Dan Brosemer <odin@linuxfreak.com> - Autoconf support, build fixes
Darren Hall <dhall@virage.org> - AIX patches
David Agraz <dagraz@jahoopa.com> - Build fixes
-David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, NetBSD fixes
+David Rankin <drankin@bohemians.lexington.ky.us> - libwrap, AIX, NetBSD fixes
Gary E. Miller <gem@rellim.com> - SCO support
Holger Trapp <Holger.Trapp@Informatik.TU-Chemnitz.DE> - KRB4/AFS config patch
Jani Hakala <jahakala@cc.jyu.fi> - Patches
Kees Cook <cook@cpoint.net> - scp fixes
Kiyokazu SUTO <suto@ks-and-ks.ne.jp> - Bugfixes
Marc G. Fournier <marc.fournier@acadiau.ca> - Solaris patches
+Matt Richards <v2matt@btv.ibm.com> - AIX patches
Nalin Dahyabhai <nalin.dahyabhai@pobox.com> - PAM environment patch
Niels Kristian Bech Jensen <nkbj@image.dk> - Assorted patches
Peter Kocks <peter.kocks@baygate.com> - Makefile fixes
- OpenBSD CVS:
- [packet.c]
getsockname() requires initialized tolen; andy@guildsoftware.com
+ - AIX patch from Matt Richards <v2matt@btv.ibm.com> and David Rankin
+ <drankin@bohemians.lexington.ky.us>
20000122
- Fix compilation of bsd-snprintf.c on Solaris, fix from Ben Taylor
/* Define if you want to disable PAM support */
#undef DISABLE_PAM
+/* Define if you want to disable AIX4's authenticate function */
+#undef WITH_AIXAUTHENTICATE
+
/* Define if you want to disable lastlog support */
#undef DISABLE_LASTLOG
/* Define if using the Dante SOCKS library. */
#undef HAVE_DANTE
+/* Define if using the Socks4 SOCKS library. */
+#undef HAVE_SOCKS4
+
+/* Define if using the Socks5 SOCKS library. */
+#undef HAVE_SOCKS5
+
/* Define if you want to install preformatted manpages.*/
#undef MANTYPE
#include "servconf.h"
#include "xmalloc.h"
+#ifdef WITH_AIXAUTHENTICATE
+#include <login.h>
+#endif
+
#ifdef HAVE_SHADOW_H
# include <shadow.h>
#endif
#ifdef HAVE_SHADOW_H
struct spwd *spw;
#endif
+#ifdef WITH_AIXAUTHENTICATE
+ char *authmsg;
+ char *loginmsg;
+ int reenter = 1;
+#endif
/* deny if no user. */
if (pw == NULL)
/* Fall back to ordinary passwd authentication. */
}
#endif
+
+#ifdef WITH_AIXAUTHENTICATE
+ return (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0);
+#endif
+
#ifdef KRB4
if (options.kerberos_authentication == 1) {
int ret = auth_krb4_password(pw, password);
#include <sys/socket.h>
#include <sys/un.h>
#include <fcntl.h>
+#ifdef HAVE_STDDEF_H
+#include <stddef.h>
+#endif
#include "xmalloc.h"
#include "ssh.h"
#include "ssh.h"
#include "cipher.h"
+#include "config.h"
#ifdef HAVE_OPENSSL
#include <openssl/md5.h>
AC_ARG_WITH(dante,
[ --with-dante=DIR Use Dante SOCKS lib (default is system library path)],
[
- AC_DEFINE(HAVE_DANTE)
+ SAVELIBS="$LIBS"
+ SOCKSLIBS=""
+ SOCKSLIBPATH=""
if test "x$withval" != "xno" ; then
if test -n $withval ; then
LIBS="$LIBS -L$withval"
+ SOCKSLIBPATH="-L$withval"
fi
- LIBS="$LIBS -lsocks"
+ AC_CHECK_LIB(socks, Rconnect, AC_DEFINE(HAVE_DANTE) SOCKSLIBS="$SOCKSLIBPATH -lsocks")
fi
+ LIBS="$SAVELIBS $SOCKSLIBS"
+ ]
+)
+
+dnl Compile with SOCKS4 SOCKS library
+AC_ARG_WITH(socks4,
+ [ --with-socks4=DIR Use Socks4 SOCKS lib (default is system library path)],
+ [
+ SAVELIBS="$LIBS"
+ SOCKSLIBS=""
+ SOCKSLIBPATH=""
+ if test "x$withval" != "xno" ; then
+ if test -n $withval ; then
+ LIBS="$LIBS -L$withval"
+ SOCKSLIBPATH="-L$withval"
+ fi
+ AC_CHECK_LIB(socks, Rconnect, AC_DEFINE(HAVE_SOCKS4) SOCKSLIBS="$SOCKSLIBPATH -lsocks")
+ fi
+ LIBS="$SAVELIBS $SOCKSLIBS"
+ ]
+)
+
+dnl Compile with SOCKS5 SOCKS library
+AC_ARG_WITH(socks5,
+ [ --with-socks5=DIR Use Socks5 SOCKS lib (default is system library path)],
+ [
+ SAVELIBS="$LIBS"
+ SOCKSLIBS=""
+ SOCKSLIBPATH=""
+ if test "x$withval" != "xno" ; then
+ if test -n $withval ; then
+ LIBS="$LIBS -L$withval"
+ SOCKSLIBPATH="-L$withval"
+ fi
+ AC_CHECK_LIB(socks5, SOCKSconnect, AC_DEFINE(HAVE_SOCKS5) SOCKSLIBS="$SOCKSLIBPATH -lsocks5")
+ fi
+ LIBS="$SAVELIBS $SOCKSLIBS"
]
)
AC_ARG_WITH(catman,
/* Save our own name. */
av0 = av[0];
+#ifdef SOCKS
+ SOCKSinit(av0);
+#endif /* SOCKS */
+
/* Initialize option structure to indicate that no values have been set. */
initialize_options(&options);
#include "auth-pam.h"
#endif /* USE_PAM */
-#ifdef HAVE_DANTE
+#if defined(HAVE_DANTE) || defined(HAVE_SOCKS4)
/*
* The following defines map the normal socket operations to SOCKSified
* versions coming from the Dante SOCKS package.
size_t, int, const struct sockaddr *, socklen_t);
ssize_t Rwrite(int , const void *, size_t );
ssize_t Rwritev(int , const struct iovec *, int );
-#endif /* HAVE_DANTE */
+#endif /* HAVE_DANTE || HAVE_SOCKS4 */
+#if defined(HAVE_SOCKS5)
+/*
+ * The following defines map the normal socket operations to SOCKSified
+ * versions coming from the SOCKS package.
+ */
+#define accept SOCKSaccept
+#define bind SOCKSbind
+#define bindresvport SOCKSbindresvport
+#define connect SOCKSconnect
+#define gethostbyname SOCKSgethostbyname
+#define gethostbyname2 SOCKSgethostbyname2
+#define getpeername SOCKSgetpeername
+#define getsockname SOCKSgetsockname
+#define read SOCKSread
+#define readv SOCKSreadv
+#define recv SOCKSrecv
+#define recvmsg SOCKSrecvmsg
+#define recvfrom SOCKSrecvfrom
+#define rresvport SOCKSrresvport
+#define send SOCKSsend
+#define sendmsg SOCKSsendmsg
+#define sendto SOCKSsendto
+#define write SOCKSwrite
+#define writev SOCKSwritev
+int SOCKSaccept (int, struct sockaddr *, socklen_t *);
+int SOCKSbind (int, const struct sockaddr *, socklen_t);
+int SOCKSbindresvport(int , struct sockaddr_in *);
+int SOCKSconnect (int, const struct sockaddr *, socklen_t);
+struct hostent *SOCKSgethostbyname(const char *);
+struct hostent *SOCKSgethostbyname2(const char *, int);
+int SOCKSgetpeername (int, struct sockaddr *, socklen_t *);
+int SOCKSgetsockname (int, struct sockaddr *, socklen_t *);
+ssize_t SOCKSread(int , void *, size_t );
+ssize_t SOCKSreadv(int d, const struct iovec *iov, int iovcnt);
+ssize_t SOCKSrecv (int, void *, size_t, int);
+ssize_t SOCKSrecvfrom (int, void *, size_t, int, struct sockaddr *,
+ socklen_t *);
+ssize_t SOCKSsend (int, const void *, size_t, int);
+ssize_t SOCKSsendmsg (int, const struct msghdr *, int);
+ssize_t SOCKSsendto (int, const void *,
+ size_t, int, const struct sockaddr *, socklen_t);
+ssize_t SOCKSwrite(int , const void *, size_t );
+ssize_t SOCKSwritev(int , const struct iovec *, int );
+#endif /* SOCKS5 */
+
+#if defined(DANTE) || defined(SOCKS4) || defined(SOCKS5)
+#define SOCKS
+#endif /* defined(DANTE) || defined(SOCKS4) || defined(SOCKS5) */
#endif /* SSH_H */
{
struct group *grp;
int i;
+#ifdef WITH_AIXAUTHENTICATE
+ char *loginmsg;
+#endif /* WITH_AIXAUTHENTICATE */
/* Shouldn't be called if pw is NULL, but better safe than sorry... */
if (!pw)
return 0;
}
}
+
+#ifdef WITH_AIXAUTHENTICATE
+ if (loginrestrictions(pw->pw_name,S_LOGIN,NULL,&loginmsg) != 0)
+ return 0;
+#endif /* WITH_AIXAUTHENTICATE */
+
/* We found no reason not to let this user try to log on... */
return 1;
}
setproctitle("%s", user);
+#ifdef WITH_AIXAUTHENTICATE
+ char *loginmsg;
+#endif /* WITH_AIXAUTHENTICATE */
+
#ifdef AFS
/* If machine has AFS, set process authentication group. */
if (k_hasafs()) {
get_canonical_hostname());
}
/* The user has been authenticated and accepted. */
+#ifdef WITH_AIXAUTHENTICATE
+ loginsuccess(user,get_canonical_hostname(),"ssh",&loginmsg);
+#endif /* WITH_AIXAUTHENTICATE */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
if (authenticated) {
#ifdef USE_PAM
- if (!do_pam_account(pw->pw_name, client_user))
- {
+ if (!do_pam_account(pw->pw_name, client_user)) {
if (client_user != NULL)
xfree(client_user);
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
+#ifdef WITH_AIXAUTHENTICATE
+ if (strncmp(get_authname(type),"password",
+ strlen(get_authname(type))) == 0)
+ loginfailed(pw->pw_name,get_canonical_hostname(),"ssh");
+#endif /* WITH_AIXAUTHENTICATE */
}
/* NOTREACHED */
abort();
if (display)
child_set_env(&env, &envsize, "DISPLAY", display);
+#ifdef _AIX
+ {
+ char *authstate,*krb5cc;
+
+ if ((authstate = getenv("AUTHSTATE")) != NULL)
+ child_set_env(&env,&envsize,"AUTHSTATE",authstate);
+
+ if ((krb5cc = getenv("KRB5CCNAME")) != NULL)
+ child_set_env(&env,&envsize,"KRB5CCNAME",krb5cc);
+ }
+#endif
+
#ifdef KRB4
{
extern char *ticket;
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_get_socket_name());
+ read_environment_file(&env,&envsize,"/etc/environment");
+
/* read $HOME/.ssh/environment. */
if (!options.use_login) {
snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);