From 48d99d36bb427f6c43cfe8d8e7d8a457897dfd53 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 17:04:50 +1000 Subject: - (dtucker) [configure.ac] Include sys/stream.h in sys/ptms.h header check, fixes configure warning on Solaris reported by wknox at mitre.org. --- configure.ac | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 36c457728..b89d2fa25 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.226 2004/08/16 13:12:06 dtucker Exp $ +# $Id: configure.ac,v 1.227 2004/08/29 07:04:50 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -525,10 +525,17 @@ AC_CHECK_HEADERS(bstring.h crypt.h dirent.h endian.h features.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ strings.h sys/dir.h sys/strtio.h sys/audit.h sys/bitypes.h \ sys/bsdtty.h sys/cdefs.h sys/mman.h sys/ndir.h sys/prctl.h \ - sys/pstat.h sys/ptms.h sys/select.h sys/stat.h sys/stream.h \ + sys/pstat.h sys/select.h sys/stat.h sys/stream.h \ sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h sys/un.h \ time.h tmpdir.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h) +# sys/ptms.h requires sys/stream.h to be included first on Solaris +AC_CHECK_HEADERS(sys/ptms.h, [], [], [ +#ifdef HAVE_SYS_STREAM_H +# include +#endif +]) + # Checks for libraries. AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) -- cgit v1.2.3 From cf59d31761cdc1fdd78f6563d0f9eadc8b4c2f71 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 29 Aug 2004 21:18:09 +1000 Subject: - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo. --- ChangeLog | 3 ++- configure.ac | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 887a6c2ee..a8192cf58 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,7 @@ builds too, from vinschen at redhat.com. - (dtucker) [regress/agent-ptrace.sh] Skip ptrace test on OSF1/DUnix/Tru64 too; patch from cmadams at hiwaay.net. + - (dtucker) [configure.ac] Replace non-portable echo \n with extra echo. 20040828 - (dtucker) [openbsd-compat/mktemp.c] Remove superfluous Cygwin #ifdef; from @@ -1703,4 +1704,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3534 2004/08/29 10:33:07 dtucker Exp $ +$Id: ChangeLog,v 1.3535 2004/08/29 11:18:09 dtucker Exp $ diff --git a/configure.ac b/configure.ac index b89d2fa25..85d46f385 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.227 2004/08/29 07:04:50 dtucker Exp $ +# $Id: configure.ac,v 1.228 2004/08/29 11:18:09 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -3004,7 +3004,8 @@ echo " Libraries: ${LIBWRAP} ${LIBPAM} ${LIBS}" echo "" if test "x$MAKE_PACKAGE_SUPPORTED" = "xyes" ; then - echo "SVR4 style packages are supported with \"make package\"\n" + echo "SVR4 style packages are supported with \"make package\"" + echo "" fi if test "x$PAM_MSG" = "xyes" ; then -- cgit v1.2.3 From a0c2b394b4e6d881bb70ab25c77d25922e07fd40 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 11 Sep 2004 23:26:37 +1000 Subject: - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure. Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@ --- ChangeLog | 4 ++- configure.ac | 103 ++++++++++++++++++++++++++++++++++++++++------------------- 2 files changed, 74 insertions(+), 33 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 268e0f9a9..750751fb5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ SSH2_MSG_USERAUTH_BANNER messages. Note that this will not happen with SSH2 kbdint authentication, which need to be dealt with separately. ok djm@ - (dtucker) [session.c] Bug #927: make .hushlogin silent again. ok djm@ + - (dtucker) [configure.ac] Bug #321: Add cross-compile support to configure. + Parts by chua at ayrnetworks.com, astrand at lysator.liu.se and me. ok djm@ 20040830 - (dtucker) [session.c openbsd-compat/bsd-cygwin_util.{c,h}] Bug #915: only @@ -1730,4 +1732,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3545 2004/09/11 13:09:53 dtucker Exp $ +$Id: ChangeLog,v 1.3546 2004/09/11 13:26:37 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 85d46f385..9b80c6a37 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.228 2004/08/29 11:18:09 dtucker Exp $ +# $Id: configure.ac,v 1.229 2004/09/11 13:26:37 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -506,7 +506,7 @@ AC_ARG_WITH(libs, ) AC_MSG_CHECKING(compiler and flags for sanity) -AC_TRY_RUN([ +AC_RUN_IFELSE([ #include int main(){exit(0);} ], @@ -514,7 +514,8 @@ int main(){exit(0);} [ AC_MSG_RESULT(no) AC_MSG_ERROR([*** compiler cannot create working executables, check config.log ***]) - ] + ], + [ AC_MSG_WARN([cross compiling: not checking compiler sanity]) ] ) # Checks for header files. @@ -647,7 +648,7 @@ AC_ARG_WITH(zlib-version-check, ) AC_MSG_CHECKING(for zlib 1.1.4 or greater) -AC_TRY_RUN([ +AC_RUN_IFELSE([ #include int main() { @@ -672,7 +673,8 @@ If you are in doubt, upgrade zlib to version 1.1.4 or greater.]) else AC_MSG_WARN([zlib version may have security problems]) fi - ] + ], + [ AC_MSG_WARN([cross compiling: not checking zlib version]) ] ) dnl UnixWare 2.x @@ -726,7 +728,7 @@ AC_EGREP_CPP(FOUNDIT, ) AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) -AC_TRY_RUN( +AC_RUN_IFELSE( [ #include #include @@ -736,6 +738,10 @@ int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} [ AC_MSG_RESULT(no) AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) + ], + [ + AC_MSG_WARN([cross compiling: assuming BROKEN_ONE_BYTE_DIRENT_D_NAME]) + AC_DEFINE(BROKEN_ONE_BYTE_DIRENT_D_NAME) ] ) @@ -895,28 +901,30 @@ AC_CHECK_DECLS(h_errno, , ,[#include ]) AC_CHECK_FUNCS(setresuid, [ dnl Some platorms have setresuid that isn't implemented, test for this AC_MSG_CHECKING(if setresuid seems to work) - AC_TRY_RUN([ + AC_RUN_IFELSE([ #include #include int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} ], [AC_MSG_RESULT(yes)], [AC_DEFINE(BROKEN_SETRESUID) - AC_MSG_RESULT(not implemented)] + AC_MSG_RESULT(not implemented)], + [AC_MSG_WARN([cross compiling: not checking setresuid])] ) ]) AC_CHECK_FUNCS(setresgid, [ dnl Some platorms have setresgid that isn't implemented, test for this AC_MSG_CHECKING(if setresgid seems to work) - AC_TRY_RUN([ + AC_RUN_IFELSE([ #include #include int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} ], [AC_MSG_RESULT(yes)], [AC_DEFINE(BROKEN_SETRESGID) - AC_MSG_RESULT(not implemented)] + AC_MSG_RESULT(not implemented)], + [AC_MSG_WARN([cross compiling: not checking setresuid])] ) ]) @@ -942,7 +950,7 @@ AC_CHECK_FUNC(getpagesize, # Check for broken snprintf if test "x$ac_cv_func_snprintf" = "xyes" ; then AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) - AC_TRY_RUN( + AC_RUN_IFELSE( [ #include int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} @@ -952,7 +960,8 @@ int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} AC_MSG_RESULT(no) AC_DEFINE(BROKEN_SNPRINTF) AC_MSG_WARN([****** Your snprintf() function is broken, complain to your vendor]) - ] + ], + [ AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ] ) fi @@ -1213,7 +1222,7 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), # Determine OpenSSL header version AC_MSG_CHECKING([OpenSSL header version]) -AC_TRY_RUN( +AC_RUN_IFELSE( [ #include #include @@ -1240,12 +1249,15 @@ int main(void) { [ AC_MSG_RESULT(not found) AC_MSG_ERROR(OpenSSL version header not found.) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) ] ) # Determine OpenSSL library version AC_MSG_CHECKING([OpenSSL library version]) -AC_TRY_RUN( +AC_RUN_IFELSE( [ #include #include @@ -1273,12 +1285,15 @@ int main(void) { [ AC_MSG_RESULT(not found) AC_MSG_ERROR(OpenSSL library not found.) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) ] ) # Sanity check OpenSSL headers AC_MSG_CHECKING([whether OpenSSL's headers match the library]) -AC_TRY_RUN( +AC_RUN_IFELSE( [ #include #include @@ -1292,6 +1307,9 @@ int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } AC_MSG_ERROR([Your OpenSSL headers do not match your library. Check config.log for details. Also see contrib/findssl.sh for help identifying header/library mismatches.]) + ], + [ + AC_MSG_WARN([cross compiling: not checking]) ] ) @@ -1312,7 +1330,7 @@ fi # Check wheter OpenSSL seeds itself AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) -AC_TRY_RUN( +AC_RUN_IFELSE( [ #include #include @@ -1327,6 +1345,12 @@ int main(void) { exit(RAND_status() == 1 ? 0 : 1); } # Default to use of the rand helper if OpenSSL doesn't # seed itself USE_RAND_HELPER=yes + ], + [ + AC_MSG_WARN([cross compiling: assuming yes]) + # This is safe, since all recent OpenSSL versions will + # complain at runtime if not seeded correctly. + OPENSSL_SEEDS_ITSELF=yes ] ) @@ -1893,7 +1917,7 @@ if test "x$ac_cv_have_int64_t" = "xno" -a \ exit 1; else dnl test snprintf (broken on SCO w/gcc) - AC_TRY_RUN( + AC_RUN_IFELSE( [ #include #include @@ -1917,7 +1941,8 @@ main() #else main() { exit(0); } #endif - ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ] + ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ], + AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ) fi @@ -2022,13 +2047,14 @@ fi dnl make sure we're using the real structure members and not defines AC_CACHE_CHECK([for msg_accrights field in struct msghdr], ac_cv_have_accrights_in_msghdr, [ - AC_TRY_RUN( + AC_COMPILE_IFELSE( [ #include #include #include int main() { #ifdef msg_accrights +#error "msg_accrights is a macro" exit(1); #endif struct msghdr m; @@ -2046,13 +2072,14 @@ fi AC_CACHE_CHECK([for msg_control field in struct msghdr], ac_cv_have_control_in_msghdr, [ - AC_TRY_RUN( + AC_COMPILE_IFELSE( [ #include #include #include int main() { #ifdef msg_control +#error "msg_control is a macro" exit(1); #endif struct msghdr m; @@ -2386,6 +2413,10 @@ if test ! -z "$MAIL" ; then AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir") fi +if test ! -z "$cross_compiling"; then + AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) + disable_ptmx_check=yes +fi if test -z "$no_dev_ptmx" ; then if test "x$disable_ptmx_check" != "xyes" ; then AC_CHECK_FILE("/dev/ptmx", @@ -2396,12 +2427,17 @@ if test -z "$no_dev_ptmx" ; then ) fi fi -AC_CHECK_FILE("/dev/ptc", - [ - AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) - have_dev_ptc=1 - ] -) + +if test -z "$cross_compiling"; then + AC_CHECK_FILE("/dev/ptc", + [ + AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) + have_dev_ptc=1 + ] + ) +else + AC_MSG_WARN([cross compiling: Disabling /dev/ptc test]) +fi # Options from here on. Some of these are preset by platform above AC_ARG_WITH(mantype, @@ -2498,13 +2534,16 @@ fi # check for /etc/default/login and use it if present. AC_ARG_ENABLE(etc-default-login, [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],, -[ -AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ]) + [ AC_CHECK_FILE("/etc/default/login", + [ external_path_file=/etc/default/login ]) -if test "x$external_path_file" = "x/etc/default/login"; then - AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) -fi -]) + if test ! -z "$cross_compiling"; then + AC_MSG_WARN([cross compiling: Disabling /etc/default/login test]) + elif test "x$external_path_file" = "x/etc/default/login"; then + AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) + fi + ] +) dnl BSD systems use /etc/login.conf so --with-default-path= has no effect if test $ac_cv_func_login_getcapbool = "yes" -a \ -- cgit v1.2.3 From 623d92f0b2ce0205d0762147cd6ecac4f922f3de Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 12 Sep 2004 22:36:15 +1000 Subject: - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile. Partly by & ok djm@. --- ChangeLog | 4 +++- configure.ac | 56 ++++++++++++++++++++++++++++++-------------------------- 2 files changed, 33 insertions(+), 27 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 714591df6..77b8fd160 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,8 @@ - (djm) [loginrec.c] xmalloc - (djm) [ssh.c sshd.c version.h] Don't divulge portable version in protocol banner. Suggested by deraadt@, ok mouring@, dtucker@ + - (dtucker) [configure.ac] Fix incorrect quoting and tests for cross-compile. + Partly by & ok djm@. 20040911 - (djm) [ssh-agent.c] unifdef some cygwin code; ok dtucker@ @@ -1742,4 +1744,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3551 2004/09/12 06:53:04 djm Exp $ +$Id: ChangeLog,v 1.3552 2004/09/12 12:36:15 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 9b80c6a37..1f9e4dbee 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.229 2004/09/11 13:26:37 dtucker Exp $ +# $Id: configure.ac,v 1.230 2004/09/12 12:36:16 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -506,10 +506,11 @@ AC_ARG_WITH(libs, ) AC_MSG_CHECKING(compiler and flags for sanity) -AC_RUN_IFELSE([ +AC_RUN_IFELSE( + [AC_LANG_SOURCE([ #include int main(){exit(0);} - ], + ])], [ AC_MSG_RESULT(yes) ], [ AC_MSG_RESULT(no) @@ -648,7 +649,7 @@ AC_ARG_WITH(zlib-version-check, ) AC_MSG_CHECKING(for zlib 1.1.4 or greater) -AC_RUN_IFELSE([ +AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include int main() { @@ -660,7 +661,7 @@ int main() exit(0); exit(2); } - ], + ]])], AC_MSG_RESULT(yes), [ AC_MSG_RESULT(no) if test -z "$zlib_check_nonfatal" ; then @@ -729,11 +730,11 @@ AC_EGREP_CPP(FOUNDIT, AC_MSG_CHECKING([whether struct dirent allocates space for d_name]) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include #include int main(void){struct dirent d;exit(sizeof(d.d_name)<=sizeof(char));} - ], + ]])], [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) @@ -901,11 +902,12 @@ AC_CHECK_DECLS(h_errno, , ,[#include ]) AC_CHECK_FUNCS(setresuid, [ dnl Some platorms have setresuid that isn't implemented, test for this AC_MSG_CHECKING(if setresuid seems to work) - AC_RUN_IFELSE([ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} - ], + ]])], [AC_MSG_RESULT(yes)], [AC_DEFINE(BROKEN_SETRESUID) AC_MSG_RESULT(not implemented)], @@ -916,11 +918,12 @@ int main(){errno=0; setresuid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} AC_CHECK_FUNCS(setresgid, [ dnl Some platorms have setresgid that isn't implemented, test for this AC_MSG_CHECKING(if setresgid seems to work) - AC_RUN_IFELSE([ + AC_RUN_IFELSE( + [AC_LANG_SOURCE([[ #include #include int main(){errno=0; setresgid(0,0,0); if (errno==ENOSYS) exit(1); else exit(0);} - ], + ]])], [AC_MSG_RESULT(yes)], [AC_DEFINE(BROKEN_SETRESGID) AC_MSG_RESULT(not implemented)], @@ -951,10 +954,10 @@ AC_CHECK_FUNC(getpagesize, if test "x$ac_cv_func_snprintf" = "xyes" ; then AC_MSG_CHECKING([whether snprintf correctly terminates long strings]) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include int main(void){char b[5];snprintf(b,5,"123456789");exit(b[4]!='\0');} - ], + ]])], [AC_MSG_RESULT(yes)], [ AC_MSG_RESULT(no) @@ -1223,7 +1226,7 @@ AC_TRY_LINK_FUNC(RAND_add, AC_DEFINE(HAVE_OPENSSL), # Determine OpenSSL header version AC_MSG_CHECKING([OpenSSL header version]) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include #include #include @@ -1241,7 +1244,7 @@ int main(void) { exit(0); } - ], + ]])], [ ssl_header_ver=`cat conftest.sslincver` AC_MSG_RESULT($ssl_header_ver) @@ -1258,7 +1261,7 @@ int main(void) { # Determine OpenSSL library version AC_MSG_CHECKING([OpenSSL library version]) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include #include #include @@ -1277,7 +1280,7 @@ int main(void) { exit(0); } - ], + ]])], [ ssl_library_ver=`cat conftest.ssllibver` AC_MSG_RESULT($ssl_library_ver) @@ -1294,11 +1297,11 @@ int main(void) { # Sanity check OpenSSL headers AC_MSG_CHECKING([whether OpenSSL's headers match the library]) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include #include int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } - ], + ]])], [ AC_MSG_RESULT(yes) ], @@ -1331,11 +1334,11 @@ fi # Check wheter OpenSSL seeds itself AC_MSG_CHECKING([whether OpenSSL's PRNG is internally seeded]) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include #include int main(void) { exit(RAND_status() == 1 ? 0 : 1); } - ], + ]])], [ OPENSSL_SEEDS_ITSELF=yes AC_MSG_RESULT(yes) @@ -1918,7 +1921,7 @@ if test "x$ac_cv_have_int64_t" = "xno" -a \ else dnl test snprintf (broken on SCO w/gcc) AC_RUN_IFELSE( - [ + [AC_LANG_SOURCE([[ #include #include #ifdef HAVE_SNPRINTF @@ -1941,7 +1944,7 @@ main() #else main() { exit(0); } #endif - ], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ], + ]])], [ true ], [ AC_DEFINE(BROKEN_SNPRINTF) ], AC_MSG_WARN([cross compiling: Assuming working snprintf()]) ) fi @@ -2413,7 +2416,7 @@ if test ! -z "$MAIL" ; then AC_DEFINE_UNQUOTED(MAIL_DIRECTORY, "$maildir") fi -if test ! -z "$cross_compiling"; then +if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then AC_MSG_WARN([cross compiling: Disabling /dev/ptmx test]) disable_ptmx_check=yes fi @@ -2428,7 +2431,7 @@ if test -z "$no_dev_ptmx" ; then fi fi -if test -z "$cross_compiling"; then +if test ! -z "$cross_compiling" && test "x$cross_compiling" != "xyes"; then AC_CHECK_FILE("/dev/ptc", [ AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC) @@ -2537,7 +2540,8 @@ AC_ARG_ENABLE(etc-default-login, [ AC_CHECK_FILE("/etc/default/login", [ external_path_file=/etc/default/login ]) - if test ! -z "$cross_compiling"; then + if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; + then AC_MSG_WARN([cross compiling: Disabling /etc/default/login test]) elif test "x$external_path_file" = "x/etc/default/login"; then AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) -- cgit v1.2.3 From 59f79c4014dbaa927ebf15d893fa58b15108ef61 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 30 Sep 2004 21:17:08 +1000 Subject: - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ --- ChangeLog | 5 ++++- configure.ac | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 66f9c36cd..61292aa12 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20040930 + - (dtucker) [configure.ac] Set AC_PACKAGE_NAME. ok djm@ + 20040923 - (dtucker) [openbsd-compat/bsd-snprintf.c] Previous change was off by one, which could have caused the justification to be wrong. ok djm@ @@ -1754,4 +1757,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3555 2004/09/23 11:35:09 dtucker Exp $ +$Id: ChangeLog,v 1.3556 2004/09/30 11:17:08 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 1f9e4dbee..e8bee9d4e 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.230 2004/09/12 12:36:16 dtucker Exp $ +# $Id: configure.ac,v 1.231 2004/09/30 11:17:08 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -14,7 +14,7 @@ # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -AC_INIT +AC_INIT(OpenSSH, Portable) AC_CONFIG_SRCDIR([ssh.c]) AC_CONFIG_HEADER(config.h) -- cgit v1.2.3 From a56f191ef1e9517c97426e9b944e4feb94294fe2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 2 Nov 2004 20:30:54 +1100 Subject: - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__ only if a conflict is detected. --- ChangeLog | 7 ++++++- configure.ac | 21 ++++++++++++++++++++- includes.h | 2 +- 3 files changed, 27 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 9b5725d26..b3065e996 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20041102 + - (dtucker) [configure.ac includes.h] Bug #947: Fix compile error on HP-UX + 10.x by testing for conflicts in shadow.h and undef'ing _INCLUDE__STDC__ + only if a conflict is detected. + 20041019 - (dtucker) [uidswap.c] Don't test dropping of gids for the root user or on Cygwin. Cygwin parts from vinschen at redhat com; ok djm@ @@ -1771,4 +1776,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3561 2004/10/19 06:33:33 dtucker Exp $ +$Id: ChangeLog,v 1.3562 2004/11/02 09:30:54 dtucker Exp $ diff --git a/configure.ac b/configure.ac index e8bee9d4e..b8f970074 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.231 2004/09/30 11:17:08 dtucker Exp $ +# $Id: configure.ac,v 1.232 2004/11/02 09:30:54 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -220,6 +220,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(LOCKED_PASSWD_STRING, "*") AC_DEFINE(SPT_TYPE,SPT_PSTAT) check_for_hpux_broken_getaddrinfo=1 + check_for_conflicting_getspnam=1 LIBS="$LIBS -lsec" AC_CHECK_LIB(xnet, t_error, ,AC_MSG_ERROR([*** -lxnet needed on HP-UX - check config.log ***])) ;; @@ -1123,6 +1124,24 @@ main(void) ) fi +if test "x$check_for_conflicting_getspnam" = "x1"; then + AC_MSG_CHECKING(for conflicting getspnam in shadow.h) + AC_COMPILE_IFELSE( + [ +#include +int main(void) {exit(0);} + ], + [ + AC_MSG_RESULT(no) + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(GETSPNAM_CONFLICTING_DEFS, 1, + [Conflicting defs for getspnam]) + ] + ) +fi + AC_FUNC_GETPGRP # Check for PAM libs diff --git a/includes.h b/includes.h index 3a6b4c32b..3d3aa3b21 100644 --- a/includes.h +++ b/includes.h @@ -185,7 +185,7 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } * On HP-UX 11.11, shadow.h and prot.h provide conflicting declarations * of getspnam when _INCLUDE__STDC__ is defined, so we unset it here. */ -#ifdef __hpux +#ifdef GETSPNAM_CONFLICTING_DEFS # ifdef _INCLUDE__STDC__ # undef _INCLUDE__STDC__ # endif -- cgit v1.2.3 From 16bcc1c92e6baa0a32efe105c58b6d6242331d10 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 7 Nov 2004 20:14:34 +1100 Subject: - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure option and supporting makefile bits and documentation. --- ChangeLog | 4 +++- INSTALL | 10 +++++++++- Makefile.in | 5 +++-- configure.ac | 19 ++++++++++++++++++- 4 files changed, 33 insertions(+), 5 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index fe96f8d0c..48b1aa4ee 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,8 @@ [clientloop.c clientloop.h ssh.1 ssh.c] add basic control of a running multiplex master connection; including the ability to check its status and request it to exit; ok markus@ + - (dtucker) [INSTALL Makefile.in configure.ac] Add --with-libedit configure + option and supporting makefile bits and documentation. 20041105 - (dtucker) OpenBSD CVS Sync @@ -1852,4 +1854,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3580 2004/11/07 09:06:19 dtucker Exp $ +$Id: ChangeLog,v 1.3581 2004/11/07 09:14:34 dtucker Exp $ diff --git a/INSTALL b/INSTALL index dae1bb159..26d62976b 100644 --- a/INSTALL +++ b/INSTALL @@ -52,6 +52,14 @@ http://www.lothar.com/tech/crypto/ S/Key Libraries: http://www.sparc.spb.su/solaris/skey/ +LibEdit: + +sftp now supports command-line editing via NetBSD's libedit. If your +platform has it available natively you can use that, alternatively +you might try these multi-platform ports: +http://www.thrysoee.dk/editline/ +http://sourceforge.net/projects/libedit/ + If you wish to use --with-skey then you will need the above library installed. No other current S/Key library is currently known to be supported. @@ -200,4 +208,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.64 2004/05/26 23:59:31 dtucker Exp $ +$Id: INSTALL,v 1.65 2004/11/07 09:14:34 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index db9eb34ab..940e686b0 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.265 2004/08/30 11:33:02 dtucker Exp $ +# $Id: Makefile.in,v 1.266 2004/11/07 09:14:34 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -43,6 +43,7 @@ LD=@LD@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ +LIBEDIT=@LIBEDIT@ LIBPAM=@LIBPAM@ LIBWRAP=@LIBWRAP@ AR=@AR@ @@ -158,7 +159,7 @@ sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o - $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff --git a/configure.ac b/configure.ac index b8f970074..f60bbdd27 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.232 2004/11/02 09:30:54 dtucker Exp $ +# $Id: configure.ac,v 1.233 2004/11/07 09:14:34 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -854,6 +854,22 @@ AC_ARG_WITH(tcp-wrappers, ] ) +# Check whether user wants libedit support +LIBEDIT_MSG="no" +AC_ARG_WITH(libedit, + [ --with-libedit[[=PATH]] Enable libedit support for sftp], + [ if test "x$withval" != "xno" ; then + AC_CHECK_LIB(edit, el_init, + [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp]) + LIBEDIT="-ledit -lcurses" + LIBEDIT_MSG="yes" + AC_SUBST(LIBEDIT) + ], + [], [-lcurses] + ) + fi ] +) + dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS(\ arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ @@ -3046,6 +3062,7 @@ echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" echo " MD5 password support: $MD5_MSG" +echo " libedit support: $LIBEDIT_MSG" echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG" echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" echo " BSD Auth support: $BSD_AUTH_MSG" -- cgit v1.2.3 From 0f83d2907cc227b46ebd3e9771534b2c50cbd139 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 8 Dec 2004 18:29:58 -0800 Subject: [configure.ac] Comment some non obvious platforms in the target-specific case statement. Suggested and OK by dtucker@ --- ChangeLog | 6 +++++- configure.ac | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index d2a382e9c..4c4ba7c1e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20041208 + - (tim) [configure.ac] Comment some non obvious platforms in the + target-specific case statement. Suggested and OK by dtucker@ + 20041207 - (dtucker) [regress/scp.sh] Use portable-friendly $DIFFOPTs in new test. @@ -1923,4 +1927,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3599 2004/12/07 00:26:15 dtucker Exp $ +$Id: ChangeLog,v 1.3600 2004/12/09 02:29:58 tim Exp $ diff --git a/configure.ac b/configure.ac index f60bbdd27..4b40b768a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.233 2004/11/07 09:14:34 dtucker Exp $ +# $Id: configure.ac,v 1.234 2004/12/09 02:29:59 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -348,12 +348,14 @@ mips-sony-bsd|mips-sony-newsos4) # Attention: always take care to bind libsocket and libnsl before libc, # otherwise you will find lots of "SIOCGPGRP errno 22" on syslog ;; +# UnixWare 1.x, UnixWare 2.x, and others based on code from Univel. *-*-sysv4.2*) AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) AC_DEFINE(BROKEN_SETREGID) ;; +# UnixWare 7.x, OpenUNIX 8 *-*-sysv5*) AC_DEFINE(USE_PIPES) AC_DEFINE(SETEUID_BREAKS_SETUID) @@ -362,6 +364,7 @@ mips-sony-bsd|mips-sony-newsos4) ;; *-*-sysv*) ;; +# SCO UNIX and OEM versions of SCO UNIX *-*-sco3.2v4*) CPPFLAGS="$CPPFLAGS -Dftruncate=chsize" LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm" @@ -381,6 +384,7 @@ mips-sony-bsd|mips-sony-newsos4) do_sco3_extra_lib_check=yes TEST_SHELL=ksh ;; +# SCO OpenServer 5.x *-*-sco3.2v5*) if test -z "$GCC"; then CFLAGS="$CFLAGS -belf" -- cgit v1.2.3 From 72c025d9f0f494d6816f045819b9be05fc915730 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 18 Jan 2005 12:05:18 +1100 Subject: - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement "make survey" and "make send-survey". This will provide data on the configure parameters, platform and platform features to the development team, which will allow (among other things) better targetting of testing. It's entirely voluntary and is off be default. ok djm@ --- .cvsignore | 2 ++ ChangeLog | 9 +++++++- INSTALL | 17 +++++++++++++-- Makefile.in | 15 +++++++++++--- configure.ac | 5 +++-- survey.sh.in | 67 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 107 insertions(+), 8 deletions(-) create mode 100644 survey.sh.in (limited to 'configure.ac') diff --git a/.cvsignore b/.cvsignore index e38a50bbd..397691f1b 100644 --- a/.cvsignore +++ b/.cvsignore @@ -23,3 +23,5 @@ buildit.sh buildpkg.sh autom4te.cache ssh-rand-helper +survey.sh +survey diff --git a/ChangeLog b/ChangeLog index 797ff28bf..2cead3c87 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20040118 + - (dtucker) [INSTALL Makefile.in configure.ac survey.sh.in] Implement + "make survey" and "make send-survey". This will provide data on the + configure parameters, platform and platform features to the development + team, which will allow (among other things) better targetting of testing. + It's entirely voluntary and is off be default. ok djm@ + 20041220 - (dtucker) [ssh-rand-helper.c] Fall back to command-based seeding if reading from prngd is enabled at compile time but fails at run time, eg because @@ -1960,4 +1967,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3606 2004/12/20 01:35:42 dtucker Exp $ +$Id: ChangeLog,v 1.3607 2005/01/18 01:05:18 dtucker Exp $ diff --git a/INSTALL b/INSTALL index 26d62976b..4fc3744f3 100644 --- a/INSTALL +++ b/INSTALL @@ -200,7 +200,20 @@ running and has collected some Entropy. For more information on configuration, please refer to the manual pages for sshd, ssh and ssh-agent. -4. Problems? +4. (Optional) Send survey +------------------------- + +$ make survey +[check the contents and make sure there's no sensitive information] +$ make send-survey + +This will send configuration information for the currently configured +host to a survey address. This will help determine which configurations +are actually in use, and what valid combinations of configure options +exist. The raw data is available only to the OpenSSH developers, however +summary data may be published. + +5. Problems? ------------ If you experience problems compiling, installing or running OpenSSH. @@ -208,4 +221,4 @@ Please refer to the "reporting bugs" section of the webpage at http://www.openssh.com/ -$Id: INSTALL,v 1.65 2004/11/07 09:14:34 dtucker Exp $ +$Id: INSTALL,v 1.66 2005/01/18 01:05:18 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index 940e686b0..8a1c9f7c0 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.266 2004/11/07 09:14:34 dtucker Exp $ +# $Id: Makefile.in,v 1.267 2005/01/18 01:05:18 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -195,13 +195,13 @@ moduli: clean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log - rm -f *.out core + rm -f *.out core survey (cd openbsd-compat && $(MAKE) clean) distclean: regressclean rm -f *.o *.a $(TARGETS) logintest config.cache config.log rm -f *.out core opensshd.init - rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds *~ + rm -f Makefile buildpkg.sh config.h config.status ssh_prng_cmds survey.sh *~ rm -rf autom4te.cache (cd openbsd-compat && $(MAKE) distclean) (cd scard && $(MAKE) distclean) @@ -411,6 +411,15 @@ regressclean: (cd regress && $(MAKE) clean) \ fi +survey: survey.sh ssh + @$(SHELL) ./survey.sh > survey + @echo 'The survey results have been placed in the file "survey" in the' + @echo 'current directory. Please review the file then send with' + @echo '"make send-survey".' + +send-survey: survey + mail portable-survey@mindrot.org &1`" +echo +configinv=`$AWK '/^ \\\$.*configure/' config.log | sed 's/^ \\\$ //g'` +echo "configure-invocation: $configinv" +echo +echo "host: $host" +echo +echo "uname: `uname`" +echo +echo "uname-r: `uname -r`" +echo +echo "uname-m: `uname -m`" +echo +echo "uname-p: `uname -p`" +echo +echo "oslevel: `oslevel 2>/dev/null`" +echo +echo "cc: $CC" +echo +echo "cflags: $CFLAGS" +echo +echo "cppflags: $CPPFLAGS" +echo +echo "ldflags: $LDFLAGS" +echo +echo "libs: $LIBS" +echo +echo "ccver-v: `$CC -v 2>&1`" +echo +echo "ccver-V: `$CC -V 2>&1`" +echo +echo "cppdefines:" +${CPP} -dM - Date: Wed, 2 Feb 2005 10:43:59 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ --- ChangeLog | 6 ++++- configure.ac | 8 +++--- openbsd-compat/realpath.c | 69 ++++++++++++++++++++++++++++++++++------------- 3 files changed, 60 insertions(+), 23 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 301921de1..eb897ec41 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050202 + - (dtucker) [configure.ac openbsd-compat/realpath.c] Sync up with realpath + rev 1.11 from OpenBSD and make it use fchdir if available. ok djm@ + 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some platforms syslog will revert to its default values. This may result in @@ -2051,4 +2055,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3628 2005/02/01 08:16:45 dtucker Exp $ +$Id: ChangeLog,v 1.3629 2005/02/01 23:43:59 dtucker Exp $ diff --git a/configure.ac b/configure.ac index d4151feb0..94d6b1e78 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.235 2005/01/18 01:05:18 dtucker Exp $ +# $Id: configure.ac,v 1.236 2005/02/01 23:44:00 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -877,9 +877,9 @@ AC_ARG_WITH(libedit, dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS(\ arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ - bindresvport_sa clock closefrom dirfd fchmod fchown freeaddrinfo \ - futimes getaddrinfo getcwd getgrouplist getnameinfo getopt \ - getpeereid _getpty getrlimit getttyent glob inet_aton \ + bindresvport_sa clock closefrom dirfd fchdir fchmod fchown \ + freeaddrinfo futimes getaddrinfo getcwd getgrouplist getnameinfo \ + getopt getpeereid _getpty getrlimit getttyent glob inet_aton \ inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove \ mkdtemp mmap ngetaddrinfo nsleep ogetaddrinfo openlog_r openpty \ pstat prctl readpassphrase realpath recvmsg rresvport_af sendmsg \ diff --git a/openbsd-compat/realpath.c b/openbsd-compat/realpath.c index 218fbecb2..7f73bd998 100644 --- a/openbsd-compat/realpath.c +++ b/openbsd-compat/realpath.c @@ -37,7 +37,7 @@ #if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) #if defined(LIBC_SCCS) && !defined(lint) -static char *rcsid = "$OpenBSD: realpath.c,v 1.10 2003/08/01 21:04:59 millert Exp $"; +static char *rcsid = "$OpenBSD: realpath.c,v 1.11 2004/11/30 15:12:59 millert Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -67,17 +67,25 @@ char * realpath(const char *path, char *resolved) { struct stat sb; - int fd, n, needslash, serrno = 0; - char *p, *q, wbuf[MAXPATHLEN], start[MAXPATHLEN]; + int fd, n, needslash, serrno; + char *p, *q, wbuf[MAXPATHLEN]; int symlinks = 0; /* Save the starting point. */ - getcwd(start,MAXPATHLEN); +#ifndef HAVE_FCHDIR + char start[MAXPATHLEN]; + /* this is potentially racy but without fchdir we have no option */ + if (getcwd(start, sizeof(start)) == NULL) { + resolved[0] = '.'; + resolved[1] = '\0'; + return (NULL); + } +#endif if ((fd = open(".", O_RDONLY)) < 0) { - (void)strlcpy(resolved, ".", MAXPATHLEN); + resolved[0] = '.'; + resolved[1] = '\0'; return (NULL); } - close(fd); /* Convert "." -> "" to optimize away a needless lstat() and chdir() */ if (path[0] == '.' && path[1] == '\0') @@ -91,7 +99,10 @@ realpath(const char *path, char *resolved) * if it is a directory, then change to that directory. * get the current directory name and append the basename. */ - strlcpy(resolved, path, MAXPATHLEN); + if (strlcpy(resolved, path, MAXPATHLEN) >= MAXPATHLEN) { + serrno = ENAMETOOLONG; + goto err2; + } loop: q = strrchr(resolved, '/'); if (q != NULL) { @@ -114,11 +125,10 @@ loop: if (*p != '\0' && lstat(p, &sb) == 0) { if (S_ISLNK(sb.st_mode)) { if (++symlinks > MAXSYMLINKS) { - serrno = ELOOP; + errno = ELOOP; goto err1; } - n = readlink(p, resolved, MAXPATHLEN-1); - if (n < 0) + if ((n = readlink(p, resolved, MAXPATHLEN-1)) < 0) goto err1; resolved[n] = '\0'; goto loop; @@ -134,8 +144,11 @@ loop: * Save the last component name and get the full pathname of * the current directory. */ - (void)strlcpy(wbuf, p, sizeof wbuf); - if (getcwd(resolved, MAXPATHLEN) == 0) + if (strlcpy(wbuf, p, sizeof(wbuf)) >= sizeof(wbuf)) { + errno = ENAMETOOLONG; + goto err1; + } + if (getcwd(resolved, MAXPATHLEN) == NULL) goto err1; /* @@ -149,23 +162,43 @@ loop: if (*wbuf) { if (strlen(resolved) + strlen(wbuf) + needslash >= MAXPATHLEN) { - serrno = ENAMETOOLONG; + errno = ENAMETOOLONG; + goto err1; + } + if (needslash) { + if (strlcat(resolved, "/", MAXPATHLEN) >= MAXPATHLEN) { + errno = ENAMETOOLONG; + goto err1; + } + } + if (strlcat(resolved, wbuf, MAXPATHLEN) >= MAXPATHLEN) { + errno = ENAMETOOLONG; goto err1; } - if (needslash) - strlcat(resolved, "/", MAXPATHLEN); - strlcat(resolved, wbuf, MAXPATHLEN); } /* Go back to where we came from. */ +#ifdef HAVE_FCHDIR + if (fchdir(fd) < 0) { +#else if (chdir(start) < 0) { +#endif serrno = errno; goto err2; } + + /* It's okay if the close fails, what's an fd more or less? */ + (void)close(fd); return (resolved); -err1: chdir(start); -err2: errno = serrno; +err1: serrno = errno; +#ifdef HAVE_FCHDIR + (void)fchdir(fd); +#else + chdir(start); +#endif +err2: (void)close(fd); + errno = serrno; return (NULL); } #endif /* !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH) */ -- cgit v1.2.3 From 2fba993080eba14e339d6a6666ee79580ee20f97 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 2 Feb 2005 23:30:24 +1100 Subject: - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c] Bug #974: Teach sshd to write failed login records to btmp for failed auth attempts (currently only for password, kbdint and C/R, only on Linux and HP-UX), based on code from login.c from util-linux. With ashok_kovai at hotmail.com, ok djm@ --- ChangeLog | 7 +++- auth.c | 5 ++- canohost.c | 3 +- canohost.h | 2 ++ configure.ac | 5 ++- defines.h | 11 ++++++- loginrec.c | 104 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 7 files changed, 130 insertions(+), 7 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index d9670f361..07ae663d7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,11 @@ the process. Since we also unset KRB5CCNAME at startup, if it's set after authentication it must have been set by the platform's native auth system. This was already done for AIX; this enables it for the general case. + - (dtucker) [auth.c canohost.c canohost.h configure.ac defines.h loginrec.c] + Bug #974: Teach sshd to write failed login records to btmp for failed auth + attempts (currently only for password, kbdint and C/R, only on Linux and + HP-UX), based on code from login.c from util-linux. With ashok_kovai at + hotmail.com, ok djm@ 20050201 - (dtucker) [log.c] Bug #973: force log_init() to open syslog, since on some @@ -2063,4 +2068,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3631 2005/02/02 07:30:33 dtucker Exp $ +$Id: ChangeLog,v 1.3632 2005/02/02 12:30:24 dtucker Exp $ diff --git a/auth.c b/auth.c index dfc1be374..b6c00c12b 100644 --- a/auth.c +++ b/auth.c @@ -244,7 +244,10 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) info); #ifdef CUSTOM_FAILED_LOGIN - if (authenticated == 0 && strcmp(method, "password") == 0) + if (authenticated == 0 && !authctxt->postponed && + (strcmp(method, "password") == 0 || + strncmp(method, "keyboard-interactive", 20) == 0) || + strcmp(method, "challenge-response") == 0) record_failed_login(authctxt->user, get_canonical_hostname(options.use_dns), "ssh"); #endif diff --git a/canohost.c b/canohost.c index 8ad684d6c..e5a6b6be3 100644 --- a/canohost.c +++ b/canohost.c @@ -20,7 +20,6 @@ RCSID("$OpenBSD: canohost.c,v 1.41 2004/07/21 11:51:29 djm Exp $"); #include "canohost.h" static void check_ip_options(int, char *); -static void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); /* * Return the canonical name of the host at the other end of the socket. The @@ -166,7 +165,7 @@ check_ip_options(int sock, char *ipaddr) #endif /* IP_OPTIONS */ } -static void +void ipv64_normalise_mapped(struct sockaddr_storage *addr, socklen_t *len) { struct sockaddr_in6 *a6 = (struct sockaddr_in6 *)addr; diff --git a/canohost.h b/canohost.h index 4347b488a..df1f125e5 100644 --- a/canohost.h +++ b/canohost.h @@ -23,3 +23,5 @@ char *get_local_name(int); int get_remote_port(void); int get_local_port(void); + +void ipv64_normalise_mapped(struct sockaddr_storage *, socklen_t *); diff --git a/configure.ac b/configure.ac index 94d6b1e78..86b26daf9 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.236 2005/02/01 23:44:00 dtucker Exp $ +# $Id: configure.ac,v 1.237 2005/02/02 12:30:25 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -219,6 +219,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(DISABLE_UTMP) AC_DEFINE(LOCKED_PASSWD_STRING, "*") AC_DEFINE(SPT_TYPE,SPT_PSTAT) + AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) check_for_hpux_broken_getaddrinfo=1 check_for_conflicting_getspnam=1 LIBS="$LIBS -lsec" @@ -256,6 +257,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) AC_DEFINE(LOCKED_PASSWD_PREFIX, "!") AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) AC_DEFINE(LINK_OPNOTSUPP_ERRNO, EPERM) + AC_DEFINE(_PATH_BTMP, "/var/log/btmp", [log for bad login attempts]) + AC_DEFINE(USE_BTMP, 1, [Use btmp to log bad logins]) inet6_default_4in6=yes case `uname -r` in 1.*|2.0.*) diff --git a/defines.h b/defines.h index 8c1d9c409..4d59408ad 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.117 2004/06/22 03:27:16 dtucker Exp $ */ +/* $Id: defines.h,v 1.118 2005/02/02 12:30:25 dtucker Exp $ */ /* Constants */ @@ -644,6 +644,15 @@ struct winsize { # define CUSTOM_SYS_AUTH_PASSWD 1 #endif +/* HP-UX 11.11 */ +#ifdef BTMP_FILE +# define _PATH_BTMP BTMP_FILE +#endif + +#if defined(USE_BTMP) && defined(_PATH_BTMP) +# define CUSTOM_FAILED_LOGIN +#endif + /** end of login recorder definitions */ #endif /* _DEFINES_H */ diff --git a/loginrec.c b/loginrec.c index 25aa29f2f..e77318ba3 100644 --- a/loginrec.c +++ b/loginrec.c @@ -25,6 +25,27 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/* + * The btmp logging code is derived from login.c from util-linux and is under + * the the following license: + * + * Copyright (c) 1980, 1987, 1988 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms are permitted + * provided that the above copyright notice and this paragraph are + * duplicated in all such forms and that any documentation, + * advertising materials, and other materials related to such + * distribution and use acknowledge that the software was developed + * by the University of California, Berkeley. The name of the + * University may not be used to endorse or promote products derived + * from this software without specific prior written permission. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + + /** ** loginrec.c: platform-independent login recording and lastlog retrieval **/ @@ -131,6 +152,8 @@ #include "loginrec.h" #include "log.h" #include "atomicio.h" +#include "packet.h" +#include "canohost.h" #ifdef HAVE_UTIL_H # include @@ -140,7 +163,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.62 2004/09/12 05:26:01 djm Exp $"); +RCSID("$Id: loginrec.c,v 1.63 2005/02/02 12:30:25 dtucker Exp $"); /** ** prototypes for helper functions in this file @@ -1563,3 +1586,82 @@ lastlog_get_entry(struct logininfo *li) return (0); } #endif /* USE_LASTLOG */ + +#ifdef USE_BTMP + /* + * Logs failed login attempts in _PATH_BTMP if that exists. + * The most common login failure is to give password instead of username. + * So the _PATH_BTMP file checked for the correct permission, so that + * only root can read it. + */ + +void +record_failed_login(const char *username, const char *hostname, + const char *ttyn) +{ + int fd; + struct utmp ut; + struct sockaddr_storage from; + size_t fromlen = sizeof(from); + struct sockaddr_in *a4; + struct sockaddr_in6 *a6; + time_t t; + struct stat fst; + + if (geteuid() != 0) + return; + if ((fd = open(_PATH_BTMP, O_WRONLY | O_APPEND)) < 0) { + debug("Unable to open the btmp file %s: %s", _PATH_BTMP, + strerror(errno)); + return; + } + if (fstat(fd, &fst) < 0) { + logit("%s: fstat of %s failed: %s", __func__, _PATH_BTMP, + strerror(errno)); + goto out; + } + if((fst.st_mode & (S_IRWXG | S_IRWXO)) || (fst.st_uid != 0)){ + logit("Excess permission or bad ownership on file %s", + _PATH_BTMP); + goto out; + } + + memset(&ut, 0, sizeof(ut)); + /* strncpy because we don't necessarily want nul termination */ + strncpy(ut.ut_user, username, sizeof(ut.ut_user)); + strlcpy(ut.ut_line, "ssh:notty", sizeof(ut.ut_line)); + + time(&t); + ut.ut_time = t; /* ut_time is not always a time_t */ + ut.ut_type = LOGIN_PROCESS; + ut.ut_pid = getpid(); + + /* strncpy because we don't necessarily want nul termination */ + strncpy(ut.ut_host, hostname, sizeof(ut.ut_host)); + + if (packet_connection_is_on_socket() && + getpeername(packet_get_connection_in(), + (struct sockaddr *)&from, &fromlen) == 0) { + ipv64_normalise_mapped(&from, &fromlen); + if (from.ss_family == AF_INET) { + a4 = (struct sockaddr_in *)&from; + memcpy(&ut.ut_addr, &(a4->sin_addr), + MIN_SIZEOF(ut.ut_addr, a4->sin_addr)); + } +#ifdef HAVE_ADDR_V6_IN_UTMP + if (from.ss_family == AF_INET6) { + a6 = (struct sockaddr_in6 *)&from; + memcpy(&ut.ut_addr_v6, &(a6->sin6_addr), + MIN_SIZEOF(ut.ut_addr_v6, a6->sin6_addr)); + } +#endif + } + + if (atomicio(vwrite, fd, &ut, sizeof(ut)) != sizeof(ut)) + error("Failed to write to %s: %s", _PATH_BTMP, + strerror(errno)); + +out: + close(fd); +} +#endif /* USE_BTMP */ -- cgit v1.2.3 From c7e38d59e906dcb8028deccac6793463c5ca8f5c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 9 Feb 2005 22:12:30 +1100 Subject: - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir paths. ok djm@ --- ChangeLog | 6 +++--- configure.ac | 6 +++++- 2 files changed, 8 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 633d70c36..a1e2c6836 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,8 +21,8 @@ - (dtucker) [auth-passwd.c openbsd-compat/port-aix.c] Don't call disable_forwarding() from compat library. Prevent linker errrors trying to resolve it for binaries other than sshd. ok djm@ - - when + - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir + paths. ok djm@ 20050208 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the @@ -2112,4 +2112,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3645 2005/02/09 06:08:23 dtucker Exp $ +$Id: ChangeLog,v 1.3646 2005/02/09 11:12:30 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 86b26daf9..3ccbbaf0c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.237 2005/02/02 12:30:25 dtucker Exp $ +# $Id: configure.ac,v 1.238 2005/02/09 11:12:31 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -1226,6 +1226,10 @@ AC_ARG_WITH(ssl-dir, [ --with-ssl-dir=PATH Specify path to OpenSSL installation ], [ if test "x$withval" != "xno" ; then + case "$withval" in + # Relative paths + ./*|../*) withval="`pwd`/$withval" + esac if test -d "$withval/lib"; then if test -n "${need_dash_r}"; then LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}" -- cgit v1.2.3 From 33370e0287649c135eef8e7a0e22aee754deeac5 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 9 Feb 2005 22:17:28 +1100 Subject: - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require the username to be passed to the passwd command when changing expired passwords. ok djm@ --- ChangeLog | 5 ++++- configure.ac | 3 ++- session.c | 5 +++++ 3 files changed, 11 insertions(+), 2 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index a1e2c6836..3b943f3c2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -23,6 +23,9 @@ to resolve it for binaries other than sshd. ok djm@ - (dtucker) [configure.ac] Bug #854: prepend pwd to relative --with-ssl-dir paths. ok djm@ + - (dtucker) [configure.ac session.c] Some platforms (eg some SCO) require + the username to be passed to the passwd command when changing expired + passwords. ok djm@ 20050208 - (dtucker) [regress/test-exec.sh] Bug #912: Set _POSIX2_VERSION for the @@ -2112,4 +2115,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3646 2005/02/09 11:12:30 dtucker Exp $ +$Id: ChangeLog,v 1.3647 2005/02/09 11:17:28 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 3ccbbaf0c..e79e89ac2 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.238 2005/02/09 11:12:31 dtucker Exp $ +# $Id: configure.ac,v 1.239 2005/02/09 11:17:28 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -403,6 +403,7 @@ mips-sony-bsd|mips-sony-newsos4) AC_DEFINE(BROKEN_SETREGID) AC_DEFINE(WITH_ABBREV_NO_TTY) AC_DEFINE(BROKEN_UPDWTMPX) + AC_DEFINE(PASSWD_NEEDS_USERNAME, 1, [must supply username to passwd]) AC_CHECK_FUNCS(getluid setluid) MANTYPE=man TEST_SHELL=ksh diff --git a/session.c b/session.c index a50bfcff7..1896e141f 100644 --- a/session.c +++ b/session.c @@ -1346,7 +1346,12 @@ do_pwchange(Session *s) if (s->ttyfd != -1) { fprintf(stderr, "You must change your password now and login again!\n"); +#ifdef PASSWD_NEEDS_USERNAME + execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, + (char *)NULL); +#else execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); +#endif perror("passwd"); } else { fprintf(stderr, -- cgit v1.2.3 From 2f9573df714b221acbf92f8b48645849475136fa Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Thu, 10 Feb 2005 22:28:54 +1100 Subject: - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the --disable-etc-default-login configure option. --- ChangeLog | 6 +++++- configure.ac | 20 ++++++++++++++------ 2 files changed, 19 insertions(+), 7 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 3b943f3c2..35fb0ca18 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050210 + - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the + --disable-etc-default-login configure option. + 20050209 - (dtucker) OpenBSD CVS Sync - dtucker@cvs.openbsd.org 2005/01/28 09:45:53 @@ -2115,4 +2119,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3647 2005/02/09 11:17:28 dtucker Exp $ +$Id: ChangeLog,v 1.3648 2005/02/10 11:28:54 dtucker Exp $ diff --git a/configure.ac b/configure.ac index e79e89ac2..9d1d33282 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.239 2005/02/09 11:17:28 dtucker Exp $ +# $Id: configure.ac,v 1.240 2005/02/10 11:28:55 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -2583,18 +2583,26 @@ fi # check for /etc/default/login and use it if present. AC_ARG_ENABLE(etc-default-login, - [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]],, - [ AC_CHECK_FILE("/etc/default/login", - [ external_path_file=/etc/default/login ]) + [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], + [ if test "x$enableval" = "xno"; then + AC_MSG_NOTICE([/etc/default/login handling disabled]) + etc_default_login=no + else + etc_default_login=yes + fi ], + [ etc_default_login=yes ] +) +if test "x$etc_default_login" != "xno"; then + AC_CHECK_FILE("/etc/default/login", + [ external_path_file=/etc/default/login ]) if test ! -z "$cross_compiling" && test "x$cross_compiling" = "xyes"; then AC_MSG_WARN([cross compiling: Disabling /etc/default/login test]) elif test "x$external_path_file" = "x/etc/default/login"; then AC_DEFINE(HAVE_ETC_DEFAULT_LOGIN) fi - ] -) +fi dnl BSD systems use /etc/login.conf so --with-default-path= has no effect if test $ac_cv_func_login_getcapbool = "yes" -a \ -- cgit v1.2.3 From 1b6f2291e4adf4d3e7e81d35194b1ad7751270f2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 11 Feb 2005 16:11:49 +1100 Subject: - (dtucker) [configure.ac] Tidy up configure --help output. --- ChangeLog | 5 ++++- configure.ac | 12 +++++------- 2 files changed, 9 insertions(+), 8 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 35fb0ca18..2c932661c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20050211 + - (dtucker) [configure.ac] Tidy up configure --help output. + 20050210 - (dtucker) [configure.ac] Bug #919: Provide visible feedback for the --disable-etc-default-login configure option. @@ -2119,4 +2122,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3648 2005/02/10 11:28:54 dtucker Exp $ +$Id: ChangeLog,v 1.3649 2005/02/11 05:11:49 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 9d1d33282..2df8a5e87 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.240 2005/02/10 11:28:55 dtucker Exp $ +# $Id: configure.ac,v 1.241 2005/02/11 05:11:49 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -766,8 +766,7 @@ fi # Check whether user wants S/Key support SKEY_MSG="no" AC_ARG_WITH(skey, - [ --with-skey[[=PATH]] Enable S/Key support - (optionally in PATH)], + [ --with-skey[[=PATH]] Enable S/Key support (optionally in PATH)], [ if test "x$withval" != "xno" ; then @@ -808,8 +807,7 @@ int main() { char *ff = skey_keyinfo(""); ff=""; exit(0); } # Check whether user wants TCP wrappers support TCPW_MSG="no" AC_ARG_WITH(tcp-wrappers, - [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support - (optionally in PATH)], + [ --with-tcp-wrappers[[=PATH]] Enable tcpwrappers support (optionally in PATH)], [ if test "x$withval" != "xno" ; then saved_LIBS="$LIBS" @@ -865,7 +863,7 @@ AC_ARG_WITH(tcp-wrappers, # Check whether user wants libedit support LIBEDIT_MSG="no" AC_ARG_WITH(libedit, - [ --with-libedit[[=PATH]] Enable libedit support for sftp], + [ --with-libedit[[=PATH]] Enable libedit support for sftp], [ if test "x$withval" != "xno" ; then AC_CHECK_LIB(edit, el_init, [ AC_DEFINE(USE_LIBEDIT, [], [Use libedit for sftp]) @@ -2583,7 +2581,7 @@ fi # check for /etc/default/login and use it if present. AC_ARG_ENABLE(etc-default-login, - [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], + [ --disable-etc-default-login Disable using PATH from /etc/default/login [no]], [ if test "x$enableval" = "xno"; then AC_MSG_NOTICE([/etc/default/login handling disabled]) etc_default_login=no -- cgit v1.2.3 From 691d5235ca9485877e8345269b1be4b2cf1be322 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 15 Feb 2005 21:45:57 +1100 Subject: - (dtucker) [README.platform auth.c configure.ac loginrec.c openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 on AIX where possible (see README.platform for details) and work around a misfeature of AIX's getnameinfo. ok djm@ --- ChangeLog | 6 ++++- README.platform | 11 ++++++++- auth.c | 2 +- configure.ac | 62 +++++++++++++++++++++++++++++++++++++++++++++-- loginrec.c | 6 +++-- openbsd-compat/port-aix.c | 45 ++++++++++++++++++++++++++++------ openbsd-compat/port-aix.h | 22 ++++++++++++++--- 7 files changed, 136 insertions(+), 18 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index a55a3b3d7..9b0b3e2af 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 20050215 - (dtucker) [config.sh.in] Collect oslevel -r too. + - (dtucker) [README.platform auth.c configure.ac loginrec.c + openbsd-compat/port-aix.c openbsd-compat/port-aix.h] Bug #835: enable IPv6 + on AIX where possible (see README.platform for details) and work around + a misfeature of AIX's getnameinfo. ok djm@ 20050211 - (dtucker) [configure.ac] Tidy up configure --help output. @@ -2126,4 +2130,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3651 2005/02/15 10:26:32 dtucker Exp $ +$Id: ChangeLog,v 1.3652 2005/02/15 10:45:57 dtucker Exp $ diff --git a/README.platform b/README.platform index 880b83c63..136304a8e 100644 --- a/README.platform +++ b/README.platform @@ -13,6 +13,15 @@ Accounts in this state must have their passwords reset manually by the administrator. As a precaution, it is recommended that the administrative passwords be reset before upgrading from OpenSSH <3.8. +As of OpenSSH 4.0, configure will attempt to detect if your version +and maintenance level of AIX has a working getaddrinfo, and will use it +if found. This will enable IPv6 support. If for some reason configure +gets it wrong, or if you want to build binaries to work on earlier MLs +than the build host then you can add "-DBROKEN_GETADDRINFO" to CFLAGS +to force the previous IPv4-only behaviour. + +IPv6 known to work: 5.2ML2 5.2ML5 +IPv6 known broken: 4.3.3ML11 5.1ML4 Cygwin ------ @@ -27,4 +36,4 @@ Currently, sshd does not support BSM auditting. This can show up as errors when editting cron entries via crontab. See. http://bugzilla.mindrot.org/show_bug.cgi?id=125 -$Id: README.platform,v 1.2 2004/04/23 08:57:13 dtucker Exp $ +$Id: README.platform,v 1.3 2005/02/15 10:45:57 dtucker Exp $ diff --git a/auth.c b/auth.c index e6dcab209..256807683 100644 --- a/auth.c +++ b/auth.c @@ -209,7 +209,7 @@ allowed_user(struct passwd * pw) } #ifdef CUSTOM_SYS_AUTH_ALLOWED_USER - if (!sys_auth_allowed_user(pw)) + if (!sys_auth_allowed_user(pw, &loginmsg)) return 0; #endif diff --git a/configure.ac b/configure.ac index 2df8a5e87..b27f0cf70 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.241 2005/02/11 05:11:49 dtucker Exp $ +# $Id: configure.ac,v 1.242 2005/02/15 10:45:57 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -135,7 +135,7 @@ case "$host" in [#include ] ) AC_CHECK_FUNCS(setauthdb) - AC_DEFINE(BROKEN_GETADDRINFO) + check_for_aix_broken_getaddrinfo=1 AC_DEFINE(BROKEN_REALPATH) AC_DEFINE(SETEUID_BREAKS_SETUID) AC_DEFINE(BROKEN_SETREUID) @@ -1146,6 +1146,64 @@ main(void) ) fi +if test "x$ac_cv_func_getaddrinfo" = "xyes" -a "x$check_for_aix_broken_getaddrinfo" = "x1"; then + AC_MSG_CHECKING(if getaddrinfo seems to work) + AC_TRY_RUN( + [ +#include +#include +#include +#include +#include + +#define TEST_PORT "2222" + +int +main(void) +{ + int err, sock; + struct addrinfo *gai_ai, *ai, hints; + char ntop[NI_MAXHOST], strport[NI_MAXSERV], *name = NULL; + + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + + err = getaddrinfo(name, TEST_PORT, &hints, &gai_ai); + if (err != 0) { + fprintf(stderr, "getaddrinfo failed (%s)", gai_strerror(err)); + exit(1); + } + + for (ai = gai_ai; ai != NULL; ai = ai->ai_next) { + if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) + continue; + + err = getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop, + sizeof(ntop), strport, sizeof(strport), + NI_NUMERICHOST|NI_NUMERICSERV); + + if (ai->ai_family == AF_INET && err != 0) { + perror("getnameinfo"); + exit(2); + } + } + exit(0); +} + ], + [ + AC_MSG_RESULT(yes) + AC_DEFINE(AIX_GETNAMEINFO_HACK, [], +[Define if you have a getaddrinfo that fails for the all-zeros IPv6 address]) + ], + [ + AC_MSG_RESULT(no) + AC_DEFINE(BROKEN_GETADDRINFO) + ] + ) +fi + if test "x$check_for_conflicting_getspnam" = "x1"; then AC_MSG_CHECKING(for conflicting getspnam in shadow.h) AC_COMPILE_IFELSE( diff --git a/loginrec.c b/loginrec.c index c033582ad..8f5061cdc 100644 --- a/loginrec.c +++ b/loginrec.c @@ -164,7 +164,7 @@ # include #endif -RCSID("$Id: loginrec.c,v 1.65 2005/02/08 10:52:48 dtucker Exp $"); +RCSID("$Id: loginrec.c,v 1.66 2005/02/15 10:45:57 dtucker Exp $"); /** ** prototypes for helper functions in this file @@ -192,6 +192,8 @@ int lastlog_get_entry(struct logininfo *li); int wtmp_get_entry(struct logininfo *li); int wtmpx_get_entry(struct logininfo *li); +extern Buffer loginmsg; + /* pick the shortest string */ #define MIN_SIZEOF(s1,s2) (sizeof(s1) < sizeof(s2) ? sizeof(s1) : sizeof(s2)) @@ -441,7 +443,7 @@ login_write(struct logininfo *li) #endif #ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN if (li->type == LTYPE_LOGIN && - !sys_auth_record_login(li->username,li->hostname,li->line)) + !sys_auth_record_login(li->username,li->hostname,li->line, &loginmsg)) logit("Writing login record failed for %s", li->username); #endif #ifdef SSH_AUDIT_EVENTS diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index b16988543..8ab862f98 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -34,14 +34,13 @@ #ifdef _AIX #include +#include #include "port-aix.h" /* These should be in the system headers but are not. */ int usrinfo(int, char *, int); int setauthdb(const char *, char *); -extern Buffer loginmsg; - # ifdef HAVE_SETAUTHDB static char old_registry[REGISTRY_SIZE] = ""; # endif @@ -156,7 +155,7 @@ aix_valid_authentications(const char *user) * returns 0. */ int -sys_auth_passwd(Authctxt *ctxt, const char *password) +sys_auth_passwd(Authctxt *ctxt, const char *password, Buffer *loginmsg) { char *authmsg = NULL, *msg, *name = ctxt->pw->pw_name; int authsuccess = 0, expired, reenter, result; @@ -186,7 +185,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) */ expired = passwdexpired(name, &msg); if (msg && *msg) { - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); aix_remove_embedded_newlines(msg); } debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg); @@ -219,7 +218,7 @@ sys_auth_passwd(Authctxt *ctxt, const char *password) * Returns 1 if login is allowed, 0 if not allowed. */ int -sys_auth_allowed_user(struct passwd *pw) +sys_auth_allowed_user(struct passwd *pw, Buffer *loginmsg) { char *msg = NULL; int result, permitted = 0; @@ -246,7 +245,7 @@ sys_auth_allowed_user(struct passwd *pw) if (result == -1 && errno == EPERM && stat(_PATH_NOLOGIN, &st) == 0) permitted = 1; else if (msg != NULL) - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); if (msg == NULL) msg = xstrdup("(none)"); aix_remove_embedded_newlines(msg); @@ -259,7 +258,8 @@ sys_auth_allowed_user(struct passwd *pw) } int -sys_auth_record_login(const char *user, const char *host, const char *ttynm) +sys_auth_record_login(const char *user, const char *host, const char *ttynm, + Buffer *loginmsg) { char *msg; int success = 0; @@ -269,7 +269,7 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm) success = 1; if (msg != NULL) { debug("AIX/loginsuccess: msg %s", msg); - buffer_append(&loginmsg, msg, strlen(msg)); + buffer_append(loginmsg, msg, strlen(msg)); xfree(msg); } } @@ -349,4 +349,33 @@ aix_restoreauthdb(void) # endif /* WITH_AIXAUTHENTICATE */ +# if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_ADDRINFO) +# undef getnameinfo +/* + * For some reason, AIX's getnameinfo will refuse to resolve the all-zeros + * IPv6 address into its textual representation ("::"), so we wrap it + * with a function that will. + */ +int +sshaix_getnameinfo(const struct sockaddr *sa, size_t salen, char *host, + size_t hostlen, char *serv, size_t servlen, int flags) +{ + struct sockaddr_in6 *sa6; + u_int32_t *a6; + + if (flags & (NI_NUMERICHOST|NI_NUMERICSERV) && + sa->sa_family == AF_INET6) { + sa6 = (struct sockaddr_in6 *)sa; + a6 = sa6->sin6_addr.u6_addr.u6_addr32; + + if (a6[0] == 0 && a6[1] == 0 && a6[2] == 0 && a6[3] == 0) { + strlcpy(host, "::", hostlen); + snprintf(serv, servlen, "%d", sa6->sin6_port); + return 0; + } + } + return getnameinfo(sa, salen, host, hostlen, serv, servlen, flags); +} +# endif /* AIX_GETNAMEINFO_HACK */ + #endif /* _AIX */ diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 751139004..cc7c43cda 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.22 2005/02/02 06:10:11 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.23 2005/02/15 10:45:58 dtucker Exp $ */ /* * @@ -27,6 +27,10 @@ #ifdef _AIX +#ifdef HAVE_SYS_SOCKET_H +# include +#endif + #ifdef WITH_AIXAUTHENTICATE # include # include @@ -36,6 +40,8 @@ # include #endif +#include "buffer.h" + /* Some versions define r_type in the above headers, which causes a conflict */ #ifdef r_type # undef r_type @@ -64,13 +70,23 @@ void aix_usrinfo(struct passwd *); #ifdef WITH_AIXAUTHENTICATE # define CUSTOM_SYS_AUTH_PASSWD 1 # define CUSTOM_SYS_AUTH_ALLOWED_USER 1 -int sys_auth_allowed_user(struct passwd *); +int sys_auth_allowed_user(struct passwd *, Buffer *); # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1 -int sys_auth_record_login(const char *, const char *, const char *); +int sys_auth_record_login(const char *, const char *, const char *, Buffer *); # define CUSTOM_FAILED_LOGIN 1 #endif void aix_setauthdb(const char *); void aix_restoreauthdb(void); void aix_remove_embedded_newlines(char *); + +#if defined(AIX_GETNAMEINFO_HACK) && !defined(BROKEN_GETADDRINFO) +# ifdef getnameinfo +# undef getnameinfo +# endif +int sshaix_getnameinfo(const struct sockaddr *, size_t, char *, size_t, + char *, size_t, int); +# define getnameinfo(a,b,c,d,e,f,g) (sshaix_getnameinfo(a,b,c,d,e,f,g)) +#endif + #endif /* _AIX */ -- cgit v1.2.3 From ca6e7a7e8b6cc828f5df96b180d03e7ca1179fca Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 16 Feb 2005 16:19:17 +1100 Subject: - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant Unix; prevents problems relating to the location of -lresolv in the link order. --- ChangeLog | 5 ++++- configure.ac | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 17491a41a..bbead8299 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ via mkstemp in some configurations. ok djm@ - (dtucker) [auth-shadow.c] Prevent compiler warnings if "DAY" is defined by the system headers. + - (dtucker) [configure.ac] Bug #893: check for libresolv early on Reliant + Unix; prevents problems relating to the location of -lresolv in the + link order. 20050215 - (dtucker) [config.sh.in] Collect oslevel -r too. @@ -2139,4 +2142,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3656 2005/02/16 03:20:06 dtucker Exp $ +$Id: ChangeLog,v 1.3657 2005/02/16 05:19:17 dtucker Exp $ diff --git a/configure.ac b/configure.ac index b27f0cf70..aa6aed6b0 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.242 2005/02/15 10:45:57 dtucker Exp $ +# $Id: configure.ac,v 1.243 2005/02/16 05:19:17 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -339,6 +339,8 @@ mips-sony-bsd|mips-sony-newsos4) *-sni-sysv*) # /usr/ucblib MUST NOT be searched on ReliantUNIX AC_CHECK_LIB(dl, dlsym, ,) + # -lresolv needs to be at then end of LIBS or DNS lookups break + AC_CHECK_LIB(res_query, resolv, [ LIBS="$LIBS -lresolv" ]) IPADDR_IN_DISPLAY=yes AC_DEFINE(USE_PIPES) AC_DEFINE(IP_TOS_IS_BROKEN) -- cgit v1.2.3 From 3c774c52f31b54eccb5a936470d21d196968693b Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Wed, 16 Feb 2005 22:49:31 +1100 Subject: - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more compiler warnings on AIX. --- ChangeLog | 4 +++- configure.ac | 7 +++++-- openbsd-compat/port-aix.c | 4 ---- openbsd-compat/port-aix.h | 25 ++++++++++++++++++++++++- 4 files changed, 32 insertions(+), 8 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 9d132f981..836cc0dfc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ authentication early enough to be available to PAM session modules when privsep=yes. Patch from deengert at anl.gov, ok'ed in principle by Sam Hartman and similar to Debian's ssh-krb5 package. + - (dtucker) [configure.ac openbsd-compat/port-aix.{c,h}] Silence some more + compiler warnings on AIX. 20050215 - (dtucker) [config.sh.in] Collect oslevel -r too. @@ -2146,4 +2148,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3658 2005/02/16 05:47:37 dtucker Exp $ +$Id: ChangeLog,v 1.3659 2005/02/16 11:49:31 dtucker Exp $ diff --git a/configure.ac b/configure.ac index aa6aed6b0..fe6b002d4 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.243 2005/02/16 05:19:17 dtucker Exp $ +# $Id: configure.ac,v 1.244 2005/02/16 11:49:31 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -121,8 +121,11 @@ case "$host" in LIBS="$LIBS -ls" ]) ]) + dnl Check for various auth function declarations in headers. + AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, passwdexpired],, + [#include ]) dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) - AC_CHECK_DECL(loginfailed, + AC_CHECK_DECLS(loginfailed, [AC_MSG_CHECKING(if loginfailed takes 4 arguments) AC_TRY_COMPILE( [#include ], diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 8ab862f98..fa6a4ff7b 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c @@ -37,10 +37,6 @@ #include #include "port-aix.h" -/* These should be in the system headers but are not. */ -int usrinfo(int, char *, int); -int setauthdb(const char *, char *); - # ifdef HAVE_SETAUTHDB static char old_registry[REGISTRY_SIZE] = ""; # endif diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index cc7c43cda..a05ce9703 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h @@ -1,4 +1,4 @@ -/* $Id: port-aix.h,v 1.23 2005/02/15 10:45:58 dtucker Exp $ */ +/* $Id: port-aix.h,v 1.24 2005/02/16 11:49:31 dtucker Exp $ */ /* * @@ -30,6 +30,9 @@ #ifdef HAVE_SYS_SOCKET_H # include #endif +#ifdef HAVE_UNISTD_H +# include /* for seteuid() */ +#endif #ifdef WITH_AIXAUTHENTICATE # include @@ -42,6 +45,26 @@ #include "buffer.h" +/* These should be in the system headers but are not. */ +int usrinfo(int, char *, int); +int setauthdb(const char *, char *); +/* these may or may not be in the headers depending on the version */ +#if (HAVE_DECL_AUTHENTICATE == 0) +int authenticate(char *, char *, int *, char **); +#endif +#if (HAVE_DECL_LOGINFAILED == 0) +int loginfailed(char *, char *, char *); +#endif +#if (HAVE_DECL_LOGINRESTRICTIONS == 0) +int loginrestrictions(char *, int, char *, char **); +#endif +#if (HAVE_DECL_LOGINSUCCESS == 0) +int loginsuccess(char *, char *, char *, char **); +#endif +#if (HAVE_DECL_PASSWDEXPIRED == 0) +int passwdexpired(char *, char **); +#endif + /* Some versions define r_type in the above headers, which causes a conflict */ #ifdef r_type # undef r_type -- cgit v1.2.3 From d9f88915a2f2e7fe738799122ac288b5b1a13547 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Feb 2005 21:01:48 +1100 Subject: - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure --with-audit=bsm to enable. Patch originally from Sun Microsystems, parts by John R. Jackson. ok djm@ --- ChangeLog | 8 +++++++- LICENCE | 1 + Makefile.in | 5 +++-- README.platform | 17 +++++++++++++---- configure.ac | 39 ++++++++++++++++++++++++++++++++++++++- defines.h | 11 ++++++++++- 6 files changed, 72 insertions(+), 9 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 836cc0dfc..87ae13abe 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20050220 + - (dtucker) [LICENCE Makefile.in README.platform audit-bsm.c configure.ac + defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure + --with-audit=bsm to enable. Patch originally from Sun Microsystems, + parts by John R. Jackson. ok djm@ + 20050216 - (djm) write seed to temporary file and atomically rename into place; ok dtucker@ @@ -2148,4 +2154,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3659 2005/02/16 11:49:31 dtucker Exp $ +$Id: ChangeLog,v 1.3660 2005/02/20 10:01:48 dtucker Exp $ diff --git a/LICENCE b/LICENCE index f9062bd51..ae03eb3a7 100644 --- a/LICENCE +++ b/LICENCE @@ -203,6 +203,7 @@ OpenSSH contains no GPL code. Wayne Schroeder William Jones Darren Tucker + Sun Microsystems * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions diff --git a/Makefile.in b/Makefile.in index c6cfef11a..71036c118 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.268 2005/02/02 13:20:53 dtucker Exp $ +# $Id: Makefile.in,v 1.269 2005/02/20 10:01:49 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -85,7 +85,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \ auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ - loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o audit.o + loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ + audit.o audit-bsm.o MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 diff --git a/README.platform b/README.platform index 4e7b84d39..af551de48 100644 --- a/README.platform +++ b/README.platform @@ -32,8 +32,17 @@ openssl-devel, zlib, minres, minires-devel. Solaris ------- -Currently, sshd does not support BSM auditting. This can show up as errors -when editting cron entries via crontab. See. -http://bugzilla.mindrot.org/show_bug.cgi?id=125 +If you enable BSM auditing on Solaris, you need to update audit_event(4) +for praudit(1m) to give sensible output. The following line needs to be +added to /etc/security/audit_event: -$Id: README.platform,v 1.4 2005/02/15 11:44:05 dtucker Exp $ + 32800:AUE_openssh:OpenSSH login:lo + +The BSM audit event range available for third party TCB applications is +32768 - 65535. Event number 32800 has been choosen for AUE_openssh. +There is no official registry of 3rd party event numbers, so if this +number is already in use on your system, you may change it at build time +by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding. + + +$Id: README.platform,v 1.5 2005/02/20 10:01:49 dtucker Exp $ diff --git a/configure.ac b/configure.ac index fe6b002d4..1bf067a2f 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.244 2005/02/16 11:49:31 dtucker Exp $ +# $Id: configure.ac,v 1.245 2005/02/20 10:01:49 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -881,6 +881,37 @@ AC_ARG_WITH(libedit, fi ] ) +AUDIT_MODULE=none +AC_ARG_WITH(audit, + [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], + [ + AC_MSG_CHECKING(for supported audit module) + case "$withval" in + bsm) + AC_MSG_RESULT(bsm) + AUDIT_MODULE=bsm + dnl Checks for headers, libs and functions + AC_CHECK_HEADERS(bsm/audit.h, [], + [AC_MSG_ERROR(BSM enabled and bsm/audit.h not found)]) + AC_CHECK_LIB(bsm, getaudit, [], + [AC_MSG_ERROR(BSM enabled and required library not found)]) + AC_CHECK_FUNCS(getaudit, [], + [AC_MSG_ERROR(BSM enabled and required function not found)]) + # These are optional + AC_CHECK_FUNCS(getaudit_addr gettext) + AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module]) + ;; + debug) + AUDIT_MODULE=debug + AC_MSG_RESULT(debug) + AC_DEFINE(SSH_AUDIT_EVENTS, [], Use audit debugging module) + ;; + *) + AC_MSG_ERROR([Unknown audit module $withval]) + ;; + esac ] +) + dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS(\ arc4random __b64_ntop b64_ntop __b64_pton b64_pton bcopy \ @@ -1846,6 +1877,8 @@ TYPE_SOCKLEN_T AC_CHECK_TYPES(sig_atomic_t,,,[#include ]) +AC_CHECK_TYPES(in_addr_t,,,[#include ]) + AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ AC_TRY_COMPILE( [ @@ -3195,3 +3228,7 @@ if test ! -z "$NO_PEERCHECK" ; then echo "" fi +if test "$AUDIT_MODULE" = "bsm" ; then + echo "WARNING: BSM audit support is currently considered EXPERIMENTAL." + echo "See the Solaris section in README.platform for details." +fi diff --git a/defines.h b/defines.h index 4d59408ad..7758bc37a 100644 --- a/defines.h +++ b/defines.h @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.118 2005/02/02 12:30:25 dtucker Exp $ */ +/* $Id: defines.h,v 1.119 2005/02/20 10:01:49 dtucker Exp $ */ /* Constants */ @@ -288,6 +288,10 @@ struct sockaddr_un { }; #endif /* HAVE_SYS_UN_H */ +#ifndef HAVE_IN_ADDR_T +typedef u_int32_t in_addr_t; +#endif + #if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE) #define _STRUCT_WINSIZE struct winsize { @@ -530,6 +534,11 @@ struct winsize { # define getpgrp() getpgrp(0) #endif +#ifdef USE_BSM_AUDIT +# define SSH_AUDIT_EVENTS +# define CUSTOM_SSH_AUDIT_EVENTS +#endif + /* OPENSSL_free() is Free() in versions before OpenSSL 0.9.6 */ #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090600f) # define OPENSSL_free(x) Free(x) -- cgit v1.2.3 From 04cfbe04aaa0ff43c3e8f131c858411e1b0151a2 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 20 Feb 2005 23:27:11 +1100 Subject: - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes unrelated platforms to be configured incorrectly. --- ChangeLog | 4 +++- configure.ac | 6 +++--- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 87ae13abe..03789f28d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure --with-audit=bsm to enable. Patch originally from Sun Microsystems, parts by John R. Jackson. ok djm@ + - (dtucker) [configure.ac] Missing comma in AIX section, somehow causes + unrelated platforms to be configured incorrectly. 20050216 - (djm) write seed to temporary file and atomically rename into place; @@ -2154,4 +2156,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3660 2005/02/20 10:01:48 dtucker Exp $ +$Id: ChangeLog,v 1.3661 2005/02/20 12:27:11 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 1bf067a2f..3535b9761 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.245 2005/02/20 10:01:49 dtucker Exp $ +# $Id: configure.ac,v 1.246 2005/02/20 12:27:11 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -122,8 +122,8 @@ case "$host" in ]) ]) dnl Check for various auth function declarations in headers. - AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, passwdexpired],, - [#include ]) + AC_CHECK_DECLS([authenticate, loginrestrictions, loginsuccess, + passwdexpired], , , [#include ]) dnl Check if loginfailed is declared and takes 4 arguments (AIX >= 5.2) AC_CHECK_DECLS(loginfailed, [AC_MSG_CHECKING(if loginfailed takes 4 arguments) -- cgit v1.2.3 From 848b99363987c3cc7abffb182d519dbea8c4f8ab Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Thu, 24 Feb 2005 12:12:34 +1100 Subject: - (djm) [configure.ac] in_addr_t test needs sys/types.h too --- ChangeLog | 5 ++++- configure.ac | 6 ++++-- 2 files changed, 8 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index 8ab6c1ba3..bb126761d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20050222 + - (djm) [configure.ac] in_addr_t test needs sys/types.h too + 20050222 - (dtucker) [uidswap.c] Skip uid restore test on Cygwin. Patch from vinschen at redhat.com. @@ -2160,4 +2163,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3662 2005/02/22 06:57:13 dtucker Exp $ +$Id: ChangeLog,v 1.3663 2005/02/24 01:12:34 djm Exp $ diff --git a/configure.ac b/configure.ac index 3535b9761..fae62d609 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.246 2005/02/20 12:27:11 dtucker Exp $ +# $Id: configure.ac,v 1.247 2005/02/24 01:12:35 djm Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -1877,7 +1877,9 @@ TYPE_SOCKLEN_T AC_CHECK_TYPES(sig_atomic_t,,,[#include ]) -AC_CHECK_TYPES(in_addr_t,,,[#include ]) +AC_CHECK_TYPES(in_addr_t,,, +[#include +#include ]) AC_CACHE_CHECK([for size_t], ac_cv_have_size_t, [ AC_TRY_COMPILE( -- cgit v1.2.3 From 3804903a094f41d09e8b294dbd69a846dcf7fe94 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 26 Feb 2005 10:07:37 +1100 Subject: - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any more. Patch from vinschen at redhat.com. --- ChangeLog | 5 ++++- acconfig.h | 5 +---- configure.ac | 3 +-- openbsd-compat/bsd-misc.c | 13 +------------ openbsd-compat/bsd-misc.h | 6 +----- 5 files changed, 8 insertions(+), 24 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index f12f6f906..b7e3635d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,9 @@ 20050226 - (dtucker) [openbsd-compat/bsd-openpty.c openbsd-compat/inet_ntop.c] Remove two obsolete Cygwin #ifdefs. Patch from vinschen at redhat.com. + - (dtucker) [acconfig.h configure.ac openbsd-compat/bsd-misc.{c,h}] + Remove SETGROUPS_NOOP, was only used by Cygwin, which doesn't need it any + more. Patch from vinschen at redhat.com. 20050224 - (djm) [configure.ac] in_addr_t test needs sys/types.h too @@ -2167,4 +2170,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3664 2005/02/25 23:04:28 dtucker Exp $ +$Id: ChangeLog,v 1.3665 2005/02/25 23:07:37 dtucker Exp $ diff --git a/acconfig.h b/acconfig.h index 014413505..5721f65fb 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.180 2004/08/16 13:12:06 dtucker Exp $ */ +/* $Id: acconfig.h,v 1.181 2005/02/25 23:07:38 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -52,9 +52,6 @@ #undef SPT_TYPE #undef SPT_PADCHAR -/* setgroups() NOOP allowed */ -#undef SETGROUPS_NOOP - /* SCO workaround */ #undef BROKEN_SYS_TERMIO_H diff --git a/configure.ac b/configure.ac index fae62d609..94d127299 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.247 2005/02/24 01:12:35 djm Exp $ +# $Id: configure.ac,v 1.248 2005/02/25 23:07:38 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -158,7 +158,6 @@ case "$host" in AC_DEFINE(NO_X11_UNIX_SOCKETS) AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) AC_DEFINE(DISABLE_FD_PASSING) - AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN) diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index 1b276b4f4..41f92cce9 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -18,7 +18,7 @@ #include "includes.h" #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.25 2004/08/15 08:41:00 djm Exp $"); +RCSID("$Id: bsd-misc.c,v 1.26 2005/02/25 23:07:38 dtucker Exp $"); #ifndef HAVE___PROGNAME char *__progname; @@ -122,17 +122,6 @@ int truncate(const char *path, off_t length) } #endif /* HAVE_TRUNCATE */ -#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP) -/* - * Cygwin setgroups should be a noop. - */ -int -setgroups(size_t size, const gid_t *list) -{ - return (0); -} -#endif - #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) int nanosleep(const struct timespec *req, struct timespec *rem) { diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index 33a1d707f..b61ec4244 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -1,4 +1,4 @@ -/* $Id: bsd-misc.h,v 1.17 2004/08/15 08:41:00 djm Exp $ */ +/* $Id: bsd-misc.h,v 1.18 2005/02/25 23:07:38 dtucker Exp $ */ /* * Copyright (c) 1999-2004 Damien Miller @@ -67,10 +67,6 @@ int utimes(char *, struct timeval *); int truncate (const char *, off_t); #endif /* HAVE_TRUNCATE */ -#if !defined(HAVE_SETGROUPS) && defined(SETGROUPS_NOOP) -int setgroups(size_t, const gid_t *); -#endif - #if !defined(HAVE_NANOSLEEP) && !defined(HAVE_NSLEEP) #ifndef HAVE_STRUCT_TIMESPEC struct timespec { -- cgit v1.2.3 From 0d0966934eb612ac96a01fc79f570cdf4b76bb84 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 7 Mar 2005 17:34:45 +1100 Subject: - (dtucker) [configure.ac] Disable gettext search when configuring with BSM audit support for the time being. ok djm@ --- ChangeLog | 6 +++++- configure.ac | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index a96605e9d..389954232 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20050307 + - (dtucker) [configure.ac] Disable gettext search when configuring with + BSM audit support for the time being. ok djm@ + 20050306 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor when attempting to audit disconnect events. Reported by Phil Dibowitz. @@ -2283,4 +2287,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3693 2005/03/06 11:38:51 dtucker Exp $ +$Id: ChangeLog,v 1.3694 2005/03/07 06:34:45 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 94d127299..b145e127a 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.248 2005/02/25 23:07:38 dtucker Exp $ +# $Id: configure.ac,v 1.249 2005/03/07 06:34:46 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -897,7 +897,7 @@ AC_ARG_WITH(audit, AC_CHECK_FUNCS(getaudit, [], [AC_MSG_ERROR(BSM enabled and required function not found)]) # These are optional - AC_CHECK_FUNCS(getaudit_addr gettext) + AC_CHECK_FUNCS(getaudit_addr) AC_DEFINE(USE_BSM_AUDIT, [], [Use BSM audit module]) ;; debug) -- cgit v1.2.3 From c390c8dc6827effbb0b515f8d33cb9e5856d1a91 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Mon, 7 Mar 2005 01:21:37 -0800 Subject: - (tim) [configure.ac] SCO 3.2v4.2 no longer supported. This platform is too old and too broken. --- ChangeLog | 3 ++- configure.ac | 27 ++------------------------- 2 files changed, 4 insertions(+), 26 deletions(-) (limited to 'configure.ac') diff --git a/ChangeLog b/ChangeLog index bf577514b..cfe5e81b3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,7 @@ [Makefile envpass.sh] regress test for SendEnv config parsing bug; ok dtucker@ - (dtucker) [regress/test-exec.sh] Put SUDO in the right place. + - (tim) [configure.ac] SCO 3.2v4.2 no longer supported. 20050306 - (dtucker) [monitor.c] Bug #125 comment #47: fix errors returned by monitor @@ -2305,4 +2306,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3701 2005/03/07 08:15:06 dtucker Exp $ +$Id: ChangeLog,v 1.3702 2005/03/07 09:21:37 tim Exp $ diff --git a/configure.ac b/configure.ac index b145e127a..e48028b7b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.249 2005/03/07 06:34:46 dtucker Exp $ +# $Id: configure.ac,v 1.250 2005/03/07 09:21:37 tim Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -373,23 +373,7 @@ mips-sony-bsd|mips-sony-newsos4) ;; # SCO UNIX and OEM versions of SCO UNIX *-*-sco3.2v4*) - CPPFLAGS="$CPPFLAGS -Dftruncate=chsize" - LIBS="$LIBS -los -lprot -lcrypt_i -lx -ltinfo -lm" - RANLIB=true - no_dev_ptmx=1 - AC_DEFINE(BROKEN_SYS_TERMIO_H) - AC_DEFINE(USE_PIPES) - AC_DEFINE(HAVE_SECUREWARE) - AC_DEFINE(DISABLE_SHADOW) - AC_DEFINE(BROKEN_SAVED_UIDS) - AC_DEFINE(SETEUID_BREAKS_SETUID) - AC_DEFINE(BROKEN_SETREUID) - AC_DEFINE(BROKEN_SETREGID) - AC_DEFINE(WITH_ABBREV_NO_TTY) - AC_CHECK_FUNCS(getluid setluid) - MANTYPE=man - do_sco3_extra_lib_check=yes - TEST_SHELL=ksh + AC_MSG_ERROR("This Platform is no longer supported.") ;; # SCO OpenServer 5.x *-*-sco3.2v5*) @@ -555,13 +539,6 @@ AC_CHECK_HEADERS(sys/ptms.h, [], [], [ AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) AC_CHECK_FUNC(setsockopt, , AC_CHECK_LIB(socket, setsockopt)) -dnl SCO OS3 needs this for libwrap -if test "x$with_tcp_wrappers" != "xno" ; then - if test "x$do_sco3_extra_lib_check" = "xyes" ; then - AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp -lrpc) - fi -fi - dnl IRIX and Solaris 2.5.1 have dirname() in libgen AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ AC_CHECK_LIB(gen, dirname,[ -- cgit v1.2.3