summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>1999-12-28 15:09:35 +1100
committerDamien Miller <djm@mindrot.org>1999-12-28 15:09:35 +1100
commitbeb4ba5a68dbfa478bcc375cc885a047a8301c0d (patch)
treef612c8142e3891e40e68797c00a339a8efde0a40
parent4ff2b9bf429f40cb4d8119108cd7c4aa76c081ee (diff)
- Portability fixes for Irix 5.3 (now compiles OK!)
- autoconf and other misc cleanups
-rw-r--r--ChangeLog2
-rw-r--r--INSTALL5
-rw-r--r--Makefile.in2
-rw-r--r--README6
-rw-r--r--TODO4
-rw-r--r--acconfig.h6
-rw-r--r--auth-passwd.c18
-rw-r--r--configure.in77
-rw-r--r--defines.h11
-rw-r--r--includes.h8
-rw-r--r--md5crypt.c4
-rw-r--r--md5crypt.h13
-rw-r--r--sshd.c52
13 files changed, 120 insertions, 88 deletions
diff --git a/ChangeLog b/ChangeLog
index 55051011..9c29ac8b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,8 @@
- NetBSD login.c compile fix from David Rankin
<drankin@bohemians.lexington.ky.us>
- Fully set ut_tv if present in utmp or utmpx
+ - Portability fixes for Irix 5.3 (now compiles OK!)
+ - autoconf and other misc cleanups
19991227
- Automatically correct paths in manpages and configuration files. Patch
diff --git a/INSTALL b/INSTALL
index 1521dc6e..17353d9e 100644
--- a/INSTALL
+++ b/INSTALL
@@ -105,6 +105,11 @@ support. You will need libwrap.a and tcpd.h installed.
--with-md5-passwords will enable the use of MD5 passwords. Enable this
if your operating system uses MD5 passwords without using PAM.
+If you need to pass special options to the compiler or linker, you
+can specify these as enviornment variables before running ./configure.
+For example:
+
+CFLAGS="-O -m486" LFLAGS="-s" ./configure
3. Configuration
----------------
diff --git a/Makefile.in b/Makefile.in
index f4e3ff4e..2f2e31e8 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -85,7 +85,7 @@ gnome-ssh-askpass: gnome-ssh-askpass.c
$(CC) $(CFLAGS) $(GNOME_CFLAGS) -o $@ gnome-ssh-askpass.c $(GNOME_LIBS)
clean:
- rm -f $(OBJS) $(TARGETS) config.status config.cache config.log core \
+ rm -f *.o $(TARGETS) config.status config.cache config.log core \
*.1 *.8 sshd_config ssh_config
manpages:
diff --git a/README b/README
index 1186edf2..fcf22f0d 100644
--- a/README
+++ b/README
@@ -12,9 +12,9 @@ http://www.openssh.com/
This port consists of the re-introduction of autoconf support, PAM
support (for Linux and Solaris), EGD[1] support, and replacements
for OpenBSD library functions that are (regrettably) absent from
-other unices. This port has been best tested on Linux, though some
-Solaris support is beginning to filter in. This version actively
-tracks changes in the OpenBSD CVS repository.
+other unices. This port has been best tested on Linux, Solaris and
+HPUX, though support for AIX and Irix is underway. This version
+actively tracks changes in the OpenBSD CVS repository.
The PAM support is now more functional than the popular packages of
commercial ssh-1.2.x. It checks "account" and "session" modules for
diff --git a/TODO b/TODO
index 1d07c5c6..ddd54621 100644
--- a/TODO
+++ b/TODO
@@ -4,10 +4,6 @@
- Better documentation
-- Port to other platforms
-
-- Better testing on non-PAM systems
-
- Replace the horror in acconfig.h which tries to comphensate for the
lack of u_intXX_t types. There must be a better way.
diff --git a/acconfig.h b/acconfig.h
index f3a7225e..fd9fe1fc 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -6,6 +6,9 @@
/* SSL directory. */
#undef ssldir
+/* Define if you want to disable PAM support */
+#undef DISABLE_PAM
+
/* Define if you want to disable lastlog support */
#undef DISABLE_LASTLOG
@@ -115,6 +118,9 @@
/* Specify default $PATH */
#undef USER_PATH
+/* Define if the inclusion of crypt.h breaks the build (e.g. Irix 5.x) */
+#undef CRYPT_H_BREAKS_BUILD
+
@BOTTOM@
/* ******************* Shouldn't need to edit below this line ************** */
diff --git a/auth-passwd.c b/auth-passwd.c
index 058dde82..0311a493 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -9,9 +9,9 @@
#include "includes.h"
-#ifndef HAVE_LIBPAM
+#ifndef USE_PAM
-RCSID("$Id: auth-passwd.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
+RCSID("$Id: auth-passwd.c,v 1.12 1999/12/28 04:09:36 damien Exp $");
#include "packet.h"
#include "ssh.h"
@@ -19,12 +19,14 @@ RCSID("$Id: auth-passwd.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
#include "xmalloc.h"
#ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-
-#ifdef HAVE_MD5_PASSWORDS
-#include "md5crypt.h"
+# include <shadow.h>
#endif
+#if defined(HAVE_CRYPT_H) && !defined(CRYPT_H_BREAKS_BUILD)
+# include <crypt.h>
+#endif /* defined(HAVE_CRYPT_H) && !defined(CRYPT_H_BREAKS_BUILD) */
+#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
+# include "md5crypt.h"
+#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
/*
* Tries to authenticate the user using password. Returns true if
@@ -101,4 +103,4 @@ auth_password(struct passwd * pw, const char *password)
/* Authentication is accepted if the encrypted passwords are identical. */
return (strcmp(encrypted_password, pw_password) == 0);
}
-#endif /* !HAVE_LIBPAM */
+#endif /* !USE_PAM */
diff --git a/configure.in b/configure.in
index 6fb5d63c..274111e2 100644
--- a/configure.in
+++ b/configure.in
@@ -56,6 +56,12 @@ case "$host" in
*-*-solaris*)
AC_DEFINE(USE_UTMPX)
;;
+*-*-irix5*)
+ AC_DEFINE(CRYPT_H_BREAKS_BUILD)
+# CFLAGS="$CFLAGS -shared"
+ no_libsocket=1
+ no_libnsl=1
+ ;;
esac
dnl Check for OpenSSL/SSLeay directories.
@@ -81,7 +87,6 @@ if test "$ssldir" != "/usr"; then
CFLAGS="$CFLAGS -I$ssldir/include"
LDFLAGS="$LDFLAGS -L$ssldir/lib"
fi
-LIBS="$LIBS -lssl -lcrypto"
AC_MSG_RESULT($ssldir)
dnl Check for RSAref library.
@@ -96,28 +101,20 @@ dnl Checks for libraries.
AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***]))
AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***]))
AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil")
-AC_CHECK_LIB(nsl, yp_match, , )
-AC_CHECK_LIB(socket, main, , )
+AC_CHECK_LIB(crypt, crypt, , )
-dnl Use ip address instead of hostname in $DISPLAY
-AC_ARG_WITH(pam,
- [ --without-pam Disable PAM support ],
- [
- if test "x$withval" != "xno" ; then
- no_pam=1
- fi
- ]
-)
-if test -z "$no_pam" ; then
- AC_CHECK_LIB(dl, dlopen, , )
- AC_CHECK_LIB(pam, pam_authenticate, , )
+if test -z "$no_libsocket" ; then
+ AC_CHECK_LIB(nsl, yp_match, , )
+fi
+if test -z "$no_libnsl" ; then
+ AC_CHECK_LIB(socket, main, , )
fi
dnl Checks for header files.
-AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h poll.h pty.h shadow.h sys/bsdtty.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h util.h utmp.h utmpx.h)
+AC_CHECK_HEADERS(bstring.h crypt.h endian.h lastlog.h login.h maillock.h netdb.h netgroup.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h util.h utmp.h utmpx.h)
dnl Checks for library functions.
-AC_CHECK_FUNCS(arc4random getpagesize _getpty innetgr mkdtemp openpty setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf)
+AC_CHECK_FUNCS(arc4random getpagesize _getpty innetgr md5_crypt mkdtemp openpty setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf)
AC_CHECK_FUNC(login,
[AC_DEFINE(HAVE_LOGIN)],
@@ -180,20 +177,34 @@ AC_TRY_COMPILE(
[AC_MSG_RESULT(no)]
)
-dnl Check PAM strerror arguments
-AC_MSG_CHECKING([whether pam_strerror takes only one argument])
-AC_TRY_COMPILE(
- [
- #include <stdlib.h>
- #include <security/pam_appl.h>
- ],
- [(void)pam_strerror((pam_handle_t *)NULL, -1);],
- [AC_MSG_RESULT(no)],
+AC_ARG_WITH(pam,
+ [ --without-pam Disable PAM support ],
[
- AC_DEFINE(HAVE_OLD_PAM)
- AC_MSG_RESULT(yes)
+ if test "x$withval" = "xno" ; then
+ no_pam=1
+ AC_DEFINE(DISABLE_PAM)
+ fi
]
-)
+)
+
+if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then
+ AC_CHECK_LIB(dl, dlopen, , )
+ LIBS="$LIBS -lpam"
+ dnl Check PAM strerror arguments
+ AC_MSG_CHECKING([whether pam_strerror takes only one argument])
+ AC_TRY_COMPILE(
+ [
+ #include <stdlib.h>
+ #include <security/pam_appl.h>
+ ],
+ [(void)pam_strerror((pam_handle_t *)NULL, -1);],
+ [AC_MSG_RESULT(no)],
+ [
+ AC_DEFINE(HAVE_OLD_PAM)
+ AC_MSG_RESULT(yes)
+ ]
+ )
+fi
AC_MSG_CHECKING([whether to build GNOME ssh-askpass])
dnl Check whether user wants GNOME ssh-askpass
@@ -303,16 +314,18 @@ AC_ARG_WITH(lastlog,
fi
done
if test -z "$gotlastlog" ; then
- AC_MSG_WARN([*** Cannot find lastlog ***])
+ AC_MSG_RESULT(not found)
nolastlog=1
else
if test "x$gotlastlog" = "xdir" ; then
+ AC_MSG_RESULT(${lastlog}/)
AC_DEFINE(LASTLOG_IS_DIR)
AC_MSG_WARN([*** Directory-based lastlogs are not yet supported ***])
nolastlog=1
+ else
+ AC_MSG_RESULT($lastlog)
+ AC_DEFINE_UNQUOTED(LASTLOG_LOCATION, "$lastlog")
fi
- AC_MSG_RESULT($lastlog)
- AC_DEFINE_UNQUOTED(LASTLOG_LOCATION, "$lastlog")
fi
]
)
diff --git a/defines.h b/defines.h
index 9d5d17f2..bcab3c08 100644
--- a/defines.h
+++ b/defines.h
@@ -18,9 +18,13 @@
#endif
#ifdef HAVE_MAILLOCK_H
-#include <maillock.h>
+# include <maillock.h> /* For _PATH_MAILDIR */
#endif
+#ifdef HAVE_SYS_CDEFS_H
+# include <sys/cdefs.h> /* For __P() */
+#endif
+
#ifndef SHUT_RDWR
enum
{
@@ -205,3 +209,8 @@ enum
# define _PATH_RSH RSH_PATH
# endif /* RSH_PATH */
#endif /* _PATH_RSH */
+
+#if defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM)
+# define USE_PAM
+#endif /* defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM) */
+
diff --git a/includes.h b/includes.h
index 0538bfbc..7203d08c 100644
--- a/includes.h
+++ b/includes.h
@@ -52,9 +52,15 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
#include <time.h>
#include <dirent.h>
+#ifdef HAVE_BSTRING_H
+# include <bstring.h>
+#endif
#ifdef HAVE_NETGROUP_H
# include <netgroup.h>
#endif
+#ifdef HAVE_NETDB_H
+# include <netdb.h>
+#endif
#ifdef HAVE_PATHS_H
# include <paths.h>
#endif
@@ -70,7 +76,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
#ifdef HAVE_SYS_BSDTTY_H
# include <sys/bsdtty.h>
#endif
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
# include <security/pam_appl.h>
#endif
diff --git a/md5crypt.c b/md5crypt.c
index 15af422a..16bcf33a 100644
--- a/md5crypt.c
+++ b/md5crypt.c
@@ -17,7 +17,7 @@
#include "config.h"
-#ifdef HAVE_MD5_PASSWORDS
+#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
#include <unistd.h>
#include <string.h>
@@ -163,4 +163,4 @@ md5_crypt(const char *pw, const char *salt)
return passwd;
}
-#endif /* HAVE_MD5_PASSWORDS */
+#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
diff --git a/md5crypt.h b/md5crypt.h
index f1d18572..2e018d87 100644
--- a/md5crypt.h
+++ b/md5crypt.h
@@ -20,18 +20,11 @@
#include "config.h"
-#include <unistd.h>
-#include <string.h>
-
-#ifdef HAVE_OPENSSL
-#include <openssl/md5.h>
-#endif
-
-#ifdef HAVE_SSL
-#include <ssl/md5.h>
-#endif
+#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
int is_md5_salt(const char *salt);
char *md5_crypt(const char *pw, const char *salt);
+#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
+
#endif /* MD5CRYPT_H */
diff --git a/sshd.c b/sshd.c
index f5274a42..bc913a2a 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
*/
#include "includes.h"
-RCSID("$Id: sshd.c,v 1.45 1999/12/26 23:55:23 damien Exp $");
+RCSID("$Id: sshd.c,v 1.46 1999/12/28 04:09:36 damien Exp $");
#ifdef HAVE_POLL_H
# include <poll.h>
@@ -143,7 +143,7 @@ void do_child(const char *command, struct passwd * pw, const char *term,
const char *display, const char *auth_proto,
const char *auth_data, const char *ttyname);
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
static int pamconv(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
int do_pam_auth(const char *user, const char *password);
@@ -301,7 +301,7 @@ void do_pam_session(char *username, char *ttyname)
if (pam_retval != PAM_SUCCESS)
fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
}
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
/*
* Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP;
@@ -952,7 +952,7 @@ main(int ac, char **av)
/* The connection has been terminated. */
verbose("Closing connection to %.100s", remote_ip);
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
{
int retval;
@@ -967,7 +967,7 @@ main(int ac, char **av)
fatal_remove_cleanup(&pam_cleanup_proc, NULL);
}
}
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
packet_close();
exit(0);
@@ -1285,7 +1285,7 @@ do_authentication(char *user)
pwcopy.pw_shell = xstrdup(pw->pw_shell);
pw = &pwcopy;
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
{
int pam_retval;
@@ -1313,11 +1313,11 @@ do_authentication(char *user)
#ifdef KRB4
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif /* KRB4 */
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
do_pam_auth(pw->pw_name, "")) {
-#else /* HAVE_LIBPAM */
+#else /* USE_PAM */
auth_password(pw, "")) {
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
/* Authentication with empty password succeeded. */
log("Login for user %s from %.100s, accepted without authentication.",
pw->pw_name, get_remote_ipaddr());
@@ -1457,9 +1457,9 @@ do_authloop(struct passwd * pw)
authenticated = auth_rhosts(pw, client_user);
snprintf(user, sizeof user, " ruser %s", client_user);
-#ifndef HAVE_LIBPAM
+#ifndef USE_PAM
xfree(client_user);
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
break;
case SSH_CMSG_AUTH_RHOSTS_RSA:
@@ -1492,9 +1492,9 @@ do_authloop(struct passwd * pw)
BN_clear_free(client_host_key_n);
snprintf(user, sizeof user, " ruser %s", client_user);
-#ifndef HAVE_LIBPAM
+#ifndef USE_PAM
xfree(client_user);
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
break;
case SSH_CMSG_AUTH_RSA:
@@ -1523,13 +1523,13 @@ do_authloop(struct passwd * pw)
password = packet_get_string(&dlen);
packet_integrity_check(plen, 4 + dlen, type);
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
/* Do PAM auth with password */
authenticated = do_pam_auth(pw->pw_name, password);
-#else /* HAVE_LIBPAM */
+#else /* USE_PAM */
/* Try authentication with the password. */
authenticated = auth_password(pw, password);
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
memset(password, 0, strlen(password));
xfree(password);
break;
@@ -1595,13 +1595,13 @@ do_authloop(struct passwd * pw)
get_remote_port(),
user);
-#ifndef HAVE_LIBPAM
+#ifndef USE_PAM
if (authenticated)
return;
if (attempt > AUTH_FAIL_MAX)
packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
-#else /* HAVE_LIBPAM */
+#else /* USE_PAM */
if (authenticated) {
do_pam_account(pw->pw_name, client_user);
@@ -1617,7 +1617,7 @@ do_authloop(struct passwd * pw)
packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
}
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
/* Send a message indicating that the authentication attempt failed. */
packet_start(SSH_SMSG_FAILURE);
@@ -1823,10 +1823,10 @@ do_authenticated(struct passwd * pw)
/* Indicate that we now have a pty. */
have_pty = 1;
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
/* do the pam_open_session since we have the pty */
do_pam_session(pw->pw_name,ttyname);
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
break;
@@ -2194,7 +2194,7 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd,
snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir);
quiet_login = stat(line, &st) >= 0;
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
/* output the results of the pamconv() */
if (!quiet_login && pamconv_msg != NULL)
fprintf(stderr, pamconv_msg);
@@ -2382,7 +2382,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
struct stat st;
char *argv[10];
-#ifndef HAVE_LIBPAM /* pam_nologin handles this */
+#ifndef USE_PAM /* pam_nologin handles this */
/* Check /etc/nologin. */
f = fopen("/etc/nologin", "r");
if (f) {
@@ -2393,7 +2393,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
if (pw->pw_uid != 0)
exit(254);
}
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
#ifdef HAVE_SETLOGIN
/* Set login name in the kernel. */
@@ -2498,7 +2498,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
}
#endif /* KRB4 */
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
/* Pull in any environment variables that may have been set by PAM. */
{
char *equals, var_name[512], var_val[512];
@@ -2517,7 +2517,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
}
}
}
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
if (xauthfile)
child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);