From 1b6cc98e30329f380546d5f22b1c9c975e3df4f8 Mon Sep 17 00:00:00 2001 From: Mike Lockwood Date: Wed, 28 Dec 2011 14:12:50 -0500 Subject: [PATCH] Initial port of openssh to android Operation instructions: start from init.rc using start-ssh script Add your public key to /data/ssh/authorized_keys login with "ssh shell@" from another computer on same network Change-Id: I1085a8b2f2766d4a2a4a70ffaf0352b07c261281 Signed-off-by: Mike Lockwood --- Android.mk | 180 +++++ auth.c | 4 +- auth1.c | 12 +- auth2-none.c | 3 + auth2-passwd.c | 3 + cipher.c | 2 + config.h | 1537 +++++++++++++++++++++++++++++++++++++++ dns.c | 9 + monitor.c | 5 + openbsd-compat/bsd-openpty.c | 2 + openbsd-compat/getrrsetbyname.c | 2 + openbsd-compat/readpassphrase.c | 3 +- openbsd-compat/setproctitle.c | 2 +- scp.c | 2 +- session.c | 3 + sftp-client.c | 2 +- sshd.c | 6 +- sshd_config.android | 120 +++ sshpty.c | 5 + start-ssh | 29 + 20 files changed, 1923 insertions(+), 8 deletions(-) create mode 100644 Android.mk create mode 100644 config.h create mode 100644 sshd_config.android create mode 100755 start-ssh diff --git a/Android.mk b/Android.mk new file mode 100644 index 0000000..39e56bf --- /dev/null +++ b/Android.mk @@ -0,0 +1,180 @@ +LOCAL_PATH:= $(call my-dir) + +###################### libssh ###################### +include $(CLEAR_VARS) + +LOCAL_MODULE_TAGS := optional + +LOCAL_SRC_FILES := \ + acss.c authfd.c authfile.c bufaux.c bufbn.c buffer.c \ + canohost.c channels.c cipher.c cipher-acss.c cipher-aes.c \ + cipher-bf1.c cipher-ctr.c cipher-3des1.c cleanup.c \ + compat.c compress.c crc32.c deattack.c fatal.c hostfile.c \ + log.c match.c md-sha256.c moduli.c nchan.c packet.c \ + readpass.c rsa.c ttymodes.c xmalloc.c addrmatch.c \ + atomicio.c key.c dispatch.c kex.c mac.c uidswap.c uuencode.c misc.c \ + monitor_fdpass.c rijndael.c ssh-dss.c ssh-ecdsa.c ssh-rsa.c dh.c \ + kexdh.c kexgex.c kexdhc.c kexgexc.c bufec.c kexecdh.c kexecdhc.c \ + msg.c progressmeter.c dns.c entropy.c gss-genr.c umac.c jpake.c \ + schnorr.c ssh-pkcs11.c \ + openbsd-compat/strtonum.c openbsd-compat/bsd-misc.c \ + openbsd-compat/timingsafe_bcmp.c openbsd-compat/bsd-getpeereid.c \ + openbsd-compat/readpassphrase.c openbsd-compat/vis.c \ + openbsd-compat/port-tun.c openbsd-compat/setproctitle.c \ + openbsd-compat/bsd-closefrom.c openbsd-compat/getopt.c \ + openbsd-compat/rresvport.c openbsd-compat/bindresvport.c \ + openbsd-compat/bsd-statvfs.c openbsd-compat/xmmap.c \ + openbsd-compat/port-linux.c openbsd-compat/strmode.c \ + openbsd-compat/bsd-openpty.c \ + openbsd-compat/getgrouplist.c openbsd-compat/fmt_scaled.c \ + openbsd-compat/pwcache.c openbsd-compat/glob.c + +# openbsd-compat/getrrsetbyname.c +# openbsd-compat/xcrypt.c + +LOCAL_C_INCLUDES := external/openssl/include external/zlib +PRIVATE_C_INCLUDES := external/openssl/openbsd-compat + +LOCAL_SHARED_LIBRARIES += libssl libcrypto libdl libz + +LOCAL_MODULE := libssh + +LOCAL_CFLAGS+=-O3 + +include $(BUILD_STATIC_LIBRARY) + +###################### ssh ###################### + +include $(CLEAR_VARS) + +LOCAL_MODULE_TAGS := optional + +LOCAL_SRC_FILES := \ + ssh.c readconf.c clientloop.c sshtty.c \ + sshconnect.c sshconnect1.c sshconnect2.c mux.c \ + roaming_common.c roaming_client.c + +LOCAL_MODULE := ssh + +LOCAL_C_INCLUDES := external/openssl/include +PRIVATE_C_INCLUDES := external/openssl/openbsd-compat + +LOCAL_SHARED_LIBRARIES += libssl libcrypto libdl libz + +LOCAL_STATIC_LIBRARIES := libssh + +include $(BUILD_EXECUTABLE) + +###################### sftp ###################### + +include $(CLEAR_VARS) + +LOCAL_MODULE_TAGS := optional + +LOCAL_SRC_FILES := \ + sftp.c sftp-client.c sftp-common.c sftp-glob.c progressmeter.c + +LOCAL_MODULE := sftp + +LOCAL_C_INCLUDES := external/openssl/include +PRIVATE_C_INCLUDES := external/openssl/openbsd-compat + +LOCAL_SHARED_LIBRARIES += libssl libcrypto libdl libz + +LOCAL_STATIC_LIBRARIES := libssh + +include $(BUILD_EXECUTABLE) + +###################### scp ###################### + +include $(CLEAR_VARS) + +LOCAL_MODULE_TAGS := optional + +LOCAL_SRC_FILES := \ + scp.c progressmeter.c bufaux.c + +LOCAL_MODULE := scp + +LOCAL_C_INCLUDES := external/openssl/include +PRIVATE_C_INCLUDES := external/openssl/openbsd-compat + +LOCAL_SHARED_LIBRARIES += libssl libcrypto libdl libz + +LOCAL_STATIC_LIBRARIES := libssh + +include $(BUILD_EXECUTABLE) + +###################### sshd ###################### + +include $(CLEAR_VARS) + +LOCAL_MODULE_TAGS := optional + +LOCAL_SRC_FILES := \ + sshd.c auth-rhosts.c auth-rsa.c auth-rh-rsa.c \ + audit.c audit-bsm.c audit-linux.c platform.c \ + sshpty.c sshlogin.c servconf.c serverloop.c \ + auth.c auth1.c auth2.c auth-options.c session.c \ + auth-chall.c auth2-chall.c groupaccess.c \ + auth-skey.c auth-bsdauth.c auth2-hostbased.c auth2-kbdint.c \ + auth2-none.c auth2-passwd.c auth2-pubkey.c auth2-jpake.c \ + monitor_mm.c monitor.c monitor_wrap.c kexdhs.c kexgexs.c kexecdhs.c \ + auth-krb5.c \ + auth2-gss.c gss-serv.c gss-serv-krb5.c \ + loginrec.c auth-pam.c auth-shadow.c auth-sia.c md5crypt.c \ + sftp-server.c sftp-common.c \ + roaming_common.c roaming_serv.c \ + sandbox-null.c sandbox-rlimit.c sandbox-systrace.c sandbox-darwin.o + +# auth-passwd.c + +LOCAL_MODULE := sshd + +LOCAL_C_INCLUDES := external/openssl/include external/zlib +PRIVATE_C_INCLUDES := external/openssl/openbsd-compat + +LOCAL_SHARED_LIBRARIES += libssl libcrypto libdl libz + +LOCAL_STATIC_LIBRARIES := libssh + +include $(BUILD_EXECUTABLE) + +###################### ssh-keygen ###################### + +include $(CLEAR_VARS) + +LOCAL_MODULE_TAGS := optional + +LOCAL_SRC_FILES := \ + ssh-keygen.c + +LOCAL_MODULE := ssh-keygen + +LOCAL_C_INCLUDES := external/openssl/include +PRIVATE_C_INCLUDES := external/openssl/openbsd-compat + +LOCAL_SHARED_LIBRARIES += libssl libcrypto libdl libz + +LOCAL_STATIC_LIBRARIES := libssh + +include $(BUILD_EXECUTABLE) + +###################### sshd_config ###################### + +include $(CLEAR_VARS) +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE := sshd_config +LOCAL_MODULE_CLASS := ETC +LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)/ssh +LOCAL_SRC_FILES := sshd_config.android +include $(BUILD_PREBUILT) + +###################### start-ssh ###################### + +include $(CLEAR_VARS) +LOCAL_MODULE_TAGS := optional +LOCAL_MODULE := start-ssh +LOCAL_MODULE_CLASS := EXECUTABLES +LOCAL_SRC_FILES := start-ssh +include $(BUILD_PREBUILT) diff --git a/auth.c b/auth.c index ddb4248..6623e0f 100644 --- a/auth.c +++ b/auth.c @@ -456,6 +456,8 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, } strlcpy(buf, cp, sizeof(buf)); +#ifndef ANDROID + /* /data is owned by system user, which causes this check to fail */ if (stat(buf, &st) < 0 || (st.st_uid != 0 && st.st_uid != uid) || (st.st_mode & 022) != 0) { @@ -463,7 +465,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw, "bad ownership or modes for directory %s", buf); return -1; } - +#endif /* If are past the homedir then we can stop */ if (comparehome && strcmp(homedir, buf) == 0) break; diff --git a/auth1.c b/auth1.c index cc85aec..8df9d8b 100644 --- a/auth1.c +++ b/auth1.c @@ -127,8 +127,14 @@ auth1_process_password(Authctxt *authctxt, char *info, size_t infolen) packet_check_eom(); /* Try authentication with the password. */ +#ifndef ANDROID authenticated = PRIVSEP(auth_password(authctxt, password)); +#else + /* no password authentication in android */ + authenticated = 0; +#endif + memset(password, 0, dlen); xfree(password); @@ -243,12 +249,16 @@ do_authloop(Authctxt *authctxt) debug("Attempting authentication for %s%.100s.", authctxt->valid ? "" : "invalid user ", authctxt->user); + /* no password authentication in android */ +#ifndef ANDROID /* If the user has no password, accept authentication immediately. */ if (options.permit_empty_passwd && options.password_authentication && #ifdef KRB5 (!options.kerberos_authentication || options.kerberos_or_local_passwd) && #endif - PRIVSEP(auth_password(authctxt, ""))) { + PRIVSEP(auth_password(authctxt, ""))) +#endif + { #ifdef USE_PAM if (options.use_pam && (PRIVSEP(do_pam_account()))) #endif diff --git a/auth2-none.c b/auth2-none.c index c8c6c74..7aae945 100644 --- a/auth2-none.c +++ b/auth2-none.c @@ -61,8 +61,11 @@ userauth_none(Authctxt *authctxt) { none_enabled = 0; packet_check_eom(); +#ifndef ANDROID + /* no password authentication in android */ if (options.permit_empty_passwd && options.password_authentication) return (PRIVSEP(auth_password(authctxt, ""))); +#endif return (0); } diff --git a/auth2-passwd.c b/auth2-passwd.c index 5f1f363..4dd3816 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c @@ -66,8 +66,11 @@ userauth_passwd(Authctxt *authctxt) if (change) logit("password change not supported"); +#ifndef ANDROID + /* no password authentication in android */ else if (PRIVSEP(auth_password(authctxt, password)) == 1) authenticated = 1; +#endif memset(password, 0, len); xfree(password); return authenticated; diff --git a/cipher.c b/cipher.c index bb5c0ac..efb866f 100644 --- a/cipher.c +++ b/cipher.c @@ -73,7 +73,9 @@ struct Cipher { { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 1, EVP_des_ede3_cbc }, { "blowfish-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_bf_cbc }, +#ifndef ANDROID { "cast128-cbc", SSH_CIPHER_SSH2, 8, 16, 0, 1, EVP_cast5_cbc }, +#endif { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, EVP_rc4 }, { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, 0, EVP_rc4 }, { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, 0, EVP_rc4 }, diff --git a/config.h b/config.h new file mode 100644 index 0000000..fb8dbdc --- /dev/null +++ b/config.h @@ -0,0 +1,1537 @@ +/* config.h. Generated from config.h.in by configure and then hand modified for android */ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* Define if building universal (internal helper macro) */ +/* #undef AC_APPLE_UNIVERSAL_BUILD */ + +/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address + */ +/* #undef AIX_GETNAMEINFO_HACK */ + +/* Define if your AIX loginfailed() function takes 4 arguments (AIX >= 5.2) */ +/* #undef AIX_LOGINFAILED_4ARG */ + +/* System only supports IPv4 audit records */ +/* #undef AU_IPv4 */ + +/* Define if your resolver libs need this for getrrsetbyname */ +/* #undef BIND_8_COMPAT */ + +/* Define if cmsg_type is not passed correctly */ +/* #undef BROKEN_CMSG_TYPE */ + +/* getaddrinfo is broken (if present) */ +/* #undef BROKEN_GETADDRINFO */ + +/* getgroups(0,NULL) will return -1 */ +/* #undef BROKEN_GETGROUPS */ + +/* FreeBSD glob does not do what we need */ +/* #undef BROKEN_GLOB */ + +/* Define if you system's inet_ntoa is busted (e.g. Irix gcc issue) */ +/* #undef BROKEN_INET_NTOA */ + +/* ia_uinfo routines not supported by OS yet */ +/* #undef BROKEN_LIBIAF */ + +/* Ultrix mmap can't map files */ +/* #undef BROKEN_MMAP */ + +/* Define if your struct dirent expects you to allocate extra space for d_name + */ +/* #undef BROKEN_ONE_BYTE_DIRENT_D_NAME */ + +/* Can't do comparisons on readv */ +/* #undef BROKEN_READV_COMPARISON */ + +/* Define if you have a broken realpath. */ +/* #undef BROKEN_REALPATH */ + +/* Needed for NeXT */ +/* #undef BROKEN_SAVED_UIDS */ + +/* Define if your setregid() is broken */ +/* #undef BROKEN_SETREGID */ + +/* Define if your setresgid() is broken */ +/* #undef BROKEN_SETRESGID */ + +/* Define if your setresuid() is broken */ +/* #undef BROKEN_SETRESUID */ + +/* Define if your setreuid() is broken */ +/* #undef BROKEN_SETREUID */ + +/* LynxOS has broken setvbuf() implementation */ +/* #undef BROKEN_SETVBUF */ + +/* QNX shadow support is broken */ +/* #undef BROKEN_SHADOW_EXPIRE */ + +/* Define if your snprintf is busted */ +/* #undef BROKEN_SNPRINTF */ + +/* tcgetattr with ICANON may hang */ +/* #undef BROKEN_TCGETATTR_ICANON */ + +/* updwtmpx is broken (if present) */ +/* #undef BROKEN_UPDWTMPX */ + +/* Define if you have BSD auth support */ +/* #undef BSD_AUTH */ + +/* Define if you want to specify the path to your lastlog file */ +/* #undef CONF_LASTLOG_FILE */ + +/* Define if you want to specify the path to your utmp file */ +/* #undef CONF_UTMP_FILE */ + +/* Define if you want to specify the path to your wtmpx file */ +/* #undef CONF_WTMPX_FILE */ + +/* Define if you want to specify the path to your wtmp file */ +/* #undef CONF_WTMP_FILE */ + +/* Define if your platform needs to skip post auth file descriptor passing */ +/* #undef DISABLE_FD_PASSING */ + +/* Define if you don't want to use lastlog */ +/* #undef DISABLE_LASTLOG */ + +/* Define if you don't want to use your system's login() call */ +/* #undef DISABLE_LOGIN */ + +/* Define if you don't want to use pututline() etc. to write [uw]tmp */ +/* #undef DISABLE_PUTUTLINE */ + +/* Define if you don't want to use pututxline() etc. to write [uw]tmpx */ +/* #undef DISABLE_PUTUTXLINE */ + +/* Define if you want to disable shadow passwords */ +#define DISABLE_SHADOW 1 + +/* Define if you don't want to use utmp */ +#define DISABLE_UTMP 1 + +/* Define if you don't want to use utmpx */ +#define DISABLE_UTMPX 1 + +/* Define if you don't want to use wtmp */ +#define DISABLE_WTMP 1 + +/* Define if you don't want to use wtmpx */ +#define DISABLE_WTMPX 1 + +/* Enable for PKCS#11 support */ +#define ENABLE_PKCS11 /**/ + +/* File names may not contain backslash characters */ +/* #undef FILESYSTEM_NO_BACKSLASH */ + +/* fsid_t has member val */ +/* #undef FSID_HAS_VAL */ + +/* fsid_t has member __val */ +/* #undef FSID_HAS___VAL */ + +/* Define to 1 if the `getpgrp' function requires zero arguments. */ +#define GETPGRP_VOID 1 + +/* Conflicting defs for getspnam */ +/* #undef GETSPNAM_CONFLICTING_DEFS */ + +/* Define if your system glob() function has the GLOB_ALTDIRFUNC extension */ +#define GLOB_HAS_ALTDIRFUNC 1 + +/* Define if your system glob() function has gl_matchc options in glob_t */ +/* #undef GLOB_HAS_GL_MATCHC */ + +/* Define if your system glob() function has gl_statv options in glob_t */ +/* #undef GLOB_HAS_GL_STATV */ + +/* Define this if you want GSSAPI support in the version 2 protocol */ +/* #undef GSSAPI */ + +/* Define if you want to use shadow password expire field */ +#define HAS_SHADOW_EXPIRE 1 + +/* Define if your system uses access rights style file descriptor passing */ +/* #undef HAVE_ACCRIGHTS_IN_MSGHDR */ + +/* Define if you have ut_addr in utmp.h */ +#define HAVE_ADDR_IN_UTMP 1 + +/* Define if you have ut_addr in utmpx.h */ +#define HAVE_ADDR_IN_UTMPX 1 + +/* Define if you have ut_addr_v6 in utmp.h */ +#define HAVE_ADDR_V6_IN_UTMP 1 + +/* Define if you have ut_addr_v6 in utmpx.h */ +#define HAVE_ADDR_V6_IN_UTMPX 1 + +/* Define to 1 if you have the `arc4random' function. */ +/* #undef HAVE_ARC4RANDOM */ + +/* Define to 1 if you have the `arc4random_buf' function. */ +/* #undef HAVE_ARC4RANDOM_BUF */ + +/* Define to 1 if you have the `arc4random_uniform' function. */ +/* #undef HAVE_ARC4RANDOM_UNIFORM */ + +/* Define to 1 if you have the `asprintf' function. */ +#define HAVE_ASPRINTF 1 + +/* OpenBSD's gcc has bounded */ +/* #undef HAVE_ATTRIBUTE__BOUNDED__ */ + +/* Have attribute nonnull */ +#define HAVE_ATTRIBUTE__NONNULL__ 1 + +/* OpenBSD's gcc has sentinel */ +/* #undef HAVE_ATTRIBUTE__SENTINEL__ */ + +/* Define to 1 if you have the `aug_get_machine' function. */ +/* #undef HAVE_AUG_GET_MACHINE */ + +/* Define to 1 if you have the `b64_ntop' function. */ +/* #undef HAVE_B64_NTOP */ + +/* Define to 1 if you have the `b64_pton' function. */ +/* #undef HAVE_B64_PTON */ + +/* Define if you have the basename function. */ +#define HAVE_BASENAME 1 + +/* Define to 1 if you have the `bcopy' function. */ +#define HAVE_BCOPY 1 + +/* Define to 1 if you have the `bindresvport_sa' function. */ +/* #undef HAVE_BINDRESVPORT_SA */ + +/* Define to 1 if you have the `BN_is_prime_ex' function. */ +#define HAVE_BN_IS_PRIME_EX 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_BSM_AUDIT_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_BSTRING_H */ + +/* Define to 1 if you have the `clock' function. */ +#define HAVE_CLOCK 1 + +/* define if you have clock_t data type */ +#define HAVE_CLOCK_T 1 + +/* Define to 1 if you have the `closefrom' function. */ +/* #undef HAVE_CLOSEFROM */ + +/* Define if gai_strerror() returns const char * */ +#define HAVE_CONST_GAI_STRERROR_PROTO 1 + +/* Define if your system uses ancillary data style file descriptor passing */ +#define HAVE_CONTROL_IN_MSGHDR 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_CRYPTO_SHA2_H */ + +/* Define to 1 if you have the header file. */ +/* #define HAVE_CRYPT_H 1 */ + +/* Define if you are on Cygwin */ +/* #undef HAVE_CYGWIN */ + +/* Define if your libraries define daemon() */ +#define HAVE_DAEMON 1 + +/* Define to 1 if you have the declaration of `authenticate', and to 0 if you + don't. */ +/* #undef HAVE_DECL_AUTHENTICATE */ + +/* Define to 1 if you have the declaration of `GLOB_NOMATCH', and to 0 if you + don't. */ +#define HAVE_DECL_GLOB_NOMATCH 1 + +/* Define to 1 if you have the declaration of `h_errno', and to 0 if you + don't. */ +#define HAVE_DECL_H_ERRNO 1 + +/* Define to 1 if you have the declaration of `loginfailed', and to 0 if you + don't. */ +/* #undef HAVE_DECL_LOGINFAILED */ + +/* Define to 1 if you have the declaration of `loginrestrictions', and to 0 if + you don't. */ +/* #undef HAVE_DECL_LOGINRESTRICTIONS */ + +/* Define to 1 if you have the declaration of `loginsuccess', and to 0 if you + don't. */ +/* #undef HAVE_DECL_LOGINSUCCESS */ + +/* Define to 1 if you have the declaration of `MAXSYMLINKS', and to 0 if you + don't. */ +#define HAVE_DECL_MAXSYMLINKS 1 + +/* Define to 1 if you have the declaration of `offsetof', and to 0 if you + don't. */ +#define HAVE_DECL_OFFSETOF 1 + +/* Define to 1 if you have the declaration of `O_NONBLOCK', and to 0 if you + don't. */ +#define HAVE_DECL_O_NONBLOCK 1 + +/* Define to 1 if you have the declaration of `passwdexpired', and to 0 if you + don't. */ +/* #undef HAVE_DECL_PASSWDEXPIRED */ + +/* Define to 1 if you have the declaration of `setauthdb', and to 0 if you + don't. */ +/* #undef HAVE_DECL_SETAUTHDB */ + +/* Define to 1 if you have the declaration of `SHUT_RD', and to 0 if you + don't. */ +#define HAVE_DECL_SHUT_RD 1 + +/* Define to 1 if you have the declaration of `writev', and to 0 if you don't. + */ +#define HAVE_DECL_WRITEV 1 + +/* Define to 1 if you have the declaration of `_getlong', and to 0 if you + don't. */ +#define HAVE_DECL__GETLONG 0 + +/* Define to 1 if you have the declaration of `_getshort', and to 0 if you + don't. */ +#define HAVE_DECL__GETSHORT 0 + +/* Define if you have /dev/ptmx */ +#define HAVE_DEV_PTMX 1 + +/* Define if you have /dev/ptc */ +/* #undef HAVE_DEV_PTS_AND_PTC */ + +/* Define to 1 if you have the header file. */ +#define HAVE_DIRENT_H 1 + +/* Define to 1 if you have the `dirfd' function. */ +#define HAVE_DIRFD 1 + +/* Define to 1 if you have the `dirname' function. */ +#define HAVE_DIRNAME 1 + +/* Define to 1 if you have the `DSA_generate_parameters_ex' function. */ +#define HAVE_DSA_GENERATE_PARAMETERS_EX 1 + +/* Define to 1 if you have the header file. */ +#ifndef HAVE_ENDIAN_H +#define HAVE_ENDIAN_H 1 +#endif + +/* Define to 1 if you have the `endutent' function. */ +#define HAVE_ENDUTENT 1 + +/* Define to 1 if you have the `endutxent' function. */ +#define HAVE_ENDUTXENT 1 + +/* Define if your system has /etc/default/login */ +/* #undef HAVE_ETC_DEFAULT_LOGIN */ + +/* Define to 1 if you have the `EVP_sha256' function. */ +#define HAVE_EVP_SHA256 1 + +/* Define if you have ut_exit in utmp.h */ +#define HAVE_EXIT_IN_UTMP 1 + +/* Define to 1 if you have the `fchmod' function. */ +#define HAVE_FCHMOD 1 + +/* Define to 1 if you have the `fchown' function. */ +#define HAVE_FCHOWN 1 + +/* Use F_CLOSEM fcntl for closefrom */ +/* #undef HAVE_FCNTL_CLOSEM */ + +/* Define to 1 if you have the header file. */ +#define HAVE_FCNTL_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_FEATURES_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_FLOATINGPOINT_H */ + +/* Define to 1 if you have the `fmt_scaled' function. */ +/* #undef HAVE_FMT_SCALED */ + +/* Define to 1 if you have the `freeaddrinfo' function. */ +#define HAVE_FREEADDRINFO 1 + +/* Define to 1 if the system has the type `fsblkcnt_t'. */ +#define HAVE_FSBLKCNT_T 1 + +/* Define to 1 if the system has the type `fsfilcnt_t'. */ +#define HAVE_FSFILCNT_T 1 + +/* Define to 1 if you have the `fstatvfs' function. */ +/* #define HAVE_FSTATVFS 1 */ + +/* Define to 1 if you have the `futimes' function. */ +/* #define HAVE_FUTIMES 1 */ + +/* Define to 1 if you have the `gai_strerror' function. */ +#define HAVE_GAI_STRERROR 1 + +/* Define to 1 if you have the `getaddrinfo' function. */ +#define HAVE_GETADDRINFO 1 + +/* Define to 1 if you have the `getaudit' function. */ +/* #undef HAVE_GETAUDIT */ + +/* Define to 1 if you have the `getaudit_addr' function. */ +/* #undef HAVE_GETAUDIT_ADDR */ + +/* Define to 1 if you have the `getcwd' function. */ +#define HAVE_GETCWD 1 + +/* Define to 1 if you have the `getgrouplist' function. */ +/* #define HAVE_GETGROUPLIST 1 */ + +/* Define to 1 if you have the `getgrset' function. */ +/* #undef HAVE_GETGRSET */ + +/* Define to 1 if you have the `getlastlogxbyname' function. */ +/* #undef HAVE_GETLASTLOGXBYNAME */ + +/* Define to 1 if you have the `getluid' function. */ +/* #undef HAVE_GETLUID */ + +/* Define to 1 if you have the `getnameinfo' function. */ +#define HAVE_GETNAMEINFO 1 + +/* Define to 1 if you have the `getopt' function. */ +#define HAVE_GETOPT 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_GETOPT_H 1 + +/* Define if your getopt(3) defines and uses optreset */ +/* #undef HAVE_GETOPT_OPTRESET */ + +/* Define if your libraries define getpagesize() */ +#define HAVE_GETPAGESIZE 1 + +/* Define to 1 if you have the `getpeereid' function. */ +/* #undef HAVE_GETPEEREID */ + +/* Define to 1 if you have the `getpeerucred' function. */ +/* #undef HAVE_GETPEERUCRED */ + +/* Define to 1 if you have the `getpwanam' function. */ +/* #undef HAVE_GETPWANAM */ + +/* Define to 1 if you have the `getrlimit' function. */ +#define HAVE_GETRLIMIT 1 + +/* Define if getrrsetbyname() exists */ +/* #undef HAVE_GETRRSETBYNAME */ + +/* Define to 1 if you have the `getrusage' function. */ +/* #undef HAVE_GETRUSAGE */ + +/* Define to 1 if you have the `getseuserbyname' function. */ +/* #undef HAVE_GETSEUSERBYNAME */ + +/* Define to 1 if you have the `gettimeofday' function. */ +#define HAVE_GETTIMEOFDAY 1 + +/* Define to 1 if you have the `getttyent' function. */ +#define HAVE_GETTTYENT 1 + +/* Define to 1 if you have the `getutent' function. */ +#define HAVE_GETUTENT 1 + +/* Define to 1 if you have the `getutid' function. */ +#define HAVE_GETUTID 1 + +/* Define to 1 if you have the `getutline' function. */ +#define HAVE_GETUTLINE 1 + +/* Define to 1 if you have the `getutxent' function. */ +#define HAVE_GETUTXENT 1 + +/* Define to 1 if you have the `getutxid' function. */ +#define HAVE_GETUTXID 1 + +/* Define to 1 if you have the `getutxline' function. */ +#define HAVE_GETUTXLINE 1 + +/* Define to 1 if you have the `getutxuser' function. */ +/* #undef HAVE_GETUTXUSER */ + +/* Define to 1 if you have the `get_default_context_with_level' function. */ +/* #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL */ + +/* Define to 1 if you have the `glob' function. */ +#define HAVE_GLOB 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_GLOB_H 1 + +/* Define to 1 if you have the `group_from_gid' function. */ +/* #undef HAVE_GROUP_FROM_GID */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_GSSAPI_GENERIC_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_GSSAPI_GSSAPI_GENERIC_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_GSSAPI_GSSAPI_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_GSSAPI_GSSAPI_KRB5_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_GSSAPI_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_GSSAPI_KRB5_H */ + +/* Define if HEADER.ad exists in arpa/nameser.h */ +#define HAVE_HEADER_AD 1 + +/* Define if you have ut_host in utmp.h */ +#define HAVE_HOST_IN_UTMP 1 + +/* Define if you have ut_host in utmpx.h */ +#define HAVE_HOST_IN_UTMPX 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_IAF_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_IA_H */ + +/* Define if you have ut_id in utmp.h */ +#define HAVE_ID_IN_UTMP 1 + +/* Define if you have ut_id in utmpx.h */ +#define HAVE_ID_IN_UTMPX 1 + +/* Define to 1 if you have the `inet_aton' function. */ +#define HAVE_INET_ATON 1 + +/* Define to 1 if you have the `inet_ntoa' function. */ +#define HAVE_INET_NTOA 1 + +/* Define to 1 if you have the `inet_ntop' function. */ +#define HAVE_INET_NTOP 1 + +/* Define to 1 if you have the `innetgr' function. */ +/* #define HAVE_INNETGR 1 */ + +/* define if you have int64_t data type */ +#define HAVE_INT64_T 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_INTTYPES_H 1 + +/* define if you have intxx_t data type */ +#define HAVE_INTXX_T 1 + +/* Define to 1 if the system has the type `in_addr_t'. */ +#define HAVE_IN_ADDR_T 1 + +/* Define to 1 if the system has the type `in_port_t'. */ +/* #define HAVE_IN_PORT_T 1 */ + +/* Define if you have isblank(3C). */ +#define HAVE_ISBLANK 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_LASTLOG_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_LIBAUDIT_H */ + +/* Define to 1 if you have the `bsm' library (-lbsm). */ +/* #undef HAVE_LIBBSM */ + +/* Define to 1 if you have the `crypt' library (-lcrypt). */ +/* #undef HAVE_LIBCRYPT */ + +/* Define to 1 if you have the `dl' library (-ldl). */ +/* #undef HAVE_LIBDL */ + +/* Define to 1 if you have the header file. */ +#define HAVE_LIBGEN_H 1 + +/* Define if system has libiaf that supports set_id */ +/* #undef HAVE_LIBIAF */ + +/* Define to 1 if you have the `network' library (-lnetwork). */ +/* #undef HAVE_LIBNETWORK */ + +/* Define to 1 if you have the `nsl' library (-lnsl). */ +#define HAVE_LIBNSL 1 + +/* Define to 1 if you have the `pam' library (-lpam). */ +/* #undef HAVE_LIBPAM */ + +/* Define to 1 if you have the `socket' library (-lsocket). */ +/* #undef HAVE_LIBSOCKET */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_LIBUTIL_H */ + +/* Define to 1 if you have the `xnet' library (-lxnet). */ +/* #undef HAVE_LIBXNET */ + +/* Define to 1 if you have the `z' library (-lz). */ +#define HAVE_LIBZ 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_LIMITS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_LINUX_IF_TUN_H 1 + +/* Define if your libraries define login() */ +/* #define HAVE_LOGIN 1 */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_LOGIN_CAP_H */ + +/* Define to 1 if you have the `login_getcapbool' function. */ +/* #undef HAVE_LOGIN_GETCAPBOOL */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_LOGIN_H */ + +/* Define to 1 if you have the `logout' function. */ +#define HAVE_LOGOUT 1 + +/* Define to 1 if you have the `logwtmp' function. */ +#define HAVE_LOGWTMP 1 + +/* Define to 1 if the system has the type `long double'. */ +#define HAVE_LONG_DOUBLE 1 + +/* Define to 1 if the system has the type `long long'. */ +#define HAVE_LONG_LONG 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_MAILLOCK_H */ + +/* Define to 1 if you have the `md5_crypt' function. */ +/* #undef HAVE_MD5_CRYPT */ + +/* Define if you want to allow MD5 passwords */ +/* #undef HAVE_MD5_PASSWORDS */ + +/* Define to 1 if you have the `memmove' function. */ +#define HAVE_MEMMOVE 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_MEMORY_H 1 + +/* Define to 1 if you have the `mkdtemp' function. */ +#define HAVE_MKDTEMP 1 + +/* Define to 1 if you have the `mmap' function. */ +#define HAVE_MMAP 1 + +/* define if you have mode_t data type */ +#define HAVE_MODE_T 1 + +/* Some systems put nanosleep outside of libc */ +#define HAVE_NANOSLEEP 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NDIR_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_NETDB_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETGROUP_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NET_IF_TUN_H */ + +/* Define if you are on NeXT */ +/* #undef HAVE_NEXT */ + +/* Define to 1 if you have the `ngetaddrinfo' function. */ +/* #undef HAVE_NGETADDRINFO */ + +/* Define to 1 if you have the `nsleep' function. */ +/* #undef HAVE_NSLEEP */ + +/* Define to 1 if you have the `ogetaddrinfo' function. */ +/* #undef HAVE_OGETADDRINFO */ + +/* Define if you have an old version of PAM which takes only one argument to + pam_strerror */ +/* #undef HAVE_OLD_PAM */ + +/* Define to 1 if you have the `openlog_r' function. */ +/* #undef HAVE_OPENLOG_R */ + +/* Define to 1 if you have the `openpty' function. */ +/* #define HAVE_OPENPTY 1 */ + +/* Define if your ssl headers are included with #include */ +#define HAVE_OPENSSL 1 + +/* Define if you have Digital Unix Security Integration Architecture */ +/* #undef HAVE_OSF_SIA */ + +/* Define to 1 if you have the `pam_getenvlist' function. */ +/* #undef HAVE_PAM_GETENVLIST */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_PAM_PAM_APPL_H */ + +/* Define to 1 if you have the `pam_putenv' function. */ +/* #undef HAVE_PAM_PUTENV */ + +/* Define to 1 if you have the header file. */ +#define HAVE_PATHS_H 1 + +/* Define if you have ut_pid in utmp.h */ +#define HAVE_PID_IN_UTMP 1 + +/* define if you have pid_t data type */ +#define HAVE_PID_T 1 + +/* Define to 1 if you have the `poll' function. */ +#define HAVE_POLL 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_POLL_H 1 + +/* Define to 1 if you have the `prctl' function. */ +#define HAVE_PRCTL 1 + +/* Define if you have /proc/$pid/fd */ +#define HAVE_PROC_PID 1 + +/* Define to 1 if you have the `pstat' function. */ +/* #undef HAVE_PSTAT */ + +/* Define to 1 if you have the header file. */ +/* #define HAVE_PTY_H 1 */ + +/* Define to 1 if you have the `pututline' function. */ +#define HAVE_PUTUTLINE 1 + +/* Define to 1 if you have the `pututxline' function. */ +#define HAVE_PUTUTXLINE 1 + +/* Define if your password has a pw_change field */ +/* #undef HAVE_PW_CHANGE_IN_PASSWD */ + +/* Define if your password has a pw_gecos field */ +/* #undef HAVE_PW_GECOS_IN_PASSWD */ + +/* Define if your password has a pw_class field */ +/* #undef HAVE_PW_CLASS_IN_PASSWD */ + +/* Define if your password has a pw_expire field */ +/* #undef HAVE_PW_EXPIRE_IN_PASSWD */ + +/* Define to 1 if you have the `readpassphrase' function. */ +/* #undef HAVE_READPASSPHRASE */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_READPASSPHRASE_H */ + +/* Define to 1 if you have the `realpath' function. */ +#define HAVE_REALPATH 1 + +/* Define to 1 if you have the `recvmsg' function. */ +#define HAVE_RECVMSG 1 + +/* sys/resource.h has RLIMIT_NPROC */ +#define HAVE_RLIMIT_NPROC /**/ + +/* Define to 1 if you have the header file. */ +/* #define HAVE_RPC_TYPES_H 1 */ + +/* Define to 1 if you have the `rresvport_af' function. */ +/* #define HAVE_RRESVPORT_AF 1 */ + +/* Define to 1 if you have the `RSA_generate_key_ex' function. */ +#define HAVE_RSA_GENERATE_KEY_EX 1 + +/* Define to 1 if you have the `RSA_get_default_method' function. */ +#define HAVE_RSA_GET_DEFAULT_METHOD 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SANDBOX_H */ + +/* Define to 1 if you have the `sandbox_init' function. */ +/* #undef HAVE_SANDBOX_INIT */ + +/* define if you have sa_family_t data type */ +#define HAVE_SA_FAMILY_T 1 + +/* Define if you have SecureWare-based protected password database */ +/* #undef HAVE_SECUREWARE */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SECURITY_PAM_APPL_H */ + +/* Define to 1 if you have the `sendmsg' function. */ +#define HAVE_SENDMSG 1 + +/* Define to 1 if you have the `setauthdb' function. */ +/* #undef HAVE_SETAUTHDB */ + +/* Define to 1 if you have the `setdtablesize' function. */ +/* #undef HAVE_SETDTABLESIZE */ + +/* Define to 1 if you have the `setegid' function. */ +#define HAVE_SETEGID 1 + +/* Define to 1 if you have the `setenv' function. */ +#define HAVE_SETENV 1 + +/* Define to 1 if you have the `seteuid' function. */ +#define HAVE_SETEUID 1 + +/* Define to 1 if you have the `setgroupent' function. */ +/* #undef HAVE_SETGROUPENT */ + +/* Define to 1 if you have the `setgroups' function. */ +#define HAVE_SETGROUPS 1 + +/* Define to 1 if you have the `setlogin' function. */ +/* #undef HAVE_SETLOGIN */ + +/* Define to 1 if you have the `setluid' function. */ +/* #undef HAVE_SETLUID */ + +/* Define to 1 if you have the `setpassent' function. */ +/* #undef HAVE_SETPASSENT */ + +/* Define to 1 if you have the `setpcred' function. */ +/* #undef HAVE_SETPCRED */ + +/* Define to 1 if you have the `setproctitle' function. */ +/* #undef HAVE_SETPROCTITLE */ + +/* Define to 1 if you have the `setregid' function. */ +#define HAVE_SETREGID 1 + +/* Define to 1 if you have the `setresgid' function. */ +#define HAVE_SETRESGID 1 + +/* Define to 1 if you have the `setresuid' function. */ +#define HAVE_SETRESUID 1 + +/* Define to 1 if you have the `setreuid' function. */ +#define HAVE_SETREUID 1 + +/* Define to 1 if you have the `setrlimit' function. */ +#define HAVE_SETRLIMIT 1 + +/* Define to 1 if you have the `setsid' function. */ +#define HAVE_SETSID 1 + +/* Define to 1 if you have the `setutent' function. */ +#define HAVE_SETUTENT 1 + +/* Define to 1 if you have the `setutxdb' function. */ +/* #undef HAVE_SETUTXDB */ + +/* Define to 1 if you have the `setutxent' function. */ +#define HAVE_SETUTXENT 1 + +/* Define to 1 if you have the `setvbuf' function. */ +#define HAVE_SETVBUF 1 + +/* Define to 1 if you have the `set_id' function. */ +/* #undef HAVE_SET_ID */ + +/* Define to 1 if you have the `SHA256_Update' function. */ +#define HAVE_SHA256_UPDATE 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SHA2_H */ + +/* Define to 1 if you have the header file. */ +/* #define HAVE_SHADOW_H 1 */ + +/* Define to 1 if you have the `sigaction' function. */ +#define HAVE_SIGACTION 1 + +/* Define to 1 if you have the `sigvec' function. */ +#define HAVE_SIGVEC 1 + +/* Define to 1 if the system has the type `sig_atomic_t'. */ +#define HAVE_SIG_ATOMIC_T 1 + +/* define if you have size_t data type */ +#define HAVE_SIZE_T 1 + +/* Define to 1 if you have the `snprintf' function. */ +#define HAVE_SNPRINTF 1 + +/* Define to 1 if you have the `socketpair' function. */ +#define HAVE_SOCKETPAIR 1 + +/* Have PEERCRED socket option */ +#define HAVE_SO_PEERCRED 1 + +/* define if you have ssize_t data type */ +#define HAVE_SSIZE_T 1 + +/* Fields in struct sockaddr_storage */ +#define HAVE_SS_FAMILY_IN_SS 1 + +/* Define to 1 if you have the `statfs' function. */ +#define HAVE_STATFS 1 + +/* Define to 1 if you have the `statvfs' function. */ +/* #define HAVE_STATVFS 1 */ + +/* Define to 1 if you have the header file. */ +#define HAVE_STDDEF_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the `strdup' function. */ +#define HAVE_STRDUP 1 + +/* Define to 1 if you have the `strerror' function. */ +#define HAVE_STRERROR 1 + +/* Define to 1 if you have the `strftime' function. */ +#define HAVE_STRFTIME 1 + +/* Silly mkstemp() */ +#define HAVE_STRICT_MKSTEMP 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the `strlcat' function. */ +/* #undef HAVE_STRLCAT */ + +/* Define to 1 if you have the `strlcpy' function. */ +/* #undef HAVE_STRLCPY */ + +/* Define to 1 if you have the `strmode' function. */ +/* #undef HAVE_STRMODE */ + +/* Define to 1 if you have the `strnvis' function. */ +/* #undef HAVE_STRNVIS */ + +/* Define to 1 if you have the `strptime' function. */ +#define HAVE_STRPTIME 1 + +/* Define to 1 if you have the `strsep' function. */ +#define HAVE_STRSEP 1 + +/* Define to 1 if you have the `strtoll' function. */ +#define HAVE_STRTOLL 1 + +/* Define to 1 if you have the `strtonum' function. */ +/* #undef HAVE_STRTONUM */ + +/* Define to 1 if you have the `strtoul' function. */ +#define HAVE_STRTOUL 1 + +/* define if you have struct addrinfo data type */ +#define HAVE_STRUCT_ADDRINFO 1 + +/* define if you have struct in6_addr data type */ +#define HAVE_STRUCT_IN6_ADDR 1 + +/* define if you have struct sockaddr_in6 data type */ +#define HAVE_STRUCT_SOCKADDR_IN6 1 + +/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */ +#define HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID 1 + +/* define if you have struct sockaddr_storage data type */ +#define HAVE_STRUCT_SOCKADDR_STORAGE 1 + +/* Define to 1 if `st_blksize' is a member of `struct stat'. */ +#define HAVE_STRUCT_STAT_ST_BLKSIZE 1 + +/* Define to 1 if the system has the type `struct timespec'. */ +#define HAVE_STRUCT_TIMESPEC 1 + +/* define if you have struct timeval */ +#define HAVE_STRUCT_TIMEVAL 1 + +/* Define to 1 if you have the `swap32' function. */ +/* #undef HAVE_SWAP32 */ + +/* Define to 1 if you have the `sysconf' function. */ +#define HAVE_SYSCONF 1 + +/* Define if you have syslen in utmpx.h */ +/* #undef HAVE_SYSLEN_IN_UTMPX */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_AUDIT_H */ + +/* Define to 1 if you have the header file. */ +/* #define HAVE_SYS_BITYPES_H 1 */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_BSDTTY_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_CDEFS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_DIR_H 1 + +/* Define if your system defines sys_errlist[] */ +#define HAVE_SYS_ERRLIST 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_MMAN_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_MOUNT_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_NDIR_H */ + +/* Define if your system defines sys_nerr */ +#define HAVE_SYS_NERR 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_POLL_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_PRCTL_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_PSTAT_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_PTMS_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_SELECT_H 1 + +/* Define to 1 if you have the header file. */ +/* #define HAVE_SYS_STATVFS_H 1 */ + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_STREAM_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_STROPTS_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_STRTIO_H */ + +/* Force use of sys/syslog.h on Ultrix */ +/* #undef HAVE_SYS_SYSLOG_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_SYSMACROS_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_SYS_TIMERS_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_TIME_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_TYPES_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_UN_H 1 + +/* Define to 1 if you have the `tcgetpgrp' function. */ +#define HAVE_TCGETPGRP 1 + +/* Define to 1 if you have the `tcsendbreak' function. */ +#define HAVE_TCSENDBREAK 1 + +/* Define to 1 if you have the `time' function. */ +#define HAVE_TIME 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_TIME_H 1 + +/* Define if you have ut_time in utmp.h */ +/* #undef HAVE_TIME_IN_UTMP */ + +/* Define if you have ut_time in utmpx.h */ +/* #undef HAVE_TIME_IN_UTMPX */ + +/* Define to 1 if you have the `timingsafe_bcmp' function. */ +/* #undef HAVE_TIMINGSAFE_BCMP */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_TMPDIR_H */ + +/* Define to 1 if you have the `truncate' function. */ +#define HAVE_TRUNCATE 1 + +/* Define to 1 if you have the header file. */ +/* #define HAVE_TTYENT_H 1 */ + +/* Define if you have ut_tv in utmp.h */ +#define HAVE_TV_IN_UTMP 1 + +/* Define if you have ut_tv in utmpx.h */ +#define HAVE_TV_IN_UTMPX 1 + +/* Define if you have ut_type in utmp.h */ +#define HAVE_TYPE_IN_UTMP 1 + +/* Define if you have ut_type in utmpx.h */ +#define HAVE_TYPE_IN_UTMPX 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_UCRED_H */ + +/* define if you have uintxx_t data type */ +#define HAVE_UINTXX_T 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_UNISTD_H 1 + +/* Define to 1 if you have the `unsetenv' function. */ +#define HAVE_UNSETENV 1 + +/* Define to 1 if the system has the type `unsigned long long'. */ +#define HAVE_UNSIGNED_LONG_LONG 1 + +/* Define to 1 if you have the `updwtmp' function. */ +#define HAVE_UPDWTMP 1 + +/* Define to 1 if you have the `updwtmpx' function. */ +#define HAVE_UPDWTMPX 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_USERSEC_H */ + +/* Define to 1 if you have the `user_from_uid' function. */ +/* #undef HAVE_USER_FROM_UID */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_UTIL_H */ + +/* Define to 1 if you have the `utimes' function. */ +#define HAVE_UTIMES 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_UTIME_H 1 + +/* Define to 1 if you have the `utmpname' function. */ +#define HAVE_UTMPNAME 1 + +/* Define to 1 if you have the `utmpxname' function. */ +#define HAVE_UTMPXNAME 1 + +/* Define to 1 if you have the header file. */ +/* #define HAVE_UTMPX_H 1 */ + +/* Define to 1 if you have the header file. */ +#define HAVE_UTMP_H 1 + +/* define if you have u_char data type */ +#define HAVE_U_CHAR 1 + +/* define if you have u_int data type */ +#define HAVE_U_INT 1 + +/* define if you have u_int64_t data type */ +#define HAVE_U_INT64_T 1 + +/* define if you have u_intxx_t data type */ +#define HAVE_U_INTXX_T 1 + +/* Define to 1 if you have the `vasprintf' function. */ +#define HAVE_VASPRINTF 1 + +/* Define if va_copy exists */ +#define HAVE_VA_COPY 1 + +/* Define to 1 if you have the `vhangup' function. */ +/* #define HAVE_VHANGUP 1 */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_VIS_H */ + +/* Define to 1 if you have the `vsnprintf' function. */ +#define HAVE_VSNPRINTF 1 + +/* Define to 1 if you have the `waitpid' function. */ +#define HAVE_WAITPID 1 + +/* Define to 1 if you have the `_getlong' function. */ +#define HAVE__GETLONG 1 + +/* Define to 1 if you have the `_getpty' function. */ +/* #undef HAVE__GETPTY */ + +/* Define to 1 if you have the `_getshort' function. */ +#define HAVE__GETSHORT 1 + +/* Define if you have struct __res_state _res as an extern */ +#define HAVE__RES_EXTERN 1 + +/* Define to 1 if you have the `__b64_ntop' function. */ +/* #undef HAVE___B64_NTOP */ + +/* Define to 1 if you have the `__b64_pton' function. */ +/* #undef HAVE___B64_PTON */ + +/* Define if compiler implements __FUNCTION__ */ +#define HAVE___FUNCTION__ 1 + +/* Define if libc defines __progname */ +#define HAVE___PROGNAME 1 + +/* Fields in struct sockaddr_storage */ +/* #undef HAVE___SS_FAMILY_IN_SS */ + +/* Define if __va_copy exists */ +#define HAVE___VA_COPY 1 + +/* Define if compiler implements __func__ */ +#define HAVE___func__ 1 + +/* Define this if you are using the Heimdal version of Kerberos V5 */ +/* #undef HEIMDAL */ + +/* Define if you need to use IP address instead of hostname in $DISPLAY */ +/* #undef IPADDR_IN_DISPLAY */ + +/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ +#define IPV4_IN_IPV6 1 + +/* Define if your system choked on IP TOS setting */ +/* #undef IP_TOS_IS_BROKEN */ + +/* Define if you want Kerberos 5 support */ +/* #undef KRB5 */ + +/* Define if pututxline updates lastlog too */ +/* #undef LASTLOG_WRITE_PUTUTXLINE */ + +/* Define if you want TCP Wrappers support */ +/* #undef LIBWRAP */ + +/* Define to whatever link() returns for "not supported" if it doesn't return + EOPNOTSUPP. */ +#define LINK_OPNOTSUPP_ERRNO EPERM + +/* Adjust Linux out-of-memory killer */ +#define LINUX_OOM_ADJUST 1 + +/* max value of long long calculated by configure */ +/* #undef LLONG_MAX */ + +/* min value of long long calculated by configure */ +/* #undef LLONG_MIN */ + +/* Account locked with pw(1) */ +#define LOCKED_PASSWD_PREFIX "!" + +/* String used in /etc/passwd to denote locked account */ +/* #undef LOCKED_PASSWD_STRING */ + +/* String used in /etc/passwd to denote locked account */ +/* #undef LOCKED_PASSWD_SUBSTR */ + +/* Some versions of /bin/login need the TERM supplied on the commandline */ +/* #undef LOGIN_NEEDS_TERM */ + +/* Some systems need a utmpx entry for /bin/login to work */ +/* #undef LOGIN_NEEDS_UTMPX */ + +/* Define if your login program cannot handle end of options ("--") */ +/* #undef LOGIN_NO_ENDOPT */ + +/* If your header files don't define LOGIN_PROGRAM, then use this (detected) + from environment and PATH */ +#define LOGIN_PROGRAM_FALLBACK "/bin/login" + +/* Set this to your mail directory if you do not have _PATH_MAILDIR */ +/* #undef MAIL_DIRECTORY */ + +/* Define on *nto-qnx systems */ +#define MISSING_FD_MASK 1 + +/* Define on *nto-qnx systems */ +#define MISSING_HOWMANY 1 + +/* Define on *nto-qnx systems */ +/* #undef MISSING_NFDBITS */ + +/* Need setpgrp to acquire controlling tty */ +/* #undef NEED_SETPGRP */ + +/* Define if the concept of ports only accessible to superusers isn't known */ +/* #undef NO_IPPORT_RESERVED_CONCEPT */ + +/* Define if you don't want to use lastlog in session.c */ +/* #undef NO_SSH_LASTLOG */ + +/* Define if X11 doesn't support AF_UNIX sockets on that system */ +/* #undef NO_X11_UNIX_SOCKETS */ + +/* Define if EVP_DigestUpdate returns void */ +/* #undef OPENSSL_EVP_DIGESTUPDATE_VOID */ + +/* libcrypto includes complete ECC support */ +#define OPENSSL_HAS_ECC 1 + +/* libcrypto is missing AES 192 and 256 bit functions */ +/* #undef OPENSSL_LOBOTOMISED_AES */ + +/* Define if you want OpenSSL's internally seeded PRNG only */ +#define OPENSSL_PRNG_ONLY 1 + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "openssh-unix-dev@mindrot.org" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "OpenSSH" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "OpenSSH Portable" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "openssh" + +/* Define to the home page for this package. */ +#define PACKAGE_URL "" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "Portable" + +/* Define if you are using Solaris-derived PAM which passes pam_messages to + the conversation function with an extra level of indirection */ +/* #undef PAM_SUN_CODEBASE */ + +/* Work around problematic Linux PAM modules handling of PAM_TTY */ +#define PAM_TTY_KLUDGE 1 + +/* must supply username to passwd */ +/* #undef PASSWD_NEEDS_USERNAME */ + +/* Port number of PRNGD/EGD random number socket */ +/* #undef PRNGD_PORT */ + +/* Location of PRNGD/EGD random number socket */ +/* #undef PRNGD_SOCKET */ + +/* read(1) can return 0 for a non-closed fd */ +/* #undef PTY_ZEROREAD */ + +/* Sandbox using Darwin sandbox_init(3) */ +/* #undef SANDBOX_DARWIN */ + +/* no privsep sandboxing */ +/* #undef SANDBOX_NULL */ + +/* Sandbox using setrlimit(2) */ +#define SANDBOX_RLIMIT 1 + +/* Sandbox using systrace(4) */ +/* #undef SANDBOX_SYSTRACE */ + +/* Define if your platform breaks doing a seteuid before a setuid */ +/* #undef SETEUID_BREAKS_SETUID */ + +/* The size of `char', as computed by sizeof. */ +#define SIZEOF_CHAR 1 + +/* The size of `int', as computed by sizeof. */ +#define SIZEOF_INT 4 + +/* The size of `long int', as computed by sizeof. */ +#define SIZEOF_LONG_INT 8 + +/* The size of `long long int', as computed by sizeof. */ +#define SIZEOF_LONG_LONG_INT 8 + +/* The size of `short int', as computed by sizeof. */ +#define SIZEOF_SHORT_INT 2 + +/* Define if you want S/Key support */ +/* #undef SKEY */ + +/* Define if your skeychallenge() function takes 4 arguments (NetBSD) */ +/* #undef SKEYCHALLENGE_4ARG */ + +/* Define as const if snprintf() can declare const char *fmt */ +#define SNPRINTF_CONST const + +/* Define to a Set Process Title type if your system is supported by + bsd-setproctitle.c */ +#define SPT_TYPE SPT_REUSEARGV + +/* Define if sshd somehow reacquires a controlling TTY after setsid() */ +/* #undef SSHD_ACQUIRES_CTTY */ + +/* Define if pam_chauthtok wants real uid set to the unpriv'ed user */ +/* #undef SSHPAM_CHAUTHTOK_NEEDS_RUID */ + +/* Use audit debugging module */ +/* #undef SSH_AUDIT_EVENTS */ + +/* Windows is sensitive to read buffer size */ +/* #undef SSH_IOBUFSZ */ + +/* non-privileged user for privilege separation */ +#define SSH_PRIVSEP_USER "shell" + +/* Use tunnel device compatibility to OpenBSD */ +#define SSH_TUN_COMPAT_AF 1 + +/* Open tunnel devices the FreeBSD way */ +/* #undef SSH_TUN_FREEBSD */ + +/* Open tunnel devices the Linux tun/tap way */ +#define SSH_TUN_LINUX 1 + +/* No layer 2 tunnel support */ +/* #undef SSH_TUN_NO_L2 */ + +/* Open tunnel devices the OpenBSD way */ +/* #undef SSH_TUN_OPENBSD */ + +/* Prepend the address family to IP tunnel traffic */ +#define SSH_TUN_PREPEND_AF 1 + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Define if you want a different $PATH for the superuser */ +/* #undef SUPERUSER_PATH */ + +/* syslog_r function is safe to use in in a signal handler */ +/* #undef SYSLOG_R_SAFE_IN_SIGHAND */ + +/* Support passwords > 8 chars */ +/* #undef UNIXWARE_LONG_PASSWORDS */ + +/* Specify default $PATH */ +#define USER_PATH "/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin" + +/* Define this if you want to use libkafs' AFS support */ +/* #undef USE_AFS */ + +/* Use BSM audit module */ +/* #undef USE_BSM_AUDIT */ + +/* Use btmp to log bad logins */ +/* #define USE_BTMP 1 */ + +/* Use libedit for sftp */ +/* #undef USE_LIBEDIT */ + +/* Use Linux audit module */ +/* #undef USE_LINUX_AUDIT */ + +/* Enable OpenSSL engine support */ +/* #undef USE_OPENSSL_ENGINE */ + +/* Define if you want to enable PAM support */ +/* #undef USE_PAM */ + +/* Use PIPES instead of a socketpair() */ +/* #undef USE_PIPES */ + +/* Define if you have Solaris process contracts */ +/* #undef USE_SOLARIS_PROCESS_CONTRACTS */ + +/* Define if you have Solaris projects */ +/* #undef USE_SOLARIS_PROJECTS */ + +/* Define if you shouldn't strip 'tty' from your ttyname in [uw]tmp */ +/* #undef WITH_ABBREV_NO_TTY */ + +/* Define if you want to enable AIX4's authenticate function */ +/* #undef WITH_AIXAUTHENTICATE */ + +/* Define if you have/want arrays (cluster-wide session managment, not C + arrays) */ +/* #undef WITH_IRIX_ARRAY */ + +/* Define if you want IRIX audit trails */ +/* #undef WITH_IRIX_AUDIT */ + +/* Define if you want IRIX kernel jobs */ +/* #undef WITH_IRIX_JOBS */ + +/* Define if you want IRIX project management */ +/* #undef WITH_IRIX_PROJECT */ + +/* Define if you want SELinux support. */ +/* #undef WITH_SELINUX */ + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +/* # undef WORDS_BIGENDIAN */ +# endif +#endif + +/* Define if xauth is found in your path */ +#define XAUTH_PATH "/usr/bin/xauth" + +/* Number of bits in a file offset, on hosts where this is settable. */ +/* #undef _FILE_OFFSET_BITS */ + +/* Define for large files, on AIX-style hosts. */ +/* #undef _LARGE_FILES */ + +/* log for bad login attempts */ +#define _PATH_BTMP "/var/log/btmp" + +/* Full path of your "passwd" program */ +#define _PATH_PASSWD_PROG "/usr/bin/passwd" + +/* Specify location of ssh.pid */ +#define _PATH_SSH_PIDDIR "/var/run" + +/* Define if we don't have struct __res_state in resolv.h */ +/* #undef __res_state */ + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +/* #undef inline */ +#endif + +/* type to use in place of socklen_t if not defined */ +/* #undef socklen_t */ + +#define SSHDIR "/data/ssh" + +#define _PATH_PRIVSEP_CHROOT_DIR "/data/ssh/empty" diff --git a/dns.c b/dns.c index 131cb3d..87c131f 100644 --- a/dns.c +++ b/dns.c @@ -200,8 +200,13 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, return -1; } +#ifndef ANDROID result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, DNS_RDATATYPE_SSHFP, 0, &fingerprints); +#else + /* unsupported in android */ + result = -1; +#endif if (result) { verbose("DNS lookup error: %s", dns_result_totext(result)); return -1; @@ -220,7 +225,9 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, if (!dns_read_key(&hostkey_algorithm, &hostkey_digest_type, &hostkey_digest, &hostkey_digest_len, hostkey)) { error("Error calculating host key fingerprint."); +#ifndef ANDROID freerrset(fingerprints); +#endif return -1; } @@ -255,7 +262,9 @@ verify_host_key_dns(const char *hostname, struct sockaddr *address, } xfree(hostkey_digest); /* from key_fingerprint_raw() */ +#ifndef ANDROID freerrset(fingerprints); +#endif if (*flags & DNS_VERIFY_FOUND) if (*flags & DNS_VERIFY_MATCH) diff --git a/monitor.c b/monitor.c index f865057..a9577a0 100644 --- a/monitor.c +++ b/monitor.c @@ -848,8 +848,13 @@ mm_answer_authpassword(int sock, Buffer *m) passwd = buffer_get_string(m, &plen); /* Only authenticate if the context is valid */ +#ifndef ANDROID + /* no password authentication in android */ authenticated = options.password_authentication && auth_password(authctxt, passwd); +#else + authenticated = 0; +#endif memset(passwd, 0, strlen(passwd)); xfree(passwd); diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c index 9777eb5..2141710 100644 --- a/openbsd-compat/bsd-openpty.c +++ b/openbsd-compat/bsd-openpty.c @@ -121,6 +121,7 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, return (-1); } +#ifndef ANDROID /* * Try to push the appropriate streams modules, as described * in Solaris pts(7). @@ -130,6 +131,7 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp, # ifndef __hpux ioctl(*aslave, I_PUSH, "ttcompat"); # endif /* __hpux */ +#endif /* ANDROID */ return (0); diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c index 9887667..cf6c7ec 100644 --- a/openbsd-compat/getrrsetbyname.c +++ b/openbsd-compat/getrrsetbyname.c @@ -56,6 +56,8 @@ #include #include "getrrsetbyname.h" +#include "nameser.h" +#include "nameser_compat.h" #if defined(HAVE_DECL_H_ERRNO) && !HAVE_DECL_H_ERRNO extern int h_errno; diff --git a/openbsd-compat/readpassphrase.c b/openbsd-compat/readpassphrase.c index 62b6d0d..151f511 100644 --- a/openbsd-compat/readpassphrase.c +++ b/openbsd-compat/readpassphrase.c @@ -30,11 +30,12 @@ #include #include #include -#include #include #include #include +#include "readpassphrase.h" + #ifdef TCSASOFT # define _T_FLUSH (TCSAFLUSH|TCSASOFT) #else diff --git a/openbsd-compat/setproctitle.c b/openbsd-compat/setproctitle.c index 2965f68..bc48c4d 100644 --- a/openbsd-compat/setproctitle.c +++ b/openbsd-compat/setproctitle.c @@ -43,7 +43,7 @@ #endif #include -#include +#include "vis.h" #define SPT_NONE 0 /* don't use it at all */ #define SPT_PSTAT 1 /* use pstat(PSTAT_SETCMD, ...) */ diff --git a/scp.c b/scp.c index 18b2597..91da97f 100644 --- a/scp.c +++ b/scp.c @@ -1064,7 +1064,7 @@ sink(int argc, char **argv) continue; } omode = mode; - mode |= S_IWRITE; + mode |= S_IWUSR; if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { bad: run_err("%s: %s", np, strerror(errno)); continue; diff --git a/session.c b/session.c index 6a70400..56488fa 100644 --- a/session.c +++ b/session.c @@ -1496,8 +1496,11 @@ do_setusercontext(struct passwd *pw) perror("initgroups"); exit(1); } +#ifndef ANDROID + /* FIXME - Android doesn't have this */ endgrent(); #endif +#endif platform_setusercontext_post_groups(pw); diff --git a/sftp-client.c b/sftp-client.c index caa384b..211abc0 100644 --- a/sftp-client.c +++ b/sftp-client.c @@ -1048,7 +1048,7 @@ do_download(struct sftp_conn *conn, char *remote_path, char *local_path, } local_fd = open(local_path, O_WRONLY | O_CREAT | O_TRUNC, - mode | S_IWRITE); + mode | S_IWUSR); if (local_fd == -1) { error("Couldn't open local file \"%s\" for writing: %s", local_path, strerror(errno)); diff --git a/sshd.c b/sshd.c index cc10395..9fcecea 100644 --- a/sshd.c +++ b/sshd.c @@ -1572,9 +1572,11 @@ main(int ac, char **av) fatal("Privilege separation user %s does not exist", SSH_PRIVSEP_USER); } else { - memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); + if (privsep_pw->pw_passwd) + memset(privsep_pw->pw_passwd, 0, strlen(privsep_pw->pw_passwd)); privsep_pw = pwcopy(privsep_pw); - xfree(privsep_pw->pw_passwd); + if (privsep_pw->pw_passwd) + xfree(privsep_pw->pw_passwd); privsep_pw->pw_passwd = xstrdup("*"); } endpwent(); diff --git a/sshd_config.android b/sshd_config.android new file mode 100644 index 0000000..3f3aa42 --- /dev/null +++ b/sshd_config.android @@ -0,0 +1,120 @@ +# $OpenBSD: sshd_config,v 1.84 2011/05/23 03:30:07 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +# The default requires explicit activation of protocol 1 +Protocol 2 + +# HostKey for protocol version 1 +#HostKey /etc/ssh/ssh_host_key +# HostKeys for protocol version 2 +HostKey /data/ssh/ssh_host_rsa_key +HostKey /data/ssh/ssh_host_dsa_key + +# Lifetime and size of ephemeral version 1 server key +#KeyRegenerationInterval 1h +#ServerKeyBits 1024 + +# Logging +# obsoletes QuietMode and FascistLogging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin yes +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#RSAAuthentication yes +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile /data/ssh/authorized_keys + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#RhostsRSAAuthentication no +# similar for protocol version 2 +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# RhostsRSAAuthentication and HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +PasswordAuthentication no +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#ChallengeResponseAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#UseLogin no +#UsePrivilegeSeparation yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid +#MaxStartups 10 +#PermitTunnel no +#ChrootDirectory none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# ForceCommand cvs server diff --git a/sshpty.c b/sshpty.c index bbbc0fe..1ed041b 100644 --- a/sshpty.c +++ b/sshpty.c @@ -72,9 +72,14 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen) error("openpty: %.100s", strerror(errno)); return 0; } +#ifdef ANDROID + /* Android does not have a working ttyname() */ + name = "/dev/ptmx"; +#else name = ttyname(*ttyfd); if (!name) fatal("openpty returns device for which ttyname fails."); +#endif strlcpy(namebuf, name, namebuflen); /* possible truncation */ return 1; diff --git a/start-ssh b/start-ssh new file mode 100755 index 0000000..d3a683c --- /dev/null +++ b/start-ssh @@ -0,0 +1,29 @@ +#!/system/bin/sh + +# DEBUG=1 + +DSA_KEY=/data/ssh/ssh_host_dsa_key +DSA_PUB_KEY=/data/ssh/ssh_host_dsa_key.pub +RSA_KEY=/data/ssh/ssh_host_rsa_key +RSA_PUB_KEY=/data/ssh/ssh_host_rsa_key.pub + +if [ ! -f $DSA_KEY ]; then + ssh-keygen -t dsa -f $DSA_KEY -N "" + chmod 600 /$DSA_KEY + chmod 644 $DSA_PUB_KEY +fi + +if [ ! -f $RSA_KEY ]; then + /system/bin/ssh-keygen -t rsa -f $RSA_KEY -N "" + chmod 600 /$RSA_KEY + chmod 644 $RSA_PUB_KEY +fi + + +if [ "1" == "$DEBUG" ] ; then + # run sshd in debug mode and capture output to logcat + /system/bin/logwrapper /system/bin/sshd -f /system/etc/ssh/sshd_config -D -d +else + # don't daemonize - otherwise we can't stop the sshd service + /system/bin/sshd -f /system/etc/ssh/sshd_config -D +fi -- 2.11.0