Scott Case | 2 Apr 04:35 2013

segfault RH EL5 /dev/urandom read-only

I just built the 2013.56 release and am receiving segfaults on startup.  The offending line is the fwrite() in random.c in write_urandom().

Our RHEL 5 servers appear to have /dev/urandom as read-only.  I am guessing that is likely the root cause.

 

Commenting out the internals of write_urandom() stopped the segfault. 

 

Maybe a build flag to avoid writing to /dev/urandom would be appropriate for some platforms?

 

Thanks,

Scott

 

Frank Van Uffelen | 28 Mar 17:51 2013
Picon

scp issue in 0.56

Hello, I think I've found a problem in the scp implementation in 0.56:  lines 233-235 of scp.c say:

#ifdef USE_VFORK
                arg_setup(host, remuser, cmd);
#endif

and IMO it should be

#ifndef USE_VFORK
                arg_setup(host, remuser, cmd);
#endif

which would correspond to the logic in previous releases.  As it is now, dbclient will complain and show its help because arg_setup is never executed on systems using a regular fork() call.

Do you agree?

Best regards,


Frank Van Uffelen

Mattias Walström | 27 Mar 16:24 2013
Picon

Timeout dead connections

Hi!
I am running dropbear 2013.56, connecting to the server with a PC but
not performing a clean close (I pulled my ethernet cable), this caused
dropbear to never drop its connection.

Looking at the utmp entries, I could see that the connection never got dropped,
the utmp entries was kept forever, and running with debug indicates that also.

Tried to use -K to send keepalive, but it just keeps sending keepalives to the peer,
even it is no longer there, and not possible to reach. Shouldn't
the connection be dropped if the keepalive does not reach its destination?

I know there is the -I option, but that does not really do what I want,
I want the connection to be tear down when the peer is unreachable, not
when the user has been idle for a while.

Regards
  Mattias

Mike Frysinger | 23 Mar 08:07 2013
Picon

[PATCH] rename configure.in -> configure.ac

# HG changeset patch
# User Mike Frysinger <vapier <at> gentoo.org>
# Date 1364022466 14400
# Node ID 43d1ef763b32a83d3bbd52720a754c9d5231a122
# Parent  07c3eff1abdaf14173330e3b17657ad46474064c
rename configure.in -> configure.ac

Latest autotools warn now if the file is named configure.in

diff -r 07c3eff1abda -r 43d1ef763b32 configure.ac
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/configure.ac	Sat Mar 23 03:07:46 2013 -0400
 <at>  <at>  -0,0 +1,702  <at>  <at> 
+#                                               -*- Autoconf -*-
+# Process this file with autoconf and autoheader to produce a configure script.
+
+# This Autoconf file was cobbled from various locations. In particular, a bunch
+# of the platform checks have been taken straight from OpenSSH's configure.ac
+# Huge thanks to them for dealing with the horrible platform-specifics :)
+
+AC_PREREQ(2.50)
+AC_INIT(buffer.c)
+
+OLDCFLAGS=$CFLAGS
+# Checks for programs.
+AC_PROG_CC
+AC_PROG_MAKE_SET
+
+if test -z "$LD" ; then
+	LD=$CC
+fi
+AC_SUBST(LD)	
+
+if test -z "$OLDCFLAGS" && test "$GCC" = "yes"; then
+	AC_MSG_NOTICE(No \$CFLAGS set... using "-Os -W -Wall" for GCC)
+	CFLAGS="-Os -W -Wall"
+fi
+
+# large file support is useful for scp
+AC_USE_SYSTEM_EXTENSIONS
+
+# Host specific options
+# this isn't a definitive list of hosts, they are just added as required
+AC_CANONICAL_HOST
+
+case "$host" in
+
+*-*-linux*)
+	no_ptmx_check=1
+	;;
+
+*-*-solaris*)
+	CFLAGS="$CFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
+	conf_lastlog_location="/var/adm/lastlog"
+	AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
+	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
+	if test "$sol2ver" -ge 8; then
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(DISABLE_UTMP,,Disable utmp)
+		AC_DEFINE(DISABLE_WTMP,,Disable wtmp)
+	else
+		AC_MSG_RESULT(no)
+	fi
+	AC_CHECK_LIB(socket, socket, LIBS="$LIBS -lsocket")
+	AC_CHECK_LIB(nsl, yp_match, LIBS="$LIBS -lnsl")
+	;;
+
+*-*-aix*)
+	AC_DEFINE(AIX,,Using AIX)
+	# OpenSSH thinks it's broken. If it isn't, let me know.
+	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
+	;;
+	
+*-*-hpux*)
+	LIBS="$LIBS -lsec"
+	# It's probably broken.
+	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
+	;;
+*-dec-osf*)
+	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
+	;;
+esac
+
+AC_CHECK_TOOL(AR, ar, :)
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+AC_CHECK_TOOL(STRIP, strip, :)
+AC_CHECK_TOOL(INSTALL, install, :)
+
+dnl Can't use login() or logout() with uclibc
+AC_CHECK_DECL(__UCLIBC__, 
+	[
+	no_loginfunc_check=1
+	AC_MSG_NOTICE([Using uClibc - login() and logout() probably don't work, so we won't use them.])
+	],,,)
+
+# Checks for libraries.
+AC_CHECK_LIB(crypt, crypt, CRYPTLIB="-lcrypt")
+AC_SUBST(CRYPTLIB)	
+
+# Check if zlib is needed
+AC_ARG_WITH(zlib,
+	[  --with-zlib=PATH        Use zlib in PATH],
+	[
+		# option is given
+		if test -d "$withval/lib"; then
+			LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+		else
+			LDFLAGS="-L${withval} ${LDFLAGS}"
+		fi
+		if test -d "$withval/include"; then
+			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+		else
+			CPPFLAGS="-I${withval} ${CPPFLAGS}"
+		fi
+	]
+)
+
+AC_ARG_ENABLE(zlib,
+	[  --disable-zlib          Don't include zlib support],
+	[
+		if test "x$enableval" = "xno"; then
+			AC_DEFINE(DISABLE_ZLIB,, Use zlib)
+			AC_MSG_NOTICE(Disabling zlib)
+		else
+			AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***]))
+			AC_MSG_NOTICE(Enabling zlib)
+		fi
+	],
+	[
+		# if not disabled, check for zlib
+		AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***]))
+		AC_MSG_NOTICE(Enabling zlib)
+	]
+)
+
+# Check if pam is needed
+AC_ARG_WITH(pam,
+	[  --with-pam=PATH        Use pam in PATH],
+	[
+		# option is given
+		if test -d "$withval/lib"; then
+			LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+		else
+			LDFLAGS="-L${withval} ${LDFLAGS}"
+		fi
+		if test -d "$withval/include"; then
+			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+		else
+			CPPFLAGS="-I${withval} ${CPPFLAGS}"
+		fi
+	]
+)
+
+
+AC_ARG_ENABLE(pam,
+	[  --enable-pam          Try to include PAM support],
+	[
+		if test "x$enableval" = "xyes"; then
+			AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check
config.log ***]))
+			AC_MSG_NOTICE(Enabling PAM)
+			AC_CHECK_FUNCS(pam_fail_delay)
+		else
+			AC_DEFINE(DISABLE_PAM,, Use PAM)
+			AC_MSG_NOTICE(Disabling PAM)
+		fi
+	],
+	[
+		# disable it by default
+		AC_DEFINE(DISABLE_PAM,, Use PAM)
+		AC_MSG_NOTICE(Disabling PAM)
+	]
+)
+
+AC_ARG_ENABLE(openpty,
+	[  --disable-openpty       Don't use openpty, use alternative method],
+	[
+		if test "x$enableval" = "xno"; then
+			AC_MSG_NOTICE(Not using openpty)
+		else
+			AC_MSG_NOTICE(Using openpty if available)
+			AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
+		fi
+	],
+	[
+		AC_MSG_NOTICE(Using openpty if available)
+		AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
+	]
+)
+		
+
+AC_ARG_ENABLE(syslog,
+	[  --disable-syslog        Don't include syslog support],
+	[
+		if test "x$enableval" = "xno"; then
+			AC_DEFINE(DISABLE_SYSLOG,, Using syslog)
+			AC_MSG_NOTICE(Disabling syslog)
+		else
+			AC_MSG_NOTICE(Enabling syslog)
+		fi
+	],
+	[
+		AC_MSG_NOTICE(Enabling syslog)
+	]
+)
+
+AC_ARG_ENABLE(shadow,
+	[  --disable-shadow        Don't use shadow passwords (if available)],
+	[
+		if test "x$enableval" = "xno"; then
+			AC_MSG_NOTICE(Not using shadow passwords)
+		else
+			AC_CHECK_HEADERS([shadow.h])
+			AC_MSG_NOTICE(Using shadow passwords if available)
+		fi
+	],
+	[
+		AC_CHECK_HEADERS([shadow.h])
+		AC_MSG_NOTICE(Using shadow passwords if available)
+	]
+)
+			
+
+# Checks for header files.
+AC_HEADER_STDC
+AC_HEADER_SYS_WAIT
+AC_CHECK_HEADERS([fcntl.h limits.h netinet/in.h netinet/tcp.h stdlib.h string.h sys/socket.h
sys/time.h termios.h unistd.h crypt.h pty.h ioctl.h libutil.h libgen.h inttypes.h stropts.h utmp.h
utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h pam/pam_appl.h netinet/in_systm.h])
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_C_CONST
+AC_TYPE_UID_T
+AC_TYPE_MODE_T
+AC_TYPE_PID_T
+AC_TYPE_SIZE_T
+AC_HEADER_TIME
+
+AC_CHECK_TYPES([uint16_t, u_int16_t, struct sockaddr_storage])
+AC_CHECK_TYPE([socklen_t], ,[
+	AC_MSG_CHECKING([for socklen_t equivalent])
+	AC_CACHE_VAL([curl_cv_socklen_t_equiv],
+	[
+	# Systems have either "struct sockaddr *" or
+	# "void *" as the second argument to getpeername
+	curl_cv_socklen_t_equiv=
+	for arg2 in "struct sockaddr" void; do
+		for t in int size_t unsigned long "unsigned long"; do
+		AC_TRY_COMPILE([
+			#include <sys/types.h>
+			#include <sys/socket.h>
+
+			int getpeername (int, $arg2 *, $t *);
+		],[
+			$t len;
+			getpeername(0,0,&len);
+		],[
+			curl_cv_socklen_t_equiv="$t"
+			break
+		])
+		done
+	done
+
+	if test "x$curl_cv_socklen_t_equiv" = x; then
+		AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
+	fi
+	])
+	AC_MSG_RESULT($curl_cv_socklen_t_equiv)
+	AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
+			[type to use in place of socklen_t if not defined])],
+	[#include <sys/types.h>
+	#include <sys/socket.h>])
+
+# for the fake-rfc2553 stuff - straight from OpenSSH
+
+AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+#include <sys/socket.h>
+		],
+		[ struct sockaddr_storage s; ],
+		[ ac_cv_have_struct_sockaddr_storage="yes" ],
+		[ ac_cv_have_struct_sockaddr_storage="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
+fi
+
+AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+#include <netinet/in.h>
+		],
+		[ struct sockaddr_in6 s; s.sin6_family = 0; ],
+		[ ac_cv_have_struct_sockaddr_in6="yes" ],
+		[ ac_cv_have_struct_sockaddr_in6="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6,,Have struct sockaddr_in6)
+fi
+
+AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+#include <netinet/in.h>
+		],
+		[ struct in6_addr s; s.s6_addr[0] = 0; ],
+		[ ac_cv_have_struct_in6_addr="yes" ],
+		[ ac_cv_have_struct_in6_addr="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_IN6_ADDR,,Have struct in6_addr)
+fi
+
+AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
+	AC_TRY_COMPILE(
+		[
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+		],
+		[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
+		[ ac_cv_have_struct_addrinfo="yes" ],
+		[ ac_cv_have_struct_addrinfo="no" ]
+	)
+])
+if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
+	AC_DEFINE(HAVE_STRUCT_ADDRINFO,,Have struct addrinfo)
+fi
+
+
+# IRIX has a const char return value for gai_strerror()
+AC_CHECK_FUNCS(gai_strerror,[
+	AC_DEFINE(HAVE_GAI_STRERROR)
+	AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+
+const char *gai_strerror(int);],[
+char *str;
+
+str = gai_strerror(0);],[
+		AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
+		[Define if gai_strerror() returns const char *])])])
+
+# for loginrec.c
+
+AC_CHECK_MEMBERS([struct utmp.ut_host, struct utmp.ut_pid, struct utmp.ut_type, struct
utmp.ut_tv, struct utmp.ut_id, struct utmp.ut_addr, struct utmp.ut_addr_v6, struct utmp.ut_exit,
struct utmp.ut_time],,,[
+#include <sys/types.h>
+#if HAVE_UTMP_H
+#include <utmp.h>
+#endif
+])
+
+AC_CHECK_MEMBERS([struct utmpx.ut_host, struct utmpx.ut_syslen, struct utmpx.ut_type, struct
utmpx.ut_id, struct utmpx.ut_addr, struct utmpx.ut_addr_v6, struct utmpx.ut_time, struct utmpx.ut_tv],,,[
+#include <sys/types.h>
+#include <sys/socket.h>
+#if HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+])
+
+AC_CHECK_MEMBERS([struct sockaddr_storage.ss_family],,,[
+#include <sys/types.h>
+#include <sys/socket.h>
+])
+
+AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
+AC_CHECK_FUNCS(utmpname)
+AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
+AC_CHECK_FUNCS(setutxent utmpxname)
+AC_CHECK_FUNCS(logout updwtmp logwtmp)
+
+AC_ARG_ENABLE(bundled-libtom,
+	[  --enable-bundled-libtom       Use bundled libtomcrypt/libtommath even if a system version exists],
+	[ 
+		BUNDLED_LIBTOM=1
+		AC_MSG_NOTICE(Forcing bundled libtom*)
+	],
+	[
+		BUNDLED_LIBTOM=0
+		AC_CHECK_LIB(tomcrypt, register_cipher, , BUNDLED_LIBTOM=1)
+		AC_CHECK_LIB(tommath, mp_exptmod, , BUNDLED_LIBTOM=1)
+	]
+)
+
+if test $BUNDLED_LIBTOM = 1 ; then
+	AC_DEFINE(BUNDLED_LIBTOM,,Use bundled libtom) 
+fi
+
+AC_SUBST(BUNDLED_LIBTOM)
+
+dnl Added from OpenSSH 3.6.1p2's configure.ac
+
+dnl allow user to disable some login recording features
+AC_ARG_ENABLE(lastlog,
+	[  --disable-lastlog       Disable use of lastlog even if detected [no]],
+	[ AC_DEFINE(DISABLE_LASTLOG,,Disable use of lastlog()) ]
+)
+AC_ARG_ENABLE(utmp,
+	[  --disable-utmp          Disable use of utmp even if detected [no]],
+	[ AC_DEFINE(DISABLE_UTMP,,Disable use of utmp) ]
+)
+AC_ARG_ENABLE(utmpx,
+	[  --disable-utmpx         Disable use of utmpx even if detected [no]],
+	[ AC_DEFINE(DISABLE_UTMPX,,Disable use of utmpx) ]
+)
+AC_ARG_ENABLE(wtmp,
+	[  --disable-wtmp          Disable use of wtmp even if detected [no]],
+	[ AC_DEFINE(DISABLE_WTMP,,Disable use of wtmp) ]
+)
+AC_ARG_ENABLE(wtmpx,
+	[  --disable-wtmpx         Disable use of wtmpx even if detected [no]],
+	[ AC_DEFINE(DISABLE_WTMPX,,Disable use of wtmpx) ]
+)
+AC_ARG_ENABLE(loginfunc,
+	[  --disable-loginfunc     Disable use of login() etc. [no]],
+	[ no_loginfunc_check=1
+	AC_MSG_NOTICE(Not using login() etc) ]
+)
+AC_ARG_ENABLE(pututline,
+	[  --disable-pututline     Disable use of pututline() etc. ([uw]tmp) [no]],
+	[ AC_DEFINE(DISABLE_PUTUTLINE,,Disable use of pututline()) ]
+)
+AC_ARG_ENABLE(pututxline,
+	[  --disable-pututxline    Disable use of pututxline() etc. ([uw]tmpx) [no]],
+	[ AC_DEFINE(DISABLE_PUTUTXLINE,,Disable use of pututxline()) ]
+)
+AC_ARG_WITH(lastlog,
+  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
+	[
+		if test "x$withval" = "xno" ; then	
+			AC_DEFINE(DISABLE_LASTLOG)
+		else
+			conf_lastlog_location=$withval
+		fi
+	]
+)
+
+if test -z "$no_loginfunc_check"; then
+	dnl    Checks for libutil functions (login(), logout() etc, not openpty() )
+	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN,,Have login() function)])
+	AC_CHECK_FUNCS(logout updwtmp logwtmp)
+fi
+
+dnl lastlog, [uw]tmpx? detection
+dnl  NOTE: set the paths in the platform section to avoid the
+dnl   need for command-line parameters
+dnl lastlog and [uw]tmp are subject to a file search if all else fails
+
+dnl lastlog detection
+dnl  NOTE: the code itself will detect if lastlog is a directory
+AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+#  include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+#ifdef HAVE_LOGIN_H
+# include <login.h>
+#endif
+	],
+	[ char *lastlog = LASTLOG_FILE; ],
+	[ AC_MSG_RESULT(yes) ],
+	[
+		AC_MSG_RESULT(no)
+		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
+		AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_LASTLOG_H
+#  include <lastlog.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+		],
+		[ char *lastlog = _PATH_LASTLOG; ],
+		[ AC_MSG_RESULT(yes) ],
+		[
+			AC_MSG_RESULT(no)
+			system_lastlog_path=no
+		])
+	]
+)
+
+if test -z "$conf_lastlog_location"; then
+	if test x"$system_lastlog_path" = x"no" ; then
+		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
+				if (test -d "$f" || test -f "$f") ; then
+					conf_lastlog_location=$f
+				fi
+		done
+		if test -z "$conf_lastlog_location"; then
+			AC_MSG_WARN([** Cannot find lastlog **])
+			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
+		fi
+	fi
+fi
+
+if test -n "$conf_lastlog_location"; then
+	AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location", lastlog file location)
+fi	
+
+dnl utmp detection
+AC_MSG_CHECKING([if your system defines UTMP_FILE])
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	],
+	[ char *utmp = UTMP_FILE; ],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_utmp_path=no ]
+)
+if test -z "$conf_utmp_location"; then
+	if test x"$system_utmp_path" = x"no" ; then
+		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
+			if test -f $f ; then
+				conf_utmp_location=$f
+			fi
+		done
+		if test -z "$conf_utmp_location"; then
+			AC_DEFINE(DISABLE_UTMP)
+		fi
+	fi
+fi
+if test -n "$conf_utmp_location"; then
+	AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location", utmp file location)
+fi	
+
+dnl wtmp detection
+AC_MSG_CHECKING([if your system defines WTMP_FILE])
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	],
+	[ char *wtmp = WTMP_FILE; ],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_wtmp_path=no ]
+)
+if test -z "$conf_wtmp_location"; then
+	if test x"$system_wtmp_path" = x"no" ; then
+		for f in /usr/adm/wtmp /var/log/wtmp; do
+			if test -f $f ; then
+				conf_wtmp_location=$f
+			fi
+		done
+		if test -z "$conf_wtmp_location"; then
+			AC_DEFINE(DISABLE_WTMP)
+		fi
+	fi
+fi
+if test -n "$conf_wtmp_location"; then
+	AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location", wtmp file location)
+fi	
+
+
+dnl utmpx detection - I don't know any system so perverse as to require
+dnl  utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
+dnl  there, though.
+AC_MSG_CHECKING([if your system defines UTMPX_FILE])
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	],
+	[ char *utmpx = UTMPX_FILE; ],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_utmpx_path=no ]
+)
+if test -z "$conf_utmpx_location"; then
+	if test x"$system_utmpx_path" = x"no" ; then
+		AC_DEFINE(DISABLE_UTMPX)
+	fi
+else
+	AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", utmpx file location)
+fi	
+
+dnl wtmpx detection
+AC_MSG_CHECKING([if your system defines WTMPX_FILE])
+AC_TRY_COMPILE([
+#include <sys/types.h>
+#include <utmp.h>
+#ifdef HAVE_UTMPX_H
+#include <utmpx.h>
+#endif
+#ifdef HAVE_PATHS_H
+#  include <paths.h>
+#endif
+	],
+	[ char *wtmpx = WTMPX_FILE; ],
+	[ AC_MSG_RESULT(yes) ],
+	[ AC_MSG_RESULT(no)
+	  system_wtmpx_path=no ]
+)
+if test -z "$conf_wtmpx_location"; then
+	if test x"$system_wtmpx_path" = x"no" ; then
+		AC_DEFINE(DISABLE_WTMPX)
+	fi
+else
+	AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location", wtmpx file location)
+fi	
+
+# Checks for library functions.
+AC_PROG_GCC_TRADITIONAL
+AC_FUNC_MEMCMP
+AC_FUNC_SELECT_ARGTYPES
+AC_TYPE_SIGNAL
+AC_CHECK_FUNCS([dup2 getspnam getusershell memset putenv select socket strdup clearenv strlcpy
strlcat daemon basename _getpty getaddrinfo freeaddrinfo getnameinfo fork])
+
+AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
+
+# Solaris needs ptmx
+if test -z "$no_ptmx_check" ; then
+	if test x"$cross_compiling" = x"no" ; then
+		AC_CHECK_FILE("/dev/ptmx", AC_DEFINE(USE_DEV_PTMX,,Use /dev/ptmx))
+	else
+		AC_MSG_NOTICE([Not checking for /dev/ptmx, we're cross-compiling])
+	fi
+fi
+
+if test -z "$no_ptc_check" ; then
+	if test x"$cross_compiling" = x"no" ; then
+		AC_CHECK_FILE("/dev/ptc", AC_DEFINE(HAVE_DEV_PTS_AND_PTC,,Use /dev/ptc & /dev/pts))
+	else
+		AC_MSG_NOTICE([Not checking for /dev/ptc & /dev/pts since we're cross-compiling])
+	fi
+fi
+
+AC_EXEEXT
+
+# XXX there must be a nicer way to do this
+AS_MKDIR_P(libtomcrypt/src/ciphers/aes)
+AS_MKDIR_P(libtomcrypt/src/ciphers/safer)
+AS_MKDIR_P(libtomcrypt/src/ciphers/twofish)
+AS_MKDIR_P(libtomcrypt/src/encauth/ccm)
+AS_MKDIR_P(libtomcrypt/src/encauth/eax)
+AS_MKDIR_P(libtomcrypt/src/encauth/gcm)
+AS_MKDIR_P(libtomcrypt/src/encauth/ocb)
+AS_MKDIR_P(libtomcrypt/src/hashes)
+AS_MKDIR_P(libtomcrypt/src/hashes/chc)
+AS_MKDIR_P(libtomcrypt/src/hashes/helper)
+AS_MKDIR_P(libtomcrypt/src/hashes/sha2)
+AS_MKDIR_P(libtomcrypt/src/hashes/whirl)
+AS_MKDIR_P(libtomcrypt/src/mac/hmac)
+AS_MKDIR_P(libtomcrypt/src/mac/omac)
+AS_MKDIR_P(libtomcrypt/src/mac/pelican)
+AS_MKDIR_P(libtomcrypt/src/mac/pmac)
+AS_MKDIR_P(libtomcrypt/src/mac/f9)
+AS_MKDIR_P(libtomcrypt/src/mac/xcbc)
+AS_MKDIR_P(libtomcrypt/src/math/fp)
+AS_MKDIR_P(libtomcrypt/src/misc/base64)
+AS_MKDIR_P(libtomcrypt/src/misc/crypt)
+AS_MKDIR_P(libtomcrypt/src/misc/mpi)
+AS_MKDIR_P(libtomcrypt/src/misc/pkcs5)
+AS_MKDIR_P(libtomcrypt/src/modes/cbc)
+AS_MKDIR_P(libtomcrypt/src/modes/cfb)
+AS_MKDIR_P(libtomcrypt/src/modes/ctr)
+AS_MKDIR_P(libtomcrypt/src/modes/ecb)
+AS_MKDIR_P(libtomcrypt/src/modes/ofb)
+AS_MKDIR_P(libtomcrypt/src/modes/f8)
+AS_MKDIR_P(libtomcrypt/src/modes/lrw)
+AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/bit)
+AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/choice)
+AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/ia5)
+AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/integer)
+AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/object_identifier)
+AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/octet)
+AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/printable_string)
+AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/sequence)
+AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/short_integer)
+AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/utctime)
+AS_MKDIR_P(libtomcrypt/src/pk/dh)
+AS_MKDIR_P(libtomcrypt/src/pk/dsa)
+AS_MKDIR_P(libtomcrypt/src/pk/ecc)
+AS_MKDIR_P(libtomcrypt/src/pk/pkcs1)
+AS_MKDIR_P(libtomcrypt/src/pk/rsa)
+AS_MKDIR_P(libtomcrypt/src/prng)
+AC_CONFIG_HEADER(config.h)
+AC_OUTPUT(Makefile)
+AC_OUTPUT(libtomcrypt/Makefile)
+AC_OUTPUT(libtommath/Makefile)
+
+AC_MSG_NOTICE()
+if test $BUNDLED_LIBTOM = 1 ; then
+AC_MSG_NOTICE(Using bundled libtomcrypt and libtommath)
+else
+AC_MSG_NOTICE(Using system libtomcrypt and libtommath)
+fi
+
+AC_MSG_NOTICE()
+AC_MSG_NOTICE(Now edit options.h to choose features.)
diff -r 07c3eff1abda -r 43d1ef763b32 configure.in
--- a/configure.in	Sat Mar 23 03:04:53 2013 -0400
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
 <at>  <at>  -1,702 +0,0  <at>  <at> 
-#                                               -*- Autoconf -*-
-# Process this file with autoconf and autoheader to produce a configure script.
-
-# This Autoconf file was cobbled from various locations. In particular, a bunch
-# of the platform checks have been taken straight from OpenSSH's configure.ac
-# Huge thanks to them for dealing with the horrible platform-specifics :)
-
-AC_PREREQ(2.50)
-AC_INIT(buffer.c)
-
-OLDCFLAGS=$CFLAGS
-# Checks for programs.
-AC_PROG_CC
-AC_PROG_MAKE_SET
-
-if test -z "$LD" ; then
-	LD=$CC
-fi
-AC_SUBST(LD)	
-
-if test -z "$OLDCFLAGS" && test "$GCC" = "yes"; then
-	AC_MSG_NOTICE(No \$CFLAGS set... using "-Os -W -Wall" for GCC)
-	CFLAGS="-Os -W -Wall"
-fi
-
-# large file support is useful for scp
-AC_USE_SYSTEM_EXTENSIONS
-
-# Host specific options
-# this isn't a definitive list of hosts, they are just added as required
-AC_CANONICAL_HOST
-
-case "$host" in
-
-*-*-linux*)
-	no_ptmx_check=1
-	;;
-
-*-*-solaris*)
-	CFLAGS="$CFLAGS -I/usr/local/include"
-	LDFLAGS="$LDFLAGS -L/usr/local/lib -R/usr/local/lib"
-	conf_lastlog_location="/var/adm/lastlog"
-	AC_MSG_CHECKING(for obsolete utmp and wtmp in solaris2.x)
-	sol2ver=`echo "$host"| sed -e 's/.*[[0-9]]\.//'`
-	if test "$sol2ver" -ge 8; then
-		AC_MSG_RESULT(yes)
-		AC_DEFINE(DISABLE_UTMP,,Disable utmp)
-		AC_DEFINE(DISABLE_WTMP,,Disable wtmp)
-	else
-		AC_MSG_RESULT(no)
-	fi
-	AC_CHECK_LIB(socket, socket, LIBS="$LIBS -lsocket")
-	AC_CHECK_LIB(nsl, yp_match, LIBS="$LIBS -lnsl")
-	;;
-
-*-*-aix*)
-	AC_DEFINE(AIX,,Using AIX)
-	# OpenSSH thinks it's broken. If it isn't, let me know.
-	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
-	;;
-	
-*-*-hpux*)
-	LIBS="$LIBS -lsec"
-	# It's probably broken.
-	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
-	;;
-*-dec-osf*)
-	AC_DEFINE(BROKEN_GETADDRINFO,,Broken getaddrinfo)
-	;;
-esac
-
-AC_CHECK_TOOL(AR, ar, :)
-AC_CHECK_TOOL(RANLIB, ranlib, :)
-AC_CHECK_TOOL(STRIP, strip, :)
-AC_CHECK_TOOL(INSTALL, install, :)
-
-dnl Can't use login() or logout() with uclibc
-AC_CHECK_DECL(__UCLIBC__, 
-	[
-	no_loginfunc_check=1
-	AC_MSG_NOTICE([Using uClibc - login() and logout() probably don't work, so we won't use them.])
-	],,,)
-
-# Checks for libraries.
-AC_CHECK_LIB(crypt, crypt, CRYPTLIB="-lcrypt")
-AC_SUBST(CRYPTLIB)	
-
-# Check if zlib is needed
-AC_ARG_WITH(zlib,
-	[  --with-zlib=PATH        Use zlib in PATH],
-	[
-		# option is given
-		if test -d "$withval/lib"; then
-			LDFLAGS="-L${withval}/lib ${LDFLAGS}"
-		else
-			LDFLAGS="-L${withval} ${LDFLAGS}"
-		fi
-		if test -d "$withval/include"; then
-			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
-		else
-			CPPFLAGS="-I${withval} ${CPPFLAGS}"
-		fi
-	]
-)
-
-AC_ARG_ENABLE(zlib,
-	[  --disable-zlib          Don't include zlib support],
-	[
-		if test "x$enableval" = "xno"; then
-			AC_DEFINE(DISABLE_ZLIB,, Use zlib)
-			AC_MSG_NOTICE(Disabling zlib)
-		else
-			AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***]))
-			AC_MSG_NOTICE(Enabling zlib)
-		fi
-	],
-	[
-		# if not disabled, check for zlib
-		AC_CHECK_LIB(z, deflate, , AC_MSG_ERROR([*** zlib missing - install first or check config.log ***]))
-		AC_MSG_NOTICE(Enabling zlib)
-	]
-)
-
-# Check if pam is needed
-AC_ARG_WITH(pam,
-	[  --with-pam=PATH        Use pam in PATH],
-	[
-		# option is given
-		if test -d "$withval/lib"; then
-			LDFLAGS="-L${withval}/lib ${LDFLAGS}"
-		else
-			LDFLAGS="-L${withval} ${LDFLAGS}"
-		fi
-		if test -d "$withval/include"; then
-			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
-		else
-			CPPFLAGS="-I${withval} ${CPPFLAGS}"
-		fi
-	]
-)
-
-
-AC_ARG_ENABLE(pam,
-	[  --enable-pam          Try to include PAM support],
-	[
-		if test "x$enableval" = "xyes"; then
-			AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check
config.log ***]))
-			AC_MSG_NOTICE(Enabling PAM)
-			AC_CHECK_FUNCS(pam_fail_delay)
-		else
-			AC_DEFINE(DISABLE_PAM,, Use PAM)
-			AC_MSG_NOTICE(Disabling PAM)
-		fi
-	],
-	[
-		# disable it by default
-		AC_DEFINE(DISABLE_PAM,, Use PAM)
-		AC_MSG_NOTICE(Disabling PAM)
-	]
-)
-
-AC_ARG_ENABLE(openpty,
-	[  --disable-openpty       Don't use openpty, use alternative method],
-	[
-		if test "x$enableval" = "xno"; then
-			AC_MSG_NOTICE(Not using openpty)
-		else
-			AC_MSG_NOTICE(Using openpty if available)
-			AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
-		fi
-	],
-	[
-		AC_MSG_NOTICE(Using openpty if available)
-		AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
-	]
-)
-		
-
-AC_ARG_ENABLE(syslog,
-	[  --disable-syslog        Don't include syslog support],
-	[
-		if test "x$enableval" = "xno"; then
-			AC_DEFINE(DISABLE_SYSLOG,, Using syslog)
-			AC_MSG_NOTICE(Disabling syslog)
-		else
-			AC_MSG_NOTICE(Enabling syslog)
-		fi
-	],
-	[
-		AC_MSG_NOTICE(Enabling syslog)
-	]
-)
-
-AC_ARG_ENABLE(shadow,
-	[  --disable-shadow        Don't use shadow passwords (if available)],
-	[
-		if test "x$enableval" = "xno"; then
-			AC_MSG_NOTICE(Not using shadow passwords)
-		else
-			AC_CHECK_HEADERS([shadow.h])
-			AC_MSG_NOTICE(Using shadow passwords if available)
-		fi
-	],
-	[
-		AC_CHECK_HEADERS([shadow.h])
-		AC_MSG_NOTICE(Using shadow passwords if available)
-	]
-)
-			
-
-# Checks for header files.
-AC_HEADER_STDC
-AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS([fcntl.h limits.h netinet/in.h netinet/tcp.h stdlib.h string.h sys/socket.h
sys/time.h termios.h unistd.h crypt.h pty.h ioctl.h libutil.h libgen.h inttypes.h stropts.h utmp.h
utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h pam/pam_appl.h netinet/in_systm.h])
-
-# Checks for typedefs, structures, and compiler characteristics.
-AC_C_CONST
-AC_TYPE_UID_T
-AC_TYPE_MODE_T
-AC_TYPE_PID_T
-AC_TYPE_SIZE_T
-AC_HEADER_TIME
-
-AC_CHECK_TYPES([uint16_t, u_int16_t, struct sockaddr_storage])
-AC_CHECK_TYPE([socklen_t], ,[
-	AC_MSG_CHECKING([for socklen_t equivalent])
-	AC_CACHE_VAL([curl_cv_socklen_t_equiv],
-	[
-	# Systems have either "struct sockaddr *" or
-	# "void *" as the second argument to getpeername
-	curl_cv_socklen_t_equiv=
-	for arg2 in "struct sockaddr" void; do
-		for t in int size_t unsigned long "unsigned long"; do
-		AC_TRY_COMPILE([
-			#include <sys/types.h>
-			#include <sys/socket.h>
-
-			int getpeername (int, $arg2 *, $t *);
-		],[
-			$t len;
-			getpeername(0,0,&len);
-		],[
-			curl_cv_socklen_t_equiv="$t"
-			break
-		])
-		done
-	done
-
-	if test "x$curl_cv_socklen_t_equiv" = x; then
-		AC_MSG_ERROR([Cannot find a type to use in place of socklen_t])
-	fi
-	])
-	AC_MSG_RESULT($curl_cv_socklen_t_equiv)
-	AC_DEFINE_UNQUOTED(socklen_t, $curl_cv_socklen_t_equiv,
-			[type to use in place of socklen_t if not defined])],
-	[#include <sys/types.h>
-	#include <sys/socket.h>])
-
-# for the fake-rfc2553 stuff - straight from OpenSSH
-
-AC_CACHE_CHECK([for struct sockaddr_storage], ac_cv_have_struct_sockaddr_storage, [
-	AC_TRY_COMPILE(
-		[
-#include <sys/types.h>
-#include <sys/socket.h>
-		],
-		[ struct sockaddr_storage s; ],
-		[ ac_cv_have_struct_sockaddr_storage="yes" ],
-		[ ac_cv_have_struct_sockaddr_storage="no" ]
-	)
-])
-if test "x$ac_cv_have_struct_sockaddr_storage" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_SOCKADDR_STORAGE)
-fi
-
-AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
-	AC_TRY_COMPILE(
-		[
-#include <sys/types.h>
-#include <netinet/in.h>
-		],
-		[ struct sockaddr_in6 s; s.sin6_family = 0; ],
-		[ ac_cv_have_struct_sockaddr_in6="yes" ],
-		[ ac_cv_have_struct_sockaddr_in6="no" ]
-	)
-])
-if test "x$ac_cv_have_struct_sockaddr_in6" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_SOCKADDR_IN6,,Have struct sockaddr_in6)
-fi
-
-AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
-	AC_TRY_COMPILE(
-		[
-#include <sys/types.h>
-#include <netinet/in.h>
-		],
-		[ struct in6_addr s; s.s6_addr[0] = 0; ],
-		[ ac_cv_have_struct_in6_addr="yes" ],
-		[ ac_cv_have_struct_in6_addr="no" ]
-	)
-])
-if test "x$ac_cv_have_struct_in6_addr" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_IN6_ADDR,,Have struct in6_addr)
-fi
-
-AC_CACHE_CHECK([for struct addrinfo], ac_cv_have_struct_addrinfo, [
-	AC_TRY_COMPILE(
-		[
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-		],
-		[ struct addrinfo s; s.ai_flags = AI_PASSIVE; ],
-		[ ac_cv_have_struct_addrinfo="yes" ],
-		[ ac_cv_have_struct_addrinfo="no" ]
-	)
-])
-if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
-	AC_DEFINE(HAVE_STRUCT_ADDRINFO,,Have struct addrinfo)
-fi
-
-
-# IRIX has a const char return value for gai_strerror()
-AC_CHECK_FUNCS(gai_strerror,[
-	AC_DEFINE(HAVE_GAI_STRERROR)
-	AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netdb.h>
-
-const char *gai_strerror(int);],[
-char *str;
-
-str = gai_strerror(0);],[
-		AC_DEFINE(HAVE_CONST_GAI_STRERROR_PROTO, 1,
-		[Define if gai_strerror() returns const char *])])])
-
-# for loginrec.c
-
-AC_CHECK_MEMBERS([struct utmp.ut_host, struct utmp.ut_pid, struct utmp.ut_type, struct
utmp.ut_tv, struct utmp.ut_id, struct utmp.ut_addr, struct utmp.ut_addr_v6, struct utmp.ut_exit,
struct utmp.ut_time],,,[
-#include <sys/types.h>
-#if HAVE_UTMP_H
-#include <utmp.h>
-#endif
-])
-
-AC_CHECK_MEMBERS([struct utmpx.ut_host, struct utmpx.ut_syslen, struct utmpx.ut_type, struct
utmpx.ut_id, struct utmpx.ut_addr, struct utmpx.ut_addr_v6, struct utmpx.ut_time, struct utmpx.ut_tv],,,[
-#include <sys/types.h>
-#include <sys/socket.h>
-#if HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-])
-
-AC_CHECK_MEMBERS([struct sockaddr_storage.ss_family],,,[
-#include <sys/types.h>
-#include <sys/socket.h>
-])
-
-AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
-AC_CHECK_FUNCS(utmpname)
-AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
-AC_CHECK_FUNCS(setutxent utmpxname)
-AC_CHECK_FUNCS(logout updwtmp logwtmp)
-
-AC_ARG_ENABLE(bundled-libtom,
-	[  --enable-bundled-libtom       Use bundled libtomcrypt/libtommath even if a system version exists],
-	[ 
-		BUNDLED_LIBTOM=1
-		AC_MSG_NOTICE(Forcing bundled libtom*)
-	],
-	[
-		BUNDLED_LIBTOM=0
-		AC_CHECK_LIB(tomcrypt, register_cipher, , BUNDLED_LIBTOM=1)
-		AC_CHECK_LIB(tommath, mp_exptmod, , BUNDLED_LIBTOM=1)
-	]
-)
-
-if test $BUNDLED_LIBTOM = 1 ; then
-	AC_DEFINE(BUNDLED_LIBTOM,,Use bundled libtom) 
-fi
-
-AC_SUBST(BUNDLED_LIBTOM)
-
-dnl Added from OpenSSH 3.6.1p2's configure.ac
-
-dnl allow user to disable some login recording features
-AC_ARG_ENABLE(lastlog,
-	[  --disable-lastlog       Disable use of lastlog even if detected [no]],
-	[ AC_DEFINE(DISABLE_LASTLOG,,Disable use of lastlog()) ]
-)
-AC_ARG_ENABLE(utmp,
-	[  --disable-utmp          Disable use of utmp even if detected [no]],
-	[ AC_DEFINE(DISABLE_UTMP,,Disable use of utmp) ]
-)
-AC_ARG_ENABLE(utmpx,
-	[  --disable-utmpx         Disable use of utmpx even if detected [no]],
-	[ AC_DEFINE(DISABLE_UTMPX,,Disable use of utmpx) ]
-)
-AC_ARG_ENABLE(wtmp,
-	[  --disable-wtmp          Disable use of wtmp even if detected [no]],
-	[ AC_DEFINE(DISABLE_WTMP,,Disable use of wtmp) ]
-)
-AC_ARG_ENABLE(wtmpx,
-	[  --disable-wtmpx         Disable use of wtmpx even if detected [no]],
-	[ AC_DEFINE(DISABLE_WTMPX,,Disable use of wtmpx) ]
-)
-AC_ARG_ENABLE(loginfunc,
-	[  --disable-loginfunc     Disable use of login() etc. [no]],
-	[ no_loginfunc_check=1
-	AC_MSG_NOTICE(Not using login() etc) ]
-)
-AC_ARG_ENABLE(pututline,
-	[  --disable-pututline     Disable use of pututline() etc. ([uw]tmp) [no]],
-	[ AC_DEFINE(DISABLE_PUTUTLINE,,Disable use of pututline()) ]
-)
-AC_ARG_ENABLE(pututxline,
-	[  --disable-pututxline    Disable use of pututxline() etc. ([uw]tmpx) [no]],
-	[ AC_DEFINE(DISABLE_PUTUTXLINE,,Disable use of pututxline()) ]
-)
-AC_ARG_WITH(lastlog,
-  [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
-	[
-		if test "x$withval" = "xno" ; then	
-			AC_DEFINE(DISABLE_LASTLOG)
-		else
-			conf_lastlog_location=$withval
-		fi
-	]
-)
-
-if test -z "$no_loginfunc_check"; then
-	dnl    Checks for libutil functions (login(), logout() etc, not openpty() )
-	AC_SEARCH_LIBS(login, util bsd, [AC_DEFINE(HAVE_LOGIN,,Have login() function)])
-	AC_CHECK_FUNCS(logout updwtmp logwtmp)
-fi
-
-dnl lastlog, [uw]tmpx? detection
-dnl  NOTE: set the paths in the platform section to avoid the
-dnl   need for command-line parameters
-dnl lastlog and [uw]tmp are subject to a file search if all else fails
-
-dnl lastlog detection
-dnl  NOTE: the code itself will detect if lastlog is a directory
-AC_MSG_CHECKING([if your system defines LASTLOG_FILE])
-AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_LASTLOG_H
-#  include <lastlog.h>
-#endif
-#ifdef HAVE_PATHS_H
-#  include <paths.h>
-#endif
-#ifdef HAVE_LOGIN_H
-# include <login.h>
-#endif
-	],
-	[ char *lastlog = LASTLOG_FILE; ],
-	[ AC_MSG_RESULT(yes) ],
-	[
-		AC_MSG_RESULT(no)
-		AC_MSG_CHECKING([if your system defines _PATH_LASTLOG])
-		AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_LASTLOG_H
-#  include <lastlog.h>
-#endif
-#ifdef HAVE_PATHS_H
-#  include <paths.h>
-#endif
-		],
-		[ char *lastlog = _PATH_LASTLOG; ],
-		[ AC_MSG_RESULT(yes) ],
-		[
-			AC_MSG_RESULT(no)
-			system_lastlog_path=no
-		])
-	]
-)
-
-if test -z "$conf_lastlog_location"; then
-	if test x"$system_lastlog_path" = x"no" ; then
-		for f in /var/log/lastlog /usr/adm/lastlog /var/adm/lastlog /etc/security/lastlog ; do
-				if (test -d "$f" || test -f "$f") ; then
-					conf_lastlog_location=$f
-				fi
-		done
-		if test -z "$conf_lastlog_location"; then
-			AC_MSG_WARN([** Cannot find lastlog **])
-			dnl Don't define DISABLE_LASTLOG - that means we don't try wtmp/wtmpx
-		fi
-	fi
-fi
-
-if test -n "$conf_lastlog_location"; then
-	AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location", lastlog file location)
-fi	
-
-dnl utmp detection
-AC_MSG_CHECKING([if your system defines UTMP_FILE])
-AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_PATHS_H
-#  include <paths.h>
-#endif
-	],
-	[ char *utmp = UTMP_FILE; ],
-	[ AC_MSG_RESULT(yes) ],
-	[ AC_MSG_RESULT(no)
-	  system_utmp_path=no ]
-)
-if test -z "$conf_utmp_location"; then
-	if test x"$system_utmp_path" = x"no" ; then
-		for f in /etc/utmp /usr/adm/utmp /var/run/utmp; do
-			if test -f $f ; then
-				conf_utmp_location=$f
-			fi
-		done
-		if test -z "$conf_utmp_location"; then
-			AC_DEFINE(DISABLE_UTMP)
-		fi
-	fi
-fi
-if test -n "$conf_utmp_location"; then
-	AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location", utmp file location)
-fi	
-
-dnl wtmp detection
-AC_MSG_CHECKING([if your system defines WTMP_FILE])
-AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_PATHS_H
-#  include <paths.h>
-#endif
-	],
-	[ char *wtmp = WTMP_FILE; ],
-	[ AC_MSG_RESULT(yes) ],
-	[ AC_MSG_RESULT(no)
-	  system_wtmp_path=no ]
-)
-if test -z "$conf_wtmp_location"; then
-	if test x"$system_wtmp_path" = x"no" ; then
-		for f in /usr/adm/wtmp /var/log/wtmp; do
-			if test -f $f ; then
-				conf_wtmp_location=$f
-			fi
-		done
-		if test -z "$conf_wtmp_location"; then
-			AC_DEFINE(DISABLE_WTMP)
-		fi
-	fi
-fi
-if test -n "$conf_wtmp_location"; then
-	AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location", wtmp file location)
-fi	
-
-
-dnl utmpx detection - I don't know any system so perverse as to require
-dnl  utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
-dnl  there, though.
-AC_MSG_CHECKING([if your system defines UTMPX_FILE])
-AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-#ifdef HAVE_PATHS_H
-#  include <paths.h>
-#endif
-	],
-	[ char *utmpx = UTMPX_FILE; ],
-	[ AC_MSG_RESULT(yes) ],
-	[ AC_MSG_RESULT(no)
-	  system_utmpx_path=no ]
-)
-if test -z "$conf_utmpx_location"; then
-	if test x"$system_utmpx_path" = x"no" ; then
-		AC_DEFINE(DISABLE_UTMPX)
-	fi
-else
-	AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", utmpx file location)
-fi	
-
-dnl wtmpx detection
-AC_MSG_CHECKING([if your system defines WTMPX_FILE])
-AC_TRY_COMPILE([
-#include <sys/types.h>
-#include <utmp.h>
-#ifdef HAVE_UTMPX_H
-#include <utmpx.h>
-#endif
-#ifdef HAVE_PATHS_H
-#  include <paths.h>
-#endif
-	],
-	[ char *wtmpx = WTMPX_FILE; ],
-	[ AC_MSG_RESULT(yes) ],
-	[ AC_MSG_RESULT(no)
-	  system_wtmpx_path=no ]
-)
-if test -z "$conf_wtmpx_location"; then
-	if test x"$system_wtmpx_path" = x"no" ; then
-		AC_DEFINE(DISABLE_WTMPX)
-	fi
-else
-	AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location", wtmpx file location)
-fi	
-
-# Checks for library functions.
-AC_PROG_GCC_TRADITIONAL
-AC_FUNC_MEMCMP
-AC_FUNC_SELECT_ARGTYPES
-AC_TYPE_SIGNAL
-AC_CHECK_FUNCS([dup2 getspnam getusershell memset putenv select socket strdup clearenv strlcpy
strlcat daemon basename _getpty getaddrinfo freeaddrinfo getnameinfo fork])
-
-AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME))
-
-# Solaris needs ptmx
-if test -z "$no_ptmx_check" ; then
-	if test x"$cross_compiling" = x"no" ; then
-		AC_CHECK_FILE("/dev/ptmx", AC_DEFINE(USE_DEV_PTMX,,Use /dev/ptmx))
-	else
-		AC_MSG_NOTICE([Not checking for /dev/ptmx, we're cross-compiling])
-	fi
-fi
-
-if test -z "$no_ptc_check" ; then
-	if test x"$cross_compiling" = x"no" ; then
-		AC_CHECK_FILE("/dev/ptc", AC_DEFINE(HAVE_DEV_PTS_AND_PTC,,Use /dev/ptc & /dev/pts))
-	else
-		AC_MSG_NOTICE([Not checking for /dev/ptc & /dev/pts since we're cross-compiling])
-	fi
-fi
-
-AC_EXEEXT
-
-# XXX there must be a nicer way to do this
-AS_MKDIR_P(libtomcrypt/src/ciphers/aes)
-AS_MKDIR_P(libtomcrypt/src/ciphers/safer)
-AS_MKDIR_P(libtomcrypt/src/ciphers/twofish)
-AS_MKDIR_P(libtomcrypt/src/encauth/ccm)
-AS_MKDIR_P(libtomcrypt/src/encauth/eax)
-AS_MKDIR_P(libtomcrypt/src/encauth/gcm)
-AS_MKDIR_P(libtomcrypt/src/encauth/ocb)
-AS_MKDIR_P(libtomcrypt/src/hashes)
-AS_MKDIR_P(libtomcrypt/src/hashes/chc)
-AS_MKDIR_P(libtomcrypt/src/hashes/helper)
-AS_MKDIR_P(libtomcrypt/src/hashes/sha2)
-AS_MKDIR_P(libtomcrypt/src/hashes/whirl)
-AS_MKDIR_P(libtomcrypt/src/mac/hmac)
-AS_MKDIR_P(libtomcrypt/src/mac/omac)
-AS_MKDIR_P(libtomcrypt/src/mac/pelican)
-AS_MKDIR_P(libtomcrypt/src/mac/pmac)
-AS_MKDIR_P(libtomcrypt/src/mac/f9)
-AS_MKDIR_P(libtomcrypt/src/mac/xcbc)
-AS_MKDIR_P(libtomcrypt/src/math/fp)
-AS_MKDIR_P(libtomcrypt/src/misc/base64)
-AS_MKDIR_P(libtomcrypt/src/misc/crypt)
-AS_MKDIR_P(libtomcrypt/src/misc/mpi)
-AS_MKDIR_P(libtomcrypt/src/misc/pkcs5)
-AS_MKDIR_P(libtomcrypt/src/modes/cbc)
-AS_MKDIR_P(libtomcrypt/src/modes/cfb)
-AS_MKDIR_P(libtomcrypt/src/modes/ctr)
-AS_MKDIR_P(libtomcrypt/src/modes/ecb)
-AS_MKDIR_P(libtomcrypt/src/modes/ofb)
-AS_MKDIR_P(libtomcrypt/src/modes/f8)
-AS_MKDIR_P(libtomcrypt/src/modes/lrw)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/bit)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/choice)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/ia5)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/integer)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/object_identifier)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/octet)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/printable_string)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/sequence)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/short_integer)
-AS_MKDIR_P(libtomcrypt/src/pk/asn1/der/utctime)
-AS_MKDIR_P(libtomcrypt/src/pk/dh)
-AS_MKDIR_P(libtomcrypt/src/pk/dsa)
-AS_MKDIR_P(libtomcrypt/src/pk/ecc)
-AS_MKDIR_P(libtomcrypt/src/pk/pkcs1)
-AS_MKDIR_P(libtomcrypt/src/pk/rsa)
-AS_MKDIR_P(libtomcrypt/src/prng)
-AC_CONFIG_HEADER(config.h)
-AC_OUTPUT(Makefile)
-AC_OUTPUT(libtomcrypt/Makefile)
-AC_OUTPUT(libtommath/Makefile)
-
-AC_MSG_NOTICE()
-if test $BUNDLED_LIBTOM = 1 ; then
-AC_MSG_NOTICE(Using bundled libtomcrypt and libtommath)
-else
-AC_MSG_NOTICE(Using system libtomcrypt and libtommath)
-fi
-
-AC_MSG_NOTICE()
-AC_MSG_NOTICE(Now edit options.h to choose features.)

Mike Frysinger | 23 Mar 08:06 2013
Picon

[PATCH] use AC_USE_SYSTEM_EXTENSIONS instead

# HG changeset patch
# User Mike Frysinger <vapier <at> gentoo.org>
# Date 1364022293 14400
# Node ID 07c3eff1abdaf14173330e3b17657ad46474064c
# Parent  63f8d6c469cf51624c9a48dbac1f2ae9b4cd82b6
use AC_USE_SYSTEM_EXTENSIONS instead

The current scp code uses vasprintf which is a GNU extension, but doesn't
define _GNU_SOURCE for it.  Instead of getting into that mess though, use
the autoconf AC_USE_SYSTEM_EXTENSIONS macro to automatically enable all
the extra fun stuff for us.

diff -r 63f8d6c469cf -r 07c3eff1abda configure.in
--- a/configure.in	Thu May 17 00:26:12 2012 +0800
+++ b/configure.in	Sat Mar 23 03:04:53 2013 -0400
 <at>  <at>  -24,7 +24,7  <at>  <at> 
 fi

 # large file support is useful for scp
-AC_SYS_LARGEFILE
+AC_USE_SYSTEM_EXTENSIONS

 # Host specific options
 # this isn't a definitive list of hosts, they are just added as required

Matt Johnston | 21 Mar 16:40 2013
Picon
Picon

Dropbear 2013.56 released

Hi all,

Dropbear 2013.56 is now released, with a mix of features and
bug fixes. Download as usual at
https://matt.ucc.asn.au/dropbear/dropbear.html

I've also set up a github mirror of the Dropbear mercurial
repository at https://github.com/mkj/dropbear . It'll be
read-only but might be of use to the various forks.

Cheers,
Matt

2013.56 - Thursday 21 March 2013

- Allow specifying cipher (-c) and MAC (-m) lists for dbclient

- Allow using 'none' cipher or MAC (off by default, use options.h). Encryption
  is used during authentication then disabled, similar to OpenSSH HPN mode

- Allow a user in immediately if the account has a blank password and blank
  passwords are enabled

- Include a few extra sources of entropy from /proc on Linux, hash private keys
  as well. Dropbear will also write gathered entropy back into /dev/urandom

- Added hmac-sha2-256 and hmac-sha2-512 support (off by default, use options.h)

- Don't sent bad address "localhost" for -R forward connections, 
  reported by Denis Bider

- Add "-B" runtime option to allow blank passwords

- Allow using IPv6 bracket notation for addresses in server "-p" option, from Ben Jencks

- A few improvements for Android from Reimar Döffinger

- Fix memory leak for TCP forwarded connections to hosts that timed out,
  reported by Norbert Benczúr. Appears to be a very long-standing bug.

- Fix "make clean" for out of tree builds

- Fix compilation when ENABLE_{SVR,CLI}_AGENTFWD are unset

Jonathan Chetwynd | 1 Mar 12:40 2013

using dbclient in bash script issue

Matt,

great stuff! using in Kindle, works fine...

could you please comment?

with the latest patched screen,

$ dbclient -i /mnt/us/id_rsa me <at> remoteIP -t "screen -x myscreen -X stuff 
'cmd'`echo -ne '\015'`"

  the command is processed on the remote box

similarly in a bash script, using ssh on RPi, not Kindle

#!/bin/bash
ssh me <at> remoteIP -t "screen -x myscreen -X stuff 'cmd'`echo -ne '\015'`"

exit

but

#!/bin/bash
dbclient -i /mnt/us/id_rsa  me <at> remoteIP -t "screen -x myscreen -X stuff 
'cmd'`echo -ne '\015'`"

exit

opens screen, but does not send command.

what am I missing?

kind regards

Jonathan

--

-- 
Jonathan Chetwynd
http://www.gnote.org
Eyetracking in HTML5

Alexis-externe DAVOUX | 28 Feb 17:39 2013
Picon

Problem with Dropbear/dbclient as SFTP client

Hi,

I have some trouble with dropbear used as SFTP client.

I've set up a SFTP server on my machine, which works fine. I've tested the connection to the server with Filezilla client.
I've tried connecting to the SFTP server with dropbear using the command:

dbclient -s user <at> host sftp

I can authenticate successfully, and I get the welcome message, but after that I can't do anything: it seems that dbclient is waiting for some command but nothing seems to work. I've tried entering 'ls', 'cd /test', 'get test.txt', 'pwd',... but nothing happens when I validate with enter.

How can I use dbclient as SFTP client ? What is the correct syntax ?

Thanks in advance,
Best regards,

Alexis
Paul Eggleton | 20 Feb 17:51 2013
Picon

RFC: PATCH: Allow configuring "allow blank password option" at runtime

Hi there,

Attached is a patch we've developed for dropbear within the Yocto Project to 
avoid the need to rebuild dropbear when we wish to disable the ability to log 
into accounts that have a blank password set. It removes the compile-time 
option and adds a -B command-line option which enables the functionality.

We'd really like to see this (or something like it) upstream. If an 
alternative implementation would be preferred please let me know.

Cheers,
Paul

--

-- 

Paul Eggleton
Intel Open Source Technology Centre	
Attachment (nopw-option-hg.patch): text/x-patch, 2972 bytes
dbextern | 3 Jan 14:58 2013
Picon
Picon

(unknown)

Hi Matt, 

thank you for the quick response.

# 7 seconds seems slow. Where said that it's a common problem?
# I get around 1 second to SSH to a raspberry pi (700mhz "ARMv6").
# Was it built with the same compiler and compile options?
# Leaving optimisation off could make that difference.

I found a few posts on the mailing list about that topic. 
(for example: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2011q1/001098.html
or http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2011q3/001149.html)
The CPU is at 100% during the login. 
Both versions have been compiled with the same external setup. 
When the dropbear is the only process running the time is reduced to ~3s which is still a lot slower than the
V0.52 (that does it in less than 1s).
Were Options added between those versions that could have an impact? Did maybe the libtommath/crypt
change? 

# I can't see how it wouldn't ask for a password unless
# there's -g or -s on the commandline. Does "ssh -v" show just
# "Authentications that can continue: publickey", not
# "publickey,password" ?

The server gives a 
"Authentications that can continue: publickey".
It is started without any options. 

Grüße
Sebastian

-

Sebastian Fett, R&D
T +49-7191-9669-0, F +49-7191-950000, Sebastian.Fett <at> dbaudio.com, www.dbaudio.com

d&b audiotechnik GmbH, Eugen-Adolff-Straße 134, 71522 Backnang, Germany
Geschäftsführer: Frank Bothe, Markus Strohmeier
Finanzen: Kay Lange; Marketing: Simon Johnston
Sitz: Backnang; Amtsgericht Stuttgart, HRB 725789

Von:	Matt Johnston <matt <at> ucc.asn.au>
An:	dbextern <at> gmx.de, 
Kopie:	dropbear <at> ucc.asn.au
Datum:	03.01.2013 12:51
Betreff:	Re: Issues after Update from 0.52 to 2012.55; login time; password auth

Hi,

7 seconds seems slow. Where said that it's a common problem?
I get around 1 second to SSH to a raspberry pi (700mhz "ARMv6").
Was it built with the same compiler and compile options?
Leaving optimisation off could make that difference.

I can't see how it wouldn't ask for a password unless
there's -g or -s on the commandline. Does "ssh -v" show just
"Authentications that can continue: publickey", not
"publickey,password" ?

Cheers,
Matt

On Thu, Jan 03, 2013 at 12:10:51PM +0100, dbextern <at> gmx.de wrote:
> Hello!
> 
> I'm using dropbear on an embedded System with uCLinux. It works great. And first I want to thank all of you
for the work you put in it.
> 
> After reading about the security fix I updated the dropbear from a (very stable and fast) 0.52 to the new 2012.55.
> 
> After the update two things changed. The login time increased a lot. From next to nothing to about 7s (on a
600MHz CPU). I read that this is a common problem, and that my 7s are still quite good. I'm just surprised
about he increase. 
> 
> Secondly the dropbear does not allow password login anymore (the server only gives back "pubkey" as
available option). The according defines in the options.h are still active though. And the dropbear is
started without -s. I'm out of ideas what to try to enable it again. When I just replace the dropbear
executable with the 0.52 version it works again.
> 
> Any thoughts and advide is highly appreciated. Tank you in advance.
> 
> Grüße
> Sebastian
> 

dbextern | 3 Jan 12:10 2013
Picon
Picon

Issues after Update from 0.52 to 2012.55; login time; password auth

Hello!

I'm using dropbear on an embedded System with uCLinux. It works great. And first I want to thank all of you for
the work you put in it.

After reading about the security fix I updated the dropbear from a (very stable and fast) 0.52 to the new 2012.55.

After the update two things changed. The login time increased a lot. From next to nothing to about 7s (on a
600MHz CPU). I read that this is a common problem, and that my 7s are still quite good. I'm just surprised
about he increase. 

Secondly the dropbear does not allow password login anymore (the server only gives back "pubkey" as
available option). The according defines in the options.h are still active though. And the dropbear is
started without -s. I'm out of ideas what to try to enable it again. When I just replace the dropbear
executable with the 0.52 version it works again.

Any thoughts and advide is highly appreciated. Tank you in advance.

Grüße
Sebastian


Gmane