19991226

 - Enabled utmpx support by default for Solaris
 - Cleanup sshd.c PAM a little more

19991225
 - Merged fixes from Ben Taylor <bent@clark.net>
 - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
 - Disabled logging of PAM password authentication failures when password
   is empty. (e.g start of authentication loop). Reported by Naz
   <96na@eng.cam.ac.uk>)

diff --git a/ChangeLog b/ChangeLog
index 394ebc8990979615cd2acb473a20b52e695c855a..a89fcdc9c140c08f6e673330ad7f43f370c98221 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,13 +1,24 @@
+19991226
+ - Enabled utmpx support by default for Solaris
+ - Cleanup sshd.c PAM a little more
+
 19991225
  - More fixes from Andre Lucas <andre.lucas@dial.pipex.com>
  - Cleanup of auth-passwd.c for shadow and MD5 passwords
  - Cleanup and bugfix of PAM authentication code
+ - Released 1.2.1pre20
+
+ - Merged fixes from Ben Taylor <bent@clark.net>
+ - Fixed configure support for PAM. Reported by Naz <96na@eng.cam.ac.uk>
+ - Disabled logging of PAM password authentication failures when password
+   is empty. (e.g start of authentication loop). Reported by Naz
+   <96na@eng.cam.ac.uk>)
 
 19991223
  - Merged later HPUX patch from Andre Lucas 
    <andre.lucas@dial.pipex.com>
  - Above patch included better utmpx support from Ben Taylor
-   <bent@clark.net>:
+   <bent@clark.net>
 
 19991222
  - Fix undefined fd_set type in ssh.h from Povl H. Pedersen 

diff --git a/Makefile.in b/Makefile.in
index ff978b74fba003c8d36264f0b3b00bb59e364793..fa9a9d815c789e773449e1a96e127a9f7e53b1cc 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -44,6 +44,10 @@ LIBOBJS= atomicio.o authfd.o authfile.o bsd-daemon.o bsd-mktemp.o \
 
 all: $(OBJS) $(TARGETS)
 
+$(OBJS): config.h
+
+$(LIBOBJS): config.h
+
 libssh.a: $(LIBOBJS)
        $(AR) rv $@ $(LIBOBJS)
        $(RANLIB) $@

diff --git a/acconfig.h b/acconfig.h
index 1e706ff58fd69740bd35c1a8a3e1266410e2a6b3..60dd430105bb452429a2550a10a42043f830f91f 100644 (file)
--- a/acconfig.h
+++ b/acconfig.h
@@ -222,6 +222,23 @@ enum
 # endif
 #endif
 
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
+# ifndef _PATH_UTMPX
+#  ifdef UTMPX_FILE
+#   define _PATH_UTMPX UTMPX_FILE
+#  else
+#   define _PATH_UTMPX "/var/adm/utmpx"
+#  endif
+# endif
+# ifndef _PATH_WTMPX
+#  ifdef WTMPX_FILE
+#   define _PATH_WTMPX WTMPX_FILE
+#  else
+#   define _PATH_WTMPX "/var/adm/wtmp"
+#  endif
+# endif
+#endif
+
 #ifndef _PATH_BSHELL
 # define _PATH_BSHELL "/bin/sh"
 #endif

diff --git a/bsd-login.c b/bsd-login.c
index d81e469142ed32de8489f74c5312fc8fbd52fba8..eccb29ee4a860cd9067a93eb6db1966ece494277 100644 (file)
--- a/bsd-login.c
+++ b/bsd-login.c
@@ -65,24 +65,24 @@ login(utp)
        struct utmp *utp;
 #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 {
+#if defined(HAVE_HOST_IN_UTMP)
        struct utmp old_ut;
+#endif
 #if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
        struct utmpx *old_utx;
 #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
        register int fd;
        int tty;
 
-#ifndef UT_LINESIZE
-# define UT_LINESIZE (sizeof(old_ut.ut_line))
-# define UT_NAMESIZE (sizeof(old_ut.ut_name))
-# ifdef HAVE_HOST_IN_UTMP
-#  define UT_HOSTSIZE (sizeof(old_ut.ut_host))
-# endif
-#endif
-
        tty = ttyslot();
        if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR|O_CREAT, 0644)) >= 0) {
+
 #if defined(HAVE_HOST_IN_UTMP)
+# ifndef UT_LINESIZE
+#  define UT_LINESIZE (sizeof(old_ut.ut_line))
+#  define UT_NAMESIZE (sizeof(old_ut.ut_name))
+#  define UT_HOSTSIZE (sizeof(old_ut.ut_host))
+# endif
                (void)lseek(fd, (off_t)(tty * sizeof(struct utmp)), SEEK_SET);
                /*
                 * Prevent luser from zero'ing out ut_host.

diff --git a/configure.in b/configure.in
index 7bb96270a9c1a6388c3a5bf22a2a6e82a8ba0391..6cfacd2dbf818cff0ae251f4c21fe66afb5e23e9 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -53,6 +53,9 @@ case "$host" in
                AC_DEFINE(DISABLE_SHADOW)
        fi
        ;;
+*-*-solaris*)
+       AC_DEFINE(USE_UTMPX)
+       ;;
 esac
 
 dnl Check for OpenSSL/SSLeay directories.
@@ -101,11 +104,14 @@ AC_ARG_WITH(pam,
        [  --without-pam           Disable PAM support ],
        [
                if test "x$withval" != "xno" ; then
-                       AC_CHECK_LIB(dl, dlopen, , )
-                       AC_CHECK_LIB(pam, pam_authenticate, , )
+                       no_pam=1
                fi
        ]
 )
+if test -z "$no_pam" ; then
+       AC_CHECK_LIB(dl, dlopen, , )
+       AC_CHECK_LIB(pam, pam_authenticate, , )
+fi
 
 dnl Checks for header files.
 AC_CHECK_HEADERS(endian.h lastlog.h login.h maillock.h netgroup.h paths.h poll.h pty.h shadow.h util.h utmp.h utmpx.h sys/bsdtty.h sys/poll.h sys/select.h sys/stropts.h sys/time.h sys/ttcompat.h)

diff --git a/login.c b/login.c
index d91a562ba6307e28a9c77df6c7c040de517428b6..9fe873e3ba9c99300793a621f81600cdb9d0ef8d 100644 (file)
--- a/login.c
+++ b/login.c
@@ -155,18 +155,19 @@ record_login(int pid, const char *ttyname, const char *user, uid_t uid,
        strncpy(utx.ut_line, ttyname + 5, sizeof(utx.ut_line));
        utx.ut_pid = (pid_t)pid;
        utx.ut_tv.tv_sec = time(NULL);
-       u.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS;
-#ifdef HAVE_HOST_IN_UTMPX
-#ifdef HAVE_SYSLEN_IN_UTMPX
+       utx.ut_type = (uid == -1)?DEAD_PROCESS:USER_PROCESS;
+# ifdef HAVE_HOST_IN_UTMPX
+#  ifdef HAVE_SYSLEN_IN_UTMPX
        utx.ut_syslen = strlen(host);
-       strncpy(utx.ut_host, host, utx.ut_syslen );
-#else
+       strncpy(utx.ut_host, host, utx.ut_syslen);
+#  else
        strncpy(utx.ut_host, host, sizeof(utx.ut_host));
-#endif /* HAVE_SYSLEN_IN_UTMPX */
-#endif
+#  endif /* HAVE_SYSLEN_IN_UTMPX */
+# endif
 #endif /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
 
-#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) && !defined(HAVE_LOGIN)
+/*#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX) && !defined(HAVE_LOGIN)*/
+#if defined(HAVE_UTMPX_H) && defined(USE_UTMPX)
        login(&u, &utx);
 #else /* defined(HAVE_UTMPX_H) && defined(USE_UTMPX) */
        login(&u);

diff --git a/packages/redhat/openssh.spec b/packages/redhat/openssh.spec
index a3e51bb812a5efba06ffe144d0d9af94b8fa0426..af904c7de668d056353d5fe08fcdae04f9d595be 100644 (file)
--- a/packages/redhat/openssh.spec
+++ b/packages/redhat/openssh.spec
@@ -1,6 +1,6 @@
 Summary: OpenSSH free Secure Shell (SSH) implementation
 Name: openssh
-Version: 1.2.1pre20
+Version: 1.2.1pre21
 Release: 1
 Packager: Damien Miller <djm@ibs.com.au>
 Source0: openssh-%{version}.tar.gz

diff --git a/packages/suse/openssh.spec b/packages/suse/openssh.spec
index c649ef235a3d1a283523215248cd19a5dacdf656..23926e017101fb45f1ef2119328c7868cdb49dc9 100644 (file)
--- a/packages/suse/openssh.spec
+++ b/packages/suse/openssh.spec
@@ -1,6 +1,6 @@
 Summary: OpenSSH, a free Secure Shell (SSH) implementation
 Name: openssh
-Version: 1.2.1pre20
+Version: 1.2.1pre21
 Release: 1
 Source0: openssh-%{version}.tar.gz
 Copyright: BSD

diff --git a/sshd.c b/sshd.c
index 03a9788eaf022a1f31a6ddd3597c8548ab30fb94..6826df235c83731725f74a831d7e1e8f641421b6 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -249,8 +249,10 @@ int do_pam_auth(const char *user, const char *password)
                log("PAM Password authentication accepted for user \"%.100s\"", user);
                return 1;
        } else {
-               log("PAM Password authentication for \"%.100s\" failed: %s", 
-                       user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+               /* Don't log failure for auth attempts with empty password */
+               if (password[0] != '\0')
+                       log("PAM Password authentication for \"%.100s\" failed: %s", 
+                               user, PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
                return 0;
        }
 }
@@ -1362,9 +1364,6 @@ do_authloop(struct passwd * pw)
        int plen, dlen, nlen, ulen, elen;
        int type = 0;
        void (*authlog) (const char *fmt,...) = verbose;
-#ifdef HAVE_LIBPAM
-       int pam_retval;
-#endif /* HAVE_LIBPAM */
 
        /* Indicate that authentication is needed. */
        packet_start(SSH_SMSG_FAILURE);