- (djm) Make PAM support optional, enable with --with-pam

 - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which
   provides a crypt() of its own)
 - (djm) Avoid a warning in bsd-bindresvport.c
 - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
   can cause weird segfaults errors on Solaris

diff --git a/ChangeLog b/ChangeLog
index 4279d956a51ceb4ce9aa2f5ca4d2eca3229ec9c0..18cc5ebfbb6bb3271b0d2ce3a44e5f110758f440 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 20010117
  - (djm) Only write random seed file at exit
+ - (djm) Make PAM support optional, enable with --with-pam
+ - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which 
+   provides a crypt() of its own)
+ - (djm) Avoid a warning in bsd-bindresvport.c
+ - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This
+   can cause weird segfaults errors on Solaris 
 
 20010115
  - (bal) sftp-server.c change to use chmod() if fchmod() does not exist.

diff --git a/acconfig.h b/acconfig.h
index e2c34317d7c11ed98ad6b3c274afe95a8bbf7f4b..439a7ba1cd3fdfcbd0b5e2b0529f0228264dc240 100644 (file)
--- a/acconfig.h
+++ b/acconfig.h
@@ -66,8 +66,8 @@
 /* Define if you are on NEWS-OS */
 #undef HAVE_NEWS4
 
-/* Define if you want to disable PAM support */
-#undef DISABLE_PAM
+/* Define if you want to enable PAM support */
+#undef USE_PAM
 
 /* Define if you want to enable AIX4's authenticate function */
 #undef WITH_AIXAUTHENTICATE

diff --git a/bsd-bindresvport.c b/bsd-bindresvport.c
index 536a5056f83e197fd878668885c3f87075f6aef9..7faf73191b13a355b7b378317aedd3da65b3f6c0 100644 (file)
--- a/bsd-bindresvport.c
+++ b/bsd-bindresvport.c
@@ -88,6 +88,9 @@ bindresvport_af(sd, sa, af)
        if (port == 0)
                port = (arc4random() % NPORTS) + STARTPORT;
 
+       /* Avoid warning */
+       error = -1;
+
        for(i = 0; i < NPORTS; i++) {
                *portp = htons(port);
                

diff --git a/configure.in b/configure.in
index 82cb5d4bd12f96f0014becaa42d33ae90c647183..0dd8c00438b4d99d9f75409f37daa8c958995b34 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -62,12 +62,10 @@ case "$host" in
 *-*-cygwin*)
        LIBS="$LIBS -lregex /usr/lib/textmode.o"
        AC_DEFINE(HAVE_CYGWIN)
-       AC_DEFINE(DISABLE_PAM)
        AC_DEFINE(DISABLE_SHADOW)
        AC_DEFINE(IPV4_DEFAULT)
        AC_DEFINE(IP_TOS_IS_BROKEN)
        AC_DEFINE(BROKEN_VHANGUP)
-       no_pam=1
        no_libsocket=1
        no_libnsl=1
        ;;
@@ -122,6 +120,7 @@ case "$host" in
        ;;
 *-*-linux*)
        no_dev_ptmx=1
+       check_for_libcrypt_later=1
        AC_DEFINE(DONT_TRY_OTHER_AF)
        AC_DEFINE(PAM_TTY_KLUDGE)
        inet6_default_4in6=yes
@@ -368,27 +367,30 @@ fi
 
 AC_FUNC_GETPGRP
 
+# Check for PAM libs
 PAM_MSG="no"
 AC_ARG_WITH(pam,
-       [  --without-pam           Disable PAM support ],
+       [  --with-pam              Enable PAM support ],
        [
-               if test "x$withval" = "xno" ; then
-                       no_pam=1
-                       AC_DEFINE(DISABLE_PAM)
-                       PAM_MSG="disabled"
-               fi
-       ]
-)
-if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; then
-       AC_CHECK_LIB(dl, dlopen, , )
-       LIBS="$LIBS -lpam"
+               if test "x$withval" != "xno" ; then
+                       if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then
+                               AC_MSG_ERROR([PAM headers not found])
+                       fi
 
-       AC_CHECK_FUNCS(pam_getenvlist)
+                       AC_CHECK_LIB(dl, dlopen, , )
+                       AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing]))
+                       AC_CHECK_FUNCS(pam_getenvlist)
 
-       disable_shadow=yes
+                       disable_shadow=yes
+                       PAM_MSG="yes"
 
-       PAM_MSG="yes"
+                       AC_DEFINE(USE_PAM)
+               fi
+       ]
+)
 
+# Check for older PAM
+if test "x$PAM_MSG" = "xyes" ; then
        # Check PAM strerror arguments (old PAM)
        AC_MSG_CHECKING([whether pam_strerror takes only one argument])
        AC_TRY_COMPILE(
@@ -403,7 +405,7 @@ if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; t
                        AC_MSG_RESULT(yes)
                        PAM_MSG="yes (old library)"
                ]
-       ) 
+       )
 fi
 
 # The big search for OpenSSL
@@ -425,7 +427,7 @@ fi
 AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [
 
        for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
-               if test ! -z "$ssldir" ; then
+               if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
                        LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir"
                        CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include"
                        if test ! -z "$need_dash_r" ; then
@@ -476,13 +478,16 @@ if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ;
        AC_DEFINE(HAVE_OPENSSL)
        dnl Need to recover ssldir - test above runs in subshell
        ssldir=$ac_cv_openssldir
-       CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include"
-       LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir"
-       if test ! -z "$need_dash_r" ; then
-               LDFLAGS="$LDFLAGS -R$ssldir/lib -R$ssldir"
-       fi
-       if test ! -z "$blibpath" ; then
-               blibpath="$blibpath:$ssldir:$ssldir/lib"
+
+       if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then
+               CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include"
+               LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir"
+               if test ! -z "$need_dash_r" ; then
+                       LDFLAGS="$LDFLAGS -R$ssldir/lib -R$ssldir"
+               fi
+               if test ! -z "$blibpath" ; then
+                       blibpath="$blibpath:$ssldir:$ssldir/lib"
+               fi
        fi
 fi
 LIBS="$saved_LIBS -lcrypto"
@@ -537,6 +542,12 @@ else
        fi
 fi
 
+# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the 
+# version in OpenSSL. Skip this for PAM
+if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then
+       AC_CHECK_LIB(crypt, crypt, , )
+fi
+
 # Cheap hack to ensure NEWS-OS libraries are arranged right.
 if test ! -z "$SONY" ; then
   LIBS="$LIBS -liberty";

diff --git a/defines.h b/defines.h
index 79aab5ab6149daef97dd0af91f68cecbdfcad956..26c532c92db296166ad7f70c10d3fa4fd373d480 100644 (file)
--- a/defines.h
+++ b/defines.h
@@ -332,10 +332,6 @@ struct winsize {
 # define __attribute__(x)
 #endif /* !defined(__GNUC__) || (__GNUC__ < 2) */
 
-#if defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM)
-# define USE_PAM
-#endif /* defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM) */
-
 #ifndef SUN_LEN
 #define SUN_LEN(su) \
         (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))