From 0b814c1e9a0e5284750dbe000260e1dd86164636 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 29 Apr 2001 22:03:41 +1000 Subject: - (djm) Add Theo Schlossnagle's SecurID patch to contrib/ --- ChangeLog | 3 +- contrib/SecurID.diff | 4101 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 4103 insertions(+), 1 deletion(-) create mode 100644 contrib/SecurID.diff diff --git a/ChangeLog b/ChangeLog index 3e7e8783..0f5bf7aa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20010429 - (bal) Updated INSTALL. PCRE moved to a new place. + - (djm) Add Theo Schlossnagle's SecurID patch to contrib/ 20010427 - (bal) Fixed uidswap.c so it should work on non-posix complient systems. @@ -5270,4 +5271,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1179.2.1 2001/04/28 17:31:23 mouring Exp $ +$Id: ChangeLog,v 1.1179.2.2 2001/04/29 12:03:41 djm Exp $ diff --git a/contrib/SecurID.diff b/contrib/SecurID.diff new file mode 100644 index 00000000..fcbb7378 --- /dev/null +++ b/contrib/SecurID.diff @@ -0,0 +1,4101 @@ +diff -ruN openssh-2.9p1-orig/Makefile.in openssh-2.9p1/Makefile.in +--- openssh-2.9p1-orig/Makefile.in Fri Apr 27 10:31:08 2001 ++++ openssh-2.9p1/Makefile.in Sun Apr 29 21:59:59 2001 +@@ -49,7 +49,7 @@ + + SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o + +-SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o ++SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-securid.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o + + MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out + MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 +diff -ruN openssh-2.9p1-orig/README.SecurID openssh-2.9p1/README.SecurID +--- openssh-2.9p1-orig/README.SecurID Thu Jan 1 10:00:00 1970 ++++ openssh-2.9p1/README.SecurID Sun Apr 29 21:59:59 2001 +@@ -0,0 +1,90 @@ ++/* ++ * Author: Theo Schlossnagle ++ * Copyright (c) 2000,2001 Theo Schlossnagle ++ * All rights reserved ++ * Created: September 21, 2000 ++ * License: OpenSSH License. See the license for OpenSSH for more details. ++ * ++ * April 24, 2001: ++ * Updated to 2.9.0p1 -- jesus@omniti.com ++ * added autoconf clauses to fault if sdiclient.a and headers aren't there. ++ * ++ * April 21, 2001: ++ * Updated to 2.5.2p2 -- jesus@omniti.com ++ * Incorporated some bug fixes from Anders Olsen to fix next-token code. ++ * ++ * March 19, 2001: ++ * Updated to 2.5.2p1 -- jesus@omniti.com ++ * ++ * December 20, 2000: ++ * Updated to 2.3.0p1 -- jesus@omniti.com ++ * ++ * Jan 9th, 2001: ++ * Added SecurIDUsersFile, SecurIDIgnoreShell, AllowNonSecurID directives ++ * to the sshd_config file. These parameters are documented in the man page. ++ * This provides a more logical seperationg between fail-through due to system ++ * failure and fall-through by configuration. (fall-through vs. fail-through) ++ * -- jesus@omniti.com ++ */ ++ ++Seems like a few people are interested. So here is the patch. ++ ++This has only been tested on UNICIES that support PAM. There is untested ++(only 5 lines) code in auth-passwd.c that should provide the same ++functionality for normal (non-PAM) password verifications. ++ ++The patch is logical quite small, the physical patch bulky because it contains ++all the line number changes in "configure" after running autoconf on the ++modified configure.in file (in which I changed maybe 10 lines -- Yuk.) ++ ++The sshd man page has been patched too :-) Read it for the two new options ++relating to SecurID. ++ ++How it works: ++ ++0) apply patch ;-) ++1) copy sdi headers (in SecurID example directory) into either a standard ++include place (like /usr/local/include) or into the openssh source tree ++or add the --with-cflags=-I/path/to/ace/examples (where the include files are) ++2) copy the sdiclient.a file (same dir) into the openssh source tree. ++ ++Make sure that /var/ace contains your sdconf.rec, etc. If you installed ++SecurID client or server on a machine it should be this way already. If you ++used a non-standard install location do a "ln -s /path/to/ace/data /var/ace" ++ ++3) add --with-securid --with-pam to the configure flags. This module rides on ++the PAM authentication mechanism. ++ ++It will trigger if a user has a shell in /etc/passwd that ends with "sdshell" ++and it snags your shell the same way sdshell does. Users with other shells ++will log in as if SecurID didn't exist. ++ ++Done: ++ o Normal passcode verification ++ o Enter next token for verification ++ (use ssh -v to see the *useful* debgging messages) ++ ++ssh -v will let you know if: ++ o your code was accepted. ++ o your code was rejected. ++ o you are required to wait for the next token and enter that. ++ ++TODO: ++ o Handle PIN creation and changing (as their are by default three log in ++attempts, it should be straight forward to integrate in these additions -- ++both of these operations require exactly three user inputs.) ++ o Add sshd_config parameter to specify the VAR_ACE location (forced to ++/var/ace OR VAR_ACE environment variable now.) ++ o Make autoconf find the headers in logical places and add a long-option to ++give it a hint. I am an "autoconf idiot"... The small changes I made were ++challenging enough :) ++ ++ ++DISCLAIMER: ++ I works for me (yes, in production). If you get locked out of a production ++system becuase you replaced your sshd with this one, feeling really dumb is ++YOUR responsibility NOT mine. It is not my fault :-D ++ ++Hope this is useful! scp (and all other tools that can use ssh like rsync and ++cvs) will work now!!!! Hooray! ++ +diff -ruN openssh-2.9p1-orig/acconfig.h openssh-2.9p1/acconfig.h +--- openssh-2.9p1-orig/acconfig.h Fri Apr 6 03:15:08 2001 ++++ openssh-2.9p1/acconfig.h Sun Apr 29 21:59:59 2001 +@@ -187,6 +187,9 @@ + /* Define if you want S/Key support */ + #undef SKEY + ++/* Define if you want SecurID support */ ++#undef SECURID ++ + /* Define if you want TCP Wrappers support */ + #undef LIBWRAP + +diff -ruN openssh-2.9p1-orig/auth-pam.c openssh-2.9p1/auth-pam.c +--- openssh-2.9p1-orig/auth-pam.c Tue Apr 24 04:38:37 2001 ++++ openssh-2.9p1/auth-pam.c Sun Apr 29 21:59:59 2001 +@@ -170,7 +170,6 @@ + + return PAM_SUCCESS; + } +- + /* Called at exit to cleanly shutdown PAM */ + void do_pam_cleanup_proc(void *context) + { +@@ -213,7 +212,19 @@ + return 0; + if (*password == '\0' && options.permit_empty_passwd == 0) + return 0; +- ++#ifdef SECURID ++ if (options.securid_authentication == 1) { ++ int ret; ++ debug("Attempting SecurID authentication user \"%.100s\"", pw->pw_name); ++ ret = auth_securid_password(pw, password); ++ if (ret >= 0) ++ return ret; ++ /* Only returns < 0 if the account is not a SecurID account */ ++ /* Fall back to ordinary passwd authentication. */ ++ } else { ++ debug("SecurID disabled in server config. Using PAM."); ++ } ++#endif + __pampasswd = password; + + pamstate = INITIAL_LOGIN; +diff -ruN openssh-2.9p1-orig/auth-passwd.c openssh-2.9p1/auth-passwd.c +--- openssh-2.9p1-orig/auth-passwd.c Wed Apr 25 22:50:19 2001 ++++ openssh-2.9p1/auth-passwd.c Sun Apr 29 21:59:59 2001 +@@ -147,6 +147,15 @@ + } + #endif + ++#ifdef SECURID ++ if (options.securid_authentication == 1) { ++ int ret = auth_securid_password(pw, password); ++ if (ret >= 0) ++ return ret; ++ /* Only returns < 0 if the account is not a SecurID account */ ++ /* Fall back to ordinary passwd authentication. */ ++ } ++#endif + #ifdef WITH_AIXAUTHENTICATE + return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0); + #endif +diff -ruN openssh-2.9p1-orig/auth-securid.c openssh-2.9p1/auth-securid.c +--- openssh-2.9p1-orig/auth-securid.c Thu Jan 1 10:00:00 1970 ++++ openssh-2.9p1/auth-securid.c Sun Apr 29 21:59:59 2001 +@@ -0,0 +1,189 @@ ++/* ++ * Author: Theo Schlossnagle ++ * Copyright (c) 2000 Theo Schlossnagle ++ * All rights reserved ++ * Created: September 21, 2000 ++ * This file contains the code to process a SecurID authentication ++ * including the "next token" request. ++ */ ++ ++#include "includes.h" ++ ++RCSID("$OpenBSD: auth-securid.c,v 1.0 2000/09/21 01:39:38 jesus Exp $"); ++ ++#include "packet.h" ++#include "ssh.h" ++#include "log.h" ++#include "servconf.h" ++#include "xmalloc.h" ++ ++#ifdef WITH_AIXAUTHENTICATE ++# include ++#endif ++#ifdef HAVE_HPUX_TRUSTED_SYSTEM_PW ++# include ++# include ++#endif ++#ifdef HAVE_SHADOW_H ++# include ++#endif ++#ifdef HAVE_GETPWANAM ++# include ++# include ++# include ++#endif ++#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) ++# include "md5crypt.h" ++#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ ++ ++#ifdef SECURID ++#include "sdi_athd.h" ++#include "sdconf.h" ++#include "sdacmvls.h" ++ ++union config_record configure; ++#endif ++ ++/* ++ * Tries to authenticate the user using password. Returns true if ++ * authentication succeeds. ++ */ ++#define INBUFFLEN 256 ++ ++int ++securid_usersfile_find(const char *pw_name) ++{ ++ extern ServerOptions options; ++ FILE *inf; ++ char inbuff[INBUFFLEN]; ++ struct stat fileinfo; ++ int retval = 0; ++ ++ if(!options.securid_usersfile) { ++ error("In securid_usersfile_find() with NULL filename!"); ++ return -1; ++ } ++ if(lstat(options.securid_usersfile, &fileinfo)) { ++ error("Cannot open %s: %s", ++ options.securid_usersfile, strerror(errno)); ++ return -1; ++ } ++ if(fileinfo.st_mode & (S_IWOTH|S_IWGRP)) { ++ error("SecurIDUsersFile is writeable by group and other"); ++ return -1; ++ } ++ if(!(inf = fopen(options.securid_usersfile, "r"))) { ++ error("Cannot open %s: %s", ++ options.securid_usersfile, strerror(errno)); ++ return -1; ++ } ++ while(fgets(inbuff,INBUFFLEN-1,inf) != NULL) { ++ if(inbuff[strlen(inbuff) - 1] == '\n') ++ inbuff[strlen(inbuff) - 1] = '\0'; ++ retval = !strcmp(inbuff,pw_name); ++ if(retval) break; ++ } ++ fclose(inf); ++ if(retval) return 1; ++ debug2("Failed to find %s in %s", ++ pw_name, options.securid_usersfile); ++ return 0; ++} ++int ++auth_securid_password(struct passwd * pw, const char *password) ++{ ++ static int state = 0; /* This tells us where we expect a ++ 0 "PIN" ++ 1 "Next Token" ++ */ ++ int doauth; ++ char *ecp; ++ extern ServerOptions options; ++#ifndef SECURID ++ return -1; ++#else ++ /* Add static for the nexttoken case -- Anders Olsen 20010409 */ ++ static struct SD_CLIENT sd_dat, *sd; ++ ++ /* Check for users with no sdshell and pass them by. */ ++ if(options.securid_usersfile) { ++ doauth = securid_usersfile_find(pw->pw_name); ++ if(doauth == 0) { /* file is there, user is not */ ++ if(options.allow_nonsecurid) return -1; ++ return 0; ++ } else if(doauth < 0) { /* File not there or bad perms! */ ++ error("Failing SecurID login attempt"); ++ return 0; /* Fail */ ++ } ++ } else { ++ /* No users securid_usersfile ++ so use shells that end in sdshell */ ++ if (!((ecp = strstr(pw->pw_shell, "sdshell")) && ++ (*(ecp+8)=='\0'))) ++ if(options.allow_nonsecurid) return -1; ++ else ++ return 0; ++ } ++ /* sd_check on with an empty password causes segfault against some ++ versions of sdiclient -- Anders Olsen 20010409 */ ++ if (*password == '\0') { ++ debug2("auth_securid_password: empty password, skipping"); ++ return 0; ++ } ++ /* Don't reopen session to securid-server is nexttoken ++ -- Adres Olsen 20010410 */ ++ if (state == 0) { ++ int ret; ++ memset(&sd_dat, 0, sizeof(sd_dat)); /* clear struct */ ++ sd = &sd_dat; ++ ++ if(creadcfg()) { ++ /* Can't read sdconf.rec! Gotta bail */ ++ packet_send_debug("Couldn't read sdconf.rec."); ++ if(options.securid_fallback) return -1; ++ return 0; ++ } ++ if(sd_init(sd)) { ++ /* Can't establish client/server comms! Gotta bail */ ++ packet_send_debug("Couldn't establish client/server communications."); ++ if(options.securid_fallback) return -1; ++ return 0; ++ } ++ /* Auth PIN... */ ++ ret = sd_check(password, pw->pw_name, sd); ++ if(ret == ACM_OK) { ++ goto success; ++ } ++ if(ret == ACM_ACCESS_DENIED) { ++ packet_send_debug("SecurID passcode rejected."); ++ return 0; /* Failed! */ ++ } ++ if(ret == ACM_NEXT_CODE_REQUIRED) { ++ packet_send_debug("SecurID needs next token."); ++ state = 1; /* Process next try as sd_next */ ++ return 0; /* Fail, so ssh will prmpt again */ ++ } ++ } else { ++ /* Auth next token... */ ++ int ret; ++ state = 0; /* Set back to PIN mode */ ++ ret = sd_next(password, sd); ++ if(ret == ACM_OK) { ++ goto success; ++ } ++ packet_send_debug("SecurID passcode rejected."); ++ return 0; /* Failed */ ++ } ++ packet_send_debug("Unhandled sdcheck() return code."); ++ return 0; /* Failed! */ ++ ++success: ++ /* We don't free pw->pw_shell here, becuase we don't know how it was ++ allocated... Besides it is a very small, one-time leak if we did ++ need to free it. */ ++ if(!options.securid_ignore_shell) ++ pw->pw_shell = strdup(sd->shell); ++ packet_send_debug("SecurID passcode accepted."); ++ return 1; /* Success */ ++#endif ++} +diff -ruN openssh-2.9p1-orig/config.h.in openssh-2.9p1/config.h.in +--- openssh-2.9p1-orig/config.h.in Sun Apr 29 21:49:45 2001 ++++ openssh-2.9p1/config.h.in Sun Apr 29 22:00:53 2001 +@@ -193,6 +193,9 @@ + /* Define if you want S/Key support */ + #undef SKEY + ++/* Define if you want SecurID support */ ++#undef SECURID ++ + /* Define if you want TCP Wrappers support */ + #undef LIBWRAP + +diff -ruN openssh-2.9p1-orig/configure openssh-2.9p1/configure +--- openssh-2.9p1-orig/configure Sun Apr 29 21:49:46 2001 ++++ openssh-2.9p1/configure Sun Apr 29 22:00:56 2001 +@@ -24,6 +24,8 @@ + ac_help="$ac_help + --with-skey=PATH Enable S/Key support" + ac_help="$ac_help ++ --with-securid Enable SecurID support" ++ac_help="$ac_help + --with-tcp-wrappers Enable tcpwrappers support" + ac_help="$ac_help + --with-pam Enable PAM support " +@@ -599,7 +601,7 @@ + # Extract the first word of "gcc", so it can be a program name with args. + set dummy gcc; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:603: checking for $ac_word" >&5 ++echo "configure:605: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -629,7 +631,7 @@ + # Extract the first word of "cc", so it can be a program name with args. + set dummy cc; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:633: checking for $ac_word" >&5 ++echo "configure:635: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -680,7 +682,7 @@ + # Extract the first word of "cl", so it can be a program name with args. + set dummy cl; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:684: checking for $ac_word" >&5 ++echo "configure:686: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -712,7 +714,7 @@ + fi + + echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 +-echo "configure:716: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 ++echo "configure:718: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 + + ac_ext=c + # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +@@ -723,12 +725,12 @@ + + cat > conftest.$ac_ext << EOF + +-#line 727 "configure" ++#line 729 "configure" + #include "confdefs.h" + + main(){return(0);} + EOF +-if { (eval echo configure:732: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:734: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + ac_cv_prog_cc_works=yes + # If we can't run a trivial program, we are probably using a cross compiler. + if (./conftest; exit) 2>/dev/null; then +@@ -754,12 +756,12 @@ + { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } + fi + echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 +-echo "configure:758: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 ++echo "configure:760: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 + echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 + cross_compiling=$ac_cv_prog_cc_cross + + echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 +-echo "configure:763: checking whether we are using GNU C" >&5 ++echo "configure:765: checking whether we are using GNU C" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -768,7 +770,7 @@ + yes; + #endif + EOF +-if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:772: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then ++if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:774: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then + ac_cv_prog_gcc=yes + else + ac_cv_prog_gcc=no +@@ -787,7 +789,7 @@ + ac_save_CFLAGS="$CFLAGS" + CFLAGS= + echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 +-echo "configure:791: checking whether ${CC-cc} accepts -g" >&5 ++echo "configure:793: checking whether ${CC-cc} accepts -g" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -844,7 +846,7 @@ + fi + + echo $ac_n "checking host system type""... $ac_c" 1>&6 +-echo "configure:848: checking host system type" >&5 ++echo "configure:850: checking host system type" >&5 + + host_alias=$host + case "$host_alias" in +@@ -865,14 +867,14 @@ + echo "$ac_t""$host" 1>&6 + + echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 +-echo "configure:869: checking whether byte ordering is bigendian" >&5 ++echo "configure:871: checking whether byte ordering is bigendian" >&5 + if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + ac_cv_c_bigendian=unknown + # See if sys/param.h defines the BYTE_ORDER macro. + cat > conftest.$ac_ext < + #include +@@ -883,11 +885,11 @@ + #endif + ; return 0; } + EOF +-if { (eval echo configure:887: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:889: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + # It does; now see whether it defined to BIG_ENDIAN or not. + cat > conftest.$ac_ext < + #include +@@ -898,7 +900,7 @@ + #endif + ; return 0; } + EOF +-if { (eval echo configure:902: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:904: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_bigendian=yes + else +@@ -918,7 +920,7 @@ + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:937: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_c_bigendian=no + else +@@ -957,7 +959,7 @@ + + # Checks for programs. + echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 +-echo "configure:961: checking how to run the C preprocessor" >&5 ++echo "configure:963: checking how to run the C preprocessor" >&5 + # On Suns, sometimes $CPP names a directory. + if test -n "$CPP" && test -d "$CPP"; then + CPP= +@@ -972,13 +974,13 @@ + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. + cat > conftest.$ac_ext < + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:982: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:984: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +@@ -989,13 +991,13 @@ + rm -rf conftest* + CPP="${CC-cc} -E -traditional-cpp" + cat > conftest.$ac_ext < + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:999: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1001: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +@@ -1006,13 +1008,13 @@ + rm -rf conftest* + CPP="${CC-cc} -nologo -E" + cat > conftest.$ac_ext < + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1016: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1018: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +@@ -1039,7 +1041,7 @@ + # Extract the first word of "ranlib", so it can be a program name with args. + set dummy ranlib; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1043: checking for $ac_word" >&5 ++echo "configure:1045: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1078,7 +1080,7 @@ + # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" + # ./install, which can be erroneously created by make from ./install.sh. + echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 +-echo "configure:1082: checking for a BSD compatible install" >&5 ++echo "configure:1084: checking for a BSD compatible install" >&5 + if test -z "$INSTALL"; then + if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1133,7 +1135,7 @@ + # Extract the first word of "ar", so it can be a program name with args. + set dummy ar; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1137: checking for $ac_word" >&5 ++echo "configure:1139: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_AR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1170,7 +1172,7 @@ + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1174: checking for $ac_word" >&5 ++echo "configure:1176: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1209,7 +1211,7 @@ + # Extract the first word of "ent", so it can be a program name with args. + set dummy ent; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1213: checking for $ac_word" >&5 ++echo "configure:1215: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_ENT'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1247,7 +1249,7 @@ + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1251: checking for $ac_word" >&5 ++echo "configure:1253: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_FILEPRIV'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1286,7 +1288,7 @@ + # Extract the first word of "bash", so it can be a program name with args. + set dummy bash; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1290: checking for $ac_word" >&5 ++echo "configure:1292: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_TEST_MINUS_S_SH'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1321,7 +1323,7 @@ + # Extract the first word of "ksh", so it can be a program name with args. + set dummy ksh; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1325: checking for $ac_word" >&5 ++echo "configure:1327: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_TEST_MINUS_S_SH'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1356,7 +1358,7 @@ + # Extract the first word of "sh", so it can be a program name with args. + set dummy sh; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1360: checking for $ac_word" >&5 ++echo "configure:1362: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_TEST_MINUS_S_SH'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1404,7 +1406,7 @@ + # Extract the first word of "login", so it can be a program name with args. + set dummy login; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:1408: checking for $ac_word" >&5 ++echo "configure:1410: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_path_LOGIN_PROGRAM_FALLBACK'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -1451,21 +1453,21 @@ + + # C Compiler features + echo $ac_n "checking for inline""... $ac_c" 1>&6 +-echo "configure:1455: checking for inline" >&5 ++echo "configure:1457: checking for inline" >&5 + if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + ac_cv_c_inline=no + for ac_kw in inline __inline__ __inline; do + cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1471: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_inline=$ac_kw; break + else +@@ -1504,12 +1506,12 @@ + blibpath="/usr/lib:/lib:/usr/local/lib" + fi + echo $ac_n "checking for authenticate""... $ac_c" 1>&6 +-echo "configure:1508: checking for authenticate" >&5 ++echo "configure:1510: checking for authenticate" >&5 + if eval "test \"`echo '$''{'ac_cv_func_authenticate'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1538: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_authenticate=yes" + else +@@ -1671,12 +1673,12 @@ + EOF + + echo $ac_n "checking for jlimit_startjob""... $ac_c" 1>&6 +-echo "configure:1675: checking for jlimit_startjob" >&5 ++echo "configure:1677: checking for jlimit_startjob" >&5 + if eval "test \"`echo '$''{'ac_cv_func_jlimit_startjob'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1705: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_jlimit_startjob=yes" + else +@@ -1748,7 +1750,7 @@ + + SONY=1 + echo $ac_n "checking for xatexit in -liberty""... $ac_c" 1>&6 +-echo "configure:1752: checking for xatexit in -liberty" >&5 ++echo "configure:1754: checking for xatexit in -liberty" >&5 + ac_lib_var=`echo iberty'_'xatexit | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1756,7 +1758,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-liberty $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1773: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1834,7 +1836,7 @@ + # hardwire lastlog location (can't detect it on some versions) + conf_lastlog_location="/var/adm/lastlog" + echo $ac_n "checking for obsolete utmp and wtmp in solaris2.x""... $ac_c" 1>&6 +-echo "configure:1838: checking for obsolete utmp and wtmp in solaris2.x" >&5 ++echo "configure:1840: checking for obsolete utmp and wtmp in solaris2.x" >&5 + sol2ver=`echo "$host"| sed -e 's/.*[0-9]\.//'` + if test "$sol2ver" -ge 8; then + echo "$ac_t""yes" 1>&6 +@@ -1855,12 +1857,12 @@ + for ac_func in getpwanam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:1859: checking for $ac_func" >&5 ++echo "configure:1861: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1889: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -2007,12 +2009,12 @@ + for ac_func in getluid setluid + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:2011: checking for $ac_func" >&5 ++echo "configure:2013: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2041: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -2086,12 +2088,12 @@ + for ac_func in getluid setluid + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:2090: checking for $ac_func" >&5 ++echo "configure:2092: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2120: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -2143,7 +2145,7 @@ + *-dec-osf*) + if test ! -z "USE_SIA" ; then + echo $ac_n "checking for Digital Unix Security Integration Architecture""... $ac_c" 1>&6 +-echo "configure:2147: checking for Digital Unix Security Integration Architecture" >&5 ++echo "configure:2149: checking for Digital Unix Security Integration Architecture" >&5 + if test -f /etc/sia/matrix.conf; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +@@ -2214,7 +2216,7 @@ + + + echo $ac_n "checking for pcre_info in -lpcre""... $ac_c" 1>&6 +-echo "configure:2218: checking for pcre_info in -lpcre" >&5 ++echo "configure:2220: checking for pcre_info in -lpcre" >&5 + ac_lib_var=`echo pcre'_'pcre_info | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -2222,7 +2224,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lpcre $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2239: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -2270,7 +2272,7 @@ + # Checks for libraries. + if test -z "$no_libnsl" ; then + echo $ac_n "checking for yp_match in -lnsl""... $ac_c" 1>&6 +-echo "configure:2274: checking for yp_match in -lnsl" >&5 ++echo "configure:2276: checking for yp_match in -lnsl" >&5 + ac_lib_var=`echo nsl'_'yp_match | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -2278,7 +2280,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lnsl $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2295: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -2319,7 +2321,7 @@ + fi + if test -z "$no_libsocket" ; then + echo $ac_n "checking for main in -lsocket""... $ac_c" 1>&6 +-echo "configure:2323: checking for main in -lsocket" >&5 ++echo "configure:2325: checking for main in -lsocket" >&5 + ac_lib_var=`echo socket'_'main | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -2327,14 +2329,14 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsocket $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2340: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -2364,7 +2366,7 @@ + fi + + echo $ac_n "checking for innetgr in -lrpc""... $ac_c" 1>&6 +-echo "configure:2368: checking for innetgr in -lrpc" >&5 ++echo "configure:2370: checking for innetgr in -lrpc" >&5 + ac_lib_var=`echo rpc'_'innetgr | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -2372,7 +2374,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lrpc -lyp -lrpc $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2389: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -2405,7 +2407,7 @@ + + + echo $ac_n "checking for getspnam in -lgen""... $ac_c" 1>&6 +-echo "configure:2409: checking for getspnam in -lgen" >&5 ++echo "configure:2411: checking for getspnam in -lgen" >&5 + ac_lib_var=`echo gen'_'getspnam | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -2413,7 +2415,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lgen $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2430: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -2445,7 +2447,7 @@ + fi + + echo $ac_n "checking for deflate in -lz""... $ac_c" 1>&6 +-echo "configure:2449: checking for deflate in -lz" >&5 ++echo "configure:2451: checking for deflate in -lz" >&5 + ac_lib_var=`echo z'_'deflate | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -2453,7 +2455,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lz $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2470: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -2493,7 +2495,7 @@ + fi + + echo $ac_n "checking for login in -lutil""... $ac_c" 1>&6 +-echo "configure:2497: checking for login in -lutil" >&5 ++echo "configure:2499: checking for login in -lutil" >&5 + ac_lib_var=`echo util'_'login | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -2501,7 +2503,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lutil $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2518: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -2539,12 +2541,12 @@ + # We don't want to check if we did an pcre override. + if test -z "$no_comp_check" ; then + echo $ac_n "checking for regcomp""... $ac_c" 1>&6 +-echo "configure:2543: checking for regcomp" >&5 ++echo "configure:2545: checking for regcomp" >&5 + if eval "test \"`echo '$''{'ac_cv_func_regcomp'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2573: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_regcomp=yes" + else +@@ -2589,7 +2591,7 @@ + echo "$ac_t""no" 1>&6 + + echo $ac_n "checking for pcre_info in -lpcre""... $ac_c" 1>&6 +-echo "configure:2593: checking for pcre_info in -lpcre" >&5 ++echo "configure:2595: checking for pcre_info in -lpcre" >&5 + ac_lib_var=`echo pcre'_'pcre_info | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -2597,7 +2599,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lpcre $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2614: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -2644,12 +2646,12 @@ + fi + + echo $ac_n "checking for strcasecmp""... $ac_c" 1>&6 +-echo "configure:2648: checking for strcasecmp" >&5 ++echo "configure:2650: checking for strcasecmp" >&5 + if eval "test \"`echo '$''{'ac_cv_func_strcasecmp'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2678: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_strcasecmp=yes" + else +@@ -2690,7 +2692,7 @@ + else + echo "$ac_t""no" 1>&6 + echo $ac_n "checking for strcasecmp in -lresolv""... $ac_c" 1>&6 +-echo "configure:2694: checking for strcasecmp in -lresolv" >&5 ++echo "configure:2696: checking for strcasecmp in -lresolv" >&5 + ac_lib_var=`echo resolv'_'strcasecmp | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -2698,7 +2700,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lresolv $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2715: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -2733,12 +2735,12 @@ + fi + + echo $ac_n "checking for utimes""... $ac_c" 1>&6 +-echo "configure:2737: checking for utimes" >&5 ++echo "configure:2739: checking for utimes" >&5 + if eval "test \"`echo '$''{'ac_cv_func_utimes'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2767: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_utimes=yes" + else +@@ -2779,7 +2781,7 @@ + else + echo "$ac_t""no" 1>&6 + echo $ac_n "checking for utimes in -lc89""... $ac_c" 1>&6 +-echo "configure:2783: checking for utimes in -lc89" >&5 ++echo "configure:2785: checking for utimes in -lc89" >&5 + ac_lib_var=`echo c89'_'utimes | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -2787,7 +2789,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lc89 $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2804: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -2823,12 +2825,12 @@ + + + echo $ac_n "checking for strftime""... $ac_c" 1>&6 +-echo "configure:2827: checking for strftime" >&5 ++echo "configure:2829: checking for strftime" >&5 + if eval "test \"`echo '$''{'ac_cv_func_strftime'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2857: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_strftime=yes" + else +@@ -2873,7 +2875,7 @@ + echo "$ac_t""no" 1>&6 + # strftime is in -lintl on SCO UNIX. + echo $ac_n "checking for strftime in -lintl""... $ac_c" 1>&6 +-echo "configure:2877: checking for strftime in -lintl" >&5 ++echo "configure:2879: checking for strftime in -lintl" >&5 + ac_lib_var=`echo intl'_'strftime | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -2881,7 +2883,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lintl $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:2898: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -2924,17 +2926,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2928: checking for $ac_hdr" >&5 ++echo "configure:2930: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2938: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2940: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2963,9 +2965,9 @@ + + # Check for ALTDIRFUNC glob() extension + echo $ac_n "checking for GLOB_ALTDIRFUNC support""... $ac_c" 1>&6 +-echo "configure:2967: checking for GLOB_ALTDIRFUNC support" >&5 ++echo "configure:2969: checking for GLOB_ALTDIRFUNC support" >&5 + cat > conftest.$ac_ext < +@@ -2996,9 +2998,9 @@ + + # Check for g.gl_matchc glob() extension + echo $ac_n "checking for gl_matchc field in glob_t""... $ac_c" 1>&6 +-echo "configure:3000: checking for gl_matchc field in glob_t" >&5 ++echo "configure:3002: checking for gl_matchc field in glob_t" >&5 + cat > conftest.$ac_ext < +@@ -3026,12 +3028,12 @@ + + + echo $ac_n "checking whether struct dirent allocates space for d_name""... $ac_c" 1>&6 +-echo "configure:3030: checking whether struct dirent allocates space for d_name" >&5 ++echo "configure:3032: checking whether struct dirent allocates space for d_name" >&5 + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } + else + cat > conftest.$ac_ext < +@@ -3039,7 +3041,7 @@ + int main(void){struct dirent d;return(sizeof(d.d_name)<=sizeof(char));} + + EOF +-if { (eval echo configure:3043: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:3045: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + echo "$ac_t""yes" 1>&6 + else +@@ -3080,12 +3082,12 @@ + SKEY_MSG="yes" + + echo $ac_n "checking for skey_keyinfo""... $ac_c" 1>&6 +-echo "configure:3084: checking for skey_keyinfo" >&5 ++echo "configure:3086: checking for skey_keyinfo" >&5 + if eval "test \"`echo '$''{'ac_cv_func_skey_keyinfo'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3114: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_skey_keyinfo=yes" + else +@@ -3135,6 +3137,55 @@ + + fi + ++SECURID_MSG="no" ++# Check whether --with-securid or --without-securid was given. ++if test "${with_securid+set}" = set; then ++ withval="$with_securid" ++ ++ if test "x$withval" != "xno" ; then ++ saved_LIBS="$LIBS" ++ LIBS="$LIBS sdiclient.a" ++ echo $ac_n "checking for sdiclient.a""... $ac_c" 1>&6 ++echo "configure:3150: checking for sdiclient.a" >&5 ++ cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++ rm -rf conftest* ++ ++ echo "$ac_t""yes" 1>&6 ++ cat >> confdefs.h <<\EOF ++#define SECURID 1 ++EOF ++ ++ SECURID_MSG="yes" ++ ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -rf conftest* ++ ++ { echo "configure: error: *** sdiclient.a missing" 1>&2; exit 1; } ++ ++ ++fi ++rm -f conftest* ++ fi ++ ++ ++fi ++ + + # Check whether user wants TCP wrappers support + TCPW_MSG="no" +@@ -3146,9 +3197,9 @@ + saved_LIBS="$LIBS" + LIBS="-lwrap $LIBS" + echo $ac_n "checking for libwrap""... $ac_c" 1>&6 +-echo "configure:3150: checking for libwrap" >&5 ++echo "configure:3201: checking for libwrap" >&5 + cat > conftest.$ac_ext < +@@ -3158,7 +3209,7 @@ + hosts_access(0); + ; return 0; } + EOF +-if { (eval echo configure:3162: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3213: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + + echo "$ac_t""yes" 1>&6 +@@ -3187,12 +3238,12 @@ + for ac_func in arc4random atexit b64_ntop bcopy bindresvport_sa clock fchown fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent getusershell glob inet_aton inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv setegid seteuid setlogin setproctitle setresgid setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy strmode strsep strtok_r sysconf tcgetpgrp utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:3191: checking for $ac_func" >&5 ++echo "configure:3242: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3270: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -3242,12 +3293,12 @@ + for ac_func in gettimeofday time + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:3246: checking for $ac_func" >&5 ++echo "configure:3297: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3325: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -3298,17 +3349,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:3302: checking for $ac_hdr" >&5 ++echo "configure:3353: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:3312: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:3363: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -3337,12 +3388,12 @@ + for ac_func in login logout updwtmp logwtmp + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:3341: checking for $ac_func" >&5 ++echo "configure:3392: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3420: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -3392,12 +3443,12 @@ + for ac_func in endutent getutent getutid getutline pututline setutent + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:3396: checking for $ac_func" >&5 ++echo "configure:3447: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3475: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -3447,12 +3498,12 @@ + for ac_func in utmpname + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:3451: checking for $ac_func" >&5 ++echo "configure:3502: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3530: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -3502,12 +3553,12 @@ + for ac_func in endutxent getutxent getutxid getutxline pututxline + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:3506: checking for $ac_func" >&5 ++echo "configure:3557: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3585: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -3557,12 +3608,12 @@ + for ac_func in setutxent utmpxname + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:3561: checking for $ac_func" >&5 ++echo "configure:3612: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3640: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -3611,12 +3662,12 @@ + + + echo $ac_n "checking for getuserattr""... $ac_c" 1>&6 +-echo "configure:3615: checking for getuserattr" >&5 ++echo "configure:3666: checking for getuserattr" >&5 + if eval "test \"`echo '$''{'ac_cv_func_getuserattr'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3694: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_getuserattr=yes" + else +@@ -3660,7 +3711,7 @@ + else + echo "$ac_t""no" 1>&6 + echo $ac_n "checking for getuserattr in -ls""... $ac_c" 1>&6 +-echo "configure:3664: checking for getuserattr in -ls" >&5 ++echo "configure:3715: checking for getuserattr in -ls" >&5 + ac_lib_var=`echo s'_'getuserattr | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -3668,7 +3719,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-ls $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3734: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -3707,12 +3758,12 @@ + + + echo $ac_n "checking for login""... $ac_c" 1>&6 +-echo "configure:3711: checking for login" >&5 ++echo "configure:3762: checking for login" >&5 + if eval "test \"`echo '$''{'ac_cv_func_login'+set}'`\" = set"; then + echo $ac_n "(cached) $