- Merged Dante SOCKS support patch from David Rankin

<drankin@bohemians.lexington.ky.us>
 - Updated documentation with ./configure options

ChangeLog

@@ -5,6 +5,9 @@
  - Removed most of the pam code into its own file auth-pam.[ch]. This 
    cleaned up sshd.c up significantly.
  - Several other cleanups
+ - Merged Dante SOCKS support patch from David Rankin
+  <drankin@bohemians.lexington.ky.us>
+ - Updated documentation with ./configure options
 
 19991229
  - Applied another NetBSD portability patch from David Rankin 

INSTALL

@@ -15,6 +15,12 @@ supports it. PAM is standard on Redhat and Debian Linux and on Solaris.
 PAM:
 http://www.kernel.org/pub/linux/libs/pam/
 
+Dante:
+http://www.inet.no/dante
+
+OpenSSH can also use the Dante SOCKS libraries, version 1.1.1pre1 or higher,
+if you have them installed on your system. 
+
 If you wish to build the GNOME passphrase requester, you will need the GNOME
 libraries and headers.
 
@@ -75,6 +81,14 @@ you may need to edit it before using it on your system.
 
 There are a few other options to the configure script:
 
+--with-rsh=PATH allows you to specify the path to your rsh program. 
+Normally ./configure will search the current $PATH for 'rsh'. You 
+may need to specify this option if rsh is not in your path or has a
+different name.
+
+--without-pam will disable PAM support. PAM is automatically detected 
+and switched on if found.
+
 --enable-gnome-askpass will build the GNOME passphrase dialog. You
 need a working installation of GNOME, including the development
 headers, for this to work.
@@ -89,6 +103,12 @@ use this if your Unix does not support the /dev/urandom device (or
 similar). The file argument refers to the EGD pool file, not the 
 EGD program itself. Please refer to the EGD documentation.
 
+--with-lastlog=FILE will specify the location of the lastlog file. 
+./configure searches a few locations for lastlog, but may not find
+it if lastlog is installed in a different place.
+
+--without-lastlog will disable lastlog support entirely.
+
 --with-kerberos4 will enable Kerberos IV support. You will need to
 have the Kerberos libraries and header files installed for this to
 work.
@@ -105,6 +125,21 @@ support. You will need libwrap.a and tcpd.h installed.
 --with-md5-passwords will enable the use of MD5 passwords. Enable this
 if your operating system uses MD5 passwords without using PAM.
 
+--with-utmpx enables utmpx support. utmpx support is automatic for 
+some platforms.
+
+--without-shadow disables shadow password support.
+
+--with-ipaddr-display forces the use of a numeric IP address in the 
+$DISPLAY environment variable. Some broken systems need this.
+
+--with-default-path=PATH allows you to specify a default $PATH for sessions
+started by sshd.
+
+--with-dante[=DIR] will enable Dante SOCKS library support. If the Dante
+libsocks library isn't installed in a library searched by the compiler,
+add the directory name as the option.
+
 If you need to pass special options to the compiler or linker, you
 can specify these as enviornment variables before running ./configure.
 For example:

README

@@ -14,7 +14,9 @@ support (for Linux and Solaris), EGD[1] support, and replacements
 for OpenBSD library functions that are (regrettably) absent from
 other unices. This port has been best tested on Linux, Solaris and
 HPUX, though support for AIX and Irix is underway. This version 
-actively tracks changes in the OpenBSD CVS repository.
+actively tracks changes in the OpenBSD CVS repository. This port
+also has optional support for using the Dante SOCKS library[6],
+version 1.1.1pre1 or later.
 
 The PAM support is now more functional than the popular packages of
 commercial ssh-1.2.x. It checks "account" and "session" modules for
@@ -25,11 +27,11 @@ liberal. Please refer to the source files for details. The code in
 bsd-*.[ch] is from the OpenBSD project and has its own license (again,
 see the source files for details).
 
-OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4]. To build
+OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4] and
-the GNOME[5] pass-phrase requester (--with-gnome-askpass), you will
+Dante[6]. To build the GNOME[5] pass-phrase requester
-need the GNOME libraries installed. If you are building OpenSSH on a
+(--with-gnome-askpass), you will need the GNOME libraries installed.
-Unix which lacks a kernel random number pool (/dev/random), you will
+If you are building OpenSSH on a Unix which lacks a kernel random
-need to install EGD[1].
+number pool (/dev/random), you will need to install EGD[1]. 
 
 There is now a mailing list for this port of OpenSSH. To
 subscribe, send a message consisting of the word 'SUBSCRIBE' to
@@ -71,4 +73,5 @@ References -
 [3] http://www.openssl.org/
 [4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
 [5] http://www.gnome.org/
+[6] http://www.inet.no/dante
 

acconfig.h

@@ -24,6 +24,9 @@
 /* Are we using the Entropy gathering daemon */
 #undef HAVE_EGD
 
+/* Define if using the Dante SOCKS library. */
+#undef HAVE_DANTE
+
 /* Define if your ssl headers are included with #include <ssl/header.h>  */
 #undef HAVE_SSL
 

configure.in

@@ -17,7 +17,9 @@ dnl Use ip address instead of hostname in $DISPLAY
 AC_ARG_WITH(rsh,
 	[  --with-rsh=PATH         Specify path to remote shell program ],
 	[
-		AC_DEFINE_UNQUOTED(RSH_PATH, "$withval")
+		if test "x$withval" != "$xno" ; then
+			AC_DEFINE_UNQUOTED(RSH_PATH, "$withval")
+		fi
 	],
 	[
 		AC_PATH_PROG(rsh_path, rsh)
@@ -367,6 +369,20 @@ if test ! -z "$nolastlog" ; then
 	AC_DEFINE(DISABLE_LASTLOG)
 fi
 
+dnl Compile with dante SOCKS library
+AC_ARG_WITH(dante,
+	[  --with-dante=DIR        Use Dante SOCKS lib (default is system library path)],
+	[
+		AC_DEFINE(HAVE_DANTE)
+		if test "x$withval" != "xno" ; then
+			if test -n $withval ; then
+				LIBS="$LIBS -L$withval"
+			fi
+			LIBS="$LIBS -lsocks"
+		fi
+	]
+)
+
 AC_CHECK_FILE("/dev/ptmx", AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX))
 AC_CHECK_FILE("/dev/ptc", AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC))
 
@@ -386,9 +402,11 @@ dnl Check whether user wants Kerberos support
 AC_ARG_WITH(kerberos4,
 	[  --with-kerberos4        Enable Kerberos 4 support],
 	[
-		AC_DEFINE(KRB4)
+		if test "x$withval" != "$xno" ; then
-		LIBS="$LIBS -lkrb"
+			AC_DEFINE(KRB4)
-		CFLAGS="$CFLAGS -I/usr/include/kerberosIV"
+			LIBS="$LIBS -lkrb"
+			CFLAGS="$CFLAGS -I/usr/include/kerberosIV"
+		fi
 	]
 )
 
@@ -396,8 +414,10 @@ dnl Check whether user wants AFS support
 AC_ARG_WITH(afs,
 	[  --with-afs              Enable AFS support],
 	[
-		AC_DEFINE(AFS)
+		if test "x$withval" != "$xno" ; then
-		LIBS="$LIBS -lkafs"
+			AC_DEFINE(AFS)
+			LIBS="$LIBS -lkafs"
+		fi
 	]
 )
 
@@ -405,8 +425,10 @@ dnl Check whether user wants S/Key support
 AC_ARG_WITH(skey,
 	[  --with-skey             Enable S/Key support],
 	[
-		AC_DEFINE(SKEY)
+		if test "x$withval" != "$xno" ; then
-		LIBS="$LIBS -lskey"
+			AC_DEFINE(SKEY)
+			LIBS="$LIBS -lskey"
+		fi
 	]
 )
 
@@ -414,8 +436,10 @@ dnl Check whether user wants TCP wrappers support
 AC_ARG_WITH(tcp-wrappers,
 	[  --with-tcp-wrappers     Enable tcpwrappers support],
 	[
-		AC_DEFINE(LIBWRAP)
+		if test "x$withval" != "$xno" ; then
-		LIBWRAP="-lwrap"
+			AC_DEFINE(LIBWRAP)
+			LIBWRAP="-lwrap"
+		fi
 	]
 )
 AC_SUBST(LIBWRAP)
@@ -423,7 +447,11 @@ AC_SUBST(LIBWRAP)
 dnl Check whether to enable MD5 passwords
 AC_ARG_WITH(md5-passwords,
 	[  --with-md5-passwords    Enable use of MD5 passwords],
-	[AC_DEFINE(HAVE_MD5_PASSWORDS)]
+	[
+		if test "x$withval" != "$xno" ; then
+			AC_DEFINE(HAVE_MD5_PASSWORDS)
+		fi
+	]
 )
 
 dnl Check whether to enable utmpx support

ssh.h

@@ -13,7 +13,7 @@
  * 
  */
 
-/* RCSID("$Id: ssh.h,v 1.22 1999/12/30 04:08:44 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.23 1999/12/30 04:50:55 damien Exp $"); */
 
 #ifndef SSH_H
 #define SSH_H
@@ -745,4 +745,49 @@ int	auth_skey_password(struct passwd * pw, const char *password);
 #include "auth-pam.h"
 #endif /* USE_PAM */
 
+#ifdef HAVE_DANTE
+/*
+ * The following defines map the normal socket operations to SOCKSified
+ * versions coming from the Dante SOCKS package.
+ */
+#define accept Raccept
+#define bind Rbind
+#define bindresvport Rbindresvport
+#define connect Rconnect
+#define gethostbyname Rgethostbyname
+#define gethostbyname2 Rgethostbyname2
+#define getpeername Rgetpeername
+#define getsockname Rgetsockname
+#define read Rread
+#define readv Rreadv
+#define recv Rrecv
+#define recvmsg Rrecvmsg
+#define recvfrom Rrecvfrom
+#define rresvport Rrresvport
+#define send Rsend
+#define sendmsg Rsendmsg
+#define sendto Rsendto
+#define write Rwrite
+#define writev Rwritev
+int     Raccept (int, struct sockaddr *, socklen_t *);
+int     Rbind (int, const struct sockaddr *, socklen_t);
+int	Rbindresvport(int , struct sockaddr_in *);
+int     Rconnect (int, const struct sockaddr *, socklen_t);
+struct hostent *Rgethostbyname(const char *);
+struct hostent *Rgethostbyname2(const char *, int);
+int     Rgetpeername (int, struct sockaddr *, socklen_t *);
+int     Rgetsockname (int, struct sockaddr *, socklen_t *);
+ssize_t Rread(int , void *, size_t );
+ssize_t Rreadv(int d, const struct iovec *iov, int iovcnt);
+ssize_t Rrecv (int, void *, size_t, int);
+ssize_t Rrecvfrom (int, void *, size_t, int, struct sockaddr *,
+            socklen_t *);
+ssize_t Rsend (int, const void *, size_t, int);
+ssize_t Rsendmsg (int, const struct msghdr *, int);
+ssize_t Rsendto (int, const void *,
+            size_t, int, const struct sockaddr *, socklen_t);
+ssize_t Rwrite(int , const void *, size_t );
+ssize_t Rwritev(int , const struct iovec *, int );
+#endif /* HAVE_DANTE */
+
 #endif				/* SSH_H */