diff --git a/ChangeLog b/ChangeLog index 1baf23475..9ca8e55ff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,14 @@ +20000618 + - (djm) Add summary of configure options to end of ./configure run + - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from + Michael Stone + - (djm) rusage is a privileged operation on some Unices (incl. + Solaris 2.5.1). Report from Paul D. Smith + - (djm) Avoid PAM failures when running without a TTY. Report from + Martin Petrak + - (djm) Include sys/types.h when including netinet/in.h in configure tests. + Patch from Jun-ichiro itojun Hagino + 20000613 - (djm) Fixes from Andrew McGill : - Platform define for SCO 3.x which breaks on /dev/ptmx diff --git a/auth-pam.c b/auth-pam.c index 67a851d1b..8ceb26917 100644 --- a/auth-pam.c +++ b/auth-pam.c @@ -34,7 +34,7 @@ #include "xmalloc.h" #include "servconf.h" -RCSID("$Id: auth-pam.c,v 1.6 2000/06/12 06:38:54 djm Exp $"); +RCSID("$Id: auth-pam.c,v 1.7 2000/06/18 04:07:04 djm Exp $"); #define NEW_AUTHTOK_MSG \ "Warning: You password has expired, please change it now" @@ -246,6 +246,12 @@ void start_pam(struct passwd *pw) PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); } + pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, "ssh"); + if (pam_retval != PAM_SUCCESS) { + fatal("PAM set tty failed: %.200s", + PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); + } + fatal_add_cleanup(&pam_cleanup_proc, NULL); } diff --git a/configure.in b/configure.in index 0e755e4b7..f0edebacc 100644 --- a/configure.in +++ b/configure.in @@ -208,12 +208,14 @@ AC_CHECK_FUNC(getpagesize, [AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])] ) +PAM_MSG="no" AC_ARG_WITH(pam, [ --without-pam Disable PAM support ], [ if test "x$withval" = "xno" ; then no_pam=1 AC_DEFINE(DISABLE_PAM) + PAM_MSG="disabled" fi ] ) @@ -223,6 +225,8 @@ if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then AC_CHECK_FUNCS(pam_getenvlist) + PAM_MSG="yes" + # Check PAM strerror arguments (old PAM) AC_MSG_CHECKING([whether pam_strerror takes only one argument]) AC_TRY_COMPILE( @@ -235,6 +239,7 @@ if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then [ AC_DEFINE(HAVE_OLD_PAM) AC_MSG_RESULT(yes) + PAM_MSG="yes (old library)" ] ) fi @@ -353,13 +358,17 @@ done if test ! -z "$no_rsa" ; then AC_MSG_RESULT(disabled) + RSA_MSG="disabled" else if test -z "$rsa_works" ; then AC_MSG_WARN([*** No RSA support found *** ]) + RSA_MSG="no" else if test -z "$WANTS_RSAREF" ; then AC_MSG_RESULT(yes) + RSA_MSG="yes" else + RSA_MSG="yes (using RSAref)" AC_MSG_RESULT(using RSAref) LIBS="$saved_LIBS -lcrypto -lRSAglue -lrsaref" fi @@ -501,6 +510,7 @@ fi AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [ AC_TRY_COMPILE( [ +#include #include ], [ struct sockaddr_in6 s; s.sin6_family = 0; ], @@ -515,6 +525,7 @@ fi AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [ AC_TRY_COMPILE( [ +#include #include ], [ struct in6_addr s; s.s6_addr[0] = 0; ], @@ -562,8 +573,6 @@ OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP) OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX) OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX) - - AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage], ac_cv_have_ss_family_in_struct_ss, [ AC_TRY_COMPILE( @@ -580,7 +589,6 @@ if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then AC_DEFINE(HAVE_SS_FAMILY_IN_SS) fi - AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage], ac_cv_have___ss_family_in_struct_ss, [ AC_TRY_COMPILE( @@ -615,7 +623,7 @@ AC_ARG_WITH(rsh, [ --with-rsh=PATH Specify path to remote shell program ], [ if test "x$withval" != "$no" ; then - AC_DEFINE_UNQUOTED(RSH_PATH, "$withval") + rsa_path=$withval fi ], [ @@ -627,7 +635,7 @@ AC_ARG_WITH(xauth, [ --with-xauth=PATH Specify path to xauth program ], [ if test "x$withval" != "$xno" ; then - AC_DEFINE_UNQUOTED(XAUTH_PATH, "$withval") + xauth_path=$withval fi ], [ @@ -746,6 +754,7 @@ AC_SUBST(MANTYPE) AC_SUBST(mansubdir) # Check whether user wants Kerberos support +KRB4_MSG="no" AC_ARG_WITH(kerberos4, [ --with-kerberos4=PATH Enable Kerberos 4 support], [ @@ -778,12 +787,14 @@ AC_ARG_WITH(kerberos4, KLIBS="-lkrb -ldes" AC_CHECK_LIB(resolv, dn_expand, , ) KRB4=yes + KRB4_MSG="yes" AC_DEFINE(KRB4) fi ] ) # Check whether user wants AFS support +AFS_MSG="no" AC_ARG_WITH(afs, [ --with-afs=PATH Enable AFS support], [ @@ -803,23 +814,27 @@ AC_ARG_WITH(afs, LIBS="$LIBS $AFS_LIBS" fi AC_DEFINE(AFS) + AFS_MSG="yes" fi ] ) LIBS="$LIBS $KLIBS" # Check whether user wants S/Key support +SKEY_MSG="no" AC_ARG_WITH(skey, [ --with-skey Enable S/Key support], [ if test "x$withval" != "xno" ; then AC_DEFINE(SKEY) LIBS="$LIBS -lskey" + SKEY_MSG="yes" fi ] ) # Check whether user wants TCP wrappers support +TCPW_MSG="no" AC_ARG_WITH(tcp-wrappers, [ --with-tcp-wrappers Enable tcpwrappers support], [ @@ -836,11 +851,10 @@ AC_ARG_WITH(tcp-wrappers, [ AC_MSG_RESULT(yes) AC_DEFINE(LIBWRAP) + TCPW_MSG="yes" ], [ - AC_MSG_RESULT(no) - AC_MSG_WARN([*** libwrap missing - tcpwrapper support disabled ***]) - LIBS="$saved_LIBS" + AC_MSG_ERROR([*** libwrap missing]) ] ) fi @@ -848,11 +862,13 @@ AC_ARG_WITH(tcp-wrappers, ) # Check whether to enable MD5 passwords +MD5_MSG="no" AC_ARG_WITH(md5-passwords, [ --with-md5-passwords Enable use of MD5 passwords], [ if test "x$withval" != "xno" ; then AC_DEFINE(HAVE_MD5_PASSWORDS) + MD5_MSG="yes" fi ] ) @@ -868,42 +884,50 @@ AC_ARG_WITH(shadow, ) # Use ip address instead of hostname in $DISPLAY +DISPLAY_HACK_MSG="no" AC_ARG_WITH(ipaddr-display, [ --with-ipaddr-display Use ip address instead of hostname in \$DISPLAY], [ if test "x$withval" = "xno" ; then AC_DEFINE(IPADDR_IN_DISPLAY) + DISPLAY_HACK_MSG="yes" fi ] ) # Whether to mess with the default path +SERVER_PATH_MSG="(default)" AC_ARG_WITH(default-path, [ --with-default-path=PATH Specify default \$PATH environment for server], [ if test "x$withval" != "xno" ; then AC_DEFINE_UNQUOTED(USER_PATH, "$withval") + SERVER_PATH_MSG="$withval" fi ] ) # Whether to force IPv4 by default (needed on broken glibc Linux) +IPV4_HACK_MSG="no" AC_ARG_WITH(ipv4-default, [ --with-ipv4-default Use IPv4 by connections unless '-6' specified], [ if test "x$withval" != "xno" ; then AC_DEFINE(IPV4_DEFAULT) + IPV4_HACK_MSG="yes" fi ] ) AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses]) +IPV4_IN6_HACK_MSG="no" AC_ARG_WITH(4in6, [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], [ if test "x$withval" != "xno" ; then AC_MSG_RESULT(yes) AC_DEFINE(IPV4_IN_IPV6) + IPV4_IN6_HACK_MSG="yes" else AC_MSG_RESULT(no) fi @@ -911,6 +935,7 @@ AC_ARG_WITH(4in6, if test "x$inet6_default_4in6" = "xyes"; then AC_MSG_RESULT([yes (default)]) AC_DEFINE(IPV4_IN_IPV6) + IPV4_IN6_HACK_MSG="yes" else AC_MSG_RESULT([no (default)]) fi @@ -1162,3 +1187,57 @@ fi AC_OUTPUT(Makefile ssh_prng_cmds) +# Print summary of options + +if test x$MANTYPE = x'$(CATMAN)' ; then + MAN_MSG=cat +else + MAN_MSG=man +fi +if test ! -z "$RANDOM_POOL" ; then + RAND_MSG="Device ($RANDOM_POOL)" +else + if test ! -z "$EGD_SOCKET" ; then + RAND_MSG="EGD ($EGD_SOCKET)" + else + RAND_MSG="Builtin (timeout $entropy_timeout)" + fi +fi + +# Someone please show me a better way :) +A=`eval echo ${prefix}` ; A=`eval echo ${A}` +B=`eval echo ${bindir}` ; B=`eval echo ${B}` +C=`eval echo ${sbindir}` ; C=`eval echo ${C}` +D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}` +E=`eval echo ${libexecdir}/ssh/ssh-askpass` ; E=`eval echo ${E}` +F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}` +G=`eval echo ${piddir}` ; G=`eval echo ${G}` + +echo "" +echo "OpenSSH configured has been configured with the following options." +echo " User binaries: $B" +echo " System binaries: $C" +echo " Configuration files: $D" +echo " Askpass program: $E" +echo " Manual pages: $F" +echo " PID file: $G" +echo " Random number collection: $RAND_MSG" +echo " Manpage format: $MAN_MSG" +echo " PAM support: ${PAM_MSG}" +echo " KerberosIV support: $KRB4_MSG" +echo " AFS support: $AFS_MSG" +echo " S/KEY support: $SKEY_MSG" +echo " TCP Wrappers support: $TCPW_MSG" +echo " MD5 password support: $MD5_MSG" +echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" +echo " Use IPv4 by default hack: $IPV4_HACK_MSG" +echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" + +echo "" + +echo "Compiler flags: ${CFLAGS}" +echo "Linker flags: ${LDFLAGS}" +echo "Libraries: ${LIBS}" + +echo "" + diff --git a/entropy.c b/entropy.c index cbb36fd29..09dcae3ba 100644 --- a/entropy.c +++ b/entropy.c @@ -35,7 +35,7 @@ #include #include -RCSID("$Id: entropy.c,v 1.13 2000/06/07 12:20:23 djm Exp $"); +RCSID("$Id: entropy.c,v 1.14 2000/06/18 04:07:04 djm Exp $"); #ifndef offsetof # define offsetof(type, member) ((size_t) &((type *)0)->member) @@ -55,6 +55,13 @@ RCSID("$Id: entropy.c,v 1.13 2000/06/07 12:20:23 djm Exp $"); #define WHITESPACE " \t\n" +#ifndef RUSAGE_SELF +# define RUSAGE_SELF 0 +#endif +#ifndef RUSAGE_CHILDREN +# define RUSAGE_CHILDREN 0 +#endif + #if defined(EGD_SOCKET) || defined(RANDOM_POOL) #ifdef EGD_SOCKET @@ -187,11 +194,11 @@ stir_from_system(void) total_entropy_estimate = 0; i = getpid(); - RAND_add(&i, sizeof(i), 0.1); + RAND_add(&i, sizeof(i), 0.5); total_entropy_estimate += 0.1; i = getppid(); - RAND_add(&i, sizeof(i), 0.1); + RAND_add(&i, sizeof(i), 0.5); total_entropy_estimate += 0.1; i = getuid(); @@ -200,7 +207,7 @@ stir_from_system(void) RAND_add(&i, sizeof(i), 0.0); total_entropy_estimate += stir_gettimeofday(1.0); - total_entropy_estimate += stir_clock(0.2); + total_entropy_estimate += stir_clock(0.5); total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0); return(total_entropy_estimate); @@ -301,9 +308,9 @@ stir_rusage(int who, double entropy_estimate) struct rusage ru; if (getrusage(who, &ru) == -1) - fatal("Couldn't getrusage: %s", strerror(errno)); + return(0); - RAND_add(&ru, sizeof(ru), 0.1); + RAND_add(&ru, sizeof(ru), entropy_estimate); return(entropy_estimate); #else /* _HAVE_GETRUSAGE */