Initial port of openssh to android
Operation instructions:
start from init.rc using start-ssh script
Add your public key to /data/ssh/authorized_keys
login with "ssh shell@<ip address>" from another computer on same network
Change-Id: I3d6ea1de97f332d8dc3739828b8560fa398cbd8d
Signed-off-by: Mike Lockwood <lockwood@google.com>
diff --git a/Android.mk b/Android.mk
new file mode 100644
index 0000000..39e56bf
--- /dev/null
+++ b/Android.mk
@@ -0,0 +1,180 @@
+LOCAL_PATH:= $(call my-dir)
+
+###################### libssh ######################
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_SRC_FILES := \
+ acss.c authfd.c authfile.c bufaux.c bufbn.c buffer.c \
+ canohost.c channels.c cipher.c cipher-acss.c cipher-aes.c \
+ cipher-bf1.c cipher-ctr.c cipher-3des1.c cleanup.c \
+ compat.c compress.c crc32.c deattack.c fatal.c hostfile.c \
+ log.c match.c md-sha256.c moduli.c nchan.c packet.c \
+ readpass.c rsa.c ttymodes.c xmalloc.c addrmatch.c \
+ atomicio.c key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \
+ monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-rsa.c dh.c \
+ kexdh.c kexgex.c kexdhc.c kexgexc.c bufec.c kexecdh.c kexecdhc.c \
+ msg.c progressmeter.c dns.c entropy.c gss-genr.c umac.c jpake.c \
+ schnorr.c ssh-pkcs11.c \
+ openbsd-compat/strtonum.c openbsd-compat/bsd-misc.c \
+ openbsd-compat/timingsafe_bcmp.c openbsd-compat/bsd-getpeereid.c \
+ openbsd-compat/readpassphrase.c openbsd-compat/vis.c \
+ openbsd-compat/port-tun.c openbsd-compat/setproctitle.c \
+ openbsd-compat/bsd-closefrom.c openbsd-compat/getopt.c \
+ openbsd-compat/rresvport.c openbsd-compat/bindresvport.c \
+ openbsd-compat/bsd-statvfs.c openbsd-compat/xmmap.c \
+ openbsd-compat/port-linux.c openbsd-compat/strmode.c \
+ openbsd-compat/bsd-openpty.c \
+ openbsd-compat/getgrouplist.c openbsd-compat/fmt_scaled.c \
+ openbsd-compat/pwcache.c openbsd-compat/glob.c
+
+# openbsd-compat/getrrsetbyname.c
+# openbsd-compat/xcrypt.c
+
+LOCAL_C_INCLUDES := external/openssl/include external/zlib
+PRIVATE_C_INCLUDES := external/openssl/openbsd-compat
+
+LOCAL_SHARED_LIBRARIES += libssl libcrypto libdl libz
+
+LOCAL_MODULE := libssh
+
+LOCAL_CFLAGS+=-O3
+
+include $(BUILD_STATIC_LIBRARY)
+
+###################### ssh ######################
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_SRC_FILES := \
+ ssh.c readconf.c clientloop.c sshtty.c \
+ sshconnect.c sshconnect1.c sshconnect2.c mux.c \
+ roaming_common.c roaming_client.c
+
+LOCAL_MODULE := ssh
+
+LOCAL_C_INCLUDES := external/openssl/include
+PRIVATE_C_INCLUDES := external/openssl/openbsd-compat
+
+LOCAL_SHARED_LIBRARIES += libssl libcrypto libdl libz
+
+LOCAL_STATIC_LIBRARIES := libssh
+
+include $(BUILD_EXECUTABLE)
+
+###################### sftp ######################
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_SRC_FILES := \
+ sftp.c sftp-client.c sftp-common.c sftp-glob.c progressmeter.c
+
+LOCAL_MODULE := sftp
+
+LOCAL_C_INCLUDES := external/openssl/include
+PRIVATE_C_INCLUDES := external/openssl/openbsd-compat
+
+LOCAL_SHARED_LIBRARIES += libssl libcrypto libdl libz
+
+LOCAL_STATIC_LIBRARIES := libssh
+
+include $(BUILD_EXECUTABLE)
+
+###################### scp ######################
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_SRC_FILES := \
+ scp.c progressmeter.c bufaux.c
+
+LOCAL_MODULE := scp
+
+LOCAL_C_INCLUDES := external/openssl/include
+PRIVATE_C_INCLUDES := external/openssl/openbsd-compat
+
+LOCAL_SHARED_LIBRARIES += libssl libcrypto libdl libz
+
+LOCAL_STATIC_LIBRARIES := libssh
+
+include $(BUILD_EXECUTABLE)
+
+###################### sshd ######################
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_SRC_FILES := \
+ sshd.c auth-rhosts.c auth-rsa.c auth-rh-rsa.c \
+ audit.c audit-bsm.c audit-linux.c platform.c \
+ sshpty.c sshlogin.c servconf.c serverloop.c \
+ auth.c auth1.c auth2.c auth-options.c session.c \
+ auth-chall.c auth2-chall.c groupaccess.c \
+ auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \
+ auth2-none.c auth2-passwd.c auth2-pubkey.c auth2-jpake.c \
+ monitor_mm.c monitor.c monitor_wrap.c kexdhs.c kexgexs.c kexecdhs.c \
+ auth-krb5.c \
+ auth2-gss.c gss-serv.c gss-serv-krb5.c \
+ loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c \
+ sftp-server.c sftp-common.c \
+ roaming_common.c roaming_serv.c \
+ sandbox-null.c sandbox-rlimit.c sandbox-systrace.c sandbox-darwin.o
+
+# auth-passwd.c
+
+LOCAL_MODULE := sshd
+
+LOCAL_C_INCLUDES := external/openssl/include external/zlib
+PRIVATE_C_INCLUDES := external/openssl/openbsd-compat
+
+LOCAL_SHARED_LIBRARIES += libssl libcrypto libdl libz
+
+LOCAL_STATIC_LIBRARIES := libssh
+
+include $(BUILD_EXECUTABLE)
+
+###################### ssh-keygen ######################
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_SRC_FILES := \
+ ssh-keygen.c
+
+LOCAL_MODULE := ssh-keygen
+
+LOCAL_C_INCLUDES := external/openssl/include
+PRIVATE_C_INCLUDES := external/openssl/openbsd-compat
+
+LOCAL_SHARED_LIBRARIES += libssl libcrypto libdl libz
+
+LOCAL_STATIC_LIBRARIES := libssh
+
+include $(BUILD_EXECUTABLE)
+
+###################### sshd_config ######################
+
+include $(CLEAR_VARS)
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE := sshd_config
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/ssh
+LOCAL_SRC_FILES := sshd_config.android
+include $(BUILD_PREBUILT)
+
+###################### start-ssh ######################
+
+include $(CLEAR_VARS)
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE := start-ssh
+LOCAL_MODULE_CLASS := EXECUTABLES
+LOCAL_SRC_FILES := start-ssh
+include $(BUILD_PREBUILT)
diff --git a/auth.c b/auth.c
index ddb4248..6623e0f 100644
--- a/auth.c
+++ b/auth.c
@@ -456,6 +456,8 @@
}
strlcpy(buf, cp, sizeof(buf));
+#ifndef ANDROID
+ /* /data is owned by system user, which causes this check to fail */
if (stat(buf, &st) < 0 ||
(st.st_uid != 0 && st.st_uid != uid) ||
(st.st_mode & 022) != 0) {
@@ -463,7 +465,7 @@
"bad ownership or modes for directory %s", buf);
return -1;
}
-
+#endif
/* If are past the homedir then we can stop */
if (comparehome && strcmp(homedir, buf) == 0)
break;
diff --git a/auth1.c b/auth1.c
index cc85aec..8df9d8b 100644
--- a/auth1.c
+++ b/auth1.c
@@ -127,8 +127,14 @@
packet_check_eom();
/* Try authentication with the password. */
+#ifndef ANDROID
authenticated = PRIVSEP(auth_password(authctxt, password));
+#else
+ /* no password authentication in android */
+ authenticated = 0;
+#endif
+
memset(password, 0, dlen);
xfree(password);
@@ -243,12 +249,16 @@
debug("Attempting authentication for %s%.100s.",
authctxt->valid ? "" : "invalid user ", authctxt->user);
+ /* no password authentication in android */
+#ifndef ANDROID
/* If the user has no password, accept authentication immediately. */
if (options.permit_empty_passwd && options.password_authentication &&
#ifdef KRB5
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
- PRIVSEP(auth_password(authctxt, ""))) {
+ PRIVSEP(auth_password(authctxt, "")))
+#endif
+ {
#ifdef USE_PAM
if (options.use_pam && (PRIVSEP(do_pam_account())))
#endif
diff --git a/auth2-none.c b/auth2-none.c
index c8c6c74..7aae945 100644
--- a/auth2-none.c
+++ b/auth2-none.c
@@ -61,8 +61,11 @@
{
none_enabled = 0;
packet_check_eom();
+#ifndef ANDROID
+ /* no password authentication in android */
if (options.permit_empty_passwd && options.password_authentication)
return (PRIVSEP(auth_password(authctxt, "")));
+#endif
return (0);
}
diff --git a/auth2-passwd.c b/auth2-passwd.c
index 5f1f363..4dd3816 100644
--- a/auth2-passwd.c
+++ b/auth2-passwd.c
@@ -66,8 +66,11 @@
if (change)
logit("password change not supported");
+#ifndef ANDROID
+ /* no password authentication in android */
else if (PRIVSEP(auth_password(authctxt, password)) == 1)
authenticated = 1;
+#endif
memset(password, 0, len);
xfree(password);
return authenticated;
diff --git a/cipher.c b/cipher.c
index bb5c0ac..efb866f 100644
--- a/cipher.c
+++ b/cipher.c
@@ -73,7 +73,9 @@
{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc },
{ "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc },
+#ifndef ANDROID
{ "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc },
+#endif
{ "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 },
{ "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 },
{ "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 },
diff --git a/config.h b/config.h
new file mode 100644
index 0000000..fb8dbdc
--- /dev/null
+++ b/config.h
@@ -0,0 +1,1537 @@
+/* config.h. Generated from config.h.in by configure and then hand modified for android */
+/* config.h.in. Generated from configure.ac by autoheader. */
+
+/* Define if building universal (internal helper macro) */
+/* #undef AC_APPLE_UNIVERSAL_BUILD */
+
+/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
+ */
+/* #undef AIX_GETNAMEINFO_HACK */
+
+/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */
+/* #undef AIX_LOGINFAILED_4ARG */
+
+/* System only supports IPv4 audit records */
+/* #undef AU_IPv4 */
+
+/* Define if your resolver libs need this for getrrsetbyname */
+/* #undef BIND_8_COMPAT */
+
+/* Define if cmsg_type is not passed correctly */
+/* #undef BROKEN_CMSG_TYPE */
+
+/* getaddrinfo is broken (if present) */
+/* #undef BROKEN_GETADDRINFO */
+
+/* getgroups(0,NULL) will return -1 */
+/* #undef BROKEN_GETGROUPS */
+
+/* FreeBSD glob does not do what we need */
+/* #undef BROKEN_GLOB */
+
+/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */
+/* #undef BROKEN_INET_NTOA */
+
+/* ia_uinfo routines not supported by OS yet */
+/* #undef BROKEN_LIBIAF */
+
+/* Ultrix mmap can't map files */
+/* #undef BROKEN_MMAP */
+
+/* Define if your struct dirent expects you to allocate extra space for d_name
+ */
+/* #undef BROKEN_ONE_BYTE_DIRENT_D_NAME */
+
+/* Can't do comparisons on readv */
+/* #undef BROKEN_READV_COMPARISON */
+
+/* Define if you have a broken realpath. */
+/* #undef BROKEN_REALPATH */
+
+/* Needed for NeXT */
+/* #undef BROKEN_SAVED_UIDS */
+
+/* Define if your setregid() is broken */
+/* #undef BROKEN_SETREGID */
+
+/* Define if your setresgid() is broken */
+/* #undef BROKEN_SETRESGID */
+
+/* Define if your setresuid() is broken */
+/* #undef BROKEN_SETRESUID */
+
+/* Define if your setreuid() is broken */
+/* #undef BROKEN_SETREUID */
+
+/* LynxOS has broken setvbuf() implementation */
+/* #undef BROKEN_SETVBUF */
+
+/* QNX shadow support is broken */
+/* #undef BROKEN_SHADOW_EXPIRE */
+
+/* Define if your snprintf is busted */
+/* #undef BROKEN_SNPRINTF */
+
+/* tcgetattr with ICANON may hang */
+/* #undef BROKEN_TCGETATTR_ICANON */
+
+/* updwtmpx is broken (if present) */
+/* #undef BROKEN_UPDWTMPX */
+
+/* Define if you have BSD auth support */
+/* #undef BSD_AUTH */
+
+/* Define if you want to specify the path to your lastlog file */
+/* #undef CONF_LASTLOG_FILE */
+
+/* Define if you want to specify the path to your utmp file */
+/* #undef CONF_UTMP_FILE */
+
+/* Define if you want to specify the path to your wtmpx file */
+/* #undef CONF_WTMPX_FILE */
+
+/* Define if you want to specify the path to your wtmp file */
+/* #undef CONF_WTMP_FILE */
+
+/* Define if your platform needs to skip post auth file descriptor passing */
+/* #undef DISABLE_FD_PASSING */
+
+/* Define if you don't want to use lastlog */
+/* #undef DISABLE_LASTLOG */
+
+/* Define if you don't want to use your system's login() call */
+/* #undef DISABLE_LOGIN */
+
+/* Define if you don't want to use pututline() etc. to write [uw]tmp */
+/* #undef DISABLE_PUTUTLINE */
+
+/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */
+/* #undef DISABLE_PUTUTXLINE */
+
+/* Define if you want to disable shadow passwords */
+#define DISABLE_SHADOW 1
+
+/* Define if you don't want to use utmp */
+#define DISABLE_UTMP 1
+
+/* Define if you don't want to use utmpx */
+#define DISABLE_UTMPX 1
+
+/* Define if you don't want to use wtmp */
+#define DISABLE_WTMP 1
+
+/* Define if you don't want to use wtmpx */
+#define DISABLE_WTMPX 1
+
+/* Enable for PKCS#11 support */
+#define ENABLE_PKCS11 /**/
+
+/* File names may not contain backslash characters */
+/* #undef FILESYSTEM_NO_BACKSLASH */
+
+/* fsid_t has member val */
+/* #undef FSID_HAS_VAL */
+
+/* fsid_t has member __val */
+/* #undef FSID_HAS___VAL */
+
+/* Define to 1 if the `getpgrp' function requires zero arguments. */
+#define GETPGRP_VOID 1
+
+/* Conflicting defs for getspnam */
+/* #undef GETSPNAM_CONFLICTING_DEFS */
+
+/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */
+#define GLOB_HAS_ALTDIRFUNC 1
+
+/* Define if your system glob() function has gl_matchc options in glob_t */
+/* #undef GLOB_HAS_GL_MATCHC */
+
+/* Define if your system glob() function has gl_statv options in glob_t */
+/* #undef GLOB_HAS_GL_STATV */
+
+/* Define this if you want GSSAPI support in the version 2 protocol */
+/* #undef GSSAPI */
+
+/* Define if you want to use shadow password expire field */
+#define HAS_SHADOW_EXPIRE 1
+
+/* Define if your system uses access rights style file descriptor passing */
+/* #undef HAVE_ACCRIGHTS_IN_MSGHDR */
+
+/* Define if you have ut_addr in utmp.h */
+#define HAVE_ADDR_IN_UTMP 1
+
+/* Define if you have ut_addr in utmpx.h */
+#define HAVE_ADDR_IN_UTMPX 1
+
+/* Define if you have ut_addr_v6 in utmp.h */
+#define HAVE_ADDR_V6_IN_UTMP 1
+
+/* Define if you have ut_addr_v6 in utmpx.h */
+#define HAVE_ADDR_V6_IN_UTMPX 1
+
+/* Define to 1 if you have the `arc4random' function. */
+/* #undef HAVE_ARC4RANDOM */
+
+/* Define to 1 if you have the `arc4random_buf' function. */
+/* #undef HAVE_ARC4RANDOM_BUF */
+
+/* Define to 1 if you have the `arc4random_uniform' function. */
+/* #undef HAVE_ARC4RANDOM_UNIFORM */
+
+/* Define to 1 if you have the `asprintf' function. */
+#define HAVE_ASPRINTF 1
+
+/* OpenBSD's gcc has bounded */
+/* #undef HAVE_ATTRIBUTE__BOUNDED__ */
+
+/* Have attribute nonnull */
+#define HAVE_ATTRIBUTE__NONNULL__ 1
+
+/* OpenBSD's gcc has sentinel */
+/* #undef HAVE_ATTRIBUTE__SENTINEL__ */
+
+/* Define to 1 if you have the `aug_get_machine' function. */
+/* #undef HAVE_AUG_GET_MACHINE */
+
+/* Define to 1 if you have the `b64_ntop' function. */
+/* #undef HAVE_B64_NTOP */
+
+/* Define to 1 if you have the `b64_pton' function. */
+/* #undef HAVE_B64_PTON */
+
+/* Define if you have the basename function. */
+#define HAVE_BASENAME 1
+
+/* Define to 1 if you have the `bcopy' function. */
+#define HAVE_BCOPY 1
+
+/* Define to 1 if you have the `bindresvport_sa' function. */
+/* #undef HAVE_BINDRESVPORT_SA */
+
+/* Define to 1 if you have the `BN_is_prime_ex' function. */
+#define HAVE_BN_IS_PRIME_EX 1
+
+/* Define to 1 if you have the <bsm/audit.h> header file. */
+/* #undef HAVE_BSM_AUDIT_H */
+
+/* Define to 1 if you have the <bstring.h> header file. */
+/* #undef HAVE_BSTRING_H */
+
+/* Define to 1 if you have the `clock' function. */
+#define HAVE_CLOCK 1
+
+/* define if you have clock_t data type */
+#define HAVE_CLOCK_T 1
+
+/* Define to 1 if you have the `closefrom' function. */
+/* #undef HAVE_CLOSEFROM */
+
+/* Define if gai_strerror() returns const char * */
+#define HAVE_CONST_GAI_STRERROR_PROTO 1
+
+/* Define if your system uses ancillary data style file descriptor passing */
+#define HAVE_CONTROL_IN_MSGHDR 1
+
+/* Define to 1 if you have the <crypto/sha2.h> header file. */
+/* #undef HAVE_CRYPTO_SHA2_H */
+
+/* Define to 1 if you have the <crypt.h> header file. */
+/* #define HAVE_CRYPT_H 1 */
+
+/* Define if you are on Cygwin */
+/* #undef HAVE_CYGWIN */
+
+/* Define if your libraries define daemon() */
+#define HAVE_DAEMON 1
+
+/* Define to 1 if you have the declaration of `authenticate', and to 0 if you
+ don't. */
+/* #undef HAVE_DECL_AUTHENTICATE */
+
+/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you
+ don't. */
+#define HAVE_DECL_GLOB_NOMATCH 1
+
+/* Define to 1 if you have the declaration of `h_errno', and to 0 if you
+ don't. */
+#define HAVE_DECL_H_ERRNO 1
+
+/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you
+ don't. */
+/* #undef HAVE_DECL_LOGINFAILED */
+
+/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if
+ you don't. */
+/* #undef HAVE_DECL_LOGINRESTRICTIONS */
+
+/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you
+ don't. */
+/* #undef HAVE_DECL_LOGINSUCCESS */
+
+/* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you
+ don't. */
+#define HAVE_DECL_MAXSYMLINKS 1
+
+/* Define to 1 if you have the declaration of `offsetof', and to 0 if you
+ don't. */
+#define HAVE_DECL_OFFSETOF 1
+
+/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you
+ don't. */
+#define HAVE_DECL_O_NONBLOCK 1
+
+/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you
+ don't. */
+/* #undef HAVE_DECL_PASSWDEXPIRED */
+
+/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you
+ don't. */
+/* #undef HAVE_DECL_SETAUTHDB */
+
+/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you
+ don't. */
+#define HAVE_DECL_SHUT_RD 1
+
+/* Define to 1 if you have the declaration of `writev', and to 0 if you don't.
+ */
+#define HAVE_DECL_WRITEV 1
+
+/* Define to 1 if you have the declaration of `_getlong', and to 0 if you
+ don't. */
+#define HAVE_DECL__GETLONG 0
+
+/* Define to 1 if you have the declaration of `_getshort', and to 0 if you
+ don't. */
+#define HAVE_DECL__GETSHORT 0
+
+/* Define if you have /dev/ptmx */
+#define HAVE_DEV_PTMX 1
+
+/* Define if you have /dev/ptc */
+/* #undef HAVE_DEV_PTS_AND_PTC */
+
+/* Define to 1 if you have the <dirent.h> header file. */
+#define HAVE_DIRENT_H 1
+
+/* Define to 1 if you have the `dirfd' function. */
+#define HAVE_DIRFD 1
+
+/* Define to 1 if you have the `dirname' function. */
+#define HAVE_DIRNAME 1
+
+/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */
+#define HAVE_DSA_GENERATE_PARAMETERS_EX 1
+
+/* Define to 1 if you have the <endian.h> header file. */
+#ifndef HAVE_ENDIAN_H
+#define HAVE_ENDIAN_H 1
+#endif
+
+/* Define to 1 if you have the `endutent' function. */
+#define HAVE_ENDUTENT 1
+
+/* Define to 1 if you have the `endutxent' function. */
+#define HAVE_ENDUTXENT 1
+
+/* Define if your system has /etc/default/login */
+/* #undef HAVE_ETC_DEFAULT_LOGIN */
+
+/* Define to 1 if you have the `EVP_sha256' function. */
+#define HAVE_EVP_SHA256 1
+
+/* Define if you have ut_exit in utmp.h */
+#define HAVE_EXIT_IN_UTMP 1
+
+/* Define to 1 if you have the `fchmod' function. */
+#define HAVE_FCHMOD 1
+
+/* Define to 1 if you have the `fchown' function. */
+#define HAVE_FCHOWN 1
+
+/* Use F_CLOSEM fcntl for closefrom */
+/* #undef HAVE_FCNTL_CLOSEM */
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#define HAVE_FCNTL_H 1
+
+/* Define to 1 if you have the <features.h> header file. */
+#define HAVE_FEATURES_H 1
+
+/* Define to 1 if you have the <floatingpoint.h> header file. */
+/* #undef HAVE_FLOATINGPOINT_H */
+
+/* Define to 1 if you have the `fmt_scaled' function. */
+/* #undef HAVE_FMT_SCALED */
+
+/* Define to 1 if you have the `freeaddrinfo' function. */
+#define HAVE_FREEADDRINFO 1
+
+/* Define to 1 if the system has the type `fsblkcnt_t'. */
+#define HAVE_FSBLKCNT_T 1
+
+/* Define to 1 if the system has the type `fsfilcnt_t'. */
+#define HAVE_FSFILCNT_T 1
+
+/* Define to 1 if you have the `fstatvfs' function. */
+/* #define HAVE_FSTATVFS 1 */
+
+/* Define to 1 if you have the `futimes' function. */
+/* #define HAVE_FUTIMES 1 */
+
+/* Define to 1 if you have the `gai_strerror' function. */
+#define HAVE_GAI_STRERROR 1
+
+/* Define to 1 if you have the `getaddrinfo' function. */
+#define HAVE_GETADDRINFO 1
+
+/* Define to 1 if you have the `getaudit' function. */
+/* #undef HAVE_GETAUDIT */
+
+/* Define to 1 if you have the `getaudit_addr' function. */
+/* #undef HAVE_GETAUDIT_ADDR */
+
+/* Define to 1 if you have the `getcwd' function. */
+#define HAVE_GETCWD 1
+
+/* Define to 1 if you have the `getgrouplist' function. */
+/* #define HAVE_GETGROUPLIST 1 */
+
+/* Define to 1 if you have the `getgrset' function. */
+/* #undef HAVE_GETGRSET */
+
+/* Define to 1 if you have the `getlastlogxbyname' function. */
+/* #undef HAVE_GETLASTLOGXBYNAME */
+
+/* Define to 1 if you have the `getluid' function. */
+/* #undef HAVE_GETLUID */
+
+/* Define to 1 if you have the `getnameinfo' function. */
+#define HAVE_GETNAMEINFO 1
+
+/* Define to 1 if you have the `getopt' function. */
+#define HAVE_GETOPT 1
+
+/* Define to 1 if you have the <getopt.h> header file. */
+#define HAVE_GETOPT_H 1
+
+/* Define if your getopt(3) defines and uses optreset */
+/* #undef HAVE_GETOPT_OPTRESET */
+
+/* Define if your libraries define getpagesize() */
+#define HAVE_GETPAGESIZE 1
+
+/* Define to 1 if you have the `getpeereid' function. */
+/* #undef HAVE_GETPEEREID */
+
+/* Define to 1 if you have the `getpeerucred' function. */
+/* #undef HAVE_GETPEERUCRED */
+
+/* Define to 1 if you have the `getpwanam' function. */
+/* #undef HAVE_GETPWANAM */
+
+/* Define to 1 if you have the `getrlimit' function. */
+#define HAVE_GETRLIMIT 1
+
+/* Define if getrrsetbyname() exists */
+/* #undef HAVE_GETRRSETBYNAME */
+
+/* Define to 1 if you have the `getrusage' function. */
+/* #undef HAVE_GETRUSAGE */
+
+/* Define to 1 if you have the `getseuserbyname' function. */
+/* #undef HAVE_GETSEUSERBYNAME */
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#define HAVE_GETTIMEOFDAY 1
+
+/* Define to 1 if you have the `getttyent' function. */
+#define HAVE_GETTTYENT 1
+
+/* Define to 1 if you have the `getutent' function. */
+#define HAVE_GETUTENT 1
+
+/* Define to 1 if you have the `getutid' function. */
+#define HAVE_GETUTID 1
+
+/* Define to 1 if you have the `getutline' function. */
+#define HAVE_GETUTLINE 1
+
+/* Define to 1 if you have the `getutxent' function. */
+#define HAVE_GETUTXENT 1
+
+/* Define to 1 if you have the `getutxid' function. */
+#define HAVE_GETUTXID 1
+
+/* Define to 1 if you have the `getutxline' function. */
+#define HAVE_GETUTXLINE 1
+
+/* Define to 1 if you have the `getutxuser' function. */
+/* #undef HAVE_GETUTXUSER */
+
+/* Define to 1 if you have the `get_default_context_with_level' function. */
+/* #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL */
+
+/* Define to 1 if you have the `glob' function. */
+#define HAVE_GLOB 1
+
+/* Define to 1 if you have the <glob.h> header file. */
+#define HAVE_GLOB_H 1
+
+/* Define to 1 if you have the `group_from_gid' function. */
+/* #undef HAVE_GROUP_FROM_GID */
+
+/* Define to 1 if you have the <gssapi_generic.h> header file. */
+/* #undef HAVE_GSSAPI_GENERIC_H */
+
+/* Define to 1 if you have the <gssapi/gssapi_generic.h> header file. */
+/* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */
+
+/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
+/* #undef HAVE_GSSAPI_GSSAPI_H */
+
+/* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */
+/* #undef HAVE_GSSAPI_GSSAPI_KRB5_H */
+
+/* Define to 1 if you have the <gssapi.h> header file. */
+/* #undef HAVE_GSSAPI_H */
+
+/* Define to 1 if you have the <gssapi_krb5.h> header file. */
+/* #undef HAVE_GSSAPI_KRB5_H */
+
+/* Define if HEADER.ad exists in arpa/nameser.h */
+#define HAVE_HEADER_AD 1
+
+/* Define if you have ut_host in utmp.h */
+#define HAVE_HOST_IN_UTMP 1
+
+/* Define if you have ut_host in utmpx.h */
+#define HAVE_HOST_IN_UTMPX 1
+
+/* Define to 1 if you have the <iaf.h> header file. */
+/* #undef HAVE_IAF_H */
+
+/* Define to 1 if you have the <ia.h> header file. */
+/* #undef HAVE_IA_H */
+
+/* Define if you have ut_id in utmp.h */
+#define HAVE_ID_IN_UTMP 1
+
+/* Define if you have ut_id in utmpx.h */
+#define HAVE_ID_IN_UTMPX 1
+
+/* Define to 1 if you have the `inet_aton' function. */
+#define HAVE_INET_ATON 1
+
+/* Define to 1 if you have the `inet_ntoa' function. */
+#define HAVE_INET_NTOA 1
+
+/* Define to 1 if you have the `inet_ntop' function. */
+#define HAVE_INET_NTOP 1
+
+/* Define to 1 if you have the `innetgr' function. */
+/* #define HAVE_INNETGR 1 */
+
+/* define if you have int64_t data type */
+#define HAVE_INT64_T 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H 1
+
+/* define if you have intxx_t data type */
+#define HAVE_INTXX_T 1
+
+/* Define to 1 if the system has the type `in_addr_t'. */
+#define HAVE_IN_ADDR_T 1
+
+/* Define to 1 if the system has the type `in_port_t'. */
+/* #define HAVE_IN_PORT_T 1 */
+
+/* Define if you have isblank(3C). */
+#define HAVE_ISBLANK 1
+
+/* Define to 1 if you have the <lastlog.h> header file. */
+#define HAVE_LASTLOG_H 1
+
+/* Define to 1 if you have the <libaudit.h> header file. */
+/* #undef HAVE_LIBAUDIT_H */
+
+/* Define to 1 if you have the `bsm' library (-lbsm). */
+/* #undef HAVE_LIBBSM */
+
+/* Define to 1 if you have the `crypt' library (-lcrypt). */
+/* #undef HAVE_LIBCRYPT */
+
+/* Define to 1 if you have the `dl' library (-ldl). */
+/* #undef HAVE_LIBDL */
+
+/* Define to 1 if you have the <libgen.h> header file. */
+#define HAVE_LIBGEN_H 1
+
+/* Define if system has libiaf that supports set_id */
+/* #undef HAVE_LIBIAF */
+
+/* Define to 1 if you have the `network' library (-lnetwork). */
+/* #undef HAVE_LIBNETWORK */
+
+/* Define to 1 if you have the `nsl' library (-lnsl). */
+#define HAVE_LIBNSL 1
+
+/* Define to 1 if you have the `pam' library (-lpam). */
+/* #undef HAVE_LIBPAM */
+
+/* Define to 1 if you have the `socket' library (-lsocket). */
+/* #undef HAVE_LIBSOCKET */
+
+/* Define to 1 if you have the <libutil.h> header file. */
+/* #undef HAVE_LIBUTIL_H */
+
+/* Define to 1 if you have the `xnet' library (-lxnet). */
+/* #undef HAVE_LIBXNET */
+
+/* Define to 1 if you have the `z' library (-lz). */
+#define HAVE_LIBZ 1
+
+/* Define to 1 if you have the <limits.h> header file. */
+#define HAVE_LIMITS_H 1
+
+/* Define to 1 if you have the <linux/if_tun.h> header file. */
+#define HAVE_LINUX_IF_TUN_H 1
+
+/* Define if your libraries define login() */
+/* #define HAVE_LOGIN 1 */
+
+/* Define to 1 if you have the <login_cap.h> header file. */
+/* #undef HAVE_LOGIN_CAP_H */
+
+/* Define to 1 if you have the `login_getcapbool' function. */
+/* #undef HAVE_LOGIN_GETCAPBOOL */
+
+/* Define to 1 if you have the <login.h> header file. */
+/* #undef HAVE_LOGIN_H */
+
+/* Define to 1 if you have the `logout' function. */
+#define HAVE_LOGOUT 1
+
+/* Define to 1 if you have the `logwtmp' function. */
+#define HAVE_LOGWTMP 1
+
+/* Define to 1 if the system has the type `long double'. */
+#define HAVE_LONG_DOUBLE 1
+
+/* Define to 1 if the system has the type `long long'. */
+#define HAVE_LONG_LONG 1
+
+/* Define to 1 if you have the <maillock.h> header file. */
+/* #undef HAVE_MAILLOCK_H */
+
+/* Define to 1 if you have the `md5_crypt' function. */
+/* #undef HAVE_MD5_CRYPT */
+
+/* Define if you want to allow MD5 passwords */
+/* #undef HAVE_MD5_PASSWORDS */
+
+/* Define to 1 if you have the `memmove' function. */
+#define HAVE_MEMMOVE 1
+
+/* Define to 1 if you have the <memory.h> header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the `mkdtemp' function. */
+#define HAVE_MKDTEMP 1
+
+/* Define to 1 if you have the `mmap' function. */
+#define HAVE_MMAP 1
+
+/* define if you have mode_t data type */
+#define HAVE_MODE_T 1
+
+/* Some systems put nanosleep outside of libc */
+#define HAVE_NANOSLEEP 1
+
+/* Define to 1 if you have the <ndir.h> header file. */
+/* #undef HAVE_NDIR_H */
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#define HAVE_NETDB_H 1
+
+/* Define to 1 if you have the <netgroup.h> header file. */
+/* #undef HAVE_NETGROUP_H */
+
+/* Define to 1 if you have the <net/if_tun.h> header file. */
+/* #undef HAVE_NET_IF_TUN_H */
+
+/* Define if you are on NeXT */
+/* #undef HAVE_NEXT */
+
+/* Define to 1 if you have the `ngetaddrinfo' function. */
+/* #undef HAVE_NGETADDRINFO */
+
+/* Define to 1 if you have the `nsleep' function. */
+/* #undef HAVE_NSLEEP */
+
+/* Define to 1 if you have the `ogetaddrinfo' function. */
+/* #undef HAVE_OGETADDRINFO */
+
+/* Define if you have an old version of PAM which takes only one argument to
+ pam_strerror */
+/* #undef HAVE_OLD_PAM */
+
+/* Define to 1 if you have the `openlog_r' function. */
+/* #undef HAVE_OPENLOG_R */
+
+/* Define to 1 if you have the `openpty' function. */
+/* #define HAVE_OPENPTY 1 */
+
+/* Define if your ssl headers are included with #include <openssl/header.h> */
+#define HAVE_OPENSSL 1
+
+/* Define if you have Digital Unix Security Integration Architecture */
+/* #undef HAVE_OSF_SIA */
+
+/* Define to 1 if you have the `pam_getenvlist' function. */
+/* #undef HAVE_PAM_GETENVLIST */
+
+/* Define to 1 if you have the <pam/pam_appl.h> header file. */
+/* #undef HAVE_PAM_PAM_APPL_H */
+
+/* Define to 1 if you have the `pam_putenv' function. */
+/* #undef HAVE_PAM_PUTENV */
+
+/* Define to 1 if you have the <paths.h> header file. */
+#define HAVE_PATHS_H 1
+
+/* Define if you have ut_pid in utmp.h */
+#define HAVE_PID_IN_UTMP 1
+
+/* define if you have pid_t data type */
+#define HAVE_PID_T 1
+
+/* Define to 1 if you have the `poll' function. */
+#define HAVE_POLL 1
+
+/* Define to 1 if you have the <poll.h> header file. */
+#define HAVE_POLL_H 1
+
+/* Define to 1 if you have the `prctl' function. */
+#define HAVE_PRCTL 1
+
+/* Define if you have /proc/$pid/fd */
+#define HAVE_PROC_PID 1
+
+/* Define to 1 if you have the `pstat' function. */
+/* #undef HAVE_PSTAT */
+
+/* Define to 1 if you have the <pty.h> header file. */
+/* #define HAVE_PTY_H 1 */
+
+/* Define to 1 if you have the `pututline' function. */
+#define HAVE_PUTUTLINE 1
+
+/* Define to 1 if you have the `pututxline' function. */
+#define HAVE_PUTUTXLINE 1
+
+/* Define if your password has a pw_change field */
+/* #undef HAVE_PW_CHANGE_IN_PASSWD */
+
+/* Define if your password has a pw_gecos field */
+/* #undef HAVE_PW_GECOS_IN_PASSWD */
+
+/* Define if your password has a pw_class field */
+/* #undef HAVE_PW_CLASS_IN_PASSWD */
+
+/* Define if your password has a pw_expire field */
+/* #undef HAVE_PW_EXPIRE_IN_PASSWD */
+
+/* Define to 1 if you have the `readpassphrase' function. */
+/* #undef HAVE_READPASSPHRASE */
+
+/* Define to 1 if you have the <readpassphrase.h> header file. */
+/* #undef HAVE_READPASSPHRASE_H */
+
+/* Define to 1 if you have the `realpath' function. */
+#define HAVE_REALPATH 1
+
+/* Define to 1 if you have the `recvmsg' function. */
+#define HAVE_RECVMSG 1
+
+/* sys/resource.h has RLIMIT_NPROC */
+#define HAVE_RLIMIT_NPROC /**/
+
+/* Define to 1 if you have the <rpc/types.h> header file. */
+/* #define HAVE_RPC_TYPES_H 1 */
+
+/* Define to 1 if you have the `rresvport_af' function. */
+/* #define HAVE_RRESVPORT_AF 1 */
+
+/* Define to 1 if you have the `RSA_generate_key_ex' function. */
+#define HAVE_RSA_GENERATE_KEY_EX 1
+
+/* Define to 1 if you have the `RSA_get_default_method' function. */
+#define HAVE_RSA_GET_DEFAULT_METHOD 1
+
+/* Define to 1 if you have the <sandbox.h> header file. */
+/* #undef HAVE_SANDBOX_H */
+
+/* Define to 1 if you have the `sandbox_init' function. */
+/* #undef HAVE_SANDBOX_INIT */
+
+/* define if you have sa_family_t data type */
+#define HAVE_SA_FAMILY_T 1
+
+/* Define if you have SecureWare-based protected password database */
+/* #undef HAVE_SECUREWARE */
+
+/* Define to 1 if you have the <security/pam_appl.h> header file. */
+/* #undef HAVE_SECURITY_PAM_APPL_H */
+
+/* Define to 1 if you have the `sendmsg' function. */
+#define HAVE_SENDMSG 1
+
+/* Define to 1 if you have the `setauthdb' function. */
+/* #undef HAVE_SETAUTHDB */
+
+/* Define to 1 if you have the `setdtablesize' function. */
+/* #undef HAVE_SETDTABLESIZE */
+
+/* Define to 1 if you have the `setegid' function. */
+#define HAVE_SETEGID 1
+
+/* Define to 1 if you have the `setenv' function. */
+#define HAVE_SETENV 1
+
+/* Define to 1 if you have the `seteuid' function. */
+#define HAVE_SETEUID 1
+
+/* Define to 1 if you have the `setgroupent' function. */
+/* #undef HAVE_SETGROUPENT */
+
+/* Define to 1 if you have the `setgroups' function. */
+#define HAVE_SETGROUPS 1
+
+/* Define to 1 if you have the `setlogin' function. */
+/* #undef HAVE_SETLOGIN */
+
+/* Define to 1 if you have the `setluid' function. */
+/* #undef HAVE_SETLUID */
+
+/* Define to 1 if you have the `setpassent' function. */
+/* #undef HAVE_SETPASSENT */
+
+/* Define to 1 if you have the `setpcred' function. */
+/* #undef HAVE_SETPCRED */
+
+/* Define to 1 if you have the `setproctitle' function. */
+/* #undef HAVE_SETPROCTITLE */
+
+/* Define to 1 if you have the `setregid' function. */
+#define HAVE_SETREGID 1
+
+/* Define to 1 if you have the `setresgid' function. */
+#define HAVE_SETRESGID 1
+
+/* Define to 1 if you have the `setresuid' function. */
+#define HAVE_SETRESUID 1
+
+/* Define to 1 if you have the `setreuid' function. */
+#define HAVE_SETREUID 1
+
+/* Define to 1 if you have the `setrlimit' function. */
+#define HAVE_SETRLIMIT 1
+
+/* Define to 1 if you have the `setsid' function. */
+#define HAVE_SETSID 1
+
+/* Define to 1 if you have the `setutent' function. */
+#define HAVE_SETUTENT 1
+
+/* Define to 1 if you have the `setutxdb' function. */
+/* #undef HAVE_SETUTXDB */
+
+/* Define to 1 if you have the `setutxent' function. */
+#define HAVE_SETUTXENT 1
+
+/* Define to 1 if you have the `setvbuf' function. */
+#define HAVE_SETVBUF 1
+
+/* Define to 1 if you have the `set_id' function. */
+/* #undef HAVE_SET_ID */
+
+/* Define to 1 if you have the `SHA256_Update' function. */
+#define HAVE_SHA256_UPDATE 1
+
+/* Define to 1 if you have the <sha2.h> header file. */
+/* #undef HAVE_SHA2_H */
+
+/* Define to 1 if you have the <shadow.h> header file. */
+/* #define HAVE_SHADOW_H 1 */
+
+/* Define to 1 if you have the `sigaction' function. */
+#define HAVE_SIGACTION 1
+
+/* Define to 1 if you have the `sigvec' function. */
+#define HAVE_SIGVEC 1
+
+/* Define to 1 if the system has the type `sig_atomic_t'. */
+#define HAVE_SIG_ATOMIC_T 1
+
+/* define if you have size_t data type */
+#define HAVE_SIZE_T 1
+
+/* Define to 1 if you have the `snprintf' function. */
+#define HAVE_SNPRINTF 1
+
+/* Define to 1 if you have the `socketpair' function. */
+#define HAVE_SOCKETPAIR 1
+
+/* Have PEERCRED socket option */
+#define HAVE_SO_PEERCRED 1
+
+/* define if you have ssize_t data type */
+#define HAVE_SSIZE_T 1
+
+/* Fields in struct sockaddr_storage */
+#define HAVE_SS_FAMILY_IN_SS 1
+
+/* Define to 1 if you have the `statfs' function. */
+#define HAVE_STATFS 1
+
+/* Define to 1 if you have the `statvfs' function. */
+/* #define HAVE_STATVFS 1 */
+
+/* Define to 1 if you have the <stddef.h> header file. */
+#define HAVE_STDDEF_H 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the `strdup' function. */
+#define HAVE_STRDUP 1
+
+/* Define to 1 if you have the `strerror' function. */
+#define HAVE_STRERROR 1
+
+/* Define to 1 if you have the `strftime' function. */
+#define HAVE_STRFTIME 1
+
+/* Silly mkstemp() */
+#define HAVE_STRICT_MKSTEMP 1
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the `strlcat' function. */
+/* #undef HAVE_STRLCAT */
+
+/* Define to 1 if you have the `strlcpy' function. */
+/* #undef HAVE_STRLCPY */
+
+/* Define to 1 if you have the `strmode' function. */
+/* #undef HAVE_STRMODE */
+
+/* Define to 1 if you have the `strnvis' function. */
+/* #undef HAVE_STRNVIS */
+
+/* Define to 1 if you have the `strptime' function. */
+#define HAVE_STRPTIME 1
+
+/* Define to 1 if you have the `strsep' function. */
+#define HAVE_STRSEP 1
+
+/* Define to 1 if you have the `strtoll' function. */
+#define HAVE_STRTOLL 1
+
+/* Define to 1 if you have the `strtonum' function. */
+/* #undef HAVE_STRTONUM */
+
+/* Define to 1 if you have the `strtoul' function. */
+#define HAVE_STRTOUL 1
+
+/* define if you have struct addrinfo data type */
+#define HAVE_STRUCT_ADDRINFO 1
+
+/* define if you have struct in6_addr data type */
+#define HAVE_STRUCT_IN6_ADDR 1
+
+/* define if you have struct sockaddr_in6 data type */
+#define HAVE_STRUCT_SOCKADDR_IN6 1
+
+/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */
+#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1
+
+/* define if you have struct sockaddr_storage data type */
+#define HAVE_STRUCT_SOCKADDR_STORAGE 1
+
+/* Define to 1 if `st_blksize' is a member of `struct stat'. */
+#define HAVE_STRUCT_STAT_ST_BLKSIZE 1
+
+/* Define to 1 if the system has the type `struct timespec'. */
+#define HAVE_STRUCT_TIMESPEC 1
+
+/* define if you have struct timeval */
+#define HAVE_STRUCT_TIMEVAL 1
+
+/* Define to 1 if you have the `swap32' function. */
+/* #undef HAVE_SWAP32 */
+
+/* Define to 1 if you have the `sysconf' function. */
+#define HAVE_SYSCONF 1
+
+/* Define if you have syslen in utmpx.h */
+/* #undef HAVE_SYSLEN_IN_UTMPX */
+
+/* Define to 1 if you have the <sys/audit.h> header file. */
+/* #undef HAVE_SYS_AUDIT_H */
+
+/* Define to 1 if you have the <sys/bitypes.h> header file. */
+/* #define HAVE_SYS_BITYPES_H 1 */
+
+/* Define to 1 if you have the <sys/bsdtty.h> header file. */
+/* #undef HAVE_SYS_BSDTTY_H */
+
+/* Define to 1 if you have the <sys/cdefs.h> header file. */
+#define HAVE_SYS_CDEFS_H 1
+
+/* Define to 1 if you have the <sys/dir.h> header file. */
+#define HAVE_SYS_DIR_H 1
+
+/* Define if your system defines sys_errlist[] */
+#define HAVE_SYS_ERRLIST 1
+
+/* Define to 1 if you have the <sys/mman.h> header file. */
+#define HAVE_SYS_MMAN_H 1
+
+/* Define to 1 if you have the <sys/mount.h> header file. */
+#define HAVE_SYS_MOUNT_H 1
+
+/* Define to 1 if you have the <sys/ndir.h> header file. */
+/* #undef HAVE_SYS_NDIR_H */
+
+/* Define if your system defines sys_nerr */
+#define HAVE_SYS_NERR 1
+
+/* Define to 1 if you have the <sys/poll.h> header file. */
+#define HAVE_SYS_POLL_H 1
+
+/* Define to 1 if you have the <sys/prctl.h> header file. */
+#define HAVE_SYS_PRCTL_H 1
+
+/* Define to 1 if you have the <sys/pstat.h> header file. */
+/* #undef HAVE_SYS_PSTAT_H */
+
+/* Define to 1 if you have the <sys/ptms.h> header file. */
+/* #undef HAVE_SYS_PTMS_H */
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#define HAVE_SYS_SELECT_H 1
+
+/* Define to 1 if you have the <sys/statvfs.h> header file. */
+/* #define HAVE_SYS_STATVFS_H 1 */
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/stream.h> header file. */
+/* #undef HAVE_SYS_STREAM_H */
+
+/* Define to 1 if you have the <sys/stropts.h> header file. */
+/* #undef HAVE_SYS_STROPTS_H */
+
+/* Define to 1 if you have the <sys/strtio.h> header file. */
+/* #undef HAVE_SYS_STRTIO_H */
+
+/* Force use of sys/syslog.h on Ultrix */
+/* #undef HAVE_SYS_SYSLOG_H */
+
+/* Define to 1 if you have the <sys/sysmacros.h> header file. */
+#define HAVE_SYS_SYSMACROS_H 1
+
+/* Define to 1 if you have the <sys/timers.h> header file. */
+/* #undef HAVE_SYS_TIMERS_H */
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#define HAVE_SYS_TIME_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <sys/un.h> header file. */
+#define HAVE_SYS_UN_H 1
+
+/* Define to 1 if you have the `tcgetpgrp' function. */
+#define HAVE_TCGETPGRP 1
+
+/* Define to 1 if you have the `tcsendbreak' function. */
+#define HAVE_TCSENDBREAK 1
+
+/* Define to 1 if you have the `time' function. */
+#define HAVE_TIME 1
+
+/* Define to 1 if you have the <time.h> header file. */
+#define HAVE_TIME_H 1
+
+/* Define if you have ut_time in utmp.h */
+/* #undef HAVE_TIME_IN_UTMP */
+
+/* Define if you have ut_time in utmpx.h */
+/* #undef HAVE_TIME_IN_UTMPX */
+
+/* Define to 1 if you have the `timingsafe_bcmp' function. */
+/* #undef HAVE_TIMINGSAFE_BCMP */
+
+/* Define to 1 if you have the <tmpdir.h> header file. */
+/* #undef HAVE_TMPDIR_H */
+
+/* Define to 1 if you have the `truncate' function. */
+#define HAVE_TRUNCATE 1
+
+/* Define to 1 if you have the <ttyent.h> header file. */
+/* #define HAVE_TTYENT_H 1 */
+
+/* Define if you have ut_tv in utmp.h */
+#define HAVE_TV_IN_UTMP 1
+
+/* Define if you have ut_tv in utmpx.h */
+#define HAVE_TV_IN_UTMPX 1
+
+/* Define if you have ut_type in utmp.h */
+#define HAVE_TYPE_IN_UTMP 1
+
+/* Define if you have ut_type in utmpx.h */
+#define HAVE_TYPE_IN_UTMPX 1
+
+/* Define to 1 if you have the <ucred.h> header file. */
+/* #undef HAVE_UCRED_H */
+
+/* define if you have uintxx_t data type */
+#define HAVE_UINTXX_T 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the `unsetenv' function. */
+#define HAVE_UNSETENV 1
+
+/* Define to 1 if the system has the type `unsigned long long'. */
+#define HAVE_UNSIGNED_LONG_LONG 1
+
+/* Define to 1 if you have the `updwtmp' function. */
+#define HAVE_UPDWTMP 1
+
+/* Define to 1 if you have the `updwtmpx' function. */
+#define HAVE_UPDWTMPX 1
+
+/* Define to 1 if you have the <usersec.h> header file. */
+/* #undef HAVE_USERSEC_H */
+
+/* Define to 1 if you have the `user_from_uid' function. */
+/* #undef HAVE_USER_FROM_UID */
+
+/* Define to 1 if you have the <util.h> header file. */
+/* #undef HAVE_UTIL_H */
+
+/* Define to 1 if you have the `utimes' function. */
+#define HAVE_UTIMES 1
+
+/* Define to 1 if you have the <utime.h> header file. */
+#define HAVE_UTIME_H 1
+
+/* Define to 1 if you have the `utmpname' function. */
+#define HAVE_UTMPNAME 1
+
+/* Define to 1 if you have the `utmpxname' function. */
+#define HAVE_UTMPXNAME 1
+
+/* Define to 1 if you have the <utmpx.h> header file. */
+/* #define HAVE_UTMPX_H 1 */
+
+/* Define to 1 if you have the <utmp.h> header file. */
+#define HAVE_UTMP_H 1
+
+/* define if you have u_char data type */
+#define HAVE_U_CHAR 1
+
+/* define if you have u_int data type */
+#define HAVE_U_INT 1
+
+/* define if you have u_int64_t data type */
+#define HAVE_U_INT64_T 1
+
+/* define if you have u_intxx_t data type */
+#define HAVE_U_INTXX_T 1
+
+/* Define to 1 if you have the `vasprintf' function. */
+#define HAVE_VASPRINTF 1
+
+/* Define if va_copy exists */
+#define HAVE_VA_COPY 1
+
+/* Define to 1 if you have the `vhangup' function. */
+/* #define HAVE_VHANGUP 1 */
+
+/* Define to 1 if you have the <vis.h> header file. */
+/* #undef HAVE_VIS_H */
+
+/* Define to 1 if you have the `vsnprintf' function. */
+#define HAVE_VSNPRINTF 1
+
+/* Define to 1 if you have the `waitpid' function. */
+#define HAVE_WAITPID 1
+
+/* Define to 1 if you have the `_getlong' function. */
+#define HAVE__GETLONG 1
+
+/* Define to 1 if you have the `_getpty' function. */
+/* #undef HAVE__GETPTY */
+
+/* Define to 1 if you have the `_getshort' function. */
+#define HAVE__GETSHORT 1
+
+/* Define if you have struct __res_state _res as an extern */
+#define HAVE__RES_EXTERN 1
+
+/* Define to 1 if you have the `__b64_ntop' function. */
+/* #undef HAVE___B64_NTOP */
+
+/* Define to 1 if you have the `__b64_pton' function. */
+/* #undef HAVE___B64_PTON */
+
+/* Define if compiler implements __FUNCTION__ */
+#define HAVE___FUNCTION__ 1
+
+/* Define if libc defines __progname */
+#define HAVE___PROGNAME 1
+
+/* Fields in struct sockaddr_storage */
+/* #undef HAVE___SS_FAMILY_IN_SS */
+
+/* Define if __va_copy exists */
+#define HAVE___VA_COPY 1
+
+/* Define if compiler implements __func__ */
+#define HAVE___func__ 1
+
+/* Define this if you are using the Heimdal version of Kerberos V5 */
+/* #undef HEIMDAL */
+
+/* Define if you need to use IP address instead of hostname in $DISPLAY */
+/* #undef IPADDR_IN_DISPLAY */
+
+/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
+#define IPV4_IN_IPV6 1
+
+/* Define if your system choked on IP TOS setting */
+/* #undef IP_TOS_IS_BROKEN */
+
+/* Define if you want Kerberos 5 support */
+/* #undef KRB5 */
+
+/* Define if pututxline updates lastlog too */
+/* #undef LASTLOG_WRITE_PUTUTXLINE */
+
+/* Define if you want TCP Wrappers support */
+/* #undef LIBWRAP */
+
+/* Define to whatever link() returns for "not supported" if it doesn't return
+ EOPNOTSUPP. */
+#define LINK_OPNOTSUPP_ERRNO EPERM
+
+/* Adjust Linux out-of-memory killer */
+#define LINUX_OOM_ADJUST 1
+
+/* max value of long long calculated by configure */
+/* #undef LLONG_MAX */
+
+/* min value of long long calculated by configure */
+/* #undef LLONG_MIN */
+
+/* Account locked with pw(1) */
+#define LOCKED_PASSWD_PREFIX "!"
+
+/* String used in /etc/passwd to denote locked account */
+/* #undef LOCKED_PASSWD_STRING */
+
+/* String used in /etc/passwd to denote locked account */
+/* #undef LOCKED_PASSWD_SUBSTR */
+
+/* Some versions of /bin/login need the TERM supplied on the commandline */
+/* #undef LOGIN_NEEDS_TERM */
+
+/* Some systems need a utmpx entry for /bin/login to work */
+/* #undef LOGIN_NEEDS_UTMPX */
+
+/* Define if your login program cannot handle end of options ("--") */
+/* #undef LOGIN_NO_ENDOPT */
+
+/* If your header files don't define LOGIN_PROGRAM, then use this (detected)
+ from environment and PATH */
+#define LOGIN_PROGRAM_FALLBACK "/bin/login"
+
+/* Set this to your mail directory if you do not have _PATH_MAILDIR */
+/* #undef MAIL_DIRECTORY */
+
+/* Define on *nto-qnx systems */
+#define MISSING_FD_MASK 1
+
+/* Define on *nto-qnx systems */
+#define MISSING_HOWMANY 1
+
+/* Define on *nto-qnx systems */
+/* #undef MISSING_NFDBITS */
+
+/* Need setpgrp to acquire controlling tty */
+/* #undef NEED_SETPGRP */
+
+/* Define if the concept of ports only accessible to superusers isn't known */
+/* #undef NO_IPPORT_RESERVED_CONCEPT */
+
+/* Define if you don't want to use lastlog in session.c */
+/* #undef NO_SSH_LASTLOG */
+
+/* Define if X11 doesn't support AF_UNIX sockets on that system */
+/* #undef NO_X11_UNIX_SOCKETS */
+
+/* Define if EVP_DigestUpdate returns void */
+/* #undef OPENSSL_EVP_DIGESTUPDATE_VOID */
+
+/* libcrypto includes complete ECC support */
+#define OPENSSL_HAS_ECC 1
+
+/* libcrypto is missing AES 192 and 256 bit functions */
+/* #undef OPENSSL_LOBOTOMISED_AES */
+
+/* Define if you want OpenSSL's internally seeded PRNG only */
+#define OPENSSL_PRNG_ONLY 1
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT "openssh-unix-dev@mindrot.org"
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "OpenSSH"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "OpenSSH Portable"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "openssh"
+
+/* Define to the home page for this package. */
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "Portable"
+
+/* Define if you are using Solaris-derived PAM which passes pam_messages to
+ the conversation function with an extra level of indirection */
+/* #undef PAM_SUN_CODEBASE */
+
+/* Work around problematic Linux PAM modules handling of PAM_TTY */
+#define PAM_TTY_KLUDGE 1
+
+/* must supply username to passwd */
+/* #undef PASSWD_NEEDS_USERNAME */
+
+/* Port number of PRNGD/EGD random number socket */
+/* #undef PRNGD_PORT */
+
+/* Location of PRNGD/EGD random number socket */
+/* #undef PRNGD_SOCKET */
+
+/* read(1) can return 0 for a non-closed fd */
+/* #undef PTY_ZEROREAD */
+
+/* Sandbox using Darwin sandbox_init(3) */
+/* #undef SANDBOX_DARWIN */
+
+/* no privsep sandboxing */
+/* #undef SANDBOX_NULL */
+
+/* Sandbox using setrlimit(2) */
+#define SANDBOX_RLIMIT 1
+
+/* Sandbox using systrace(4) */
+/* #undef SANDBOX_SYSTRACE */
+
+/* Define if your platform breaks doing a seteuid before a setuid */
+/* #undef SETEUID_BREAKS_SETUID */
+
+/* The size of `char', as computed by sizeof. */
+#define SIZEOF_CHAR 1
+
+/* The size of `int', as computed by sizeof. */
+#define SIZEOF_INT 4
+
+/* The size of `long int', as computed by sizeof. */
+#define SIZEOF_LONG_INT 8
+
+/* The size of `long long int', as computed by sizeof. */
+#define SIZEOF_LONG_LONG_INT 8
+
+/* The size of `short int', as computed by sizeof. */
+#define SIZEOF_SHORT_INT 2
+
+/* Define if you want S/Key support */
+/* #undef SKEY */
+
+/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */
+/* #undef SKEYCHALLENGE_4ARG */
+
+/* Define as const if snprintf() can declare const char *fmt */
+#define SNPRINTF_CONST const
+
+/* Define to a Set Process Title type if your system is supported by
+ bsd-setproctitle.c */
+#define SPT_TYPE SPT_REUSEARGV
+
+/* Define if sshd somehow reacquires a controlling TTY after setsid() */
+/* #undef SSHD_ACQUIRES_CTTY */
+
+/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */
+/* #undef SSHPAM_CHAUTHTOK_NEEDS_RUID */
+
+/* Use audit debugging module */
+/* #undef SSH_AUDIT_EVENTS */
+
+/* Windows is sensitive to read buffer size */
+/* #undef SSH_IOBUFSZ */
+
+/* non-privileged user for privilege separation */
+#define SSH_PRIVSEP_USER "shell"
+
+/* Use tunnel device compatibility to OpenBSD */
+#define SSH_TUN_COMPAT_AF 1
+
+/* Open tunnel devices the FreeBSD way */
+/* #undef SSH_TUN_FREEBSD */
+
+/* Open tunnel devices the Linux tun/tap way */
+#define SSH_TUN_LINUX 1
+
+/* No layer 2 tunnel support */
+/* #undef SSH_TUN_NO_L2 */
+
+/* Open tunnel devices the OpenBSD way */
+/* #undef SSH_TUN_OPENBSD */
+
+/* Prepend the address family to IP tunnel traffic */
+#define SSH_TUN_PREPEND_AF 1
+
+/* Define to 1 if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Define if you want a different $PATH for the superuser */
+/* #undef SUPERUSER_PATH */
+
+/* syslog_r function is safe to use in in a signal handler */
+/* #undef SYSLOG_R_SAFE_IN_SIGHAND */
+
+/* Support passwords > 8 chars */
+/* #undef UNIXWARE_LONG_PASSWORDS */
+
+/* Specify default $PATH */
+#define USER_PATH "/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin"
+
+/* Define this if you want to use libkafs' AFS support */
+/* #undef USE_AFS */
+
+/* Use BSM audit module */
+/* #undef USE_BSM_AUDIT */
+
+/* Use btmp to log bad logins */
+/* #define USE_BTMP 1 */
+
+/* Use libedit for sftp */
+/* #undef USE_LIBEDIT */
+
+/* Use Linux audit module */
+/* #undef USE_LINUX_AUDIT */
+
+/* Enable OpenSSL engine support */
+/* #undef USE_OPENSSL_ENGINE */
+
+/* Define if you want to enable PAM support */
+/* #undef USE_PAM */
+
+/* Use PIPES instead of a socketpair() */
+/* #undef USE_PIPES */
+
+/* Define if you have Solaris process contracts */
+/* #undef USE_SOLARIS_PROCESS_CONTRACTS */
+
+/* Define if you have Solaris projects */
+/* #undef USE_SOLARIS_PROJECTS */
+
+/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */
+/* #undef WITH_ABBREV_NO_TTY */
+
+/* Define if you want to enable AIX4's authenticate function */
+/* #undef WITH_AIXAUTHENTICATE */
+
+/* Define if you have/want arrays (cluster-wide session managment, not C
+ arrays) */
+/* #undef WITH_IRIX_ARRAY */
+
+/* Define if you want IRIX audit trails */
+/* #undef WITH_IRIX_AUDIT */
+
+/* Define if you want IRIX kernel jobs */
+/* #undef WITH_IRIX_JOBS */
+
+/* Define if you want IRIX project management */
+/* #undef WITH_IRIX_PROJECT */
+
+/* Define if you want SELinux support. */
+/* #undef WITH_SELINUX */
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+ significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+# define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+/* # undef WORDS_BIGENDIAN */
+# endif
+#endif
+
+/* Define if xauth is found in your path */
+#define XAUTH_PATH "/usr/bin/xauth"
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+/* #undef _FILE_OFFSET_BITS */
+
+/* Define for large files, on AIX-style hosts. */
+/* #undef _LARGE_FILES */
+
+/* log for bad login attempts */
+#define _PATH_BTMP "/var/log/btmp"
+
+/* Full path of your "passwd" program */
+#define _PATH_PASSWD_PROG "/usr/bin/passwd"
+
+/* Specify location of ssh.pid */
+#define _PATH_SSH_PIDDIR "/var/run"
+
+/* Define if we don't have struct __res_state in resolv.h */
+/* #undef __res_state */
+
+/* Define to `__inline__' or `__inline' if that's what the C compiler
+ calls it, or to nothing if 'inline' is not supported under any name. */
+#ifndef __cplusplus
+/* #undef inline */
+#endif
+
+/* type to use in place of socklen_t if not defined */
+/* #undef socklen_t */
+
+#define SSHDIR "/data/ssh"
+
+#define _PATH_PRIVSEP_CHROOT_DIR "/data/ssh/empty"
diff --git a/dns.c b/dns.c
index 131cb3d..87c131f 100644
--- a/dns.c
+++ b/dns.c
@@ -200,8 +200,13 @@
return -1;
}
+#ifndef ANDROID
result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
DNS_RDATATYPE_SSHFP, 0, &fingerprints);
+#else
+ /* unsupported in android */
+ result = -1;
+#endif
if (result) {
verbose("DNS lookup error: %s", dns_result_totext(result));
return -1;
@@ -220,7 +225,9 @@
if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type,
&hostkey_digest, &hostkey_digest_len, hostkey)) {
error("Error calculating host key fingerprint.");
+#ifndef ANDROID
freerrset(fingerprints);
+#endif
return -1;
}
@@ -255,7 +262,9 @@
}
xfree(hostkey_digest); /* from key_fingerprint_raw() */
+#ifndef ANDROID
freerrset(fingerprints);
+#endif
if (*flags & DNS_VERIFY_FOUND)
if (*flags & DNS_VERIFY_MATCH)
diff --git a/monitor.c b/monitor.c
index f865057..a9577a0 100644
--- a/monitor.c
+++ b/monitor.c
@@ -848,8 +848,13 @@
passwd = buffer_get_string(m, &plen);
/* Only authenticate if the context is valid */
+#ifndef ANDROID
+ /* no password authentication in android */
authenticated = options.password_authentication &&
auth_password(authctxt, passwd);
+#else
+ authenticated = 0;
+#endif
memset(passwd, 0, strlen(passwd));
xfree(passwd);
diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c
index 9777eb5..2141710 100644
--- a/openbsd-compat/bsd-openpty.c
+++ b/openbsd-compat/bsd-openpty.c
@@ -121,6 +121,7 @@
return (-1);
}
+#ifndef ANDROID
/*
* Try to push the appropriate streams modules, as described
* in Solaris pts(7).
@@ -130,6 +131,7 @@
# ifndef __hpux
ioctl(*aslave, I_PUSH, "ttcompat");
# endif /* __hpux */
+#endif /* ANDROID */
return (0);
diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c
index 9887667..cf6c7ec 100644
--- a/openbsd-compat/getrrsetbyname.c
+++ b/openbsd-compat/getrrsetbyname.c
@@ -56,6 +56,8 @@
#include <arpa/inet.h>
#include "getrrsetbyname.h"
+#include "nameser.h"
+#include "nameser_compat.h"
#if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO
extern int h_errno;
diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c
index 62b6d0d..151f511 100644
--- a/openbsd-compat/readpassphrase.c
+++ b/openbsd-compat/readpassphrase.c
@@ -30,11 +30,12 @@
#include <signal.h>
#include <ctype.h>
#include <fcntl.h>
-#include <readpassphrase.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
+#include "readpassphrase.h"
+
#ifdef TCSASOFT
# define _T_FLUSH (TCSAFLUSH|TCSASOFT)
#else
diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c
index 2965f68..bc48c4d 100644
--- a/openbsd-compat/setproctitle.c
+++ b/openbsd-compat/setproctitle.c
@@ -43,7 +43,7 @@
#endif
#include <string.h>
-#include <vis.h>
+#include "vis.h"
#define SPT_NONE 0 /* don't use it at all */
#define SPT_PSTAT 1 /* use pstat(PSTAT_SETCMD, ...) */
diff --git a/scp.c b/scp.c
index 18b2597..91da97f 100644
--- a/scp.c
+++ b/scp.c
@@ -1064,7 +1064,7 @@
continue;
}
omode = mode;
- mode |= S_IWRITE;
+ mode |= S_IWUSR;
if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) {
bad: run_err("%s: %s", np, strerror(errno));
continue;
diff --git a/session.c b/session.c
index 6a70400..56488fa 100644
--- a/session.c
+++ b/session.c
@@ -1496,8 +1496,11 @@
perror("initgroups");
exit(1);
}
+#ifndef ANDROID
+ /* FIXME - Android doesn't have this */
endgrent();
#endif
+#endif
platform_setusercontext_post_groups(pw);
diff --git a/sftp-client.c b/sftp-client.c
index caa384b..211abc0 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -1048,7 +1048,7 @@
}
local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC,
- mode | S_IWRITE);
+ mode | S_IWUSR);
if (local_fd == -1) {
error("Couldn't open local file \"%s\" for writing: %s",
local_path, strerror(errno));
diff --git a/sshd.c b/sshd.c
index cc10395..9fcecea 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1572,9 +1572,11 @@
fatal("Privilege separation user %s does not exist",
SSH_PRIVSEP_USER);
} else {
- memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
+ if (privsep_pw->pw_passwd)
+ memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd));
privsep_pw = pwcopy(privsep_pw);
- xfree(privsep_pw->pw_passwd);
+ if (privsep_pw->pw_passwd)
+ xfree(privsep_pw->pw_passwd);
privsep_pw->pw_passwd = xstrdup("*");
}
endpwent();
diff --git a/sshd_config.android b/sshd_config.android
new file mode 100644
index 0000000..3f3aa42
--- /dev/null
+++ b/sshd_config.android
@@ -0,0 +1,120 @@
+# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options override the
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# The default requires explicit activation of protocol 1
+Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+HostKey /data/ssh/ssh_host_rsa_key
+HostKey /data/ssh/ssh_host_dsa_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile /data/ssh/authorized_keys
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS yes
+#PidFile /var/run/sshd.pid
+#MaxStartups 10
+#PermitTunnel no
+#ChrootDirectory none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem sftp /usr/libexec/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# ForceCommand cvs server
diff --git a/sshpty.c b/sshpty.c
index bbbc0fe..1ed041b 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -72,9 +72,14 @@
error("openpty: %.100s", strerror(errno));
return 0;
}
+#ifdef ANDROID
+ /* Android does not have a working ttyname() */
+ name = "/dev/ptmx";
+#else
name = ttyname(*ttyfd);
if (!name)
fatal("openpty returns device for which ttyname fails.");
+#endif
strlcpy(namebuf, name, namebuflen); /* possible truncation */
return 1;
diff --git a/start-ssh b/start-ssh
new file mode 100755
index 0000000..d3a683c
--- /dev/null
+++ b/start-ssh
@@ -0,0 +1,29 @@
+#!/system/bin/sh
+
+# DEBUG=1
+
+DSA_KEY=/data/ssh/ssh_host_dsa_key
+DSA_PUB_KEY=/data/ssh/ssh_host_dsa_key.pub
+RSA_KEY=/data/ssh/ssh_host_rsa_key
+RSA_PUB_KEY=/data/ssh/ssh_host_rsa_key.pub
+
+if [ ! -f $DSA_KEY ]; then
+ ssh-keygen -t dsa -f $DSA_KEY -N ""
+ chmod 600 /$DSA_KEY
+ chmod 644 $DSA_PUB_KEY
+fi
+
+if [ ! -f $RSA_KEY ]; then
+ /system/bin/ssh-keygen -t rsa -f $RSA_KEY -N ""
+ chmod 600 /$RSA_KEY
+ chmod 644 $RSA_PUB_KEY
+fi
+
+
+if [ "1" == "$DEBUG" ] ; then
+ # run sshd in debug mode and capture output to logcat
+ /system/bin/logwrapper /system/bin/sshd -f /system/etc/ssh/sshd_config -D -d
+else
+ # don't daemonize - otherwise we can't stop the sshd service
+ /system/bin/sshd -f /system/etc/ssh/sshd_config -D
+fi