From 4cca272e7de2b8741f368dded46764f79e7d6444 Mon Sep 17 00:00:00 2001 From: damien Date: Wed, 10 Nov 1999 23:40:23 +0000 Subject: [PATCH] - Added (untested) Entropy Gathering Daemon (EGD) support - Merged several minor fixed: - ssh-agent commandline parsing - RPM spec file now installs ssh setuid root - Makefile creates libdir - Merged beginnings of Solaris compability from Marc G. Fournier --- ChangeLog | 5 ++++ acconfig.h | 12 ++++++++ configure.in | 81 ++++++++++++++++++++++++++++++++++++---------------- helper.c | 40 +++++++++++++++----------- includes.h | 12 +++++--- login.c | 14 +++++++-- mktemp.c | 2 +- rsa.h | 8 +++--- ssh.h | 4 ++- 9 files changed, 125 insertions(+), 53 deletions(-) diff --git a/ChangeLog b/ChangeLog index 047c5b70..f95a7ec0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8 +1,13 @@ +19991111 + - Added (untested) Entropy Gathering Daemon (EGD) support + 19991110 - Merged several minor fixed: - ssh-agent commandline parsing - RPM spec file now installs ssh setuid root - Makefile creates libdir + - Merged beginnings of Solaris compability from Marc G. Fournier + 19991109 - Autodetection of SSL/Crypto library location via autoconf diff --git a/acconfig.h b/acconfig.h index c859c253..063b9171 100644 --- a/acconfig.h +++ b/acconfig.h @@ -3,8 +3,20 @@ /* SSL directory. */ #undef ssldir +/* Random number pool */ +#undef RANDOM_POOL + +/* Are we using the Entropy gathering daemon */ +#undef HAVE_EGD + /* Define if your ssl headers are included with #include */ #undef HAVE_SSL /* Define if your ssl headers are included with #include */ #undef HAVE_OPENSSL + +/* Define is utmp.h has a ut_host field */ +#undef HAVE_HOST_IN_UTMP + +/* Define is libutil has login() function */ +#undef HAVE_LIBUTIL_LOGIN diff --git a/configure.in b/configure.in index fc59cbb8..b16c1291 100644 --- a/configure.in +++ b/configure.in @@ -1,44 +1,25 @@ -dnl Process this file with autoconf to produce a configure script. - -AC_INIT(auth-krb4.c) +AC_INIT(ssh.c) AC_CONFIG_HEADER(config.h) dnl Checks for programs. AC_PROG_CC +AC_PROG_CPP AC_PROG_RANLIB AC_CHECK_PROG(AR, ar, ar) if test "$GCC" = "yes"; then CFLAGS="$CFLAGS -Wall"; fi -dnl Checks for libraries. -dnl Replace `main' with a function in -lcrypto: -AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***])) -dnl Replace `main' with a function in -lutil: -AC_CHECK_LIB(util, logout, ,AC_MSG_ERROR([*** -lutil missing - this is part of libc. ***])) -dnl Replace `main' with a function in -lz: -AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) -dnl check for nsl -AC_CHECK_LIB(nsl, yp_match, , ) -dnl check for dl -AC_CHECK_LIB(dl, dlopen, , ) -dnl check for pam -AC_CHECK_LIB(pam, pam_authenticate, , ) - dnl Check for OpenSSL/SSLeay directories. AC_MSG_CHECKING([for OpenSSL/SSLeay directory]) -for dir in /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg ; do - ssldir="$dir" - if test -f "$dir/include/openssl/crypto.h"; then +for ssldir in /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local $prefix /usr/pkg ; do + if test -f "$ssldir/include/openssl/crypto.h"; then AC_DEFINE(HAVE_OPENSSL) break fi - if test -f "$dir/include/ssl/crypto.h"; then + if test -f "$ssldir/include/ssl/crypto.h"; then AC_DEFINE(HAVE_SSL) break fi - if test -f "$dir/include/crypto.h"; then - break - fi done AC_MSG_RESULT($ssldir) AC_SUBST(ssldir) @@ -57,17 +38,67 @@ AC_TRY_LINK([], [], [AC_MSG_RESULT(yes); ], [AC_MSG_RESULT(no)]; LIBS="$saved_LIBS") +dnl Checks for libraries. +AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***])) +AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) +AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil") +AC_CHECK_LIB(nsl, yp_match, , ) +AC_CHECK_LIB(socket, main, , ) + +dnl libdl is needed by PAM on Redhat systems +AC_CHECK_LIB(dl, dlopen, , ) +AC_CHECK_LIB(pam, pam_authenticate, , ) + dnl Checks for header files. -AC_CHECK_HEADERS(pty.h) +AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h) dnl Checks for library functions. AC_PROG_GCC_TRADITIONAL AC_CHECK_FUNCS(openpty strlcpy mkdtemp arc4random setproctitle) +dnl Check for ut_host field in utmp +AC_MSG_CHECKING([whether utmp.h has ut_host field]) +AC_EGREP_HEADER(ut_host, utmp.h, + [AC_DEFINE(HAVE_HOST_IN_UTMP) AC_MSG_RESULT(yes); ], + [AC_MSG_RESULT(no)] +) + dnl Check whether user wants GNOME ssh-askpass AC_ARG_WITH(gnome-askpass, [ --with-gnome-askpass Build and use the GNOME passphrase requester], [GNOME_ASKPASS="gnome-ssh-askpass"]) AC_SUBST(GNOME_ASKPASS) +dnl Check for user-specified random device +AC_ARG_WITH(random, + [ --with-random=FILE read randomness from FILE (default /dev/urandom)], + [ + RANDOM_POOL="$withval"; + AC_DEFINE(RANDOM_POOL, "$RANDOM_POOL") + ], + [ + dnl Check for random device + AC_CHECK_FILE("/dev/urandom", + [ + RANDOM_POOL="/dev/urandom"; + AC_DEFINE(RANDOM_POOL, "$RANDOM_POOL") + ] + ) + ] +) + +dnl Check for EGD pool file +AC_ARG_WITH(egd-pool, + [ --with-egd-pool=FILE read randomness from EGD pool FILE], + [ + RANDOM_POOL="$withval"; + AC_DEFINE(HAVE_EGD) + AC_DEFINE(RANDOM_POOL, "$RANDOM_POOL") + ] +) + +if test -z "$RANDOM_POOL" -a -z "$EGD_POOL"; then + AC_MSG_ERROR([No random device found, and no EGD random pool specified]) +fi + AC_OUTPUT(Makefile) diff --git a/helper.c b/helper.c index 6959535d..6d77759d 100644 --- a/helper.c +++ b/helper.c @@ -45,6 +45,7 @@ #include "rc4.h" #include "xmalloc.h" +#include "ssh.h" #include "config.h" #include "helper.h" @@ -79,28 +80,35 @@ void arc4random_stir(void) void get_random_bytes(unsigned char *buf, int len) { - int urandom; + int random_pool; int c; +#ifdef HAVE_EGD + char egd_message[2] = { 0x02, 0x00 }; +#endif /* HAVE_EGD */ - urandom = open("/dev/urandom", O_RDONLY); - if (urandom == -1) - { - fprintf(stderr, "Couldn't open /dev/urandom: %s", strerror(errno)); - exit(1); - } + random_pool = open(RANDOM_POOL, O_RDONLY); + if (random_pool == -1) + fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); - c = read(urandom, buf, len); +#ifdef HAVE_EGD + if (len > 255) + fatal("Too many bytes to read from EGD"); + + /* Send blocking read request to EGD */ + egd_message[1] = len; + c = write(random_pool, egd_message, sizeof(egd_message)); + if (c == -1) + fatal("Couldn't write to EGD socket \"%s\": %s", RANDOM_POOL, strerror(errno)); +#endif /* HAVE_EGD */ + + c = read(random_pool, buf, len); if (c == -1) - { - fprintf(stderr, "Couldn't read from /dev/urandom: %s", strerror(errno)); - exit(1); - } + fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); if (c != len) - { - fprintf(stderr, "Short read from /dev/urandom"); - exit(1); - } + fatal("Short read from random pool \"%s\"", RANDOM_POOL); + + close(random_pool); } #endif /* !HAVE_ARC4RANDOM */ diff --git a/includes.h b/includes.h index a1a6da6b..198e7297 100644 --- a/includes.h +++ b/includes.h @@ -37,7 +37,6 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } #include #include -#include #include #include #include @@ -52,13 +51,18 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } #include #include #include -#include #include -#include "version.h" - #include "config.h" +#ifdef HAVE_PATHS_H +# include +#endif +#ifdef HAVE_ENDIAN_H +# include +#endif + +#include "version.h" #include "helper.h" #include "mktemp.h" #include "strlcpy.h" diff --git a/login.c b/login.c index aa6db16e..5bec8237 100644 --- a/login.c +++ b/login.c @@ -21,6 +21,11 @@ on a tty. RCSID("$Id$"); #include + +#ifdef HAVE_LASTLOG_H +# include +#endif + #include "ssh.h" /* Returns the time when the user last logged in. Returns 0 if the @@ -76,7 +81,9 @@ void record_login(int pid, const char *ttyname, const char *user, uid_t uid, strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line)); u.ut_time = time(NULL); strncpy(u.ut_name, user, sizeof(u.ut_name)); +#ifdef HAVE_HOST_IN_UTMP strncpy(u.ut_host, host, sizeof(u.ut_host)); +#endif /* Figure out the file names. */ utmp = _PATH_UTMP; @@ -108,11 +115,14 @@ void record_login(int pid, const char *ttyname, const char *user, uid_t uid, } } -/* Records that the user has logged out. */ - void record_logout(int pid, const char *ttyname) { +#ifdef HAVE_LIBUTIL_LOGIN const char *line = ttyname + 5; /* /dev/ttyq8 -> ttyq8 */ if (logout(line)) logwtmp(line, "", ""); +#else /* HAVE_LIBUTIL_LOGIN */ + record_login(pid, ttyname, "", -1, "", NULL); +#endif /* HAVE_LIBUTIL_LOGIN */ } + diff --git a/mktemp.c b/mktemp.c index de11a6b5..be03ac90 100644 --- a/mktemp.c +++ b/mktemp.c @@ -52,7 +52,7 @@ static char rcsid[] = "$OpenBSD: mktemp.c,v 1.13 1998/06/30 23:03:13 deraadt Exp #ifndef HAVE_MKDTEMP -static int _gettemp __P((char *, int *, int, int)); +static int _gettemp(char *, int *, int, int); int mkstemps(path, slen) diff --git a/rsa.h b/rsa.h index bc3a3f5d..8cd74e46 100644 --- a/rsa.h +++ b/rsa.h @@ -34,11 +34,11 @@ void rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits); /* Indicates whether the rsa module is permitted to show messages on the terminal. */ -void rsa_set_verbose __P((int verbose)); +void rsa_set_verbose(int verbose); -int rsa_alive __P((void)); +int rsa_alive(void); -void rsa_public_encrypt __P((BIGNUM *out, BIGNUM *in, RSA *prv)); -void rsa_private_decrypt __P((BIGNUM *out, BIGNUM *in, RSA *prv)); +void rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *prv); +void rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *prv); #endif /* RSA_H */ diff --git a/ssh.h b/ssh.h index 5a5bab82..2aaaa52c 100644 --- a/ssh.h +++ b/ssh.h @@ -18,7 +18,9 @@ Generic header file for ssh. #ifndef SSH_H #define SSH_H -/* Added by Dan */ +#include /* For struct sockaddr_in */ +#include /* For struct pw */ + #ifndef SHUT_RDWR enum { -- 2.45.2