diff options
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | INSTALL | 5 | ||||
-rw-r--r-- | Makefile.in | 2 | ||||
-rw-r--r-- | README | 6 | ||||
-rw-r--r-- | TODO | 4 | ||||
-rw-r--r-- | acconfig.h | 6 | ||||
-rw-r--r-- | auth-passwd.c | 18 | ||||
-rw-r--r-- | configure.in | 77 | ||||
-rw-r--r-- | defines.h | 11 | ||||
-rw-r--r-- | includes.h | 8 | ||||
-rw-r--r-- | md5crypt.c | 4 | ||||
-rw-r--r-- | md5crypt.h | 13 | ||||
-rw-r--r-- | sshd.c | 52 |
13 files changed, 120 insertions, 88 deletions
@@ -3,6 +3,8 @@ | |||
3 | - NetBSD login.c compile fix from David Rankin | 3 | - NetBSD login.c compile fix from David Rankin |
4 | <drankin@bohemians.lexington.ky.us> | 4 | <drankin@bohemians.lexington.ky.us> |
5 | - Fully set ut_tv if present in utmp or utmpx | 5 | - Fully set ut_tv if present in utmp or utmpx |
6 | - Portability fixes for Irix 5.3 (now compiles OK!) | ||
7 | - autoconf and other misc cleanups | ||
6 | 8 | ||
7 | 19991227 | 9 | 19991227 |
8 | - Automatically correct paths in manpages and configuration files. Patch | 10 | - Automatically correct paths in manpages and configuration files. Patch |
@@ -105,6 +105,11 @@ support. You will need libwrap.a and tcpd.h installed. | |||
105 | --with-md5-passwords will enable the use of MD5 passwords. Enable this | 105 | --with-md5-passwords will enable the use of MD5 passwords. Enable this |
106 | if your operating system uses MD5 passwords without using PAM. | 106 | if your operating system uses MD5 passwords without using PAM. |
107 | 107 | ||
108 | If you need to pass special options to the compiler or linker, you | ||
109 | can specify these as enviornment variables before running ./configure. | ||
110 | For example: | ||
111 | |||
112 | CFLAGS="-O -m486" LFLAGS="-s" ./configure | ||
108 | 113 | ||
109 | 3. Configuration | 114 | 3. Configuration |
110 | ---------------- | 115 | ---------------- |
diff --git a/Makefile.in b/Makefile.in index f4e3ff4eb..2f2e31e81 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -85,7 +85,7 @@ gnome-ssh-askpass: gnome-ssh-askpass.c | |||
85 | $(CC) $(CFLAGS) $(GNOME_CFLAGS) -o $@ gnome-ssh-askpass.c $(GNOME_LIBS) | 85 | $(CC) $(CFLAGS) $(GNOME_CFLAGS) -o $@ gnome-ssh-askpass.c $(GNOME_LIBS) |
86 | 86 | ||
87 | clean: | 87 | clean: |
88 | rm -f $(OBJS) $(TARGETS) config.status config.cache config.log core \ | 88 | rm -f *.o $(TARGETS) config.status config.cache config.log core \ |
89 | *.1 *.8 sshd_config ssh_config | 89 | *.1 *.8 sshd_config ssh_config |
90 | 90 | ||
91 | manpages: | 91 | manpages: |
@@ -12,9 +12,9 @@ http://www.openssh.com/ | |||
12 | This port consists of the re-introduction of autoconf support, PAM | 12 | This port consists of the re-introduction of autoconf support, PAM |
13 | support (for Linux and Solaris), EGD[1] support, and replacements | 13 | support (for Linux and Solaris), EGD[1] support, and replacements |
14 | for OpenBSD library functions that are (regrettably) absent from | 14 | for OpenBSD library functions that are (regrettably) absent from |
15 | other unices. This port has been best tested on Linux, though some | 15 | other unices. This port has been best tested on Linux, Solaris and |
16 | Solaris support is beginning to filter in. This version actively | 16 | HPUX, though support for AIX and Irix is underway. This version |
17 | tracks changes in the OpenBSD CVS repository. | 17 | actively tracks changes in the OpenBSD CVS repository. |
18 | 18 | ||
19 | The PAM support is now more functional than the popular packages of | 19 | The PAM support is now more functional than the popular packages of |
20 | commercial ssh-1.2.x. It checks "account" and "session" modules for | 20 | commercial ssh-1.2.x. It checks "account" and "session" modules for |
@@ -4,10 +4,6 @@ | |||
4 | 4 | ||
5 | - Better documentation | 5 | - Better documentation |
6 | 6 | ||
7 | - Port to other platforms | ||
8 | |||
9 | - Better testing on non-PAM systems | ||
10 | |||
11 | - Replace the horror in acconfig.h which tries to comphensate for the | 7 | - Replace the horror in acconfig.h which tries to comphensate for the |
12 | lack of u_intXX_t types. There must be a better way. | 8 | lack of u_intXX_t types. There must be a better way. |
13 | 9 | ||
diff --git a/acconfig.h b/acconfig.h index f3a7225e2..fd9fe1fcb 100644 --- a/acconfig.h +++ b/acconfig.h | |||
@@ -6,6 +6,9 @@ | |||
6 | /* SSL directory. */ | 6 | /* SSL directory. */ |
7 | #undef ssldir | 7 | #undef ssldir |
8 | 8 | ||
9 | /* Define if you want to disable PAM support */ | ||
10 | #undef DISABLE_PAM | ||
11 | |||
9 | /* Define if you want to disable lastlog support */ | 12 | /* Define if you want to disable lastlog support */ |
10 | #undef DISABLE_LASTLOG | 13 | #undef DISABLE_LASTLOG |
11 | 14 | ||
@@ -115,6 +118,9 @@ | |||
115 | /* Specify default $PATH */ | 118 | /* Specify default $PATH */ |
116 | #undef USER_PATH | 119 | #undef USER_PATH |
117 | 120 | ||
121 | /* Define if the inclusion of crypt.h breaks the build (e.g. Irix 5.x) */ | ||
122 | #undef CRYPT_H_BREAKS_BUILD | ||
123 | |||
118 | @BOTTOM@ | 124 | @BOTTOM@ |
119 | 125 | ||
120 | /* ******************* Shouldn't need to edit below this line ************** */ | 126 | /* ******************* Shouldn't need to edit below this line ************** */ |
diff --git a/auth-passwd.c b/auth-passwd.c index 058dde82b..0311a493e 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -9,9 +9,9 @@ | |||
9 | 9 | ||
10 | #include "includes.h" | 10 | #include "includes.h" |
11 | 11 | ||
12 | #ifndef HAVE_LIBPAM | 12 | #ifndef USE_PAM |
13 | 13 | ||
14 | RCSID("$Id: auth-passwd.c,v 1.11 1999/12/24 23:11:29 damien Exp $"); | 14 | RCSID("$Id: auth-passwd.c,v 1.12 1999/12/28 04:09:36 damien Exp $"); |
15 | 15 | ||
16 | #include "packet.h" | 16 | #include "packet.h" |
17 | #include "ssh.h" | 17 | #include "ssh.h" |
@@ -19,12 +19,14 @@ RCSID("$Id: auth-passwd.c,v 1.11 1999/12/24 23:11:29 damien Exp $"); | |||
19 | #include "xmalloc.h" | 19 | #include "xmalloc.h" |
20 | 20 | ||
21 | #ifdef HAVE_SHADOW_H | 21 | #ifdef HAVE_SHADOW_H |
22 | #include <shadow.h> | 22 | # include <shadow.h> |
23 | #endif | ||
24 | |||
25 | #ifdef HAVE_MD5_PASSWORDS | ||
26 | #include "md5crypt.h" | ||
27 | #endif | 23 | #endif |
24 | #if defined(HAVE_CRYPT_H) && !defined(CRYPT_H_BREAKS_BUILD) | ||
25 | # include <crypt.h> | ||
26 | #endif /* defined(HAVE_CRYPT_H) && !defined(CRYPT_H_BREAKS_BUILD) */ | ||
27 | #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) | ||
28 | # include "md5crypt.h" | ||
29 | #endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ | ||
28 | 30 | ||
29 | /* | 31 | /* |
30 | * Tries to authenticate the user using password. Returns true if | 32 | * Tries to authenticate the user using password. Returns true if |
@@ -101,4 +103,4 @@ auth_password(struct passwd * pw, const char *password) | |||
101 | /* Authentication is accepted if the encrypted passwords are identical. */ | 103 | /* Authentication is accepted if the encrypted passwords are identical. */ |
102 | return (strcmp(encrypted_password, pw_password) == 0); | 104 | return (strcmp(encrypted_password, pw_password) == 0); |
103 | } | 105 | } |
104 | #endif /* !HAVE_LIBPAM */ | 106 | #endif /* !USE_PAM */ |
diff --git a/configure.in b/configure.in index 6fb5d63c6..274111e2c 100644 --- a/configure.in +++ b/configure.in | |||
@@ -56,6 +56,12 @@ case "$host" in | |||
56 | *-*-solaris*) | 56 | *-*-solaris*) |
57 | AC_DEFINE(USE_UTMPX) | 57 | AC_DEFINE(USE_UTMPX) |
58 | ;; | 58 | ;; |
59 | *-*-irix5*) | ||
60 | AC_DEFINE(CRYPT_H_BREAKS_BUILD) | ||
61 | # CFLAGS="$CFLAGS -shared" | ||
62 | no_libsocket=1 | ||
63 | no_libnsl=1 | ||
64 | ;; | ||
59 | esac | 65 | esac |
60 | 66 | ||
61 | dnl Check for OpenSSL/SSLeay directories. | 67 | dnl Check for OpenSSL/SSLeay directories. |
@@ -81,7 +87,6 @@ if test "$ssldir" != "/usr"; then | |||
81 | CFLAGS="$CFLAGS -I$ssldir/include" | 87 | CFLAGS="$CFLAGS -I$ssldir/include" |
82 | LDFLAGS="$LDFLAGS -L$ssldir/lib" | 88 | LDFLAGS="$LDFLAGS -L$ssldir/lib" |
83 | fi | 89 | fi |
84 | LIBS="$LIBS -lssl -lcrypto" | ||
85 | AC_MSG_RESULT($ssldir) | 90 | AC_MSG_RESULT($ssldir) |
86 | 91 | ||
87 | dnl Check for RSAref library. | 92 | dnl Check for RSAref library. |
@@ -96,28 +101,20 @@ dnl Checks for libraries. | |||
96 | AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***])) | 101 | AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***])) |
97 | AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) | 102 | AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) |
98 | AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil") | 103 | AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil") |
99 | AC_CHECK_LIB(nsl, yp_match, , ) | 104 | AC_CHECK_LIB(crypt, crypt, , ) |
100 | AC_CHECK_LIB(socket, main, , ) | ||
101 | 105 | ||
102 | dnl Use ip address instead of hostname in $DISPLAY | 106 | if test -z "$no_libsocket" ; then |
103 | AC_ARG_WITH(pam, | 107 | AC_CHECK_LIB(nsl, yp_match, , ) |
104 | [ --without-pam Disable PAM support ], | 108 | fi |
105 | [ | 109 | if test -z "$no_libnsl" ; then |
106 | if test "x$withval" != "xno" ; then | 110 | AC_CHECK_LIB(socket, main, , ) |
107 | no_pam=1 | ||
108 | fi | ||
109 | ] | ||
110 | ) | ||
111 | if test -z "$no_pam" ; then | ||
112 | AC_CHECK_LIB(dl, dlopen, , ) | ||
113 | AC_CHECK_LIB(pam, pam_authenticate, , ) | ||
114 | fi | 111 | fi |
115 | 112 | ||
116 | dnl Checks for header files. | 113 | dnl Checks for header files. |
117 | AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h poll.h pty.h shadow.h sys/bsdtty.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h util.h utmp.h utmpx.h) | 114 | AC_CHECK_HEADERS(bstring.h crypt.h endian.h lastlog.h login.h maillock.h netdb.h netgroup.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h util.h utmp.h utmpx.h) |
118 | 115 | ||
119 | dnl Checks for library functions. | 116 | dnl Checks for library functions. |
120 | AC_CHECK_FUNCS(arc4random getpagesize _getpty innetgr mkdtemp openpty setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf) | 117 | AC_CHECK_FUNCS(arc4random getpagesize _getpty innetgr md5_crypt mkdtemp openpty setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf) |
121 | 118 | ||
122 | AC_CHECK_FUNC(login, | 119 | AC_CHECK_FUNC(login, |
123 | [AC_DEFINE(HAVE_LOGIN)], | 120 | [AC_DEFINE(HAVE_LOGIN)], |
@@ -180,20 +177,34 @@ AC_TRY_COMPILE( | |||
180 | [AC_MSG_RESULT(no)] | 177 | [AC_MSG_RESULT(no)] |
181 | ) | 178 | ) |
182 | 179 | ||
183 | dnl Check PAM strerror arguments | 180 | AC_ARG_WITH(pam, |
184 | AC_MSG_CHECKING([whether pam_strerror takes only one argument]) | 181 | [ --without-pam Disable PAM support ], |
185 | AC_TRY_COMPILE( | ||
186 | [ | ||
187 | #include <stdlib.h> | ||
188 | #include <security/pam_appl.h> | ||
189 | ], | ||
190 | [(void)pam_strerror((pam_handle_t *)NULL, -1);], | ||
191 | [AC_MSG_RESULT(no)], | ||
192 | [ | 182 | [ |
193 | AC_DEFINE(HAVE_OLD_PAM) | 183 | if test "x$withval" = "xno" ; then |
194 | AC_MSG_RESULT(yes) | 184 | no_pam=1 |
185 | AC_DEFINE(DISABLE_PAM) | ||
186 | fi | ||
195 | ] | 187 | ] |
196 | ) | 188 | ) |
189 | |||
190 | if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then | ||
191 | AC_CHECK_LIB(dl, dlopen, , ) | ||
192 | LIBS="$LIBS -lpam" | ||
193 | dnl Check PAM strerror arguments | ||
194 | AC_MSG_CHECKING([whether pam_strerror takes only one argument]) | ||
195 | AC_TRY_COMPILE( | ||
196 | [ | ||
197 | #include <stdlib.h> | ||
198 | #include <security/pam_appl.h> | ||
199 | ], | ||
200 | [(void)pam_strerror((pam_handle_t *)NULL, -1);], | ||
201 | [AC_MSG_RESULT(no)], | ||
202 | [ | ||
203 | AC_DEFINE(HAVE_OLD_PAM) | ||
204 | AC_MSG_RESULT(yes) | ||
205 | ] | ||
206 | ) | ||
207 | fi | ||
197 | 208 | ||
198 | AC_MSG_CHECKING([whether to build GNOME ssh-askpass]) | 209 | AC_MSG_CHECKING([whether to build GNOME ssh-askpass]) |
199 | dnl Check whether user wants GNOME ssh-askpass | 210 | dnl Check whether user wants GNOME ssh-askpass |
@@ -303,16 +314,18 @@ AC_ARG_WITH(lastlog, | |||
303 | fi | 314 | fi |
304 | done | 315 | done |
305 | if test -z "$gotlastlog" ; then | 316 | if test -z "$gotlastlog" ; then |
306 | AC_MSG_WARN([*** Cannot find lastlog ***]) | 317 | AC_MSG_RESULT(not found) |
307 | nolastlog=1 | 318 | nolastlog=1 |
308 | else | 319 | else |
309 | if test "x$gotlastlog" = "xdir" ; then | 320 | if test "x$gotlastlog" = "xdir" ; then |
321 | AC_MSG_RESULT(${lastlog}/) | ||
310 | AC_DEFINE(LASTLOG_IS_DIR) | 322 | AC_DEFINE(LASTLOG_IS_DIR) |
311 | AC_MSG_WARN([*** Directory-based lastlogs are not yet supported ***]) | 323 | AC_MSG_WARN([*** Directory-based lastlogs are not yet supported ***]) |
312 | nolastlog=1 | 324 | nolastlog=1 |
325 | else | ||
326 | AC_MSG_RESULT($lastlog) | ||
327 | AC_DEFINE_UNQUOTED(LASTLOG_LOCATION, "$lastlog") | ||
313 | fi | 328 | fi |
314 | AC_MSG_RESULT($lastlog) | ||
315 | AC_DEFINE_UNQUOTED(LASTLOG_LOCATION, "$lastlog") | ||
316 | fi | 329 | fi |
317 | ] | 330 | ] |
318 | ) | 331 | ) |
@@ -18,9 +18,13 @@ | |||
18 | #endif | 18 | #endif |
19 | 19 | ||
20 | #ifdef HAVE_MAILLOCK_H | 20 | #ifdef HAVE_MAILLOCK_H |
21 | #include <maillock.h> | 21 | # include <maillock.h> /* For _PATH_MAILDIR */ |
22 | #endif | 22 | #endif |
23 | 23 | ||
24 | #ifdef HAVE_SYS_CDEFS_H | ||
25 | # include <sys/cdefs.h> /* For __P() */ | ||
26 | #endif | ||
27 | |||
24 | #ifndef SHUT_RDWR | 28 | #ifndef SHUT_RDWR |
25 | enum | 29 | enum |
26 | { | 30 | { |
@@ -205,3 +209,8 @@ enum | |||
205 | # define _PATH_RSH RSH_PATH | 209 | # define _PATH_RSH RSH_PATH |
206 | # endif /* RSH_PATH */ | 210 | # endif /* RSH_PATH */ |
207 | #endif /* _PATH_RSH */ | 211 | #endif /* _PATH_RSH */ |
212 | |||
213 | #if defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM) | ||
214 | # define USE_PAM | ||
215 | #endif /* defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM) */ | ||
216 | |||
diff --git a/includes.h b/includes.h index 0538bfbc3..7203d08c9 100644 --- a/includes.h +++ b/includes.h | |||
@@ -52,9 +52,15 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } | |||
52 | #include <time.h> | 52 | #include <time.h> |
53 | #include <dirent.h> | 53 | #include <dirent.h> |
54 | 54 | ||
55 | #ifdef HAVE_BSTRING_H | ||
56 | # include <bstring.h> | ||
57 | #endif | ||
55 | #ifdef HAVE_NETGROUP_H | 58 | #ifdef HAVE_NETGROUP_H |
56 | # include <netgroup.h> | 59 | # include <netgroup.h> |
57 | #endif | 60 | #endif |
61 | #ifdef HAVE_NETDB_H | ||
62 | # include <netdb.h> | ||
63 | #endif | ||
58 | #ifdef HAVE_PATHS_H | 64 | #ifdef HAVE_PATHS_H |
59 | # include <paths.h> | 65 | # include <paths.h> |
60 | #endif | 66 | #endif |
@@ -70,7 +76,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } | |||
70 | #ifdef HAVE_SYS_BSDTTY_H | 76 | #ifdef HAVE_SYS_BSDTTY_H |
71 | # include <sys/bsdtty.h> | 77 | # include <sys/bsdtty.h> |
72 | #endif | 78 | #endif |
73 | #ifdef HAVE_LIBPAM | 79 | #ifdef USE_PAM |
74 | # include <security/pam_appl.h> | 80 | # include <security/pam_appl.h> |
75 | #endif | 81 | #endif |
76 | 82 | ||
diff --git a/md5crypt.c b/md5crypt.c index 15af422a6..16bcf33a1 100644 --- a/md5crypt.c +++ b/md5crypt.c | |||
@@ -17,7 +17,7 @@ | |||
17 | 17 | ||
18 | #include "config.h" | 18 | #include "config.h" |
19 | 19 | ||
20 | #ifdef HAVE_MD5_PASSWORDS | 20 | #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) |
21 | 21 | ||
22 | #include <unistd.h> | 22 | #include <unistd.h> |
23 | #include <string.h> | 23 | #include <string.h> |
@@ -163,4 +163,4 @@ md5_crypt(const char *pw, const char *salt) | |||
163 | return passwd; | 163 | return passwd; |
164 | } | 164 | } |
165 | 165 | ||
166 | #endif /* HAVE_MD5_PASSWORDS */ | 166 | #endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ |
diff --git a/md5crypt.h b/md5crypt.h index f1d185721..2e018d878 100644 --- a/md5crypt.h +++ b/md5crypt.h | |||
@@ -20,18 +20,11 @@ | |||
20 | 20 | ||
21 | #include "config.h" | 21 | #include "config.h" |
22 | 22 | ||
23 | #include <unistd.h> | 23 | #if defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) |
24 | #include <string.h> | ||
25 | |||
26 | #ifdef HAVE_OPENSSL | ||
27 | #include <openssl/md5.h> | ||
28 | #endif | ||
29 | |||
30 | #ifdef HAVE_SSL | ||
31 | #include <ssl/md5.h> | ||
32 | #endif | ||
33 | 24 | ||
34 | int is_md5_salt(const char *salt); | 25 | int is_md5_salt(const char *salt); |
35 | char *md5_crypt(const char *pw, const char *salt); | 26 | char *md5_crypt(const char *pw, const char *salt); |
36 | 27 | ||
28 | #endif /* defined(HAVE_MD5_PASSWORDS) && !defined(HAVE_MD5_CRYPT) */ | ||
29 | |||
37 | #endif /* MD5CRYPT_H */ | 30 | #endif /* MD5CRYPT_H */ |
@@ -11,7 +11,7 @@ | |||
11 | */ | 11 | */ |
12 | 12 | ||
13 | #include "includes.h" | 13 | #include "includes.h" |
14 | RCSID("$Id: sshd.c,v 1.45 1999/12/26 23:55:23 damien Exp $"); | 14 | RCSID("$Id: sshd.c,v 1.46 1999/12/28 04:09:36 damien Exp $"); |
15 | 15 | ||
16 | #ifdef HAVE_POLL_H | 16 | #ifdef HAVE_POLL_H |
17 | # include <poll.h> | 17 | # include <poll.h> |
@@ -143,7 +143,7 @@ void do_child(const char *command, struct passwd * pw, const char *term, | |||
143 | const char *display, const char *auth_proto, | 143 | const char *display, const char *auth_proto, |
144 | const char *auth_data, const char *ttyname); | 144 | const char *auth_data, const char *ttyname); |
145 | 145 | ||
146 | #ifdef HAVE_LIBPAM | 146 | #ifdef USE_PAM |
147 | static int pamconv(int num_msg, const struct pam_message **msg, | 147 | static int pamconv(int num_msg, const struct pam_message **msg, |
148 | struct pam_response **resp, void *appdata_ptr); | 148 | struct pam_response **resp, void *appdata_ptr); |
149 | int do_pam_auth(const char *user, const char *password); | 149 | int do_pam_auth(const char *user, const char *password); |
@@ -301,7 +301,7 @@ void do_pam_session(char *username, char *ttyname) | |||
301 | if (pam_retval != PAM_SUCCESS) | 301 | if (pam_retval != PAM_SUCCESS) |
302 | fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); | 302 | fatal("PAM session setup failed: %.200s", PAM_STRERROR((pam_handle_t *)pamh, pam_retval)); |
303 | } | 303 | } |
304 | #endif /* HAVE_LIBPAM */ | 304 | #endif /* USE_PAM */ |
305 | 305 | ||
306 | /* | 306 | /* |
307 | * Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP; | 307 | * Signal handler for SIGHUP. Sshd execs itself when it receives SIGHUP; |
@@ -952,7 +952,7 @@ main(int ac, char **av) | |||
952 | /* The connection has been terminated. */ | 952 | /* The connection has been terminated. */ |
953 | verbose("Closing connection to %.100s", remote_ip); | 953 | verbose("Closing connection to %.100s", remote_ip); |
954 | 954 | ||
955 | #ifdef HAVE_LIBPAM | 955 | #ifdef USE_PAM |
956 | { | 956 | { |
957 | int retval; | 957 | int retval; |
958 | 958 | ||
@@ -967,7 +967,7 @@ main(int ac, char **av) | |||
967 | fatal_remove_cleanup(&pam_cleanup_proc, NULL); | 967 | fatal_remove_cleanup(&pam_cleanup_proc, NULL); |
968 | } | 968 | } |
969 | } | 969 | } |
970 | #endif /* HAVE_LIBPAM */ | 970 | #endif /* USE_PAM */ |
971 | 971 | ||
972 | packet_close(); | 972 | packet_close(); |
973 | exit(0); | 973 | exit(0); |
@@ -1285,7 +1285,7 @@ do_authentication(char *user) | |||
1285 | pwcopy.pw_shell = xstrdup(pw->pw_shell); | 1285 | pwcopy.pw_shell = xstrdup(pw->pw_shell); |
1286 | pw = &pwcopy; | 1286 | pw = &pwcopy; |
1287 | 1287 | ||
1288 | #ifdef HAVE_LIBPAM | 1288 | #ifdef USE_PAM |
1289 | { | 1289 | { |
1290 | int pam_retval; | 1290 | int pam_retval; |
1291 | 1291 | ||
@@ -1313,11 +1313,11 @@ do_authentication(char *user) | |||
1313 | #ifdef KRB4 | 1313 | #ifdef KRB4 |
1314 | (!options.kerberos_authentication || options.kerberos_or_local_passwd) && | 1314 | (!options.kerberos_authentication || options.kerberos_or_local_passwd) && |
1315 | #endif /* KRB4 */ | 1315 | #endif /* KRB4 */ |
1316 | #ifdef HAVE_LIBPAM | 1316 | #ifdef USE_PAM |
1317 | do_pam_auth(pw->pw_name, "")) { | 1317 | do_pam_auth(pw->pw_name, "")) { |
1318 | #else /* HAVE_LIBPAM */ | 1318 | #else /* USE_PAM */ |
1319 | auth_password(pw, "")) { | 1319 | auth_password(pw, "")) { |
1320 | #endif /* HAVE_LIBPAM */ | 1320 | #endif /* USE_PAM */ |
1321 | /* Authentication with empty password succeeded. */ | 1321 | /* Authentication with empty password succeeded. */ |
1322 | log("Login for user %s from %.100s, accepted without authentication.", | 1322 | log("Login for user %s from %.100s, accepted without authentication.", |
1323 | pw->pw_name, get_remote_ipaddr()); | 1323 | pw->pw_name, get_remote_ipaddr()); |
@@ -1457,9 +1457,9 @@ do_authloop(struct passwd * pw) | |||
1457 | authenticated = auth_rhosts(pw, client_user); | 1457 | authenticated = auth_rhosts(pw, client_user); |
1458 | 1458 | ||
1459 | snprintf(user, sizeof user, " ruser %s", client_user); | 1459 | snprintf(user, sizeof user, " ruser %s", client_user); |
1460 | #ifndef HAVE_LIBPAM | 1460 | #ifndef USE_PAM |
1461 | xfree(client_user); | 1461 | xfree(client_user); |
1462 | #endif /* HAVE_LIBPAM */ | 1462 | #endif /* USE_PAM */ |
1463 | break; | 1463 | break; |
1464 | 1464 | ||
1465 | case SSH_CMSG_AUTH_RHOSTS_RSA: | 1465 | case SSH_CMSG_AUTH_RHOSTS_RSA: |
@@ -1492,9 +1492,9 @@ do_authloop(struct passwd * pw) | |||
1492 | BN_clear_free(client_host_key_n); | 1492 | BN_clear_free(client_host_key_n); |
1493 | 1493 | ||
1494 | snprintf(user, sizeof user, " ruser %s", client_user); | 1494 | snprintf(user, sizeof user, " ruser %s", client_user); |
1495 | #ifndef HAVE_LIBPAM | 1495 | #ifndef USE_PAM |
1496 | xfree(client_user); | 1496 | xfree(client_user); |
1497 | #endif /* HAVE_LIBPAM */ | 1497 | #endif /* USE_PAM */ |
1498 | break; | 1498 | break; |
1499 | 1499 | ||
1500 | case SSH_CMSG_AUTH_RSA: | 1500 | case SSH_CMSG_AUTH_RSA: |
@@ -1523,13 +1523,13 @@ do_authloop(struct passwd * pw) | |||
1523 | password = packet_get_string(&dlen); | 1523 | password = packet_get_string(&dlen); |
1524 | packet_integrity_check(plen, 4 + dlen, type); | 1524 | packet_integrity_check(plen, 4 + dlen, type); |
1525 | 1525 | ||
1526 | #ifdef HAVE_LIBPAM | 1526 | #ifdef USE_PAM |
1527 | /* Do PAM auth with password */ | 1527 | /* Do PAM auth with password */ |
1528 | authenticated = do_pam_auth(pw->pw_name, password); | 1528 | authenticated = do_pam_auth(pw->pw_name, password); |
1529 | #else /* HAVE_LIBPAM */ | 1529 | #else /* USE_PAM */ |
1530 | /* Try authentication with the password. */ | 1530 | /* Try authentication with the password. */ |
1531 | authenticated = auth_password(pw, password); | 1531 | authenticated = auth_password(pw, password); |
1532 | #endif /* HAVE_LIBPAM */ | 1532 | #endif /* USE_PAM */ |
1533 | memset(password, 0, strlen(password)); | 1533 | memset(password, 0, strlen(password)); |
1534 | xfree(password); | 1534 | xfree(password); |
1535 | break; | 1535 | break; |
@@ -1595,13 +1595,13 @@ do_authloop(struct passwd * pw) | |||
1595 | get_remote_port(), | 1595 | get_remote_port(), |
1596 | user); | 1596 | user); |
1597 | 1597 | ||
1598 | #ifndef HAVE_LIBPAM | 1598 | #ifndef USE_PAM |
1599 | if (authenticated) | 1599 | if (authenticated) |
1600 | return; | 1600 | return; |
1601 | 1601 | ||
1602 | if (attempt > AUTH_FAIL_MAX) | 1602 | if (attempt > AUTH_FAIL_MAX) |
1603 | packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); | 1603 | packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); |
1604 | #else /* HAVE_LIBPAM */ | 1604 | #else /* USE_PAM */ |
1605 | if (authenticated) { | 1605 | if (authenticated) { |
1606 | do_pam_account(pw->pw_name, client_user); | 1606 | do_pam_account(pw->pw_name, client_user); |
1607 | 1607 | ||
@@ -1617,7 +1617,7 @@ do_authloop(struct passwd * pw) | |||
1617 | 1617 | ||
1618 | packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); | 1618 | packet_disconnect(AUTH_FAIL_MSG, pw->pw_name); |
1619 | } | 1619 | } |
1620 | #endif /* HAVE_LIBPAM */ | 1620 | #endif /* USE_PAM */ |
1621 | 1621 | ||
1622 | /* Send a message indicating that the authentication attempt failed. */ | 1622 | /* Send a message indicating that the authentication attempt failed. */ |
1623 | packet_start(SSH_SMSG_FAILURE); | 1623 | packet_start(SSH_SMSG_FAILURE); |
@@ -1823,10 +1823,10 @@ do_authenticated(struct passwd * pw) | |||
1823 | /* Indicate that we now have a pty. */ | 1823 | /* Indicate that we now have a pty. */ |
1824 | have_pty = 1; | 1824 | have_pty = 1; |
1825 | 1825 | ||
1826 | #ifdef HAVE_LIBPAM | 1826 | #ifdef USE_PAM |
1827 | /* do the pam_open_session since we have the pty */ | 1827 | /* do the pam_open_session since we have the pty */ |
1828 | do_pam_session(pw->pw_name,ttyname); | 1828 | do_pam_session(pw->pw_name,ttyname); |
1829 | #endif /* HAVE_LIBPAM */ | 1829 | #endif /* USE_PAM */ |
1830 | 1830 | ||
1831 | break; | 1831 | break; |
1832 | 1832 | ||
@@ -2194,7 +2194,7 @@ do_exec_pty(const char *command, int ptyfd, int ttyfd, | |||
2194 | snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir); | 2194 | snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir); |
2195 | quiet_login = stat(line, &st) >= 0; | 2195 | quiet_login = stat(line, &st) >= 0; |
2196 | 2196 | ||
2197 | #ifdef HAVE_LIBPAM | 2197 | #ifdef USE_PAM |
2198 | /* output the results of the pamconv() */ | 2198 | /* output the results of the pamconv() */ |
2199 | if (!quiet_login && pamconv_msg != NULL) | 2199 | if (!quiet_login && pamconv_msg != NULL) |
2200 | fprintf(stderr, pamconv_msg); | 2200 | fprintf(stderr, pamconv_msg); |
@@ -2382,7 +2382,7 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
2382 | struct stat st; | 2382 | struct stat st; |
2383 | char *argv[10]; | 2383 | char *argv[10]; |
2384 | 2384 | ||
2385 | #ifndef HAVE_LIBPAM /* pam_nologin handles this */ | 2385 | #ifndef USE_PAM /* pam_nologin handles this */ |
2386 | /* Check /etc/nologin. */ | 2386 | /* Check /etc/nologin. */ |
2387 | f = fopen("/etc/nologin", "r"); | 2387 | f = fopen("/etc/nologin", "r"); |
2388 | if (f) { | 2388 | if (f) { |
@@ -2393,7 +2393,7 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
2393 | if (pw->pw_uid != 0) | 2393 | if (pw->pw_uid != 0) |
2394 | exit(254); | 2394 | exit(254); |
2395 | } | 2395 | } |
2396 | #endif /* HAVE_LIBPAM */ | 2396 | #endif /* USE_PAM */ |
2397 | 2397 | ||
2398 | #ifdef HAVE_SETLOGIN | 2398 | #ifdef HAVE_SETLOGIN |
2399 | /* Set login name in the kernel. */ | 2399 | /* Set login name in the kernel. */ |
@@ -2498,7 +2498,7 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
2498 | } | 2498 | } |
2499 | #endif /* KRB4 */ | 2499 | #endif /* KRB4 */ |
2500 | 2500 | ||
2501 | #ifdef HAVE_LIBPAM | 2501 | #ifdef USE_PAM |
2502 | /* Pull in any environment variables that may have been set by PAM. */ | 2502 | /* Pull in any environment variables that may have been set by PAM. */ |
2503 | { | 2503 | { |
2504 | char *equals, var_name[512], var_val[512]; | 2504 | char *equals, var_name[512], var_val[512]; |
@@ -2517,7 +2517,7 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
2517 | } | 2517 | } |
2518 | } | 2518 | } |
2519 | } | 2519 | } |
2520 | #endif /* HAVE_LIBPAM */ | 2520 | #endif /* USE_PAM */ |
2521 | 2521 | ||
2522 | if (xauthfile) | 2522 | if (xauthfile) |
2523 | child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); | 2523 | child_set_env(&env, &envsize, "XAUTHORITY", xauthfile); |