summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>1999-12-30 15:50:54 +1100
committerDamien Miller <djm@mindrot.org>1999-12-30 15:50:54 +1100
commit8bdeee25f8c0215812cdcdbd24f8c5b308a7b76a (patch)
tree3c6c86c231be661422c1b4fa2e6e16c4b6d4fc78
parent554ef3c7c205852592504d0433c592b1a7a8d459 (diff)
- Merged Dante SOCKS support patch from David Rankin
<drankin@bohemians.lexington.ky.us> - Updated documentation with ./configure options
-rw-r--r--ChangeLog3
-rw-r--r--INSTALL35
-rw-r--r--README15
-rw-r--r--acconfig.h3
-rw-r--r--configure.in50
-rw-r--r--ssh.h47
6 files changed, 135 insertions, 18 deletions
diff --git a/ChangeLog b/ChangeLog
index 66d77b0ac..ceddf7439 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@
5 - Removed most of the pam code into its own file auth-pam.[ch]. This 5 - Removed most of the pam code into its own file auth-pam.[ch]. This
6 cleaned up sshd.c up significantly. 6 cleaned up sshd.c up significantly.
7 - Several other cleanups 7 - Several other cleanups
8 - Merged Dante SOCKS support patch from David Rankin
9 <drankin@bohemians.lexington.ky.us>
10 - Updated documentation with ./configure options
8 11
919991229 1219991229
10 - Applied another NetBSD portability patch from David Rankin 13 - Applied another NetBSD portability patch from David Rankin
diff --git a/INSTALL b/INSTALL
index 17353d9e1..5e0b5c8f1 100644
--- a/INSTALL
+++ b/INSTALL
@@ -15,6 +15,12 @@ supports it. PAM is standard on Redhat and Debian Linux and on Solaris.
15PAM: 15PAM:
16http://www.kernel.org/pub/linux/libs/pam/ 16http://www.kernel.org/pub/linux/libs/pam/
17 17
18Dante:
19http://www.inet.no/dante
20
21OpenSSH can also use the Dante SOCKS libraries, version 1.1.1pre1 or higher,
22if you have them installed on your system.
23
18If you wish to build the GNOME passphrase requester, you will need the GNOME 24If you wish to build the GNOME passphrase requester, you will need the GNOME
19libraries and headers. 25libraries and headers.
20 26
@@ -75,6 +81,14 @@ you may need to edit it before using it on your system.
75 81
76There are a few other options to the configure script: 82There are a few other options to the configure script:
77 83
84--with-rsh=PATH allows you to specify the path to your rsh program.
85Normally ./configure will search the current $PATH for 'rsh'. You
86may need to specify this option if rsh is not in your path or has a
87different name.
88
89--without-pam will disable PAM support. PAM is automatically detected
90and switched on if found.
91
78--enable-gnome-askpass will build the GNOME passphrase dialog. You 92--enable-gnome-askpass will build the GNOME passphrase dialog. You
79need a working installation of GNOME, including the development 93need a working installation of GNOME, including the development
80headers, for this to work. 94headers, for this to work.
@@ -89,6 +103,12 @@ use this if your Unix does not support the /dev/urandom device (or
89similar). The file argument refers to the EGD pool file, not the 103similar). The file argument refers to the EGD pool file, not the
90EGD program itself. Please refer to the EGD documentation. 104EGD program itself. Please refer to the EGD documentation.
91 105
106--with-lastlog=FILE will specify the location of the lastlog file.
107./configure searches a few locations for lastlog, but may not find
108it if lastlog is installed in a different place.
109
110--without-lastlog will disable lastlog support entirely.
111
92--with-kerberos4 will enable Kerberos IV support. You will need to 112--with-kerberos4 will enable Kerberos IV support. You will need to
93have the Kerberos libraries and header files installed for this to 113have the Kerberos libraries and header files installed for this to
94work. 114work.
@@ -105,6 +125,21 @@ support. You will need libwrap.a and tcpd.h installed.
105--with-md5-passwords will enable the use of MD5 passwords. Enable this 125--with-md5-passwords will enable the use of MD5 passwords. Enable this
106if your operating system uses MD5 passwords without using PAM. 126if your operating system uses MD5 passwords without using PAM.
107 127
128--with-utmpx enables utmpx support. utmpx support is automatic for
129some platforms.
130
131--without-shadow disables shadow password support.
132
133--with-ipaddr-display forces the use of a numeric IP address in the
134$DISPLAY environment variable. Some broken systems need this.
135
136--with-default-path=PATH allows you to specify a default $PATH for sessions
137started by sshd.
138
139--with-dante[=DIR] will enable Dante SOCKS library support. If the Dante
140libsocks library isn't installed in a library searched by the compiler,
141add the directory name as the option.
142
108If you need to pass special options to the compiler or linker, you 143If you need to pass special options to the compiler or linker, you
109can specify these as enviornment variables before running ./configure. 144can specify these as enviornment variables before running ./configure.
110For example: 145For example:
diff --git a/README b/README
index b09cc8f02..be3fb9e66 100644
--- a/README
+++ b/README
@@ -14,7 +14,9 @@ support (for Linux and Solaris), EGD[1] support, and replacements
14for OpenBSD library functions that are (regrettably) absent from 14for OpenBSD library functions that are (regrettably) absent from
15other unices. This port has been best tested on Linux, Solaris and 15other unices. This port has been best tested on Linux, Solaris and
16HPUX, though support for AIX and Irix is underway. This version 16HPUX, though support for AIX and Irix is underway. This version
17actively tracks changes in the OpenBSD CVS repository. 17actively tracks changes in the OpenBSD CVS repository. This port
18also has optional support for using the Dante SOCKS library[6],
19version 1.1.1pre1 or later.
18 20
19The PAM support is now more functional than the popular packages of 21The PAM support is now more functional than the popular packages of
20commercial ssh-1.2.x. It checks "account" and "session" modules for 22commercial ssh-1.2.x. It checks "account" and "session" modules for
@@ -25,11 +27,11 @@ liberal. Please refer to the source files for details. The code in
25bsd-*.[ch] is from the OpenBSD project and has its own license (again, 27bsd-*.[ch] is from the OpenBSD project and has its own license (again,
26see the source files for details). 28see the source files for details).
27 29
28OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4]. To build 30OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4] and
29the GNOME[5] pass-phrase requester (--with-gnome-askpass), you will 31Dante[6]. To build the GNOME[5] pass-phrase requester
30need the GNOME libraries installed. If you are building OpenSSH on a 32(--with-gnome-askpass), you will need the GNOME libraries installed.
31Unix which lacks a kernel random number pool (/dev/random), you will 33If you are building OpenSSH on a Unix which lacks a kernel random
32need to install EGD[1]. 34number pool (/dev/random), you will need to install EGD[1].
33 35
34There is now a mailing list for this port of OpenSSH. To 36There is now a mailing list for this port of OpenSSH. To
35subscribe, send a message consisting of the word 'SUBSCRIBE' to 37subscribe, send a message consisting of the word 'SUBSCRIBE' to
@@ -71,4 +73,5 @@ References -
71[3] http://www.openssl.org/ 73[3] http://www.openssl.org/
72[4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris) 74[4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
73[5] http://www.gnome.org/ 75[5] http://www.gnome.org/
76[6] http://www.inet.no/dante
74 77
diff --git a/acconfig.h b/acconfig.h
index 3b37c5946..3331a13f9 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -24,6 +24,9 @@
24/* Are we using the Entropy gathering daemon */ 24/* Are we using the Entropy gathering daemon */
25#undef HAVE_EGD 25#undef HAVE_EGD
26 26
27/* Define if using the Dante SOCKS library. */
28#undef HAVE_DANTE
29
27/* Define if your ssl headers are included with #include <ssl/header.h> */ 30/* Define if your ssl headers are included with #include <ssl/header.h> */
28#undef HAVE_SSL 31#undef HAVE_SSL
29 32
diff --git a/configure.in b/configure.in
index 3b1f125c6..4e5bc602d 100644
--- a/configure.in
+++ b/configure.in
@@ -17,7 +17,9 @@ dnl Use ip address instead of hostname in $DISPLAY
17AC_ARG_WITH(rsh, 17AC_ARG_WITH(rsh,
18 [ --with-rsh=PATH Specify path to remote shell program ], 18 [ --with-rsh=PATH Specify path to remote shell program ],
19 [ 19 [
20 AC_DEFINE_UNQUOTED(RSH_PATH, "$withval") 20 if test "x$withval" != "$xno" ; then
21 AC_DEFINE_UNQUOTED(RSH_PATH, "$withval")
22 fi
21 ], 23 ],
22 [ 24 [
23 AC_PATH_PROG(rsh_path, rsh) 25 AC_PATH_PROG(rsh_path, rsh)
@@ -367,6 +369,20 @@ if test ! -z "$nolastlog" ; then
367 AC_DEFINE(DISABLE_LASTLOG) 369 AC_DEFINE(DISABLE_LASTLOG)
368fi 370fi
369 371
372dnl Compile with dante SOCKS library
373AC_ARG_WITH(dante,
374 [ --with-dante=DIR Use Dante SOCKS lib (default is system library path)],
375 [
376 AC_DEFINE(HAVE_DANTE)
377 if test "x$withval" != "xno" ; then
378 if test -n $withval ; then
379 LIBS="$LIBS -L$withval"
380 fi
381 LIBS="$LIBS -lsocks"
382 fi
383 ]
384)
385
370AC_CHECK_FILE("/dev/ptmx", AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX)) 386AC_CHECK_FILE("/dev/ptmx", AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX))
371AC_CHECK_FILE("/dev/ptc", AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC)) 387AC_CHECK_FILE("/dev/ptc", AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC))
372 388
@@ -386,9 +402,11 @@ dnl Check whether user wants Kerberos support
386AC_ARG_WITH(kerberos4, 402AC_ARG_WITH(kerberos4,
387 [ --with-kerberos4 Enable Kerberos 4 support], 403 [ --with-kerberos4 Enable Kerberos 4 support],
388 [ 404 [
389 AC_DEFINE(KRB4) 405 if test "x$withval" != "$xno" ; then
390 LIBS="$LIBS -lkrb" 406 AC_DEFINE(KRB4)
391 CFLAGS="$CFLAGS -I/usr/include/kerberosIV" 407 LIBS="$LIBS -lkrb"
408 CFLAGS="$CFLAGS -I/usr/include/kerberosIV"
409 fi
392 ] 410 ]
393) 411)
394 412
@@ -396,8 +414,10 @@ dnl Check whether user wants AFS support
396AC_ARG_WITH(afs, 414AC_ARG_WITH(afs,
397 [ --with-afs Enable AFS support], 415 [ --with-afs Enable AFS support],
398 [ 416 [
399 AC_DEFINE(AFS) 417 if test "x$withval" != "$xno" ; then
400 LIBS="$LIBS -lkafs" 418 AC_DEFINE(AFS)
419 LIBS="$LIBS -lkafs"
420 fi
401 ] 421 ]
402) 422)
403 423
@@ -405,8 +425,10 @@ dnl Check whether user wants S/Key support
405AC_ARG_WITH(skey, 425AC_ARG_WITH(skey,
406 [ --with-skey Enable S/Key support], 426 [ --with-skey Enable S/Key support],
407 [ 427 [
408 AC_DEFINE(SKEY) 428 if test "x$withval" != "$xno" ; then
409 LIBS="$LIBS -lskey" 429 AC_DEFINE(SKEY)
430 LIBS="$LIBS -lskey"
431 fi
410 ] 432 ]
411) 433)
412 434
@@ -414,8 +436,10 @@ dnl Check whether user wants TCP wrappers support
414AC_ARG_WITH(tcp-wrappers, 436AC_ARG_WITH(tcp-wrappers,
415 [ --with-tcp-wrappers Enable tcpwrappers support], 437 [ --with-tcp-wrappers Enable tcpwrappers support],
416 [ 438 [
417 AC_DEFINE(LIBWRAP) 439 if test "x$withval" != "$xno" ; then
418 LIBWRAP="-lwrap" 440 AC_DEFINE(LIBWRAP)
441 LIBWRAP="-lwrap"
442 fi
419 ] 443 ]
420) 444)
421AC_SUBST(LIBWRAP) 445AC_SUBST(LIBWRAP)
@@ -423,7 +447,11 @@ AC_SUBST(LIBWRAP)
423dnl Check whether to enable MD5 passwords 447dnl Check whether to enable MD5 passwords
424AC_ARG_WITH(md5-passwords, 448AC_ARG_WITH(md5-passwords,
425 [ --with-md5-passwords Enable use of MD5 passwords], 449 [ --with-md5-passwords Enable use of MD5 passwords],
426 [AC_DEFINE(HAVE_MD5_PASSWORDS)] 450 [
451 if test "x$withval" != "$xno" ; then
452 AC_DEFINE(HAVE_MD5_PASSWORDS)
453 fi
454 ]
427) 455)
428 456
429dnl Check whether to enable utmpx support 457dnl Check whether to enable utmpx support
diff --git a/ssh.h b/ssh.h
index 48bcd5ea6..ddc6fe073 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@
13 * 13 *
14 */ 14 */
15 15
16/* RCSID("$Id: ssh.h,v 1.22 1999/12/30 04:08:44 damien Exp $"); */ 16/* RCSID("$Id: ssh.h,v 1.23 1999/12/30 04:50:55 damien Exp $"); */
17 17
18#ifndef SSH_H 18#ifndef SSH_H
19#define SSH_H 19#define SSH_H
@@ -745,4 +745,49 @@ int auth_skey_password(struct passwd * pw, const char *password);
745#include "auth-pam.h" 745#include "auth-pam.h"
746#endif /* USE_PAM */ 746#endif /* USE_PAM */
747 747
748#ifdef HAVE_DANTE
749/*
750 * The following defines map the normal socket operations to SOCKSified
751 * versions coming from the Dante SOCKS package.
752 */
753#define accept Raccept
754#define bind Rbind
755#define bindresvport Rbindresvport
756#define connect Rconnect
757#define gethostbyname Rgethostbyname
758#define gethostbyname2 Rgethostbyname2
759#define getpeername Rgetpeername
760#define getsockname Rgetsockname
761#define read Rread
762#define readv Rreadv
763#define recv Rrecv
764#define recvmsg Rrecvmsg
765#define recvfrom Rrecvfrom
766#define rresvport Rrresvport
767#define send Rsend
768#define sendmsg Rsendmsg
769#define sendto Rsendto
770#define write Rwrite
771#define writev Rwritev
772int Raccept (int, struct sockaddr *, socklen_t *);
773int Rbind (int, const struct sockaddr *, socklen_t);
774int Rbindresvport(int , struct sockaddr_in *);
775int Rconnect (int, const struct sockaddr *, socklen_t);
776struct hostent *Rgethostbyname(const char *);
777struct hostent *Rgethostbyname2(const char *, int);
778int Rgetpeername (int, struct sockaddr *, socklen_t *);
779int Rgetsockname (int, struct sockaddr *, socklen_t *);
780ssize_t Rread(int , void *, size_t );
781ssize_t Rreadv(int d, const struct iovec *iov, int iovcnt);
782ssize_t Rrecv (int, void *, size_t, int);
783ssize_t Rrecvfrom (int, void *, size_t, int, struct sockaddr *,
784 socklen_t *);
785ssize_t Rsend (int, const void *, size_t, int);
786ssize_t Rsendmsg (int, const struct msghdr *, int);
787ssize_t Rsendto (int, const void *,
788 size_t, int, const struct sockaddr *, socklen_t);
789ssize_t Rwrite(int , const void *, size_t );
790ssize_t Rwritev(int , const struct iovec *, int );
791#endif /* HAVE_DANTE */
792
748#endif /* SSH_H */ 793#endif /* SSH_H */