diff options
| -rw-r--r-- | Android.bp | 261 | ||||
| -rw-r--r-- | METADATA | 17 | ||||
| -rw-r--r-- | OWNERS | 3 | ||||
| -rw-r--r-- | README.version | 4 | ||||
| -rw-r--r-- | auth.c | 8 | ||||
| -rw-r--r-- | auth2-none.c | 4 | ||||
| -rw-r--r-- | auth2-passwd.c | 3 | ||||
| -rw-r--r-- | dns.c | 12 | ||||
| -rw-r--r-- | misc.c | 7 | ||||
| -rw-r--r-- | monitor.c | 9 | ||||
| -rw-r--r-- | openbsd-compat/bsd-openpty.c | 2 | ||||
| -rw-r--r-- | openbsd-compat/bsd-statvfs.c | 5 | ||||
| -rw-r--r-- | openbsd-compat/explicit_bzero.c | 4 | ||||
| -rw-r--r-- | openbsd-compat/libressl-api-compat.c | 2 | ||||
| -rw-r--r-- | prebuilt-intermediates/config.h | 1661 | ||||
| -rw-r--r-- | servconf.c | 14 | ||||
| -rw-r--r-- | session.c | 2 | ||||
| -rw-r--r-- | ssh-rsa.c | 2 | ||||
| -rw-r--r-- | sshd.c | 2 | ||||
| -rw-r--r-- | sshd_config.android | 5 | ||||
| -rw-r--r-- | sshkey.c | 4 | ||||
| -rw-r--r-- | start-ssh | 37 | ||||
| -rw-r--r-- | uidswap.c | 51 |
23 files changed, 2117 insertions, 2 deletions
diff --git a/Android.bp b/Android.bp new file mode 100644 index 00000000..a38451a8 --- /dev/null +++ b/Android.bp @@ -0,0 +1,261 @@ +// Copyright (C) 2020 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +cc_defaults { + name: "ssh_defaults", + vendor: true, + cflags: [ + "-Wno-incompatible-pointer-types", + "-Wno-pointer-sign", + "-Wno-unused-parameter", + ], + include_dirs: [ + "external/openssh/openbsd-compat", + "external/openssh/prebuilt-intermediates", + ], + shared_libs: [ + "libdl", + "libcrypto", + "libssl", + "libz", + ], +} + +cc_library { + name: "libssh", + defaults: ["ssh_defaults"], + cflags: ["-DENABLE_SK"], + srcs: [ + "addrmatch.c", + "atomicio.c", + "authfd.c", + "authfile.c", + "bitmap.c", + "canohost.c", + "chacha.c", + "channels.c", + "cipher-aes.c", + "cipher-aesctr.c", + "cipher-chachapoly.c", + "cipher-ctr.c", + "cipher.c", + "cleanup.c", + "compat.c", + "dh.c", + "digest-openssl.c", + "dispatch.c", + "dns.c", + "ed25519.c", + "entropy.c", + "fatal.c", + "fe25519.c", + "ge25519.c", + "gss-genr.c", + "hash.c", + "hmac.c", + "hostfile.c", + "kex.c", + "kexc25519.c", + "kexdh.c", + "kexecdh.c", + "kexgen.c", + "kexgex.c", + "kexgexc.c", + "kexsntrup4591761x25519.c", + "krl.c", + "log.c", + "mac.c", + "match.c", + "misc.c", + "moduli.c", + "monitor_fdpass.c", + "msg.c", + "nchan.c", + "openbsd-compat/bcrypt_pbkdf.c", + "openbsd-compat/bindresvport.c", + "openbsd-compat/blowfish.c", + "openbsd-compat/bsd-closefrom.c", + "openbsd-compat/bsd-err.c", + "openbsd-compat/bsd-getpagesize.c", + "openbsd-compat/bsd-getpeereid.c", + "openbsd-compat/bsd-malloc.c", + "openbsd-compat/bsd-misc.c", + "openbsd-compat/bsd-openpty.c", + "openbsd-compat/bsd-signal.c", + "openbsd-compat/bsd-statvfs.c", + "openbsd-compat/explicit_bzero.c", + "openbsd-compat/fmt_scaled.c", + "openbsd-compat/freezero.c", + "openbsd-compat/getopt_long.c", + "openbsd-compat/glob.c", + "openbsd-compat/libressl-api-compat.c", + "openbsd-compat/openssl-compat.c", + "openbsd-compat/port-linux.c", + "openbsd-compat/port-net.c", + "openbsd-compat/pwcache.c", + "openbsd-compat/readpassphrase.c", + "openbsd-compat/reallocarray.c", + "openbsd-compat/recallocarray.c", + "openbsd-compat/rresvport.c", + "openbsd-compat/setproctitle.c", + "openbsd-compat/strcasestr.c", + "openbsd-compat/strmode.c", + "openbsd-compat/strtonum.c", + "openbsd-compat/timingsafe_bcmp.c", + "openbsd-compat/vis.c", + "packet.c", + "platform-misc.c", + "platform-pledge.c", + "poly1305.c", + "readpass.c", + "rijndael.c", + "sc25519.c", + "sntrup4591761.c", + "smult_curve25519_ref.c", + "ssh-dss.c", + "ssh-ecdsa.c", + "ssh-ecdsa-sk.c", + "ssh-ed25519.c", + "ssh-ed25519-sk.c", + "ssh-rsa.c", + "ssh-sk.c", + "sshbuf-io.c", + "sshbuf-getput-basic.c", + "sshbuf-getput-crypto.c", + "sshbuf-misc.c", + "sshbuf.c", + "ssherr.c", + "sshkey.c", + "ttymodes.c", + "uidswap.c", + "umac.c", + "umac128.c", + "utf8.c", + "verify.c", + "xmalloc.c", + ], +} + +cc_binary { + name: "ssh", + defaults: ["ssh_defaults"], + srcs: [ + "clientloop.c", + "mux.c", + "readconf.c", + "ssh.c", + "sshconnect.c", + "sshconnect2.c", + "sshtty.c", + ], + shared_libs: ["libssh"], +} + +cc_binary { + name: "sftp", + defaults: ["ssh_defaults"], + srcs: [ + "sftp.c", + "sftp-client.c", + "sftp-common.c", + "sftp-glob.c", + "progressmeter.c", + ], + shared_libs: ["libssh"], +} + +cc_binary { + name: "scp", + defaults: ["ssh_defaults"], + srcs: [ + "scp.c", + "progressmeter.c", + ], + shared_libs: ["libssh"], +} + +cc_binary { + name: "sshd", + defaults: ["ssh_defaults"], + srcs: [ + "audit-bsm.c", + "audit-linux.c", + "audit.c", + "auth-bsdauth.c", + "auth-krb5.c", + "auth-options.c", + "auth-pam.c", + "auth-rhosts.c", + "auth-shadow.c", + "auth-sia.c", + "auth.c", + "auth2-chall.c", + "auth2-gss.c", + "auth2-hostbased.c", + "auth2-kbdint.c", + "auth2-none.c", + "auth2-passwd.c", + "auth2-pubkey.c", + "auth2.c", + "groupaccess.c", + "gss-serv-krb5.c", + "gss-serv.c", + "kexgexs.c", + "loginrec.c", + "md5crypt.c", + "monitor.c", + "monitor_wrap.c", + "platform.c", + "platform-tracing.c", + "sandbox-null.c", + "sandbox-rlimit.c", + "sandbox-systrace.c", + "servconf.c", + "serverloop.c", + "session.c", + "sftp-common.c", + "sftp-realpath.c", + "sftp-server.c", + "sshd.c", + "sshlogin.c", + "sshpty.c", + ], + shared_libs: [ + "libcutils", + "libssh", + ], +} + +cc_binary { + name: "ssh-keygen", + defaults: ["ssh_defaults"], + srcs: [ + "ssh-keygen.c", + "sshsig.c", + ], + shared_libs: ["libssh"], +} + +prebuilt_etc { + name: "sshd_config", + vendor: true, + src: "sshd_config.android", + relative_install_path: "ssh", +} + +sh_binary { + name: "start-ssh", + vendor: true, + src: "start-ssh", +} diff --git a/METADATA b/METADATA new file mode 100644 index 00000000..eef037a7 --- /dev/null +++ b/METADATA @@ -0,0 +1,17 @@ +name: "openssh" +description: + "Secure Shell (SSH) protocol client, server and utilities" + +third_party { + url { + type: HOMEPAGE + value: "https://www.openssh.com/" + } + url { + type: GIT + value: "https://github.com/openssh/openssh-portable" + } + version: "8.3p1" + last_upgrade_date { year: 2020 month: 8 day: 20 } + license_type: NOTICE +} @@ -0,0 +1,3 @@ +# Default code reviewers picked from top 3 or more developers. +# Please update this list if you find better candidates. +adelva@google.com diff --git a/README.version b/README.version new file mode 100644 index 00000000..030d77da --- /dev/null +++ b/README.version @@ -0,0 +1,4 @@ +URL: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.3p1.tar.gz +Version: 8.3p1 +BugComponent: 180238 +Owners: adelva, cloud-android-devs @@ -580,6 +580,14 @@ getpwnamallow(struct ssh *ssh, const char *user) aix_setauthdb(user); #endif +#if defined(ANDROID) + // Android has a fixed set of users. Any incoming user that we can't + // identify should be authenticated as the shell user. + if (strcmp(user, "root") && strcmp(user, "shell")) { + logit("Login name %.100s forced to shell", user); + user = "shell"; + } +#endif pw = getpwnam(user); #if defined(_AIX) && defined(HAVE_SETAUTHDB) diff --git a/auth2-none.c b/auth2-none.c index dacb5fb8..f457c378 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -66,8 +66,12 @@ userauth_none(struct ssh *ssh) none_enabled = 0; if ((r = sshpkt_get_end(ssh)) != 0) fatal("%s: %s", __func__, ssh_err(r)); + + /* no password authentication in Android. */ +#if !defined(ANDROID) if (options.permit_empty_passwd && options.password_authentication) return (PRIVSEP(auth_password(ssh, ""))); +#endif return (0); } diff --git a/auth2-passwd.c b/auth2-passwd.c index bb5f8192..2d0b2af2 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -64,8 +64,11 @@ userauth_passwd(struct ssh *ssh) if (change) logit("password change not supported"); +#if !defined(ANDROID) + /* no password authentication in Android */ else if (PRIVSEP(auth_password(ssh, password)) == 1) authenticated = 1; +#endif freezero(password, len); return authenticated; } @@ -233,8 +233,14 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, return -1; } +#if !defined(ANDROID) result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, DNS_RDATATYPE_SSHFP, 0, &fingerprints); +#else + /* unsupported in Android. */ + result = -1; +#endif + if (result) { verbose("DNS lookup error: %s", dns_result_totext(result)); return -1; @@ -253,7 +259,9 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type, &hostkey_digest, &hostkey_digest_len, hostkey)) { error("Error calculating host key fingerprint."); +#if !defined(ANDROID) freerrset(fingerprints); +#endif return -1; } @@ -282,7 +290,9 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, &hostkey_digest_type, &hostkey_digest, &hostkey_digest_len, hostkey)) { error("Error calculating key fingerprint."); +#if !defined(ANDROID) freerrset(fingerprints); +#endif return -1; } } @@ -299,7 +309,9 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, } free(hostkey_digest); /* from sshkey_fingerprint_raw() */ +#if !defined(ANDROID) freerrset(fingerprints); +#endif if (*flags & DNS_VERIFY_FOUND) if (*flags & DNS_VERIFY_MATCH) @@ -392,7 +392,7 @@ pwcopy(struct passwd *pw) struct passwd *copy = xcalloc(1, sizeof(*copy)); copy->pw_name = xstrdup(pw->pw_name); - copy->pw_passwd = xstrdup(pw->pw_passwd); + copy->pw_passwd = pw->pw_passwd ? xstrdup(pw->pw_passwd) : NULL; #ifdef HAVE_STRUCT_PASSWD_PW_GECOS copy->pw_gecos = xstrdup(pw->pw_gecos); #endif @@ -1895,7 +1895,9 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, char buf[PATH_MAX], homedir[PATH_MAX]; char *cp; int comparehome = 0; +#if !defined(ANDROID) struct stat st; +#endif if (realpath(name, buf) == NULL) { snprintf(err, errlen, "realpath %s failed: %s", name, @@ -1924,6 +1926,8 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, } strlcpy(buf, cp, sizeof(buf)); +#if !defined(ANDROID) + /* /data is owned by system user, which causes this check to fail */ if (stat(buf, &st) == -1 || (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || (st.st_mode & 022) != 0) { @@ -1931,6 +1935,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, "bad ownership or modes for directory %s", buf); return -1; } +#endif /* If are past the homedir then we can stop */ if (comparehome && strcmp(homedir, buf) == 0) @@ -882,18 +882,25 @@ int mm_answer_authpassword(struct ssh *ssh, int sock, struct sshbuf *m) { static int call_count; +#if !defined(ANDROID) char *passwd; +#endif int r, authenticated; - size_t plen; + size_t plen = 0; if (!options.password_authentication) fatal("%s: password authentication not enabled", __func__); +#if !defined(ANDROID) if ((r = sshbuf_get_cstring(m, &passwd, &plen)) != 0) fatal("%s: buffer error: %s", __func__, ssh_err(r)); /* Only authenticate if the context is valid */ authenticated = options.password_authentication && auth_password(ssh, passwd); freezero(passwd, plen); +#else + /* no password authentication in Android. */ + authenticated = 0; +#endif sshbuf_reset(m); if ((r = sshbuf_put_u32(m, authenticated)) != 0) diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index 1ab41f42..0b3fc3b2 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -123,6 +123,7 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, return (-1); } +#if !defined(ANDROID) # if defined(I_FIND) && defined(__SVR4) /* * If the streams modules have already been pushed then there @@ -141,6 +142,7 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, # ifndef __hpux ioctl(*aslave, I_PUSH, "ttcompat"); # endif /* __hpux */ +#endif return (0); diff --git a/openbsd-compat/bsd-statvfs.c b/openbsd-compat/bsd-statvfs.c index 10d87643..b05ee2b3 100644 --- a/openbsd-compat/bsd-statvfs.c +++ b/openbsd-compat/bsd-statvfs.c @@ -23,6 +23,11 @@ # include <sys/mount.h> #endif +#if defined(ANDROID) +#include <sys/param.h> +#define MNAMELEN PATH_MAX +#endif + #include <errno.h> #ifndef MNAMELEN diff --git a/openbsd-compat/explicit_bzero.c b/openbsd-compat/explicit_bzero.c index 6ef9825a..7a2fa354 100644 --- a/openbsd-compat/explicit_bzero.c +++ b/openbsd-compat/explicit_bzero.c @@ -31,7 +31,11 @@ explicit_bzero(void *p, size_t n) * Indirect bzero through a volatile pointer to hopefully avoid * dead-store optimisation eliminating the call. */ +#if defined(ANDROID) +static void (* volatile ssh_bzero)(void *, size_t) = __bionic_bzero; +#else static void (* volatile ssh_bzero)(void *, size_t) = bzero; +#endif void explicit_bzero(void *p, size_t n) diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c index ae00ff59..fdadd4e5 100644 --- a/openbsd-compat/libressl-api-compat.c +++ b/openbsd-compat/libressl-api-compat.c @@ -519,7 +519,9 @@ DH_set_length(DH *dh, long length) if (length < 0 || length > INT_MAX) return 0; +#if !defined(OPENSSL_IS_BORINGSSL) dh->length = length; +#endif return 1; } #endif /* HAVE_DH_SET_LENGTH */ diff --git a/prebuilt-intermediates/config.h b/prebuilt-intermediates/config.h new file mode 100644 index 00000000..3e8f585f --- /dev/null +++ b/prebuilt-intermediates/config.h @@ -0,0 +1,1661 @@ +/* config.h. Generated from config.h.in by configure and then hand modified for android */ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* Define if building universal (internal helper macro) */ +/* #undef AC_APPLE_UNIVERSAL_BUILD */ + +/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address + */ +/* #undef AIX_GETNAMEINFO_HACK */ + +/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */ +/* #undef AIX_LOGINFAILED_4ARG */ + +/* System only supports IPv4 audit records */ +/* #undef AU_IPv4 */ + +/* Define if your resolver libs need this for getrrsetbyname */ +/* #undef BIND_8_COMPAT */ + +/* Define if cmsg_type is not passed correctly */ +/* #undef BROKEN_CMSG_TYPE */ + +/* getaddrinfo is broken (if present) */ +/* #undef BROKEN_GETADDRINFO */ + +/* getgroups(0,NULL) will return -1 */ +/* #undef BROKEN_GETGROUPS */ + +/* FreeBSD glob does not do what we need */ +/* #undef BROKEN_GLOB */ + +/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ +/* #undef BROKEN_INET_NTOA */ + +/* ia_uinfo routines not supported by OS yet */ +/* #undef BROKEN_LIBIAF */ + +/* Ultrix mmap can't map files */ +/* #undef BROKEN_MMAP */ + +/* Define if your struct dirent expects you to allocate extra space for d_name + */ +/* #undef BROKEN_ONE_BYTE_DIRENT_D_NAME */ + +/* Can't do comparisons on readv */ +/* #undef BROKEN_READV_COMPARISON */ + +/* Define if you have a broken realpath. */ +/* #undef BROKEN_REALPATH */ + +/* Needed for NeXT */ +/* #undef BROKEN_SAVED_UIDS */ + +/* Define if your setregid() is broken */ +/* #undef BROKEN_SETREGID */ + +/* Define if your setresgid() is broken */ +/* #undef BROKEN_SETRESGID */ + +/* Define if your setresuid() is broken */ +/* #undef BROKEN_SETRESUID */ + +/* Define if your setreuid() is broken */ +/* #undef BROKEN_SETREUID */ + +/* LynxOS has broken setvbuf() implementation */ +/* #undef BROKEN_SETVBUF */ + +/* QNX shadow support is broken */ +/* #undef BROKEN_SHADOW_EXPIRE */ + +/* Define if your snprintf is busted */ +/* #undef BROKEN_SNPRINTF */ + +/* tcgetattr with ICANON may hang */ +/* #undef BROKEN_TCGETATTR_ICANON */ + +/* updwtmpx is broken (if present) */ +/* #undef BROKEN_UPDWTMPX */ + +/* Define if you have BSD auth support */ +/* #undef BSD_AUTH */ + +/* Define if you want to specify the path to your lastlog file */ +/* #undef CONF_LASTLOG_FILE */ + +/* Define if you want to specify the path to your utmp file */ +/* #undef CONF_UTMP_FILE */ + +/* Define if you want to specify the path to your wtmpx file */ +/* #undef CONF_WTMPX_FILE */ + +/* Define if you want to specify the path to your wtmp file */ +/* #undef CONF_WTMP_FILE */ + +/* Define if your platform needs to skip post auth file descriptor passing */ +/* #undef DISABLE_FD_PASSING */ + +/* Define if you don't want to use lastlog */ +/* #undef DISABLE_LASTLOG */ + +/* Define if you don't want to use your system's login() call */ +/* #undef DISABLE_LOGIN */ + +/* Define if you don't want to use pututline() etc. to write [uw]tmp */ +/* #undef DISABLE_PUTUTLINE */ + +/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */ +/* #undef DISABLE_PUTUTXLINE */ + +/* Define if you want to disable shadow passwords */ +#define DISABLE_SHADOW 1 + +/* Define if you don't want to use utmp */ +#define DISABLE_UTMP 1 + +/* Define if you don't want to use utmpx */ +#define DISABLE_UTMPX 1 + +/* Define if you don't want to use wtmp */ +#define DISABLE_WTMP 1 + +/* Define if you don't want to use wtmpx */ +#define DISABLE_WTMPX 1 + +/* Enable for PKCS#11 support */ +/* #define ENABLE_PKCS11 */ + +/* File names may not contain backslash characters */ +/* #undef FILESYSTEM_NO_BACKSLASH */ + +/* fsid_t has member val */ +/* #undef FSID_HAS_VAL */ + +/* fsid_t has member __val */ +/* #undef FSID_HAS___VAL */ + +/* Define to 1 if the `getpgrp' function requires zero arguments. */ +#define GETPGRP_VOID 1 + +/* Conflicting defs for getspnam */ +/* #undef GETSPNAM_CONFLICTING_DEFS */ + +/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */ +#define GLOB_HAS_ALTDIRFUNC 1 + +/* Define if your system glob() function has gl_matchc options in glob_t */ +/* #undef GLOB_HAS_GL_MATCHC */ + +/* Define if your system glob() function has gl_statv options in glob_t */ +/* #undef GLOB_HAS_GL_STATV */ + +/* Define this if you want GSSAPI support in the version 2 protocol */ +/* #undef GSSAPI */ + +/* Define if you want to use shadow password expire field */ +#define HAS_SHADOW_EXPIRE 1 + +/* Define if your system uses access rights style file descriptor passing */ +/* #undef HAVE_ACCRIGHTS_IN_MSGHDR */ + +/* Define if you have ut_addr in utmp.h */ +#define HAVE_ADDR_IN_UTMP 1 + +/* Define if you have ut_addr in utmpx.h */ +#define HAVE_ADDR_IN_UTMPX 1 + +/* Define if you have ut_addr_v6 in utmp.h */ +#define HAVE_ADDR_V6_IN_UTMP 1 + +/* Define if you have ut_addr_v6 in utmpx.h */ +#define HAVE_ADDR_V6_IN_UTMPX 1 + +/* Define to 1 if you have the `arc4random' function. */ +#define HAVE_ARC4RANDOM 1 + +/* Define to 1 if you have the `arc4random_buf' function. */ +#define HAVE_ARC4RANDOM_BUF 1 + +#ifndef __LP64__ +#define HAVE_ARC4RANDOM_STIR 1 +#endif + +/* Define to 1 if you have the `arc4random_uniform' function. */ +#define HAVE_ARC4RANDOM_UNIFORM 1 + +/* Define to 1 if you have the `asprintf' function. */ +#define HAVE_ASPRINTF 1 + +/* OpenBSD's gcc has bounded */ +/* #undef HAVE_ATTRIBUTE__BOUNDED__ */ + +/* Have attribute nonnull */ +#define HAVE_ATTRIBUTE__NONNULL__ 1 + +/* OpenBSD's gcc has sentinel */ +#define HAVE_ATTRIBUTE__SENTINEL__ 1 + +/* Define to 1 if you have the `aug_get_machine' function. */ +/* #undef HAVE_AUG_GET_MACHINE */ + +/* Define to 1 if you have the `b64_ntop' function. */ +/* #undef HAVE_B64_NTOP */ + +/* Define to 1 if you have the `b64_pton' function. */ +/* #undef HAVE_B64_PTON */ + +/* Define if you have the basename function. */ +#define HAVE_BASENAME 1 + +/* Define to 1 if you have the `bcopy' function. */ +#define HAVE_BCOPY 1 + +/* Define to 1 if you have the `bindresvport_sa' function. */ +/* #undef HAVE_BINDRESVPORT_SA */ + +/* Define to 1 if you have the `BN_is_prime_ex' function. */ +#define HAVE_BN_IS_PRIME_EX 1 + +/* Define to 1 if you have the <bsm/audit.h> header file. */ +/* #undef HAVE_BSM_AUDIT_H */ + +/* Define to 1 if you have the <bstring.h> header file. */ +/* #undef HAVE_BSTRING_H */ + +/* Define to 1 if you have the `bzero' function. */ +#define HAVE_BZERO 1 + +/* Define to 1 if you have the `clock' function. */ +#define HAVE_CLOCK 1 + +/* Have clock_gettime */ +#define HAVE_CLOCK_GETTIME 1 + +/* define if you have clock_t data type */ +#define HAVE_CLOCK_T 1 + +/* Define to 1 if you have the `closefrom' function. */ +/* #undef HAVE_CLOSEFROM */ + +/* Define if gai_strerror() returns const char * */ +#define HAVE_CONST_GAI_STRERROR_PROTO 1 + +/* Define if your system uses ancillary data style file descriptor passing */ +#define HAVE_CONTROL_IN_MSGHDR 1 + +/* Define to 1 if you have the <crypto/sha2.h> header file. */ +/* #undef HAVE_CRYPTO_SHA2_H */ + +/* Define to 1 if you have the <crypt.h> header file. */ +/* #define HAVE_CRYPT_H 1 */ + +/* Define if you are on Cygwin */ +/* #undef HAVE_CYGWIN */ + +/* Define if your libraries define daemon() */ +#define HAVE_DAEMON 1 + +#define HAVE_DECL_HOWMANY 0 + +/* Define to 1 if you have the declaration of `AI_NUMERICSERV', and to 0 if + you don't. */ +#define HAVE_DECL_AI_NUMERICSERV 1 + +/* Define to 1 if you have the declaration of `authenticate', and to 0 if you + don't. */ +/* #undef HAVE_DECL_AUTHENTICATE */ + +/* Define to 1 if you have the declaration of `getpeerid', and to 0 if you + don't. */ +#define HAVE_DECL_GETPEEREID 0 + +/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you + don't. */ +#define HAVE_DECL_GLOB_NOMATCH 1 + +/* Define to 1 if you have the declaration of `h_errno', and to 0 if you + don't. */ +#define HAVE_DECL_H_ERRNO 1 + +/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you + don't. */ +/* #undef HAVE_DECL_LOGINFAILED */ + +/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if + you don't. */ +/* #undef HAVE_DECL_LOGINRESTRICTIONS */ + +/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you + don't. */ +/* #undef HAVE_DECL_LOGINSUCCESS */ + +/* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you + don't. */ +#define HAVE_DECL_MAXSYMLINKS 1 + +/* Define to 1 if you have the declaration of `NFDBITS', and to 0 if you + don't. */ +#define HAVE_DECL_NFDBITS 1 + +/* Define to 1 if you have the declaration of `offsetof', and to 0 if you + don't. */ +#define HAVE_DECL_OFFSETOF 1 + +/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you + don't. */ +#define HAVE_DECL_O_NONBLOCK 1 + +/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you + don't. */ +/* #undef HAVE_DECL_PASSWDEXPIRED */ + +/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you + don't. */ +/* #undef HAVE_DECL_SETAUTHDB */ + +/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you + don't. */ +#define HAVE_DECL_SHUT_RD 1 + +/* Define to 1 if you have the declaration of `writev', and to 0 if you don't. + */ +#define HAVE_DECL_WRITEV 1 + +/* Define to 1 if you have the declaration of `_getlong', and to 0 if you + don't. */ +#define HAVE_DECL__GETLONG 0 + +/* Define to 1 if you have the declaration of `_getshort', and to 0 if you + don't. */ +#define HAVE_DECL__GETSHORT 0 + +/* Define if you have /dev/ptmx */ +#define HAVE_DEV_PTMX 1 + +/* Define if you have /dev/ptc */ +/* #undef HAVE_DEV_PTS_AND_PTC */ + +/* Define to 1 if you have the <dirent.h> header file. */ +#define HAVE_DIRENT_H 1 + +/* Define to 1 if you have the `dirfd' function. */ +#define HAVE_DIRFD 1 + +/* Define to 1 if you have the `dirname' function. */ +#define HAVE_DIRNAME 1 + +/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ +#define HAVE_DSA_GENERATE_PARAMETERS_EX 1 + +/* Define to 1 if you have the <elf.h> header file. */ +#define HAVE_ELF_H 1 + +/* Define to 1 if you have the `endgrent' function. */ +#define HAVE_ENDGRENT 1 + +/* Define to 1 if you have the <endian.h> header file. */ +#ifndef HAVE_ENDIAN_H +#define HAVE_ENDIAN_H 1 +#endif + +/* Define to 1 if you have the `endutent' function. */ +#define HAVE_ENDUTENT 1 + +/* Define to 1 if you have the `endutxent' function. */ +#define HAVE_ENDUTXENT 1 + +/* Define if your system has /etc/default/login */ +/* #undef HAVE_ETC_DEFAULT_LOGIN */ + +/* Define if libcrypto has EVP_CIPHER_CTX_ctrl */ +#define HAVE_EVP_CIPHER_CTX_CTRL 1 + +/* Define to 1 if you have the `EVP_DigestFinal_ex' function. */ +#define HAVE_EVP_DIGESTFINAL_EX 1 + +/* Define to 1 if you have the `EVP_DigestInit_ex' function. */ +#define HAVE_EVP_DIGESTINIT_EX 1 + +/* Define to 1 if you have the `EVP_MD_CTX_cleanup' function. */ +#define HAVE_EVP_MD_CTX_CLEANUP 1 + +/* Define to 1 if you have the `EVP_MD_CTX_copy_ex' function. */ +#define HAVE_EVP_MD_CTX_COPY_EX 1 + +/* Define to 1 if you have the `EVP_MD_CTX_init' function. */ +#define HAVE_EVP_MD_CTX_INIT 1 + +/* Define to 1 if you have the `EVP_sha256' function. */ +#define HAVE_EVP_SHA256 1 + +/* Define if you have ut_exit in utmp.h */ +#define HAVE_EXIT_IN_UTMP 1 + +/* Define to 1 if you have the `fchmod' function. */ +#define HAVE_FCHMOD 1 + +/* Define to 1 if you have the `fchown' function. */ +#define HAVE_FCHOWN 1 + +/* Use F_CLOSEM fcntl for closefrom */ +/* #undef HAVE_FCNTL_CLOSEM */ + +/* Define to 1 if you have the <fcntl.h> header file. */ +#define HAVE_FCNTL_H 1 + +/* Define to 1 if you have the <features.h> header file. */ +#define HAVE_FEATURES_H 1 + +/* Define to 1 if you have the <floatingpoint.h> header file. */ +/* #undef HAVE_FLOATINGPOINT_H */ + +/* Define to 1 if you have the `flock' function. */ +#define HAVE_FLOCK 1 + +/* Define to 1 if you have the `fmt_scaled' function. */ +/* #undef HAVE_FMT_SCALED */ + +/* Define to 1 if you have the `freeaddrinfo' function. */ +#define HAVE_FREEADDRINFO 1 + +/* Define to 1 if the system has the type `fsblkcnt_t'. */ +#define HAVE_FSBLKCNT_T 1 + +/* Define to 1 if the system has the type `fsfilcnt_t'. */ +#define HAVE_FSFILCNT_T 1 + +/* Define to 1 if you have the `fstatvfs' function. */ +/* #define HAVE_FSTATVFS 1 */ + +/* Define to 1 if you have the `futimes' function. */ +#define HAVE_FUTIMES 1 + +/* Define to 1 if you have the `gai_strerror' function. */ +#define HAVE_GAI_STRERROR 1 + +/* Define to 1 if you have the `getaddrinfo' function. */ +#define HAVE_GETADDRINFO 1 + +/* Define to 1 if you have the `getaudit' function. */ +/* #undef HAVE_GETAUDIT */ + +/* Define to 1 if you have the `getaudit_addr' function. */ +/* #undef HAVE_GETAUDIT_ADDR */ + +/* Define to 1 if you have the `getcwd' function. */ +#define HAVE_GETCWD 1 + +/* Define to 1 if you have the `getgrouplist' function. */ +/* #define HAVE_GETGROUPLIST 1 */ + +/* Define to 1 if you have the `getgrset' function. */ +/* #undef HAVE_GETGRSET */ + +/* Define to 1 if you have the `getlastlogxbyname' function. */ +/* #undef HAVE_GETLASTLOGXBYNAME */ + +/* Define to 1 if you have the `getline' function. */ +#define HAVE_GETLINE 1 + +/* Define to 1 if you have the `getluid' function. */ +/* #undef HAVE_GETLUID */ + +/* Define to 1 if you have the `getnameinfo' function. */ +#define HAVE_GETNAMEINFO 1 + +/* Define to 1 if you have the `getopt' function. */ +#define HAVE_GETOPT 1 + +/* Define to 1 if you have the <getopt.h> header file. */ +#define HAVE_GETOPT_H 1 + +/* Define if your getopt(3) defines and uses optreset */ +/* #undef HAVE_GETOPT_OPTRESET */ + +/* Define if your libraries define getpagesize() */ +#define HAVE_GETPAGESIZE 1 + +/* Define to 1 if you have the `getpeereid' function. */ +/* #undef HAVE_GETPEEREID */ + +/* Define to 1 if you have the `getpeerucred' function. */ +/* #undef HAVE_GETPEERUCRED */ + +/* Define to 1 if you have the `getpwanam' function. */ +/* #undef HAVE_GETPWANAM */ + +/* Define to 1 if you have the `getrlimit' function. */ +#define HAVE_GETRLIMIT 1 + +/* Define if getrrsetbyname() exists */ +/* #undef HAVE_GETRRSETBYNAME */ + +/* Define to 1 if you have the `getrusage' function. */ +/* #undef HAVE_GETRUSAGE */ + +/* Define to 1 if you have the `getseuserbyname' function. */ +/* #undef HAVE_GETSEUSERBYNAME */ + +/* Define to 1 if you have the `gettimeofday' function. */ +#define HAVE_GETTIMEOFDAY 1 + +/* Define to 1 if you have the `getttyent' function. */ +#define HAVE_GETTTYENT 1 + +/* Define to 1 if you have the `getutent' function. */ +#define HAVE_GETUTENT 1 + +/* Define to 1 if you have the `getutid' function. */ +#define HAVE_GETUTID 1 + +/* Define to 1 if you have the `getutline' function. */ +#define HAVE_GETUTLINE 1 + +/* Define to 1 if you have the `getutxent' function. */ +#define HAVE_GETUTXENT 1 + +/* Define to 1 if you have the `getutxid' function. */ +#define HAVE_GETUTXID 1 + +/* Define to 1 if you have the `getutxline' function. */ +#define HAVE_GETUTXLINE 1 + +/* Define to 1 if you have the `getutxuser' function. */ +/* #undef HAVE_GETUTXUSER */ + +/* Define to 1 if you have the `get_default_context_with_level' function. */ +/* #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL */ + +/* Define to 1 if you have the `glob' function. */ +#define HAVE_GLOB 1 + +/* Define to 1 if you have the <glob.h> header file. */ +#define HAVE_GLOB_H 1 + +/* Define to 1 if you have the `group_from_gid' function. */ +/* #undef HAVE_GROUP_FROM_GID */ + +/* Define to 1 if you have the <gssapi_generic.h> header file. */ +/* #undef HAVE_GSSAPI_GENERIC_H */ + +/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */ +/* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */ + +/* Define to 1 if you have the <gssapi/gssapi.h> header file. */ +/* #undef HAVE_GSSAPI_GSSAPI_H */ + +/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */ +/* #undef HAVE_GSSAPI_GSSAPI_KRB5_H */ + +/* Define to 1 if you have the <gssapi.h> header file. */ +/* #undef HAVE_GSSAPI_H */ + +/* Define to 1 if you have the <gssapi_krb5.h> header file. */ +/* #undef HAVE_GSSAPI_KRB5_H */ + +/* Define if HEADER.ad exists in arpa/nameser.h */ +#define HAVE_HEADER_AD 1 + +/* Define to 1 if you have the `HMAC_CTX_init' function. */ +#define HAVE_HMAC_CTX_INIT 1 + +/* Define if you have ut_host in utmp.h */ +#define HAVE_HOST_IN_UTMP 1 + +/* Define if you have ut_host in utmpx.h */ +#define HAVE_HOST_IN_UTMPX 1 + +/* Define to 1 if you have the <iaf.h> header file. */ +/* #undef HAVE_IAF_H */ + +/* Define to 1 if you have the <ia.h> header file. */ +/* #undef HAVE_IA_H */ + +/* Define if you have ut_id in utmp.h */ +#define HAVE_ID_IN_UTMP 1 + +/* Define if you have ut_id in utmpx.h */ +#define HAVE_ID_IN_UTMPX 1 + +/* Define to 1 if you have the `inet_aton' function. */ +#define HAVE_INET_ATON 1 + +/* Define to 1 if you have the `inet_ntoa' function. */ +#define HAVE_INET_NTOA 1 + +/* Define to 1 if you have the `inet_ntop' function. */ +#define HAVE_INET_NTOP 1 + +/* Define to 1 if you have the `innetgr' function. */ +/* #define HAVE_INNETGR 1 */ + +/* define if you have int64_t data type */ +#define HAVE_INT64_T 1 + +/* Define to 1 if the system has the type `intmax_t'. */ +#define HAVE_INTMAX_T 1 + +/* Define to 1 if you have the <inttypes.h> header file. */ +#define HAVE_INTTYPES_H 1 + +/* define if you have intxx_t data type */ +#define HAVE_INTXX_T 1 + +/* Define to 1 if the system has the type `in_addr_t'. */ +#define HAVE_IN_ADDR_T 1 + +/* Define to 1 if the system has the type `in_port_t'. */ +/* #define HAVE_IN_PORT_T 1 */ + +/* Define if you have isblank(3C). */ +#define HAVE_ISBLANK 1 + +/* Define to 1 if you have the <lastlog.h> header file. */ +#define HAVE_LASTLOG_H 1 + +/* Define to 1 if you have the <libaudit.h> header file. */ +/* #undef HAVE_LIBAUDIT_H */ + +/* Define to 1 if you have the `bsm' library (-lbsm). */ +/* #undef HAVE_LIBBSM */ + +/* Define to 1 if you have the `crypt' library (-lcrypt). */ +/* #undef HAVE_LIBCRYPT */ + +/* Define to 1 if you have the `dl' library (-ldl). */ +/* #undef HAVE_LIBDL */ + +/* Define to 1 if you have the <libgen.h> header file. */ +#define HAVE_LIBGEN_H 1 + +/* Define if system has libiaf that supports set_id */ +/* #undef HAVE_LIBIAF */ + +/* Define to 1 if you have the `network' library (-lnetwork). */ +/* #undef HAVE_LIBNETWORK */ + +/* Define to 1 if you have the `nsl' library (-lnsl). */ +#define HAVE_LIBNSL 1 + +/* Define to 1 if you have the `pam' library (-lpam). */ +/* #undef HAVE_LIBPAM */ + +/* Define to 1 if you have the `socket' library (-lsocket). */ +/* #undef HAVE_LIBSOCKET */ + +/* Define to 1 if you have the <libutil.h> header file. */ +/* #undef HAVE_LIBUTIL_H */ + +/* Define to 1 if you have the `xnet' library (-lxnet). */ +/* #undef HAVE_LIBXNET */ + +/* Define to 1 if you have the `z' library (-lz). */ +#define HAVE_LIBZ 1 + +/* Define to 1 if you have the <limits.h> header file. */ +#define HAVE_LIMITS_H 1 + +/* Define to 1 if you have the <linux/if_tun.h> header file. */ +#define HAVE_LINUX_IF_TUN_H 1 + +/* Define to 1 if you have the <locale.h> header file. */ +#define HAVE_LOCALE_H 1 + +/* Define if your libraries define login() */ +/* #define HAVE_LOGIN 1 */ + +/* Define to 1 if you have the <login_cap.h> header file. */ +/* #undef HAVE_LOGIN_CAP_H */ + +/* Define to 1 if you have the `login_getcapbool' function. */ +/* #undef HAVE_LOGIN_GETCAPBOOL */ + +/* Define to 1 if you have the <login.h> header file. */ +/* #undef HAVE_LOGIN_H */ + +/* Define to 1 if you have the `logout' function. */ +#define HAVE_LOGOUT 1 + +/* Define to 1 if you have the `logwtmp' function. */ +#define HAVE_LOGWTMP 1 + +/* Define to 1 if the system has the type `long double'. */ +#define HAVE_LONG_DOUBLE 1 + +/* Define to 1 if the system has the type `long long'. */ +#define HAVE_LONG_LONG 1 + +/* Define to 1 if you have the <maillock.h> header file. */ +/* #undef HAVE_MAILLOCK_H */ + +/* Define to 1 if you have the `mblen' function. */ +#define HAVE_MBLEN 1 + +/* Define to 1 if you have the `md5_crypt' function. */ +/* #undef HAVE_MD5_CRYPT */ + +/* Define if you want to allow MD5 passwords */ +/* #undef HAVE_MD5_PASSWORDS */ + +/* Define to 1 if you have the `memmem' function. */ +#define HAVE_MEMMEM 1 + +/* Define to 1 if you have the `memmove' function. */ +#define HAVE_MEMMOVE 1 + +/* Define to 1 if you have the <memory.h> header file. */ +#define HAVE_MEMORY_H 1 + +/* Define to 1 if you have the `mkdtemp' function. */ +#define HAVE_MKDTEMP 1 + +/* Define to 1 if you have the `mmap' function. */ +#define HAVE_MMAP 1 + +/* define if you have mode_t data type */ +#define HAVE_MODE_T 1 + +/* Some systems put nanosleep outside of libc */ +#define HAVE_NANOSLEEP 1 + +/* Define to 1 if you have the <ndir.h> header file. */ +/* #undef HAVE_NDIR_H */ + +/* Define to 1 if you have the <netdb.h> header file. */ +#define HAVE_NETDB_H 1 + +/* Define to 1 if you have the <netgroup.h> header file. */ +/* #undef HAVE_NETGROUP_H */ + +/* Define to 1 if you have the <net/if_tun.h> header file. */ +/* #undef HAVE_NET_IF_TUN_H */ + +/* Define if you are on NeXT */ +/* #undef HAVE_NEXT */ + +/* Define to 1 if you have the `ngetaddrinfo' function. */ +/* #undef HAVE_NGETADDRINFO */ + +/* Define to 1 if you have the `nsleep' function. */ +/* #undef HAVE_NSLEEP */ + +/* Define to 1 if you have the `ogetaddrinfo' function. */ +/* #undef HAVE_OGETADDRINFO */ + +/* Define if you have an old version of PAM which takes only one argument to + pam_strerror */ +/* #undef HAVE_OLD_PAM */ + +/* Define to 1 if you have the `openlog_r' function. */ +/* #undef HAVE_OPENLOG_R */ + +/* Define to 1 if you have the `openpty' function. */ +/* #define HAVE_OPENPTY 1 */ + +/* Define if your ssl headers are included with #include <openssl/header.h> */ +#define HAVE_OPENSSL 1 + +/* Define if you have Digital Unix Security Integration Architecture */ +/* #undef HAVE_OSF_SIA */ + +/* Define to 1 if you have the `pam_getenvlist' function. */ +/* #undef HAVE_PAM_GETENVLIST */ + +/* Define to 1 if you have the <pam/pam_appl.h> header file. */ +/* #undef HAVE_PAM_PAM_APPL_H */ + +/* Define to 1 if you have the `pam_putenv' function. */ +/* #undef HAVE_PAM_PUTENV */ + +/* Define to 1 if you have the <paths.h> header file. */ +#define HAVE_PATHS_H 1 + +/* Define if you have ut_pid in utmp.h */ +#define HAVE_PID_IN_UTMP 1 + +/* define if you have pid_t data type */ +#define HAVE_PID_T 1 + +/* Define to 1 if you have the `poll' function. */ +#define HAVE_POLL 1 + +/* Define to 1 if you have the <poll.h> header file. */ +#define HAVE_POLL_H 1 + +/* Define to 1 if you have the `prctl' function. */ +#define HAVE_PRCTL 1 + +/* Define if you have /proc/$pid/fd */ +#define HAVE_PROC_PID 1 + +/* Define to 1 if you have the `pstat' function. */ +/* #undef HAVE_PSTAT */ + +/* Define to 1 if you have the <pty.h> header file. */ +/* #define HAVE_PTY_H 1 */ + +/* Define to 1 if you have the `pututline' function. */ +#define HAVE_PUTUTLINE 1 + +/* Define to 1 if you have the `pututxline' function. */ +#define HAVE_PUTUTXLINE 1 + +/* Define to 1 if you have the `raise' function. */ +#define HAVE_RAISE 1 + +/* Define to 1 if you have the `readpassphrase' function. */ +/* #undef HAVE_READPASSPHRASE */ + +/* Define to 1 if you have the <readpassphrase.h> header file. */ +/* #undef HAVE_READPASSPHRASE_H */ + +/* Define to 1 if you have the `realpath' function. */ +#define HAVE_REALPATH 1 + +/* Define to 1 if you have the `recvmsg' function. */ +#define HAVE_RECVMSG 1 + +/* sys/resource.h has RLIMIT_NPROC */ +#define HAVE_RLIMIT_NPROC /**/ + +/* Define to 1 if you have the <rpc/types.h> header file. */ +/* #define HAVE_RPC_TYPES_H 1 */ + +/* Define to 1 if you have the `rresvport_af' function. */ +/* #define HAVE_RRESVPORT_AF 1 */ + +/* Define to 1 if you have the `RSA_generate_key_ex' function. */ +#define HAVE_RSA_GENERATE_KEY_EX 1 + +/* Define to 1 if you have the `RSA_get_default_method' function. */ +#define HAVE_RSA_GET_DEFAULT_METHOD 1 + +/* Define to 1 if you have the <sandbox.h> header file. */ +/* #undef HAVE_SANDBOX_H */ + +/* Define to 1 if you have the `sandbox_init' function. */ +/* #undef HAVE_SANDBOX_INIT */ + +/* define if you have sa_family_t data type */ +#define HAVE_SA_FAMILY_T 1 + +/* Define if you have SecureWare-based protected password database */ +/* #undef HAVE_SECUREWARE */ + +/* Define to 1 if you have the <security/pam_appl.h> header file. */ +/* #undef HAVE_SECURITY_PAM_APPL_H */ + +/* Define to 1 if you have the `sendmsg' function. */ +#define HAVE_SENDMSG 1 + +/* Define to 1 if you have the `setauthdb' function. */ +/* #undef HAVE_SETAUTHDB */ + +/* Define to 1 if you have the `setdtablesize' function. */ +/* #undef HAVE_SETDTABLESIZE */ + +/* Define to 1 if you have the `setegid' function. */ +#define HAVE_SETEGID 1 + +/* Define to 1 if you have the `setenv' function. */ +#define HAVE_SETENV 1 + +/* Define to 1 if you have the `seteuid' function. */ +#define HAVE_SETEUID 1 + +/* Define to 1 if you have the `setgroupent' function. */ +/* #undef HAVE_SETGROUPENT */ + +/* Define to 1 if you have the `setgroups' function. */ +#define HAVE_SETGROUPS 1 + +/* Define to 1 if you have the `setlinebuf' function. */ +#define HAVE_SETLINEBUF 1 + +/* Define to 1 if you have the `setlogin' function. */ +/* #undef HAVE_SETLOGIN */ + +/* Define to 1 if you have the `setluid' function. */ +/* #undef HAVE_SETLUID */ + +/* Define to 1 if you have the `setpassent' function. */ +/* #undef HAVE_SETPASSENT */ + +/* Define to 1 if you have the `setpcred' function. */ +/* #undef HAVE_SETPCRED */ + +/* Define to 1 if you have the `setproctitle' function. */ +/* #undef HAVE_SETPROCTITLE */ + +/* Define to 1 if you have the `setregid' function. */ +#define HAVE_SETREGID 1 + +/* Define to 1 if you have the `setresgid' function. */ +#define HAVE_SETRESGID 1 + +/* Define to 1 if you have the `setresuid' function. */ +#define HAVE_SETRESUID 1 + +/* Define to 1 if you have the `setreuid' function. */ +#define HAVE_SETREUID 1 + +/* Define to 1 if you have the `setrlimit' function. */ +#define HAVE_SETRLIMIT 1 + +/* Define to 1 if you have the `setsid' function. */ +#define HAVE_SETSID 1 + +/* Define to 1 if you have the `setutent' function. */ +#define HAVE_SETUTENT 1 + +/* Define to 1 if you have the `setutxdb' function. */ +/* #undef HAVE_SETUTXDB */ + +/* Define to 1 if you have the `setutxent' function. */ +#define HAVE_SETUTXENT 1 + +/* Define to 1 if you have the `setvbuf' function. */ +#define HAVE_SETVBUF 1 + +/* Define to 1 if you have the `set_id' function. */ +/* #undef HAVE_SET_ID */ + +/* Define to 1 if you have the `SHA256_Update' function. */ +#define HAVE_SHA256_UPDATE 1 + +/* Define to 1 if you have the <sha2.h> header file. */ +/* #undef HAVE_SHA2_H */ + +/* Define to 1 if you have the <shadow.h> header file. */ +/* #define HAVE_SHADOW_H 1 */ + +/* Define to 1 if you have the `sigaction' function. */ +#define HAVE_SIGACTION 1 + +/* Define to 1 if you have the `sigvec' function. */ +#define HAVE_SIGVEC 1 + +/* Define to 1 if the system has the type `sig_atomic_t'. */ +#define HAVE_SIG_ATOMIC_T 1 + +/* define if you have size_t data type */ +#define HAVE_SIZE_T 1 + +/* Define to 1 if you have the `snprintf' function. */ +#define HAVE_SNPRINTF 1 + +/* Define to 1 if you have the `socketpair' function. */ +#define HAVE_SOCKETPAIR 1 + +/* Have PEERCRED socket option */ +#define HAVE_SO_PEERCRED 1 + +/* define if you have ssize_t data type */ +#define HAVE_SSIZE_T 1 + +/* Fields in struct sockaddr_storage */ +#define HAVE_SS_FAMILY_IN_SS 1 + +/* Define to 1 if you have the `statfs' function. */ +#define HAVE_STATFS 1 + +/* Define to 1 if you have the `statvfs' function. */ +/* #define HAVE_STATVFS 1 */ + +/* Define to 1 if you have the <stddef.h> header file. */ +#define HAVE_STDDEF_H 1 + +/* Define to 1 if you have the <stdint.h> header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the <stdlib.h> header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the `strdup' function. */ +#define HAVE_STRDUP 1 + +/* Define to 1 if you have the `strerror' function. */ +#define HAVE_STRERROR 1 + +/* Define to 1 if you have the `strftime' function. */ +#define HAVE_STRFTIME 1 + +/* Silly mkstemp() */ +#define HAVE_STRICT_MKSTEMP 1 + +/* Define to 1 if you have the <strings.h> header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the <string.h> header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the `strlcat' function. */ +/* #undef HAVE_STRLCAT */ + +/* Define to 1 if you have the `strlcpy' function. */ +/* #undef HAVE_STRLCPY */ + +/* Define to 1 if you have the `strmode' function. */ +/* #undef HAVE_STRMODE */ + +/* Define to 1 if you have the `strndup' function. */ +#define HAVE_STRNDUP 1 + +/* Define to 1 if you have the `strnlen' function. */ +#define HAVE_STRNLEN 1 + +/* Define to 1 if you have the `strnvis' function. */ +/* #undef HAVE_STRNVIS */ + +/* Define to 1 if you have the `strptime' function. */ +#define HAVE_STRPTIME 1 + +/* Define to 1 if you have the `strsep' function. */ +#define HAVE_STRSEP 1 + +/* Define to 1 if you have the `strsignal' function. */ +#define HAVE_STRSIGNAL 1 + +/* Define to 1 if you have the `strtoll' function. */ +#define HAVE_STRTOLL 1 + +/* Define to 1 if you have the `strtonum' function. */ +/* #undef HAVE_STRTONUM */ + +/* Define to 1 if you have the `strtoul' function. */ +#define HAVE_STRTOUL 1 + +/* Define to 1 if you have the `strtoull' function. */ +#define HAVE_STRTOULL 1 + +/* define if you have struct addrinfo data type */ +#define HAVE_STRUCT_ADDRINFO 1 + +/* define if you have struct in6_addr data type */ +#define HAVE_STRUCT_IN6_ADDR 1 + +/* define if you have struct sockaddr_in6 data type */ +#define HAVE_STRUCT_SOCKADDR_IN6 1 + +/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */ +#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1 + +/* define if you have struct sockaddr_storage data type */ +#define HAVE_STRUCT_SOCKADDR_STORAGE 1 + +/* Define to 1 if `st_blksize' is a member of `struct stat'. */ +#define HAVE_STRUCT_STAT_ST_BLKSIZE 1 + +/* Define to 1 if the system has the type `struct timespec'. */ +#define HAVE_STRUCT_TIMESPEC 1 + +/* define if you have struct timeval */ +#define HAVE_STRUCT_TIMEVAL 1 + +/* Define to 1 if you have the `swap32' function. */ +/* #undef HAVE_SWAP32 */ + +/* Define to 1 if you have the `sysconf' function. */ +#define HAVE_SYSCONF 1 + +/* Define if you have syslen in utmpx.h */ +/* #undef HAVE_SYSLEN_IN_UTMPX */ + +/* Define to 1 if you have the <sys/audit.h> header file. */ +/* #undef HAVE_SYS_AUDIT_H */ + +/* Define to 1 if you have the <sys/bitypes.h> header file. */ +/* #define HAVE_SYS_BITYPES_H 1 */ + +/* Define to 1 if you have the <sys/bsdtty.h> header file. */ +/* #undef HAVE_SYS_BSDTTY_H */ + +/* Define to 1 if you have the <sys/cdefs.h> header file. */ +#define HAVE_SYS_CDEFS_H 1 + +/* Define to 1 if you have the <sys/dir.h> header file. */ +#define HAVE_SYS_DIR_H 1 + +/* Define if your system defines sys_errlist[] */ +#define HAVE_SYS_ERRLIST 1 + +/* Define to 1 if you have the <sys/mman.h> header file. */ +#define HAVE_SYS_MMAN_H 1 + +/* Define to 1 if you have the <sys/mount.h> header file. */ +#define HAVE_SYS_MOUNT_H 1 + +/* Define to 1 if you have the <sys/ndir.h> header file. */ +/* #undef HAVE_SYS_NDIR_H */ + +/* Define if your system defines sys_nerr */ +#define HAVE_SYS_NERR 1 + +/* Define to 1 if you have the <sys/poll.h> header file. */ +#define HAVE_SYS_POLL_H 1 + +/* Define to 1 if you have the <sys/prctl.h> header file. */ +#define HAVE_SYS_PRCTL_H 1 + +/* Define to 1 if you have the <sys/pstat.h> header file. */ +/* #undef HAVE_SYS_PSTAT_H */ + +/* Define to 1 if you have the <sys/ptms.h> header file. */ +/* #undef HAVE_SYS_PTMS_H */ + +/* Define to 1 if you have the <sys/select.h> header file. */ +#define HAVE_SYS_SELECT_H 1 + +/* Define to 1 if you have the <sys/statvfs.h> header file. */ +/* #define HAVE_SYS_STATVFS_H 1 */ + +/* Define to 1 if you have the <sys/stat.h> header file. */ +#define HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the <sys/stream.h> header file. */ +/* #undef HAVE_SYS_STREAM_H */ + +/* Define to 1 if you have the <sys/stropts.h> header file. */ +/* #undef HAVE_SYS_STROPTS_H */ + +/* Define to 1 if you have the <sys/strtio.h> header file. */ +/* #undef HAVE_SYS_STRTIO_H */ + +/* Force use of sys/syslog.h on Ultrix */ +/* #undef HAVE_SYS_SYSLOG_H */ + +/* Define to 1 if you have the <sys/sysmacros.h> header file. */ +#define HAVE_SYS_SYSMACROS_H 1 + +/* Define to 1 if you have the <sys/timers.h> header file. */ +/* #undef HAVE_SYS_TIMERS_H */ + +/* Define to 1 if you have the <sys/time.h> header file. */ +#define HAVE_SYS_TIME_H 1 + +/* Define to 1 if you have the <sys/types.h> header file. */ +#define HAVE_SYS_TYPES_H 1 + +/* Define to 1 if you have the <sys/un.h> header file. */ +#define HAVE_SYS_UN_H 1 + +/* Define to 1 if you have the `tcgetpgrp' function. */ +#define HAVE_TCGETPGRP 1 + +/* Define to 1 if you have the `tcsendbreak' function. */ +#define HAVE_TCSENDBREAK 1 + +/* Define to 1 if you have the `time' function. */ +#define HAVE_TIME 1 + +/* Define to 1 if you have the <time.h> header file. */ +#define HAVE_TIME_H 1 + +/* Define if you have ut_time in utmp.h */ +/* #undef HAVE_TIME_IN_UTMP */ + +/* Define if you have ut_time in utmpx.h */ +/* #undef HAVE_TIME_IN_UTMPX */ + +/* Define to 1 if you have the `timingsafe_bcmp' function. */ +/* #undef HAVE_TIMINGSAFE_BCMP */ + +/* Define to 1 if you have the <tmpdir.h> header file. */ +/* #undef HAVE_TMPDIR_H */ + +/* Define to 1 if you have the `truncate' function. */ +#define HAVE_TRUNCATE 1 + +/* Define to 1 if you have the <ttyent.h> header file. */ +/* #define HAVE_TTYENT_H 1 */ + +/* Define if you have ut_tv in utmp.h */ +#define HAVE_TV_IN_UTMP 1 + +/* Define if you have ut_tv in utmpx.h */ +#define HAVE_TV_IN_UTMPX 1 + +/* Define if you have ut_type in utmp.h */ +#define HAVE_TYPE_IN_UTMP 1 + +/* Define if you have ut_type in utmpx.h */ +#define HAVE_TYPE_IN_UTMPX 1 + +/* Define to 1 if you have the <ucred.h> header file. */ +/* #undef HAVE_UCRED_H */ + +/* Define to 1 if the system has the type `uintmax_t'. */ +#define HAVE_UINTMAX_T 1 + +/* define if you have uintxx_t data type */ +#define HAVE_UINTXX_T 1 + +/* Define to 1 if you have the <unistd.h> header file. */ +#define HAVE_UNISTD_H 1 + +/* Define to 1 if you have the `unsetenv' function. */ +#define HAVE_UNSETENV 1 + +/* Define to 1 if the system has the type `unsigned long long'. */ +#define HAVE_UNSIGNED_LONG_LONG 1 + +/* Define to 1 if you have the `updwtmp' function. */ +#define HAVE_UPDWTMP 1 + +/* Define to 1 if you have the `updwtmpx' function. */ +#define HAVE_UPDWTMPX 1 + +/* Define to 1 if you have the <usersec.h> header file. */ +/* #undef HAVE_USERSEC_H */ + +/* Define to 1 if you have the `user_from_uid' function. */ +/* #undef HAVE_USER_FROM_UID */ + +/* Define to 1 if you have the `usleep' function. */ +#define HAVE_USLEEP 1 + +/* Define to 1 if you have the <util.h> header file. */ +/* #undef HAVE_UTIL_H */ + +/* Define to 1 if you have the `utimes' function. */ +#define HAVE_UTIMES 1 + +/* Define to 1 if you have the <utime.h> header file. */ +#define HAVE_UTIME_H 1 + +/* Define to 1 if you have the `utmpname' function. */ +#define HAVE_UTMPNAME 1 + +/* Define to 1 if you have the `utmpxname' function. */ +#define HAVE_UTMPXNAME 1 + +/* Define to 1 if you have the <utmpx.h> header file. */ +/* #define HAVE_UTMPX_H 1 */ + +/* Define to 1 if you have the <utmp.h> header file. */ +#define HAVE_UTMP_H 1 + +/* define if you have u_char data type */ +#define HAVE_U_CHAR 1 + +/* define if you have u_int data type */ +#define HAVE_U_INT 1 + +/* define if you have u_int64_t data type */ +#define HAVE_U_INT64_T 1 + +/* define if you have u_intxx_t data type */ +#define HAVE_U_INTXX_T 1 + +/* Define to 1 if you have the `vasprintf' function. */ +#define HAVE_VASPRINTF 1 + +/* Define if va_copy exists */ +#define HAVE_VA_COPY 1 + +/* Define to 1 if you have the `vhangup' function. */ +/* #define HAVE_VHANGUP 1 */ + +/* Define to 1 if you have the <vis.h> header file. */ +/* #undef HAVE_VIS_H */ + +/* Define to 1 if you have the `vsnprintf' function. */ +#define HAVE_VSNPRINTF 1 + +/* Define to 1 if you have the `waitpid' function. */ +#define HAVE_WAITPID 1 + +/* Define to 1 if you have the `_getlong' function. */ +#define HAVE__GETLONG 1 + +/* Define to 1 if you have the `_getpty' function. */ +/* #undef HAVE__GETPTY */ + +/* Define to 1 if you have the `_getshort' function. */ +#define HAVE__GETSHORT 1 + +/* Define if you have struct __res_state _res as an extern */ +#define HAVE__RES_EXTERN 1 + +/* Define to 1 if you have the `__b64_ntop' function. */ +/* #undef HAVE___B64_NTOP */ + +/* Define to 1 if you have the `__b64_pton' function. */ +/* #undef HAVE___B64_PTON */ + +/* Define if compiler implements __FUNCTION__ */ +#define HAVE___FUNCTION__ 1 + +/* Define if libc defines __progname */ +#define HAVE___PROGNAME 1 + +/* Fields in struct sockaddr_storage */ +/* #undef HAVE___SS_FAMILY_IN_SS */ + +/* Define if __va_copy exists */ +#define HAVE___VA_COPY 1 + +/* Define if compiler implements __func__ */ +#define HAVE___func__ 1 + +/* Define this if you are using the Heimdal version of Kerberos V5 */ +/* #undef HEIMDAL */ + +/* Define if you need to use IP address instead of hostname in $DISPLAY */ +/* #undef IPADDR_IN_DISPLAY */ + +/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ +#define IPV4_IN_IPV6 1 + +/* Define if your system choked on IP TOS setting */ +/* #undef IP_TOS_IS_BROKEN */ + +/* Define if you want Kerberos 5 support */ +/* #undef KRB5 */ + +/* Define if pututxline updates lastlog too */ +/* #undef LASTLOG_WRITE_PUTUTXLINE */ + +/* Define if you want TCP Wrappers support */ +/* #undef LIBWRAP */ + +/* Define to whatever link() returns for "not supported" if it doesn't return + EOPNOTSUPP. */ +#define LINK_OPNOTSUPP_ERRNO EPERM + +/* Adjust Linux out-of-memory killer */ +#define LINUX_OOM_ADJUST 1 + +/* max value of long long calculated by configure */ +/* #undef LLONG_MAX */ + +/* min value of long long calculated by configure */ +/* #undef LLONG_MIN */ + +/* Account locked with pw(1) */ +#define LOCKED_PASSWD_PREFIX "!" + +/* String used in /etc/passwd to denote locked account */ +/* #undef LOCKED_PASSWD_STRING */ + +/* String used in /etc/passwd to denote locked account */ +/* #undef LOCKED_PASSWD_SUBSTR */ + +/* Some versions of /bin/login need the TERM supplied on the commandline */ +/* #undef LOGIN_NEEDS_TERM */ + +/* Some systems need a utmpx entry for /bin/login to work */ +/* #undef LOGIN_NEEDS_UTMPX */ + +/* Define if your login program cannot handle end of options ("--") */ +/* #undef LOGIN_NO_ENDOPT */ + +/* If your header files don't define LOGIN_PROGRAM, then use this (detected) + from environment and PATH */ +#define LOGIN_PROGRAM_FALLBACK "/bin/login" + +/* Set this to your mail directory if you do not have _PATH_MAILDIR */ +/* #undef MAIL_DIRECTORY */ + +/* Need setpgrp to acquire controlling tty */ +/* #undef NEED_SETPGRP */ + +/* Define if the concept of ports only accessible to superusers isn't known */ +/* #undef NO_IPPORT_RESERVED_CONCEPT */ + +/* Define if you don't want to use lastlog in session.c */ +/* #undef NO_SSH_LASTLOG */ + +/* Define if X11 doesn't support AF_UNIX sockets on that system */ +/* #undef NO_X11_UNIX_SOCKETS */ + +/* Define if EVP_DigestUpdate returns void */ +/* #undef OPENSSL_EVP_DIGESTUPDATE_VOID */ + +/* libcrypto includes complete ECC support */ +#define OPENSSL_HAS_ECC 1 + +/* libcrypto has NID_X9_62_prime256v1 */ +#define OPENSSL_HAS_NISTP256 1 + +/* libcrypto has NID_secp384r1 */ +#define OPENSSL_HAS_NISTP384 1 + +/* libcrypto has NID_secp521r1 */ +#define OPENSSL_HAS_NISTP521 1 + +/* libcrypto has EVP AES CTR */ +#define OPENSSL_HAVE_EVPCTR 1 + +/* libcrypto has EVP AES GCM */ +#define OPENSSL_HAVE_EVPGCM 1 + +/* libcrypto is missing AES 192 and 256 bit functions */ +/* #undef OPENSSL_LOBOTOMISED_AES */ + +/* Define if you want OpenSSL's internally seeded PRNG only */ +#define OPENSSL_PRNG_ONLY 1 + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "openssh-unix-dev@mindrot.org" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "OpenSSH" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "OpenSSH Portable" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "openssh" + +/* Define to the home page for this package. */ +#define PACKAGE_URL "" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "Portable" + +/* Define if you are using Solaris-derived PAM which passes pam_messages to + the conversation function with an extra level of indirection */ +/* #undef PAM_SUN_CODEBASE */ + +/* Work around problematic Linux PAM modules handling of PAM_TTY */ +#define PAM_TTY_KLUDGE 1 + +/* must supply username to passwd */ +/* #undef PASSWD_NEEDS_USERNAME */ + +/* Port number of PRNGD/EGD random number socket */ +/* #undef PRNGD_PORT */ + +/* Location of PRNGD/EGD random number socket */ +/* #undef PRNGD_SOCKET */ + +/* read(1) can return 0 for a non-closed fd */ +/* #undef PTY_ZEROREAD */ + +/* Sandbox using Darwin sandbox_init(3) */ +/* #undef SANDBOX_DARWIN */ + +/* no privsep sandboxing */ +/* #undef SANDBOX_NULL */ + +/* Sandbox using setrlimit(2) */ +#define SANDBOX_RLIMIT 1 + +/* Sandbox using systrace(4) */ +/* #undef SANDBOX_SYSTRACE */ + +/* Define if your platform breaks doing a seteuid before a setuid */ +/* #undef SETEUID_BREAKS_SETUID */ + +/* The size of `int', as computed by sizeof. */ +#define SIZEOF_INT 4 + +/* The size of `long int', as computed by sizeof. */ +#define SIZEOF_LONG_INT 8 + +/* The size of `long long int', as computed by sizeof. */ +#define SIZEOF_LONG_LONG_INT 8 + +/* The size of `short int', as computed by sizeof. */ +#define SIZEOF_SHORT_INT 2 + +/* Define if you want S/Key support */ +/* #undef SKEY */ + +/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */ +/* #undef SKEYCHALLENGE_4ARG */ + +/* Define as const if snprintf() can declare const char *fmt */ +#define SNPRINTF_CONST const + +/* Define to a Set Process Title type if your system is supported by + bsd-setproctitle.c */ +#define SPT_TYPE SPT_REUSEARGV + +/* Define if sshd somehow reacquires a controlling TTY after setsid() */ +/* #undef SSHD_ACQUIRES_CTTY */ + +/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */ +/* #undef SSHPAM_CHAUTHTOK_NEEDS_RUID */ + +/* Use audit debugging module */ +/* #undef SSH_AUDIT_EVENTS */ + +/* Windows is sensitive to read buffer size */ +/* #undef SSH_IOBUFSZ */ + +/* non-privileged user for privilege separation */ +#define SSH_PRIVSEP_USER "shell" + +/* Use tunnel device compatibility to OpenBSD */ +#define SSH_TUN_COMPAT_AF 1 + +/* Open tunnel devices the FreeBSD way */ +/* #undef SSH_TUN_FREEBSD */ + +/* Open tunnel devices the Linux tun/tap way */ +#define SSH_TUN_LINUX 1 + +/* No layer 2 tunnel support */ +/* #undef SSH_TUN_NO_L2 */ + +/* Open tunnel devices the OpenBSD way */ +/* #undef SSH_TUN_OPENBSD */ + +/* Prepend the address family to IP tunnel traffic */ +#define SSH_TUN_PREPEND_AF 1 + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Define if you want a different $PATH for the superuser */ +/* #undef SUPERUSER_PATH */ + +/* syslog_r function is safe to use in in a signal handler */ +/* #undef SYSLOG_R_SAFE_IN_SIGHAND */ + +/* Support passwords > 8 chars */ +/* #undef UNIXWARE_LONG_PASSWORDS */ + +/* Specify default $PATH */ +#define USER_PATH "/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin" + +/* Define this if you want to use libkafs' AFS support */ +/* #undef USE_AFS */ + +/* Use BSM audit module */ +/* #undef USE_BSM_AUDIT */ + +/* Use btmp to log bad logins */ +/* #define USE_BTMP 1 */ + +/* Use libedit for sftp */ +/* #undef USE_LIBEDIT */ + +/* Use Linux audit module */ +/* #undef USE_LINUX_AUDIT */ + +/* Enable OpenSSL engine support */ +/* #undef USE_OPENSSL_ENGINE */ + +/* Define if you want to enable PAM support */ +/* #undef USE_PAM */ + +/* Use PIPES instead of a socketpair() */ +/* #undef USE_PIPES */ + +/* Define if you have Solaris process contracts */ +/* #undef USE_SOLARIS_PROCESS_CONTRACTS */ + +/* Define if you have Solaris projects */ +/* #undef USE_SOLARIS_PROJECTS */ + +/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ +/* #undef WITH_ABBREV_NO_TTY */ + +/* Define if you want to enable AIX4's authenticate function */ +/* #undef WITH_AIXAUTHENTICATE */ + +/* Define if you have/want arrays (cluster-wide session managment, not C + arrays) */ +/* #undef WITH_IRIX_ARRAY */ + +/* Define if you want IRIX audit trails */ +/* #undef WITH_IRIX_AUDIT */ + +/* Define if you want IRIX kernel jobs */ +/* #undef WITH_IRIX_JOBS */ + +/* Define if you want IRIX project management */ +/* #undef WITH_IRIX_PROJECT */ + +/* use libcrypto for cryptography */ +#define WITH_OPENSSL 1 + +/* Define if you want SELinux support. */ +/* #undef WITH_SELINUX */ + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +/* # undef WORDS_BIGENDIAN */ +# endif +#endif + +/* Define if xauth is found in your path */ +#define XAUTH_PATH "/usr/bin/xauth" + +/* Number of bits in a file offset, on hosts where this is settable. */ +/* #undef _FILE_OFFSET_BITS */ + +/* Define for large files, on AIX-style hosts. */ +/* #undef _LARGE_FILES */ + +/* log for bad login attempts */ +#define _PATH_BTMP "/var/log/btmp" + +/* Full path of your "passwd" program */ +#define _PATH_PASSWD_PROG "/usr/bin/passwd" + +/* Specify location of ssh.pid */ +#define _PATH_SSH_PIDDIR "/var/run" + +/* Define if we don't have struct __res_state in resolv.h */ +/* #undef __res_state */ + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +/* #undef inline */ +#endif + +/* type to use in place of socklen_t if not defined */ +/* #undef socklen_t */ + +#ifndef SSHDIR +#define SSHDIR "/data/ssh" +#endif + +#define _PATH_PRIVSEP_CHROOT_DIR SSHDIR "/empty" + +#define _PATH_SSH_PROGRAM "/system/bin/sftp" + +/* Utilize some of the LibreSSL compatibility layer */ +#define HAVE_DH_GET0_KEY 1 +#define HAVE_DH_GET0_PQG 1 +#define HAVE_DH_SET0_KEY 1 +#define HAVE_DH_SET0_PQG 1 +#undef HAVE_DH_SET_LENGTH +#define HAVE_DSA_GET0_KEY 1 +#define HAVE_DSA_GET0_PQG 1 +#define HAVE_DSA_SET0_KEY 1 +#define HAVE_DSA_SET0_PQG 1 +#undef HAVE_DSA_SIG_GET0 +#undef HAVE_DSA_SIG_SET0 +#define HAVE_ECDSA_SIG_GET0 1 +#define HAVE_ECDSA_SIG_SET0 1 +#undef HAVE_EVP_CIPHER_CTX_GET_IV +#undef HAVE_EVP_CIPHER_CTX_SET_IV +#define HAVE_EVP_MD_CTX_FREE 1 +#define HAVE_EVP_MD_CTX_NEW 1 +#define HAVE_EVP_PKEY_GET0_RSA 1 +#define HAVE_RSA_GET0_CRT_PARAMS 1 +#define HAVE_RSA_GET0_FACTORS 1 +#define HAVE_RSA_GET0_KEY 1 +#define HAVE_RSA_METH_DUP 1 +#define HAVE_RSA_METH_FREE 1 +#define HAVE_RSA_METH_GET_FINISH 1 +#define HAVE_RSA_METH_SET1_NAME 1 +#define HAVE_RSA_METH_SET_FINISH 1 +#define HAVE_RSA_METH_SET_PRIV_DEC 1 +#define HAVE_RSA_METH_SET_PRIV_ENC 1 +#define HAVE_RSA_SET0_CRT_PARAMS 1 +#define HAVE_RSA_SET0_FACTORS 1 +#define HAVE_RSA_SET0_KEY 1 @@ -70,6 +70,10 @@ #include "myproposal.h" #include "digest.h" +#if defined(ANDROID) +#include <cutils/properties.h> +#endif + static void add_listen_addr(ServerOptions *, const char *, const char *, int); static void add_one_listen_addr(ServerOptions *, const char *, @@ -2421,10 +2425,20 @@ parse_server_match_config(ServerOptions *options, struct include_list *includes, struct connection_info *connectinfo) { ServerOptions mo; +#if defined(ANDROID) + char value[PROPERTY_VALUE_MAX]; +#endif initialize_server_options(&mo); parse_server_config(&mo, "reprocess config", cfg, includes, connectinfo); +#if defined(ANDROID) + /* Allow root login if ro.debuggable is set. */ + property_get("ro.debuggable", value, ""); + if (strcmp(value, "1") == 0) { + mo.permit_root_login = PERMIT_YES; + } +#endif copy_set_server_options(options, &mo, 0); } @@ -1056,11 +1056,13 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell) # endif /* HAVE_CYGWIN */ #endif /* HAVE_LOGIN_CAP */ +#if !defined(ANDROID) if (!options.use_pam) { snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); child_set_env(&env, &envsize, "MAIL", buf); } +#endif /* Normal systems set SHELL by default. */ child_set_env(&env, &envsize, "SHELL", shell); @@ -132,8 +132,10 @@ ssh_rsa_complete_crt_parameters(struct sshkey *key, const BIGNUM *iqmp) r = SSH_ERR_ALLOC_FAIL; goto out; } +#if !defined(OPENSSL_IS_BORINGSSL) BN_set_flags(aux, BN_FLG_CONSTTIME); BN_set_flags(d_consttime, BN_FLG_CONSTTIME); +#endif if ((BN_sub(aux, rsa_q, BN_value_one()) == 0) || (BN_mod(rsa_dmq1, d_consttime, aux, ctx) == 0) || @@ -1763,7 +1763,9 @@ main(int ac, char **av) freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd)); privsep_pw->pw_passwd = xstrdup("*"); } +#if !defined(ANDROID) endpwent(); +#endif /* load host keys */ sensitive_data.host_keys = xcalloc(options.num_host_key_files, diff --git a/sshd_config.android b/sshd_config.android new file mode 100644 index 00000000..211ac528 --- /dev/null +++ b/sshd_config.android @@ -0,0 +1,5 @@ +Protocol 2 +HostKey /data/ssh/ssh_host_rsa_key +HostKey /data/ssh/ssh_host_dsa_key +AuthorizedKeysFile /data/ssh/authorized_keys +PasswordAuthentication no @@ -4454,7 +4454,9 @@ translate_libcrypto_error(unsigned long pem_err) case ERR_LIB_PEM: switch (pem_reason) { case PEM_R_BAD_PASSWORD_READ: +#ifdef PEM_R_PROBLEMS_GETTING_PASSWORD case PEM_R_PROBLEMS_GETTING_PASSWORD: +#endif case PEM_R_BAD_DECRYPT: return SSH_ERR_KEY_WRONG_PASSPHRASE; default: @@ -4462,8 +4464,10 @@ translate_libcrypto_error(unsigned long pem_err) } case ERR_LIB_EVP: switch (pem_reason) { +#ifdef EVP_R_BAD_DECRYPT case EVP_R_BAD_DECRYPT: return SSH_ERR_KEY_WRONG_PASSPHRASE; +#endif #ifdef EVP_R_BN_DECODE_ERROR case EVP_R_BN_DECODE_ERROR: #endif diff --git a/start-ssh b/start-ssh new file mode 100644 index 00000000..9a668fae --- /dev/null +++ b/start-ssh @@ -0,0 +1,37 @@ +#!/system/bin/sh + +umask 077 + +# DEBUG=1 + +DSA_KEY=/data/ssh/ssh_host_dsa_key +DSA_PUB_KEY=/data/ssh/ssh_host_dsa_key.pub +RSA_KEY=/data/ssh/ssh_host_rsa_key +RSA_PUB_KEY=/data/ssh/ssh_host_rsa_key.pub +AUTHORIZED_KEYS=/data/ssh/authorized_keys +DEFAULT_AUTHORIZED_KEYS=/vendor/etc/security/authorized_keys.default + +if [ ! -f $DSA_KEY ]; then + /system/bin/ssh-keygen -t dsa -f $DSA_KEY -N "" + chmod 600 /$DSA_KEY + chmod 644 $DSA_PUB_KEY +fi + +if [ ! -f $RSA_KEY ]; then + /system/bin/ssh-keygen -t rsa -f $RSA_KEY -N "" + chmod 600 /$RSA_KEY + chmod 644 $RSA_PUB_KEY +fi + +if [[ ! -f $AUTHORIZED_KEYS && -f $DEFAULT_AUTHORIZED_KEYS ]]; then + cat $DEFAULT_AUTHORIZED_KEYS > $AUTHORIZED_KEYS +fi + + +if [ "1" == "$DEBUG" ] ; then + # run sshd in debug mode and capture output to logcat + /system/bin/logwrapper /system/bin/sshd -f /vendor/etc/ssh/sshd_config -D -d +else + # don't daemonize - otherwise we can't stop the sshd service + /system/bin/sshd -f /vendor/etc/ssh/sshd_config -D +fi @@ -28,6 +28,21 @@ #include "uidswap.h" #include "xmalloc.h" +#if defined(ANDROID) +#define AID_GRAPHICS 1003 +#define AID_INPUT 1004 +#define AID_LOG 1007 +#define AID_MOUNT 1009 +#define AID_SDCARD_RW 1015 +#define AID_SHELL 2000 +#define AID_NET_BT_ADMIN 3001 +#define AID_NET_BT 3002 +#define AID_INET 3003 +#define AID_NET_BW_STATS 3006 +#include <sys/capability.h> +#include <sys/prctl.h> +#endif + /* * Note: all these functions must work in all of the following cases: * 1. euid=0, ruid=0 @@ -184,6 +199,10 @@ permanently_set_uid(struct passwd *pw) uid_t old_uid = getuid(); gid_t old_gid = getgid(); #endif +#if defined(ANDROID) + struct __user_cap_header_struct header; + struct __user_cap_data_struct cap; +#endif if (pw == NULL) fatal("permanently_set_uid: no user given"); @@ -192,6 +211,26 @@ permanently_set_uid(struct passwd *pw) debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); +#if defined(ANDROID) + if (pw->pw_uid == AID_SHELL) { + prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); + + /* add extra groups needed for shell user: + * - AID_LOG to read system logs (adb logcat) + * - AID_INPUT to diagnose input issues (getevent) + * - AID_INET to diagnose network issues (netcfg, ping) + * - AID_GRAPHICS to access the frame buffer + * - AID_NET_BT and AID_NET_BT_ADMIN to diagnose bluetooth (hcidump) + * - AID_SDCARD_RW to allow writing to the SD card + * - AID_MOUNT to allow unmounting the SD card before rebooting + * - AID_NET_BW_STATS to read out qtaguid statistics. */ + gid_t groups[] = {AID_LOG, AID_INPUT, AID_INET, + AID_GRAPHICS, AID_NET_BT, AID_NET_BT_ADMIN, + AID_SDCARD_RW, AID_MOUNT, AID_NET_BW_STATS}; + setgroups(sizeof(groups)/sizeof(groups[0]), groups); + } +#endif + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); @@ -235,4 +274,16 @@ permanently_set_uid(struct passwd *pw) __func__, (u_int)getuid(), (u_int)geteuid(), (u_int)pw->pw_uid); } + +#if defined(ANDROID) + if (pw->pw_uid == AID_SHELL) { + /* set CAP_SYS_BOOT capability, so "adb reboot" will succeed */ + header.version = _LINUX_CAPABILITY_VERSION; + header.pid = 0; + cap.effective = cap.permitted = (1 << CAP_SYS_BOOT); + cap.inheritable = 0; + capset(&header, &cap); + } +#endif + } |