this software. +# This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +# The Inner Net License Version 3 applies to this software. # You should have received a copy of the license with this software. If # you didn't get a copy, you may request one from <license@inner.net>. # # History: # +# Modified by cmetz for OPIE 2.4. Add libmissing to include header path. +# Use ar 'cr' instead of 'r'. Renamed realclean to distclean. # Modified by cmetz for OPIE 2.31. Added logwtmp.o # Created by cmetz for OPIE 2.3 using old Makefiles as a guide. OBJS=md4c.o md5c.o atob8.o btoa8.o btoh.o challenge.o getsequence.o hash.o hashlen.o keycrunch.o lock.o lookup.o newseed.o parsechallenge.o passcheck.o passwd.o randomchallenge.o readpass.o unlock.o verify.o version.o btoe.o accessfile.o generator.o insecure.o getutmpentry.o readrec.o writerec.o login.o open.o logwtmp.o # sha.o CC=@CC@ -CFLAGS=$(CFL) -I.. +CFLAGS=$(CFL) -I.. -I../libmissing TARGET=libopie.a all: $(TARGET) $(TARGET): $(OBJS) - ar r $(TARGET) $(OBJS) + ar cr $(TARGET) $(OBJS) @RANLIB@ $(TARGET) clean: -rm -f $(OBJS) $(TARGET) -realclean: clean +realclean: distclean + +distclean: clean -rm -f *~ core* "\#*\#" *.o *.a Makefile diff --git a/contrib/opie/libopie/accessfile.c b/contrib/opie/libopie/accessfile.c index 0fe1d123958e..8e2765feb634 100644 --- a/contrib/opie/libopie/accessfile.c +++ b/contrib/opie/libopie/accessfile.c @@ -2,7 +2,7 @@ overrides. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/atob8.c b/contrib/opie/libopie/atob8.c index 78a7d43831b4..77367f199f81 100644 --- a/contrib/opie/libopie/atob8.c +++ b/contrib/opie/libopie/atob8.c @@ -1,7 +1,7 @@ /* atob8.c: The opieatob8() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,7 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg. Modified by cmetz for OPIE 2.3. Return the output variable. Don't check parameters. Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al. @@ -27,10 +28,11 @@ License Agreement applies to this software. /* Convert 8-byte hex-ascii string to binary array */ -char *opieatob8 FUNCTION((out, in), char *out AND char *in) +char *opieatob8 FUNCTION((out, in), struct opie_otpkey *outkey AND char *in) { register int i; register int val; + unsigned char *out = (unsigned char *)outkey; for (i = 0; i < 8; i++) { while (*in == ' ' || *in == '\t') diff --git a/contrib/opie/libopie/btoa8.c b/contrib/opie/libopie/btoa8.c index 2b3e885bc1a5..b66306f2739a 100644 --- a/contrib/opie/libopie/btoa8.c +++ b/contrib/opie/libopie/btoa8.c @@ -1,13 +1,14 @@ /* btoa8.c: The opiebtoa8() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg. Created by cmetz for OPIE 2.3 (quick re-write). */ @@ -17,9 +18,10 @@ you didn't get a copy, you may request one from <license@inner.net>. static char hextochar[16] = {'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f'}; -char *opiebtoa8 FUNCTION((out, in), char *out AND char *in) +char *opiebtoa8 FUNCTION((out, in), char *out AND struct opie_otpkey *inkey) { int i; + unsigned char *in = (unsigned char *)inkey; char *c = out; for (i = 0; i < 8; i++) { diff --git a/contrib/opie/libopie/btoe.c b/contrib/opie/libopie/btoe.c index b7ed3cde3420..fa91077a95fe 100644 --- a/contrib/opie/libopie/btoe.c +++ b/contrib/opie/libopie/btoe.c @@ -3,7 +3,7 @@ 64 bit OTP. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -16,6 +16,7 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg. Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al. Remove unnecessary address futzing with Wp in opiebtoe. Changed unsigned long to UINT4 for Alpha. @@ -2088,13 +2089,13 @@ static char Wp[2048][4] = }; /* Encode 8 bytes in 'c' as a string of English words. */ -char *opiebtoe FUNCTION((engout, c), char *engout AND char *c) +char *opiebtoe FUNCTION((engout, c), char *engout AND struct opie_otpkey *c) { - char cp[9]; /* add in room for the parity 2 bits */ + char cp[sizeof(struct opie_otpkey) + 1]; /* add in room for the parity 2 bits */ int p, i; engout[0] = '\0'; - memcpy(cp, c, 8); + memcpy(cp, c, sizeof(struct opie_otpkey)); /* compute parity */ for (p = 0, i = 0; i < 64; i += 2) p += extract(cp, i, 2); @@ -2120,7 +2121,7 @@ char *opiebtoe FUNCTION((engout, c), char *engout AND char *c) * -1 badly formed in put ie > 4 char word * -2 words OK but parity is wrong */ -int opieetob FUNCTION((out, e), char *out AND char *e) +int opieetob FUNCTION((out, e), struct opie_otpkey *out AND char *e) { char *word, *c, *input, b[9]; int i, p, v, l, low, high, rval = -1; @@ -2137,7 +2138,7 @@ int opieetob FUNCTION((out, e), char *out AND char *e) strncpy(input, e, i); input[i] = 0; memset(b, 0, sizeof(b)); - memset(out, 0, 8); + memset(out, 0, sizeof(struct opie_otpkey)); for (i = 0, p = 0, word = c = input; i < 6; i++, p += 11) { while (*c && !isalpha(*c)) c++; @@ -2187,7 +2188,7 @@ int opieetob FUNCTION((out, e), char *out AND char *e) goto opiebtoeret; } - memcpy(out, b, 8); + memcpy(out, b, sizeof(struct opie_otpkey)); rval = 1; diff --git a/contrib/opie/libopie/btoh.c b/contrib/opie/libopie/btoh.c index c5ed15065ac4..45fb4c827083 100644 --- a/contrib/opie/libopie/btoh.c +++ b/contrib/opie/libopie/btoh.c @@ -1,8 +1,8 @@ /* btoh.c: The opiebtoh() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. @@ -17,10 +17,11 @@ you didn't get a copy, you may request one from <license@inner.net>. static char hextochar[16] = {'0','1','2','3','4','5','6','7','8','9','A','B','C','D','E','F'}; -char *opiebtoh FUNCTION((out, in), char *out AND char *in) +char *opiebtoh FUNCTION((out, in), char *out AND struct opie_otpkey *inkey) { int i; char *c = out; + unsigned char *in = (unsigned char *)inkey; for (i = 0; i < 4; i++) { *(c++) = hextochar[((*in) >> 4) & 0x0f]; diff --git a/contrib/opie/libopie/challenge.c b/contrib/opie/libopie/challenge.c index 0f3fec55cf22..fc836aa6cc5d 100644 --- a/contrib/opie/libopie/challenge.c +++ b/contrib/opie/libopie/challenge.c @@ -1,7 +1,7 @@ /* challenge.c: The opiechallenge() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -20,6 +20,9 @@ License Agreement applies to this software. syslog. Add sha plumbing. Modified by cmetz for OPIE 2.2. Use FUNCTION declaration et al. Created at NRL for OPIE 2.2 from opiesubr2.c + +$FreeBSD$ + */ #include "opie_cfg.h" #include <stdio.h> @@ -52,8 +55,6 @@ int opiechallenge FUNCTION((mp, name, ss), struct opie *mp AND char *name AND ch { int rval = -1; - memset(mp, 0, sizeof(*mp)); - rval = opielookup(mp, name); #if DEBUG if (rval) syslog(LOG_DEBUG, "opiechallenge: opielookup(mp, name=%s) returned %d", name, rval); @@ -66,11 +67,11 @@ int opiechallenge FUNCTION((mp, name, ss), struct opie *mp AND char *name AND ch #endif /* DEBUG */ } - if (rval) { + if (rval || + (snprintf(ss, OPIE_CHALLENGE_MAX, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed) >= OPIE_CHALLENGE_MAX)) { opierandomchallenge(ss); memset(mp, 0, sizeof(*mp)); - } else - sprintf(ss, "otp-%s %d %s ext", algids[MDX], mp->opie_n - 1, mp->opie_seed); + } return rval; } diff --git a/contrib/opie/libopie/generator.c b/contrib/opie/libopie/generator.c index eef7cac67f92..d4888f990e3b 100644 --- a/contrib/opie/libopie/generator.c +++ b/contrib/opie/libopie/generator.c @@ -1,7 +1,7 @@ /* generator.c: The opiegenerator() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -9,6 +9,9 @@ you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Added opieauto code based on + previously released test code. Renamed buffer to challenge. + Use struct opie_otpkey for keys. Modified by cmetz for OPIE 2.32. If secret=NULL, always return as if opieauto returned "get the secret". Renamed _opieparsechallenge() to __opieparsechallenge(). Check @@ -33,73 +36,362 @@ $FreeBSD$ #if HAVE_STRING_H #include <string.h> #endif /* HAVE_STRING_H */ +#if OPIEAUTO +#include <errno.h> +#if HAVE_STDLIB_H +#include <stdlib.h> +#endif /* HAVE_STDLIB_H */ +#include <sys/stat.h> + +#include <sys/socket.h> +#include <sys/un.h> +#endif /* OPIEAUTO */ +#if DEBUG +#include <syslog.h> +#endif /* DEBUG */ #include "opie.h" static char *algids[] = { NULL, NULL, NULL, "sha1", "md4", "md5" }; -int opiegenerator FUNCTION((buffer, secret, response), char *buffer AND char *secret AND char *response) +#if OPIEAUTO +#ifndef max +#define max(x, y) (((x) > (y)) ? (x) : (y)) +#endif /* max */ + +static int opieauto_connect FUNCTION_NOARGS +{ + int s; + struct sockaddr_un sun; + char buffer[1024]; + char *c, *c2 ="/.opieauto"; + uid_t myuid = getuid(), myeuid = geteuid(); + + if (!myuid || !myeuid || (myuid != myeuid)) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: superuser and/or setuid not allowed"); +#endif /* DEBUG */ + return -1; + }; + + memset(&sun, 0, sizeof(struct sockaddr_un)); + sun.sun_family = AF_UNIX; + + if (!(c = getenv("HOME"))) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: no HOME variable?"); +#endif /* DEBUG */ + return -1; + }; + + if (strlen(c) > (sizeof(sun.sun_path) - strlen(c2) - 1)) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: HOME is too long: %s", c); +#endif /* DEBUG */ + return -1; + }; + + strcpy(sun.sun_path, c); + strcat(sun.sun_path, c2); + + if ((s = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: socket: %s(%d)", strerror(errno), errno); +#endif /* DEBUG */ + return -1; + }; + + { + struct stat st; + + if (stat(sun.sun_path, &st) < 0) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: stat: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + goto ret; + }; + + if (connect(s, (struct sockaddr *)&sun, sizeof(struct sockaddr_un))) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: connect: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + goto ret; + }; + + if ((st.st_uid != myuid) || (!S_ISSOCK(st.st_mode)) || ((st.st_mode & 07777) != 0600)) { +#if DEBUG + syslog(LOG_DEBUG, "opieauto_connect: something's fishy about the socket\n"); +#endif /* DEBUG */ + goto ret; + }; + }; + + return s; + +ret: + close(s); + return -1; +}; +#endif /* OPIEAUTO */ + +int opiegenerator FUNCTION((challenge, secret, response), char *challenge AND char *secret AND char *response) { int algorithm; int sequence; char *seed; - char key[8]; + struct opie_otpkey key; int i; int exts; +#if OPIEAUTO + int s; + int window; + char cmd[1+1+1+1+4+1+OPIE_SEED_MAX+1+4+1+4+1+4+1+4+1]; + char *c; +#endif /* OPIEAUTO */ - if (!(buffer = strstr(buffer, "otp-"))) + if (!(challenge = strstr(challenge, "otp-"))) return 1; - buffer += 4; + challenge += 4; - if (__opieparsechallenge(buffer, &algorithm, &sequence, &seed, &exts)) + if (__opieparsechallenge(challenge, &algorithm, &sequence, &seed, &exts)) return 1; if ((sequence < 2) || (sequence > 9999)) return 1; - if (!secret[0]) - return 2; + if (*secret) { + if (opiepasscheck(secret)) + return -2; - if (opiepasscheck(secret)) - return -2; + if (i = opiekeycrunch(algorithm, &key, seed, secret)) + return i; + + if (sequence <= OPIE_SEQUENCE_RESTRICT) { + if (!(exts & 1)) + return 1; + + { + char newseed[OPIE_SEED_MAX + 1]; + struct opie_otpkey newkey; + char *c; + char buf[OPIE_SEED_MAX + 48 + 1]; + + while (sequence-- != 0) + opiehash(&key, algorithm); + + if (opienewseed(strcpy(newseed, seed)) < 0) + return -1; + + if (opiekeycrunch(algorithm, &newkey, newseed, secret)) + return -1; - if (i = opiekeycrunch(algorithm, key, seed, secret)) - return i; + for (i = 0; i < 499; i++) + opiehash(&newkey, algorithm); - if (sequence < 10) { - if (!(exts & 1)) - return 1; + strcpy(response, "init-hex:"); + strcat(response, opiebtoh(buf, &key)); + if (snprintf(buf, sizeof(buf), ":%s 499 %s:", algids[algorithm], + newseed) >= sizeof(buf)) { +#ifdef DEBUG + syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at init-hex"); +#endif /* DEBUG */ + return -1; + } + strcat(response, buf); + strcat(response, opiebtoh(buf, &newkey)); + }; + }; + }; + +#if OPIEAUTO + if ((s = opieauto_connect()) >= 0) { + if ((i = read(s, cmd, sizeof(cmd)-1)) < 0) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + close(s); + s = -1; + goto l0; + }; + cmd[i] = 0; + if ((cmd[0] != 'C') || (cmd[1] != '+') || (cmd[2] != ' ')) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: got invalid/failing C+ response: %s\n", cmd); +#endif /* DEBUG */ + close(s); + s = -1; + goto l0; + }; + + window = strtoul(&cmd[3], &c, 10); + if (!window || (window >= (OPIE_SEQUENCE_MAX - OPIE_SEQUENCE_RESTRICT)) || !isspace(*c)) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: got bogus option response: %s\n", cmd); +#endif /* DEBUG */ + close(s); + s = -1; + goto l0; + }; + }; + +l0: + if (*secret) { + int j; + + if (s < 0) { + j = 0; + goto l1; + }; + + j = max(sequence - window + 1, OPIE_SEQUENCE_RESTRICT); + + for (i = j; i > 0; i--) + opiehash(&key, algorithm); { - char newseed[OPIE_SEED_MAX + 1]; - char newkey[8]; - char *c; - char buf[OPIE_SEED_MAX + 48 + 1]; + char buf[16+1]; - while (sequence-- != 0) - opiehash(key, algorithm); + opiebtoa8(buf, &key); - if (opienewseed(strcpy(newseed, seed)) < 0) - return -1; + if (snprintf(cmd, sizeof(cmd), "S= %d %d %s %s\n", algorithm, sequence, + seed, buf) >= sizeof(cmd)) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at S=\n"); +#endif /* DEBUG */ + goto l1; + } + } - if (opiekeycrunch(algorithm, newkey, newseed, secret)) - return -1; + if (write(s, cmd, i = strlen(cmd)) != i) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: write: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + goto l1; + }; - for (i = 0; i < 499; i++) - opiehash(newkey, algorithm); + if ((i = read(s, cmd, sizeof(cmd))) < 0) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + }; + close(s); - strcpy(response, "init-hex:"); - strcat(response, opiebtoh(buf, key)); - sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed); - strcat(response, buf); - strcat(response, opiebtoh(buf, newkey)); + cmd[i] = 0; + i = strlen(seed); + if ((cmd[0] != 'S') || (cmd[1] != '+') || (cmd[2] != ' ') || (strtoul(&cmd[3], &c, 10) != algorithm) || (strtoul(c + 1, &c, 10) != sequence) || strncmp(++c, seed, i) || (*(c + i) != '\n')) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: got invalid/failing S+ response: %s\n", cmd); +#endif /* DEBUG */ }; + +l1: + for (i = sequence - j; i > 0; i--) + opiehash(&key, algorithm); + + opiebtoh(response, &key); } else { + if (s < 0) + goto l2; + + if ((snprintf(cmd, sizeof(cmd), "s= %d %d %s\n", algorithm, sequence, + seed) >= sizeof(cmd))) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: snprintf truncation at s=\n"); +#endif /* DEBUG */ + goto l2; + } + + if (write(s, cmd, i = strlen(cmd)) != i) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: write: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + goto l2; + }; + + if ((i = read(s, cmd, sizeof(cmd))) < 0) { +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: read: %s(%d)\n", strerror(errno), errno); +#endif /* DEBUG */ + goto l2; + }; + close(s); + + i = strlen(seed); + + if ((cmd[0] != 's') || (cmd[2] != ' ') || (strtoul(&cmd[3], &c, 10) != algorithm) || (strtoul(c + 1, &c, 10) != sequence) || strncmp(++c, seed, i)) { +#if DEBUG + if (c) + *c = 0; + else + cmd[3] = 0; + + syslog(LOG_DEBUG, "opiegenerator: got bogus/invalid s response: %s\n", cmd); +#endif /* DEBUG */ + goto l2; + }; + + c += i; + + if (cmd[1] == '-') { +#if DEBUG + if (*c != '\n') { + *c = 0; + syslog(LOG_DEBUG, "opiegenerator: got invalid s- response: %s\n", cmd); + }; +#endif /* DEBUG */ + goto l2; + }; + + if (cmd[1] != '+') { +#if DEBUG + *c = 0; + syslog(LOG_DEBUG, "opiegenerator: got invalid s response: %s\n", cmd); +#endif /* DEBUG */ + goto l2; + }; + + { + char *c2; + + if (!(c2 = strchr(++c, '\n'))) { +#if DEBUG + *c = 0; + syslog(LOG_DEBUG, "opiegenerator: got invalid s+ response: %s\n", cmd); +#endif /* DEBUG */ + goto l2; + }; + + *c2++ = 0; + }; + + if (!opieatob8(&key, c)) + goto l2; + + opiebtoh(response, &key); + }; + + if (s >= 0) + close(s); +#else /* OPIEAUTO */ + if (*secret) { while (sequence-- != 0) - opiehash(key, algorithm); + opiehash(&key, algorithm); - opiebtoh(response, key); - } + opiebtoh(response, &key); + } else + return -2; +#endif /* OPIEAUTO */ return 0; -} + +#if OPIEAUTO +l2: +#if DEBUG + syslog(LOG_DEBUG, "opiegenerator: no opieauto response available.\n"); +#endif /* DEBUG */ + if (s >= 0) + close(s); + + return -2; +#endif /* OPIEAUTO */ +}; diff --git a/contrib/opie/libopie/getsequence.c b/contrib/opie/libopie/getsequence.c index e6c96c5aca0f..77fd5a2d2f75 100644 --- a/contrib/opie/libopie/getsequence.c +++ b/contrib/opie/libopie/getsequence.c @@ -1,7 +1,7 @@ /* getsequence.c: The opiegetsequence() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/getutmpentry.c b/contrib/opie/libopie/getutmpentry.c index 531820eba216..f3afe0c3aa18 100644 --- a/contrib/opie/libopie/getutmpentry.c +++ b/contrib/opie/libopie/getutmpentry.c @@ -1,8 +1,8 @@ /* getutmpentry.c: The __opiegetutmpentry() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. diff --git a/contrib/opie/libopie/hash.c b/contrib/opie/libopie/hash.c index eab170618bbd..babcbfae3aa9 100644 --- a/contrib/opie/libopie/hash.c +++ b/contrib/opie/libopie/hash.c @@ -1,14 +1,15 @@ /* hash.c: The opiehash() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: - Updated by cmetz for OPIE 2.31. Added SHA support (which may + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for binary arg. + Modified by cmetz for OPIE 2.31. Added SHA support (which may not be correct). Backed out previous optimizations as they killed thread-safety. Created by cmetz for OPIE 2.3 using the old hash.c as a guide. @@ -17,31 +18,29 @@ $FreeBSD$ */ #include "opie_cfg.h" -#if 0 -#include "sha.h" -#endif /* 0 */ #include "opie.h" +#include <sha.h> #include <md4.h> #include <md5.h> -VOIDRET opiehash FUNCTION((x, algorithm), VOIDPTR x AND unsigned algorithm) +VOIDRET opiehash FUNCTION((x, algorithm), struct opie_otpkey *x AND +unsigned algorithm) { UINT4 *results = (UINT4 *)x; switch(algorithm) { -#if 0 case 3: { SHA_CTX sha; - SHAInit(&sha); - SHAUpdate(&sha, (unsigned char *)x, 8); - SHAFinal(&sha); - results[0] = sha.buffer[0] ^ sha.buffer[2] ^ sha.buffer[4]; - results[1] = sha.buffer[1] ^ sha.buffer[3]; + UINT4 digest[5]; + SHA1_Init(&sha); + SHA1_Update(&sha, (unsigned char *)x, 8); + SHA1_Final((unsigned char *)digest, &sha); + results[0] = digest[0] ^ digest[2] ^ digest[4]; + results[1] = digest[1] ^ digest[3]; }; break; -#endif /* 0 */ case 4: { MD4_CTX mdx; diff --git a/contrib/opie/libopie/hashlen.c b/contrib/opie/libopie/hashlen.c index 74f1fc63b53a..29d855deaa3b 100644 --- a/contrib/opie/libopie/hashlen.c +++ b/contrib/opie/libopie/hashlen.c @@ -1,13 +1,14 @@ /* hashlen.c: The opiehashlen() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey, isolate variables. Created by cmetz for OPIE 2.3. $FreeBSD$ @@ -16,27 +17,27 @@ $FreeBSD$ #include "opie_cfg.h" #include "opie.h" +#include <sha.h> #include <md4.h> #include <md5.h> -VOIDRET opiehashlen FUNCTION((algorithm, in, out, n), int algorithm AND VOIDPTR in AND VOIDPTR out AND int n) +VOIDRET opiehashlen FUNCTION((algorithm, in, out, n), int algorithm AND +VOIDPTR in AND struct opie_otpkey *out AND int n) { UINT4 *results = (UINT4 *)out; UINT4 mdx_tmp[4]; -#if 0 - SHA_INFO sha; -#endif /* 0 */ switch(algorithm) { -#if 0 - case 3: - sha_init(&sha); - sha_update(&sha, (BYTE *)in, n); - sha_final(&sha); - results[0] = sha.digest[0] ^ sha.digest[2] ^ sha.digest[4]; - results[1] = sha.digest[1] ^ sha.digest[3] ^ sha.digest[5]; + case 3: { + SHA_CTX sha; + UINT4 digest[5]; + SHA1_Init(&sha); + SHA1_Update(&sha, (unsigned char *)in, n); + SHA1_Final((unsigned char *)digest, &sha); + results[0] = digest[0] ^ digest[2] ^ digest[4]; + results[1] = digest[1] ^ digest[3]; break; -#endif /* 0 */ + } case 4: { MD4_CTX mdx; MD4Init(&mdx); diff --git a/contrib/opie/libopie/insecure.c b/contrib/opie/libopie/insecure.c index a7fda7b3cca2..bc61c5457ea3 100644 --- a/contrib/opie/libopie/insecure.c +++ b/contrib/opie/libopie/insecure.c @@ -1,7 +1,7 @@ /* insecure.c: The opieinsecure() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,8 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Do utmp checks on utmpx systems. + Handle unterminated ut_host. Modified by cmetz for OPIE 2.31. Fixed a logic bug. Call endut[x]ent(). Modified by cmetz for OPIE 2.3. Added result caching. Use __opiegetutmpentry(). Ifdef around ut_host check. Eliminate @@ -25,6 +27,9 @@ License Agreement applies to this software. found. Use uname(). Created at NRL for OPIE 2.2 from opiesubr.c. Fixed pointer assignment that should have been a comparison. + +$FreeBSD$ + */ #include "opie_cfg.h" @@ -56,14 +61,16 @@ int opieinsecure FUNCTION_NOARGS char *s; char *term_name; int insecure = 0; -#if HAVE_UT_HOST +#if HAVE_UT_HOST || DOUTMPX struct utmp utmp; -#endif /* HAVE_UT_HOST */ +#endif /* HAVE_UT_HOST || DOUTMPX */ static int result = -1; if (result != -1) return result; + if (getenv("SSH_CLIENT") != NULL) + return (result = 0); display_name = (char *) getenv("DISPLAY"); term_name = (char *) getenv("TERM"); @@ -117,30 +124,34 @@ int opieinsecure FUNCTION_NOARGS return (result = 1); }; -#if HAVE_UT_HOST +#if HAVE_UT_HOST || DOUTMPX if (isatty(0)) { memset(&utmp, 0, sizeof(struct utmp)); { int i = __opiegetutmpentry(ttyname(0), &utmp); endutent(); if (!i && utmp.ut_host[0]) { + char host[sizeof(utmp.ut_host) + 1]; insecure = 1; - if (s = strchr(utmp.ut_host, ':')) { - int n = s - utmp.ut_host; + strncpy(host, utmp.ut_host, sizeof(utmp.ut_host)); + host[sizeof(utmp.ut_host)] = 0; + + if (s = strchr(host, ':')) { + int n = s - host; if (!n) insecure = 0; else if (display_name) { - if (!strncmp(utmp.ut_host, display_name, n)) + if (!strncmp(host, display_name, n)) insecure = 0; -#ifdef SOLARIS +#if 1 /* def SOLARIS */ else - if (s = strchr(utmp.ut_host, ' ')) { + if (s = strchr(host, ' ')) { *s = ':'; if (s = strchr(s + 1, ' ')) *s = '.'; - if (!strncmp(utmp.ut_host, display_name, n)) + if (!strncmp(host, display_name, n)) insecure = 0; } #endif /* SOLARIS */ @@ -149,7 +160,7 @@ int opieinsecure FUNCTION_NOARGS } }; }; -#endif /* HAVE_UT_HOST */ +#endif /* HAVE_UT_HOST || DOUTMPX */ if (insecure) return (result = 1); diff --git a/contrib/opie/libopie/keycrunch.c b/contrib/opie/libopie/keycrunch.c index 94a1a532deec..2ca57e07656a 100644 --- a/contrib/opie/libopie/keycrunch.c +++ b/contrib/opie/libopie/keycrunch.c @@ -1,13 +1,14 @@ /* keycrunch.c: The opiekeycrunch() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for arg. Created by cmetz for OPIE 2.3 using the old keycrunch.c as a guide. */ @@ -23,7 +24,8 @@ you didn't get a copy, you may request one from <license@inner.net>. #include "opie.h" -int opiekeycrunch FUNCTION((algorithm, result, seed, secret), int algorithm AND char *result AND char *seed AND char *secret) +int opiekeycrunch FUNCTION((algorithm, result, seed, secret), int algorithm AND +struct opie_otpkey *result AND char *seed AND char *secret) { int i, rval = -1; char *c; diff --git a/contrib/opie/libopie/lock.c b/contrib/opie/libopie/lock.c index 0f666a6480b2..865d270bb527 100644 --- a/contrib/opie/libopie/lock.c +++ b/contrib/opie/libopie/lock.c @@ -1,7 +1,7 @@ /* lock.c: The opielock() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,7 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Use snprintf. Modified by cmetz for OPIE 2.31. Put locks in a separate dir. Bug fixes. Modified by cmetz for OPIE 2.3. Do refcounts whether or not we @@ -201,7 +202,9 @@ int opielock FUNCTION((principal), char *principal) if (!S_ISREG(statbuf[0].st_mode) || (statbuf[0].st_mode != statbuf[1].st_mode) || (statbuf[0].st_ino != statbuf[1].st_ino)) goto lockret; - sprintf(buffer, "%d\n%d\n", getpid(), time(0)); + if (snprintf(buffer, sizeof(buffer), "%d\n%d\n", getpid(), time(0)) >= sizeof(buffer)) + goto lockret; + i = strlen(buffer) + 1; if (lseek(fh, 0, SEEK_SET)) { close(fh); diff --git a/contrib/opie/libopie/login.c b/contrib/opie/libopie/login.c index ca3914321c85..6c6ca79a37a1 100644 --- a/contrib/opie/libopie/login.c +++ b/contrib/opie/libopie/login.c @@ -1,13 +1,15 @@ /* login.c: The opielogin() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Add support for ut_id and + ut_syslen. Don't zero-terminate ut_name and ut_host. Modified by cmetz for OPIE 2.31. If the OS won't tell us where _PATH_WTMP[X] is, try playing the SVID game, then use Autoconf-discovered values. Fixed gettimeofday() call @@ -38,12 +40,15 @@ you didn't get a copy, you may request one from <license@inner.net>. #endif /* DEBUG */ #include "opie.h" +#define IDLEN 4 + int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *host) { - struct utmp u; int rval = 0; - #if !DISABLE_UTMP + struct utmp u; + char id[IDLEN + 1] = ""; + if (__opiegetutmpentry(line, &u)) { #if DEBUG syslog(LOG_DEBUG, "opielogin: __opiegetutmpentry(line=%s, &u) failed", line); @@ -58,6 +63,11 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h #endif /* DEBUG */ } +#if DOUTMPX || HAVE_UT_ID + strncpy(id, u.ut_id, sizeof(u.ut_id)); + id[sizeof(id)-1] = 0; +#endif /* DOUTMPX || HAVE_UT_ID */ + #if HAVE_UT_TYPE && defined(USER_PROCESS) u.ut_type = USER_PROCESS; #endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */ @@ -67,15 +77,16 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h #if HAVE_UT_NAME strncpy(u.ut_name, name, sizeof(u.ut_name)); - u.ut_name[sizeof(u.ut_name)-1] = 0; #else /* HAVE_UT_NAME */ #error No ut_name field in struct utmp? (Please send in a bug report) #endif /* HAVE_UT_NAME */ #if HAVE_UT_HOST strncpy(u.ut_host, host, sizeof(u.ut_host)); - u.ut_host[sizeof(u.ut_host)-1] = 0; #endif /* HAVE_UT_HOST */ +#if DOUTMPX && HAVE_UTX_SYSLEN + u.ut_syslen = strlen(host) + 1; +#endif /* DOUTMPX && HAVE_UT_SYSLEN */ #if DOUTMPX #ifdef HAVE_ONE_ARG_GETTIMEOFDAY @@ -96,7 +107,7 @@ int opielogin FUNCTION((line, name, host), char *line AND char *name AND char *h #endif /* !DISABLE_UTMP */ dowtmp: - opielogwtmp(line, name, host); + opielogwtmp(line, name, host, id); opielogwtmp(NULL, NULL, NULL); dosetlogin: diff --git a/contrib/opie/libopie/logwtmp.c b/contrib/opie/libopie/logwtmp.c index a42fdec59a2b..873ca9be4b19 100644 --- a/contrib/opie/libopie/logwtmp.c +++ b/contrib/opie/libopie/logwtmp.c @@ -1,7 +1,7 @@ /* logwtmp.c: Put an entry in the wtmp file. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,8 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Set process to dead if name is null. + Added support for ut_id and ut_syslen. Modified by cmetz for OPIE 2.32. Don't leave line=NULL, skip past /dev/ in line. Fill in ut_host on systems with UTMPX and ut_host. @@ -110,7 +112,7 @@ static int fdx = -1; * after first call, for use with ftp (which may chroot * after login, but before logout). */ -VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND char *host) +VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND char *host AND char *id) { #if !DISABLE_WTMP struct utmp ut; @@ -136,8 +138,15 @@ VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND c return; if (fstat(fd, &buf) == 0) { #if HAVE_UT_TYPE && defined(USER_PROCESS) - ut.ut_type = USER_PROCESS; + if (name && *name) + ut.ut_type = USER_PROCESS; + else + ut.ut_type = DEAD_PROCESS; #endif /* HAVE_UT_TYPE && defined(USER_PROCESS) */ +#if HAVE_UT_ID + if (id) + strncpy(ut.ut_id, id, sizeof(ut.ut_id)); +#endif /* HAVE_UT_ID */ #if HAVE_UT_PID ut.ut_pid = getpid(); #endif /* HAVE_UT_PID */ @@ -161,6 +170,18 @@ VOIDRET opielogwtmp FUNCTION((line, name, host), char *line AND char *name AND c strncpy(utx.ut_line, line, sizeof(utx.ut_line)); strncpy(utx.ut_name, name, sizeof(utx.ut_name)); strncpy(utx.ut_host, host, sizeof(utx.ut_host)); +#ifdef USER_PROCESS + if (name && *name) + utx.ut_type = USER_PROCESS; + else + utx.ut_type = DEAD_PROCESS; +#endif /* USER_PROCESS */ + if (id) + strncpy(utx.ut_id, id, sizeof(utx.ut_id)); + utx.ut_pid = getpid(); +#if HAVE_UTX_SYSLEN + utx.ut_syslen = strlen(utx.ut_host) + 1; +#endif /* HAVE_UTX_SYSLEN */ #if HAVE_GETTIMEOFDAY #if HAVE_ONE_ARG_GETTIMEOFDAY gettimeofday(&utx.ut_tv); diff --git a/contrib/opie/libopie/lookup.c b/contrib/opie/libopie/lookup.c index d05e1fa0ec63..3003da7c7380 100644 --- a/contrib/opie/libopie/lookup.c +++ b/contrib/opie/libopie/lookup.c @@ -1,8 +1,8 @@ /* lookup.c: The opielookup() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. diff --git a/contrib/opie/libopie/md4c.c b/contrib/opie/libopie/md4c.c index acc88578b04e..f6adc6756c21 100644 --- a/contrib/opie/libopie/md4c.c +++ b/contrib/opie/libopie/md4c.c @@ -1,7 +1,7 @@ /* md4c.c: "RSA Data Security, Inc. MD4 Message-Digest Algorithm" %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/md5c.c b/contrib/opie/libopie/md5c.c index 09611a5ce825..cdd21e04489a 100644 --- a/contrib/opie/libopie/md5c.c +++ b/contrib/opie/libopie/md5c.c @@ -2,7 +2,7 @@ "derived from the RSA Data Security, Inc. MD5 Message-Digest Algorithm" %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/newseed.c b/contrib/opie/libopie/newseed.c index 23cdce4a936d..f32b075f97d0 100644 --- a/contrib/opie/libopie/newseed.c +++ b/contrib/opie/libopie/newseed.c @@ -1,13 +1,15 @@ /* newseed.c: The opienewseed() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Greatly simplified increment. Now does + not add digits. Reformatted the code. Modified by cmetz for OPIE 2.32. Added syslog.h if DEBUG. Modified by cmetz for OPIE 2.31. Added time.h. Created by cmetz for OPIE 2.22. @@ -37,73 +39,54 @@ $FreeBSD$ int opienewseed FUNCTION((seed), char *seed) { - if (!seed) - return -1; + if (!seed) + return -1; - if (seed[0]) { - int i; - - if ((i = strlen(seed)) >= OPIE_SEED_MIN) { - long j; - char *c; - - if (i > OPIE_SEED_MAX) - i = OPIE_SEED_MAX; + if (seed[0]) { + char *c, *end; + unsigned int i, max; - c = seed + i - 1; + if ((i = strlen(seed)) > OPIE_SEED_MAX) + i = OPIE_SEED_MAX; - while(c != seed) { - if (!isdigit(*c)) - break; - c--; - } + for (c = end = seed + i - 1, max = 1; + (c > seed) && isdigit(*c); c--) + max *= 10; - c++; + if ((i = strtoul(++c, (char **)0, 10)) < max) { + if (++i >= max) + i = 1; - if (j = strtol(c, (char **)0, 10)) { - char buf[OPIE_SEED_MAX]; - - *c = 0; - strcpy(buf, seed); - - if (errno == ERANGE) { - j = 1; - } else { - int k = 1, l = OPIE_SEED_MAX - strlen(buf); - while(l--) k *= 10; - - if (++j >= k) - j = 1; + snprintf(c, end - c, "%d", i); + seed[OPIE_SEED_MAX] = 0; + return 0; + } } - sprintf(seed, "%s%04ld", buf, j); - return 0; - } - } - } + { + time_t now; - { - { - time_t now; - time(&now); - srand(now); - } + time(&now); + srand(now); + } - { - struct utsname utsname; + { + struct utsname utsname; - if (uname(&utsname) < 0) { + if (uname(&utsname) < 0) { #if DEBUG - syslog(LOG_DEBUG, "uname: %s(%d)", strerror(errno), errno); + syslog(LOG_DEBUG, "uname: %s(%d)", strerror(errno), + errno); #endif /* DEBUG */ - utsname.nodename[0] = 'k'; - utsname.nodename[1] = 'e'; - } - utsname.nodename[2] = 0; + utsname.nodename[0] = 'k'; + utsname.nodename[1] = 'e'; + } + utsname.nodename[2] = 0; - sprintf(seed, "%s%04d", utsname.nodename, (rand() % 9999) + 1); - return 0; - } - } + if (snprintf(seed, OPIE_SEED_MAX+1, "%s%04d", utsname.nodename, + (rand() % 9999) + 1) >= OPIE_SEED_MAX+1) + return -1; + return 0; + } } diff --git a/contrib/opie/libopie/open.c b/contrib/opie/libopie/open.c index dac03a8fd05b..c0c76c20fab3 100644 --- a/contrib/opie/libopie/open.c +++ b/contrib/opie/libopie/open.c @@ -1,13 +1,15 @@ /* open.c: The __opieopen() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. More portable way to get the mode + string for fopen. Created by cmetz for OPIE 2.3. */ #include "opie_cfg.h" @@ -51,9 +53,23 @@ FILE *__opieopen FUNCTION((file, rw, mode), char *file AND int rw AND int mode) return NULL; { - char *fmodes[] = { "r", "r+", "a" }; + char *fmode; - if (!(f = fopen(file, fmodes[rw]))) + switch(rw) { + case 0: + fmode = "r"; + break; + case 1: + fmode = "r+"; + break; + case 2: + fmode = "a"; + break; + default: + return NULL; + }; + + if (!(f = fopen(file, fmode))) return NULL; } diff --git a/contrib/opie/libopie/parsechallenge.c b/contrib/opie/libopie/parsechallenge.c index 2035c381b356..2b23a35ca13d 100644 --- a/contrib/opie/libopie/parsechallenge.c +++ b/contrib/opie/libopie/parsechallenge.c @@ -1,13 +1,15 @@ /* parsechallenge.c: The __opieparsechallenge() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Use OPIE_SEQUENCE_MAX, check for + sequence number of zero. Modified by cmetz for OPIE 2.32. Check for extended response sets. Change prefix to double underscore. Created by cmetz for OPIE 2.3 using generator.c as a guide. @@ -48,7 +50,7 @@ int __opieparsechallenge FUNCTION((buffer, algorithm, sequence, seed, exts), cha *algorithm = a->num; } - if ((*sequence = strtoul(++c, &c, 10)) > 9999) + if (((*sequence = strtoul(++c, &c, 10)) > OPIE_SEQUENCE_MAX) || !*sequence) return -1; while(*c && isspace(*c)) c++; diff --git a/contrib/opie/libopie/passcheck.c b/contrib/opie/libopie/passcheck.c index 8bfa87ddb275..140b8fb2638d 100644 --- a/contrib/opie/libopie/passcheck.c +++ b/contrib/opie/libopie/passcheck.c @@ -1,7 +1,7 @@ /* passcheck.c: The opiepasscheck() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/passwd.c b/contrib/opie/libopie/passwd.c index 6bac249d3c7c..1c3b1ab60086 100644 --- a/contrib/opie/libopie/passwd.c +++ b/contrib/opie/libopie/passwd.c @@ -1,8 +1,8 @@ /* passwd.c: The opiepasswd() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. @@ -46,19 +46,19 @@ int opiepasswd FUNCTION((old, flags, principal, n, seed, ks), struct opie *old A opie.opie_seed = seed; if (ks) { - char key[8]; + struct opie_otpkey key; if (flags & OPIEPASSWD_CONSOLE) { - if (opiekeycrunch(MDX, key, seed, ks)) + if (opiekeycrunch(MDX, &key, seed, ks)) return -1; for (i = n; i; i--) - opiehash(key, MDX); - if (!(opie.opie_val = opiebtoa8(opie.opie_buf, key))) + opiehash(&key, MDX); + if (!(opie.opie_val = opiebtoa8(opie.opie_buf, &key))) return -1; } else { - if ((opieetob(key, ks) != 1) && !opieatob8(key, ks)) + if ((opieetob(&key, ks) != 1) && !opieatob8(&key, ks)) return 1; - if (!(opie.opie_val = opiebtoa8(opie.opie_buf, key))) + if (!(opie.opie_val = opiebtoa8(opie.opie_buf, &key))) return 1; } } diff --git a/contrib/opie/libopie/randomchallenge.c b/contrib/opie/libopie/randomchallenge.c index 99b4c4897e7f..7cf18bb54f99 100644 --- a/contrib/opie/libopie/randomchallenge.c +++ b/contrib/opie/libopie/randomchallenge.c @@ -1,7 +1,7 @@ /* randomchallenge.c: The opierandomchallenge() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,7 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Use snprintf(). Modified by cmetz for OPIE 2.32. Initialize algids[] with 0s instead of NULL. Modified by cmetz for OPIE 2.3. Add sha support. @@ -35,11 +36,12 @@ static char *algids[] = { 0, 0, 0, "sha1", "md4", "md5" }; most situations; it is certainly better than a fixed string */ VOIDRET opierandomchallenge FUNCTION((prompt), char *prompt) { - char buf[OPIE_SEED_MAX + 1]; + char buf[OPIE_SEED_MAX+1]; buf[0] = 0; if (opienewseed(buf)) strcpy(buf, "ke4452"); - sprintf(prompt, "otp-%s %d %s ext", algids[MDX], (rand() % 499) + 1, buf); + snprintf(prompt, OPIE_CHALLENGE_MAX+1, "otp-%s %d %s ext", algids[MDX], + (rand() % 499) + 1, buf); } diff --git a/contrib/opie/libopie/readpass.c b/contrib/opie/libopie/readpass.c index 5808f02357cd..bd24b02a4de0 100644 --- a/contrib/opie/libopie/readpass.c +++ b/contrib/opie/libopie/readpass.c @@ -1,7 +1,7 @@ /* readpass.c: The opiereadpass() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/readrec.c b/contrib/opie/libopie/readrec.c index f6361eb51aa1..98ec6589bc1c 100644 --- a/contrib/opie/libopie/readrec.c +++ b/contrib/opie/libopie/readrec.c @@ -1,13 +1,15 @@ /* readrec.c: The __opiereadrec() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Check that seed, sequence number, and + response values are valid. Modified by cmetz for OPIE 2.31. Removed active attack protection support. Fixed a debug message typo. Keep going after bogus records. Set read flag. @@ -57,7 +59,7 @@ static int parserec FUNCTION((opie), struct opie *opie) opie->opie_n = strtoul(c, &c3, 10); - if (*c3) + if (*c3 || (opie->opie_n <= 0) || (opie->opie_n > 9999)) return -1; }; @@ -66,6 +68,10 @@ static int parserec FUNCTION((opie), struct opie *opie) *(c2++) = 0; + for (c = opie->opie_seed; *c; c++) + if (!isalnum(*c)) + return -1; + while(*c2 == ' ') c2++; if (!(c2 = strchr(opie->opie_val = c2, ' '))) @@ -73,6 +79,13 @@ static int parserec FUNCTION((opie), struct opie *opie) *(c2++) = 0; + { + struct opie_otpkey otpkey; + + if (!opieatob8(&otpkey, opie->opie_val)) + return -1; + } + return 0; } diff --git a/contrib/opie/libopie/unlock.c b/contrib/opie/libopie/unlock.c index 4c01a5c121a1..0f607ab43ed0 100644 --- a/contrib/opie/libopie/unlock.c +++ b/contrib/opie/libopie/unlock.c @@ -1,7 +1,7 @@ /* unlock.c: The opieunlock() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/verify.c b/contrib/opie/libopie/verify.c index 990e29340fc8..e6abec4d217a 100644 --- a/contrib/opie/libopie/verify.c +++ b/contrib/opie/libopie/verify.c @@ -1,13 +1,15 @@ /* verify.c: The opieverify() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Use struct opie_otpkey for keys. + Check that seed and sequence number are valid. Modified by cmetz for OPIE 2.32. Renamed _opieparsechallenge() to __opieparsechallenge() and handle new argument. Fixed init response parsing bug. @@ -67,7 +69,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) { int i, rval = -1; char *c; - char key[8], fkey[8], lastkey[8]; + struct opie_otpkey key, fkey, lastkey; struct opie nopie; if (!opie || !response) @@ -80,7 +82,14 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) goto verret; #endif /* DEBUG */ - if (!opieatob8(lastkey, opie->opie_val)) + if (!opieatob8(&lastkey, opie->opie_val)) + goto verret; + + for (c = opie->opie_seed; *c; c++) + if (!isalnum(*c)) + goto verret; + + if (opie->opie_n <= 0) goto verret; if (c = strchr(response, ':')) { @@ -97,33 +106,33 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) case RESPONSE_STANDARD: i = 1; - if (opieetob(key, response) == 1) { - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); - i = memcmp(fkey, lastkey, sizeof(key)); + if (opieetob(&key, response) == 1) { + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); + i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)); } - if (i && opieatob8(key, response)) { - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); - i = memcmp(fkey, lastkey, sizeof(key)); + if (i && opieatob8(&key, response)) { + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); + i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)); } break; case RESPONSE_WORD: i = 1; - if (opieetob(key, c) == 1) { - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); - i = memcmp(fkey, lastkey, sizeof(key)); + if (opieetob(&key, c) == 1) { + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); + i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)); } break; case RESPONSE_HEX: i = 1; - if (opieatob8(key, c)) { - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); - i = memcmp(fkey, lastkey, sizeof(key)); + if (opieatob8(&key, c)) { + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); + i = memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey)); } break; case RESPONSE_INIT_HEX: @@ -137,17 +146,17 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) *(c2++) = 0; if (i == RESPONSE_INIT_HEX) { - if (!opieatob8(key, c)) + if (!opieatob8(&key, c)) goto verret; } else { - if (opieetob(key, c) != 1) + if (opieetob(&key, c) != 1) goto verret; } - memcpy(fkey, key, sizeof(key)); - opiehash(fkey, MDX); + memcpy(&fkey, &key, sizeof(struct opie_otpkey)); + opiehash(&fkey, MDX); - if (memcmp(fkey, lastkey, sizeof(key))) + if (memcmp(&fkey, &lastkey, sizeof(struct opie_otpkey))) goto verret; if (changed(opie)) @@ -155,7 +164,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) opie->opie_n--; - if (!opiebtoa8(opie->opie_val, key)) + if (!opiebtoa8(opie->opie_val, &key)) goto verret; if (__opiewriterec(opie)) @@ -174,10 +183,10 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) } if (i == RESPONSE_INIT_HEX) { - if (!opieatob8(key, c2)) + if (!opieatob8(&key, c2)) goto verret; } else { - if (opieetob(key, c2) != 1) + if (opieetob(&key, c2) != 1) goto verret; } } @@ -201,7 +210,7 @@ int opieverify FUNCTION((opie, response), struct opie *opie AND char *response) opie->opie_n--; verwrt: - if (!opiebtoa8(opie->opie_val, key)) + if (!opiebtoa8(opie->opie_val, &key)) goto verret; rval = __opiewriterec(opie); diff --git a/contrib/opie/libopie/version.c b/contrib/opie/libopie/version.c index ef6523d04b15..2364e7755cb8 100644 --- a/contrib/opie/libopie/version.c +++ b/contrib/opie/libopie/version.c @@ -1,7 +1,7 @@ /* version.c: The opieversion() library function. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/libopie/writerec.c b/contrib/opie/libopie/writerec.c index 084342327b77..5ba53fe08732 100644 --- a/contrib/opie/libopie/writerec.c +++ b/contrib/opie/libopie/writerec.c @@ -1,13 +1,15 @@ /* writerec.c: The __opiewriterec() library function. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Check that seed and sequence number are + valid. Modified by cmetz for OPIE 2.31. Removed active attack protection support. Fixed passwd bug. Created by cmetz for OPIE 2.3 from passwd.c. @@ -30,6 +32,7 @@ you didn't get a copy, you may request one from <license@inner.net>. #if HAVE_STDLIB_H #include <stdlib.h> #endif /* HAVE_STDLIB_H */ +#include <ctype.h> #include "opie.h" char *__opienone = "****************"; @@ -40,6 +43,7 @@ int __opiewriterec FUNCTION((opie), struct opie *opie) time_t now; FILE *f, *f2 = NULL; int i = 0; + char *c; time(&now); if (strftime(buf2, sizeof(buf2), " %b %d,%Y %T", localtime(&now)) < 1) @@ -51,7 +55,14 @@ int __opiewriterec FUNCTION((opie), struct opie *opie) opie->opie_flags = opie2.opie_flags; opie->opie_recstart = opie2.opie_recstart; } - + + for (c = opie->opie_seed; *c; c++) + if (!isalnum(*c)) + return -1; + + if ((opie->opie_n < 0) || (opie->opie_n > 9999)) + return -1; + switch(i) { case 0: if (!(f = __opieopen(KEY_FILE, 1, 0644))) diff --git a/contrib/opie/opie.4 b/contrib/opie/opie.4 index 58fa0d39ae6f..3ac19324a39d 100644 --- a/contrib/opie/opie.4 +++ b/contrib/opie/opie.4 @@ -1,7 +1,7 @@ .\" opie.4: Overview of the OPIE software. .\" .\" %%% portions-copyright-cmetz-96 -.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights .\" Reserved. The Inner Net License Version 2 applies to these portions of .\" the software. .\" You should have received a copy of the license with this software. If @@ -14,6 +14,7 @@ .\" .\" History: .\" +.\" Modified by cmetz for OPIE 2.4. Spelling fixes. .\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation. Removed .\" references to the old square brackets challenge delimiters. .\" Modified at NRL for OPIE 2.01. Updated UNIX trademark credit. @@ -87,7 +88,7 @@ the calculator given the challenge and the secret password. For example, .TP .I seed A piece of information that is used in conjunction with the secret password -and sequence numer to compute the response. Its purpose is to allow the same +and sequence number to compute the response. Its purpose is to allow the same secret password to be used for multiple sequences, by changing the seed, or for authentication to multiple machines by using different seeds. .TP @@ -143,7 +144,7 @@ technique was implemented by Haller, Karn, and Walden at Bellcore. They created a free software package called "S/Key" that used an algorithm called a cryptographic checksum. A cryptographic checksum is a strong one-way function such that, knowing the result of such a function, an attacker still -cannot feasably determine the input. Further, unlike cyclic redundancy +cannot feasibly determine the input. Further, unlike cyclic redundancy checksums (CRCs), cryptographic checksums have few inputs that result in the same output. .LP diff --git a/contrib/opie/opie.h b/contrib/opie/opie.h index 7ac9b2155755..be508c77f73d 100644 --- a/contrib/opie/opie.h +++ b/contrib/opie/opie.h @@ -2,7 +2,7 @@ system that a program might need. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -15,6 +15,9 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Added sequence number limits. Added + struct opie_otpkey and made many functions use it. Added + opiestrncpy(). Include header with libmissing prototypes. Modified by cmetz for OPIE 2.32. Added symbolic flag names for opiepasswd(). Added __opieparsechallenge() prototype. Modified by cmetz for OPIE 2.31. Removed active attack protection. @@ -53,7 +56,9 @@ struct opie { #define __OPIE_FLAGS_READ 2 /* Minimum length of a secret password */ +#ifndef OPIE_SECRET_MIN #define OPIE_SECRET_MIN 10 +#endif /* OPIE_SECRET_MIN */ /* Maximum length of a secret password */ #define OPIE_SECRET_MAX 127 @@ -76,25 +81,47 @@ struct opie { /* Maximum length of a principal (read: user name) */ #define OPIE_PRINCIPAL_MAX 32 -#include <sys/cdefs.h> +/* Maximum sequence number */ +#ifndef OPIE_SEQUENCE_MAX +#define OPIE_SEQUENCE_MAX 9999 +#endif /* OPIE_SEQUENCE_MAX */ + +/* Restricted sequence number */ +#ifndef OPIE_SEQUENCE_RESTRICT +#define OPIE_SEQUENCE_RESTRICT 9 +#endif /* OPIE_SEQUENCE_RESTRICT */ + +#define UINT4 u_int32_t + +struct opie_otpkey { + UINT4 words[2]; +}; + +#ifndef SEEK_SET +#define SEEK_SET 0 +#endif /* SEEK_SET */ + +#ifndef SEEK_END +#define SEEK_END 2 +#endif /* SEEK_END */ __BEGIN_DECLS int opieaccessfile __P((char *)); int rdnets __P((long)); int isaddr __P((register char *)); int opiealways __P((char *)); -char *opieatob8 __P((char *,char *)); +char *opieatob8 __P((struct opie_otpkey *, char *)); void opiebackspace __P((char *)); -char *opiebtoa8 __P((char *,char *)); -char *opiebtoe __P((char *,char *)); -char *opiebtoh __P((char *,char *)); -int opieetob __P((char *,char *)); +char *opiebtoa8 __P((char *, struct opie_otpkey *)); +char *opiebtoe __P((char *, struct opie_otpkey *)); +char *opiebtoh __P((char *, struct opie_otpkey *)); +int opieetob __P((struct opie_otpkey *, char *)); int opiechallenge __P((struct opie *,char *,char *)); int opiegenerator __P((char *,char *,char *)); int opiegetsequence __P((struct opie *)); -void opiehash __P((void *, unsigned)); +void opiehash __P((struct opie_otpkey *, unsigned)); int opiehtoi __P((register char)); -int opiekeycrunch __P((int, char *, char *, char *)); +int opiekeycrunch __P((int, struct opie_otpkey *, char *, char *)); int opielock __P((char *)); int opieunlock __P((void)); void opieunlockaeh __P((void)); @@ -121,7 +148,6 @@ __END_DECLS #define FUNCTION(arglist, args) (args) #define AND , #define FUNCTION_NOARGS () -#define UINT4 u_int32_t __BEGIN_DECLS struct utmp; @@ -133,6 +159,14 @@ int __opiereadrec __P((struct opie *)); int __opiewriterec __P((struct opie *)); int __opieparsechallenge __P((char *buffer, int *algorithm, int *sequence, char **seed, int *exts)); __END_DECLS + +#define opiestrncpy(dst, src, n) \ + do { \ + strncpy(dst, src, n-1); \ + dst[n-1] = 0; \ + } while(0) + +/* #include "missing.h" */ #endif /* _OPIE */ #define OPIEPASSWD_CONSOLE 1 diff --git a/contrib/opie/opie_cfg.h b/contrib/opie/opie_cfg.h index be29b59380db..bd000ae60a33 100644 --- a/contrib/opie/opie_cfg.h +++ b/contrib/opie/opie_cfg.h @@ -1,7 +1,7 @@ /* opie_cfg.h: Various configuration-type pieces of information for OPIE. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,7 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Removed NBBY definition. Modified by cmetz for OPIE 2.32. Include <sys/types.h> before <dirent.h> to make *BSD happy. Modified by cmetz for OPIE 2.31. Added 4.4BSD-Lite pathnames.h @@ -53,8 +54,8 @@ $FreeBSD$ #ifndef _OPIE_CFG_H #define _OPIE_CFG_H 1 -#define VERSION "2.32" -#define DATE "Thursday, January 1, 1998" +#define VERSION "2.4" +#define DATE "Friday, January 19, 2001" #ifndef unix #define unix 1 @@ -165,10 +166,6 @@ $FreeBSD$ #define MOTD_FILE "/etc/motd" #endif -#ifndef NBBY -#define NBBY 8 /* Reasonable for modern systems */ -#endif /* NBBY */ - #ifndef LOGIN_PATH #define LOGIN_PATH "/usr/ucb:/bin:/usr/bin" #endif /* LOGIN_PATH */ diff --git a/contrib/opie/opieaccess.5 b/contrib/opie/opieaccess.5 index 1d8f6f30f4c3..41b1ec0e03b7 100644 --- a/contrib/opie/opieaccess.5 +++ b/contrib/opie/opieaccess.5 @@ -7,11 +7,13 @@ .\" .\" History: .\" +.\" Modified by cmetz for OPIE 2.4. Fixed "0PIE" typo. .\" Written at NRL for OPIE 2.0. .\" .ll 6i .pl 10.5i .\" @(#)opieaccess.5 2.0 (NRL) 1/10/95 +.\" $FreeBSD$ .\" .lt 6.0i .TH OPIEACCESS 5 "January 10, 1995" @@ -61,7 +63,7 @@ mask Mask of the network to match Subnets can be controlled by using the appropriate address and mask. Individual hosts can be controlled by using the appropriate address and a mask of -255.255.255.255. If no rules are matched, the default is to deny non-0PIE +255.255.255.255. If no rules are matched, the default is to deny non-OPIE logins. .SH SEE ALSO diff --git a/contrib/opie/opieftpd.8 b/contrib/opie/opieftpd.8 index 1943ce938a48..b527bd2426ca 100644 --- a/contrib/opie/opieftpd.8 +++ b/contrib/opie/opieftpd.8 @@ -1,5 +1,13 @@ .\" opieftpd.8: Manual page describing the FTP daemon. .\" +.\" %%% portions-copyright-cmetz-98 +.\" Portions of this software are Copyright 1998-1999 by Craig Metz, All Rights +.\" Reserved. The Inner Net License Version 2 applies to these portions of +.\" the software. +.\" You should have received a copy of the license with this software. If +.\" you didn't get a copy, you may request one from <license@inner.net>. +.\" +.\" .\" Portions of this software are Copyright 1995 by Randall Atkinson and Dan .\" McDonald, All Rights Reserved. All Rights under this copyright are assigned .\" to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and @@ -7,6 +15,7 @@ .\" .\" History: .\" +.\" Modified by cmetz for OPIE 2.4. Document -u option. .\" Modified at NRL for OPIE 2.0. .\" Originally from BSD. .\" @@ -59,6 +68,8 @@ opieftpd \- File Transfer Protocol server that uses OPIE authentication .I timeout ] [\-T .I maxtimeout +] [\-u +.I umask ] .SH DESCRIPTION @@ -90,6 +101,9 @@ the maximum period allowed may be set to seconds with the .B \-T option. The default limit is 2 hours. +.B \-u +Set the default umask value to +.I umask. .SH COMMANDS The ftp server currently supports the following ftp requests; case is not distinguished: diff --git a/contrib/opie/opieftpd.c b/contrib/opie/opieftpd.c index 1bace12bd03b..eb6015f4130e 100644 --- a/contrib/opie/opieftpd.c +++ b/contrib/opie/opieftpd.c @@ -1,7 +1,7 @@ /* opieftpd.c: Main program for an FTP daemon. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,8 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Add id parameter to opielogwtmp. Use + opiestrncpy(). Fix incorrect use of setproctitle(). Modified by cmetz for OPIE 2.32. Remove include of dirent.h here; it's done already (and conditionally) in opie_cfg.h. Modified by cmetz for OPIE 2.31. Merged in some 4.4BSD-Lite changes. @@ -243,7 +245,7 @@ static int receive_data __P((FILE *, FILE *)); static char *gunique __P((char *)); static char *sgetsave __P((char *)); -int opielogwtmp __P((char *, char *, char *)); +int opielogwtmp __P((char *, char *, char *, char *)); int fclose __P((FILE *)); @@ -510,7 +512,7 @@ static VOIDRET end_login FUNCTION_NOARGS if (seteuid((uid_t) 0)) syslog(LOG_ERR, "Can't set euid"); if (logged_in) - opielogwtmp(ttyline, "", ""); + opielogwtmp(ttyline, "", "", "ftp"); pw = NULL; logged_in = 0; #if DOANONYMOUS @@ -564,7 +566,7 @@ VOIDRET pass FUNCTION((passwd), char *passwd) /* open wtmp before chroot */ sprintf(ttyline, "ftp%d", getpid()); - opielogwtmp(ttyline, pw->pw_name, remotehost); + opielogwtmp(ttyline, pw->pw_name, remotehost, "ftp"); logged_in = 1; #if DOANONYMOUS @@ -631,10 +633,10 @@ VOIDRET pass FUNCTION((passwd), char *passwd) if (guest) { reply(230, "Guest login ok, access restrictions apply."); #if DOTITLE - snprintf(proctitle, sizeof(proctitle), "%s: anonymous/%s", remotehost, - passwd); - setproctitle("%s", proctitle); -#endif /* DOTITLE */ + setproctitle("%s: anonymous/%.*s", remotehost, + sizeof(proctitle) - sizeof(remotehost) - sizeof(": anonymous/"), + passwd); +#endif /* DOTITLE */ syslog(LOG_NOTICE, "ANONYMOUS FTP login from %s with ID %s", remotehost, passwd); } else @@ -643,9 +645,8 @@ VOIDRET pass FUNCTION((passwd), char *passwd) reply(230, "User %s logged in.", pw->pw_name); #if DOTITLE - snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name); - setproctitle("%s", proctitle); -#endif /* DOTITLE */ + setproctitle("%s: %s", remotehost, pw->pw_name); +#endif /* DOTITLE */ syslog(LOG_INFO, "FTP login from %s with user name %s", remotehost, pw->pw_name); } home = pw->pw_dir; /* home dir for globbing */ @@ -1256,13 +1257,11 @@ static VOIDRET dolog FUNCTION((sin), struct sockaddr_in *sin) time_t t, time(); if (hp) - strncpy(remotehost, hp->h_name, sizeof(remotehost)); + opiestrncpy(remotehost, hp->h_name, sizeof(remotehost)); else - strncpy(remotehost, inet_ntoa(sin->sin_addr), sizeof(remotehost)); - remotehost[sizeof(remotehost) - 1] = '\0'; + opiestrncpy(remotehost, inet_ntoa(sin->sin_addr), sizeof(remotehost)); #if DOTITLE - snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost); - setproctitle("%s", proctitle); + setproctitle("%s: connected", remotehost); #endif /* DOTITLE */ t = time((time_t *) 0); @@ -1280,7 +1279,7 @@ VOIDRET dologout FUNCTION((status), int status) if (logged_in) { if (seteuid((uid_t) 0)) syslog(LOG_ERR, "Can't set euid"); - opielogwtmp(ttyline, "", ""); + opielogwtmp(ttyline, "", "", "ftp"); } /* beware of flushing buffers after a SIGPIPE */ _exit(status); diff --git a/contrib/opie/opiegen.1 b/contrib/opie/opiegen.1 index 3326ad055ebe..9bc171b18dc1 100644 --- a/contrib/opie/opiegen.1 +++ b/contrib/opie/opiegen.1 @@ -1,7 +1,7 @@ .\" opiegen.1: Manual page for the opiegen(1) program. .\" .\" %%% portions-copyright-cmetz-96 -.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights .\" Reserved. The Inner Net License Version 2 applies to these portions of .\" the software. .\" You should have received a copy of the license with this software. If @@ -14,6 +14,7 @@ .\" .\" History: .\" +.\" Modified by cmetz for OPIE 2.4. Fixed *roff bug. .\" Created by cmetz for OPIE 2.2 from opiekey.1. .\" .ll 6i @@ -56,7 +57,8 @@ wintermute$ .BR opiegen(1) can lull a user into revealing his/her password when remotely logged in, thus defeating the purpose of OPIE. This is especially a problem with xterm. -.BR opiegen(1) implements simple checks to reduce the risk of a user making +.BR opiegen(1) +implements simple checks to reduce the risk of a user making this mistake. Better checks are needed. .LP diff --git a/contrib/opie/opiegen.c b/contrib/opie/opiegen.c index 0cced9872e2b..d48ee0932890 100644 --- a/contrib/opie/opiegen.c +++ b/contrib/opie/opiegen.c @@ -2,7 +2,7 @@ library routine. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/contrib/opie/opieinfo.1 b/contrib/opie/opieinfo.1 index 0b094554d9c9..41cdebe8dec4 100644 --- a/contrib/opie/opieinfo.1 +++ b/contrib/opie/opieinfo.1 @@ -1,7 +1,7 @@ .\" opieinfo.1: Manual page for the opieinfo(1) program. .\" .\" %%% portions-copyright-cmetz-96 -.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights .\" Reserved. The Inner Net License Version 2 applies to these portions of .\" the software. .\" You should have received a copy of the license with this software. If diff --git a/contrib/opie/opieinfo.c b/contrib/opie/opieinfo.c index d667a9ae6d04..09f9784241d8 100644 --- a/contrib/opie/opieinfo.c +++ b/contrib/opie/opieinfo.c @@ -2,7 +2,7 @@ opieinfo: Print a user's current OPIE sequence number and seed %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -29,29 +29,34 @@ License Agreement applies to this software. Modified at NRL for OPIE 2.0. Written at Bellcore for the S/Key Version 1 software distribution (keyinfo) + +$FreeBSD$ + */ #include "opie_cfg.h" +#include <sys/param.h> +#include <errno.h> #include <stdio.h> +#include <string.h> #if HAVE_UNISTD_H #include <unistd.h> #endif /* HAVE_UNISTD_H */ -#if HAVE_PWD_H -#include <pwd.h> -#endif /* HAVE_PWD_H */ #include "opie.h" /* extern char *optarg; */ -extern int errno, optind; +/* extern int errno, optind; */ static char *getusername FUNCTION_NOARGS { - struct passwd *p = getpwuid(getuid()); - - if (!p) - return getlogin(); + char *login; - return p->pw_name; + login = getlogin(); + if (login == NULL) { + fprintf(stderr, "Cannot find login name\n"); + exit(1); + } + return login; } int main FUNCTION((argc, argv), int argc AND char *argv[]) @@ -71,11 +76,20 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) } } - if (optind < argc) + if (optind < argc) { + if (getuid() != 0) { + fprintf(stderr, "Only superuser may get another user's keys\n"); + exit(1); + } username = argv[optind]; - else + } else username = getusername(); + if (strlen(username) >= MAXLOGNAME) { + fprintf(stderr, "Username too long.\n"); + exit(1); + } + if ((i = opielookup(&opie, username)) && (i != 2)) { if (i < 0) fprintf(stderr, "Error opening database! (errno = %d)\n", errno); diff --git a/contrib/opie/opiekey.1 b/contrib/opie/opiekey.1 index 92a73ea61f93..1f6e35ec02ff 100644 --- a/contrib/opie/opiekey.1 +++ b/contrib/opie/opiekey.1 @@ -1,7 +1,7 @@ .\" opiekey.1: Manual page for the opiekey(1) program. .\" .\" %%% portions-copyright-cmetz-96 -.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights .\" Reserved. The Inner Net License Version 2 applies to these portions of .\" the software. .\" You should have received a copy of the license with this software. If @@ -91,7 +91,7 @@ build of OPIE. .TP .B \-a Allows you to input an arbitrary secret pass phrase, instead of running checks -against it. Arbitrary currently does not include '\0' or '\n' characters. This +against it. Arbitrary currently does not include '\\0' or '\\n' characters. This can be used for backwards compatibility with key generators that do not check passwords. .TP diff --git a/contrib/opie/opiekey.c b/contrib/opie/opiekey.c index 44054aac3ed7..20ba658710ee 100644 --- a/contrib/opie/opiekey.c +++ b/contrib/opie/opiekey.c @@ -5,7 +5,7 @@ and outputs a response. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -18,6 +18,7 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks. Modified by cmetz for OPIE 2.31. Renamed "init" and RESPONSE_INIT to "init-hex" and RESPONSE_INIT_HEX. Removed active attack protection support. @@ -35,6 +36,9 @@ License Agreement applies to this software. Modified at NRL for OPIE 2.0. Written at Bellcore for the S/Key Version 1 software distribution (skey.c). + +$FreeBSD$ + */ #include "opie_cfg.h" @@ -132,13 +136,13 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) int i; int count = 1; char secret[OPIE_SECRET_MAX + 1], newsecret[OPIE_SECRET_MAX + 1]; - char key[8], newkey[8]; + struct opie_otpkey key, newkey; char *seed, newseed[OPIE_SEED_MAX + 1]; char response[OPIE_RESPONSE_MAX + 1]; char *slash; int hex = 0; int type = RESPONSE_STANDARD; - int force; + int force = 0; if (slash = strchr(argv[0], '/')) slash++; @@ -263,13 +267,13 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) goto error; } - if (opiekeycrunch(algorithm, newkey, newseed, newsecret)) { + if (opiekeycrunch(algorithm, &newkey, newseed, newsecret)) { fprintf(stderr, "%s: key crunch failed (1)\n", argv[0]); goto error; } for (i = 0; i < 499; i++) - opiehash(newkey, algorithm); + opiehash(&newkey, algorithm); } else #if RETYPE getsecret(secret, "", 1); @@ -278,13 +282,13 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) #endif /* RETYPE */ /* Crunch seed and secret password into starting key normally */ - if (opiekeycrunch(algorithm, key, seed, secret)) { + if (opiekeycrunch(algorithm, &key, seed, secret)) { fprintf(stderr, "%s: key crunch failed\n", argv[0]); goto error; } for (i = 0; i <= (keynum - count); i++) - opiehash(key, algorithm); + opiehash(&key, algorithm); { char buf[OPIE_SEED_MAX + 48 + 1]; @@ -297,37 +301,37 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) switch(type) { case RESPONSE_STANDARD: if (hex) - opiebtoh(response, key); + opiebtoh(response, &key); else - opiebtoe(response, key); + opiebtoe(response, &key); break; case RESPONSE_WORD: strcpy(response, "word:"); - strcat(response, opiebtoe(buf, key)); + strcat(response, opiebtoe(buf, &key)); break; case RESPONSE_HEX: strcpy(response, "hex:"); - strcat(response, opiebtoh(buf, key)); + strcat(response, opiebtoh(buf, &key)); break; case RESPONSE_INIT_HEX: case RESPONSE_INIT_WORD: if (type == RESPONSE_INIT_HEX) { strcpy(response, "init-hex:"); - strcat(response, opiebtoh(buf, key)); + strcat(response, opiebtoh(buf, &key)); sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed); strcat(response, buf); - strcat(response, opiebtoh(buf, newkey)); + strcat(response, opiebtoh(buf, &newkey)); } else { strcpy(response, "init-word:"); - strcat(response, opiebtoe(buf, key)); + strcat(response, opiebtoe(buf, &key)); sprintf(buf, ":%s 499 %s:", algids[algorithm], newseed); strcat(response, buf); - strcat(response, opiebtoe(buf, newkey)); + strcat(response, opiebtoe(buf, &newkey)); } break; } puts(response); - opiehash(key, algorithm); + opiehash(&key, algorithm); } } diff --git a/contrib/opie/opielogin.1 b/contrib/opie/opielogin.1 index 7fdeb642e097..0ee2c85538c3 100644 --- a/contrib/opie/opielogin.1 +++ b/contrib/opie/opielogin.1 @@ -1,7 +1,7 @@ .\" opielogin.1: Manual page for the opielogin(1) program. .\" .\" %%% portions-copyright-cmetz-96 -.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights .\" Reserved. The Inner Net License Version 2 applies to these portions of .\" the software. .\" You should have received a copy of the license with this software. If diff --git a/contrib/opie/opielogin.c b/contrib/opie/opielogin.c index 8ca8de075866..1e5a8af89d3e 100644 --- a/contrib/opie/opielogin.c +++ b/contrib/opie/opielogin.c @@ -1,7 +1,7 @@ /* opielogin.c: The infamous /bin/login %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,13 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Omit "/dev/" in lastlog entry. + Don't chdir for invalid users. Fixed bug where getloginname() + didn't actually change spaces to underscores. Use struct + opie_key for key blocks. Do the home directory chdir() after + doing the setuid() in case we're on superuser-mapped NFS. + Initialize some variables explicitly. Call opieverify() if + login times out. Use opiestrncpy(). Modified by cmetz for OPIE 2.32. Partially handle environment variables on the command line (a better implementation is coming soon). Handle failure to issue a challenge more @@ -157,13 +164,13 @@ License Agreement applies to this software. static int rflag = 0; static int usererr = -1; -static int stopmotd; +static int stopmotd = 0; static char rusername[NMAX + 1]; static char name[NMAX + 1] = ""; static char minusnam[16] = "-"; static char *envinit[1]; /* now set by setenv calls */ -static char term[64] = "\0"; /* important to initialise to a NULL string */ -static char host[HMAX + 1] = "\0"; +static char term[64] = ""; /* important to initialise to a NULL string */ +static char host[HMAX + 1] = ""; static struct passwd nouser; static struct passwd thisuser; @@ -208,6 +215,9 @@ static void getstr __P((char *, int, char *)); #undef TRUE #define TRUE -1 +static int need_opieverify = 0; +static struct opie opie; + #ifdef TIOCSWINSZ /* Windowing variable relating to JWINSIZE/TIOCSWINSZ/TIOCGWINSZ. This is available on BSDish systems and at least Solaris 2.x, but portability to @@ -276,8 +286,7 @@ lookupuserbad: static VOIDRET getloginname FUNCTION_NOARGS { - register char *namep; - char c, d; + char *namep, d; int flags; static int first = 1; @@ -291,7 +300,7 @@ static VOIDRET getloginname FUNCTION_NOARGS flags = 4; first--; } else - printf("%s", ttyprompt); + printf(ttyprompt); } else printf("login: "); fflush(stdout); @@ -302,8 +311,8 @@ static VOIDRET getloginname FUNCTION_NOARGS exit(0); } for (namep = name; *namep; namep++) { - if (c == ' ') - c = '_'; + if (*namep == ' ') + *namep = '_'; } } } @@ -313,6 +322,10 @@ static VOIDRET timedout FUNCTION((i), int i) /* input variable declared just to keep the compiler quiet */ printf("Login timed out after %d seconds\n", timeout); syslog(LOG_CRIT, "Login timed out after %d seconds!", timeout); + + if (need_opieverify) + opieverify(&opie, NULL); + exit(0); } @@ -632,7 +645,6 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) { extern char **environ; register char *namep; - struct opie opie; int invalid, quietlog; FILE *nlfd; @@ -643,7 +655,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) char *p; char opieprompt[OPIE_CHALLENGE_MAX + 1]; int af_pwok; - int authsok; + int authsok = 0; char *pp; char buf[256]; int uid; @@ -651,7 +663,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) #ifndef DEBUG if (geteuid()) { - fprintf(stderr, "This program requires super-user priveleges.\n"); + fprintf(stderr, "This program requires super-user privileges.\n"); exit(1); } #endif /* DEBUG */ @@ -669,7 +681,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) #ifdef DEBUG syslog(LOG_DEBUG, "environment TERM=%s", p); #endif /* DEBUG */ - strncpy(term, p, sizeof(term)); + opiestrncpy(term, p, sizeof(term)); }; memset(&nouser, 0, sizeof(nouser)); @@ -696,13 +708,9 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) #endif #ifdef DEBUG - { - int foo; - - syslog(LOG_DEBUG, "my args are: (argc=%d)", foo = argc); - while (--foo) - syslog(LOG_DEBUG, "%d: %s", foo, argv[foo]); - } + syslog(LOG_DEBUG, "my args are: (argc=%d)", i = argc); + while (--i) + syslog(LOG_DEBUG, "%d: %s", i, argv[i]); #endif /* DEBUG */ /* Implement our own getopt()-like functionality, but do so in a much more @@ -742,7 +750,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) if (!doremotelogin(ouroptarg)) rflag = 1; - strncpy(host, ouroptarg, sizeof(host)); + opiestrncpy(host, ouroptarg, sizeof(host)); break; case 'h': @@ -759,7 +767,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) if (!(ouroptarg = argv[ouroptind])) exit(1); - strncpy(host, ouroptarg, sizeof(host)); + opiestrncpy(host, ouroptarg, sizeof(host)); } break; @@ -776,7 +784,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) if (!(ouroptarg = argv[ouroptind])) exit(1); - strncpy(name, ouroptarg, sizeof(name)); + opiestrncpy(name, ouroptarg, sizeof(name)); break; case 'p': pflag = 1; @@ -788,8 +796,8 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) if (strchr(argv[ouroptind], '=')) { if (!strncmp(argv[ouroptind], "TERM=", 5)) { - strncpy(term, &(argv[ouroptind][5]), sizeof(term)); - term[sizeof(term) - 1] = 0; + opiestrncpy(term, &(argv[ouroptind][5]), sizeof(term)); + #ifdef DEBUG syslog(LOG_DEBUG, "passed TERM=%s, ouroptind = %d", term, ouroptind); #endif /* DEBUG */ @@ -801,7 +809,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) continue; }; - strncpy(name, argv[ouroptind], sizeof(name)); + opiestrncpy(name, argv[ouroptind], sizeof(name)); }; #ifdef TIOCNXCL @@ -1088,6 +1096,7 @@ completeness, but these are set within appropriate defines for portability. */ /* Attempt a one-time password challenge */ i = opiechallenge(&opie, name, opieprompt); + need_opieverify = TRUE; if ((i < 0) || (i > 1)) { syslog(LOG_ERR, "error: opiechallenge() returned %d, errno=%d!\n", i, errno); @@ -1126,7 +1135,7 @@ completeness, but these are set within appropriate defines for portability. */ if (!opiereadpass(buf, sizeof(buf), !(authsok & 2))) invalid = TRUE; #else /* NEW_PROMPTS */ - if (!(authsok & 1) && authsok) + if ((authsok & 3) == 1) printf("(OTP response required)\n"); printf("Password:"); fflush(stdout); @@ -1150,6 +1159,7 @@ completeness, but these are set within appropriate defines for portability. */ if (authsok & 1) { i = opiegetsequence(&opie); opiepassed = !opieverify(&opie, buf); + need_opieverify = 0; #ifdef DEBUG syslog(LOG_DEBUG, "opiepassed = %d", opiepassed); @@ -1209,15 +1219,6 @@ completeness, but these are set within appropriate defines for portability. */ } if (*thisuser.pw_shell == '\0') thisuser.pw_shell = "/bin/sh"; - if ((chdir(thisuser.pw_dir) < 0) && !invalid) { - if (chdir("/") < 0) { - printf("No directory!\n"); - invalid = TRUE; - } else { - printf("No directory! %s\n", "Logging in with HOME=/"); - strcpy(thisuser.pw_dir, "/"); - } - } /* Remote login invalid must have been because of a restriction of some sort, no extra chances. */ if (invalid) { @@ -1271,8 +1272,11 @@ completeness, but these are set within appropriate defines for portability. */ lseek(f, (long)thisuser.pw_uid * sizeof(struct lastlog), 0); time(&ll.ll_time); - strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); - strncpy(ll.ll_host, host, sizeof(ll.ll_host)); + if (!strncmp(tty, "/dev/", 5)) + opiestrncpy(ll.ll_line, tty + 5, sizeof(ll.ll_line)); + else + opiestrncpy(ll.ll_line, tty, sizeof(ll.ll_line)); + opiestrncpy(ll.ll_host, host, sizeof(ll.ll_host)); write(f, (char *) &ll, sizeof ll); close(f); } @@ -1312,6 +1316,21 @@ interested in hearing of a more portable approach. rja */ environ = envinit; setenv("HOME", thisuser.pw_dir, 1); setenv("SHELL", thisuser.pw_shell, 1); + + if (chdir(thisuser.pw_dir) < 0) { +#if DEBUG + syslog(LOG_DEBUG, "chdir(%s): %s(%d)", thisuser.pw_dir, strerror(errno), + errno); +#endif /* DEBUG */ + if (chdir("/") < 0) { + printf("No directory!\n"); + invalid = TRUE; + } else { + printf("No directory! %s\n", "Logging in with HOME=/"); + strcpy(thisuser.pw_dir, "/"); + } + } + if (!term[0]) { #if HAVE_GETTTYNAM /* @@ -1328,7 +1347,7 @@ interested in hearing of a more portable approach. rja */ c = tty; if (t = getttynam(c)) - strncpy(term, t->ty_type, sizeof(term)); + opiestrncpy(term, t->ty_type, sizeof(term)); else #endif /* HAVE_GETTTYNAM */ strcpy(term, "unknown"); @@ -1407,8 +1426,7 @@ interested in hearing of a more portable approach. rja */ char buf[128]; int len; - strncpy(buf, PATH_MAIL, sizeof(buf) - 2); - buf[sizeof(buf) - 2] = 0; + opiestrncpy(buf, PATH_MAIL, sizeof(buf) - 2); len = strlen(buf); if (*(buf + len - 1) != '/') { diff --git a/contrib/opie/opiepasswd.1 b/contrib/opie/opiepasswd.1 index d3fc5e32e2c4..5ce6cb010b4f 100644 --- a/contrib/opie/opiepasswd.1 +++ b/contrib/opie/opiepasswd.1 @@ -1,7 +1,7 @@ .\" opiepasswd.1: Manual page for the opiepasswd(1) program. .\" .\" %%% portions-copyright-cmetz-96 -.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights .\" Reserved. The Inner Net License Version 2 applies to these portions of .\" the software. .\" You should have received a copy of the license with this software. If @@ -14,6 +14,7 @@ .\" .\" History: .\" +.\" Modified by cmetz for OPIE 2.4. Fixed spelling bug. .\" Modified by cmetz for OPIE 2.3. Added -f flag documentation. .\" Updated console example. .\" Modified by cmetz for OPIE 2.2. Removed MJR DES documentation. @@ -36,7 +37,7 @@ system. [\-v] [\-h] [\-c|\-d] [\-f] .sp 0 [\-n -.I inital_sequence_number +.I initial_sequence_number ] [\-s .I seed diff --git a/contrib/opie/opiepasswd.c b/contrib/opie/opiepasswd.c index 9cccb997aeb9..2e2358ada07a 100644 --- a/contrib/opie/opiepasswd.c +++ b/contrib/opie/opiepasswd.c @@ -1,7 +1,7 @@ /* opiepasswd.c: Add/change an OTP password in the key database. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,8 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks. + Use opiestrncpy(). Modified by cmetz for OPIE 2.32. Use OPIE_SEED_MAX instead of hard coding the length. Unlock user on failed lookup. Modified by cmetz for OPIE 2.3. Got of some variables and made some @@ -41,6 +43,8 @@ License Agreement applies to this software. Modified heavily at NRL for OPIE 2.0. Written at Bellcore for the S/Key Version 1 software distribution (skeyinit.c). + + $FreeBSD$ */ #include "opie_cfg.h" @@ -95,12 +99,13 @@ static VOIDRET finish FUNCTION((name), char *name) } printf("OTP key is %d %s\n", opie.opie_n, opie.opie_seed); { - char key[8]; - if (!opieatob8(key, opie.opie_val)) { + struct opie_otpkey key; + + if (!opieatob8(&key, opie.opie_val)) { fprintf(stderr, "Error verifying key -- possible database corruption.\n"); finish(NULL); } - printf("%s\n", opiebtoe(buf, key)); + printf("%s\n", opiebtoe(buf, &key)); } } @@ -117,7 +122,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) memset(seed, 0, sizeof(seed)); - if (!(pp = getpwuid(getuid()))) { + if (!(pp = getpwnam(getlogin()))) { fprintf(stderr, "Who are you?"); return 1; } @@ -154,8 +159,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) OPIE_SEED_MIN, OPIE_SEED_MAX); finish(NULL); } - strncpy(seed, optarg, sizeof(seed)); - seed[sizeof(seed) - 1] = 0; + opiestrncpy(seed, optarg, sizeof(seed)); break; default: usage(argv[0]); @@ -240,7 +244,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) { char *c; if (c = strrchr(tmp, ' ')) - strncpy(oseed, c + 1, sizeof(oseed)); + opiestrncpy(oseed, c + 1, sizeof(oseed)); else { #if DEBUG fprintf(stderr, "opiepasswd: bogus challenge\n"); @@ -276,7 +280,7 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) { char *c; if (c = strrchr(tmp, ' ')) - strncpy(nseed, c + 1, sizeof(nseed)); + opiestrncpy(nseed, c + 1, sizeof(nseed)); else { #if DEBUG fprintf(stderr, "opiepasswd: bogus challenge\n"); @@ -347,18 +351,18 @@ int main FUNCTION((argc, argv), int argc AND char *argv[]) finish(NULL); } { - char key[8]; + struct opie_otpkey key; char tbuf[OPIE_RESPONSE_MAX + 1]; - if (opiekeycrunch(MDX, key, opie.opie_seed, passwd) != 0) { + if (opiekeycrunch(MDX, &key, opie.opie_seed, passwd) != 0) { fprintf(stderr, "%s: key crunch failed. Secret pass phrase unchanged\n", argv[0]); finish(NULL); } memset(passwd, 0, sizeof(passwd)); i = opie.opie_n - 1; while (i-- != 0) - opiehash(key, MDX); - opiebtoe(tbuf, key); + opiehash(&key, MDX); + opiebtoe(tbuf, &key); if (opieverify(&opie, tbuf)) { fprintf(stderr, "Sorry.\n"); finish(NULL); diff --git a/contrib/opie/opieserv.1 b/contrib/opie/opieserv.1 index 021228d67ac0..7007f432b775 100644 --- a/contrib/opie/opieserv.1 +++ b/contrib/opie/opieserv.1 @@ -1,7 +1,7 @@ .\" opieserv.1: Manual page for the opieserv(1) program. .\" .\" %%% portions-copyright-cmetz-96 -.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights .\" Reserved. The Inner Net License Version 2 applies to these portions of .\" the software. .\" You should have received a copy of the license with this software. If diff --git a/contrib/opie/opieserv.c b/contrib/opie/opieserv.c index 1626a786d8fd..db5c66b0189b 100644 --- a/contrib/opie/opieserv.c +++ b/contrib/opie/opieserv.c @@ -2,8 +2,8 @@ opieverify() library routines. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. diff --git a/contrib/opie/opiesu.1 b/contrib/opie/opiesu.1 index cbb15bd37469..29f553a25b62 100644 --- a/contrib/opie/opiesu.1 +++ b/contrib/opie/opiesu.1 @@ -1,7 +1,7 @@ .\" opiesu.c: Manual page for the opiesu(1) program. .\" .\" %%% portions-copyright-cmetz-96 -.\" Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +.\" Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights .\" Reserved. The Inner Net License Version 2 applies to these portions of .\" the software. .\" You should have received a copy of the license with this software. If diff --git a/contrib/opie/opiesu.c b/contrib/opie/opiesu.c index e2bbdb807537..329679fcc61f 100644 --- a/contrib/opie/opiesu.c +++ b/contrib/opie/opiesu.c @@ -1,7 +1,7 @@ /* opiesu.c: main body of code for the su(1m) program %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -14,6 +14,8 @@ License Agreement applies to this software. History: + Modified by cmetz for OPIE 2.4. Check euid on startup. Use + opiestrncpy(). Modified by cmetz for OPIE 2.32. Set up TERM and PATH correctly. Modified by cmetz for OPIE 2.31. Fix sulog(). Replaced Getlogin() with currentuser. Fixed fencepost error in month printed by sulog(). @@ -302,6 +304,7 @@ again: argv++; } + { struct passwd *pwd; char *p = getlogin(); @@ -314,14 +317,12 @@ again: #endif /* HAVE_SULOG */ exit(1); } - strncpy(buf, pwd->pw_name, sizeof(buf)-1); - buf[sizeof(buf)-1] = 0; + opiestrncpy(buf, pwd->pw_name, sizeof(buf)); if (!p) p = "unknown"; - strncpy(currentuser, p, 31); - currentuser[31] = 0; + opiestrncpy(currentuser, p, 31); if (p && *p && strcmp(currentuser, buf)) { strcat(currentuser, "("); @@ -338,6 +339,15 @@ again: exit(1); } + if (geteuid()) { + syslog(LOG_CRIT, "'%s' failed for %s on %s: not running with superuser priveleges", argvbuf, currentuser, ttyname(2)); +#if HAVE_SULOG + sulog(0, NULL); +#endif /* HAVE_SULOG */ + fprintf(stderr, "You do not have permission to su %s\n", user); + exit(1); + }; + /* Implement the BSD "wheel group" su restriction. */ #if DOWHEEL /* Only allow those in group zero to su to root? */ diff --git a/contrib/opie/opietest.c b/contrib/opie/opietest.c index 91a7e9525271..004d2647b948 100644 --- a/contrib/opie/opietest.c +++ b/contrib/opie/opietest.c @@ -9,13 +9,14 @@ on your system. The converse is not such a safe statement. %%% copyright-cmetz-96 -This software is Copyright 1996-1998 by Craig Metz, All Rights Reserved. -The Inner Net License Version 2 applies to this software. +This software is Copyright 1996-2001 by Craig Metz, All Rights Reserved. +The Inner Net License Version 3 applies to this software. You should have received a copy of the license with this software. If you didn't get a copy, you may request one from <license@inner.net>. History: + Modified by cmetz for OPIE 2.4. Use struct opie_key for key blocks. Modified by cmetz for OPIE 2.31. Added a couple of new checks, removed a few commented-out checks for functions that no longer exist, added test-skip capability. @@ -34,12 +35,13 @@ char buffer[1024]; int testatob8() { static char testin[] = "0123456789abcdef"; - static unsigned char testout[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; - - if (!opieatob8(buffer, testin)) + static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; + struct opie_otpkey key; + + if (!opieatob8(&key, testin)) return -1; - if (memcmp(buffer, testout, sizeof(testout))) + if (memcmp(&key, testout, sizeof(testout))) return -1; return 0; @@ -47,10 +49,13 @@ int testatob8() int testbtoa8() { - static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; + static unsigned char testin[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; static char testout[] = "0123456789abcdef"; + struct opie_otpkey testin_aligned; + + memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey)); - if (!opiebtoa8(buffer, testin)) + if (!opiebtoa8(buffer, &testin_aligned)) return -1; if (memcmp(buffer, testout, sizeof(testout))) @@ -61,10 +66,13 @@ int testbtoa8() int testbtoe() { - static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; + static unsigned char testin[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; static char testout[] = "AIM HEW BLUM FED MITE WARM"; + struct opie_otpkey testin_aligned; + + memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey)); - if (!opiebtoe(buffer, testin)) + if (!opiebtoe(buffer, &testin_aligned)) return -1; if (memcmp(buffer, testout, sizeof(testout))) @@ -76,12 +84,13 @@ int testbtoe() int testetob() { static char testin[] = "AIM HEW BLUM FED MITE WARM"; - static unsigned char testout[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; + static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; + struct opie_otpkey key; - if (opieetob(buffer, testin) != 1) + if (opieetob(&key, testin) != 1) return -1; - if (memcmp(buffer, testout, sizeof(testout))) + if (memcmp(&key, testout, sizeof(testout))) return -1; return 0; @@ -116,12 +125,15 @@ int testgetsequence() int testhashmd4() { - static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; - static unsigned char testout[] = { 0x9f, 0x40, 0xfb, 0x84, 0xb, 0xf8, 0x7f, 0x4b }; + static unsigned char testin[sizeof(struct opie_otpkey)] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; + static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x9f, 0x40, 0xfb, 0x84, 0xb, 0xf8, 0x7f, 0x4b }; + struct opie_otpkey testin_aligned; - opiehash(testin, 4); + memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey)); - if (memcmp(testin, testout, sizeof(testout))) + opiehash(&testin_aligned, 4); + + if (memcmp(&testin_aligned, testout, sizeof(struct opie_otpkey))) return -1; return 0; @@ -131,10 +143,13 @@ int testhashmd5() { static unsigned char testin[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef }; static unsigned char testout[] = { 0x78, 0xdd, 0x1a, 0x37, 0xf8, 0x91, 0x54, 0xe1 }; + struct opie_otpkey testin_aligned; + + memcpy(&testin_aligned, testin, sizeof(struct opie_otpkey)); - opiehash(testin, 5); + opiehash(&testin_aligned, 5); - if (memcmp(testin, testout, sizeof(testout))) + if (memcmp(&testin_aligned, testout, sizeof(struct opie_otpkey))) return -1; return 0; @@ -151,12 +166,13 @@ int testkeycrunch() { static char testin1[] = "ke1234"; static char testin2[] = "this is a test"; - static unsigned char testout[] = { 0x2e, 0xd3, 0x5d, 0x74, 0x3e, 0xa9, 0xe9, 0xe8 }; + static unsigned char testout[sizeof(struct opie_otpkey)] = { 0x2e, 0xd3, 0x5d, 0x74, 0x3e, 0xa9, 0xe9, 0xe8 }; + struct opie_otpkey opie_otpkey; - if (opiekeycrunch(5, buffer, testin1, testin2)) + if (opiekeycrunch(5, &opie_otpkey, testin1, testin2)) return -1; - if (memcmp(buffer, testout, sizeof(testout))) + if (memcmp(&opie_otpkey, testout, sizeof(struct opie_otpkey))) return -1; return 0; diff --git a/contrib/opie/permsfile.c b/contrib/opie/permsfile.c index 13b3ea3b44f2..ece04b5590b4 100644 --- a/contrib/opie/permsfile.c +++ b/contrib/opie/permsfile.c @@ -2,7 +2,7 @@ functionality to set device permissions on login %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If @@ -48,7 +48,7 @@ char **ftpglob __P((char *)); VOIDRET opiefatal FUNCTION((x), char *x) { - fprintf(stderr, "%s", x); + fprintf(stderr, x); exit(1); } diff --git a/contrib/opie/popen.c b/contrib/opie/popen.c index 3cc307883cae..d5ad0f0658b1 100644 --- a/contrib/opie/popen.c +++ b/contrib/opie/popen.c @@ -1,7 +1,7 @@ /* popen.c: A "safe" pipe open routine. %%% portions-copyright-cmetz-96 -Portions of this software are Copyright 1996-1998 by Craig Metz, All Rights +Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights Reserved. The Inner Net License Version 2 applies to these portions of the software. You should have received a copy of the license with this software. If diff --git a/crypto/openssh/LICENCE b/crypto/openssh/LICENCE index f60f50205a13..19d4c74e660b 100644 --- a/crypto/openssh/LICENCE +++ b/crypto/openssh/LICENCE @@ -26,7 +26,7 @@ OpenSSH contains no GPL code. [However, none of that term is relevant at this point in time. All of these restrictively licenced software components which he talks about - have been removed from OpenSSH, ie. + have been removed from OpenSSH, i.e., - RSA is no longer included, found in the OpenSSL library - IDEA is no longer included, its use is deprecated @@ -85,8 +85,7 @@ OpenSSH contains no GPL code. 3) The 32-bit CRC compensation attack detector in deattack.c was - contributed by CORE SDI S.A. under a BSD-style license. See - http://www.core-sdi.com/english/ssh/ for details. + contributed by CORE SDI S.A. under a BSD-style license. * Cryptographic attack detector for ssh - source code * @@ -104,8 +103,83 @@ OpenSSH contains no GPL code. * * Ariel Futoransky <futo@core-sdi.com> * <http://www.core-sdi.com> - + 4) + ssh-keygen was contributed by David Mazieres under a BSD-style + license. + + * Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. + * + * Modification and redistribution in source and binary forms is + * permitted provided that due credit is given to the author and the + * OpenBSD project by leaving this copyright notice intact. + +5) + The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers + and Paulo Barreto is in the public domain and distributed + with the following license: + + * @version 3.0 (December 2000) + * + * Optimised ANSI C code for the Rijndael cipher (now AES) + * + * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> + * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> + * @author Paulo Barreto <paulo.barreto@terra.com.br> + * + * This code is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +6) + One component of the ssh source code is under a 4-clause BSD license, + held by the University of California, since we pulled these parts from + original Berkeley code. The Regents of the University of California + have declared that term 3 is no longer enforceable on their source code, + but we retain that license as is. + + * Copyright (c) 1983, 1990, 1992, 1993, 1995 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + +7) Remaining components of the software are provided under a standard 2-term BSD licence with the following names as copyright holders: @@ -114,6 +188,10 @@ OpenSSH contains no GPL code. Niels Provos Dug Song Aaron Campbell + Damien Miller + Kevin Steves + Daniel Kouril + Per Allansson * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/crypto/openssh/Makefile b/crypto/openssh/Makefile deleted file mode 100644 index eea6f1415790..000000000000 --- a/crypto/openssh/Makefile +++ /dev/null @@ -1,14 +0,0 @@ -# $OpenBSD: Makefile,v 1.8 2001/02/04 11:11:53 djm Exp $ - -.include <bsd.own.mk> - -SUBDIR= lib ssh sshd ssh-add ssh-keygen ssh-agent scp sftp-server \ - ssh-keyscan sftp - -distribution: - install -C -o root -g wheel -m 0644 ${.CURDIR}/ssh_config \ - ${DESTDIR}/etc/ssh_config - install -C -o root -g wheel -m 0644 ${.CURDIR}/sshd_config \ - ${DESTDIR}/etc/sshd_config - -.include <bsd.subdir.mk> diff --git a/crypto/openssh/Makefile.inc b/crypto/openssh/Makefile.inc index 89fdf4394dd1..c68f59a74e94 100644 --- a/crypto/openssh/Makefile.inc +++ b/crypto/openssh/Makefile.inc @@ -1,8 +1,19 @@ -# $OpenBSD: Makefile.inc,v 1.13 2001/01/29 01:58:14 niklas Exp $ +# $OpenBSD: Makefile.inc,v 1.23 2002/03/06 00:23:27 markus Exp $ CFLAGS+= -I${.CURDIR}/.. -CFLAGS+= -Wall +CDIAGFLAGS= -Wall +#CDIAGFLAGS+= -Werror +CDIAGFLAGS+= -Wpointer-arith +CDIAGFLAGS+= -Wno-uninitialized +#CDIAGFLAGS+= -Wstrict-prototypes +CDIAGFLAGS+= -Wmissing-prototypes +CDIAGFLAGS+= -Wunused + +#DEBUG=-g + +#CFLAGS+= -DSMARTCARD +#LDADD+= -lsectok .include <bsd.obj.mk> diff --git a/crypto/openssh/OVERVIEW b/crypto/openssh/OVERVIEW index 7f34ac45bdf9..ff03ecab21b5 100644 --- a/crypto/openssh/OVERVIEW +++ b/crypto/openssh/OVERVIEW @@ -1,9 +1,15 @@ +[Note: This file has not been updated for OpenSSH versions after +OpenSSH-1.2 and should be considered OBSOLETE. It has been left in +the distribution because some of its information may still be useful +to developers.] + This document is intended for those who wish to read the ssh source code. This tries to give an overview of the structure of the code. Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi> Updated 17 Nov 1995. Updated 19 Oct 1999 for OpenSSH-1.2 +Updated 20 May 2001 note obsolete for > OpenSSH-1.2 The software consists of ssh (client), sshd (server), scp, sdist, and the auxiliary programs ssh-keygen, ssh-agent, ssh-add, and diff --git a/crypto/openssh/README b/crypto/openssh/README index 4e75d62495e2..3c54c477b6fc 100644 --- a/crypto/openssh/README +++ b/crypto/openssh/README @@ -1,25 +1,66 @@ -This release of OpenSSH is for OpenBSD systems only. +- A Japanese translation of this document and of the OpenSSH FAQ is +- available at http://www.unixuser.org/~haruyama/security/openssh/index.html +- Thanks to HARUYAMA Seigo <haruyama@unixuser.org> -Please read - http://www.openssh.com/portable.html -if you want to install OpenSSH on other operating systems. +This is the port of OpenBSD's excellent OpenSSH[0] to Linux and other +Unices. -To extract and install this release on your OpenBSD system use: +OpenSSH is based on the last free version of Tatu Ylonen's sample +implementation with all patent-encumbered algorithms removed (to +external libraries), all known security bugs fixed, new features +reintroduced and many other clean-ups. OpenSSH has been created by +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, +and Dug Song. It has a homepage at http://www.openssh.com/ - # cd /usr/src/usr.bin - # tar xvfz .../openssh-x.y.tgz - # cd ssh - # make obj - # make cleandir - # make depend - # make - # make install - # cp ssh_config sshd_config /etc +This port consists of the re-introduction of autoconf support, PAM +support (for Linux and Solaris), EGD[1]/PRNGD[2] support and replacements +for OpenBSD library functions that are (regrettably) absent from other +unices. This port has been best tested on Linux, Solaris, HP-UX, NetBSD +and Irix. Support for AIX, SCO, NeXT and other Unices is underway. +This version actively tracks changes in the OpenBSD CVS repository. -OpenSSH is a derivative of the original and free ssh 1.2.12 release -by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels -Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer -features and created OpenSSH. Markus Friedl contributed the support -for SSH protocol versions 1.5 and 2.0. +The PAM support is now more functional than the popular packages of +commercial ssh-1.2.x. It checks "account" and "session" modules for +all logins, not just when using password authentication. -See http://www.openssh.com/ for more information. +OpenSSH depends on Zlib[3], OpenSSL[4] and optionally PAM[5]. + +There is now several mailing lists for this port of OpenSSH. Please +refer to http://www.openssh.com/list.html for details on how to join. + +Please send bug reports and patches to the mailing list +openssh-unix-dev@mindrot.org. The list is open to posting by +unsubscribed users. + +If you are a citizen of an USA-embargoed country to which export of +cryptographic products is restricted, then please refrain from sending +crypto-related code or patches to the list. We cannot accept them. +Other code contribution are accepted, but please follow the OpenBSD +style guidelines[6]. + +Please refer to the INSTALL document for information on how to install +OpenSSH on your system. There are a number of differences between this +port of OpenSSH and F-Secure SSH 1.x, please refer to the OpenSSH FAQ[7] +for details and general tips. + +Damien Miller <djm@mindrot.org> + +Miscellania - + +This version of OpenSSH is based upon code retrieved from the OpenBSD +CVS repository which in turn was based on the last free sample +implementation released by Tatu Ylonen. + +References - + +[0] http://www.openssh.com/faq.html +[1] http://www.lothar.com/tech/crypto/ +[2] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html +[3] http://www.gzip.org/zlib/ +[4] http://www.openssl.org/ +[5] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris + and HP-UX 11) +[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 +[7] http://www.openssh.com/faq.html + +$Id: README,v 1.50 2001/12/24 03:17:21 djm Exp $ diff --git a/crypto/openssh/atomicio.c b/crypto/openssh/atomicio.c index 8e17b581c68e..47161eb3a1e3 100644 --- a/crypto/openssh/atomicio.c +++ b/crypto/openssh/atomicio.c @@ -24,9 +24,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: atomicio.c,v 1.9 2001/03/02 18:54:30 deraadt Exp $"); +RCSID("$OpenBSD: atomicio.c,v 1.10 2001/05/08 22:48:07 markus Exp $"); -#include "xmalloc.h" #include "atomicio.h" /* @@ -46,7 +45,11 @@ atomicio(f, fd, _s, n) res = (f) (fd, s + pos, n - pos); switch (res) { case -1: +#ifdef EWOULDBLOCK + if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK) +#else if (errno == EINTR || errno == EAGAIN) +#endif continue; case 0: return (res); diff --git a/crypto/openssh/atomicio.h b/crypto/openssh/atomicio.h index d878687d63d0..e569d38c603f 100644 --- a/crypto/openssh/atomicio.h +++ b/crypto/openssh/atomicio.h @@ -1,4 +1,4 @@ -/* $OpenBSD: atomicio.h,v 1.3 2001/03/02 18:54:30 deraadt Exp $ */ +/* $OpenBSD: atomicio.h,v 1.4 2001/06/26 06:32:46 itojun Exp $ */ /* * Copyright (c) 1995,1999 Theo de Raadt. All rights reserved. @@ -28,4 +28,4 @@ /* * Ensure all of data on socket comes through. f==read || f==write */ -ssize_t atomicio(ssize_t (*f)(), int fd, void *s, size_t n); +ssize_t atomicio(ssize_t (*)(), int, void *, size_t); diff --git a/crypto/openssh/auth-chall.c b/crypto/openssh/auth-chall.c index d5f1b69e9e00..45e0c34522b1 100644 --- a/crypto/openssh/auth-chall.c +++ b/crypto/openssh/auth-chall.c @@ -23,83 +23,60 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-chall.c,v 1.7 2001/04/05 10:42:47 markus Exp $"); -RCSID("$FreeBSD$"); +RCSID("$OpenBSD: auth-chall.c,v 1.8 2001/05/18 14:13:28 markus Exp $"); #include "auth.h" #include "log.h" +#include "xmalloc.h" -#ifdef BSD_AUTH -char * -get_challenge(Authctxt *authctxt, char *devs) -{ - char *challenge; +/* limited protocol v1 interface to kbd-interactive authentication */ - if (authctxt->as != NULL) { - debug2("try reuse session"); - challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE); - if (challenge != NULL) { - debug2("reuse bsd auth session"); - return challenge; - } - auth_close(authctxt->as); - authctxt->as = NULL; - } - debug2("new bsd auth session"); - if (devs == NULL || strlen(devs) == 0) - devs = authctxt->style; - debug3("bsd auth: devs %s", devs ? devs : "<default>"); - authctxt->as = auth_userchallenge(authctxt->user, devs, "auth-ssh", - &challenge); - if (authctxt->as == NULL) - return NULL; - debug2("get_challenge: <%s>", challenge ? challenge : "EMPTY"); - return challenge; -} -int -verify_response(Authctxt *authctxt, char *response) -{ - int authok; - - if (authctxt->as == 0) - error("verify_response: no bsd auth session"); - authok = auth_userresponse(authctxt->as, response, 0); - authctxt->as = NULL; - debug("verify_response: <%s> = <%d>", response, authok); - return authok != 0; -} -#else -#ifdef SKEY -#include <opie.h> +extern KbdintDevice *devices[]; +static KbdintDevice *device; char * -get_challenge(Authctxt *authctxt, char *devs) +get_challenge(Authctxt *authctxt) { - static char challenge[1024]; - struct opie opie; - if (opiechallenge(&opie, authctxt->user, challenge) != 0) + char *challenge, *name, *info, **prompts; + u_int i, numprompts; + u_int *echo_on; + + device = devices[0]; /* we always use the 1st device for protocol 1 */ + if (device == NULL) return NULL; - strlcat(challenge, "\nS/Key Password: ", sizeof challenge); - return challenge; -} -int -verify_response(Authctxt *authctxt, char *response) -{ - return (authctxt->valid && - opie_haskey(authctxt->pw->pw_name) == 0 && - opie_passverify(authctxt->pw->pw_name, response) != -1); -} -#else -/* not available */ -char * -get_challenge(Authctxt *authctxt, char *devs) -{ - return NULL; + if ((authctxt->kbdintctxt = device->init_ctx(authctxt)) == NULL) + return NULL; + if (device->query(authctxt->kbdintctxt, &name, &info, + &numprompts, &prompts, &echo_on)) { + device->free_ctx(authctxt->kbdintctxt); + authctxt->kbdintctxt = NULL; + return NULL; + } + if (numprompts < 1) + fatal("get_challenge: numprompts < 1"); + challenge = xstrdup(prompts[0]); + for (i = 0; i < numprompts; i++) + xfree(prompts[i]); + xfree(prompts); + xfree(name); + xfree(echo_on); + xfree(info); + + return (challenge); } int -verify_response(Authctxt *authctxt, char *response) +verify_response(Authctxt *authctxt, const char *response) { - return 0; + char *resp[1]; + int res; + + if (device == NULL) + return 0; + if (authctxt->kbdintctxt == NULL) + return 0; + resp[0] = (char *)response; + res = device->respond(authctxt->kbdintctxt, 1, resp); + device->free_ctx(authctxt->kbdintctxt); + authctxt->kbdintctxt = NULL; + return res ? 0 : 1; } -#endif -#endif diff --git a/crypto/openssh/auth-krb4.c b/crypto/openssh/auth-krb4.c index bf637201c3af..1cc528aa0a9d 100644 --- a/crypto/openssh/auth-krb4.c +++ b/crypto/openssh/auth-krb4.c @@ -23,8 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-krb4.c,v 1.23 2001/01/22 08:15:00 markus Exp $"); -RCSID("$FreeBSD$"); +RCSID("$OpenBSD: auth-krb4.c,v 1.27 2002/06/11 05:46:20 mpech Exp $"); #include "ssh.h" #include "ssh1.h" @@ -32,6 +31,7 @@ RCSID("$FreeBSD$"); #include "xmalloc.h" #include "log.h" #include "servconf.h" +#include "uidswap.h" #include "auth.h" #ifdef AFS @@ -39,48 +39,92 @@ RCSID("$FreeBSD$"); #endif #ifdef KRB4 -char *ticket = NULL; - extern ServerOptions options; +static int +krb4_init(void *context) +{ + static int cleanup_registered = 0; + Authctxt *authctxt = (Authctxt *)context; + const char *tkt_root = TKT_ROOT; + struct stat st; + int fd; + + if (!authctxt->krb4_ticket_file) { + /* Set unique ticket string manually since we're still root. */ + authctxt->krb4_ticket_file = xmalloc(MAXPATHLEN); +#ifdef AFS + if (lstat("/ticket", &st) != -1) + tkt_root = "/ticket/"; +#endif /* AFS */ + snprintf(authctxt->krb4_ticket_file, MAXPATHLEN, "%s%u_%ld", + tkt_root, authctxt->pw->pw_uid, (long)getpid()); + krb_set_tkt_string(authctxt->krb4_ticket_file); + } + /* Register ticket cleanup in case of fatal error. */ + if (!cleanup_registered) { + fatal_add_cleanup(krb4_cleanup_proc, authctxt); + cleanup_registered = 1; + } + /* Try to create our ticket file. */ + if ((fd = mkstemp(authctxt->krb4_ticket_file)) != -1) { + close(fd); + return (1); + } + /* Ticket file exists - make sure user owns it (just passed ticket). */ + if (lstat(authctxt->krb4_ticket_file, &st) != -1) { + if (st.st_mode == (S_IFREG | S_IRUSR | S_IWUSR) && + st.st_uid == authctxt->pw->pw_uid) + return (1); + } + /* Failure - cancel cleanup function, leaving ticket for inspection. */ + log("WARNING: bad ticket file %s", authctxt->krb4_ticket_file); + + fatal_remove_cleanup(krb4_cleanup_proc, authctxt); + cleanup_registered = 0; + + xfree(authctxt->krb4_ticket_file); + authctxt->krb4_ticket_file = NULL; + + return (0); +} + /* * try krb4 authentication, * return 1 on success, 0 on failure, -1 if krb4 is not available */ - int -auth_krb4_password(struct passwd * pw, const char *password) +auth_krb4_password(Authctxt *authctxt, const char *password) { AUTH_DAT adata; KTEXT_ST tkt; struct hostent *hp; - u_long faddr; - char localhost[MAXHOSTNAMELEN]; - char phost[INST_SZ]; - char realm[REALM_SZ]; + struct passwd *pw; + char localhost[MAXHOSTNAMELEN], phost[INST_SZ], realm[REALM_SZ]; + u_int32_t faddr; int r; + if ((pw = authctxt->pw) == NULL) + return (0); + /* * Try Kerberos password authentication only for non-root * users and only if Kerberos is installed. */ if (pw->pw_uid != 0 && krb_get_lrealm(realm, 1) == KSUCCESS) { - /* Set up our ticket file. */ - if (!krb4_init(pw->pw_uid)) { + if (!krb4_init(authctxt)) { log("Couldn't initialize Kerberos ticket file for %s!", pw->pw_name); - goto kerberos_auth_failure; + goto failure; } /* Try to get TGT using our password. */ - r = krb_get_pw_in_tkt((char *) pw->pw_name, "", - realm, "krbtgt", realm, - DEFAULT_TKT_LIFE, (char *) password); + r = krb_get_pw_in_tkt((char *) pw->pw_name, "", realm, + "krbtgt", realm, DEFAULT_TKT_LIFE, (char *)password); if (r != INTK_OK) { - packet_send_debug("Kerberos V4 password " - "authentication for %s failed: %s", - pw->pw_name, krb_err_txt[r]); - goto kerberos_auth_failure; + debug("Kerberos v4 password authentication for %s " + "failed: %s", pw->pw_name, krb_err_txt[r]); + goto failure; } /* Successful authentication. */ chown(tkt_string(), pw->pw_uid, pw->pw_gid); @@ -90,17 +134,17 @@ auth_krb4_password(struct passwd * pw, const char *password) * "rcmd" ticket to ensure that we are not talking * to a bogus Kerberos server. */ - (void) gethostname(localhost, sizeof(localhost)); - (void) strlcpy(phost, (char *) krb_get_phost(localhost), - INST_SZ); + gethostname(localhost, sizeof(localhost)); + strlcpy(phost, (char *)krb_get_phost(localhost), + sizeof(phost)); r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33); if (r == KSUCCESS) { - if (!(hp = gethostbyname(localhost))) { + if ((hp = gethostbyname(localhost)) == NULL) { log("Couldn't get local host address!"); - goto kerberos_auth_failure; + goto failure; } - memmove((void *) &faddr, (void *) hp->h_addr, + memmove((void *)&faddr, (void *)hp->h_addr, sizeof(faddr)); /* Verify our "rcmd" ticket. */ @@ -111,116 +155,71 @@ auth_krb4_password(struct passwd * pw, const char *password) * Probably didn't have a srvtab on * localhost. Disallow login. */ - log("Kerberos V4 TGT for %s unverifiable, " + log("Kerberos v4 TGT for %s unverifiable, " "no srvtab installed? krb_rd_req: %s", pw->pw_name, krb_err_txt[r]); - goto kerberos_auth_failure; + goto failure; } else if (r != KSUCCESS) { - log("Kerberos V4 %s ticket unverifiable: %s", + log("Kerberos v4 %s ticket unverifiable: %s", KRB4_SERVICE_NAME, krb_err_txt[r]); - goto kerberos_auth_failure; + goto failure; } } else if (r == KDC_PR_UNKNOWN) { /* * Disallow login if no rcmd service exists, and * log the error. */ - log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " + log("Kerberos v4 TGT for %s unverifiable: %s; %s.%s " "not registered, or srvtab is wrong?", pw->pw_name, - krb_err_txt[r], KRB4_SERVICE_NAME, phost); - goto kerberos_auth_failure; + krb_err_txt[r], KRB4_SERVICE_NAME, phost); + goto failure; } else { /* * TGT is bad, forget it. Possibly spoofed! */ - packet_send_debug("WARNING: Kerberos V4 TGT " - "possibly spoofed for %s: %s", - pw->pw_name, krb_err_txt[r]); - goto kerberos_auth_failure; + debug("WARNING: Kerberos v4 TGT possibly spoofed " + "for %s: %s", pw->pw_name, krb_err_txt[r]); + goto failure; } - /* Authentication succeeded. */ - return 1; + return (1); + } else + /* Logging in as root or no local Kerberos realm. */ + debug("Unable to authenticate to Kerberos."); -kerberos_auth_failure: - krb4_cleanup_proc(NULL); + failure: + krb4_cleanup_proc(authctxt); + + if (!options.kerberos_or_local_passwd) + return (0); - if (!options.krb4_or_local_passwd) - return 0; - } else { - /* Logging in as root or no local Kerberos realm. */ - packet_send_debug("Unable to authenticate to Kerberos."); - } /* Fall back to ordinary passwd authentication. */ - return -1; + return (-1); } void -krb4_cleanup_proc(void *ignore) +krb4_cleanup_proc(void *context) { + Authctxt *authctxt = (Authctxt *)context; debug("krb4_cleanup_proc called"); - if (ticket) { + if (authctxt->krb4_ticket_file) { (void) dest_tkt(); - xfree(ticket); - ticket = NULL; - } -} - -int -krb4_init(uid_t uid) -{ - static int cleanup_registered = 0; - const char *tkt_root = TKT_ROOT; - struct stat st; - int fd; - - if (!ticket) { - /* Set unique ticket string manually since we're still root. */ - ticket = xmalloc(MAXPATHLEN); -#ifdef AFS - if (lstat("/ticket", &st) != -1) - tkt_root = "/ticket/"; -#endif /* AFS */ - snprintf(ticket, MAXPATHLEN, "%s%u_%d", tkt_root, uid, getpid()); - (void) krb_set_tkt_string(ticket); - } - /* Register ticket cleanup in case of fatal error. */ - if (!cleanup_registered) { - fatal_add_cleanup(krb4_cleanup_proc, NULL); - cleanup_registered = 1; - } - /* Try to create our ticket file. */ - if ((fd = mkstemp(ticket)) != -1) { - close(fd); - return 1; + xfree(authctxt->krb4_ticket_file); + authctxt->krb4_ticket_file = NULL; } - /* Ticket file exists - make sure user owns it (just passed ticket). */ - if (lstat(ticket, &st) != -1) { - if (st.st_mode == (S_IFREG | S_IRUSR | S_IWUSR) && - st.st_uid == uid) - return 1; - } - /* Failure - cancel cleanup function, leaving bad ticket for inspection. */ - log("WARNING: bad ticket file %s", ticket); - fatal_remove_cleanup(krb4_cleanup_proc, NULL); - cleanup_registered = 0; - xfree(ticket); - ticket = NULL; - - return 0; } int -auth_krb4(const char *server_user, KTEXT auth, char **client) +auth_krb4(Authctxt *authctxt, KTEXT auth, char **client) { AUTH_DAT adat = {0}; KTEXT_ST reply; + Key_schedule schedule; + struct sockaddr_in local, foreign; char instance[INST_SZ]; - int r, s; socklen_t slen; u_int cksum; - Key_schedule schedule; - struct sockaddr_in local, foreign; + int r, s; s = packet_get_connection_in(); @@ -238,9 +237,10 @@ auth_krb4(const char *server_user, KTEXT auth, char **client) instance[1] = 0; /* Get the encrypted request, challenge, and session key. */ - if ((r = krb_rd_req(auth, KRB4_SERVICE_NAME, instance, 0, &adat, ""))) { - packet_send_debug("Kerberos V4 krb_rd_req: %.100s", krb_err_txt[r]); - return 0; + if ((r = krb_rd_req(auth, KRB4_SERVICE_NAME, instance, + 0, &adat, ""))) { + debug("Kerberos v4 krb_rd_req: %.100s", krb_err_txt[r]); + return (0); } des_key_sched((des_cblock *) adat.session, schedule); @@ -249,12 +249,12 @@ auth_krb4(const char *server_user, KTEXT auth, char **client) *adat.pinst ? "." : "", adat.pinst, adat.prealm); /* Check ~/.klogin authorization now. */ - if (kuserok(&adat, (char *) server_user) != KSUCCESS) { - packet_send_debug("Kerberos V4 .klogin authorization failed!"); - log("Kerberos V4 .klogin authorization failed for %s to account %s", - *client, server_user); + if (kuserok(&adat, authctxt->user) != KSUCCESS) { + log("Kerberos v4 .klogin authorization failed for %s to " + "account %s", *client, authctxt->user); xfree(*client); - return 0; + *client = NULL; + return (0); } /* Increment the checksum, and return it encrypted with the session key. */ @@ -265,7 +265,7 @@ auth_krb4(const char *server_user, KTEXT auth, char **client) empty message, admitting our failure. */ if ((r = krb_mk_priv((u_char *) & cksum, reply.dat, sizeof(cksum) + 1, schedule, &adat.session, &local, &foreign)) < 0) { - packet_send_debug("Kerberos V4 mk_priv: (%d) %s", r, krb_err_txt[r]); + debug("Kerberos v4 mk_priv: (%d) %s", r, krb_err_txt[r]); reply.dat[0] = 0; reply.length = 0; } else @@ -278,89 +278,79 @@ auth_krb4(const char *server_user, KTEXT auth, char **client) packet_put_string((char *) reply.dat, reply.length); packet_send(); packet_write_wait(); - return 1; + return (1); } #endif /* KRB4 */ #ifdef AFS int -auth_krb4_tgt(struct passwd *pw, const char *string) +auth_krb4_tgt(Authctxt *authctxt, const char *string) { CREDENTIALS creds; + struct passwd *pw; + + if ((pw = authctxt->pw) == NULL) + goto failure; + + temporarily_use_uid(pw); - if (pw == NULL) - goto auth_kerberos_tgt_failure; if (!radix_to_creds(string, &creds)) { - log("Protocol error decoding Kerberos V4 tgt"); - packet_send_debug("Protocol error decoding Kerberos V4 tgt"); - goto auth_kerberos_tgt_failure; + log("Protocol error decoding Kerberos v4 TGT"); + goto failure; } if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ strlcpy(creds.service, "krbtgt", sizeof creds.service); if (strcmp(creds.service, "krbtgt")) { - log("Kerberos V4 tgt (%s%s%s@%s) rejected for %s", creds.pname, - creds.pinst[0] ? "." : "", creds.pinst, creds.realm, - pw->pw_name); - packet_send_debug("Kerberos V4 tgt (%s%s%s@%s) rejected for %s", + log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s", creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm, pw->pw_name); - goto auth_kerberos_tgt_failure; + goto failure; } - if (!krb4_init(pw->pw_uid)) - goto auth_kerberos_tgt_failure; + if (!krb4_init(authctxt)) + goto failure; if (in_tkt(creds.pname, creds.pinst) != KSUCCESS) - goto auth_kerberos_tgt_failure; + goto failure; if (save_credentials(creds.service, creds.instance, creds.realm, - creds.session, creds.lifetime, creds.kvno, - &creds.ticket_st, creds.issue_date) != KSUCCESS) { - packet_send_debug("Kerberos V4 tgt refused: couldn't save credentials"); - goto auth_kerberos_tgt_failure; + creds.session, creds.lifetime, creds.kvno, &creds.ticket_st, + creds.issue_date) != KSUCCESS) { + debug("Kerberos v4 TGT refused: couldn't save credentials"); + goto failure; } /* Successful authentication, passed all checks. */ chown(tkt_string(), pw->pw_uid, pw->pw_gid); - packet_send_debug("Kerberos V4 tgt accepted (%s.%s@%s, %s%s%s@%s)", - creds.service, creds.instance, creds.realm, creds.pname, - creds.pinst[0] ? "." : "", creds.pinst, creds.realm); + debug("Kerberos v4 TGT accepted (%s%s%s@%s)", + creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm); memset(&creds, 0, sizeof(creds)); - packet_start(SSH_SMSG_SUCCESS); - packet_send(); - packet_write_wait(); - return 1; -auth_kerberos_tgt_failure: - krb4_cleanup_proc(NULL); + restore_uid(); + + return (1); + + failure: + krb4_cleanup_proc(authctxt); memset(&creds, 0, sizeof(creds)); - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - return 0; + restore_uid(); + + return (0); } int -auth_afs_token(struct passwd *pw, const char *token_string) +auth_afs_token(Authctxt *authctxt, const char *token_string) { CREDENTIALS creds; + struct passwd *pw; uid_t uid; - if (pw == NULL) { - /* XXX fake protocol error */ - packet_send_debug("Protocol error decoding AFS token"); - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - return 0; - } + if ((pw = authctxt->pw) == NULL) + return (0); + if (!radix_to_creds(token_string, &creds)) { log("Protocol error decoding AFS token"); - packet_send_debug("Protocol error decoding AFS token"); - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - return 0; + return (0); } if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */ strlcpy(creds.service, "afs", sizeof creds.service); @@ -371,22 +361,14 @@ auth_afs_token(struct passwd *pw, const char *token_string) uid = pw->pw_uid; if (kafs_settoken(creds.realm, uid, &creds)) { - log("AFS token (%s@%s) rejected for %s", creds.pname, creds.realm, - pw->pw_name); - packet_send_debug("AFS token (%s@%s) rejected for %s", creds.pname, - creds.realm, pw->pw_name); + log("AFS token (%s@%s) rejected for %s", + creds.pname, creds.realm, pw->pw_name); memset(&creds, 0, sizeof(creds)); - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - return 0; + return (0); } - packet_send_debug("AFS token accepted (%s@%s, %s@%s)", creds.service, - creds.realm, creds.pname, creds.realm); + debug("AFS token accepted (%s@%s)", creds.pname, creds.realm); memset(&creds, 0, sizeof(creds)); - packet_start(SSH_SMSG_SUCCESS); - packet_send(); - packet_write_wait(); - return 1; + + return (1); } #endif /* AFS */ diff --git a/crypto/openssh/auth-krb5.c b/crypto/openssh/auth-krb5.c index efe93765f07d..0f1f5649fe51 100644 --- a/crypto/openssh/auth-krb5.c +++ b/crypto/openssh/auth-krb5.c @@ -1,250 +1,409 @@ /* * Kerberos v5 authentication and ticket-passing routines. - * - * $FreeBSD$ + * + * $xFreeBSD: src/crypto/openssh/auth-krb5.c,v 1.6 2001/02/13 16:58:04 assar Exp$ + */ +/* + * Copyright (c) 2002 Daniel Kouril. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" +RCSID("$OpenBSD: auth-krb5.c,v 1.8 2002/03/19 10:49:35 markus Exp $"); + #include "ssh.h" #include "ssh1.h" #include "packet.h" #include "xmalloc.h" +#include "log.h" +#include "servconf.h" +#include "uidswap.h" +#include "auth.h" #ifdef KRB5 +#include <krb5.h> +#ifndef HEIMDAL +#define krb5_get_err_text(context,code) error_message(code) +#endif /* !HEIMDAL */ + +extern ServerOptions options; + +static int +krb5_init(void *context) +{ + Authctxt *authctxt = (Authctxt *)context; + krb5_error_code problem; + static int cleanup_registered = 0; -krb5_context ssh_context = NULL; -krb5_auth_context auth_context; -krb5_ccache mem_ccache = NULL; /* Credential cache for acquired ticket */ + if (authctxt->krb5_ctx == NULL) { + problem = krb5_init_context(&authctxt->krb5_ctx); + if (problem) + return (problem); + krb5_init_ets(authctxt->krb5_ctx); + } + if (!cleanup_registered) { + fatal_add_cleanup(krb5_cleanup_proc, authctxt); + cleanup_registered = 1; + } + return (0); +} -/* Try krb5 authentication. server_user is passed for logging purposes only, - in auth is received ticket, in client is returned principal from the - ticket */ -int -auth_krb5(const char* server_user, krb5_data *auth, krb5_principal *client) +/* + * Try krb5 authentication. server_user is passed for logging purposes + * only, in auth is received ticket, in client is returned principal + * from the ticket + */ +int +auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client) { krb5_error_code problem; - krb5_principal server = NULL; - krb5_principal tkt_client = NULL; + krb5_principal server; krb5_data reply; - krb5_ticket *ticket = NULL; - int fd; - int ret; - + krb5_ticket *ticket; + int fd, ret; + + ret = 0; + server = NULL; + ticket = NULL; reply.length = 0; - - problem = krb5_init(); - if (problem) - return 0; - - problem = krb5_auth_con_init(ssh_context, &auth_context); - if (problem) { - log("Kerberos v5 authentication failed: %.100s", - krb5_get_err_text(ssh_context, problem)); - return 0; - } - - fd = packet_get_connection_in(); - problem = krb5_auth_con_setaddrs_from_fd(ssh_context, auth_context, &fd); - if (problem) { - ret = 0; - goto err; - } - - problem = krb5_sname_to_principal(ssh_context, NULL, NULL , + problem = krb5_init(authctxt); + if (problem) + goto err; + + problem = krb5_auth_con_init(authctxt->krb5_ctx, + &authctxt->krb5_auth_ctx); + if (problem) + goto err; + + fd = packet_get_connection_in(); +#ifdef HEIMDAL + problem = krb5_auth_con_setaddrs_from_fd(authctxt->krb5_ctx, + authctxt->krb5_auth_ctx, &fd); +#else + problem = krb5_auth_con_genaddrs(authctxt->krb5_ctx, + authctxt->krb5_auth_ctx,fd, + KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR | + KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR); +#endif + if (problem) + goto err; + + problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL , KRB5_NT_SRV_HST, &server); - if (problem) { - ret = 0; - goto err; - } - - problem = krb5_rd_req(ssh_context, &auth_context, auth, server, NULL, - NULL, &ticket); - if (problem) { - ret = 0; - goto err; - } - - problem = krb5_copy_principal(ssh_context, ticket->client, &tkt_client); - if (problem) { - ret = 0; - goto err; - } - + if (problem) + goto err; + + problem = krb5_rd_req(authctxt->krb5_ctx, &authctxt->krb5_auth_ctx, + auth, server, NULL, NULL, &ticket); + if (problem) + goto err; + +#ifdef HEIMDAL + problem = krb5_copy_principal(authctxt->krb5_ctx, ticket->client, + &authctxt->krb5_user); +#else + problem = krb5_copy_principal(authctxt->krb5_ctx, + ticket->enc_part2->client, + &authctxt->krb5_user); +#endif + if (problem) + goto err; + /* if client wants mutual auth */ - problem = krb5_mk_rep(ssh_context, auth_context, &reply); - if (problem) { - ret = 0; - goto err; - } - - *client = tkt_client; - + problem = krb5_mk_rep(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, + &reply); + if (problem) + goto err; + + /* Check .k5login authorization now. */ + if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, + authctxt->pw->pw_name)) + goto err; + + if (client) + krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, + client); + packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE); packet_put_string((char *) reply.data, reply.length); packet_send(); packet_write_wait(); + ret = 1; - -err: + err: if (server) - krb5_free_principal(ssh_context, server); + krb5_free_principal(authctxt->krb5_ctx, server); if (ticket) - krb5_free_ticket(ssh_context, ticket); + krb5_free_ticket(authctxt->krb5_ctx, ticket); if (reply.length) - xfree(reply.data); - return ret; + xfree(reply.data); + + if (problem) { + if (authctxt->krb5_ctx != NULL) + debug("Kerberos v5 authentication failed: %s", + krb5_get_err_text(authctxt->krb5_ctx, problem)); + else + debug("Kerberos v5 authentication failed: %d", + problem); + } + + return (ret); } int -auth_krb5_tgt(char *server_user, krb5_data *tgt, krb5_principal tkt_client) +auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt) +{ + krb5_error_code problem; + krb5_ccache ccache = NULL; + char *pname; + krb5_creds **creds; + + if (authctxt->pw == NULL || authctxt->krb5_user == NULL) + return (0); + + temporarily_use_uid(authctxt->pw); + +#ifdef HEIMDAL + problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops, &ccache); +#else { - krb5_error_code problem; - krb5_ccache ccache = NULL; - - if (ssh_context == NULL) { - goto fail; - } - - problem = krb5_cc_gen_new(ssh_context, &krb5_mcc_ops, &ccache); - if (problem) { - goto fail; - } - - problem = krb5_cc_initialize(ssh_context, ccache, tkt_client); - if (problem) { - goto fail; - } - - problem = krb5_rd_cred2(ssh_context, auth_context, ccache, tgt); - if (problem) { - goto fail; - } - - mem_ccache = ccache; - ccache = NULL; - - /* - problem = krb5_cc_copy_cache(ssh_context, ccache, mem_ccache); - if (problem) { - mem_ccache = NULL; - goto fail; - } - - - problem = krb5_cc_destroy(ssh_context, ccache); - if (problem) - goto fail; - */ - -#if 0 - packet_start(SSH_SMSG_SUCCESS); - packet_send(); - packet_write_wait(); -#endif - return 1; - -fail: - if (ccache) - krb5_cc_destroy(ssh_context, ccache); -#if 0 - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); + char ccname[40]; + int tmpfd; + + snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); + + if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) { + log("mkstemp(): %.100s", strerror(errno)); + problem = errno; + goto fail; + } + if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { + log("fchmod(): %.100s", strerror(errno)); + close(tmpfd); + problem = errno; + goto fail; + } + close(tmpfd); + problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &ccache); +} +#endif + if (problem) + goto fail; + + problem = krb5_cc_initialize(authctxt->krb5_ctx, ccache, + authctxt->krb5_user); + if (problem) + goto fail; + +#ifdef HEIMDAL + problem = krb5_rd_cred2(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, + ccache, tgt); + if (problem) + goto fail; +#else + problem = krb5_rd_cred(authctxt->krb5_ctx, authctxt->krb5_auth_ctx, + tgt, &creds, NULL); + if (problem) + goto fail; + problem = krb5_cc_store_cred(authctxt->krb5_ctx, ccache, *creds); + if (problem) + goto fail; #endif - return 0; + + authctxt->krb5_fwd_ccache = ccache; + ccache = NULL; + + authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); + + problem = krb5_unparse_name(authctxt->krb5_ctx, authctxt->krb5_user, + &pname); + if (problem) + goto fail; + + debug("Kerberos v5 TGT accepted (%s)", pname); + + restore_uid(); + + return (1); + + fail: + if (problem) + debug("Kerberos v5 TGT passing failed: %s", + krb5_get_err_text(authctxt->krb5_ctx, problem)); + if (ccache) + krb5_cc_destroy(authctxt->krb5_ctx, ccache); + + restore_uid(); + + return (0); } int -auth_krb5_password(struct passwd *pw, const char *password) +auth_krb5_password(Authctxt *authctxt, const char *password) { - krb5_error_code problem; - krb5_ccache ccache = NULL; - krb5_principal client = NULL; - int ret; - - problem = krb5_init(); - if (problem) - return 0; - - problem = krb5_parse_name(ssh_context, pw->pw_name, &client); - if (problem) { - ret = 0; - goto out; - } +#ifndef HEIMDAL + krb5_creds creds; + krb5_principal server; + char ccname[40]; + int tmpfd; +#endif + krb5_error_code problem; - problem = krb5_cc_gen_new(ssh_context, &krb5_mcc_ops, &ccache); - if (problem) { - ret = 0; - goto out; - } - - problem = krb5_cc_initialize(ssh_context, ccache, client); - if (problem) { - ret = 0; - goto out; - } - - problem = krb5_verify_user(ssh_context, client, ccache, password, 1, NULL); - if (problem) { - ret = 0; - goto out; - } - -/* - problem = krb5_cc_copy_cache(ssh_context, ccache, mem_ccache); - if (problem) { - ret = 0; - mem_ccache = NULL; - goto out; - } - */ - mem_ccache = ccache; - ccache = NULL; - - ret = 1; -out: - if (client != NULL) - krb5_free_principal(ssh_context, client); - if (ccache != NULL) - krb5_cc_destroy(ssh_context, ccache); - return ret; + if (authctxt->pw == NULL) + return (0); + + temporarily_use_uid(authctxt->pw); + + problem = krb5_init(authctxt); + if (problem) + goto out; + + problem = krb5_parse_name(authctxt->krb5_ctx, authctxt->pw->pw_name, + &authctxt->krb5_user); + if (problem) + goto out; + +#ifdef HEIMDAL + problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_mcc_ops, + &authctxt->krb5_fwd_ccache); + if (problem) + goto out; + + problem = krb5_cc_initialize(authctxt->krb5_ctx, + authctxt->krb5_fwd_ccache, authctxt->krb5_user); + if (problem) + goto out; + + restore_uid(); + problem = krb5_verify_user(authctxt->krb5_ctx, authctxt->krb5_user, + authctxt->krb5_fwd_ccache, password, 1, NULL); + temporarily_use_uid(authctxt->pw); + + if (problem) + goto out; + +#else + problem = krb5_get_init_creds_password(authctxt->krb5_ctx, &creds, + authctxt->krb5_user, (char *)password, NULL, NULL, 0, NULL, NULL); + if (problem) + goto out; + + problem = krb5_sname_to_principal(authctxt->krb5_ctx, NULL, NULL, + KRB5_NT_SRV_HST, &server); + if (problem) + goto out; + + restore_uid(); + problem = krb5_verify_init_creds(authctxt->krb5_ctx, &creds, server, + NULL, NULL, NULL); + krb5_free_principal(authctxt->krb5_ctx, server); + temporarily_use_uid(authctxt->pw); + if (problem) + goto out; + + if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, + authctxt->pw->pw_name)) { + problem = -1; + goto out; + } + + snprintf(ccname,sizeof(ccname),"FILE:/tmp/krb5cc_%d_XXXXXX",geteuid()); + + if ((tmpfd = mkstemp(ccname+strlen("FILE:")))==-1) { + log("mkstemp(): %.100s", strerror(errno)); + problem = errno; + goto out; + } + + if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { + log("fchmod(): %.100s", strerror(errno)); + close(tmpfd); + problem = errno; + goto out; + } + close(tmpfd); + + problem = krb5_cc_resolve(authctxt->krb5_ctx, ccname, &authctxt->krb5_fwd_ccache); + if (problem) + goto out; + + problem = krb5_cc_initialize(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, + authctxt->krb5_user); + if (problem) + goto out; + + problem= krb5_cc_store_cred(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache, + &creds); + if (problem) + goto out; +#endif + + authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); + + out: + restore_uid(); + + if (problem) { + if (authctxt->krb5_ctx != NULL && problem!=-1) + debug("Kerberos password authentication failed: %s", + krb5_get_err_text(authctxt->krb5_ctx, problem)); + else + debug("Kerberos password authentication failed: %d", + problem); + + krb5_cleanup_proc(authctxt); + + if (options.kerberos_or_local_passwd) + return (-1); + else + return (0); + } + return (1); } void -krb5_cleanup_proc(void *ignore) +krb5_cleanup_proc(void *context) { - extern krb5_principal tkt_client; - - debug("krb5_cleanup_proc() called"); - if (mem_ccache) - krb5_cc_destroy(ssh_context, mem_ccache); - if (tkt_client) - krb5_free_principal(ssh_context, tkt_client); - if (auth_context) - krb5_auth_con_free(ssh_context, auth_context); - if (ssh_context) - krb5_free_context(ssh_context); -} - -int -krb5_init(void) -{ - krb5_error_code problem; - static cleanup_registered = 0; - - if (ssh_context == NULL) { - problem = krb5_init_context(&ssh_context); - if (problem) - return problem; - krb5_init_ets(ssh_context); - } - - if (!cleanup_registered) { - fatal_add_cleanup(krb5_cleanup_proc, NULL); - cleanup_registered = 1; - } - return 0; + Authctxt *authctxt = (Authctxt *)context; + + debug("krb5_cleanup_proc called"); + if (authctxt->krb5_fwd_ccache) { + krb5_cc_destroy(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache); + authctxt->krb5_fwd_ccache = NULL; + } + if (authctxt->krb5_user) { + krb5_free_principal(authctxt->krb5_ctx, authctxt->krb5_user); + authctxt->krb5_user = NULL; + } + if (authctxt->krb5_auth_ctx) { + krb5_auth_con_free(authctxt->krb5_ctx, + authctxt->krb5_auth_ctx); + authctxt->krb5_auth_ctx = NULL; + } + if (authctxt->krb5_ctx) { + krb5_free_context(authctxt->krb5_ctx); + authctxt->krb5_ctx = NULL; + } } - + #endif /* KRB5 */ diff --git a/crypto/openssh/auth-options.c b/crypto/openssh/auth-options.c index 443f5414ad1e..2787d2948b50 100644 --- a/crypto/openssh/auth-options.c +++ b/crypto/openssh/auth-options.c @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-options.c,v 1.16 2001/03/18 12:07:52 markus Exp $"); +RCSID("$OpenBSD: auth-options.c,v 1.24 2002/05/13 20:44:58 markus Exp $"); #include "packet.h" #include "xmalloc.h" @@ -20,6 +20,10 @@ RCSID("$OpenBSD: auth-options.c,v 1.16 2001/03/18 12:07:52 markus Exp $"); #include "channels.h" #include "auth-options.h" #include "servconf.h" +#include "bufaux.h" +#include "misc.h" +#include "monitor_wrap.h" +#include "auth.h" /* Flags set authorized_keys flags */ int no_port_forwarding_flag = 0; @@ -53,6 +57,7 @@ auth_clear_options(void) forced_command = NULL; } channel_clear_permitted_opens(); + auth_debug_reset(); } /* @@ -74,28 +79,28 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) while (*opts && *opts != ' ' && *opts != '\t') { cp = "no-port-forwarding"; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - packet_send_debug("Port forwarding disabled."); + auth_debug_add("Port forwarding disabled."); no_port_forwarding_flag = 1; opts += strlen(cp); goto next_option; } cp = "no-agent-forwarding"; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - packet_send_debug("Agent forwarding disabled."); + auth_debug_add("Agent forwarding disabled."); no_agent_forwarding_flag = 1; opts += strlen(cp); goto next_option; } cp = "no-X11-forwarding"; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - packet_send_debug("X11 forwarding disabled."); + auth_debug_add("X11 forwarding disabled."); no_x11_forwarding_flag = 1; opts += strlen(cp); goto next_option; } cp = "no-pty"; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - packet_send_debug("Pty allocation disabled."); + auth_debug_add("Pty allocation disabled."); no_pty_flag = 1; opts += strlen(cp); goto next_option; @@ -118,14 +123,14 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) if (!*opts) { debug("%.100s, line %lu: missing end quote", file, linenum); - packet_send_debug("%.100s, line %lu: missing end quote", + auth_debug_add("%.100s, line %lu: missing end quote", file, linenum); xfree(forced_command); forced_command = NULL; goto bad_option; } forced_command[i] = 0; - packet_send_debug("Forced command: %.900s", forced_command); + auth_debug_add("Forced command: %.900s", forced_command); opts++; goto next_option; } @@ -150,13 +155,13 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) if (!*opts) { debug("%.100s, line %lu: missing end quote", file, linenum); - packet_send_debug("%.100s, line %lu: missing end quote", + auth_debug_add("%.100s, line %lu: missing end quote", file, linenum); xfree(s); goto bad_option; } s[i] = 0; - packet_send_debug("Adding to environment: %.900s", s); + auth_debug_add("Adding to environment: %.900s", s); debug("Adding to environment: %.900s", s); opts++; new_envstring = xmalloc(sizeof(struct envstring)); @@ -167,10 +172,9 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) } cp = "from=\""; if (strncasecmp(opts, cp, strlen(cp)) == 0) { - int mname, mip; const char *remote_ip = get_remote_ipaddr(); const char *remote_host = get_canonical_hostname( - options.reverse_mapping_check); + options.verify_reverse_mapping); char *patterns = xmalloc(strlen(opts) + 1); opts += strlen(cp); @@ -188,42 +192,34 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) if (!*opts) { debug("%.100s, line %lu: missing end quote", file, linenum); - packet_send_debug("%.100s, line %lu: missing end quote", + auth_debug_add("%.100s, line %lu: missing end quote", file, linenum); xfree(patterns); goto bad_option; } patterns[i] = 0; opts++; - /* - * Deny access if we get a negative - * match for the hostname or the ip - * or if we get not match at all - */ - mname = match_hostname(remote_host, patterns, - strlen(patterns)); - mip = match_hostname(remote_ip, patterns, - strlen(patterns)); - xfree(patterns); - if (mname == -1 || mip == -1 || - (mname != 1 && mip != 1)) { + if (match_host_and_ip(remote_host, remote_ip, + patterns) != 1) { + xfree(patterns); log("Authentication tried for %.100s with " "correct key but not from a permitted " "host (host=%.200s, ip=%.200s).", pw->pw_name, remote_host, remote_ip); - packet_send_debug("Your host '%.200s' is not " + auth_debug_add("Your host '%.200s' is not " "permitted to use this key for login.", remote_host); /* deny access */ return 0; } + xfree(patterns); /* Host name matches. */ goto next_option; } cp = "permitopen=\""; if (strncasecmp(opts, cp, strlen(cp)) == 0) { + char host[256], sport[6]; u_short port; - char *c, *ep; char *patterns = xmalloc(strlen(opts) + 1); opts += strlen(cp); @@ -241,35 +237,32 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum) if (!*opts) { debug("%.100s, line %lu: missing end quote", file, linenum); - packet_send_debug("%.100s, line %lu: missing end quote", + auth_debug_add("%.100s, line %lu: missing end quote", file, linenum); xfree(patterns); goto bad_option; } patterns[i] = 0; opts++; - c = strchr(patterns, ':'); - if (c == NULL) { - debug("%.100s, line %lu: permitopen: missing colon <%.100s>", - file, linenum, patterns); - packet_send_debug("%.100s, line %lu: missing colon", - file, linenum); + if (sscanf(patterns, "%255[^:]:%5[0-9]", host, sport) != 2 && + sscanf(patterns, "%255[^/]/%5[0-9]", host, sport) != 2) { + debug("%.100s, line %lu: Bad permitopen specification " + "<%.100s>", file, linenum, patterns); + auth_debug_add("%.100s, line %lu: " + "Bad permitopen specification", file, linenum); xfree(patterns); goto bad_option; } - *c = 0; - c++; - port = strtol(c, &ep, 0); - if (c == ep) { - debug("%.100s, line %lu: permitopen: missing port <%.100s>", - file, linenum, patterns); - packet_send_debug("%.100s, line %lu: missing port", - file, linenum); + if ((port = a2port(sport)) == 0) { + debug("%.100s, line %lu: Bad permitopen port <%.100s>", + file, linenum, sport); + auth_debug_add("%.100s, line %lu: " + "Bad permitopen port", file, linenum); xfree(patterns); goto bad_option; } if (options.allow_tcp_forwarding) - channel_add_permitted_opens(patterns, port); + channel_add_permitted_opens(host, port); xfree(patterns); goto next_option; } @@ -287,14 +280,22 @@ next_option: opts++; /* Process the next option. */ } + + if (!use_privsep) + auth_debug_send(); + /* grant access */ return 1; bad_option: log("Bad options in %.100s file, line %lu: %.50s", file, linenum, opts); - packet_send_debug("Bad options in %.100s file, line %lu: %.50s", + auth_debug_add("Bad options in %.100s file, line %lu: %.50s", file, linenum, opts); + + if (!use_privsep) + auth_debug_send(); + /* deny access */ return 0; } diff --git a/crypto/openssh/auth-options.h b/crypto/openssh/auth-options.h index 8ee269491038..aa6270fd62ef 100644 --- a/crypto/openssh/auth-options.h +++ b/crypto/openssh/auth-options.h @@ -1,3 +1,5 @@ +/* $OpenBSD: auth-options.h,v 1.11 2002/03/04 17:27:39 stevesk Exp $ */ + /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -11,8 +13,6 @@ * called by a name other than "ssh" or "Secure Shell". */ -/* $OpenBSD: auth-options.h,v 1.8 2001/01/21 19:05:42 markus Exp $ */ - #ifndef AUTH_OPTIONS_H #define AUTH_OPTIONS_H @@ -30,15 +30,7 @@ extern int no_pty_flag; extern char *forced_command; extern struct envstring *custom_environment; -/* - * return 1 if access is granted, 0 if not. - * side effect: sets key option flags - */ -int -auth_parse_options(struct passwd *pw, char *options, char *file, - u_long linenum); - -/* reset options flags */ +int auth_parse_options(struct passwd *, char *, char *, u_long); void auth_clear_options(void); #endif diff --git a/crypto/openssh/auth-pam.c b/crypto/openssh/auth-pam.c index 16d5ac759360..490990dece5f 100644 --- a/crypto/openssh/auth-pam.c +++ b/crypto/openssh/auth-pam.c @@ -25,41 +25,36 @@ #include "includes.h" #ifdef USE_PAM -#include <security/pam_appl.h> #include "ssh.h" #include "xmalloc.h" #include "log.h" +#include "auth.h" +#include "auth-pam.h" #include "servconf.h" -#include "readpass.h" #include "canohost.h" +#include "readpass.h" + +extern char *__progname; -RCSID("$FreeBSD$"); +RCSID("$Id: auth-pam.c,v 1.46 2002/05/08 02:27:56 djm Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: Your password has expired, please change it now" -#define SSHD_PAM_SERVICE "sshd" -#define PAM_STRERROR(a, b) pam_strerror((a), (b)) - -/* Callbacks */ static int do_pam_conversation(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata_ptr); -void do_pam_cleanup_proc(void *context); -void pam_msg_cat(const char *msg); + struct pam_response **resp, void *appdata_ptr); /* module-local variables */ static struct pam_conv conv = { do_pam_conversation, NULL }; -static pam_handle_t *pamh = NULL; -static const char *pampasswd = NULL; -static char *pam_msg = NULL; -extern ServerOptions options; +static char *__pam_msg = NULL; +static pam_handle_t *__pamh = NULL; +static const char *__pampasswd = NULL; /* states for do_pam_conversation() */ -typedef enum { INITIAL_LOGIN, OTHER } pamstates; -static pamstates pamstate = INITIAL_LOGIN; +enum { INITIAL_LOGIN, OTHER } pamstate = INITIAL_LOGIN; /* remember whether pam_acct_mgmt() returned PAM_NEWAUTHTOK_REQD */ static int password_change_required = 0; /* remember whether the last pam_authenticate() succeeded or not */ @@ -69,13 +64,19 @@ static int was_authenticated = 0; static int session_opened = 0; static int creds_set = 0; -/* - * accessor which allows us to switch conversation structs according to - * the authentication method being used - */ +/* accessor which allows us to switch conversation structs according to + * the authentication method being used */ void do_pam_set_conv(struct pam_conv *conv) { - pam_set_item(pamh, PAM_CONV, conv); + pam_set_item(__pamh, PAM_CONV, conv); +} + +/* start an authentication run */ +int do_pam_authenticate(int flags) +{ + int retval = pam_authenticate(__pamh, flags); + was_authenticated = (retval == PAM_SUCCESS); + return retval; } /* @@ -84,10 +85,10 @@ void do_pam_set_conv(struct pam_conv *conv) * * INITIAL_LOGIN mode simply feeds the password from the client into * PAM in response to PAM_PROMPT_ECHO_OFF, and collects output - * messages with pam_msg_cat(). This is used during initial + * messages with into __pam_msg. This is used during initial * authentication to bypass the normal PAM password prompt. * - * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase(prompt, 1) + * OTHER mode handles PAM_PROMPT_ECHO_OFF with read_passphrase() * and outputs messages to stderr. This mode is used if pam_chauthtok() * is called to update expired passwords. */ @@ -101,43 +102,31 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, /* PAM will free this later */ reply = malloc(num_msg * sizeof(*reply)); if (reply == NULL) - return PAM_CONV_ERR; + return PAM_CONV_ERR; for (count = 0; count < num_msg; count++) { - switch ((*msg)[count].msg_style) { + if (pamstate == INITIAL_LOGIN) { + /* + * We can't use stdio yet, queue messages for + * printing later + */ + switch(PAM_MSG_MEMBER(msg, count, msg_style)) { case PAM_PROMPT_ECHO_ON: - if (pamstate == INITIAL_LOGIN) { + free(reply); + return PAM_CONV_ERR; + case PAM_PROMPT_ECHO_OFF: + if (__pampasswd == NULL) { free(reply); return PAM_CONV_ERR; - } else { - fputs((*msg)[count].msg, stderr); - fgets(buf, sizeof(buf), stdin); - reply[count].resp = xstrdup(buf); - reply[count].resp_retcode = PAM_SUCCESS; - break; - } - case PAM_PROMPT_ECHO_OFF: - if (pamstate == INITIAL_LOGIN) { - if (pampasswd == NULL) { - free(reply); - return PAM_CONV_ERR; - } - reply[count].resp = xstrdup(pampasswd); - } else { - reply[count].resp = - xstrdup(read_passphrase((*msg)[count].msg, 1)); } + reply[count].resp = xstrdup(__pampasswd); reply[count].resp_retcode = PAM_SUCCESS; break; case PAM_ERROR_MSG: case PAM_TEXT_INFO: if ((*msg)[count].msg != NULL) { - if (pamstate == INITIAL_LOGIN) - pam_msg_cat((*msg)[count].msg); - else { - fputs((*msg)[count].msg, stderr); - fputs("\n", stderr); - } + message_cat(&__pam_msg, + PAM_MSG_MEMBER(msg, count, msg)); } reply[count].resp = xstrdup(""); reply[count].resp_retcode = PAM_SUCCESS; @@ -145,6 +134,36 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, default: free(reply); return PAM_CONV_ERR; + } + } else { + /* + * stdio is connected, so interact directly + */ + switch(PAM_MSG_MEMBER(msg, count, msg_style)) { + case PAM_PROMPT_ECHO_ON: + fputs(PAM_MSG_MEMBER(msg, count, msg), stderr); + fgets(buf, sizeof(buf), stdin); + reply[count].resp = xstrdup(buf); + reply[count].resp_retcode = PAM_SUCCESS; + break; + case PAM_PROMPT_ECHO_OFF: + reply[count].resp = + read_passphrase(PAM_MSG_MEMBER(msg, count, + msg), RP_ALLOW_STDIN); + reply[count].resp_retcode = PAM_SUCCESS; + break; + case PAM_ERROR_MSG: + case PAM_TEXT_INFO: + if ((*msg)[count].msg != NULL) + fprintf(stderr, "%s\n", + PAM_MSG_MEMBER(msg, count, msg)); + reply[count].resp = xstrdup(""); + reply[count].resp_retcode = PAM_SUCCESS; + break; + default: + free(reply); + return PAM_CONV_ERR; + } } } @@ -156,61 +175,60 @@ static int do_pam_conversation(int num_msg, const struct pam_message **msg, /* Called at exit to cleanly shutdown PAM */ void do_pam_cleanup_proc(void *context) { - int pam_retval; + int pam_retval = PAM_SUCCESS; - if (pamh != NULL && session_opened) { - pam_retval = pam_close_session(pamh, 0); - if (pam_retval != PAM_SUCCESS) { - log("Cannot close PAM session[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } + if (__pamh && session_opened) { + pam_retval = pam_close_session(__pamh, 0); + if (pam_retval != PAM_SUCCESS) + log("Cannot close PAM session[%d]: %.200s", + pam_retval, PAM_STRERROR(__pamh, pam_retval)); } - if (pamh != NULL && creds_set) { - pam_retval = pam_setcred(pamh, PAM_DELETE_CRED); - if (pam_retval != PAM_SUCCESS) { + if (__pamh && creds_set) { + pam_retval = pam_setcred(__pamh, PAM_DELETE_CRED); + if (pam_retval != PAM_SUCCESS) debug("Cannot delete credentials[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } + pam_retval, PAM_STRERROR(__pamh, pam_retval)); } - if (pamh != NULL) { - pam_retval = pam_end(pamh, pam_retval); - if (pam_retval != PAM_SUCCESS) { - log("Cannot release PAM authentication[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } + if (__pamh) { + pam_retval = pam_end(__pamh, pam_retval); + if (pam_retval != PAM_SUCCESS) + log("Cannot release PAM authentication[%d]: %.200s", + pam_retval, PAM_STRERROR(__pamh, pam_retval)); } } /* Attempt password authentation using PAM */ int auth_pam_password(Authctxt *authctxt, const char *password) { - struct passwd *pw = authctxt->pw; + extern ServerOptions options; int pam_retval; + struct passwd *pw = authctxt->pw; do_pam_set_conv(&conv); /* deny if no user. */ if (pw == NULL) return 0; - if (pw->pw_uid == 0 && options.permit_root_login == 2) + if (pw->pw_uid == 0 && options.permit_root_login == PERMIT_NO_PASSWD) return 0; if (*password == '\0' && options.permit_empty_passwd == 0) return 0; - pampasswd = password; - + __pampasswd = password; + pamstate = INITIAL_LOGIN; - pam_retval = pam_authenticate(pamh, 0); - was_authenticated = (pam_retval == PAM_SUCCESS); + pam_retval = do_pam_authenticate( + options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); if (pam_retval == PAM_SUCCESS) { - debug("PAM Password authentication accepted for user \"%.100s\"", - pw->pw_name); + debug("PAM Password authentication accepted for " + "user \"%.100s\"", pw->pw_name); return 1; } else { - debug("PAM Password authentication for \"%.100s\" failed[%d]: %s", - pw->pw_name, pam_retval, PAM_STRERROR(pamh, pam_retval)); + debug("PAM Password authentication for \"%.100s\" " + "failed[%d]: %s", pw->pw_name, pam_retval, + PAM_STRERROR(__pamh, pam_retval)); return 0; } } @@ -221,41 +239,35 @@ int do_pam_account(char *username, char *remote_user) int pam_retval; do_pam_set_conv(&conv); - - debug("PAM setting rhost to \"%.200s\"", - get_canonical_hostname(options.reverse_mapping_check)); - pam_retval = pam_set_item(pamh, PAM_RHOST, - get_canonical_hostname(options.reverse_mapping_check)); - if (pam_retval != PAM_SUCCESS) { - fatal("PAM set rhost failed[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } - if (remote_user != NULL) { + if (remote_user) { debug("PAM setting ruser to \"%.200s\"", remote_user); - pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user); - if (pam_retval != PAM_SUCCESS) { - fatal("PAM set ruser failed[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } + pam_retval = pam_set_item(__pamh, PAM_RUSER, remote_user); + if (pam_retval != PAM_SUCCESS) + fatal("PAM set ruser failed[%d]: %.200s", pam_retval, + PAM_STRERROR(__pamh, pam_retval)); } - pam_retval = pam_acct_mgmt(pamh, 0); + pam_retval = pam_acct_mgmt(__pamh, 0); + debug2("pam_acct_mgmt() = %d", pam_retval); switch (pam_retval) { case PAM_SUCCESS: /* This is what we want */ break; +#if 0 case PAM_NEW_AUTHTOK_REQD: - pam_msg_cat(NEW_AUTHTOK_MSG); + message_cat(&__pam_msg, NEW_AUTHTOK_MSG); /* flag that password change is necessary */ password_change_required = 1; break; +#endif default: - log("PAM rejected by account configuration[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); + log("PAM rejected by account configuration[%d]: " + "%.200s", pam_retval, PAM_STRERROR(__pamh, + pam_retval)); return(0); } - + return(1); } @@ -268,50 +280,51 @@ void do_pam_session(char *username, const char *ttyname) if (ttyname != NULL) { debug("PAM setting tty to \"%.200s\"", ttyname); - pam_retval = pam_set_item(pamh, PAM_TTY, ttyname); - if (pam_retval != PAM_SUCCESS) { - fatal("PAM set tty failed[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } + pam_retval = pam_set_item(__pamh, PAM_TTY, ttyname); + if (pam_retval != PAM_SUCCESS) + fatal("PAM set tty failed[%d]: %.200s", + pam_retval, PAM_STRERROR(__pamh, pam_retval)); } - debug("do_pam_session: euid %u, uid %u", geteuid(), getuid()); - pam_retval = pam_open_session(pamh, 0); - if (pam_retval != PAM_SUCCESS) { - fatal("PAM session setup failed[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } + pam_retval = pam_open_session(__pamh, 0); + if (pam_retval != PAM_SUCCESS) + fatal("PAM session setup failed[%d]: %.200s", + pam_retval, PAM_STRERROR(__pamh, pam_retval)); session_opened = 1; } -/* Set PAM credentials */ -void do_pam_setcred(void) +/* Set PAM credentials */ +void do_pam_setcred(int init) { int pam_retval; + if (__pamh == NULL) + return; + do_pam_set_conv(&conv); - + debug("PAM establishing creds"); - pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED); + pam_retval = pam_setcred(__pamh, + init ? PAM_ESTABLISH_CRED : PAM_REINITIALIZE_CRED); if (pam_retval != PAM_SUCCESS) { if (was_authenticated) fatal("PAM setcred failed[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); + pam_retval, PAM_STRERROR(__pamh, pam_retval)); else debug("PAM setcred failed[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); + pam_retval, PAM_STRERROR(__pamh, pam_retval)); } else creds_set = 1; } /* accessor function for file scope static variable */ -int pam_password_change_required(void) +int is_pam_password_change_required(void) { return password_change_required; } -/* +/* * Have user change authentication token if pam_acct_mgmt() indicated * it was expired. This needs to be called after an interactive * session is established and the user's pty is connected to @@ -325,16 +338,10 @@ void do_pam_chauthtok(void) if (password_change_required) { pamstate = OTHER; - /* - * XXX: should we really loop forever? - */ - do { - pam_retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); - if (pam_retval != PAM_SUCCESS) { - log("PAM pam_chauthtok failed[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } - } while (pam_retval != PAM_SUCCESS); + pam_retval = pam_chauthtok(__pamh, PAM_CHANGE_EXPIRED_AUTHTOK); + if (pam_retval != PAM_SUCCESS) + fatal("PAM pam_chauthtok failed[%d]: %.200s", + pam_retval, PAM_STRERROR(__pamh, pam_retval)); } } @@ -346,32 +353,40 @@ void finish_pam(void) } /* Start PAM authentication for specified account */ -void start_pam(struct passwd *pw) +void start_pam(const char *user) { int pam_retval; + extern ServerOptions options; + extern u_int utmp_len; + const char *rhost; - debug("Starting up PAM with username \"%.200s\"", pw->pw_name); + debug("Starting up PAM with username \"%.200s\"", user); - pam_retval = pam_start(SSHD_PAM_SERVICE, pw->pw_name, &conv, &pamh); + pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &__pamh); - if (pam_retval != PAM_SUCCESS) { - fatal("PAM initialisation failed[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } + if (pam_retval != PAM_SUCCESS) + fatal("PAM initialisation failed[%d]: %.200s", + pam_retval, PAM_STRERROR(__pamh, pam_retval)); + rhost = get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping); + debug("PAM setting rhost to \"%.200s\"", rhost); + + pam_retval = pam_set_item(__pamh, PAM_RHOST, rhost); + if (pam_retval != PAM_SUCCESS) + fatal("PAM set rhost failed[%d]: %.200s", pam_retval, + PAM_STRERROR(__pamh, pam_retval)); #ifdef PAM_TTY_KLUDGE /* * Some PAM modules (e.g. pam_time) require a TTY to operate, - * and will fail in various stupid ways if they don't get one. + * and will fail in various stupid ways if they don't get one. * sshd doesn't set the tty until too late in the auth process and may * not even need one (for tty-less connections) - * Kludge: Set a fake PAM_TTY + * Kludge: Set a fake PAM_TTY */ - pam_retval = pam_set_item(pamh, PAM_TTY, "ssh"); - if (pam_retval != PAM_SUCCESS) { - fatal("PAM set tty failed[%d]: %.200s", - pam_retval, PAM_STRERROR(pamh, pam_retval)); - } + pam_retval = pam_set_item(__pamh, PAM_TTY, "NODEVssh"); + if (pam_retval != PAM_SUCCESS) + fatal("PAM set tty failed[%d]: %.200s", + pam_retval, PAM_STRERROR(__pamh, pam_retval)); #endif /* PAM_TTY_KLUDGE */ fatal_add_cleanup(&do_pam_cleanup_proc, NULL); @@ -381,7 +396,7 @@ void start_pam(struct passwd *pw) char **fetch_pam_environment(void) { #ifdef HAVE_PAM_GETENVLIST - return(pam_getenvlist(pamh)); + return(pam_getenvlist(__pamh)); #else /* HAVE_PAM_GETENVLIST */ return(NULL); #endif /* HAVE_PAM_GETENVLIST */ @@ -391,428 +406,29 @@ char **fetch_pam_environment(void) /* or account checking to stderr */ void print_pam_messages(void) { - if (pam_msg != NULL) - fputs(pam_msg, stderr); + if (__pam_msg != NULL) + fputs(__pam_msg, stderr); } -/* Append a message to the PAM message buffer */ -void pam_msg_cat(const char *msg) +/* Append a message to buffer */ +void message_cat(char **p, const char *a) { - char *p; - size_t new_msg_len; - size_t pam_msg_len; - - new_msg_len = strlen(msg); - - if (pam_msg) { - pam_msg_len = strlen(pam_msg); - pam_msg = xrealloc(pam_msg, new_msg_len + pam_msg_len + 2); - p = pam_msg + pam_msg_len; - } else { - pam_msg = p = xmalloc(new_msg_len + 2); - } - - memcpy(p, msg, new_msg_len); - p[new_msg_len] = '\n'; - p[new_msg_len + 1] = '\0'; -} - -struct inverted_pam_userdata { - /* - * Pipe for telling whether we are doing conversation or sending - * authentication results. - */ - int statefd[2]; - int challengefd[2]; - int responsefd[2]; - - /* Whether we have sent off our challenge */ - int state; -}; - -#define STATE_CONV 1 -#define STATE_AUTH_OK 2 -#define STATE_AUTH_FAIL 3 - -int -ssh_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, - void *userdata) { - int i; - FILE *reader; - char buf[1024]; - struct pam_response *reply = NULL; - char state_to_write = STATE_CONV; /* One char to write */ - struct inverted_pam_userdata *ud = userdata; - char *response = NULL; - - /* The stdio functions are more convenient for the read half */ - reader = fdopen(ud->responsefd[0], "rb"); - if (reader == NULL) - goto protocol_failure; - - reply = malloc(num_msg * sizeof(struct pam_response)); - if (reply == NULL) - return PAM_CONV_ERR; - - if (write(ud->statefd[1], &state_to_write, 1) != 1) - goto protocol_failure; - - /* - * Re-package our data and send it off to our better half (the actual SSH - * process) - */ - if (write(ud->challengefd[1], buf, - sprintf(buf, "%d\n", num_msg)) == -1) - goto protocol_failure; - for (i = 0; i < num_msg; i++) { - if (write(ud->challengefd[1], buf, - sprintf(buf, "%d\n", msg[i]->msg_style)) == -1) - goto protocol_failure; - if (write(ud->challengefd[1], buf, - sprintf(buf, "%d\n", strlen(msg[i]->msg))) == -1) - goto protocol_failure; - if (write(ud->challengefd[1], msg[i]->msg, - strlen(msg[i]->msg)) == -1) - goto protocol_failure; - } - /* - * Read back responses. These may not be as nice as we want, as the SSH - * protocol isn't exactly a perfect fit with PAM. - */ - - for (i = 0; i < num_msg; i++) { - char buf[1024]; - char *endptr; - size_t len; /* Length of the response */ - - switch (msg[i]->msg_style) { - case PAM_PROMPT_ECHO_OFF: - case PAM_PROMPT_ECHO_ON: - if (fgets(buf, sizeof(buf), reader) == NULL) - goto protocol_failure; - len = (size_t)strtoul(buf, &endptr, 10); - /* The length is supposed to stand on a line by itself */ - if (endptr == NULL || *endptr != '\n') - goto protocol_failure; - response = malloc(len+1); - if (response == NULL) - goto protocol_failure; - if (fread(response, len, 1, reader) != 1) - goto protocol_failure; - response[len] = '\0'; - reply[i].resp = response; - response = NULL; - break; - default: - reply[i].resp = NULL; - break; - } - } - *resp = reply; - return PAM_SUCCESS; - protocol_failure: - free(reply); - return PAM_CONV_ERR; -} - -void -ipam_free_cookie(struct inverted_pam_cookie *cookie) { - struct inverted_pam_userdata *ud; - int i; - - if (cookie == NULL) - return; - ud = cookie->userdata; - cookie->userdata = NULL; - /* Free userdata if allocated */ - if (ud) { - /* Close any opened file descriptors */ - if (ud->statefd[0] != -1) - close(ud->statefd[0]); - if (ud->statefd[1] != -1) - close(ud->statefd[1]); - if (ud->challengefd[0] != -1) - close(ud->challengefd[0]); - if (ud->challengefd[1] != -1) - close(ud->challengefd[1]); - if (ud->responsefd[0] != -1) - close(ud->responsefd[0]); - if (ud->responsefd[1] != -1) - close(ud->responsefd[1]); - free(ud); - ud = NULL; - } - /* Now free the normal cookie */ - if (cookie->pid != 0 && cookie->pid != -1) { - int status; - - /* XXX Use different signal? */ - kill(cookie->pid, SIGKILL); - waitpid(cookie->pid, &status, 0); - } - for (i = 0; i < cookie->num_msg; i++) { - if (cookie->resp && cookie->resp[i]) { - free(cookie->resp[i]->resp); - free(cookie->resp[i]); - } - if (cookie->msg && cookie->msg[i]) { - free((void *)cookie->msg[i]->msg); - free(cookie->msg[i]); - } - } - free(cookie->msg); - free(cookie->resp); - free(cookie); -} - -/* - * Do first half of PAM authentication - this comes to the point where - * you get a message to send to the user. - */ -struct inverted_pam_cookie * -ipam_start_auth(const char *service, const char *username) { - struct inverted_pam_cookie *cookie; - struct inverted_pam_userdata *ud; - static struct pam_conv conv = { - ssh_conv, - NULL - }; - - cookie = malloc(sizeof(*cookie)); - if (cookie == NULL) - return NULL; - cookie->state = 0; - /* Set up the cookie so ipam_freecookie can be used on it */ - cookie->num_msg = 0; - cookie->msg = NULL; - cookie->resp = NULL; - cookie->pid = -1; - - ud = calloc(sizeof(*ud), 1); - if (ud == NULL) { - free(cookie); - return NULL; - } - cookie->userdata = ud; - ud->statefd[0] = ud->statefd[1] = -1; - ud->challengefd[0] = ud->challengefd[1] = -1; - ud->responsefd[0] = ud->responsefd[1] = -1; - - if (pipe(ud->statefd) != 0) { - ud->statefd[0] = ud->statefd[1] = -1; - ipam_free_cookie(cookie); - return NULL; - } - if (pipe(ud->challengefd) != 0) { - ud->challengefd[0] = ud->challengefd[1] = -1; - ipam_free_cookie(cookie); - return NULL; - } - if (pipe(ud->responsefd) != 0) { - ud->responsefd[0] = ud->responsefd[1] = -1; - ipam_free_cookie(cookie); - return NULL; - } - cookie->pid = fork(); - if (cookie->pid == -1) { - ipam_free_cookie(cookie); - return NULL; - } else if (cookie->pid != 0) { - int num_msgs; /* Number of messages from PAM */ - char *endptr; - char buf[1024]; - FILE *reader; - size_t num_msg; - int i; - char state; /* Which state did the connection just enter? */ + char *cp; + size_t new_len; - /* We are the parent - wait for a call to the communications - function to turn up, or the challenge to be finished */ - if (read(ud->statefd[0], &state, 1) != 1) { - ipam_free_cookie(cookie); - return NULL; - } - cookie->state = state; - switch (state) { - case STATE_CONV: - /* We are running the conversation function */ - /* The stdio functions are more convenient for read */ - reader = fdopen(ud->challengefd[0], "r"); - if (reader == NULL) { - ipam_free_cookie(cookie); - return NULL; - } - if (fgets(buf, 4, reader) == NULL) { - fclose(reader); - ipam_free_cookie(cookie); - return NULL; - } - num_msg = (size_t)strtoul(buf, &endptr, 10); - /* The length is supposed to stand on a line by itself */ - if (endptr == NULL || *endptr != '\n') { - fclose(reader); - ipam_free_cookie(cookie); - return NULL; - } - cookie->msg = - malloc(sizeof(struct pam_message *) * num_msg); - cookie->resp = - malloc(sizeof(struct pam_response *) * num_msg); - if (cookie->msg == NULL || cookie->resp == NULL) { - fclose(reader); - ipam_free_cookie(cookie); - return NULL; - } - for (i = 0; i < num_msg; i++) { - cookie->msg[i] = - malloc(sizeof(struct pam_message)); - cookie->resp[i] = - malloc(sizeof(struct pam_response)); - if (cookie->msg[i] == NULL || - cookie->resp[i] == NULL) { - for (;;) { - free(cookie->msg[i]); - free(cookie->resp[i]); - if (i == 0) - break; - i--; - } - fclose(reader); - ipam_free_cookie(cookie); - return NULL; - } - cookie->msg[i]->msg = NULL; - cookie->resp[i]->resp = NULL; - cookie->resp[i]->resp_retcode = 0; - } - /* Set up so the above will be freed on failure */ - cookie->num_msg = num_msg; - /* - * We have a an allocated response and message for - * each of the entries in the PAM structure - transfer - * the data sent to the conversation function over. - */ - for (i = 0; i < num_msg; i++) { - size_t len; - - if (fgets(buf, sizeof(buf), reader) == NULL) { - fclose(reader); - ipam_free_cookie(cookie); - return NULL; - } - cookie->msg[i]->msg_style = - (size_t)strtoul(buf, &endptr, 10); - if (endptr == NULL || *endptr != '\n') { - fclose(reader); - ipam_free_cookie(cookie); - return NULL; - } - if (fgets(buf, sizeof(buf), reader) == NULL) { - fclose(reader); - ipam_free_cookie(cookie); - return NULL; - } - len = (size_t)strtoul(buf, &endptr, 10); - if (endptr == NULL || *endptr != '\n') { - fclose(reader); - ipam_free_cookie(cookie); - return NULL; - } - cookie->msg[i]->msg = malloc(len + 1); - if (cookie->msg[i]->msg == NULL) { - fclose(reader); - ipam_free_cookie(cookie); - return NULL; - } - if (fread((char *)cookie->msg[i]->msg, len, 1, reader) != - 1) { - fclose(reader); - ipam_free_cookie(cookie); - return NULL; - } - *(char *)&(cookie->msg[i]->msg[len]) = '\0'; - } - break; - case STATE_AUTH_OK: - case STATE_AUTH_FAIL: - break; - default: - /* Internal failure, somehow */ - fclose(reader); - ipam_free_cookie(cookie); - return NULL; - } - return cookie; - } else { - /* We are the child */ - pam_handle_t *pamh=NULL; - int retval; - char state; - - conv.appdata_ptr = ud; - retval = pam_start(service, username, &conv, &pamh); - /* Is user really user? */ - if (retval == PAM_SUCCESS) - retval = pam_authenticate(pamh, 0); - /* permitted access? */ - if (retval == PAM_SUCCESS) - retval = pam_acct_mgmt(pamh, 0); - /* This is where we have been authorized or not. */ + new_len = strlen(a); - /* Be conservative - flag as auth failure if we can't close */ - /* - * XXX This is based on example code from Linux-PAM - - * but can it really be correct to pam_end if - * pam_start failed? - */ - if (pam_end(pamh, retval) != PAM_SUCCESS) - retval = PAM_AUTH_ERR; + if (*p) { + size_t len = strlen(*p); - /* Message to parent */ - state = retval == PAM_SUCCESS ? STATE_AUTH_OK : STATE_AUTH_FAIL; - if (write(ud->statefd[1], &state, 1) != 1) { - _exit(1); - } - /* FDs will be closed, so further communication will stop */ - _exit(0); - } -} - -/* - * Do second half of PAM authentication - cookie should now be filled - * in with the response to the challenge. - */ - -int -ipam_complete_auth(struct inverted_pam_cookie *cookie) { - int i; - char buf[1024]; - struct inverted_pam_userdata *ud = cookie->userdata; - char state; + *p = xrealloc(*p, new_len + len + 2); + cp = *p + len; + } else + *p = cp = xmalloc(new_len + 2); - /* Send over our responses */ - for (i = 0; i < cookie->num_msg; i++) { - if (cookie->msg[i]->msg_style != PAM_PROMPT_ECHO_ON && - cookie->msg[i]->msg_style != PAM_PROMPT_ECHO_OFF) - continue; - if (write(ud->responsefd[1], buf, - sprintf(buf, "%d\n", strlen(cookie->resp[i]->resp))) == -1) { - ipam_free_cookie(cookie); - return 0; - } - if (write(ud->responsefd[1], cookie->resp[i]->resp, - strlen(cookie->resp[i]->resp)) == -1) { - ipam_free_cookie(cookie); - return 0; - } - } - /* Find out what state we are changing to */ - if (read(ud->statefd[0], &state, 1) != 1) { - ipam_free_cookie(cookie); - return 0; - } - - return state == STATE_AUTH_OK ? 1 : 0; + memcpy(cp, a, new_len); + cp[new_len] = '\n'; + cp[new_len + 1] = '\0'; } #endif /* USE_PAM */ diff --git a/crypto/openssh/auth-pam.h b/crypto/openssh/auth-pam.h index f1128b823598..6b1f35addeda 100644 --- a/crypto/openssh/auth-pam.h +++ b/crypto/openssh/auth-pam.h @@ -1,39 +1,22 @@ -/* - * OpenSSH PAM authentication support. - * - * $FreeBSD$ - */ -#ifndef AUTH_PAM_H -#define AUTH_PAM_H +/* $Id: auth-pam.h,v 1.12 2002/04/04 19:02:28 stevesk Exp $ */ + #include "includes.h" #ifdef USE_PAM -#include "auth.h" #include <pwd.h> /* For struct passwd */ -void start_pam(struct passwd *pw); +void start_pam(const char *user); void finish_pam(void); int auth_pam_password(Authctxt *authctxt, const char *password); char **fetch_pam_environment(void); +int do_pam_authenticate(int flags); int do_pam_account(char *username, char *remote_user); void do_pam_session(char *username, const char *ttyname); -void do_pam_setcred(void); +void do_pam_setcred(int init); void print_pam_messages(void); -int pam_password_change_required(void); +int is_pam_password_change_required(void); void do_pam_chauthtok(void); - -struct inverted_pam_cookie { - int state; /* Which state have we reached? */ - pid_t pid; /* PID of child process */ - - /* Only valid in state STATE_CONV */ - int num_msg; /* Number of messages */ - struct pam_message **msg; /* Message structures */ - struct pam_response **resp; /* Response structures */ - struct inverted_pam_userdata *userdata; -}; -void ipam_free_cookie(struct inverted_pam_cookie *cookie); -struct inverted_pam_cookie *ipam_start_auth(const char *, const char *); +void do_pam_set_conv(struct pam_conv *); +void message_cat(char **p, const char *a); #endif /* USE_PAM */ -#endif /* AUTH_PAM_H */ diff --git a/crypto/openssh/auth-passwd.c b/crypto/openssh/auth-passwd.c index 1ca7fa93dded..17bbd2ceba0d 100644 --- a/crypto/openssh/auth-passwd.c +++ b/crypto/openssh/auth-passwd.c @@ -36,15 +36,49 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-passwd.c,v 1.22 2001/03/20 18:57:04 markus Exp $"); -RCSID("$FreeBSD$"); +RCSID("$OpenBSD: auth-passwd.c,v 1.27 2002/05/24 16:45:16 stevesk Exp $"); #include "packet.h" -#include "xmalloc.h" #include "log.h" #include "servconf.h" #include "auth.h" +#if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) +/* Don't need any of these headers for the PAM or SIA cases */ +# ifdef HAVE_CRYPT_H +# include <crypt.h> +# endif +# ifdef WITH_AIXAUTHENTICATE +# include <login.h> +# endif +# ifdef __hpux +# include <hpsecurity.h> +# include <prot.h> +# endif +# ifdef HAVE_SECUREWARE +# include <sys/security.h> +# include <sys/audit.h> +# include <prot.h> +# endif /* HAVE_SECUREWARE */ +# if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) +# include <shadow.h> +# endif +# if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) +# include <sys/label.h> +# include <sys/audit.h> +# include <pwdadj.h> +# endif +# if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) +# include "md5crypt.h" +# endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ + +# ifdef HAVE_CYGWIN +# undef ERROR +# include <windows.h> +# include <sys/cygwin.h> +# define is_winnt (GetVersion() < 0x80000000) +# endif +#endif /* !USE_PAM && !HAVE_OSF_SIA */ extern ServerOptions options; @@ -55,47 +89,135 @@ extern ServerOptions options; int auth_password(Authctxt *authctxt, const char *password) { +#if defined(USE_PAM) + if (*password == '\0' && options.permit_empty_passwd == 0) + return 0; + return auth_pam_password(authctxt, password); +#elif defined(HAVE_OSF_SIA) + if (*password == '\0' && options.permit_empty_passwd == 0) + return 0; + return auth_sia_password(authctxt, password); +#else struct passwd * pw = authctxt->pw; char *encrypted_password; + char *pw_password; + char *salt; +#if defined(__hpux) || defined(HAVE_SECUREWARE) + struct pr_passwd *spw; +#endif /* __hpux || HAVE_SECUREWARE */ +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) + struct spwd *spw; +#endif +#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) + struct passwd_adjunct *spw; +#endif +#ifdef WITH_AIXAUTHENTICATE + char *authmsg; + char *loginmsg; + int reenter = 1; +#endif /* deny if no user. */ if (pw == NULL) return 0; - if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) +#ifndef HAVE_CYGWIN + if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) return 0; +#endif if (*password == '\0' && options.permit_empty_passwd == 0) return 0; -#ifdef BSD_AUTH - if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", - (char *)password) == 0) - return 0; - else - return 1; -#endif #ifdef KRB5 if (options.kerberos_authentication == 1) { - if (auth_krb5_password(pw, password)) - return 1; + int ret = auth_krb5_password(authctxt, password); + if (ret == 1 || ret == 0) + return ret; /* Fall back to ordinary passwd authentication. */ } +#endif +#ifdef HAVE_CYGWIN + if (is_winnt) { + HANDLE hToken = cygwin_logon_user(pw, password); -#endif /* KRB5 */ + if (hToken == INVALID_HANDLE_VALUE) + return 0; + cygwin_set_impersonation_token(hToken); + return 1; + } +#endif +#ifdef WITH_AIXAUTHENTICATE + return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); +#endif #ifdef KRB4 if (options.kerberos_authentication == 1) { - int ret = auth_krb4_password(pw, password); + int ret = auth_krb4_password(authctxt, password); if (ret == 1 || ret == 0) return ret; /* Fall back to ordinary passwd authentication. */ } #endif +#ifdef BSD_AUTH + if (auth_userokay(pw->pw_name, authctxt->style, "auth-ssh", + (char *)password) == 0) + return 0; + else + return 1; +#endif + pw_password = pw->pw_passwd; + + /* + * Various interfaces to shadow or protected password data + */ +#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) + spw = getspnam(pw->pw_name); + if (spw != NULL) + pw_password = spw->sp_pwdp; +#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */ + +#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) + if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL) + pw_password = spw->pwa_passwd; +#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */ + +#ifdef HAVE_SECUREWARE + if ((spw = getprpwnam(pw->pw_name)) != NULL) + pw_password = spw->ufld.fd_encrypt; +#endif /* HAVE_SECUREWARE */ + +#if defined(__hpux) && !defined(HAVE_SECUREWARE) + if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL) + pw_password = spw->ufld.fd_encrypt; +#endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */ /* Check for users with no password. */ - if (strcmp(password, "") == 0 && strcmp(pw->pw_passwd, "") == 0) + if ((password[0] == '\0') && (pw_password[0] == '\0')) return 1; - /* Encrypt the candidate password using the proper salt. */ - encrypted_password = crypt(password, - (pw->pw_passwd[0] && pw->pw_passwd[1]) ? pw->pw_passwd : "xx"); + + if (pw_password[0] != '\0') + salt = pw_password; + else + salt = "xx"; + +#ifdef HAVE_MD5_PASSWORDS + if (is_md5_salt(salt)) + encrypted_password = md5_crypt(password, salt); + else + encrypted_password = crypt(password, salt); +#else /* HAVE_MD5_PASSWORDS */ +# if defined(__hpux) && !defined(HAVE_SECUREWARE) + if (iscomsec()) + encrypted_password = bigcrypt(password, salt); + else + encrypted_password = crypt(password, salt); +# else +# ifdef HAVE_SECUREWARE + encrypted_password = bigcrypt(password, salt); +# else + encrypted_password = crypt(password, salt); +# endif /* HAVE_SECUREWARE */ +# endif /* __hpux && !defined(HAVE_SECUREWARE) */ +#endif /* HAVE_MD5_PASSWORDS */ /* Authentication is accepted if the encrypted passwords are identical. */ - return (strcmp(encrypted_password, pw->pw_passwd) == 0); + return (strcmp(encrypted_password, pw_password) == 0); +#endif /* !USE_PAM && !HAVE_OSF_SIA */ } diff --git a/crypto/openssh/auth-rh-rsa.c b/crypto/openssh/auth-rh-rsa.c index 596a7bb44e93..d7848d04c4dd 100644 --- a/crypto/openssh/auth-rh-rsa.c +++ b/crypto/openssh/auth-rh-rsa.c @@ -13,11 +13,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rh-rsa.c,v 1.23 2001/04/06 21:00:04 markus Exp $"); -RCSID("$FreeBSD$"); +RCSID("$OpenBSD: auth-rh-rsa.c,v 1.34 2002/03/25 09:25:06 markus Exp $"); #include "packet.h" -#include "xmalloc.h" #include "uidswap.h" #include "log.h" #include "servconf.h" @@ -25,73 +23,50 @@ RCSID("$FreeBSD$"); #include "hostfile.h" #include "pathnames.h" #include "auth.h" -#include "tildexpand.h" #include "canohost.h" -/* - * Tries to authenticate the user using the .rhosts file and the host using - * its host key. Returns true if authentication succeeds. - */ +#include "monitor_wrap.h" + +/* import */ +extern ServerOptions options; int -auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key) +auth_rhosts_rsa_key_allowed(struct passwd *pw, char *cuser, char *chost, + Key *client_host_key) { - extern ServerOptions options; - const char *canonical_hostname; HostStatus host_status; - Key *client_key, *found; - - debug("Trying rhosts with RSA host authentication for client user %.100s", client_user); - - if (pw == NULL || client_host_key == NULL) - return 0; /* Check if we would accept it using rhosts authentication. */ - if (!auth_rhosts(pw, client_user)) + if (!auth_rhosts(pw, cuser)) return 0; - canonical_hostname = get_canonical_hostname( - options.reverse_mapping_check); + host_status = check_key_in_hostfiles(pw, client_host_key, + chost, _PATH_SSH_SYSTEM_HOSTFILE, + options.ignore_user_known_hosts ? NULL : _PATH_SSH_USER_HOSTFILE); + + return (host_status == HOST_OK); +} - debug("Rhosts RSA authentication: canonical host %.900s", canonical_hostname); +/* + * Tries to authenticate the user using the .rhosts file and the host using + * its host key. Returns true if authentication succeeds. + */ +int +auth_rhosts_rsa(struct passwd *pw, char *cuser, Key *client_host_key) +{ + char *chost; - /* wrap the RSA key into a 'generic' key */ - client_key = key_new(KEY_RSA1); - BN_copy(client_key->rsa->e, client_host_key->e); - BN_copy(client_key->rsa->n, client_host_key->n); - found = key_new(KEY_RSA1); + debug("Trying rhosts with RSA host authentication for client user %.100s", + cuser); - /* Check if we know the host and its host key. */ - host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname, - client_key, found, NULL); + if (pw == NULL || client_host_key == NULL || + client_host_key->rsa == NULL) + return 0; - /* Check user host file unless ignored. */ - if (host_status != HOST_OK && !options.ignore_user_known_hosts) { - struct stat st; - char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid); - /* - * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa() - * did already check pw->pw_dir, but there is a race XXX - */ - if (options.strict_modes && - (stat(user_hostfile, &st) == 0) && - ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { - log("Rhosts RSA authentication refused for %.100s: bad owner or modes for %.200s", - pw->pw_name, user_hostfile); - } else { - /* XXX race between stat and the following open() */ - temporarily_use_uid(pw); - host_status = check_host_in_hostfile(user_hostfile, canonical_hostname, - client_key, found, NULL); - restore_uid(); - } - xfree(user_hostfile); - } - key_free(client_key); - key_free(found); + chost = (char *)get_canonical_hostname(options.verify_reverse_mapping); + debug("Rhosts RSA authentication: canonical host %.900s", chost); - if (host_status != HOST_OK) { + if (!PRIVSEP(auth_rhosts_rsa_key_allowed(pw, cuser, chost, client_host_key))) { debug("Rhosts with RSA host authentication denied: unknown or invalid host key"); packet_send_debug("Your host key cannot be verified: unknown or invalid host key."); return 0; @@ -101,7 +76,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key /* Perform the challenge-response dialog with the client for the host key. */ if (!auth_rsa_challenge_dialog(client_host_key)) { log("Client on %.800s failed to respond correctly to host authentication.", - canonical_hostname); + chost); return 0; } /* @@ -110,7 +85,7 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key */ verbose("Rhosts with RSA host authentication accepted for %.100s, %.100s on %.700s.", - pw->pw_name, client_user, canonical_hostname); + pw->pw_name, cuser, chost); packet_send_debug("Rhosts with RSA host authentication accepted."); return 1; } diff --git a/crypto/openssh/auth-rhosts.c b/crypto/openssh/auth-rhosts.c index 324a0f925902..afca1f7c63c3 100644 --- a/crypto/openssh/auth-rhosts.c +++ b/crypto/openssh/auth-rhosts.c @@ -14,10 +14,9 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rhosts.c,v 1.23 2001/04/12 19:15:24 markus Exp $"); +RCSID("$OpenBSD: auth-rhosts.c,v 1.28 2002/05/13 21:26:49 markus Exp $"); #include "packet.h" -#include "xmalloc.h" #include "uidswap.h" #include "pathnames.h" #include "log.h" @@ -27,6 +26,7 @@ RCSID("$OpenBSD: auth-rhosts.c,v 1.23 2001/04/12 19:15:24 markus Exp $"); /* import */ extern ServerOptions options; +extern int use_privsep; /* * This function processes an rhosts-style file (.rhosts, .shosts, or @@ -34,7 +34,7 @@ extern ServerOptions options; * based on the file, and returns zero otherwise. */ -int +static int check_rhosts_file(const char *filename, const char *hostname, const char *ipaddr, const char *client_user, const char *server_user) @@ -70,7 +70,7 @@ check_rhosts_file(const char *filename, const char *hostname, */ switch (sscanf(buf, "%s %s %s", hostbuf, userbuf, dummy)) { case 0: - packet_send_debug("Found empty line in %.100s.", filename); + auth_debug_add("Found empty line in %.100s.", filename); continue; case 1: /* Host name only. */ @@ -80,7 +80,7 @@ check_rhosts_file(const char *filename, const char *hostname, /* Got both host and user name. */ break; case 3: - packet_send_debug("Found garbage in %.100s.", filename); + auth_debug_add("Found garbage in %.100s.", filename); continue; default: /* Weird... */ @@ -107,8 +107,8 @@ check_rhosts_file(const char *filename, const char *hostname, /* Check for empty host/user names (particularly '+'). */ if (!host[0] || !user[0]) { /* We come here if either was '+' or '-'. */ - packet_send_debug("Ignoring wild host/user names in %.100s.", - filename); + auth_debug_add("Ignoring wild host/user names in %.100s.", + filename); continue; } /* Verify that host name matches. */ @@ -131,8 +131,8 @@ check_rhosts_file(const char *filename, const char *hostname, /* If the entry was negated, deny access. */ if (negated) { - packet_send_debug("Matched negative entry in %.100s.", - filename); + auth_debug_add("Matched negative entry in %.100s.", + filename); return 0; } /* Accept authentication. */ @@ -154,16 +154,14 @@ int auth_rhosts(struct passwd *pw, const char *client_user) { const char *hostname, *ipaddr; - int ret; - hostname = get_canonical_hostname(options.reverse_mapping_check); + hostname = get_canonical_hostname(options.verify_reverse_mapping); ipaddr = get_remote_ipaddr(); - ret = auth_rhosts2(pw, client_user, hostname, ipaddr); - return ret; + return auth_rhosts2(pw, client_user, hostname, ipaddr); } -int -auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, +static int +auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostname, const char *ipaddr) { char buf[1024]; @@ -186,7 +184,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, * servers. */ for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; - rhosts_file_index++) { + rhosts_file_index++) { /* Check users .rhosts or .shosts. */ snprintf(buf, sizeof buf, "%.500s/%.100s", pw->pw_dir, rhosts_files[rhosts_file_index]); @@ -204,16 +202,16 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */ if (pw->pw_uid != 0) { - if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user, - pw->pw_name)) { - packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.", - hostname, ipaddr); + if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, + client_user, pw->pw_name)) { + auth_debug_add("Accepted for %.100s [%.100s] by /etc/hosts.equiv.", + hostname, ipaddr); return 1; } - if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user, - pw->pw_name)) { - packet_send_debug("Accepted for %.100s [%.100s] by %.100s.", - hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV); + if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, + client_user, pw->pw_name)) { + auth_debug_add("Accepted for %.100s [%.100s] by %.100s.", + hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV); return 1; } } @@ -222,19 +220,19 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, * not group or world writable. */ if (stat(pw->pw_dir, &st) < 0) { - log("Rhosts authentication refused for %.100s: no home directory %.200s", - pw->pw_name, pw->pw_dir); - packet_send_debug("Rhosts authentication refused for %.100s: no home directory %.200s", - pw->pw_name, pw->pw_dir); + log("Rhosts authentication refused for %.100s: " + "no home directory %.200s", pw->pw_name, pw->pw_dir); + auth_debug_add("Rhosts authentication refused for %.100s: " + "no home directory %.200s", pw->pw_name, pw->pw_dir); return 0; } if (options.strict_modes && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { - log("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.", - pw->pw_name); - packet_send_debug("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.", - pw->pw_name); + (st.st_mode & 022) != 0)) { + log("Rhosts authentication refused for %.100s: " + "bad ownership or modes for home directory.", pw->pw_name); + auth_debug_add("Rhosts authentication refused for %.100s: " + "bad ownership or modes for home directory.", pw->pw_name); return 0; } /* Temporarily use the user's uid. */ @@ -242,7 +240,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, /* Check all .rhosts files (currently .shosts and .rhosts). */ for (rhosts_file_index = 0; rhosts_files[rhosts_file_index]; - rhosts_file_index++) { + rhosts_file_index++) { /* Check users .rhosts or .shosts. */ snprintf(buf, sizeof buf, "%.500s/%.100s", pw->pw_dir, rhosts_files[rhosts_file_index]); @@ -257,24 +255,26 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, */ if (options.strict_modes && ((st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0)) { + (st.st_mode & 022) != 0)) { log("Rhosts authentication refused for %.100s: bad modes for %.200s", pw->pw_name, buf); - packet_send_debug("Bad file modes for %.200s", buf); + auth_debug_add("Bad file modes for %.200s", buf); continue; } /* Check if we have been configured to ignore .rhosts and .shosts files. */ if (options.ignore_rhosts) { - packet_send_debug("Server has been configured to ignore %.100s.", - rhosts_files[rhosts_file_index]); + auth_debug_add("Server has been configured to ignore %.100s.", + rhosts_files[rhosts_file_index]); continue; } /* Check if authentication is permitted by the file. */ if (check_rhosts_file(buf, hostname, ipaddr, client_user, pw->pw_name)) { - packet_send_debug("Accepted by %.100s.", - rhosts_files[rhosts_file_index]); + auth_debug_add("Accepted by %.100s.", + rhosts_files[rhosts_file_index]); /* Restore the privileged uid. */ restore_uid(); + auth_debug_add("Accepted host %s ip %s client_user %s server_user %s", + hostname, ipaddr, client_user, pw->pw_name); return 1; } } @@ -283,3 +283,16 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, restore_uid(); return 0; } + +int +auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, + const char *ipaddr) +{ + int ret; + + auth_debug_reset(); + ret = auth_rhosts2_raw(pw, client_user, hostname, ipaddr); + if (!use_privsep) + auth_debug_send(); + return ret; +} diff --git a/crypto/openssh/auth-rsa.c b/crypto/openssh/auth-rsa.c index a7e062506847..92f6277f9a06 100644 --- a/crypto/openssh/auth-rsa.c +++ b/crypto/openssh/auth-rsa.c @@ -14,8 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: auth-rsa.c,v 1.40 2001/04/06 21:00:07 markus Exp $"); -RCSID("$FreeBSD$"); +RCSID("$OpenBSD: auth-rsa.c,v 1.56 2002/06/10 16:53:06 stevesk Exp $"); #include <openssl/rsa.h> #include <openssl/md5.h> @@ -32,6 +31,9 @@ RCSID("$FreeBSD$"); #include "log.h" #include "servconf.h" #include "auth.h" +#include "hostfile.h" +#include "monitor_wrap.h" +#include "ssh.h" /* import */ extern ServerOptions options; @@ -52,6 +54,58 @@ extern u_char session_id[16]; * description of the options. */ +BIGNUM * +auth_rsa_generate_challenge(Key *key) +{ + BIGNUM *challenge; + BN_CTX *ctx; + + if ((challenge = BN_new()) == NULL) + fatal("auth_rsa_generate_challenge: BN_new() failed"); + /* Generate a random challenge. */ + BN_rand(challenge, 256, 0, 0); + if ((ctx = BN_CTX_new()) == NULL) + fatal("auth_rsa_generate_challenge: BN_CTX_new() failed"); + BN_mod(challenge, challenge, key->rsa->n, ctx); + BN_CTX_free(ctx); + + return challenge; +} + +int +auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) +{ + u_char buf[32], mdbuf[16]; + MD5_CTX md; + int len; + + /* don't allow short keys */ + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + error("auth_rsa_verify_response: RSA modulus too small: %d < minimum %d bits", + BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); + return (0); + } + + /* The response is MD5 of decrypted challenge plus session id. */ + len = BN_num_bytes(challenge); + if (len <= 0 || len > 32) + fatal("auth_rsa_verify_response: bad challenge length %d", len); + memset(buf, 0, 32); + BN_bn2bin(challenge, buf + 32 - len); + MD5_Init(&md); + MD5_Update(&md, buf, 32); + MD5_Update(&md, session_id, 16); + MD5_Final(mdbuf, &md); + + /* Verify that the response is the original challenge. */ + if (memcmp(response, mdbuf, 16) != 0) { + /* Wrong answer. */ + return (0); + } + /* Correct answer. */ + return (1); +} + /* * Performs the RSA authentication challenge-response dialog with the client, * and returns true (non-zero) if the client gave the correct answer to @@ -59,26 +113,19 @@ extern u_char session_id[16]; */ int -auth_rsa_challenge_dialog(RSA *pk) +auth_rsa_challenge_dialog(Key *key) { BIGNUM *challenge, *encrypted_challenge; - BN_CTX *ctx; - u_char buf[32], mdbuf[16], response[16]; - MD5_CTX md; - u_int i; - int plen, len; + u_char response[16]; + int i, success; - encrypted_challenge = BN_new(); - challenge = BN_new(); + if ((encrypted_challenge = BN_new()) == NULL) + fatal("auth_rsa_challenge_dialog: BN_new() failed"); - /* Generate a random challenge. */ - BN_rand(challenge, 256, 0, 0); - ctx = BN_CTX_new(); - BN_mod(challenge, challenge, pk->n, ctx); - BN_CTX_free(ctx); + challenge = PRIVSEP(auth_rsa_generate_challenge(key)); /* Encrypt the challenge with the public key. */ - rsa_public_encrypt(encrypted_challenge, challenge, pk); + rsa_public_encrypt(encrypted_challenge, challenge, key->rsa); /* Send the encrypted challenge to the client. */ packet_start(SSH_SMSG_AUTH_RSA_CHALLENGE); @@ -88,117 +135,67 @@ auth_rsa_challenge_dialog(RSA *pk) packet_write_wait(); /* Wait for a response. */ - packet_read_expect(&plen, SSH_CMSG_AUTH_RSA_RESPONSE); - packet_integrity_check(plen, 16, SSH_CMSG_AUTH_RSA_RESPONSE); + packet_read_expect(SSH_CMSG_AUTH_RSA_RESPONSE); for (i = 0; i < 16; i++) response[i] = packet_get_char(); + packet_check_eom(); - /* The response is MD5 of decrypted challenge plus session id. */ - len = BN_num_bytes(challenge); - if (len <= 0 || len > 32) - fatal("auth_rsa_challenge_dialog: bad challenge length %d", len); - memset(buf, 0, 32); - BN_bn2bin(challenge, buf + 32 - len); - MD5_Init(&md); - MD5_Update(&md, buf, 32); - MD5_Update(&md, session_id, 16); - MD5_Final(mdbuf, &md); + success = PRIVSEP(auth_rsa_verify_response(key, challenge, response)); BN_clear_free(challenge); - - /* Verify that the response is the original challenge. */ - if (memcmp(response, mdbuf, 16) != 0) { - /* Wrong answer. */ - return 0; - } - /* Correct answer. */ - return 1; + return (success); } /* - * Performs the RSA authentication dialog with the client. This returns - * 0 if the client could not be authenticated, and 1 if authentication was - * successful. This may exit if there is a serious protocol violation. + * check if there's user key matching client_n, + * return key if login is allowed, NULL otherwise */ int -auth_rsa(struct passwd *pw, BIGNUM *client_n) +auth_rsa_key_allowed(struct passwd *pw, BIGNUM *client_n, Key **rkey) { - char line[8192], file[MAXPATHLEN]; - int authenticated; + char line[8192], *file; + int allowed = 0; u_int bits; FILE *f; u_long linenum = 0; struct stat st; - RSA *pk; - - /* no user given */ - if (pw == NULL) - return 0; + Key *key; /* Temporarily use the user's uid. */ temporarily_use_uid(pw); /* The authorized keys. */ - snprintf(file, sizeof file, "%.500s/%.100s", pw->pw_dir, - _PATH_SSH_USER_PERMITTED_KEYS); + file = authorized_keys_file(pw); + debug("trying public RSA key file %s", file); /* Fail quietly if file does not exist */ if (stat(file, &st) < 0) { /* Restore the privileged uid. */ restore_uid(); - return 0; + xfree(file); + return (0); } /* Open the file containing the authorized keys. */ f = fopen(file, "r"); if (!f) { /* Restore the privileged uid. */ restore_uid(); - packet_send_debug("Could not open %.900s for reading.", file); - packet_send_debug("If your home is on an NFS volume, it may need to be world-readable."); - return 0; + xfree(file); + return (0); } - if (options.strict_modes) { - int fail = 0; - char buf[1024]; - /* Check open file in order to avoid open/stat races */ - if (fstat(fileno(f), &st) < 0 || - (st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0) { - snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: " - "bad ownership or modes for '%s'.", pw->pw_name, file); - fail = 1; - } else { - /* Check path to _PATH_SSH_USER_PERMITTED_KEYS */ - int i; - static const char *check[] = { - "", _PATH_SSH_USER_DIR, NULL - }; - for (i = 0; check[i]; i++) { - snprintf(line, sizeof line, "%.500s/%.100s", pw->pw_dir, check[i]); - if (stat(line, &st) < 0 || - (st.st_uid != 0 && st.st_uid != pw->pw_uid) || - (st.st_mode & 022) != 0) { - snprintf(buf, sizeof buf, "RSA authentication refused for %.100s: " - "bad ownership or modes for '%s'.", pw->pw_name, line); - fail = 1; - break; - } - } - } - if (fail) { - fclose(f); - log("%s", buf); - packet_send_debug("%s", buf); - restore_uid(); - return 0; - } + if (options.strict_modes && + secure_filename(f, file, pw, line, sizeof(line)) != 0) { + xfree(file); + fclose(f); + log("Authentication refused: %s", line); + restore_uid(); + return (0); } - /* Flag indicating whether authentication has succeeded. */ - authenticated = 0; - pk = RSA_new(); - pk->e = BN_new(); - pk->n = BN_new(); + /* Flag indicating whether the key is allowed. */ + allowed = 0; + + key = key_new(KEY_RSA1); /* * Go though the accepted keys, looking for the current key. If @@ -236,24 +233,22 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) options = NULL; /* Parse the key from the line. */ - if (!auth_rsa_read_key(&cp, &bits, pk->e, pk->n)) { - debug("%.100s, line %lu: bad key syntax", - file, linenum); - packet_send_debug("%.100s, line %lu: bad key syntax", + if (hostfile_read_key(&cp, &bits, key) == 0) { + debug("%.100s, line %lu: non ssh1 key syntax", file, linenum); continue; } /* cp now points to the comment part. */ /* Check if the we have found the desired key (identified by its modulus). */ - if (BN_cmp(pk->n, client_n) != 0) + if (BN_cmp(key->rsa->n, client_n) != 0) continue; /* check the real bits */ - if (bits != BN_num_bits(pk->n)) - log("Warning: %s, line %ld: keysize mismatch: " + if (bits != BN_num_bits(key->rsa->n)) + log("Warning: %s, line %lu: keysize mismatch: " "actual %d vs. announced %d.", - file, linenum, BN_num_bits(pk->n), bits); + file, linenum, BN_num_bits(key->rsa->n), bits); /* We have found the desired key. */ /* @@ -263,22 +258,8 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) if (!auth_parse_options(pw, options, file, linenum)) continue; - /* Perform the challenge-response dialog for this key. */ - if (!auth_rsa_challenge_dialog(pk)) { - /* Wrong response. */ - verbose("Wrong response to RSA authentication challenge."); - packet_send_debug("Wrong response to RSA authentication challenge."); - continue; - } - /* - * Correct response. The client has been successfully - * authenticated. Note that we have not yet processed the - * options; this will be reset if the options cause the - * authentication to be rejected. - * Break out of the loop if authentication was successful; - * otherwise continue searching. - */ - authenticated = 1; + /* break out, this key is allowed */ + allowed = 1; break; } @@ -286,15 +267,61 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n) restore_uid(); /* Close the file. */ + xfree(file); fclose(f); - RSA_free(pk); - - if (authenticated) - packet_send_debug("RSA authentication accepted."); + /* return key if allowed */ + if (allowed && rkey != NULL) + *rkey = key; else + key_free(key); + return (allowed); +} + +/* + * Performs the RSA authentication dialog with the client. This returns + * 0 if the client could not be authenticated, and 1 if authentication was + * successful. This may exit if there is a serious protocol violation. + */ +int +auth_rsa(struct passwd *pw, BIGNUM *client_n) +{ + Key *key; + char *fp; + + /* no user given */ + if (pw == NULL) + return 0; + + if (!PRIVSEP(auth_rsa_key_allowed(pw, client_n, &key))) { auth_clear_options(); + return (0); + } + + /* Perform the challenge-response dialog for this key. */ + if (!auth_rsa_challenge_dialog(key)) { + /* Wrong response. */ + verbose("Wrong response to RSA authentication challenge."); + packet_send_debug("Wrong response to RSA authentication challenge."); + /* + * Break out of the loop. Otherwise we might send + * another challenge and break the protocol. + */ + key_free(key); + return (0); + } + /* + * Correct response. The client has been successfully + * authenticated. Note that we have not yet processed the + * options; this will be reset if the options cause the + * authentication to be rejected. + */ + fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + verbose("Found matching %s key: %s", + key_type(key), fp); + xfree(fp); + key_free(key); - /* Return authentication result. */ - return authenticated; + packet_send_debug("RSA authentication accepted."); + return (1); } |