Pekka Savola <pekkas@netcore.fi> - Bugfixes
Peter Kocks <peter.kocks@baygate.com> - Makefile fixes
Phil Hands <phil@hands.com> - Debian scripts, assorted patches
-Phil Karn <karn@ka9q.ampr.org> - Autoconf fix
+Phil Karn <karn@ka9q.ampr.org> - Autoconf fixes
Phill Camp <P.S.S.Camp@ukc.ac.uk> - login code fix
Rip Loomis <loomisg@cist.saic.com> - Solaris package support, fixes
SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - Multiple bugfixes
Simon Wilkinson <sxw@dcs.ed.ac.uk> - PAM fixes
Svante Signell <svante.signell@telia.com> - Bugfixes
Thomas Neumann <tom@smart.ruhr.de> - Shadow passwords
+Tim Rice <tim@multitalents.net> - Portability & SCO fixes
Tom Bertelson's <tbert@abac.com> - AIX auth fixes
Tor-Ake Fransson <torake@hotmail.com> - AIX support
Tudor Bosman <tudorb@jm.nu> - MD5 password support
<peak@argo.troja.mff.cuni.cz>
- (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
tidy necessary differences. Use Markus' new debugN() in entropy.c
+ - (djm) Merged big SCO portability patch from Tim Rice
+ <tim@multitalents.net>
20000926
- (djm) Update X11-askpass to 1.0.2 in RPM spec file
CC=@CC@
LD=@LD@
PATHS=-DETCDIR=\"$(sysconfdir)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DSSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\"
-CFLAGS=@CFLAGS@ -I. -I$(srcdir) $(PATHS) @DEFS@
+CFLAGS=@CFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
AR=@AR@
RANLIB=@RANLIB@
ENT=@ENT@
LDFLAGS=-L. @LDFLAGS@
EXEEXT=@EXEEXT@
+SSH_MODE= @SSHMODE@
INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
install: manpages $(TARGETS) install-files host-key
install-files:
- ./mkinstalldirs $(DESTDIR)$(bindir)
- ./mkinstalldirs $(DESTDIR)$(sbindir)
- ./mkinstalldirs $(DESTDIR)$(mandir)
- ./mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
- ./mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
- ./mkinstalldirs $(DESTDIR)$(libexecdir)
- $(INSTALL) -m 4755 -s ssh $(DESTDIR)$(bindir)/ssh
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
+ $(INSTALL) -m $(SSH_MODE) -s ssh $(DESTDIR)$(bindir)/ssh
$(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
$(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
$(INSTALL) -m 0755 -s ssh-agent $(DESTDIR)$(bindir)/ssh-agent
ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+ @FILEPRIV@ -f dev,filesys,driver $(DESTDIR)$(bindir)/ssh $(DESTDIR)$(bindir)/slogin
if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config -a ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \
- ./mkinstalldirs $(DESTDIR)$(sysconfdir); \
+ $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \
$(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \
$(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \
fi
if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
- $(PERL) fixprogs ssh_prng_cmds $(ENT); \
+ $(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
$(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
fi
if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \
echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \
else \
- ./ssh-keygen -b 1024 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" ; \
+ $(srcdir)/ssh-keygen -b 1024 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" ; \
fi ; \
if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key ] ; then \
echo "$(DESTDIR)$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \
else \
- ./ssh-keygen -d -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ; \
+ $(srcdir)/ssh-keygen -d -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ; \
fi ; \
fi ;
host-key-force: ssh-keygen$(EXEEXT)
- ./ssh-keygen -b 1024 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""
- ./ssh-keygen -d -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
+ $(srcdir)/ssh-keygen -b 1024 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""
+ $(srcdir)/ssh-keygen -d -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
uninstallall: uninstall
-rm -f $(DESTDIR)$(sysconfdir)/ssh_config
@TOP@
+/* SCO workaround */
+#undef BROKEN_SYS_TERMIO_H
+
+/* Define if you have SCO protected password database */
+#undef HAVE_SCO_PROTECTED_PW
+
/* If your header files don't define LOGIN_PROGRAM, then use this (detected) */
/* from environment and PATH */
#undef LOGIN_PROGRAM_FALLBACK
# include <hpsecurity.h>
# include <prot.h>
#endif
+#ifdef HAVE_SCO_PROTECTED_PW
+# include <sys/security.h>
+# include <sys/audit.h>
+# include <prot.h>
+#endif /* HAVE_SCO_PROTECTED_PW */
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
# include <shadow.h>
#endif
#ifdef __hpux
struct pr_passwd *spw;
#endif
+#ifdef HAVE_SCO_PROTECTED_PW
+ struct pr_passwd *spw;
+#endif /* HAVE_SCO_PROTECTED_PW */
#if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
struct spwd *spw;
#endif
if (spw != NULL)
pw_password = spw->sp_pwdp;
#endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+
+#ifdef HAVE_SCO_PROTECTED_PW
+ spw = getprpwnam(pw->pw_name);
+ if (spw != NULL)
+ pw_password = spw->ufld.fd_encrypt;
+#endif /* HAVE_SCO_PROTECTED_PW */
+
#if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
pw_password = spw->pwa_passwd;
#endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
+
#if defined(__hpux)
if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
pw_password = spw->ufld.fd_encrypt;
strerror(errno));
buffer_free(&encrypted);
close(fd);
- remove(filename);
+ unlink(filename);
return 0;
}
close(fd);
switch (channels[i].type) {
case SSH_CHANNEL_AUTH_SOCKET:
close(channels[i].sock);
- remove(channels[i].path);
+ unlink(channels[i].path);
channel_free(i);
break;
case SSH_CHANNEL_PORT_LISTENER:
void
cleanup_socket(void)
{
- remove(channel_forwarded_auth_socket_name);
+ unlink(channel_forwarded_auth_socket_name);
rmdir(channel_forwarded_auth_socket_dir);
}
AC_SUBST(PERL)
AC_PATH_PROG(ENT, ent)
AC_SUBST(ENT)
+AC_PATH_PROGS(FILEPRIV, filepriv, true, /sbin:/usr/sbin)
# Use LOGIN_PROGRAM from environment if possible
if test ! -z "$LOGIN_PROGRAM" ; then
CFLAGS="$CFLAGS -Wall"
fi
+CFLAGS="$CFLAGS -I. -I${srcdir-.}"
+
# Check for some target-specific stuff
case "$host" in
*-*-aix*)
mansubdir=cat
LIBS="$LIBS -lgen -lnsl -lucb"
;;
+*-*-sysv4.2*)
+ CFLAGS="$CFLAGS -I/usr/local/include"
+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ MANTYPE='$(CATMAN)'
+ mansubdir=cat
+ LIBS="$LIBS -lgen -lsocket -lnsl -lresolv"
+ enable_suid_ssh=no
+ ;;
+*-*-sysv5*)
+ CFLAGS="$CFLAGS -I/usr/local/include"
+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ MANTYPE='$(CATMAN)'
+ mansubdir=cat
+ LIBS="$LIBS -lgen -lsocket"
+ enable_suid_ssh=no
+ ;;
*-*-sysv*)
CFLAGS="$CFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
mansubdir=cat
LIBS="$LIBS -lgen -lsocket"
;;
-*-*-sco3*)
+*-*-sco3.2v4*)
AC_DEFINE(USE_PIPES)
+ CFLAGS="$CFLAGS -Dftruncate=chsize -I/usr/local/include"
+ LDFLAGS="$LDFLAGS -L/usr/local/lib"
+ MANTYPE='$(CATMAN)'
+ mansubdir=cat
+ LIBS="$LIBS -lgen -lsocket -los -lprot -lx"
+ no_dev_ptmx=1
+ RANLIB=true
+ AC_DEFINE(BROKEN_SYS_TERMIO_H)
+ rsh_path="/usr/bin/rcmd"
+ AC_DEFINE(HAVE_SCO_PROTECTED_PW)
+ ;;
+*-*-sco3.2v5*)
CFLAGS="$CFLAGS -I/usr/local/include"
LDFLAGS="$LDFLAGS -L/usr/local/lib"
MANTYPE='$(CATMAN)'
mansubdir=cat
- LIBS="$LIBS -lgen -lsocket"
+ LIBS="$LIBS -lgen -lsocket -lprot -lx"
no_dev_ptmx=1
+ rsh_path="/usr/bin/rcmd"
+ AC_DEFINE(HAVE_SCO_PROTECTED_PW)
;;
*-dec-osf*)
# This is untested
fi
# Checks for header files.
-AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h stddef.h time.h ttyent.h usersec.h util.h utmp.h utmpx.h)
+AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h utmp.h utmpx.h)
dnl Checks for library functions.
-AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock freeaddrinfo futimes gai_strerror getaddrinfo getnameinfo getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty rresvport_af setenv seteuid setlogin setproctitle setreuid sigaction sigvec snprintf strerror strlcat strlcpy strsep strtok_r vsnprintf vhangup _getpty __b64_ntop)
+AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock fchmod freeaddrinfo futimes gai_strerror getaddrinfo getnameinfo getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty rresvport_af setenv seteuid setlogin setproctitle setreuid setrlimit sigaction sigvec snprintf strerror strlcat strlcpy strsep strtok_r vsnprintf vhangup _getpty __b64_ntop)
dnl Checks for time functions
AC_CHECK_FUNCS(gettimeofday time)
dnl Checks for libutil functions
],
[ sa_family_t foo; foo = 1235; ],
[ ac_cv_have_sa_family_t="yes" ],
+ [ AC_TRY_COMPILE(
+ [
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+ ],
+ [ sa_family_t foo; foo = 1235; ],
+ [ ac_cv_have_sa_family_t="yes" ],
+
[ ac_cv_have_sa_family_t="no" ]
+ )]
)
])
if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
AC_DEFINE(HAVE_STRUCT_ADDRINFO)
fi
-
-# Checks for structure members
-
+dnl Checks for structure members
OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
+AC_STRUCT_ST_BLKSIZE
AC_CACHE_CHECK([for sun_len field in struct sockaddr_un],
ac_cv_have_sun_len_in_struct_sockaddr_un, [
fi
],
[
- AC_PATH_PROG(xauth_path, xauth)
+ AC_PATH_PROG(xauth_path, xauth,,$PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin)
if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
xauth_path="/usr/openwin/bin/xauth"
fi
[ --with-default-path=PATH Specify default \$PATH environment for server],
[
if test "x$withval" != "xno" ; then
- AC_DEFINE_UNQUOTED(USER_PATH, "$withval")
+ user_path="$withval"
SERVER_PATH_MSG="$withval"
fi
]
]
)
+AC_MSG_CHECKING(whether to install ssh as suid root)
+AC_ARG_ENABLE(suid-ssh,
+[ --enable-suid-ssh Install ssh as suid root (default)
+ --disable-suid-ssh Install ssh without suid bit],
+[ case "$enableval" in
+ no)
+ AC_MSG_RESULT(no)
+ SSHMODE=0711
+ ;;
+ *) AC_MSG_RESULT(yes)
+ SSHMODE=04711
+ ;;
+ esac ],
+ AC_MSG_RESULT(yes)
+ SSHMODE=04711
+)
+AC_SUBST(SSHMODE)
+
+
# Where to place sshd.pid
piddir=/var/run
AC_ARG_WITH(pid-dir,
]
)
+# make sure the directory exists
+if test ! -d $piddir ; then
+ piddir=`eval echo ${sysconfdir}`
+ case $piddir in
+ NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
+ esac
+fi
+
AC_DEFINE_UNQUOTED(PIDDIR, "$piddir")
AC_SUBST(piddir)
#include <sys/types.h> /* For [u]intxx_t */
#include <sys/socket.h> /* For SHUT_XXXX */
#include <sys/param.h> /* For MAXPATHLEN */
-#include <sys/un.h> /* For SUN_LEN */
#include <netinet/in_systm.h> /* For typedefs */
#include <netinet/in.h> /* For IPv6 macros */
#include <netinet/ip.h> /* For IPTOS macros */
+#ifdef HAVE_SYS_UN_H
+# include <sys/un.h> /* For SUN_LEN */
+#endif
#ifdef HAVE_SYS_BITYPES_H
# include <sys/bitypes.h> /* For u_intXX_t */
#endif
#endif
#include <unistd.h> /* For STDIN_FILENO, etc */
+#include <termios.h> /* Struct winsize */
/* Constants */
# define ss_family __ss_family
#endif /* !defined(HAVE_SS_FAMILY_IN_SS) && defined(HAVE_SA_FAMILY_IN_SS) */
+#ifndef HAVE_SYS_UN_H
+struct sockaddr_un {
+ short sun_family; /* AF_UNIX */
+ char sun_path[108]; /* path name (gag) */
+};
+#endif /* HAVE_SYS_UN_H */
+
+#if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE)
+#define _STRUCT_WINSIZE
+struct winsize {
+ unsigned short ws_row; /* rows, in characters */
+ unsigned short ws_col; /* columns, in character */
+ unsigned short ws_xpixel; /* horizontal size, pixels */
+ unsigned short ws_ypixel; /* vertical size, pixels */
+};
+#endif
+
/* Paths */
#ifndef _PATH_BSHELL
#include <errno.h>
#include <fcntl.h>
#include <signal.h>
-#include <termios.h>
#include <stdlib.h>
#include <string.h>
#include <stdarg.h>
#include "ssh.h"
#include "xmalloc.h"
+#ifndef _PATH_CP
#define _PATH_CP "cp"
+#endif
/* For progressmeter() -- number of seconds before xfer considered "stalled" */
#define STALLTIME 5
#endif
if (pflag) {
if (exists || omode != mode)
+#ifdef HAVE_FCHMOD
if (fchmod(ofd, omode))
+#else /* HAVE_FCHMOD */
+ if (chmod(np, omode))
+#endif /* HAVE_FCHMOD */
run_err("%s: set mode: %s",
np, strerror(errno));
} else {
if (!exists && omode != mode)
+#ifdef HAVE_FCHMOD
if (fchmod(ofd, omode & ~mask))
+#else /* HAVE_FCHMOD */
+ if (chmod(np, omode & ~mask))
+#endif /* HAVE_FCHMOD */
run_err("%s: set mode: %s",
np, strerror(errno));
}
int fd, blksize;
{
size_t size;
+#ifdef HAVE_ST_BLKSIZE
struct stat stb;
if (fstat(fd, &stb) < 0) {
else
size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
stb.st_blksize;
+#else /* HAVE_ST_BLKSIZE */
+ size = blksize;
+#endif /* HAVE_ST_BLKSIZE */
if (bp->cnt >= size)
return (bp);
if (bp->buf == NULL)
void
cleanup_socket(void)
{
- remove(socket_name);
+ unlink(socket_name);
rmdir(socket_dir);
}
original_real_uid = getuid();
original_effective_uid = geteuid();
-#ifndef HAVE_CYGWIN
+#if !defined(HAVE_SETRLIMIT) || !defined(HAVE_CYGWIN)
/* If we are installed setuid root be careful to not drop core. */
if (original_real_uid != original_effective_uid) {
struct rlimit rlim;
}
}
+#ifdef HAVE_SCO_PROTECTED_PW
+ (void) set_auth_parameters(ac, av);
+#endif
+
/* Initialize the log (it is reinitialized below in case we forked). */
if (debug_flag && !inetd_flag)
log_stderr = 1;
andersk / openssh.git / commitdiff
