13 files changed, 120 insertions, 88 deletions
diff --git a/ChangeLog b/ChangeLog
index 55051011f..9c29ac8ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,8 @@
 - NetBSD login.c compile fix from David Rankin 
  <drankin@bohemians.lexington.ky.us>
 - Fully set ut_tv if present in utmp or utmpx
+ - Portability fixes for Irix 5.3 (now compiles OK!)
+ - autoconf and other misc cleanups
 19991227
 - Automatically correct paths in manpages and configuration files. Patch
diff --git a/INSTALL b/INSTALL
index 1521dc6e3..17353d9e1 100644
--- a/INSTALL
+++ b/INSTALL
@@ -105,6 +105,11 @@ support. You will need libwrap.a and tcpd.h installed.
 --with-md5-passwords will enable the use of MD5 passwords. Enable this
 if your operating system uses MD5 passwords without using PAM.
+If you need to pass special options to the compiler or linker, you
+can specify these as enviornment variables before running ./configure.
+For example:
+CFLAGS="-O -m486" LFLAGS="-s" ./configure
 3. Configuration
 ----------------
diff --git a/Makefile.in b/Makefile.in
index f4e3ff4eb..2f2e31e81 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -85,7 +85,7 @@ gnome-ssh-askpass: gnome-ssh-askpass.c
        $(CC) $(CFLAGS) $(GNOME_CFLAGS) -o $@ gnome-ssh-askpass.c $(GNOME_LIBS)
 clean:
-        rm -f $(OBJS) $(TARGETS) config.status config.cache config.log core \
+        rm -f *.o $(TARGETS) config.status config.cache config.log core \
                *.1 *.8 sshd_config ssh_config
 manpages:
diff --git a/README b/README
index 1186edf25..fcf22f0d0 100644
--- a/README
+++ b/README
@@ -12,9 +12,9 @@ http://www.openssh.com/
 This port consists of the re-introduction of autoconf support, PAM
 support (for Linux and Solaris), EGD[1] support, and replacements
 for OpenBSD library functions that are (regrettably) absent from
-other unices. This port has been best tested on Linux, though some
+other unices. This port has been best tested on Linux, Solaris and
-Solaris support is beginning to filter in. This version actively
+HPUX, though support for AIX and Irix is underway. This version 
-tracks changes in the OpenBSD CVS repository.
+actively tracks changes in the OpenBSD CVS repository.
 The PAM support is now more functional than the popular packages of
 commercial ssh-1.2.x. It checks "account" and "session" modules for
diff --git a/TODO b/TODO
index 1d07c5c6b..ddd54621b 100644
--- a/TODO
+++ b/TODO
@@ -4,10 +4,6 @@
 - Better documentation
- Port to other platforms
- Better testing on non-PAM systems
 - Replace the horror in acconfig.h which tries to comphensate for the 
  lack of u_intXX_t types. There must be a better way.
diff --git a/acconfig.h b/acconfig.h
index f3a7225e2..fd9fe1fcb 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -6,6 +6,9 @@
 /* SSL directory.  */
 #undef ssldir
+/* Define if you want to disable PAM support */
+#undef DISABLE_PAM
 /* Define if you want to disable lastlog support */
 #undef DISABLE_LASTLOG
@@ -115,6 +118,9 @@
 /* Specify default $PATH */
 #undef USER_PATH
+/* Define if the inclusion of crypt.h breaks the build (e.g. Irix 5.x) */
+#undef CRYPT_H_BREAKS_BUILD
 @BOTTOM@
 /* ******************* Shouldn't need to edit below this line ************** */
diff --git a/auth-passwd.c b/auth-passwd.c
index 058dde82b..0311a493e 100644
--- a/auth-passwd.c
+++ b/auth-passwd.c
@@ -9,9 +9,9 @@
 #include "includes.h"
-#ifndef HAVE_LIBPAM
+#ifndef USE_PAM
-RCSID("$Id: auth-passwd.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
+RCSID("$Id: auth-passwd.c,v 1.12 1999/12/28 04:09:36 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
@@ -19,12 +19,14 @@ RCSID("$Id: auth-passwd.c,v 1.11 1999/12/24 23:11:29 damien Exp $");
 #include "xmalloc.h"
 #ifdef HAVE_SHADOW_H
-#include <shadow.h>
+# include <shadow.h>
-#endif
-#ifdef HAVE_MD5_PASSWORDS
-#include "md5crypt.h"
 #endif
+#if defined(HAVE_CRYPT_H) && !defined(CRYPT_H_BREAKS_BUILD)
+# include <crypt.h>
+#endif /* defined(HAVE_CRYPT_H) && !defined(CRYPT_H_BREAKS_BUILD) */
+#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
+# include "md5crypt.h"
+#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
 /*
 * Tries to authenticate the user using password.  Returns true if
@@ -101,4 +103,4 @@ auth_password(struct passwd * pw, const char *password)
        /* Authentication is accepted if the encrypted passwords are identical. */
        return (strcmp(encrypted_password, pw_password) == 0);
 }
-#endif /* !HAVE_LIBPAM */
+#endif /* !USE_PAM */
diff --git a/configure.in b/configure.in
index 6fb5d63c6..274111e2c 100644
--- a/configure.in
+++ b/configure.in
@@ -56,6 +56,12 @@ case "$host" in
 *-*-solaris*)
        AC_DEFINE(USE_UTMPX)
        ;;
+*-*-irix5*)
+        AC_DEFINE(CRYPT_H_BREAKS_BUILD)
+#       CFLAGS="$CFLAGS -shared"
+        no_libsocket=1
+        no_libnsl=1
+        ;;
 esac
 dnl Check for OpenSSL/SSLeay directories.
@@ -81,7 +87,6 @@ if test "$ssldir" != "/usr"; then
        CFLAGS="$CFLAGS -I$ssldir/include"
        LDFLAGS="$LDFLAGS -L$ssldir/lib"
 fi
-LIBS="$LIBS -lssl -lcrypto"
 AC_MSG_RESULT($ssldir)
 dnl Check for RSAref library.
@@ -96,28 +101,20 @@ dnl Checks for libraries.
 AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***]))
 AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***]))
 AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil")
-AC_CHECK_LIB(nsl, yp_match, , )
+AC_CHECK_LIB(crypt, crypt, , )
-AC_CHECK_LIB(socket, main, , )
-dnl Use ip address instead of hostname in $DISPLAY
+if test -z "$no_libsocket" ; then
-AC_ARG_WITH(pam,
+        AC_CHECK_LIB(nsl, yp_match, , )
-        [  --without-pam           Disable PAM support ],
+fi
-        [
+if test -z "$no_libnsl" ; then
-                if test "x$withval" != "xno" ; then
+        AC_CHECK_LIB(socket, main, , )
-                        no_pam=1
-                fi
-        ]
-)
-if test -z "$no_pam" ; then
-        AC_CHECK_LIB(dl, dlopen, , )
-        AC_CHECK_LIB(pam, pam_authenticate, , )
 fi
 dnl Checks for header files.
-AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h poll.h pty.h shadow.h sys/bsdtty.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h util.h utmp.h utmpx.h)
+AC_CHECK_HEADERS(bstring.h crypt.h endian.h lastlog.h login.h maillock.h netdb.h netgroup.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h util.h utmp.h utmpx.h)
 dnl Checks for library functions.
-AC_CHECK_FUNCS(arc4random getpagesize _getpty innetgr mkdtemp openpty setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf)
+AC_CHECK_FUNCS(arc4random getpagesize _getpty innetgr md5_crypt mkdtemp openpty setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf)
 AC_CHECK_FUNC(login, 
        [AC_DEFINE(HAVE_LOGIN)],
@@ -180,20 +177,34 @@ AC_TRY_COMPILE(
        [AC_MSG_RESULT(no)]
 ) 
-dnl Check PAM strerror arguments
+AC_ARG_WITH(pam,
-AC_MSG_CHECKING([whether pam_strerror takes only one argument])
+        [  --without-pam           Disable PAM support ],
-AC_TRY_COMPILE(
-        [
-                #include <stdlib.h>
-                #include <security/pam_appl.h>
-        ], 
-        [(void)pam_strerror((pam_handle_t *)NULL, -1);], 
-        [AC_MSG_RESULT(no)],
        [
-                AC_DEFINE(HAVE_OLD_PAM)
+                if test "x$withval" = "xno" ; then
-                AC_MSG_RESULT(yes)
+                        no_pam=1
+                        AC_DEFINE(DISABLE_PAM)
+                fi
        ]
-) 
+)
+if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then
+        AC_CHECK_LIB(dl, dlopen, , )
+        LIBS="$LIBS -lpam"
+        dnl Check PAM strerror arguments
+        AC_MSG_CHECKING([whether pam_strerror takes only one argument])
+        AC_TRY_COMPILE(
+                [
+                        #include <stdlib.h>
+                        #include <security/pam_appl.h>
+                ], 
+                [(void)pam_strerror((pam_handle_t *)NULL, -1);], 
+                [AC_MSG_RESULT(no)],
+                [
+                        AC_DEFINE(HAVE_OLD_PAM)
+                        AC_MSG_RESULT(yes)
+                ]
+        ) 
+fi
 AC_MSG_CHECKING([whether to build GNOME ssh-askpass])
 dnl Check whether user wants GNOME ssh-askpass
@@ -303,16 +314,18 @@ AC_ARG_WITH(lastlog,
                        fi
                done
                if test -z "$gotlastlog" ; then
-                        AC_MSG_WARN([*** Cannot find lastlog ***])
+                        AC_MSG_RESULT(not found)
                        nolastlog=1
                else
                        if test "x$gotlastlog" = "xdir" ; then
+                                AC_MSG_RESULT(${lastlog}/)
                                AC_DEFINE(LASTLOG_IS_DIR)
                                AC_MSG_WARN([*** Directory-based lastlogs are not yet supported ***])
                                nolastlog=1
+                        else
+                                AC_MSG_RESULT($lastlog)
+                                AC_DEFINE_UNQUOTED(LASTLOG_LOCATION, "$lastlog")
                        fi
-                        AC_MSG_RESULT($lastlog)
-                        AC_DEFINE_UNQUOTED(LASTLOG_LOCATION, "$lastlog")
                fi      
        ]
 )
diff --git a/defines.h b/defines.h
index 9d5d17f2b..bcab3c080 100644
--- a/defines.h
+++ b/defines.h
@@ -18,9 +18,13 @@
 #endif
 #ifdef HAVE_MAILLOCK_H
-#include <maillock.h>
+# include <maillock.h> /* For _PATH_MAILDIR */
 #endif
+#ifdef HAVE_SYS_CDEFS_H
+# include <sys/cdefs.h> /* For __P() */
+#endif 
 #ifndef SHUT_RDWR
 enum
 {
@@ -205,3 +209,8 @@ enum
 #  define _PATH_RSH RSH_PATH
 # endif /* RSH_PATH */
 #endif /* _PATH_RSH */
+#if defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM)
+# define USE_PAM
+#endif /* defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM) */
diff --git a/includes.h b/includes.h
index 0538bfbc3..7203d08c9 100644
--- a/includes.h
+++ b/includes.h
@@ -52,9 +52,15 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #include <time.h>
 #include <dirent.h>
+#ifdef HAVE_BSTRING_H
+# include <bstring.h>
+#endif 
 #ifdef HAVE_NETGROUP_H
 # include <netgroup.h>
 #endif 
+#ifdef HAVE_NETDB_H
+# include <netdb.h>
+#endif 
 #ifdef HAVE_PATHS_H
 # include <paths.h>
 #endif 
@@ -70,7 +76,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #ifdef HAVE_SYS_BSDTTY_H
 # include <sys/bsdtty.h>
 #endif
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
 # include <security/pam_appl.h>
 #endif
diff --git a/md5crypt.c b/md5crypt.c
index 15af422a6..16bcf33a1 100644
--- a/md5crypt.c
+++ b/md5crypt.c
@@ -17,7 +17,7 @@
 #include "config.h"
-#ifdef HAVE_MD5_PASSWORDS
+#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
 #include <unistd.h>
 #include <string.h>
@@ -163,4 +163,4 @@ md5_crypt(const char *pw, const char *salt)
        return passwd;
 }
-#endif  /* HAVE_MD5_PASSWORDS */
+#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
diff --git a/md5crypt.h b/md5crypt.h
index f1d185721..2e018d878 100644
--- a/md5crypt.h
+++ b/md5crypt.h
@@ -20,18 +20,11 @@
 #include "config.h"
-#include <unistd.h>
+#if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT)
-#include <string.h>
-#ifdef HAVE_OPENSSL
-#include <openssl/md5.h>
-#endif
-#ifdef HAVE_SSL
-#include <ssl/md5.h>
-#endif
 int is_md5_salt(const char *salt);
 char *md5_crypt(const char *pw, const char *salt);
+#endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */
 #endif /* MD5CRYPT_H */
diff --git a/sshd.c b/sshd.c
index f5274a425..bc913a2a5 100644
--- a/sshd.c
+++ b/sshd.c
@@ -11,7 +11,7 @@
 */
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.45 1999/12/26 23:55:23 damien Exp $");
+RCSID("$Id: sshd.c,v 1.46 1999/12/28 04:09:36 damien Exp $");
 #ifdef HAVE_POLL_H
 # include <poll.h>
@@ -143,7 +143,7 @@ void do_child(const char *command, struct passwd * pw, const char *term,
              const char *display, const char *auth_proto,
              const char *auth_data, const char *ttyname);
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
 static int pamconv(int num_msg, const struct pam_message **msg,
          struct pam_response **resp, void *appdata_ptr);
 int do_pam_auth(const char *user, const char *password);
@@ -301,7 +301,7 @@ void do_pam_session(char *username, char *ttyname)
        if (pam_retval != PAM_SUCCESS)
                fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 }
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
 /*
 * Signal handler for SIGHUP.  Sshd execs itself when it receives SIGHUP;
@@ -952,7 +952,7 @@ main(int ac, char **av)
        /* The connection has been terminated. */
        verbose("Closing connection to %.100s", remote_ip);
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
        {
                int retval;
@@ -967,7 +967,7 @@ main(int ac, char **av)
                        fatal_remove_cleanup(&pam_cleanup_proc, NULL);
                }
        }
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
        packet_close();
        exit(0);
@@ -1285,7 +1285,7 @@ do_authentication(char *user)
        pwcopy.pw_shell = xstrdup(pw->pw_shell);
        pw = &pwcopy;
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
        {
                int pam_retval;
@@ -1313,11 +1313,11 @@ do_authentication(char *user)
 #ifdef KRB4
            (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif /* KRB4 */
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
            do_pam_auth(pw->pw_name, "")) {
-#else /* HAVE_LIBPAM */
+#else /* USE_PAM */
            auth_password(pw, "")) {
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
                /* Authentication with empty password succeeded. */
                log("Login for user %s from %.100s, accepted without authentication.",
                    pw->pw_name, get_remote_ipaddr());
@@ -1457,9 +1457,9 @@ do_authloop(struct passwd * pw)
                        authenticated = auth_rhosts(pw, client_user);
                        snprintf(user, sizeof user, " ruser %s", client_user);
-#ifndef HAVE_LIBPAM
+#ifndef USE_PAM
                        xfree(client_user);
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
                        break;
                case SSH_CMSG_AUTH_RHOSTS_RSA:
@@ -1492,9 +1492,9 @@ do_authloop(struct passwd * pw)
                        BN_clear_free(client_host_key_n);
                        snprintf(user, sizeof user, " ruser %s", client_user);
-#ifndef HAVE_LIBPAM
+#ifndef USE_PAM
                        xfree(client_user);
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
                        break;
                case SSH_CMSG_AUTH_RSA:
@@ -1523,13 +1523,13 @@ do_authloop(struct passwd * pw)
                        password = packet_get_string(&dlen);
                        packet_integrity_check(plen, 4 + dlen, type);
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
                        /* Do PAM auth with password */
                        authenticated = do_pam_auth(pw->pw_name, password);
-#else /* HAVE_LIBPAM */
+#else /* USE_PAM */
                        /* Try authentication with the password. */
                        authenticated = auth_password(pw, password);
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
                        memset(password, 0, strlen(password));
                        xfree(password);
                        break;
@@ -1595,13 +1595,13 @@ do_authloop(struct passwd * pw)
                        get_remote_port(),
                        user);
-#ifndef HAVE_LIBPAM
+#ifndef USE_PAM
                if (authenticated)
                        return;
                if (attempt > AUTH_FAIL_MAX)
                        packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
-#else /* HAVE_LIBPAM */
+#else /* USE_PAM */
                if (authenticated) {
                        do_pam_account(pw->pw_name, client_user);
@@ -1617,7 +1617,7 @@ do_authloop(struct passwd * pw)
                        packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
                }
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
                /* Send a message indicating that the authentication attempt failed. */
                packet_start(SSH_SMSG_FAILURE);
@@ -1823,10 +1823,10 @@ do_authenticated(struct passwd * pw)
                        /* Indicate that we now have a pty. */
                        have_pty = 1;
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
                        /* do the pam_open_session since we have the pty */
                        do_pam_session(pw->pw_name,ttyname);
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
                        break;
@@ -2194,7 +2194,7 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd,
                snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir);
                quiet_login = stat(line, &st) >= 0;
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
                /* output the results of the pamconv() */
                if (!quiet_login && pamconv_msg != NULL)
                        fprintf(stderr, pamconv_msg);
@@ -2382,7 +2382,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
        struct stat st;
        char *argv[10];
-#ifndef HAVE_LIBPAM /* pam_nologin handles this */
+#ifndef USE_PAM /* pam_nologin handles this */
        /* Check /etc/nologin. */
        f = fopen("/etc/nologin", "r");
        if (f) {
@@ -2393,7 +2393,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
                if (pw->pw_uid != 0)
                        exit(254);
        }
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
 #ifdef HAVE_SETLOGIN
        /* Set login name in the kernel. */
@@ -2498,7 +2498,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
        }
 #endif /* KRB4 */
-#ifdef HAVE_LIBPAM
+#ifdef USE_PAM
        /* Pull in any environment variables that may have been set by PAM. */
        {
                char *equals, var_name[512], var_val[512];
@@ -2517,7 +2517,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
                        }
                }
        }
-#endif /* HAVE_LIBPAM */
+#endif /* USE_PAM */
        if (xauthfile)
                child_set_env(&env, &envsize, "XAUTHORITY", xauthfile);