- Merged Dante SOCKS support patch from David Rankin

<drankin@bohemians.lexington.ky.us>
 - Updated documentation with ./configure options
This commit is contained in:
Damien Miller 1999-12-30 15:50:54 +11:00
parent 554ef3c7c2
commit 8bdeee25f8
6 changed files with 135 additions and 18 deletions

View File

@ -5,6 +5,9 @@
- Removed most of the pam code into its own file auth-pam.[ch]. This - Removed most of the pam code into its own file auth-pam.[ch]. This
cleaned up sshd.c up significantly. cleaned up sshd.c up significantly.
- Several other cleanups - Several other cleanups
- Merged Dante SOCKS support patch from David Rankin
<drankin@bohemians.lexington.ky.us>
- Updated documentation with ./configure options
19991229 19991229
- Applied another NetBSD portability patch from David Rankin - Applied another NetBSD portability patch from David Rankin

35
INSTALL
View File

@ -15,6 +15,12 @@ supports it. PAM is standard on Redhat and Debian Linux and on Solaris.
PAM: PAM:
http://www.kernel.org/pub/linux/libs/pam/ http://www.kernel.org/pub/linux/libs/pam/
Dante:
http://www.inet.no/dante
OpenSSH can also use the Dante SOCKS libraries, version 1.1.1pre1 or higher,
if you have them installed on your system.
If you wish to build the GNOME passphrase requester, you will need the GNOME If you wish to build the GNOME passphrase requester, you will need the GNOME
libraries and headers. libraries and headers.
@ -75,6 +81,14 @@ you may need to edit it before using it on your system.
There are a few other options to the configure script: There are a few other options to the configure script:
--with-rsh=PATH allows you to specify the path to your rsh program.
Normally ./configure will search the current $PATH for 'rsh'. You
may need to specify this option if rsh is not in your path or has a
different name.
--without-pam will disable PAM support. PAM is automatically detected
and switched on if found.
--enable-gnome-askpass will build the GNOME passphrase dialog. You --enable-gnome-askpass will build the GNOME passphrase dialog. You
need a working installation of GNOME, including the development need a working installation of GNOME, including the development
headers, for this to work. headers, for this to work.
@ -89,6 +103,12 @@ use this if your Unix does not support the /dev/urandom device (or
similar). The file argument refers to the EGD pool file, not the similar). The file argument refers to the EGD pool file, not the
EGD program itself. Please refer to the EGD documentation. EGD program itself. Please refer to the EGD documentation.
--with-lastlog=FILE will specify the location of the lastlog file.
./configure searches a few locations for lastlog, but may not find
it if lastlog is installed in a different place.
--without-lastlog will disable lastlog support entirely.
--with-kerberos4 will enable Kerberos IV support. You will need to --with-kerberos4 will enable Kerberos IV support. You will need to
have the Kerberos libraries and header files installed for this to have the Kerberos libraries and header files installed for this to
work. work.
@ -105,6 +125,21 @@ support. You will need libwrap.a and tcpd.h installed.
--with-md5-passwords will enable the use of MD5 passwords. Enable this --with-md5-passwords will enable the use of MD5 passwords. Enable this
if your operating system uses MD5 passwords without using PAM. if your operating system uses MD5 passwords without using PAM.
--with-utmpx enables utmpx support. utmpx support is automatic for
some platforms.
--without-shadow disables shadow password support.
--with-ipaddr-display forces the use of a numeric IP address in the
$DISPLAY environment variable. Some broken systems need this.
--with-default-path=PATH allows you to specify a default $PATH for sessions
started by sshd.
--with-dante[=DIR] will enable Dante SOCKS library support. If the Dante
libsocks library isn't installed in a library searched by the compiler,
add the directory name as the option.
If you need to pass special options to the compiler or linker, you If you need to pass special options to the compiler or linker, you
can specify these as enviornment variables before running ./configure. can specify these as enviornment variables before running ./configure.
For example: For example:

15
README
View File

@ -14,7 +14,9 @@ support (for Linux and Solaris), EGD[1] support, and replacements
for OpenBSD library functions that are (regrettably) absent from for OpenBSD library functions that are (regrettably) absent from
other unices. This port has been best tested on Linux, Solaris and other unices. This port has been best tested on Linux, Solaris and
HPUX, though support for AIX and Irix is underway. This version HPUX, though support for AIX and Irix is underway. This version
actively tracks changes in the OpenBSD CVS repository. actively tracks changes in the OpenBSD CVS repository. This port
also has optional support for using the Dante SOCKS library[6],
version 1.1.1pre1 or later.
The PAM support is now more functional than the popular packages of The PAM support is now more functional than the popular packages of
commercial ssh-1.2.x. It checks "account" and "session" modules for commercial ssh-1.2.x. It checks "account" and "session" modules for
@ -25,11 +27,11 @@ liberal. Please refer to the source files for details. The code in
bsd-*.[ch] is from the OpenBSD project and has its own license (again, bsd-*.[ch] is from the OpenBSD project and has its own license (again,
see the source files for details). see the source files for details).
OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4]. To build OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4] and
the GNOME[5] pass-phrase requester (--with-gnome-askpass), you will Dante[6]. To build the GNOME[5] pass-phrase requester
need the GNOME libraries installed. If you are building OpenSSH on a (--with-gnome-askpass), you will need the GNOME libraries installed.
Unix which lacks a kernel random number pool (/dev/random), you will If you are building OpenSSH on a Unix which lacks a kernel random
need to install EGD[1]. number pool (/dev/random), you will need to install EGD[1].
There is now a mailing list for this port of OpenSSH. To There is now a mailing list for this port of OpenSSH. To
subscribe, send a message consisting of the word 'SUBSCRIBE' to subscribe, send a message consisting of the word 'SUBSCRIBE' to
@ -71,4 +73,5 @@ References -
[3] http://www.openssl.org/ [3] http://www.openssl.org/
[4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris) [4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
[5] http://www.gnome.org/ [5] http://www.gnome.org/
[6] http://www.inet.no/dante

View File

@ -24,6 +24,9 @@
/* Are we using the Entropy gathering daemon */ /* Are we using the Entropy gathering daemon */
#undef HAVE_EGD #undef HAVE_EGD
/* Define if using the Dante SOCKS library. */
#undef HAVE_DANTE
/* Define if your ssl headers are included with #include <ssl/header.h> */ /* Define if your ssl headers are included with #include <ssl/header.h> */
#undef HAVE_SSL #undef HAVE_SSL

View File

@ -17,7 +17,9 @@ dnl Use ip address instead of hostname in $DISPLAY
AC_ARG_WITH(rsh, AC_ARG_WITH(rsh,
[ --with-rsh=PATH Specify path to remote shell program ], [ --with-rsh=PATH Specify path to remote shell program ],
[ [
if test "x$withval" != "$xno" ; then
AC_DEFINE_UNQUOTED(RSH_PATH, "$withval") AC_DEFINE_UNQUOTED(RSH_PATH, "$withval")
fi
], ],
[ [
AC_PATH_PROG(rsh_path, rsh) AC_PATH_PROG(rsh_path, rsh)
@ -367,6 +369,20 @@ if test ! -z "$nolastlog" ; then
AC_DEFINE(DISABLE_LASTLOG) AC_DEFINE(DISABLE_LASTLOG)
fi fi
dnl Compile with dante SOCKS library
AC_ARG_WITH(dante,
[ --with-dante=DIR Use Dante SOCKS lib (default is system library path)],
[
AC_DEFINE(HAVE_DANTE)
if test "x$withval" != "xno" ; then
if test -n $withval ; then
LIBS="$LIBS -L$withval"
fi
LIBS="$LIBS -lsocks"
fi
]
)
AC_CHECK_FILE("/dev/ptmx", AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)) AC_CHECK_FILE("/dev/ptmx", AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX))
AC_CHECK_FILE("/dev/ptc", AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)) AC_CHECK_FILE("/dev/ptc", AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC))
@ -386,9 +402,11 @@ dnl Check whether user wants Kerberos support
AC_ARG_WITH(kerberos4, AC_ARG_WITH(kerberos4,
[ --with-kerberos4 Enable Kerberos 4 support], [ --with-kerberos4 Enable Kerberos 4 support],
[ [
if test "x$withval" != "$xno" ; then
AC_DEFINE(KRB4) AC_DEFINE(KRB4)
LIBS="$LIBS -lkrb" LIBS="$LIBS -lkrb"
CFLAGS="$CFLAGS -I/usr/include/kerberosIV" CFLAGS="$CFLAGS -I/usr/include/kerberosIV"
fi
] ]
) )
@ -396,8 +414,10 @@ dnl Check whether user wants AFS support
AC_ARG_WITH(afs, AC_ARG_WITH(afs,
[ --with-afs Enable AFS support], [ --with-afs Enable AFS support],
[ [
if test "x$withval" != "$xno" ; then
AC_DEFINE(AFS) AC_DEFINE(AFS)
LIBS="$LIBS -lkafs" LIBS="$LIBS -lkafs"
fi
] ]
) )
@ -405,8 +425,10 @@ dnl Check whether user wants S/Key support
AC_ARG_WITH(skey, AC_ARG_WITH(skey,
[ --with-skey Enable S/Key support], [ --with-skey Enable S/Key support],
[ [
if test "x$withval" != "$xno" ; then
AC_DEFINE(SKEY) AC_DEFINE(SKEY)
LIBS="$LIBS -lskey" LIBS="$LIBS -lskey"
fi
] ]
) )
@ -414,8 +436,10 @@ dnl Check whether user wants TCP wrappers support
AC_ARG_WITH(tcp-wrappers, AC_ARG_WITH(tcp-wrappers,
[ --with-tcp-wrappers Enable tcpwrappers support], [ --with-tcp-wrappers Enable tcpwrappers support],
[ [
if test "x$withval" != "$xno" ; then
AC_DEFINE(LIBWRAP) AC_DEFINE(LIBWRAP)
LIBWRAP="-lwrap" LIBWRAP="-lwrap"
fi
] ]
) )
AC_SUBST(LIBWRAP) AC_SUBST(LIBWRAP)
@ -423,7 +447,11 @@ AC_SUBST(LIBWRAP)
dnl Check whether to enable MD5 passwords dnl Check whether to enable MD5 passwords
AC_ARG_WITH(md5-passwords, AC_ARG_WITH(md5-passwords,
[ --with-md5-passwords Enable use of MD5 passwords], [ --with-md5-passwords Enable use of MD5 passwords],
[AC_DEFINE(HAVE_MD5_PASSWORDS)] [
if test "x$withval" != "$xno" ; then
AC_DEFINE(HAVE_MD5_PASSWORDS)
fi
]
) )
dnl Check whether to enable utmpx support dnl Check whether to enable utmpx support

47
ssh.h
View File

@ -13,7 +13,7 @@
* *
*/ */
/* RCSID("$Id: ssh.h,v 1.22 1999/12/30 04:08:44 damien Exp $"); */ /* RCSID("$Id: ssh.h,v 1.23 1999/12/30 04:50:55 damien Exp $"); */
#ifndef SSH_H #ifndef SSH_H
#define SSH_H #define SSH_H
@ -745,4 +745,49 @@ int auth_skey_password(struct passwd * pw, const char *password);
#include "auth-pam.h" #include "auth-pam.h"
#endif /* USE_PAM */ #endif /* USE_PAM */
#ifdef HAVE_DANTE
/*
* The following defines map the normal socket operations to SOCKSified
* versions coming from the Dante SOCKS package.
*/
#define accept Raccept
#define bind Rbind
#define bindresvport Rbindresvport
#define connect Rconnect
#define gethostbyname Rgethostbyname
#define gethostbyname2 Rgethostbyname2
#define getpeername Rgetpeername
#define getsockname Rgetsockname
#define read Rread
#define readv Rreadv
#define recv Rrecv
#define recvmsg Rrecvmsg
#define recvfrom Rrecvfrom
#define rresvport Rrresvport
#define send Rsend
#define sendmsg Rsendmsg
#define sendto Rsendto
#define write Rwrite
#define writev Rwritev
int Raccept (int, struct sockaddr *, socklen_t *);
int Rbind (int, const struct sockaddr *, socklen_t);
int Rbindresvport(int , struct sockaddr_in *);
int Rconnect (int, const struct sockaddr *, socklen_t);
struct hostent *Rgethostbyname(const char *);
struct hostent *Rgethostbyname2(const char *, int);
int Rgetpeername (int, struct sockaddr *, socklen_t *);
int Rgetsockname (int, struct sockaddr *, socklen_t *);
ssize_t Rread(int , void *, size_t );
ssize_t Rreadv(int d, const struct iovec *iov, int iovcnt);
ssize_t Rrecv (int, void *, size_t, int);
ssize_t Rrecvfrom (int, void *, size_t, int, struct sockaddr *,
socklen_t *);
ssize_t Rsend (int, const void *, size_t, int);
ssize_t Rsendmsg (int, const struct msghdr *, int);
ssize_t Rsendto (int, const void *,
size_t, int, const struct sockaddr *, socklen_t);
ssize_t Rwrite(int , const void *, size_t );
ssize_t Rwritev(int , const struct iovec *, int );
#endif /* HAVE_DANTE */
#endif /* SSH_H */ #endif /* SSH_H */