- Removed most of the pam code into its own file auth-pam.[ch]. This
cleaned up sshd.c up significantly.
- Several other cleanups
+ - Merged Dante SOCKS support patch from David Rankin
+ <drankin@bohemians.lexington.ky.us>
+ - Updated documentation with ./configure options
19991229
- Applied another NetBSD portability patch from David Rankin
PAM:
http://www.kernel.org/pub/linux/libs/pam/
+Dante:
+http://www.inet.no/dante
+
+OpenSSH can also use the Dante SOCKS libraries, version 1.1.1pre1 or higher,
+if you have them installed on your system.
+
If you wish to build the GNOME passphrase requester, you will need the GNOME
libraries and headers.
There are a few other options to the configure script:
+--with-rsh=PATH allows you to specify the path to your rsh program.
+Normally ./configure will search the current $PATH for 'rsh'. You
+may need to specify this option if rsh is not in your path or has a
+different name.
+
+--without-pam will disable PAM support. PAM is automatically detected
+and switched on if found.
+
--enable-gnome-askpass will build the GNOME passphrase dialog. You
need a working installation of GNOME, including the development
headers, for this to work.
similar). The file argument refers to the EGD pool file, not the
EGD program itself. Please refer to the EGD documentation.
+--with-lastlog=FILE will specify the location of the lastlog file.
+./configure searches a few locations for lastlog, but may not find
+it if lastlog is installed in a different place.
+
+--without-lastlog will disable lastlog support entirely.
+
--with-kerberos4 will enable Kerberos IV support. You will need to
have the Kerberos libraries and header files installed for this to
work.
--with-md5-passwords will enable the use of MD5 passwords. Enable this
if your operating system uses MD5 passwords without using PAM.
+--with-utmpx enables utmpx support. utmpx support is automatic for
+some platforms.
+
+--without-shadow disables shadow password support.
+
+--with-ipaddr-display forces the use of a numeric IP address in the
+$DISPLAY environment variable. Some broken systems need this.
+
+--with-default-path=PATH allows you to specify a default $PATH for sessions
+started by sshd.
+
+--with-dante[=DIR] will enable Dante SOCKS library support. If the Dante
+libsocks library isn't installed in a library searched by the compiler,
+add the directory name as the option.
+
If you need to pass special options to the compiler or linker, you
can specify these as enviornment variables before running ./configure.
For example:
for OpenBSD library functions that are (regrettably) absent from
other unices. This port has been best tested on Linux, Solaris and
HPUX, though support for AIX and Irix is underway. This version
-actively tracks changes in the OpenBSD CVS repository.
+actively tracks changes in the OpenBSD CVS repository. This port
+also has optional support for using the Dante SOCKS library[6],
+version 1.1.1pre1 or later.
The PAM support is now more functional than the popular packages of
commercial ssh-1.2.x. It checks "account" and "session" modules for
bsd-*.[ch] is from the OpenBSD project and has its own license (again,
see the source files for details).
-OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4]. To build
-the GNOME[5] pass-phrase requester (--with-gnome-askpass), you will
-need the GNOME libraries installed. If you are building OpenSSH on a
-Unix which lacks a kernel random number pool (/dev/random), you will
-need to install EGD[1].
+OpenSSH depends on Zlib[2], OpenSSL[3] and optionally PAM[4] and
+Dante[6]. To build the GNOME[5] pass-phrase requester
+(--with-gnome-askpass), you will need the GNOME libraries installed.
+If you are building OpenSSH on a Unix which lacks a kernel random
+number pool (/dev/random), you will need to install EGD[1].
There is now a mailing list for this port of OpenSSH. To
subscribe, send a message consisting of the word 'SUBSCRIBE' to
[3] http://www.openssl.org/
[4] http://www.kernel.org/pub/linux/libs/pam/ (PAM is standard on Solaris)
[5] http://www.gnome.org/
+[6] http://www.inet.no/dante
/* Are we using the Entropy gathering daemon */
#undef HAVE_EGD
+/* Define if using the Dante SOCKS library. */
+#undef HAVE_DANTE
+
/* Define if your ssl headers are included with #include <ssl/header.h> */
#undef HAVE_SSL
AC_ARG_WITH(rsh,
[ --with-rsh=PATH Specify path to remote shell program ],
[
- AC_DEFINE_UNQUOTED(RSH_PATH, "$withval")
+ if test "x$withval" != "$xno" ; then
+ AC_DEFINE_UNQUOTED(RSH_PATH, "$withval")
+ fi
],
[
AC_PATH_PROG(rsh_path, rsh)
AC_DEFINE(DISABLE_LASTLOG)
fi
+dnl Compile with dante SOCKS library
+AC_ARG_WITH(dante,
+ [ --with-dante=DIR Use Dante SOCKS lib (default is system library path)],
+ [
+ AC_DEFINE(HAVE_DANTE)
+ if test "x$withval" != "xno" ; then
+ if test -n $withval ; then
+ LIBS="$LIBS -L$withval"
+ fi
+ LIBS="$LIBS -lsocks"
+ fi
+ ]
+)
+
AC_CHECK_FILE("/dev/ptmx", AC_DEFINE_UNQUOTED(HAVE_DEV_PTMX))
AC_CHECK_FILE("/dev/ptc", AC_DEFINE_UNQUOTED(HAVE_DEV_PTS_AND_PTC))
AC_ARG_WITH(kerberos4,
[ --with-kerberos4 Enable Kerberos 4 support],
[
- AC_DEFINE(KRB4)
- LIBS="$LIBS -lkrb"
- CFLAGS="$CFLAGS -I/usr/include/kerberosIV"
+ if test "x$withval" != "$xno" ; then
+ AC_DEFINE(KRB4)
+ LIBS="$LIBS -lkrb"
+ CFLAGS="$CFLAGS -I/usr/include/kerberosIV"
+ fi
]
)
AC_ARG_WITH(afs,
[ --with-afs Enable AFS support],
[
- AC_DEFINE(AFS)
- LIBS="$LIBS -lkafs"
+ if test "x$withval" != "$xno" ; then
+ AC_DEFINE(AFS)
+ LIBS="$LIBS -lkafs"
+ fi
]
)
AC_ARG_WITH(skey,
[ --with-skey Enable S/Key support],
[
- AC_DEFINE(SKEY)
- LIBS="$LIBS -lskey"
+ if test "x$withval" != "$xno" ; then
+ AC_DEFINE(SKEY)
+ LIBS="$LIBS -lskey"
+ fi
]
)
AC_ARG_WITH(tcp-wrappers,
[ --with-tcp-wrappers Enable tcpwrappers support],
[
- AC_DEFINE(LIBWRAP)
- LIBWRAP="-lwrap"
+ if test "x$withval" != "$xno" ; then
+ AC_DEFINE(LIBWRAP)
+ LIBWRAP="-lwrap"
+ fi
]
)
AC_SUBST(LIBWRAP)
dnl Check whether to enable MD5 passwords
AC_ARG_WITH(md5-passwords,
[ --with-md5-passwords Enable use of MD5 passwords],
- [AC_DEFINE(HAVE_MD5_PASSWORDS)]
+ [
+ if test "x$withval" != "$xno" ; then
+ AC_DEFINE(HAVE_MD5_PASSWORDS)
+ fi
+ ]
)
dnl Check whether to enable utmpx support
#include "auth-pam.h"
#endif /* USE_PAM */
+#ifdef HAVE_DANTE
+/*
+ * The following defines map the normal socket operations to SOCKSified
+ * versions coming from the Dante SOCKS package.
+ */
+#define accept Raccept
+#define bind Rbind
+#define bindresvport Rbindresvport
+#define connect Rconnect
+#define gethostbyname Rgethostbyname
+#define gethostbyname2 Rgethostbyname2
+#define getpeername Rgetpeername
+#define getsockname Rgetsockname
+#define read Rread
+#define readv Rreadv
+#define recv Rrecv
+#define recvmsg Rrecvmsg
+#define recvfrom Rrecvfrom
+#define rresvport Rrresvport
+#define send Rsend
+#define sendmsg Rsendmsg
+#define sendto Rsendto
+#define write Rwrite
+#define writev Rwritev
+int Raccept (int, struct sockaddr *, socklen_t *);
+int Rbind (int, const struct sockaddr *, socklen_t);
+int Rbindresvport(int , struct sockaddr_in *);
+int Rconnect (int, const struct sockaddr *, socklen_t);
+struct hostent *Rgethostbyname(const char *);
+struct hostent *Rgethostbyname2(const char *, int);
+int Rgetpeername (int, struct sockaddr *, socklen_t *);
+int Rgetsockname (int, struct sockaddr *, socklen_t *);
+ssize_t Rread(int , void *, size_t );
+ssize_t Rreadv(int d, const struct iovec *iov, int iovcnt);
+ssize_t Rrecv (int, void *, size_t, int);
+ssize_t Rrecvfrom (int, void *, size_t, int, struct sockaddr *,
+ socklen_t *);
+ssize_t Rsend (int, const void *, size_t, int);
+ssize_t Rsendmsg (int, const struct msghdr *, int);
+ssize_t Rsendto (int, const void *,
+ size_t, int, const struct sockaddr *, socklen_t);
+ssize_t Rwrite(int , const void *, size_t );
+ssize_t Rwritev(int , const struct iovec *, int );
+#endif /* HAVE_DANTE */
+
#endif /* SSH_H */