mysecureshell_2.0/0000755000000000000000000000000012422711313013013 5ustar rootrootmysecureshell_2.0/configure0000755000000000000000000064535612422711313014745 0ustar rootroot#! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69 for MySecureShell 2.0. # # Report bugs to . # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # Use a proper internal environment variable to ensure we don't fall # into an infinite loop, continuously re-executing ourselves. if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then _as_can_reexec=no; export _as_can_reexec; # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 as_fn_exit 255 fi # We don't want this to propagate to other subprocesses. { _as_can_reexec=; unset _as_can_reexec;} if test "x$CONFIG_SHELL" = x; then as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which # is contrary to our usage. Disable this feature. alias -g '\${1+\"\$@\"}'='\"\$@\"' setopt NO_GLOB_SUBST else case \`(set -o) 2>/dev/null\` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi " as_required="as_fn_return () { (exit \$1); } as_fn_success () { as_fn_return 0; } as_fn_failure () { as_fn_return 1; } as_fn_ret_success () { return 0; } as_fn_ret_failure () { return 1; } exitcode=0 as_fn_success || { exitcode=1; echo as_fn_success failed.; } as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : else exitcode=1; echo positional parameters were not saved. fi test x\$exitcode = x0 || exit 1 test -x / || exit 1" as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 test \$(( 1 + 1 )) = 2 || exit 1" if (eval "$as_required") 2>/dev/null; then : as_have_required=yes else as_have_required=no fi if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR as_found=false for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. as_found=: case $as_dir in #( /*) for as_base in sh bash ksh sh5; do # Try only shells that exist, to save several forks. as_shell=$as_dir/$as_base if { test -f "$as_shell" || test -f "$as_shell.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : CONFIG_SHELL=$as_shell as_have_required=yes if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : break 2 fi fi done;; esac as_found=false done $as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : CONFIG_SHELL=$SHELL as_have_required=yes fi; } IFS=$as_save_IFS if test "x$CONFIG_SHELL" != x; then : export CONFIG_SHELL # We cannot yet assume a decent shell, so we have to provide a # neutralization value for shells without unset; and this also # works around shells that cannot unset nonexistent variables. # Preserve -v and -x to the replacement shell. BASH_ENV=/dev/null ENV=/dev/null (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV case $- in # (((( *v*x* | *x*v* ) as_opts=-vx ;; *v* ) as_opts=-v ;; *x* ) as_opts=-x ;; * ) as_opts= ;; esac exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} # Admittedly, this is quite paranoid, since all the known shells bail # out after a failed `exec'. $as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 exit 255 fi if test x$as_have_required = xno; then : $as_echo "$0: This script requires a shell more modern than all" $as_echo "$0: the shells that I found on your system." if test x${ZSH_VERSION+set} = xset ; then $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" $as_echo "$0: be upgraded to zsh 4.3.4 or later." else $as_echo "$0: Please tell bug-autoconf@gnu.org and $0: teka2nerdman@users.sourceforge.net about your system, $0: including any error possibly output before this $0: message. Then install a modern shell, or manually run $0: the script under such a shell if you do have one." fi exit 1 fi fi fi SHELL=${CONFIG_SHELL-/bin/sh} export SHELL # Unset more variables known to interfere with behavior of common tools. CLICOLOR_FORCE= GREP_OPTIONS= unset CLICOLOR_FORCE GREP_OPTIONS ## --------------------- ## ## M4sh Shell Functions. ## ## --------------------- ## # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits as_lineno_1=$LINENO as_lineno_1a=$LINENO as_lineno_2=$LINENO as_lineno_2a=$LINENO eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) sed -n ' p /[$]LINENO/= ' <$as_myself | sed ' s/[$]LINENO.*/&-/ t lineno b :lineno N :loop s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ t loop s/-\n.*// ' >$as_me.lineno && chmod +x "$as_me.lineno" || { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } # If we had to re-execute with $CONFIG_SHELL, we're ensured to have # already done that, so ensure we don't try to do so again and fall # in an infinite loop. This has already happened in practice. _as_can_reexec=no; export _as_can_reexec # Don't try to exec as it changes $[0], causing all sort of problems # (the dirname of $[0] is not the place where we might find the # original and so on. Autoconf is especially sensitive to this). . "./$as_me.lineno" # Exit status is that of the last command. exit } ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" test -n "$DJDIR" || exec 7<&0 &1 # Name of the host. # hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, # so uname gets run too. ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` # # Initializations. # ac_default_prefix=/usr/local ac_clean_files= ac_config_libobj_dir=. LIBOBJS= cross_compiling=no subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='MySecureShell' PACKAGE_TARNAME='mysecureshell' PACKAGE_VERSION='2.0' PACKAGE_STRING='MySecureShell 2.0' PACKAGE_BUGREPORT='teka2nerdman@users.sourceforge.net' PACKAGE_URL='' # Factoring default headers for most tests. ac_includes_default="\ #include #ifdef HAVE_SYS_TYPES_H # include #endif #ifdef HAVE_SYS_STAT_H # include #endif #ifdef STDC_HEADERS # include # include #else # ifdef HAVE_STDLIB_H # include # endif #endif #ifdef HAVE_STRING_H # if !defined STDC_HEADERS && defined HAVE_MEMORY_H # include # endif # include #endif #ifdef HAVE_STRINGS_H # include #endif #ifdef HAVE_INTTYPES_H # include #endif #ifdef HAVE_STDINT_H # include #endif #ifdef HAVE_UNISTD_H # include #endif" ac_header_list= ac_func_list= ac_subst_vars='INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM LTLIBOBJS MSS_DEBUG MSS_LOG MSS_CONF MANDIR BINDIR SBINDIR ETCDIR LIBOBJS LINKER_OPT LN_S EGREP GREP CPP SUDO SED OBJEXT EXEEXT ac_ct_CC CPPFLAGS LDFLAGS CFLAGS CC SET_MAKE target_alias host_alias build_alias LIBS ECHO_T ECHO_N ECHO_C DEFS mandir localedir libdir psdir pdfdir dvidir htmldir infodir docdir oldincludedir includedir localstatedir sharedstatedir sysconfdir datadir datarootdir libexecdir sbindir bindir program_transform_name prefix exec_prefix PACKAGE_URL PACKAGE_BUGREPORT PACKAGE_STRING PACKAGE_VERSION PACKAGE_TARNAME PACKAGE_NAME PATH_SEPARATOR SHELL' ac_subst_files='' ac_user_opts=' enable_option_checking enable_largefile with_conffile with_logfile with_logcolor with_shutfile with_admin with_libiconv with_debug ' ac_precious_vars='build_alias host_alias target_alias CC CFLAGS LDFLAGS LIBS CPPFLAGS CPP' # Initialize some variables set by options. ac_init_help= ac_init_version=false ac_unrecognized_opts= ac_unrecognized_sep= # The variables have the same names as the options, with # dashes changed to underlines. cache_file=/dev/null exec_prefix=NONE no_create= no_recursion= prefix=NONE program_prefix=NONE program_suffix=NONE program_transform_name=s,x,x, silent= site= srcdir= verbose= x_includes=NONE x_libraries=NONE # Installation directory options. # These are left unexpanded so users can "make install exec_prefix=/foo" # and all the variables that are supposed to be based on exec_prefix # by default will actually change. # Use braces instead of parens because sh, perl, etc. also accept them. # (The list follows the same order as the GNU Coding Standards.) bindir='${exec_prefix}/bin' sbindir='${exec_prefix}/sbin' libexecdir='${exec_prefix}/libexec' datarootdir='${prefix}/share' datadir='${datarootdir}' sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' infodir='${datarootdir}/info' htmldir='${docdir}' dvidir='${docdir}' pdfdir='${docdir}' psdir='${docdir}' libdir='${exec_prefix}/lib' localedir='${datarootdir}/locale' mandir='${datarootdir}/man' ac_prev= ac_dashdash= for ac_option do # If the previous option needs an argument, assign it. if test -n "$ac_prev"; then eval $ac_prev=\$ac_option ac_prev= continue fi case $ac_option in *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; *=) ac_optarg= ;; *) ac_optarg=yes ;; esac # Accept the important Cygnus configure options, so we can diagnose typos. case $ac_dashdash$ac_option in --) ac_dashdash=yes ;; -bindir | --bindir | --bindi | --bind | --bin | --bi) ac_prev=bindir ;; -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) bindir=$ac_optarg ;; -build | --build | --buil | --bui | --bu) ac_prev=build_alias ;; -build=* | --build=* | --buil=* | --bui=* | --bu=*) build_alias=$ac_optarg ;; -cache-file | --cache-file | --cache-fil | --cache-fi \ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) ac_prev=cache_file ;; -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) cache_file=$ac_optarg ;; --config-cache | -C) cache_file=config.cache ;; -datadir | --datadir | --datadi | --datad) ac_prev=datadir ;; -datadir=* | --datadir=* | --datadi=* | --datad=*) datadir=$ac_optarg ;; -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ | --dataroo | --dataro | --datar) ac_prev=datarootdir ;; -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) datarootdir=$ac_optarg ;; -disable-* | --disable-*) ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=no ;; -docdir | --docdir | --docdi | --doc | --do) ac_prev=docdir ;; -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) docdir=$ac_optarg ;; -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) ac_prev=dvidir ;; -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) dvidir=$ac_optarg ;; -enable-* | --enable-*) ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid feature name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "enable_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval enable_$ac_useropt=\$ac_optarg ;; -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ | --exec | --exe | --ex) ac_prev=exec_prefix ;; -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ | --exec=* | --exe=* | --ex=*) exec_prefix=$ac_optarg ;; -gas | --gas | --ga | --g) # Obsolete; use --with-gas. with_gas=yes ;; -help | --help | --hel | --he | -h) ac_init_help=long ;; -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) ac_init_help=recursive ;; -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) ac_init_help=short ;; -host | --host | --hos | --ho) ac_prev=host_alias ;; -host=* | --host=* | --hos=* | --ho=*) host_alias=$ac_optarg ;; -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) ac_prev=htmldir ;; -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ | --ht=*) htmldir=$ac_optarg ;; -includedir | --includedir | --includedi | --included | --include \ | --includ | --inclu | --incl | --inc) ac_prev=includedir ;; -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ | --includ=* | --inclu=* | --incl=* | --inc=*) includedir=$ac_optarg ;; -infodir | --infodir | --infodi | --infod | --info | --inf) ac_prev=infodir ;; -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) infodir=$ac_optarg ;; -libdir | --libdir | --libdi | --libd) ac_prev=libdir ;; -libdir=* | --libdir=* | --libdi=* | --libd=*) libdir=$ac_optarg ;; -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ | --libexe | --libex | --libe) ac_prev=libexecdir ;; -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ | --libexe=* | --libex=* | --libe=*) libexecdir=$ac_optarg ;; -localedir | --localedir | --localedi | --localed | --locale) ac_prev=localedir ;; -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) localedir=$ac_optarg ;; -localstatedir | --localstatedir | --localstatedi | --localstated \ | --localstate | --localstat | --localsta | --localst | --locals) ac_prev=localstatedir ;; -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) localstatedir=$ac_optarg ;; -mandir | --mandir | --mandi | --mand | --man | --ma | --m) ac_prev=mandir ;; -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) mandir=$ac_optarg ;; -nfp | --nfp | --nf) # Obsolete; use --without-fp. with_fp=no ;; -no-create | --no-create | --no-creat | --no-crea | --no-cre \ | --no-cr | --no-c | -n) no_create=yes ;; -no-recursion | --no-recursion | --no-recursio | --no-recursi \ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) no_recursion=yes ;; -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ | --oldin | --oldi | --old | --ol | --o) ac_prev=oldincludedir ;; -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) oldincludedir=$ac_optarg ;; -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) ac_prev=prefix ;; -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) prefix=$ac_optarg ;; -program-prefix | --program-prefix | --program-prefi | --program-pref \ | --program-pre | --program-pr | --program-p) ac_prev=program_prefix ;; -program-prefix=* | --program-prefix=* | --program-prefi=* \ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) program_prefix=$ac_optarg ;; -program-suffix | --program-suffix | --program-suffi | --program-suff \ | --program-suf | --program-su | --program-s) ac_prev=program_suffix ;; -program-suffix=* | --program-suffix=* | --program-suffi=* \ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) program_suffix=$ac_optarg ;; -program-transform-name | --program-transform-name \ | --program-transform-nam | --program-transform-na \ | --program-transform-n | --program-transform- \ | --program-transform | --program-transfor \ | --program-transfo | --program-transf \ | --program-trans | --program-tran \ | --progr-tra | --program-tr | --program-t) ac_prev=program_transform_name ;; -program-transform-name=* | --program-transform-name=* \ | --program-transform-nam=* | --program-transform-na=* \ | --program-transform-n=* | --program-transform-=* \ | --program-transform=* | --program-transfor=* \ | --program-transfo=* | --program-transf=* \ | --program-trans=* | --program-tran=* \ | --progr-tra=* | --program-tr=* | --program-t=*) program_transform_name=$ac_optarg ;; -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) ac_prev=pdfdir ;; -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) pdfdir=$ac_optarg ;; -psdir | --psdir | --psdi | --psd | --ps) ac_prev=psdir ;; -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) psdir=$ac_optarg ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ | --sbi=* | --sb=*) sbindir=$ac_optarg ;; -sharedstatedir | --sharedstatedir | --sharedstatedi \ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ | --sharedst | --shareds | --shared | --share | --shar \ | --sha | --sh) ac_prev=sharedstatedir ;; -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ | --sha=* | --sh=*) sharedstatedir=$ac_optarg ;; -site | --site | --sit) ac_prev=site ;; -site=* | --site=* | --sit=*) site=$ac_optarg ;; -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) ac_prev=srcdir ;; -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) srcdir=$ac_optarg ;; -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ | --syscon | --sysco | --sysc | --sys | --sy) ac_prev=sysconfdir ;; -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) sysconfdir=$ac_optarg ;; -target | --target | --targe | --targ | --tar | --ta | --t) ac_prev=target_alias ;; -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) target_alias=$ac_optarg ;; -v | -verbose | --verbose | --verbos | --verbo | --verb) verbose=yes ;; -version | --version | --versio | --versi | --vers | -V) ac_init_version=: ;; -with-* | --with-*) ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=\$ac_optarg ;; -without-* | --without-*) ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` # Reject names that are not valid shell variable names. expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && as_fn_error $? "invalid package name: $ac_useropt" ac_useropt_orig=$ac_useropt ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` case $ac_user_opts in *" "with_$ac_useropt" "*) ;; *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" ac_unrecognized_sep=', ';; esac eval with_$ac_useropt=no ;; --x) # Obsolete; use --with-x. with_x=yes ;; -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ | --x-incl | --x-inc | --x-in | --x-i) ac_prev=x_includes ;; -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) x_includes=$ac_optarg ;; -x-libraries | --x-libraries | --x-librarie | --x-librari \ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) ac_prev=x_libraries ;; -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) x_libraries=$ac_optarg ;; -*) as_fn_error $? "unrecognized option: \`$ac_option' Try \`$0 --help' for more information" ;; *=*) ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` # Reject names that are not valid shell variable names. case $ac_envvar in #( '' | [0-9]* | *[!_$as_cr_alnum]* ) as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; esac eval $ac_envvar=\$ac_optarg export $ac_envvar ;; *) # FIXME: should be removed in autoconf 3.0. $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" ;; esac done if test -n "$ac_prev"; then ac_option=--`echo $ac_prev | sed 's/_/-/g'` as_fn_error $? "missing argument to $ac_option" fi if test -n "$ac_unrecognized_opts"; then case $enable_option_checking in no) ;; fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; esac fi # Check all directory arguments for consistency. for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ libdir localedir mandir do eval ac_val=\$$ac_var # Remove trailing slashes. case $ac_val in */ ) ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` eval $ac_var=\$ac_val;; esac # Be sure to have absolute directory names. case $ac_val in [\\/$]* | ?:[\\/]* ) continue;; NONE | '' ) case $ac_var in *prefix ) continue;; esac;; esac as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" done # There might be people who depend on the old broken behavior: `$host' # used to hold the argument of --host etc. # FIXME: To remove some day. build=$build_alias host=$host_alias target=$target_alias # FIXME: To remove some day. if test "x$host_alias" != x; then if test "x$build_alias" = x; then cross_compiling=maybe elif test "x$build_alias" != "x$host_alias"; then cross_compiling=yes fi fi ac_tool_prefix= test -n "$host_alias" && ac_tool_prefix=$host_alias- test "$silent" = yes && exec 6>/dev/null ac_pwd=`pwd` && test -n "$ac_pwd" && ac_ls_di=`ls -di .` && ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || as_fn_error $? "working directory cannot be determined" test "X$ac_ls_di" = "X$ac_pwd_ls_di" || as_fn_error $? "pwd does not report name of working directory" # Find the source files, if location was not specified. if test -z "$srcdir"; then ac_srcdir_defaulted=yes # Try the directory containing this script, then the parent directory. ac_confdir=`$as_dirname -- "$as_myself" || $as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_myself" : 'X\(//\)[^/]' \| \ X"$as_myself" : 'X\(//\)$' \| \ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_myself" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` srcdir=$ac_confdir if test ! -r "$srcdir/$ac_unique_file"; then srcdir=.. fi else ac_srcdir_defaulted=no fi if test ! -r "$srcdir/$ac_unique_file"; then test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" fi ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" ac_abs_confdir=`( cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" pwd)` # When building in place, set srcdir=. if test "$ac_abs_confdir" = "$ac_pwd"; then srcdir=. fi # Remove unnecessary trailing slashes from srcdir. # Double slashes in file names in object file debugging info # mess up M-x gdb in Emacs. case $srcdir in */) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; esac for ac_var in $ac_precious_vars; do eval ac_env_${ac_var}_set=\${${ac_var}+set} eval ac_env_${ac_var}_value=\$${ac_var} eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} eval ac_cv_env_${ac_var}_value=\$${ac_var} done # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures MySecureShell 2.0 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. Configuration: -h, --help display this help and exit --help=short display options specific to this package --help=recursive display the short help of all the included packages -V, --version display version information and exit -q, --quiet, --silent do not print \`checking ...' messages --cache-file=FILE cache test results in FILE [disabled] -C, --config-cache alias for \`--cache-file=config.cache' -n, --no-create do not create output files --srcdir=DIR find the sources in DIR [configure dir or \`..'] Installation directories: --prefix=PREFIX install architecture-independent files in PREFIX [$ac_default_prefix] --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX [PREFIX] By default, \`make install' will install all the files in \`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify an installation prefix other than \`$ac_default_prefix' using \`--prefix', for instance \`--prefix=\$HOME'. For better control, use the options below. Fine tuning of the installation directories: --bindir=DIR user executables [EPREFIX/bin] --sbindir=DIR system admin executables [EPREFIX/sbin] --libexecdir=DIR program executables [EPREFIX/libexec] --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] --datadir=DIR read-only architecture-independent data [DATAROOTDIR] --infodir=DIR info documentation [DATAROOTDIR/info] --localedir=DIR locale-dependent data [DATAROOTDIR/locale] --mandir=DIR man documentation [DATAROOTDIR/man] --docdir=DIR documentation root [DATAROOTDIR/doc/mysecureshell] --htmldir=DIR html documentation [DOCDIR] --dvidir=DIR dvi documentation [DOCDIR] --pdfdir=DIR pdf documentation [DOCDIR] --psdir=DIR ps documentation [DOCDIR] _ACEOF cat <<\_ACEOF _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of MySecureShell 2.0:";; esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] --disable-largefile omit support for large files Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-conffile=xxx Change config file (default: /etc/ssh/sftp_config) --with-logfile=xxx Change log file (default: /var/log/sftp-server.log) --with-logcolor=xxx Active color in log file (default: no) --with-shutfile=xxx Change shut file (default: /etc/sftp.shut) --with-admin=xxx Disable remote admin (default: yes) --with-libiconv=PATH Use libiconv in PATH --with-debug=1,2 Change debug level (default: no) Some influential environment variables: CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a nonstandard directory LIBS libraries to pass to the linker, e.g. -l CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. Report bugs to . _ACEOF ac_status=$? fi if test "$ac_init_help" = "recursive"; then # If there are subdirs, report their specific --help. for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue test -d "$ac_dir" || { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || continue ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix cd "$ac_dir" || { ac_status=$?; continue; } # Check for guested configure. if test -f "$ac_srcdir/configure.gnu"; then echo && $SHELL "$ac_srcdir/configure.gnu" --help=recursive elif test -f "$ac_srcdir/configure"; then echo && $SHELL "$ac_srcdir/configure" --help=recursive else $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 fi || ac_status=$? cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF MySecureShell configure 2.0 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit fi ## ------------------------ ## ## Autoconf initialization. ## ## ------------------------ ## # ac_fn_c_try_compile LINENO # -------------------------- # Try to compile conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest.$ac_objext; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_compile # ac_fn_c_try_cpp LINENO # ---------------------- # Try to preprocess conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_cpp () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_cpp conftest.$ac_ext" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } > conftest.i && { test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || test ! -s conftest.err }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_cpp # ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists, giving a warning if it cannot be compiled using # the include files in INCLUDES and setting the cache variable VAR # accordingly. ac_fn_c_check_header_mongrel () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if eval \${$3+:} false; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } else # Is the header compilable? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 $as_echo_n "checking $2 usability... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_header_compiler=yes else ac_header_compiler=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 $as_echo "$ac_header_compiler" >&6; } # Is the header present? { $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 $as_echo_n "checking $2 presence... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include <$2> _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : ac_header_preproc=yes else ac_header_preproc=no fi rm -f conftest.err conftest.i conftest.$ac_ext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 $as_echo "$ac_header_preproc" >&6; } # So? What about this header? case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( yes:no: ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 $as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ;; no:yes:* ) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 $as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 $as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 $as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 $as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 $as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} ( $as_echo "## ------------------------------------------------- ## ## Report this to teka2nerdman@users.sourceforge.net ## ## ------------------------------------------------- ##" ) | sed "s/^/$as_me: WARNING: /" >&2 ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=\$ac_header_compiler" fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } fi eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_mongrel # ac_fn_c_try_run LINENO # ---------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes # that executables *can* be run. ac_fn_c_try_run () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then : ac_retval=0 else $as_echo "$as_me: program exited with status $ac_status" >&5 $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=$ac_status fi rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_run # ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES # ------------------------------------------------------- # Tests whether HEADER exists and can be compiled using the include files in # INCLUDES, setting the cache variable VAR accordingly. ac_fn_c_check_header_compile () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 #include <$2> _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_header_compile # ac_fn_c_find_intX_t LINENO BITS VAR # ----------------------------------- # Finds a signed integer type with width BITS, setting cache variable VAR # accordingly. ac_fn_c_find_intX_t () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for int$2_t" >&5 $as_echo_n "checking for int$2_t... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" # Order is important - never check a type that is potentially smaller # than half of the expected target width. for ac_type in int$2_t 'int' 'long int' \ 'long long int' 'short int' 'signed char'; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default enum { N = $2 / 2 - 1 }; int main () { static int test_array [1 - 2 * !(0 < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1))]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default enum { N = $2 / 2 - 1 }; int main () { static int test_array [1 - 2 * !(($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 1) < ($ac_type) ((((($ac_type) 1 << N) << N) - 1) * 2 + 2))]; test_array [0] = 0; return test_array [0]; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else case $ac_type in #( int$2_t) : eval "$3=yes" ;; #( *) : eval "$3=\$ac_type" ;; esac fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if eval test \"x\$"$3"\" = x"no"; then : else break fi done fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_find_intX_t # ac_fn_c_check_type LINENO TYPE VAR INCLUDES # ------------------------------------------- # Tests whether TYPE exists after having included INCLUDES, setting cache # variable VAR accordingly. ac_fn_c_check_type () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else eval "$3=no" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof ($2)) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $4 int main () { if (sizeof (($2))) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else eval "$3=yes" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_type # ac_fn_c_try_link LINENO # ----------------------- # Try to link conftest.$ac_ext, and return whether this succeeded. ac_fn_c_try_link () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack rm -f conftest.$ac_objext conftest$ac_exeext if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>conftest.err ac_status=$? if test -s conftest.err; then grep -v '^ *+' conftest.err >conftest.er1 cat conftest.er1 >&5 mv -f conftest.er1 conftest.err fi $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } && { test -z "$ac_c_werror_flag" || test ! -s conftest.err } && test -s conftest$ac_exeext && { test "$cross_compiling" = yes || test -x conftest$ac_exeext }; then : ac_retval=0 else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 ac_retval=1 fi # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would # interfere with the next link command; also delete a directory that is # left behind by Apple's compiler. We do this before executing the actions. rm -rf conftest.dSYM conftest_ipa8_conftest.oo eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno as_fn_set_status $ac_retval } # ac_fn_c_try_link # ac_fn_c_check_func LINENO FUNC VAR # ---------------------------------- # Tests whether FUNC exists, setting the cache variable VAR accordingly ac_fn_c_check_func () { as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 $as_echo_n "checking for $2... " >&6; } if eval \${$3+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Define $2 to an innocuous variant, in case declares $2. For example, HP-UX 11i declares gettimeofday. */ #define $2 innocuous_$2 /* System header to define __stub macros and hopefully few prototypes, which can conflict with char $2 (); below. Prefer to if __STDC__ is defined, since exists even on freestanding compilers. */ #ifdef __STDC__ # include #else # include #endif #undef $2 /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char $2 (); /* The GNU C library defines this for functions which it implements to always fail with ENOSYS. Some functions are actually named something starting with __ and the normal name is an alias. */ #if defined __stub_$2 || defined __stub___$2 choke me #endif int main () { return $2 (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : eval "$3=yes" else eval "$3=no" fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext fi eval ac_res=\$$3 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_func cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by MySecureShell $as_me 2.0, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { cat <<_ASUNAME ## --------- ## ## Platform. ## ## --------- ## hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` uname -m = `(uname -m) 2>/dev/null || echo unknown` uname -r = `(uname -r) 2>/dev/null || echo unknown` uname -s = `(uname -s) 2>/dev/null || echo unknown` uname -v = `(uname -v) 2>/dev/null || echo unknown` /usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` /bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` /bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` /usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` /usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` /usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` /bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` /usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` /bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` _ASUNAME as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. $as_echo "PATH: $as_dir" done IFS=$as_save_IFS } >&5 cat >&5 <<_ACEOF ## ----------- ## ## Core tests. ## ## ----------- ## _ACEOF # Keep a trace of the command line. # Strip out --no-create and --no-recursion so they do not pile up. # Strip out --silent because we don't want to record it for future runs. # Also quote any args containing shell meta-characters. # Make two passes to allow for proper duplicate-argument suppression. ac_configure_args= ac_configure_args0= ac_configure_args1= ac_must_keep_next=false for ac_pass in 1 2 do for ac_arg do case $ac_arg in -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil) continue ;; *\'*) ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; esac case $ac_pass in 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; 2) as_fn_append ac_configure_args1 " '$ac_arg'" if test $ac_must_keep_next = true; then ac_must_keep_next=false # Got value, back to normal. else case $ac_arg in *=* | --config-cache | -C | -disable-* | --disable-* \ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ | -with-* | --with-* | -without-* | --without-* | --x) case "$ac_configure_args0 " in "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; esac ;; -* ) ac_must_keep_next=true ;; esac fi as_fn_append ac_configure_args " '$ac_arg'" ;; esac done done { ac_configure_args0=; unset ac_configure_args0;} { ac_configure_args1=; unset ac_configure_args1;} # When interrupted or exit'd, cleanup temporary files, and complete # config.log. We remove comments because anyway the quotes in there # would cause problems or look ugly. # WARNING: Use '\'' to represent an apostrophe within the trap. # WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. trap 'exit_status=$? # Save into config.log some information that might help in debugging. { echo $as_echo "## ---------------- ## ## Cache variables. ## ## ---------------- ##" echo # The following way of writing the cache mishandles newlines in values, ( for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( *${as_nl}ac_space=\ *) sed -n \ "s/'\''/'\''\\\\'\'''\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" ;; #( *) sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) echo $as_echo "## ----------------- ## ## Output variables. ## ## ----------------- ##" echo for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo if test -n "$ac_subst_files"; then $as_echo "## ------------------- ## ## File substitutions. ## ## ------------------- ##" echo for ac_var in $ac_subst_files do eval ac_val=\$$ac_var case $ac_val in *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; esac $as_echo "$ac_var='\''$ac_val'\''" done | sort echo fi if test -s confdefs.h; then $as_echo "## ----------- ## ## confdefs.h. ## ## ----------- ##" echo cat confdefs.h echo fi test "$ac_signal" != 0 && $as_echo "$as_me: caught signal $ac_signal" $as_echo "$as_me: exit $exit_status" } >&5 rm -f core *.core core.conftest.* && rm -f -r conftest* confdefs* conf$$* $ac_clean_files && exit $exit_status ' 0 for ac_signal in 1 2 13 15; do trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal done ac_signal=0 # confdefs.h avoids OS command line length limits that DEFS can exceed. rm -f -r conftest* confdefs.h $as_echo "/* confdefs.h */" > confdefs.h # Predefined preprocessor variables. cat >>confdefs.h <<_ACEOF #define PACKAGE_NAME "$PACKAGE_NAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_TARNAME "$PACKAGE_TARNAME" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_VERSION "$PACKAGE_VERSION" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_STRING "$PACKAGE_STRING" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" _ACEOF cat >>confdefs.h <<_ACEOF #define PACKAGE_URL "$PACKAGE_URL" _ACEOF # Let the site file select an alternate cache file if it wants to. # Prefer an explicitly selected file to automatically selected ones. ac_site_file1=NONE ac_site_file2=NONE if test -n "$CONFIG_SITE"; then # We do not want a PATH search for config.site. case $CONFIG_SITE in #(( -*) ac_site_file1=./$CONFIG_SITE;; */*) ac_site_file1=$CONFIG_SITE;; *) ac_site_file1=./$CONFIG_SITE;; esac elif test "x$prefix" != xNONE; then ac_site_file1=$prefix/share/config.site ac_site_file2=$prefix/etc/config.site else ac_site_file1=$ac_default_prefix/share/config.site ac_site_file2=$ac_default_prefix/etc/config.site fi for ac_site_file in "$ac_site_file1" "$ac_site_file2" do test "x$ac_site_file" = xNONE && continue if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 $as_echo "$as_me: loading site script $ac_site_file" >&6;} sed 's/^/| /' "$ac_site_file" >&5 . "$ac_site_file" \ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "failed to load site script $ac_site_file See \`config.log' for more details" "$LINENO" 5; } fi done if test -r "$cache_file"; then # Some versions of bash will fail to source /dev/null (special files # actually), so we avoid doing that. DJGPP emulates it as a regular file. if test /dev/null != "$cache_file" && test -f "$cache_file"; then { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 $as_echo "$as_me: loading cache $cache_file" >&6;} case $cache_file in [\\/]* | ?:[\\/]* ) . "$cache_file";; *) . "./$cache_file";; esac fi else { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 $as_echo "$as_me: creating cache $cache_file" >&6;} >$cache_file fi as_fn_append ac_header_list " sys/time.h" as_fn_append ac_header_list " unistd.h" as_fn_append ac_func_list " alarm" # Check that the precious variables saved in the cache have kept the same # value. ac_cache_corrupted=false for ac_var in $ac_precious_vars; do eval ac_old_set=\$ac_cv_env_${ac_var}_set eval ac_new_set=\$ac_env_${ac_var}_set eval ac_old_val=\$ac_cv_env_${ac_var}_value eval ac_new_val=\$ac_env_${ac_var}_value case $ac_old_set,$ac_new_set in set,) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} ac_cache_corrupted=: ;; ,set) { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 $as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} ac_cache_corrupted=: ;; ,);; *) if test "x$ac_old_val" != "x$ac_new_val"; then # differences in whitespace do not lead to failure. ac_old_val_w=`echo x $ac_old_val` ac_new_val_w=`echo x $ac_new_val` if test "$ac_old_val_w" != "$ac_new_val_w"; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 $as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} ac_cache_corrupted=: else { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 $as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} eval $ac_var=\$ac_old_val fi { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 $as_echo "$as_me: former value: \`$ac_old_val'" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 $as_echo "$as_me: current value: \`$ac_new_val'" >&2;} fi;; esac # Pass precious variables to config.status. if test "$ac_new_set" = set; then case $ac_new_val in *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; *) ac_arg=$ac_var=$ac_new_val ;; esac case " $ac_configure_args " in *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. *) as_fn_append ac_configure_args " '$ac_arg'" ;; esac fi done if $ac_cache_corrupted; then { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 $as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 fi ## -------------------- ## ## Main body of script. ## ## -------------------- ## ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_config_headers="$ac_config_headers config.h" # Checks for programs. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 $as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } set x ${MAKE-make} ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : $as_echo_n "(cached) " >&6 else cat >conftest.make <<\_ACEOF SHELL = /bin/sh all: @echo '@@@%%%=$(MAKE)=@@@%%%' _ACEOF # GNU make sometimes prints "make[1]: Entering ...", which would confuse us. case `${MAKE-make} -f conftest.make 2>/dev/null` in *@@@%%%=?*=@@@%%%*) eval ac_cv_prog_make_${ac_make}_set=yes;; *) eval ac_cv_prog_make_${ac_make}_set=no;; esac rm -f conftest.make fi if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } SET_MAKE= else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } SET_MAKE="MAKE=${MAKE-make}" fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. set dummy ${ac_tool_prefix}gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$ac_cv_prog_CC"; then ac_ct_CC=$CC # Extract the first word of "gcc", so it can be a program name with args. set dummy gcc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="gcc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi else CC="$ac_cv_prog_CC" fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. set dummy ${ac_tool_prefix}cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="${ac_tool_prefix}cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi fi if test -z "$CC"; then # Extract the first word of "cc", so it can be a program name with args. set dummy cc; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else ac_prog_rejected=no as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then ac_prog_rejected=yes continue fi ac_cv_prog_CC="cc" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS if test $ac_prog_rejected = yes; then # We found a bogon in the path, so make sure we never use it. set dummy $ac_cv_prog_CC shift if test $# != 0; then # We chose a different compiler from the bogus one. # However, it has the same basename, so the bogon will be chosen # first if we set CC to just the basename; use the full file name. shift ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" fi fi fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi fi if test -z "$CC"; then if test -n "$ac_tool_prefix"; then for ac_prog in cl.exe do # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. set dummy $ac_tool_prefix$ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$CC"; then ac_cv_prog_CC="$CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_CC="$ac_tool_prefix$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi CC=$ac_cv_prog_CC if test -n "$CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 $as_echo "$CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$CC" && break done fi if test -z "$CC"; then ac_ct_CC=$CC for ac_prog in cl.exe do # Extract the first word of "$ac_prog", so it can be a program name with args. set dummy $ac_prog; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_prog_ac_ct_CC+:} false; then : $as_echo_n "(cached) " >&6 else if test -n "$ac_ct_CC"; then ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_prog_ac_ct_CC="$ac_prog" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS fi fi ac_ct_CC=$ac_cv_prog_ac_ct_CC if test -n "$ac_ct_CC"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 $as_echo "$ac_ct_CC" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi test -n "$ac_ct_CC" && break done if test "x$ac_ct_CC" = x; then CC="" else case $cross_compiling:$ac_tool_warned in yes:) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 $as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} ac_tool_warned=yes ;; esac CC=$ac_ct_CC fi fi fi test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "no acceptable C compiler found in \$PATH See \`config.log' for more details" "$LINENO" 5; } # Provide some information about the compiler. $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 set X $ac_compile ac_compiler=$2 for ac_option in --version -v -V -qversion; do { { ac_try="$ac_compiler $ac_option >&5" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compiler $ac_option >&5") 2>conftest.err ac_status=$? if test -s conftest.err; then sed '10a\ ... rest of stderr output deleted ... 10q' conftest.err >conftest.er1 cat conftest.er1 >&5 fi rm -f conftest.er1 conftest.err $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } done cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" # Try to create an executable without -o first, disregard a.out. # It will help us diagnose broken compilers, and finding out an intuition # of exeext. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 $as_echo_n "checking whether the C compiler works... " >&6; } ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` # The possible output files: ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" ac_rmfiles= for ac_file in $ac_files do case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; * ) ac_rmfiles="$ac_rmfiles $ac_file";; esac done rm -f $ac_rmfiles if { { ac_try="$ac_link_default" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link_default") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. # So ignore a value of `no', otherwise this would lead to `EXEEXT = no' # in a Makefile. We should not override ac_cv_exeext if it was cached, # so that the user can short-circuit this test for compilers unknown to # Autoconf. for ac_file in $ac_files '' do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; [ab].out ) # We found the default executable, but exeext='' is most # certainly right. break;; *.* ) if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; then :; else ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` fi # We set ac_cv_exeext here because the later test for it is not # safe: cross compilers may not add the suffix if given an `-o' # argument, so we may need to know it at that point already. # Even if this section looks crufty: it has the advantage of # actually working. break;; * ) break;; esac done test "$ac_cv_exeext" = no && ac_cv_exeext= else ac_file='' fi if test -z "$ac_file"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error 77 "C compiler cannot create executables See \`config.log' for more details" "$LINENO" 5; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 $as_echo_n "checking for C compiler default output file name... " >&6; } { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 $as_echo "$ac_file" >&6; } ac_exeext=$ac_cv_exeext rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 $as_echo_n "checking for suffix of executables... " >&6; } if { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : # If both `conftest.exe' and `conftest' are `present' (well, observable) # catch `conftest.exe'. For instance with Cygwin, `ls conftest' will # work properly (i.e., refer to `conftest.exe'), while it won't with # `rm'. for ac_file in conftest.exe conftest conftest.*; do test -f "$ac_file" || continue case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` break;; * ) break;; esac done else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of executables: cannot compile and link See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest conftest$ac_cv_exeext { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 $as_echo "$ac_cv_exeext" >&6; } rm -f conftest.$ac_ext EXEEXT=$ac_cv_exeext ac_exeext=$EXEEXT cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include int main () { FILE *f = fopen ("conftest.out", "w"); return ferror (f) || fclose (f) != 0; ; return 0; } _ACEOF ac_clean_files="$ac_clean_files conftest.out" # Check that the compiler produces executables we can run. If not, either # the compiler is broken, or we cross compile. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 $as_echo_n "checking whether we are cross compiling... " >&6; } if test "$cross_compiling" != yes; then { { ac_try="$ac_link" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_link") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; } if { ac_try='./conftest$ac_cv_exeext' { { case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_try") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; }; then cross_compiling=no else if test "$cross_compiling" = maybe; then cross_compiling=yes else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot run C compiled programs. If you meant to cross compile, use \`--host'. See \`config.log' for more details" "$LINENO" 5; } fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 $as_echo "$cross_compiling" >&6; } rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out ac_clean_files=$ac_clean_files_save { $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 $as_echo_n "checking for suffix of object files... " >&6; } if ${ac_cv_objext+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF rm -f conftest.o conftest.obj if { { ac_try="$ac_compile" case "(($ac_try" in *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; *) ac_try_echo=$ac_try;; esac eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" $as_echo "$ac_try_echo"; } >&5 (eval "$ac_compile") 2>&5 ac_status=$? $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 test $ac_status = 0; }; then : for ac_file in conftest.o conftest.obj conftest.*; do test -f "$ac_file" || continue; case $ac_file in *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` break;; esac done else $as_echo "$as_me: failed program was:" >&5 sed 's/^/| /' conftest.$ac_ext >&5 { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "cannot compute suffix of object files: cannot compile See \`config.log' for more details" "$LINENO" 5; } fi rm -f conftest.$ac_cv_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 $as_echo "$ac_cv_objext" >&6; } OBJEXT=$ac_cv_objext ac_objext=$OBJEXT { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 $as_echo_n "checking whether we are using the GNU C compiler... " >&6; } if ${ac_cv_c_compiler_gnu+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __GNUC__ choke me #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_compiler_gnu=yes else ac_compiler_gnu=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_c_compiler_gnu=$ac_compiler_gnu fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 $as_echo "$ac_cv_c_compiler_gnu" >&6; } if test $ac_compiler_gnu = yes; then GCC=yes else GCC= fi ac_test_CFLAGS=${CFLAGS+set} ac_save_CFLAGS=$CFLAGS { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 $as_echo_n "checking whether $CC accepts -g... " >&6; } if ${ac_cv_prog_cc_g+:} false; then : $as_echo_n "(cached) " >&6 else ac_save_c_werror_flag=$ac_c_werror_flag ac_c_werror_flag=yes ac_cv_prog_cc_g=no CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes else CFLAGS="" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : else ac_c_werror_flag=$ac_save_c_werror_flag CFLAGS="-g" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_g=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_c_werror_flag=$ac_save_c_werror_flag fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 $as_echo "$ac_cv_prog_cc_g" >&6; } if test "$ac_test_CFLAGS" = set; then CFLAGS=$ac_save_CFLAGS elif test $ac_cv_prog_cc_g = yes; then if test "$GCC" = yes; then CFLAGS="-g -O2" else CFLAGS="-g" fi else if test "$GCC" = yes; then CFLAGS="-O2" else CFLAGS= fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 $as_echo_n "checking for $CC option to accept ISO C89... " >&6; } if ${ac_cv_prog_cc_c89+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_prog_cc_c89=no ac_save_CC=$CC cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include struct stat; /* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ struct buf { int x; }; FILE * (*rcsopen) (struct buf *, struct stat *, int); static char *e (p, i) char **p; int i; { return p[i]; } static char *f (char * (*g) (char **, int), char **p, ...) { char *s; va_list v; va_start (v,p); s = g (p, va_arg (v,int)); va_end (v); return s; } /* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has function prototypes and stuff, but not '\xHH' hex character constants. These don't provoke an error unfortunately, instead are silently treated as 'x'. The following induces an error, until -std is added to get proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an array size at least. It's necessary to write '\x00'==0 to get something that's true only with -std. */ int osf4_cc_array ['\x00' == 0 ? 1 : -1]; /* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters inside strings and character constants. */ #define FOO(x) 'x' int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; int test (int i, double x); struct s1 {int (*f) (int a);}; struct s2 {int (*f) (double a);}; int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); int argc; char **argv; int main () { return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; ; return 0; } _ACEOF for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" do CC="$ac_save_CC $ac_arg" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_prog_cc_c89=$ac_arg fi rm -f core conftest.err conftest.$ac_objext test "x$ac_cv_prog_cc_c89" != "xno" && break done rm -f conftest.$ac_ext CC=$ac_save_CC fi # AC_CACHE_VAL case "x$ac_cv_prog_cc_c89" in x) { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 $as_echo "none needed" >&6; } ;; xno) { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 $as_echo "unsupported" >&6; } ;; *) CC="$CC $ac_cv_prog_cc_c89" { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 $as_echo "$ac_cv_prog_cc_c89" >&6; } ;; esac if test "x$ac_cv_prog_cc_c89" != xno; then : fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu # Extract the first word of "sed", so it can be a program name with args. set dummy sed; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_SED+:} false; then : $as_echo_n "(cached) " >&6 else case $SED in [\\/]* | ?:[\\/]*) ac_cv_path_SED="$SED" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_SED="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi SED=$ac_cv_path_SED if test -n "$SED"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SED" >&5 $as_echo "$SED" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi # Extract the first word of "sudo", so it can be a program name with args. set dummy sudo; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_SUDO+:} false; then : $as_echo_n "(cached) " >&6 else case $SUDO in [\\/]* | ?:[\\/]*) ac_cv_path_SUDO="$SUDO" # Let the user override the test with a path. ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then ac_cv_path_SUDO="$as_dir/$ac_word$ac_exec_ext" $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 break 2 fi done done IFS=$as_save_IFS ;; esac fi SUDO=$ac_cv_path_SUDO if test -n "$SUDO"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SUDO" >&5 $as_echo "$SUDO" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 $as_echo_n "checking how to run the C preprocessor... " >&6; } # On Suns, sometimes $CPP names a directory. if test -n "$CPP" && test -d "$CPP"; then CPP= fi if test -z "$CPP"; then if ${ac_cv_prog_CPP+:} false; then : $as_echo_n "(cached) " >&6 else # Double quotes because CPP needs to be expanded for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" do ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : break fi done ac_cv_prog_CPP=$CPP fi CPP=$ac_cv_prog_CPP else ac_cv_prog_CPP=$CPP fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 $as_echo "$CPP" >&6; } ac_preproc_ok=false for ac_c_preproc_warn_flag in '' yes do # Use a header file that comes with gcc, so configuring glibc # with a fresh cross-compiler works. # Prefer to if __STDC__ is defined, since # exists even on freestanding compilers. # On the NeXT, cc -E runs the code through the compiler's parser, # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifdef __STDC__ # include #else # include #endif Syntax error _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : else # Broken: fails on valid input. continue fi rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if ac_fn_c_try_cpp "$LINENO"; then : # Broken: success on invalid input. continue else # Passes both tests. ac_preproc_ok=: break fi rm -f conftest.err conftest.i conftest.$ac_ext done # Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. rm -f conftest.i conftest.err conftest.$ac_ext if $ac_preproc_ok; then : else { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "C preprocessor \"$CPP\" fails sanity check See \`config.log' for more details" "$LINENO" 5; } fi ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 $as_echo_n "checking for grep that handles long lines and -e... " >&6; } if ${ac_cv_path_GREP+:} false; then : $as_echo_n "(cached) " >&6 else if test -z "$GREP"; then ac_path_GREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in grep ggrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_GREP" || continue # Check for GNU ac_path_GREP and select it if it is found. # Check for GNU $ac_path_GREP case `"$ac_path_GREP" --version 2>&1` in *GNU*) ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'GREP' >> "conftest.nl" "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_GREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_GREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_GREP"; then as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_GREP=$GREP fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 $as_echo "$ac_cv_path_GREP" >&6; } GREP="$ac_cv_path_GREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 $as_echo_n "checking for egrep... " >&6; } if ${ac_cv_path_EGREP+:} false; then : $as_echo_n "(cached) " >&6 else if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 then ac_cv_path_EGREP="$GREP -E" else if test -z "$EGREP"; then ac_path_EGREP_found=false # Loop through the user's path and test for each of PROGNAME-LIST as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. for ac_prog in egrep; do for ac_exec_ext in '' $ac_executable_extensions; do ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" as_fn_executable_p "$ac_path_EGREP" || continue # Check for GNU ac_path_EGREP and select it if it is found. # Check for GNU $ac_path_EGREP case `"$ac_path_EGREP" --version 2>&1` in *GNU*) ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; *) ac_count=0 $as_echo_n 0123456789 >"conftest.in" while : do cat "conftest.in" "conftest.in" >"conftest.tmp" mv "conftest.tmp" "conftest.in" cp "conftest.in" "conftest.nl" $as_echo 'EGREP' >> "conftest.nl" "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break as_fn_arith $ac_count + 1 && ac_count=$as_val if test $ac_count -gt ${ac_path_EGREP_max-0}; then # Best one so far, save it but keep looking for a better one ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_max=$ac_count fi # 10*(2^10) chars as input seems more than enough test $ac_count -gt 10 && break done rm -f conftest.in conftest.tmp conftest.nl conftest.out;; esac $ac_path_EGREP_found && break 3 done done done IFS=$as_save_IFS if test -z "$ac_cv_path_EGREP"; then as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 fi else ac_cv_path_EGREP=$EGREP fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 $as_echo "$ac_cv_path_EGREP" >&6; } EGREP="$ac_cv_path_EGREP" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi # On IRIX 5.3, sys/types and inttypes.h are conflicting. for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ inttypes.h stdint.h unistd.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done ac_fn_c_check_header_mongrel "$LINENO" "minix/config.h" "ac_cv_header_minix_config_h" "$ac_includes_default" if test "x$ac_cv_header_minix_config_h" = xyes; then : MINIX=yes else MINIX= fi if test "$MINIX" = yes; then $as_echo "#define _POSIX_SOURCE 1" >>confdefs.h $as_echo "#define _POSIX_1_SOURCE 2" >>confdefs.h $as_echo "#define _MINIX 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5 $as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; } if ${ac_cv_safe_to_define___extensions__+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ # define __EXTENSIONS__ 1 $ac_includes_default int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_safe_to_define___extensions__=yes else ac_cv_safe_to_define___extensions__=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5 $as_echo "$ac_cv_safe_to_define___extensions__" >&6; } test $ac_cv_safe_to_define___extensions__ = yes && $as_echo "#define __EXTENSIONS__ 1" >>confdefs.h $as_echo "#define _ALL_SOURCE 1" >>confdefs.h $as_echo "#define _GNU_SOURCE 1" >>confdefs.h $as_echo "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h if test $ac_cv_c_compiler_gnu = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC needs -traditional" >&5 $as_echo_n "checking whether $CC needs -traditional... " >&6; } if ${ac_cv_prog_gcc_traditional+:} false; then : $as_echo_n "(cached) " >&6 else ac_pattern="Autoconf.*'x'" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include Autoconf TIOCGETP _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "$ac_pattern" >/dev/null 2>&1; then : ac_cv_prog_gcc_traditional=yes else ac_cv_prog_gcc_traditional=no fi rm -f conftest* if test $ac_cv_prog_gcc_traditional = no; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include Autoconf TCGETA _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "$ac_pattern" >/dev/null 2>&1; then : ac_cv_prog_gcc_traditional=yes fi rm -f conftest* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_gcc_traditional" >&5 $as_echo "$ac_cv_prog_gcc_traditional" >&6; } if test $ac_cv_prog_gcc_traditional = yes; then CC="$CC -traditional" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 $as_echo_n "checking whether ln -s works... " >&6; } LN_S=$as_ln_s if test "$LN_S" = "ln -s"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 $as_echo "no, using $LN_S" >&6; } fi # Checks for typedefs, structures, and compiler characteristics. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 $as_echo_n "checking for inline... " >&6; } if ${ac_cv_c_inline+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_c_inline=no for ac_kw in inline __inline__ __inline; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #ifndef __cplusplus typedef int foo_t; static $ac_kw foo_t static_foo () {return 0; } $ac_kw foo_t foo () {return 0; } #endif _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_inline=$ac_kw fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext test "$ac_cv_c_inline" != no && break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 $as_echo "$ac_cv_c_inline" >&6; } case $ac_cv_c_inline in inline | yes) ;; *) case $ac_cv_c_inline in no) ac_val=;; *) ac_val=$ac_cv_c_inline;; esac cat >>confdefs.h <<_ACEOF #ifndef __cplusplus #define inline $ac_val #endif _ACEOF ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5 $as_echo_n "checking for an ANSI C-conforming const... " >&6; } if ${ac_cv_c_const+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ int main () { #ifndef __cplusplus /* Ultrix mips cc rejects this sort of thing. */ typedef int charset[2]; const charset cs = { 0, 0 }; /* SunOS 4.1.1 cc rejects this. */ char const *const *pcpcc; char **ppc; /* NEC SVR4.0.2 mips cc rejects this. */ struct point {int x, y;}; static struct point const zero = {0,0}; /* AIX XL C 1.02.0.0 rejects this. It does not let you subtract one const X* pointer from another in an arm of an if-expression whose if-part is not a constant expression */ const char *g = "string"; pcpcc = &g + (g ? g-g : 0); /* HPUX 7.0 cc rejects these. */ ++pcpcc; ppc = (char**) pcpcc; pcpcc = (char const *const *) ppc; { /* SCO 3.2v4 cc rejects this sort of thing. */ char tx; char *t = &tx; char const *s = 0 ? (char *) 0 : (char const *) 0; *t++ = 0; if (s) return 0; } { /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ int x[] = {25, 17}; const int *foo = &x[0]; ++foo; } { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ typedef const int *iptr; iptr p = 0; ++p; } { /* AIX XL C 1.02.0.0 rejects this sort of thing, saying "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ struct s { int j; const int *ap[3]; } bx; struct s *b = &bx; b->j = 5; } { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ const int foo = 10; if (!foo) return 0; } return !cs[0] && !zero.x; #endif ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_c_const=yes else ac_cv_c_const=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5 $as_echo "$ac_cv_c_const" >&6; } if test $ac_cv_c_const = no; then $as_echo "#define const /**/" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 $as_echo_n "checking for uid_t in sys/types.h... " >&6; } if ${ac_cv_type_uid_t+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "uid_t" >/dev/null 2>&1; then : ac_cv_type_uid_t=yes else ac_cv_type_uid_t=no fi rm -f conftest* fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 $as_echo "$ac_cv_type_uid_t" >&6; } if test $ac_cv_type_uid_t = no; then $as_echo "#define uid_t int" >>confdefs.h $as_echo "#define gid_t int" >>confdefs.h fi ac_fn_c_find_intX_t "$LINENO" "32" "ac_cv_c_int32_t" case $ac_cv_c_int32_t in #( no|yes) ;; #( *) cat >>confdefs.h <<_ACEOF #define int32_t $ac_cv_c_int32_t _ACEOF ;; esac ac_fn_c_check_type "$LINENO" "mode_t" "ac_cv_type_mode_t" "$ac_includes_default" if test "x$ac_cv_type_mode_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define mode_t int _ACEOF fi ac_fn_c_check_type "$LINENO" "off_t" "ac_cv_type_off_t" "$ac_includes_default" if test "x$ac_cv_type_off_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define off_t long int _ACEOF fi ac_fn_c_check_type "$LINENO" "ssize_t" "ac_cv_type_ssize_t" "$ac_includes_default" if test "x$ac_cv_type_ssize_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define ssize_t int _ACEOF fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct tm is in sys/time.h or time.h" >&5 $as_echo_n "checking whether struct tm is in sys/time.h or time.h... " >&6; } if ${ac_cv_struct_tm+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { struct tm tm; int *p = &tm.tm_sec; return !p; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_struct_tm=time.h else ac_cv_struct_tm=sys/time.h fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_tm" >&5 $as_echo "$ac_cv_struct_tm" >&6; } if test $ac_cv_struct_tm = sys/time.h; then $as_echo "#define TM_IN_SYS_TIME 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 $as_echo_n "checking return type of signal handlers... " >&6; } if ${ac_cv_type_signal+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include int main () { return *(signal (0, 0)) (0) == 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_type_signal=int else ac_cv_type_signal=void fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5 $as_echo "$ac_cv_type_signal" >&6; } cat >>confdefs.h <<_ACEOF #define RETSIGTYPE $ac_cv_type_signal _ACEOF # Check whether --enable-largefile was given. if test "${enable_largefile+set}" = set; then : enableval=$enable_largefile; fi if test "$enable_largefile" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 $as_echo_n "checking for special C compiler options needed for large files... " >&6; } if ${ac_cv_sys_largefile_CC+:} false; then : $as_echo_n "(cached) " >&6 else ac_cv_sys_largefile_CC=no if test "$GCC" != yes; then ac_save_CC=$CC while :; do # IRIX 6.2 and later do not support large files by default, # so use the C compiler's -n32 option if that helps. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : break fi rm -f core conftest.err conftest.$ac_objext CC="$CC -n32" if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_largefile_CC=' -n32'; break fi rm -f core conftest.err conftest.$ac_objext break done CC=$ac_save_CC rm -f conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 $as_echo "$ac_cv_sys_largefile_CC" >&6; } if test "$ac_cv_sys_largefile_CC" != no; then CC=$CC$ac_cv_sys_largefile_CC fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 $as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } if ${ac_cv_sys_file_offset_bits+:} false; then : $as_echo_n "(cached) " >&6 else while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_file_offset_bits=no; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _FILE_OFFSET_BITS 64 #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_file_offset_bits=64; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_sys_file_offset_bits=unknown break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 $as_echo "$ac_cv_sys_file_offset_bits" >&6; } case $ac_cv_sys_file_offset_bits in #( no | unknown) ;; *) cat >>confdefs.h <<_ACEOF #define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits _ACEOF ;; esac rm -rf conftest* if test $ac_cv_sys_file_offset_bits = unknown; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 $as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } if ${ac_cv_sys_large_files+:} false; then : $as_echo_n "(cached) " >&6 else while :; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_large_files=no; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #define _LARGE_FILES 1 #include /* Check that off_t can represent 2**63 - 1 correctly. We can't simply define LARGE_OFF_T to be 9223372036854775807, since some C++ compilers masquerading as C compilers incorrectly reject 9223372036854775807. */ #define LARGE_OFF_T ((((off_t) 1 << 31) << 31) - 1 + (((off_t) 1 << 31) << 31)) int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 && LARGE_OFF_T % 2147483647 == 1) ? 1 : -1]; int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_sys_large_files=1; break fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ac_cv_sys_large_files=unknown break done fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 $as_echo "$ac_cv_sys_large_files" >&6; } case $ac_cv_sys_large_files in #( no | unknown) ;; *) cat >>confdefs.h <<_ACEOF #define _LARGE_FILES $ac_cv_sys_large_files _ACEOF ;; esac rm -rf conftest* fi fi ac_fn_c_check_type "$LINENO" "u_int8_t" "ac_cv_type_u_int8_t" "$ac_includes_default" if test "x$ac_cv_type_u_int8_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_U_INT8_T 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "u_int16_t" "ac_cv_type_u_int16_t" "$ac_includes_default" if test "x$ac_cv_type_u_int16_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_U_INT16_T 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "u_int32_t" "ac_cv_type_u_int32_t" "$ac_includes_default" if test "x$ac_cv_type_u_int32_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_U_INT32_T 1 _ACEOF fi ac_fn_c_check_type "$LINENO" "u_int64_t" "ac_cv_type_u_int64_t" "$ac_includes_default" if test "x$ac_cv_type_u_int64_t" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_U_INT64_T 1 _ACEOF fi # Checks for header files. ac_header_dirent=no for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5 $as_echo_n "checking for $ac_hdr that defines DIR... " >&6; } if eval \${$as_ac_Header+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include <$ac_hdr> int main () { if ((DIR *) 0) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : eval "$as_ac_Header=yes" else eval "$as_ac_Header=no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi eval ac_res=\$$as_ac_Header { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 $as_echo "$ac_res" >&6; } if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 _ACEOF ac_header_dirent=$ac_hdr; break fi done # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. if test $ac_header_dirent = dirent.h; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 $as_echo_n "checking for library containing opendir... " >&6; } if ${ac_cv_search_opendir+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char opendir (); int main () { return opendir (); ; return 0; } _ACEOF for ac_lib in '' dir; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_opendir=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_opendir+:} false; then : break fi done if ${ac_cv_search_opendir+:} false; then : else ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 $as_echo "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 $as_echo_n "checking for library containing opendir... " >&6; } if ${ac_cv_search_opendir+:} false; then : $as_echo_n "(cached) " >&6 else ac_func_search_save_LIBS=$LIBS cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char opendir (); int main () { return opendir (); ; return 0; } _ACEOF for ac_lib in '' x; do if test -z "$ac_lib"; then ac_res="none required" else ac_res=-l$ac_lib LIBS="-l$ac_lib $ac_func_search_save_LIBS" fi if ac_fn_c_try_link "$LINENO"; then : ac_cv_search_opendir=$ac_res fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext if ${ac_cv_search_opendir+:} false; then : break fi done if ${ac_cv_search_opendir+:} false; then : else ac_cv_search_opendir=no fi rm conftest.$ac_ext LIBS=$ac_func_search_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 $as_echo "$ac_cv_search_opendir" >&6; } ac_res=$ac_cv_search_opendir if test "$ac_res" != no; then : test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 $as_echo_n "checking for ANSI C header files... " >&6; } if ${ac_cv_header_stdc+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include #include int main () { ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stdc=yes else ac_cv_header_stdc=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext if test $ac_cv_header_stdc = yes; then # SunOS 4.x string.h does not declare mem*, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "memchr" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "free" >/dev/null 2>&1; then : else ac_cv_header_stdc=no fi rm -f conftest* fi if test $ac_cv_header_stdc = yes; then # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. if test "$cross_compiling" = yes; then : : else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if ((' ' & 0x0FF) == 0x020) # define ISLOWER(c) ('a' <= (c) && (c) <= 'z') # define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) #else # define ISLOWER(c) \ (('a' <= (c) && (c) <= 'i') \ || ('j' <= (c) && (c) <= 'r') \ || ('s' <= (c) && (c) <= 'z')) # define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) #endif #define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) int main () { int i; for (i = 0; i < 256; i++) if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) return 2; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : else ac_cv_header_stdc=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 $as_echo "$ac_cv_header_stdc" >&6; } if test $ac_cv_header_stdc = yes; then $as_echo "#define STDC_HEADERS 1" >>confdefs.h fi for ac_header in arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/param.h sys/socket.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in unistd.h sys/statfs.h sys/param.h sys/statvfs.h sys/socket netinet/in.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in sys/acl.h sys/ioctl.h sys/time.h syslog.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_header in sys/mount.h do : ac_fn_c_check_header_compile "$LINENO" "sys/mount.h" "ac_cv_header_sys_mount_h" " $ac_includes_default #if HAVE_SYS_PARAM_H #include #endif " if test "x$ac_cv_header_sys_mount_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_SYS_MOUNT_H 1 _ACEOF fi done # Checks for target-specific case "$host" in *-*-cygwin*) for ac_header in cygwin/socket.h do : ac_fn_c_check_header_mongrel "$LINENO" "cygwin/socket.h" "ac_cv_header_cygwin_socket_h" "$ac_includes_default" if test "x$ac_cv_header_cygwin_socket_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_CYGWIN_SOCKET_H 1 _ACEOF fi done for ac_header in cygwin/acl.h do : ac_fn_c_check_header_mongrel "$LINENO" "cygwin/acl.h" "ac_cv_header_cygwin_acl_h" "$ac_includes_default" if test "x$ac_cv_header_cygwin_acl_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_CYGWIN_ACL_H 1 _ACEOF $as_echo "#define HAVE_CYGWIN 1" >>confdefs.h fi done LINKER_OPT="-Xlinker --as-needed" ;; *-*-linux*) test -e "/usr/include/linux/ext2_fs.h" && $as_echo "#define HAVE_LINUX_EXT2_FS_H 1" >>confdefs.h LINKER_OPT="-Xlinker --as-needed" ;; *) LINKER_OPT="" ;; esac #Help # Check whether --with-conffile was given. if test "${with_conffile+set}" = set; then : withval=$with_conffile; if test "x$withval" != "$no" ; then MSS_CONF=$withval fi fi # Check whether --with-logfile was given. if test "${with_logfile+set}" = set; then : withval=$with_logfile; if test "x$withval" != "$no" ; then MSS_LOG=$withval fi fi MSS_COLOR=no # Check whether --with-logcolor was given. if test "${with_logcolor+set}" = set; then : withval=$with_logcolor; MSS_COLOR=$withval fi # Check whether --with-shutfile was given. if test "${with_shutfile+set}" = set; then : withval=$with_shutfile; if test "x$withval" != "$no" ; then MSS_SHUT=$withval fi fi MSS_ADMIN=yes # Check whether --with-admin was given. if test "${with_admin+set}" = set; then : withval=$with_admin; if test "x$withval" != "$yes" ; then MSS_ADMIN=$withval fi fi # Check whether --with-libiconv was given. if test "${with_libiconv+set}" = set; then : withval=$with_libiconv; if test "x$withval" != "$no" ; then if test -d "$withval/lib"; then LDFLAGS="-L${withval}/lib ${LDFLAGS}" else LDFLAGS="-L${withval} ${LDFLAGS}" fi if test -d "$withval/include"; then CPPFLAGS="-I${withval}/include ${CPPFLAGS}" else CPPFLAGS="-I${withval} ${CPPFLAGS}" fi fi fi MSS_DEBUG=no # Check whether --with-debug was given. if test "${with_debug+set}" = set; then : withval=$with_debug; MSS_DEBUG=$withval fi # Checks for library functions. { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether closedir returns void" >&5 $as_echo_n "checking whether closedir returns void... " >&6; } if ${ac_cv_func_closedir_void+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_closedir_void=yes else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default #include <$ac_header_dirent> #ifndef __cplusplus int closedir (); #endif int main () { return closedir (opendir (".")) != 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_closedir_void=no else ac_cv_func_closedir_void=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_closedir_void" >&5 $as_echo "$ac_cv_func_closedir_void" >&6; } if test $ac_cv_func_closedir_void = yes; then $as_echo "#define CLOSEDIR_VOID 1" >>confdefs.h fi ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" if test "x$ac_cv_type_pid_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define pid_t int _ACEOF fi for ac_header in vfork.h do : ac_fn_c_check_header_mongrel "$LINENO" "vfork.h" "ac_cv_header_vfork_h" "$ac_includes_default" if test "x$ac_cv_header_vfork_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_VFORK_H 1 _ACEOF fi done for ac_func in fork vfork do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done if test "x$ac_cv_func_fork" = xyes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fork" >&5 $as_echo_n "checking for working fork... " >&6; } if ${ac_cv_func_fork_works+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_fork_works=cross else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { /* By Ruediger Kuhlmann. */ return fork () < 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_fork_works=yes else ac_cv_func_fork_works=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5 $as_echo "$ac_cv_func_fork_works" >&6; } else ac_cv_func_fork_works=$ac_cv_func_fork fi if test "x$ac_cv_func_fork_works" = xcross; then case $host in *-*-amigaos* | *-*-msdosdjgpp*) # Override, as these systems have only a dummy fork() stub ac_cv_func_fork_works=no ;; *) ac_cv_func_fork_works=yes ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&5 $as_echo "$as_me: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&2;} fi ac_cv_func_vfork_works=$ac_cv_func_vfork if test "x$ac_cv_func_vfork" = xyes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vfork" >&5 $as_echo_n "checking for working vfork... " >&6; } if ${ac_cv_func_vfork_works+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_vfork_works=cross else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Thanks to Paul Eggert for this test. */ $ac_includes_default #include #ifdef HAVE_VFORK_H # include #endif /* On some sparc systems, changes by the child to local and incoming argument registers are propagated back to the parent. The compiler is told about this with #include , but some compilers (e.g. gcc -O) don't grok . Test for this by using a static variable whose address is put into a register that is clobbered by the vfork. */ static void #ifdef __cplusplus sparc_address_test (int arg) # else sparc_address_test (arg) int arg; #endif { static pid_t child; if (!child) { child = vfork (); if (child < 0) { perror ("vfork"); _exit(2); } if (!child) { arg = getpid(); write(-1, "", 0); _exit (arg); } } } int main () { pid_t parent = getpid (); pid_t child; sparc_address_test (0); child = vfork (); if (child == 0) { /* Here is another test for sparc vfork register problems. This test uses lots of local variables, at least as many local variables as main has allocated so far including compiler temporaries. 4 locals are enough for gcc 1.40.3 on a Solaris 4.1.3 sparc, but we use 8 to be safe. A buggy compiler should reuse the register of parent for one of the local variables, since it will think that parent can't possibly be used any more in this routine. Assigning to the local variable will thus munge parent in the parent process. */ pid_t p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(), p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid(); /* Convince the compiler that p..p7 are live; otherwise, it might use the same hardware register for all 8 local variables. */ if (p != p1 || p != p2 || p != p3 || p != p4 || p != p5 || p != p6 || p != p7) _exit(1); /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent from child file descriptors. If the child closes a descriptor before it execs or exits, this munges the parent's descriptor as well. Test for this by closing stdout in the child. */ _exit(close(fileno(stdout)) != 0); } else { int status; struct stat st; while (wait(&status) != child) ; return ( /* Was there some problem with vforking? */ child < 0 /* Did the child fail? (This shouldn't happen.) */ || status /* Did the vfork/compiler bug occur? */ || parent != getpid() /* Did the file descriptor bug occur? */ || fstat(fileno(stdout), &st) != 0 ); } } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_vfork_works=yes else ac_cv_func_vfork_works=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5 $as_echo "$ac_cv_func_vfork_works" >&6; } fi; if test "x$ac_cv_func_fork_works" = xcross; then ac_cv_func_vfork_works=$ac_cv_func_vfork { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&5 $as_echo "$as_me: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&2;} fi if test "x$ac_cv_func_vfork_works" = xyes; then $as_echo "#define HAVE_WORKING_VFORK 1" >>confdefs.h else $as_echo "#define vfork fork" >>confdefs.h fi if test "x$ac_cv_func_fork_works" = xyes; then $as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lstat correctly handles trailing slash" >&5 $as_echo_n "checking whether lstat correctly handles trailing slash... " >&6; } if ${ac_cv_func_lstat_dereferences_slashed_symlink+:} false; then : $as_echo_n "(cached) " >&6 else rm -f conftest.sym conftest.file echo >conftest.file if test "$as_ln_s" = "ln -s" && ln -s conftest.file conftest.sym; then if test "$cross_compiling" = yes; then : ac_cv_func_lstat_dereferences_slashed_symlink=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { struct stat sbuf; /* Linux will dereference the symlink and fail, as required by POSIX. That is better in the sense that it means we will not have to compile and use the lstat wrapper. */ return lstat ("conftest.sym/", &sbuf) == 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_lstat_dereferences_slashed_symlink=yes else ac_cv_func_lstat_dereferences_slashed_symlink=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi else # If the `ln -s' command failed, then we probably don't even # have an lstat function. ac_cv_func_lstat_dereferences_slashed_symlink=no fi rm -f conftest.sym conftest.file fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_lstat_dereferences_slashed_symlink" >&5 $as_echo "$ac_cv_func_lstat_dereferences_slashed_symlink" >&6; } test $ac_cv_func_lstat_dereferences_slashed_symlink = yes && cat >>confdefs.h <<_ACEOF #define LSTAT_FOLLOWS_SLASHED_SYMLINK 1 _ACEOF if test "x$ac_cv_func_lstat_dereferences_slashed_symlink" = xno; then case " $LIBOBJS " in *" lstat.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS lstat.$ac_objext" ;; esac fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stat accepts an empty string" >&5 $as_echo_n "checking whether stat accepts an empty string... " >&6; } if ${ac_cv_func_stat_empty_string_bug+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_stat_empty_string_bug=yes else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { struct stat sbuf; return stat ("", &sbuf) == 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_stat_empty_string_bug=no else ac_cv_func_stat_empty_string_bug=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_stat_empty_string_bug" >&5 $as_echo "$ac_cv_func_stat_empty_string_bug" >&6; } if test $ac_cv_func_stat_empty_string_bug = yes; then case " $LIBOBJS " in *" stat.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS stat.$ac_objext" ;; esac cat >>confdefs.h <<_ACEOF #define HAVE_STAT_EMPTY_STRING_BUG 1 _ACEOF fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lstat accepts an empty string" >&5 $as_echo_n "checking whether lstat accepts an empty string... " >&6; } if ${ac_cv_func_lstat_empty_string_bug+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_lstat_empty_string_bug=yes else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { struct stat sbuf; return lstat ("", &sbuf) == 0; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_lstat_empty_string_bug=no else ac_cv_func_lstat_empty_string_bug=yes fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_lstat_empty_string_bug" >&5 $as_echo "$ac_cv_func_lstat_empty_string_bug" >&6; } if test $ac_cv_func_lstat_empty_string_bug = yes; then case " $LIBOBJS " in *" lstat.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS lstat.$ac_objext" ;; esac cat >>confdefs.h <<_ACEOF #define HAVE_LSTAT_EMPTY_STRING_BUG 1 _ACEOF fi for ac_header in unistd.h do : ac_fn_c_check_header_mongrel "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default" if test "x$ac_cv_header_unistd_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_UNISTD_H 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working chown" >&5 $as_echo_n "checking for working chown... " >&6; } if ${ac_cv_func_chown_works+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_chown_works=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default #include int main () { char *f = "conftest.chown"; struct stat before, after; if (creat (f, 0600) < 0) return 1; if (stat (f, &before) < 0) return 1; if (chown (f, (uid_t) -1, (gid_t) -1) == -1) return 1; if (stat (f, &after) < 0) return 1; return ! (before.st_uid == after.st_uid && before.st_gid == after.st_gid); ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_chown_works=yes else ac_cv_func_chown_works=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi rm -f conftest.chown fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_chown_works" >&5 $as_echo "$ac_cv_func_chown_works" >&6; } if test $ac_cv_func_chown_works = yes; then $as_echo "#define HAVE_CHOWN 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking type of array argument to getgroups" >&5 $as_echo_n "checking type of array argument to getgroups... " >&6; } if ${ac_cv_type_getgroups+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_type_getgroups=cross else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Thanks to Mike Rendell for this test. */ $ac_includes_default #define NGID 256 #undef MAX #define MAX(x, y) ((x) > (y) ? (x) : (y)) int main () { gid_t gidset[NGID]; int i, n; union { gid_t gval; long int lval; } val; val.lval = -1; for (i = 0; i < NGID; i++) gidset[i] = val.gval; n = getgroups (sizeof (gidset) / MAX (sizeof (int), sizeof (gid_t)) - 1, gidset); /* Exit non-zero if getgroups seems to require an array of ints. This happens when gid_t is short int but getgroups modifies an array of ints. */ return n > 0 && gidset[n] != val.gval; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_type_getgroups=gid_t else ac_cv_type_getgroups=int fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi if test $ac_cv_type_getgroups = cross; then cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include _ACEOF if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | $EGREP "getgroups.*int.*gid_t" >/dev/null 2>&1; then : ac_cv_type_getgroups=gid_t else ac_cv_type_getgroups=int fi rm -f conftest* fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_getgroups" >&5 $as_echo "$ac_cv_type_getgroups" >&6; } cat >>confdefs.h <<_ACEOF #define GETGROUPS_T $ac_cv_type_getgroups _ACEOF ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" if test "x$ac_cv_type_size_t" = xyes; then : else cat >>confdefs.h <<_ACEOF #define size_t unsigned int _ACEOF fi ac_fn_c_check_func "$LINENO" "getgroups" "ac_cv_func_getgroups" if test "x$ac_cv_func_getgroups" = xyes; then : fi # If we don't yet have getgroups, see if it's in -lbsd. # This is reported to be necessary on an ITOS 3000WS running SEIUX 3.1. ac_save_LIBS=$LIBS if test $ac_cv_func_getgroups = no; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getgroups in -lbsd" >&5 $as_echo_n "checking for getgroups in -lbsd... " >&6; } if ${ac_cv_lib_bsd_getgroups+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lbsd $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char getgroups (); int main () { return getgroups (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_bsd_getgroups=yes else ac_cv_lib_bsd_getgroups=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_bsd_getgroups" >&5 $as_echo "$ac_cv_lib_bsd_getgroups" >&6; } if test "x$ac_cv_lib_bsd_getgroups" = xyes; then : GETGROUPS_LIB=-lbsd fi fi # Run the program to test the functionality of the system-supplied # getgroups function only if there is such a function. if test $ac_cv_func_getgroups = yes; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working getgroups" >&5 $as_echo_n "checking for working getgroups... " >&6; } if ${ac_cv_func_getgroups_works+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_getgroups_works=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default int main () { /* On Ultrix 4.3, getgroups (0, 0) always fails. */ return getgroups (0, 0) == -1; ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_getgroups_works=yes else ac_cv_func_getgroups_works=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_getgroups_works" >&5 $as_echo "$ac_cv_func_getgroups_works" >&6; } else ac_cv_func_getgroups_works=no fi if test $ac_cv_func_getgroups_works = yes; then $as_echo "#define HAVE_GETGROUPS 1" >>confdefs.h fi LIBS=$ac_save_LIBS for ac_header in stdlib.h do : ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" if test "x$ac_cv_header_stdlib_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STDLIB_H 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5 $as_echo_n "checking for GNU libc compatible malloc... " >&6; } if ${ac_cv_func_malloc_0_nonnull+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_malloc_0_nonnull=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #if defined STDC_HEADERS || defined HAVE_STDLIB_H # include #else char *malloc (); #endif int main () { return ! malloc (0); ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_malloc_0_nonnull=yes else ac_cv_func_malloc_0_nonnull=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5 $as_echo "$ac_cv_func_malloc_0_nonnull" >&6; } if test $ac_cv_func_malloc_0_nonnull = yes; then : $as_echo "#define HAVE_MALLOC 1" >>confdefs.h else $as_echo "#define HAVE_MALLOC 0" >>confdefs.h case " $LIBOBJS " in *" malloc.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS malloc.$ac_objext" ;; esac $as_echo "#define malloc rpl_malloc" >>confdefs.h fi for ac_header in stdlib.h do : ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" if test "x$ac_cv_header_stdlib_h" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STDLIB_H 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible realloc" >&5 $as_echo_n "checking for GNU libc compatible realloc... " >&6; } if ${ac_cv_func_realloc_0_nonnull+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_realloc_0_nonnull=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #if defined STDC_HEADERS || defined HAVE_STDLIB_H # include #else char *realloc (); #endif int main () { return ! realloc (0, 0); ; return 0; } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_realloc_0_nonnull=yes else ac_cv_func_realloc_0_nonnull=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_realloc_0_nonnull" >&5 $as_echo "$ac_cv_func_realloc_0_nonnull" >&6; } if test $ac_cv_func_realloc_0_nonnull = yes; then : $as_echo "#define HAVE_REALLOC 1" >>confdefs.h else $as_echo "#define HAVE_REALLOC 0" >>confdefs.h case " $LIBOBJS " in *" realloc.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS realloc.$ac_objext" ;; esac $as_echo "#define realloc rpl_realloc" >>confdefs.h fi for ac_func in strftime do : ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime" if test "x$ac_cv_func_strftime" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_STRFTIME 1 _ACEOF else # strftime is in -lintl on SCO UNIX. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5 $as_echo_n "checking for strftime in -lintl... " >&6; } if ${ac_cv_lib_intl_strftime+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lintl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char strftime (); int main () { return strftime (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_intl_strftime=yes else ac_cv_lib_intl_strftime=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5 $as_echo "$ac_cv_lib_intl_strftime" >&6; } if test "x$ac_cv_lib_intl_strftime" = xyes; then : $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h LIBS="-lintl $LIBS" fi fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 $as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } if ${ac_cv_header_time+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { if ((struct tm *) 0) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_time=yes else ac_cv_header_time=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 $as_echo "$ac_cv_header_time" >&6; } if test $ac_cv_header_time = yes; then $as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h fi for ac_header in $ac_header_list do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default " if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in $ac_func_list do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working mktime" >&5 $as_echo_n "checking for working mktime... " >&6; } if ${ac_cv_func_working_mktime+:} false; then : $as_echo_n "(cached) " >&6 else if test "$cross_compiling" = yes; then : ac_cv_func_working_mktime=no else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Test program from Paul Eggert and Tony Leneis. */ #ifdef TIME_WITH_SYS_TIME # include # include #else # ifdef HAVE_SYS_TIME_H # include # else # include # endif #endif #include #include #ifdef HAVE_UNISTD_H # include #endif #ifndef HAVE_ALARM # define alarm(X) /* empty */ #endif /* Work around redefinition to rpl_putenv by other config tests. */ #undef putenv static time_t time_t_max; static time_t time_t_min; /* Values we'll use to set the TZ environment variable. */ static const char *tz_strings[] = { (const char *) 0, "TZ=GMT0", "TZ=JST-9", "TZ=EST+3EDT+2,M10.1.0/00:00:00,M2.3.0/00:00:00" }; #define N_STRINGS (sizeof (tz_strings) / sizeof (tz_strings[0])) /* Return 0 if mktime fails to convert a date in the spring-forward gap. Based on a problem report from Andreas Jaeger. */ static int spring_forward_gap () { /* glibc (up to about 1998-10-07) failed this test. */ struct tm tm; /* Use the portable POSIX.1 specification "TZ=PST8PDT,M4.1.0,M10.5.0" instead of "TZ=America/Vancouver" in order to detect the bug even on systems that don't support the Olson extension, or don't have the full zoneinfo tables installed. */ putenv ((char*) "TZ=PST8PDT,M4.1.0,M10.5.0"); tm.tm_year = 98; tm.tm_mon = 3; tm.tm_mday = 5; tm.tm_hour = 2; tm.tm_min = 0; tm.tm_sec = 0; tm.tm_isdst = -1; return mktime (&tm) != (time_t) -1; } static int mktime_test1 (time_t now) { struct tm *lt; return ! (lt = localtime (&now)) || mktime (lt) == now; } static int mktime_test (time_t now) { return (mktime_test1 (now) && mktime_test1 ((time_t) (time_t_max - now)) && mktime_test1 ((time_t) (time_t_min + now))); } static int irix_6_4_bug () { /* Based on code from Ariel Faigon. */ struct tm tm; tm.tm_year = 96; tm.tm_mon = 3; tm.tm_mday = 0; tm.tm_hour = 0; tm.tm_min = 0; tm.tm_sec = 0; tm.tm_isdst = -1; mktime (&tm); return tm.tm_mon == 2 && tm.tm_mday == 31; } static int bigtime_test (int j) { struct tm tm; time_t now; tm.tm_year = tm.tm_mon = tm.tm_mday = tm.tm_hour = tm.tm_min = tm.tm_sec = j; now = mktime (&tm); if (now != (time_t) -1) { struct tm *lt = localtime (&now); if (! (lt && lt->tm_year == tm.tm_year && lt->tm_mon == tm.tm_mon && lt->tm_mday == tm.tm_mday && lt->tm_hour == tm.tm_hour && lt->tm_min == tm.tm_min && lt->tm_sec == tm.tm_sec && lt->tm_yday == tm.tm_yday && lt->tm_wday == tm.tm_wday && ((lt->tm_isdst < 0 ? -1 : 0 < lt->tm_isdst) == (tm.tm_isdst < 0 ? -1 : 0 < tm.tm_isdst)))) return 0; } return 1; } static int year_2050_test () { /* The correct answer for 2050-02-01 00:00:00 in Pacific time, ignoring leap seconds. */ unsigned long int answer = 2527315200UL; struct tm tm; time_t t; tm.tm_year = 2050 - 1900; tm.tm_mon = 2 - 1; tm.tm_mday = 1; tm.tm_hour = tm.tm_min = tm.tm_sec = 0; tm.tm_isdst = -1; /* Use the portable POSIX.1 specification "TZ=PST8PDT,M4.1.0,M10.5.0" instead of "TZ=America/Vancouver" in order to detect the bug even on systems that don't support the Olson extension, or don't have the full zoneinfo tables installed. */ putenv ((char*) "TZ=PST8PDT,M4.1.0,M10.5.0"); t = mktime (&tm); /* Check that the result is either a failure, or close enough to the correct answer that we can assume the discrepancy is due to leap seconds. */ return (t == (time_t) -1 || (0 < t && answer - 120 <= t && t <= answer + 120)); } int main () { time_t t, delta; int i, j; /* This test makes some buggy mktime implementations loop. Give up after 60 seconds; a mktime slower than that isn't worth using anyway. */ alarm (60); for (;;) { t = (time_t_max << 1) + 1; if (t <= time_t_max) break; time_t_max = t; } time_t_min = - ((time_t) ~ (time_t) 0 == (time_t) -1) - time_t_max; delta = time_t_max / 997; /* a suitable prime number */ for (i = 0; i < N_STRINGS; i++) { if (tz_strings[i]) putenv ((char*) tz_strings[i]); for (t = 0; t <= time_t_max - delta; t += delta) if (! mktime_test (t)) return 1; if (! (mktime_test ((time_t) 1) && mktime_test ((time_t) (60 * 60)) && mktime_test ((time_t) (60 * 60 * 24)))) return 1; for (j = 1; ; j <<= 1) if (! bigtime_test (j)) return 1; else if (INT_MAX / 2 < j) break; if (! bigtime_test (INT_MAX)) return 1; } return ! (irix_6_4_bug () && spring_forward_gap () && year_2050_test ()); } _ACEOF if ac_fn_c_try_run "$LINENO"; then : ac_cv_func_working_mktime=yes else ac_cv_func_working_mktime=no fi rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ conftest.$ac_objext conftest.beam conftest.$ac_ext fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_working_mktime" >&5 $as_echo "$ac_cv_func_working_mktime" >&6; } if test $ac_cv_func_working_mktime = no; then case " $LIBOBJS " in *" mktime.$ac_objext "* ) ;; *) LIBOBJS="$LIBOBJS mktime.$ac_objext" ;; esac fi for ac_header in sys/select.h sys/socket.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 _ACEOF fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking types of arguments for select" >&5 $as_echo_n "checking types of arguments for select... " >&6; } if ${ac_cv_func_select_args+:} false; then : $as_echo_n "(cached) " >&6 else for ac_arg234 in 'fd_set *' 'int *' 'void *'; do for ac_arg1 in 'int' 'size_t' 'unsigned long int' 'unsigned int'; do for ac_arg5 in 'struct timeval *' 'const struct timeval *'; do cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ $ac_includes_default #ifdef HAVE_SYS_SELECT_H # include #endif #ifdef HAVE_SYS_SOCKET_H # include #endif int main () { extern int select ($ac_arg1, $ac_arg234, $ac_arg234, $ac_arg234, $ac_arg5); ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_func_select_args="$ac_arg1,$ac_arg234,$ac_arg5"; break 3 fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext done done done # Provide a safe default value. : "${ac_cv_func_select_args=int,int *,struct timeval *}" fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_select_args" >&5 $as_echo "$ac_cv_func_select_args" >&6; } ac_save_IFS=$IFS; IFS=',' set dummy `echo "$ac_cv_func_select_args" | sed 's/\*/\*/g'` IFS=$ac_save_IFS shift cat >>confdefs.h <<_ACEOF #define SELECT_TYPE_ARG1 $1 _ACEOF cat >>confdefs.h <<_ACEOF #define SELECT_TYPE_ARG234 ($2) _ACEOF cat >>confdefs.h <<_ACEOF #define SELECT_TYPE_ARG5 ($3) _ACEOF rm -f conftest* { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stat file-mode macros are broken" >&5 $as_echo_n "checking whether stat file-mode macros are broken... " >&6; } if ${ac_cv_header_stat_broken+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #if defined S_ISBLK && defined S_IFDIR extern char c1[S_ISBLK (S_IFDIR) ? -1 : 1]; #endif #if defined S_ISBLK && defined S_IFCHR extern char c2[S_ISBLK (S_IFCHR) ? -1 : 1]; #endif #if defined S_ISLNK && defined S_IFREG extern char c3[S_ISLNK (S_IFREG) ? -1 : 1]; #endif #if defined S_ISSOCK && defined S_IFREG extern char c4[S_ISSOCK (S_IFREG) ? -1 : 1]; #endif _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_stat_broken=no else ac_cv_header_stat_broken=yes fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stat_broken" >&5 $as_echo "$ac_cv_header_stat_broken" >&6; } if test $ac_cv_header_stat_broken = yes; then $as_echo "#define STAT_MACROS_BROKEN 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sys/wait.h that is POSIX.1 compatible" >&5 $as_echo_n "checking for sys/wait.h that is POSIX.1 compatible... " >&6; } if ${ac_cv_header_sys_wait_h+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #ifndef WEXITSTATUS # define WEXITSTATUS(stat_val) ((unsigned int) (stat_val) >> 8) #endif #ifndef WIFEXITED # define WIFEXITED(stat_val) (((stat_val) & 255) == 0) #endif int main () { int s; wait (&s); s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_sys_wait_h=yes else ac_cv_header_sys_wait_h=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_sys_wait_h" >&5 $as_echo "$ac_cv_header_sys_wait_h" >&6; } if test $ac_cv_header_sys_wait_h = yes; then $as_echo "#define HAVE_SYS_WAIT_H 1" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5 $as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; } if ${ac_cv_header_time+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ #include #include #include int main () { if ((struct tm *) 0) return 0; ; return 0; } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : ac_cv_header_time=yes else ac_cv_header_time=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5 $as_echo "$ac_cv_header_time" >&6; } if test $ac_cv_header_time = yes; then $as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h fi for ac_func in endgrent strcasecmp strchr strdup strerror strrchr strstr statfs statvfs getgroups strlcpy strlcat do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in acl acl_get_perm_np atexit dup2 endpwent gettimeofday memset mkdir realpath regcomp rmdir select setenv memmove do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in openlog syslog closelog vsyslog do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF fi done for ac_func in connect gethostbyaddr gethostbyname inet_ntoa do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyaddr in -lnsl" >&5 $as_echo_n "checking for gethostbyaddr in -lnsl... " >&6; } if ${ac_cv_lib_nsl_gethostbyaddr+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lnsl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gethostbyaddr (); int main () { return gethostbyaddr (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_nsl_gethostbyaddr=yes else ac_cv_lib_nsl_gethostbyaddr=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nsl_gethostbyaddr" >&5 $as_echo "$ac_cv_lib_nsl_gethostbyaddr" >&6; } if test "x$ac_cv_lib_nsl_gethostbyaddr" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBNSL 1 _ACEOF LIBS="-lnsl $LIBS" fi fi done for ac_func in iconv_open iconv_close iconv do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" if eval test \"x\$"$as_ac_var"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 _ACEOF else { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libiconv_open in -liconv" >&5 $as_echo_n "checking for libiconv_open in -liconv... " >&6; } if ${ac_cv_lib_iconv_libiconv_open+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-liconv $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char libiconv_open (); int main () { return libiconv_open (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_iconv_libiconv_open=yes else ac_cv_lib_iconv_libiconv_open=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_iconv_libiconv_open" >&5 $as_echo "$ac_cv_lib_iconv_libiconv_open" >&6; } if test "x$ac_cv_lib_iconv_libiconv_open" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBICONV 1 _ACEOF LIBS="-liconv $LIBS" fi fi done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for acl_get_entry in -lacl" >&5 $as_echo_n "checking for acl_get_entry in -lacl... " >&6; } if ${ac_cv_lib_acl_acl_get_entry+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lacl $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char acl_get_entry (); int main () { return acl_get_entry (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_acl_acl_get_entry=yes else ac_cv_lib_acl_acl_get_entry=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_acl_acl_get_entry" >&5 $as_echo "$ac_cv_lib_acl_acl_get_entry" >&6; } if test "x$ac_cv_lib_acl_acl_get_entry" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBACL 1 _ACEOF LIBS="-lacl $LIBS" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gnutls_hash_init in -lgnutls" >&5 $as_echo_n "checking for gnutls_hash_init in -lgnutls... " >&6; } if ${ac_cv_lib_gnutls_gnutls_hash_init+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS LIBS="-lgnutls $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ /* Override any GCC internal prototype to avoid an error. Use char because int might match the return type of a GCC builtin and then its argument prototype would still apply. */ #ifdef __cplusplus extern "C" #endif char gnutls_hash_init (); int main () { return gnutls_hash_init (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : ac_cv_lib_gnutls_gnutls_hash_init=yes else ac_cv_lib_gnutls_gnutls_hash_init=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gnutls_gnutls_hash_init" >&5 $as_echo "$ac_cv_lib_gnutls_gnutls_hash_init" >&6; } if test "x$ac_cv_lib_gnutls_gnutls_hash_init" = xyes; then : cat >>confdefs.h <<_ACEOF #define HAVE_LIBGNUTLS 1 _ACEOF LIBS="-lgnutls $LIBS" fi #Own defines test "$prefix" = "NONE" && prefix= test "$exec_prefix" = "NONE" && exec_prefix=/usr test -z "$bindir" && bindir="/usr/bin" test -z "$MSS_LOG" && MSS_LOG="/var/log/sftp-server.log" test -z "$MSS_CONF" && MSS_CONF="/etc/ssh/sftp_config" test -z "$MSS_SHUT" && MSS_SHUT="/etc/sftp.shut" MSS_UTF=$ac_cv_func_iconv test "$MSS_UTF" = "no" && MSS_UTF=$ac_cv_lib_iconv_libiconv_open MSS_ACL=$ac_cv_lib_acl_acl_get_entry test "$ac_cv_header_cygwin_acl_h" = "yes" && MSS_ACL="yes" test "$ac_cv_header_sys_acl_h" = "yes" && MSS_ACL="yes" MSSEXT_DISK=$ac_cv_header_sys_statvfs_h MSSEXT_DISK_SSH=$ac_cv_header_sys_statvfs_h test "$MSSEXT_DISK" = "no" && MSSEXT_DISK=$ac_cv_header_sys_statfs_h test "$MSSEXT_DISK" = "no" && MSSEXT_DISK=$ac_cv_func_statfs MSSEXT_FILE_HASHING=$ac_cv_lib_gnutls_gnutls_hash_init test "$MSS_DEBUG" = "1" && MSS_DEBUG="-DDODEBUG -g3" test "$MSS_DEBUG" = "2" && MSS_DEBUG="-g3" test "$MSS_DEBUG" = "no" && MSS_DEBUG="" A=`eval echo ${sysconfdir}` BINDIR=`eval echo ${bindir}` ; BINDIR=`eval echo ${BINDIR}` SBINDIR=`eval echo ${sbindir}` ; SBINDIR=`eval echo ${SBINDIR}` MANDIR=`eval echo ${mandir}` ; MANDIR=`eval echo ${MANDIR}` ETCDIR="${A}" SBINDIR="${SBINDIR}" BINDIR="${BINDIR}" MANDIR="${MANDIR}" MSS_CONF="${MSS_CONF}" MSS_LOG="${MSS_LOG}" MSS_DEBUG="${MSS_DEBUG}" cat >>confdefs.h <<_ACEOF #define MSS_LOG "${MSS_LOG}" _ACEOF cat >>confdefs.h <<_ACEOF #define SHUTDOWN_FILE "${MSS_SHUT}" _ACEOF cat >>confdefs.h <<_ACEOF #define CONFIG_FILE "${MSS_CONF}" _ACEOF $as_echo "#define CONFIG_FILE2 \"/etc/sshd/sftp_config\"" >>confdefs.h cat >>confdefs.h <<_ACEOF #define MSS_SFTPWHO "${BINDIR}/sftp-who" _ACEOF cat >>confdefs.h <<_ACEOF #define MSS_SFTPUSER "${BINDIR}/sftp-user" _ACEOF test "$MSS_COLOR" = "yes" && cat >>confdefs.h <<_ACEOF #define HAVE_LOG_IN_COLOR ${MSS_COLOR} _ACEOF test "$MSS_ACL" = "yes" && $as_echo "#define MSS_ACL 1" >>confdefs.h test "$MSS_ADMIN" = "yes" && $as_echo "#define MSS_HAVE_ADMIN 1" >>confdefs.h test "$MSSEXT_DISK" = "yes" && $as_echo "#define MSSEXT_DISKUSAGE 1" >>confdefs.h test "$MSSEXT_DISK_SSH" = "yes" && $as_echo "#define MSSEXT_DISKUSAGE_SSH 1" >>confdefs.h test "$MSSEXT_FILE_HASHING" = "yes" && $as_echo "#define MSSEXT_FILE_HASHING 1" >>confdefs.h if test "$ac_cv_type_u_int8_t" = "no" ; then cat >>confdefs.h <<_ACEOF #define u_int8_t uint8_t _ACEOF fi if test "$ac_cv_type_u_int16_t" = "no" ; then cat >>confdefs.h <<_ACEOF #define u_int16_t uint16_t _ACEOF fi if test "$ac_cv_type_u_int32_t" = "no" ; then cat >>confdefs.h <<_ACEOF #define u_int32_t uint32_t _ACEOF fi if test "$ac_cv_type_u_int64_t" = "no" ; then cat >>confdefs.h <<_ACEOF #define u_int64_t uint64_t _ACEOF fi ac_config_files="$ac_config_files Makefile" ac_config_files="$ac_config_files install.sh" ac_config_files="$ac_config_files uninstaller.sh" ac_config_files="$ac_config_files utils/sftp-user" ac_config_files="$ac_config_files utils/sftp-verif" cat >confcache <<\_ACEOF # This file is a shell script that caches the results of configure # tests run on this system so they can be shared between configure # scripts and configure runs, see configure's option --config-cache. # It is not useful on other systems. If it contains results you don't # want to keep, you may remove or edit it. # # config.status only pays attention to the cache file if you give it # the --recheck option to rerun configure. # # `ac_cv_env_foo' variables (set or unset) will be overridden when # loading this file, other *unset* `ac_cv_foo' will be assigned the # following values. _ACEOF # The following way of writing the cache mishandles newlines in values, # but we know of no workaround that is simple, portable, and efficient. # So, we kill variables containing newlines. # Ultrix sh set writes to stderr and can't be redirected directly, # and sets the high bit in the cache file unless we assign to the vars. ( for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do eval ac_val=\$$ac_var case $ac_val in #( *${as_nl}*) case $ac_var in #( *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 $as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; esac case $ac_var in #( _ | IFS | as_nl) ;; #( BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( *) { eval $ac_var=; unset $ac_var;} ;; esac ;; esac done (set) 2>&1 | case $as_nl`(ac_space=' '; set) 2>&1` in #( *${as_nl}ac_space=\ *) # `set' does not quote correctly, so add quotes: double-quote # substitution turns \\\\ into \\, and sed turns \\ into \. sed -n \ "s/'/'\\\\''/g; s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" ;; #( *) # `set' quotes correctly as required by POSIX, so do not add quotes. sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" ;; esac | sort ) | sed ' /^ac_cv_env_/b end t clear :clear s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ t end s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ :end' >>confcache if diff "$cache_file" confcache >/dev/null 2>&1; then :; else if test -w "$cache_file"; then if test "x$cache_file" != "x/dev/null"; then { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 $as_echo "$as_me: updating cache $cache_file" >&6;} if test ! -f "$cache_file" || test -h "$cache_file"; then cat confcache >"$cache_file" else case $cache_file in #( */* | ?:*) mv -f confcache "$cache_file"$$ && mv -f "$cache_file"$$ "$cache_file" ;; #( *) mv -f confcache "$cache_file" ;; esac fi fi else { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 $as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} fi fi rm -f confcache test "x$prefix" = xNONE && prefix=$ac_default_prefix # Let make expand exec_prefix. test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' DEFS=-DHAVE_CONFIG_H ac_libobjs= ac_ltlibobjs= U= for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue # 1. Remove the extension, and $U if already installed. ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' ac_i=`$as_echo "$ac_i" | sed "$ac_script"` # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR # will be set to the directory where LIBOBJS objects are built. as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' done LIBOBJS=$ac_libobjs LTLIBOBJS=$ac_ltlibobjs : "${CONFIG_STATUS=./config.status}" ac_write_fail=0 ac_clean_files_save=$ac_clean_files ac_clean_files="$ac_clean_files $CONFIG_STATUS" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 $as_echo "$as_me: creating $CONFIG_STATUS" >&6;} as_write_fail=0 cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 #! $SHELL # Generated by $as_me. # Run this file to recreate the current configuration. # Compiler output produced by configure, useful for debugging # configure, is in config.log if it exists. debug=false ac_cs_recheck=false ac_cs_silent=false SHELL=\${CONFIG_SHELL-$SHELL} export SHELL _ASEOF cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 ## -------------------- ## ## M4sh Initialization. ## ## -------------------- ## # Be more Bourne compatible DUALCASE=1; export DUALCASE # for MKS sh if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : emulate sh NULLCMD=: # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which # is contrary to our usage. Disable this feature. alias -g '${1+"$@"}'='"$@"' setopt NO_GLOB_SUBST else case `(set -o) 2>/dev/null` in #( *posix*) : set -o posix ;; #( *) : ;; esac fi as_nl=' ' export as_nl # Printing a long string crashes Solaris 7 /usr/bin/printf. as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo # Prefer a ksh shell builtin over an external printf program on Solaris, # but without wasting forks for bash or zsh. if test -z "$BASH_VERSION$ZSH_VERSION" \ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='print -r --' as_echo_n='print -rn --' elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then as_echo='printf %s\n' as_echo_n='printf %s' else if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' as_echo_n='/usr/ucb/echo -n' else as_echo_body='eval expr "X$1" : "X\\(.*\\)"' as_echo_n_body='eval arg=$1; case $arg in #( *"$as_nl"*) expr "X$arg" : "X\\(.*\\)$as_nl"; arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; esac; expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" ' export as_echo_n_body as_echo_n='sh -c $as_echo_n_body as_echo' fi export as_echo_body as_echo='sh -c $as_echo_body as_echo' fi # The user is always right. if test "${PATH_SEPARATOR+set}" != set; then PATH_SEPARATOR=: (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || PATH_SEPARATOR=';' } fi # IFS # We need space, tab and new line, in precisely that order. Quoting is # there to prevent editors from complaining about space-tab. # (If _AS_PATH_WALK were called with IFS unset, it would disable word # splitting by setting IFS to empty value.) IFS=" "" $as_nl" # Find who we are. Look in the path if we contain no directory separator. as_myself= case $0 in #(( *[\\/]* ) as_myself=$0 ;; *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break done IFS=$as_save_IFS ;; esac # We did not find ourselves, most probably we were run as `sh COMMAND' # in which case we are not to be found in the path. if test "x$as_myself" = x; then as_myself=$0 fi if test ! -f "$as_myself"; then $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 exit 1 fi # Unset variables that we do not need and which cause bugs (e.g. in # pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" # suppresses any "Segmentation fault" message there. '((' could # trigger a bug in pdksh 5.2.14. for as_var in BASH_ENV ENV MAIL MAILPATH do eval test x\${$as_var+set} = xset \ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : done PS1='$ ' PS2='> ' PS4='+ ' # NLS nuisances. LC_ALL=C export LC_ALL LANGUAGE=C export LANGUAGE # CDPATH. (unset CDPATH) >/dev/null 2>&1 && unset CDPATH # as_fn_error STATUS ERROR [LINENO LOG_FD] # ---------------------------------------- # Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are # provided, also output the error to LOG_FD, referencing LINENO. Then exit the # script with STATUS, using 1 if that was 0. as_fn_error () { as_status=$1; test $as_status -eq 0 && as_status=1 if test "$4"; then as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 fi $as_echo "$as_me: error: $2" >&2 as_fn_exit $as_status } # as_fn_error # as_fn_set_status STATUS # ----------------------- # Set $? to STATUS, without forking. as_fn_set_status () { return $1 } # as_fn_set_status # as_fn_exit STATUS # ----------------- # Exit the shell with STATUS, even in a "trap 0" or "set -e" context. as_fn_exit () { set +e as_fn_set_status $1 exit $1 } # as_fn_exit # as_fn_unset VAR # --------------- # Portably unset VAR. as_fn_unset () { { eval $1=; unset $1;} } as_unset=as_fn_unset # as_fn_append VAR VALUE # ---------------------- # Append the text in VALUE to the end of the definition contained in VAR. Take # advantage of any shell optimizations that allow amortized linear growth over # repeated appends, instead of the typical quadratic growth present in naive # implementations. if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : eval 'as_fn_append () { eval $1+=\$2 }' else as_fn_append () { eval $1=\$$1\$2 } fi # as_fn_append # as_fn_arith ARG... # ------------------ # Perform arithmetic evaluation on the ARGs, and store the result in the # global $as_val. Take advantage of shells that can avoid forks. The arguments # must be portable across $(()) and expr. if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : eval 'as_fn_arith () { as_val=$(( $* )) }' else as_fn_arith () { as_val=`expr "$@" || test $? -eq 1` } fi # as_fn_arith if expr a : '\(a\)' >/dev/null 2>&1 && test "X`expr 00001 : '.*\(...\)'`" = X001; then as_expr=expr else as_expr=false fi if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then as_basename=basename else as_basename=false fi if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then as_dirname=dirname else as_dirname=false fi as_me=`$as_basename -- "$0" || $as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ X"$0" : 'X\(//\)$' \| \ X"$0" : 'X\(/\)' \| . 2>/dev/null || $as_echo X/"$0" | sed '/^.*\/\([^/][^/]*\)\/*$/{ s//\1/ q } /^X\/\(\/\/\)$/{ s//\1/ q } /^X\/\(\/\).*/{ s//\1/ q } s/.*/./; q'` # Avoid depending upon Character Ranges. as_cr_letters='abcdefghijklmnopqrstuvwxyz' as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' as_cr_Letters=$as_cr_letters$as_cr_LETTERS as_cr_digits='0123456789' as_cr_alnum=$as_cr_Letters$as_cr_digits ECHO_C= ECHO_N= ECHO_T= case `echo -n x` in #((((( -n*) case `echo 'xy\c'` in *c*) ECHO_T=' ';; # ECHO_T is single tab character. xy) ECHO_C='\c';; *) echo `echo ksh88 bug on AIX 6.1` > /dev/null ECHO_T=' ';; esac;; *) ECHO_N='-n';; esac rm -f conf$$ conf$$.exe conf$$.file if test -d conf$$.dir; then rm -f conf$$.dir/conf$$.file else rm -f conf$$.dir mkdir conf$$.dir 2>/dev/null fi if (echo >conf$$.file) 2>/dev/null; then if ln -s conf$$.file conf$$ 2>/dev/null; then as_ln_s='ln -s' # ... but there are two gotchas: # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. # In both cases, we have to default to `cp -pR'. ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || as_ln_s='cp -pR' elif ln conf$$.file conf$$ 2>/dev/null; then as_ln_s=ln else as_ln_s='cp -pR' fi else as_ln_s='cp -pR' fi rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file rmdir conf$$.dir 2>/dev/null # as_fn_mkdir_p # ------------- # Create "$as_dir" as a directory, including parents if necessary. as_fn_mkdir_p () { case $as_dir in #( -*) as_dir=./$as_dir;; esac test -d "$as_dir" || eval $as_mkdir_p || { as_dirs= while :; do case $as_dir in #( *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( *) as_qdir=$as_dir;; esac as_dirs="'$as_qdir' $as_dirs" as_dir=`$as_dirname -- "$as_dir" || $as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$as_dir" : 'X\(//\)[^/]' \| \ X"$as_dir" : 'X\(//\)$' \| \ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$as_dir" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` test -d "$as_dir" && break done test -z "$as_dirs" || eval "mkdir $as_dirs" } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" } # as_fn_mkdir_p if mkdir -p . 2>/dev/null; then as_mkdir_p='mkdir -p "$as_dir"' else test -d ./-p && rmdir ./-p as_mkdir_p=false fi # as_fn_executable_p FILE # ----------------------- # Test if FILE is an executable regular file. as_fn_executable_p () { test -f "$1" && test -x "$1" } # as_fn_executable_p as_test_x='test -x' as_executable_p=as_fn_executable_p # Sed expression to map a string onto a valid CPP name. as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" # Sed expression to map a string onto a valid variable name. as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" exec 6>&1 ## ----------------------------------- ## ## Main body of $CONFIG_STATUS script. ## ## ----------------------------------- ## _ASEOF test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by MySecureShell $as_me 2.0, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ on `(hostname || uname -n) 2>/dev/null | sed 1q` " _ACEOF case $ac_config_files in *" "*) set x $ac_config_files; shift; ac_config_files=$*;; esac case $ac_config_headers in *" "*) set x $ac_config_headers; shift; ac_config_headers=$*;; esac cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 ac_cs_usage="\ \`$as_me' instantiates files and other configuration actions from templates according to the current configuration. Unless the files and actions are specified as TAGs, all are instantiated by default. Usage: $0 [OPTION]... [TAG]... -h, --help print this help, then exit -V, --version print version number and configuration settings, then exit --config print configuration, then exit -q, --quiet, --silent do not print progress messages -d, --debug don't remove temporary files --recheck update $as_me by reconfiguring in the same conditions --file=FILE[:TEMPLATE] instantiate the configuration file FILE --header=FILE[:TEMPLATE] instantiate the configuration header FILE Configuration files: $config_files Configuration headers: $config_headers Report bugs to ." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ MySecureShell config.status 2.0 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." ac_pwd='$ac_pwd' srcdir='$srcdir' test -n "\$AWK" || AWK=awk _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # The default lists apply if the user does not specify any file. ac_need_defaults=: while test $# != 0 do case $1 in --*=?*) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` ac_shift=: ;; --*=) ac_option=`expr "X$1" : 'X\([^=]*\)='` ac_optarg= ac_shift=: ;; *) ac_option=$1 ac_optarg=$2 ac_shift=shift ;; esac case $ac_option in # Handling of the options. -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) ac_cs_recheck=: ;; --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) $as_echo "$ac_cs_version"; exit ;; --config | --confi | --conf | --con | --co | --c ) $as_echo "$ac_cs_config"; exit ;; --debug | --debu | --deb | --de | --d | -d ) debug=: ;; --file | --fil | --fi | --f ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; '') as_fn_error $? "missing file argument" ;; esac as_fn_append CONFIG_FILES " '$ac_optarg'" ac_need_defaults=false;; --header | --heade | --head | --hea ) $ac_shift case $ac_optarg in *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; esac as_fn_append CONFIG_HEADERS " '$ac_optarg'" ac_need_defaults=false;; --he | --h) # Conflict between --help and --header as_fn_error $? "ambiguous option: \`$1' Try \`$0 --help' for more information.";; --help | --hel | -h ) $as_echo "$ac_cs_usage"; exit ;; -q | -quiet | --quiet | --quie | --qui | --qu | --q \ | -silent | --silent | --silen | --sile | --sil | --si | --s) ac_cs_silent=: ;; # This is an error. -*) as_fn_error $? "unrecognized option: \`$1' Try \`$0 --help' for more information." ;; *) as_fn_append ac_config_targets " $1" ac_need_defaults=false ;; esac shift done ac_configure_extra_args= if $ac_cs_silent; then exec 6>/dev/null ac_configure_extra_args="$ac_configure_extra_args --silent" fi _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 if \$ac_cs_recheck; then set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion shift \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 CONFIG_SHELL='$SHELL' export CONFIG_SHELL exec "\$@" fi _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 exec 5>>config.log { echo sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX ## Running $as_me. ## _ASBOX $as_echo "$ac_log" } >&5 _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Handling of arguments. for ac_config_target in $ac_config_targets do case $ac_config_target in "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "install.sh") CONFIG_FILES="$CONFIG_FILES install.sh" ;; "uninstaller.sh") CONFIG_FILES="$CONFIG_FILES uninstaller.sh" ;; "utils/sftp-user") CONFIG_FILES="$CONFIG_FILES utils/sftp-user" ;; "utils/sftp-verif") CONFIG_FILES="$CONFIG_FILES utils/sftp-verif" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; esac done # If the user did not use the arguments to specify the items to instantiate, # then the envvar interface is used. Set only those that are not. # We use the long form for the default assignment because of an extremely # bizarre bug on SunOS 4.1.3. if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers fi # Have a temporary directory for convenience. Make it in the build tree # simply because there is no reason against having it here, and in addition, # creating and moving files from /tmp can sometimes cause problems. # Hook for its removal unless debugging. # Note that there is a small window in which the directory will not be cleaned: # after its creation but before its name has been assigned to `$tmp'. $debug || { tmp= ac_tmp= trap 'exit_status=$? : "${ac_tmp:=$tmp}" { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status ' 0 trap 'as_fn_exit 1' 1 2 13 15 } # Create a (secure) tmp directory for tmp files. { tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && test -d "$tmp" } || { tmp=./conf$$-$RANDOM (umask 077 && mkdir "$tmp") } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 ac_tmp=$tmp # Set up the scripts for CONFIG_FILES section. # No need to generate them if there are no CONFIG_FILES. # This happens for instance with `./config.status config.h'. if test -n "$CONFIG_FILES"; then ac_cr=`echo X | tr X '\015'` # On cygwin, bash can eat \r inside `` if the user requested igncr. # But we know of no other shell where ac_cr would be empty at this # point, so we can use a bashism as a fallback. if test "x$ac_cr" = x; then eval ac_cr=\$\'\\r\' fi ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then ac_cs_awk_cr='\\r' else ac_cs_awk_cr=$ac_cr fi echo 'BEGIN {' >"$ac_tmp/subs1.awk" && _ACEOF { echo "cat >conf$$subs.awk <<_ACEOF" && echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && echo "_ACEOF" } >conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` ac_delim='%!_!# ' for ac_last_try in false false false false false :; do . ./conf$$subs.sh || as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` if test $ac_delim_n = $ac_delim_num; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done rm -f conf$$subs.sh cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && _ACEOF sed -n ' h s/^/S["/; s/!.*/"]=/ p g s/^[^!]*!// :repl t repl s/'"$ac_delim"'$// t delim :nl h s/\(.\{148\}\)..*/\1/ t more1 s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ p n b repl :more1 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t nl :delim h s/\(.\{148\}\)..*/\1/ t more2 s/["\\]/\\&/g; s/^/"/; s/$/"/ p b :more2 s/["\\]/\\&/g; s/^/"/; s/$/"\\/ p g s/.\{148\}// t delim ' >$CONFIG_STATUS || ac_write_fail=1 rm -f conf$$subs.awk cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 _ACAWK cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && for (key in S) S_is_set[key] = 1 FS = "" } { line = $ 0 nfields = split(line, field, "@") substed = 0 len = length(field[1]) for (i = 2; i < nfields; i++) { key = field[i] keylen = length(key) if (S_is_set[key]) { value = S[key] line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) len += length(value) + length(field[++i]) substed = 1 } else len += 1 + keylen } print line } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" else cat fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 _ACEOF # VPATH may cause trouble with some makes, so we remove sole $(srcdir), # ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and # trailing colons and then remove the whole line if VPATH becomes empty # (actually we leave an empty line to preserve line numbers). if test "x$srcdir" = x.; then ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ h s/// s/^/:/ s/[ ]*$/:/ s/:\$(srcdir):/:/g s/:\${srcdir}:/:/g s/:@srcdir@:/:/g s/^:*// s/:*$// x s/\(=[ ]*\).*/\1/ G s/\n// s/^[^=]*=[ ]*$// }' fi cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 fi # test -n "$CONFIG_FILES" # Set up the scripts for CONFIG_HEADERS section. # No need to generate them if there are no CONFIG_HEADERS. # This happens for instance with `./config.status Makefile'. if test -n "$CONFIG_HEADERS"; then cat >"$ac_tmp/defines.awk" <<\_ACAWK || BEGIN { _ACEOF # Transform confdefs.h into an awk script `defines.awk', embedded as # here-document in config.status, that substitutes the proper values into # config.h.in to produce config.h. # Create a delimiter string that does not exist in confdefs.h, to ease # handling of long lines. ac_delim='%!_!# ' for ac_last_try in false false :; do ac_tt=`sed -n "/$ac_delim/p" confdefs.h` if test -z "$ac_tt"; then break elif $ac_last_try; then as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 else ac_delim="$ac_delim!$ac_delim _$ac_delim!! " fi done # For the awk script, D is an array of macro values keyed by name, # likewise P contains macro parameters if any. Preserve backslash # newline sequences. ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* sed -n ' s/.\{148\}/&'"$ac_delim"'/g t rset :rset s/^[ ]*#[ ]*define[ ][ ]*/ / t def d :def s/\\$// t bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3"/p s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p d :bsnl s/["\\]/\\&/g s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ D["\1"]=" \3\\\\\\n"\\/p t cont s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p t cont d :cont n s/.\{148\}/&'"$ac_delim"'/g t clear :clear s/\\$// t bsnlc s/["\\]/\\&/g; s/^/"/; s/$/"/p d :bsnlc s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p b cont ' >$CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 for (key in D) D_is_set[key] = 1 FS = "" } /^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { line = \$ 0 split(line, arg, " ") if (arg[1] == "#") { defundef = arg[2] mac1 = arg[3] } else { defundef = substr(arg[1], 2) mac1 = arg[2] } split(mac1, mac2, "(") #) macro = mac2[1] prefix = substr(line, 1, index(line, defundef) - 1) if (D_is_set[macro]) { # Preserve the white space surrounding the "#". print prefix "define", macro P[macro] D[macro] next } else { # Replace #undef with comments. This is necessary, for example, # in the case of _POSIX_SOURCE, which is predefined and required # on some systems where configure will not decide to define it. if (defundef == "undef") { print "/*", prefix defundef, macro, "*/" next } } } { print } _ACAWK _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 fi # test -n "$CONFIG_HEADERS" eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS " shift for ac_tag do case $ac_tag in :[FHLC]) ac_mode=$ac_tag; continue;; esac case $ac_mode$ac_tag in :[FHL]*:*);; :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; :[FH]-) ac_tag=-:-;; :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; esac ac_save_IFS=$IFS IFS=: set x $ac_tag IFS=$ac_save_IFS shift ac_file=$1 shift case $ac_mode in :L) ac_source=$1;; :[FH]) ac_file_inputs= for ac_f do case $ac_f in -) ac_f="$ac_tmp/stdin";; *) # Look for the file first in the build tree, then in the source tree # (if the path is not absolute). The absolute path cannot be DOS-style, # because $ac_f cannot contain `:'. test -f "$ac_f" || case $ac_f in [\\/$]*) false;; *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; esac || as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; esac case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac as_fn_append ac_file_inputs " '$ac_f'" done # Let's still pretend it is `configure' which instantiates (i.e., don't # use $as_me), people would be surprised to read: # /* config.h. Generated by config.status. */ configure_input='Generated from '` $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' `' by configure.' if test x"$ac_file" != x-; then configure_input="$ac_file. $configure_input" { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 $as_echo "$as_me: creating $ac_file" >&6;} fi # Neutralize special characters interpreted by sed in replacement strings. case $configure_input in #( *\&* | *\|* | *\\* ) ac_sed_conf_input=`$as_echo "$configure_input" | sed 's/[\\\\&|]/\\\\&/g'`;; #( *) ac_sed_conf_input=$configure_input;; esac case $ac_tag in *:-:* | *:-) cat >"$ac_tmp/stdin" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; esac ;; esac ac_dir=`$as_dirname -- "$ac_file" || $as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ X"$ac_file" : 'X\(//\)[^/]' \| \ X"$ac_file" : 'X\(//\)$' \| \ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || $as_echo X"$ac_file" | sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ s//\1/ q } /^X\(\/\/\)[^/].*/{ s//\1/ q } /^X\(\/\/\)$/{ s//\1/ q } /^X\(\/\).*/{ s//\1/ q } s/.*/./; q'` as_dir="$ac_dir"; as_fn_mkdir_p ac_builddir=. case "$ac_dir" in .) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` # A ".." for each directory in $ac_dir_suffix. ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` case $ac_top_builddir_sub in "") ac_top_builddir_sub=. ac_top_build_prefix= ;; *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; esac ;; esac ac_abs_top_builddir=$ac_pwd ac_abs_builddir=$ac_pwd$ac_dir_suffix # for backward compatibility: ac_top_builddir=$ac_top_build_prefix case $srcdir in .) # We are building in place. ac_srcdir=. ac_top_srcdir=$ac_top_builddir_sub ac_abs_top_srcdir=$ac_pwd ;; [\\/]* | ?:[\\/]* ) # Absolute name. ac_srcdir=$srcdir$ac_dir_suffix; ac_top_srcdir=$srcdir ac_abs_top_srcdir=$srcdir ;; *) # Relative name. ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix ac_top_srcdir=$ac_top_build_prefix$srcdir ac_abs_top_srcdir=$ac_pwd/$srcdir ;; esac ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix case $ac_mode in :F) # # CONFIG_FILE # _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # If the template does not know about datarootdir, expand it. # FIXME: This hack should be removed a few years after 2.60. ac_datarootdir_hack=; ac_datarootdir_seen= ac_sed_dataroot=' /datarootdir/ { p q } /@datadir@/p /@docdir@/p /@infodir@/p /@localedir@/p /@mandir@/p' case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in *datarootdir*) ac_datarootdir_seen=yes;; *@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 $as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_datarootdir_hack=' s&@datadir@&$datadir&g s&@docdir@&$docdir&g s&@infodir@&$infodir&g s&@localedir@&$localedir&g s&@mandir@&$mandir&g s&\\\${datarootdir}&$datarootdir&g' ;; esac _ACEOF # Neutralize VPATH when `$srcdir' = `.'. # Shell code in configure.ac might set extrasub. # FIXME: do we really want to maintain this feature? cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_sed_extra="$ac_vpsub $extrasub _ACEOF cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 :t /@[a-zA-Z_][a-zA-Z_0-9]*@/!b s|@configure_input@|$ac_sed_conf_input|;t t s&@top_builddir@&$ac_top_builddir_sub&;t t s&@top_build_prefix@&$ac_top_build_prefix&;t t s&@srcdir@&$ac_srcdir&;t t s&@abs_srcdir@&$ac_abs_srcdir&;t t s&@top_srcdir@&$ac_top_srcdir&;t t s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t s&@builddir@&$ac_builddir&;t t s&@abs_builddir@&$ac_abs_builddir&;t t s&@abs_top_builddir@&$ac_abs_top_builddir&;t t $ac_datarootdir_hack " eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ "$ac_tmp/out"`; test -z "$ac_out"; } && { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&5 $as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' which seems to be undefined. Please make sure it is defined" >&2;} rm -f "$ac_tmp/stdin" case $ac_file in -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; esac \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; :H) # # CONFIG_HEADER # if test x"$ac_file" != x-; then { $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" } >"$ac_tmp/config.h" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 $as_echo "$as_me: $ac_file is unchanged" >&6;} else rm -f "$ac_file" mv "$ac_tmp/config.h" "$ac_file" \ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 fi else $as_echo "/* $configure_input */" \ && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ || as_fn_error $? "could not create -" "$LINENO" 5 fi ;; esac case $ac_file$ac_mode in "install.sh":F) chmod +x install.sh ;; "uninstaller.sh":F) chmod +x uninstaller.sh ;; "utils/sftp-user":F) chmod +x utils/sftp-verif ;; "utils/sftp-verif":F) chmod +x utils/sftp-verif ;; esac done # for ac_tag as_fn_exit 0 _ACEOF ac_clean_files=$ac_clean_files_save test $ac_write_fail = 0 || as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 # configure is writing to config.log, and then calls config.status. # config.status does its own redirection, appending to config.log. # Unfortunately, on DOS this fails, as config.log is still kept open # by configure, so config.status won't be able to write to it; its # output is simply discarded. So we exec the FD to /dev/null, # effectively closing config.log, so it can be properly (re)opened and # appended to by config.status. When coming back to configure, we # need to make the FD available again. if test "$no_create" != yes; then ac_cs_success=: ac_config_status_args= test "$silent" = yes && ac_config_status_args="$ac_config_status_args --quiet" exec 5>/dev/null $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false exec 5>>config.log # Use ||, not &&, to avoid exiting from the if with $? = 1, which # would make configure fail if this is the last instruction. $ac_cs_success || as_fn_exit 1 fi if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi ac_aux_dir= for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do if test -f "$ac_dir/install-sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install-sh -c" break elif test -f "$ac_dir/install.sh"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/install.sh -c" break elif test -f "$ac_dir/shtool"; then ac_aux_dir=$ac_dir ac_install_sh="$ac_aux_dir/shtool install -c" break fi done if test -z "$ac_aux_dir"; then as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 fi # These three variables are undocumented and unsupported, # and are intended to be withdrawn in a future Autoconf release. # They can cause serious problems if a builder's source tree is in a directory # whose full name contains unusual characters. ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or # incompatible versions: # SysV /etc/install, /usr/sbin/install # SunOS /usr/etc/install # IRIX /sbin/install # AIX /bin/install # AmigaOS /C/install, which installs bootblocks on floppy discs # AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag # AFS /usr/afsws/bin/install, which mishandles nonexistent args # SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" # OS/2's system install, which has a completely different semantic # ./install, which can be erroneously created by make from ./install.sh. # Reject install programs that cannot install multiple files. { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 $as_echo_n "checking for a BSD-compatible install... " >&6; } if test -z "$INSTALL"; then if ${ac_cv_path_install+:} false; then : $as_echo_n "(cached) " >&6 else as_save_IFS=$IFS; IFS=$PATH_SEPARATOR for as_dir in $PATH do IFS=$as_save_IFS test -z "$as_dir" && as_dir=. # Account for people who put trailing slashes in PATH elements. case $as_dir/ in #(( ./ | .// | /[cC]/* | \ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ /usr/ucb/* ) ;; *) # OSF1 and SCO ODT 3.0 have their own names for install. # Don't use installbsd from OSF since it installs stuff as root # by default. for ac_prog in ginstall scoinst install; do for ac_exec_ext in '' $ac_executable_extensions; do if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then if test $ac_prog = install && grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # AIX install. It has an incompatible calling convention. : elif test $ac_prog = install && grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then # program-specific install script used by HP pwplus--don't use. : else rm -rf conftest.one conftest.two conftest.dir echo one > conftest.one echo two > conftest.two mkdir conftest.dir if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && test -s conftest.one && test -s conftest.two && test -s conftest.dir/conftest.one && test -s conftest.dir/conftest.two then ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" break 3 fi fi fi done done ;; esac done IFS=$as_save_IFS rm -rf conftest.one conftest.two conftest.dir fi if test "${ac_cv_path_install+set}" = set; then INSTALL=$ac_cv_path_install else # As a last resort, use the slow shell script. Don't cache a # value for INSTALL within a source directory, because that will # break other packages using the cache if that directory is # removed, or if the value is a relative name. INSTALL=$ac_install_sh fi fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 $as_echo "$INSTALL" >&6; } # Use test -z because SunOS4 sh mishandles braces in ${var-val}. # It thinks the first close brace ends the variable substitution. test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' A=`eval echo ${sysconfdir}` echo "" echo "MySecureShell has been configured with the following options:" echo " Log file: $MSS_LOG (color: $MSS_COLOR)" echo " User binaries: $BINDIR" echo " Shutdown file: $MSS_SHUT" echo "Configuration file: $MSS_CONF" echo " Compilation flags: $MSS_DEBUG" echo "" echo "Option supported:" echo "ACL : $MSS_ACL" echo "Remote Admin : $MSS_ADMIN" echo "UTF-8 Encoding : $MSS_UTF" echo "" echo "Sftp extension supported:" echo "Disk Usage : $MSSEXT_DISK" echo "Disk Usage OpenSSH: $MSSEXT_DISK_SSH" echo "File Hashing : $MSSEXT_FILE_HASHING" mysecureshell_2.0/configure.in0000644000000000000000000001623312422711313015331 0ustar rootroot# -*- Autoconf -*- # Process this file with autoconf to produce a configure script. AC_PREREQ(2.63) AC_INIT([MySecureShell],[2.0],[teka2nerdman@users.sourceforge.net]) AC_CONFIG_HEADER(config.h) # Checks for programs. AC_PROG_MAKE_SET AC_PROG_CC AC_PATH_PROG(SED, sed) AC_PATH_PROG(SUDO, sudo) AC_REQUIRE_CPP AC_GNU_SOURCE AC_PROG_GCC_TRADITIONAL AC_PROG_LN_S # Checks for typedefs, structures, and compiler characteristics. AC_C_INLINE AC_C_CONST AC_TYPE_UID_T AC_TYPE_INT32_T AC_TYPE_MODE_T AC_TYPE_OFF_T AC_TYPE_SSIZE_T AC_STRUCT_TM AC_TYPE_SIGNAL AC_SYS_LARGEFILE AC_CHECK_TYPES(u_int8_t) AC_CHECK_TYPES(u_int16_t) AC_CHECK_TYPES(u_int32_t) AC_CHECK_TYPES(u_int64_t) # Checks for header files. AC_HEADER_DIRENT AC_HEADER_STDC AC_CHECK_HEADERS([arpa/inet.h fcntl.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/param.h sys/socket.h]) AC_CHECK_HEADERS([unistd.h sys/statfs.h sys/param.h sys/statvfs.h sys/socket netinet/in.h]) AC_CHECK_HEADERS([sys/acl.h sys/ioctl.h sys/time.h syslog.h]) AC_CHECK_HEADERS(sys/mount.h, [], [], [ AC_INCLUDES_DEFAULT [#if HAVE_SYS_PARAM_H #include #endif]]) # Checks for target-specific case "$host" in *-*-cygwin*) AC_CHECK_HEADERS([cygwin/socket.h]) AC_CHECK_HEADERS(cygwin/acl.h, [AC_DEFINE(HAVE_CYGWIN, 1, HaveCygwin)]) AC_SUBST(LINKER_OPT, "-Xlinker --as-needed") ;; *-*-linux*) test -e "/usr/include/linux/ext2_fs.h" && AC_DEFINE(HAVE_LINUX_EXT2_FS_H, 1, Etcdir) AC_SUBST(LINKER_OPT, "-Xlinker --as-needed") ;; *) AC_SUBST(LINKER_OPT, "") ;; esac #Help AC_ARG_WITH(conffile, [ --with-conffile=xxx Change config file (default: /etc/ssh/sftp_config)], [ if test "x$withval" != "$no" ; then MSS_CONF=$withval fi ]) AC_ARG_WITH(logfile, [ --with-logfile=xxx Change log file (default: /var/log/sftp-server.log)], [ if test "x$withval" != "$no" ; then MSS_LOG=$withval fi ]) MSS_COLOR=no AC_ARG_WITH(logcolor, [ --with-logcolor=xxx Active color in log file (default: no)], [ MSS_COLOR=$withval ]) AC_ARG_WITH(shutfile, [ --with-shutfile=xxx Change shut file (default: /etc/sftp.shut)], [ if test "x$withval" != "$no" ; then MSS_SHUT=$withval fi ]) MSS_ADMIN=yes AC_ARG_WITH(admin, [ --with-admin=xxx Disable remote admin (default: yes)], [ if test "x$withval" != "$yes" ; then MSS_ADMIN=$withval fi ]) AC_ARG_WITH(libiconv, [ --with-libiconv=PATH Use libiconv in PATH], [ if test "x$withval" != "$no" ; then if test -d "$withval/lib"; then LDFLAGS="-L${withval}/lib ${LDFLAGS}" else LDFLAGS="-L${withval} ${LDFLAGS}" fi if test -d "$withval/include"; then CPPFLAGS="-I${withval}/include ${CPPFLAGS}" else CPPFLAGS="-I${withval} ${CPPFLAGS}" fi fi ]) MSS_DEBUG=no AC_ARG_WITH(debug, [ --with-debug=1,2 Change debug level (default: no)], [ MSS_DEBUG=$withval ]) # Checks for library functions. AC_FUNC_CLOSEDIR_VOID AC_FUNC_FORK AC_FUNC_STAT AC_FUNC_LSTAT AC_FUNC_CHOWN AC_FUNC_GETGROUPS AC_FUNC_MALLOC AC_FUNC_REALLOC AC_FUNC_STRFTIME AC_FUNC_MKTIME AC_FUNC_SELECT_ARGTYPES AC_HEADER_STAT AC_HEADER_SYS_WAIT AC_HEADER_TIME AC_CHECK_FUNCS([endgrent strcasecmp strchr strdup strerror strrchr strstr statfs statvfs getgroups strlcpy strlcat]) AC_CHECK_FUNCS([acl acl_get_perm_np atexit dup2 endpwent gettimeofday memset mkdir realpath regcomp rmdir select setenv memmove]) AC_CHECK_FUNCS([openlog syslog closelog vsyslog]) AC_CHECK_FUNCS([connect gethostbyaddr gethostbyname inet_ntoa], , AC_CHECK_LIB(nsl, gethostbyaddr)) AC_CHECK_FUNCS([iconv_open iconv_close iconv], , AC_CHECK_LIB(iconv, libiconv_open)) AC_CHECK_LIB(acl, acl_get_entry) AC_CHECK_LIB(gnutls, gnutls_hash_init) #Own defines test "$prefix" = "NONE" && prefix= test "$exec_prefix" = "NONE" && exec_prefix=/usr test -z "$bindir" && bindir="/usr/bin" test -z "$MSS_LOG" && MSS_LOG="/var/log/sftp-server.log" test -z "$MSS_CONF" && MSS_CONF="/etc/ssh/sftp_config" test -z "$MSS_SHUT" && MSS_SHUT="/etc/sftp.shut" MSS_UTF=$ac_cv_func_iconv test "$MSS_UTF" = "no" && MSS_UTF=$ac_cv_lib_iconv_libiconv_open MSS_ACL=$ac_cv_lib_acl_acl_get_entry test "$ac_cv_header_cygwin_acl_h" = "yes" && MSS_ACL="yes" test "$ac_cv_header_sys_acl_h" = "yes" && MSS_ACL="yes" MSSEXT_DISK=$ac_cv_header_sys_statvfs_h MSSEXT_DISK_SSH=$ac_cv_header_sys_statvfs_h test "$MSSEXT_DISK" = "no" && MSSEXT_DISK=$ac_cv_header_sys_statfs_h test "$MSSEXT_DISK" = "no" && MSSEXT_DISK=$ac_cv_func_statfs MSSEXT_FILE_HASHING=$ac_cv_lib_gnutls_gnutls_hash_init test "$MSS_DEBUG" = "1" && MSS_DEBUG="-DDODEBUG -g3" test "$MSS_DEBUG" = "2" && MSS_DEBUG="-g3" test "$MSS_DEBUG" = "no" && MSS_DEBUG="" A=`eval echo ${sysconfdir}` BINDIR=`eval echo ${bindir}` ; BINDIR=`eval echo ${BINDIR}` SBINDIR=`eval echo ${sbindir}` ; SBINDIR=`eval echo ${SBINDIR}` MANDIR=`eval echo ${mandir}` ; MANDIR=`eval echo ${MANDIR}` AC_SUBST(ETCDIR, "${A}") AC_SUBST(SBINDIR, "${SBINDIR}") AC_SUBST(BINDIR, "${BINDIR}") AC_SUBST(MANDIR, "${MANDIR}") AC_SUBST(MSS_CONF, "${MSS_CONF}") AC_SUBST(MSS_LOG, "${MSS_LOG}") AC_SUBST(MSS_DEBUG, "${MSS_DEBUG}") AC_DEFINE_UNQUOTED(MSS_LOG, "${MSS_LOG}", Logdir) AC_DEFINE_UNQUOTED(SHUTDOWN_FILE, "${MSS_SHUT}", Etcdir) AC_DEFINE_UNQUOTED(CONFIG_FILE, "${MSS_CONF}", Etcdir) AC_DEFINE(CONFIG_FILE2, "/etc/sshd/sftp_config", Etcdir) AC_DEFINE_UNQUOTED(MSS_SFTPWHO, "${BINDIR}/sftp-who", Sftpwhodir) AC_DEFINE_UNQUOTED(MSS_SFTPUSER, "${BINDIR}/sftp-user", Sftpuserdir) test "$MSS_COLOR" = "yes" && AC_DEFINE_UNQUOTED(HAVE_LOG_IN_COLOR, ${MSS_COLOR}, Colorlog) test "$MSS_ACL" = "yes" && AC_DEFINE(MSS_ACL, 1, ACL) test "$MSS_ADMIN" = "yes" && AC_DEFINE(MSS_HAVE_ADMIN, 1, Admin) test "$MSSEXT_DISK" = "yes" && AC_DEFINE(MSSEXT_DISKUSAGE, 1, DiskUsage) test "$MSSEXT_DISK_SSH" = "yes" && AC_DEFINE(MSSEXT_DISKUSAGE_SSH, 1, DiskUsageSSH) test "$MSSEXT_FILE_HASHING" = "yes" && AC_DEFINE(MSSEXT_FILE_HASHING, 1, FileHashing) if test "$ac_cv_type_u_int8_t" = "no" ; then AC_DEFINE_UNQUOTED(u_int8_t, uint8_t, uint8) fi if test "$ac_cv_type_u_int16_t" = "no" ; then AC_DEFINE_UNQUOTED(u_int16_t, uint16_t, uint16) fi if test "$ac_cv_type_u_int32_t" = "no" ; then AC_DEFINE_UNQUOTED(u_int32_t, uint32_t, uint32) fi if test "$ac_cv_type_u_int64_t" = "no" ; then AC_DEFINE_UNQUOTED(u_int64_t, uint64_t, uint64) fi AC_CONFIG_FILES([Makefile]) AC_CONFIG_FILES([install.sh], [chmod +x install.sh]) AC_CONFIG_FILES([uninstaller.sh], [chmod +x uninstaller.sh]) AC_CONFIG_FILES([utils/sftp-user], [chmod +x utils/sftp-verif]) AC_CONFIG_FILES([utils/sftp-verif], [chmod +x utils/sftp-verif]) AC_OUTPUT AC_PROG_INSTALL A=`eval echo ${sysconfdir}` echo "" echo "MySecureShell has been configured with the following options:" echo " Log file: $MSS_LOG (color: $MSS_COLOR)" echo " User binaries: $BINDIR" echo " Shutdown file: $MSS_SHUT" echo "Configuration file: $MSS_CONF" echo " Compilation flags: $MSS_DEBUG" echo "" echo "Option supported:" echo "ACL : $MSS_ACL" echo "Remote Admin : $MSS_ADMIN" echo "UTF-8 Encoding : $MSS_UTF" echo "" echo "Sftp extension supported:" echo "Disk Usage : $MSSEXT_DISK" echo "Disk Usage OpenSSH: $MSSEXT_DISK_SSH" echo "File Hashing : $MSSEXT_FILE_HASHING" mysecureshell_2.0/locales_fr0000644000000000000000000000535112422711313015053 0ustar rootrootDESCRIPTION= fr=Package francais ok=[ REUSSI ] failed=[ ECHOUE ] sorry=Desole Warning root ask=ATTENTION: Vous devez etre en root pour effectuer l'installation ! Welcome=Bienvenue dans le script d'installation de MySecureShell ! Needed installation files=Detection des fichiers necessaires a l'installation: Existing file=Existance du fichier installation=Installation de MySecureShell agree=Si vous n'etes pas d'accord avec ce qui suit, ne continuez pas l'installation. text1=Ce script va effectuer plusieurs operations: text2=- Installer MySecureShell dans /bin text3=- Creer un fichier de configuration dans /etc/ssh/sftp_config text4=- Introduire MySecureShell en tant que shell valide text5=- Installer les utilitaires dans /usr/bin text6=- Voulez vous continuer l'installation ? (Y/n) statestopquest=ATTENTION: Il est conseille de deconnecter tous les utilisateurs avant de poursuivre l'installation ! warnconf=ATTENTION: Il existe deja un fichier de configuration sftp_config ! mksshfolder=Aucuns dossiers par defaut de ssh n'ont ete trouves. Voulez vous creer /etc/ssh ? (Y/n) lgsshfolder=Creation du dossier /etc/ssh stopinstssh=Desole mais l'installation ne peut continuer sans dossier ssh existant. warnerase=Voulez vous ecraser le fichier de configuration deja existant ? (y/N) conffilerep1=Fichier de configuration existant et remplace conffilerep2=Fichier de configuration existant et non remplace upconffile=Fichier MySecureShell mis a jour mkconffile=Fichier MySecureShell creer validshellask=Voulez vous que MySecureShell soit reconnu comme shell valide par votre systeme ? (Y/n) mkshells=Aucun fichier /etc/shells. Voulez vous creer /etc/shells ? (y/N) shellalreadyvd=Le shell MySecureShell est deja un shell valide shellvalid=Ajout du shell MySecureShell comme valide shellcreate=Creation et ajout du shell MySecureShell comme valide novalidshell=Aucunes modifications dans votre liste des shells tool=Installation de l'utilitaire unfound=ERREUR: Le fichier est introuvable noutilities=Aucunes installation des utilitaires de MySecureShell finishedinst=Installation Terminee ! osxreminder=Rappel: Si vous etes sur Mac OS X, n'oubliez pas de copier le dossier MSS dans Applications ! TestSystem?=Voulez-vous tester MySecureShell, pour detecter d'eventuel probleme ? (Y/n) LaunchMSS=Test de MySecureShell... Testsuccess=Fin du test logrot?=Voulez vous mettre automatiquement les logs de MySecureShell en rotation ? (Y/n) logrot=Mise en place de la rotation des logs MySecureShell uninst?=Etes vous sur de vouloir desinstaller MySecureShell ? (y/N) delconf?=Voulez vous supprimer votre fichier de configuration aussi ? (y/N) mssuninstok!=MySecureShell a ete desinstaller avec succes ! mssuninstfail=La desinstallation de MySecureShell a echouee ! mans=Installation des Manuels mysecureshell_2.0/SftpState/0000755000000000000000000000000012422711313014730 5ustar rootrootmysecureshell_2.0/SftpState/Main.c0000644000000000000000000000650712422711313015770 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include #include #include "SftpWho.h" #include "../Core/security.h" int main(int ac, char **av) { int i, fd, assume_yes_to_all, do_clean; assume_yes_to_all = 0; do_clean = 0; if (ac > 1) for (i = 1; i < ac; i++) if (strcmp(av[i], "fullstop") == 0) { assume_yes_to_all = 1; do_clean = 1; goto doShutdown; } else if (strcmp(av[i], "shutdown") == 0 || strcmp(av[i], "stop") == 0) { doShutdown: if ((fd = open(SHUTDOWN_FILE, O_CREAT | O_TRUNC | O_RDWR, 0644)) >= 0) { char buf[4]; (void )printf("Shutdown server for new connection (active connection are keeped)\n"); (void )printf("Do you want to kill all users ? [YES/no] "); (void )fflush(stdout); if (assume_yes_to_all == 0) i = read(0, buf, sizeof(buf)); else (void )printf("yes\n"); buf[i >= 1 ? i - 1 : 0] = '\0'; if (assume_yes_to_all == 1 || strcasecmp(buf, "yes") == 0 || strcasecmp(buf, "y") == 0) { if (system("sftp-kill all > /dev/null") == -1) (void )printf("Error while deconnection users: %s\n", strerror(errno)); if (do_clean == 1) { if (SftpWhoDeleteStructs() == 0) (void )printf("Can't clean server: %s\n", strerror(errno)); } } else (void )printf("Clients aren't disconnected\n"); xclose(fd); } else (void )printf("Can't shutdown server: %s\n", strerror(errno)); } else if (strcmp(av[i], "active") == 0 || strcmp(av[i], "start") == 0) { if (unlink(SHUTDOWN_FILE) == 0 || errno == ENOENT) (void )printf("Server is now online.\n"); else (void )printf("Can't wake up server: %s\n", strerror(errno)); } else if (strcmp(av[i], "-yes") == 0) assume_yes_to_all = 1; else { (void )printf("Usage:\n------\n\n"); (void )printf("%s {options} {states}\n\n", av[0]); (void )printf("\nOptions:\n"); (void )printf("\t-yes : assume yes to all questions\n"); (void )printf("\nStates:\n"); (void )printf("\t- active : wake up server\n"); (void )printf("\t- start : same as 'active'\n"); (void )printf("\t- shutdown : shutdown the server (but don't kill current connections)\n"); (void )printf("\t- stop : same as 'shutdown'\n"); (void )printf("\t- fullstop : shutdown the server (kill all connections and clean memory)\n"); } else { if ((fd = open(SHUTDOWN_FILE, O_RDONLY)) >= 0) xclose(fd); (void )printf("Server is %s\n", fd == -1 ? "up" : "down"); } return (0); } mysecureshell_2.0/SftpAdmin/0000755000000000000000000000000012422711313014700 5ustar rootrootmysecureshell_2.0/SftpAdmin/Main.c0000644000000000000000000002174312422711313015737 0ustar rootroot/* Mysecureshell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include #include #include #include "../SftpServer/Sftp.h" #include "../SftpServer/Buffer.h" #include "../Core/security.h" static int _sftpIn = 0; static int _sftpOut = 0; int DoProtocol(tBuffer *bIn); static pid_t execSftpServer(int ac, char **av) { pid_t pid; char **args; int fdIn[2], fdOut[2]; if (pipe(fdIn) == -1 || pipe(fdOut) == -1) { perror(av[0]); exit (1); } if ((pid = fork()) == 0) { xdup2(fdIn[0], 0); xdup2(fdOut[1], 1); xdup2(fdOut[1], 2); xclose(fdIn[0]); xclose(fdIn[1]); xclose(fdOut[0]); xclose(fdOut[1]); args = calloc(ac + 6, sizeof(*args)); args[0] = "ssh"; args[1] = "-oForwardX11 no"; args[2] = "-oForwardAgent no"; args[3] = "-oClearAllForwardings yes"; args[4] = "-s"; (void )memcpy(args + 5, av + 1, (ac - 1) * sizeof(char *)); args[ac + 4] = "sftp"; (void )signal(SIGINT, SIG_IGN); if (execvp(args[0], args) == -1) perror(args[0]); exit (1); } else if (pid != -1) { xclose(fdIn[0]); xclose(fdOut[1]); _sftpIn = fdIn[1]; _sftpOut = fdOut[0]; } else { perror(av[0]); exit (1); } return (pid); } static int WritePacket(tBuffer *bOut) { ssize_t ret; size_t len; len = (size_t )(bOut->length - bOut->read); ret = write(_sftpIn, bOut->data + bOut->read, len); if (ret == -1) return (1); bOut->read += ret; BufferClean(bOut); return (0); } static int ReadPacket(tBuffer *bIn) { ssize_t len; char buffer[16384]; len = read(_sftpOut, buffer, sizeof(buffer)); if (len == -1) return (1); BufferPutRawData(bIn, buffer, (u_int32_t )len); if (DoProtocol(bIn) == 1) return (1); return (0); } static void SendInit(tBuffer *bOut) { tBuffer *b; b = BufferNew(); BufferPutInt8(b, SSH2_FXP_INIT); BufferPutInt32(b, SSH2_ADMIN_VERSION); BufferPutPacket(bOut, b); BufferDelete(b); (void )WritePacket(bOut); } static void SendListUsers(tBuffer *bOut) { tBuffer *b; b = BufferNew(); BufferPutInt8(b, SSH_ADMIN_LIST_USERS); BufferPutPacket(bOut, b); BufferDelete(b); } static void SendKillUser(tBuffer *bOut, const char *arg) { tBuffer *b; b = BufferNew(); BufferPutInt8(b, SSH_ADMIN_KILL_USER); BufferPutInt32(b, (u_int32_t )atoi(arg)); BufferPutPacket(bOut, b); BufferDelete(b); } static void SendServerStatus(tBuffer *bOut, const char *arg) { tBuffer *b; b = BufferNew(); BufferPutInt8(b, SSH_ADMIN_SERVER_STATUS); BufferPutInt8(b, (u_int8_t )(strcmp(arg, "start") == 0 ? 1 : 0)); BufferPutPacket(bOut, b); BufferDelete(b); } static void SendServerGetStatus(tBuffer *bOut) { tBuffer *b; b = BufferNew(); BufferPutInt8(b, SSH_ADMIN_SERVER_GET_STATUS); BufferPutPacket(bOut, b); BufferDelete(b); } static void SendGetLog(tBuffer *bOut, u_int32_t size) { tBuffer *b; b = BufferNew(); BufferPutInt8(b, SSH_ADMIN_GET_LOG_CONTENT); BufferPutInt32(b, size); BufferPutPacket(bOut, b); BufferDelete(b); } static void DoVersion(tBuffer *bIn) { (void )BufferGetInt32(bIn); while (bIn->read < bIn->length) { free(BufferGetString(bIn)); free(BufferGetString(bIn)); } } static void DoListUsersReply(tBuffer *bIn) { char *lists = BufferGetString(bIn); (void )printf("%s\n", lists); free(lists); } static void DoGetServerStatusReply(tBuffer *bIn) { u_int8_t state; state = BufferGetInt8(bIn); (void )printf("Server is %s.\n", state == 0 ? "offline" : "online"); } static void DoGetLogContentReply(tBuffer *bIn) { u_int32_t size; void *str; (void )BufferGetInt32(bIn); str = BufferGetData(bIn, &size); if (size > 0) { (void )fflush(stdout); if (write(1, str, size) == -1) printf("Error while writing to console: %s", strerror(errno)); (void )printf("\n"); #ifdef HAVE_LOG_IN_COLOR (void )printf("\33[37:40:0m"); #endif } } static void DoStatus(tBuffer *bIn) { char *msg; u_int32_t status; (void )BufferGetInt32(bIn); status = BufferGetInt32(bIn); msg = BufferGetString(bIn); free(BufferGetString(bIn)); if (status == SSH2_FX_OK) (void )printf("Done.\n"); else (void )printf("Error : %s\n", msg); free(msg); } int DoProtocol(tBuffer *bIn) { u_int32_t oldRead, msgLen, msgType; parsePacket: if (bIn->length < 5) //header too small return (0); oldRead = bIn->read; msgLen = BufferGetInt32(bIn); if (msgLen > (256 * 1024)) //message too long return (1); if ((bIn->length - bIn->read) < msgLen) //message not complete { bIn->read = oldRead;//cancel read return (0); } oldRead += 4; //ignore size of msgLen msgType = BufferGetInt8(bIn); switch (msgType) { case SSH2_FXP_STATUS: DoStatus(bIn); break; case SSH2_FXP_VERSION: DoVersion(bIn); break; case SSH_ADMIN_LIST_USERS_REPLY: DoListUsersReply(bIn); break; case SSH_ADMIN_SERVER_GET_STATUS_REPLY: DoGetServerStatusReply(bIn); break; case SSH2_FXP_DATA: DoGetLogContentReply(bIn); break; default: (void )printf("[ERROR]Unkown message type : %u\n", msgType); break; } if ((bIn->read - oldRead) < msgLen)//read entire message BufferReadData(bIn, msgLen - (bIn->read - oldRead)); BufferClean(bIn); goto parsePacket; } static int DoCommandLine(char *cmd, tBuffer *bIn, tBuffer *bOut) { if (strcmp(cmd, "quit") == 0) return (1); else if (strncmp(cmd, "kill", 4) == 0) { char *arg = strchr(cmd, ' '); if (arg) { while (*arg == ' ') arg++; SendKillUser(bOut, arg); if (WritePacket(bOut) == 1 || ReadPacket(bIn) == 1) return (1); } } else if (strcmp(cmd, "list") == 0) { SendListUsers(bOut); if (WritePacket(bOut) == 1 || ReadPacket(bIn) == 1) return (1); } else if (strncmp(cmd, "log", 3) == 0) { char *arg = strchr(cmd, ' '); if (arg != NULL) { int size; while (*arg == ' ') arg++; size = atoi(arg); SendGetLog(bOut, (u_int32_t )size); if (WritePacket(bOut) == 1 || ReadPacket(bIn) == 1) return (1); } } else if (strncmp(cmd, "server", 6) == 0) { char *arg = strchr(cmd, ' '); if (arg != NULL) { SendServerStatus(bOut, arg); if (WritePacket(bOut) == 1 || ReadPacket(bIn) == 1) return (1); } else { SendServerGetStatus(bOut); if (WritePacket(bOut) == 1 || ReadPacket(bIn) == 1) return (1); } } else { (void )printf("Usage:\n"); (void )printf("\t kill [0 or PID] : kill user with PID or 0 to kill all users\n"); (void )printf("\t list : list online users\n"); (void )printf("\t log [x bytes] : show last x bytes of log\n"); (void )printf("\t quit : quit program\n"); (void )printf("\t server [start or stop] : start or stop server\n"); (void )printf("\n"); } (void )printf("> "); (void )fflush(stdout); return (0); } int main(int ac, char **av) { tBuffer *bIn, *bOut; pid_t pid; int status, max; if (ac == 1) { (void )printf("Usage:\n"); (void )printf("%s [ssh options] user@hostname\n", av[0]); exit (0); } bIn = BufferNew(); bOut = BufferNew(); pid = execSftpServer(ac, av); max = _sftpOut > _sftpIn ? _sftpOut + 1 : _sftpIn + 1; SendInit(bOut); (void )ReadPacket(bIn); (void )printf("> "); (void )fflush(stdout); for (;;) { fd_set fdr, fdw; FD_ZERO(&fdr); FD_ZERO(&fdw); FD_SET(0, &fdr); FD_SET(_sftpOut, &fdr); if (bOut->length > 0) FD_SET(_sftpIn, &fdw); if (select(max, &fdr, &fdw, NULL, NULL) == -1) break; if (FD_ISSET(0, &fdr)) { char buffer[1024]; int len; len = read(0, buffer, sizeof(buffer)); if (len == -1) break; buffer[len > 0 ? len - 1 : len] = 0; if (DoCommandLine(buffer, bIn, bOut)) break; } if (FD_ISSET(_sftpOut, &fdr)) { if (ReadPacket(bIn)) break; } if (FD_ISSET(_sftpIn, &fdw)) { if (WritePacket(bOut)) break; } } (void )kill(pid, SIGHUP); xclose(_sftpIn); xclose(_sftpOut); (void )waitpid(pid, &status, 0); return (0); } mysecureshell_2.0/README-en0000644000000000000000000003035612422711313014302 0ustar rootrootInstallation: ------------- Execute the shell script of installation as: sh install.sh en For Mac version, install package and follow the instructions. Compilation: ------------ Require : gnu-make (by default under linux) 1/ Type: make all 2/ And type : ./install.sh en Require: -------- OpenSSH 3.8.1 (or superior) Optional: ---------- OpenSSL 0.9.7 (or superior) for extension : check data Configuration file: ------------------- Take a look at sftp_config sample. Arguments of MySecureShell: --------------------------- --configtest = test the actual configuration file and print information for the user Utilities: ---------- In the directory utils, we can found: - sftp-who : usefull to print informations of connected client - sftp-kill : we can deconnect client or all clients - sftp-state : turn on/off sftp server - sftp-verif : run tests on MySecureShell if you have some problems -- INFO IMPORTANTES: ----------------- 1/ The rights: Configuration for an account works like that: (Goes to the upper propriety class): - groups / accounts restrictions - one of it's restricting groups - user restriction If a user has more than 1 group, the last class will be apply. 2/ The chroot: The chroot make the user close in his home. The user see his home like "/". IMPOSSIBLE TO ADD: ------------------ - Deny users who "brute force" an account (already implemented in PAM and OpenSSH) CONTACTS AND INFORMATIONS: ------------------------- Web Site: http://mysecureshell.sourceforge.net E-Mail: teka2nerdman@users.sourceforge.net Forum: http://mysecureshell.free.fr CHANGE LOG: ----------- 2.0 (september 2014): + add new tag DisableStatsFs + replace OpenSSL by GnuTLS + improve connection log (add source port) ~ fix bug when calling Shell (missing arguments) ~ improve code quality 1.33 (april 2014): + add new tag LogSyslog + add transfert file size + improve sftp-verif (check file /etc/shells) ~ fix bug with symlink (thanks briancanfixit) ~ fix bug with tag VirtualHost (thanks Torig) 1.32 (november 2013): ~ fix bug when configuration has line "Shell /bin/MySecureShell" ~ fix bugs (thanks remi and voleg) ~ fix compilation under Cygwin (thanks sping) 1.31 (march 2013): ~ ACLs support and UTF-8 encoding on FreeBSD ~ fix tag DefaultRights (thanks 8087) ~ fix memory corruption (thanks 8087) ~ fix "root" detection on scripts install.sh and uninstaller.sh (thanks muzso) 1.30 (october 2012): + add new tag FileSpec et ApplyFileSpec + remove tag GMTTime because MySecureShell use local time + removes tags CanRemoveFile and CanRemoveDir => use DisableRemoveFile and DisableRemoveDir + removes tags HideFiles, PathAllowFilter and PathDenyFilter (replaced by FileSpec) + support new syntaxe for variables ${ENV} + improve sftp-verif (check user and group for files) + code rewrite (file system) + tag HideNoAccess check ACL rights + improve script "configure" ~ fix bug on ACLs ~ fix some crash ~ fix memory leaks ~ fix bug with tags DisableReadFile and DisableWriteFile ~ fix bug when changing rights (STICKY BIT was ignored) 1.25 (january 2011): + support extension statvfs@openssh.com and fstatvfs@openssh.com = rewrite script "sftp-verif" in perl ~ fix bug on tags: DefaultRights, MinimumRights, MaximumRights and ForceRights (thanks aretni and sebastien) ~ fix bug on tags: SftpProtocol and VirtualChroot ~ fix bug when handling files with protocol SFTP v4 ~ fix bug when using tags ForceUser and FakeDirUser at same time (thanks krushio) ~ fix crash on incorrect configuratioN (thanks Zigobs) ~ fix bug when parsing configuration on 64bit (thanks renaud) ~ fix small memory leak 1.20 (january 2010): + add tags (thanks JoKnarf) : * ForceUser, ForceGroup, DisableRemoveDir, * DisableRemoveFile, DisableReadDir, DisableReadFile, * DisableWriteFile, DisableSetAttribute, * DisableMakeDir, DisableRename, DisableSymLink, * DisableOverwrite, CreateHome, * MaximumRights, ForceRights + add tag (thank for suggestion nik): PathAllowFilter + add environment variable SSH_IP: ip of client + improve sftp-verif with configuration problem = reduce code ~ fix compilation on Solaris ~ fix bug on sftp-user and sftp-verif ~ fix bug with rights SGID when creating directory (thanks 8087) ~ fix bug with SSHFS and editor gEdit or OpenOffice (thanks 8087) ~ fix compilation under Solaris 10 1.15 (february 2009): = fix compilation problem under 64bit (thanks 8087) = fix bug on tag VirtualHost under Solaris (thanks JoKnarf) = fix bug on tag IpRange = fix bug in sftp-who informations (thanks marckburgers) 1.1 (october 2008): + support multi-level of tags (level 1) + add tags : CanChangeRights and CanChangeTime + more log on transfert : begin / end / interrupt + sftp-user: add support of MacOSX Leopard (10.5) ~ improve installation script and uninstaller script (default choice) ~ improve compilation (Makefile more standard) ~ sftp-user : improve under MacOSX ~ sftp-verif : check config file ~ add log when connection is refused (limit ip/user/server) = fix bug on time in log = fix bug on tag IdleTimeOut (only if you use units) = fix bug if we activate MSS in sshd_config and by shell = fix bug on statistics = fix bug on restrictions = fix bug in script sftp-verif under MacOSX 10.5 = fix bug in sftp-user = fix compilation under Solaris (thanks JoKnarf) = fix bug on default with tag DefaultRights = fix bug on tag Include = fix bug on script configure with option --with-logcolor = fix bug on ascii transfert (SFTP v5 only) (thanks xajez) = fix bug on parsing config file (thanks abompard) = fix bug on caching users/groups (thanks 8087) 1.0 (december 2007): + add tags : ExpireDate and IsSimpleAdmin + add statistics for remote admin + add tag : MinimumRights (thanks Florent) ~ improve sftp-verif (check dependencies problem) ~ improve remote administration (better security) ~ improve support of unix ~ optimizations for system with many users/groups ~ optimizations for fast network = fix bug if you have more than 128 simultaneous clients = fix memory leak with remote admin = fix bug with signal = clean source (program: splint) = fix bug on admin management = fix bug on sftp extension : check data = fix bug on sftp-who (progession with a 'h') = sftp-user : fix bug on user creation 0.95 (february 2007): + support ACLs + support sftp extension : check data + add tag LogFile + full support of remote administration + sftp-who: add global bandwidth used by MySecureShell ~ reduct necessary ressources by MySecureShell ~ improve transfer files and broswing directories ~ improve load of configuration file = fix bug with symlink = fix bug on tags PathDenyFilter, HideFiles, StayAtHome and ShowLinksAsLinks (with HideNoAccess) = fix bug with option --configtest = fix bug on tags LimitConnection, LimitConnectionByUser and LimitConnectionByIP = fix memory leaks while loading configuration file 0.9 (august 2006) : + add tag : CanRemoveDir, CanRemoveFile + UTF-8 is enable for protocol SFTP v3 (improve support for FileZilla) + add current directory for user in the sftp-who + add argument --version (to get current version of MySecureShell and to known if UTF-8 is enable at compilation) + add new color for log file + add man pages (french and english) ~ fusion of binaries sftp-server_MSS and MySecureShell (fix bug with update of OpenSSH) ~ improve support of security for Unix ~ improve remote administration ~ improve sftp-kill ~ add the possibility to not compile remote administration ~ improve support of UTF-8 (works for all Linux / Unix) = fix bug when read / write in text file = fix bug when too many files / directories are open = fix bugs on mode administrator = fix bug when VirtualChroot is enable for an remote administrator = fix bug on tag DefaultRights = fix installation script for FreeBSD 6 and Solaris 9 (thanks Kyle) = fix bug on creation for files = fix bug on ghost clients 0.8 (march 2006) : + add tags : GMTTime, Charset + support of utf-8 for files / directories + support of logrotate + support of protocol SFTP v5 + sftp-admin : add possibility to shutdown MySecureShell and clean persistent objects + sftp extensions : support of free disk space + add util sftp-verif for testing MySecureShell ~ optimization on MySecureShell ~ improve sftp-who : speed is showing with more precision ~ increase support of compatibility with sftp clients (WebDrive works now) ~ improve install (support of logrotate) ~ improve install for mac = sftp-who: fix bug on max speed = fix bug on memory = fix bug on rights when creating files / directories = fix bug for MySecureShell administrator 0.7 (november 2005) : + add tags : DisableAccount, IsAdmin + new program : - sftp-admin : remove administration ~ improve memory ~ improve log file : - show more details to follow one connection - more information on error = fix bugs with old version of MySecureShell = fix bug on shell = fix bug if user was in too many groups = fix bug in protocol = fix bug in memory 0.61 (august 2005) : + add tag ConnectionMaxLife = fix upload bug with gFtp 0.6 (july 2005) : + total rewrite of sftp-server_MSS + new support protocol SFTP v4 + add tag VirtualHost (beware of restrictions) + add uninstaller script for MySecureShell + add keyword SftpProtocol = fix problems on 64bit = fix compilation under gcc 4.0 = fix bugs on path resolv 0.5 (may 2005) : + support Cygwin (Windows 2000/XP) [new special package will come] + add keywords ByPassGlobalDownload, ByPassGlobalUpload and ShowLinksAsLinks + sftp-state : - add -yes option to accept all questions + remove all of dependencies (lic6 is the last dependency) ~ improvement of tag IpRange = fix bug on bandwidth restrictions = fix bugs on restrictions IgnoreHidden and VirtualChroot = sftp-who : - fix infinite loop - fix memory leak - delete java install because shell script is more powerfull 0.4 (january 2005) : + add tag: - IpRange (you can define some restrictions for a range of ip) - Default (to define default restrictions) + add keywords GlobalDownload and GlobalUpload + now links aren't broken if you used StayAtHome + MySecureShell : - add verbose mode to see which rules are used + sftp-kill : - add question to deconnect all client when you stop the server ~ sftp-who : - see maximum of connections for the server - more info in verbose mode - draw speed download in real time - see download percent = fix bug on limitbandwith = fix bugs 0.3 (december 2004) : + add keywords HideNoAcess, MaxOpenFilesForUser, MaxWriteFilesForUser, MaxReadFilesForUser, Include, Umask, PathDenyFilter + sftp-who : - add argument -v to print more information about restriction on a user + renome keyword Umask to DefaultRights to be more explicit + add sftp-state (to shutdown the server sftp) ~ improve install on MacOSX (now only graphical) ~ improve install script (can support multi-language) ~ improve option --configtest (on MySecureShell) = fix bugs restrictions on HideFiles and IgnoreHidden = fix bug on sftp-kill 0.2 (october 2004) : + first version of this file :) + support of OpenBSD, FreeBSD and NetBSD + add restrictions LimitConnectionByUser (old LimitConnection), LimitConnection (limite of total connection on the server), Shell + file sftp-server has moved to sftp-server_MSS to keep original sftp of OpenSSH + restriction Home support environment variable = fix bug of "ghost" client = fix bug on restrictions LimitConnection and LimitConnectionByIP mysecureshell_2.0/SftpServer/0000755000000000000000000000000012422711313015116 5ustar rootrootmysecureshell_2.0/SftpServer/SftpServer.h0000644000000000000000000000257512422711313017403 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _SFTPSERVER_H_ #define _SFTPSERVER_H_ #define FILE_IS_UPLOAD(_FLAGS) ((_FLAGS & O_WRONLY) || (_FLAGS & O_RDWR)) #define SET_TIMEOUT(_TM, _TSEC, _TUSEC) _TM .tv_sec = _TSEC; _TM .tv_usec = _TUSEC #define RULES_NONE 0 #define RULES_FILE 1 #define RULES_DIRECTORY 2 #define RULES_LISTING 3 #define RULES_RMFILE 4 #define RULES_RMDIRECTORY 5 void DoInitUser(); int CheckRulesAboutMaxFiles(); void ParseConf(tGlobal *params, int sftpProtocol); void UpdateInfoForOpenFiles(); void CloseInfoForOpenFiles(); extern tGlobal *gl_var; #endif //_SFTPSERVER_H_ mysecureshell_2.0/SftpServer/FileSystemAcl.c0000644000000000000000000001233212422711313017767 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include "FileSystem.h" #include "Log.h" #include "Sftp.h" #if(MSS_ACL) #ifdef HAVE_LIBACL #include #endif #include #ifndef HAVE_CYGWIN int FSEnumAcl(const char *file, int resolvePath, void (*callback)(void *data, int type, u_int32_t id, u_int32_t mode), void *data, u_int32_t *nbEntries) { tFSPath *path = NULL; acl_t acl; if (resolvePath == 1) { path = FSResolvePath(file, NULL, 0); DEBUG((MYLOG_DEBUG, "[FSEnumAcl]file:'%s' realPath:'%s' exposedPath:'%s' path:'%s'", file, path->realPath, path->exposedPath, path->path)); if (FSCheckSecurity(path->realPath, path->path) != SSH2_FX_OK) { FSDestroyPath(path); return SSH2_FX_PERMISSION_DENIED; } acl = acl_get_file(path->realPath, ACL_TYPE_ACCESS); } else acl = acl_get_file(file, ACL_TYPE_ACCESS); *nbEntries = 0; DEBUG((MYLOG_DEBUG, "[FSEnumAcl]Call acl_get_file -> '%s'", file)); //Ignore all errors because FS should not support ACL if (acl != NULL) { acl_entry_t entry; if (acl_get_entry(acl, ACL_FIRST_ENTRY, &entry) == 1) { do { acl_permset_t permset; acl_tag_t tag; int *id = NULL; int mode; if (acl_get_tag_type(entry, &tag) == 0 && acl_get_permset(entry, &permset) == 0) { if (tag == ACL_MASK) continue; #ifdef HAVE_ACL_GET_PERM_NP mode = (acl_get_perm_np(permset, ACL_READ) == 1 ? SSH5_ACE4_READ_DATA : 0) | (acl_get_perm_np(permset, ACL_WRITE) == 1 ? SSH5_ACE4_WRITE_DATA : 0) | (acl_get_perm_np(permset, ACL_EXECUTE) == 1 ? SSH5_ACE4_EXECUTE : 0); #else mode = (acl_get_perm(permset, ACL_READ) == 1 ? SSH5_ACE4_READ_DATA : 0) | (acl_get_perm(permset, ACL_WRITE) == 1 ? SSH5_ACE4_WRITE_DATA : 0) | (acl_get_perm(permset, ACL_EXECUTE) == 1 ? SSH5_ACE4_EXECUTE : 0); #endif //HAVE_ACL_GET_PERM_NP switch (tag) { case ACL_USER: id = (int *) acl_get_qualifier(entry); if (id != NULL) { (*callback)(data, FS_ENUM_USER, *id, mode); (void )acl_free(id); } (*nbEntries)++; break; case ACL_GROUP: id = (int *) acl_get_qualifier(entry); if (id != NULL) { (*callback)(data, FS_ENUM_GROUP, *id, mode); (void )acl_free(id); } (*nbEntries)++; break; case ACL_USER_OBJ: (*callback)(data, FS_ENUM_USER_OBJ, -1, mode); (*nbEntries)++; break; case ACL_GROUP_OBJ: (*callback)(data, FS_ENUM_GROUP_OBJ, -1, mode); (*nbEntries)++; break; case ACL_OTHER: (*callback)(data, FS_ENUM_OTHER, -1, mode); (*nbEntries)++; break; } } } while (acl_get_entry(acl, ACL_NEXT_ENTRY, &entry) == 1); } (void )acl_free(acl); } if (path != NULL) FSDestroyPath(path); DEBUG((MYLOG_DEBUG, "[FSEnumAcl]nbEntries=%i", *nbEntries)); return SSH2_FX_OK; } #else //ifdef HAVE_CYGWIN int FSEnumAcl(const char *file, int resolvePath, void (*callback)(void *data, int type, u_int32_t id, u_int32_t mode), void *data, int *nbEntries) { aclent_t acls[MAX_ACL_ENTRIES]; tFSPath *path; int nbAcls; path = FSResolvePath(file, NULL, 0); DEBUG((MYLOG_DEBUG, "[FSEnumAcl]file:'%s' realPath:'%s' exposedPath:'%s' path:'%s'", file, path->realPath, path->exposedPath, path->path)); if (FSCheckSecurity(path->realPath, path->path) != SSH2_FX_OK) { FSDestroyPath(path); return SSH2_FX_PERMISSION_DENIED; } DEBUG((MYLOG_DEBUG, "[FSEnumAcl]Call acl")); nbAcls = acl(file, GETACL, MAX_ACL_ENTRIES, acls); //Ignore all errors because FS should not support ACL if (nbAcls > 0) { int i; for (i = 0; i < nbAcls; i++) { int mode; mode = ((acls[i].a_perm & 2) ? SSH5_ACE4_READ_DATA : 0) | ((acls[i].a_perm & 4) ? SSH5_ACE4_WRITE_DATA : 0) | ((acls[i].a_perm & 1) ? SSH5_ACE4_EXECUTE : 0); switch (acls[i].a_type) { case ACL_USER: (*callback)(data, FS_ENUM_USER, acls[i].a_id, mode); break; case ACL_GROUP: (*callback)(data, FS_ENUM_GROUP, acls[i].a_id, mode); break; case ACL_USER_OBJ: (*callback)(data, FS_ENUM_USER_OBJ, -1, mode); break; case ACL_GROUP_OBJ: (*callback)(data, FS_ENUM_GROUP_OBJ, -1, mode); break; case ACL_OTHER: (*callback)(data, FS_ENUM_OTHER, -1, mode); break; } DEBUG((MYLOG_DEBUG, "[FSEnumAcl]enum tag=%i id=%i mode=%i", acls[i].a_type, acls[i].a_id, mode)); } *nbEntries = nbAcls; } else *nbEntries = 0; FSDestroyPath(path); DEBUG((MYLOG_DEBUG, "[FSEnumAcl]nbEntries=%i", *nbEntries)); return SSH2_FX_OK; } #endif //HAVE_CYGWIN #endif //MSS_ACL mysecureshell_2.0/SftpServer/Encoding.c0000644000000000000000000000464012422711313017014 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #if(HAVE_ICONV||HAVE_LIBICONV) #include #include #include #include "Encoding.h" static iconv_t _toUTF8 = (iconv_t) -1; static iconv_t _fromUTF8 = (iconv_t) -1; /*@null@*/ char *convertToUtf8(char *str, int freeAfter) { char *newStr = NULL; if (_toUTF8 != (iconv_t) -1 && str[0] != '\0') { char *oldPtr = str; char *newPtr; size_t iLen, oLen; iLen = strlen(str); oLen = iLen << 1; newStr = malloc(oLen + 1); if (newStr != NULL) { newPtr = newStr; if (iconv(_toUTF8, &oldPtr, &iLen, &newPtr, &oLen) == (size_t) -1) { free(newStr); goto justdup; } *newPtr = '\0'; } } else { justdup: newStr = strdup(str); } if (freeAfter == 1) free(str); return (newStr); } /*@null@*/ char *convertFromUtf8(char *str, int freeAfter) { char *newStr = NULL; if (_fromUTF8 != (iconv_t) -1 && str[0] != '\0') { char *oldPtr = str; char *newPtr; size_t iLen, oLen; iLen = oLen = strlen(str); newStr = strdup(str); if (newStr != NULL) { newPtr = newStr; if (iconv(_fromUTF8, &oldPtr, &iLen, &newPtr, &oLen) == (size_t) -1) { free(newStr); goto justdup2; } *newPtr = '\0'; } } else { justdup2: newStr = strdup(str); } if (freeAfter == 1) free(str); return (newStr); } void setCharset(/*@null@*/ const char *charset) { if (charset != NULL) { _toUTF8 = iconv_open("UTF-8", charset); _fromUTF8 = iconv_open(charset, "UTF-8"); } else { if (_toUTF8 != (iconv_t) -1) (void) iconv_close(_toUTF8); if (_fromUTF8 != (iconv_t) -1) (void) iconv_close(_fromUTF8); _toUTF8 = (iconv_t) -1; _fromUTF8 = (iconv_t) -1; } } #endif mysecureshell_2.0/SftpServer/Send.h0000644000000000000000000000223712422711313016164 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _SEND_H_ #define _SEND_H_ void SendAttributes(tBuffer *bOut, u_int32_t id, const tAttributes *a, const char *file); void SendStats(tBuffer *bOut, u_int32_t id, u_int32_t count, const tStat *s); void SendHandle(tBuffer *bOut, u_int32_t id, int h); void SendData(tBuffer *bOut, u_int32_t id, const char *data, u_int32_t len); void SendStatus(tBuffer *bOut, u_int32_t id, u_int32_t status); #endif //_SEND_H_ mysecureshell_2.0/SftpServer/SftpWho.h0000644000000000000000000000612212422711313016662 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef __SFTPWHO_H__ #define __SFTPWHO_H__ #define SFTPWHO_MAXCLIENT 128 //128 x 716o = 89.5 ko #define SFTPWHO_EMPTY 0 #define SFTPWHO_IDLE 1 #define SFTPWHO_GET 2 #define SFTPWHO_PUT 3 #define SFTPWHO_STATUS_MASK 0xff //Flags globals #define SFTPWHO_STAY_AT_HOME (1 << 8) #define SFTPWHO_VIRTUAL_CHROOT (1 << 9) #define SFTPWHO_RESOLVE_IP (1 << 10) #define SFTPWHO_IGNORE_HIDDEN (1 << 11) #define SFTPWHO_FAKE_USER (1 << 12) #define SFTPWHO_FAKE_GROUP (1 << 13) #define SFTPWHO_FAKE_MODE (1 << 14) #define SFTPWHO_HIDE_NO_ACESS (1 << 15) #define SFTPWHO_BYPASS_GLB_DWN (1 << 16) #define SFTPWHO_BYPASS_GLB_UPL (1 << 17) #define SFTPWHO_LINKS_AS_LINKS (1 << 18) #define SFTPWHO_IS_ADMIN (1 << 19) #define SFTPWHO_IS_SIMPLE_ADMIN (1 << 20) #define SFTPWHO_CAN_CHG_RIGHTS (1 << 23) #define SFTPWHO_CAN_CHG_TIME (1 << 24) #define SFTPWHO_CREATE_HOME (1 << 25) #define SFTPWHO_ARGS_MASK 0xffffff00 //Flags disabled #define SFTP_DISABLE_REMOVE_DIR (1 << 1) #define SFTP_DISABLE_REMOVE_FILE (1 << 2) #define SFTP_DISABLE_READ_DIR (1 << 3) #define SFTP_DISABLE_READ_FILE (1 << 4) #define SFTP_DISABLE_WRITE_FILE (1 << 5) #define SFTP_DISABLE_SET_ATTRIBUTE (1 << 6) #define SFTP_DISABLE_MAKE_DIR (1 << 7) #define SFTP_DISABLE_RENAME (1 << 8) #define SFTP_DISABLE_SYMLINK (1 << 9) #define SFTP_DISABLE_OVERWRITE (1 << 10) #define SFTP_DISABLE_STATSFS (1 << 11) typedef struct s_sftpglobal { u_int32_t download_max; u_int32_t upload_max; u_int32_t download_by_client; u_int32_t upload_by_client; } t_sftpglobal; typedef struct s_sftpwho { //5 items = 882 octets char user[30]; char ip[256]; char path[200]; char file[200]; char home[196]; //2 items = 8 octets u_int32_t status; u_int32_t pid; //13 items = 52 octets u_int32_t download_pos; u_int32_t download_current; u_int32_t download_total; u_int32_t download_max; u_int32_t upload_current; u_int32_t upload_total; u_int32_t upload_max; u_int32_t time_maxidle; u_int32_t time_maxlife; u_int32_t time_idle; u_int32_t time_total; u_int32_t time_begin; u_int32_t time_transf; } t_sftpwho; //total : 942 octets extern t_sftpglobal *_sftpglobal; t_sftpwho *SftWhoGetAllStructs(); t_sftpwho *SftpWhoGetStruct(int create); int SftpWhoCleanBuggedClient(); void SftpWhoReleaseStruct(/*@null@*/ t_sftpwho *currentSession); int SftpWhoDeleteStructs(); #endif mysecureshell_2.0/SftpServer/FileSystem.c0000644000000000000000000003510412422711313017351 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include #include #include "../Core/FileSpec.h" #include "Access.h" #include "FileSystem.h" #include "Global.h" #include "Sftp.h" #include "Util.h" #include "Log.h" static tFSPath *_home; void FSInit(char *realPath, char *exposedPath) { _home = malloc(sizeof(*_home)); _home->realPath = realPath; _home->exposedPath = exposedPath; _home->path = NULL; } void FSShutdown() { if (_home != NULL) { free(_home); _home = NULL; } } tFSPath *FSResolvePath(const char *path1, const char *path2, int permitDotDirectory) { tFSPath *newPath; int idx, len; newPath = calloc(sizeof(*newPath), 1); if (_home->exposedPath == NULL) { if (path1[0] == '/') newPath->exposedPath = strdup(path1); else newPath->exposedPath = FSBuildPath(_home->realPath, path1); newPath->realPath = strdup(newPath->exposedPath); FSResolvRelativePath(newPath->exposedPath, permitDotDirectory); } else { if (path1[0] == '/') newPath->exposedPath = strdup(path1); else newPath->exposedPath = FSBuildPath(_home->exposedPath, path1); FSResolvRelativePath(newPath->exposedPath, permitDotDirectory); newPath->realPath = FSBuildPath(_home->realPath, newPath->exposedPath); } if (path2 != NULL) { char *oldPath; oldPath = newPath->exposedPath; newPath->exposedPath = FSBuildPath(oldPath, path2); free(oldPath); if (_home->exposedPath != NULL) { oldPath = newPath->realPath; newPath->realPath = FSBuildPath(oldPath, path2); free(oldPath); } else { free(newPath->realPath); newPath->realPath = strdup(newPath->exposedPath); } } FSResolvRelativePath(newPath->exposedPath, permitDotDirectory); FSResolvRelativePath(newPath->realPath, permitDotDirectory); //Strip directory and suffix from exposedPath len = strlen(newPath->exposedPath); for (idx = len - 2; idx >= 0; idx--) if (newPath->exposedPath[idx] == '/') { newPath->path = strdup(newPath->exposedPath + idx + 1); if (newPath->exposedPath[len - 1] == '/') newPath->path[len - idx - 2] = '\0'; break; } if (newPath->path == NULL) newPath->path = strdup(newPath->exposedPath); DEBUG((MYLOG_DEBUG, "[FSResolvePath]realPath:'%s' exposedPath:'%s' path:'%s'", newPath->realPath, newPath->exposedPath, newPath->path)); return newPath; } void FSResolvRelativePath(char *path, int permitDotDirectory) { char *s = path; char *ptr; int len; len = strlen(path); while ((ptr = strstr(s, "..")) != NULL) { int i, beg, end; beg = len - strlen(ptr); end = beg + 2; if ((beg == 0 || path[beg - 1] == '/') && (path[end] == '\0' || path[end] == '/')) { if (path[end] == '\0' && permitDotDirectory == 1) break; //Ignore trailling '/' while (beg > 1 && path[beg - 1] == '/') beg--; //Search directory name before '/../' for (i = beg - 1; i >= 0; i--) if (path[i] == '/' && (i == 0 || path[i - 1] != '/')) break; beg = (i < 1 ? (i < 0 ? 0 : 1) : i); //Delete directory for (i = 0; (end + i) < len; i++) path[beg + i] = path[end + i]; path[beg + i] = '\0'; len -= end - beg; } else s = ptr + 2; } if (len >= 2 && path[len - 2] == '/' && path[len - 1] == '.') { if (permitDotDirectory == 0) path[len - 1] = '\0'; } } char *FSBuildPath(const char *path1, const char *path2) { char *path; char lastChar = '\0'; int i, len, len1, len2; len1 = strlen(path1); len2 = strlen(path2); path = malloc(len1 + 1 + len2 + 1); for (len = 0, i = 0; i < len1; i++) { char currentChar = path1[i]; if (!(lastChar == '/' && currentChar == '/')) { path[len++] = currentChar; lastChar = currentChar; } } if (lastChar != '/') { lastChar = '/'; path[len++] = lastChar; } for (i = 0; i < len2; i++) { char currentChar = path2[i]; if (!(lastChar == '/' && currentChar == '/')) { path[len++] = currentChar; lastChar = currentChar; } } path[len] = '\0'; return path; } void FSDestroyPath(tFSPath *path) { free(path->realPath); free(path->exposedPath); free(path->path); free(path); } static void FSCheckSecurityACL(void *data, int type, u_int32_t id, u_int32_t mode) { int *result = (int *)data; switch (type) { case FS_ENUM_USER: if (id == getuid()) *result = SSH2_FX_OK; case FS_ENUM_GROUP: if (id == getgid()) *result = SSH2_FX_OK; break; case FS_ENUM_OTHER: if ((mode & (SSH5_ACE4_READ_DATA | SSH5_ACE4_WRITE_DATA | SSH5_ACE4_EXECUTE)) != 0) *result = SSH2_FX_OK; break; } } int FSCheckSecurity(const char *fullPath, const char *path) { if (HAS_BIT(gl_var->flagsGlobals, SFTPWHO_STAY_AT_HOME) && _home != NULL && _home->realPath != NULL && strncmp(fullPath, _home->realPath, strlen(_home->realPath)) != 0) return SSH2_FX_PERMISSION_DENIED; if (HAS_BIT(gl_var->flagsGlobals, SFTPWHO_IGNORE_HIDDEN) && path[0] == '.' && path[1] != '.' && path[1] != '\0') return SSH2_FX_NO_SUCH_FILE; if (HAS_BIT(gl_var->flagsGlobals, SFTPWHO_HIDE_NO_ACESS)) { struct stat st; u_int32_t nbEntries; int result = SSH2_FX_NO_SUCH_FILE; FSEnumAcl(fullPath, 0, FSCheckSecurityACL, &result, &nbEntries); if (stat(fullPath, &st) == 0) { if ((st.st_uid == getuid() && HAS_BIT(st.st_mode, S_IRUSR)) || (UserIsInThisGroup(st.st_gid) == 1 && HAS_BIT(st.st_mode, S_IRGRP)) || HAS_BIT(st.st_mode, S_IROTH)) result = SSH2_FX_OK; } if (errno == ENOENT) result = SSH2_FX_OK; if (result != SSH2_FX_OK) return result; } return FileSpecCheckRights(fullPath, path); } void FSChangeRights(struct stat *st) { if (HAS_BIT(gl_var->flagsGlobals, SFTPWHO_FAKE_USER)) st->st_uid = gl_var->current_user; if (HAS_BIT(gl_var->flagsGlobals, SFTPWHO_FAKE_GROUP)) st->st_gid = gl_var->current_group; if (HAS_BIT(gl_var->flagsGlobals, SFTPWHO_FAKE_MODE)) { st->st_mode = (st->st_mode & ~0x1fff) | gl_var->dir_mode; if (HAS_BIT(st->st_mode, S_IFDIR)) { if (HAS_BIT(gl_var->dir_mode, S_IRUSR)) st->st_mode |= S_IXUSR; if (HAS_BIT(gl_var->dir_mode, S_IRGRP)) st->st_mode |= S_IXGRP; if (HAS_BIT(gl_var->dir_mode, S_IROTH)) st->st_mode |= S_IXOTH; } } } tFSPath *FSCheckPath(const char *file) { tFSPath *path; path = FSResolvePath(file, NULL, 0); if (FSCheckSecurity(path->realPath, path->path) != SSH2_FX_OK) { FSDestroyPath(path); return NULL; } return path; } tFSPath *FSRealPath(const char *file) { tFSPath *path; int len; path = FSResolvePath(file, NULL, 0); len = strlen(path->exposedPath); if (len >= 1 && path->exposedPath[len - 1] != '/') { struct stat st; if (stat(path->exposedPath, &st) != -1 && (st.st_mode & S_IFMT) != S_IFREG) { path->exposedPath = realloc(path->exposedPath, len + 2); path->exposedPath[len] = '/'; path->exposedPath[len + 1] = '\0'; } } return path; } int FSOpenFile(const char *file, int *fileHandle, int flags, mode_t mode, struct stat *st) { tFSPath *path; int returnValue; path = FSResolvePath(file, NULL, 0); if (FSCheckSecurity(path->realPath, path->path) != SSH2_FX_OK) { DEBUG((MYLOG_DEBUG, "[FSOpenFile]realPath:'%s' path:'%s' : DENIED", path->realPath, path->path)); FSDestroyPath(path); return SSH2_FX_PERMISSION_DENIED; } if ((*fileHandle = open(path->realPath, flags, mode)) == -1) returnValue = errnoToPortable(errno); else { returnValue = SSH2_FX_OK; if (st != NULL) if (stat(path->realPath, st) == -1) memset(st, 0, sizeof(*st)); } FSDestroyPath(path); return returnValue; } int FSOpenDir(char *dir, DIR **dirHandle) { tFSPath *path; int returnValue; if (_home->exposedPath != NULL) FSResolvRelativePath(dir, 0); path = FSResolvePath(dir, NULL, 0); DEBUG((MYLOG_DEBUG, "[FSOpenDir]dir:'%s' realPath:'%s' exposedPath:'%s' path:'%s'", dir, path->realPath, path->exposedPath, path->path)); if (FSCheckSecurity(path->realPath, path->path) != SSH2_FX_OK) { FSDestroyPath(path); return SSH2_FX_PERMISSION_DENIED; } DEBUG((MYLOG_DEBUG, "[FSOpenDir]Call opendir")); if ((*dirHandle = opendir(path->realPath)) == NULL) returnValue = errnoToPortable(errno); else returnValue = SSH2_FX_OK; FSDestroyPath(path); return returnValue; } tFSPath *FSReadDir(const char *readDir, DIR *dirHandle, struct stat *st) { struct dirent *dp; for (;;) { tFSPath *path; if ((dp = readdir(dirHandle)) == NULL) break; path = FSResolvePath(readDir, dp->d_name, 1); if (FSCheckSecurity(path->realPath, path->path) == SSH2_FX_OK) { if (HAS_BIT(gl_var->flagsGlobals, SFTPWHO_LINKS_AS_LINKS)) { if (lstat(path->realPath, st) < 0) { DEBUG((MYLOG_DEBUG, "[FSReadDir]ERROR lstat(%s): %s", path->realPath, strerror(errno))); FSDestroyPath(path); continue; } } else { if (stat(path->realPath, st) < 0) { DEBUG((MYLOG_DEBUG, "[FSReadDir]ERROR stat(%s): %s", path->realPath, strerror(errno))); FSDestroyPath(path); continue; } } FSChangeRights(st); DEBUG((MYLOG_DEBUG, "[FSReadDir] ACCEPTE '%s' (%s) => '%s' (%s)", path->exposedPath, dp->d_name, path->realPath, path->path)); return path; } DEBUG((MYLOG_DEBUG, "[FSReadDir] REFUSED '%s' (%s) => '%s' (%s)", path->exposedPath, dp->d_name, path->realPath, path->path)); FSDestroyPath(path); } return NULL; } int FSStat(const char *file, int doLStat, struct stat *st) { tFSPath *path; int returnValue; path = FSResolvePath(file, NULL, 0); DEBUG((MYLOG_DEBUG, "[FSStat]realPath:'%s' exposedPath:'%s' path:'%s'", path->realPath, path->exposedPath, path->path)); if (FSCheckSecurity(path->realPath, path->path) != SSH2_FX_OK) { FSDestroyPath(path); return SSH2_FX_PERMISSION_DENIED; } if (doLStat == 0) returnValue = stat(path->realPath, st); else returnValue = lstat(path->realPath, st); FSDestroyPath(path); if (returnValue == -1) return errnoToPortable(errno); else FSChangeRights(st); return SSH2_FX_OK; } int FSUnlink(const char *file) { tFSPath *path; int returnValue; path = FSResolvePath(file, NULL, 0); DEBUG((MYLOG_DEBUG, "[FSRemove]realPath:'%s' exposedPath:'%s' path:'%s'", path->realPath, path->exposedPath, path->path)); if (FSCheckSecurity(path->realPath, path->path) != SSH2_FX_OK) { FSDestroyPath(path); return SSH2_FX_PERMISSION_DENIED; } if (unlink(path->realPath) == -1) returnValue = errnoToPortable(errno); else returnValue = SSH2_FX_OK; FSDestroyPath(path); return returnValue; } int FSMkdir(const char *dir, mode_t mode) { tFSPath *path; int returnValue; path = FSResolvePath(dir, NULL, 0); DEBUG((MYLOG_DEBUG, "[FSMkdir]realPath:'%s' exposedPath:'%s' path:'%s'", path->realPath, path->exposedPath, path->path)); if (FSCheckSecurity(path->realPath, path->path) != SSH2_FX_OK) { FSDestroyPath(path); return SSH2_FX_PERMISSION_DENIED; } if (mkdir(path->realPath, mode) == -1) returnValue = errnoToPortable(errno); else returnValue = SSH2_FX_OK; FSDestroyPath(path); return returnValue; } int FSRmdir(const char *dir) { tFSPath *path; int returnValue; path = FSResolvePath(dir, NULL, 0); DEBUG((MYLOG_DEBUG, "[FSRmdir]realPath:'%s' exposedPath:'%s' path:'%s'", path->realPath, path->exposedPath, path->path)); if (FSCheckSecurity(path->realPath, path->path) != SSH2_FX_OK) { FSDestroyPath(path); return SSH2_FX_PERMISSION_DENIED; } if (rmdir(path->realPath) == -1) returnValue = errnoToPortable(errno); else returnValue = SSH2_FX_OK; FSDestroyPath(path); return returnValue; } int FSRename(const char *oldFile, const char *newFile, int overwriteDestination) { tFSPath *oldPath; tFSPath *newPath; int returnValue; oldPath = FSResolvePath(oldFile, NULL, 0); newPath = FSResolvePath(newFile, NULL, 0); DEBUG((MYLOG_DEBUG, "[FSRename]exposedPath:'%s' -> '%s'", oldPath->exposedPath, newPath->exposedPath)); if (FSCheckSecurity(oldPath->realPath, oldPath->path) != SSH2_FX_OK || FSCheckSecurity(newPath->realPath, newPath->path) != SSH2_FX_OK) { FSDestroyPath(oldPath); FSDestroyPath(newPath); return SSH2_FX_PERMISSION_DENIED; } if (overwriteDestination) (void) unlink(newPath->realPath); if (rename(oldPath->realPath, newPath->realPath) == -1) returnValue = errnoToPortable(errno); else returnValue = SSH2_FX_OK; FSDestroyPath(oldPath); FSDestroyPath(newPath); return returnValue; } int FSSymlink(const char *oldFile, const char *newFile) { tFSPath *oldPath; tFSPath *newPath; int returnValue; oldPath = FSResolvePath(oldFile, NULL, 0); newPath = FSResolvePath(newFile, NULL, 0); DEBUG((MYLOG_DEBUG, "[FSSymlink]exposedPath:'%s' -> '%s'", oldPath->exposedPath, newPath->exposedPath)); if (FSCheckSecurity(oldPath->realPath, oldPath->path) != SSH2_FX_OK || FSCheckSecurity(newPath->realPath, newPath->path) != SSH2_FX_OK) { FSDestroyPath(oldPath); FSDestroyPath(newPath); return SSH2_FX_PERMISSION_DENIED; } DEBUG((MYLOG_DEBUG, "[FSSymlink]'%s' -> '%s'", oldPath->realPath, newPath->realPath)); if (symlink(oldPath->realPath, newPath->realPath) == -1) returnValue = errnoToPortable(errno); else returnValue = SSH2_FX_OK; FSDestroyPath(oldPath); FSDestroyPath(newPath); return returnValue; } int FSReadLink(const char *file, char *readLink, int sizeofReadLink) { tFSPath *path; int len, returnValue; path = FSResolvePath(file, NULL, 0); DEBUG((MYLOG_DEBUG, "[FSReadLink]realPath:'%s' exposedPath:'%s' path:'%s'", path->realPath, path->exposedPath, path->path)); if (FSCheckSecurity(path->realPath, path->path) != SSH2_FX_OK) { FSDestroyPath(path); return SSH2_FX_PERMISSION_DENIED; } len = readlink(path->realPath, readLink, sizeofReadLink); DEBUG((MYLOG_DEBUG, "[FSReadLink]realPath:'%s' sizeofReadLink:%i => %i", path->realPath, sizeofReadLink, len)); if (len == -1) returnValue = errnoToPortable(errno); else { readLink[len] = '\0'; returnValue = SSH2_FX_OK; if (_home->exposedPath != NULL) { size_t lenRP = strlen(_home->realPath); if (lenRP < len) len -= lenRP; else len = 0; memmove(readLink, readLink + lenRP, len); readLink[len] = '\0'; } } FSDestroyPath(path); return returnValue; } mysecureshell_2.0/SftpServer/Util.h0000644000000000000000000000225112422711313016204 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _UTIL_H_ #define _UTIL_H_ #include char *LsFile(const char *name, const struct stat *st); int errnoToPortable(int unixErrno); /*@null@*/ char *ExecCommand(char *cmd, int *myRet); /*@null@*/ char *ExecCommandWithArgs(char **args, int *myRet, /*@null@*/ const char *dataInput, int shouldReturnString); int FlagsFromPortable(int pFlags, int *textMode); int FlagsFromAccess(int access); #endif //_UTIL_H_ mysecureshell_2.0/SftpServer/SftpExt.h0000644000000000000000000000323612422711313016670 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifdef HAVE_SYS_PARAM_H #include #endif //HAVE_SYS_PARAM_H #ifdef HAVE_SYS_STATVFS_H #include #define STATFS statvfs #endif //HAVE_SYS_STATVFS_H #ifdef HAVE_SYS_STATFS_H #include #ifndef STATFS #define STATFS statfs #endif //STATFS #endif //HAVE_SYS_STATFS_H #if (HAVE_SYS_MOUNT_H&&HAVE_STATFS) #include #ifndef STATFS #define STATFS statfs #endif //STATFS #endif //(HAVE_SYS_MOUNT_H&&HAVE_STATFS) #ifdef MSSEXT_DISKUSAGE void DoExtDiskSpace(tBuffer *bIn, tBuffer *bOut, u_int32_t id); #endif #ifdef MSSEXT_DISKUSAGE_SSH void DoExtDiskSpaceOpenSSH_Handle(tBuffer *bIn, tBuffer *bOut, u_int32_t id); void DoExtDiskSpaceOpenSSH_Name(tBuffer *bIn, tBuffer *bOut, u_int32_t id); #endif #ifdef MSSEXT_FILE_HASHING void DoExtFileHashing_Handle(tBuffer *bIn, tBuffer *bOut, u_int32_t id); void DoExtFileHashing_Name(tBuffer *bIn, tBuffer *bOut, u_int32_t id); #endif mysecureshell_2.0/SftpServer/Handle.h0000644000000000000000000000310112422711313016455 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _HANDLE_H_ #define _HANDLE_H_ #include #define HANDLE_NUMBER 100 enum { HANDLE_UNUSED, HANDLE_DIR, HANDLE_FILE }; typedef struct sHandle { int id; int state; char *path; DIR *dir; int fd; int fileIsText; int flags; u_int64_t filePos; u_int64_t fileSize; } tHandle; void HandleInit(); void HandleCloseAll(); tHandle *HandleNew(int state, char *path, int fd, DIR *dir, int fileIsText, int flags); tHandle *HandleGet(int pos); tHandle *HandleGetFile(int pos); tHandle *HandleGetDir(int pos); tHandle *HandleGetLastOpen(int state); void HandleClose(int pos); #define HandleNewFile(_PATH, _FD, _FILE_IS_TEXT, _F) HandleNew(HANDLE_FILE, _PATH, _FD, NULL, _FILE_IS_TEXT, _F) #define HandleNewDirectory(_PATH, _DIR) HandleNew(HANDLE_DIR, _PATH, -1, _DIR, 0, 0) #endif //_HANDLE_H_ mysecureshell_2.0/SftpServer/Send.c0000644000000000000000000000736012422711313016161 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include "Encode.h" #include "Send.h" void SendAttributes(tBuffer *bOut, u_int32_t id, const tAttributes *a, const char *file) { tBuffer *b; b = BufferNew(); if (b != NULL) { BufferPutInt8FAST(b, SSH2_FXP_ATTRS); BufferPutInt32(b, id); EncodeAttributes(b, a, file); BufferPutPacket(bOut, b); BufferDelete(b); } } void SendStats(tBuffer *bOut, u_int32_t id, u_int32_t count, const tStat *s) { u_int32_t i; tBuffer *b; b = BufferNew(); if (b != NULL) { BufferPutInt8FAST(b, SSH2_FXP_NAME); BufferPutInt32(b, id); BufferPutInt32(b, count); for (i = 0; i < count; i++) { BufferPutString(b, s[i].name); if (cVersion <= 3) BufferPutString(b, s[i].longName); EncodeAttributes(b, &s[i].attributes, NULL); } BufferPutPacket(bOut, b); BufferDelete(b); } } void SendHandle(tBuffer *bOut, u_int32_t id, int h) { u_int32_t dataSize; dataSize = 1 + 4 + BufferHandleSize; BufferEnsureFreeCapacity(bOut, 4 + dataSize); BufferPutInt32(bOut, dataSize); //START Data BufferPutInt8FAST(bOut, SSH2_FXP_HANDLE); BufferPutInt32(bOut, id); BufferPutHandle(bOut, h); //END Data } void SendData(tBuffer *bOut, u_int32_t id, const char *data, u_int32_t len) { u_int32_t dataSize; dataSize = 1 + 4 + 4 + len; BufferEnsureFreeCapacity(bOut, 4 + dataSize); BufferPutInt32(bOut, dataSize); //START Data BufferPutInt8FAST(bOut, SSH2_FXP_DATA); BufferPutInt32(bOut, id); BufferPutData(bOut, data, len); //END Data } void SendStatus(tBuffer *bOut, u_int32_t id, u_int32_t status) { static char *statusMessages[] = { "Success", /* SSH_FX_OK */ "End of file", /* SSH_FX_EOF */ "No such file", /* SSH_FX_NO_SUCH_FILE */ "Permission denied", /* SSH_FX_PERMISSION_DENIED */ "Failure", /* SSH_FX_FAILURE */ "Bad message", /* SSH_FX_BAD_MESSAGE */ "No connection", /* SSH_FX_NO_CONNECTION */ "Connection lost", /* SSH_FX_CONNECTION_LOST */ "Operation unsupported", /* SSH_FX_OP_UNSUPPORTED */ "Invalid handle", /* SSH4_FX_INVALID_HANDLE */ "No such path", /* SSH4_FX_NO_SUCH_PATH */ "File already exists", /* SSH4_FX_FILE_ALREADY_EXISTS */ "Write protect", /* SSH4_FX_WRITE_PROTECT */ "No media", /* SSH4_FX_NO_MEDIA */ "No space left", /* SSH5_FX_NO_SPACE_ON_FILESYSTEM */ "Quota exceeded", /* SSH5_FX_QUOTA_EXCEEDED */ "Unknown principle", /* SSH5_FX_UNKNOWN_PRINCIPLE */ "Lock conflict", /* SSH5_FX_LOCK_CONFlICT */ "Unknown error" /* Others */ }; u_int32_t dataSize; u_int32_t msgLength = 0; char *msg = NULL; dataSize = 1 + 4 + 4; if (cVersion >= 3) { msg = statusMessages[MIN(status, SSH2_FX_MAX)]; msgLength = strlen(msg); dataSize += 4 + msgLength + 4 + 2; } BufferEnsureFreeCapacity(bOut, 4 + dataSize); BufferPutInt32(bOut, dataSize); //START Data BufferPutInt8FAST(bOut, SSH2_FXP_STATUS); BufferPutInt32(bOut, id); BufferPutInt32(bOut, status); if (msg != NULL) { BufferPutData(bOut, msg, msgLength); BufferPutData(bOut, "en", 2); } //END Data } mysecureshell_2.0/SftpServer/Global.h0000644000000000000000000000160612422711313016472 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _GLOBAL_H_ #define _GLOBAL_H_ #include "Buffer.h" extern tBuffer *bIn; extern tBuffer *bOut; extern tGlobal *gl_var; #endif mysecureshell_2.0/SftpServer/FileSystemAcl.h0000644000000000000000000000236012422711313017774 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #ifndef _FILESYSTEMACL_H_ #define _FILESYSTEMACL_H_ #define FS_ENUM_USER 1 #define FS_ENUM_GROUP 2 #define FS_ENUM_USER_OBJ 3 #define FS_ENUM_GROUP_OBJ 4 #define FS_ENUM_OTHER 5 #if(MSS_ACL) int FSEnumAcl(const char *file, int resolvePath, void (*callback)(void *data, int type, u_int32_t id, u_int32_t mode), void *data, u_int32_t *nbEntries); #else #define FSEnumAcl(_A, _B, _C, _D, _E) SSH2_FX_OK #endif //MSS_ACL #endif /* _FILESYSTEMACL_H_ */ mysecureshell_2.0/SftpServer/SftpExt.c0000644000000000000000000002101312422711313016654 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include #include #include #include "Buffer.h" #include "Encoding.h" #include "FileSystem.h" #include "Handle.h" #include "Log.h" #include "Send.h" #include "SftpExt.h" #include "SftpServer.h" #include "Util.h" #include "../Core/security.h" #ifdef MSSEXT_DISKUSAGE void DoExtDiskSpace(tBuffer *bIn, tBuffer *bOut, u_int32_t id) { struct STATFS stfs; tFSPath *realPath; char *path; path = convertFromUtf8(BufferGetString(bIn), 1); realPath = FSCheckPath(path); if (realPath != NULL && !HAS_BIT(gl_var->flagsDisable, SFTP_DISABLE_STATSFS)) { if (STATFS(path, &stfs) == 0) { tBuffer *b; b = BufferNew(); BufferPutInt8(b, SSH2_FXP_EXTENDED_REPLY); BufferPutInt32(b, id); BufferPutInt64(b, (u_int64_t) stfs.f_blocks * (u_int64_t) stfs.f_bsize); BufferPutInt64(b, (u_int64_t) stfs.f_bfree * (u_int64_t) stfs.f_bsize); BufferPutInt64(b, 0); BufferPutInt64(b, (u_int64_t) stfs.f_bavail * (u_int64_t) stfs.f_bsize); BufferPutInt32(b, stfs.f_bsize); BufferPutPacket(bOut, b); } else SendStatus(bOut, id, errnoToPortable(errno)); } else SendStatus(bOut, id, SSH2_FX_PERMISSION_DENIED); FSDestroyPath(realPath); free(path); } #endif //MSSEXT_DISKUSAGE #ifdef MSSEXT_DISKUSAGE_SSH static void DoExtDiskSpaceOpenSSH_Path(tBuffer *bOut, u_int32_t id, const char *path) { struct STATFS stfs; tFSPath *realPath; DEBUG((MYLOG_DEBUG, "[DoExtDiskSpaceOpenSSH_Path]Path: %s", path)); realPath = FSCheckPath(path); if (realPath != NULL && !HAS_BIT(gl_var->flagsDisable, SFTP_DISABLE_STATSFS)) { if (STATFS(path, &stfs) == 0) { tBuffer *b; b = BufferNew(); BufferPutInt8(b, SSH2_FXP_EXTENDED_REPLY); BufferPutInt32(b, id); BufferPutInt64(b, stfs.f_bsize); /* file system block size */ BufferPutInt64(b, stfs.f_frsize); /* fundamental fs block size */ BufferPutInt64(b, stfs.f_blocks); /* number of blocks (unit f_frsize) */ BufferPutInt64(b, stfs.f_bfree); /* free blocks in file system */ BufferPutInt64(b, stfs.f_bavail); /* free blocks for non-root */ BufferPutInt64(b, stfs.f_files); /* total file inodes */ BufferPutInt64(b, stfs.f_ffree); /* free file inodes */ BufferPutInt64(b, stfs.f_favail); /* free file inodes for to non-root */ BufferPutInt64(b, stfs.f_fsid); /* file system id */ BufferPutInt64(b, stfs.f_flag); /* bit mask of f_flag values */ BufferPutInt64(b, stfs.f_namemax); /* maximum filename length */ BufferPutPacket(bOut, b); } else { DEBUG((MYLOG_DEBUG, "[DoExtDiskSpaceOpenSSH_Path]error: %s", strerror(errno))); SendStatus(bOut, id, errnoToPortable(errno)); } } else { DEBUG((MYLOG_DEBUG, "[DoExtDiskSpaceOpenSSH_Path]FSCheckPath failed")); SendStatus(bOut, id, SSH2_FX_PERMISSION_DENIED); } FSDestroyPath(realPath); } void DoExtDiskSpaceOpenSSH_Handle(tBuffer *bIn, tBuffer *bOut, u_int32_t id) { tHandle *hdl; if ((hdl = HandleGetDir(BufferGetHandle(bIn))) != NULL) DoExtDiskSpaceOpenSSH_Path(bOut, id, hdl->path); else SendStatus(bOut, id, SSH4_FX_INVALID_HANDLE); } void DoExtDiskSpaceOpenSSH_Name(tBuffer *bIn, tBuffer *bOut, u_int32_t id) { char *path; path = BufferGetString(bIn); DoExtDiskSpaceOpenSSH_Path(bOut, id, path); free(path); } #endif //MSSEXT_DISKUSAGE_SSH #ifdef MSSEXT_FILE_HASHING #include #include static void DoExtFileHashing_FD(tBuffer *bIn, tBuffer *bOut, u_int32_t id, int fd) { gnutls_digest_algorithm_t gnuTlsAlgo = GNUTLS_DIG_UNKNOWN; u_int64_t offset, length; u_int32_t blockSize; char *algo; algo = BufferGetString(bIn); offset = BufferGetInt64(bIn); length = BufferGetInt64(bIn); blockSize = BufferGetInt32(bIn); if (lseek(fd, offset, SEEK_SET) == -1) { SendStatus(bOut, id, errnoToPortable(errno)); DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_FD]Error lseek1")); goto endOfFileHashing; } if (length == 0)//read the file to the end { u_int64_t endOfFile; if ((endOfFile = lseek(fd, 0, SEEK_END)) == -1) { SendStatus(bOut, id, errnoToPortable(errno)); DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_FD]Error lseek2")); goto endOfFileHashing; } length = endOfFile - offset; if (lseek(fd, offset, SEEK_SET) == -1) { SendStatus(bOut, id, errnoToPortable(errno)); DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_FD]Error lseek3")); goto endOfFileHashing; } } if (blockSize == 0)//read length in one time blockSize = length; DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_FD]Algo:%s Fd:%i Offset:%llu Length:%llu BlockSize:%i", algo, fd, offset, length, blockSize)); if (strcasecmp("md2", algo) == 0) gnuTlsAlgo = GNUTLS_DIG_MD2; else if (strcasecmp("md5", algo) == 0) gnuTlsAlgo = GNUTLS_DIG_MD5; else if (strcasecmp("sha1", algo) == 0) gnuTlsAlgo = GNUTLS_DIG_SHA1; else if (strcasecmp("sha224", algo) == 0) gnuTlsAlgo = GNUTLS_DIG_SHA224; else if (strcasecmp("sha256", algo) == 0) gnuTlsAlgo = GNUTLS_DIG_SHA256; else if (strcasecmp("sha384", algo) == 0) gnuTlsAlgo = GNUTLS_DIG_SHA384; else if (strcasecmp("sha512", algo) == 0) gnuTlsAlgo = GNUTLS_DIG_SHA512; if (gnuTlsAlgo != GNUTLS_DIG_UNKNOWN) { gnutls_hash_hd_t dig; tBuffer *b; size_t keySize = gnutls_hash_get_len(gnuTlsAlgo); char *gnuKey; char data[SSH2_READ_HASH]; int inError = 0; int gnulTlsError; b = BufferNew(); BufferPutInt8FAST(b, SSH2_FXP_EXTENDED_REPLY); BufferPutInt32(b, id); BufferPutString(b, algo); gnuKey = calloc(1, keySize); if (gnuKey == NULL) goto endOfFileHashing; if ((gnulTlsError = gnutls_hash_init(&dig, gnuTlsAlgo)) == 0) { while (length > 0) { u_int32_t r, off, len; length = (length > (u_int64_t) blockSize) ? length - (u_int64_t) blockSize : 0; off = blockSize; len = sizeof(data); DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_FD]Read:%i Rest:%llu", len, length)); while ((r = read(fd, data, len)) > 0) { DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_FD]Compute block (%u/%u %u)", len, r, off)); if ((gnulTlsError = gnutls_hash(dig, data, r)) != 0) { DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_FD]Error gnutls_hmac [error: %i]", gnulTlsError)); inError = 1; break; } off -= r; if (off < sizeof(data)) len = off; if (off == 0) break; } } } else { DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_FD]Error gnutls_hash_init [keySize: %li] [error: %i]", keySize, gnulTlsError)); inError = 1; } if (inError == 0) { DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_FD]Compute key... [keySize: %li][keyPointer: %p]", keySize, gnuKey)); gnutls_hash_deinit(dig, gnuKey); DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_FD]Hash: %X%X%X ...", gnuKey[0], gnuKey[1], gnuKey[2])); BufferPutRawData(b, gnuKey, keySize); BufferPutPacket(bOut, b); } else SendStatus(bOut, id, SSH2_FX_FAILURE); BufferDelete(b); free(gnuKey); } else { DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_FD]No algorithm: %s", algo)); SendStatus(bOut, id, SSH2_FX_OP_UNSUPPORTED); } endOfFileHashing: DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_FD]End")); free(algo); } void DoExtFileHashing_Handle(tBuffer *bIn, tBuffer *bOut, u_int32_t id) { tHandle *hdl; DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_Handle]...")); if ((hdl = HandleGetFile(BufferGetHandle(bIn))) != NULL) DoExtFileHashing_FD(bIn, bOut, id, hdl->fd); else SendStatus(bOut, id, SSH4_FX_INVALID_HANDLE); } void DoExtFileHashing_Name(tBuffer *bIn, tBuffer *bOut, u_int32_t id) { char *file = BufferGetString(bIn); int status, fd; status = FSOpenFile(file, &fd, O_RDONLY, 0, NULL); DEBUG((MYLOG_DEBUG, "[DoExtFileHashing_Name]File: %s Status: %i", file, status)); if (status == SSH2_FX_OK) { DoExtFileHashing_FD(bIn, bOut, id, fd); xclose(fd); } else SendStatus(bOut, id, status); free(file); } #endif //MSSEXT_FILE_HASHING mysecureshell_2.0/SftpServer/FileSystem.h0000644000000000000000000000414212422711313017354 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _FILESYSTEM_H_ #define _FILESYSTEM_H_ #include #include #include #include #include #include "FileSystemAcl.h" typedef struct sFSPath { char *realPath; char *exposedPath; char *path; } tFSPath; void FSInit(char *realPath, char *exposedPath); void FSShutdown(); tFSPath *FSResolvePath(const char *path1, const char *path2, int permitDotDirectory); void FSResolvRelativePath(char *path, int permitDotDirectory); char *FSBuildPath(const char *path1, const char *path2); void FSDestroyPath(tFSPath *path); int FSCheckSecurity(const char *fullPath, const char *path); void FSChangeRights(struct stat *st); tFSPath *FSCheckPath(const char *file); tFSPath *FSRealPath(const char *file); int FSOpenFile(const char *file, int *fileHandle, int flags, mode_t mode, struct stat *st); int FSOpenDir(char *dir, DIR **dirHandle); tFSPath *FSReadDir(const char *readDir, DIR *dirHandle, struct stat *st); int FSStat(const char *file, int doLStat, struct stat *st); int FSReadLink(const char *file, char *readLink, int sizeofReadLink); int FSUnlink(const char *file); int FSMkdir(const char *dir, mode_t mode); int FSRmdir(const char *dir); int FSRename(const char *oldFile, const char *newFile, int overwriteDestination); int FSSymlink(const char *oldFile, const char *newFile); #endif /* _FILESYSTEM_H_ */ mysecureshell_2.0/SftpServer/Admin.c0000644000000000000000000002111712422711313016314 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #ifdef MSS_HAVE_ADMIN #include #include #include #include #include #include #include #include "Defines.h" #include "Global.h" #include "Stats.h" #include "Admin.h" #include "Log.h" #include "Send.h" #include "Util.h" #include "../Core/security.h" void DoAdminListUsers() { char *buf; int ret; buf = ExecCommand(MSS_SFTPWHO, &ret); if (buf != NULL) { tBuffer *b; b = BufferNew(); BufferPutInt8FAST(b, SSH_ADMIN_LIST_USERS_REPLY); BufferPutString(b, buf); BufferPutPacket(bOut, b); DEBUG((MYLOG_DEBUG, "[DoAdminListUsers]send length:'%i' return:%i", strlen(buf), ret)); BufferDelete(b); free(buf); } else { SendStatus(bOut, 0, SSH2_FX_FAILURE); DEBUG((MYLOG_DEBUG, "[DoAdminListUsers]Error: %s", strerror(errno))); } } void DoAdminKillUser() { t_sftpwho *who; int pidToKill = (int )BufferGetInt32(bIn); int status = SSH2_FX_OK; DEBUG((MYLOG_DEBUG, "[DoAdminKillUser]Try to kill pid:%i", pidToKill)); who = SftWhoGetAllStructs(); if (who != NULL) { unsigned int pid; int i; pid = (unsigned int )getpid(); for (i = 0; i < SFTPWHO_MAXCLIENT; i++) if ((who[i].status & SFTPWHO_STATUS_MASK) != SFTPWHO_EMPTY) if ((who[i].pid == pidToKill || pidToKill == 0) && who[i].pid != pid) { DEBUG((MYLOG_DEBUG, "[DoAdminKillUser]Send kill to pid:%i", who[i].pid)); if (kill(who[i].pid, SIGHUP) == -1) status = errnoToPortable(errno); } } #ifdef DODEBUG else DEBUG((MYLOG_DEBUG, "[DoAdminKillUser]No global structure !")); #endif SendStatus(bOut, 0, status); } void DoAdminServerStatus() { int isActive = BufferGetInt8(bIn); int status = SSH2_FX_OK; int fd; if (isActive > 0) { if (unlink(SHUTDOWN_FILE) == -1) status = errnoToPortable(errno); } else { if ((fd = open(SHUTDOWN_FILE, O_CREAT | O_TRUNC | O_RDWR, 0644)) >= 0) xclose(fd); else status = errnoToPortable(errno); } SendStatus(bOut, 0, status); } void DoAdminServerGetStatus() { struct stat st; tBuffer *b; char state; b = BufferNew(); BufferPutInt8FAST(b, SSH_ADMIN_SERVER_GET_STATUS_REPLY); if (stat(SHUTDOWN_FILE, &st) == -1) state = 1; else state = 0; BufferPutInt8(b, state); BufferPutPacket(bOut, b); BufferDelete(b); DEBUG((MYLOG_DEBUG, "[DoAdminServerGetStatus]state:'%i'", state)); } void DoAdminGetLogContent() { u_int32_t r = 0, status = SSH2_FX_FAILURE; off_t size; char *buffer; size = BufferGetInt32(bIn); if ((buffer = malloc(size)) != NULL) { int fd; if ((fd = open(MSS_LOG, O_RDONLY)) >= 0) { if (lseek(fd, -size, SEEK_END) == (off_t) -1 && errno != EINVAL) status = errnoToPortable(errno); else { r = read(fd, buffer, size); SendData(bOut, 0, buffer, r); status = SSH2_FX_OK; } xclose(fd); } else status = errnoToPortable(errno); free(buffer); } DEBUG((MYLOG_DEBUG, "[DoAdminGetLogContent]wanted:%i / read:%i", size, r)); if (status != SSH2_FX_OK) SendStatus(bOut, 0, status); } void DoAdminConfigSet() { u_int32_t size, status = SSH2_FX_FAILURE; char *buffer; buffer = BufferGetData(bIn, &size); if (buffer != NULL) { int fd; if (rename(CONFIG_FILE, CONFIG_FILE".bak") == -1) { status = errnoToPortable(errno); mylog_printf(MYLOG_ERROR, "[RemoteAdmin-Change config]Cannot backup configuration: %s", strerror(errno)); } else { if ((fd = open(CONFIG_FILE, O_WRONLY | O_TRUNC | O_CREAT, 0644)) >= 0) { if (fchown(fd, 0, 0) == -1) { status = errnoToPortable(errno); mylog_printf(MYLOG_ERROR, "[RemoteAdmin-Change config]Cannot change rights of config file: %s", strerror(errno)); if (rename(CONFIG_FILE".bak", CONFIG_FILE) == -1) mylog_printf(MYLOG_ERROR, "[RemoteAdmin-Change config]Error when reinstall backuped configuration ("\ "see file '"CONFIG_FILE".bak""': %s", strerror(errno)); } else { if (write(fd, buffer, size) == -1) { status = errnoToPortable(errno); mylog_printf(MYLOG_ERROR, "[RemoteAdmin-Change config]Cannot write configuration: %s", strerror(errno)); if (rename(CONFIG_FILE".bak", CONFIG_FILE) == -1) mylog_printf(MYLOG_ERROR, "[RemoteAdmin-Change config]Error when reinstall backuped configuration ("\ "see file '"CONFIG_FILE".bak""': %s", strerror(errno)); } else status = SSH2_FX_OK; } xclose(fd); } else { status = errnoToPortable(errno); mylog_printf(MYLOG_ERROR, "[RemoteAdmin-Change config]Cannot open configuration: %s", strerror(errno)); } } } DEBUG((MYLOG_DEBUG, "[DoAdminSetLogContent]send:%i", size)); SendStatus(bOut, 0, status); } void DoAdminConfigGet() { struct stat st; u_int32_t status = SSH2_FX_FAILURE; int fd; if (stat(CONFIG_FILE, &st) != -1 && (fd = open(CONFIG_FILE, O_RDONLY)) >= 0) { u_int32_t r; tBuffer *b = BufferNew(); char *buffer; BufferPutInt8FAST(b, SSH2_FXP_DATA); BufferPutInt32(b, 0); if ((buffer = malloc(st.st_size)) != NULL) { r = read(fd, buffer, st.st_size); BufferPutData(b, buffer, r); free(buffer); status = SSH2_FX_OK; } xclose(fd); if (stat("/etc/shells", &st) != -1 && (fd = open("/etc/shells", O_RDONLY)) >= 0) { if ((buffer = malloc(st.st_size)) != NULL) { r = read(fd, buffer, st.st_size); BufferPutData(b, buffer, r); free(buffer); } else BufferPutInt32(b, 0); xclose(fd); } if (status == SSH2_FX_OK) BufferPutPacket(bOut, b); BufferDelete(b); } else status = errnoToPortable(errno); DEBUG((MYLOG_DEBUG, "[DoAdminConfigGet]status: %i", status)); if (status != SSH2_FX_OK) SendStatus(bOut, 0, status); } void DoAdminUserCreate() { u_int32_t status = SSH2_FX_FAILURE; char *args[5]; char *userName; char *passWord; char *homePath; int ret; userName = BufferGetString(bIn); passWord = BufferGetString(bIn); homePath = BufferGetString(bIn); args[0] = MSS_SFTPUSER; args[1] = "create"; args[2] = userName; args[3] = homePath; args[4] = NULL; (void )ExecCommandWithArgs(args, &ret, passWord, 0); if (ret == 0) { args[1] = "hide"; args[3] = "0"; (void )ExecCommandWithArgs(args, &ret, NULL, 0); status = SSH2_FX_OK; } DEBUG((MYLOG_DEBUG, "[DoAdminUserCreate]User:%s Home:%s Pass:%s status:%i", userName, homePath, passWord, status)); SendStatus(bOut, 0, status); free(userName); free(passWord); free(homePath); } void DoAdminUserDelete() { u_int32_t status = SSH2_FX_FAILURE; char *args[5]; char *userName; int ret; userName = BufferGetString(bIn); args[0] = MSS_SFTPUSER; args[1] = "delete"; args[2] = userName; args[3] = "0"; args[4] = NULL; (void )ExecCommandWithArgs(args, &ret, NULL, 0); if (ret == 0) status = SSH2_FX_OK; DEBUG((MYLOG_DEBUG, "[DoAdminUserDelete]User:%s status:%i", userName, status)); SendStatus(bOut, 0, status); free(userName); } void DoAdminUserList() { char *args[3]; char *users; int ret; args[0] = MSS_SFTPUSER; args[1] = "list"; args[2] = NULL; users = ExecCommandWithArgs(args, &ret, NULL, 1); DEBUG((MYLOG_DEBUG, "[DoAdminUserList]Return:%i Users:%s", ret, users)); if (ret == 0) SendData(bOut, 0, users, strlen(users)); else SendStatus(bOut, 0, SSH2_FX_FAILURE); if (users != NULL) free(users); } void DoAdminStats(tStats *stats) { u_int32_t lastRefresh; tBuffer *b; lastRefresh = BufferGetInt32(bIn); b = BufferNew(); BufferPutInt8FAST(b, SSH_ADMIN_STATS_REPLY); StatsSend(stats, lastRefresh, b); BufferPutPacket(bOut, b); DEBUG((MYLOG_DEBUG, "[DoAdminStats]Last refresh :%u", lastRefresh)); BufferDelete(b); } #endif //MSS_HAVE_ADMIN mysecureshell_2.0/SftpServer/Access.h0000644000000000000000000000160312422711313016470 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _ACCESS_H_ #define _ACCESS_H_ void InitAccess(); void FreeAccess(); int UserIsInThisGroup(gid_t grp); #endif //_ACCESS_H_ mysecureshell_2.0/SftpServer/Encode.c0000644000000000000000000002600712422711313016464 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include #include #include #ifdef HAVE_LINUX_EXT2_FS_H #define EXT2_SECRM_FL 0x00000001 /* Secure deletion */ #define EXT2_UNRM_FL 0x00000002 /* Undelete */ #define EXT2_COMPR_FL 0x00000004 /* Compress file */ #define EXT2_SYNC_FL 0x00000008 /* Synchronous updates */ #define EXT2_IMMUTABLE_FL 0x00000010 /* Immutable file */ #define EXT2_APPEND_FL 0x00000020 /* writes to file may only append */ #define EXT2_NODUMP_FL 0x00000040 /* do not dump file */ #define EXT2_NOATIME_FL 0x00000080 /* do not update atime */ /* Reserved for compression usage... */ #define EXT2_DIRTY_FL 0x00000100 #define EXT2_COMPRBLK_FL 0x00000200 /* One or more compressed clusters */ #define EXT2_NOCOMP_FL 0x00000400 /* Don't compress */ #define EXT2_ECOMPR_FL 0x00000800 /* Compression error */ /* End compression flags --- maybe not all used */ #define EXT2_BTREE_FL 0x00001000 /* btree format dir */ #define EXT2_INDEX_FL 0x00001000 /* hash-indexed directory */ #define EXT2_IMAGIC_FL 0x00002000 /* AFS directory */ #define EXT2_JOURNAL_DATA_FL 0x00004000 /* Reserved for ext3 */ #define EXT2_NOTAIL_FL 0x00008000 /* file tail should not be merged */ #define EXT2_DIRSYNC_FL 0x00010000 /* dirsync behaviour (directories only) */ #define EXT2_TOPDIR_FL 0x00020000 /* Top of directory hierarchies*/ #define EXT2_RESERVED_FL 0x80000000 /* reserved for ext2 lib */ #define EXT2_FL_USER_VISIBLE 0x0003DFFF /* User visible flags */ #define EXT2_FL_USER_MODIFIABLE 0x000380FF /* User modifiable flags */ /* * ioctl commands */ #define EXT2_IOC_GETFLAGS _IOR('f', 1, long) #define EXT2_IOC_SETFLAGS _IOW('f', 2, long) #define EXT2_IOC_GETVERSION _IOR('v', 1, long) #define EXT2_IOC_SETVERSION _IOW('v', 2, long) #endif #include #include "Encode.h" #include "FileSystem.h" #include "GetUsersInfos.h" #include "Log.h" #include "../Core/security.h" tAttributes *GetAttributes(tBuffer *bIn) { static tAttributes a; memset(&a, 0, sizeof(a)); a.flags = BufferGetInt32(bIn); //DEBUG((MYLOG_DEBUG, "FLAGS[%x][%i]", a.flags, a.flags)); if (cVersion >= 4) a.type = BufferGetInt8(bIn); if (HAS_BIT(a.flags, SSH2_FILEXFER_ATTR_SIZE)) a.size = BufferGetInt64(bIn); if (cVersion <= 3 && HAS_BIT(a.flags, SSH2_FILEXFER_ATTR_UIDGID)) { a.uid = BufferGetInt32(bIn); a.gid = BufferGetInt32(bIn); } if (cVersion >= 4 && HAS_BIT(a.flags, SSH4_FILEXFER_ATTR_OWNERGROUP)) { t_info *pw; t_info *gr; char *user, *group; user = BufferGetString(bIn); group = BufferGetString(bIn); if ((pw = mygetpwnam(user)) != NULL) a.uid = pw->id; if ((gr = mygetgrnam(group)) != NULL) a.gid = gr->id; free(user); free(group); } if (HAS_BIT(a.flags, SSH2_FILEXFER_ATTR_PERMISSIONS)) a.perm = BufferGetInt32(bIn); if (cVersion <= 3) { if (HAS_BIT(a.flags, SSH2_FILEXFER_ATTR_ACMODTIME)) { a.atime = BufferGetInt32(bIn); a.mtime = BufferGetInt32(bIn); } } else //version >= 4 { if (HAS_BIT(a.flags, SSH4_FILEXFER_ATTR_ACCESSTIME)) a.atime = BufferGetInt64(bIn); if (HAS_BIT(a.flags, SSH4_FILEXFER_ATTR_SUBSECOND_TIMES)) (void) BufferGetInt32(bIn); if (HAS_BIT(a.flags, SSH4_FILEXFER_ATTR_CREATETIME)) a.ctime = BufferGetInt64(bIn); if (HAS_BIT(a.flags, SSH4_FILEXFER_ATTR_SUBSECOND_TIMES)) (void) BufferGetInt32(bIn); if (HAS_BIT(a.flags, SSH4_FILEXFER_ATTR_MODIFYTIME)) a.mtime = BufferGetInt64(bIn); if (HAS_BIT(a.flags, SSH4_FILEXFER_ATTR_SUBSECOND_TIMES)) (void) BufferGetInt32(bIn); } if (HAS_BIT(a.flags, SSH2_FILEXFER_ATTR_ACL)) //unsupported feature { free(BufferGetString(bIn)); } if (HAS_BIT(a.flags, SSH2_FILEXFER_ATTR_EXTENDED)) //unsupported feature { u_int32_t i, count; count = BufferGetInt32(bIn); for (i = 0; i < count; i++) { free(BufferGetString(bIn)); free(BufferGetString(bIn)); } } return (&a); } void StatToAttributes(const struct stat *st, tAttributes *a, const char *fileName) { memset(a, 0, sizeof(*a)); a->flags = SSH2_FILEXFER_ATTR_SIZE; a->size = (u_int64_t) st->st_size; a->uid = (u_int32_t) st->st_uid; a->gid = (u_int32_t) st->st_gid; a->flags |= SSH2_FILEXFER_ATTR_PERMISSIONS; a->perm = (u_int32_t) st->st_mode; a->flags |= SSH2_FILEXFER_ATTR_ACMODTIME; a->atime = st->st_atime; a->mtime = st->st_mtime; a->ctime = st->st_ctime; if (cVersion >= 4) { if ((st->st_mode & S_IFMT) == S_IFREG) a->type = SSH4_FILEXFER_TYPE_REGULAR; else if ((st->st_mode & S_IFMT) == S_IFDIR) a->type = SSH4_FILEXFER_TYPE_DIRECTORY; else if ((st->st_mode & S_IFMT) == S_IFLNK) a->type = SSH4_FILEXFER_TYPE_SYMLINK; else a->type = SSH4_FILEXFER_TYPE_SPECIAL; if (cVersion >= 5) { if ((st->st_mode & S_IFMT) == S_IFSOCK) a->type = SSH5_FILEXFER_TYPE_SOCKET; else if ((st->st_mode & S_IFMT) == S_IFCHR) a->type = SSH5_FILEXFER_TYPE_CHAR_DEVICE; else if ((st->st_mode & S_IFMT) == S_IFBLK) a->type = SSH5_FILEXFER_TYPE_BLOCK_DEVICE; else if ((st->st_mode & S_IFMT) == S_IFIFO) a->type = SSH5_FILEXFER_TYPE_FIFO; } a->flags |= SSH4_FILEXFER_ATTR_OWNERGROUP | SSH4_FILEXFER_ATTR_ACCESSTIME | SSH4_FILEXFER_ATTR_CREATETIME | SSH4_FILEXFER_ATTR_MODIFYTIME; } else a->flags |= SSH2_FILEXFER_ATTR_UIDGID; if (cVersion >= 5 && fileName != NULL) { size_t pos = strlen(fileName) - 1; #ifdef HAVE_LINUX_EXT2_FS_H int fd; #endif a->attrib = 0; a->flags |= SSH5_FILEXFER_ATTR_BITS; while (pos >= 1 && fileName[pos - 1] != '/') pos--; if (pos >= 0 && fileName[pos] == '.') a->attrib |= SSH5_FILEXFER_ATTR_FLAGS_HIDDEN; #ifdef HAVE_LINUX_EXT2_FS_H if ((fd = open(fileName, O_RDONLY)) >= 0) { int flags; if (ioctl(fd, EXT2_IOC_GETFLAGS, &flags) != -1) { if (flags & EXT2_COMPR_FL) a->attrib |= SSH5_FILEXFER_ATTR_FLAGS_COMPRESSED; if (flags & EXT2_APPEND_FL) a->attrib |= SSH5_FILEXFER_ATTR_FLAGS_APPEND_ONLY; if (flags & EXT2_IMMUTABLE_FL) a->attrib |= SSH5_FILEXFER_ATTR_FLAGS_IMMUTABLE; if (flags & EXT2_SYNC_FL) a->attrib |= SSH5_FILEXFER_ATTR_FLAGS_SYNC; } xclose(fd); } #endif } } static void EncodeACLCallBack(void *data, int type, u_int32_t id, u_int32_t mode) { tBuffer *bAcl = (tBuffer *) data; BufferPutInt32(bAcl, SSH5_ACE4_ACCESS_ALLOWED_ACE_TYPE); BufferPutInt32(bAcl, 0);//ace-flag ??? BufferPutInt32(bAcl, mode); switch (type) { case FS_ENUM_USER_OBJ: BufferPutString(bAcl, "USER"); break; case FS_ENUM_GROUP_OBJ: BufferPutString(bAcl, "GROUP"); break; case FS_ENUM_OTHER: BufferPutString(bAcl, "OTHER"); break; case FS_ENUM_USER: { t_info *pw; char buf[11 + 1]; char *str; if ((pw = mygetpwuid(id))) str = pw->name; else { (void) snprintf(buf, sizeof(buf), "%u", (unsigned int) id); str = buf; } BufferPutString(bAcl, str); } break; case FS_ENUM_GROUP: { t_info *gr; char buf[11 + 1]; char *str; if ((gr = mygetgrgid(id))) str = gr->name; else { (void) snprintf(buf, sizeof(buf), "%u", (unsigned int) id); str = buf; } BufferPutString(bAcl, str); } break; } } //Only call for SSH2_FXP_STAT, SSH2_FXP_LSTAT or SSH2_FXP_FSTAT static void EncodeACL(tBuffer *b, const char *file) { u_int32_t nbEntries; tBuffer *bAcl; bAcl = BufferNew(); if (bAcl != NULL) { BufferPutInt32(bAcl, 0);//Number of ACL if (FSEnumAcl(file, 1, EncodeACLCallBack, bAcl, &nbEntries) == SSH2_FX_OK) { u_int32_t posNew; posNew = BufferGetCurrentWritePosition(bAcl); BufferSetCurrentWritePosition(bAcl, 0); BufferPutInt32(bAcl, nbEntries);//Number of ACLs BufferSetCurrentWritePosition(bAcl, posNew); } BufferPutPacket(b, bAcl); BufferDelete(bAcl); } else BufferPutInt32(b, 0); } void EncodeAttributes(tBuffer *b, const tAttributes *a, /*@null@*/ const char *file) { DEBUG((MYLOG_DEBUG, "[EncodeAttributes]flags=%i", a->flags)); BufferPutInt32(b, a->flags); if (cVersion >= 4) BufferPutInt8(b, a->type); if (HAS_BIT(a->flags, SSH2_FILEXFER_ATTR_SIZE)) BufferPutInt64(b, a->size); if (cVersion <= 3 && HAS_BIT(a->flags, SSH2_FILEXFER_ATTR_UIDGID)) { BufferPutInt32(b, a->uid); BufferPutInt32(b, a->gid); } if (HAS_BIT(a->flags, SSH4_FILEXFER_ATTR_OWNERGROUP)) { t_info *pw; t_info *gr; char buf[11 + 1]; char *str; if ((pw = mygetpwuid(a->uid))) str = pw->name; else { (void) snprintf(buf, sizeof(buf), "%u", (unsigned int) a->uid); str = buf; } BufferPutString(b, str); if ((gr = mygetgrgid(a->gid))) str = gr->name; else { (void) snprintf(buf, sizeof(buf), "%u", (unsigned int) a->gid); str = buf; } BufferPutString(b, str); } if (HAS_BIT(a->flags, SSH2_FILEXFER_ATTR_PERMISSIONS)) BufferPutInt32(b, a->perm); if (cVersion <= 3) { if (HAS_BIT(a->flags, SSH2_FILEXFER_ATTR_ACMODTIME)) { BufferPutInt32(b, a->atime); BufferPutInt32(b, a->mtime); } } else //cVersion >= 4 { if (HAS_BIT(a->flags, SSH4_FILEXFER_ATTR_ACCESSTIME)) BufferPutInt64(b, a->atime); if (HAS_BIT(a->flags, SSH4_FILEXFER_ATTR_SUBSECOND_TIMES)) BufferPutInt32(b, 0); if (HAS_BIT(a->flags, SSH4_FILEXFER_ATTR_CREATETIME)) BufferPutInt64(b, a->ctime); if (HAS_BIT(a->flags, SSH4_FILEXFER_ATTR_SUBSECOND_TIMES)) BufferPutInt32(b, 0); if (HAS_BIT(a->flags, SSH4_FILEXFER_ATTR_MODIFYTIME)) BufferPutInt64(b, a->mtime); if (HAS_BIT(a->flags, SSH4_FILEXFER_ATTR_SUBSECOND_TIMES)) BufferPutInt32(b, 0); } if (HAS_BIT(a->flags, SSH2_FILEXFER_ATTR_ACL)) { #if(MSS_ACL) if (file == NULL) #endif BufferPutString(b, ""); //unsupported feature #if(MSS_ACL) else EncodeACL(b, file); #endif } if (HAS_BIT(a->flags, SSH5_FILEXFER_ATTR_BITS)) BufferPutInt32(b, a->attrib); if (cVersion >= 5 && HAS_BIT(a->flags, SSH2_FILEXFER_ATTR_EXTENDED)) BufferPutInt32(b, 0); //unsupported feature } struct timeval *AttributesToTimeval(const tAttributes *a) { static struct timeval tv[2]; tv[0].tv_sec = a->atime; tv[0].tv_usec = 0; tv[1].tv_sec = a->mtime; tv[1].tv_usec = 0; return (tv); } mysecureshell_2.0/SftpServer/Log.c0000644000000000000000000001243612422711313016011 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include #include #include #ifdef HAVE_SYSLOG_H #include #endif //HAVE_SYSLOG_H #include "Log.h" #include "../Core/security.h" typedef struct s_log { char *file; int fd; int pid; int nextReopen; int useSyslog; #ifdef HAVE_LOG_IN_COLOR unsigned char color[MYLOG_MAX][3]; #endif } t_log; /*@null@*/ static t_log *_log = NULL; void mylog_open(char *file, int useSyslog) { int fd; if (_log == NULL) { _log = calloc(1, sizeof(*_log)); if (_log == NULL) { perror("unable to allocate log structure"); return; } _log->pid = getpid(); _log->fd = -1; } #ifdef HAVE_OPENLOG if (useSyslog == 1) { _log->useSyslog = 1; openlog("MySecureShell", LOG_PID, LOG_FTP); } #endif //HAVE_OPENLOG if (file != NULL && (fd = open(file, O_CREAT | O_APPEND | O_WRONLY, 0644)) != -1) { time_t t; t = time(NULL); (void) localtime(&t); if (_log != NULL) { _log->file = file; _log->fd = fd; if (fchown(fd, 0, 0) == -1) mylog_printf(MYLOG_ERROR, "Unable to chown log '%s' : %s", file, strerror(errno)); } /* Text color codes: 30=black 31=red 32=green 33=yellow 34=blue 35=magenta 36=cyan 37=white Background color codes: 40=black 41=red 42=green 43=yellow 44=blue 45=magenta 46=cyan 47=white Style: 00=none 01=bold 04=underscore 05=blink 07=reverse 08=concealed Form: text_color:background_color:style */ #ifdef HAVE_LOG_IN_COLOR _log->color[MYLOG_CONNECTION][0] = (unsigned char )32; _log->color[MYLOG_CONNECTION][1] = (unsigned char )40; _log->color[MYLOG_CONNECTION][2] = (unsigned char )1; _log->color[MYLOG_TRANSFERT][0] = (unsigned char )34; _log->color[MYLOG_TRANSFERT][1] = (unsigned char )40; _log->color[MYLOG_TRANSFERT][2] = (unsigned char )1; _log->color[MYLOG_NORMAL][0] = (unsigned char )37; _log->color[MYLOG_NORMAL][1] = (unsigned char )40; _log->color[MYLOG_NORMAL][2] = (unsigned char )0; _log->color[MYLOG_WARNING][0] = (unsigned char )31; _log->color[MYLOG_WARNING][1] = (unsigned char )40; _log->color[MYLOG_WARNING][2] = (unsigned char )1; _log->color[MYLOG_ERROR][0] = (unsigned char )31; _log->color[MYLOG_ERROR][1] = (unsigned char )40; _log->color[MYLOG_ERROR][2] = (unsigned char )7; _log->color[MYLOG_DEBUG][0] = (unsigned char )30; _log->color[MYLOG_DEBUG][1] = (unsigned char )47; _log->color[MYLOG_DEBUG][2] = (unsigned char )8; #endif } } void mylog_close() { if (_log != NULL && _log->fd != -1) xclose(_log->fd); } void mylog_reopen() { if (_log != NULL) _log->nextReopen = 1; } void mylog_close_and_free() { mylog_close(); if (_log != NULL) { #ifdef HAVE_CLOSELOG if (_log->useSyslog == 1) closelog(); #endif //HAVE_CLOSELOG if (_log->file != NULL) free(_log->file); free(_log); _log = NULL; } } void mylog_printf(int level, const char *str, ...) { va_list ap; char buffer[1024]; size_t size; if (_log != NULL && _log->useSyslog == 1) { int logprio; switch (level) { case MYLOG_DEBUG: logprio = LOG_DEBUG; break; case MYLOG_WARNING: logprio = LOG_WARNING; break; case MYLOG_ERROR: logprio = LOG_ERR; break; case MYLOG_TRANSFERT: logprio = LOG_NOTICE; break; default: logprio = LOG_INFO; break; } va_start(ap, str); vsyslog(logprio, str, ap); va_end(ap); } if (_log != NULL && _log->file != NULL) { struct tm *tm; time_t t; char fmt[1024]; if (_log->nextReopen == 1) { _log->nextReopen = 0; mylog_close(); mylog_open(_log->file, _log->useSyslog); } t = time(NULL); if ((tm = localtime(&t)) == NULL) { if (snprintf(fmt, sizeof(buffer), "[Error with time] [%i]%s\n", _log->pid, str) > 0) goto forceShowLog; return; } #ifndef HAVE_LOG_IN_COLOR if (snprintf(fmt, sizeof(buffer), "%i-%02i-%02i %02i:%02i:%02i [%i]%s\n", 1900 + tm->tm_year, 1 + tm->tm_mon, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, _log->pid, str) > 0) #else if (level < 0 || level >= MYLOG_MAX) level = MYLOG_ERROR; if (snprintf(fmt, sizeof(buffer), "%i-%02i-%02i %02i:%02i:%02i \33[%i:%i:%im[%i]%s\33[37:40:0m\n", 1900 + tm->tm_year, 1 + tm->tm_mon, tm->tm_mday, tm->tm_hour, tm->tm_min, tm->tm_sec, _log->color[level][0], _log->color[level][1], _log->color[level][2], _log->pid, str) > 0) #endif { forceShowLog: va_start(ap, str); if ((size = vsnprintf(buffer, sizeof(buffer), fmt, ap)) > 0) (void) write(_log->fd, buffer, size); va_end(ap); } } } void mylog_syslog(int level, const char *str, ...) { ; } mysecureshell_2.0/SftpServer/GetUsersInfos.h0000644000000000000000000000213212422711313020025 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _GETUSERSINFOS_H_ #define _GETUSERSINFOS_H_ typedef struct s_info { u_int32_t id; char *name; } t_info; void free_usersinfos(); t_info *mygetpwuid(u_int32_t uid); t_info *mygetpwnam(const char *login); t_info *mygetgrgid(u_int32_t gid); t_info *mygetgrnam(const char *group); #endif //_GETUSERSINFOS_H_ mysecureshell_2.0/SftpServer/Admin.h0000644000000000000000000000222012422711313016313 0ustar rootroot /* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifdef MSS_HAVE_ADMIN #ifndef _ADMIN_H_ #define _ADMIN_H_ void DoAdminListUsers(); void DoAdminKillUser(); void DoAdminServerStatus(); void DoAdminServerGetStatus(); void DoAdminGetLogContent(); void DoAdminConfigGet(); void DoAdminConfigSet(); void DoAdminUserCreate(); void DoAdminUserDelete(); void DoAdminUserList(); void DoAdminStats(tStats *stats); #endif //_ADMIN_H_ #endif //MSS_HAVE_ADMIN mysecureshell_2.0/SftpServer/GetUsersInfos.c0000644000000000000000000000707512422711313020033 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include "Global.h" #include "GetUsersInfos.h" #include "Log.h" #define TB_ALLOC_SIZE 42 static t_info *_users = NULL; static t_info *_groups = NULL; static int _usersSize = 0; static int _groupsSize = 0; static t_info *add_element_in_table(t_info **tb, int *tbSize, char *name, int id) { DEBUG((MYLOG_DEBUG, "add_element_in_table(%p, %i, %s, %i)", *tb, *tbSize, name, id)); if ((*tbSize % TB_ALLOC_SIZE) == 0) { *tb = realloc(*tb, (*tbSize + TB_ALLOC_SIZE) * sizeof(t_info)); DEBUG((MYLOG_DEBUG, "Increaze size to: %i", *tbSize + TB_ALLOC_SIZE)); } (*tb)[*tbSize].name = name; (*tb)[*tbSize].id = id; return &((*tb)[(*tbSize)++]); } void free_usersinfos() { int i; if (_users != NULL) { for (i = 0; i < _usersSize; i++) free(_users[i].name); free(_users); _users = NULL; } if (_groups != NULL) { for (i = 0; i < _groupsSize; i++) free(_groups[i].name); free(_groups); _groups = NULL; } } t_info *mygetpwnam(const char *login) { struct passwd *pwd; int i; if (login == NULL) return (NULL); for (i = 0; i < _usersSize; i++) if (strcmp(_users[i].name, login) == 0) return (&_users[i]); if ((pwd = getpwnam(login)) != NULL) return (add_element_in_table(&_users, &_usersSize, strdup(pwd->pw_name), pwd->pw_uid)); mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Couldn't resolve user name %i", gl_var->user, gl_var->ip, gl_var->portSource, login); return (NULL); } t_info *mygetpwuid(u_int32_t uid) { struct passwd *pwd; int i; for (i = 0; i < _usersSize; i++) if (_users[i].id == uid) return (&_users[i]); if ((pwd = getpwuid(uid)) != NULL) return (add_element_in_table(&_users, &_usersSize, strdup(pwd->pw_name), pwd->pw_uid)); mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Couldn't resolve user id %i", gl_var->user, gl_var->ip, gl_var->portSource, uid); return (NULL); } t_info *mygetgrnam(const char *group) { struct group *grp; int i; if (group == NULL) return (NULL); for (i = 0; i < _groupsSize; i++) if (strcmp(_groups[i].name, group) == 0) return (&_groups[i]); if ((grp = getgrnam(group)) != NULL) return (add_element_in_table(&_groups, &_groupsSize, strdup(grp->gr_name), grp->gr_gid)); mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Couldn't resolve group name %i", gl_var->user, gl_var->ip, gl_var->portSource, group); return (NULL); } t_info *mygetgrgid(u_int32_t gid) { struct group *grp; int i; for (i = 0; i < _groupsSize; i++) if (_groups[i].id == gid) return (&_groups[i]); if ((grp = getgrgid(gid)) != NULL) return (add_element_in_table(&_groups, &_groupsSize, strdup(grp->gr_name), grp->gr_gid)); mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Couldn't resolve group id %i", gl_var->user, gl_var->ip, gl_var->portSource, gid); return (NULL); } mysecureshell_2.0/SftpServer/SftpWho.c0000644000000000000000000001014312422711313016653 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include "SftpWho.h" #include #include #include #include static char *_shmfile = "/dev/null"; static int _shmkey = 0x421108; typedef struct s_shm { t_sftpglobal global; t_sftpwho who[SFTPWHO_MAXCLIENT]; } t_shm; static t_sftpwho *_sftpwho_ptr = NULL; t_sftpglobal *_sftpglobal = NULL; t_sftpwho *SftWhoGetAllStructs() { return (_sftpwho_ptr); } int SftpWhoDeleteStructs() { key_t key; int shmid; if ((key = ftok(_shmfile, _shmkey)) != -1 && (shmid = shmget(key, sizeof(t_shm), 0)) != -1) { if (shmctl(shmid, IPC_RMID, 0) == -1) return (0); } return (1); } t_sftpwho *SftpWhoGetStruct(int create) { void *ptr; key_t key; int shmid; int eraze = 0; int i, try, tryshm = 3; try_shm: if ((key = ftok(_shmfile, _shmkey)) != -1) { //try to join to existing shm if ((shmid = shmget(key, sizeof(t_shm), 0)) == -1) if (create == 1) { shmid = shmget(key, sizeof(t_shm), IPC_CREAT | IPC_EXCL | 0622); eraze = 1; } if (shmid == -1 && (errno == EINVAL || errno == EEXIST)) { //huho we have a old shm memory if (tryshm > 0) { tryshm--; _shmkey++; goto try_shm; } } if (shmid != -1 && (ptr = shmat(shmid, 0, 0)) != (void *) -1) { t_sftpwho *who = NULL; t_shm *shm = ptr; _sftpglobal = &shm->global; who = shm->who; _sftpwho_ptr = who; if (eraze == 1) memset(shm, 0, sizeof(t_shm)); else //clean all sessions of bugged client (abnormally quit) (void) SftpWhoCleanBuggedClient(); if (create == -1) return (who); //search a empty place :) //try to search 3 times to prevent infinite loop for (try = 0; try < 3; try++) for (i = 0; i < SFTPWHO_MAXCLIENT; i++) if (who[i].status == SFTPWHO_EMPTY) { (void) usleep(100); if (who[i].status == SFTPWHO_EMPTY) { //clean all old infos memset(&who[i], 0, sizeof(*who)); //marked structure as occuped :) who[i].status = SFTPWHO_IDLE; return (&who[i]); } } } } return (NULL); } //return number of connected clients int SftpWhoCleanBuggedClient() { u_int32_t t; int i, nb, nbdown, nbup; if (_sftpwho_ptr == NULL) return (0); t = (u_int32_t) time(0); nb = 0; nbdown = 0; nbup = 0; for (i = 0; i < SFTPWHO_MAXCLIENT; i++) if ((_sftpwho_ptr[i].status & SFTPWHO_STATUS_MASK) != SFTPWHO_EMPTY) { //add 60s to make sure that the session is definitively dead if ((_sftpwho_ptr[i].time_begin + _sftpwho_ptr[i].time_total + 60) < t) _sftpwho_ptr[i].status = SFTPWHO_EMPTY; else { nb++; if ((_sftpwho_ptr[i].status & SFTPWHO_STATUS_MASK) == SFTPWHO_GET) nbdown++; else if ((_sftpwho_ptr[i].status & SFTPWHO_STATUS_MASK) == SFTPWHO_PUT) nbup++; } } if (nbdown > 0) _sftpglobal->download_by_client = _sftpglobal->download_max / nbdown; else _sftpglobal->download_by_client = _sftpglobal->download_max; if (nbup > 0) _sftpglobal->upload_by_client = _sftpglobal->upload_max / nbup; else _sftpglobal->upload_by_client = _sftpglobal->upload_max; return (nb); } void SftpWhoReleaseStruct(/*@null@*/t_sftpwho *currentSession) { if (currentSession != NULL) currentSession->status = SFTPWHO_EMPTY; if (_sftpglobal != NULL) { (void) shmdt(_sftpglobal); _sftpglobal = NULL; } } mysecureshell_2.0/SftpServer/Sftp.h0000644000000000000000000002073612422711313016213 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _SFTP_H_ #define _SFTP_H_ #include #include #include #include "SftpWho.h" #define HAS_BIT(_A, _B) (((_A) & (_B)) == (_B)) #ifndef MIN #define MIN(_A, _B) ((_A) < (_B) ? (_A) : (_B)) #endif #ifndef MAX #define MAX(_A, _B) ((_A) > (_B) ? (_A) : (_B)) #endif #ifndef PATH_MAX #define PATH_MAX 4096 #endif #ifndef S_ISVTX #define S_ISVTX 01000 #endif #define SSH2_MAX_PACKET 131072 #define SSH2_MAX_READ 131072 #define SSH2_READ_HASH 131072 /* version */ #define SSH2_FILEXFER_VERSION 5 #define SSH2_SIMPLE_ADMIN_VERSION 254 #define SSH2_ADMIN_VERSION 255 /* client to server */ #define SSH2_FXP_INIT 1 #define SSH2_FXP_OPEN 3 #define SSH2_FXP_CLOSE 4 #define SSH2_FXP_READ 5 #define SSH2_FXP_WRITE 6 #define SSH2_FXP_LSTAT 7 #define SSH2_FXP_FSTAT 8 #define SSH2_FXP_SETSTAT 9 #define SSH2_FXP_FSETSTAT 10 #define SSH2_FXP_OPENDIR 11 #define SSH2_FXP_READDIR 12 #define SSH2_FXP_REMOVE 13 #define SSH2_FXP_MKDIR 14 #define SSH2_FXP_RMDIR 15 #define SSH2_FXP_REALPATH 16 #define SSH2_FXP_STAT 17 #define SSH2_FXP_RENAME 18 #define SSH2_FXP_READLINK 19 #define SSH2_FXP_SYMLINK 20 /* server to client */ #define SSH2_FXP_VERSION 2 #define SSH2_FXP_STATUS 101 #define SSH2_FXP_HANDLE 102 #define SSH2_FXP_DATA 103 #define SSH2_FXP_NAME 104 #define SSH2_FXP_ATTRS 105 #define SSH2_FXP_EXTENDED 200 #define SSH2_FXP_EXTENDED_REPLY 201 #define SSH_ADMIN_LIST_USERS 210 #define SSH_ADMIN_LIST_USERS_REPLY 211 #define SSH_ADMIN_KILL_USER 212 #define SSH_ADMIN_SERVER_STATUS 213 #define SSH_ADMIN_SERVER_GET_STATUS 214 #define SSH_ADMIN_SERVER_GET_STATUS_REPLY 215 #define SSH_ADMIN_GET_LOG_CONTENT 216 #define SSH_ADMIN_CONFIG_GET 217 #define SSH_ADMIN_CONFIG_SET 218 #define SSH_ADMIN_USER_CREATE 219 #define SSH_ADMIN_USER_DELETE 220 #define SSH_ADMIN_USER_LIST 221 #define SSH_ADMIN_STATS 222 #define SSH_ADMIN_STATS_REPLY 223 /* attributes */ #define SSH2_FILEXFER_ATTR_SIZE 0x00000001 #define SSH2_FILEXFER_ATTR_UIDGID 0x00000002 #define SSH2_FILEXFER_ATTR_PERMISSIONS 0x00000004 #define SSH2_FILEXFER_ATTR_ACMODTIME 0x00000008 #define SSH4_FILEXFER_ATTR_ACCESSTIME 0x00000008 #define SSH4_FILEXFER_ATTR_CREATETIME 0x00000010 #define SSH4_FILEXFER_ATTR_MODIFYTIME 0x00000020 #define SSH2_FILEXFER_ATTR_ACL 0x00000040 #define SSH4_FILEXFER_ATTR_OWNERGROUP 0x00000080 #define SSH4_FILEXFER_ATTR_SUBSECOND_TIMES 0x00000100 #define SSH5_FILEXFER_ATTR_BITS 0x00000200 #define SSH2_FILEXFER_ATTR_EXTENDED 0x80000000 #define SSH5_FILEXFER_ATTR__MASK 0x8FFFFFFF #define SSH5_FILEXFER_ATTR__BITS 0x800003FF #define SSH5_FILEXFER_ATTR_FLAGS_READONLY 0x00000001 #define SSH5_FILEXFER_ATTR_FLAGS_SYSTEM 0x00000002 #define SSH5_FILEXFER_ATTR_FLAGS_HIDDEN 0x00000004 #define SSH5_FILEXFER_ATTR_FLAGS_CASE_INSENSITIVE 0x00000008 #define SSH5_FILEXFER_ATTR_FLAGS_ARCHIVE 0x00000010 #define SSH5_FILEXFER_ATTR_FLAGS_ENCRYPTED 0x00000020 #define SSH5_FILEXFER_ATTR_FLAGS_COMPRESSED 0x00000040 #define SSH5_FILEXFER_ATTR_FLAGS_SPARSE 0x00000080 #define SSH5_FILEXFER_ATTR_FLAGS_APPEND_ONLY 0x00000100 #define SSH5_FILEXFER_ATTR_FLAGS_IMMUTABLE 0x00000200 #define SSH5_FILEXFER_ATTR_FLAGS_SYNC 0x00000400 /* portable open modes */ #define SSH2_FXF_READ 0x00000001 #define SSH2_FXF_WRITE 0x00000002 #define SSH2_FXF_APPEND 0x00000004 #define SSH2_FXF_CREAT 0x00000008 #define SSH2_FXF_TRUNC 0x00000010 #define SSH2_FXF_EXCL 0x00000020 #define SSH4_FXF_TEXT 0x00000040 #define SSH5_FXF_CREATE_NEW 0x00000000 #define SSH5_FXF_CREATE_TRUNCATE 0x00000001 #define SSH5_FXF_OPEN_EXISTING 0x00000002 #define SSH5_FXF_OPEN_OR_CREATE 0x00000003 #define SSH5_FXF_TRUNCATE_EXISTING 0x00000004 #define SSH5_FXF_ACCESS_DISPOSITION 0x00000007 #define SSH5_FXF__FLAGS 0x0000007F #define SSH5_FXF_ACCESS_APPEND_DATA 0x00000008 #define SSH5_FXF_ACCESS_APPEND_DATA_ATOMIC 0x00000010 #define SSH5_FXF_ACCESS_TEXT_MODE 0x00000020 #define SSH5_FXF_ACCESS_READ_LOCK 0x00000040 #define SSH5_FXF_ACCESS_WRITE_LOCK 0x00000080 #define SSH5_FXF_ACCESS_DELETE_LOCK 0x00000100 #define SSH5_FXF_ACCESS__FLAGS 0x000001F8 /* message flags */ #define SSH5_FXP_RENAME_OVERWRITE 0x00000001 #define SSH5_FXP_RENAME_ATOMIC 0x00000002 #define SSH5_FXP_RENAME_NATIVE 0x00000004 /* ace type */ #define SSH5_ACE4_ACCESS_ALLOWED_ACE_TYPE 0x00000000 #define SSH5_ACE4_ACCESS_DENIED_ACE_TYPE 0x00000001 #define SSH5_ACE4_SYSTEM_AUDIT_ACE_TYPE 0x00000002 #define SSH5_ACE4_SYSTEM_ALARM_ACE_TYPE 0x00000003 /* ace mask */ #define SSH5_ACE4_READ_DATA 0x00000001 #define SSH5_ACE4_LIST_DIRECTORY 0x00000001 #define SSH5_ACE4_WRITE_DATA 0x00000002 #define SSH5_ACE4_ADD_FILE 0x00000002 #define SSH5_ACE4_APPEND_DATA 0x00000004 #define SSH5_ACE4_ADD_SUBDIRECTORY 0x00000004 #define SSH5_ACE4_READ_NAMED_ATTRS 0x00000008 #define SSH5_ACE4_WRITE_NAMED_ATTRS 0x00000010 #define SSH5_ACE4_EXECUTE 0x00000020 #define SSH5_ACE4_DELETE_CHILD 0x00000040 #define SSH5_ACE4_READ_ATTRIBUTES 0x00000080 #define SSH5_ACE4_WRITE_ATTRIBUTES 0x00000100 #define SSH5_ACE4_DELETE 0x00010000 #define SSH5_ACE4_READ_ACL 0x00020000 #define SSH5_ACE4_WRITE_ACL 0x00040000 #define SSH5_ACE4_WRITE_OWNER 0x00080000 #define SSH5_ACE4_SYNCHRONIZE 0x00100000 /* status messages */ #define SSH2_FX_OK 0 #define SSH2_FX_EOF 1 #define SSH2_FX_NO_SUCH_FILE 2 #define SSH2_FX_PERMISSION_DENIED 3 #define SSH2_FX_FAILURE 4 #define SSH2_FX_BAD_MESSAGE 5 #define SSH2_FX_NO_CONNECTION 6 #define SSH2_FX_CONNECTION_LOST 7 #define SSH2_FX_OP_UNSUPPORTED 8 #define SSH4_FX_INVALID_HANDLE 9 #define SSH4_FX_NO_SUCH_PATH 10 #define SSH4_FX_FILE_ALREADY_EXISTS 11 #define SSH4_FX_WRITE_PROTECT 12 #define SSH4_FX_NO_MEDIA 13 #define SSH5_FX_NO_SPACE_ON_FILESYSTEM 14 #define SSH5_FX_QUOTA_EXCEEDED 15 #define SSH5_FX_UNKNOWN_PRINCIPLE 16 #define SSH5_FX_LOCK_CONFlICT 17 #define SSH2_FX_MAX 18 /* file type */ #define SSH4_FILEXFER_TYPE_REGULAR 1 #define SSH4_FILEXFER_TYPE_DIRECTORY 2 #define SSH4_FILEXFER_TYPE_SYMLINK 3 #define SSH4_FILEXFER_TYPE_SPECIAL 4 #define SSH4_FILEXFER_TYPE_UNKNOWN 5 #define SSH5_FILEXFER_TYPE_SOCKET 6 #define SSH5_FILEXFER_TYPE_CHAR_DEVICE 7 #define SSH5_FILEXFER_TYPE_BLOCK_DEVICE 8 #define SSH5_FILEXFER_TYPE_FIFO 9 typedef struct sAttributes { u_int32_t flags; u_int8_t type; u_int64_t size; u_int32_t uid; u_int32_t gid; u_int32_t perm; u_int32_t atime; u_int32_t ctime; u_int32_t mtime; u_int32_t attrib; } tAttributes; typedef struct sStat { char *name; char *longName; tAttributes attributes; } tStat; /* Global defines */ #define MSS_TRUE 1 #define MSS_FALSE 0 /* End defines */ typedef struct sGlobal { t_sftpwho *who; char *user; char *ip; int portSource; char *home; uid_t current_user; gid_t current_group; u_int32_t flagsGlobals; u_int32_t flagsDisable; int must_shutdown; int max_openfiles; int max_readfiles; int max_writefiles; int default_rights_file; int default_rights_directory; int minimum_rights_file; int minimum_rights_directory; int maximum_rights_file; int maximum_rights_directory; u_int32_t download_current; u_int32_t upload_current; u_int32_t download_max; u_int32_t upload_max; char *force_user; char *force_group; u_int32_t dir_mode; } tGlobal; extern u_int32_t cVersion; int SftpMain(tGlobal *params, int sftpProtocol); void DoInit(); void DoRealPath(); void DoOpenDir(); void DoReadDir(); void DoClose(); void DoOpen(); void DoRead(); void DoWrite(); void DoReadLink(); void DoStat(); void DoFStat(); void DoSetStat(int usePath); void DoRemove(); void DoMkDir(); void DoRmDir(); void DoRename(); void DoSymLink(); void DoUnsupported(); void DoExtended(); void DoSFTPProtocol(); #endif //_SFTP_H_ mysecureshell_2.0/SftpServer/Util.c0000644000000000000000000001674212422711313016211 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include #include #include #include #include #include "Sftp.h" #include "Util.h" #include "GetUsersInfos.h" #include "../Core/security.h" #ifndef O_SYNC #define O_SYNC O_FSYNC #endif //O_SYNC static void StrMode(mode_t mode, char d[12]) { switch (mode & S_IFMT) { case S_IFDIR: d[0] = 'd'; break; case S_IFCHR: d[0] = 'c'; break; case S_IFBLK: d[0] = 'b'; break; case S_IFREG: d[0] = '-'; break; #ifdef S_IFLNK case S_IFLNK: d[0] = 'l'; break; #endif #ifdef S_IFSOCK case S_IFSOCK: d[0] = 's'; break; #endif #ifdef S_IFIFO case S_IFIFO: d[0] = 'p'; break; #endif #ifdef S_IFWHT case S_IFWHT: d[0] = 'w'; break; #endif default: d[0] = '?'; break; } d[1] = HAS_BIT(mode, S_IRUSR) ? 'r' : '-'; d[2] = HAS_BIT(mode, S_IWUSR) ? 'w' : '-'; switch (mode & (S_IXUSR | S_ISUID)) { case 0: d[3] = '-'; break; case S_IXUSR: d[3] = 'x'; break; case S_ISUID: d[3] = 'S'; break; case S_IXUSR | S_ISUID: d[3] = 's'; break; } d[4] = HAS_BIT(mode, S_IRGRP) ? 'r' : '-'; d[5] = HAS_BIT(mode, S_IWGRP) ? 'w' : '-'; switch (mode & (S_IXGRP | S_ISGID)) { case 0: d[6] = '-'; break; case S_IXGRP: d[6] = 'x'; break; case S_ISGID: d[6] = 'S'; break; case S_IXGRP | S_ISGID: d[6] = 's'; break; } d[7] = HAS_BIT(mode, S_IROTH) ? 'r' : '-'; d[8] = HAS_BIT(mode, S_IWOTH) ? 'w' : '-'; switch (mode & (S_IXOTH | S_ISVTX)) { case 0: d[9] = '-'; break; case S_IXOTH: d[9] = 'x'; break; case S_ISVTX: d[9] = 'T'; break; case S_IXOTH | S_ISVTX: d[9] = 't'; break; } d[10] = ' '; /* will be a '+' if ACL's implemented */ d[11] = '\0'; } char *LsFile(const char *name, const struct stat *st) { int ulen, glen, sz = 0; struct tm *ltime = localtime(&st->st_mtime); t_info *pw; t_info *gr; char *user, *group; char buf[1024], mode[11 + 1], tbuf[12 + 1], ubuf[11 + 1], gbuf[11 + 1]; StrMode(st->st_mode, mode); if ((pw = mygetpwuid((u_int32_t) st->st_uid)) != NULL) user = pw->name; else { (void) snprintf(ubuf, sizeof(ubuf), "%u", (unsigned int) st->st_uid); user = ubuf; } if ((gr = mygetgrgid((u_int32_t) st->st_gid)) != NULL) group = gr->name; else { (void) snprintf(gbuf, sizeof(gbuf), "%u", (unsigned int) st->st_gid); group = gbuf; } if (ltime != NULL) { if (time(0) - st->st_mtime < (365 * 24 * 60 * 60) / 2) sz = strftime(tbuf, sizeof(tbuf), "%b %e %H:%M", ltime); else sz = strftime(tbuf, sizeof(tbuf), "%b %e %Y", ltime); } if (sz == 0) tbuf[0] = '\0'; ulen = MAX((int) strlen(user), 8); glen = MAX((int) strlen(group), 8); (void) snprintf(buf, sizeof(buf), "%s %3u %-*s %-*s %8llu %s %s", mode, (unsigned int) st->st_nlink, ulen, user, glen, group, (unsigned long long int) st->st_size, tbuf, name); return (strdup(buf)); } int FlagsFromPortable(int pFlags, int *textMode) { int flags = 0; *textMode = 0; if (cVersion >= 5) { switch (pFlags & SSH5_FXF_ACCESS_DISPOSITION) { case SSH5_FXF_CREATE_NEW: flags = O_EXCL | O_CREAT; break; case SSH5_FXF_CREATE_TRUNCATE: flags = O_TRUNC | O_CREAT; break; case SSH5_FXF_OPEN_EXISTING: flags = 0; break; case SSH5_FXF_OPEN_OR_CREATE: flags = O_CREAT; break; case SSH5_FXF_TRUNCATE_EXISTING: flags = O_TRUNC | O_EXCL | O_CREAT; break; } if ((HAS_BIT(pFlags, SSH5_FXF_ACCESS_APPEND_DATA)) || HAS_BIT(pFlags, SSH5_FXF_ACCESS_APPEND_DATA_ATOMIC)) flags |= O_APPEND; if (HAS_BIT(pFlags, SSH5_FXF_ACCESS_TEXT_MODE)) *textMode = 1; } else { if (HAS_BIT(pFlags, SSH2_FXF_READ) && HAS_BIT(pFlags, SSH2_FXF_WRITE)) flags = O_RDWR; else if (HAS_BIT(pFlags, SSH2_FXF_READ)) flags = O_RDONLY; else if (HAS_BIT(pFlags, SSH2_FXF_WRITE)) flags = O_WRONLY; if (HAS_BIT(pFlags, SSH2_FXF_CREAT)) flags |= O_CREAT; if (HAS_BIT(pFlags, SSH2_FXF_TRUNC)) flags |= O_TRUNC; if (HAS_BIT(pFlags, SSH2_FXF_EXCL)) flags |= O_EXCL; if (HAS_BIT(pFlags, SSH4_FXF_TEXT)) *textMode = 1; } return (flags); } int FlagsFromAccess(int access) { int flags = 0; if (HAS_BIT(access, SSH5_ACE4_READ_DATA)) { if (HAS_BIT(access, SSH5_ACE4_WRITE_DATA)) flags = O_RDWR; else flags = O_RDONLY; } else if (HAS_BIT(access, SSH5_ACE4_WRITE_DATA)) flags = O_WRONLY; if (HAS_BIT(access, SSH5_ACE4_APPEND_DATA)) flags |= O_APPEND; if (HAS_BIT(access, SSH5_ACE4_SYNCHRONIZE)) flags |= O_SYNC; return (flags); } int errnoToPortable(int unixErrno) { int ret = 0; switch (unixErrno) { case 0: ret = SSH2_FX_OK; break; case EROFS: ret = cVersion <= 3 ? SSH2_FX_FAILURE : SSH4_FX_WRITE_PROTECT; break; case EEXIST: ret = cVersion <= 3 ? SSH2_FX_FAILURE : SSH4_FX_FILE_ALREADY_EXISTS; break; case ENOTDIR: ret = cVersion <= 3 ? SSH2_FX_NO_SUCH_FILE : SSH4_FX_NO_SUCH_PATH; break; case EBADF: ret = cVersion <= 3 ? SSH2_FX_NO_SUCH_FILE : SSH4_FX_INVALID_HANDLE; break; case ENOENT: case ELOOP: ret = SSH2_FX_NO_SUCH_FILE; break; case EPERM: case EACCES: case EFAULT: ret = SSH2_FX_PERMISSION_DENIED; break; case ENAMETOOLONG: case EINVAL: ret = SSH2_FX_BAD_MESSAGE; break; default: ret = SSH2_FX_FAILURE; break; } return ret; } /*@null@*/ char *ExecCommand(char *cmd, int *myRet) { char *args[2]; args[0] = cmd; args[1] = 0; return (ExecCommandWithArgs(args, myRet, NULL, 1)); } /*@null@*/ char *ExecCommandWithArgs(char **args, int *myRet, /*@null@*/ const char *dataInput, int shouldReturnString) { size_t size = 0, ret; pid_t pid; char buffer[1024], *str = NULL; int fdsI[2], fdsO[2]; *myRet = -1; if (dataInput != NULL && pipe(fdsI) == -1) return (NULL); if (pipe(fdsO) == -1) { if (dataInput != NULL) { xclose(fdsI[0]); xclose(fdsI[1]); } return (NULL); } if ((pid = fork()) == 0) { if (dataInput != NULL) { xdup2(fdsI[0], 0); xclose(fdsI[0]); xclose(fdsI[1]); } xdup2(fdsO[1], 1); xdup2(fdsO[1], 2); xclose(fdsO[0]); xclose(fdsO[1]); (void) execv(args[0], args); exit(1); } else if (pid == -1) { if (dataInput != NULL) { xclose(fdsI[0]); xclose(fdsI[1]); } xclose(fdsO[0]); xclose(fdsO[1]); return (NULL); } if (dataInput != NULL) { size_t len, off, r; off = 0; len = strlen(dataInput); xclose(fdsI[0]); while ((r = write(fdsI[1], dataInput + off, len)) > 0) { off += r; len -= r; if (len == 0) break; } xclose(fdsI[1]); } xclose(fdsO[1]); str = malloc(1); if (str != NULL) { str[0] = '\0'; while ((ret = read(fdsO[0], buffer, sizeof(buffer))) > 0) { if (shouldReturnString == 1) { str = realloc(str, size + ret + 1); strncat(str, buffer, ret); } size += ret; } xclose(fdsO[0]); (void) waitpid(pid, myRet, 0); if (shouldReturnString == 1) return (str); free(str); } return (NULL); } mysecureshell_2.0/SftpServer/Log.h0000644000000000000000000000235212422711313016012 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef __LOG_H__ #define __LOG_H__ #define MYLOG_CONNECTION 0 #define MYLOG_TRANSFERT 1 #define MYLOG_NORMAL 2 #define MYLOG_WARNING 3 #define MYLOG_ERROR 4 #define MYLOG_DEBUG 5 #define MYLOG_MAX 6 void mylog_open(char *file, int useSyslog); void mylog_close_and_free(); void mylog_close(); void mylog_reopen(); void mylog_time(int hours); void mylog_printf(int level, const char *str, ...); #ifdef DODEBUG #define DEBUG(_X) mylog_printf _X #else #define DEBUG(_X) #endif #endif mysecureshell_2.0/SftpServer/Buffer.h0000644000000000000000000000523512422711313016505 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _BUFFER_H_ #define _BUFFER_H_ #include "Sftp.h" typedef struct sBuffer { unsigned char *data; u_int32_t length; u_int32_t read; u_int32_t size; u_int32_t fastClean; } tBuffer; #define DEFAULT_GROW 256 #define BufferHandleSize 6 //sizeof(int32) + 1 char + '\0' /*@null@*/ tBuffer *BufferNew(); void BufferClean(tBuffer *b); void BufferDelete(tBuffer *b); void BufferGrow(tBuffer *b, u_int32_t toAdd); void BufferReadData(tBuffer *b, u_int32_t size); void BufferPutInt8(tBuffer *b, u_int8_t nb); void BufferPutInt16(tBuffer *b, u_int16_t nb); void BufferPutInt32(tBuffer *b, u_int32_t nb); void BufferPutInt64(tBuffer *b, u_int64_t nb); void BufferPutHandle(tBuffer *b, int h); void BufferPutString(tBuffer *b, const char *data); void BufferPutRawData(tBuffer *b, const void *data, u_int32_t size); u_int8_t BufferGetInt8(tBuffer *b); u_int32_t BufferGetInt32(tBuffer *b); u_int64_t BufferGetInt64(tBuffer *b); int BufferGetHandle(tBuffer *b); char *BufferGetString(tBuffer *b); char *BufferGetData(tBuffer *b, u_int32_t *size); #define BufferSetFastClean(_D, _STATE) (_D)->fastClean = _STATE #define BufferEnsureFreeCapacity(_D, _INT32) { if (((_D)->length + _INT32) > (_D)->size) BufferGrow(_D, _INT32); } #define BufferPutData(_D, _DATA, _SIZE) { BufferPutInt32(_D, _SIZE); BufferPutRawData(_D, _DATA, _SIZE); } #define BufferPutPacket(_D, _S) BufferPutData((_D), (_S)->data, (_S)->length) #define BufferPutInt8FAST(_D, _INT8) (_D)->data[(_D)->length++] = _INT8; #define BufferGetInt8FAST(_D) (u_int8_t )(_D)->data[(_D)->read++] #define BufferGetReadPointer(_D) &(_D)->data[(_D)->read] #define BufferIncrCurrentReadPosition(_D, _V) (_D)->read += _V #define BufferGetWritePointer(_D) &(_D)->data[(_D)->length] #define BufferGetCurrentWritePosition(_D) (_D)->length #define BufferSetCurrentWritePosition(_D, _V) (_D)->length = _V #define BufferIncrCurrentWritePosition(_D, _V) (_D)->length += _V #endif //_BUFFER_H_ mysecureshell_2.0/SftpServer/Stats.c0000644000000000000000000000437012422711313016364 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include "Buffer.h" #include "SftpWho.h" #include "Stats.h" tStats *StatsNew() { tStats *stats; stats = calloc(1, sizeof(*stats)); return (stats); } void StatsDelete(tStats *stats) { free(stats); } void StatsUpdate(tStats *stats) { t_sftpwho *who = SftWhoGetAllStructs(); if (who != NULL) { u_int32_t download = 0, upload = 0; u_int16_t users = 0; int i; for (i = 0; i < SFTPWHO_MAXCLIENT; i++) { if ((who[i].status & SFTPWHO_STATUS_MASK) != SFTPWHO_EMPTY) { users++; download += who[i].download_current; upload += who[i].upload_current; } } stats->users[stats->writePos] = users; stats->download[stats->writePos] = download; stats->upload[stats->writePos] = upload; stats->writePos = (stats->writePos + 1) % STATS_SECONDES; } } void StatsSend(tStats *stats, u_int32_t lastRefresh, tBuffer *b) { u_int32_t currentTime, showTime; int firstPos, i; currentTime = (u_int32_t )time(NULL); showTime = currentTime - lastRefresh; if (showTime >= STATS_SECONDES) showTime = STATS_SECONDES - 1; firstPos = (stats->writePos - (int )showTime + STATS_SECONDES) % STATS_SECONDES; BufferPutInt32(b, showTime); for (i = firstPos; i != stats->writePos; ) { BufferPutInt16(b, stats->users[i]); BufferPutInt32(b, stats->download[i]); BufferPutInt32(b, stats->upload[i]); i = (i + 1) % STATS_SECONDES; } } mysecureshell_2.0/SftpServer/Handle.c0000644000000000000000000000547012422711313016463 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include "Handle.h" #include "../Core/security.h" /*@null@*/ static tHandle *gHandle = NULL; void HandleInit() { int i; gHandle = calloc(HANDLE_NUMBER, sizeof(*gHandle)); if (gHandle != NULL) for (i = 0; i < HANDLE_NUMBER; i++) { gHandle[i].id = i; gHandle[i].fd = -1; } } void HandleCloseAll() { if (gHandle != NULL) { int i; for (i = 0; i < HANDLE_NUMBER; i++) if (gHandle[i].state != HANDLE_UNUSED) HandleClose(i); free(gHandle); gHandle = NULL; } } tHandle *HandleNew(int state, char *path, int fd, DIR *dir, int fileIsText, int flags) { int i; if (gHandle != NULL) for (i = 0; i < HANDLE_NUMBER; i++) if (gHandle[i].state == HANDLE_UNUSED) { gHandle[i].state = state; gHandle[i].dir = dir; gHandle[i].fd = fd; gHandle[i].path = path; gHandle[i].fileIsText = fileIsText; gHandle[i].flags = flags; return (&gHandle[i]); } return (NULL); } tHandle *HandleGet(int pos) { if (gHandle != NULL && pos >= 0 && pos < HANDLE_NUMBER) return (&gHandle[pos]); return (NULL); } tHandle *HandleGetFile(int pos) { if (gHandle != NULL && pos >= 0 && pos < HANDLE_NUMBER && gHandle[pos].state == HANDLE_FILE) return (&gHandle[pos]); return (NULL); } tHandle *HandleGetDir(int pos) { if (gHandle != NULL && pos >= 0 && pos < HANDLE_NUMBER && gHandle[pos].state == HANDLE_DIR) return (&gHandle[pos]); return (NULL); } tHandle *HandleGetLastOpen(int state) { tHandle *lastHdl = NULL; int i; if (gHandle != NULL) for (i = 0; i < HANDLE_NUMBER; i++) if (gHandle[i].state == state) lastHdl = &gHandle[i]; return (lastHdl); } void HandleClose(int pos) { if (gHandle != NULL && pos >= 0 && pos < HANDLE_NUMBER) { if (gHandle[pos].state == HANDLE_DIR) (void) closedir(gHandle[pos].dir); else xclose(gHandle[pos].fd); free(gHandle[pos].path); gHandle[pos].dir = NULL; gHandle[pos].fd = -1; gHandle[pos].path = NULL; gHandle[pos].state = HANDLE_UNUSED; } } mysecureshell_2.0/SftpServer/Encode.h0000644000000000000000000000221512422711313016464 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _ENCODE_H_ #define _ENCODE_H_ #include #include #include "Buffer.h" tAttributes *GetAttributes(tBuffer *bIn); void StatToAttributes(const struct stat *st, tAttributes *a, const char *fileName); void EncodeAttributes(tBuffer *b, const tAttributes *a, /*@null@*/ const char *file); struct timeval *AttributesToTimeval(const tAttributes *a); #endif //_ENCODE_H_ mysecureshell_2.0/SftpServer/Buffer.c0000644000000000000000000001426312422711313016501 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include "Buffer.h" /*@null@*/ tBuffer *BufferNew() { tBuffer *b; b = malloc(sizeof(*b)); if (b != NULL) { b->size = DEFAULT_GROW; b->data = malloc(b->size); b->length = 0; b->read = 0; b->fastClean = 0; } return (b); } void BufferGrow(tBuffer *b, u_int32_t toAdd) { b->size += toAdd; b->data = realloc(b->data, b->size); } void BufferClean(tBuffer *b) { if (b->read > 0) { if (b->length > b->read) { memmove(b->data, b->data + b->read, b->length - b->read); b->length -= b->read; } else b->length = 0; b->read = 0; if (b->fastClean == 0) { u_int32_t nextSize; nextSize = b->size >> 2; if (b->length < nextSize && nextSize >= DEFAULT_GROW) { b->size = nextSize; b->data = realloc(b->data, b->size); } } } } void BufferDelete(tBuffer *b) { free(b->data); free(b); } void BufferPutInt8(tBuffer *b, u_int8_t nb) { if ((b->length + 1) > b->size) BufferGrow(b, DEFAULT_GROW); b->data[b->length++] = nb; } void BufferPutInt16(tBuffer *b, u_int16_t nb) { if ((b->length + 2) > b->size) BufferGrow(b, DEFAULT_GROW); b->data[b->length++] = (nb >> 8); b->data[b->length++] = nb; } void BufferPutInt32(tBuffer *b, u_int32_t nb) { if ((b->length + 4) > b->size) BufferGrow(b, DEFAULT_GROW); b->data[b->length++] = (nb >> 24); b->data[b->length++] = (nb >> 16); b->data[b->length++] = (nb >> 8); b->data[b->length++] = nb; } void BufferPutInt64(tBuffer *b, u_int64_t nb) { u_int32_t n1, n2; n1 = (u_int64_t) nb >> (u_int64_t) 32; n2 = (u_int64_t) nb & (u_int64_t) 0xffffffff; if ((b->length + 8) > b->size) BufferGrow(b, DEFAULT_GROW); b->data[b->length++] = (n1 >> 24); b->data[b->length++] = (n1 >> 16); b->data[b->length++] = (n1 >> 8); b->data[b->length++] = n1; b->data[b->length++] = (n2 >> 24); b->data[b->length++] = (n2 >> 16); b->data[b->length++] = (n2 >> 8); b->data[b->length++] = n2; } void BufferPutRawData(tBuffer *b, const void *data, u_int32_t size) { if ((b->length + size) > b->size) BufferGrow(b, b->length + size - b->size + DEFAULT_GROW); memcpy(b->data + b->length, data, size); b->length += size; } void BufferPutString(tBuffer *b, const char *data) { size_t size; size = strlen(data); if ((b->length + size + 4) > b->size) BufferGrow(b, b->length + size + 4 - b->size + DEFAULT_GROW); b->data[b->length++] = (size >> 24); b->data[b->length++] = (size >> 16); b->data[b->length++] = (size >> 8); b->data[b->length++] = size; memcpy(b->data + b->length, data, size); b->length += size; } void BufferPutHandle(tBuffer *b, int h) { if ((b->length + BufferHandleSize) > b->size) BufferGrow(b, b->length + BufferHandleSize - b->size + DEFAULT_GROW); b->data[b->length++] = 0; b->data[b->length++] = 0; b->data[b->length++] = 0; b->data[b->length++] = 2; BufferPutInt8FAST(b, h + (int )'0'); BufferPutInt8FAST(b, '\0'); } #ifdef DODEBUG #include "Log.h" static char *ASCII = "0123456789ABCDEF"; static void dumpPacket(tBuffer *b, int trySize) { char *buffer; int i, pos; mylog_printf(MYLOG_DEBUG, "[dumpPacket][length:%i][read:%i][size:%i][trySize:%i]", b->length, b->read, b->size, trySize); buffer = malloc(b->length * 2 + 1); for (i = b->read, pos = 0; i < b->length; i++) { unsigned char c = (unsigned char)b->data[i]; buffer[pos++] = ASCII[c / 16]; buffer[pos++] = ASCII[c % 16]; } buffer[pos] = 0; mylog_printf(MYLOG_DEBUG, "[%s]", buffer); free(buffer); } #endif void BufferReadData(tBuffer *b, u_int32_t size) { if ((b->read + size) <= b->length) b->read += size; #ifdef DODEBUG else dumpPacket(b, size); #endif } u_int8_t BufferGetInt8(tBuffer *b) { u_int8_t nb; if ((b->read + 1) > b->length) { #ifdef DODEBUG dumpPacket(b, 1); #endif return (0); } nb = (u_int8_t) b->data[b->read++]; return (nb); } u_int32_t BufferGetInt32(tBuffer *b) { u_int32_t nb; if ((b->read + 4) > b->length) { #ifdef DODEBUG dumpPacket(b, 4); #endif return (0); } nb = (u_int32_t) b->data[b->read++] << 24; nb += (u_int32_t) b->data[b->read++] << 16; nb += (u_int32_t) b->data[b->read++] << 8; nb += (u_int32_t) b->data[b->read++]; return (nb); } u_int64_t BufferGetInt64(tBuffer *b) { u_int64_t nb; if ((b->read + 8) > b->length) { #ifdef DODEBUG dumpPacket(b, 8); #endif return (0); } nb = (u_int64_t) b->data[b->read++] << 56; nb += (u_int64_t) b->data[b->read++] << 48; nb += (u_int64_t) b->data[b->read++] << 40; nb += (u_int64_t) b->data[b->read++] << 32; nb += (u_int64_t) b->data[b->read++] << 24; nb += (u_int64_t) b->data[b->read++] << 16; nb += (u_int64_t) b->data[b->read++] << 8; nb += (u_int64_t) b->data[b->read++]; return (nb); } char *BufferGetData(tBuffer *b, u_int32_t *size) { char *data; *size = BufferGetInt32(b); if ((b->read + *size) > b->length) { #ifdef DODEBUG dumpPacket(b, *size); #endif return (NULL); } data = (char *) (b->data + b->read); b->read += *size; return (data); } char *BufferGetString(tBuffer *b) { char *data; u_int32_t size; size = BufferGetInt32(b); if ((b->read + size) > b->length) { #ifdef DODEBUG dumpPacket(b, size); #endif return (0); } data = malloc(size + 1); if (data) { memcpy(data, b->data + b->read, size); data[size] = 0; b->read += size; } return (data); } int BufferGetHandle(tBuffer *b) { u_int32_t size; int hdl = -1; size = BufferGetInt32(b); if (size == 2) { hdl = BufferGetInt8FAST(b) - (int) '0'; BufferIncrCurrentReadPosition(b, 1); } return (hdl); } mysecureshell_2.0/SftpServer/SftpServer.c0000644000000000000000000001652212422711313017373 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include #include #include #include #include "../Core/FileSpec.h" #include "Access.h" #include "Defines.h" #include "Encoding.h" #include "FileSystem.h" #include "Global.h" #include "Handle.h" #include "Log.h" #include "Sftp.h" #include "GetUsersInfos.h" #include "SftpServer.h" tGlobal *gl_var = NULL; static void end_sftp() { if (gl_var != NULL) { if (cVersion != SSH2_ADMIN_VERSION) { CloseInfoForOpenFiles(); mylog_printf(MYLOG_CONNECTION, "[%s][%s][%i]Quit.", gl_var->user, gl_var->ip, gl_var->portSource); } mylog_close_and_free(); SftpWhoReleaseStruct(gl_var->who); if (gl_var->force_user != NULL) { free(gl_var->force_user); gl_var->force_user = NULL; } if (gl_var->force_group != NULL) { free(gl_var->force_group); gl_var->force_group = NULL; } free(gl_var->user); free(gl_var->ip); free(gl_var->home); free(gl_var); gl_var = NULL; setCharset(NULL); BufferDelete(bIn); BufferDelete(bOut); free_usersinfos(); HandleCloseAll(); FreeAccess(); FileSpecDestroy(); FSShutdown(); } _exit(0); } static void end_sftp_by_signal(int signal) { gl_var->must_shutdown = 1; } static void reopen_log_file(int signal) { mylog_reopen(); } void ParseConf(tGlobal *params, int sftpProtocol) { gl_var = params; (void) atexit(end_sftp); (void) signal(SIGHUP, end_sftp_by_signal); (void) signal(SIGINT, end_sftp_by_signal); (void) signal(SIGTERM, end_sftp_by_signal); (void) signal(SIGUSR1, reopen_log_file); (void) signal(SIGUSR2, reopen_log_file); if (sftpProtocol > 0) cVersion = sftpProtocol; } void DoInitUser() { t_info *pw; int uid, gid; mylog_printf(MYLOG_CONNECTION, "New client [%s] from [%s][%i]", gl_var->user, gl_var->ip, gl_var->portSource); umask(000); uid = getuid(); if (gl_var->force_user != NULL) { if ((pw = mygetpwnam(gl_var->force_user)) != NULL) uid = pw->id; else mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Unable to force user: %s (user unknown)", gl_var->user, gl_var->ip, gl_var->portSource, gl_var->force_user); } gid = getgid(); if (gl_var->force_group != NULL) { if ((pw = mygetgrnam(gl_var->force_group)) != NULL) gid = pw->id; else mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Unable to force group: %s (group unknown)", gl_var->user, gl_var->ip, gl_var->portSource, gl_var->force_group); } if (HAS_BIT(gl_var->flagsGlobals, SFTPWHO_CREATE_HOME) && chdir(gl_var->home) == -1 && errno == ENOENT) { int mode = 0755; mode |= gl_var->minimum_rights_directory; mode &= gl_var->maximum_rights_directory; if (mkdir(gl_var->home, mode) == -1) { mylog_printf(MYLOG_ERROR, "[%s][%s][%i]Couldn't create to home '%s' : %s", gl_var->user, gl_var->ip, gl_var->portSource, gl_var->home, strerror(errno)); } else if (chown(gl_var->home, uid, gid) == -1) mylog_printf(MYLOG_ERROR, "[%s][%s][%i]Couldn't chown the home '%s' : %s", gl_var->user, gl_var->ip, gl_var->portSource, gl_var->home, strerror(errno)); } if (chdir(gl_var->home) == -1) mylog_printf(MYLOG_ERROR, "[%s][%s][%i]Couldn't go to home '%s' : %s", gl_var->user, gl_var->ip, gl_var->portSource, gl_var->home, strerror(errno)); if (HAS_BIT(gl_var->flagsGlobals, SFTPWHO_VIRTUAL_CHROOT)) { gl_var->flagsGlobals &= ~SFTPWHO_STAY_AT_HOME; FSInit(gl_var->home, "/"); } else if (HAS_BIT(gl_var->flagsGlobals, SFTPWHO_STAY_AT_HOME)) FSInit(gl_var->home, NULL); else FSInit(gl_var->home, NULL); if (gl_var->force_group != NULL) { mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Using force group: %s", gl_var->user, gl_var->ip, gl_var->portSource, gl_var->force_group); if (setgid(gid) == -1) mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Unable to force group: %s (%s)", gl_var->user, gl_var->ip, gl_var->portSource, gl_var->force_group, strerror(errno)); } if (gl_var->force_user != NULL) { mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Using force user: %s", gl_var->user, gl_var->ip, gl_var->portSource, gl_var->force_user); if (setuid(uid) == -1) mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Unable to force user: %s (%s)", gl_var->user, gl_var->ip, gl_var->portSource, gl_var->force_user, strerror(errno)); } if (getuid() != geteuid()) //revoke root rights in user mode ! { if (seteuid(uid) == -1 || setegid(gid) == -1) { mylog_printf(MYLOG_ERROR, "[%s][%s][%i]Couldn't revoke root rights : %s", gl_var->user, gl_var->ip, gl_var->portSource, strerror(errno)); exit(255); } } } int CheckRulesAboutMaxFiles() { t_sftpwho *who; int i, fileread, filewrite, fileall; if ((who = SftWhoGetAllStructs()) != NULL) { fileread = 0; filewrite = 0; fileall = 0; for (i = 0; i < SFTPWHO_MAXCLIENT; i++) if (strcmp(who[i].user, gl_var->user) == 0) { switch (who[i].status & SFTPWHO_STATUS_MASK) { case SFTPWHO_PUT: filewrite++; fileall++; break; case SFTPWHO_GET: fileread++; fileall++; break; } } if ((fileread > gl_var->max_readfiles && gl_var->max_readfiles != 0) || (filewrite > gl_var->max_writefiles && gl_var->max_writefiles != 0) || (fileall > gl_var->max_openfiles && gl_var->max_openfiles != 0)) return SSH2_FX_PERMISSION_DENIED; } return SSH2_FX_OK; } void UpdateInfoForOpenFiles() { tHandle *lastFile; lastFile = HandleGetLastOpen(HANDLE_FILE); if (lastFile != NULL) { (void) snprintf(gl_var->who->file, sizeof(gl_var->who->file), "%s", lastFile->path); if (lastFile->flags & O_WRONLY) gl_var->who->status = (gl_var->who->status & SFTPWHO_ARGS_MASK) | SFTPWHO_PUT; else gl_var->who->status = (gl_var->who->status & SFTPWHO_ARGS_MASK) | SFTPWHO_GET; if (lastFile->fileSize > 0) gl_var->who->download_pos = lastFile->filePos * 100 / lastFile->fileSize; else gl_var->who->download_pos = 0; } else { gl_var->who->file[0] = '\0'; gl_var->who->status = (gl_var->who->status & SFTPWHO_ARGS_MASK) | SFTPWHO_IDLE; } } void CloseInfoForOpenFiles() { tHandle *hdl; int pourcentage; while ((hdl = HandleGetLastOpen(HANDLE_FILE)) != NULL) { if (hdl->fileSize > 0) pourcentage = hdl->filePos * 100 / hdl->fileSize; else pourcentage = 0; if (FILE_IS_UPLOAD(hdl->flags)) { mylog_printf(MYLOG_TRANSFERT, "[%s][%s][%i]Interrupt upload into file '%s'", gl_var->user, gl_var->ip, gl_var->portSource, hdl->path); } else { mylog_printf(MYLOG_TRANSFERT, "[%s][%s][%i]Interrupt download file '%s' : %i%%", gl_var->user, gl_var->ip, gl_var->portSource, hdl->path, pourcentage); } HandleClose(hdl->id); } } mysecureshell_2.0/SftpServer/Sftp.c0000644000000000000000000007250412422711313016206 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include #include #include #include #include #include #include #if STAT_MACROS_BROKEN # undef S_ISDIR #endif #if !defined S_ISDIR && defined S_IFDIR # define S_ISDIR(Mode) (((Mode) & S_IFMT) == S_IFDIR) #endif #ifdef HAVE_SYS_PARAM_H #include #endif #ifdef HAVE_SYS_MOUNT_H #include #endif #include "Encode.h" #include "Stats.h" #include "Admin.h" #include "Defines.h" #include "Encoding.h" #include "FileSystem.h" #include "Handle.h" #include "Log.h" #include "Send.h" #include "SftpExt.h" #include "SftpServer.h" #include "SftpWho.h" #include "Util.h" #include "../Core/security.h" #include "../Core/string.h" #define CONN_INIT 0 #define CONN_SFTP 1 #define CONN_ADMIN 2 u_int32_t cVersion = SSH2_FILEXFER_VERSION; static int connectionStatus = CONN_INIT; /*@null@*/ static tStats *stats = NULL; /*@null@*/ tBuffer *bIn = NULL; /*@null@*/ tBuffer *bOut = NULL; void DoInit() { u_int32_t clientVersion; tBuffer *b; clientVersion = BufferGetInt32(bIn); b = BufferNew(); if (b == NULL) return; BufferPutInt8FAST(b, SSH2_FXP_VERSION); connectionStatus = CONN_SFTP; #ifdef MSS_HAVE_ADMIN if (clientVersion == SSH2_ADMIN_VERSION) { if (HAS_BIT(gl_var->flagsGlobals, SFTPWHO_IS_ADMIN) || HAS_BIT(gl_var->flagsGlobals, SFTPWHO_IS_SIMPLE_ADMIN)) { connectionStatus = CONN_ADMIN; cVersion = clientVersion; if (!HAS_BIT(gl_var->flagsGlobals, SFTPWHO_IS_ADMIN)) cVersion = SSH2_SIMPLE_ADMIN_VERSION; DEBUG((MYLOG_DEBUG, "[DoInit]New admin [use version: %i]", cVersion)); //Hide admin to sftp-who ! gl_var->who->status = SFTPWHO_EMPTY; gl_var->who = NULL; stats = StatsNew(); BufferPutInt32(b, cVersion); #ifdef MSSEXT_DISKUSAGE BufferPutString(b, "space-available"); #endif #ifdef MSSEXT_FILE_HASHING BufferPutString(b, "check-file"); #endif } } #endif if (connectionStatus == CONN_SFTP) { DoInitUser(); if (clientVersion < 3) cVersion = 3; else if (clientVersion < cVersion) cVersion = clientVersion; BufferPutInt32(b, cVersion); DEBUG((MYLOG_DEBUG, "[DoInit]New client want version: %i [use: %i]", clientVersion, cVersion)); if (cVersion >= 4) { BufferPutString(b, "newline"); BufferPutString(b, "\n"); if (cVersion >= 5) { tBuffer *opt; BufferPutString(b, "supported"); opt = BufferNew(); BufferPutInt32(opt, SSH5_FILEXFER_ATTR__MASK); BufferPutInt32(opt, SSH5_FILEXFER_ATTR__BITS); BufferPutInt32(opt, SSH5_FXF__FLAGS); BufferPutInt32(opt, SSH5_FXF_ACCESS__FLAGS); BufferPutInt32(opt, SSH2_MAX_READ); #ifdef MSSEXT_DISKUSAGE BufferPutString(opt, "space-available"); #endif //MSSEXT_DISKUSAGE #ifdef MSSEXT_DISKUSAGE_SSH BufferPutString(opt, "statvfs@openssh.com"); BufferPutString(opt, "fstatvfs@openssh.com"); #endif //MSSEXT_DISKUSAGE_SSH #ifdef MSSEXT_FILE_HASHING BufferPutString(opt, "check-file"); #endif //MSSEXT_FILE_HASHING BufferPutPacket(b, opt); BufferDelete(opt); } else goto DO_EXTENSION_V3; } else { DO_EXTENSION_V3: #ifdef MSSEXT_DISKUSAGE BufferPutString(b, "space-available"); BufferPutString(b, ""); #endif //MSSEXT_DISKUSAGE #ifdef MSSEXT_DISKUSAGE_SSH BufferPutString(b, "statvfs@openssh.com"); BufferPutString(b, "2"); BufferPutString(b, "fstatvfs@openssh.com"); BufferPutString(b, "2"); #endif //MSSEXT_DISKUSAGE_SSH #ifdef MSSEXT_FILE_HASHING BufferPutString(b, "check-file"); BufferPutString(b, ""); #endif //MSSEXT_FILE_HASHING } } BufferPutPacket(bOut, b); BufferDelete(b); } void DoRealPath() { u_int32_t id; tFSPath *resolvePath; tStat s; char *path; id = BufferGetInt32(bIn); path = convertFromUtf8(BufferGetString(bIn), 1); resolvePath = FSRealPath(path); memset(&s, 0, sizeof(s)); if (cVersion >= 4) s.name = convertToUtf8(resolvePath->exposedPath, 0); else { s.name = resolvePath->exposedPath; s.longName = resolvePath->exposedPath; } SendStats(bOut, id, 1, &s); DEBUG((MYLOG_DEBUG, "[DoRealPath]REAL path:'%s' -> '%s'", path, resolvePath->exposedPath)); if (cVersion >= 4) free(s.name); free(path); FSDestroyPath(resolvePath); } void DoOpenDir() { u_int32_t id; tHandle *hdl; char *path; DIR *dir; int status; id = BufferGetInt32(bIn); path = convertFromUtf8(BufferGetString(bIn), 1); if ((status = FSOpenDir(path, &dir)) == SSH2_FX_OK) { if ((hdl = HandleNewDirectory(path, dir)) == NULL) { (void) closedir(dir); status = errnoToPortable(EMFILE); } else { (void) snprintf(gl_var->who->path, sizeof(gl_var->who->path), "%s", path); SendHandle(bOut, id, hdl->id); status = SSH2_FX_OK; } } DEBUG((MYLOG_DEBUG, "[DoOpenDir]path:'%s' status:%i", path, status)); if (status != SSH2_FX_OK) { SendStatus(bOut, id, status); free(path); } } void DoReadDir() { u_int32_t id; tHandle *hdl; int h; id = BufferGetInt32(bIn); h = BufferGetHandle(bIn); if (HAS_BIT(gl_var->flagsDisable, SFTP_DISABLE_READ_DIR)) { DEBUG((MYLOG_DEBUG, "[DoReadDir]Disabled by conf.")); SendStatus(bOut, id, SSH2_FX_PERMISSION_DENIED); } else if ((hdl = HandleGetDir(h)) == NULL) { DEBUG((MYLOG_DEBUG, "[DoReadDir]handle:%i", h)); SendStatus(bOut, id, (cVersion <= 3 ? SSH2_FX_FAILURE : SSH4_FX_INVALID_HANDLE)); } else { tFSPath *path; struct stat st; tStat *s; int nstats = 100, count = 0, i; DEBUG((MYLOG_DEBUG, "[DoReadDir]path:'%s' handle:%i", hdl->path, h)); s = malloc(nstats * sizeof(tStat)); while ((path = FSReadDir(hdl->path, hdl->dir, &st)) != NULL) { StatToAttributes(&st, &(s[count].attributes), path->realPath); s[count].name = convertToUtf8(path->path, 0); if (cVersion <= 3) s[count].longName = LsFile(path->path, &st); FSDestroyPath(path); count++; if (count == nstats) break; } if (count > 0) { SendStats(bOut, id, count, s); for (i = 0; i < count; i++) { free(s[i].name); if (cVersion <= 3) free(s[i].longName); } } else SendStatus(bOut, id, SSH2_FX_EOF); free(s); } } void DoClose() { u_int32_t id; tHandle *hdl; int h, pourcentage; int status = (cVersion <= 3 ? SSH2_FX_FAILURE : SSH4_FX_INVALID_HANDLE); id = BufferGetInt32(bIn); h = BufferGetHandle(bIn); if ((hdl = HandleGet(h)) != NULL) { status = SSH2_FX_OK; if (hdl->state == HANDLE_FILE) { if (hdl->fileSize > 0) pourcentage = hdl->filePos * 100 / hdl->fileSize; else pourcentage = 0; if (FILE_IS_UPLOAD(hdl->flags)) { off_t fileSize = lseek(hdl->fd, 0, SEEK_END); mylog_printf(MYLOG_TRANSFERT, "[%s][%s][%i]End upload into file '%s' (%li bytes)", gl_var->user, gl_var->ip, gl_var->portSource, hdl->path, fileSize); } else { mylog_printf(MYLOG_TRANSFERT, "[%s][%s][%i]End download file '%s' (%li bytes) : %i%%", gl_var->user, gl_var->ip, gl_var->portSource, hdl->path, hdl->filePos, pourcentage); BufferSetFastClean(bIn, 0); BufferSetFastClean(bOut, 0); } HandleClose(h); UpdateInfoForOpenFiles(); } else HandleClose(h); } SendStatus(bOut, id, status); DEBUG((MYLOG_DEBUG, "[DoClose] -> handle:%i status:%i", h, status)); } void DoOpen() { u_int32_t id, pflags; tAttributes *a; tHandle *hdl; struct stat st; char *path; int fd, flags, mode, textMode, status = SSH2_FX_FAILURE; id = BufferGetInt32(bIn); path = convertFromUtf8(BufferGetString(bIn), 1); if (cVersion >= 5) flags = FlagsFromAccess(BufferGetInt32(bIn)); else flags = 0; pflags = BufferGetInt32(bIn); a = GetAttributes(bIn); flags |= FlagsFromPortable(pflags, &textMode); mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : gl_var->default_rights_file; mode |= gl_var->minimum_rights_file; mode &= gl_var->maximum_rights_file; if ((HAS_BIT(gl_var->flagsDisable, SFTP_DISABLE_OVERWRITE) && HAS_BIT(flags, O_APPEND)) || (HAS_BIT(gl_var->flagsDisable, SFTP_DISABLE_WRITE_FILE) && (HAS_BIT(flags, O_WRONLY) || HAS_BIT(flags, O_RDWR))) ) { DEBUG((MYLOG_DEBUG, "[DoOpen]Disabled by conf.")); status = SSH2_FX_PERMISSION_DENIED; } else if ((status = CheckRulesAboutMaxFiles()) == SSH2_FX_OK && (status = FSOpenFile(path, &fd, flags, mode, &st)) == SSH2_FX_OK) { if ((hdl = HandleNewFile(path, fd, textMode, flags)) == NULL) { xclose(fd); status = errnoToPortable(EMFILE); } else { if (FILE_IS_UPLOAD(flags)) { mylog_printf(MYLOG_TRANSFERT, "[%s][%s][%i]Start upload into file '%s'", gl_var->user, gl_var->ip, gl_var->portSource, path); } else { mylog_printf(MYLOG_TRANSFERT, "[%s][%s][%i]Start download file '%s'", gl_var->user, gl_var->ip, gl_var->portSource, path); BufferSetFastClean(bIn, 1); BufferSetFastClean(bOut, 1); } hdl->filePos = 0; hdl->fileSize = 0; hdl->fileSize = st.st_size; UpdateInfoForOpenFiles(); SendHandle(bOut, id, hdl->id); status = SSH2_FX_OK; } } DEBUG((MYLOG_DEBUG, "[DoOpen]file:'%s' pflags:%x[%o] perm:%o status:%i", path, pflags, flags, mode, status)); if (status != SSH2_FX_OK) { SendStatus(bOut, id, status); free(path); } } void DoRead() { u_int32_t id, len; u_int64_t off; tHandle *hdl; int h, status; id = BufferGetInt32(bIn); h = BufferGetHandle(bIn); off = BufferGetInt64(bIn); if ((len = BufferGetInt32(bIn)) > SSH2_MAX_READ) len = SSH2_MAX_READ; if (HAS_BIT(gl_var->flagsDisable, SFTP_DISABLE_READ_FILE)) status = SSH2_FX_FAILURE; else if ((hdl = HandleGetFile(h)) != NULL) { if (hdl->fileIsText == 0 && lseek(hdl->fd, off, SEEK_SET) < 0) status = errnoToPortable(errno); else { u_int32_t dataSize, oldPos, newPos; char *buf; int ret; oldPos = BufferGetCurrentWritePosition(bOut); dataSize = 1 + 4 + 4 + len; BufferEnsureFreeCapacity(bOut, 4 + dataSize); BufferPutInt32(bOut, 0);//Size of the packet - unknown before read BufferPutInt8FAST(bOut, SSH2_FXP_DATA); BufferPutInt32(bOut, id); BufferPutInt32(bOut, 0);//Size of the data - unknown before read buf = (char *) BufferGetWritePointer(bOut); ret = read(hdl->fd, buf, len); if (hdl->fileIsText == 1) { for (len = 0; (len + 1) < ret; len++) if (buf[len] == '\r' && buf[len + 1] == '\n') { MyStrCopy(buf + len, buf + len + 1, ret - len - 1); ret--; } } if (ret <= 0) { status = ret == 0 ? SSH2_FX_EOF : errnoToPortable(errno); bOut->length = oldPos; //Cancel all uncomplete data } else { hdl->filePos = off + ret; UpdateInfoForOpenFiles(); newPos = BufferGetCurrentWritePosition(bOut) + (u_int32_t) ret; BufferSetCurrentWritePosition(bOut, oldPos); dataSize = 1 + 4 + 4 + (u_int32_t) ret; BufferPutInt32(bOut, dataSize);//Size of the packet BufferIncrCurrentWritePosition(bOut, 5);//sizeof(SSH2_FXP_DATA) + sizeof(id) BufferPutInt32(bOut, (u_int32_t) ret);//Size of the data BufferSetCurrentWritePosition(bOut, newPos); status = SSH2_FX_OK; } //DEBUG((MYLOG_WARNING, "[DoRead]fd:%i[isText:%i] off:%llu len:%i (ret:%i) status:%i", fd, fileIsText, off, len, ret, status)); } } else status = (cVersion <= 3 ? SSH2_FX_FAILURE : SSH4_FX_INVALID_HANDLE); if (status != SSH2_FX_OK) SendStatus(bOut, id, status); } void DoWrite() { u_int64_t off, pos; u_int32_t id, dec, len; tHandle *hdl; ssize_t ret; int status, h; char *data; id = BufferGetInt32(bIn); h = BufferGetHandle(bIn); off = BufferGetInt64(bIn); data = BufferGetData(bIn, &len); if ((hdl = HandleGetFile(h)) != NULL) { if (hdl->fileIsText == 0 && (pos = lseek(hdl->fd, off, SEEK_SET)) < 0) status = errnoToPortable(errno); else { if (hdl->fileIsText == 1) { for (dec = 0; (dec + 1) < len; dec++) if (data[dec] == '\r' && data[dec + 1] == '\n') { MyStrCopy(data + dec, data + dec + 1, len - dec - 1); len--; } } ret = write(hdl->fd, data, len); if (ret == -1) status = errnoToPortable(errno); else if (ret == len) status = SSH2_FX_OK; else status = SSH2_FX_FAILURE; hdl->filePos = off + ret; UpdateInfoForOpenFiles(); } } else status = (cVersion <= 3 ? SSH2_FX_FAILURE : SSH4_FX_INVALID_HANDLE); //DEBUG((MYLOG_DEBUG, "[DoWrite]hdl:%p off:%llu len:%i ret:%i status:%i", hdl, off, len, ret, status)); SendStatus(bOut, id, status); } void DoReadLink() { u_int32_t id, status; char readLink[PATH_MAX]; char *path; id = BufferGetInt32(bIn); path = convertFromUtf8(BufferGetString(bIn), 1); status = FSReadLink(path, readLink, sizeof(readLink)); if (status == SSH2_FX_OK) { tStat s; memset(&s.attributes, 0, sizeof(s.attributes)); s.name = s.longName = readLink; SendStats(bOut, id, 1, &s); DEBUG((MYLOG_DEBUG, "[DoReadLink]file:'%s' -> '%s'", path, readLink)); } else SendStatus(bOut, id, status); free(path); } void DoStat(int doLStat) { tAttributes a; struct stat st; u_int32_t id, flags = 0; char *path; int status; id = BufferGetInt32(bIn); path = convertFromUtf8(BufferGetString(bIn), 1); if (cVersion >= 4) flags = BufferGetInt32(bIn); status = FSStat(path, doLStat, &st); if (status != SSH2_FX_OK) { SendStatus(bOut, id, status); DEBUG((MYLOG_DEBUG, "[Do%sStat]path:'%s' -> '%i'", doLStat == 0 ? "" : "L", path, status)); } else { StatToAttributes(&st, &a, path); if (cVersion >= 4) a.flags = flags; SendAttributes(bOut, id, &a, path); DEBUG((MYLOG_DEBUG, "[Do%sStat]path:'%s' -> '%i' [%x]", doLStat == 0 ? "" : "L", path, status, a.flags)); } free(path); } void DoFStat() { tAttributes a; struct stat st; u_int32_t id, flags = 0; tHandle *hdl; int fh; id = BufferGetInt32(bIn); fh = BufferGetHandle(bIn); if (cVersion >= 4) flags = BufferGetInt32(bIn); if ((hdl = HandleGetFile(fh)) != NULL) { int returnValue; returnValue = FSStat(hdl->path, 0, &st); if (returnValue != SSH2_FX_OK) SendStatus(bOut, id, returnValue); else { char *path = hdl->path; StatToAttributes(&st, &a, path); if (cVersion >= 4) a.flags = flags; SendAttributes(bOut, id, &a, path); } DEBUG((MYLOG_DEBUG, "[DoFStat]fd:'%i' (path:'%s') -> returnValue='%i'", hdl->fd, hdl->path, returnValue)); } else SendStatus(bOut, id, (cVersion <= 3 ? SSH2_FX_FAILURE : SSH4_FX_INVALID_HANDLE)); } void DoSetStat(int usePath) { tAttributes *a; u_int32_t id; tHandle *hdl = NULL; tFSPath *resolvedPath; char *path = NULL; int status = SSH2_FX_OK; struct stat stats; id = BufferGetInt32(bIn); if (usePath == 1) path = convertFromUtf8(BufferGetString(bIn), 1); else if ((hdl = HandleGet(BufferGetHandle(bIn))) != NULL) path = hdl->path; resolvedPath = FSCheckPath(path); a = GetAttributes(bIn); if (usePath == 0 && hdl == NULL) status = (cVersion <= 3 ? SSH2_FX_FAILURE : SSH4_FX_INVALID_HANDLE); else if (HAS_BIT(gl_var->flagsDisable, SFTP_DISABLE_SET_ATTRIBUTE)) { DEBUG((MYLOG_DEBUG, "[DoSetStat]Disabled by conf.")); status = SSH2_FX_PERMISSION_DENIED; } else if (resolvedPath != NULL) { if (HAS_BIT(a->flags, SSH2_FILEXFER_ATTR_SIZE)) { if (truncate(resolvedPath->realPath, a->size) == -1) status = errnoToPortable(errno); } if (HAS_BIT(a->flags, SSH2_FILEXFER_ATTR_PERMISSIONS) && HAS_BIT(gl_var->flagsGlobals, SFTPWHO_CAN_CHG_RIGHTS)) { if (stat(resolvedPath->realPath, &stats) == 0 && S_ISDIR(stats.st_mode)) { a->perm |= gl_var->minimum_rights_directory; a->perm &= gl_var->maximum_rights_directory; } else { a->perm |= gl_var->minimum_rights_file; a->perm &= gl_var->maximum_rights_file; } if (chmod(resolvedPath->realPath, a->perm) == -1) status = errnoToPortable(errno); } if (HAS_BIT(a->flags, SSH2_FILEXFER_ATTR_ACMODTIME) && HAS_BIT(gl_var->flagsGlobals, SFTPWHO_CAN_CHG_TIME)) { if (utimes(resolvedPath->realPath, AttributesToTimeval(a)) == -1) status = errnoToPortable(errno); } if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) { if (chown(resolvedPath->realPath, a->uid, a->gid) == -1) status = errnoToPortable(errno); } } DEBUG((MYLOG_DEBUG, "[DoSetStat]path:'%s'[hdl: %p] -> '%i'", path, hdl, status)); SendStatus(bOut, id, status); if (usePath == 1) free(path); if (resolvedPath != NULL) FSDestroyPath(resolvedPath); } void DoRemove() { u_int32_t id; char *path; int status = SSH2_FX_OK; id = BufferGetInt32(bIn); path = convertFromUtf8(BufferGetString(bIn), 1); if (HAS_BIT(gl_var->flagsDisable, SFTP_DISABLE_REMOVE_FILE)) { DEBUG((MYLOG_DEBUG, "[DoRemove]Disabled by conf.")); status = SSH2_FX_PERMISSION_DENIED; } else { status = FSUnlink(path); mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Try to remove file '%s' : %s", gl_var->user, gl_var->ip, gl_var->portSource, path, (status != SSH2_FX_OK ? strerror(errno) : "success")); } DEBUG((MYLOG_DEBUG, "[DoRemove]path:'%s' -> '%i'", path, status)); SendStatus(bOut, id, status); free(path); } void DoMkDir() { tAttributes *a; u_int32_t id; char *path; int mode, status = SSH2_FX_OK; id = BufferGetInt32(bIn); path = convertFromUtf8(BufferGetString(bIn), 1); a = GetAttributes(bIn); mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : gl_var->default_rights_directory; mode |= gl_var->minimum_rights_directory; mode &= gl_var->maximum_rights_directory; if (HAS_BIT(gl_var->flagsDisable, SFTP_DISABLE_MAKE_DIR)) { DEBUG((MYLOG_DEBUG, "[DoMkDir]Disabled by conf.")); status = SSH2_FX_PERMISSION_DENIED; } else { status = FSMkdir(path, mode); mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Try to create directory '%s' : %s", gl_var->user, gl_var->ip, gl_var->portSource, path, (status != SSH2_FX_OK ? strerror(errno) : "success")); } SendStatus(bOut, id, status); DEBUG((MYLOG_DEBUG, "[DoMkDir]path:'%s', mode:%o -> '%i'", path, mode, status)); free(path); } void DoRmDir() { u_int32_t id; char *path; int status = SSH2_FX_OK; id = BufferGetInt32(bIn); path = convertFromUtf8(BufferGetString(bIn), 1); if (HAS_BIT(gl_var->flagsDisable, SFTP_DISABLE_REMOVE_DIR)) { DEBUG((MYLOG_DEBUG, "[DoRmDir]Disabled by conf.")); status = SSH2_FX_PERMISSION_DENIED; } else { status = FSRmdir(path); mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Try to remove directory '%s' : %s", gl_var->user, gl_var->ip, gl_var->portSource, path, (status != SSH2_FX_OK ? strerror(errno) : "success")); } SendStatus(bOut, id, status); DEBUG((MYLOG_DEBUG, "[DoRmDir]path:'%s' -> '%i'", path, status)); free(path); } void DoRename() { u_int32_t id; char *oldPath, *newPath; int flags = 0, status = SSH2_FX_FAILURE; id = BufferGetInt32(bIn); oldPath = convertFromUtf8(BufferGetString(bIn), 1); newPath = convertFromUtf8(BufferGetString(bIn), 1); if (cVersion >= 5) flags = BufferGetInt32(bIn); if (HAS_BIT(gl_var->flagsDisable, SFTP_DISABLE_RENAME)) { DEBUG((MYLOG_DEBUG, "[DoRename]Disabled by conf.")); status = SSH2_FX_PERMISSION_DENIED; } else { int overwriteDestination = HAS_BIT(flags, SSH5_FXP_RENAME_OVERWRITE) ? 1 : 0; status = FSRename(oldPath, newPath, overwriteDestination); mylog_printf(MYLOG_WARNING, "[%s][%s][%i]Try to rename '%s' -> '%s' : %s", gl_var->user, gl_var->ip, gl_var->portSource, oldPath, newPath, (status != SSH2_FX_OK ? strerror(errno) : "success")); } DEBUG((MYLOG_DEBUG, "[DoRename]oldPath:'%s' newPath:'%s' -> '%i'", oldPath, newPath, status)); SendStatus(bOut, id, status); free(oldPath); free(newPath); } void DoSymLink() { u_int32_t id; char *oldPath, *newPath; int status = SSH2_FX_OK; id = BufferGetInt32(bIn); newPath = convertFromUtf8(BufferGetString(bIn), 1); oldPath = convertFromUtf8(BufferGetString(bIn), 1); if (HAS_BIT(gl_var->flagsDisable, SFTP_DISABLE_SYMLINK)) { DEBUG((MYLOG_DEBUG, "[DoSymLink]Disabled by conf.")); status = SSH2_FX_PERMISSION_DENIED; } else { status = FSSymlink(oldPath, newPath); DEBUG((MYLOG_DEBUG, "[DoSymLink]oldPath:'%s' newPath:'%s' -> %i", oldPath, newPath, status)); } SendStatus(bOut, id, status); free(oldPath); free(newPath); } void DoUnsupported(int msgType, int msgLen) { u_int32_t id; id = BufferGetInt32(bIn); SendStatus(bOut, id, SSH2_FX_OP_UNSUPPORTED); DEBUG((MYLOG_DEBUG, "[DoUnsupported]msgType:%i msgLen:%i", msgType, msgLen)); } void DoExtended() { u_int32_t id; char *request; id = BufferGetInt32(bIn); request = BufferGetString(bIn); DEBUG((MYLOG_DEBUG, "[DoExtended]request:'%s'", request)); #ifdef MSSEXT_DISKUSAGE if (strcmp(request, "space-available") == 0) DoExtDiskSpace(bIn, bOut, id); else #endif //MSSEXT_DISKUSAGE #ifdef MSSEXT_DISKUSAGE_SSH if (strcmp(request, "statvfs@openssh.com") == 0) DoExtDiskSpaceOpenSSH_Name(bIn, bOut, id); else if (strcmp(request, "fstatvfs@openssh.com") == 0) DoExtDiskSpaceOpenSSH_Handle(bIn, bOut, id); else #endif //MSSEXT_DISKUSAGE_SSH #ifdef MSSEXT_FILE_HASHING if (strcmp(request, "check-file-handle") == 0) DoExtFileHashing_Handle(bIn, bOut, id); else if (strcmp(request, "check-file-name") == 0) DoExtFileHashing_Name(bIn, bOut, id); else #endif //MSSEXT_FILE_HASHING SendStatus(bOut, id, SSH2_FX_OP_UNSUPPORTED); free(request); } void DoSFTPProtocol() { int oldRead, msgLen, msgType; parsePacket: if ((bIn->length - bIn->read) < 5) //header too small { BufferClean(bIn); return; } oldRead = bIn->read; msgLen = BufferGetInt32(bIn); if (msgLen > (256 * 1024)) //message too long { mylog_printf(MYLOG_ERROR, "[%s][%s][%i]Error: message is too long (%i)", gl_var->user, gl_var->ip, gl_var->portSource, msgLen); exit(1); } if ((bIn->length - bIn->read) < msgLen) //message not complete { bIn->read = oldRead;//cancel read return; } oldRead += 4; //ignore size of msgLen msgType = BufferGetInt8FAST(bIn); DEBUG((MYLOG_DEBUG, "[DoSFTPProtocol] msgType:%i msgLen:%i", msgType, msgLen)); if (connectionStatus == CONN_INIT) { switch (msgType) { case SSH2_FXP_INIT: DoInit(); break; default: DoUnsupported(msgType, msgLen); break; } } else if (connectionStatus == CONN_SFTP) { switch (msgType) { case SSH2_FXP_OPEN: DoOpen(); break; case SSH2_FXP_CLOSE: DoClose(); break; case SSH2_FXP_READ: DoRead(); break; case SSH2_FXP_WRITE: DoWrite(); break; case SSH2_FXP_LSTAT: DoStat(1); break; case SSH2_FXP_FSTAT: DoFStat(); break; case SSH2_FXP_SETSTAT: DoSetStat(1); break; case SSH2_FXP_FSETSTAT: DoSetStat(0); break; case SSH2_FXP_OPENDIR: DoOpenDir(); break; case SSH2_FXP_READDIR: DoReadDir(); break; case SSH2_FXP_REMOVE: DoRemove(); break; case SSH2_FXP_MKDIR: DoMkDir(); break; case SSH2_FXP_RMDIR: DoRmDir(); break; case SSH2_FXP_REALPATH: DoRealPath(); break; case SSH2_FXP_STAT: DoStat(0); break; case SSH2_FXP_RENAME: DoRename(); break; case SSH2_FXP_READLINK: DoReadLink(); break; case SSH2_FXP_SYMLINK: DoSymLink(); break; case SSH2_FXP_EXTENDED: DoExtended(); break; default: DoUnsupported(msgType, msgLen); break; } } #ifdef MSS_HAVE_ADMIN else if (connectionStatus == CONN_ADMIN) { if (cVersion == SSH2_SIMPLE_ADMIN_VERSION) { switch (msgType) { case SSH_ADMIN_LIST_USERS: DoAdminListUsers(); break; case SSH_ADMIN_KILL_USER: DoAdminKillUser(); break; case SSH_ADMIN_SERVER_STATUS: DoAdminServerStatus(); break; case SSH_ADMIN_SERVER_GET_STATUS: DoAdminServerGetStatus(); break; case SSH_ADMIN_STATS: DoAdminStats(stats); break; default: DoUnsupported(msgType, msgLen); break; } } else { switch (msgType) { case SSH_ADMIN_LIST_USERS: DoAdminListUsers(); break; case SSH_ADMIN_KILL_USER: DoAdminKillUser(); break; case SSH_ADMIN_SERVER_STATUS: DoAdminServerStatus(); break; case SSH_ADMIN_SERVER_GET_STATUS: DoAdminServerGetStatus(); break; case SSH_ADMIN_GET_LOG_CONTENT: DoAdminGetLogContent(); break; case SSH_ADMIN_CONFIG_GET: DoAdminConfigGet(); break; case SSH_ADMIN_CONFIG_SET: DoAdminConfigSet(); break; case SSH_ADMIN_USER_CREATE: DoAdminUserCreate(); break; case SSH_ADMIN_USER_DELETE: DoAdminUserDelete(); break; case SSH_ADMIN_USER_LIST: DoAdminUserList(); break; case SSH_ADMIN_STATS: DoAdminStats(stats); break; default: DoUnsupported(msgType, msgLen); break; } } } #endif if ((bIn->read - oldRead) < msgLen)//read entire message { DEBUG((MYLOG_DEBUG, "ZAP DATA len:%i [bIn->read=%i, oldRead=%i msgLen=%i]", msgLen - (bIn->read - oldRead), bIn->read, oldRead, msgLen)); BufferReadData(bIn, msgLen - (bIn->read - oldRead)); } goto parsePacket; } int SftpMain(tGlobal *params, int sftpProtocol) { struct timeval tm; long long tmLast, tmCur, tmNeeded; fd_set fdR, fdW; int len, ret; bIn = BufferNew(); bOut = BufferNew(); HandleInit(); ParseConf(params, sftpProtocol); tmNeeded = 1000000; gettimeofday(&tm, NULL); tmLast = tm.tv_sec * (long long) 1000000 + tm.tv_usec; for (;;) { FD_ZERO(&fdR); FD_ZERO(&fdW); if (gl_var->must_shutdown) exit(0); if (gl_var->upload_max == 0 || (gl_var->upload_current < gl_var->upload_max)) FD_SET(0, &fdR); if (bOut->length > 0 && (gl_var->download_max == 0 || (gl_var->download_current < gl_var->download_max))) FD_SET(1, &fdW); gettimeofday(&tm, NULL); tmCur = tm.tv_sec * (long long) 1000000 + tm.tv_usec; tmCur -= tmLast; if (tmCur > tmNeeded) { SET_TIMEOUT(tm, 0, 0); } else if (tmCur == 0) { SET_TIMEOUT(tm, 1, 0); } else { tmNeeded -= tmCur; SET_TIMEOUT(tm, 0, tmNeeded); } //DEBUG((MYLOG_DEBUG, "[select: %i]tmLast: %lli tmCur: %lli tmNeeded: %lli", ret, tmLast, tmCur, tmNeeded)); if ((ret = select(2, &fdR, &fdW, NULL, &tm)) == -1) { if (errno != EINTR) exit(1); } else if (ret == 0) { tmNeeded = 1000000; if (gl_var->who == NULL) //dont check anything for administrator { StatsUpdate(stats); goto bypassChecks; } if (gl_var->upload_current > 0 || gl_var->download_current > 0) gl_var->who->time_transf++; else gl_var->who->time_idle++; gl_var->who->upload_current = gl_var->upload_current; gl_var->who->download_current = gl_var->download_current; gl_var->upload_current = 0; gl_var->download_current = 0; gl_var->who->time_total = time(0) - gl_var->who->time_begin; if (gl_var->who->time_maxidle > 0 && gl_var->who->time_idle >= gl_var->who->time_maxidle) { mylog_printf(MYLOG_CONNECTION, "[%s][%s][%i]Connection time out", gl_var->user, gl_var->ip, gl_var->portSource); exit(0); } if (gl_var->who->time_idle > 2) { gl_var->who->time_transf = 0; gl_var->who->upload_current = 0; gl_var->who->download_current = 0; } (void) SftpWhoCleanBuggedClient(); gl_var->download_max = gl_var->who->download_max; if (_sftpglobal->download_by_client > 0 && (gl_var->flagsGlobals & SFTPWHO_BYPASS_GLB_DWN) == 0 && ((_sftpglobal->download_by_client < gl_var->download_max) || gl_var->download_max == 0)) gl_var->download_max = _sftpglobal->download_by_client; gl_var->upload_max = gl_var->who->upload_max; if (_sftpglobal->upload_by_client > 0 && (gl_var->flagsGlobals & SFTPWHO_BYPASS_GLB_UPL) == 0 && ((_sftpglobal->upload_by_client < gl_var->upload_max) || gl_var->upload_max == 0)) gl_var->upload_max = _sftpglobal->upload_by_client; if (gl_var->who->time_maxlife > 0) { gl_var->who->time_maxlife--; if (gl_var->who->time_maxlife == 0) { mylog_printf(MYLOG_CONNECTION, "[%s][%s][%i]Connection max life !", gl_var->user, gl_var->ip, gl_var->portSource); exit(0); } } } else { if (gl_var->who != NULL) gl_var->who->time_idle = 0; if (FD_ISSET(0, &fdR)) { u_int32_t todo; if (gl_var->upload_max > 0) todo = SSH2_MAX_PACKET < (gl_var->upload_max - gl_var->upload_current) ? SSH2_MAX_PACKET : (gl_var->upload_max - gl_var->upload_current); else todo = SSH2_MAX_PACKET; BufferEnsureFreeCapacity(bIn, todo); len = read(0, BufferGetWritePointer(bIn), todo); if (len < 0) exit(1); else if (len == 0) exit(1); else { BufferIncrCurrentWritePosition(bIn, len); if (gl_var->who != NULL) { gl_var->upload_current += len; gl_var->who->upload_total += len; } } DoSFTPProtocol(); } if (FD_ISSET(1, &fdW)) { u_int32_t todo = bOut->length - bOut->read; if (gl_var->download_max > 0) todo = todo < (gl_var->download_max - gl_var->download_current) ? todo : (gl_var->download_max - gl_var->download_current); len = write(1, BufferGetReadPointer(bOut), todo); if (len < 0) exit(1); else BufferIncrCurrentReadPosition(bOut, len); BufferClean(bOut); if (gl_var->who != NULL) { gl_var->download_current += len; gl_var->who->download_total += len; } } } bypassChecks: gettimeofday(&tm, NULL); tmLast = tm.tv_sec * (long long )1000000 + tm.tv_usec; } return (0); } mysecureshell_2.0/SftpServer/Access.c0000644000000000000000000000321412422711313016463 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include static gid_t *_in_group = 0; void InitAccess() { gid_t *groups; int nb_groups = 8, ret; groups = malloc(nb_groups * sizeof(*groups)); if ((ret = getgroups(nb_groups, groups)) == -1) { if (errno == EINVAL) nb_groups = 63; else nb_groups = 0; } else nb_groups = ret; _in_group = malloc((nb_groups + 2) * sizeof(*_in_group)); if (nb_groups > 0) if (getgroups(nb_groups, _in_group) == -1) nb_groups = 0; _in_group[nb_groups] = getgid(); _in_group[nb_groups + 1] = -1; free(groups); } void FreeAccess() { free(_in_group); _in_group = NULL; } int UserIsInThisGroup(gid_t grp) { int i; if (_in_group != NULL) for (i = 0; _in_group[i] != -1; i++) if (_in_group[i] == grp) return (1); return (0); } mysecureshell_2.0/SftpServer/Stats.h0000644000000000000000000000225512422711313016371 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _STATS_H_ #define _STATS_H_ #include "Sftp.h" #define STATS_SECONDES 300 //5mins typedef struct sStats { u_int16_t users[STATS_SECONDES]; u_int32_t download[STATS_SECONDES]; u_int32_t upload[STATS_SECONDES]; int32_t writePos; } tStats; tStats *StatsNew(); void StatsDelete(tStats *stats); void StatsUpdate(tStats *stats); void StatsSend(tStats *stats, u_int32_t lastRefresh, tBuffer *b); #endif //_STATS_H_ mysecureshell_2.0/SftpServer/Defines.h0000644000000000000000000000204012422711313016640 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifdef HAVE_STRLCAT #define STRCAT(_DST, _SRC, _LEN) strlcat(_DST, _SRC, _LEN) #else #define STRCAT(_DST, _SRC, _LEN) strcat(_DST, _SRC) #endif #ifdef HAVE_STRLCPY #define STRCPY(_DST, _SRC, _LEN) strlcpy(_DST, _SRC, _LEN) #else #define STRCPY(_DST, _SRC, _LEN) strcpy(_DST, _SRC) #endif mysecureshell_2.0/SftpServer/Encoding.h0000644000000000000000000000232512422711313017017 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef _ENCODING_H_ #define _ENCODING_H_ #if(HAVE_ICONV||HAVE_LIBICONV) /*@null@*/ char *convertToUtf8(char *str, int freeAfter); /*@null@*/ char *convertFromUtf8(char *str, int freeAfter); void setCharset(/*@null@*/ const char *charset); #else #include #define convertToUtf8(_X, _Y) ((_Y) ? _X : strdup(_X)) #define convertFromUtf8(_X, _Y) ((_Y) ? _X : strdup(_X)) #define setCharset(_X) #endif //HAVE_ICONV||HAVE_LIBICONV #endif //_ENCODING_H_ mysecureshell_2.0/uninstaller.sh.in0000755000000000000000000000527412422711313016327 0ustar rootroot#!/bin/sh ## Uninstaller Script v0.2 for MySecureShell made by Pierre ## MySecureShell Team ## Language local initialising BINDIR=@BINDIR@ MANDIR=@MANDIR@ USRBINDIR=@BINDIR@ ETCDIR=@ETCDIR@ LANG= ## Functions Looking for available languages MyGetLocale() { if [ "$LANG" = "" ] ; then echo $1 else tmp=`grep -F "$1=" locales_$LANG | cut -d= -f2-` if [ "$tmp" = "" ] ; then echo $1 else echo $tmp fi fi } MyListLocale() { echo "The available languages are:" grep -F 'DESCRIPTION=' locales_* | cut -d= -f2- echo "Usage: ./uninstall.sh xx(language)" } if [ "$1" = "" ] ; then MyListLocale exit 1 else if [ -f "locales_$1" ] ; then LANG=$1 fi fi clear ## Root detection euid="`id -u`" if [ "$euid" != "0" ] ; then echo "" echo "###################################################################" tmp=`MyGetLocale 'sorry'` echo " $tmp" MyGetLocale 'Warning root ask' echo "###################################################################" echo "" exit 1 fi MyGetLocale 'uninst?' read ans test -z "$ans" && ans="n" case "$ans" in [yY]) rm -f $BINDIR/MySecureShell $BINDIR/sftp-who $BINDIR/sftp-state $BINDIR/sftp-kill $BINDIR/sftp-admin $BINDIR/sftp-user cat /etc/shells | grep -v MySecureShell > /tmp/shells~ mv /tmp/shells~ /etc/shells # Only for Mac OS X if [ -d /Applications/MySecureShell ] ; then rm -Rf /Applications/MySecureShell else break fi if [ -d /Library/Receipts ] ; then rm -Rf /Library/Receipts/MySecureShell* else break fi # Delete mans if [ -d $MANDIR/man8 ] ; then rm -f $MANDIR/man8/MySecureShell.8 rm -f $MANDIR/man8/sftp-admin.8 rm -f $MANDIR/man8/sftp-kill.8 rm -f $MANDIR/man8/sftp-state.8 rm -f $MANDIR/man8/sftp-user.8 rm -f $MANDIR/man8/sftp-verif.8 rm -f $MANDIR/man8/sftp-who.8 fi if [ -d $MANDIR/en/man8 ] ; then rm -f $MANDIR/en/man8/MySecureShell.8 rm -f $MANDIR/en/man8/sftp-admin.8 rm -f $MANDIR/en/man8/sftp-kill.8 rm -f $MANDIR/en/man8/sftp-state.8 rm -f $MANDIR/en/man8/sftp-user.8 rm -f $MANDIR/en/man8/sftp-verif.8 rm -f $MANDIR/en/man8/sftp-who.8 fi if [ -d $MANDIR/fr/man8 ] ; then rm -f $MANDIR/fr/man8/MySecureShell.8 rm -f $MANDIR/fr/man8/sftp-admin.8 rm -f $MANDIR/fr/man8/sftp-kill.8 rm -f $MANDIR/fr/man8/sftp-state.8 rm -f $MANDIR/fr/man8/sftp-user.8 rm -f $MANDIR/fr/man8/sftp-verif.8 rm -f $MANDIR/fr/man8/sftp-who.8 fi # Delete configuration ? MyGetLocale 'delconf?' read ans2 test -z "$ans2" && ans2="n" case "$ans2" in [yY]) rm -f $ETCDIR/ssh/sftp-config $ETCDIR/sshd/sftp-config ;; esac MyGetLocale 'mssuninstok!' ;; *) MyGetLocale 'mssuninstfail' ;; esac mysecureshell_2.0/README-fr0000644000000000000000000004063712422711313014312 0ustar rootrootInstallation: ------------- Executer le script shell d'installation de la facon suivante: sh install.sh fr Pour la version Mac, lancez le package d'installation et suivre les instructions. Compilation: ------------ Necessite : gnu-make (par defaut sous linux) 1/ Taper la commande: ./configure make all 2/ Et ensuite, taper la commande : ./install.sh fr Requiere: -------- OpenSSH 3.8.1 (ou superieur) Optionnel: ---------- OpenSSL 0.9.7 (ou superieur) pour l'extension : verification des donnees Fichier de configuration: ------------------------- Voir le fichier sftp_config d'exemple. Arguments de MySecureShell: --------------------------- --configtest = test le fichier de configuration et affiche les erreurs du fichier Utilitaires: ------------ Dans le repertoire utils, il existe l'utilitaire suivant: - sftp-who : permet de savoir qui est connecte puis affiche le PID du processus du client, l'heure de connexion, le temps de connection et d'autres informations concernant les limites utilisees pour le client - sftp-kill : permet de deconnecter un ou plusieurs utilisateurs juste en passant le nom de l'utilisateur ou all en argument - sftp-state : permet d'activer ou de desactiver le serveur sftp - sftp-user : permet de creer / supprimer des comptes MySecureShell - sftp-verif : permet de tester et corriger MySecureShell quand vous rencontrez un probleme --- INFO IMPORTANTES: ----------------- 1/ Les droits: La configuration prise pour un compte possede les priorites suivantes (classe en allant vers la regle la plus prioritaires): - Restriction "Default" - Restriction sur tout les groupes / comptes - Restriction sur un des ses groupes - Restriction sur une plage d'IP - Restriction sur l'utilisateur Si un utilisateur est dans plusieurs groupes alors la derniere configuration applicable sera utilisee. 2/ Le chroot: Le chroot enferme l'utilisateur dans son repertoire home, l'utilisateur voit son home en tant que repertoire racine du serveur. IMPOSSIBLE A IMPLEMENTER: ------------------------- - interdire les personnes qui brutent force un compte (deja implemente dans PAM et OpenSSH) CONTACTS ET INFORMATIONS: ------------------------- Site web: http://mysecureshell.sourceforge.net E-Mail: teka2nerdman@users.sourceforge.net Forum: http://mysecureshell.free.fr HISTORIQUE: ----------- 2.0 (septembre 2014): + ajoute d'un nouveau tag DisableStatsFs + remplacement d'OpenSSL par GnuTLS + amélioration des traces de connexion (ajout du port source) ~ correction d'un bug lors de l'appel au Shell (manque les arguments) ~ amélioration de la qualité de code 1.33 (avril 2014): + ajout d'un nouveau tag LogSyslog + ajout de la taille des fichiers transférés + amélioration de sftp-verif (vérification du fichier /etc/shells) ~ correction d'un bug dans la gestion des liens symboliques (merci briancanfixit) ~ correction du tag VirtualHost (merci Torig) 1.32 (novembre 2013): ~ correction d'un bug lorsque dans la configuration, il y a "Shell /bin/MySecureShell" ~ correction diverses (merci voleg et remi) ~ correction de la compilation sous Cygwin (merci sping) 1.31 (mars 2013): ~ support des ACLs et de l'encoding UTF-8 pour FreeBSD ~ correction du fonctionnement du tag DefaultRights (merci 8087) ~ suppression d'une corruption mémoire qui causait un plantage aléatoire (merci 8087) ~ correction de détection de l'utilisateur "root" depuis les scripts install.sh et uninstaller.sh (merci muzso) 1.30 (octobre 2012): + ajout d'un nouveau tag FileSpec et ApplyFileSpec + suppression du tag GMTTime car le fichier de log utilise maintenant l'heure locale du serveur + suppression des tags CanRemoveFile et CanRemoveDir => remplacé par DisableRemoveFile et DisableRemoveDir + suppression des tags HideFiles, PathAllowFilter et PathDenyFilter (remplacement par FileSpec) + support de la syntaxe des variables ${ENV} + amélioration de sftp-verif (vérification de l'utilisateur et groupe propriétaire du fichier) + amélioration du code (séparation du système de fichier et de la gestion du protocol) + le tag HideNoAccess vérifie les droits ACLs + amélioration du script "configure" ~ fixe sur la gestion des ACLs ~ fixe des plantages ~ fixe des petites fuites de mémoire ~ fixe un éventuel bug sur les tags DisableReadFile et DisableWriteFile ~ fixe un bug lors d'un changement de droits (les droits de de type STICKY BIT n'était pas pris en compte) 1.25 (janvier 2011): + support de l'extension statvfs@openssh.com et fstatvfs@openssh.com = reecriture du script "sftp-verif" en perl ~ fixe un bug sur les tag: DefaultRights, MinimumRights, MaximumRights and ForceRights (merci aretni et sebastien) ~ fixe un bug sur les tags: SftpProtocol et VirtualChroot ~ fixe un bug lors des manipulations des fichiers avec le protocole SFTP v4 ~ fixe un plantage lors d'un fichier de configuration invalide (merci Zigobs) ~ fixe un bug lors du chargement du fichier de configuration sous 64bit (merci renaud) ~ fixe des petites fuites de mémoire 1.20 (janvier 2010): + ajout des tags (merci JoKnarf) : * ForceUser, ForceGroup, DisableRemoveDir, * DisableRemoveFile, DisableReadDir, DisableReadFile, * DisableWriteFile, DisableSetAttribute, * DisableMakeDir, DisableRename, DisableSymLink, * DisableOverwrite, CreateHome, * MaximumRights, ForceRights + ajout du tag (merci pour la suggestion nik): PathAllowFilter + ajout d'une variable d'environnement SSH_IP contenant l'ip client + amelioration du sftp-verif en cas de probleme de configuration = factorisation de code ~ fixe la compilation sur Solaris ~ fixe un bug dans sftp-user et sftp-verif ~ fixe un bug sur la gestion des SGID lors de la creation des repertoires (merci 8087) ~ fixe un bug lors d'un SSHFS et avec l'editeur gEdit ou OpenOffice (merci 8087) ~ fixe la compilation sous Solaris 10 ~ fixe un bug lorsque les tags ForceUser et FakeDirUser sont activés ensemble (merci krushio) 1.15 (fevrier 2009): = fixe un probleme de compilation sous 64bit (merci 8087) = fixe un bug sur le tag VirtualHost sous Solaris (merci JoKnarf) = fixe un bug sur le tag IpRange (seulement sur les masques non-multiple de 8) = fixe un bug sur les informations sftp-who (merci marckburgers) 1.1 (octobre 2008): + support de l'imbrication des tags de niveau 1 + ajout des tags : CanChangeRights et CanChangeTime + le fichier de log affiche les transferts : debut / fin / interrompu + sftp-user: support de MacOSX 10.5 ~ amelioration du script d'installation et de desinstallation (support des reponses par defaut) ~ amelioration de la compilation (portabilite du Makefile) ~ sftp-user : amelioration en cas de probleme sous MacOSX ~ sftp-verif : verification du fichier de configuration ~ ajout des logs dans les cas de refus de connexion (limite ip/utilisateur/serveur) = fixe un bug sur la gestion des heures dans les logs = fixe un bug sur le tag IdleTimeOut (les unites rendaient invalides la valeur) = fixe un bug si on active MSS dans le sshd_config et par shell = fixe un bug sur la gestion des statistiques = fixe un bug sur la gestion des restrictions = fixe un probleme sur le script sftp-verif sous MacOSX 10.5 = fixe un bug dans le sftp-user = fixe la compilation sur Solaris (merci JoKnarf) = fixe un bug sur les valeurs par defaut sur le tag DefaultRights = fixe un bug sur le tag Include = fixe un bug sur le script configure avec l'option --with-logcolor = fixe un bug sur le transfert ascii (SFTP v5 seulement) (merci xajez) = fixe un bug lors du chargement du fichier de configuration (merci abompard) = fixe un bug dans la gestion des caches utilisateurs/groupes (merci 8087) 1.0 (decembre 2007): + ajout des tags : ExpireDate et IsSimpleAdmin + ajout de statistiques pour les administrateurs a distances + ajout du tag : MinimumRights (merci a Florent) ~ amelioration de sftp-verif (detection des problemes de dependances) ~ amelioration des fonctions d'administration (securite accrue) ~ amelioration des supports des unix ~ optimisations pour les systems qui ont beaucoup d'utilisateurs/groupes ~ optimisations pour les reseaux rapides = fixe un bug si plus de 128 clients sont connectes en meme temps = fixe une fuite memoire dans l'administration a distance = fixe la gestion des signaux = mise au propre du code source (programme: splint) = fixe un bug sur la gestion de l'administration = fixe un bug sur l'extension sftp: verification des donnees = fixe un bug sur le sftp-who (le pourcentage de progession contenait un 'h') = sftp-user : fixe un bug sur la creation d'utilisateur 0.95 (fevrier 2007): + ajout du support des ACLs + ajout de l'extension sftp: verification des donnees + ajout du tag LogFile + support complet de l'administration a distance (ajout de la gestion des utilisateurs) + sftp-who: ajout de la bande passante globale utilisee par MySecureShell ~ diminution des ressources necessaires pour MySecureShell ~ optimisation lors des transferts et du listing des repertoires ~ optimisation de la lecture du fichier de configuration = fixe un bug sur la creation des liens symboliques = fixe un bug sur les tags PathDenyFilter et HideFiles = fixe un bug dans l'affichage du --configtest = fixe un bug sur les tags LimitConnection, LimitConnectionByUser et LimitConnectionByIP qui ne fonctionnaient pas dans certains cas = fixe un bug sur le tag StayAtHome = fixe un bug sur le tag ShowLinksAsLinks qui etait actif seulement quand HideNoAccess etait actif = fixe des fuites memoires lors du chargement du fichier de configuration 0.9 (aout 2006) : + ajout du tag : CanRemoveDir, CanRemoveFile + UTF-8 actif sur le protocol SFTP v3 (evite des erreurs sous FileZilla) + ajout du repertoire courant dans le sftp-who + ajout du parametre --version (permet de voir la version mais aussi si le support UTF-8 est actif) + ajout de nouvelle couleur pour le fichier de log + ajout des pages de man (francais et anglais) ~ fusion des executables sftp-server_MSS et MySecureShell (evite les problemes des mise a jour OpenSSH) ~ meilleur support des fonctions de securite sous Unix ~ amelioration de l'administration a distance ~ amelioration du sftp-kill ~ possibilite de ne pas compiler l'administration a distance ~ amelioration du support de l'UTF-8 (marche sur tout les linux et unix) = fixe un bug lors de la lecture / ecriture d'un fichier texte = fixe un bug lors d'un trop grand nombre de fichiers / repertoires ouvert = fixe des bugs avec les accomptes en mode administrateur = fixe un bug quand l'option VirtualChroot est actif en mode administration a distance = fixe un bug sur la restriction DefaultRights = fixe le script d'installation sur FreeBSD 6 et Solaris 9 (merci Kyle) = fixe un bug sur les creations / ouvertures des fichiers = fixe un bug sur les clients fantomes 0.8 (mars 2006) : + ajout des tags : GMTTime, Charset + support de l'utf-8 pour les noms des fichiers / repertoires + support du renouvellement du fichier de log + support du protocol SFTP v5 + sftp-admin : ajout de la possibilite de fermer TOUT MySecureShell + sftp extentions : support des informations sur l'espace libre des disques durs + ajout d'un outil sftp-verif pour verifier que MySecureShell fonctionne bien et corrige les eventuels erreurs + ajout du package Universal Binaries pour les macs ~ optimization global sur MySecureShell ~ amelioration sftp-who : la vitesse affiche des nombres a virgules ~ meilleur support des clients sftp (WebDrive fonctionne maintenant) ~ amelioration de l'installeur (support du logrotate) ~ amelioration globale sur l'installateur mac = sftp-who: fixe un bug sur la vitesse maximum affiche = fixe un bug dans la gestion de la memoire = fixe un bug sur les droits lors de la creation de fichier / repertoire = fixe un bug pour les utilisateurs qui sont administrateur de MySecureShell 0.7 (novembre 2005) : + ajout des tags : DisableAccount, IsAdmin + ajout d'un programme : - sftp-admin : permet de faire de l'administration d'un serveur MySecureShell a distance ~ amelioration de la gestion de la memoire ~ amelioration du fichier de log : - on peut differencier chaque connection - plus de detail en cas d'erreur = fixe des bugs entre les changements de chaque version de MySecureShell = fixe un bug sur le shell = fixe un bug si l'utilisateur est dans trop de groupe = fixe un probleme de protocol = fixe un probleme de gestion de la memoire 0.61 (aout 2005) : + ajout du tag ConnectionMaxLife = fixe un bug sur l'upload des fichiers avec gFtp 0.6 (juillet 2005) : + reecriture totale du sftp-server_MSS + support du protocol SFTP v4 + ajout du tag VirtualHost (attention aux restrictions) + ajout d'un script pour desinstaller MySecureShell + ajout du mot clef SftpProtocol = fixe les problemes sous 64bit = fixe la compilation sous gcc 4.0 = fixe des bugs sur la resolution des chemins descendants 0.5 (mai 2005) : + support Cygwin (Windows 2000/XP) [un package special sera bientot creer] + ajout des mots clefs ByPassGlobalDownload, ByPassGlobalUpload et ShowLinksAsLinks + sftp-state : - Ajout de l'option -yes pour accepter toutes les questions ~ amelioration du tag IpRange = fixe un bug sur les limitations de vitesse = fixe des bug sur les restrictions IgnoreHidden et VirtualChroot = sftp-who : - fixe une boucle infini dans certain cas - fixe des fuites de memoire - suppression de l'installateur java car le script shell est plus complet 0.4 (janvier 2005) : + ajout d'un tag: - IpRange (pour definir des restrictions suivant l'ip de l'utilisateur) - Default (pour definir des restrictions par defaut) + ajout des mots clefs GlobalDownload et GlobalUpload + maintenant les liens sont "transparents" et ils ne posent plus de probleme avec la restriction StayAtHome + MySecureShell : - ajout d'un mode verbose pour voir quelles regles sont appliquees + sftp-kill : - ajout d'une question pour deconnecter les clients quand on stoppe le serveur ~ sftp-who : - affiche le nombre maximum de connection puis ajoute des informations au mode verbose - affiche la vitesse de transfert en vitesse reelle (et non une moyenne comme avant) - affiche le pourcentage de telechargement des fichiers = fixe un bug sur les limitations de vitesse = fixe divers bugs 0.3 (decembre 2004) : + ajout des mots clefs HideNoAcess, MaxOpenFilesForUser, MaxWriteFilesForUser, MaxReadFilesForUser et Include, Umask, PathDenyFilter + la restriction Umask s'appelle desormais DefaultRights pour plus de logique + sftp-who : - ajout de l'argument -v pour afficher les restrictions activees sur un compte + ajout de l'utilitaire sftp-state ~ amelioration de l'installation MacOSX (entierement graphique) ~ amelioration du script d'installation (support plus simple pour le multi-langage) ~ amelioration de l'option --configtest (de MySecureShell) = fixe des bugs sur les restrictions HideFiles et IgnoreHidden = fixe un bug sur le sftp-kill 0.2 (octobre 2004) : + support de OpenBSD, FreeBSD et de NetBSD + ajout des restrictions LimitConnectionByUser (anciennement LimitConnection), LimitConnection (limite le nombre de connection au serveur), Shell + le fichier sftp-server s'appelle desormais sftp-server_MSS pour garder le serveur sftp original de OpenSSH + la restriction Home supporte les variables d'environnements ~ sftp-who : - le nombre des clients connectes est ecrit en premier - n'affiche plus des vitesses de transmissions "bizzares" - ajout d'une option pour afficher en permance le sftp-who (avec refresh automatique) ~ sftp-kill : - fixe un bug si on essayer de deconnecter tout le monde alors que personne n'est connecter = fixe un bug sur des clients "fantomes" = fixe un bug sur les restrictions LimitConnection et LimitConnectionByIP 0.1 (septembre 2004) : + ajout d'un installateur graphique en JAVA + ajout d'un installateur MacOSX et linux en script shell + ajout de l'utilitaire sftp-kill (pour deconnecter des utilisateurs) + ajout de l'utilitaire sftp-who (pour visualiser les utilisateurs connectes) + ajout d'un fichier de log (/var/log/sftp-server.log) + ajout des restrictions IgnoreHidden, DirFakeUser, DirFakeGroup, DirFakeMode, Download, Upload, StayAtHome, VirtualChroot, LimitConnection, ResolveIP Home, HideFiles, LimitConnectionByIP, IdleTimeOut + amelioration du sftp-who (beaucoup d'informations sont visibles) + amelioration du parsing + fichier de configuration le choix true ou false possede son equivalent 1 ou 0 = fixe un bug dans le fichier de log (de temps en temps, l'ip et le nom d'utilisateur etaient intervertis) = fixe un bug sur la gestion de la memoire ~ base de OpenSSH v3.9p1 mysecureshell_2.0/Core/0000755000000000000000000000000012422711313013703 5ustar rootrootmysecureshell_2.0/Core/hash.c0000644000000000000000000000660312422711313014777 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include "hash.h" #define MAKE_HASH(_D) (unsigned int )((((unsigned int)_D [0]) >> 5) | ((unsigned int )_D [1])) /*@null@*/ static t_hash *_hash = NULL; /*@null@*/ static t_element *_last_key = NULL; void create_hash() { _hash = calloc(1, sizeof(*_hash)); _last_key = NULL; } void delete_hash() { t_element *t, *n; int i; if (_hash != NULL) { for (i = 0; i < MSS_HASH_SIZE; i++) { t = _hash->hash[i]; while (t != NULL) { n = t->next; free(t->key); if (t->str != NULL) free(t->str); free(t); t = n; } } free(_hash); } _hash = NULL; _last_key = NULL; } void hash_set(const char *key, /*@null@*/ char *value) { if (_hash != NULL && value != NULL) { t_element *t = _hash->hash[MAKE_HASH(key)]; while (t != NULL) { if (strcmp(key, t->key) == 0) { free(t->str); t->str = value; return; } t = t->next; } t = calloc(1, sizeof(*t)); if (t != NULL) { if ((t->key = strdup(key)) != NULL) { t->str = value; t->next = _hash->hash[MAKE_HASH(key)]; _hash->hash[MAKE_HASH(key)] = t; } else free(t); } } } void hash_set_int(const char *key, int value) { if (_hash != NULL) { t_element *t = _hash->hash[MAKE_HASH(key)]; while (t != NULL) { if (strcmp(key, t->key) == 0) { t->number = value; return; } t = t->next; } t = calloc(1, sizeof(*t)); if (t != NULL) { if ((t->key = strdup(key)) != NULL) { t->number = value; t->next = _hash->hash[MAKE_HASH(key)]; _hash->hash[MAKE_HASH(key)] = t; } else free(t); } } } int hash_exists(const char *key) { if (_hash != NULL) { t_element *t = _hash->hash[MAKE_HASH(key)]; if (_last_key != NULL && strcmp(key, _last_key->key) == 0) return (1); while (t != NULL) { if (strcmp(key, t->key) == 0) { _last_key = t; return (1); } t = t->next; } } return (0); } /*@null@*/ char *hash_get(const char *key) { if (_hash != NULL) { t_element *t = _hash->hash[MAKE_HASH(key)]; if (_last_key != NULL && strcmp(key, _last_key->key) == 0) return (_last_key->str); while (t != NULL) { if (strcmp(key, t->key) == 0) { _last_key = t; return (t->str); } t = t->next; } } return (NULL); } int hash_get_int(const char *key) { if (_hash != NULL) { t_element *t = _hash->hash[MAKE_HASH(key)]; if (_last_key != NULL && strcmp(key, _last_key->key) == 0) return (_last_key->number); while (t != NULL) { if (strcmp(key, t->key) == 0) { _last_key = t; return (t->number); } t = t->next; } } return (0); } mysecureshell_2.0/Core/parsing.c0000644000000000000000000001346412422711313015522 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #ifdef HAVE_CYGWIN_SOCKET_H #include #endif #include #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #include #include "FileSpec.h" #include "string.h" #include "parsing.h" #include "user.h" /*@null@*/ static tTag *_tags = NULL; int TagIsActive(int verbose) { tTag *currentTag = _tags; while (currentTag != NULL) { switch (currentTag->type) { case VTAG_FILESPEC: case VTAG_DEFAULT: return 1; case VTAG_USER: return is_for_user(currentTag->data1, verbose); case VTAG_GROUP: return is_for_group(currentTag->data1, verbose); case VTAG_RANGEIP: return is_for_rangeip(currentTag->data1, verbose); case VTAG_VIRTUALHOST: return is_for_virtualhost(currentTag->data1, currentTag->data2, verbose); } currentTag = currentTag->next; } return 1; } int TagIsOpen(eTagType tagType) { if (_tags != NULL && _tags->type == tagType) return 1; return 0; } int TagParse(char *buffer) { size_t len; char *str; int is_close_tag = 0; str = trim_left(buffer + 1); if (*str == '/') { is_close_tag = 1; str = trim_left(str + 1); } len = *str != '\0' ? strlen(str) - 1 : 0; str[len] = '\0'; str = trim_right(str); if (is_close_tag == 1) TagParseClose(); else TagParseOpen(str); return (is_close_tag == 1 ? -1 : 1); } void TagParseClose() { tTag *deleteMe = _tags; if (TagIsOpen(VTAG_FILESPEC) == 1) FileSpecLeave(); if (deleteMe != NULL) { _tags = deleteMe->next; if (deleteMe->data1 != NULL) free(deleteMe->data1); free(deleteMe); } } void TagParseOpen(char *str) { tTag *newTag; char *s; if ((s = strchr(str, ' ')) != NULL || (s = strchr(str, '\t')) != NULL) { *s = '\0'; s = trim_left(s + 1); } if (s == NULL || *s == '\0') return; newTag = calloc(1, sizeof(*newTag)); if (newTag == NULL) return; str = trim_right(str); if (strcasecmp(str, TAG_GROUP) == 0) { newTag->type = VTAG_GROUP; newTag->data1 = strdup(s); } else if (strcasecmp(str, TAG_USER) == 0) { newTag->type = VTAG_USER; newTag->data1 = strdup(s); } else if (strcasecmp(str, TAG_RANGEIP) == 0) { newTag->type = VTAG_RANGEIP; newTag->data1 = TagParseRangeIP(s); if (newTag->data1 == NULL) { free(newTag); return; } } else if (strcasecmp(str, TAG_VIRTUALHOST) == 0) { newTag->type = VTAG_VIRTUALHOST; TagParseVirtualHost(s, newTag); } else if (strcasecmp(str, TAG_FILESPEC) == 0) { newTag->type = VTAG_FILESPEC; FileSpecEnter(s); } else //TAG_DEFAULT newTag->type = VTAG_DEFAULT; newTag->next = _tags; _tags = newTag; } void TagParseVirtualHost(const char *str, tTag *newTag) { struct hostent *h; char *ptr; int port = 0; if ((ptr = strchr(str, ':'))) { *ptr = '\0'; port = atoi(ptr + 1); } if (!(str[0] == '*' && str[1] == '\0') && (h = gethostbyname(str)) != NULL && h->h_addr_list != NULL && h->h_addr_list[0] != NULL) { char buffer[32]; #ifdef HAVE_INET_NTOA struct in_addr in; (void) memcpy(&in.s_addr, *h->h_addr_list, sizeof(in.s_addr)); (void) snprintf(buffer, sizeof(buffer), "%s", inet_ntoa(in)); #else //!HAVE_INET_NTOA (void )snprintf(buffer, sizeof(buffer), "%u.%u.%u.%u", (unsigned int)h->h_addr_list[0][0], (unsigned int)h->h_addr_list[0][1], (unsigned int)h->h_addr_list[0][2], (unsigned int)h->h_addr_list[0][3] ); #endif newTag->data1 = strdup(buffer); } else newTag->data1 = strdup(str); newTag->data2 = port; } /*@null@*/ char *TagParseRangeIP(const char *str) { char *mask = calloc(10, sizeof(char)); int i, nb, pos; if (mask == NULL) return (NULL); mask[8] = (char) 32; for (i = 0, nb = 0, pos = 0; str[i] != '\0'; i++) if (str[i] >= '0' && str[i] <= '9') nb = nb * 10 + ((int) str[i] - (int) '0'); else if ((str[i] == '.' || str[i] == '-' || str[i] == '/') && pos <= 7) { mask[pos] = (char) nb; if (pos >= 0 && pos <= 3) mask[pos + 4] = (char) nb; pos++; nb = 0; } mask[pos] = (char) nb; if (pos >= 0 && pos <= 3) mask[pos + 4] = (char) nb; if (mask[8] > (char) 32) mask[8] = (char) 32; return (mask); } /*@null@*/ char **ParseCutString(char *str) { char **tb = NULL; char *word = NULL; int nb = 0; while (*str != '\0') { if (*str == ' ' || *str == '\t') { *str = '\0'; if (word != NULL) { word = clean_string(word); if (*word != '\0' && strcmp(word, "=") != 0) { tb = realloc(tb, (nb + 2) * sizeof(*tb)); if (tb == NULL) return (NULL); tb[nb++] = word; tb[nb] = 0; } word = NULL; } } else { if (word == NULL) word = str; if (*str == '\'' || *str == '"') { char c = *str; str++; while (c != *str && *str != '\0') str++; } else if (*str == '\\') str++; } str++; } if (word != NULL) { word = clean_string(word); if (*word != '\0' && strcmp(word, "=") != 0) { tb = realloc(tb, (nb + 2) * sizeof(*tb)); if (tb == NULL) return (NULL); tb[nb++] = word; tb[nb] = 0; } } return (tb); } mysecureshell_2.0/Core/ip.h0000644000000000000000000000156712422711313014475 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /*@null@*/ char *get_ip(int resolve); /*@null@*/ char *get_ip_server(); int get_port_client(); int get_port_server(); mysecureshell_2.0/Core/string.h0000644000000000000000000000170412422711313015364 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ /*@null@*/ char *clean_buffer(char *buffer); char *clean_string(char *buffer); char *trim_right(char *buffer); char *trim_left(char *buffer); void MyStrCopy(char *dest, char *src, size_t length); mysecureshell_2.0/Core/convert.c0000644000000000000000000000730312422711313015532 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include "../SftpServer/Defines.h" #include #include #include #include #include "conf.h" char *convert_to_path(char *path) { size_t len = strlen(path); if (len > 0) { if (path[len - 1] == '/' || path[len - 1] == '\\') path[len - 1] = '\0'; } return (path); } /*@null@*/ char *convert_str_with_resolv_env_to_str(const char *str) { size_t beg, end, i, max; char *env_var, *env_str, *new, *res; if ((res = strdup(str)) == NULL) return NULL; max = strlen(res); for (i = 0; i < max; i++) if (res[i] == '$') { int firstIsBlock = 0; beg = i + 1; if (res[beg] == '{') { firstIsBlock = 1; i++; } while (i < max) { i++; if (!((res[i] >= 'a' && res[i] <= 'z') || (res[i] >= 'A' && res[i] <= 'Z') || (res[i] >= '0' && res[i] <= '9') || (res[i] == '_'))) break; } end = i; env_str = malloc(end - beg + 1); if (env_str != NULL) { strncpy(env_str, res + beg + firstIsBlock, end - beg - firstIsBlock); env_str[end - beg - firstIsBlock] = '\0'; if (firstIsBlock == 1 && (end + 1) <= max) end++; if ((env_var = getenv(env_str))) { size_t len; len = strlen(res) - (end - beg) + strlen(env_var) + 1; new = malloc(len); if (new != NULL) { strncpy(new, res, beg - 1); new[beg - 1] = '\0'; STRCAT(new, env_var, len); STRCAT(new, res + end, len); free(res); res = new; i = 0; max = len - 1; } } free(env_str); } } return (res); } int convert_boolean_to_int(const char *str) { if (str) if (strcasecmp(str, "true") == 0 || strcmp(str, "1") == 0) return (1); return (0); } int convert_speed_to_int(char **tb) { const char *str; int nb = 0; int div = 0; int i, j; int *ptr = &nb; int len = 1; for (j = 0; tb[j]; j++) { str = tb[j]; for (i = 0; str[i] != '\0'; i++) { if (str[i] >= '0' && str[i] <= '9') { *ptr = *ptr * 10 + ((int) str[i] - (int) '0'); len *= 10; } else switch (str[i]) { case 'k': case 'K': return (nb * 1024 + div * (1024 / len)); case 'm': case 'M': return (nb * 1024 * 1024 + div * ((1024 * 1024) / len)); case '.': ptr = ÷ len = 1; break; } } } return (nb); } int convert_time_to_int(char **tb) { int nb = 0; int i, j; for (j = 0; tb[j]; j++) { const char *str = tb[j]; for (i = 0; str[i] != '\0'; i++) { if (str[i] >= '0' && str[i] <= '9') nb = nb * 10 + ((int) str[i] - (int) '0'); else switch (str[i]) { case 'd': case 'D': nb *= 24; /*@fallthrough@*/ case 'h': case 'H': nb *= 60; /*@fallthrough@*/ case 'm': case 'M': nb *= 60; break; } } } return (nb); } int convert_mode_to_int(const char *str) { int i; int r; r = 0; for (i = 0; str[i] != '\0'; i++) r = (r * 8) + ((int) str[i] - (int) '0'); return (r); } mysecureshell_2.0/Core/ip.c0000644000000000000000000000513612422711313014464 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #ifdef HAVE_CYGWIN_SOCKET_H #include #endif #include #ifdef HAVE_NETINET_IN_H #include #endif #ifdef HAVE_SYS_SOCKET_H #include #endif #include #include #include #include "hash.h" #include "ip.h" /*@null@*/ char *get_ip(int resolv) { struct hostent *h; in_addr_t addr; char *env, *ip = NULL; if ((env = getenv("SSH_CONNECTION")) != NULL) { char *ptr; env = strdup(env); if ((ptr = strchr(env, ' '))) *ptr = '\0'; if (resolv == 0) ip = strdup(env); else if ((int) (addr = inet_addr(env)) != -1) if ((h = gethostbyaddr((char *) &addr, sizeof(addr), AF_INET)) != NULL)//FIXME inet_ntop ??? if (h != NULL && h->h_name != NULL && strlen(h->h_name) > 0)//check if a name is defined ip = strdup(h->h_name); free(env); if (ip == NULL) ip = strdup(""); } else ip = strdup(""); return (ip); } /*@null@*/ char *get_ip_server() { char *env; char *ip, *ptr; if ((env = getenv("SSH_CONNECTION")) != NULL) { env = strdup(env); ip = env; if ((ptr = strrchr(env, ' ')) != NULL) *ptr = '\0'; if ((ptr = strrchr(env, ' ')) != NULL) ip = ptr + 1; ip = strdup(ip); free(env); } else ip = strdup(""); return (ip); } int get_port_client() { char *ip, *ptr; int port = -1; if ((ip = getenv("SSH_CONNECTION")) != NULL) { if ((ptr = strchr(ip, ' ')) != NULL) { char *portClient; ip = ptr + 1; portClient = strdup(ip); if ((ptr = strchr(portClient, ' ')) != NULL) { *ptr = '\0'; port = atoi(portClient); } free(portClient); } } return (port); } int get_port_server() { char *ip, *ptr; int port = -1; if ((ip = getenv("SSH_CONNECTION")) != NULL) { if ((ptr = strrchr(ip, ' ')) != NULL) { ip = ptr + 1; port = atoi(ip); } } return (port); } mysecureshell_2.0/Core/FileSpec.h0000644000000000000000000000275212422711313015554 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #ifndef FILESPEC_H_ #define FILESPEC_H_ #include #include #include typedef enum enumFileSpec { FILESPEC_ALLOW_DENY, FILESPEC_DENY_ALLOW, } eFileSpec; typedef struct sFileSpec { eFileSpec type; char *name; int useFullPath; int nbExpression; regex_t *expressions; struct sFileSpec *next; } tFileSpec; void FileSpecInit(); void FileSpecDestroy(); void FileSpecEnter(const char *specName); void FileSpecLeave(); void FileSpecParse(/*@null@*/ char **words); void FileSpecActiveProfil(const char *specName, const int verbose); void FileSpecActiveProfils(/*@null@*/ char *specsName, const int verbose); int FileSpecCheckRights(const char *fullPath, const char *path); #endif /* FILESPEC_H_ */ mysecureshell_2.0/Core/prog.c0000644000000000000000000000317612422711313015025 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include "hash.h" #include "ip.h" #include "prog.h" #include "../SftpServer/SftpWho.h" int count_program_for_uid(/*@null@*/ const char *login) { t_sftpwho *who; int i, nb; nb = 0; if ((who = SftWhoGetAllStructs()) != NULL) { for (i = 0; i < SFTPWHO_MAXCLIENT; i++) if ((who[i].status & SFTPWHO_STATUS_MASK) != SFTPWHO_EMPTY) if (login == NULL || strcmp(who[i].user, login) == 0) nb++; } return (nb); } int count_program_for_ip(/*@null@*/ const char *host) { t_sftpwho *who; int i, nb; nb = 0; if ((who = SftWhoGetAllStructs()) != NULL) { for (i = 0; i < SFTPWHO_MAXCLIENT; i++) if ((who[i].status & SFTPWHO_STATUS_MASK) != SFTPWHO_EMPTY) if (host == NULL || strcmp(who[i].ip, host) == 0) nb++; } return (nb); } mysecureshell_2.0/Core/string.c0000644000000000000000000000443712422711313015365 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include "string.h" #include "../SftpServer/Defines.h" static void delete_comments(char *buffer) { char c; while (*buffer != '\0') { if (*buffer == '\'' || *buffer == '"') { c = *buffer; buffer++; while (*buffer != '\0' && *buffer != c) buffer++; } else if (*buffer == '\\') buffer++; else if (*buffer == '#') { *buffer = '\0'; return; } buffer++; } } /*@null@*/ char *clean_buffer(char *buffer) { delete_comments(buffer); buffer = trim_right(trim_left(buffer)); if (buffer[0] != '\0') return (buffer); return (NULL); } char *trim_right(char *buffer) { size_t i; i = strlen(buffer); if (i == 0) return (buffer); do { i--; if (buffer[i] > '\0' && buffer[i] <= ' ') buffer[i] = '\0'; else break; } while (i > 0); return (buffer); } char *trim_left(char *buffer) { while (*buffer == ' ' || *buffer == '\t') buffer++; return (buffer); } char *clean_string(char *buffer) { size_t i, max; char c; buffer = trim_left(trim_right(buffer)); for (i = 0, max = strlen(buffer); i < max; i++) { if (buffer[i] == '"' || buffer[i] == '\'') { c = buffer[i]; MyStrCopy(buffer + i, buffer + i + 1, max - i); while (c != buffer[i] && i < max) i++; if (c == buffer[i]) MyStrCopy(buffer + i, buffer + i + 1, max - i); } else if (buffer[i] == '\\') MyStrCopy(buffer + i, buffer + i + 1, max - i); } return (buffer); } void MyStrCopy(char *dest, char *src, size_t length) { while (length--) *dest++ = *src++; } mysecureshell_2.0/Core/prog.h0000644000000000000000000000155712422711313015033 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ int count_program_for_uid(/*@null@*/ const char *login); int count_program_for_ip(/*@null@*/ const char *host); mysecureshell_2.0/Core/FileSpec.c0000644000000000000000000001145712422711313015551 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include "../SftpServer/Sftp.h" #include "FileSpec.h" /*@null@*/ static tFileSpec *_allSpecs = NULL; /*@null@*/ static tFileSpec *_selectedSpecs = NULL; void FileSpecInit() { ; } void FileSpecDestroy() { tFileSpec *current; tFileSpec *next; for (next = _allSpecs; next != NULL; ) { int i; current = next; next = current->next; for (i = 0; i < current->nbExpression; i++) regfree(¤t->expressions[i]); free(current->expressions); free(current->name); free(current); } for (next = _selectedSpecs; next != NULL; ) { current = next; next = current->next; free(current); } } void FileSpecEnter(const char *specName) { tFileSpec *newSpec; newSpec = malloc(sizeof(*newSpec)); if (newSpec != NULL) { newSpec->name = strdup(specName); newSpec->type = FILESPEC_DENY_ALLOW; newSpec->useFullPath = 0; newSpec->nbExpression = 0; newSpec->expressions = NULL; newSpec->next = _allSpecs; _allSpecs = newSpec; } } void FileSpecLeave() { ; } void FileSpecParse(/*@null@*/ char **words) { if (_allSpecs == NULL) return; if (words == NULL || words[0] == NULL || words[1] == NULL) return; if (strcmp("Order", words[0]) == 0) { if (strcmp("AllowDeny", words[1]) == 0) _allSpecs->type = FILESPEC_ALLOW_DENY; } else if (strcmp("UseFullPath", words[0]) == 0) { if (strcmp("true", words[1]) == 0) _allSpecs->useFullPath = 1; } else { int r; if (strcmp("all", words[1]) == 0) return; if (strcmp("Allow", words[0]) != 0 && _allSpecs->type == FILESPEC_ALLOW_DENY) return; if (strcmp("Deny", words[0]) != 0 && _allSpecs->type == FILESPEC_DENY_ALLOW) return; _allSpecs->expressions = (regex_t *) realloc(_allSpecs->expressions, (_allSpecs->nbExpression + 1) * sizeof(regex_t)); if (_allSpecs->expressions != NULL) { r = regcomp(&_allSpecs->expressions[_allSpecs->nbExpression], words[1], REG_EXTENDED | REG_NOSUB | REG_NEWLINE); if (r == 0) _allSpecs->nbExpression++; else { char buffer[256]; (void) regerror(r, &_allSpecs->expressions[_allSpecs->nbExpression], buffer, sizeof(buffer)); (void) printf("[ERROR]Couldn't compile regex \"%s\" : %s\n", words[1], buffer); } } else perror("unable to allocate list of regexp"); } } void FileSpecActiveProfils(/*@null@*/ char *specsName, const int verbose) { if (specsName != NULL) { size_t lenSpecsName, len; char *specName = specsName; lenSpecsName = strlen(specsName); for (len = lenSpecsName - 1; len > 0; len--) if (specsName[len] == ',') { specsName[len] = '\0'; specName = specsName + len + 1; FileSpecActiveProfil(specName, verbose); } FileSpecActiveProfil(specsName, verbose); } } void FileSpecActiveProfil(const char *specName, const int verbose) { tFileSpec *next = _allSpecs; if (verbose > 0) (void) printf("--- Apply profile FileSpec '%s'---\n", specName); while (next != NULL) { if (strcmp(next->name, specName) == 0) { tFileSpec *new = malloc(sizeof(tFileSpec)); if (new != NULL) { memcpy(new, next, sizeof(tFileSpec)); new->next = _selectedSpecs; _selectedSpecs = new; } return; } next = next->next; } if (verbose > 0) (void) printf("[ERROR]Unkown profile FileSpec '%s'\n", specName); } int FileSpecCheckRights(const char *fullPath, const char *path) { tFileSpec *next = _selectedSpecs; int nb; while (next != NULL) { const char *p; if (next->useFullPath == 1) p = fullPath; else p = path; if (next->type == FILESPEC_ALLOW_DENY) { for (nb = next->nbExpression - 1; nb >= 0; nb--) if (regexec(next->expressions + nb, p, 0, NULL, 0) != REG_NOMATCH) goto nextSpec; if (next->nbExpression > 0) return SSH2_FX_PERMISSION_DENIED; } else //FILESPEC_DENY_ALLOW { if (next->nbExpression == 0) return SSH2_FX_PERMISSION_DENIED; for (nb = next->nbExpression - 1; nb >= 0; nb--) if (regexec(next->expressions + nb, p, 0, NULL, 0) != REG_NOMATCH) return SSH2_FX_PERMISSION_DENIED; } nextSpec: next = next->next; } return SSH2_FX_OK; } mysecureshell_2.0/Core/user.h0000644000000000000000000000201612422711313015031 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ int init_user_info(); int is_for_user(/*@null@*/ const char *user, int verbose); int is_for_group(const char *group, int verbose); int is_for_rangeip(const char *range, int verbose); int is_for_virtualhost(const char *host, int port, int verbose); void free_user_info(); mysecureshell_2.0/Core/hash.h0000644000000000000000000000235412422711313015003 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include #define MSS_HASH_SIZE 256 typedef struct s_element { char *key; char *str; int number; struct s_element *next; } t_element; typedef struct s_hash { t_element *hash[MSS_HASH_SIZE]; } t_hash; void delete_hash(); int hash_exists(const char *key); /*@null@*/ char *hash_get(const char *key); int hash_get_int(const char *key); void hash_set(const char *key, /*@null@*/ char *value); void hash_set_int(const char *key, int value); void create_hash(); mysecureshell_2.0/Core/security.h0000644000000000000000000000211212422711313015717 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ static inline void xclose(int fd) { while (close(fd) == -1) if (errno != EINTR) break; } static inline void xdup2(int oldfd, int newfd) { while (dup2(oldfd, newfd) == -1) if (errno != EINTR) break; } static inline void xfclose(FILE *fp) { while (fclose(fp) == -1) if (errno != EINTR) break; } mysecureshell_2.0/Core/user.c0000644000000000000000000000756512422711313015042 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include #include "ip.h" #include "parsing.h" #include "user.h" #include "../SftpServer/Access.h" /*@null@*/ static char *user_name = NULL; int init_user_info() { struct passwd *info; InitAccess(); if ((info = getpwuid(getuid()))) { if ((user_name = strdup(info->pw_name)) == NULL) return (0); hash_set("User", (void *) strdup(info->pw_name)); hash_set("Home", (void *) strdup(info->pw_dir)); return (1); } return (0); } void free_user_info() { if (user_name != NULL) free(user_name); user_name = NULL; } int is_for_user(/*@null@*/ const char *user, int verbose) { if (user == NULL) return (0); if (strcmp(user, TAG_ALL) == 0) { if (verbose >= 2) (void) printf("--- Apply restrictions for all users ---\n"); return (1); } if (user_name != NULL && strcmp(user, user_name) == 0) { if (verbose >= 2) (void) printf("--- Apply restrictions for user '%s' ---\n", user); return (1); } return (0); } int is_for_group(const char *group, int verbose) { struct group *grp; if (strcmp(group, TAG_ALL) == 0) { if (verbose >= 2) (void) printf("--- Apply restrictions for all groups ---\n"); return (1); } if ((grp = getgrnam(group)) != NULL) if (UserIsInThisGroup(grp->gr_gid) == 1) { if (verbose >= 2) (void) printf("--- Apply restrictions for group '%s' ---\n", group); return (1); } return (0); } int is_for_virtualhost(const char *host, int port, int verbose) { char *current_host; int current_port; current_host = (char *) hash_get("SERVER_IP"); current_port = hash_get_int("SERVER_PORT"); if (current_host != NULL && host != NULL && (strcmp(host, current_host) == 0 || strcmp(host, TAG_ALL) == 0)) if (current_port == 0 || port == current_port) { if (verbose >= 2) (void) printf( "--- Apply restriction for virtualhost '%s:%i' ---\n", current_host, current_port); return (1); } return (0); } int is_for_rangeip(const char *range, int verbose) { char *bip, *ip; int pos, size, retValue = 0; if (range == NULL) return (0); size = (int) ((unsigned char) range[8]); ip = get_ip(0); //don't resolv dns if (ip == NULL) return (0); bip = TagParseRangeIP(ip); if (bip == NULL) return (0); pos = 0; while (size >= 8) { if (range[pos] <= bip[pos] && bip[pos] <= range[pos + 4]) { pos++; size -= 8; } else goto error_is_for_rangeip; } if (size > 0) { bip[pos] = (unsigned char) bip[pos] >> (8 - size); bip[pos] = (unsigned char) bip[pos] << (8 - size); if (range[pos] > bip[pos] || bip[pos] > range[pos + 4]) goto error_is_for_rangeip; } if (verbose >= 2) (void) printf( "--- Apply restrictions for ip range '%i.%i.%i.%i-%i.%i.%i.%i/%i' ---\n", (unsigned char) range[0], (unsigned char) range[1], (unsigned char) range[2], (unsigned char) range[3], (unsigned char) range[4], (unsigned char) range[5], (unsigned char) range[6], (unsigned char) range[7], (unsigned char) range[8]); retValue = 1; error_is_for_rangeip: free(bip); free(ip); return (retValue); } mysecureshell_2.0/Core/conf.h0000644000000000000000000000226612422711313015007 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ void load_config(int verbose); int convert_mode_to_int(const char *str); int convert_boolean_to_int(const char *str); int convert_speed_to_int(char **tb); int convert_time_to_int(char **tb); int load_config_file(const char *file, int verbose, int max_recursive_left); void processLine(char **tb, int max_recursive_left, int verbose); /*@null@*/ char *convert_str_with_resolv_env_to_str(const char *str); char *convert_to_path(char *path); mysecureshell_2.0/Core/conf.c0000644000000000000000000002546112422711313015004 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include "conf.h" #include "FileSpec.h" #include "ip.h" #include "parsing.h" #include "string.h" #include "security.h" #include "user.h" #define CONF_IS_EMPTY 0 #define CONF_IS_STRING 1 #define CONF_IS_STRING_MAYBE_EMPTY 2 #define CONF_IS_PATH_RESOLVE_ENV 3 #define CONF_IS_INT 4 #define CONF_IS_BOOLEAN 5 #define CONF_IS_SPEED 6 #define CONF_IS_MODE 7 #define CONF_IS_TIME 8 #define CONF_IS_FILE_AND_DIR 9 #define CONF_DEPRECATED 10 #define CONF_SHOW 0 #define CONF_SHOW_ALWAYS 1 #define CONF_NOT_SHOW 2 typedef struct sConf { char *name; int type; int show; } tConf; static const tConf confParams[] = { { "GlobalDownload", CONF_IS_SPEED, CONF_SHOW }, { "GlobalUpload", CONF_IS_SPEED, CONF_SHOW }, { "Download", CONF_IS_SPEED, CONF_SHOW }, { "Upload", CONF_IS_SPEED, CONF_SHOW }, { "StayAtHome", CONF_IS_BOOLEAN, CONF_SHOW }, { "VirtualChroot", CONF_IS_BOOLEAN, CONF_SHOW }, { "LimitConnection", CONF_IS_INT, CONF_SHOW }, { "LimitConnectionByUser", CONF_IS_INT, CONF_SHOW }, { "LimitConnectionByIP", CONF_IS_INT, CONF_SHOW }, { "Home", CONF_IS_PATH_RESOLVE_ENV, CONF_SHOW }, { "Shell", CONF_IS_STRING, CONF_SHOW }, { "ResolveIP", CONF_IS_BOOLEAN, CONF_SHOW }, { "IdleTimeOut", CONF_IS_TIME, CONF_SHOW }, { "IgnoreHidden", CONF_IS_BOOLEAN, CONF_SHOW }, { "DirFakeUser", CONF_IS_BOOLEAN, CONF_SHOW }, { "DirFakeGroup", CONF_IS_BOOLEAN, CONF_SHOW }, { "DirFakeMode", CONF_IS_MODE, CONF_SHOW }, { "HideNoAccess", CONF_IS_BOOLEAN, CONF_SHOW }, { "ByPassGlobalDownload", CONF_IS_BOOLEAN, CONF_SHOW }, { "ByPassGlobalUpload", CONF_IS_BOOLEAN, CONF_SHOW }, { "MaxOpenFilesForUser", CONF_IS_INT, CONF_SHOW }, { "MaxReadFilesForUser", CONF_IS_INT, CONF_SHOW }, { "MaxWriteFilesForUser", CONF_IS_INT, CONF_SHOW }, { "ShowLinksAsLinks", CONF_IS_BOOLEAN, CONF_SHOW }, { "SftpProtocol", CONF_IS_INT, CONF_SHOW_ALWAYS }, { "LogFile", CONF_IS_STRING, CONF_SHOW_ALWAYS }, { "LogSyslog", CONF_IS_BOOLEAN, CONF_SHOW }, { "ConnectionMaxLife", CONF_IS_TIME, CONF_SHOW }, { "DisableAccount", CONF_IS_BOOLEAN, CONF_SHOW }, #ifdef MSS_HAVE_ADMIN { "IsAdmin", CONF_IS_BOOLEAN, CONF_SHOW }, { "IsSimpleAdmin", CONF_IS_BOOLEAN, CONF_SHOW }, #endif { "DisableRemoveDir", CONF_IS_BOOLEAN, CONF_SHOW }, { "DisableRemoveFile", CONF_IS_BOOLEAN, CONF_SHOW }, { "DisableReadFile", CONF_IS_BOOLEAN, CONF_SHOW }, { "DisableReadDir", CONF_IS_BOOLEAN, CONF_SHOW }, { "DisableWriteFile", CONF_IS_BOOLEAN, CONF_SHOW }, { "DisableSetAttribute", CONF_IS_BOOLEAN, CONF_SHOW }, { "DisableMakeDir", CONF_IS_BOOLEAN, CONF_SHOW }, { "DisableRename", CONF_IS_BOOLEAN, CONF_SHOW }, { "DisableSymLink", CONF_IS_BOOLEAN, CONF_SHOW }, { "DisableOverwrite", CONF_IS_BOOLEAN, CONF_SHOW }, { "DisableStatsFs", CONF_IS_BOOLEAN, CONF_SHOW }, { "Charset", CONF_IS_STRING, CONF_SHOW }, { "CanChangeRights", CONF_IS_BOOLEAN, CONF_SHOW }, { "CanChangeTime", CONF_IS_BOOLEAN, CONF_SHOW }, { "ExpireDate", CONF_IS_STRING_MAYBE_EMPTY, CONF_SHOW }, { "ForceUser", CONF_IS_STRING, CONF_SHOW }, { "ForceGroup", CONF_IS_STRING, CONF_SHOW }, { "CreateHome", CONF_IS_BOOLEAN, CONF_SHOW }, { "DefaultRights", CONF_IS_FILE_AND_DIR, CONF_SHOW }, { "MinimumRights", CONF_IS_FILE_AND_DIR, CONF_SHOW }, { "MaximumRights", CONF_IS_FILE_AND_DIR, CONF_SHOW }, { "ForceRights", CONF_IS_FILE_AND_DIR, CONF_SHOW }, { "ApplyFileSpec", CONF_IS_STRING, CONF_SHOW_ALWAYS }, { "CanRemoveDir", CONF_DEPRECATED, CONF_SHOW }, { "CanRemoveFile", CONF_DEPRECATED, CONF_SHOW }, { "GMTTime", CONF_DEPRECATED, CONF_NOT_SHOW }, { "HideFiles", CONF_DEPRECATED, CONF_SHOW }, { "PathAllowFilter", CONF_DEPRECATED, CONF_SHOW }, { "PathDenyFilter", CONF_DEPRECATED, CONF_SHOW }, { "{last item}", CONF_IS_EMPTY, CONF_NOT_SHOW } }; void load_config(int verbose) { if (init_user_info() == 0) { (void) fprintf(stderr, "[ERROR]Error when fetching user information\n"); exit(2); } hash_set_int("SERVER_PORT", get_port_server()); hash_set("SERVER_IP", get_ip_server()); hash_set_int("CanChangeRights", 1); hash_set_int("CanChangeTime", 1); if (load_config_file(CONFIG_FILE, verbose, 10) == 0) if (load_config_file(CONFIG_FILE2, verbose, 10) == 0) { (void) fprintf(stderr, "[ERROR]No valid config file were found. Please correct this.\n"); exit(2); } free_user_info(); if (verbose > 0) { size_t maxLen; char bTmp[256]; int i, r; (void) printf("--- %s ---\n", (char *) hash_get("User")); for (i = 0, maxLen = 0; confParams[i].type != CONF_IS_EMPTY; i++) { size_t len = strlen(confParams[i].name); if (len > maxLen) maxLen = len; } for (i = 0; confParams[i].type != CONF_IS_EMPTY; i++) { size_t j; char *ptr; int vInt; if (confParams[i].show != CONF_SHOW_ALWAYS && hash_exists( confParams[i].name) == 0) continue; (void) printf("%s", confParams[i].name); for (j = maxLen - strlen(confParams[i].name) + 1; j > 0; j--) (void) printf(" "); (void) printf("= "); switch (confParams[i].type) { case CONF_IS_STRING: case CONF_IS_PATH_RESOLVE_ENV: ptr = (char *) hash_get(confParams[i].name); if (ptr == NULL && confParams[i].show == CONF_SHOW_ALWAYS) (void) printf("{default}"); else (void) printf("%s", ptr); break; case CONF_IS_STRING_MAYBE_EMPTY: ptr = (char *) hash_get(confParams[i].name); (void) printf("%s", ptr != NULL ? ptr : "{nothing}"); break; case CONF_IS_INT: vInt = hash_get_int(confParams[i].name); if (vInt == 0 && confParams[i].show == CONF_SHOW_ALWAYS) (void) printf("{default}"); else (void) printf("%i", vInt); break; case CONF_IS_BOOLEAN: (void) printf("%s", hash_get_int(confParams[i].name) == 0 ? "false" : "true"); break; case CONF_IS_SPEED: (void) printf("%i bytes/s", hash_get_int(confParams[i].name)); break; case CONF_IS_MODE: vInt = hash_get_int(confParams[i].name); if (vInt == 0) (void) printf("{default}"); else (void) printf("%i", vInt); break; case CONF_IS_TIME: (void) printf("%is", hash_get_int(confParams[i].name)); break; case CONF_IS_FILE_AND_DIR: (void) snprintf(bTmp, sizeof(bTmp), "%sFile", confParams[i].name); r = hash_get_int(bTmp); (void) printf("%i%i%i%i", r / (8 * 8 * 8), (r / (8 * 8)) % 8, (r / 8) % 8, r % 8); (void) snprintf(bTmp, sizeof(bTmp), "%sDirectory", confParams[i].name); r = hash_get_int(bTmp); if (r > 0) { (void) printf(" %i%i%i%i", r / (8 * 8 * 8), (r / (8 * 8)) % 8, (r / 8) % 8, r % 8); } break; case CONF_DEPRECATED: (void) printf("%s is deprecated and unused", confParams[i].name); break; } (void) printf("\n"); } } } int load_config_file(const char *file, int verbose, int max_recursive_left) { size_t len; FILE *fh; char buffer[1024]; char **tb, *str; int line, processTag; int openedTag = 0; if (max_recursive_left == 0) { (void) fprintf(stderr, "[ERROR]Too much inclusions !!!\n"); return (0); } processTag = 1; if ((fh = fopen(file, "r"))) { if (verbose > 1) (void) printf("- Parse config file: %s -\n", file); line = 0; while (fgets(buffer, (int) sizeof(buffer), fh)) { line++; if ((str = clean_buffer(buffer))) { len = strlen(str) - 1; if (*str == '<') { if (str[len] == '>') { openedTag += TagParse(str); if (openedTag < 0) { (void) fprintf( stderr, "[ERROR]Too much tag closed at line %i in file '%s'!\n", line, file); exit(2); } } else { (void) fprintf( stderr, "[ERROR]Error parsing line %i is not valid in file '%s'!\n", line, file); exit(2); } processTag = TagIsActive(verbose); } else if (processTag == 0) continue; else if ((tb = ParseCutString(str))) { if (tb[0] != NULL) { if (TagIsOpen(VTAG_FILESPEC) == 1) FileSpecParse(tb); else processLine(tb, max_recursive_left, verbose); } free(tb); } } } if (openedTag != 0) { (void) fprintf(stderr, "[ERROR]Missing %i close(s) tag(s) in file '%s'!!!\n", openedTag, file); exit(2); } xfclose(fh); } else { (void) fprintf(stderr, "[ERROR]Couldn't load config file '%s'. Error : %s\n", file, strerror(errno)); return (0); } return (1); } void processLine(char **tb, int max_recursive_left, int verbose) { char bTmp[256]; int notRecognized; int i; notRecognized = 1; for (i = 0; confParams[i].type != CONF_IS_EMPTY; i++) if (strcmp(tb[0], confParams[i].name) == 0 && (tb[1] != NULL || confParams[i].type == CONF_IS_STRING_MAYBE_EMPTY)) { notRecognized = 0; switch (confParams[i].type) { case CONF_IS_STRING: hash_set(tb[0], (void *) strdup(tb[1])); break; case CONF_IS_STRING_MAYBE_EMPTY: hash_set(tb[0], (void *) (tb[1] ? strdup(tb[1]) : 0)); break; case CONF_IS_PATH_RESOLVE_ENV: { char *path = convert_str_with_resolv_env_to_str(tb[1]); if (path != NULL) hash_set(tb[0], (void *) convert_to_path(path)); } break; case CONF_IS_INT: hash_set_int(tb[0], atoi(tb[1])); break; case CONF_IS_BOOLEAN: hash_set_int(tb[0], convert_boolean_to_int(tb[1])); break; case CONF_IS_SPEED: hash_set_int(tb[0], convert_speed_to_int(tb + 1)); break; case CONF_IS_MODE: hash_set_int(tb[0], convert_mode_to_int(tb[1])); break; case CONF_IS_TIME: hash_set_int(tb[0], convert_time_to_int(tb + 1)); break; case CONF_IS_FILE_AND_DIR: hash_set_int(tb[0], 42); (void) snprintf(bTmp, sizeof(bTmp), "%sFile", tb[0]); hash_set_int(bTmp, convert_mode_to_int(tb[1])); if (tb[2] != NULL) { (void) snprintf(bTmp, sizeof(bTmp), "%sDirectory", tb[0]); hash_set_int(bTmp, convert_mode_to_int(tb[2])); } break; } break; } if (notRecognized == 1) { if (strcmp(tb[0], "Include") == 0 && tb[1] != NULL) { notRecognized = 0; (void) load_config_file(tb[1], verbose, max_recursive_left - 1); } if (notRecognized == 1) (void) fprintf(stderr, "Property '%s' is not recognized !\n", tb[0]); } } mysecureshell_2.0/Core/main.c0000644000000000000000000003245212422711313015001 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include #include #include "conf.h" #include "FileSpec.h" #include "hash.h" #include "ip.h" #include "prog.h" #include "../SftpServer/Sftp.h" #include "../SftpServer/Encoding.h" #include "../SftpServer/Log.h" #include "security.h" static void showVersion(int showAll) { (void) printf( "MySecureShell is version "PACKAGE_VERSION" build on " __DATE__ "%s", #ifdef DODEBUG " with DEBUG" #else "" #endif ); if (showAll == 1) { (void) printf("\n\nOptions:\n ACL support: " #if(MSS_ACL) "yes" #else "no" #endif "\n UTF-8 support: " #if(HAVE_ICONV||HAVE_LIBICONV) "yes" #else "no" #endif "\n\nSftp Extensions:\n" #ifdef MSSEXT_DISKUSAGE " Disk Usage\n" #endif #ifdef MSSEXT_DISKUSAGE_SSH " Disk Usage (OpenSSH)\n" #endif #ifdef MSSEXT_FILE_HASHING " File Hashing\n" #endif ); } } static void parse_args(int ac, char **av) { int verbose = 1; int i; if (ac == 1) return; for (i = 1; i < ac; i++) if (strcmp(av[i], "-c") == 0) i++; else if (strcmp(av[i], "--configtest") == 0) { load_config(verbose); if (hash_get("ApplyFileSpec") != NULL) FileSpecActiveProfils(hash_get("ApplyFileSpec"), verbose); (void) printf("Config is valid.\n"); exit(0); } else if (strcmp(av[i], "--help") == 0) { help: (void) printf("Build:\n\t"); showVersion(0); (void) printf("\nUsage:\n\t%s [verbose] [options]\n\nOptions:\n", av[0]); (void) printf( "\t--configtest : test the config file and show errors\n"); (void) printf("\t--help : show this screen\n"); (void) printf("\t--version : show version of MySecureShell\n"); (void) printf("\nVerbose:\n"); (void) printf("\t-v : add a level at verbose mode\n"); exit(0); } else if (strcmp(av[i], "--version") == 0) { showVersion(1); exit(0); } else if (strcmp(av[i], "-v") == 0) verbose++; else { (void) printf("--- UNKNOW OPTION: %s ---\n\n", av[i]); goto help; } } int main(int ac, char **av, char **env) { char *hostname; int is_command = 0; int is_sftp = 0; create_hash(); if (ac == 3 && av[1] != NULL && av[2] != NULL && strcmp("-c", av[1]) == 0 && (strstr(av[2], "sftp-server") != NULL || strstr(av[2], "MySecureShell") != NULL)) is_sftp = 1; else if (ac >= 3 && av[1] != NULL && av[2] != NULL && strcmp("-c", av[1]) == 0) is_command = 1; else parse_args(ac, av); hostname = get_ip(0); (void) setenv("SSH_IP", hostname, 1); free(hostname); FileSpecInit(); load_config(0); if (is_sftp == 1) { tGlobal *params; char *ptr; int max, fd, sftp_version; hostname = get_ip(hash_get_int("ResolveIP")); if (hostname == NULL) { perror("unable to resolve ip"); exit(16); } params = calloc(1, sizeof(*params)); if (params == NULL) { perror("unable to alloc memory"); exit(15); } ptr = hash_get("Home"); params->home = strdup(ptr == NULL ? "{error home}" : ptr); ptr = hash_get("User"); params->user = strdup(ptr == NULL ? "{error user}" : ptr); params->ip = strdup(hostname == NULL ? "{error ip}" : hostname); params->portSource = get_port_client(); params->who = SftpWhoGetStruct(1); if (params->who != NULL) { params->who->time_begin = (u_int32_t) time(0); params->who->pid = (u_int32_t) getpid(); (void) strncat(params->who->home, params->home, sizeof(params->who->home) - 1); (void) strncat(params->who->user, params->user, sizeof(params->who->user) - 1); (void) strncat(params->who->ip, params->ip, sizeof(params->who->ip) - 1); } //check if the server is up and user is not admin if ((fd = open(SHUTDOWN_FILE, O_RDONLY)) >= 0) { xclose(fd); if (hash_get_int("IsAdmin") == 0 && hash_get_int("IsSimpleAdmin") == 0) { SftpWhoReleaseStruct(params->who); delete_hash(); FileSpecDestroy(); exit(0); } } max = hash_get_int("LogSyslog"); if (hash_get("LogFile") != NULL) mylog_open(strdup(hash_get("LogFile")), max); else mylog_open(strdup(MSS_LOG), max); if (params->who == NULL) { mylog_printf(MYLOG_ERROR, "[%s]Server '%s' reached maximum connexion (%i clients)", hash_get("User"), hash_get("SERVER_IP"), SFTPWHO_MAXCLIENT); SftpWhoReleaseStruct(NULL); delete_hash(); FileSpecDestroy(); mylog_close_and_free(); exit(14); } max = hash_get_int("LimitConnectionByUser"); if (max > 0 && count_program_for_uid(hash_get("User")) > max) { mylog_printf(MYLOG_ERROR, "[%s]Too many connection for this account", hash_get("User")); SftpWhoReleaseStruct(params->who); delete_hash(); FileSpecDestroy(); exit(10); } max = hash_get_int("LimitConnectionByIP"); if (max > 0 && count_program_for_ip(hostname) > max) { mylog_printf(MYLOG_ERROR, "[%s]Too many connection for this IP : %s", hash_get("User"), hostname); SftpWhoReleaseStruct(params->who); delete_hash(); FileSpecDestroy(); exit(11); } max = hash_get_int("LimitConnection"); if (max > 0 && count_program_for_uid(NULL) > max) { mylog_printf(MYLOG_ERROR, "[%s]Too many connection for the server : %s", hash_get("User"), hash_get("SERVER_IP")); SftpWhoReleaseStruct(params->who); delete_hash(); FileSpecDestroy(); exit(12); } if (hash_get_int("DisableAccount")) { mylog_printf(MYLOG_ERROR, "[%s]Account is closed", hash_get("User")); SftpWhoReleaseStruct(params->who); delete_hash(); FileSpecDestroy(); exit(13); } params->flagsGlobals |= (hash_get_int("StayAtHome") ? SFTPWHO_STAY_AT_HOME : 0) + (hash_get_int("VirtualChroot") ? SFTPWHO_VIRTUAL_CHROOT : 0) + (hash_get_int("ResolveIP") ? SFTPWHO_RESOLVE_IP : 0) + (hash_get_int("IgnoreHidden") ? SFTPWHO_IGNORE_HIDDEN : 0) + (hash_get_int("DirFakeUser") ? SFTPWHO_FAKE_USER : 0) + (hash_get_int("DirFakeGroup") ? SFTPWHO_FAKE_GROUP : 0) + (hash_get_int("DirFakeMode") ? SFTPWHO_FAKE_MODE : 0) + (hash_get_int("HideNoAccess") ? SFTPWHO_HIDE_NO_ACESS : 0) + (hash_get_int("ByPassGlobalDownload") ? SFTPWHO_BYPASS_GLB_DWN : 0) + (hash_get_int("ByPassGlobalUpload") ? SFTPWHO_BYPASS_GLB_UPL : 0) + (hash_get_int("ShowLinksAsLinks") ? SFTPWHO_LINKS_AS_LINKS : 0) + (hash_get_int("IsAdmin") ? SFTPWHO_IS_ADMIN : 0) + (hash_get_int("IsSimpleAdmin") ? SFTPWHO_IS_SIMPLE_ADMIN : 0) + (hash_get_int("CanChangeRights") ? SFTPWHO_CAN_CHG_RIGHTS : 0) + (hash_get_int("CanChangeTime") ? SFTPWHO_CAN_CHG_TIME : 0) + (hash_get_int("CreateHome") ? SFTPWHO_CREATE_HOME : 0); params->flagsDisable = (hash_get_int("DisableRemoveDir") ? SFTP_DISABLE_REMOVE_DIR : 0) + (hash_get_int("DisableRemoveFile") ? SFTP_DISABLE_REMOVE_FILE : 0) + (hash_get_int("DisableReadDir") ? SFTP_DISABLE_READ_DIR : 0) + (hash_get_int("DisableReadFile") ? SFTP_DISABLE_READ_FILE : 0) + (hash_get_int("DisableWriteFile") ? SFTP_DISABLE_WRITE_FILE : 0) + (hash_get_int("DisableSetAttribute") ? SFTP_DISABLE_SET_ATTRIBUTE : 0) + (hash_get_int("DisableMakeDir") ? SFTP_DISABLE_MAKE_DIR : 0) + (hash_get_int("DisableRename") ? SFTP_DISABLE_RENAME : 0) + (hash_get_int("DisableSymLink") ? SFTP_DISABLE_SYMLINK : 0) + (hash_get_int("DisableOverwrite") ? SFTP_DISABLE_OVERWRITE : 0) + (hash_get_int("DisableStatsFs") ? SFTP_DISABLE_STATSFS : 0); params->who->status |= params->flagsGlobals; _sftpglobal->download_max = (u_int32_t) hash_get_int("GlobalDownload"); _sftpglobal->upload_max = (u_int32_t) hash_get_int("GlobalUpload"); if (hash_get_int("Download") > 0) { params->download_max = (u_int32_t) hash_get_int("Download"); params->who->download_max = params->download_max; } if (hash_get_int("Upload") > 0) { params->upload_max = (u_int32_t) hash_get_int("Upload"); params->who->upload_max = params->upload_max; } if (hash_get_int("IdleTimeOut") > 0) params->who->time_maxidle = (u_int32_t) hash_get_int("IdleTimeOut"); if (hash_get_int("DirFakeMode") > 0) params->dir_mode = (u_int32_t) hash_get_int("DirFakeMode"); sftp_version = hash_get_int("SftpProtocol"); if (hash_get_int("ConnectionMaxLife") > 0) params->who->time_maxlife = (u_int32_t) hash_get_int("ConnectionMaxLife"); if (hash_get("ExpireDate") != NULL) { struct tm tm; time_t currentTime, maxTime; if (strptime((const char *) hash_get("ExpireDate"), "%Y-%m-%d %H:%M:%S", &tm) != NULL) { maxTime = mktime(&tm); currentTime = time(NULL); if (currentTime > maxTime) //time elapsed { mylog_printf(MYLOG_ERROR, "[%s]Account has expired : %s", hash_get("User"), hash_get("ExpireDate")); SftpWhoReleaseStruct(params->who); delete_hash(); mylog_close_and_free(); exit(15); } else { //check if expireDate < time_maxlife currentTime = maxTime - currentTime; if ((u_int32_t) currentTime < params->who->time_maxlife) params->who->time_maxlife = (u_int32_t) currentTime; } } DEBUG((MYLOG_DEBUG, "[%s][%s]ExpireDate time to rest: %i", params->who->user, params->who->ip, params->who->time_maxlife)); } if (hash_exists("MaxOpenFilesForUser") == MSS_TRUE) params->max_openfiles = hash_get_int("MaxOpenFilesForUser"); if (hash_exists("MaxReadFilesForUser") == MSS_TRUE) params->max_readfiles = hash_get_int("MaxReadFilesForUser"); if (hash_exists("MaxWriteFilesForUser") == MSS_TRUE) params->max_writefiles = hash_get_int("MaxWriteFilesForUser"); if (hash_get_int("MinimumRightsDirectory") > 0) params->minimum_rights_directory = hash_get_int( "MinimumRightsDirectory"); if (hash_get_int("MinimumRightsFile") > 0) params->minimum_rights_file = hash_get_int("MinimumRightsFile"); if (hash_get_int("MaximumRightsDirectory") > 0) params->maximum_rights_directory = hash_get_int( "MaximumRightsDirectory"); else params->maximum_rights_directory = 07777; if (hash_get_int("MaximumRightsFile") > 0) params->maximum_rights_file = hash_get_int("MaximumRightsFile"); else params->maximum_rights_file = 07777; if (hash_get_int("DefaultRightsDirectory") > 0) params->default_rights_directory = hash_get_int("DefaultRightsDirectory"); else params->default_rights_directory = 0755; if (hash_get_int("DefaultRightsFile") > 0) params->default_rights_file = hash_get_int("DefaultRightsFile"); else params->default_rights_file = 0644; if (hash_get_int("ForceRightsDirectory") > 0) { params->minimum_rights_directory = hash_get_int("ForceRightsDirectory"); params->maximum_rights_directory = params->minimum_rights_directory; } if (hash_get_int("ForceRightsFile") > 0) { params->minimum_rights_file = hash_get_int("ForceRightsFile"); params->maximum_rights_file = params->minimum_rights_file; } if (hash_get("ForceUser") != NULL) params->force_user = strdup(hash_get("ForceUser")); if (hash_get("ForceGroup") != NULL) params->force_group = strdup(hash_get("ForceGroup")); if (hash_get("Charset") != NULL) setCharset(hash_get("Charset")); if (hash_get("ApplyFileSpec") != NULL) FileSpecActiveProfils(hash_get("ApplyFileSpec"), 0); delete_hash(); if (hostname != NULL) free(hostname); params->current_user = getuid(); params->current_group = getgid(); return (SftpMain(params, sftp_version)); } else { char *ptr; if (getuid() != geteuid()) //if we are in utset byte mode then we restore user's rights to avoid security problems { if (seteuid(getuid()) == -1 || setegid(getgid()) == -1) { perror("revoke root rights"); exit(1); } } ptr = hash_get("Shell"); if (ptr != NULL) { if (strcmp(ptr, av[0]) != 0) { av[0] = ptr; if (is_command == 1) { size_t len = 0; char **new_env; char *cmd, *envVar; int i; for (i = 2; i < ac; i++) len += strlen(av[i]); cmd = malloc(len + ac + 1); envVar = malloc(len + ac + 1 + 21); cmd[0] = '\0'; for (i = 2; i < ac; i++) { if (i > 2) strcat(cmd, " "); strcat(cmd, av[i]); } av[2] = cmd; av[3] = NULL; strcpy(envVar, "SSH_ORIGINAL_COMMAND="); strcat(envVar, cmd); len = 0; for (i = 0; env[i] != NULL; i++) len++; new_env = calloc(len + 2, sizeof(*new_env)); for (i = 0; i < len; i++) new_env[i] = env[i]; new_env[len] = envVar; (void) execve(av[0], av, new_env); } else (void) execve(av[0], av, env); perror("execute shell"); } else (void) fprintf(stderr, "You cannot specify MySecureShell has shell (in the MySecureShell configuration) !"); } else (void) fprintf(stderr, "Shell access is disabled !"); exit(1); } } mysecureshell_2.0/Core/parsing.h0000644000000000000000000000275212422711313015525 0ustar rootroot/* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "hash.h" typedef enum enumTagType { VTAG_DEFAULT, VTAG_USER, VTAG_GROUP, VTAG_RANGEIP, VTAG_VIRTUALHOST, VTAG_FILESPEC, } eTagType; typedef struct sTag { eTagType type; void *next; char *data1; int data2; } tTag; #define TAG_GROUP "group" #define TAG_USER "user" #define TAG_RANGEIP "iprange" #define TAG_DEFAULT "default" #define TAG_VIRTUALHOST "virtualhost" #define TAG_ALL "*" #define TAG_FILESPEC "filespec" int TagIsActive(int verbose); int TagIsOpen(eTagType tagType); int TagParse(char *buffer); void TagParseOpen(char *str); void TagParseClose(); void TagParseVirtualHost(const char *str, tTag *newTag); /*@null@*/ char *TagParseRangeIP(const char *str); /*@null@*/ char **ParseCutString(char *str); mysecureshell_2.0/install.sh.in0000755000000000000000000001663312422711313015436 0ustar rootroot#!/bin/sh ## Installation Script v0.9 - Made by MySecureShell Team ## MySecureShell Team ## Language local initialising BINDIR=@BINDIR@ MANDIR=@MANDIR@ USRBINDIR=@BINDIR@ ETCDIR=@ETCDIR@ MSS_CONF=@MSS_CONF@ LANG= ## Functions Looking for available languages MyGetLocale() { if [ "$LANG" = "" ] ; then echo $1 else tmp=`grep -F "$1=" locales_$LANG | cut -d= -f2-` if [ "$tmp" = "" ] ; then echo $1 else echo $tmp fi fi } MyListLocale() { echo "The available languages are:" grep -F 'DESCRIPTION=' locales_* | cut -d= -f2- echo "" echo "Usage:" echo "./install.sh xx(language) | or yesall for yes to all questions" } if [ "$1" = "yesall" ] ; then LANG="en" fyesall="1" break else if [ "$1" = "" ] ; then MyListLocale exit 1 else if [ -f "locales_$1" ] ; then LANG=$1 fyesall="0" fi fi fi if [ "$2" != "" ] ; then BINDIR="$2$BINDIR" MANDIR="$2$MANDIR" USRBINDIR="$2$USRBINDIR" ETCDIR="$2$ETCDIR" MSS_CONF="$2$MSS_CONF" if [ ! -d "$BINDIR" ] ; then mkdir -m 0755 -p $BINDIR fi if [ ! -d "$MANDIR" ] ; then mkdir -m 0755 -p $MANDIR fi if [ ! -d "$USRBINDIR" ] ; then mkdir -m 0755 -p $USRBINDIR fi if [ ! -d "$ETCDIR" ] ; then mkdir -m 0755 -p $ETCDIR fi if [ ! -d $ETCDIR/logrotate.d ] ; then mkdir -m 0755 -p $ETCDIR/logrotate.d fi fi ## Root detection euid="`id -u`" if [ "$euid" != "0" ] ; then echo "" echo "###################################################################" tmp=`MyGetLocale 'sorry'` echo " $tmp" MyGetLocale 'Warning root ask' echo "###################################################################" echo "" exit 1 fi ## Functions detecfiles() { fileufund=`MyGetLocale 'Existing file'` failed=`MyGetLocale 'failed'` echo "$fileufund $filedetec $failed" instend=`MyGetLocale 'installation'` echo "$instend $failed" exit 1 } filefound() { filefund=`MyGetLocale 'Existing file'` ok=`MyGetLocale 'ok'` echo "$filefund $filedetec $ok" } shellfunc() { grepshell=`grep /usr/bin/mysecureshell $ETCDIR/shells` if [ "$?" = "0" ] ; then echo "`MyGetLocale 'shellalreadyvd'` `MyGetLocale 'ok'`" else MyGetLocale 'validshellask' if [ "$fyesall" = "1" ] ; then rep3="y" else read rep3 test -z "$rep3" && rep3="y" fi case "$rep3" in [yY]) echo "/usr/bin/mysecureshell" >> $ETCDIR/shells echo `MyGetLocale 'shellvalid'`" "`MyGetLocale 'ok'` ;; *) echo `MyGetLocale 'novalidshell'`" "`MyGetLocale 'ok'` ;; esac echo "" fi } ## Starting script ## Welcome and files detection clear echo "#########################################" echo "# MySecureShell #" echo "#########################################" echo "" MyGetLocale 'Welcome' echo "" MyGetLocale 'Needed installation files' filedetec="mysecureshell" if [ -f ./$filedetec ] ; then filefound filedetec="sftp_config" if [ -f ./$filedetec ] ; then filefound else detecfiles fi else detecfiles fi ## Test system echo "" tmp=`MyGetLocale 'TestSystem?'` echo $tmp if [ $fyesall = "1" ] ; then rep7="y" else read rep7 test -z "$rep7" && rep7="y" fi case "$rep7" in [yY]) MyGetLocale 'LaunchMSS' ./mysecureshell --version > /dev/null MyGetLocale 'Testsuccess' ;; esac ## Introduction text echo "" echo "" MyGetLocale 'text1' MyGetLocale 'text2' MyGetLocale 'text3' MyGetLocale 'text4' MyGetLocale 'text5' echo "" MyGetLocale 'statestopquest' MyGetLocale 'text6' ## Starting or ending installation if [ "$fyesall" = "1" ] ; then rep1="y" else read rep1 test -z "$rep1" && rep1="y" fi case "$rep1" in [yY]) MyGetLocale 'installation' echo "" ;; *) clear echo `MyGetLocale 'installation'`" "`MyGetLocale 'failed'` exit 1 ;; esac ## If MSS is present, stop server if [ -f $USRBINDIR/sftp-state ] ; then if [ $fyesall = "1" ] ; then $USRBINDIR/sftp-state -yes stop > /dev/null else $USRBINDIR/sftp-state stop fi fi ## Existing ssh or sshd folder if [ -d $ETCDIR/sshd ] ; then sshfolder=$ETCDIR/sshd else if [ -d $ETCDIR/ssh ] ; then sshfolder=$ETCDIR/ssh else echo "" MyGetLocale 'mksshfolder' if [ $fyesall = "1" ] ; then repssh="y" else read repssh test -z "$repssh" && repssh="y" fi case "$repssh" in [yY]) sshfolder=$ETCDIR/ssh mkdir $sshfolder echo `MyGetLocale 'lgsshfolder'`" "`MyGetLocale 'ok'` ;; *) clear MyGetLocale 'stopinstssh' exit 1 ;; esac fi fi ## Config file if [ -f $MSS_CONF ] ; then echo "" MyGetLocale 'warnconf' MyGetLocale 'warnerase' if [ $fyesall = "1" ] ; then rep2="n" else read rep2 test -z "$rep2" && rep2="n" fi case "$rep2" in [yY]) cp -f ./sftp_config $MSS_CONF chmod 644 $MSS_CONF echo `MyGetLocale 'conffilerep1'`" "`MyGetLocale 'ok'` ;; *) echo `MyGetLocale 'conffilerep2'`" "`MyGetLocale 'ok'` ;; esac else cp -f ./sftp_config $MSS_CONF chmod 644 $MSS_CONF echo `MyGetLocale 'mkconffile'`" "`MyGetLocale 'ok'` fi ## Updating Detection echo "" if [ -f $BINDIR/mysecureshell ] ; then echo `MyGetLocale 'upconffile'`" "`MyGetLocale 'ok'` else echo `MyGetLocale 'mkconffile'`" "`MyGetLocale 'ok'` fi cp -f ./mysecureshell $BINDIR chmod 755 $BINDIR/mysecureshell ## /shells detection echo "" if [ -f $ETCDIR/shells ] ; then shellfunc else MyGetLocale 'mkshells' if [ $fyesall = "1" ] ; then repshells="n" else read repshells test -z "$repshells" && repshells="n" fi case "$repshells" in [yY]) touch $ETCDIR/shells chmod 644 $ETCDIR/shells shellfunc ;; esac fi ## Utilities installation echo "" if [ -d ./utils ] ; then for tool in "sftp-who" "sftp-kill" "sftp-state" "sftp-admin" "sftp-verif" "sftp-user" ; do cp -f ./utils/$tool $USRBINDIR echo `MyGetLocale 'tool'`" $tool "`MyGetLocale 'ok'` done chmod 700 $USRBINDIR/sftp-kill chmod 700 $USRBINDIR/sftp-state chmod 700 $USRBINDIR/sftp-admin chmod 755 $USRBINDIR/sftp-who chmod 755 $USRBINDIR/sftp-verif chmod 755 $USRBINDIR/sftp-user else echo `MyGetLocale 'noutilities'`" "`MyGetLocale 'ok'` fi ## Logrotate echo "" MyGetLocale 'logrot?' if [ $fyesall = "1" ] ; then rep8="y" else read rep8 test -z "$rep8" && rep8="y" fi case "$rep8" in [yY]) # Using for Debian like systems if [ -d $ETCDIR/logrotate.d ] ; then cat > $ETCDIR/logrotate.d/mysecureshell <<\_ACEOF @MSS_LOG@ { weekly size=500k rotate 10 compress delaycompress missingok notifempty } _ACEOF chmod 644 $ETCDIR/logrotate.d/mysecureshell echo `MyGetLocale 'logrot'`" "`MyGetLocale 'ok'` else # Others BSD systems if [ -f $ETCDIR/weekly ] ; then logstat=1 grep -e '^for' < $ETCDIR/weekly | grep -ve sftp-server.log > /dev/null if [ "$?" = "0" ] ; then sed -e 's/^\(for i in.*\)\(; do\)$/\1 sftp-server.log\2/' $ETCDIR/weekly > /tmp/weekly.tmp && mv /tmp/weekly.tmp $ETCDIR/weekly fi fi if [ "$logstat" = "1" ] ; then echo `MyGetLocale 'logrot'`" "`MyGetLocale 'ok'` else echo `MyGetLocale 'logrot'`" "`MyGetLocale 'failed'` fi fi ;; esac ## Manuals if [ -d ./man ] ; then if [ ! -d $MANDIR/man8 ] ; then mkdir -m 0755 -p $MANDIR/man8 fi cp ./man/en/man8/* $MANDIR/man8 echo `MyGetLocale 'mans'`" "`MyGetLocale 'ok'` else echo `MyGetLocale 'mans'`" "`MyGetLocale 'failed'` fi # End of Installation # Only needed for version < 0.6 --> 0.8 & + $USRBINDIR/sftp-state fullshutdown > /dev/null $USRBINDIR/sftp-state start > /dev/null echo "" MyGetLocale 'finishedinst' echo "" MyGetLocale 'osxreminder' echo "" mysecureshell_2.0/Makefile.in0000644000000000000000000000762412422711313015071 0ustar rootrootVERSION = @PACKAGE_VERSION@ DEST = mysecureshell_$(VERSION) CPU = "`uname -m`" ARCHIVE = mysecureshell_$(VERSION)-$(OSTYPE)-$(CPU) ARCSRC = mysecureshell_$(VERSION).tar.gz NAME = mysecureshell$(EXT) SRC = Core/main.c Core/string.c \ Core/parsing.c Core/hash.c \ Core/conf.c Core/convert.c \ Core/user.c Core/prog.c \ Core/ip.c Core/FileSpec.c \ SftpServer/Buffer.c SftpServer/Encode.c \ SftpServer/Handle.c SftpServer/Send.c \ SftpServer/Sftp.c SftpServer/Util.c \ SftpServer/Log.c SftpServer/Encoding.c \ SftpServer/Admin.c SftpServer/SftpWho.c \ SftpServer/SftpExt.c SftpServer/SftpServer.c \ SftpServer/GetUsersInfos.c SftpServer/Stats.c \ SftpServer/Access.c SftpServer/FileSystem.c \ SftpServer/FileSystemAcl.c OBJ = $(SRC:.c=.o) NAME1 = utils/sftp-who$(EXT) SRC1 = SftpWho/Main.c SftpServer/SftpWho.c \ Core/conf.c Core/convert.c Core/hash.c \ Core/user.c Core/parsing.c Core/string.c \ Core/ip.c Core/FileSpec.c SftpServer/Access.c OBJ1 = $(SRC1:.c=.o) NAME2 = utils/sftp-state$(EXT) SRC2 = SftpState/Main.c SftpServer/SftpWho.c OBJ2 = $(SRC2:.c=.o) NAME3 = utils/sftp-admin$(EXT) SRC3 = SftpAdmin/Main.c SftpServer/Buffer.c SftpServer/Log.c OBJ3 = $(SRC3:.c=.o) FILE = utils/sftp-user utils/sftp-kill utils/sftp-verif \ README-fr README-en install.sh locales_en locales_fr \ uninstaller.sh sftp_config LICENSE man/*/man8/*.8 FILESRC = $(DEST)/sftp_config $(DEST)/utils/sftp-kill $(DEST)/LICENSE \ $(DEST)/README-fr $(DEST)/README-en $(DEST)/Makefile.in \ $(DEST)/config.h.in $(DEST)/configure $(DEST)/install.sh.in \ $(DEST)/uninstaller.sh.in $(DEST)/locales_en $(DEST)/locales_fr\ $(DEST)/utils/sftp-verif.in $(DEST)/utils/sftp-user.in \ $(DEST)/man/*/man8/*.8 CFLAGS = -Wall -Wunused -Wpointer-arith -Wno-uninitialized -O2 -ISftpServer @CFLAGS@ @CPPFLAGS@ @MSS_DEBUG@ LDFLAGS = @LDFLAGS@ @LIBS@ @LINKER_OPT@ CC = @CC@ EXT = @EXEEXT@ RM = rm -f CHMOD = chmod TAR = tar CP = cp -pf STRIP = strip FIND = find LN = ln LS = ls SPLINT = splint -Du_int16_t=uint16_t -Du_int32_t=uint32_t -Du_int64_t=uint64_t -Du_int8_t=uint8_t +posixlib all : $(NAME) $(NAME1) $(NAME2) $(NAME3) $(NAME) : $(OBJ) @echo "Compile binary [$(NAME)]" @$(CC) -o $(NAME) $(OBJ) $(LDFLAGS) @$(CHMOD) 755 $(NAME) $(NAME1) : $(OBJ1) @echo "Compile binary [$(NAME1)]" @$(CC) -o $(NAME1) $(OBJ1) $(LDFLAGS) @$(CHMOD) 711 $(NAME1) $(NAME2) : $(OBJ2) @echo "Compile binary [$(NAME2)]" @$(CC) -o $(NAME2) $(OBJ2) $(LDFLAGS) @$(CHMOD) 711 $(NAME2) $(NAME3) : $(OBJ3) @echo "Compile binary [$(NAME3)]" @$(CC) -o $(NAME3) $(OBJ3) $(LDFLAGS) @$(CHMOD) 711 $(NAME3) clean : @echo "Delete all objects" @$(RM) $(OBJ) $(OBJ1) $(OBJ2) $(OBJ3) @$(RM) config.status config.log install.sh uninstaller.sh config.h utils/sftp-user utils/sftp-verif Makefile distclean: clean @echo "Delete all unecessary files" @$(RM) $(NAME) $(NAME1) $(NAME2) $(NAME3) @$(RM) -i `$(FIND) . | grep -F '~'` *.tgz || true updateautoconf: /usr/bin/autoscan /usr/bin/autoheader /usr/bin/autoconf -f cleanautoconf: @$(RM) config.h Makefile configure mrproper: distclean cleanautoconf install : all @./install.sh yesall $(DESTDIR) re : distclean all package : re @echo "Make package" @$(STRIP) $(NAME) $(NAME1) $(NAME2) $(NAME3) @echo "Tar package" @$(TAR) cfz $(ARCHIVE).tgz $(NAME) $(NAME1) $(NAME2) $(NAME3) $(FILE) @echo "Package done." source : @echo "Tar the world" @test -e ../$(DEST) || $(LN) -fs mysecureshell ../$(DEST) @cd .. && $(TAR) cfz $(DEST)/$(ARCSRC) $(FILESRC) $(DEST)/*.[ch] $(DEST)/*/*.[ch] @echo "Source package done." files : @test -e ../$(DEST) || $(LN) -fs mysecureshell ../$(DEST) @cd .. && $(LS) $(FILESRC) $(DEST)/*.[ch] $(DEST)/*/*.[ch] check : @echo "Check sources" @$(SPLINT) -ISftpServer $(SRC) || true @$(SPLINT) -ISftpServer $(SRC1) || true @$(SPLINT) -ISftpServer $(SRC2) || true @$(SPLINT) -ISftpServer $(SRC3) || true .c.o : @echo "Compile [$<]" @$(CC) $(CFLAGS) -c -o $@ $< mysecureshell_2.0/locales_en0000644000000000000000000000460512422711313015047 0ustar rootrootDESCRIPTION= en=English Package ok=[ OK ] failed=[ FAILED ] sorry=Sorry Warning root ask=WARNING: You must be root to continue installation ! Welcome=Welcome to the MySecureShell installation script ! Needed installation files=Detecting needed files for installation: Existing file=Existing file installation=MySecureShell Installation agree=If you're not agree with this text, don't continue the installation. text1=This script will made a few operations: text2=- Install MySecureShell in /bin text3=- Make a configuration file in /etc/ssh/sftp_config text4=- Introduce if which MySecureShell as a valid shell text5=- Install utilities in /usr/bin text6=- Do you want to continue installation ? (Y/n) statestopquest=WARNING: The server will shutdown and all sftp connected clients will be killed ! warnconf=WARNING: sftp_config configuration file already exist ! mksshfolder=No default ssh folders found. Do you want to create /etc/ssh ? (Y/n) lgsshfolder=Created /etc/ssh folder stopinstssh=Sorry but installation can't continue without ssh folder. warnerase=Do you want to erase the existing one ? (y/N) conffilerep1=Current configuration file has been erased conffilerep2=Current configuration file has not been erased upconffile=MySecureShell file updated mkconffile=MySecureShell file created validshellask=Do you want MySecureShell shell to be add like valid shell on your system ? (Y/n) mkshells=No file /etc/shells. Do you want to create /etc/shells ? (y/N) shellalreadyvd=MySecureShell shell is already valid shellvalid=MySecureShell shell added like a valid shell shellcreate=Make and add MySecureShell shell as valid novalidshell=No modifications in your valid shells list sftp-who=Installation of sftp-who tool unfound=ERROR: file not found tool=Installation of tool finishedinst=Installation Finished ! osxreminder=Note: If you run on Mac OS X, don't forget to copy MSS folder in Applications ! TestSystem?=Do you want to test MySecureShell (check libraries requirement) ? (Y/n) LaunchMSS=Test MySecureShell... Testsuccess=Test ending logrot?=Do you want to automatically rotate MySecureShell logs ? (Y/n) logrot=Initialisation of MySecureShell rotation logs uninst?=Are you sure you want to uninstall MySecureShell ? (y/N) delconf?=Do you want to delete your configuration file too ? (y/N) mssuninstok!=MySecureShell Sucessfully uninstalled ! mssuninstfail=MySecureShell uninstaller aborded ! mans=Installation of Manuals mysecureshell_2.0/debian/0000755000000000000000000000000012422711314014236 5ustar rootrootmysecureshell_2.0/debian/postinst0000644000000000000000000000213312422711313016042 0ustar rootroot#!/bin/sh # postinst script for mysecureshell # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in configure) ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # Validating Shell add-shell /usr/bin/mysecureshell # Reassign rights cd /usr/bin chmod 755 sftp-who sftp-verif sftp-user chmod 700 sftp-state sftp-kill sftp-admin # If sticky bit exist, do not override it test -u mysecureshell || chmod 755 mysecureshell #DEBHELPER# exit 0 mysecureshell_2.0/debian/mysecureshell.manpages0000644000000000000000000000025612422711313020641 0ustar rootrootman/en/man8/MySecureShell.8 man/en/man8/sftp-admin.8 man/en/man8/sftp-kill.8 man/en/man8/sftp-state.8 man/en/man8/sftp-user.8 man/en/man8/sftp-verif.8 man/en/man8/sftp-who.8 mysecureshell_2.0/debian/docs0000644000000000000000000000001212422711313015101 0ustar rootrootREADME-en mysecureshell_2.0/debian/prerm0000644000000000000000000000163212422711313015307 0ustar rootroot#!/bin/sh # prerm script for mysecureshell # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `upgrade' # * `failed-upgrade' # * `remove' `in-favour' # * `deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in remove|upgrade|deconfigure) invoke-rc.d mysecureshell stop ;; failed-upgrade) ;; *) echo "prerm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 mysecureshell_2.0/debian/rules0000755000000000000000000000043112422711313015313 0ustar rootroot#!/usr/bin/make -f # see FEATURE AREAS in dpkg-buildflags(1) export DEB_BUILD_MAINT_OPTIONS = hardening=+all override_dh_auto_configure: dh_auto_configure -- --bindir=/usr/bin --mandir=/usr/share/man # main packaging script based on dh7 syntax %: dh $@ --with autotools-dev mysecureshell_2.0/debian/compat0000644000000000000000000000000212422711313015433 0ustar rootroot9 mysecureshell_2.0/debian/init.d0000644000000000000000000000404412422711313015347 0ustar rootroot#!/bin/sh ### BEGIN INIT INFO # Provides: mysecureshell # Required-Start: $local_fs $network $remote_fs $syslog # Required-Stop: $local_fs $network $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: MySecureShell SFTP Server # Description: MySecureShell SFTP Server ### END INIT INFO # Author: MySecureShell Team # Do NOT "set -e" # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DESC="MySecureShell SFTP Server" NAME=mysecureshell DAEMON=/usr/bin/mysecureshell DAEMON_ARGS="" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x "$DAEMON" ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.2-14) to ensure that this file is present # and status_of_proc is working. . /lib/lsb/init-functions # # Function that starts the daemon/service # case "$1" in start) echo -n "Starting $DESC: " sftp-state start > /dev/null if [ $(stat --format='%a' $DAEMON) -eq 755 ] ; then echo "$NAME is now online with restricted features" echo "Note: To enable all features you have to change mysecureshell binary rights to 4755" else echo "$NAME is now online with full features" fi ;; stop) echo -n "Stopping $DESC: " sftp-state fullstop -yes > /dev/null echo "$NAME is now offline" ;; restart|force-reload) echo -n "Restarting $DESC: " sftp-state fullstop -yes > /dev/null echo "$NAME is now offline --> please wait while restarting..." sleep 1 sftp-state start > /dev/null echo "$NAME is now online" ;; status) sftp-state ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|restart|status|force-reload}" >&2 exit 1 ;; esac exit 0 mysecureshell_2.0/debian/copyright0000644000000000000000000000211112422711313016163 0ustar rootrootFormat: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: mysecureshell Source: /usr/share/common-licenses/GPL-2 Files: * Copyright: 2007-2014 Pierre Mavro 2007-2014 Sébastien Tardig License: GPL-2 Files: debian/* Copyright: 2014 MySecureShell Team License: GPL-2 License: GPL-2 This package is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; . This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . You should have received a copy of the GNU General Public License along with this program. If not, see . On Debian systems, the complete text of the GNU General Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". mysecureshell_2.0/debian/postrm0000644000000000000000000000213112422711313015501 0ustar rootroot#!/bin/sh # postrm script for mysecureshell # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `remove' # * `purge' # * `upgrade' # * `failed-upgrade' # * `abort-install' # * `abort-install' # * `abort-upgrade' # * `disappear' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) remove-shell /usr/bin/mysecureshell ;; purge) remove-shell /usr/bin/mysecureshell rm -f /etc/ssh/sftp-config rm -f /var/log/mysecureshell.log* ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 mysecureshell_2.0/debian/control0000644000000000000000000000235212422711313015642 0ustar rootrootSource: mysecureshell Section: net Priority: optional Maintainer: Pierre Mavro Build-Depends: debhelper (>= 9), autotools-dev, libacl1-dev, libgnutls28-dev Standards-Version: 3.9.6 Homepage: http://mysecureshell.readthedocs.org Vcs-Git: git://github.com/mysecureshell/mysecureshell Vcs-Browser: https://github.com/mysecureshell/mysecureshell Package: mysecureshell Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, openssh-server Description: SFTP Server with ACL MySecureShell is a solution which has been made to bring more features to sftp/scp protocol given by OpenSSH. By default, OpenSSH brings a lot of liberty to connected users which imply to trust in your users. . The goal of MySecureShell is to offer the power and security of OpenSSH, with enhanced features (like ACL) to restrict connected users. . MySecureShell was created because of the lack of file transfer features in OpenSSH. OpenSSH was not designed as a file transfer solution, that's why MySecureShell is born. . MySecureShell is not a patch for OpenSSH, it's a shell for users. It has the advantage to: * Avoid including security holes in OpenSSH * No dependency on against an OpenSSH version * No OpenSSH recompilation is required mysecureshell_2.0/debian/changelog0000644000000000000000000000023212422711313016104 0ustar rootrootmysecureshell (2.0-1) unstable; urgency=low * Initial release (Closes: #763930) -- Pierre Mavro Tue, 30 Sep 2014 07:18:01 +0000 mysecureshell_2.0/debian/source/0000755000000000000000000000000012422711313015535 5ustar rootrootmysecureshell_2.0/debian/source/format0000644000000000000000000000001412422711313016743 0ustar rootroot3.0 (quilt) mysecureshell_2.0/debian/watch0000644000000000000000000000012412422711313015263 0ustar rootrootversion=3 https://github.com/mysecureshell/mysecureshell/tags .*/v?(\d\S*)\.tar\.gz mysecureshell_2.0/README.md0000644000000000000000000000005312422711313014270 0ustar rootrootmysecureshell ============= MySecureShell mysecureshell_2.0/SftpWho/0000755000000000000000000000000012422711313014405 5ustar rootrootmysecureshell_2.0/SftpWho/Main.c0000644000000000000000000001715012422711313015441 0ustar rootroot /* MySecureShell permit to add restriction to modified sftp-server when using MySecureShell as shell. Copyright (C) 2007-2014 MySecureShell Team This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation (version 2) This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ #include "../config.h" #include #include #include #include #include #include "../SftpServer/SftpWho.h" #include "../Core/conf.h" #include "../Core/hash.h" static unsigned int do_loop = 0; static int _verbose = 0; static int _only_show_pid_and_name = 0; static int is_number(const char *av) { int i; if (av) { for (i = 0; av[i] != '\0'; i++) if (av[i] < '0' || av[i] > '9') return (0); return (1); } return (0); } static void parse_args(int ac, char **av) { int i; for (i = 1; i < ac; i++) if (strcmp(av[i], "--while") == 0) { if (is_number(av[i + 1]) == 1) { i++; do_loop = (unsigned int )atoi(av[i]); } else do_loop = 1; } else if (strcmp(av[i], "-v") == 0) _verbose = 1; else if (strcmp(av[i], "--sftp-kill") == 0) _only_show_pid_and_name = 1; else { (void )printf("Usage:\n------\n%s [options]\n\nOptions:\n", av[0]); (void )printf("\t-v : verbose mode\n"); (void )printf("\t--while [time in seconde] : sftp-who refresh information (use ^C to quit)\n"); (void )printf("\n"); exit (0); } } static char *make_idle_time(unsigned int t) { static char buffer[256]; if (t < 60) (void )snprintf(buffer, sizeof(buffer), "%02us", t); else if (t < (60 * 60)) (void )snprintf(buffer, sizeof(buffer), "%02umins %02us", t / 60, t % 60); else if (t < (60 * 60 * 24)) (void )snprintf(buffer, sizeof(buffer), "%02uh %02umins %02us", t / (60 * 60), (t / 60) % 60, t % 60); else (void )snprintf(buffer, sizeof(buffer), "%udays %02uh %02umins %02us", t / (60 * 60 * 24), (t / (60 * 60)) % 24, (t / 60) % 60, t % 60); return (buffer); } static char *make_time(unsigned int t) { static char b1[256]; struct tm *tm; time_t tt = t; if ((tm = localtime(&tt))) { (void )strftime(b1, sizeof(b1), "%G/%m/%d %T", tm); } else b1[0] = '\0'; return (b1); } static char *make_speed(char *b2, size_t size, unsigned int s, int can_unlimit) { if (can_unlimit == 1 && s == 0) (void )snprintf(b2, size, "%s", "unlimited"); else if (s < 1024) (void )snprintf(b2, size, "%u bytes/s", s); else if (s < (1024 * 1024)) (void )snprintf(b2, size, "%.2f kbytes/s", (float )s / 1024.0f); else (void )snprintf(b2, size, "%.3f mbytes/s", (float )s / 1048576.0f); return (b2); } static unsigned int getRealDown(t_sftpwho *who) { if (_sftpglobal->download_by_client != 0&& (who->status & SFTPWHO_BYPASS_GLB_DWN) == 0 && ((_sftpglobal->download_by_client < who->download_max) || who->download_max == 0)) return (_sftpglobal->download_by_client); return (who->download_max); } static unsigned int getRealUp(t_sftpwho *who) { if (_sftpglobal->upload_by_client != 0 && (who->status & SFTPWHO_BYPASS_GLB_UPL) == 0 && ((_sftpglobal->upload_by_client < who->upload_max) || who->upload_max == 0)) return (_sftpglobal->upload_by_client); return (who->upload_max); } int main(int ac, char **av) { t_sftpwho *who; char b1[18], b2[18], b3[18], b4[18]; int nb_clients; int i; parse_args(ac, av); create_hash(); load_config(0); who = SftpWhoGetStruct(-1); do { if (do_loop > 0) (void )printf("\33[H\33[J"); nb_clients = 0; if (who) { if (_only_show_pid_and_name == 0) { unsigned int global_download, global_upload; global_download = 0; global_upload = 0; for (i = 0; i < SFTPWHO_MAXCLIENT; i++) if ((who[i].status & SFTPWHO_STATUS_MASK) != SFTPWHO_EMPTY) { nb_clients++; global_download += who[i].download_current; global_upload += who[i].upload_current; } (void )printf("--- %i / %i clients ---\n", nb_clients, hash_get_int("LimitConnection")); (void )printf("Global used bandwidth : %s / %s\n", make_speed(b1, sizeof(b1), global_download, 0), make_speed(b2, sizeof(b2), global_upload, 0) ); } for (i = 0; i < SFTPWHO_MAXCLIENT; i++) if ((who[i].status & SFTPWHO_STATUS_MASK) != SFTPWHO_EMPTY) { if (_only_show_pid_and_name == 1) { (void )printf("%u %s\n", who[i].pid, who[i].user); } else { char *status; switch (who[i].status & SFTPWHO_STATUS_MASK) { case SFTPWHO_IDLE: status = "idle"; break; case SFTPWHO_GET: status = "download"; break; case SFTPWHO_PUT: status = "upload"; break; default: status = "unknown"; break; } (void )printf("PID: %u Name: %s IP: %s\n", who[i].pid, who[i].user, who[i].ip); (void )printf("\tHome: %s\n", who[i].home); if (_verbose > 0) (void )printf("\tOptions: %s%s%s%s%s%s%s%s\n", (who[i].status & SFTPWHO_STAY_AT_HOME) ? " StayAtHome" : "", (who[i].status & SFTPWHO_VIRTUAL_CHROOT) ? " VirtualChroot" : "", (who[i].status & SFTPWHO_RESOLVE_IP) ? " ResolveIp" : "", (who[i].status & SFTPWHO_IGNORE_HIDDEN) ? " IgnoreHidden" : "", (who[i].status & SFTPWHO_FAKE_USER) ? " FakeUser" : "", (who[i].status & SFTPWHO_FAKE_GROUP) ? " FakeGroup" : "", (who[i].status & SFTPWHO_FAKE_MODE) ? " FakeMode" : "", (who[i].status & SFTPWHO_HIDE_NO_ACESS) ? " HideNoAccess" : "" ); if (_verbose > 0) { (void )printf("\tStatus: %s [since %s] Path: %s\n", status, make_idle_time( (who[i].status & SFTPWHO_STATUS_MASK) == SFTPWHO_IDLE ? who[i].time_idle : who[i].time_transf), who[i].path); } else { (void )printf("\tStatus: %s Path: %s\n", status, who[i].path); } if ((who[i].status & SFTPWHO_STATUS_MASK) != SFTPWHO_GET) { (void )printf("\tFile: %s\n", (who[i].status & SFTPWHO_STATUS_MASK) == SFTPWHO_IDLE ? "" : who[i].file); } else { (void )printf("\tFile: %s [%i%%]\n", (who[i].status & SFTPWHO_STATUS_MASK) == SFTPWHO_IDLE ? "" : who[i].file, who[i].download_pos); } (void )printf("\tConnected: %s [since %s]\n", make_time(who[i].time_begin), make_idle_time(who[i].time_total)); (void )printf("\tSpeed: Download: %s [%s] Upload: %s [%s]\n", make_speed(b1, sizeof(b1), who[i].download_current, 0), make_speed(b2, sizeof(b2), getRealDown(&who[i]), 1), make_speed(b3, sizeof(b3), who[i].upload_current, 0), make_speed(b4, sizeof(b4), getRealUp(&who[i]), 1)); (void )printf("\tTotal: Download: %u bytes Upload: %u bytes\n", who[i].download_total, who[i].upload_total); (void )printf("\n"); } } } else { if (_only_show_pid_and_name == 0) (void )printf("--- %i / %i clients ---\n", nb_clients, hash_get_int("LimitConnection")); who = SftpWhoGetStruct(-1); } if (do_loop > 0) (void )sleep(do_loop); } while (do_loop > 0); SftpWhoReleaseStruct(NULL); delete_hash(); return (0); } mysecureshell_2.0/man/0000755000000000000000000000000012422711313013566 5ustar rootrootmysecureshell_2.0/man/en/0000755000000000000000000000000012422711313014170 5ustar rootrootmysecureshell_2.0/man/en/man8/0000755000000000000000000000000012422711313015033 5ustar rootrootmysecureshell_2.0/man/en/man8/sftp-verif.80000644000000000000000000000056412422711313017216 0ustar rootroot.TH sftp-verif 8 "03/05/2006" mss-utils "sftp-verif Manual for MySecureShell" .SH NAME sftp-verif - MySecureShell Command .SH DESCRIPTION Very useful to verify and correct problems on a MySecureShell server. .SH EXAMPLES .TP \fBsftp-verif\fP Verify and correct problems on the server .SH SEE ALSO MySecureShell(8), sftp-who(8), sftp-state(8), sftp-admin(8) sftp-verif(8) mysecureshell_2.0/man/en/man8/MySecureShell.80000644000000000000000000000103412422711313017646 0ustar rootroot.TH MySecureShell 8 "03/05/2006" mss-utils "MySecureShell's manual" .SH NAME MySecureShell - Command .SH SYNOPSYS .TP \fBMySecureShell\fP [verbose] [options] .SH DESCRIPTION .SS Verbose .TP \-v: show more information for option \fB\-\-configtest\fP .SS Options .TP \-\-configtest: test the config file and show errors .TP \-\-help: show help .TP \-\-version: show version of MySecureShell .SH EXAMPLES .TP MySecureShell \-\-help Show help of MySecureShell .SH SEE ALSO sftp-kill(8), sftp-who(8), sftp-state(8), sftp-admin(8) sftp-verif(8) mysecureshell_2.0/man/en/man8/sftp-who.80000644000000000000000000000161712422711313016700 0ustar rootroot.TH sftp-who 8 "16/10/2007" mss-utils "sftp-who Manual for MySecureShell" .SH NAME sftp-who - MySecureShell Command .SH SYNOPSYS \fBsftp-who\fP .SH SYNOPSYS Show information related to clients connexions. .SH EXEMPLES .TP \fBsftp-who\fP \-\-\- 1 / 10 clients \-\-\- Global used bandwidth : 1.125 mbytes/s / 56.90 kbytes/s PID: 26462 Name: pmavro IP: 192.168.0.34 Home: /home/pmavro Status: download Path: /home/pmavro/linux-2.6.23.1.tar.bz2 File: /home/pmavro/linux-2.6.23.1.tar.bz2 [54%] Connected: 2007/10/16 22:21:00 [since 21s] Speed: Download: 1.125 mbytes/s [unlimited] Upload: 56.90 kbytes/s [unlimited] Total: Download: 9989968 bytes Upload: 101003 bytes .TP \fBsftp-who \-\-while x\fP x : refresh sftp-who (in sec) .TP \fBsftp-who \-v\fP \-v : verbose mode .SH SEE ALSO MySecureShell(8), sftp-who(8), sftp-state(8), sftp-admin(8) sftp-verif(8) mysecureshell_2.0/man/en/man8/sftp-admin.80000644000000000000000000000123412422711313017166 0ustar rootroot.TH sftp-admin 8 "03/05/2006" mss-utils "sftp-admin Manual for MySecureShell" .SH NAME sftp-admin - MySecureShell Command .SH SYNOPSYS \fBsftp-admin\fP [ssh options] user@hostname .SH DESCRIPTION Allow to manage a MySecureShell waiter remotely .SS OPTIONS .TP ssh options : pass options to ssh .TP user@hostname : where user is your user and hostname is the address to the server .SH EXAMPLES .TP \fBsftp-admin [ssh options] MSS@hostname\fP MSS manage hostname.s server with port 22. .TP \fBsftp-admin [ssh options] MSS@hostname:2006\fP MSS manage hostname.s server with port 2006. .SH SEE ALSO MySecureShell(8), sftp-who(8), sftp-state(8), sftp-kill(8) sftp-verif(8) mysecureshell_2.0/man/en/man8/sftp-state.80000644000000000000000000000115112422711313017214 0ustar rootroot.TH sftp-state 8 "03/05/2006" mss-utils "sftp-state Manual for MySecureShell" .SH NAME sftp-state - MySecureShell Command .SH SYNOPSYS \fBsftp-state\fP [options] .SH DESCRIPTION Control activity of the server .SS Options .TP \-yes : You answer Yes to all questions (must be the first argument) .TP active / start : Start server .TP shutdown / stop : Stop server (This ask you if you want to disconnect clients) .SH EXAMPLES .TP \fBsftp-state start\fP Start server. .TP \fBsftp-state \-yes stop\fP Stop server and disconnect users .SH SEE ALSO MySecureShell(8), sftp-who(8), sftp-state(8), sftp-admin(8) sftp-verif(8) mysecureshell_2.0/man/en/man8/sftp-user.80000644000000000000000000000051412422711313017054 0ustar rootroot.TH sftp-user 8 "16/10/2007" mss-utils "sftp-user Manual for MySecureShell" .SH NAME sftp-user - MySecureShell Command .SH SYNOPSYS \fBsftp-user\fP .SH DESCRIPTION Create MySecureShell users easily (requiered for MySecureSHell Graphical Tool). .SH SEE ALSO MySecureShell(8), sftp-user(8), sftp-state(8), sftp-admin(8) sftp-verif(8) mysecureshell_2.0/man/en/man8/sftp-kill.80000644000000000000000000000063612422711313017036 0ustar rootroot.TH sftp-kill 8 "03/05/2006" mss-utils "sftp-kill Manual for MySecureShell" .SH NAME sftp-kill - MySecureShell Command .SH SYNOPSYS \fBsftp-kill\fP [user] ... .SH DESCRIPTION Disconnect users to the server. .SH EXAMPLES .TP \fBsftp-kill user1 user2\fP Disconnect user1 and user2 .TP \fBsftp-kill all\fP Disconnect every users. .SH SEE ALSO MySecureShell(8), sftp-who(8), sftp-state(8), sftp-admin(8) sftp-verif(8) mysecureshell_2.0/man/en/man8/mysecureshell.80000644000000000000000000000035612422711313020014 0ustar rootroot.TH MySecureShell 8 "03/10/2014" mss-utils "MySecureShell's manual" .SH NAME mysecureshell - Command .SH SYNOPSYS Look at MySecureShell(8) for information .SH SEE ALSO sftp-kill(8), sftp-who(8), sftp-state(8), sftp-admin(8) sftp-verif(8) mysecureshell_2.0/utils/0000755000000000000000000000000012422711313014153 5ustar rootrootmysecureshell_2.0/utils/sftp-kill0000644000000000000000000000051312422711313016002 0ustar rootroot#!/bin/sh [ $1 ] || { echo " Usage: $0 [username] username: specify the user name to kill or enter all to kill all" exit 0 } sftp-who --sftp-kill | while read pid who; do shot=1 [ x$1 = xall ] || [ x$1 = x$who ] && { echo Kill $who on PID $pid kill -HUP $pid } done [ $shot ] || echo 'No lamer to kill ?' mysecureshell_2.0/utils/sftp-user.in0000755000000000000000000001174212422711313016443 0ustar rootroot#!/bin/sh ## Users Script Manager v0.2 - Made by MySecureShell Team ## MySecureShell Team # Saving vars nameuser=$2 hideuser=$3 bindir='@BINDIR@'; # OS Detection osdetection=`uname -s` # Error messages badarg="Sorry but you gave me a bad argument !" alreadyexist="Sorry but this user already exist !" doesntexist="Sorry but this user doesn't exist !" ########################## ## User sftp-user verif ## ########################## encPass='*' vrf_create() { for i in "$nameuser" ; do if [ -z "$i" ] ; then echo $bardarg exit 0 fi done } vrf_delhide() { name=`id -un $nameuser 2>&1` if [ "$name" = 'nobody' ] || [ "$name" = "$nameuser" ] ; then break else echo $doesntexist exit 1 fi } vrf_getpass() { dirPerl= for dir in `echo $PATH | tr : "\n"` ; do if [ -x $dir/perl ] ; then dirPerl=$dir; break fi done if [ "$dirPerl" != '' ] ; then echo "Enter password:" stty -echo read pass stty echo echo encPass=`$dirPerl/perl <&1` if [ "$name" = "$nameuser" ] || [ "$name" = 'nobody' ] ; then echo $alreadyexist exit 1 fi } ########################## ## Darwin users manager ## ########################## # Creation dar_add() { if [ -x /usr/bin/niutil ] ; then newid=$[`nireport / /users uid | tail -1`+1] # Add User niutil -create -R / /users/$nameuser #Check if success test $? != 0 && exit $? niutil -createprop -R / /users/$nameuser passwd "$encPass" niutil -createprop -R / /users/$nameuser gid $newid niutil -createprop -R / /users/$nameuser uid $newid niutil -createprop -R / /users/$nameuser realname "$nameuser" niutil -createprop -R / /users/$nameuser shell "$bindir/mysecureshell" niutil -createprop -R / /users/$nameuser picture "/Library/Caches/com.sourceforge.mysecureshell.picture.tiff" #niutil -createprop -R / /users/$nameuser home "/Users/invite" # Home create future versions #cp -R /System/Library/User\ Template/French.lproj /Users/$nameuser #chown -R $nameuser:staff /Users/$nameuser fi if [ -x /usr/bin/dscl ] ; then dscl . -create /Users/$nameuser dscl . -create /Users/$nameuser UserShell "$bindir/mysecureshell" dscl . -create /Users/$nameuser RealName "$nameuser" dscl . -passwd /Users/$nameuser "$encPass" dscl . -append /Groups/staff GroupMembership $nameuser fi # Hide user test "$hideuser" = '1' && defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array $nameuser && defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add $nameuser } # List users with MySecureShell Shell dar_list() { if [ -x /usr/bin/nireport ] ; then nireport / /users name shell | grep /mysecureshell | awk '{ print $1 }' fi if [ -x /usr/bin/dscl ] ; then dscl . -list /Users shell | grep mysecureshell | awk '{ print $1 }' fi exit $? } # Deletion dar_del() { if [ -x /usr/bin/niutil ] ; then niutil -destroy -R / /users/$nameuser fi if [ -x /usr/bin/dscl ] ; then dscl . delete /Users/$nameuser fi exit $? } # Hidding dar_hid() { # Home is choice if [ "$hideuser" = '0' ] ; then defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList $nameuser else defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array $nameuser defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add $nameuser fi exit $? } ######################### ## Linux users manager ## ######################### # Creation nux_add() { useradd -p $encPass -s $bindir/mysecureshell $nameuser exit $? } # Deletion nux_list() { grep -F /mysecureshell /etc/passwd | cut -d: -f1 } # Deletion nux_del() { userdel -f $nameuser exit $? } ############### ## User Menu ## ############### case $1 in create) vrf_create vrf_useralreadyexit vrf_getpass if [ "$osdetection" = 'Darwin' ] ; then dar_add else nux_add fi ;; delete) vrf_delhide if [ "$osdetection" = 'Darwin' ] ; then dar_del else nux_del fi ;; list) if [ "$osdetection" = 'Darwin' ] ; then dar_list else nux_list fi ;; hide) if [ "$osdetection" = 'Darwin' ] ; then vrf_delhide dar_hid fi ;; *) echo "Usage 1: sftp-user create [user] [hide user]" echo "Usage 2: sftp-user delete [user]" echo "Usage 3: sftp-user list" echo "Usage 4: sftp-user hide [user] [hide] (Mac OS X Only)" echo "" echo "" echo " Options Choices Descriptions" echo " user Username User Name" echo " hide user 1/0 hide user from login panel and user managements (Max OS X Only)" echo " delete home 1/0 Remove user Home directory" echo " hide 1/0 Hide/Unhide (Mac OS X Only)" ;; esac exit 0 mysecureshell_2.0/utils/sftp-verif.in0000755000000000000000000002236412422711313016602 0ustar rootroot#!/usr/bin/env perl ## MySecureShell Verification Tool v0.5 - Made by MySecureShell Team ## MySecureShell Team use diagnostics; use strict; use Env qw(USER); use Term::ANSIColor; my $bindir='@BINDIR@'; my $mss_conf='@MSS_CONF@'; my $mss_log='@MSS_LOG@'; my $sudo_bin='@SUDO@'; # Vars ## Root detection if ($> != 0) { print "\n" . '#' x 80; print "\n\tSorry but you must be root to fix problems\n"; print '#' x 80 . "\n"; exit 1; } ## Function # Set OK color in green and FAILED in red # 1st arg is message line and 2nd is ok or failed sub print_color { # Print message printf "%-69s", "$_[0]"; # Print OK in green if ($_[1] =~ /ok|reussi/i) { print color 'bold green'; } else { # Print failed in red print color 'bold red'; } printf "%11s", "$_[1]\n"; # Resetting colors print color 'reset'; } # Checking rights files # 1 args needed (whished rights in decimal format 'xxxx') sub rightsver { my $needed_owner = shift; my $needed_group = shift; my $needed_rights = shift; my @file_rights = @_; foreach my $current_file (@file_rights) { if (-f $current_file) { my @stat_file = stat($current_file); my $current_owner = getpwuid($stat_file[4]); my $current_group = getgrgid($stat_file[5]); my $current_rights = sprintf("%04o", $stat_file[2] & 07777); if ($current_rights == $needed_rights && $current_owner eq $needed_owner && $current_group eq $needed_group) { &print_color("Verifing file rights of $current_file",'[ OK ]'); } else { &print_color("Verifing file rights of $current_file",'[ FAILED ]'); if ($current_rights != $needed_rights) { print "Rights problems have been detected $current_rights and should be $needed_rights\nDo you want to repair $current_file file rights ? (Y/n)\n"; if ( =~ /y|o/i) { chmod(oct($needed_rights), $current_file); &print_color("Good rights ($needed_rights) reseted on $current_file file",'[ OK ]'); } else { &print_color("Needed rights ($needed_rights) have unchanged to $current_file file",'[ OK ]'); } } if ($current_owner ne $needed_owner || $current_group ne $needed_group) { print "Owner problems have been detected $current_owner:$current_group and should be $needed_owner:$needed_group\nDo you want to repair $current_file file owner ? (Y/n)\n"; if ( =~ /y|o/i) { my $file_uid = getpwnam($needed_owner); my $file_gid = getgrnam($needed_group); chown($file_uid, $file_gid, $current_file); &print_color("Good owner ($needed_owner:$needed_group) reseted on $current_file file",'[ OK ]'); } else { &print_color("Needed owner ($needed_owner:$needed_group) have unchanged to $current_file file",'[ OK ]'); } } } } else { &print_color("File $current_file does not exist",'[ FAILED ]'); } } } sub set_logrotate { print "\n\n### Verifing rotation logs ###\n\n"; if (-d '/etc/logrotate.d') { unless (-f '/etc/logrotate.d/mysecureshell') { print "No rotations logs found ! Do you want to create it one now ? (y/n)\n"; if ( =~ /y|o/i) { my $logrotate_file = <<"ACEOF"; $mss_log { weekly size=500k rotate 10 compress delaycompress missingok notifempty } ACEOF open (LOGROTATE, ">/etc/logrotate.d/mysecureshell"); print LOGROTATE $logrotate_file; close(LOGROTATE); chmod 0644, "/etc/logrotate.d/mysecureshell"; &print_color('Rotation logs have been created','[ OK ]'); } else { &print_color('No rotation logs have been created','[ FAILED ]'); } } else { &print_color('Rotation logs have been found','[ OK ]'); } } elsif (-f '/etc/weekly') { # Mac OS 10.4 #logstat=1 system "grep -e '^for' < /etc/weekly | grep -ve sftp-server.log > /dev/null"; if ("$?" == 0) { system "sed -e 's/^\(for i in.*\)\(; do\)$/\1 $mss_log\2/' /etc/weekly > /tmp/weekly.tmp && mv /tmp/weekly.tmp /etc/weekly"; } } else { # Mac OS 10.5 #logstat=1 system "grep -c sftp-server < /etc/syslog.conf | grep -v grep"; if ($? != 1) { open (SYSLOG, ">>/etc/syslog.conf") or warn("I don't have enough rights to make it"); print SYSLOG "sftp-server.*\t\t\t\t\t/var/log/sftp-server.log"; close (SYSLOG); } } } ## Starting validation print "\n" . '#' x 80; print "\n\t\t\tMySecureShell Verification Tool"; print "\n" . '#' x 80; # Finding MSS and utilities print "\n\n### Verifing file existance ###\n\n"; # Checking if files exists my @check_bins = ("$bindir/mysecureshell", "$bindir/sftp-who", "$bindir/sftp-kill", "$bindir/sftp-state", "$bindir/sftp-admin", "$bindir/sftp-verif", "$bindir/sftp-user"); foreach (@check_bins) { if (-e $_) { &print_color($_,'[ OK ]'); } else { &print_color($_,'[ FAILED ]'); } } # Verify shells list if (-e '/etc/shells') { my $retValue = 0; my $binMSS = "$bindir/mysecureshell"; print "\n\n### Verifing /etc/shells ###\n\n"; $retValue = system('/bin/grep', '-q', $binMSS, '/etc/shells'); $retValue >>= 0; if ($retValue == 0) { &print_color("/etc/shells contains $binMSS",'[ OK ]'); } else { &print_color("/etc/shells contains $binMSS",'[ FAILED ]'); print "$binMSS is absent of '/etc/shells'\nDo you want to add it ? (Y/n)\n"; if ( =~ /y|o/i) { if (open(FD, '>>', '/etc/shells')) { print FD "\n$binMSS\n"; close(FD); &print_color('Update /etc/shells','[ OK ]'); } else { &print_color('Update /etc/shells','[ FAILED ]'); } } else { &print_color("/etc/shells contains $binMSS",'[ FAILED ]'); } } } # Deleting sftp-server_MSS if found my @check_fsm = ('/usr/lib/sftp-server_MSS', '/usr/libexec/sftp-server_MSS', '/usr/lib/ssh/sftp-server_MSS', '/usr/lib/openssh/sftp-server_MSS', '/usr/libexec/openssh/sftp-server_MSS'); foreach (@check_fsm) { if (-f $_) { print "If you are running a MySecureShell version newer than 0.8, you have to delete sftp-server_MSS file !\nDo you want I delete it for you ? (y/n)\n"; unlink $_ if ( =~ /y|o/i); } } # Verify Rights print "\n\n### Verifing rights ###\n\n"; # To check rights, add files in this array # Give rights you which &rightsver('root', 'root', '0644', $mss_conf); &rightsver('root', 'root', '0755', "$bindir/sftp-who", "$bindir/sftp-verif", "$bindir/sftp-user"); &rightsver('root', 'root', '0700', "$bindir/sftp-kill", "$bindir/sftp-state", "$bindir/sftp-admin"); &rightsver('root', 'root', '4755', "$bindir/mysecureshell"); # Logrotate open (GET_OS, "uname |"); while () { chomp $_; unless (/SunOS/i) { &set_logrotate; last; } } close(GET_OS); # Server status print "\n\n### Verifing server status ###\n\n"; # Check sftp-server state open (SERVER_STATE, "$bindir/sftp-state |") or warn("Couldn't get sftp-state status : $!\n"); while () { # If online, do not touch if (/up|online/i) { &print_color('Verifing server status (ONLINE)','[ OK ]'); } else { # Else ask to start it &print_color('Verifing server status (ONLINE)','[ FAILED ]'); print "\nDo you want to start server ? (y/n)\n"; if ( =~ /y|o/i) { system "$bindir/sftp-state start"; if ($? == 0) { &print_color('Server started','[ OK ]'); } else { &print_color('Server started','[ FAILED ]'); } } } } close (SERVER_STATE); # Server dependencies print "\n\n### Verifing server dependencies ###\n\nShow only error(s) :\n"; system "$bindir/mysecureshell --version > /dev/null"; # Server configuration print "\n\n### Verifing server configuration ###\n\nShow only error(s) :\n"; print "Trying user: $ENV{'USER'}\n"; system "$bindir/mysecureshell --configtest > /dev/null"; # Get all users list and check if there is a problem in config if ($ENV{'USER'} eq 'root') { if (-x $sudo_bin) { open (USER_LIST, "$bindir/sftp-user list |") or warn("Can't get user list with sftp-user command : $!\n"); while () { chomp $_; print "Checking user : $_\n"; system "$sudo_bin -u $_ $bindir/mysecureshell --configtest > /dev/null\n"; } close (USER_LIST); } } #End print "\n\n### All tests dones ###\n\n"; mysecureshell_2.0/LICENSE0000644000000000000000000003510612422711313014025 0ustar rootrootGNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: * a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. * b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. * c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: * a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, * b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, * c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS mysecureshell_2.0/sftp_config0000644000000000000000000000670112422711313015243 0ustar rootroot## MySecureShell Configuration File ## # To get more informations on all possible options, please look at the doc: # http://mysecureshell.readthedocs.org #Default rules for everybody GlobalDownload 50k #total speed download for all clients # o -> bytes k -> kilo bytes m -> mega bytes GlobalUpload 0 #total speed download for all clients (0 for unlimited) Download 5k #limit speed download for each connection Upload 0 #unlimit speed upload for each connection StayAtHome true #limit client to his home VirtualChroot true #fake a chroot to the home account LimitConnection 10 #max connection for the server sftp LimitConnectionByUser 1 #max connection for the account LimitConnectionByIP 2 #max connection by ip for the account Home /home/$USER #overrite home of the user but if you want you can use # environment variable (ie: Home /home/$USER) IdleTimeOut 5m #(in second) deconnect client is idle too long time ResolveIP true #resolve ip to dns # IgnoreHidden true #treat all hidden files as if they don't exist # DirFakeUser true #Hide real file/directory owner (just change displayed permissions) # DirFakeGroup true #Hide real file/directory group (just change displayed permissions) # DirFakeMode 0400 #Hide real file/directory rights (just change displayed permissions) #Add execution right for directory if read right is set HideNoAccess true #Hide file/directory which user has no access # MaxOpenFilesForUser 20 #limit user to open x files on same time # MaxWriteFilesForUser 10 #limit user to x upload on same time # MaxReadFilesForUser 10 #limit user to x download on same time DefaultRights 0640 0750 #Set default rights for new file and new directory # MinimumRights 0400 0700 #Set minimum rights for files and dirs ShowLinksAsLinks false #show links as their destinations # ConnectionMaxLife 1d #limits connection lifetime to 1 day # Charset "ISO-8859-15" #set charset of computer #Rules only for group ftp # # Download 25 k/s # LogFile /var/log/sftp-server_ftp.log #Change logfile # ExpireDate "2007-02-28 18:31:01" # # # IsAdmin true #can admin the server # VirtualChroot false #you must disable chroot to have a full support of admin # StayAtHome true # IdleTimeOut 0 # # # SftpProtocol 3 #force protocol SFTP # DisableAccount true #disable account # #Rules only for group ftpnolimit # # Download 0 #0 = unlimited # IdleTimeOut 0 #no timeout # DirFakeUser false #show real user on file/directory # DirFakeGroup false #show real group on file/directory # DirFakeMode 0 #show real rights on file/directory # MaxReadFilesForUser 0 #0 = unlimited but still have the restriction MaxOpenFilesForUser # # # ByPassGlobalDownload true #bypass GlobalDownload restriction # ByPassGlobalUpload true #bypass GlobalUpload restriction # Download 0 # DisableAccount false #enable account # IdleTimeOut 0 #disable timeout # LimitConnectionByIP 0 #no limit # # # Shell /bin/tcsh #give a shell access to TRUSTED clients !!! # # # DirFakeUser false #show real user on file/directory # DirFakeGroup false #show real group on file/directory # DirFakeMode 0 #show real rights on file/directory # HideNoAccess false # IgnoreHidden false # #Include /etc/my_sftp_config_file #include this valid configuration file mysecureshell_2.0/config.h.in0000644000000000000000000002673312422711313015051 0ustar rootroot/* config.h.in. Generated from configure.in by autoheader. */ /* Define to 1 if the `closedir' function returns void instead of `int'. */ #undef CLOSEDIR_VOID /* Etcdir */ #undef CONFIG_FILE /* Etcdir */ #undef CONFIG_FILE2 /* Define to the type of elements in the array set by `getgroups'. Usually this is either `int' or `gid_t'. */ #undef GETGROUPS_T /* Define to 1 if you have the `acl' function. */ #undef HAVE_ACL /* Define to 1 if you have the `acl_get_perm_np' function. */ #undef HAVE_ACL_GET_PERM_NP /* Define to 1 if you have the `alarm' function. */ #undef HAVE_ALARM /* Define to 1 if you have the header file. */ #undef HAVE_ARPA_INET_H /* Define to 1 if you have the `atexit' function. */ #undef HAVE_ATEXIT /* Define to 1 if your system has a working `chown' function. */ #undef HAVE_CHOWN /* Define to 1 if you have the `closelog' function. */ #undef HAVE_CLOSELOG /* Define to 1 if you have the `connect' function. */ #undef HAVE_CONNECT /* HaveCygwin */ #undef HAVE_CYGWIN /* Define to 1 if you have the header file. */ #undef HAVE_CYGWIN_ACL_H /* Define to 1 if you have the header file. */ #undef HAVE_CYGWIN_SOCKET_H /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_DIRENT_H /* Define to 1 if you have the `dup2' function. */ #undef HAVE_DUP2 /* Define to 1 if you have the `endgrent' function. */ #undef HAVE_ENDGRENT /* Define to 1 if you have the `endpwent' function. */ #undef HAVE_ENDPWENT /* Define to 1 if you have the header file. */ #undef HAVE_FCNTL_H /* Define to 1 if you have the `fork' function. */ #undef HAVE_FORK /* Define to 1 if you have the `getgroups' function. */ #undef HAVE_GETGROUPS /* Define to 1 if you have the `gethostbyaddr' function. */ #undef HAVE_GETHOSTBYADDR /* Define to 1 if you have the `gethostbyname' function. */ #undef HAVE_GETHOSTBYNAME /* Define to 1 if you have the `gettimeofday' function. */ #undef HAVE_GETTIMEOFDAY /* Define to 1 if you have the `iconv' function. */ #undef HAVE_ICONV /* Define to 1 if you have the `iconv_close' function. */ #undef HAVE_ICONV_CLOSE /* Define to 1 if you have the `iconv_open' function. */ #undef HAVE_ICONV_OPEN /* Define to 1 if you have the `inet_ntoa' function. */ #undef HAVE_INET_NTOA /* Define to 1 if you have the header file. */ #undef HAVE_INTTYPES_H /* Define to 1 if you have the `acl' library (-lacl). */ #undef HAVE_LIBACL /* Define to 1 if you have the `gnutls' library (-lgnutls). */ #undef HAVE_LIBGNUTLS /* Define to 1 if you have the `iconv' library (-liconv). */ #undef HAVE_LIBICONV /* Define to 1 if you have the `nsl' library (-lnsl). */ #undef HAVE_LIBNSL /* Etcdir */ #undef HAVE_LINUX_EXT2_FS_H /* Colorlog */ #undef HAVE_LOG_IN_COLOR /* Define to 1 if `lstat' has the bug that it succeeds when given the zero-length file name argument. */ #undef HAVE_LSTAT_EMPTY_STRING_BUG /* Define to 1 if your system has a GNU libc compatible `malloc' function, and to 0 otherwise. */ #undef HAVE_MALLOC /* Define to 1 if you have the `memmove' function. */ #undef HAVE_MEMMOVE /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H /* Define to 1 if you have the `memset' function. */ #undef HAVE_MEMSET /* Define to 1 if you have the `mkdir' function. */ #undef HAVE_MKDIR /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_NDIR_H /* Define to 1 if you have the header file. */ #undef HAVE_NETDB_H /* Define to 1 if you have the header file. */ #undef HAVE_NETINET_IN_H /* Define to 1 if you have the `openlog' function. */ #undef HAVE_OPENLOG /* Define to 1 if your system has a GNU libc compatible `realloc' function, and to 0 otherwise. */ #undef HAVE_REALLOC /* Define to 1 if you have the `realpath' function. */ #undef HAVE_REALPATH /* Define to 1 if you have the `regcomp' function. */ #undef HAVE_REGCOMP /* Define to 1 if you have the `rmdir' function. */ #undef HAVE_RMDIR /* Define to 1 if you have the `select' function. */ #undef HAVE_SELECT /* Define to 1 if you have the `setenv' function. */ #undef HAVE_SETENV /* Define to 1 if you have the `statfs' function. */ #undef HAVE_STATFS /* Define to 1 if you have the `statvfs' function. */ #undef HAVE_STATVFS /* Define to 1 if `stat' has the bug that it succeeds when given the zero-length file name argument. */ #undef HAVE_STAT_EMPTY_STRING_BUG /* Define to 1 if you have the header file. */ #undef HAVE_STDINT_H /* Define to 1 if you have the header file. */ #undef HAVE_STDLIB_H /* Define to 1 if you have the `strcasecmp' function. */ #undef HAVE_STRCASECMP /* Define to 1 if you have the `strchr' function. */ #undef HAVE_STRCHR /* Define to 1 if you have the `strdup' function. */ #undef HAVE_STRDUP /* Define to 1 if you have the `strerror' function. */ #undef HAVE_STRERROR /* Define to 1 if you have the `strftime' function. */ #undef HAVE_STRFTIME /* Define to 1 if you have the header file. */ #undef HAVE_STRINGS_H /* Define to 1 if you have the header file. */ #undef HAVE_STRING_H /* Define to 1 if you have the `strlcat' function. */ #undef HAVE_STRLCAT /* Define to 1 if you have the `strlcpy' function. */ #undef HAVE_STRLCPY /* Define to 1 if you have the `strrchr' function. */ #undef HAVE_STRRCHR /* Define to 1 if you have the `strstr' function. */ #undef HAVE_STRSTR /* Define to 1 if you have the `syslog' function. */ #undef HAVE_SYSLOG /* Define to 1 if you have the header file. */ #undef HAVE_SYSLOG_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_ACL_H /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_SYS_DIR_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_IOCTL_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_MOUNT_H /* Define to 1 if you have the header file, and it defines `DIR'. */ #undef HAVE_SYS_NDIR_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_PARAM_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SELECT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SOCKET /* Define to 1 if you have the header file. */ #undef HAVE_SYS_SOCKET_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STATFS_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STATVFS_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_STAT_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TIME_H /* Define to 1 if you have the header file. */ #undef HAVE_SYS_TYPES_H /* Define to 1 if you have that is POSIX.1 compatible. */ #undef HAVE_SYS_WAIT_H /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H /* Define to 1 if the system has the type `u_int16_t'. */ #undef HAVE_U_INT16_T /* Define to 1 if the system has the type `u_int32_t'. */ #undef HAVE_U_INT32_T /* Define to 1 if the system has the type `u_int64_t'. */ #undef HAVE_U_INT64_T /* Define to 1 if the system has the type `u_int8_t'. */ #undef HAVE_U_INT8_T /* Define to 1 if you have the `vfork' function. */ #undef HAVE_VFORK /* Define to 1 if you have the header file. */ #undef HAVE_VFORK_H /* Define to 1 if you have the `vsyslog' function. */ #undef HAVE_VSYSLOG /* Define to 1 if `fork' works. */ #undef HAVE_WORKING_FORK /* Define to 1 if `vfork' works. */ #undef HAVE_WORKING_VFORK /* Define to 1 if `lstat' dereferences a symlink specified with a trailing slash. */ #undef LSTAT_FOLLOWS_SLASHED_SYMLINK /* DiskUsage */ #undef MSSEXT_DISKUSAGE /* DiskUsageSSH */ #undef MSSEXT_DISKUSAGE_SSH /* FileHashing */ #undef MSSEXT_FILE_HASHING /* ACL */ #undef MSS_ACL /* Admin */ #undef MSS_HAVE_ADMIN /* Logdir */ #undef MSS_LOG /* Sftpuserdir */ #undef MSS_SFTPUSER /* Sftpwhodir */ #undef MSS_SFTPWHO /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT /* Define to the full name of this package. */ #undef PACKAGE_NAME /* Define to the full name and version of this package. */ #undef PACKAGE_STRING /* Define to the one symbol short name of this package. */ #undef PACKAGE_TARNAME /* Define to the home page for this package. */ #undef PACKAGE_URL /* Define to the version of this package. */ #undef PACKAGE_VERSION /* Define as the return type of signal handlers (`int' or `void'). */ #undef RETSIGTYPE /* Define to the type of arg 1 for `select'. */ #undef SELECT_TYPE_ARG1 /* Define to the type of args 2, 3 and 4 for `select'. */ #undef SELECT_TYPE_ARG234 /* Define to the type of arg 5 for `select'. */ #undef SELECT_TYPE_ARG5 /* Etcdir */ #undef SHUTDOWN_FILE /* Define to 1 if the `S_IS*' macros in do not work properly. */ #undef STAT_MACROS_BROKEN /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS /* Define to 1 if you can safely include both and . */ #undef TIME_WITH_SYS_TIME /* Define to 1 if your declares `struct tm'. */ #undef TM_IN_SYS_TIME /* Enable extensions on AIX 3, Interix. */ #ifndef _ALL_SOURCE # undef _ALL_SOURCE #endif /* Enable GNU extensions on systems that have them. */ #ifndef _GNU_SOURCE # undef _GNU_SOURCE #endif /* Enable threading extensions on Solaris. */ #ifndef _POSIX_PTHREAD_SEMANTICS # undef _POSIX_PTHREAD_SEMANTICS #endif /* Enable extensions on HP NonStop. */ #ifndef _TANDEM_SOURCE # undef _TANDEM_SOURCE #endif /* Enable general extensions on Solaris. */ #ifndef __EXTENSIONS__ # undef __EXTENSIONS__ #endif /* Enable large inode numbers on Mac OS X 10.5. */ #ifndef _DARWIN_USE_64_BIT_INODE # define _DARWIN_USE_64_BIT_INODE 1 #endif /* Number of bits in a file offset, on hosts where this is settable. */ #undef _FILE_OFFSET_BITS /* Define for large files, on AIX-style hosts. */ #undef _LARGE_FILES /* Define to 1 if on MINIX. */ #undef _MINIX /* Define to 2 if the system does not provide POSIX.1 features except with this defined. */ #undef _POSIX_1_SOURCE /* Define to 1 if you need to in order for `stat' and other things to work. */ #undef _POSIX_SOURCE /* Define to empty if `const' does not conform to ANSI C. */ #undef const /* Define to `int' if doesn't define. */ #undef gid_t /* Define to `__inline__' or `__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */ #ifndef __cplusplus #undef inline #endif /* Define to the type of a signed integer type of width exactly 32 bits if such a type exists and the standard includes do not define it. */ #undef int32_t /* Define to rpl_malloc if the replacement function should be used. */ #undef malloc /* Define to `int' if does not define. */ #undef mode_t /* Define to `long int' if does not define. */ #undef off_t /* Define to `int' if does not define. */ #undef pid_t /* Define to rpl_realloc if the replacement function should be used. */ #undef realloc /* Define to `unsigned int' if does not define. */ #undef size_t /* Define to `int' if does not define. */ #undef ssize_t /* uint16 */ #undef u_int16_t /* uint32 */ #undef u_int32_t /* uint64 */ #undef u_int64_t /* uint8 */ #undef u_int8_t /* Define to `int' if doesn't define. */ #undef uid_t /* Define as `fork' if `vfork' does not work. */ #undef vfork