Attachment #3052 for bug #2778

View | Details | Raw Unified | Return to bug 2778
Collapse All | Expand All




			free(patterns);
			goto next_option;
		}
		cp = "denyopen=\"";
		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
			char *host, *p;
			int port;
			char *patterns = xmalloc(strlen(opts) + 1);

			opts += strlen(cp);
			i = 0;
			while (*opts) {
				if (*opts == '"')
					break;
				if (*opts == '\\' && opts[1] == '"') {
					opts += 2;
					patterns[i++] = '"';
					continue;
				}
				patterns[i++] = *opts++;
			}
			if (!*opts) {
				debug("%.100s, line %lu: missing end quote",
					  file, linenum);
				auth_debug_add("%.100s, line %lu: missing "
									   "end quote", file, linenum);
				free(patterns);
				goto bad_option;
			}
			patterns[i] = '\0';
			opts++;
			p = patterns;
			/* XXX - add streamlocal support */
			host = hpdelim(&p);
			if (host == NULL || strlen(host) >= NI_MAXHOST) {
				debug("%.100s, line %lu: Bad denyopen "
							  "specification <%.100s>", file, linenum,
					  patterns);
				auth_debug_add("%.100s, line %lu: "
									   "Bad denyopen specification", file,
							   linenum);
				free(patterns);
				goto bad_option;
			}
			host = cleanhostname(host);
			if (p == NULL || (port = permitopen_port(p)) < 0) {
				debug("%.100s, line %lu: Bad  port "
							  "<%.100s>", file, linenum, p ? p : "");
				auth_debug_add("%.100s, line %lu: "
									   "Bad permitopen port", file, linenum);
				free(patterns);
				goto bad_option;
			}
			if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
				channel_add_denied_opens(host, port);
			free(patterns);
			goto next_option;
		}
		cp = "tunnel=\"";
		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
			char *tun = NULL;

Lines 124-135 typedef struct { Link Here

(-)a/channels.c (+56 lines)
124	} ForwardPermission;	124	} ForwardPermission;
125		125
126	/* List of all permitted host/port pairs to connect by the user. */	126	/* List of all permitted host/port pairs to connect by the user. */
		127	static ForwardPermission *denied_opens = NULL;
		128
		129	/* List of all permitted host/port pairs to connect by the user. */
127	static ForwardPermission *permitted_opens = NULL;	130	static ForwardPermission *permitted_opens = NULL;
128		131
129	/* List of all permitted host/port pairs to connect by the admin. */	132	/* List of all permitted host/port pairs to connect by the admin. */
130	static ForwardPermission *permitted_adm_opens = NULL;	133	static ForwardPermission *permitted_adm_opens = NULL;
131		134
132	/* Number of permitted host/port pairs in the array permitted by the user. */	135	/* Number of permitted host/port pairs in the array permitted by the user. */
		136	static int num_denied_opens = 0;
		137
		138	/* Number of permitted host/port pairs in the array permitted by the user. */
133	static int num_permitted_opens = 0;	139	static int num_permitted_opens = 0;
134		140
135	/* Number of permitted host/port pair in the array permitted by the admin. */	141	/* Number of permitted host/port pair in the array permitted by the admin. */
Lines 3507-3512 channel_add_permitted_opens(char *host, int port) Link Here
3507	all_opens_permitted = 0;	3513	all_opens_permitted = 0;
3508	}	3514	}
3509		3515
		3516	int
		3517	channel_add_denied_opens(char *host, int port)
		3518	{
		3519	debug("deny port forwarding to host %s port %d", host, port);
		3520
		3521	denied_opens = xreallocarray(denied_opens,
		3522	num_denied_opens + 1, sizeof(*denied_opens));
		3523	denied_opens[num_denied_opens].host_to_connect = xstrdup(host);
		3524	denied_opens[num_denied_opens].port_to_connect = port;
		3525	denied_opens[num_denied_opens].listen_host = NULL;
		3526	denied_opens[num_denied_opens].listen_path = NULL;
		3527	denied_opens[num_denied_opens].listen_port = 0;
		3528	num_denied_opens++;
		3529
		3530	all_opens_permitted = 0;
		3531
		3532	return ++num_denied_opens;
		3533	}
		3534
3510	/*	3535	/*
3511	* Update the listen port for a dynamic remote forward, after	3536	* Update the listen port for a dynamic remote forward, after
3512	* the actual 'newport' has been allocated. If 'newport' < 0 is	3537	* the actual 'newport' has been allocated. If 'newport' < 0 is
Lines 3581-3586 channel_clear_permitted_opens(void) Link Here
3581	}	3606	}
3582		3607
3583	void	3608	void
		3609	channel_clear_denied_opens(void)
		3610	{
		3611	int i;
		3612
		3613	for (i = 0; i < num_denied_opens; i++) {
		3614	free(denied_opens[i].host_to_connect);
		3615	free(denied_opens[i].listen_host);
		3616	free(denied_opens[i].listen_path);
		3617	}
		3618	free(denied_opens);
		3619	denied_opens = NULL;
		3620	num_denied_opens = 0;
		3621	}
		3622
		3623	void
3584	channel_clear_adm_permitted_opens(void)	3624	channel_clear_adm_permitted_opens(void)
3585	{	3625	{
3586	int i;	3626	int i;
Lines 3815-3820 channel_connect_to_port(const char host, u_short port, char ctype, char *rname Link Here
3815	}	3855	}
3816	}	3856	}
3817		3857
		3858	if (permit) {
		3859	for (i = 0; i < num_denied_opens; i++)
		3860	if (open_match(&denied_opens[i], host, port)) {
		3861	permit = 0;
		3862	break;
		3863	}
		3864	}
		3865
3818	if (num_adm_permitted_opens > 0) {	3866	if (num_adm_permitted_opens > 0) {
3819	permit_adm = 0;	3867	permit_adm = 0;
3820	for (i = 0; i < num_adm_permitted_opens; i++)	3868	for (i = 0; i < num_adm_permitted_opens; i++)
Lines 3847-3852 channel_connect_to_path(const char path, char ctype, char *rname) Link Here
3847	}	3895	}
3848	}	3896	}
3849		3897
		3898	if (permit) {
		3899	for (i = 0; i < num_denied_opens; i++)
		3900	if (open_match(&denied_opens[i], path, PORT_STREAMLOCAL)) {
		3901	permit = 0;
		3902	break;
		3903	}
		3904	}
		3905
3850	if (num_adm_permitted_opens > 0) {	3906	if (num_adm_permitted_opens > 0) {
3851	permit_adm = 0;	3907	permit_adm = 0;
3852	for (i = 0; i < num_adm_permitted_opens; i++)	3908	for (i = 0; i < num_adm_permitted_opens; i++)




void	 channel_set_af(int af);
void     channel_permit_all_opens(void);
void	 channel_add_permitted_opens(char *, int);
int	 channel_add_denied_opens(char *, int);
int	 channel_add_adm_permitted_opens(char *, int);
void	 channel_disable_adm_local_opens(void);
void	 channel_update_permitted_opens(int, int);
void	 channel_clear_permitted_opens(void);
void 	 channel_clear_denied_opens(void);
void	 channel_clear_adm_permitted_opens(void);
void 	 channel_print_adm_permitted_opens(void);
int      channel_input_port_forward_request(int, struct ForwardOptions *);




#! /bin/sh
# Attempt to guess a canonical system name.
#   Copyright 1992-2014 Free Software Foundation, Inc.
#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
#   2011, 2012, 2013 Free Software Foundation, Inc.

timestamp='2014-03-23'

# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but

# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that
# program.  This Exception is an additional permission under section 7
# of the GNU General Public License, version 3 ("GPLv3").
# Originally written by Per Bothner.  Please send patches (context
# diff format) to <config-patches@gnu.org> and include a ChangeLog
# entry.
#
# Originally written by Per Bothner.
# config.sub.  If it succeeds, it prints the system name on stdout, and
# exits with 0.  Otherwise, it exits with 1.
#
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
#
# Please send patches with a ChangeLog entry to config-patches@gnu.org.


me=`echo "$0" | sed -e 's,.*/,,'`


GNU config.guess ($timestamp)

Originally written by Per Bothner.
Copyright 1992-2014 Free Software Foundation, Inc.
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011,
2012, 2013 Free Software Foundation, Inc.

This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."

UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown

case "${UNAME_SYSTEM}" in
Linux|GNU|GNU/*)
	# If the system lacks a compiler, then just pick glibc.
	# We could probably try harder.
	LIBC=gnu

	eval $set_cc_for_build
	cat <<-EOF > $dummy.c
	#include <features.h>
	#if defined(__UCLIBC__)
	LIBC=uclibc
	#elif defined(__dietlibc__)
	LIBC=dietlibc
	#else
	LIBC=gnu
	#endif
	EOF
	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
	;;
esac

# Note: order is significant - the case branches are not exclusive.

case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in

    *:MINGW*:*)
	echo ${UNAME_MACHINE}-pc-mingw32
	exit ;;
    *:MSYS*:*)
	echo ${UNAME_MACHINE}-pc-msys
	exit ;;
    i*:windows32*:*)

	exit ;;
    *:GNU:*:*)
	# the GNU system
	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
	exit ;;
    *:GNU/*:*:*)
	# other systems with GNU libc and userland
	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
	exit ;;
    i*86:Minix:*:*)
	echo ${UNAME_MACHINE}-pc-minix
	exit ;;
    aarch64:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    aarch64_be:Linux:*:*)
	UNAME_MACHINE=aarch64_be
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    alpha:Linux:*:*)
	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in

	  EV68*) UNAME_MACHINE=alphaev68 ;;
	esac
	objdump --private-headers /bin/sh | grep -q ld.so.1
	if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    arc:Linux:*:* | arceb:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    arm*:Linux:*:*)
	eval $set_cc_for_build
	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
	    | grep -q __ARM_EABI__
	then
	    echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	else
	    if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
		| grep -q __ARM_PCS_VFP
	    then
		echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
	    else
		echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf
	    fi
	fi
	exit ;;
    avr32*:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    cris:Linux:*:*)
	echo ${UNAME_MACHINE}-axis-linux-${LIBC}
	exit ;;
    crisv32:Linux:*:*)
	echo ${UNAME_MACHINE}-axis-linux-${LIBC}
	exit ;;
    frv:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    hexagon:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    i*86:Linux:*:*)
	echo ${UNAME_MACHINE}-pc-linux-${LIBC}
	eval $set_cc_for_build
	sed 's/^	//' << EOF >$dummy.c
	#ifdef __dietlibc__
	LIBC=dietlibc
	#endif
EOF
	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
	echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
	exit ;;
    ia64:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    m32r*:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    m68*:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    mips:Linux:*:* | mips64:Linux:*:*)
	eval $set_cc_for_build

	#endif
EOF
	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
	;;
    openrisc*:Linux:*:*)
	echo or1k-unknown-linux-${LIBC}
	exit ;;
    or32:Linux:*:* | or1k*:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    padre:Linux:*:*)
	echo sparc-unknown-linux-${LIBC}
	exit ;;
    parisc64:Linux:*:* | hppa64:Linux:*:*)
	echo hppa64-unknown-linux-${LIBC}
	exit ;;
    parisc:Linux:*:* | hppa:Linux:*:*)
	# Look for CPU level
	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
	  PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
	  PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
	  *)    echo hppa-unknown-linux-${LIBC} ;;
	esac
	exit ;;
    ppc64:Linux:*:*)
	echo powerpc64-unknown-linux-${LIBC}
	exit ;;
    ppc:Linux:*:*)
	echo powerpc-unknown-linux-${LIBC}
	exit ;;
    ppc64le:Linux:*:*)
	echo powerpc64le-unknown-linux-${LIBC}
	exit ;;
    ppcle:Linux:*:*)
	echo powerpcle-unknown-linux-${LIBC}
	exit ;;
    s390:Linux:*:* | s390x:Linux:*:*)
	echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
	exit ;;
    sh64*:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    sh*:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    sparc:Linux:*:* | sparc64:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    tile*:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    vax:Linux:*:*)
	echo ${UNAME_MACHINE}-dec-linux-${LIBC}
	exit ;;
    x86_64:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    xtensa*:Linux:*:*)
	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
	exit ;;
    i*86:DYNIX/ptx:4*:*)
	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.

	exit ;;
    *:Darwin:*:*)
	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
	eval $set_cc_for_build
	if test "$UNAME_PROCESSOR" = unknown ; then
	    UNAME_PROCESSOR=powerpc
	fi
	if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
	    if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
		if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
		    (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
		    grep IS_64BIT_ARCH >/dev/null
		then
		    case $UNAME_PROCESSOR in
			i386) UNAME_PROCESSOR=x86_64 ;;
			powerpc) UNAME_PROCESSOR=powerpc64 ;;
		    esac
		fi
	    fi
	elif test "$UNAME_PROCESSOR" = i386 ; then
	    # Avoid executing cc on OS X 10.9, as it ships with a stub
	    # that puts up a graphical alert prompting to install
	    # developer tools.  Any system running Mac OS X 10.7 or
	    # later (Darwin 11 and later) is required to have a 64-bit
	    # processor. This is not true of the ARM version of Darwin
	    # that Apple uses in portable devices.
	    UNAME_PROCESSOR=x86_64
	fi
	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
	exit ;;
    *:procnto*:*:* | *:QNX:[0123456789]*:*)

	exit ;;
esac

eval $set_cc_for_build
cat >$dummy.c <<EOF
#ifdef _SEQUENT_
# include <sys/types.h>
# include <sys/utsname.h>
#endif
main ()
{
#if defined (sony)
#if defined (MIPSEB)
  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
     I don't know....  */
  printf ("mips-sony-bsd\n"); exit (0);
#else
#include <sys/param.h>
  printf ("m68k-sony-newsos%s\n",
#ifdef NEWSOS4
	"4"
#else
	""
#endif
	); exit (0);
#endif
#endif

#if defined (__arm) && defined (__acorn) && defined (__unix)
  printf ("arm-acorn-riscix\n"); exit (0);
#endif

#if defined (hp300) && !defined (hpux)
  printf ("m68k-hp-bsd\n"); exit (0);
#endif

#if defined (NeXT)
#if !defined (__ARCHITECTURE__)
#define __ARCHITECTURE__ "m68k"
#endif
  int version;
  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
  if (version < 4)
    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
  else
    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
  exit (0);
#endif

#if defined (MULTIMAX) || defined (n16)
#if defined (UMAXV)
  printf ("ns32k-encore-sysv\n"); exit (0);
#else
#if defined (CMU)
  printf ("ns32k-encore-mach\n"); exit (0);
#else
  printf ("ns32k-encore-bsd\n"); exit (0);
#endif
#endif
#endif

#if defined (__386BSD__)
  printf ("i386-pc-bsd\n"); exit (0);
#endif

#if defined (sequent)
#if defined (i386)
  printf ("i386-sequent-dynix\n"); exit (0);
#endif
#if defined (ns32000)
  printf ("ns32k-sequent-dynix\n"); exit (0);
#endif
#endif

#if defined (_SEQUENT_)
    struct utsname un;

    uname(&un);

    if (strncmp(un.version, "V2", 2) == 0) {
	printf ("i386-sequent-ptx2\n"); exit (0);
    }
    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
	printf ("i386-sequent-ptx1\n"); exit (0);
    }
    printf ("i386-sequent-ptx\n"); exit (0);

#endif

#if defined (vax)
# if !defined (ultrix)
#  include <sys/param.h>
#  if defined (BSD)
#   if BSD == 43
      printf ("vax-dec-bsd4.3\n"); exit (0);
#   else
#    if BSD == 199006
      printf ("vax-dec-bsd4.3reno\n"); exit (0);
#    else
      printf ("vax-dec-bsd\n"); exit (0);
#    endif
#   endif
#  else
    printf ("vax-dec-bsd\n"); exit (0);
#  endif
# else
    printf ("vax-dec-ultrix\n"); exit (0);
# endif
#endif

#if defined (alliant) && defined (i860)
  printf ("i860-alliant-bsd\n"); exit (0);
#endif

  exit (1);
}
EOF

$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
	{ echo "$SYSTEM_NAME"; exit; }

# Apollos put the system type in the environment.

test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }

# Convex versions that predate uname can use getsysinfo(1)

if [ -x /usr/convex/getsysinfo ]
then
    case `getsysinfo -f cpu_type` in
    c1*)
	echo c1-convex-bsd
	exit ;;
    c2*)
	if getsysinfo -f scalar_acc
	then echo c32-convex-bsd
	else echo c2-convex-bsd
	fi
	exit ;;
    c34*)
	echo c34-convex-bsd
	exit ;;
    c38*)
	echo c38-convex-bsd
	exit ;;
    c4*)
	echo c4-convex-bsd
	exit ;;
    esac
fi

cat >&2 <<EOF
$0: unable to guess system type





/* config.h.in.  Generated from configure.ac by autoheader.  */

/* Define if building universal (internal helper macro) */
#undef AC_APPLE_UNIVERSAL_BUILD

/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
   */
#undef AIX_GETNAMEINFO_HACK

/* define if you have struct in6_addr data type */
#undef HAVE_STRUCT_IN6_ADDR

/* Define to 1 if `pw_change' is a member of `struct passwd'. */
#undef HAVE_STRUCT_PASSWD_PW_CHANGE

/* Define to 1 if `pw_class' is a member of `struct passwd'. */
#undef HAVE_STRUCT_PASSWD_PW_CLASS

/* Define to 1 if `pw_expire' is a member of `struct passwd'. */
#undef HAVE_STRUCT_PASSWD_PW_EXPIRE

/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */
#undef HAVE_STRUCT_PASSWD_PW_GECOS

/* define if you have struct sockaddr_in6 data type */
#undef HAVE_STRUCT_SOCKADDR_IN6

/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */
#undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID

/* define if you have struct sockaddr_storage data type */
#undef HAVE_STRUCT_SOCKADDR_STORAGE

/* Define to 1 if `st_blksize' is a member of `struct stat'. */
#undef HAVE_STRUCT_STAT_ST_BLKSIZE

/* Define to 1 if the system has the type `struct timespec'. */

/* Define if pututxline updates lastlog too */
#undef LASTLOG_WRITE_PUTUTXLINE

/* Define if you want TCP Wrappers support */
#undef LIBWRAP

/* Define to whatever link() returns for "not supported" if it doesn't return
   EOPNOTSUPP. */
#undef LINK_OPNOTSUPP_ERRNO

/* Define to the one symbol short name of this package. */
#undef PACKAGE_TARNAME

/* Define to the home page for this package. */
#undef PACKAGE_URL

/* Define to the version of this package. */
#undef PACKAGE_VERSION


/* Use btmp to log bad logins */
#undef USE_BTMP

/* Define if you want ConsoleKit support. */
#undef USE_CONSOLEKIT

/* Use libedit for sftp */
#undef USE_LIBEDIT


/* include SSH protocol version 1 support */
#undef WITH_SSH1

/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
   significant byte first (like Motorola and SPARC, unlike Intel). */
#if defined AC_APPLE_UNIVERSAL_BUILD
# if defined __BIG_ENDIAN__
#  define WORDS_BIGENDIAN 1
# endif
#else
# ifndef WORDS_BIGENDIAN
#  undef WORDS_BIGENDIAN
# endif
#endif

/* Define if xauth is found in your path */
#undef XAUTH_PATH

/* Enable large inode numbers on Mac OS X 10.5.  */
#ifndef _DARWIN_USE_64_BIT_INODE
# define _DARWIN_USE_64_BIT_INODE 1
#endif

/* Number of bits in a file offset, on hosts where this is settable. */
#undef _FILE_OFFSET_BITS





#! /bin/sh
# Configuration validation subroutine script.
#   Copyright 1992-2014 Free Software Foundation, Inc.
#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
#   2011, 2012, 2013 Free Software Foundation, Inc.

timestamp='2014-09-11'

# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
#
# This file is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.

# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that
# program.  This Exception is an additional permission under section 7
# of the GNU General Public License, version 3 ("GPLv3").


# Please send patches with a ChangeLog entry to config-patches@gnu.org.
# diff and a properly formatted GNU ChangeLog entry.
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.

version="\
GNU config.sub ($timestamp)

Copyright 1992-2014 Free Software Foundation, Inc.
2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011,
2012, 2013 Free Software Foundation, Inc.

This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."

	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
	| am33_2.0 \
	| arc | arceb \
	| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
	| avr | avr32 \
	| be32 | be64 \
	| bfin \
	| c4x | c8051 | clipper \
	| d10v | d30v | dlx | dsp16xx \
	| epiphany \
	| fido | fr30 | frv \

	| hexagon \
	| i370 | i860 | i960 | ia64 \
	| ip2k | iq2000 \
	| k1om \
	| le32 | le64 \
	| lm32 \
	| m32c | m32r | m32rle | m68000 | m68k | m88k \

	| mips64vr5900 | mips64vr5900el \
	| mipsisa32 | mipsisa32el \
	| mipsisa32r2 | mipsisa32r2el \
	| mipsisa32r6 | mipsisa32r6el \
	| mipsisa64 | mipsisa64el \
	| mipsisa64r2 | mipsisa64r2el \
	| mipsisa64r6 | mipsisa64r6el \
	| mipsisa64sb1 | mipsisa64sb1el \
	| mipsisa64sr71k | mipsisa64sr71kel \
	| mipsr5900 | mipsr5900el \
	| mipstx39 | mipstx39el \
	| mn10200 | mn10300 \
	| moxie \
	| mt \
	| msp430 \
	| nds32 | nds32le | nds32be \
	| nios | nios2 | nios2eb | nios2el \
	| ns16k | ns32k \
	| open8 | or1k | or1knd | or32 \
	| or32 \
	| pdp10 | pdp11 | pj | pjl \
	| powerpc | powerpc64 | powerpc64le | powerpcle \
	| pyramid \
	| riscv32 | riscv64 \
	| rl78 | rx \
	| score \
	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \

	c6x)
		basic_machine=tic6x-unknown
		;;
	m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip)
		basic_machine=$basic_machine-unknown
		os=-none
		;;

	| aarch64-* | aarch64_be-* \
	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
	| avr-* | avr32-* \
	| be32-* | be64-* \
	| bfin-* | bs2000-* \
	| c[123]* | c30-* | [cjt]90-* | c4x-* \
	| c8051-* | clipper-* | craynv-* | cydra-* \
	| d10v-* | d30v-* | dlx-* \
	| elxsi-* \
	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \

	| hexagon-* \
	| i*86-* | i860-* | i960-* | ia64-* \
	| ip2k-* | iq2000-* \
	| k1om-* \
	| le32-* | le64-* \
	| lm32-* \
	| m32c-* | m32r-* | m32rle-* \

	| mips64vr5900-* | mips64vr5900el-* \
	| mipsisa32-* | mipsisa32el-* \
	| mipsisa32r2-* | mipsisa32r2el-* \
	| mipsisa32r6-* | mipsisa32r6el-* \
	| mipsisa64-* | mipsisa64el-* \
	| mipsisa64r2-* | mipsisa64r2el-* \
	| mipsisa64r6-* | mipsisa64r6el-* \
	| mipsisa64sb1-* | mipsisa64sb1el-* \
	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
	| mipsr5900-* | mipsr5900el-* \
	| mipstx39-* | mipstx39el-* \
	| mmix-* \
	| mt-* \
	| msp430-* \
	| nds32-* | nds32le-* | nds32be-* \
	| nios-* | nios2-* | nios2eb-* | nios2el-* \
	| none-* | np1-* | ns16k-* | ns32k-* \
	| open8-* \
	| or1k*-* \
	| orion-* \
	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \

		os=-mingw64
		;;
	mingw32)
		basic_machine=i686-pc
		os=-mingw32
		;;
	mingw32ce)

		basic_machine=powerpc-unknown
		os=-morphos
		;;
	moxiebox)
		basic_machine=moxie-unknown
		os=-moxiebox
		;;
	msdos)
		basic_machine=i386-pc
		os=-msdos

		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
		;;
	msys)
		basic_machine=i686-pc
		os=-msys
		;;
	mvs)

	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
	      | -sym* | -kopensolaris* | -plan9* \
	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
	      | -aos* | -aros* \
	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \

	      | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
	      | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
	      | -linux-newlib* | -linux-musl* | -linux-uclibc* \
	      | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
	# Remember, each alternative MUST END IN *, to match a version number.
		;;
	-qnx*)

	-aros*)
		os=-aros
		;;
	-kaos*)
		os=-kaos
		;;
	-zvmoe)
		os=-zvmoe
		;;

	c4x-* | tic4x-*)
		os=-coff
		;;
	c8051-*)
		os=-elf
		;;
	hexagon-*)
		os=-elf
		;;




echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy
echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy


start_sshd

#set -x

	stop_client
done

cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
echo "DenyOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy

# Test Match + PermitOpen in sshd_config.  This should be permitted
for p in ${SSH_PROTOCOLS}; do
	trace "match denyopen localhost proto $p"
	start_client -F $OBJ/ssh_config
	${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
	    fail "match denyopen deny proto $p"
	stop_client
done

# Same but from different source.  This should not be permitted
for p in ${SSH_PROTOCOLS}; do
	trace "match permitopen proxy proto $p"

	    fail "nomatch override permitopen proto $p"
	stop_client
done

cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy
echo "Match User NoSuchUser" >>$OBJ/sshd_proxy
echo "DenyOpen 127.0.0.1:1 127.0.0.1:2 127.0.0.1:$PORT" >>$OBJ/sshd_proxy

# Test that a rule that doesn't match doesn't override, plus test a
# PermitOpen entry that's not at the start of the list
for p in ${SSH_PROTOCOLS}; do
	trace "nomatch permitopen proxy w/key opts proto $p"
	start_client -F $OBJ/ssh_proxy
	${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
	    fail "nomatch override permitopen proto $p"
	stop_client
done

cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
echo "DeniedOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy
echo "Match User NoSuchUser" >>$OBJ/sshd_proxy
echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy

# Test that a rule that doesn't match doesn't override, plus test a
# PermitOpen entry that's not at the start of the list
for p in ${SSH_PROTOCOLS}; do
	trace "nomatch permitopen proxy w/key opts proto $p"
	start_client -F $OBJ/ssh_proxy
	${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true || \
	    fail "nomatch override permitopen proto $p"
	stop_client
done




	options->num_accept_env = 0;
	options->permit_tun = -1;
	options->num_permitted_opens = -1;
	options->num_denied_opens = -1;
	options->adm_forced_command = NULL;
	options->chroot_directory = NULL;
	options->authorized_keys_command = NULL;

	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
	sAcceptEnv, sPermitTunnel,
	sMatch, sPermitOpen, sDenyOpen, sForceCommand, sChrootDirectory,
	sUsePrivilegeSeparation, sAllowAgentForwarding,
	sHostCertificate,
	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,

	{ "permituserrc", sPermitUserRC, SSHCFG_ALL },
	{ "match", sMatch, SSHCFG_ALL },
	{ "permitopen", sPermitOpen, SSHCFG_ALL },
	{ "denyopen", sDenyOpen, SSHCFG_ALL },
	{ "forcecommand", sForceCommand, SSHCFG_ALL },
	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },

		}
		break;

	case sDenyOpen:
		arg = strdelim(&cp);
		if (!arg || *arg == '\0')
			fatal("%s line %d: missing DenyOpen specification",
				  filename, linenum);
		n = options->num_denied_opens;	/* modified later */
		if (strcmp(arg, "any") == 0) {
			if (*activep && n == -1) {
				options->num_denied_opens = 0;
			}
			break;
		}
		if (strcmp(arg, "none") == 0) {
			if (*activep && n == -1) {
				options->num_denied_opens = 1;
			}
			break;
		}
        if (*activep && n == -1)
            channel_clear_denied_opens();
		for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
			p = hpdelim(&arg);
			if (p == NULL)
				fatal("%s line %d: missing host in DenyOpen",
					  filename, linenum);
			p = cleanhostname(p);
			if (arg == NULL || ((port = permitopen_port(arg)) < 0))
				fatal("%s line %d: bad port number in "
							  "DenyOpen", filename, linenum);
			if (*activep && n == -1)
				options->num_denied_opens =
						channel_add_denied_opens(p, port);
		}
		break;
	case sForceCommand:
		if (cp == NULL || *cp == '\0')
			fatal("%.200s line %d: Missing argument.", filename,

Lines 176-181 typedef struct { Link Here

(-)a/servconf.h (+1 lines)
176	int permit_tun;	176	int permit_tun;
177		177
178	int num_permitted_opens;	178	int num_permitted_opens;
		179	int num_denied_opens;
179		180
180	char *chroot_directory;	181	char *chroot_directory;
181	char *revoked_keys_file;	182	char *revoked_keys_file;





             See PATTERNS in ssh_config(5) for more information on patterns.

     DenyOpen
              Specifies the destinations to which TCP port forwarding is
              blocked.  The forwarding specification must be one of the
              following forms:

                    DenyOpen host:port
                    DenyOpen IPv4_addr:port
                    DenyOpen [IPv6_addr]:port

              Multiple destinations may be specified by separating them with
              whitespace.  An argument of M-bM-^@M-^\anyM-bM-^@M-^] can be used to remove all
              restrictions and permit any forwarding requests.  The
              wildcard M-bM-^@M-^\*M-bM-^@M-^] can be used for host or port to block all hosts or
              ports, respectively.  By default all port forwarding requests are
              permitted.

     DenyUsers
             This keyword can be followed by a list of user name patterns,
             separated by spaces.  Login is disallowed for user names that




See PATTERNS in
.Xr ssh_config 5
for more information on patterns.
.It Cm DenyOpen
Specifies the destinations to which TCP port forwarding is blocked.
The forwarding specification must be one of the following forms:
.Pp
.Bl -item -offset indent -compact
.It
.Cm DenyOpen
.Sm off
.Ar host : port
.Sm on
.It
.Cm DenyOpen
.Sm off
.Ar IPv4_addr : port
.Sm on
.It
.Cm DenyOpen
.Sm off
.Ar \&[ IPv6_addr \&] : port
.Sm on
.El
.Pp
Multiple destinations may be specified by separating them with whitespace.
An argument of
.Dq none
can be used to remove all restrictions and permit any forwarding requests.
The wildcard
.Dq *
can be used for host or port to allow all hosts or ports, respectively.
By default all port forwarding requests are permitted.
.It Cm DenyUsers
This keyword can be followed by a list of user name patterns, separated
by spaces.

.Cm Banner ,
.Cm ChrootDirectory ,
.Cm DenyGroups ,
.Cm DenyOpen ,
.Cm DenyUsers ,
.Cm ForceCommand ,
.Cm GatewayPorts ,
- 

Return to bug 2778

Lines 261-270 struct ForwardOptions; Link Here

(-)a/channels.h (+2 lines)
261	void channel_set_af(int af);	261	void channel_set_af(int af);
262	void channel_permit_all_opens(void);	262	void channel_permit_all_opens(void);
263	void channel_add_permitted_opens(char *, int);	263	void channel_add_permitted_opens(char *, int);
		264	int channel_add_denied_opens(char *, int);
264	int channel_add_adm_permitted_opens(char *, int);	265	int channel_add_adm_permitted_opens(char *, int);
265	void channel_disable_adm_local_opens(void);	266	void channel_disable_adm_local_opens(void);
266	void channel_update_permitted_opens(int, int);	267	void channel_update_permitted_opens(int, int);
267	void channel_clear_permitted_opens(void);	268	void channel_clear_permitted_opens(void);
		269	void channel_clear_denied_opens(void);
268	void channel_clear_adm_permitted_opens(void);	270	void channel_clear_adm_permitted_opens(void);
269	void channel_print_adm_permitted_opens(void);	271	void channel_print_adm_permitted_opens(void);
270	int channel_input_port_forward_request(int, struct ForwardOptions *);	272	int channel_input_port_forward_request(int, struct ForwardOptions *);

Lines 1-5 Link Here

(-)a/config.h.in (-9 / +34 lines)
1	/* config.h.in. Generated from configure.ac by autoheader. */	1	/* config.h.in. Generated from configure.ac by autoheader. */
2		2
		3	/* Define if building universal (internal helper macro) */
		4	#undef AC_APPLE_UNIVERSAL_BUILD
		5
3	/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address	6	/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
4	*/	7	*/
5	#undef AIX_GETNAMEINFO_HACK	8	#undef AIX_GETNAMEINFO_HACK
Lines 1130-1157 Link Here
1130	/* define if you have struct in6_addr data type */	1133	/* define if you have struct in6_addr data type */
1131	#undef HAVE_STRUCT_IN6_ADDR	1134	#undef HAVE_STRUCT_IN6_ADDR
1132		1135
1133	/* Define to 1 if `pw_change' is member of `struct passwd'. */	1136	/* Define to 1 if `pw_change' is a member of `struct passwd'. */
1134	#undef HAVE_STRUCT_PASSWD_PW_CHANGE	1137	#undef HAVE_STRUCT_PASSWD_PW_CHANGE
1135		1138
1136	/* Define to 1 if `pw_class' is member of `struct passwd'. */	1139	/* Define to 1 if `pw_class' is a member of `struct passwd'. */
1137	#undef HAVE_STRUCT_PASSWD_PW_CLASS	1140	#undef HAVE_STRUCT_PASSWD_PW_CLASS
1138		1141
1139	/* Define to 1 if `pw_expire' is member of `struct passwd'. */	1142	/* Define to 1 if `pw_expire' is a member of `struct passwd'. */
1140	#undef HAVE_STRUCT_PASSWD_PW_EXPIRE	1143	#undef HAVE_STRUCT_PASSWD_PW_EXPIRE
1141		1144
1142	/* Define to 1 if `pw_gecos' is member of `struct passwd'. */	1145	/* Define to 1 if `pw_gecos' is a member of `struct passwd'. */
1143	#undef HAVE_STRUCT_PASSWD_PW_GECOS	1146	#undef HAVE_STRUCT_PASSWD_PW_GECOS
1144		1147
1145	/* define if you have struct sockaddr_in6 data type */	1148	/* define if you have struct sockaddr_in6 data type */
1146	#undef HAVE_STRUCT_SOCKADDR_IN6	1149	#undef HAVE_STRUCT_SOCKADDR_IN6
1147		1150
1148	/* Define to 1 if `sin6_scope_id' is member of `struct sockaddr_in6'. */	1151	/* Define to 1 if `sin6_scope_id' is a member of `struct sockaddr_in6'. */
1149	#undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID	1152	#undef HAVE_STRUCT_SOCKADDR_IN6_SIN6_SCOPE_ID
1150		1153
1151	/* define if you have struct sockaddr_storage data type */	1154	/* define if you have struct sockaddr_storage data type */
1152	#undef HAVE_STRUCT_SOCKADDR_STORAGE	1155	#undef HAVE_STRUCT_SOCKADDR_STORAGE
1153		1156
1154	/* Define to 1 if `st_blksize' is member of `struct stat'. */	1157	/* Define to 1 if `st_blksize' is a member of `struct stat'. */
1155	#undef HAVE_STRUCT_STAT_ST_BLKSIZE	1158	#undef HAVE_STRUCT_STAT_ST_BLKSIZE
1156		1159
1157	/* Define to 1 if the system has the type `struct timespec'. */	1160	/* Define to 1 if the system has the type `struct timespec'. */
Lines 1433-1438 Link Here
1433	/* Define if pututxline updates lastlog too */	1436	/* Define if pututxline updates lastlog too */
1434	#undef LASTLOG_WRITE_PUTUTXLINE	1437	#undef LASTLOG_WRITE_PUTUTXLINE
1435		1438
		1439	/* Define if you want TCP Wrappers support */
		1440	#undef LIBWRAP
		1441
1436	/* Define to whatever link() returns for "not supported" if it doesn't return	1442	/* Define to whatever link() returns for "not supported" if it doesn't return
1437	EOPNOTSUPP. */	1443	EOPNOTSUPP. */
1438	#undef LINK_OPNOTSUPP_ERRNO	1444	#undef LINK_OPNOTSUPP_ERRNO
Lines 1525-1530 Link Here
1525	/* Define to the one symbol short name of this package. */	1531	/* Define to the one symbol short name of this package. */
1526	#undef PACKAGE_TARNAME	1532	#undef PACKAGE_TARNAME
1527		1533
		1534	/* Define to the home page for this package. */
		1535	#undef PACKAGE_URL
		1536
1528	/* Define to the version of this package. */	1537	/* Define to the version of this package. */
1529	#undef PACKAGE_VERSION	1538	#undef PACKAGE_VERSION
1530		1539
Lines 1668-1673 Link Here
1668	/* Use btmp to log bad logins */	1677	/* Use btmp to log bad logins */
1669	#undef USE_BTMP	1678	#undef USE_BTMP
1670		1679
		1680	/* Define if you want ConsoleKit support. */
		1681	#undef USE_CONSOLEKIT
		1682
1671	/* Use libedit for sftp */	1683	/* Use libedit for sftp */
1672	#undef USE_LIBEDIT	1684	#undef USE_LIBEDIT
1673		1685
Lines 1720-1732 Link Here
1720	/* include SSH protocol version 1 support */	1732	/* include SSH protocol version 1 support */
1721	#undef WITH_SSH1	1733	#undef WITH_SSH1
1722		1734
1723	/* Define to 1 if your processor stores words with the most significant byte	1735	/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
1724	first (like Motorola and SPARC, unlike Intel and VAX). */	1736	significant byte first (like Motorola and SPARC, unlike Intel). */
1725	#undef WORDS_BIGENDIAN	1737	#if defined AC_APPLE_UNIVERSAL_BUILD
		1738	# if defined __BIG_ENDIAN__
		1739	# define WORDS_BIGENDIAN 1
		1740	# endif
		1741	#else
		1742	# ifndef WORDS_BIGENDIAN
		1743	# undef WORDS_BIGENDIAN
		1744	# endif
		1745	#endif
1726		1746
1727	/* Define if xauth is found in your path */	1747	/* Define if xauth is found in your path */
1728	#undef XAUTH_PATH	1748	#undef XAUTH_PATH
1729		1749
		1750	/* Enable large inode numbers on Mac OS X 10.5. */
		1751	#ifndef _DARWIN_USE_64_BIT_INODE
		1752	# define _DARWIN_USE_64_BIT_INODE 1
		1753	#endif
		1754
1730	/* Number of bits in a file offset, on hosts where this is settable. */	1755	/* Number of bits in a file offset, on hosts where this is settable. */
1731	#undef _FILE_OFFSET_BITS	1756	#undef _FILE_OFFSET_BITS
1732		1757

Lines 156-161 initialize_server_options(ServerOptions *options) Link Here

(-)a/servconf.c (-1 / +37 lines)
156	options->num_accept_env = 0;	156	options->num_accept_env = 0;
157	options->permit_tun = -1;	157	options->permit_tun = -1;
158	options->num_permitted_opens = -1;	158	options->num_permitted_opens = -1;
		159	options->num_denied_opens = -1;
159	options->adm_forced_command = NULL;	160	options->adm_forced_command = NULL;
160	options->chroot_directory = NULL;	161	options->chroot_directory = NULL;
161	options->authorized_keys_command = NULL;	162	options->authorized_keys_command = NULL;
Lines 428-434 typedef enum { Link Here
428	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,	429	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
429	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,	430	sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor,
430	sAcceptEnv, sPermitTunnel,	431	sAcceptEnv, sPermitTunnel,
431	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,	432	sMatch, sPermitOpen, sDenyOpen, sForceCommand, sChrootDirectory,
432	sUsePrivilegeSeparation, sAllowAgentForwarding,	433	sUsePrivilegeSeparation, sAllowAgentForwarding,
433	sHostCertificate,	434	sHostCertificate,
434	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,	435	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
Lines 562-567 static struct { Link Here
562	{ "permituserrc", sPermitUserRC, SSHCFG_ALL },	563	{ "permituserrc", sPermitUserRC, SSHCFG_ALL },
563	{ "match", sMatch, SSHCFG_ALL },	564	{ "match", sMatch, SSHCFG_ALL },
564	{ "permitopen", sPermitOpen, SSHCFG_ALL },	565	{ "permitopen", sPermitOpen, SSHCFG_ALL },
		566	{ "denyopen", sDenyOpen, SSHCFG_ALL },
565	{ "forcecommand", sForceCommand, SSHCFG_ALL },	567	{ "forcecommand", sForceCommand, SSHCFG_ALL },
566	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },	568	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
567	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },	569	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
Lines 1696-1701 process_server_config_line(ServerOptions options, char line, Link Here
1696	}	1698	}
1697	break;	1699	break;
1698		1700
		1701	case sDenyOpen:
		1702	arg = strdelim(&cp);
		1703	if (!arg \|\| *arg == '\0')
		1704	fatal("%s line %d: missing DenyOpen specification",
		1705	filename, linenum);
		1706	n = options->num_denied_opens; /* modified later */
		1707	if (strcmp(arg, "any") == 0) {
		1708	if (*activep && n == -1) {
		1709	options->num_denied_opens = 0;
		1710	}
		1711	break;
		1712	}
		1713	if (strcmp(arg, "none") == 0) {
		1714	if (*activep && n == -1) {
		1715	options->num_denied_opens = 1;
		1716	}
		1717	break;
		1718	}
		1719	if (*activep && n == -1)
		1720	channel_clear_denied_opens();
		1721	for (; arg != NULL && *arg != '\0'; arg = strdelim(&cp)) {
		1722	p = hpdelim(&arg);
		1723	if (p == NULL)
		1724	fatal("%s line %d: missing host in DenyOpen",
		1725	filename, linenum);
		1726	p = cleanhostname(p);
		1727	if (arg == NULL \|\| ((port = permitopen_port(arg)) < 0))
		1728	fatal("%s line %d: bad port number in "
		1729	"DenyOpen", filename, linenum);
		1730	if (*activep && n == -1)
		1731	options->num_denied_opens =
		1732	channel_add_denied_opens(p, port);
		1733	}
		1734	break;
1699	case sForceCommand:	1735	case sForceCommand:
1700	if (cp == NULL \|\| *cp == '\0')	1736	if (cp == NULL \|\| *cp == '\0')
1701	fatal("%.200s line %d: Missing argument.", filename,	1737	fatal("%.200s line %d: Missing argument.", filename,

Lines 383-388 auth_parse_options(struct passwd pw, char opts, char *file, u_long linenum) Link Here

(-)a/auth-options.c (+55 lines)
383	free(patterns);	383	free(patterns);
384	goto next_option;	384	goto next_option;
385	}	385	}
		386	cp = "denyopen=\"";
		387	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
		388	char host, p;
		389	int port;
		390	char *patterns = xmalloc(strlen(opts) + 1);
		391
		392	opts += strlen(cp);
		393	i = 0;
		394	while (*opts) {
		395	if (*opts == '"')
		396	break;
		397	if (*opts == '\\' && opts[1] == '"') {
		398	opts += 2;
		399	patterns[i++] = '"';
		400	continue;
		401	}
		402	patterns[i++] = *opts++;
		403	}
		404	if (!*opts) {
		405	debug("%.100s, line %lu: missing end quote",
		406	file, linenum);
		407	auth_debug_add("%.100s, line %lu: missing "
		408	"end quote", file, linenum);
		409	free(patterns);
		410	goto bad_option;
		411	}
		412	patterns[i] = '\0';
		413	opts++;
		414	p = patterns;
		415	/* XXX - add streamlocal support */
		416	host = hpdelim(&p);
		417	if (host == NULL \|\| strlen(host) >= NI_MAXHOST) {
		418	debug("%.100s, line %lu: Bad denyopen "
		419	"specification <%.100s>", file, linenum,
		420	patterns);
		421	auth_debug_add("%.100s, line %lu: "
		422	"Bad denyopen specification", file,
		423	linenum);
		424	free(patterns);
		425	goto bad_option;
		426	}
		427	host = cleanhostname(host);
		428	if (p == NULL \|\| (port = permitopen_port(p)) < 0) {
		429	debug("%.100s, line %lu: Bad port "
		430	"<%.100s>", file, linenum, p ? p : "");
		431	auth_debug_add("%.100s, line %lu: "
		432	"Bad permitopen port", file, linenum);
		433	free(patterns);
		434	goto bad_option;
		435	}
		436	if ((options.allow_tcp_forwarding & FORWARD_LOCAL) != 0)
		437	channel_add_denied_opens(host, port);
		438	free(patterns);
		439	goto next_option;
		440	}
386	cp = "tunnel=\"";	441	cp = "tunnel=\"";
387	if (strncasecmp(opts, cp, strlen(cp)) == 0) {	442	if (strncasecmp(opts, cp, strlen(cp)) == 0) {
388	char *tun = NULL;	443	char *tun = NULL;

Lines 1-14 Link Here

(-)a/config.guess (-225 / +102 lines)
1	#! /bin/sh	1	#! /bin/sh
2	# Attempt to guess a canonical system name.	2	# Attempt to guess a canonical system name.
3	# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,	3	# Copyright 1992-2014 Free Software Foundation, Inc.
4	# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
5	# 2011, 2012, 2013 Free Software Foundation, Inc.
6		4
7	timestamp='2012-12-23'	5	timestamp='2014-03-23'
8		6
9	# This file is free software; you can redistribute it and/or modify it	7	# This file is free software; you can redistribute it and/or modify it
10	# under the terms of the GNU General Public License as published by	8	# under the terms of the GNU General Public License as published by
11	# the Free Software Foundation; either version 2 of the License, or	9	# the Free Software Foundation; either version 3 of the License, or
12	# (at your option) any later version.	10	# (at your option) any later version.
13	#	11	#
14	# This program is distributed in the hope that it will be useful, but	12	# This program is distributed in the hope that it will be useful, but
Lines 22-40 timestamp='2012-12-23' Link Here
22	# As a special exception to the GNU General Public License, if you	20	# As a special exception to the GNU General Public License, if you
23	# distribute this file as part of a program that contains a	21	# distribute this file as part of a program that contains a
24	# configuration script generated by Autoconf, you may include it under	22	# configuration script generated by Autoconf, you may include it under
25	# the same distribution terms that you use for the rest of that program.	23	# the same distribution terms that you use for the rest of that
26		24	# program. This Exception is an additional permission under section 7
27		25	# of the GNU General Public License, version 3 ("GPLv3").
28	# Originally written by Per Bothner. Please send patches (context
29	# diff format) to <config-patches@gnu.org> and include a ChangeLog
30	# entry.
31	#	26	#
32	# This script attempts to guess a canonical system name similar to	27	# Originally written by Per Bothner.
33	# config.sub. If it succeeds, it prints the system name on stdout, and
34	# exits with 0. Otherwise, it exits with 1.
35	#	28	#
36	# You can get the latest version of this script from:	29	# You can get the latest version of this script from:
37	# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD	30	# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
		31	#
		32	# Please send patches with a ChangeLog entry to config-patches@gnu.org.
		33
38		34
39	me=`echo "$0" \| sed -e 's,.*/,,'`	35	me=`echo "$0" \| sed -e 's,.*/,,'`
40		36
Lines 54-62 version="\ Link Here
54	GNU config.guess ($timestamp)	50	GNU config.guess ($timestamp)
55		51
56	Originally written by Per Bothner.	52	Originally written by Per Bothner.
57	Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,	53	Copyright 1992-2014 Free Software Foundation, Inc.
58	2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011,
59	2012, 2013 Free Software Foundation, Inc.
60		54
61	This is free software; see the source for copying conditions. There is NO	55	This is free software; see the source for copying conditions. There is NO
62	warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."	56	warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
Lines 138-143 UNAME_RELEASE=`(uname -r) 2>/dev/null` \|\| UNAME_RELEASE=unknown Link Here
138	UNAME_SYSTEM=`(uname -s) 2>/dev/null` \|\| UNAME_SYSTEM=unknown	132	UNAME_SYSTEM=`(uname -s) 2>/dev/null` \|\| UNAME_SYSTEM=unknown
139	UNAME_VERSION=`(uname -v) 2>/dev/null` \|\| UNAME_VERSION=unknown	133	UNAME_VERSION=`(uname -v) 2>/dev/null` \|\| UNAME_VERSION=unknown
140		134
		135	case "${UNAME_SYSTEM}" in
		136	Linux\|GNU\|GNU/*)
		137	# If the system lacks a compiler, then just pick glibc.
		138	# We could probably try harder.
		139	LIBC=gnu
		140
		141	eval $set_cc_for_build
		142	cat <<-EOF > $dummy.c
		143	#include <features.h>
		144	#if defined(__UCLIBC__)
		145	LIBC=uclibc
		146	#elif defined(__dietlibc__)
		147	LIBC=dietlibc
		148	#else
		149	LIBC=gnu
		150	#endif
		151	EOF
		152	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null \| grep '^LIBC' \| sed 's, ,,g'`
		153	;;
		154	esac
		155
141	# Note: order is significant - the case branches are not exclusive.	156	# Note: order is significant - the case branches are not exclusive.
142		157
143	case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in	158	case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
Lines 811-817 EOF Link Here
811	:MINGW:*)	826	:MINGW:*)
812	echo ${UNAME_MACHINE}-pc-mingw32	827	echo ${UNAME_MACHINE}-pc-mingw32
813	exit ;;	828	exit ;;
814	i:MSYS:*)	829	:MSYS:*)
815	echo ${UNAME_MACHINE}-pc-msys	830	echo ${UNAME_MACHINE}-pc-msys
816	exit ;;	831	exit ;;
817	i:windows32:*)	832	i:windows32:*)
Lines 859-879 EOF Link Here
859	exit ;;	874	exit ;;
860	:GNU::*)	875	:GNU::*)
861	# the GNU system	876	# the GNU system
862	echo `echo ${UNAME_MACHINE}\|sed -e 's,[-/].$,,'`-unknown-gnu`echo ${UNAME_RELEASE}\|sed -e 's,/.$,,'`	877	echo `echo ${UNAME_MACHINE}\|sed -e 's,[-/].$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}\|sed -e 's,/.$,,'`
863	exit ;;	878	exit ;;
864	:GNU/::)	879	:GNU/::)
865	# other systems with GNU libc and userland	880	# other systems with GNU libc and userland
866	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} \| sed 's,^[^/]/,,' \| tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}\|sed -e 's/[-(].//'`-gnu	881	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} \| sed 's,^[^/]/,,' \| tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}\|sed -e 's/[-(].//'`-${LIBC}
867	exit ;;	882	exit ;;
868	i86:Minix::*)	883	i86:Minix::*)
869	echo ${UNAME_MACHINE}-pc-minix	884	echo ${UNAME_MACHINE}-pc-minix
870	exit ;;	885	exit ;;
871	aarch64:Linux::)	886	aarch64:Linux::)
872	echo ${UNAME_MACHINE}-unknown-linux-gnu	887	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
873	exit ;;	888	exit ;;
874	aarch64_be:Linux::)	889	aarch64_be:Linux::)
875	UNAME_MACHINE=aarch64_be	890	UNAME_MACHINE=aarch64_be
876	echo ${UNAME_MACHINE}-unknown-linux-gnu	891	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
877	exit ;;	892	exit ;;
878	alpha:Linux::)	893	alpha:Linux::)
879	case `sed -n '/^cpu model/s/^.: \(.\)/\1/p' < /proc/cpuinfo` in	894	case `sed -n '/^cpu model/s/^.: \(.\)/\1/p' < /proc/cpuinfo` in
Lines 886-944 EOF Link Here
886	EV68*) UNAME_MACHINE=alphaev68 ;;	901	EV68*) UNAME_MACHINE=alphaev68 ;;
887	esac	902	esac
888	objdump --private-headers /bin/sh \| grep -q ld.so.1	903	objdump --private-headers /bin/sh \| grep -q ld.so.1
889	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi	904	if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
890	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}	905	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
		906	exit ;;
		907	arc:Linux:: \| arceb:Linux::)
		908	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
891	exit ;;	909	exit ;;
892	arm:Linux::*)	910	arm:Linux::*)
893	eval $set_cc_for_build	911	eval $set_cc_for_build
894	if echo __ARM_EABI__ \| $CC_FOR_BUILD -E - 2>/dev/null \	912	if echo __ARM_EABI__ \| $CC_FOR_BUILD -E - 2>/dev/null \
895	\| grep -q __ARM_EABI__	913	\| grep -q __ARM_EABI__
896	then	914	then
897	echo ${UNAME_MACHINE}-unknown-linux-gnu	915	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
898	else	916	else
899	if echo __ARM_PCS_VFP \| $CC_FOR_BUILD -E - 2>/dev/null \	917	if echo __ARM_PCS_VFP \| $CC_FOR_BUILD -E - 2>/dev/null \
900	\| grep -q __ARM_PCS_VFP	918	\| grep -q __ARM_PCS_VFP
901	then	919	then
902	echo ${UNAME_MACHINE}-unknown-linux-gnueabi	920	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
903	else	921	else
904	echo ${UNAME_MACHINE}-unknown-linux-gnueabihf	922	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf
905	fi	923	fi
906	fi	924	fi
907	exit ;;	925	exit ;;
908	avr32:Linux::*)	926	avr32:Linux::*)
909	echo ${UNAME_MACHINE}-unknown-linux-gnu	927	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
910	exit ;;	928	exit ;;
911	cris:Linux::)	929	cris:Linux::)
912	echo ${UNAME_MACHINE}-axis-linux-gnu	930	echo ${UNAME_MACHINE}-axis-linux-${LIBC}
913	exit ;;	931	exit ;;
914	crisv32:Linux::)	932	crisv32:Linux::)
915	echo ${UNAME_MACHINE}-axis-linux-gnu	933	echo ${UNAME_MACHINE}-axis-linux-${LIBC}
916	exit ;;	934	exit ;;
917	frv:Linux::)	935	frv:Linux::)
918	echo ${UNAME_MACHINE}-unknown-linux-gnu	936	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
919	exit ;;	937	exit ;;
920	hexagon:Linux::)	938	hexagon:Linux::)
921	echo ${UNAME_MACHINE}-unknown-linux-gnu	939	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
922	exit ;;	940	exit ;;
923	i86:Linux::*)	941	i86:Linux::*)
924	LIBC=gnu	942	echo ${UNAME_MACHINE}-pc-linux-${LIBC}
925	eval $set_cc_for_build
926	sed 's/^ //' << EOF >$dummy.c
927	#ifdef __dietlibc__
928	LIBC=dietlibc
929	#endif
930	EOF
931	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null \| grep '^LIBC'`
932	echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
933	exit ;;	943	exit ;;
934	ia64:Linux::)	944	ia64:Linux::)
935	echo ${UNAME_MACHINE}-unknown-linux-gnu	945	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
936	exit ;;	946	exit ;;
937	m32r:Linux::*)	947	m32r:Linux::*)
938	echo ${UNAME_MACHINE}-unknown-linux-gnu	948	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
939	exit ;;	949	exit ;;
940	m68:Linux::*)	950	m68:Linux::*)
941	echo ${UNAME_MACHINE}-unknown-linux-gnu	951	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
942	exit ;;	952	exit ;;
943	mips:Linux:: \| mips64:Linux::)	953	mips:Linux:: \| mips64:Linux::)
944	eval $set_cc_for_build	954	eval $set_cc_for_build
Lines 957-1016 EOF Link Here
957	#endif	967	#endif
958	EOF	968	EOF
959	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null \| grep '^CPU'`	969	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null \| grep '^CPU'`
960	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }	970	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
961	;;	971	;;
962	or32:Linux::)	972	openrisc:Linux::*)
963	echo ${UNAME_MACHINE}-unknown-linux-gnu	973	echo or1k-unknown-linux-${LIBC}
		974	exit ;;
		975	or32:Linux:: \| or1k:Linux::*)
		976	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
964	exit ;;	977	exit ;;
965	padre:Linux::)	978	padre:Linux::)
966	echo sparc-unknown-linux-gnu	979	echo sparc-unknown-linux-${LIBC}
967	exit ;;	980	exit ;;
968	parisc64:Linux:: \| hppa64:Linux::)	981	parisc64:Linux:: \| hppa64:Linux::)
969	echo hppa64-unknown-linux-gnu	982	echo hppa64-unknown-linux-${LIBC}
970	exit ;;	983	exit ;;
971	parisc:Linux:: \| hppa:Linux::)	984	parisc:Linux:: \| hppa:Linux::)
972	# Look for CPU level	985	# Look for CPU level
973	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null \| cut -d' ' -f2` in	986	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null \| cut -d' ' -f2` in
974	PA7*) echo hppa1.1-unknown-linux-gnu ;;	987	PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
975	PA8*) echo hppa2.0-unknown-linux-gnu ;;	988	PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
976	*) echo hppa-unknown-linux-gnu ;;	989	*) echo hppa-unknown-linux-${LIBC} ;;
977	esac	990	esac
978	exit ;;	991	exit ;;
979	ppc64:Linux::)	992	ppc64:Linux::)
980	echo powerpc64-unknown-linux-gnu	993	echo powerpc64-unknown-linux-${LIBC}
981	exit ;;	994	exit ;;
982	ppc:Linux::)	995	ppc:Linux::)
983	echo powerpc-unknown-linux-gnu	996	echo powerpc-unknown-linux-${LIBC}
984	exit ;;	997	exit ;;
985	ppc64le:Linux::)	998	ppc64le:Linux::)
986	echo powerpc64le-unknown-linux-gnu	999	echo powerpc64le-unknown-linux-${LIBC}
987	exit ;;	1000	exit ;;
988	ppcle:Linux::)	1001	ppcle:Linux::)
989	echo powerpcle-unknown-linux-gnu	1002	echo powerpcle-unknown-linux-${LIBC}
990	exit ;;	1003	exit ;;
991	s390:Linux:: \| s390x:Linux::)	1004	s390:Linux:: \| s390x:Linux::)
992	echo ${UNAME_MACHINE}-ibm-linux	1005	echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
993	exit ;;	1006	exit ;;
994	sh64:Linux::*)	1007	sh64:Linux::*)
995	echo ${UNAME_MACHINE}-unknown-linux-gnu	1008	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
996	exit ;;	1009	exit ;;
997	sh:Linux::*)	1010	sh:Linux::*)
998	echo ${UNAME_MACHINE}-unknown-linux-gnu	1011	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
999	exit ;;	1012	exit ;;
1000	sparc:Linux:: \| sparc64:Linux::)	1013	sparc:Linux:: \| sparc64:Linux::)
1001	echo ${UNAME_MACHINE}-unknown-linux-gnu	1014	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
1002	exit ;;	1015	exit ;;
1003	tile:Linux::*)	1016	tile:Linux::*)
1004	echo ${UNAME_MACHINE}-unknown-linux-gnu	1017	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
1005	exit ;;	1018	exit ;;
1006	vax:Linux::)	1019	vax:Linux::)
1007	echo ${UNAME_MACHINE}-dec-linux-gnu	1020	echo ${UNAME_MACHINE}-dec-linux-${LIBC}
1008	exit ;;	1021	exit ;;
1009	x86_64:Linux::)	1022	x86_64:Linux::)
1010	echo ${UNAME_MACHINE}-unknown-linux-gnu	1023	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
1011	exit ;;	1024	exit ;;
1012	xtensa:Linux::*)	1025	xtensa:Linux::*)
1013	echo ${UNAME_MACHINE}-unknown-linux-gnu	1026	echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
1014	exit ;;	1027	exit ;;
1015	i86:DYNIX/ptx:4:*)	1028	i86:DYNIX/ptx:4:*)
1016	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.	1029	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
Lines 1243-1261 EOF Link Here
1243	exit ;;	1256	exit ;;
1244	:Darwin::*)	1257	:Darwin::*)
1245	UNAME_PROCESSOR=`uname -p` \|\| UNAME_PROCESSOR=unknown	1258	UNAME_PROCESSOR=`uname -p` \|\| UNAME_PROCESSOR=unknown
1246	case $UNAME_PROCESSOR in	1259	eval $set_cc_for_build
1247	i386)	1260	if test "$UNAME_PROCESSOR" = unknown ; then
1248	eval $set_cc_for_build	1261	UNAME_PROCESSOR=powerpc
1249	if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then	1262	fi
1250	if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') \| \	1263	if test `echo "$UNAME_RELEASE" \| sed -e 's/\..*//'` -le 10 ; then
1251	(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) \| \	1264	if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
1252	grep IS_64BIT_ARCH >/dev/null	1265	if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') \| \
1253	then	1266	(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) \| \
1254	UNAME_PROCESSOR="x86_64"	1267	grep IS_64BIT_ARCH >/dev/null
1255	fi	1268	then
1256	fi ;;	1269	case $UNAME_PROCESSOR in
1257	unknown) UNAME_PROCESSOR=powerpc ;;	1270	i386) UNAME_PROCESSOR=x86_64 ;;
1258	esac	1271	powerpc) UNAME_PROCESSOR=powerpc64 ;;
		1272	esac
		1273	fi
		1274	fi
		1275	elif test "$UNAME_PROCESSOR" = i386 ; then
		1276	# Avoid executing cc on OS X 10.9, as it ships with a stub
		1277	# that puts up a graphical alert prompting to install
		1278	# developer tools. Any system running Mac OS X 10.7 or
		1279	# later (Darwin 11 and later) is required to have a 64-bit
		1280	# processor. This is not true of the ARM version of Darwin
		1281	# that Apple uses in portable devices.
		1282	UNAME_PROCESSOR=x86_64
		1283	fi
1259	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}	1284	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
1260	exit ;;	1285	exit ;;
1261	:procnto:: \| :QNX:[0123456789]:*)	1286	:procnto:: \| :QNX:[0123456789]:*)
Lines 1346-1499 EOF Link Here
1346	exit ;;	1371	exit ;;
1347	esac	1372	esac
1348		1373
1349	eval $set_cc_for_build
1350	cat >$dummy.c <<EOF
1351	#ifdef _SEQUENT_
1352	# include <sys/types.h>
1353	# include <sys/utsname.h>
1354	#endif
1355	main ()
1356	{
1357	#if defined (sony)
1358	#if defined (MIPSEB)
1359	/* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
1360	I don't know.... */
1361	printf ("mips-sony-bsd\n"); exit (0);
1362	#else
1363	#include <sys/param.h>
1364	printf ("m68k-sony-newsos%s\n",
1365	#ifdef NEWSOS4
1366	"4"
1367	#else
1368	""
1369	#endif
1370	); exit (0);
1371	#endif
1372	#endif
1373
1374	#if defined (__arm) && defined (__acorn) && defined (__unix)
1375	printf ("arm-acorn-riscix\n"); exit (0);
1376	#endif
1377
1378	#if defined (hp300) && !defined (hpux)
1379	printf ("m68k-hp-bsd\n"); exit (0);
1380	#endif
1381
1382	#if defined (NeXT)
1383	#if !defined (__ARCHITECTURE__)
1384	#define __ARCHITECTURE__ "m68k"
1385	#endif
1386	int version;
1387	version=`(hostinfo \| sed -n 's/.NeXT Mach \([0-9]\).*/\1/p') 2>/dev/null`;
1388	if (version < 4)
1389	printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
1390	else
1391	printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
1392	exit (0);
1393	#endif
1394
1395	#if defined (MULTIMAX) \|\| defined (n16)
1396	#if defined (UMAXV)
1397	printf ("ns32k-encore-sysv\n"); exit (0);
1398	#else
1399	#if defined (CMU)
1400	printf ("ns32k-encore-mach\n"); exit (0);
1401	#else
1402	printf ("ns32k-encore-bsd\n"); exit (0);
1403	#endif
1404	#endif
1405	#endif
1406
1407	#if defined (__386BSD__)
1408	printf ("i386-pc-bsd\n"); exit (0);
1409	#endif
1410
1411	#if defined (sequent)
1412	#if defined (i386)
1413	printf ("i386-sequent-dynix\n"); exit (0);
1414	#endif
1415	#if defined (ns32000)
1416	printf ("ns32k-sequent-dynix\n"); exit (0);
1417	#endif
1418	#endif
1419
1420	#if defined (_SEQUENT_)
1421	struct utsname un;
1422
1423	uname(&un);
1424
1425	if (strncmp(un.version, "V2", 2) == 0) {
1426	printf ("i386-sequent-ptx2\n"); exit (0);
1427	}
1428	if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
1429	printf ("i386-sequent-ptx1\n"); exit (0);
1430	}
1431	printf ("i386-sequent-ptx\n"); exit (0);
1432
1433	#endif
1434
1435	#if defined (vax)
1436	# if !defined (ultrix)
1437	# include <sys/param.h>
1438	# if defined (BSD)
1439	# if BSD == 43
1440	printf ("vax-dec-bsd4.3\n"); exit (0);
1441	# else
1442	# if BSD == 199006
1443	printf ("vax-dec-bsd4.3reno\n"); exit (0);
1444	# else
1445	printf ("vax-dec-bsd\n"); exit (0);
1446	# endif
1447	# endif
1448	# else
1449	printf ("vax-dec-bsd\n"); exit (0);
1450	# endif
1451	# else
1452	printf ("vax-dec-ultrix\n"); exit (0);
1453	# endif
1454	#endif
1455
1456	#if defined (alliant) && defined (i860)
1457	printf ("i860-alliant-bsd\n"); exit (0);
1458	#endif
1459
1460	exit (1);
1461	}
1462	EOF
1463
1464	$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
1465	{ echo "$SYSTEM_NAME"; exit; }
1466
1467	# Apollos put the system type in the environment.
1468
1469	test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
1470
1471	# Convex versions that predate uname can use getsysinfo(1)
1472
1473	if [ -x /usr/convex/getsysinfo ]
1474	then
1475	case `getsysinfo -f cpu_type` in
1476	c1*)
1477	echo c1-convex-bsd
1478	exit ;;
1479	c2*)
1480	if getsysinfo -f scalar_acc
1481	then echo c32-convex-bsd
1482	else echo c2-convex-bsd
1483	fi
1484	exit ;;
1485	c34*)
1486	echo c34-convex-bsd
1487	exit ;;
1488	c38*)
1489	echo c38-convex-bsd
1490	exit ;;
1491	c4*)
1492	echo c4-convex-bsd
1493	exit ;;
1494	esac
1495	fi
1496
1497	cat >&2 <<EOF	1374	cat >&2 <<EOF
1498	$0: unable to guess system type	1375	$0: unable to guess system type
1499		1376

Lines 1-24 Link Here

(-)a/config.sub (-38 / +44 lines)
1	#! /bin/sh	1	#! /bin/sh
2	# Configuration validation subroutine script.	2	# Configuration validation subroutine script.
3	# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,	3	# Copyright 1992-2014 Free Software Foundation, Inc.
4	# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
5	# 2011, 2012, 2013 Free Software Foundation, Inc.
6		4
7	timestamp='2012-12-23'	5	timestamp='2014-09-11'
8		6
9	# This file is (in principle) common to ALL GNU software.	7	# This file is free software; you can redistribute it and/or modify it
10	# The presence of a machine in this file suggests that SOME GNU software	8	# under the terms of the GNU General Public License as published by
11	# can handle that machine. It does not imply ALL GNU software can.	9	# the Free Software Foundation; either version 3 of the License, or
12	#
13	# This file is free software; you can redistribute it and/or modify
14	# it under the terms of the GNU General Public License as published by
15	# the Free Software Foundation; either version 2 of the License, or
16	# (at your option) any later version.	10	# (at your option) any later version.
17	#	11	#
18	# This program is distributed in the hope that it will be useful,	12	# This program is distributed in the hope that it will be useful, but
19	# but WITHOUT ANY WARRANTY; without even the implied warranty of	13	# WITHOUT ANY WARRANTY; without even the implied warranty of
20	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21	# GNU General Public License for more details.	15	# General Public License for more details.
22	#	16	#
23	# You should have received a copy of the GNU General Public License	17	# You should have received a copy of the GNU General Public License
24	# along with this program; if not, see <http://www.gnu.org/licenses/>.	18	# along with this program; if not, see <http://www.gnu.org/licenses/>.
Lines 26-36 timestamp='2012-12-23' Link Here
26	# As a special exception to the GNU General Public License, if you	20	# As a special exception to the GNU General Public License, if you
27	# distribute this file as part of a program that contains a	21	# distribute this file as part of a program that contains a
28	# configuration script generated by Autoconf, you may include it under	22	# configuration script generated by Autoconf, you may include it under
29	# the same distribution terms that you use for the rest of that program.	23	# the same distribution terms that you use for the rest of that
		24	# program. This Exception is an additional permission under section 7
		25	# of the GNU General Public License, version 3 ("GPLv3").
30		26
31		27
32	# Please send patches to <config-patches@gnu.org>. Submit a context	28	# Please send patches with a ChangeLog entry to config-patches@gnu.org.
33	# diff and a properly formatted GNU ChangeLog entry.
34	#	29	#
35	# Configuration subroutine to validate and canonicalize a configuration type.	30	# Configuration subroutine to validate and canonicalize a configuration type.
36	# Supply the specified configuration type as an argument.	31	# Supply the specified configuration type as an argument.
Lines 73-81 Report bugs and patches to <config-patches@gnu.org>." Link Here
73	version="\	68	version="\
74	GNU config.sub ($timestamp)	69	GNU config.sub ($timestamp)
75		70
76	Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,	71	Copyright 1992-2014 Free Software Foundation, Inc.
77	2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011,
78	2012, 2013 Free Software Foundation, Inc.
79		72
80	This is free software; see the source for copying conditions. There is NO	73	This is free software; see the source for copying conditions. There is NO
81	warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."	74	warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
Lines 259-270 case $basic_machine in Link Here
259	\| alpha \| alphaev[4-8] \| alphaev56 \| alphaev6[78] \| alphapca5[67] \	252	\| alpha \| alphaev[4-8] \| alphaev56 \| alphaev6[78] \| alphapca5[67] \
260	\| alpha64 \| alpha64ev[4-8] \| alpha64ev56 \| alpha64ev6[78] \| alpha64pca5[67] \	253	\| alpha64 \| alpha64ev[4-8] \| alpha64ev56 \| alpha64ev6[78] \| alpha64pca5[67] \
261	\| am33_2.0 \	254	\| am33_2.0 \
262	\| arc \	255	\| arc \| arceb \
263	\| arm \| arm[bl]e \| arme[lb] \| armv[2-8] \| armv[3-8][lb] \| armv7[arm] \	256	\| arm \| arm[bl]e \| arme[lb] \| armv[2-8] \| armv[3-8][lb] \| armv7[arm] \
264	\| avr \| avr32 \	257	\| avr \| avr32 \
265	\| be32 \| be64 \	258	\| be32 \| be64 \
266	\| bfin \	259	\| bfin \
267	\| c4x \| clipper \	260	\| c4x \| c8051 \| clipper \
268	\| d10v \| d30v \| dlx \| dsp16xx \	261	\| d10v \| d30v \| dlx \| dsp16xx \
269	\| epiphany \	262	\| epiphany \
270	\| fido \| fr30 \| frv \	263	\| fido \| fr30 \| frv \
Lines 272-277 case $basic_machine in Link Here
272	\| hexagon \	265	\| hexagon \
273	\| i370 \| i860 \| i960 \| ia64 \	266	\| i370 \| i860 \| i960 \| ia64 \
274	\| ip2k \| iq2000 \	267	\| ip2k \| iq2000 \
		268	\| k1om \
275	\| le32 \| le64 \	269	\| le32 \| le64 \
276	\| lm32 \	270	\| lm32 \
277	\| m32c \| m32r \| m32rle \| m68000 \| m68k \| m88k \	271	\| m32c \| m32r \| m32rle \| m68000 \| m68k \| m88k \
Lines 289-311 case $basic_machine in Link Here
289	\| mips64vr5900 \| mips64vr5900el \	283	\| mips64vr5900 \| mips64vr5900el \
290	\| mipsisa32 \| mipsisa32el \	284	\| mipsisa32 \| mipsisa32el \
291	\| mipsisa32r2 \| mipsisa32r2el \	285	\| mipsisa32r2 \| mipsisa32r2el \
		286	\| mipsisa32r6 \| mipsisa32r6el \
292	\| mipsisa64 \| mipsisa64el \	287	\| mipsisa64 \| mipsisa64el \
293	\| mipsisa64r2 \| mipsisa64r2el \	288	\| mipsisa64r2 \| mipsisa64r2el \
		289	\| mipsisa64r6 \| mipsisa64r6el \
294	\| mipsisa64sb1 \| mipsisa64sb1el \	290	\| mipsisa64sb1 \| mipsisa64sb1el \
295	\| mipsisa64sr71k \| mipsisa64sr71kel \	291	\| mipsisa64sr71k \| mipsisa64sr71kel \
		292	\| mipsr5900 \| mipsr5900el \
296	\| mipstx39 \| mipstx39el \	293	\| mipstx39 \| mipstx39el \
297	\| mn10200 \| mn10300 \	294	\| mn10200 \| mn10300 \
298	\| moxie \	295	\| moxie \
299	\| mt \	296	\| mt \
300	\| msp430 \	297	\| msp430 \
301	\| nds32 \| nds32le \| nds32be \	298	\| nds32 \| nds32le \| nds32be \
302	\| nios \| nios2 \	299	\| nios \| nios2 \| nios2eb \| nios2el \
303	\| ns16k \| ns32k \	300	\| ns16k \| ns32k \
304	\| open8 \	301	\| open8 \| or1k \| or1knd \| or32 \
305	\| or32 \
306	\| pdp10 \| pdp11 \| pj \| pjl \	302	\| pdp10 \| pdp11 \| pj \| pjl \
307	\| powerpc \| powerpc64 \| powerpc64le \| powerpcle \	303	\| powerpc \| powerpc64 \| powerpc64le \| powerpcle \
308	\| pyramid \	304	\| pyramid \
		305	\| riscv32 \| riscv64 \
309	\| rl78 \| rx \	306	\| rl78 \| rx \
310	\| score \	307	\| score \
311	\| sh \| sh[1234] \| sh[24]a \| sh[24]aeb \| sh[23]e \| sh[34]eb \| sheb \| shbe \| shle \| sh[1234]le \| sh3ele \	308	\| sh \| sh[1234] \| sh[24]a \| sh[24]aeb \| sh[23]e \| sh[34]eb \| sheb \| shbe \| shle \| sh[1234]le \| sh3ele \
Lines 330-336 case $basic_machine in Link Here
330	c6x)	327	c6x)
331	basic_machine=tic6x-unknown	328	basic_machine=tic6x-unknown
332	;;	329	;;
333	m6811 \| m68hc11 \| m6812 \| m68hc12 \| m68hcs12x \| picochip)	330	m6811 \| m68hc11 \| m6812 \| m68hc12 \| m68hcs12x \| nvptx \| picochip)
334	basic_machine=$basic_machine-unknown	331	basic_machine=$basic_machine-unknown
335	os=-none	332	os=-none
336	;;	333	;;
Lines 372-384 case $basic_machine in Link Here
372	\| aarch64-* \| aarch64_be-* \	369	\| aarch64-* \| aarch64_be-* \
373	\| alpha-* \| alphaev[4-8]-* \| alphaev56-* \| alphaev6[78]-* \	370	\| alpha-* \| alphaev[4-8]-* \| alphaev56-* \| alphaev6[78]-* \
374	\| alpha64-* \| alpha64ev[4-8]-* \| alpha64ev56-* \| alpha64ev6[78]-* \	371	\| alpha64-* \| alpha64ev[4-8]-* \| alpha64ev56-* \| alpha64ev6[78]-* \
375	\| alphapca5[67]-* \| alpha64pca5[67]-* \| arc-* \	372	\| alphapca5[67]-* \| alpha64pca5[67]-* \| arc-* \| arceb-* \
376	\| arm-* \| armbe-* \| armle-* \| armeb-* \| armv- \	373	\| arm-* \| armbe-* \| armle-* \| armeb-* \| armv- \
377	\| avr-* \| avr32-* \	374	\| avr-* \| avr32-* \
378	\| be32-* \| be64-* \	375	\| be32-* \| be64-* \
379	\| bfin-* \| bs2000-* \	376	\| bfin-* \| bs2000-* \
380	\| c[123]* \| c30-* \| [cjt]90-* \| c4x-* \	377	\| c[123]* \| c30-* \| [cjt]90-* \| c4x-* \
381	\| clipper-* \| craynv-* \| cydra-* \	378	\| c8051-* \| clipper-* \| craynv-* \| cydra-* \
382	\| d10v-* \| d30v-* \| dlx-* \	379	\| d10v-* \| d30v-* \| dlx-* \
383	\| elxsi-* \	380	\| elxsi-* \
384	\| f30[01]-* \| f700-* \| fido-* \| fr30-* \| frv-* \| fx80-* \	381	\| f30[01]-* \| f700-* \| fido-* \| fr30-* \| frv-* \| fx80-* \
Lines 387-392 case $basic_machine in Link Here
387	\| hexagon-* \	384	\| hexagon-* \
388	\| i86- \| i860-* \| i960-* \| ia64-* \	385	\| i86- \| i860-* \| i960-* \| ia64-* \
389	\| ip2k-* \| iq2000-* \	386	\| ip2k-* \| iq2000-* \
		387	\| k1om-* \
390	\| le32-* \| le64-* \	388	\| le32-* \| le64-* \
391	\| lm32-* \	389	\| lm32-* \
392	\| m32c-* \| m32r-* \| m32rle-* \	390	\| m32c-* \| m32r-* \| m32rle-* \
Lines 406-423 case $basic_machine in Link Here
406	\| mips64vr5900-* \| mips64vr5900el-* \	404	\| mips64vr5900-* \| mips64vr5900el-* \
407	\| mipsisa32-* \| mipsisa32el-* \	405	\| mipsisa32-* \| mipsisa32el-* \
408	\| mipsisa32r2-* \| mipsisa32r2el-* \	406	\| mipsisa32r2-* \| mipsisa32r2el-* \
		407	\| mipsisa32r6-* \| mipsisa32r6el-* \
409	\| mipsisa64-* \| mipsisa64el-* \	408	\| mipsisa64-* \| mipsisa64el-* \
410	\| mipsisa64r2-* \| mipsisa64r2el-* \	409	\| mipsisa64r2-* \| mipsisa64r2el-* \
		410	\| mipsisa64r6-* \| mipsisa64r6el-* \
411	\| mipsisa64sb1-* \| mipsisa64sb1el-* \	411	\| mipsisa64sb1-* \| mipsisa64sb1el-* \
412	\| mipsisa64sr71k-* \| mipsisa64sr71kel-* \	412	\| mipsisa64sr71k-* \| mipsisa64sr71kel-* \
		413	\| mipsr5900-* \| mipsr5900el-* \
413	\| mipstx39-* \| mipstx39el-* \	414	\| mipstx39-* \| mipstx39el-* \
414	\| mmix-* \	415	\| mmix-* \
415	\| mt-* \	416	\| mt-* \
416	\| msp430-* \	417	\| msp430-* \
417	\| nds32-* \| nds32le-* \| nds32be-* \	418	\| nds32-* \| nds32le-* \| nds32be-* \
418	\| nios-* \| nios2-* \	419	\| nios-* \| nios2-* \| nios2eb-* \| nios2el-* \
419	\| none-* \| np1-* \| ns16k-* \| ns32k-* \	420	\| none-* \| np1-* \| ns16k-* \| ns32k-* \
420	\| open8-* \	421	\| open8-* \
		422	\| or1k- \
421	\| orion-* \	423	\| orion-* \
422	\| pdp10-* \| pdp11-* \| pj-* \| pjl-* \| pn-* \| power-* \	424	\| pdp10-* \| pdp11-* \| pj-* \| pjl-* \| pn-* \| power-* \
423	\| powerpc-* \| powerpc64-* \| powerpc64le-* \| powerpcle-* \	425	\| powerpc-* \| powerpc64-* \| powerpc64le-* \| powerpcle-* \
Lines 799-805 case $basic_machine in Link Here
799	os=-mingw64	801	os=-mingw64
800	;;	802	;;
801	mingw32)	803	mingw32)
802	basic_machine=i386-pc	804	basic_machine=i686-pc
803	os=-mingw32	805	os=-mingw32
804	;;	806	;;
805	mingw32ce)	807	mingw32ce)
Lines 827-832 case $basic_machine in Link Here
827	basic_machine=powerpc-unknown	829	basic_machine=powerpc-unknown
828	os=-morphos	830	os=-morphos
829	;;	831	;;
		832	moxiebox)
		833	basic_machine=moxie-unknown
		834	os=-moxiebox
		835	;;
830	msdos)	836	msdos)
831	basic_machine=i386-pc	837	basic_machine=i386-pc
832	os=-msdos	838	os=-msdos
Lines 835-841 case $basic_machine in Link Here
835	basic_machine=`echo $basic_machine \| sed -e 's/ms1-/mt-/'`	841	basic_machine=`echo $basic_machine \| sed -e 's/ms1-/mt-/'`
836	;;	842	;;
837	msys)	843	msys)
838	basic_machine=i386-pc	844	basic_machine=i686-pc
839	os=-msys	845	os=-msys
840	;;	846	;;
841	mvs)	847	mvs)
Lines 1357-1363 case $os in Link Here
1357	-gnu* \| -bsd* \| -mach* \| -minix* \| -genix* \| -ultrix* \| -irix* \	1363	-gnu* \| -bsd* \| -mach* \| -minix* \| -genix* \| -ultrix* \| -irix* \
1358	\| -vms \| -sco* \| -esix* \| -isc* \| -aix* \| -cnk* \| -sunos \| -sunos[34]*\	1364	\| -vms \| -sco* \| -esix* \| -isc* \| -aix* \| -cnk* \| -sunos \| -sunos[34]*\
1359	\| -hpux* \| -unos* \| -osf* \| -luna* \| -dgux* \| -auroraux* \| -solaris* \	1365	\| -hpux* \| -unos* \| -osf* \| -luna* \| -dgux* \| -auroraux* \| -solaris* \
1360	\| -sym* \| -kopensolaris* \	1366	\| -sym* \| -kopensolaris* \| -plan9* \
1361	\| -amigaos* \| -amigados* \| -msdos* \| -newsos* \| -unicos* \| -aof* \	1367	\| -amigaos* \| -amigados* \| -msdos* \| -newsos* \| -unicos* \| -aof* \
1362	\| -aos* \| -aros* \	1368	\| -aos* \| -aros* \
1363	\| -nindy* \| -vxsim* \| -vxworks* \| -ebmon* \| -hms* \| -mvs* \	1369	\| -nindy* \| -vxsim* \| -vxworks* \| -ebmon* \| -hms* \| -mvs* \
Lines 1372-1385 case $os in Link Here
1372	\| -cygwin* \| -msys* \| -pe* \| -psos* \| -moss* \| -proelf* \| -rtems* \	1378	\| -cygwin* \| -msys* \| -pe* \| -psos* \| -moss* \| -proelf* \| -rtems* \
1373	\| -mingw32* \| -mingw64* \| -linux-gnu* \| -linux-android* \	1379	\| -mingw32* \| -mingw64* \| -linux-gnu* \| -linux-android* \
1374	\| -linux-newlib* \| -linux-musl* \| -linux-uclibc* \	1380	\| -linux-newlib* \| -linux-musl* \| -linux-uclibc* \
1375	\| -uxpv* \| -beos* \| -mpeix* \| -udk* \	1381	\| -uxpv* \| -beos* \| -mpeix* \| -udk* \| -moxiebox* \
1376	\| -interix* \| -uwin* \| -mks* \| -rhapsody* \| -darwin* \| -opened* \	1382	\| -interix* \| -uwin* \| -mks* \| -rhapsody* \| -darwin* \| -opened* \
1377	\| -openstep* \| -oskit* \| -conix* \| -pw32* \| -nonstopux* \	1383	\| -openstep* \| -oskit* \| -conix* \| -pw32* \| -nonstopux* \
1378	\| -storm-chaos* \| -tops10* \| -tenex* \| -tops20* \| -its* \	1384	\| -storm-chaos* \| -tops10* \| -tenex* \| -tops20* \| -its* \
1379	\| -os2* \| -vos* \| -palmos* \| -uclinux* \| -nucleus* \	1385	\| -os2* \| -vos* \| -palmos* \| -uclinux* \| -nucleus* \
1380	\| -morphos* \| -superux* \| -rtmk* \| -rtmk-nova* \| -windiss* \	1386	\| -morphos* \| -superux* \| -rtmk* \| -rtmk-nova* \| -windiss* \
1381	\| -powermax* \| -dnix* \| -nx6 \| -nx7 \| -sei* \| -dragonfly* \	1387	\| -powermax* \| -dnix* \| -nx6 \| -nx7 \| -sei* \| -dragonfly* \
1382	\| -skyos* \| -haiku* \| -rdos* \| -toppers* \| -drops* \| -es*)	1388	\| -skyos* \| -haiku* \| -rdos* \| -toppers* \| -drops* \| -es* \| -tirtos*)
1383	# Remember, each alternative MUST END IN *, to match a version number.	1389	# Remember, each alternative MUST END IN *, to match a version number.
1384	;;	1390	;;
1385	-qnx*)	1391	-qnx*)
Lines 1503-1511 case $os in Link Here
1503	-aros*)	1509	-aros*)
1504	os=-aros	1510	os=-aros
1505	;;	1511	;;
1506	-kaos*)
1507	os=-kaos
1508	;;
1509	-zvmoe)	1512	-zvmoe)
1510	os=-zvmoe	1513	os=-zvmoe
1511	;;	1514	;;
Lines 1554-1559 case $basic_machine in Link Here
1554	c4x-* \| tic4x-*)	1557	c4x-* \| tic4x-*)
1555	os=-coff	1558	os=-coff
1556	;;	1559	;;
		1560	c8051-*)
		1561	os=-elf
		1562	;;
1557	hexagon-*)	1563	hexagon-*)
1558	os=-elf	1564	os=-elf
1559	;;	1565	;;

Lines 51-56 echo "AuthorizedKeysFile /dev/null $OBJ/authorized_keys_%u" >>$OBJ/sshd_proxy Link Here

(-)a/regress/cfgmatch.sh (+43 lines)
51	echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy	51	echo "Match Address 127.0.0.1" >>$OBJ/sshd_proxy
52	echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy	52	echo "PermitOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy
53		53
		54
54	start_sshd	55	start_sshd
55		56
56	#set -x	57	#set -x
Lines 64-69 for p in ${SSH_PROTOCOLS}; do Link Here
64	stop_client	65	stop_client
65	done	66	done
66		67
		68	cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
		69	echo "DenyOpen 127.0.0.1:$PORT" >>$OBJ/sshd_proxy
		70
		71	# Test Match + PermitOpen in sshd_config. This should be permitted
		72	for p in ${SSH_PROTOCOLS}; do
		73	trace "match denyopen localhost proto $p"
		74	start_client -F $OBJ/ssh_config
		75	${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true \|\| \
		76	fail "match denyopen deny proto $p"
		77	stop_client
		78	done
		79
67	# Same but from different source. This should not be permitted	80	# Same but from different source. This should not be permitted
68	for p in ${SSH_PROTOCOLS}; do	81	for p in ${SSH_PROTOCOLS}; do
69	trace "match permitopen proxy proto $p"	82	trace "match permitopen proxy proto $p"
Lines 125-127 for p in ${SSH_PROTOCOLS}; do Link Here
125	fail "nomatch override permitopen proto $p"	138	fail "nomatch override permitopen proto $p"
126	stop_client	139	stop_client
127	done	140	done
		141
		142	cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
		143	echo "PermitOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy
		144	echo "Match User NoSuchUser" >>$OBJ/sshd_proxy
		145	echo "DenyOpen 127.0.0.1:1 127.0.0.1:2 127.0.0.1:$PORT" >>$OBJ/sshd_proxy
		146
		147	# Test that a rule that doesn't match doesn't override, plus test a
		148	# PermitOpen entry that's not at the start of the list
		149	for p in ${SSH_PROTOCOLS}; do
		150	trace "nomatch permitopen proxy w/key opts proto $p"
		151	start_client -F $OBJ/ssh_proxy
		152	${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true \|\| \
		153	fail "nomatch override permitopen proto $p"
		154	stop_client
		155	done
		156
		157	cp $OBJ/sshd_proxy_bak $OBJ/sshd_proxy
		158	echo "DeniedOpen 127.0.0.1:1 127.0.0.1:$PORT 127.0.0.2:2" >>$OBJ/sshd_proxy
		159	echo "Match User NoSuchUser" >>$OBJ/sshd_proxy
		160	echo "PermitOpen 127.0.0.1:1 127.0.0.1:2" >>$OBJ/sshd_proxy
		161
		162	# Test that a rule that doesn't match doesn't override, plus test a
		163	# PermitOpen entry that's not at the start of the list
		164	for p in ${SSH_PROTOCOLS}; do
		165	trace "nomatch permitopen proxy w/key opts proto $p"
		166	start_client -F $OBJ/ssh_proxy
		167	${SSH} -q -$p -p $fwdport -F $OBJ/ssh_config somehost true \|\| \
		168	fail "nomatch override permitopen proto $p"
		169	stop_client
		170	done

Lines 337-342 DESCRIPTION Link Here

(-)a/sshd_config.0 (+16 lines)
337		337
338	See PATTERNS in ssh_config(5) for more information on patterns.	338	See PATTERNS in ssh_config(5) for more information on patterns.
339		339
		340	DenyOpen
		341	Specifies the destinations to which TCP port forwarding is
		342	blocked. The forwarding specification must be one of the
		343	following forms:
		344
		345	DenyOpen host:port
		346	DenyOpen IPv4_addr:port
		347	DenyOpen [IPv6_addr]:port
		348
		349	Multiple destinations may be specified by separating them with
		350	whitespace. An argument of M-bM-^@M-^\anyM-bM-^@M-^] can be used to remove all
		351	restrictions and permit any forwarding requests. The
		352	wildcard M-bM-^@M-^\*M-bM-^@M-^] can be used for host or port to block all hosts or
		353	ports, respectively. By default all port forwarding requests are
		354	permitted.
		355
340	DenyUsers	356	DenyUsers
341	This keyword can be followed by a list of user name patterns,	357	This keyword can be followed by a list of user name patterns,
342	separated by spaces. Login is disallowed for user names that	358	separated by spaces. Login is disallowed for user names that

Lines 558-563 and finally Link Here

(-)a/sshd_config.5 (-1 / +31 lines)
558	See PATTERNS in	558	See PATTERNS in
559	.Xr ssh_config 5	559	.Xr ssh_config 5
560	for more information on patterns.	560	for more information on patterns.
		561	.It Cm DenyOpen
		562	Specifies the destinations to which TCP port forwarding is blocked.
		563	The forwarding specification must be one of the following forms:
		564	.Pp
		565	.Bl -item -offset indent -compact
		566	.It
		567	.Cm DenyOpen
		568	.Sm off
		569	.Ar host : port
		570	.Sm on
		571	.It
		572	.Cm DenyOpen
		573	.Sm off
		574	.Ar IPv4_addr : port
		575	.Sm on
		576	.It
		577	.Cm DenyOpen
		578	.Sm off
		579	.Ar \&[ IPv6_addr \&] : port
		580	.Sm on
		581	.El
		582	.Pp
		583	Multiple destinations may be specified by separating them with whitespace.
		584	An argument of
		585	.Dq none
		586	can be used to remove all restrictions and permit any forwarding requests.
		587	The wildcard
		588	.Dq *
		589	can be used for host or port to allow all hosts or ports, respectively.
		590	By default all port forwarding requests are permitted.
561	.It Cm DenyUsers	591	.It Cm DenyUsers
562	This keyword can be followed by a list of user name patterns, separated	592	This keyword can be followed by a list of user name patterns, separated
563	by spaces.	593	by spaces.
Lines 1104-1109 Available keywords are Link Here
1104	.Cm Banner ,	1134	.Cm Banner ,
1105	.Cm ChrootDirectory ,	1135	.Cm ChrootDirectory ,
1106	.Cm DenyGroups ,	1136	.Cm DenyGroups ,
		1137	.Cm DenyOpen ,
1107	.Cm DenyUsers ,	1138	.Cm DenyUsers ,
1108	.Cm ForceCommand ,	1139	.Cm ForceCommand ,
1109	.Cm GatewayPorts ,	1140	.Cm GatewayPorts ,
1110	-