5 files changed, 47 insertions, 31 deletions
diff --git a/ChangeLog b/ChangeLog
index 4279d956a..18cc5ebfb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 20010117
 - (djm) Only write random seed file at exit
+ - (djm) Make PAM support optional, enable with --with-pam
+ - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which 
+   provides a crypt() of its own)
+ - (djm) Avoid a warning in bsd-bindresvport.c
+ - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
+   can cause weird segfaults errors on Solaris 
 20010115
 - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.
diff --git a/acconfig.h b/acconfig.h
index e2c34317d..439a7ba1c 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -66,8 +66,8 @@
 /* Define if you are on NEWS-OS */
 #undef HAVE_NEWS4
-/* Define if you want to disable PAM support */
+/* Define if you want to enable PAM support */
-#undef DISABLE_PAM
+#undef USE_PAM
 /* Define if you want to enable AIX4's authenticate function */
 #undef WITH_AIXAUTHENTICATE
diff --git a/bsd-bindresvport.c b/bsd-bindresvport.c
index 536a5056f..7faf73191 100644
--- a/bsd-bindresvport.c
+++ b/bsd-bindresvport.c
@@ -88,6 +88,9 @@ bindresvport_af(sd, sa, af)
        if (port == 0)
                port = (arc4random() % NPORTS) + STARTPORT;
+        /* Avoid warning */
+        error = -1;
        for(i = 0; i < NPORTS; i++) {
                *portp = htons(port);
                
diff --git a/configure.in b/configure.in
index 82cb5d4bd..0dd8c0043 100644
--- a/configure.in
+++ b/configure.in
@@ -62,12 +62,10 @@ case "$host" in
 *-*-cygwin*)
        LIBS="$LIBS -lregex /usr/lib/textmode.o"
        AC_DEFINE(HAVE_CYGWIN)
-        AC_DEFINE(DISABLE_PAM)
        AC_DEFINE(DISABLE_SHADOW)
        AC_DEFINE(IPV4_DEFAULT)
        AC_DEFINE(IP_TOS_IS_BROKEN)
        AC_DEFINE(BROKEN_VHANGUP)
-        no_pam=1
        no_libsocket=1
        no_libnsl=1
        ;;
@@ -122,6 +120,7 @@ case "$host" in
        ;;
 *-*-linux*)
        no_dev_ptmx=1
+        check_for_libcrypt_later=1
        AC_DEFINE(DONT_TRY_OTHER_AF)
        AC_DEFINE(PAM_TTY_KLUDGE)
        inet6_default_4in6=yes
@@ -368,27 +367,30 @@ fi
 AC_FUNC_GETPGRP
+# Check for PAM libs
 PAM_MSG="no"
 AC_ARG_WITH(pam,
-        [  --without-pam           Disable PAM support ],
+        [  --with-pam              Enable PAM support ],
        [
-                if test "x$withval" = "xno" ; then
+                if test "x$withval" != "xno" ; then
-                        no_pam=1
+                        if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then
-                        AC_DEFINE(DISABLE_PAM)
+                                AC_MSG_ERROR([PAM headers not found])
-                        PAM_MSG="disabled"
+                        fi
-                fi
-        ]
-)
-if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; then
-        AC_CHECK_LIB(dl, dlopen, , )
-        LIBS="$LIBS -lpam"
-        AC_CHECK_FUNCS(pam_getenvlist)
+                        AC_CHECK_LIB(dl, dlopen, , )
+                        AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
+                        AC_CHECK_FUNCS(pam_getenvlist)
-        disable_shadow=yes
+                        disable_shadow=yes
+                        PAM_MSG="yes"
-        PAM_MSG="yes"
+                        AC_DEFINE(USE_PAM)
+                fi
+        ]
+)
+# Check for older PAM
+if test "x$PAM_MSG" = "xyes" ; then
        # Check PAM strerror arguments (old PAM)
        AC_MSG_CHECKING([whether pam_strerror takes only one argument])
        AC_TRY_COMPILE(
@@ -403,7 +405,7 @@ if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; t
                        AC_MSG_RESULT(yes)
                        PAM_MSG="yes (old library)"
                ]
-        ) 
+        )
 fi
 # The big search for OpenSSL
@@ -425,7 +427,7 @@ fi
 AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
        for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
-                if test ! -z "$ssldir" ; then
+                if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
                        LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir"
                        CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include"
                        if test ! -z "$need_dash_r" ; then
@@ -476,13 +478,16 @@ if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ;
        AC_DEFINE(HAVE_OPENSSL)
        dnl Need to recover ssldir - test above runs in subshell
        ssldir=$ac_cv_openssldir
-        CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include"
-        LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir"
+        if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
-        if test ! -z "$need_dash_r" ; then
+                CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include"
-                LDFLAGS="$LDFLAGS -R$ssldir/lib -R$ssldir"
+                LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir"
-        fi
+                if test ! -z "$need_dash_r" ; then
-        if test ! -z "$blibpath" ; then
+                        LDFLAGS="$LDFLAGS -R$ssldir/lib -R$ssldir"
-                blibpath="$blibpath:$ssldir:$ssldir/lib"
+                fi
+                if test ! -z "$blibpath" ; then
+                        blibpath="$blibpath:$ssldir:$ssldir/lib"
+                fi
        fi
 fi
 LIBS="$saved_LIBS -lcrypto"
@@ -537,6 +542,12 @@ else
        fi
 fi
+# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 
+# version in OpenSSL. Skip this for PAM
+if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then
+        AC_CHECK_LIB(crypt, crypt, , )
+fi
 # Cheap hack to ensure NEWS-OS libraries are arranged right.
 if test ! -z "$SONY" ; then
  LIBS="$LIBS -liberty";
diff --git a/defines.h b/defines.h
index 79aab5ab6..26c532c92 100644
--- a/defines.h
+++ b/defines.h
@@ -332,10 +332,6 @@ struct winsize {
 # define __attribute__(x)
 #endif /* !defined(__GNUC__) || (__GNUC__ < 2) */
-#if defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM)
-# define USE_PAM
-#endif /* defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM) */
 #ifndef SUN_LEN
 #define SUN_LEN(su) \
        (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))

diff --git a/ChangeLog b/ChangeLog index 4279d956a..18cc5ebfb 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,5 +1,11 @@
1	20010117	1	20010117
2	- (djm) Only write random seed file at exit	2	- (djm) Only write random seed file at exit
		3	- (djm) Make PAM support optional, enable with --with-pam
		4	- (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
		5	provides a crypt() of its own)
		6	- (djm) Avoid a warning in bsd-bindresvport.c
		7	- (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
		8	can cause weird segfaults errors on Solaris
3		9
4	20010115	10	20010115
5	- (bal) sftp-server.c change to use chmod() if fchmod() does not exist.	11	- (bal) sftp-server.c change to use chmod() if fchmod() does not exist.


diff --git a/acconfig.h b/acconfig.h index e2c34317d..439a7ba1c 100644 --- a/acconfig.h +++ b/acconfig.h
@@ -66,8 +66,8 @@
66	/* Define if you are on NEWS-OS */	66	/* Define if you are on NEWS-OS */
67	#undef HAVE_NEWS4	67	#undef HAVE_NEWS4
68		68
69	/* Define if you want to disable PAM support */	69	/* Define if you want to enable PAM support */
70	#undef DISABLE_PAM	70	#undef USE_PAM
71		71
72	/* Define if you want to enable AIX4's authenticate function */	72	/* Define if you want to enable AIX4's authenticate function */
73	#undef WITH_AIXAUTHENTICATE	73	#undef WITH_AIXAUTHENTICATE


diff --git a/bsd-bindresvport.c b/bsd-bindresvport.c index 536a5056f..7faf73191 100644 --- a/bsd-bindresvport.c +++ b/bsd-bindresvport.c
@@ -88,6 +88,9 @@ bindresvport_af(sd, sa, af)
88	if (port == 0)	88	if (port == 0)
89	port = (arc4random() % NPORTS) + STARTPORT;	89	port = (arc4random() % NPORTS) + STARTPORT;
90		90
		91	/* Avoid warning */
		92	error = -1;
		93
91	for(i = 0; i < NPORTS; i++) {	94	for(i = 0; i < NPORTS; i++) {
92	*portp = htons(port);	95	*portp = htons(port);
93		96


diff --git a/configure.in b/configure.in index 82cb5d4bd..0dd8c0043 100644 --- a/configure.in +++ b/configure.in
@@ -62,12 +62,10 @@ case "$host" in
62	--cygwin*)	62	--cygwin*)
63	LIBS="$LIBS -lregex /usr/lib/textmode.o"	63	LIBS="$LIBS -lregex /usr/lib/textmode.o"
64	AC_DEFINE(HAVE_CYGWIN)	64	AC_DEFINE(HAVE_CYGWIN)
65	AC_DEFINE(DISABLE_PAM)
66	AC_DEFINE(DISABLE_SHADOW)	65	AC_DEFINE(DISABLE_SHADOW)
67	AC_DEFINE(IPV4_DEFAULT)	66	AC_DEFINE(IPV4_DEFAULT)
68	AC_DEFINE(IP_TOS_IS_BROKEN)	67	AC_DEFINE(IP_TOS_IS_BROKEN)
69	AC_DEFINE(BROKEN_VHANGUP)	68	AC_DEFINE(BROKEN_VHANGUP)
70	no_pam=1
71	no_libsocket=1	69	no_libsocket=1
72	no_libnsl=1	70	no_libnsl=1
73	;;	71	;;
@@ -122,6 +120,7 @@ case "$host" in
122	;;	120	;;
123	--linux*)	121	--linux*)
124	no_dev_ptmx=1	122	no_dev_ptmx=1
		123	check_for_libcrypt_later=1
125	AC_DEFINE(DONT_TRY_OTHER_AF)	124	AC_DEFINE(DONT_TRY_OTHER_AF)
126	AC_DEFINE(PAM_TTY_KLUDGE)	125	AC_DEFINE(PAM_TTY_KLUDGE)
127	inet6_default_4in6=yes	126	inet6_default_4in6=yes
@@ -368,27 +367,30 @@ fi
368		367
369	AC_FUNC_GETPGRP	368	AC_FUNC_GETPGRP
370		369
		370	# Check for PAM libs
371	PAM_MSG="no"	371	PAM_MSG="no"
372	AC_ARG_WITH(pam,	372	AC_ARG_WITH(pam,
373	[ --without-pam Disable PAM support ],	373	[ --with-pam Enable PAM support ],
374	[	374	[
375	if test "x$withval" = "xno" ; then	375	if test "x$withval" != "xno" ; then
376	no_pam=1	376	if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then
377	AC_DEFINE(DISABLE_PAM)	377	AC_MSG_ERROR([PAM headers not found])
378	PAM_MSG="disabled"	378	fi
379	fi
380	]
381	)
382	if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; then
383	AC_CHECK_LIB(dl, dlopen, , )
384	LIBS="$LIBS -lpam"
385		379
386	AC_CHECK_FUNCS(pam_getenvlist)	380	AC_CHECK_LIB(dl, dlopen, , )
		381	AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
		382	AC_CHECK_FUNCS(pam_getenvlist)
387		383
388	disable_shadow=yes	384	disable_shadow=yes
		385	PAM_MSG="yes"
389		386
390	PAM_MSG="yes"	387	AC_DEFINE(USE_PAM)
		388	fi
		389	]
		390	)
391		391
		392	# Check for older PAM
		393	if test "x$PAM_MSG" = "xyes" ; then
392	# Check PAM strerror arguments (old PAM)	394	# Check PAM strerror arguments (old PAM)
393	AC_MSG_CHECKING([whether pam_strerror takes only one argument])	395	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
394	AC_TRY_COMPILE(	396	AC_TRY_COMPILE(
@@ -403,7 +405,7 @@ if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; t
403	AC_MSG_RESULT(yes)	405	AC_MSG_RESULT(yes)
404	PAM_MSG="yes (old library)"	406	PAM_MSG="yes (old library)"
405	]	407	]
406	)	408	)
407	fi	409	fi
408		410
409	# The big search for OpenSSL	411	# The big search for OpenSSL
@@ -425,7 +427,7 @@ fi
425	AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [	427	AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
426		428
427	for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do	429	for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
428	if test ! -z "$ssldir" ; then	430	if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
429	LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir"	431	LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir"
430	CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include"	432	CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include"
431	if test ! -z "$need_dash_r" ; then	433	if test ! -z "$need_dash_r" ; then
@@ -476,13 +478,16 @@ if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ;
476	AC_DEFINE(HAVE_OPENSSL)	478	AC_DEFINE(HAVE_OPENSSL)
477	dnl Need to recover ssldir - test above runs in subshell	479	dnl Need to recover ssldir - test above runs in subshell
478	ssldir=$ac_cv_openssldir	480	ssldir=$ac_cv_openssldir
479	CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include"	481
480	LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir"	482	if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
481	if test ! -z "$need_dash_r" ; then	483	CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include"
482	LDFLAGS="$LDFLAGS -R$ssldir/lib -R$ssldir"	484	LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir"
483	fi	485	if test ! -z "$need_dash_r" ; then
484	if test ! -z "$blibpath" ; then	486	LDFLAGS="$LDFLAGS -R$ssldir/lib -R$ssldir"
485	blibpath="$blibpath:$ssldir:$ssldir/lib"	487	fi
		488	if test ! -z "$blibpath" ; then
		489	blibpath="$blibpath:$ssldir:$ssldir/lib"
		490	fi
486	fi	491	fi
487	fi	492	fi
488	LIBS="$saved_LIBS -lcrypto"	493	LIBS="$saved_LIBS -lcrypto"
@@ -537,6 +542,12 @@ else
537	fi	542	fi
538	fi	543	fi
539		544
		545	# Some Linux systems (Slackware) need crypt() from libcrypt, not the
		546	# version in OpenSSL. Skip this for PAM
		547	if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then
		548	AC_CHECK_LIB(crypt, crypt, , )
		549	fi
		550
540	# Cheap hack to ensure NEWS-OS libraries are arranged right.	551	# Cheap hack to ensure NEWS-OS libraries are arranged right.
541	if test ! -z "$SONY" ; then	552	if test ! -z "$SONY" ; then
542	LIBS="$LIBS -liberty";	553	LIBS="$LIBS -liberty";


diff --git a/defines.h b/defines.h index 79aab5ab6..26c532c92 100644 --- a/defines.h +++ b/defines.h
@@ -332,10 +332,6 @@ struct winsize {
332	# define __attribute__(x)	332	# define __attribute__(x)
333	#endif /* !defined(__GNUC__) \|\| (__GNUC__ < 2) */	333	#endif /* !defined(__GNUC__) \|\| (__GNUC__ < 2) */
334		334
335	#if defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM)
336	# define USE_PAM
337	#endif /* defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM) */
338
339	#ifndef SUN_LEN	335	#ifndef SUN_LEN
340	#define SUN_LEN(su) \	336	#define SUN_LEN(su) \
341	(sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))	337	(sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))