25th Aug 1999 [SBWID-115]
COMMAND
chflags()
SYSTEMS AFFECTED
BSD 4.4 based systems, screen, ssh, xfree
PROBLEM
Adam Morrison noted following in revision 1.59 of OpenBSD. It
says "do not permit regular users to chflags/fchflags on chr or
blk devices -- even if they happen to own them at the moment."
Mike Frantzen, Kevin Kadow, and 'Strange' were discussing the
implications of the above revision to vfs_syscalls.c and realized
it must be that root does not automatically override user-set
flags -- root must first unset the flag.
The vulnerability thus extends beyond the /dev directory to
affect any shared directory where root-run programs or functions
rely on the assumption that root can override any permissions a
user sets on a file. This assumption is, alas, untrue in the
case of user-set flags, e.g. uchg -- root must unset the flag
before even root will be allowed to modify or remove the file.
This inability to remove a user-owned file, say with 'rm -f',
leads to problems other than a user being able to lock up all the
ptys or seize misc. devices in order to play various
easily-imagined tricks.
Mike F. immediately seized on the assumption of many OSes that
they can or will have cleared /tmp (and other temp dirs) while in
single-user mode during the boot sequence. Thus, where there was
no /tmp race before, there is now a /tmp race that the user will
surely win for all non-volatile /tmp filesystems. As proof of
concept, on an OpenBSD 2.5 system, they set a file in /tmp "_motd"
containing some text designed to frighten your typical sysadmin
and rebooted. /etc/rc contains something like the following lines
on many BSD4.4-lite-derived systems:
T=/tmp/_motd
rm -f $T
sysctl -n kern.version | sed 1q > $T
echo "" >> $T
sed '1,/^$/d' < /etc/motd >> $T
cmp -s $T /etc/motd || cp $T /etc/motd
rm -f $T
The result of /tmp/_motd being present and immutable at boot-time
should be obvious and would probably send a number of sysadmins
to their CDs for a neat reinstall. Other than the psychological
impact, this particular 'exploit' is fairly innocuous.
Interestingly, in OpenBSD2.5, FreeBSD3.2, and BSDI3.2, motd
appears to be the only file affected in the various rc scripts.
On many systems, however, admins will have added programs that
will rely on /tmp being clear[able] before a user could possibly
run a function (through cron, at, logging in, etc.) and the
results will be more than cosmetic. And of course, the
immutability will exacerbate other /tmp races in which the code's
author relies on a quick unlink() before grabbing the
(predictable) filename.
lumpy drafted following advisory after finding the hole and here
we go now. Several security holes have been found to be the
result of programmers not checking the return values of their
system calls. This is because programmers often times think that
its "ok" to make system calls like chmod() and chown() as root
and not check the return because they believe that their
superuser status allows them to override all possible user
attributes. One such condition that might make chmod() or chown()
fail even if you are the superuser is if there are BSD file flags
set. The superuser must explicitly clear these such flags as user
append-only and user immutable before these system calls will
succeed. There are several implications of the problem. They
range from Denial of Service attacks to actual exploitation.
Example 1:
=========
The impact of not checking that your chmod() or chown() worked is
made very clear when looking at getty and login. Because getty
and login don't check the returns of their chmod()/chown(), its
possible for a user to either create an attack based in the fact
that you can own another users' tty or denial of service attack
the system. To setup a trap so that you own someone elses tty,
for instance, a user can log in, chmod 777 `tty`, chflags uappnd
`tty`, and then log out. The next user to log into that tty
will, on most BSDs checked, find that their tty is still owned by
the original user.
Example 2:
==========
Another example is with /etc/rc, which is executed in securelevel
0, where /tmp is cleared out. On systems that have a real
(non-mfs) /tmp directory, /etc/rc will not always properly clear
the directory out when if it attempts to. The point is that non
device operations are also affected by this.
SOLUTION
NetBSD-current has this fixed as of the following revision of
vfs_syscalls.c. FreeBSD has corrected this problem in -current,
-stable and soon in 2.2.8-stable. OpenBSD als fixed it.
Being that this is not exactly "one exploitable hole", but rather
a type of security hole based purely on unsafe programming, it is
hard to specifically point out one place for a fix. The tty issue
being probably one of the worst examples of this behavior has
caused several patches to be released. Some attempts at fixing
the bug are more complete than others. Obviously several userland
modifications must be made to fully wipe out this problem. Below
is a listing of places to get help for different operating systems
and products.
FreeBSD
=======
FreeBSD has corrected the problems noted in this advisory as of
Wed Aug 5 for -current, 3.2-stable, and 2.2.8-stable. an advisory
from the FreeBSD security officer will be forthcoming with patches
for each branch. FreeBSD-SA-99:01 is the number of the advisory.
NetBSD
======
Only NetBSD/current has been fixed. Two fixes have been
committed and they are in:
$NetBSD: vfs_syscalls.c,v 1.146 1999/07/31 03:18:43 christos Exp $
$NetBSD: rc,v 1.128 1999/08/05 20:51:57 christos Exp $
BSDI
====
BSDI has released the following patches:
ftp://ftp.bsdi.com/bsdi/patches/patches-4.0.1/M401-014
ftp://ftp.bsdi.com/bsdi/patches/patches-3.1/M310-056
OpenBSD
=======
There are two patches there that were spawned from this issue so
far.
http://www.openbsd.org/security.html#25
Screen
======
After contacting the authors of screen, they have provided patches
for the current releases (screen-3.7.6 and screen-3.9.2). They
are at the bottom of this advisory.
XFree
=====
They have been notified and they are working on a fix to stick in
their next release.
Patch for screen-3.7.6:
--- window.c.orig Thu Aug 5 19:35:46 1999
+++ window.c Thu Aug 5 19:40:01 1999
@@ -447,15 +447,25 @@
return f;
#ifdef PTYGROUP
- (void) chown(*namep, real_uid, PTYGROUP);
+ if (chown(*namep, real_uid, PTYGROUP) && !eff_uid)
#else
- (void) chown(*namep, real_uid, real_gid);
+ if (chown(*namep, real_uid, real_gid) && !eff_uid)
#endif
+ {
+ Msg(errno, "chown tty");
+ close(f);
+ return -1;
+ }
#ifdef UTMPOK
- (void) chmod(*namep, lflag ? TtyMode : (TtyMode & ~022));
+ if (chmod(*namep, lflag ? TtyMode : (TtyMode & ~022)) && !eff_uid)
#else
- (void) chmod(*namep, TtyMode);
+ if (chmod(*namep, TtyMode) && !eff_uid)
#endif
+ {
+ Msg(errno, "chmod tty");
+ close(f);
+ return -1;
+ }
return f;
}
Patch for screen-3.9.2:
--- window.c.orig Thu Aug 5 19:42:16 1999
+++ window.c Thu Aug 5 19:43:14 1999
@@ -1012,15 +1012,25 @@
return f;
#ifdef PTYGROUP
- (void)chown(*namep, real_uid, PTYGROUP);
+ if (chown(*namep, real_uid, PTYGROUP) && !eff_uid)
#else
- (void)chown(*namep, real_uid, real_gid);
+ if (chown(*namep, real_uid, real_gid) && !eff_uid)
#endif
+ {
+ Msg(errno, "chown tty");
+ close(f);
+ return -1;
+ }
#ifdef UTMPOK
- (void)chmod(*namep, lflag ? TtyMode : (TtyMode & ~022));
+ if (chmod(*namep, lflag ? TtyMode : (TtyMode & ~022)) && !eff_uid)
#else
- (void)chmod(*namep, TtyMode);
+ if (chmod(*namep, TtyMode) && !eff_uid)
#endif
+ {
+ Msg(errno, "chmod tty");
+ close(f);
+ return -1;
+ }
return f;
}
Sami Lehtinen made patches for ssh-2.0.13, {f-secure-ssh,
ssh}-2.0.12 and ssh-1.2.27 (this patch should work with
f-secure-ssh-1.3.[67], too, though I didn't test that). These
essentially fix this problem by clearing the user-settable flags
from the files if chown() fails, and re-trying. The patches
include information on how to apply them.
Patch for problem with tty ownership with chflags and chown in
BSD 4.4 variants. Fixes a security bug in tty allocation. This
patch works for ssh-2.0.13 (note: doesn't work for ssh-2.0.12.
Use patch-ssh-2.0.12-bsd.tty.chown for that).
Apply with the following commands:
% cd /wherever/you/hold/your/sources/ssh-2.0.13
% patch -p1 -l < /path/to/where/you/saved/patch-ssh-2.0.13-bsd.tty.chown
% ./configure --whatever-config-flags-you-use
% make clean
% make
% su
Password: ***********
# make install
# kill -HUP `cat /var/run/sshd2_22.pid`
You should be all set.
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-2.0.13.orig/apps/ssh/agentpath.c ssh-2.0.13/apps/ssh/agentpath.c
--- ssh-2.0.13.orig/apps/ssh/agentpath.c Sun Jan 31 14:40:44 1999
+++ ssh-2.0.13/apps/ssh/agentpath.c Wed Aug 11 15:34:03 1999
@@ -78,10 +78,16 @@
}
else
{
- (void)chown(socket_dir_name, uid, 0);
+ /* We don't do anything special if this fails. (for example,
+ in BSD's this always fails.)*/
+ if (chown(socket_dir_name, uid, 0) < 0)
+ {
+ SSH_TRACE(2, ("chown failed for %s, error: %s", \
+ socket_dir_name, strerror(errno)));
+ }
}
}
-
+
/* Check the owner and permissions */
if (stat(socket_dir_name, &st) != 0 || st.st_uid != uid ||
(st.st_mode & 077) != 0)
@@ -132,8 +138,18 @@
if (listener)
{
- (void)chown(path, uid, 0);
- (void)chmod(path, S_IRUSR | S_IWUSR);
+ if (chown(path, uid, 0) < 0)
+ {
+ /* This fails always with BSD. */
+ SSH_DEBUG(2, ("chown failed for %s, error: %s", \
+ path, strerror(errno)));
+ }
+
+ if (chmod(path, S_IRUSR | S_IWUSR) < 0)
+ {
+ SSH_DEBUG(2, ("chmod failed for %s, error: %s", \
+ path, strerror(errno)));
+ }
}
else
{
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-2.0.13.orig/apps/ssh/sshchsession.c ssh-2.0.13/apps/ssh/sshchsession.c
--- ssh-2.0.13.orig/apps/ssh/sshchsession.c Fri May 7 14:02:03 1999
+++ ssh-2.0.13/apps/ssh/sshchsession.c Tue Aug 10 17:28:35 1999
@@ -1303,8 +1303,12 @@
/* If we have a pseudo-terminal, log that we are now logged out. */
if (session->have_pty)
{
- ssh_pty_get_name(session->stream, ptyname, sizeof(ptyname));
- ssh_user_record_logout(ssh_pty_get_pid(session->stream), ptyname);
+ if (session->stream != NULL)
+ {
+ SSH_TRACE(2, ("Destroying session stream, and logging user out."));
+ ssh_pty_get_name(session->stream, ptyname, sizeof(ptyname));
+ ssh_user_record_logout(ssh_pty_get_pid(session->stream), ptyname);
+ }
}
#ifdef SSH_CHANNEL_X11
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-2.0.13.orig/configure.in ssh-2.0.13/configure.in
--- ssh-2.0.13.orig/configure.in Tue May 11 11:34:37 1999
+++ ssh-2.0.13/configure.in Wed Aug 11 16:50:55 1999
@@ -851,7 +851,7 @@
AC_CHECK_HEADERS(sys/stream.h sys/conf.h)
AC_CHECK_FUNCS(revoke openpty _getpty setpgrp setpgid ttyslot authenticate)
AC_CHECK_FUNCS(makeutx setlogin openpty _getpty innetgr initgroups setpgrp)
-AC_CHECK_FUNCS(signal setrlimit getrlimit setluid getpt)
+AC_CHECK_FUNCS(signal setrlimit getrlimit setluid getpt chflags)
AC_CHECK_LIB(c, crypt, [true], AC_CHECK_LIB(crypt, crypt))
AC_CHECK_LIB(sec, getspnam)
AC_CHECK_LIB(seq, get_process_stats)
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-2.0.13.orig/lib/sshsession/sshunixptystream.c ssh-2.0.13/lib/sshsession/sshunixptystream.c
--- ssh-2.0.13.orig/lib/sshsession/sshunixptystream.c Tue May 11 11:35:23 1999
+++ ssh-2.0.13/lib/sshsession/sshunixptystream.c Wed Aug 11 18:04:48 1999
@@ -128,10 +128,86 @@
tty_gid = owner_gid;
tty_mode = S_IRUSR|S_IWUSR|S_IWGRP|S_IWOTH;
}
-
+
+ retry_chown:
/* Change ownership of the tty. */
- (void)chown(namebuf, owner_uid, tty_gid);
- (void)chmod(namebuf, tty_mode);
+ if (chown(namebuf, owner_uid, tty_gid) < 0)
+ {
+ /* chown failed. Atleast two possibilities. Either we are not
+ running as root, in which case this is OK, or we are running
+ on BSD, and somebody has put some flags to the tty. */
+
+ /* Check whether we are root or not.*/
+ if (getuid() != UID_ROOT)
+ {
+ /* We are not, and then this is OK. */
+ SSH_DEBUG(2, ("chown failed (but we're not root anyway) for " \
+ "%s, error %s", namebuf, strerror(errno)));
+ }
+ else
+ {
+#ifdef HAVE_CHFLAGS
+ static Boolean retrying = FALSE;
+ struct stat st;
+
+ if (!retrying)
+ {
+ SSH_TRACE(0, ("chown failed for %s, error: %s. Removing " \
+ "user-settable flags, and retrying.", \
+ namebuf, strerror(errno)));
+
+ if (stat(namebuf, &st) < 0)
+ {
+ ssh_warning("stat failed for %s, error: %s",
+ namebuf, strerror(errno));
+ }
+ else
+ {
+ SSH_TRACE(2, ("Removing user-settable flags with chflags."));
+ /* Remove user definable flags. */
+ if (chflags(namebuf, st.st_flags &
+ ~(UF_NODUMP | UF_IMMUTABLE |
+ UF_APPEND | UF_OPAQUE)) < 0)
+ {
+ SSH_TRACE(0, ("chflags failed for %s, error: %s", \
+ namebuf, strerror(errno)));
+ }
+ else
+ {
+ SSH_TRACE(2, ("Retrying..."));
+ retrying = TRUE;
+ goto retry_chown;
+ }
+ }
+ }
+ else
+ {
+ SSH_TRACE(0, ("chown failed even with retry. error: %s", \
+ strerror(errno)));
+ }
+
+#endif /* HAVE_CHFLAGS */
+ ssh_warning("ssh_pty_allocate_and_fork: chown failed for %s.",
+ namebuf);
+ return SSH_PTY_ERROR;
+ }
+ }
+
+ if (chmod(namebuf, tty_mode) < 0)
+ {
+ if (getuid() != UID_ROOT)
+ {
+ /* We are not, and then this is (probably) OK. */
+ SSH_DEBUG(2, ("chmod failed (but we're not root anyway) for " \
+ "%s, error %s", namebuf, strerror(errno)));
+ }
+ else
+ {
+ ssh_warning("ssh_pty_allocate_and_fork: chmod %s: %s",
+ namebuf, strerror(errno));
+ return SSH_PTY_ERROR;
+ }
+ }
/* Initialize SIGCHLD handling. This will ensure the SIGCHLD won't get
delivered until we register the handler for the new process below. */
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-2.0.13.orig/lib/sshutil/sshfilexfers.c ssh-2.0.13/lib/sshutil/sshfilexfers.c
--- ssh-2.0.13.orig/lib/sshutil/sshfilexfers.c Tue May 4 14:05:01 1999
+++ ssh-2.0.13/lib/sshutil/sshfilexfers.c Tue Aug 10 16:58:37 1999
@@ -328,7 +328,7 @@
{
#ifdef HAVE_FCHOWN
/* Note: we ignore the return value. */
- fchown(fd, attrs->uid, attrs->gid);
+ (void)fchown(fd, attrs->uid, attrs->gid);
#endif /* HAVE_FCHOWN */
}
@@ -735,7 +735,7 @@
#endif /* HAVE_FUTIMES */
}
- /* XXX some operation(s) may fail (for example chmod() in BSD fails
+ /* XXX some operation(s) may fail (for example chown() in BSD fails
always if not super-user), but that is no excuse to stop executing
them alltogether. So, we need some system to inform the user of
the error(s). This is not it. */
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-2.0.13.orig/sshconf.h.in ssh-2.0.13/sshconf.h.in
--- ssh-2.0.13.orig/sshconf.h.in Tue May 11 11:34:56 1999
+++ ssh-2.0.13/sshconf.h.in Wed Aug 11 17:08:17 1999
@@ -287,6 +287,9 @@
/* Define if you have the authenticate function. */
#undef HAVE_AUTHENTICATE
+/* Define if you have the chflags function. */
+#undef HAVE_CHFLAGS
+
/* Define if you have the chmod function. */
#undef HAVE_CHMOD
diff -u ssh-2.0.13.orig/configure ssh-2.0.13/configure
--- ssh-2.0.13.orig/configure Tue May 11 11:34:58 1999
+++ ssh-2.0.13/configure Wed Aug 11 17:07:05 1999
@@ -6011,7 +6011,7 @@
fi
done
-for ac_func in signal setrlimit getrlimit setluid getpt
+for ac_func in signal setrlimit getrlimit setluid getpt chflags
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
echo "configure:6018: checking for $ac_func" >&5
This patch works for ssh-2.0.12 (note: doesn't work for
ssh-2.0.13. Use patch-ssh-2.0.13-bsd.tty.chown for that). Apply
with the following commands:
% cd /wherever/you/hold/your/sources/ssh-2.0.12
% patch -p1 -l < /path/to/where/you/saved/patch-ssh-2.0.12-bsd.tty.chown
% ./configure --whatever-config-flags-you-use
% make clean
% make
% su
Password: ***********
# make install
# kill -HUP `cat /var/run/sshd2_22.pid`
You should be all set:
diff -u --recursive -X /u/sjl/bin/diff-src-db f-secure-ssh-2.0.12.orig/apps/ssh/agentpath.c f-secure-ssh-2.0.12/apps/ssh/agentpath.c
--- f-secure-ssh-2.0.12.orig/apps/ssh/agentpath.c Fri Oct 30 15:16:38 1998
+++ f-secure-ssh-2.0.12/apps/ssh/agentpath.c Wed Aug 11 19:14:43 1999
@@ -78,10 +78,16 @@
}
else
{
- (void)chown(socket_dir_name, uid, 0);
+ /* We don't do anything special if this fails. (for example,
+ in BSD's this always fails.)*/
+ if (chown(socket_dir_name, uid, 0) < 0)
+ {
+ SSH_TRACE(2, ("chown failed for %s, error: %s", \
+ socket_dir_name, strerror(errno)));
+ }
}
}
-
+
/* Check the owner and permissions */
if (stat(socket_dir_name, &st) != 0 || st.st_uid != uid ||
(st.st_mode & 077) != 0)
@@ -132,8 +138,18 @@
if (listener)
{
- (void)chown(path, uid, 0);
- (void)chmod(path, S_IRUSR | S_IWUSR);
+ if (chown(path, uid, 0) < 0)
+ {
+ /* This fails always with BSD. */
+ SSH_DEBUG(2, ("chown failed for %s, error: %s", \
+ path, strerror(errno)));
+ }
+
+ if (chmod(path, S_IRUSR | S_IWUSR) < 0)
+ {
+ SSH_DEBUG(2, ("chmod failed for %s, error: %s", \
+ path, strerror(errno)));
+ }
}
else
{
diff -u --recursive -X /u/sjl/bin/diff-src-db f-secure-ssh-2.0.12.orig/apps/ssh/sshchsession.c f-secure-ssh-2.0.12/apps/ssh/sshchsession.c
--- f-secure-ssh-2.0.12.orig/apps/ssh/sshchsession.c Mon Jan 18 12:32:24 1999
+++ f-secure-ssh-2.0.12/apps/ssh/sshchsession.c Wed Aug 11 19:14:44 1999
@@ -1288,8 +1288,12 @@
/* If we have a pseudo-terminal, log that we are now logged out. */
if (session->have_pty)
{
- ssh_pty_get_name(session->stream, ptyname, sizeof(ptyname));
- ssh_user_record_logout(ssh_pty_get_pid(session->stream), ptyname);
+ if (session->stream != NULL)
+ {
+ SSH_TRACE(2, ("Destroying session stream, and logging user out."));
+ ssh_pty_get_name(session->stream, ptyname, sizeof(ptyname));
+ ssh_user_record_logout(ssh_pty_get_pid(session->stream), ptyname);
+ }
}
#ifdef SSH_CHANNEL_X11
diff -u --recursive -X /u/sjl/bin/diff-src-db f-secure-ssh-2.0.12.orig/configure.in f-secure-ssh-2.0.12/configure.in
--- f-secure-ssh-2.0.12.orig/configure.in Fri Jan 29 13:34:29 1999
+++ f-secure-ssh-2.0.12/configure.in Wed Aug 11 19:14:44 1999
@@ -864,7 +864,7 @@
AC_CHECK_HEADERS(sia.h sys/mkdev.h util.h shadow.h)
AC_CHECK_FUNCS(revoke openpty _getpty setpgrp setpgid ttyslot authenticate)
AC_CHECK_FUNCS(makeutx setlogin openpty _getpty innetgr initgroups setpgrp)
-AC_CHECK_FUNCS(signal setrlimit getrlimit)
+AC_CHECK_FUNCS(signal setrlimit getrlimit chflags)
AC_CHECK_LIB(c, crypt, [true], AC_CHECK_LIB(crypt, crypt))
AC_CHECK_LIB(sec, getspnam)
AC_CHECK_LIB(seq, get_process_stats)
diff -u --recursive -X /u/sjl/bin/diff-src-db f-secure-ssh-2.0.12.orig/lib/sshsession/sshunixptystream.c f-secure-ssh-2.0.12/lib/sshsession/sshunixptystream.c
--- f-secure-ssh-2.0.12.orig/lib/sshsession/sshunixptystream.c Fri Jan 29 13:35:43 1999
+++ f-secure-ssh-2.0.12/lib/sshsession/sshunixptystream.c Wed Aug 11 19:18:54 1999
@@ -22,6 +22,8 @@
#include "sshtimeouts.h"
#include "sigchld.h"
+#define SSH_DEBUG_MODULE "SshUnixPtyStream"
+
typedef enum {
SSH_PTY_NORMAL,
SSH_PTY_BSD_PACKET
@@ -126,10 +128,86 @@
tty_gid = owner_gid;
tty_mode = S_IRUSR|S_IWUSR|S_IWGRP|S_IWOTH;
}
-
+
+ retry_chown:
/* Change ownership of the tty. */
- (void)chown(namebuf, owner_uid, tty_gid);
- (void)chmod(namebuf, tty_mode);
+ if (chown(namebuf, owner_uid, tty_gid) < 0)
+ {
+ /* chown failed. Atleast two possibilities. Either we are not
+ running as root, in which case this is OK, or we are running
+ on BSD, and somebody has put some flags to the tty. */
+
+ /* Check whether we are root or not.*/
+ if (getuid() != UID_ROOT)
+ {
+ /* We are not, and then this is OK. */
+ SSH_DEBUG(2, ("chown failed (but we're not root anyway) for " \
+ "%s, error %s", namebuf, strerror(errno)));
+ }
+ else
+ {
+#ifdef HAVE_CHFLAGS
+ static Boolean retrying = FALSE;
+ struct stat st;
+
+ if (!retrying)
+ {
+ SSH_TRACE(0, ("chown failed for %s, error: %s. Removing " \
+ "user-settable flags, and retrying.", \
+ namebuf, strerror(errno)));
+
+ if (stat(namebuf, &st) < 0)
+ {
+ ssh_warning("stat failed for %s, error: %s",
+ namebuf, strerror(errno));
+ }
+ else
+ {
+ SSH_TRACE(2, ("Removing user-settable flags with chflags."));
+ /* Remove user definable flags. */
+ if (chflags(namebuf, st.st_flags &
+ ~(UF_NODUMP | UF_IMMUTABLE |
+ UF_APPEND | UF_OPAQUE)) < 0)
+ {
+ SSH_TRACE(0, ("chflags failed for %s, error: %s", \
+ namebuf, strerror(errno)));
+ }
+ else
+ {
+ SSH_TRACE(2, ("Retrying..."));
+ retrying = TRUE;
+ goto retry_chown;
+ }
+ }
+ }
+ else
+ {
+ SSH_TRACE(0, ("chown failed even with retry. error: %s", \
+ strerror(errno)));
+ }
+
+#endif /* HAVE_CHFLAGS */
+ ssh_warning("ssh_pty_allocate_and_fork: chown failed for %s.",
+ namebuf);
+ return SSH_PTY_ERROR;
+ }
+ }
+
+ if (chmod(namebuf, tty_mode) < 0)
+ {
+ if (getuid() != UID_ROOT)
+ {
+ /* We are not, and then this is (probably) OK. */
+ SSH_DEBUG(2, ("chmod failed (but we're not root anyway) for " \
+ "%s, error %s", namebuf, strerror(errno)));
+ }
+ else
+ {
+ ssh_warning("ssh_pty_allocate_and_fork: chmod %s: %s",
+ namebuf, strerror(errno));
+ return SSH_PTY_ERROR;
+ }
+ }
/* Initialize SIGCHLD handling. This will ensure the SIGCHLD won't get
delivered until we register the handler for the new process below. */
diff -u --recursive -X /u/sjl/bin/diff-src-db f-secure-ssh-2.0.12.orig/lib/sshutil/sshfilexfers.c f-secure-ssh-2.0.12/lib/sshutil/sshfilexfers.c
--- f-secure-ssh-2.0.12.orig/lib/sshutil/sshfilexfers.c Mon Jan 18 13:07:26 1999
+++ f-secure-ssh-2.0.12/lib/sshutil/sshfilexfers.c Wed Aug 11 19:14:44 1999
@@ -327,7 +327,7 @@
{
#ifdef HAVE_FCHOWN
/* Note: we ignore the return value. */
- fchown(fd, attrs->uid, attrs->gid);
+ (void)fchown(fd, attrs->uid, attrs->gid);
#endif /* HAVE_FCHOWN */
}
@@ -734,7 +734,7 @@
#endif /* HAVE_FUTIMES */
}
- /* XXX some operation(s) may fail (for example chmod() in BSD fails
+ /* XXX some operation(s) may fail (for example chown() in BSD fails
always if not super-user), but that is no excuse to stop executing
them alltogether. So, we need some system to inform the user of
the error(s). This is not it. */
diff -u --recursive -X /u/sjl/bin/diff-src-db f-secure-ssh-2.0.12.orig/sshconf.h.in f-secure-ssh-2.0.12/sshconf.h.in
--- f-secure-ssh-2.0.12.orig/sshconf.h.in Fri Jan 29 13:34:59 1999
+++ f-secure-ssh-2.0.12/sshconf.h.in Wed Aug 11 19:14:44 1999
@@ -279,6 +279,9 @@
/* Define if you have the authenticate function. */
#undef HAVE_AUTHENTICATE
+/* Define if you have the chflags function. */
+#undef HAVE_CHFLAGS
+
/* Define if you have the chmod function. */
#undef HAVE_CHMOD
diff -u f-secure-ssh-2.0.12.orig/configure f-secure-ssh-2.0.12/configure
--- f-secure-ssh-2.0.12.orig/configure Fri Jan 29 13:35:02 1999
+++ f-secure-ssh-2.0.12/configure Wed Aug 11 19:07:25 1999
@@ -6054,7 +6054,7 @@
fi
done
-for ac_func in signal setrlimit getrlimit
+for ac_func in signal setrlimit getrlimit chflags
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
echo "configure:6061: checking for $ac_func" >&5
This patch works for ssh-1.2.27. Apply with the following
commands:
% cd /wherever/you/hold/your/sources/ssh-1.2.27
% patch -p1 -l < /path/to/where/you/saved/patch-ssh-1.2.27-bsd.tty.chown
% ./configure --whatever-config-flags-you-use
% make clean
% make
% su
Password: ***********
# make install
# kill -HUP `cat /var/run/sshd.pid`
You should be all set.
--begin patch--
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-1.2.27.orig/auth-passwd.c ssh-1.2.27/auth-passwd.c
--- ssh-1.2.27.orig/auth-passwd.c Wed May 12 14:19:23 1999
+++ ssh-1.2.27/auth-passwd.c Wed Aug 11 19:49:32 1999
@@ -613,7 +613,13 @@
/* get_name pulls out just the name not the
type */
strcpy(ccname + 5, krb5_cc_get_name(ssh_context, ccache));
- (void) chown(ccname + 5, pw->pw_uid, pw->pw_gid);
+ if (chown(ccname + 5, pw->pw_uid, pw->pw_gid) < 0)
+ {
+ log_msg("Kerberos: chown failed for %s, error: %s",
+ ccname + 5, strerror(errno));
+ packet_send_debug("Kerberos: chown failed for %s", ccname + 5);
+ goto errout;
+ }
/* If tgt was passed unlink file */
if (ticket)
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-1.2.27.orig/config.h.in ssh-1.2.27/config.h.in
--- ssh-1.2.27.orig/config.h.in Wed May 12 14:20:04 1999
+++ ssh-1.2.27/config.h.in Wed Aug 11 20:20:51 1999
@@ -360,6 +360,9 @@
/* Define if you have the authenticate function. */
#undef HAVE_AUTHENTICATE
+/* Define if you have the chflags function. */
+#undef HAVE_CHFLAGS
+
/* Define if you have the clock function. */
#undef HAVE_CLOCK
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-1.2.27.orig/configure.in ssh-1.2.27/configure.in
--- ssh-1.2.27.orig/configure.in Wed May 12 14:20:02 1999
+++ ssh-1.2.27/configure.in Wed Aug 11 20:05:13 1999
@@ -433,6 +433,7 @@
AC_CHECK_FUNCS(strchr memcpy setlogin openpty _getpty clock fchmod ulimit)
AC_CHECK_FUNCS(gethostname getdtablesize umask innetgr initgroups setpgrp)
AC_CHECK_FUNCS(setpgid daemon waitpid ttyslot authenticate getpt isastream)
+AC_CHECK_FUNCS(chflags)
AC_REPLACE_FUNCS(strerror memmove remove random putenv crypt socketpair snprintf)
diff -u --recursive -X /u/sjl/bin/diff-src-db ssh-1.2.27.orig/sshd.c ssh-1.2.27/sshd.c
--- ssh-1.2.27.orig/sshd.c Wed May 12 14:19:29 1999
+++ ssh-1.2.27/sshd.c Wed Aug 11 20:26:31 1999
@@ -2897,9 +2897,87 @@
tty_mode = S_IRUSR|S_IWUSR|S_IWGRP|S_IWOTH;
}
+ retry_chown:
+
/* Change ownership of the tty. */
- (void)chown(ttyname, pw->pw_uid, tty_gid);
- (void)chmod(ttyname, tty_mode);
+ if (chown(ttyname, pw->pw_uid, tty_gid) < 0)
+ {
+ /* chown failed. Atleast two possibilities. Either we are not
+ running as root, in which case this is OK, or we are running
+ on BSD, and somebody has put some flags to the tty. */
+
+ /* Check whether we are root or not.*/
+ if (getuid() != UID_ROOT)
+ {
+ /* We are not, and then this is OK. */
+ debug("chown failed (but we're not root anyway) for "
+ "%s, error %s", ttyname, strerror(errno));
+ }
+ else
+ {
+#ifdef HAVE_CHFLAGS
+ static int retrying = 0;
+ struct stat st;
+
+ if (!retrying)
+ {
+ debug("chown failed for %s, error: %s. Removing "
+ "user-settable flags, and retrying.",
+ ttyname, strerror(errno));
+
+ if (stat(ttyname, &st) < 0)
+ {
+ error("stat failed for %s, error: %s",
+ ttyname, strerror(errno));
+ }
+ else
+ {
+ debug("Removing user-settable flags with "
+ "chflags.");
+ /* Remove user definable flags. */
+ if (chflags(ttyname, st.st_flags &
+ ~(UF_NODUMP | UF_IMMUTABLE |
+ UF_APPEND | UF_OPAQUE)) < 0)
+ {
+ debug("chflags failed for %s, error: %s",
+ ttyname, strerror(errno));
+ }
+ else
+ {
+ debug("Retrying...");
+ retrying = 1;
+ goto retry_chown;
+ }
+ }
+ }
+ else
+ {
+ debug("chown failed even with retry. error: %s",
+ strerror(errno));
+ }
+
+#endif /* HAVE_CHFLAGS */
+ error("ssh_pty_allocate_and_fork: chown failed for %s.",
+ ttyname);
+ goto fail;
+ }
+ }
+
+ if (chmod(ttyname, tty_mode) < 0)
+ {
+ if (getuid() != UID_ROOT)
+ {
+ /* We are not, and then this is (probably) OK. */
+ debug("chmod failed (but we're not root anyway) for "
+ "%s, error %s", ttyname, strerror(errno));
+ }
+ else
+ {
+ error("ssh_pty_allocate_and_fork: chmod %s: %s",
+ ttyname, strerror(errno));
+ goto fail;
+ }
+ }
/* Get TERM from the packet. Note that the value may be of arbitrary
length. */
diff -u ssh-1.2.27.orig/configure ssh-1.2.27/configure
--- ssh-1.2.27.orig/configure Wed May 12 14:20:06 1999
+++ ssh-1.2.27/configure Wed Aug 11 20:08:14 1999
@@ -4512,16 +4512,71 @@
fi
done
+for ac_func in chflags
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+echo "configure:4519: checking for $ac_func" >&5
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ cat > conftest.$ac_ext <<EOF
+#line 4524 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $ac_func(); below. */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char $ac_func();
+
+int main() {
+
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:4547: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+fi
+
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+ cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+
+else
+ echo "$ac_t""no" 1>&6
+fi
+done
+
for ac_func in strerror memmove remove random putenv crypt socketpair snprintf
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:4520: checking for $ac_func" >&5
+echo "configure:4575: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 4525 "configure"
+#line 4580 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -4544,7 +4599,7 @@
; return 0; }
EOF
-if { (eval echo configure:4548: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4603: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -4572,7 +4627,7 @@
echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6
-echo "configure:4576: checking whether ln -s works" >&5
+echo "configure:4631: checking whether ln -s works" >&5
if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -4603,7 +4658,7 @@
# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
# ./install, which can be erroneously created by make from ./install.sh.
echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
-echo "configure:4607: checking for a BSD compatible install" >&5
+echo "configure:4662: checking for a BSD compatible install" >&5
if test -z "$INSTALL"; then
if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -4655,7 +4710,7 @@
# Extract the first word of "ar", so it can be a program name with args.
set dummy ar; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:4659: checking for $ac_word" >&5
+echo "configure:4714: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_AR'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -4685,7 +4740,7 @@
# Extract the first word of "ranlib", so it can be a program name with args.
set dummy ranlib; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:4689: checking for $ac_word" >&5
+echo "configure:4744: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -4719,7 +4774,7 @@
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:4723: checking for $ac_word" >&5
+echo "configure:4778: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_MAKEDEP'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -4754,7 +4809,7 @@
# Uses ac_ vars as temps to allow command line to override cache and checks.
# --without-x overrides everything else, but does not touch the cache.
echo $ac_n "checking for X""... $ac_c" 1>&6
-echo "configure:4758: checking for X" >&5
+echo "configure:4813: checking for X" >&5
# Check whether --with-x or --without-x was given.
if test "${with_x+set}" = set; then
@@ -4816,12 +4871,12 @@
# First, try using that file with no special directory specified.
cat > conftest.$ac_ext <<EOF
-#line 4820 "configure"
+#line 4875 "configure"
#include "confdefs.h"
#include <$x_direct_test_include>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
-{ (eval echo configure:4825: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
+{ (eval echo configure:4880: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out`
if test -z "$ac_err"; then
rm -rf conftest*
@@ -4890,14 +4945,14 @@
ac_save_LIBS="$LIBS"
LIBS="-l$x_direct_test_library $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 4894 "configure"
+#line 4949 "configure"
#include "confdefs.h"
int main() {
${x_direct_test_function}()
; return 0; }
EOF
-if { (eval echo configure:4901: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:4956: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
LIBS="$ac_save_LIBS"
# We can link X programs with no special library path.
@@ -5003,17 +5058,17 @@
case "`(uname -sr) 2>/dev/null`" in
"SunOS 5"*)
echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6
-echo "configure:5007: checking whether -R must be followed by a space" >&5
+echo "configure:5062: checking whether -R must be followed by a space" >&5
ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries"
cat > conftest.$ac_ext <<EOF
-#line 5010 "configure"
+#line 5065 "configure"
#include "confdefs.h"
int main() {
; return 0; }
EOF
-if { (eval echo configure:5017: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5072: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
ac_R_nospace=yes
else
@@ -5029,14 +5084,14 @@
else
LIBS="$ac_xsave_LIBS -R $x_libraries"
cat > conftest.$ac_ext <<EOF
-#line 5033 "configure"
+#line 5088 "configure"
#include "confdefs.h"
int main() {
; return 0; }
EOF
-if { (eval echo configure:5040: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5095: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
ac_R_space=yes
else
@@ -5068,7 +5123,7 @@
# libraries were built with DECnet support. And [email protected] says
# the Alpha needs dnet_stub (dnet does not exist).
echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6
-echo "configure:5072: checking for dnet_ntoa in -ldnet" >&5
+echo "configure:5127: checking for dnet_ntoa in -ldnet" >&5
ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5076,7 +5131,7 @@
ac_save_LIBS="$LIBS"
LIBS="-ldnet $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5080 "configure"
+#line 5135 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5087,7 +5142,7 @@
dnet_ntoa()
; return 0; }
EOF
-if { (eval echo configure:5091: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5146: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5109,7 +5164,7 @@
if test $ac_cv_lib_dnet_dnet_ntoa = no; then
echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6
-echo "configure:5113: checking for dnet_ntoa in -ldnet_stub" >&5
+echo "configure:5168: checking for dnet_ntoa in -ldnet_stub" >&5
ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5117,7 +5172,7 @@
ac_save_LIBS="$LIBS"
LIBS="-ldnet_stub $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5121 "configure"
+#line 5176 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5128,7 +5183,7 @@
dnet_ntoa()
; return 0; }
EOF
-if { (eval echo configure:5132: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5187: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5157,12 +5212,12 @@
# The nsl library prevents programs from opening the X display
# on Irix 5.2, according to [email protected].
echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6
-echo "configure:5161: checking for gethostbyname" >&5
+echo "configure:5216: checking for gethostbyname" >&5
if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 5166 "configure"
+#line 5221 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char gethostbyname(); below. */
@@ -5185,7 +5240,7 @@
; return 0; }
EOF
-if { (eval echo configure:5189: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5244: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_func_gethostbyname=yes"
else
@@ -5206,7 +5261,7 @@
if test $ac_cv_func_gethostbyname = no; then
echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6
-echo "configure:5210: checking for gethostbyname in -lnsl" >&5
+echo "configure:5265: checking for gethostbyname in -lnsl" >&5
ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5214,7 +5269,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lnsl $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5218 "configure"
+#line 5273 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5225,7 +5280,7 @@
gethostbyname()
; return 0; }
EOF
-if { (eval echo configure:5229: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5284: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5255,12 +5310,12 @@
# -lsocket must be given before -lnsl if both are needed.
# We assume that if connect needs -lnsl, so does gethostbyname.
echo $ac_n "checking for connect""... $ac_c" 1>&6
-echo "configure:5259: checking for connect" >&5
+echo "configure:5314: checking for connect" >&5
if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 5264 "configure"
+#line 5319 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char connect(); below. */
@@ -5283,7 +5338,7 @@
; return 0; }
EOF
-if { (eval echo configure:5287: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5342: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_func_connect=yes"
else
@@ -5304,7 +5359,7 @@
if test $ac_cv_func_connect = no; then
echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6
-echo "configure:5308: checking for connect in -lsocket" >&5
+echo "configure:5363: checking for connect in -lsocket" >&5
ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5312,7 +5367,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lsocket $X_EXTRA_LIBS $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5316 "configure"
+#line 5371 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5323,7 +5378,7 @@
connect()
; return 0; }
EOF
-if { (eval echo configure:5327: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5382: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5347,12 +5402,12 @@
# [email protected] says -lposix is necessary on A/UX.
echo $ac_n "checking for remove""... $ac_c" 1>&6
-echo "configure:5351: checking for remove" >&5
+echo "configure:5406: checking for remove" >&5
if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 5356 "configure"
+#line 5411 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char remove(); below. */
@@ -5375,7 +5430,7 @@
; return 0; }
EOF
-if { (eval echo configure:5379: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5434: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_func_remove=yes"
else
@@ -5396,7 +5451,7 @@
if test $ac_cv_func_remove = no; then
echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6
-echo "configure:5400: checking for remove in -lposix" >&5
+echo "configure:5455: checking for remove in -lposix" >&5
ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5404,7 +5459,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lposix $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5408 "configure"
+#line 5463 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5415,7 +5470,7 @@
remove()
; return 0; }
EOF
-if { (eval echo configure:5419: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5474: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5439,12 +5494,12 @@
# BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay.
echo $ac_n "checking for shmat""... $ac_c" 1>&6
-echo "configure:5443: checking for shmat" >&5
+echo "configure:5498: checking for shmat" >&5
if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 5448 "configure"
+#line 5503 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char shmat(); below. */
@@ -5467,7 +5522,7 @@
; return 0; }
EOF
-if { (eval echo configure:5471: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5526: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_func_shmat=yes"
else
@@ -5488,7 +5543,7 @@
if test $ac_cv_func_shmat = no; then
echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6
-echo "configure:5492: checking for shmat in -lipc" >&5
+echo "configure:5547: checking for shmat in -lipc" >&5
ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5496,7 +5551,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lipc $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5500 "configure"
+#line 5555 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5507,7 +5562,7 @@
shmat()
; return 0; }
EOF
-if { (eval echo configure:5511: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5566: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5540,7 +5595,7 @@
# libraries we check for below, so use a different variable.
# [email protected], [email protected].
echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6
-echo "configure:5544: checking for IceConnectionNumber in -lICE" >&5
+echo "configure:5599: checking for IceConnectionNumber in -lICE" >&5
ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5548,7 +5603,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lICE $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5552 "configure"
+#line 5607 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5559,7 +5614,7 @@
IceConnectionNumber()
; return 0; }
EOF
-if { (eval echo configure:5563: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5618: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5587,7 +5642,7 @@
# Extract the first word of "passwd", so it can be a program name with args.
set dummy passwd; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:5591: checking for $ac_word" >&5
+echo "configure:5646: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_PASSWD_PATH'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -5625,7 +5680,7 @@
# Extract the first word of "xauth", so it can be a program name with args.
set dummy xauth; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:5629: checking for $ac_word" >&5
+echo "configure:5684: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_XAUTH_PATH'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -5669,7 +5724,7 @@
X_PROGRAMS="ssh-askpass"
fi
echo $ac_n "checking for X11 unix domain socket directory""... $ac_c" 1>&6
-echo "configure:5673: checking for X11 unix domain socket directory" >&5
+echo "configure:5728: checking for X11 unix domain socket directory" >&5
if test '!' -d /tmp/.X11-unix; then
if test -d /var/X/.X11-unix; then
@@ -5698,7 +5753,7 @@
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:5702: checking for $ac_word" >&5
+echo "configure:5757: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -5739,12 +5794,12 @@
for ac_func in getpseudotty
do
echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:5743: checking for $ac_func" >&5
+echo "configure:5798: checking for $ac_func" >&5
if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
-#line 5748 "configure"
+#line 5803 "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char $ac_func(); below. */
@@ -5767,7 +5822,7 @@
; return 0; }
EOF
-if { (eval echo configure:5771: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5826: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_func_$ac_func=yes"
else
@@ -5792,7 +5847,7 @@
done
echo $ac_n "checking for pseudo ttys""... $ac_c" 1>&6
-echo "configure:5796: checking for pseudo ttys" >&5
+echo "configure:5851: checking for pseudo ttys" >&5
if test -c /dev/getpty && test $ac_cv_func_getpseudotty = yes
then
cat >> confdefs.h <<\EOF
@@ -5832,7 +5887,7 @@
fi
echo $ac_n "checking for /etc/default/login""... $ac_c" 1>&6
-echo "configure:5836: checking for /etc/default/login" >&5
+echo "configure:5891: checking for /etc/default/login" >&5
if test -f /etc/default/login; then
cat >> confdefs.h <<\EOF
#define HAVE_ETC_DEFAULT_LOGIN 1
@@ -5845,7 +5900,7 @@
if test -z "$no_shadows_password_checking"; then
echo $ac_n "checking for shadow passwords""... $ac_c" 1>&6
-echo "configure:5849: checking for shadow passwords" >&5
+echo "configure:5904: checking for shadow passwords" >&5
if test -f /etc/shadow; then
# If we don't have shadow.h, this might be some nonstandard
# kludging... So better check it out.
@@ -5859,7 +5914,7 @@
# have getspent in a system library. However, a libshadow.a library
# contaning these is publicly available.
echo $ac_n "checking for getspent in -lshadow""... $ac_c" 1>&6
-echo "configure:5863: checking for getspent in -lshadow" >&5
+echo "configure:5918: checking for getspent in -lshadow" >&5
ac_lib_var=`echo shadow'_'getspent | sed 'y%./+-%__p_%'`
if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
@@ -5867,7 +5922,7 @@
ac_save_LIBS="$LIBS"
LIBS="-lshadow $LIBS"
cat > conftest.$ac_ext <<EOF
-#line 5871 "configure"
+#line 5926 "configure"
#include "confdefs.h"
/* Override any gcc2 internal prototype to avoid an error. */
/* We use char because int might match the return type of a gcc2
@@ -5878,7 +5933,7 @@
getspent()
; return 0; }
EOF
-if { (eval echo configure:5882: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
+if { (eval echo configure:5937: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then
rm -rf conftest*
eval "ac_cv_lib_$ac_lib_var=yes"
else
@@ -5906,9 +5961,9 @@
fi
echo $ac_n "checking whether spwd have sp_expire field""... $ac_c" 1>&6
-echo "configure:5910: checking whether spwd have sp_expire field" >&5
+echo "configure:5965: checking whether spwd have sp_expire field" >&5
cat > conftest.$ac_ext <<EOF
-#line 5912 "configure"
+#line 5967 "configure"
#include "confdefs.h"
#include <shadow.h>
EOF
@@ -5927,9 +5982,9 @@
rm -f conftest*
echo $ac_n "checking whether spwd have sp_inact field""... $ac_c" 1>&6
-echo "configure:5931: checking whether spwd have sp_inact field" >&5
+echo "configure:5986: checking whether spwd have sp_inact field" >&5
cat > conftest.$ac_ext <<EOF
-#line 5933 "configure"
+#line 5988 "configure"
#include "confdefs.h"
#include <shadow.h>
EOF
@@ -5968,7 +6023,7 @@
fi
echo $ac_n "checking location of mail spool files""... $ac_c" 1>&6
-echo "configure:5972: checking location of mail spool files" >&5
+echo "configure:6027: checking location of mail spool files" >&5
for dir in /var/spool/mail /var/mail /usr/spool/mail /usr/mail FILE
do
if test "$dir" = "FILE"; then
@@ -6007,7 +6062,7 @@
done
echo $ac_n "checking location of utmp""... $ac_c" 1>&6
-echo "configure:6011: checking location of utmp" >&5
+echo "configure:6066: checking location of utmp" >&5
if test -f /var/run/utmp; then
cat >> confdefs.h <<\EOF
#define SSH_UTMP "/var/run/utmp"
@@ -6043,7 +6098,7 @@
fi
echo $ac_n "checking location of wtmp""... $ac_c" 1>&6
-echo "configure:6047: checking location of wtmp" >&5
+echo "configure:6102: checking location of wtmp" >&5
if test -f /var/log/wtmp; then
cat >> confdefs.h <<\EOF
#define SSH_WTMP "/var/log/wtmp"
@@ -6077,7 +6132,7 @@
fi
echo $ac_n "checking location of lastlog""... $ac_c" 1>&6
-echo "configure:6081: checking location of lastlog" >&5
+echo "configure:6136: checking location of lastlog" >&5
if test -f /var/log/lastlog || test -d /var/log/lastlog; then
cat >> confdefs.h <<\EOF
#define SSH_LASTLOG "/var/log/lastlog"
@@ -6132,7 +6187,7 @@
fi
echo $ac_n "checking whether $LASTLOG is a directory""... $ac_c" 1>&6
-echo "configure:6136: checking whether $LASTLOG is a directory" >&5
+echo "configure:6191: checking whether $LASTLOG is a directory" >&5
if test -d $LASTLOG
then
echo "$ac_t""yes" 1>&6
@@ -6145,7 +6200,7 @@
fi
echo $ac_n "checking whether to include the IDEA encryption algorithm""... $ac_c" 1>&6
-echo "configure:6149: checking whether to include the IDEA encryption algorithm" >&5
+echo "configure:6204: checking whether to include the IDEA encryption algorithm" >&5
# Check whether --with-idea or --without-idea was given.
if test "${with_idea+set}" = set; then
withval="$with_idea"
@@ -6179,7 +6234,7 @@
echo $ac_n "checking whether to include the Blowfish encryption algorithm""... $ac_c" 1>&6
-echo "configure:6183: checking whether to include the Blowfish encryption algorithm" >&5
+echo "configure:6238: checking whether to include the Blowfish encryption algorithm" >&5
# Check whether --with-blowfish or --without-blowfish was given.
if test "${with_blowfish+set}" = set; then
withval="$with_blowfish"
@@ -6206,7 +6261,7 @@
echo $ac_n "checking whether to include the DES encryption algorithm""... $ac_c" 1>&6
-echo "configure:6210: checking whether to include the DES encryption algorithm" >&5
+echo "configure:6265: checking whether to include the DES encryption algorithm" >&5
# Check whether --with-des or --without-des was given.
if test "${with_des+set}" = set; then
withval="$with_des"
@@ -6229,7 +6284,7 @@
echo $ac_n "checking whether to include the ARCFOUR encryption algorithm""... $ac_c" 1>&6
-echo "configure:6233: checking whether to include the ARCFOUR encryption algorithm" >&5
+echo "configure:6288: checking whether to include the ARCFOUR encryption algorithm" >&5
# Check whether --with-arcfour or --without-arcfour was given.
if test "${with_arcfour+set}" = set; then
withval="$with_arcfour"
@@ -6252,7 +6307,7 @@
echo $ac_n "checking whether to include the none encryption algorithm""... $ac_c" 1>&6
-echo "configure:6256: checking whether to include the none encryption algorithm" >&5
+echo "configure:6311: checking whether to include the none encryption algorithm" >&5
# Check whether --with-none or --without-none was given.
if test "${with_none+set}" = set; then
withval="$with_none"
@@ -6275,7 +6330,7 @@
echo $ac_n "checking whether to use login""... $ac_c" 1>&6
-echo "configure:6279: checking whether to use login" >&5
+echo "configure:6334: checking whether to use login" >&5
# Check whether --with-login or --without-login was given.
if test "${with_login+set}" = set; then
withval="$with_login"
@@ -6290,7 +6345,7 @@
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:6294: checking for $ac_word" >&5
+echo "configure:6349: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_PATH_LOGIN'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -6349,7 +6404,7 @@
echo $ac_n "checking whether to use rsh""... $ac_c" 1>&6
-echo "configure:6353: checking whether to use rsh" >&5
+echo "configure:6408: checking whether to use rsh" >&5
# Check whether --with-rsh or --without-rsh was given.
if test "${with_rsh+set}" = set; then
withval="$with_rsh"
@@ -6364,7 +6419,7 @@
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:6368: checking for $ac_word" >&5
+echo "configure:6423: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -6416,7 +6471,7 @@
# Extract the first word of "$ac_prog", so it can be a program name with args.
set dummy $ac_prog; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
-echo "configure:6420: checking for $ac_word" >&5
+echo "configure:6475: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_RSH_PATH'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
@@ -6465,7 +6520,7 @@
# Code to permit setting default path for users ([email protected])
echo $ac_n "checking default path""... $ac_c" 1>&6
-echo "configure:6469: checking default path" >&5
+echo "configure:6524: checking default path" >&5
# Check whether --with-path or --without-path was given.
if test "${with_path+set}" = set; then
withval="$with_path"
@@ -6488,7 +6543,7 @@
echo $ac_n "checking etcdir""... $ac_c" 1>&6
-echo "configure:6492: checking etcdir" >&5
+echo "configure:6547: checking etcdir" >&5
# Check whether --with-etcdir or --without-etcdir was given.
if test "${with_etcdir+set}" = set; then
withval="$with_etcdir"
@@ -6513,7 +6568,7 @@
echo $ac_n "checking whether to use nologin.allow file to override nologin""... $ac_c" 1>&6
-echo "configure:6517: checking whether to use nologin.allow file to override nologin" >&5
+echo "configure:6572: checking whether to use nologin.allow file to override nologin" >&5
# Check whether --with-nologin-allow or --without-nologin-allow was given.
if test "${with_nologin_allow+set}" = set; then
withval="$with_nologin_allow"
@@ -6543,7 +6598,7 @@
echo $ac_n "checking whether to support SecurID""... $ac_c" 1>&6
-echo "configure:6547: checking whether to support SecurID" >&5
+echo "configure:6602: checking whether to support SecurID" >&5
# Check whether --with-securid or --without-securid was given.
if test "${with_securid+set}" = set; then
withval="$with_securid"
@@ -6586,7 +6641,7 @@
echo $ac_n "checking whether to support TIS authentication server""... $ac_c" 1>&6
-echo "configure:6590: checking whether to support TIS authentication server" >&5
+echo "configure:6645: checking whether to support TIS authentication server" >&5
# Check whether --with-tis or --without-tis was given.
if test "${with_tis+set}" = set; then
withval="$with_tis"
@@ -6617,7 +6672,7 @@
echo $ac_n "checking whether to use Kerberos"