summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>1999-12-26 10:21:48 +1100
committerDamien Miller <djm@mindrot.org>1999-12-26 10:21:48 +1100
commit32b3cf2c96fd8cee6cb082821a43d3375c850d58 (patch)
tree103872b5f4423e17000a6221fd07fd6234924a26
parent2e1b082dfbc5dcdae80957a3d889abe9fa480d77 (diff)
19991226
- Enabled utmpx support by default for Solaris - Cleanup sshd.c PAM a little more 19991225 - Merged fixes from Ben Taylor <bent@clark.net> - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk> - Disabled logging of PAM password authentication failures when password is empty. (e.g start of authentication loop). Reported by Naz <96na@eng.cam.ac.uk>)
-rw-r--r--ChangeLog13
-rw-r--r--Makefile.in4
-rw-r--r--acconfig.h17
-rw-r--r--bsd-login.c16
-rw-r--r--configure.in10
-rw-r--r--login.c19
-rw-r--r--packages/redhat/openssh.spec2
-rw-r--r--packages/suse/openssh.spec2
-rw-r--r--sshd.c11
9 files changed, 66 insertions, 28 deletions
diff --git a/ChangeLog b/ChangeLog
index 394ebc89..a89fcdc9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,13 +1,24 @@
+19991226
+ - Enabled utmpx support by default for Solaris
+ - Cleanup sshd.c PAM a little more
+
19991225
- More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
- Cleanup of auth-passwd.c for shadow and MD5 passwords
- Cleanup and bugfix of PAM authentication code
+ - Released 1.2.1pre20
+
+ - Merged fixes from Ben Taylor <bent@clark.net>
+ - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
+ - Disabled logging of PAM password authentication failures when password
+ is empty. (e.g start of authentication loop). Reported by Naz
+ <96na@eng.cam.ac.uk>)
19991223
- Merged later HPUX patch from Andre Lucas
<andre.lucas@dial.pipex.com>
- Above patch included better utmpx support from Ben Taylor
- <bent@clark.net>:
+ <bent@clark.net>
19991222
- Fix undefined fd_set type in ssh.h from Povl H. Pedersen
diff --git a/Makefile.in b/Makefile.in
index ff978b74..fa9a9d81 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -44,6 +44,10 @@ LIBOBJS= atomicio.o authfd.o authfile.o bsd-daemon.o bsd-mktemp.o \
all: $(OBJS) $(TARGETS)
+$(OBJS): config.h
+
+$(LIBOBJS): config.h
+
libssh.a: $(LIBOBJS)
$(AR) rv $@ $(LIBOBJS)
$(RANLIB) $@
diff --git a/acconfig.h b/acconfig.h
index 1e706ff5..60dd4301 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -222,6 +222,23 @@ enum
# endif
#endif
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
+# ifndef _PATH_UTMPX
+# ifdef UTMPX_FILE
+# define _PATH_UTMPX UTMPX_FILE
+# else
+# define _PATH_UTMPX "/var/adm/utmpx"
+# endif
+# endif
+# ifndef _PATH_WTMPX
+# ifdef WTMPX_FILE
+# define _PATH_WTMPX WTMPX_FILE
+# else
+# define _PATH_WTMPX "/var/adm/wtmp"
+# endif
+# endif
+#endif
+
#ifndef _PATH_BSHELL
# define _PATH_BSHELL "/bin/sh"
#endif
diff --git a/bsd-login.c b/bsd-login.c
index d81e4691..eccb29ee 100644
--- a/bsd-login.c
+++ b/bsd-login.c
@@ -65,24 +65,24 @@ login(utp)
struct utmp *utp;
#endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
{
+#if defined(HAVE_HOST_IN_UTMP)
struct utmp old_ut;
+#endif
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
struct utmpx *old_utx;
#endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
register int fd;
int tty;
-#ifndef UT_LINESIZE
-# define UT_LINESIZE (sizeof(old_ut.ut_line))
-# define UT_NAMESIZE (sizeof(old_ut.ut_name))
-# ifdef HAVE_HOST_IN_UTMP
-# define UT_HOSTSIZE (sizeof(old_ut.ut_host))
-# endif
-#endif
-
tty = ttyslot();
if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR|O_CREAT, 0644)) >= 0) {
+
#if defined(HAVE_HOST_IN_UTMP)
+# ifndef UT_LINESIZE
+# define UT_LINESIZE (sizeof(old_ut.ut_line))
+# define UT_NAMESIZE (sizeof(old_ut.ut_name))
+# define UT_HOSTSIZE (sizeof(old_ut.ut_host))
+# endif
(void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
/*
* Prevent luser from zero'ing out ut_host.
diff --git a/configure.in b/configure.in
index 7bb96270..6cfacd2d 100644
--- a/configure.in
+++ b/configure.in
@@ -53,6 +53,9 @@ case "$host" in
AC_DEFINE(DISABLE_SHADOW)
fi
;;
+*-*-solaris*)
+ AC_DEFINE(USE_UTMPX)
+ ;;
esac
dnl Check for OpenSSL/SSLeay directories.
@@ -101,11 +104,14 @@ AC_ARG_WITH(pam,
[ --without-pam Disable PAM support ],
[
if test "x$withval" != "xno" ; then
- AC_CHECK_LIB(dl, dlopen, , )
- AC_CHECK_LIB(pam, pam_authenticate, , )
+ no_pam=1
fi
]
)
+if test -z "$no_pam" ; then
+ AC_CHECK_LIB(dl, dlopen, , )
+ AC_CHECK_LIB(pam, pam_authenticate, , )
+fi
dnl Checks for header files.
AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h poll.h pty.h shadow.h util.h utmp.h utmpx.h sys/bsdtty.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h)
diff --git a/login.c b/login.c
index c551da89..f4e6ddfa 100644
--- a/login.c
+++ b/login.c
@@ -18,7 +18,7 @@
*/
#include "includes.h"
-RCSID("$Id: login.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
+RCSID("$Id: login.c,v 1.12 1999/12/25 23:21:48 damien Exp $");
#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
# include <utmpx.h>
@@ -155,18 +155,19 @@ record_login(int pid, const char *ttyname, const char *user, uid_t uid,
strncpy(utx.ut_line, ttyname + 5, sizeof(utx.ut_line));
utx.ut_pid = (pid_t)pid;
utx.ut_tv.tv_sec = time(NULL);
- u.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS;
-#ifdef HAVE_HOST_IN_UTMPX
-#ifdef HAVE_SYSLEN_IN_UTMPX
+ utx.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS;
+# ifdef HAVE_HOST_IN_UTMPX
+# ifdef HAVE_SYSLEN_IN_UTMPX
utx.ut_syslen = strlen(host);
- strncpy(utx.ut_host, host, utx.ut_syslen );
-#else
+ strncpy(utx.ut_host, host, utx.ut_syslen);
+# else
strncpy(utx.ut_host, host, sizeof(utx.ut_host));
-#endif /* HAVE_SYSLEN_IN_UTMPX */
-#endif
+# endif /* HAVE_SYSLEN_IN_UTMPX */
+# endif
#endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
-#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) && !defined(HAVE_LOGIN)
+/*#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) && !defined(HAVE_LOGIN)*/
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
login(&u, &utx);
#else /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
login(&u);
diff --git a/packages/redhat/openssh.spec b/packages/redhat/openssh.spec
index a3e51bb8..af904c7d 100644
--- a/packages/redhat/openssh.spec
+++ b/packages/redhat/openssh.spec
@@ -1,6 +1,6 @@
Summary: OpenSSH free Secure Shell (SSH) implementation
Name: openssh
-Version: 1.2.1pre20
+Version: 1.2.1pre21
Release: 1
Packager: Damien Miller <djm@ibs.com.au>
Source0: openssh-%{version}.tar.gz
diff --git a/packages/suse/openssh.spec b/packages/suse/openssh.spec
index c649ef23..23926e01 100644
--- a/packages/suse/openssh.spec
+++ b/packages/suse/openssh.spec
@@ -1,6 +1,6 @@
Summary: OpenSSH, a free Secure Shell (SSH) implementation
Name: openssh
-Version: 1.2.1pre20
+Version: 1.2.1pre21
Release: 1
Source0: openssh-%{version}.tar.gz
Copyright: BSD
diff --git a/sshd.c b/sshd.c
index 9c570ab8..c06d914e 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
*/
#include "includes.h"
-RCSID("$Id: sshd.c,v 1.40 1999/12/24 23:11:29 damien Exp $");
+RCSID("$Id: sshd.c,v 1.41 1999/12/25 23:21:48 damien Exp $");
#ifdef HAVE_POLL_H
# include <poll.h>
@@ -249,8 +249,10 @@ int do_pam_auth(const char *user, const char *password)
log("PAM Password authentication accepted for user \"%.100s\"", user);
return 1;
} else {
- log("PAM Password authentication for \"%.100s\" failed: %s",
- user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+ /* Don't log failure for auth attempts with empty password */
+ if (password[0] != '\0')
+ log("PAM Password authentication for \"%.100s\" failed: %s",
+ user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
return 0;
}
}
@@ -1362,9 +1364,6 @@ do_authloop(struct passwd * pw)
int plen, dlen, nlen, ulen, elen;
int type = 0;
void (*authlog) (const char *fmt,...) = verbose;
-#ifdef HAVE_LIBPAM
- int pam_retval;
-#endif /* HAVE_LIBPAM */
/* Indicate that authentication is needed. */
packet_start(SSH_SMSG_FAILURE);