diff options
| author | Damien Miller <djm@mindrot.org> | 2001-04-10 11:08:40 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2001-04-10 11:08:40 +1000 |
| commit | 813b909e697c5d665937a53400b41b0da5dc4f84 (patch) | |
| tree | 5d5f53663c8ef83c437f8921854dab972811e945 | |
| parent | d6b07d849a7003aefaec0b90a8556c53fff7a077 (diff) | |
Add Theo E. Schlossnagle's <jesus@omniti.com> SecurID patch to contrib/V_2_5_2
| -rw-r--r-- | contrib/openssh-2.5.2p1+SecurID_v1.README | 82 | ||||
| -rw-r--r-- | contrib/openssh-2.5.2p1+SecurID_v1.patch | 6731 |
2 files changed, 6813 insertions, 0 deletions
diff --git a/contrib/openssh-2.5.2p1+SecurID_v1.README b/contrib/openssh-2.5.2p1+SecurID_v1.README new file mode 100644 index 00000000..8e764ff9 --- /dev/null +++ b/contrib/openssh-2.5.2p1+SecurID_v1.README @@ -0,0 +1,82 @@ +/* + * Author: Theo Schlossnagle <jesus@omniti.com> + * Copyright (c) 2000,2001 Theo Schlossnagle <jesus@omniti.com> + * All rights reserved + * Created: September 21, 2000 + * License: OpenSSH License. See the license for OpenSSH for more details. + * + * March 19, 2001: + * Updated to 2.5.2p1 -- jesus@omniti.com + * + * December 20, 2000: + * Updated to 2.3.0p1 -- jesus@omniti.com + * + * Jan 9th, 2001: + * Added SecurIDUsersFile, SecurIDIgnoreShell, AllowNonSecurID directives + * to the sshd_config file. These parameters are documented in the man page. + * This provides a more logical seperationg between fail-through due to system + * failure and fall-through by configuration. (fall-through vs. fail-through) + * -- jesus@omniti.com + */ + +Seems like a few people are interested. So here is the patch. + +This has only been tested on UNICIES that support PAM. There is untested +(only 5 lines) code in auth-passwd.c that should provide the same +functionality for normal (non-PAM) password verifications. + +The patch is logical quite small, the physical patch bulky because it contains +all the line number changes in "configure" after running autoconf on the +modified configure.in file (in which I changed maybe 10 lines -- Yuk.) + +The sshd man page has been patched too :-) Read it for the two new options +relating to SecurID. + +How it works: + +0) apply patch ;-) +1) copy sdi headers (in SecurID example directory) into either a standard +include place (like /usr/local/include) or into the openssh source tree +or add the --with-cflags=-I/path/to/ace/examples (where the include files are) +2) copy the sdiclient.a file (same dir) into the openssh source tree. + +Make sure that /var/ace contains your sdconf.rec, etc. If you installed +SecurID client or server on a machine it should be this way already. If you +used a non-standard install location do a "ln -s /path/to/ace/data /var/ace" + +3) add --with-securid --with-pam to the configure flags. This module rides on +the PAM authentication mechanism. + +It will trigger if a user has a shell in /etc/passwd that ends with "sdshell" +and it snags your shell the same way sdshell does. Users with other shells +will log in as if SecurID didn't exist. + +Done: + o Normal passcode verification + o Enter next token for verification + (use ssh -v to see the *useful* debgging messages) + +ssh -v will let you know if: + o your code was accepted. + o your code was rejected. + o you are required to wait for the next token and enter that. + +TODO: + o Handle PIN creation and changing (as their are by default three log in +attempts, it should be straight forward to integrate in these additions -- +both of these operations require exactly three user inputs.) + o Add sshd_config parameter to specify the VAR_ACE location (forced to +/var/ace OR VAR_ACE environment variable now.) + o Make autoconf find the headers in logical places and add a long-option to +give it a hint. I am an "autoconf idiot"... The small changes I made were +challenging enough :) + + +DISCLAIMER: + I works for me (yes, in production). If you get locked out of a production +system becuase you replaced your sshd with this one, feeling really dumb is +YOUR responsibility NOT mine. It is not my fault :-D + +Hope this is useful! scp (and all other tools that can use ssh like rsync and +cvs) will work now!!!! Hooray! + diff --git a/contrib/openssh-2.5.2p1+SecurID_v1.patch b/contrib/openssh-2.5.2p1+SecurID_v1.patch new file mode 100644 index 00000000..452692dd --- /dev/null +++ b/contrib/openssh-2.5.2p1+SecurID_v1.patch @@ -0,0 +1,6731 @@ +diff -rNc openssh-2.5.2p1/Makefile.in openssh-2.5.2p1+SecurID/Makefile.in +*** openssh-2.5.2p1/Makefile.in Tue Mar 13 19:39:24 2001 +--- openssh-2.5.2p1+SecurID/Makefile.in Mon Mar 19 23:10:15 2001 +*************** +*** 48,54 **** + + SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o readconf.o clientloop.o + +! SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o dh.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o + + TROFFMAN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 + CATMAN = scp.0 ssh-add.0 ssh-agent.0 ssh-keygen.0 ssh-keyscan.0 ssh.0 sshd.0 sftp-server.0 sftp.0 +--- 48,54 ---- + + SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o readconf.o clientloop.o + +! SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o auth-securid.o dh.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o + + TROFFMAN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 + CATMAN = scp.0 ssh-add.0 ssh-agent.0 ssh-keygen.0 ssh-keyscan.0 ssh.0 sshd.0 sftp-server.0 sftp.0 +diff -rNc openssh-2.5.2p1/README.SecurID openssh-2.5.2p1+SecurID/README.SecurID +*** openssh-2.5.2p1/README.SecurID Wed Dec 31 19:00:00 1969 +--- openssh-2.5.2p1+SecurID/README.SecurID Tue Mar 20 00:52:41 2001 +*************** +*** 0 **** +--- 1,82 ---- ++ /* ++ * Author: Theo Schlossnagle <jesus@omniti.com> ++ * Copyright (c) 2000,2001 Theo Schlossnagle <jesus@omniti.com> ++ * All rights reserved ++ * Created: September 21, 2000 ++ * License: OpenSSH License. See the license for OpenSSH for more details. ++ * ++ * March 19, 2001: ++ * Updated to 2.5.2p1 -- jesus@omniti.com ++ * ++ * December 20, 2000: ++ * Updated to 2.3.0p1 -- jesus@omniti.com ++ * ++ * Jan 9th, 2001: ++ * Added SecurIDUsersFile, SecurIDIgnoreShell, AllowNonSecurID directives ++ * to the sshd_config file. These parameters are documented in the man page. ++ * This provides a more logical seperationg between fail-through due to system ++ * failure and fall-through by configuration. (fall-through vs. fail-through) ++ * -- jesus@omniti.com ++ */ ++ ++ Seems like a few people are interested. So here is the patch. ++ ++ This has only been tested on UNICIES that support PAM. There is untested ++ (only 5 lines) code in auth-passwd.c that should provide the same ++ functionality for normal (non-PAM) password verifications. ++ ++ The patch is logical quite small, the physical patch bulky because it contains ++ all the line number changes in "configure" after running autoconf on the ++ modified configure.in file (in which I changed maybe 10 lines -- Yuk.) ++ ++ The sshd man page has been patched too :-) Read it for the two new options ++ relating to SecurID. ++ ++ How it works: ++ ++ 0) apply patch ;-) ++ 1) copy sdi headers (in SecurID example directory) into either a standard ++ include place (like /usr/local/include) or into the openssh source tree ++ or add the --with-cflags=-I/path/to/ace/examples (where the include files are) ++ 2) copy the sdiclient.a file (same dir) into the openssh source tree. ++ ++ Make sure that /var/ace contains your sdconf.rec, etc. If you installed ++ SecurID client or server on a machine it should be this way already. If you ++ used a non-standard install location do a "ln -s /path/to/ace/data /var/ace" ++ ++ 3) add --with-securid --with-pam to the configure flags. This module rides on ++ the PAM authentication mechanism. ++ ++ It will trigger if a user has a shell in /etc/passwd that ends with "sdshell" ++ and it snags your shell the same way sdshell does. Users with other shells ++ will log in as if SecurID didn't exist. ++ ++ Done: ++ o Normal passcode verification ++ o Enter next token for verification ++ (use ssh -v to see the *useful* debgging messages) ++ ++ ssh -v will let you know if: ++ o your code was accepted. ++ o your code was rejected. ++ o you are required to wait for the next token and enter that. ++ ++ TODO: ++ o Handle PIN creation and changing (as their are by default three log in ++ attempts, it should be straight forward to integrate in these additions -- ++ both of these operations require exactly three user inputs.) ++ o Add sshd_config parameter to specify the VAR_ACE location (forced to ++ /var/ace OR VAR_ACE environment variable now.) ++ o Make autoconf find the headers in logical places and add a long-option to ++ give it a hint. I am an "autoconf idiot"... The small changes I made were ++ challenging enough :) ++ ++ ++ DISCLAIMER: ++ I works for me (yes, in production). If you get locked out of a production ++ system becuase you replaced your sshd with this one, feeling really dumb is ++ YOUR responsibility NOT mine. It is not my fault :-D ++ ++ Hope this is useful! scp (and all other tools that can use ssh like rsync and ++ cvs) will work now!!!! Hooray! ++ +diff -rNc openssh-2.5.2p1/acconfig.h openssh-2.5.2p1+SecurID/acconfig.h +*** openssh-2.5.2p1/acconfig.h Fri Mar 16 20:15:16 2001 +--- openssh-2.5.2p1+SecurID/acconfig.h Mon Mar 19 23:08:34 2001 +*************** +*** 187,192 **** +--- 187,195 ---- + /* Define if you want S/Key support */ + #undef SKEY + ++ /* Define if you want SecurID support */ ++ #undef SECURID ++ + /* Define if you want TCP Wrappers support */ + #undef LIBWRAP + +diff -rNc openssh-2.5.2p1/auth-pam.c openssh-2.5.2p1+SecurID/auth-pam.c +*** openssh-2.5.2p1/auth-pam.c Wed Feb 28 17:18:36 2001 +--- openssh-2.5.2p1+SecurID/auth-pam.c Tue Mar 20 00:04:36 2001 +*************** +*** 168,174 **** + + return PAM_SUCCESS; + } +- + /* Called at exit to cleanly shutdown PAM */ + void do_pam_cleanup_proc(void *context) + { +--- 168,173 ---- +*************** +*** 211,217 **** + return 0; + if (*password == '\0' && options.permit_empty_passwd == 0) + return 0; +! + __pampasswd = password; + + pamstate = INITIAL_LOGIN; +--- 210,228 ---- + return 0; + if (*password == '\0' && options.permit_empty_passwd == 0) + return 0; +! #ifdef SECURID +! if (options.securid_authentication == 1) { +! int ret; +! debug("Attempting SecurID authentication user \"%.100s\"", pw->pw_name); +! ret = auth_securid_password(pw, password); +! if (ret >= 0) +! return ret; +! /* Only returns < 0 if the account is not a SecurID account */ +! /* Fall back to ordinary passwd authentication. */ +! } else { +! debug("SecurID disabled in server config. Using PAM."); +! } +! #endif + __pampasswd = password; + + pamstate = INITIAL_LOGIN; +diff -rNc openssh-2.5.2p1/auth-passwd.c openssh-2.5.2p1+SecurID/auth-passwd.c +*** openssh-2.5.2p1/auth-passwd.c Sun Feb 18 01:00:38 2001 +--- openssh-2.5.2p1+SecurID/auth-passwd.c Mon Mar 19 23:08:34 2001 +*************** +*** 144,149 **** +--- 144,158 ---- + } + #endif + ++ #ifdef SECURID ++ if (options.securid_authentication == 1) { ++ int ret = auth_securid_password(pw, password); ++ if (ret >= 0) ++ return ret; ++ /* Only returns < 0 if the account is not a SecurID account */ ++ /* Fall back to ordinary passwd authentication. */ ++ } ++ #endif + #ifdef WITH_AIXAUTHENTICATE + return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + #endif +diff -rNc openssh-2.5.2p1/auth-securid.c openssh-2.5.2p1+SecurID/auth-securid.c +*** openssh-2.5.2p1/auth-securid.c Wed Dec 31 19:00:00 1969 +--- openssh-2.5.2p1+SecurID/auth-securid.c Tue Mar 20 01:08:35 2001 +*************** +*** 0 **** +--- 1,181 ---- ++ /* ++ * Author: Theo Schlossnagle <jesus@omniti.com> ++ * Copyright (c) 2000 Theo Schlossnagle <jesus@omniti.com> ++ * All rights reserved ++ * Created: September 21, 2000 ++ * This file contains the code to process a SecurID authentication ++ * including the "next token" request. ++ */ ++ ++ #include "includes.h" ++ ++ RCSID("$OpenBSD: auth-securid.c,v 1.0 2000/09/21 01:39:38 jesus Exp $"); ++ ++ #include "packet.h" ++ #include "ssh.h" ++ #include "log.h" ++ #include "servconf.h" ++ #include "xmalloc.h" ++ ++ #ifdef WITH_AIXAUTHENTICATE ++ # include <login.h> ++ #endif ++ #ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW ++ # include <hpsecurity.h> ++ # include <prot.h> ++ #endif ++ #ifdef HAVE_SHADOW_H ++ # include <shadow.h> ++ #endif ++ #ifdef HAVE_GETPWANAM ++ # include <sys/label.h> ++ # include <sys/audit.h> ++ # include <pwdadj.h> ++ #endif ++ #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) ++ # include "md5crypt.h" ++ #endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ ++ ++ #ifdef SECURID ++ #include "sdi_athd.h" ++ #include "sdconf.h" ++ #include "sdacmvls.h" ++ ++ union config_record configure; ++ #endif ++ ++ /* ++ * Tries to authenticate the user using password. Returns true if ++ * authentication succeeds. ++ */ ++ #define INBUFFLEN 256 ++ ++ int ++ securid_usersfile_find(const char *pw_name) ++ { ++ extern ServerOptions options; ++ FILE *inf; ++ char inbuff[INBUFFLEN]; ++ struct stat fileinfo; ++ int retval = 0; ++ ++ if(!options.securid_usersfile) { ++ error("In securid_usersfile_find() with NULL filename!"); ++ return -1; ++ } ++ if(lstat(options.securid_usersfile, &fileinfo)) { ++ error("Cannot open %s: %s", ++ options.securid_usersfile, strerror(errno)); ++ return -1; ++ } ++ if(fileinfo.st_mode & (S_IWOTH|S_IWGRP)) { ++ error("SecurIDUsersFile is writeable by group and other"); ++ return -1; ++ } ++ if(!(inf = fopen(options.securid_usersfile, "r"))) { ++ error("Cannot open %s: %s", ++ options.securid_usersfile, strerror(errno)); ++ return -1; ++ } ++ while(fgets(inbuff,INBUFFLEN-1,inf) != NULL) { ++ if(inbuff[strlen(inbuff) - 1] == '\n') ++ inbuff[strlen(inbuff) - 1] = '\0'; ++ retval = !strcmp(inbuff,pw_name); ++ if(retval) break; ++ } ++ fclose(inf); ++ if(retval) return 1; ++ debug2("Failed to find %s in %s", ++ pw_name, options.securid_usersfile); ++ return 0; ++ } ++ int ++ auth_securid_password(struct passwd * pw, const char *password) ++ { ++ static int state = 0; /* This tells us where we expect a ++ 0 "PIN" ++ 1 "Next Token" ++ */ ++ int doauth; ++ char *ecp; ++ extern ServerOptions options; ++ #ifndef SECURID ++ return -1; ++ #else ++ struct SD_CLIENT sd_dat, *sd; ++ ++ /* Check for users with no sdshell and pass them by. */ ++ if(options.securid_usersfile) { ++ doauth = securid_usersfile_find(pw->pw_name); ++ if(doauth == 0) { /* file is there, user is not */ ++ if(options.allow_nonsecurid) return -1; ++ return 0; ++ } else if(doauth < 0) { /* File not there or bad perms! */ ++ error("Failing SecurID login attempt"); ++ return 0; /* Fail */ ++ } ++ } else { ++ /* No users securid_usersfile ++ so use shells that end in sdshell */ ++ if (!((ecp = strstr(pw->pw_shell, "sdshell")) && ++ (*(ecp+8)=='\0'))) ++ if(options.allow_nonsecurid) return -1; ++ else ++ return 0; ++ } ++ ++ memset(&sd_dat, 0, sizeof(sd_dat)); /* clear struct */ ++ sd = &sd_dat; ++ ++ if(creadcfg()) { ++ /* Can't read sdconf.rec! Gotta bail */ ++ packet_send_debug("Couldn't read sdconf.rec."); ++ if(options.securid_fallback) return -1; ++ return 0; ++ } ++ if(sd_init(sd)) { ++ /* Can't establish client/server comms! Gotta bail */ ++ packet_send_debug("Couldn't establish client/server communications."); ++ if(options.securid_fallback) return -1; ++ return 0; ++ } ++ if(state == 0) { ++ int ret; ++ /* Auth PIN... */ ++ ret = sd_check(password, pw->pw_name, sd); ++ if(ret == ACM_OK) { ++ goto success; ++ } ++ if(ret == ACM_ACCESS_DENIED) { ++ packet_send_debug("SecurID passcode rejected."); ++ return 0; /* Failed! */ ++ } ++ if(ret == ACM_NEXT_CODE_REQUIRED) { ++ packet_send_debug("SecurID needs next token."); ++ state = 1; /* Process next try as sd_next */ ++ return 0; /* Fail, so ssh will prmpt again */ ++ } ++ } else { ++ /* Auth next token... */ ++ int ret; ++ state = 0; /* Set back to PIN mode */ ++ ret = sd_next(password, sd); ++ if(ret == ACM_OK) { ++ goto success; ++ } ++ packet_send_debug("SecurID passcode rejected."); ++ return 0; /* Failed */ ++ } ++ packet_send_debug("Unhandled sdcheck() return code."); ++ return 0; /* Failed! */ ++ ++ success: ++ /* We don't free pw->pw_shell here, becuase we don't know how it was ++ allocated... Besides it is a very small, one-time leak if we did ++ need to free it. */ ++ if(!options.securid_ignore_shell) ++ pw->pw_shell = strdup(sd->shell); ++ packet_send_debug("SecurID passcode accepted."); ++ return 1; /* Success */ ++ #endif ++ } +diff -rNc openssh-2.5.2p1/config.h.in openssh-2.5.2p1+SecurID/config.h.in +*** openssh-2.5.2p1/config.h.in Mon Mar 19 17:33:03 2001 +--- openssh-2.5.2p1+SecurID/config.h.in Mon Mar 19 23:08:34 2001 +*************** +*** 193,198 **** +--- 193,201 ---- + /* Define if you want S/Key support */ + #undef SKEY + ++ /* Define if you want SecurID support */ ++ #undef SECURID ++ + /* Define if you want TCP Wrappers support */ + #undef LIBWRAP + +*************** +*** 259,270 **** + + /* Define if you have a regcomp() function */ + #undef HAVE_REGCOMP +- +- /* Define if you have /dev/ptmx */ +- #undef HAVE_DEV_PTMX +- +- /* Define if you have /dev/ptc */ +- #undef HAVE_DEV_PTS_AND_PTC + + /* Define if you need to use IP address instead of hostname in $DISPLAY */ + #undef IPADDR_IN_DISPLAY +--- 262,267 ---- +diff -rNc openssh-2.5.2p1/configure openssh-2.5.2p1+SecurID/configure +*** openssh-2.5.2p1/configure Mon Mar 19 17:33:04 2001 +--- openssh-2.5.2p1+SecurID/configure Mon Mar 19 23:10:42 2001 +*************** +*** 28,33 **** +--- 28,35 ---- + ac_help="$ac_help + --with-skey=PATH Enable S/Key support" + ac_help="$ac_help ++ --with-securid Enable SecurID support" ++ ac_help="$ac_help + --with-tcp-wrappers Enable tcpwrappers support" + ac_help="$ac_help + --with-pam Enable PAM support " +*************** +*** 599,605 **** + # Extract the first word of "gcc", so it can be a program name with args. + set dummy gcc; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +! echo "configure:603: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +--- 601,607 ---- + # Extract the first word of "gcc", so it can be a program name with args. + set dummy gcc; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +! echo "configure:605: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +*************** +*** 629,635 **** + # Extract the first word of "cc", so it can be a program name with args. + set dummy cc; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +! echo "configure:633: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +--- 631,637 ---- + # Extract the first word of "cc", so it can be a program name with args. + set dummy cc; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +! echo "configure:635: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +*************** +*** 680,686 **** + # Extract the first word of "cl", so it can be a program name with args. + set dummy cl; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +! echo "configure:684: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +--- 682,688 ---- + # Extract the first word of "cl", so it can be a program name with args. + set dummy cl; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +! echo "configure:686: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +*************** +*** 712,718 **** + fi + + echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 +! echo "configure:716: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 + + ac_ext=c + # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +--- 714,720 ---- + fi + + echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 +! echo "configure:718: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 + + ac_ext=c + # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +*************** +*** 723,734 **** + + cat > conftest.$ac_ext << EOF + +! #line 727 "configure" + #include "confdefs.h" + + main(){return(0);} + EOF +! if { (eval echo configure:732: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + ac_cv_prog_cc_works=yes + # If we can't run a trivial program, we are probably using a cross compiler. + if (./conftest; exit) 2>/dev/null; then +--- 725,736 ---- + + cat > conftest.$ac_ext << EOF + +! #line 729 "configure" + #include "confdefs.h" + + main(){return(0);} + EOF +! if { (eval echo configure:734: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + ac_cv_prog_cc_works=yes + # If we can't run a trivial program, we are probably using a cross compiler. + if (./conftest; exit) 2>/dev/null; then +*************** +*** 754,765 **** + { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } + fi + echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 +! echo "configure:758: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 + echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 + cross_compiling=$ac_cv_prog_cc_cross + + echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 +! echo "configure:763: checking whether we are using GNU C" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +--- 756,767 ---- + { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } + fi + echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 +! echo "configure:760: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 + echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 + cross_compiling=$ac_cv_prog_cc_cross + + echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 +! echo "configure:765: checking whether we are using GNU C" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +*************** +*** 768,774 **** + yes; + #endif + EOF +! if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:772: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then + ac_cv_prog_gcc=yes + else + ac_cv_prog_gcc=no +--- 770,776 ---- + yes; + #endif + EOF +! if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:774: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then + ac_cv_prog_gcc=yes + else + ac_cv_prog_gcc=no +*************** +*** 787,793 **** + ac_save_CFLAGS="$CFLAGS" + CFLAGS= + echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 +! echo "configure:791: checking whether ${CC-cc} accepts -g" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +--- 789,795 ---- + ac_save_CFLAGS="$CFLAGS" + CFLAGS= + echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 +! echo "configure:793: checking whether ${CC-cc} accepts -g" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +*************** +*** 844,850 **** + fi + + echo $ac_n "checking host system type""... $ac_c" 1>&6 +! echo "configure:848: checking host system type" >&5 + + host_alias=$host + case "$host_alias" in +--- 846,852 ---- + fi + + echo $ac_n "checking host system type""... $ac_c" 1>&6 +! echo "configure:850: checking host system type" >&5 + + host_alias=$host + case "$host_alias" in +*************** +*** 865,878 **** + echo "$ac_t""$host" 1>&6 + + echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 +! echo "configure:869: checking whether byte ordering is bigendian" >&5 + if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + ac_cv_c_bigendian=unknown + # See if sys/param.h defines the BYTE_ORDER macro. + cat > conftest.$ac_ext <<EOF +! #line 876 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/param.h> +--- 867,880 ---- + echo "$ac_t""$host" 1>&6 + + echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 +! echo "configure:871: checking whether byte ordering is bigendian" >&5 + if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + ac_cv_c_bigendian=unknown + # See if sys/param.h defines the BYTE_ORDER macro. + cat > conftest.$ac_ext <<EOF +! #line 878 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/param.h> +*************** +*** 883,893 **** + #endif + ; return 0; } + EOF +! if { (eval echo configure:887: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + # It does; now see whether it defined to BIG_ENDIAN or not. + cat > conftest.$ac_ext <<EOF +! #line 891 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/param.h> +--- 885,895 ---- + #endif + ; return 0; } + EOF +! if { (eval echo configure:889: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + # It does; now see whether it defined to BIG_ENDIAN or not. + cat > conftest.$ac_ext <<EOF +! #line 893 "configure" + #include "confdefs.h" + #include <sys/types.h> + #include <sys/param.h> +*************** +*** 898,904 **** + #endif + ; return 0; } + EOF +! if { (eval echo configure:902: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_bigendian=yes + else +--- 900,906 ---- + #endif + ; return 0; } + EOF +! if { (eval echo configure:904: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_bigendian=yes + else +*************** +*** 918,924 **** + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } + else + cat > conftest.$ac_ext <<EOF +! #line 922 "configure" + #include "confdefs.h" + main () { + /* Are we little or big endian? From Harbison&Steele. */ +--- 920,926 ---- + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } + else + cat > conftest.$ac_ext <<EOF +! #line 924 "configure" + #include "confdefs.h" + main () { + /* Are we little or big endian? From Harbison&Steele. */ +*************** +*** 931,937 **** + exit (u.c[sizeof (long) - 1] == 1); + } + EOF +! if { (eval echo configure:935: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_c_bigendian=no + else +--- 933,939 ---- + exit (u.c[sizeof (long) - 1] == 1); + } + EOF +! if { (eval echo configure:937: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_c_bigendian=no + else +*************** +*** 957,963 **** + + # Checks for programs. + echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 +! echo "configure:961: checking how to run the C preprocessor" >&5 + # On Suns, sometimes $CPP names a directory. + if test -n "$CPP" && test -d "$CPP"; then + CPP= +--- 959,965 ---- + + # Checks for programs. + echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 +! echo "configure:963: checking how to run the C preprocessor" >&5 + # On Suns, sometimes $CPP names a directory. + if test -n "$CPP" && test -d "$CPP"; then + CPP= +*************** +*** 972,984 **** + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. + cat > conftest.$ac_ext <<EOF +! #line 976 "configure" + #include "confdefs.h" + #include <assert.h> + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +! { (eval echo configure:982: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +--- 974,986 ---- + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. + cat > conftest.$ac_ext <<EOF +! #line 978 "configure" + #include "confdefs.h" + #include <assert.h> + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +! { (eval echo configure:984: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +*************** +*** 989,1001 **** + rm -rf conftest* + CPP="${CC-cc} -E -traditional-cpp" + cat > conftest.$ac_ext <<EOF +! #line 993 "configure" + #include "confdefs.h" + #include <assert.h> + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +! { (eval echo configure:999: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +--- 991,1003 ---- + rm -rf conftest* + CPP="${CC-cc} -E -traditional-cpp" + cat > conftest.$ac_ext <<EOF +! #line 995 "configure" + #include "confdefs.h" + #include <assert.h> + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +! { (eval echo configure:1001: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +*************** +*** 1006,1018 **** + rm -rf conftest* + CPP="${CC-cc} -nologo -E" + cat > conftest.$ac_ext <<EOF +! #line 1010 "configure" + #include "confdefs.h" + #include <assert.h> + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +! { (eval echo configure:1016: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +--- 1008,1020 ---- + rm -rf conftest* + CPP="${CC-cc} -nologo -E" + cat > conftest.$ac_ext <<EOF +! #line 1012 "configure" + #include "confdefs.h" + #include <assert.h> + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +! { (eval echo configure:1018: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +*************** +*** 1039,1045 **** + # Extract the first word of "ranlib", so it can be a program name with args. + set dummy ranlib; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +! echo "configure:1043: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +--- 1041,1047 ---- + # Extract the first word of "ranlib", so it can be a program name with args. + set dummy ranlib; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +! echo "configure:1045: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +*************** +*** 1078,1084 **** + # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" + # ./install, which can be erroneously created by make from ./install.sh. + echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 +! echo "configure:1082: checking for a BSD compatible install" >&5 + if test -z "$INSTALL"; then + if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +--- 1080,1086 ---- + # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" + # ./install, which can be erroneously created by make from ./install.sh. + echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 +! echo "configure:1084: checking for a BSD compatible install" >&5 + if test -z "$INSTALL"; then + if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +*************** +*** 1133,1139 **** + # Extract the first word of "ar", so it can be a program name with args. + set dummy ar; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +! echo "configure:1137: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_AR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +--- 1135,1141 ---- + # Extract the first word of "ar", so it can be a program name with args. + set dummy ar; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +! echo "configure:1139: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_AR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +*************** +*** 1168,1174 **** + # Extract the first word of "perl", so it can be a program name with args. + set dummy perl; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +! echo "configure:1172: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +--- 1170,1176 ---- + # Extract the first word of "perl", so it can be a program name with args. + set dummy perl; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +! echo "configure:1174: checking for |