- Merged Dante SOCKS support patch from David Rankin
<drankin@bohemians.lexington.ky.us> - Updated documentation with ./configure options
This commit is contained in:
parent
554ef3c7c2
commit
8bdeee25f8
|
@ -5,6 +5,9 @@
|
|||
- Removed most of the pam code into its own file auth-pam.[ch]. This
|
||||
cleaned up sshd.c up significantly.
|
||||
- Several other cleanups
|
||||
- Merged Dante SOCKS support patch from David Rankin
|
||||
<drankin@bohemians.lexington.ky.us>
|
||||
- Updated documentation with ./configure options
|
||||
|
||||
19991229
|
||||
- Applied another NetBSD portability patch from David Rankin
|
||||
|
|
35
INSTALL
35
INSTALL
|
@ -15,6 +15,12 @@ supports it. PAM is standard on Redhat and Debian Linux and on Solaris.
|
|||
PAM:
|
||||
http://www.kernel.org/pub/linux/libs/pam/
|
||||
|
||||
Dante:
|
||||
http://www.inet.no/dante
|
||||
|
||||
OpenSSH can also use the Dante SOCKS libraries, version 1.1.1pre1 or higher,
|
||||
if you have them installed on your system.
|
||||
|
||||
If you wish to build the GNOME passphrase requester, you will need the GNOME
|
||||
libraries and headers.
|
||||
|
||||
|
@ -75,6 +81,14 @@ you may need to edit it before using it on your system.
|
|||
|
||||
There are a few other options to the configure script:
|
||||
|
||||
--with-rsh=PATH allows you to specify the path to your rsh program.
|
||||
Normally ./configure will search the current $PATH for 'rsh'. You
|
||||
may need to specify this option if rsh is not in your path or has a
|
||||
different name.
|
||||
|
||||
--without-pam will disable PAM support. PAM is automatically detected
|
||||
and switched on if found.
|
||||
|
||||
--enable-gnome-askpass will build the GNOME passphrase dialog. You
|
||||
need a working installation of GNOME, including the development
|
||||
headers, for this to work.
|
||||
|
@ -89,6 +103,12 @@ use this if your Unix does not support the /dev/urandom device (or
|
|||
similar). The file argument refers to the EGD pool file, not the
|
||||
EGD program itself. Please refer to the EGD documentation.
|
||||
|
||||
--with-lastlog=FILE will specify the location of the lastlog file.
|
||||
./configure searches a few locations for lastlog, but may not find
|
||||
it if lastlog is installed in a different place.
|
||||
|
||||
--without-lastlog will disable lastlog support entirely.
|
||||
|
||||
--with-kerberos4 will enable Kerberos IV support. You will need to
|
||||
have the Kerberos libraries and header files installed for this to
|
||||
work.
|
||||
|
@ -105,6 +125,21 @@ support. You will need libwrap.a and tcpd.h installed.
|
|||
--with-md5-passwords will enable the use of MD5 passwords. Enable this
|
||||
if your operating system uses MD5 passwords without using PAM.
|
||||
|
||||
--with-utmpx enables utmpx support. utmpx support is automatic for
|
||||
some platforms.
|
||||
|
||||
--without-shadow disables shadow password support.
|
||||
|
||||
--with-ipaddr-display forces the use of a numeric IP address in the
|
||||
$DISPLAY environment variable. Some broken systems need this.
|
||||
|
||||
--with-default-path=PATH allows you to specify a default $PATH for sessions
|
||||
started by sshd.
|
||||
|
||||
--with-dante[=DIR] will enable Dante SOCKS library support. If the Dante
|
||||
libsocks library isn't installed in a library searched by the compiler,
|
||||
add the directory name as the option.
|
||||
|
||||
If you need to pass special options to the compiler or linker, you
|
||||
can specify these as enviornment variables before running ./configure.
|
||||
For example:
|
||||
|
|
15
README
15
README
|
@ -14,7 +14,9 @@ support (for Linux and Solaris), EGD[1] support, and replacements
|
|||
for OpenBSD library functions that are (regrettably) absent from
|
||||
other unices. This port has been best tested on Linux, Solaris and
|
||||
HPUX, though support for AIX and Irix is underway. This version
|
||||
actively tracks changes in the OpenBSD CVS repository.
|
||||
actively tracks changes in the OpenBSD CVS repository. This port
|
||||
also has optional support for using the Dante SOCKS library[6],
|
||||
version 1.1.1pre1 or later.
|
||||
|
||||
The PAM support is now more functional than the popular packages of
|
||||
commercial ssh-1.2.x. It checks "account" and "session" modules for
|
||||
|
@ -25,11 +27,11 @@ liberal. Please refer to the source files for details. The code in
|
|||
bsd-*.[ch] is from the OpenBSD project and has its own license (again,
|
||||
see the source files for details).
|
||||
|
||||
OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4]. To build
|
||||
the GNOME[5] pass-phrase requester (--with-gnome-askpass), you will
|
||||
need the GNOME libraries installed. If you are building OpenSSH on a
|
||||
Unix which lacks a kernel random number pool (/dev/random), you will
|
||||
need to install EGD[1].
|
||||
OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4] and
|
||||
Dante[6]. To build the GNOME[5] pass-phrase requester
|
||||
(--with-gnome-askpass), you will need the GNOME libraries installed.
|
||||
If you are building OpenSSH on a Unix which lacks a kernel random
|
||||
number pool (/dev/random), you will need to install EGD[1].
|
||||
|
||||
There is now a mailing list for this port of OpenSSH. To
|
||||
subscribe, send a message consisting of the word 'SUBSCRIBE' to
|
||||
|
@ -71,4 +73,5 @@ References -
|
|||
[3] http://www.openssl.org/
|
||||
[4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
|
||||
[5] http://www.gnome.org/
|
||||
[6] http://www.inet.no/dante
|
||||
|
||||
|
|
|
@ -24,6 +24,9 @@
|
|||
/* Are we using the Entropy gathering daemon */
|
||||
#undef HAVE_EGD
|
||||
|
||||
/* Define if using the Dante SOCKS library. */
|
||||
#undef HAVE_DANTE
|
||||
|
||||
/* Define if your ssl headers are included with #include <ssl/header.h> */
|
||||
#undef HAVE_SSL
|
||||
|
||||
|
|
50
configure.in
50
configure.in
|
@ -17,7 +17,9 @@ dnl Use ip address instead of hostname in $DISPLAY
|
|||
AC_ARG_WITH(rsh,
|
||||
[ --with-rsh=PATH Specify path to remote shell program ],
|
||||
[
|
||||
AC_DEFINE_UNQUOTED(RSH_PATH, "$withval")
|
||||
if test "x$withval" != "$xno" ; then
|
||||
AC_DEFINE_UNQUOTED(RSH_PATH, "$withval")
|
||||
fi
|
||||
],
|
||||
[
|
||||
AC_PATH_PROG(rsh_path, rsh)
|
||||
|
@ -367,6 +369,20 @@ if test ! -z "$nolastlog" ; then
|
|||
AC_DEFINE(DISABLE_LASTLOG)
|
||||
fi
|
||||
|
||||
dnl Compile with dante SOCKS library
|
||||
AC_ARG_WITH(dante,
|
||||
[ --with-dante=DIR Use Dante SOCKS lib (default is system library path)],
|
||||
[
|
||||
AC_DEFINE(HAVE_DANTE)
|
||||
if test "x$withval" != "xno" ; then
|
||||
if test -n $withval ; then
|
||||
LIBS="$LIBS -L$withval"
|
||||
fi
|
||||
LIBS="$LIBS -lsocks"
|
||||
fi
|
||||
]
|
||||
)
|
||||
|
||||
AC_CHECK_FILE("/dev/ptmx", AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX))
|
||||
AC_CHECK_FILE("/dev/ptc", AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC))
|
||||
|
||||
|
@ -386,9 +402,11 @@ dnl Check whether user wants Kerberos support
|
|||
AC_ARG_WITH(kerberos4,
|
||||
[ --with-kerberos4 Enable Kerberos 4 support],
|
||||
[
|
||||
AC_DEFINE(KRB4)
|
||||
LIBS="$LIBS -lkrb"
|
||||
CFLAGS="$CFLAGS -I/usr/include/kerberosIV"
|
||||
if test "x$withval" != "$xno" ; then
|
||||
AC_DEFINE(KRB4)
|
||||
LIBS="$LIBS -lkrb"
|
||||
CFLAGS="$CFLAGS -I/usr/include/kerberosIV"
|
||||
fi
|
||||
]
|
||||
)
|
||||
|
||||
|
@ -396,8 +414,10 @@ dnl Check whether user wants AFS support
|
|||
AC_ARG_WITH(afs,
|
||||
[ --with-afs Enable AFS support],
|
||||
[
|
||||
AC_DEFINE(AFS)
|
||||
LIBS="$LIBS -lkafs"
|
||||
if test "x$withval" != "$xno" ; then
|
||||
AC_DEFINE(AFS)
|
||||
LIBS="$LIBS -lkafs"
|
||||
fi
|
||||
]
|
||||
)
|
||||
|
||||
|
@ -405,8 +425,10 @@ dnl Check whether user wants S/Key support
|
|||
AC_ARG_WITH(skey,
|
||||
[ --with-skey Enable S/Key support],
|
||||
[
|
||||
AC_DEFINE(SKEY)
|
||||
LIBS="$LIBS -lskey"
|
||||
if test "x$withval" != "$xno" ; then
|
||||
AC_DEFINE(SKEY)
|
||||
LIBS="$LIBS -lskey"
|
||||
fi
|
||||
]
|
||||
)
|
||||
|
||||
|
@ -414,8 +436,10 @@ dnl Check whether user wants TCP wrappers support
|
|||
AC_ARG_WITH(tcp-wrappers,
|
||||
[ --with-tcp-wrappers Enable tcpwrappers support],
|
||||
[
|
||||
AC_DEFINE(LIBWRAP)
|
||||
LIBWRAP="-lwrap"
|
||||
if test "x$withval" != "$xno" ; then
|
||||
AC_DEFINE(LIBWRAP)
|
||||
LIBWRAP="-lwrap"
|
||||
fi
|
||||
]
|
||||
)
|
||||
AC_SUBST(LIBWRAP)
|
||||
|
@ -423,7 +447,11 @@ AC_SUBST(LIBWRAP)
|
|||
dnl Check whether to enable MD5 passwords
|
||||
AC_ARG_WITH(md5-passwords,
|
||||
[ --with-md5-passwords Enable use of MD5 passwords],
|
||||
[AC_DEFINE(HAVE_MD5_PASSWORDS)]
|
||||
[
|
||||
if test "x$withval" != "$xno" ; then
|
||||
AC_DEFINE(HAVE_MD5_PASSWORDS)
|
||||
fi
|
||||
]
|
||||
)
|
||||
|
||||
dnl Check whether to enable utmpx support
|
||||
|
|
47
ssh.h
47
ssh.h
|
@ -13,7 +13,7 @@
|
|||
*
|
||||
*/
|
||||
|
||||
/* RCSID("$Id: ssh.h,v 1.22 1999/12/30 04:08:44 damien Exp $"); */
|
||||
/* RCSID("$Id: ssh.h,v 1.23 1999/12/30 04:50:55 damien Exp $"); */
|
||||
|
||||
#ifndef SSH_H
|
||||
#define SSH_H
|
||||
|
@ -745,4 +745,49 @@ int auth_skey_password(struct passwd * pw, const char *password);
|
|||
#include "auth-pam.h"
|
||||
#endif /* USE_PAM */
|
||||
|
||||
#ifdef HAVE_DANTE
|
||||
/*
|
||||
* The following defines map the normal socket operations to SOCKSified
|
||||
* versions coming from the Dante SOCKS package.
|
||||
*/
|
||||
#define accept Raccept
|
||||
#define bind Rbind
|
||||
#define bindresvport Rbindresvport
|
||||
#define connect Rconnect
|
||||
#define gethostbyname Rgethostbyname
|
||||
#define gethostbyname2 Rgethostbyname2
|
||||
#define getpeername Rgetpeername
|
||||
#define getsockname Rgetsockname
|
||||
#define read Rread
|
||||
#define readv Rreadv
|
||||
#define recv Rrecv
|
||||
#define recvmsg Rrecvmsg
|
||||
#define recvfrom Rrecvfrom
|
||||
#define rresvport Rrresvport
|
||||
#define send Rsend
|
||||
#define sendmsg Rsendmsg
|
||||
#define sendto Rsendto
|
||||
#define write Rwrite
|
||||
#define writev Rwritev
|
||||
int Raccept (int, struct sockaddr *, socklen_t *);
|
||||
int Rbind (int, const struct sockaddr *, socklen_t);
|
||||
int Rbindresvport(int , struct sockaddr_in *);
|
||||
int Rconnect (int, const struct sockaddr *, socklen_t);
|
||||
struct hostent *Rgethostbyname(const char *);
|
||||
struct hostent *Rgethostbyname2(const char *, int);
|
||||
int Rgetpeername (int, struct sockaddr *, socklen_t *);
|
||||
int Rgetsockname (int, struct sockaddr *, socklen_t *);
|
||||
ssize_t Rread(int , void *, size_t );
|
||||
ssize_t Rreadv(int d, const struct iovec *iov, int iovcnt);
|
||||
ssize_t Rrecv (int, void *, size_t, int);
|
||||
ssize_t Rrecvfrom (int, void *, size_t, int, struct sockaddr *,
|
||||
socklen_t *);
|
||||
ssize_t Rsend (int, const void *, size_t, int);
|
||||
ssize_t Rsendmsg (int, const struct msghdr *, int);
|
||||
ssize_t Rsendto (int, const void *,
|
||||
size_t, int, const struct sockaddr *, socklen_t);
|
||||
ssize_t Rwrite(int , const void *, size_t );
|
||||
ssize_t Rwritev(int , const struct iovec *, int );
|
||||
#endif /* HAVE_DANTE */
|
||||
|
||||
#endif /* SSH_H */
|
||||
|
|
Loading…
Reference in New Issue