diff --git a/ChangeLog b/ChangeLog index 1352588b5..28032d246 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +19991211 + - Fix compilation on systems with AFS. Reported by + aloomis@glue.umd.edu + - Fix installation on Solaris. Reported by + Gordon Rowell + - Fix gccisms (__attribute__ and inline). Report by edgy@us.ibm.com, + patch from Markus Friedl + - Auto-locate xauth. Patch from David Agraz + - Compile fix from David Agraz + - Avoid compiler warning in bsd-snprintf.c + - Added pam_limits.so to default PAM config. Suggested by + Jim Knoble + 19991209 - Import of patch from Ben Taylor : - Improved PAM support diff --git a/Makefile.in b/Makefile.in index 7148c50cd..f72867470 100644 --- a/Makefile.in +++ b/Makefile.in @@ -24,14 +24,15 @@ LFLAGS=@LDFLAGS@ GNOME_CFLAGS=`gnome-config --cflags gnome gnomeui` GNOME_LIBS=`gnome-config --libs gnome gnomeui` -OBJS= atomicio.o authfd.o authfile.o auth-passwd.o auth-rhosts.o \ - auth-rh-rsa.o auth-rsa.o auth-skey.o bsd-daemon.o bsd-login.o \ - bsd-mktemp.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bufaux.o \ - buffer.o canohost.o channels.o cipher.o clientloop.o compress.o \ - crc32.o deattack.o helper.o helper.o hostfile.o log-client.o \ - login.o log-server.o match.o md5crypt.o mpaux.o packet.o pty.o \ - readconf.o readpass.o rsa.o servconf.o serverloop.o \ - sshconnect.o tildexpand.o ttymodes.o uidswap.o xmalloc.o +OBJS= atomicio.o authfd.o authfile.o auth-krb4.o auth-passwd.o \ + auth-rhosts.o auth-rh-rsa.o auth-rsa.o auth-skey.o bsd-daemon.o \ + bsd-login.o bsd-mktemp.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o + bufaux.o buffer.o canohost.o channels.o cipher.o clientloop.o \ + compress.o crc32.o deattack.o helper.o helper.o hostfile.o \ + log-client.o login.o log-server.o match.o md5crypt.o mpaux.o \ + packet.o pty.o radix.o readconf.o readpass.o rsa.o servconf.o \ + serverloop.o sshconnect.o tildexpand.o ttymodes.o uidswap.o \ + xmalloc.o all: $(OBJS) $(TARGETS) libssh.a: atomicio.o authfd.o authfile.o bsd-daemon.o bsd-mktemp.o \ @@ -39,16 +40,17 @@ libssh.a: atomicio.o authfd.o authfile.o bsd-daemon.o bsd-mktemp.o \ buffer.o canohost.o channels.o cipher.o compat.o \ compress.o crc32.o deattack.o fingerprint.o helper.o \ hostfile.o log.o match.o mpaux.o nchan.o packet.o \ - readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o xmalloc.o + radix.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o \ + xmalloc.o $(AR) rv $@ $^ $(RANLIB) $@ ssh: ssh.o sshconnect.o log-client.o readconf.o clientloop.o libssh.a $(CC) -o $@ $^ $(LFLAGS) $(LIBS) -sshd: sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ - pty.o log-server.o login.o servconf.o serverloop.o bsd-login.o \ - md5crypt.o libssh.a +sshd: sshd.o auth-rhosts.o auth-krb4.o auth-passwd.o auth-rsa.o \ + auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o \ + bsd-login.o md5crypt.o libssh.a $(CC) -o $@ $^ $(LFLAGS) $(LIBS) $(LIBWRAP) scp: scp.o libssh.a @@ -81,27 +83,27 @@ install: all $(INSTALL) -s ssh-agent $(bindir)/ssh-agent $(INSTALL) -s ssh-keygen $(bindir)/ssh-keygen $(INSTALL) -s sshd $(sbindir)/sshd - $(INSTALL) -m644 ssh.1 $(mandir)/man1/ssh.1 - $(INSTALL) -m644 scp.1 $(mandir)/man1/scp.1 - $(INSTALL) -m644 ssh-add.1 $(mandir)/man1/ssh-add.1 - $(INSTALL) -m644 ssh-agent.1 $(mandir)/man1/ssh-agent.1 - $(INSTALL) -m644 ssh-keygen.1 $(mandir)/man1/ssh-keygen.1 - $(INSTALL) -m644 sshd.8 $(mandir)/man8/sshd.8 + $(INSTALL) -m 644 ssh.1 $(mandir)/man1/ssh.1 + $(INSTALL) -m 644 scp.1 $(mandir)/man1/scp.1 + $(INSTALL) -m 644 ssh-add.1 $(mandir)/man1/ssh-add.1 + $(INSTALL) -m 644 ssh-agent.1 $(mandir)/man1/ssh-agent.1 + $(INSTALL) -m 644 ssh-keygen.1 $(mandir)/man1/ssh-keygen.1 + $(INSTALL) -m 644 sshd.8 $(mandir)/man8/sshd.8 -rm -f $(bindir)/slogin ln -s ssh $(bindir)/slogin -rm -f $(mandir)/man1/slogin.1 ln -s ssh.1 $(mandir)/man1/slogin.1 - $(INSTALL) -d $(libexecdir) ; - $(INSTALL) -d $(libexecdir)/ssh ; if [ ! -z "@GNOME_ASKPASS@" ] ; then \ + $(INSTALL) -d $(libexecdir) ; + $(INSTALL) -d $(libexecdir)/ssh ; $(INSTALL) -s @GNOME_ASKPASS@ ${ASKPASS_PROGRAM} ; \ fi if [ ! -f $(sysconfdir)/ssh_config -a ! -f $(sysconfdir)/sshd_config ]; then \ $(INSTALL) -d $(sysconfdir); \ - $(INSTALL) -m644 ssh_config $(sysconfdir)/ssh_config; \ - $(INSTALL) -m644 sshd_config $(sysconfdir)/sshd_config; \ + $(INSTALL) -m 644 ssh_config $(sysconfdir)/ssh_config; \ + $(INSTALL) -m 644 sshd_config $(sysconfdir)/sshd_config; \ fi uninstallall: uninstall @@ -130,7 +132,6 @@ uninstall: -rm -f $(mandir)/man8/sshd.8 -rm -f $(bindir)/slogin -rm -f $(mandir)/man1/slogin.1 - -rm -f $(mandir)/man1/slogin.1 -rm -f ${ASKPASS_PROGRAM} -rmdir $(libexecdir)/ssh ; diff --git a/acconfig.h b/acconfig.h index 811c00d47..324f45dbe 100644 --- a/acconfig.h +++ b/acconfig.h @@ -73,6 +73,9 @@ /* Define if you have /dev/ptc */ #undef HAVE_DEV_PTS_AND_PTC +/* Path to xauth binary */ +#undef XAUTH_PATH + @BOTTOM@ /* ******************* Shouldn't need to edit below this line ************** */ @@ -258,3 +261,14 @@ enum # define __P(x) x #endif +#ifdef __GNUC__ +# if __GNUC__ < 2 +# define INLINE inline +# define __attribute__(x) +# else +# define INLINE __inline__ +# endif /* __GNUC__ < 2 */ +#else +# define __attribute__(x) +# define INLINE +#endif /* __GNUC__ */ diff --git a/bsd-login.c b/bsd-login.c index 9c1206547..a2ec74142 100644 --- a/bsd-login.c +++ b/bsd-login.c @@ -52,6 +52,7 @@ static char *rcsid = "$OpenBSD: login.c,v 1.5 1998/07/13 02:11:12 millert Exp $" # include #endif #include +#include void login(utp) @@ -78,7 +79,7 @@ login(utp) tty = ttyslot(); if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR|O_CREAT, 0644)) >= 0) { -#ifdef HAVE_HOST_IN_UTMP || HAVE_HOST_IN_UTMPX +#if defined(HAVE_HOST_IN_UTMP) || defined(HAVE_HOST_IN_UTMPX) (void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET); /* * Prevent luser from zero'ing out ut_host. @@ -91,7 +92,7 @@ login(utp) strncmp(old_ut.ut_line, utp->ut_line, UT_LINESIZE) == 0 && strncmp(old_ut.ut_name, utp->ut_name, UT_NAMESIZE) == 0) (void)memcpy(utp->ut_host, old_ut.ut_host, UT_HOSTSIZE); -#endif /* HAVE_HOST_IN_UTMP || HAVE_HOST_IN_UTMPX */ +#endif /* defined(HAVE_HOST_IN_UTMP) || defined(HAVE_HOST_IN_UTMPX) */ (void)lseek(fd, (off_t)(tty * sizeof(struct UTMP_STR)), SEEK_SET); (void)write(fd, utp, sizeof(struct UTMP_STR)); (void)close(fd); diff --git a/bsd-snprintf.c b/bsd-snprintf.c index 11c4ff39c..e85d9296a 100644 --- a/bsd-snprintf.c +++ b/bsd-snprintf.c @@ -101,30 +101,6 @@ mcleanup(str, n, p) free(curobj); } -#if !defined(HAVE_SNPRINTF) -int -#if __STDC__ -snprintf(char *str, size_t n, char const *fmt, ...) -#else -snprintf(str, n, fmt, va_alist) - char *str; - size_t n; - char *fmt; - va_dcl -#endif -{ - va_list ap; -#if __STDC__ - va_start(ap, fmt); -#else - va_start(ap); -#endif - - return (vsnprintf(str, n, fmt, ap)); - va_end(ap); -} -#endif /* !defined(HAVE_SNPRINTF) */ - #if !defined(HAVE_VSNPRINTF) int vsnprintf(str, n, fmt, ap) @@ -159,4 +135,28 @@ vsnprintf(str, n, fmt, ap) } #endif /* !defined(HAVE_VSNPRINTF) */ +#if !defined(HAVE_SNPRINTF) +int +#if __STDC__ +snprintf(char *str, size_t n, char const *fmt, ...) +#else +snprintf(str, n, fmt, va_alist) + char *str; + size_t n; + char *fmt; + va_dcl +#endif +{ + va_list ap; +#if __STDC__ + va_start(ap, fmt); +#else + va_start(ap); +#endif + + return (vsnprintf(str, n, fmt, ap)); + va_end(ap); +} +#endif /* !defined(HAVE_SNPRINTF) */ + #endif /* !defined(HAVE_SNPRINTF) || !defined(HAVE_VSNPRINTF) */ diff --git a/cipher.c b/cipher.c index e3bb05d13..3d5895c0f 100644 --- a/cipher.c +++ b/cipher.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$Id: cipher.c,v 1.8 1999/11/25 00:54:58 damien Exp $"); +RCSID("$Id: cipher.c,v 1.9 1999/12/12 21:27:33 damien Exp $"); #include "ssh.h" #include "cipher.h" @@ -111,7 +111,7 @@ swap_bytes(const unsigned char *src, unsigned char *dst_, int n) void (*cipher_attack_detected) (const char *fmt,...) = fatal; -static inline void +static INLINE void detect_cbc_attack(const unsigned char *src, unsigned int len) { diff --git a/configure.in b/configure.in index 2e7623bb4..c4894c071 100644 --- a/configure.in +++ b/configure.in @@ -287,4 +287,8 @@ AC_ARG_WITH(md5-passwords, [AC_DEFINE(HAVE_MD5_PASSWORDS)] ) +dnl Check for the path to xauth +AC_PATH_PROG(xauth_path, xauth) +AC_DEFINE_UNQUOTED(XAUTH_PATH, "$xauth_path") + AC_OUTPUT(Makefile) diff --git a/includes.h b/includes.h index 6afe88d54..c14ab6b3d 100644 --- a/includes.h +++ b/includes.h @@ -77,6 +77,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } #include "bsd-strlcat.h" #include "bsd-mktemp.h" #include "bsd-snprintf.h" +#include "bsd-daemon.h" /* Define this to be the path of the xauth program. */ #ifndef XAUTH_PATH diff --git a/packages/redhat/sshd.pam b/packages/redhat/sshd.pam index 2a7d1fbd7..f466f9ba3 100644 --- a/packages/redhat/sshd.pam +++ b/packages/redhat/sshd.pam @@ -5,3 +5,4 @@ account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow nullok use_authtok session required /lib/security/pam_pwdb.so +session required /lib/security/pam_limits.so diff --git a/sshd.pam.generic b/sshd.pam.generic index c67e7b637..4ec2a2a00 100644 --- a/sshd.pam.generic +++ b/sshd.pam.generic @@ -5,3 +5,4 @@ account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_unix.so shadow nullok use_authtok session required /lib/security/pam_unix.so +session required /lib/security/pam_limits.so