- Portability fixes for Irix 5.3 (now compiles OK!)

- autoconf and other misc cleanups

ChangeLog

@@ -3,6 +3,8 @@
  - NetBSD login.c compile fix from David Rankin 
   <drankin@bohemians.lexington.ky.us>
  - Fully set ut_tv if present in utmp or utmpx
+ - Portability fixes for Irix 5.3 (now compiles OK!)
+ - autoconf and other misc cleanups
 
 19991227
  - Automatically correct paths in manpages and configuration files. Patch

INSTALL

@@ -105,6 +105,11 @@ support. You will need libwrap.a and tcpd.h installed.
 --with-md5-passwords will enable the use of MD5 passwords. Enable this
 if your operating system uses MD5 passwords without using PAM.
 
+If you need to pass special options to the compiler or linker, you
+can specify these as enviornment variables before running ./configure.
+For example:
+
+CFLAGS="-O -m486" LFLAGS="-s" ./configure
 
 3. Configuration
 ----------------

Makefile.in

@@ -85,7 +85,7 @@ gnome-ssh-askpass: gnome-ssh-askpass.c
 	$(CC) $(CFLAGS) $(GNOME_CFLAGS) -o $@ gnome-ssh-askpass.c $(GNOME_LIBS)
 
 clean:
-	rm -f $(OBJS) $(TARGETS) config.status config.cache config.log core \
+	rm -f *.o $(TARGETS) config.status config.cache config.log core \
 		*.1 *.8 sshd_config ssh_config
 
 manpages:

README

@@ -12,9 +12,9 @@ http://www.openssh.com/
 This port consists of the re-introduction of autoconf support, PAM
 support (for Linux and Solaris), EGD[1] support, and replacements
 for OpenBSD library functions that are (regrettably) absent from
-other unices. This port has been best tested on Linux, though some
-Solaris support is beginning to filter in. This version actively
-tracks changes in the OpenBSD CVS repository.
+other unices. This port has been best tested on Linux, Solaris and
+HPUX, though support for AIX and Irix is underway. This version 
+actively tracks changes in the OpenBSD CVS repository.
 
 The PAM support is now more functional than the popular packages of
 commercial ssh-1.2.x. It checks "account" and "session" modules for

TODO

@@ -4,10 +4,6 @@
 
 - Better documentation
 
-- Port to other platforms
-
-- Better testing on non-PAM systems
-
 - Replace the horror in acconfig.h which tries to comphensate for the 
   lack of u_intXX_t types. There must be a better way.
 

acconfig.h

@@ -6,6 +6,9 @@
 /* SSL directory.  */
 #undef ssldir
 
+/* Define if you want to disable PAM support */
+#undef DISABLE_PAM
+
 /* Define if you want to disable lastlog support */
 #undef DISABLE_LASTLOG
 
@@ -115,6 +118,9 @@
 /* Specify default $PATH */
 #undef USER_PATH
 
+/* Define if the inclusion of crypt.h breaks the build (e.g. Irix 5.x) */
+#undef CRYPT_H_BREAKS_BUILD
+
 @BOTTOM@
 
 /* ******************* Shouldn't need to edit below this line ************** */

auth-passwd.c

@@ -9,9 +9,9 @@
 
 #include "includes.h"
 
-#ifndef HAVE_LIBPAM
+#ifndef USE_PAM
 
-RCSID("$Id: auth-passwd.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
+RCSID("$Id: auth-passwd.c,v 1.12 1999/12/28 04:09:36 damien Exp $");
 
 #include "packet.h"
 #include "ssh.h"
@@ -19,12 +19,14 @@ RCSID("$Id: auth-passwd.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
 #include "xmalloc.h"
 
 #ifdef HAVE_SHADOW_H
-#include <shadow.h>
-#endif
-
-#ifdef HAVE_MD5_PASSWORDS
-#include "md5crypt.h"
+# include <shadow.h>
 #endif
+#if defined(HAVE_CRYPT_H) && !defined(CRYPT_H_BREAKS_BUILD)
+# include <crypt.h>
+#endif /* defined(HAVE_CRYPT_H) && !defined(CRYPT_H_BREAKS_BUILD) */
+#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
+# include "md5crypt.h"
+#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
 
 /*
  * Tries to authenticate the user using password.  Returns true if
@@ -101,4 +103,4 @@ auth_password(struct passwd * pw, const char *password)
 	/* Authentication is accepted if the encrypted passwords are identical. */
 	return (strcmp(encrypted_password, pw_password) == 0);
 }
-#endif /* !HAVE_LIBPAM */
+#endif /* !USE_PAM */

configure.in

@@ -56,6 +56,12 @@ case "$host" in
 *-*-solaris*)
 	AC_DEFINE(USE_UTMPX)
 	;;
+*-*-irix5*)
+	AC_DEFINE(CRYPT_H_BREAKS_BUILD)
+#	CFLAGS="$CFLAGS -shared"
+	no_libsocket=1
+	no_libnsl=1
+	;;
 esac
 
 dnl Check for OpenSSL/SSLeay directories.
@@ -81,7 +87,6 @@ if test "$ssldir" != "/usr"; then
 	CFLAGS="$CFLAGS -I$ssldir/include"
 	LDFLAGS="$LDFLAGS -L$ssldir/lib"
 fi
-LIBS="$LIBS -lssl -lcrypto"
 AC_MSG_RESULT($ssldir)
 
 dnl Check for RSAref library.
@@ -96,28 +101,20 @@ dnl Checks for libraries.
 AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***]))
 AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***]))
 AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil")
-AC_CHECK_LIB(nsl, yp_match, , )
-AC_CHECK_LIB(socket, main, , )
+AC_CHECK_LIB(crypt, crypt, , )
 
-dnl Use ip address instead of hostname in $DISPLAY
-AC_ARG_WITH(pam,
-	[  --without-pam           Disable PAM support ],
-	[
-		if test "x$withval" != "xno" ; then
-			no_pam=1
-		fi
-	]
-)
-if test -z "$no_pam" ; then
-	AC_CHECK_LIB(dl, dlopen, , )
-	AC_CHECK_LIB(pam, pam_authenticate, , )
+if test -z "$no_libsocket" ; then
+	AC_CHECK_LIB(nsl, yp_match, , )
+fi
+if test -z "$no_libnsl" ; then
+	AC_CHECK_LIB(socket, main, , )
 fi
 
 dnl Checks for header files.
-AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h poll.h pty.h shadow.h sys/bsdtty.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h util.h utmp.h utmpx.h)
+AC_CHECK_HEADERS(bstring.h crypt.h endian.h lastlog.h login.h maillock.h netdb.h netgroup.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h util.h utmp.h utmpx.h)
 
 dnl Checks for library functions.
-AC_CHECK_FUNCS(arc4random getpagesize _getpty innetgr mkdtemp openpty setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf)
+AC_CHECK_FUNCS(arc4random getpagesize _getpty innetgr md5_crypt mkdtemp openpty setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf)
 
 AC_CHECK_FUNC(login, 
 	[AC_DEFINE(HAVE_LOGIN)],
@@ -180,20 +177,34 @@ AC_TRY_COMPILE(
 	[AC_MSG_RESULT(no)]
 ) 
 
-dnl Check PAM strerror arguments
-AC_MSG_CHECKING([whether pam_strerror takes only one argument])
-AC_TRY_COMPILE(
+AC_ARG_WITH(pam,
+	[  --without-pam           Disable PAM support ],
 	[
-		#include <stdlib.h>
-		#include <security/pam_appl.h>
-	], 
-	[(void)pam_strerror((pam_handle_t *)NULL, -1);], 
-	[AC_MSG_RESULT(no)],
-	[
-		AC_DEFINE(HAVE_OLD_PAM)
-		AC_MSG_RESULT(yes)
+		if test "x$withval" = "xno" ; then
+			no_pam=1
+			AC_DEFINE(DISABLE_PAM)
+		fi
 	]
-) 
+)
+
+if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then
+	AC_CHECK_LIB(dl, dlopen, , )
+	LIBS="$LIBS -lpam"
+	dnl Check PAM strerror arguments
+	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
+	AC_TRY_COMPILE(
+		[
+			#include <stdlib.h>
+			#include <security/pam_appl.h>
+		], 
+		[(void)pam_strerror((pam_handle_t *)NULL, -1);], 
+		[AC_MSG_RESULT(no)],
+		[
+			AC_DEFINE(HAVE_OLD_PAM)
+			AC_MSG_RESULT(yes)
+		]
+	) 
+fi
 
 AC_MSG_CHECKING([whether to build GNOME ssh-askpass])
 dnl Check whether user wants GNOME ssh-askpass
@@ -303,16 +314,18 @@ AC_ARG_WITH(lastlog,
 			fi
 		done
 		if test -z "$gotlastlog" ; then
-			AC_MSG_WARN([*** Cannot find lastlog ***])
+			AC_MSG_RESULT(not found)
 			nolastlog=1
 		else
 			if test "x$gotlastlog" = "xdir" ; then
+				AC_MSG_RESULT(${lastlog}/)
 				AC_DEFINE(LASTLOG_IS_DIR)
 				AC_MSG_WARN([*** Directory-based lastlogs are not yet supported ***])
 				nolastlog=1
+			else
+				AC_MSG_RESULT($lastlog)
+				AC_DEFINE_UNQUOTED(LASTLOG_LOCATION, "$lastlog")
 			fi
-			AC_MSG_RESULT($lastlog)
-			AC_DEFINE_UNQUOTED(LASTLOG_LOCATION, "$lastlog")
 		fi	
 	]
 )

defines.h

@@ -18,9 +18,13 @@
 #endif
 
 #ifdef HAVE_MAILLOCK_H
-#include <maillock.h>
+# include <maillock.h> /* For _PATH_MAILDIR */
 #endif
 
+#ifdef HAVE_SYS_CDEFS_H
+# include <sys/cdefs.h> /* For __P() */
+#endif 
+
 #ifndef SHUT_RDWR
 enum
 {
@@ -205,3 +209,8 @@ enum
 #  define _PATH_RSH RSH_PATH
 # endif /* RSH_PATH */
 #endif /* _PATH_RSH */
+
+#if defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM)
+# define USE_PAM
+#endif /* defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM) */
+

includes.h

@@ -52,9 +52,15 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #include <time.h>
 #include <dirent.h>
 
+#ifdef HAVE_BSTRING_H
+# include <bstring.h>
+#endif 
 #ifdef HAVE_NETGROUP_H
 # include <netgroup.h>
 #endif 
+#ifdef HAVE_NETDB_H
+# include <netdb.h>
+#endif 
 #ifdef HAVE_PATHS_H
 # include <paths.h>
 #endif 
@@ -70,7 +76,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #ifdef HAVE_SYS_BSDTTY_H
 # include <sys/bsdtty.h>
 #endif
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
 # include <security/pam_appl.h>
 #endif
 

md5crypt.c

@@ -17,7 +17,7 @@
 
 #include "config.h"
 
-#ifdef HAVE_MD5_PASSWORDS
+#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
 
 #include <unistd.h>
 #include <string.h>
@@ -163,4 +163,4 @@ md5_crypt(const char *pw, const char *salt)
 	return passwd;
 }
 
-#endif  /* HAVE_MD5_PASSWORDS */
+#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */

md5crypt.h

@@ -20,18 +20,11 @@
 
 #include "config.h"
 
-#include <unistd.h>
-#include <string.h>
-
-#ifdef HAVE_OPENSSL
-#include <openssl/md5.h>
-#endif
-
-#ifdef HAVE_SSL
-#include <ssl/md5.h>
-#endif
+#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
 
 int is_md5_salt(const char *salt);
 char *md5_crypt(const char *pw, const char *salt);
 
+#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
+
 #endif /* MD5CRYPT_H */

sshd.c

@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.45 1999/12/26 23:55:23 damien Exp $");
+RCSID("$Id: sshd.c,v 1.46 1999/12/28 04:09:36 damien Exp $");
 
 #ifdef HAVE_POLL_H
 # include <poll.h>
@@ -143,7 +143,7 @@ void do_child(const char *command, struct passwd * pw, const char *term,
 	      const char *display, const char *auth_proto,
 	      const char *auth_data, const char *ttyname);
 
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
 static int pamconv(int num_msg, const struct pam_message **msg,
 	  struct pam_response **resp, void *appdata_ptr);
 int do_pam_auth(const char *user, const char *password);
@@ -301,7 +301,7 @@ void do_pam_session(char *username, char *ttyname)
 	if (pam_retval != PAM_SUCCESS)
 		fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 }
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
 
 /*
  * Signal handler for SIGHUP.  Sshd execs itself when it receives SIGHUP;
@@ -952,7 +952,7 @@ main(int ac, char **av)
 	/* The connection has been terminated. */
 	verbose("Closing connection to %.100s", remote_ip);
 
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
 	{
 		int retval;
 
@@ -967,7 +967,7 @@ main(int ac, char **av)
 			fatal_remove_cleanup(&pam_cleanup_proc, NULL);
 		}
 	}
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
 
 	packet_close();
 	exit(0);
@@ -1285,7 +1285,7 @@ do_authentication(char *user)
 	pwcopy.pw_shell = xstrdup(pw->pw_shell);
 	pw = &pwcopy;
 
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
 	{
 		int pam_retval;
 
@@ -1313,11 +1313,11 @@ do_authentication(char *user)
 #ifdef KRB4
 	    (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif /* KRB4 */
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
 	    do_pam_auth(pw->pw_name, "")) {
-#else /* HAVE_LIBPAM */
+#else /* USE_PAM */
 	    auth_password(pw, "")) {
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
 		/* Authentication with empty password succeeded. */
 		log("Login for user %s from %.100s, accepted without authentication.",
 		    pw->pw_name, get_remote_ipaddr());
@@ -1457,9 +1457,9 @@ do_authloop(struct passwd * pw)
 			authenticated = auth_rhosts(pw, client_user);
 
 			snprintf(user, sizeof user, " ruser %s", client_user);
-#ifndef HAVE_LIBPAM
+#ifndef USE_PAM
 			xfree(client_user);
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
 			break;
 
 		case SSH_CMSG_AUTH_RHOSTS_RSA:
@@ -1492,9 +1492,9 @@ do_authloop(struct passwd * pw)
 			BN_clear_free(client_host_key_n);
 
 			snprintf(user, sizeof user, " ruser %s", client_user);
-#ifndef HAVE_LIBPAM
+#ifndef USE_PAM
 			xfree(client_user);
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
 			break;
 
 		case SSH_CMSG_AUTH_RSA:
@@ -1523,13 +1523,13 @@ do_authloop(struct passwd * pw)
 			password = packet_get_string(&dlen);
 			packet_integrity_check(plen, 4 + dlen, type);
 
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
 			/* Do PAM auth with password */
 			authenticated = do_pam_auth(pw->pw_name, password);
-#else /* HAVE_LIBPAM */
+#else /* USE_PAM */
 			/* Try authentication with the password. */
 			authenticated = auth_password(pw, password);
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
 			memset(password, 0, strlen(password));
 			xfree(password);
 			break;
@@ -1595,13 +1595,13 @@ do_authloop(struct passwd * pw)
 			get_remote_port(),
 			user);
 
-#ifndef HAVE_LIBPAM
+#ifndef USE_PAM
 		if (authenticated)
 			return;
 
 		if (attempt > AUTH_FAIL_MAX)
 			packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
-#else /* HAVE_LIBPAM */
+#else /* USE_PAM */
 		if (authenticated) {
 			do_pam_account(pw->pw_name, client_user);
 
@@ -1617,7 +1617,7 @@ do_authloop(struct passwd * pw)
 
 			packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
 		}
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
 
 		/* Send a message indicating that the authentication attempt failed. */
 		packet_start(SSH_SMSG_FAILURE);
@@ -1823,10 +1823,10 @@ do_authenticated(struct passwd * pw)
 			/* Indicate that we now have a pty. */
 			have_pty = 1;
 
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
 			/* do the pam_open_session since we have the pty */
 			do_pam_session(pw->pw_name,ttyname);
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
 
 			break;
 
@@ -2194,7 +2194,7 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd,
 		snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir);
 		quiet_login = stat(line, &st) >= 0;
 
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
 		/* output the results of the pamconv() */
 		if (!quiet_login && pamconv_msg != NULL)
 			fprintf(stderr, pamconv_msg);
@@ -2382,7 +2382,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
 	struct stat st;
 	char *argv[10];
 
-#ifndef HAVE_LIBPAM /* pam_nologin handles this */
+#ifndef USE_PAM /* pam_nologin handles this */
 	/* Check /etc/nologin. */
 	f = fopen("/etc/nologin", "r");
 	if (f) {
@@ -2393,7 +2393,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
 		if (pw->pw_uid != 0)
 			exit(254);
 	}
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
 
 #ifdef HAVE_SETLOGIN
 	/* Set login name in the kernel. */
@@ -2498,7 +2498,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
 	}
 #endif /* KRB4 */
 
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
 	/* Pull in any environment variables that may have been set by PAM. */
 	{
 		char *equals, var_name[512], var_val[512];
@@ -2517,7 +2517,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
 			}
 		}
 	}
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
 
 	if (xauthfile)
 		child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);