19991226

 - Enabled utmpx support by default for Solaris
 - Cleanup sshd.c PAM a little more

19991225
 - Merged fixes from Ben Taylor <bent@clark.net>
 - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
 - Disabled logging of PAM password authentication failures when password
   is empty. (e.g start of authentication loop). Reported by Naz
   <96na@eng.cam.ac.uk>)

9 files changed, 66 insertions, 28 deletions

diff --git a/ChangeLog b/ChangeLog
index 394ebc899..a89fcdc9c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,13 +1,24 @@
+19991226
+ - Enabled utmpx support by default for Solaris
+ - Cleanup sshd.c PAM a little more
+
 19991225
  - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
  - Cleanup of auth-passwd.c for shadow and MD5 passwords
  - Cleanup and bugfix of PAM authentication code
+ - Released 1.2.1pre20
+
+ - Merged fixes from Ben Taylor <bent@clark.net>
+ - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
+ - Disabled logging of PAM password authentication failures when password
+   is empty. (e.g start of authentication loop). Reported by Naz
+   <96na@eng.cam.ac.uk>)
 
 19991223
  - Merged later HPUX patch from Andre Lucas 
    <andre.lucas@dial.pipex.com>
  - Above patch included better utmpx support from Ben Taylor
-   <bent@clark.net>:
+   <bent@clark.net>
 
 19991222
  - Fix undefined fd_set type in ssh.h from Povl H. Pedersen 
diff --git a/Makefile.in b/Makefile.in
index ff978b74f..fa9a9d815 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -44,6 +44,10 @@ LIBOBJS= atomicio.o authfd.o authfile.o bsd-daemon.o bsd-mktemp.o \
 
 all: $(OBJS) $(TARGETS)
 
+$(OBJS): config.h
+
+$(LIBOBJS): config.h
+
 libssh.a: $(LIBOBJS)
         $(AR) rv $@ $(LIBOBJS)
         $(RANLIB) $@
diff --git a/acconfig.h b/acconfig.h
index 1e706ff58..60dd43010 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -222,6 +222,23 @@ enum
 # endif
 #endif
 
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
+# ifndef _PATH_UTMPX
+#  ifdef UTMPX_FILE
+#   define _PATH_UTMPX UTMPX_FILE
+#  else
+#   define _PATH_UTMPX "/var/adm/utmpx"
+#  endif
+# endif
+# ifndef _PATH_WTMPX
+#  ifdef WTMPX_FILE
+#   define _PATH_WTMPX WTMPX_FILE
+#  else
+#   define _PATH_WTMPX "/var/adm/wtmp"
+#  endif
+# endif
+#endif
+
 #ifndef _PATH_BSHELL
 # define _PATH_BSHELL "/bin/sh"
 #endif
diff --git a/bsd-login.c b/bsd-login.c
index d81e46914..eccb29ee4 100644
--- a/bsd-login.c
+++ b/bsd-login.c
@@ -65,24 +65,24 @@ login(utp)
         struct utmp *utp;
 #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 {
+#if defined(HAVE_HOST_IN_UTMP)
         struct utmp old_ut;
+#endif
 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
         struct utmpx *old_utx;
 #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
         register int fd;
         int tty;
 
-#ifndef UT_LINESIZE
-# define UT_LINESIZE (sizeof(old_ut.ut_line))
-# define UT_NAMESIZE (sizeof(old_ut.ut_name))
-# ifdef HAVE_HOST_IN_UTMP
-#  define UT_HOSTSIZE (sizeof(old_ut.ut_host))
-# endif
-#endif
-
         tty = ttyslot();
         if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR|O_CREAT, 0644)) >= 0) {
+
 #if defined(HAVE_HOST_IN_UTMP)
+# ifndef UT_LINESIZE
+#  define UT_LINESIZE (sizeof(old_ut.ut_line))
+#  define UT_NAMESIZE (sizeof(old_ut.ut_name))
+#  define UT_HOSTSIZE (sizeof(old_ut.ut_host))
+# endif
                 (void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
                 /*
                  * Prevent luser from zero'ing out ut_host.
diff --git a/configure.in b/configure.in
index 7bb96270a..6cfacd2db 100644
--- a/configure.in
+++ b/configure.in
@@ -53,6 +53,9 @@ case "$host" in
                 AC_DEFINE(DISABLE_SHADOW)
         fi
         ;;
+*-*-solaris*)
+        AC_DEFINE(USE_UTMPX)
+        ;;
 esac
 
 dnl Check for OpenSSL/SSLeay directories.
@@ -101,11 +104,14 @@ AC_ARG_WITH(pam,
         [  --without-pam           Disable PAM support ],
         [
                 if test "x$withval" != "xno" ; then
-                        AC_CHECK_LIB(dl, dlopen, , )
-                        AC_CHECK_LIB(pam, pam_authenticate, , )
+                        no_pam=1
                 fi
         ]
 )
+if test -z "$no_pam" ; then
+        AC_CHECK_LIB(dl, dlopen, , )
+        AC_CHECK_LIB(pam, pam_authenticate, , )
+fi
 
 dnl Checks for header files.
 AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h poll.h pty.h shadow.h util.h utmp.h utmpx.h sys/bsdtty.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h)
diff --git a/login.c b/login.c
index c551da898..f4e6ddfaf 100644
--- a/login.c
+++ b/login.c
@@ -18,7 +18,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: login.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
+RCSID("$Id: login.c,v 1.12 1999/12/25 23:21:48 damien Exp $");
 
 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
 # include <utmpx.h>
@@ -155,18 +155,19 @@ record_login(int pid, const char *ttyname, const char *user, uid_t uid,
         strncpy(utx.ut_line, ttyname + 5, sizeof(utx.ut_line));
         utx.ut_pid = (pid_t)pid;
         utx.ut_tv.tv_sec = time(NULL);
-        u.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS;
-#ifdef HAVE_HOST_IN_UTMPX
-#ifdef HAVE_SYSLEN_IN_UTMPX
+        utx.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS;
+# ifdef HAVE_HOST_IN_UTMPX
+#  ifdef HAVE_SYSLEN_IN_UTMPX
         utx.ut_syslen = strlen(host);
-        strncpy(utx.ut_host, host, utx.ut_syslen );
-#else
+        strncpy(utx.ut_host, host, utx.ut_syslen);
+#  else
         strncpy(utx.ut_host, host, sizeof(utx.ut_host));
-#endif /* HAVE_SYSLEN_IN_UTMPX */
-#endif
+#  endif /* HAVE_SYSLEN_IN_UTMPX */
+# endif
 #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 
-#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) && !defined(HAVE_LOGIN)
+/*#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) && !defined(HAVE_LOGIN)*/
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
         login(&u, &utx);
 #else /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
         login(&u);
diff --git a/packages/redhat/openssh.spec b/packages/redhat/openssh.spec
index a3e51bb81..af904c7de 100644
--- a/packages/redhat/openssh.spec
+++ b/packages/redhat/openssh.spec
@@ -1,6 +1,6 @@
 Summary: OpenSSH free Secure Shell (SSH) implementation
 Name: openssh
-Version: 1.2.1pre20
+Version: 1.2.1pre21
 Release: 1
 Packager: Damien Miller <djm@ibs.com.au>
 Source0: openssh-%{version}.tar.gz
diff --git a/packages/suse/openssh.spec b/packages/suse/openssh.spec
index c649ef235..23926e017 100644
--- a/packages/suse/openssh.spec
+++ b/packages/suse/openssh.spec
@@ -1,6 +1,6 @@
 Summary: OpenSSH, a free Secure Shell (SSH) implementation
 Name: openssh
-Version: 1.2.1pre20
+Version: 1.2.1pre21
 Release: 1
 Source0: openssh-%{version}.tar.gz
 Copyright: BSD
diff --git a/sshd.c b/sshd.c
index 9c570ab8a..c06d914e6 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.40 1999/12/24 23:11:29 damien Exp $");
+RCSID("$Id: sshd.c,v 1.41 1999/12/25 23:21:48 damien Exp $");
 
 #ifdef HAVE_POLL_H
 # include <poll.h>
@@ -249,8 +249,10 @@ int do_pam_auth(const char *user, const char *password)
                 log("PAM Password authentication accepted for user \"%.100s\"", user);
                 return 1;
         } else {
-                log("PAM Password authentication for \"%.100s\" failed: %s", 
-                        user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+                /* Don't log failure for auth attempts with empty password */
+                if (password[0] != '\0')
+                        log("PAM Password authentication for \"%.100s\" failed: %s", 
+                                user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
                 return 0;
         }
 }
@@ -1362,9 +1364,6 @@ do_authloop(struct passwd * pw)
         int plen, dlen, nlen, ulen, elen;
         int type = 0;
         void (*authlog) (const char *fmt,...) = verbose;
-#ifdef HAVE_LIBPAM
-        int pam_retval;
-#endif /* HAVE_LIBPAM */
 
         /* Indicate that authentication is needed. */
         packet_start(SSH_SMSG_FAILURE);