From: Tatu Ylonen <ylo@ssh.fi>
To: ssh@clinet.fi,ssh-announce@clinet.fi
Cc: f-ssh-support@datafellows.com
Subject: Security problem on Alpha OSF/1 running C2 with SSH-1.2.13
FCC: /u/ylo/OUTGOING
Organization: SSH Communications Security Oy
--text follows this line--
There is a serious security problem with SSH-1.2.13 on Alpha OSF/1 3.x
running in C2 security mode.  The problem does not appear to be
present in other operating systems, and even on OSF/1 you are only
affected if you run C2 security.

OSF/1 has a "login uid" in addition to the real, effective, and saved
uids.  The login uid needs to be set, or otherwise serious security
problems result in C2 mode.  SSH-1.2.13 does not set the "login uid".

One symptom of this is that "su" does not work; it gives 
  myhost% su
  su: may not be called from rc script

If you get this, you are also suffering from another problem related
to the login uid that allows any local user to become root.

This problem was in fact fixed in the working sources in February, but
I wasn't aware at that time that it also has serious security
implications.

If you run SSH on OSF/1 with C2 security enabled, please install the
following patch as soon as possible.  The patch is against ssh-1.2.13.
Note that you need to reconfigure.  Also note that you will need to
kill all existing sshd processes (or reboot) before the new version
will be in use by all users.

The real fix is very simple (just added call to setluid).  Most of
the diff is caused by "autoconf" version changing, which caused a lot
of differences in the generated configure file.

The diff is below.  I've also put it available in
ftp.cs.hut.fi:/pub/ssh/ssh-osf1-c2-setluid-patch (with a PGP
signature in ssh-osf1-c2-setluid-patch.sig).

    Tatu

diff -ru ssh-1.2.13/config.h.in ssh-1.2.13.patched/config.h.in
--- ssh-1.2.13/config.h.in	Sun Feb 11 21:45:21 1996
+++ ssh-1.2.13.patched/config.h.in	Mon Apr 22 21:41:11 1996
@@ -367,6 +367,9 @@
 /* Define if you have the setlogin function.  */
 #undef HAVE_SETLOGIN
 
+/* Define if you have the setluid function.  */
+#undef HAVE_SETLUID
+
 /* Define if you have the setsid function.  */
 #undef HAVE_SETSID
 
@@ -459,6 +462,9 @@
 
 /* Define if you have the s library (-ls).  */
 #undef HAVE_LIBS
+
+/* Define if you have the security library (-lsecurity).  */
+#undef HAVE_LIBSECURITY
 
 /* Define if you have the shadow library (-lshadow).  */
 #undef HAVE_LIBSHADOW
diff -ru ssh-1.2.13/configure ssh-1.2.13.patched/configure
--- ssh-1.2.13/configure	Sun Feb 11 21:45:22 1996
+++ ssh-1.2.13.patched/configure	Mon Apr 22 21:41:14 1996
@@ -1,7 +1,7 @@
 #! /bin/sh
 
 # Guess values for system-dependent variables and create Makefiles.
-# Generated automatically using autoconf version 2.7 
+# Generated automatically using autoconf version 2.8 
 # Copyright (C) 1992, 1993, 1994 Free Software Foundation, Inc.
 #
 # This configure script is free software; the Free Software Foundation
@@ -351,7 +351,7 @@
     verbose=yes ;;
 
   -version | --version | --versio | --versi | --vers)
-    echo "configure generated by autoconf version 2.7"
+    echo "configure generated by autoconf version 2.8"
     exit 0 ;;
 
   -with-* | --with-*)
@@ -516,12 +516,9 @@
 
 ac_ext=c
 # CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options.
-ac_cpp='echo $CPP $CPPFLAGS 1>&5;
-$CPP $CPPFLAGS'
-ac_compile='echo ${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5;
-${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5 2>&5'
-ac_link='echo ${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5;
-${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5 2>&5'
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5'
+ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5'
 
 if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then
   # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu.
@@ -607,7 +604,6 @@
     fi
   done
   IFS="$ac_save_ifs"
-  test -z "$ac_cv_prog_CC" && ac_cv_prog_CC="cc"
 fi
 fi
 CC="$ac_cv_prog_CC"
@@ -617,6 +613,55 @@
   echo "$ac_t""no" 1>&6
 fi
 
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
+if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:"
+  ac_prog_rejected=no
+  for ac_dir in $PATH; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/$ac_word; then
+      if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then
+        ac_prog_rejected=yes
+	continue
+      fi
+      ac_cv_prog_CC="cc"
+      break
+    fi
+  done
+  IFS="$ac_save_ifs"
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# -gt 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    set dummy "$ac_dir/$ac_word" "$@"
+    shift
+    ac_cv_prog_CC="$@"
+  fi
+fi
+fi
+fi
+CC="$ac_cv_prog_CC"
+if test -n "$CC"; then
+  echo "$ac_t""$CC" 1>&6
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+  test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; }
+fi
 
 echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6
 if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then
@@ -627,7 +672,7 @@
   yes;
 #endif
 EOF
-if ${CC-cc} -E conftest.c 2>&5 | egrep yes >/dev/null 2>&1; then
+if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:676: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then
   ac_cv_prog_gcc=yes
 else
   ac_cv_prog_gcc=no
@@ -673,11 +718,11 @@
   ac_cv_c_cross=yes
 else
 cat > conftest.$ac_ext <<EOF
-#line 677 "configure"
+#line 722 "configure"
 #include "confdefs.h"
 main(){return(0);}
 EOF
-eval $ac_link
+{ (eval echo configure:726: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }
 if test -s conftest && (./conftest; exit) 2>/dev/null; then
   ac_cv_c_cross=no
 else
@@ -728,14 +773,14 @@
   *-ibm-aix3.2|*-ibm-aix3.2.0|*-ibm-aix3.2.1|*-ibm-aix3.2.2|*-ibm-aix3.2.3|*-ibm-aix3.2.4)
     os_aix=yes
     echo $ac_n "checking for -ls""... $ac_c" 1>&6
-ac_lib_var=`echo s | tr '.-/+' '___p'`
+ac_lib_var=`echo s_getuserattr | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-ls  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 739 "configure"
+#line 784 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -743,7 +788,7 @@
 getuserattr()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:792: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -771,14 +816,14 @@
   *-ibm-aix*)
     os_aix=yes
     echo $ac_n "checking for -ls""... $ac_c" 1>&6
-ac_lib_var=`echo s | tr '.-/+' '___p'`
+ac_lib_var=`echo s_getuserattr | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-ls  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 782 "configure"
+#line 827 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -786,7 +831,7 @@
 getuserattr()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:835: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -825,14 +870,14 @@
     # Ultrix shadow passwords implemented in auth-passwd.c.
     no_shadows_password_checking=yes
     echo $ac_n "checking for -lauth""... $ac_c" 1>&6
-ac_lib_var=`echo auth | tr '.-/+' '___p'`
+ac_lib_var=`echo auth_authenticate_user | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-lauth  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 836 "configure"
+#line 881 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -840,7 +885,7 @@
 authenticate_user()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:889: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -865,7 +910,7 @@
 fi
 
     cat > conftest.$ac_ext <<EOF
-#line 869 "configure"
+#line 914 "configure"
 #include "confdefs.h"
 #include <syslog.h>
 int main() { return 0; }
@@ -873,7 +918,7 @@
 int foo = LOG_DAEMON; 
 ; return 0; }
 EOF
-if eval $ac_compile; then
+if { (eval echo configure:922: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   :
 else
   rm -rf conftest*
@@ -900,23 +945,15 @@
 #define TTY_GROUP "terminal"
 EOF
 
-    echo $ac_n "checking for OSF/1 C2 security package""... $ac_c" 1>&6
-    osfc2sec=`/usr/sbin/setld -i | grep '^OSFC2SEC'`
-    if test -n "$osfc2sec"; then
-      echo "$ac_t""yes" 1>&6
-      cat >> confdefs.h <<\EOF
-#define HAVE_OSF1_C2_SECURITY 1
-EOF
-
-      echo $ac_n "checking for -lsecurity""... $ac_c" 1>&6
-ac_lib_var=`echo security | tr '.-/+' '___p'`
+    echo $ac_n "checking for -lsecurity""... $ac_c" 1>&6
+ac_lib_var=`echo security_set_auth_parameters | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-lsecurity  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 920 "configure"
+#line 957 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -924,7 +961,7 @@
 set_auth_parameters()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:965: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -937,11 +974,75 @@
 fi
 if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
   echo "$ac_t""yes" 1>&6
-  LIBS="$LIBS -lsecurity"
+    ac_tr_lib=HAVE_LIB`echo security | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lsecurity $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+    for ac_func in setluid
+do
+echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
+if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  cat > conftest.$ac_ext <<EOF
+#line 996 "configure"
+#include "confdefs.h"
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $ac_func(); below.  */
+#include <assert.h>
+/* Override any gcc2 internal prototype to avoid an error.  */
+char $ac_func();
+
+int main() { return 0; }
+int t() {
+
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined (__stub_$ac_func) || defined (__stub___$ac_func)
+choke me
+#else
+$ac_func();
+#endif
+
+; return 0; }
+EOF
+if { (eval echo configure:1018: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=yes"
+else
+  rm -rf conftest*
+  eval "ac_cv_func_$ac_func=no"
+fi
+rm -f conftest*
+
+fi
+if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_func 1
+EOF
+ 
 else
   echo "$ac_t""no" 1>&6
-{ echo "configure: error: "Could not find libsecurity even though C2 security installed."" 1>&2; exit 1; }
 fi
+done
+
+    echo $ac_n "checking for OSF/1 C2 security package""... $ac_c" 1>&6
+    osfc2sec=`/usr/sbin/setld -i | grep '^OSFC2SEC'`
+    if test -n "$osfc2sec"; then
+      echo "$ac_t""yes" 1>&6
+      cat >> confdefs.h <<\EOF
+#define HAVE_OSF1_C2_SECURITY 1
+EOF
 
       CONFOBJS="$CONFOBJS osfc2.o"
     else
@@ -962,7 +1063,7 @@
     SAVED_LIBS="$LIBS"
     LIBS="$LIBS -lm"
     cat > conftest.$ac_ext <<EOF
-#line 966 "configure"
+#line 1067 "configure"
 #include "confdefs.h"
 #include <math.h>
 int main() { return 0; }
@@ -972,7 +1073,7 @@
 		  return (int)d; 
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:1077: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   echo "$ac_t""ok" 1>&6
 else
@@ -1022,14 +1123,14 @@
     ;;
   *-*-sysv4*)
     echo $ac_n "checking for -lgen""... $ac_c" 1>&6
-ac_lib_var=`echo gen | tr '.-/+' '___p'`
+ac_lib_var=`echo gen_openlog | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-lgen  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 1033 "configure"
+#line 1134 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -1037,7 +1138,7 @@
 openlog()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:1142: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -1118,11 +1219,11 @@
   { echo "configure: error: Could not compile and run even a trivial ANSI C program - check CC." 1>&2; exit 1; }
 else
 cat > conftest.$ac_ext <<EOF
-#line 1122 "configure"
+#line 1223 "configure"
 #include "confdefs.h"
  main(int ac, char **av) { return 0; } 
 EOF
-eval $ac_link
+{ (eval echo configure:1227: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }
 if test -s conftest && (./conftest; exit) 2>/dev/null; then
   echo "$ac_t""yes" 1>&6
 else
@@ -1138,7 +1239,7 @@
   OLDCC="$CC"
   CC="$CC -pipe"
   cat > conftest.$ac_ext <<EOF
-#line 1142 "configure"
+#line 1243 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -1146,7 +1247,7 @@
 
 ; return 0; }
 EOF
-if eval $ac_compile; then
+if { (eval echo configure:1251: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   echo "$ac_t""yes" 1>&6
 else
@@ -1174,7 +1275,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1178 "configure"
+#line 1279 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <signal.h>
@@ -1192,7 +1293,7 @@
 int i;
 ; return 0; }
 EOF
-if eval $ac_compile; then
+if { (eval echo configure:1297: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_type_signal=void
 else
@@ -1224,12 +1325,13 @@
   # On the NeXT, cc -E runs the code through the compiler's parser,
   # not just through cpp.
   cat > conftest.$ac_ext <<EOF
-#line 1228 "configure"
+#line 1329 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
-eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1335: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out`
 if test -z "$ac_err"; then
   :
@@ -1238,12 +1340,13 @@
   rm -rf conftest*
   CPP="${CC-cc} -E -traditional-cpp"
   cat > conftest.$ac_ext <<EOF
-#line 1242 "configure"
+#line 1344 "configure"
 #include "confdefs.h"
 #include <assert.h>
 Syntax Error
 EOF
-eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1350: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out`
 if test -z "$ac_err"; then
   :
@@ -1268,14 +1371,15 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1272 "configure"
+#line 1375 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <stdarg.h>
 #include <string.h>
 #include <float.h>
 EOF
-eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1383: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -1290,7 +1394,7 @@
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 1294 "configure"
+#line 1398 "configure"
 #include "confdefs.h"
 #include <string.h>
 EOF
@@ -1308,7 +1412,7 @@
 if test $ac_cv_header_stdc = yes; then
   # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 1312 "configure"
+#line 1416 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 EOF
@@ -1329,7 +1433,7 @@
   :
 else
 cat > conftest.$ac_ext <<EOF
-#line 1333 "configure"
+#line 1437 "configure"
 #include "confdefs.h"
 #include <ctype.h>
 #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
@@ -1340,7 +1444,7 @@
 exit (0); }
 
 EOF
-eval $ac_link
+{ (eval echo configure:1448: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }
 if test -s conftest && (./conftest; exit) 2>/dev/null; then
   :
 else
@@ -1364,7 +1468,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1368 "configure"
+#line 1472 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1395,7 +1499,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1399 "configure"
+#line 1503 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 EOF
@@ -1428,7 +1532,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1432 "configure"
+#line 1536 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1459,7 +1563,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1463 "configure"
+#line 1567 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #if STDC_HEADERS
@@ -1490,7 +1594,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1494 "configure"
+#line 1598 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -1499,7 +1603,7 @@
 struct stat s; s.st_blksize;
 ; return 0; }
 EOF
-if eval $ac_compile; then
+if { (eval echo configure:1607: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_struct_st_blksize=yes
 else
@@ -1524,7 +1628,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1528 "configure"
+#line 1632 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -1574,7 +1678,7 @@
 
 ; return 0; }
 EOF
-if eval $ac_compile; then
+if { (eval echo configure:1682: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_const=yes
 else
@@ -1600,7 +1704,7 @@
   ac_cv_c_inline=no
 for ac_kw in inline __inline__ __inline; do
   cat > conftest.$ac_ext <<EOF
-#line 1604 "configure"
+#line 1708 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -1608,7 +1712,7 @@
 } $ac_kw foo() {
 ; return 0; }
 EOF
-if eval $ac_compile; then
+if { (eval echo configure:1716: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_inline=$ac_kw; break
 fi
@@ -1638,7 +1742,7 @@
   ac_cv_c_bigendian=unknown
 # See if sys/param.h defines the BYTE_ORDER macro.
 cat > conftest.$ac_ext <<EOF
-#line 1642 "configure"
+#line 1746 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -1650,11 +1754,11 @@
 #endif
 ; return 0; }
 EOF
-if eval $ac_compile; then
+if { (eval echo configure:1758: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   # It does; now see whether it defined to BIG_ENDIAN or not.
 cat > conftest.$ac_ext <<EOF
-#line 1658 "configure"
+#line 1762 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/param.h>
@@ -1666,7 +1770,7 @@
 #endif
 ; return 0; }
 EOF
-if eval $ac_compile; then
+if { (eval echo configure:1774: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_c_bigendian=yes
 else
@@ -1683,7 +1787,7 @@
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
 cat > conftest.$ac_ext <<EOF
-#line 1687 "configure"
+#line 1791 "configure"
 #include "confdefs.h"
 main () {
   /* Are we little or big endian?  From Harbison&Steele.  */
@@ -1696,7 +1800,7 @@
   exit (u.c[sizeof (long) - 1] == 1);
 }
 EOF
-eval $ac_link
+{ (eval echo configure:1804: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }
 if test -s conftest && (./conftest; exit) 2>/dev/null; then
   ac_cv_c_bigendian=no
 else
@@ -1723,7 +1827,7 @@
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
 cat > conftest.$ac_ext <<EOF
-#line 1727 "configure"
+#line 1831 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -1734,7 +1838,7 @@
   exit(0);
 }
 EOF
-eval $ac_link
+{ (eval echo configure:1842: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }
 if test -s conftest && (./conftest; exit) 2>/dev/null; then
   ac_cv_sizeof_long=`cat conftestval`
 else
@@ -1757,7 +1861,7 @@
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
 cat > conftest.$ac_ext <<EOF
-#line 1761 "configure"
+#line 1865 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -1768,7 +1872,7 @@
   exit(0);
 }
 EOF
-eval $ac_link
+{ (eval echo configure:1876: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }
 if test -s conftest && (./conftest; exit) 2>/dev/null; then
   ac_cv_sizeof_int=`cat conftestval`
 else
@@ -1791,7 +1895,7 @@
     { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; }
 else
 cat > conftest.$ac_ext <<EOF
-#line 1795 "configure"
+#line 1899 "configure"
 #include "confdefs.h"
 #include <stdio.h>
 main()
@@ -1802,7 +1906,7 @@
   exit(0);
 }
 EOF
-eval $ac_link
+{ (eval echo configure:1910: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }
 if test -s conftest && (./conftest; exit) 2>/dev/null; then
   ac_cv_sizeof_short=`cat conftestval`
 else
@@ -1827,11 +1931,12 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1831 "configure"
+#line 1935 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
-eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1940: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -1862,14 +1967,15 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1866 "configure"
+#line 1971 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 #include <stdarg.h>
 #include <string.h>
 #include <float.h>
 EOF
-eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:1979: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -1884,7 +1990,7 @@
 if test $ac_cv_header_stdc = yes; then
   # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 1888 "configure"
+#line 1994 "configure"
 #include "confdefs.h"
 #include <string.h>
 EOF
@@ -1902,7 +2008,7 @@
 if test $ac_cv_header_stdc = yes; then
   # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
 cat > conftest.$ac_ext <<EOF
-#line 1906 "configure"
+#line 2012 "configure"
 #include "confdefs.h"
 #include <stdlib.h>
 EOF
@@ -1923,7 +2029,7 @@
   :
 else
 cat > conftest.$ac_ext <<EOF
-#line 1927 "configure"
+#line 2033 "configure"
 #include "confdefs.h"
 #include <ctype.h>
 #define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
@@ -1934,7 +2040,7 @@
 exit (0); }
 
 EOF
-eval $ac_link
+{ (eval echo configure:2044: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }
 if test -s conftest && (./conftest; exit) 2>/dev/null; then
   :
 else
@@ -1958,7 +2064,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 1962 "configure"
+#line 2068 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/wait.h>
@@ -1975,7 +2081,7 @@
 s = WIFEXITED (s) ? WEXITSTATUS (s) : 1;
 ; return 0; }
 EOF
-if eval $ac_compile; then
+if { (eval echo configure:2085: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_header_sys_wait_h=yes
 else
@@ -2002,11 +2108,12 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2006 "configure"
+#line 2112 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
-eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2117: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2038,11 +2145,12 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2042 "configure"
+#line 2149 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
-eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2154: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2074,11 +2182,12 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2078 "configure"
+#line 2186 "configure"
 #include "confdefs.h"
 #include <$ac_hdr>
 EOF
-eval "$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
+{ (eval echo configure:2191: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
 ac_err=`grep -v '^ *+' conftest.out`
 if test -z "$ac_err"; then
   rm -rf conftest*
@@ -2107,7 +2216,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2111 "configure"
+#line 2220 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/time.h>
@@ -2117,7 +2226,7 @@
 struct tm *tp;
 ; return 0; }
 EOF
-if eval $ac_compile; then
+if { (eval echo configure:2230: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   ac_cv_header_time=yes
 else
@@ -2145,7 +2254,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2149 "configure"
+#line 2258 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <$ac_hdr>
@@ -2154,7 +2263,7 @@
 DIR *dirp = 0;
 ; return 0; }
 EOF
-if eval $ac_compile; then
+if { (eval echo configure:2267: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_header_dirent_$ac_safe=yes"
 else
@@ -2178,14 +2287,14 @@
 # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
 if test $ac_header_dirent = dirent.h; then
 echo $ac_n "checking for -ldir""... $ac_c" 1>&6
-ac_lib_var=`echo dir | tr '.-/+' '___p'`
+ac_lib_var=`echo dir_opendir | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-ldir  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 2189 "configure"
+#line 2298 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -2193,7 +2302,7 @@
 opendir()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:2306: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -2213,14 +2322,14 @@
 
 else
 echo $ac_n "checking for -lx""... $ac_c" 1>&6
-ac_lib_var=`echo x | tr '.-/+' '___p'`
+ac_lib_var=`echo x_opendir | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-lx  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 2224 "configure"
+#line 2333 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -2228,7 +2337,7 @@
 opendir()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:2341: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -2253,7 +2362,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2257 "configure"
+#line 2366 "configure"
 #include "confdefs.h"
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -2304,7 +2413,7 @@
 fi
 
 cat > conftest.$ac_ext <<EOF
-#line 2308 "configure"
+#line 2417 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 EOF
@@ -2319,7 +2428,7 @@
 rm -f conftest*
 
 cat > conftest.$ac_ext <<EOF
-#line 2323 "configure"
+#line 2432 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 EOF
@@ -2334,7 +2443,7 @@
 rm -f conftest*
 
 cat > conftest.$ac_ext <<EOF
-#line 2338 "configure"
+#line 2447 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 EOF
@@ -2349,7 +2458,7 @@
 rm -f conftest*
 
 cat > conftest.$ac_ext <<EOF
-#line 2353 "configure"
+#line 2462 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 EOF
@@ -2364,7 +2473,7 @@
 rm -f conftest*
 
 cat > conftest.$ac_ext <<EOF
-#line 2368 "configure"
+#line 2477 "configure"
 #include "confdefs.h"
 #include <utmp.h>
 EOF
@@ -2380,14 +2489,14 @@
 
 
 echo $ac_n "checking for -lc""... $ac_c" 1>&6
-ac_lib_var=`echo c | tr '.-/+' '___p'`
+ac_lib_var=`echo c_crypt | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-lc  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 2391 "configure"
+#line 2500 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -2395,7 +2504,7 @@
 crypt()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:2508: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -2412,14 +2521,14 @@
 else
   echo "$ac_t""no" 1>&6
 echo $ac_n "checking for -lcrypt""... $ac_c" 1>&6
-ac_lib_var=`echo crypt | tr '.-/+' '___p'`
+ac_lib_var=`echo crypt_crypt | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-lcrypt  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 2423 "configure"
+#line 2532 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -2427,7 +2536,7 @@
 crypt()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:2540: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -2455,14 +2564,14 @@
 
 if test -z "$no_libnsl"; then
   echo $ac_n "checking for -lnsl""... $ac_c" 1>&6
-ac_lib_var=`echo nsl | tr '.-/+' '___p'`
+ac_lib_var=`echo nsl_main | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-lnsl  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 2466 "configure"
+#line 2575 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -2470,7 +2579,7 @@
 main()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:2583: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -2497,14 +2606,14 @@
 fi
 if test -n "$test_libinet"; then
   echo $ac_n "checking for -linet""... $ac_c" 1>&6
-ac_lib_var=`echo inet | tr '.-/+' '___p'`
+ac_lib_var=`echo inet_inet_network | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-linet  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 2508 "configure"
+#line 2617 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -2512,7 +2621,7 @@
 inet_network()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:2625: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -2539,14 +2648,14 @@
 fi
 if test -z "$no_libsocket"; then
   echo $ac_n "checking for -lsocket""... $ac_c" 1>&6
-ac_lib_var=`echo socket | tr '.-/+' '___p'`
+ac_lib_var=`echo socket_socket | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-lsocket  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 2550 "configure"
+#line 2659 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -2554,7 +2663,7 @@
 socket()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:2667: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -2581,14 +2690,14 @@
 fi
 if test -z "$no_libsun"; then
   echo $ac_n "checking for -lsun""... $ac_c" 1>&6
-ac_lib_var=`echo sun | tr '.-/+' '___p'`
+ac_lib_var=`echo sun_getpwnam | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-lsun  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 2592 "configure"
+#line 2701 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -2596,7 +2705,7 @@
 getpwnam()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:2709: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -2622,14 +2731,14 @@
 
 fi
 echo $ac_n "checking for -lutil""... $ac_c" 1>&6
-ac_lib_var=`echo util | tr '.-/+' '___p'`
+ac_lib_var=`echo util_login | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-lutil  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 2633 "configure"
+#line 2742 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -2637,7 +2746,7 @@
 login()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:2750: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -2668,7 +2777,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2672 "configure"
+#line 2781 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -2690,7 +2799,7 @@
 
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:2803: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -2722,7 +2831,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2726 "configure"
+#line 2835 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -2744,7 +2853,7 @@
 
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:2857: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -2775,7 +2884,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2779 "configure"
+#line 2888 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -2797,7 +2906,7 @@
 
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:2910: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -2826,7 +2935,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2830 "configure"
+#line 2939 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -2848,7 +2957,7 @@
 
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:2961: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -2877,7 +2986,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2881 "configure"
+#line 2990 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -2899,7 +3008,7 @@
 
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:3012: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -2929,7 +3038,7 @@
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2933 "configure"
+#line 3042 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -2951,7 +3060,7 @@
 
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:3064: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -3278,14 +3387,14 @@
     # have getspent in a system library.  However, a libshadow.a library
     # contaning these is publicly available.
     echo $ac_n "checking for -lshadow""... $ac_c" 1>&6
-ac_lib_var=`echo shadow | tr '.-/+' '___p'`
+ac_lib_var=`echo shadow_getspent | tr '.-/+' '___p'`
 if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   ac_save_LIBS="$LIBS"
 LIBS="-lshadow  $LIBS"
 cat > conftest.$ac_ext <<EOF
-#line 3289 "configure"
+#line 3398 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -3293,7 +3402,7 @@
 getspent()
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:3406: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   rm -rf conftest*
   eval "ac_cv_lib_$ac_lib_var=yes"
 else
@@ -3738,7 +3847,7 @@
 
     LIBS="-lwrap $LIBS"
     cat > conftest.$ac_ext <<EOF
-#line 3742 "configure"
+#line 3851 "configure"
 #include "confdefs.h"
  int allow_severity; int deny_severity; 
 int main() { return 0; }
@@ -3746,7 +3855,7 @@
  hosts_access(); 
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:3859: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   :
 else
   rm -rf conftest*
@@ -3763,7 +3872,7 @@
 
     LIBS="$withval $LIBS"
     cat > conftest.$ac_ext <<EOF
-#line 3767 "configure"
+#line 3876 "configure"
 #include "confdefs.h"
  int allow_severity; int deny_severity; 
 int main() { return 0; }
@@ -3771,7 +3880,7 @@
  hosts_access(); 
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:3884: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   :
 else
   rm -rf conftest*
@@ -3830,7 +3939,7 @@
     fi
     LIBS="$withval $LIBS"
     cat > conftest.$ac_ext <<EOF
-#line 3834 "configure"
+#line 3943 "configure"
 #include "confdefs.h"
 
 int main() { return 0; }
@@ -3838,7 +3947,7 @@
  Rconnect(); 
 ; return 0; }
 EOF
-if eval $ac_link; then
+if { (eval echo configure:3951: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; }; then
   :
 else
   rm -rf conftest*
@@ -3987,7 +4096,7 @@
     echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion"
     exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;;
   -version | --version | --versio | --versi | --vers | --ver | --ve | --v)
-    echo "$CONFIG_STATUS generated by autoconf version 2.7"
+    echo "$CONFIG_STATUS generated by autoconf version 2.8"
     exit 0 ;;
   -help | --help | --hel | --he | --h)
     echo "\$ac_cs_usage"; exit 0 ;;
diff -ru ssh-1.2.13/configure.in ssh-1.2.13.patched/configure.in
--- ssh-1.2.13/configure.in	Sun Feb 11 21:45:21 1996
+++ ssh-1.2.13.patched/configure.in	Mon Apr 22 21:40:57 1996
@@ -205,14 +205,13 @@
     ;;
   alpha-dec-osf*)
     AC_DEFINE(TTY_GROUP, "terminal")
+    AC_CHECK_LIB(security, set_auth_parameters)
+    AC_CHECK_FUNCS(setluid)
     AC_MSG_CHECKING(for OSF/1 C2 security package)
     osfc2sec=`/usr/sbin/setld -i | grep '^OSFC2SEC'`
     if test -n "$osfc2sec"; then
       AC_MSG_RESULT(yes)
       AC_DEFINE(HAVE_OSF1_C2_SECURITY)
-      AC_CHECK_LIB(security, set_auth_parameters,
-                   LIBS="$LIBS -lsecurity",
-                   AC_MSG_ERROR("Could not find libsecurity even though C2 security installed."))
       CONFOBJS="$CONFOBJS osfc2.o"
     else
       AC_MSG_RESULT(no)
diff -ru ssh-1.2.13/sshd.c ssh-1.2.13.patched/sshd.c
--- ssh-1.2.13/sshd.c	Sun Feb 11 21:45:20 1996
+++ ssh-1.2.13.patched/sshd.c	Mon Apr 22 19:06:26 1996
@@ -2306,6 +2306,12 @@
 #endif /* HAVE_INITGROUPS */
       endgrent();
 
+#ifdef HAVE_SETLUID
+      /* Set login uid, if we have setluid(). */
+      if (setluid(user_uid) < 0)
+	fatal("setluid %d: %s", (int)user_uid, strerror(errno));
+#endif /* HAVE_SETLUID */
+
       /* Permanently switch to the desired uid. */
       if (setuid(user_uid) < 0)
 	fatal("setuid %d: %s", (int)user_uid, strerror(errno));