diff options
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | acconfig.h | 12 | ||||
| -rw-r--r-- | configure.in | 81 | ||||
| -rw-r--r-- | helper.c | 40 | ||||
| -rw-r--r-- | includes.h | 12 | ||||
| -rw-r--r-- | login.c | 16 | ||||
| -rw-r--r-- | mktemp.c | 2 | ||||
| -rw-r--r-- | rsa.h | 10 | ||||
| -rw-r--r-- | ssh.h | 6 |
9 files changed, 128 insertions, 56 deletions
@@ -1,8 +1,13 @@ +19991111 + - Added (untested) Entropy Gathering Daemon (EGD) support + 19991110 - Merged several minor fixed: - ssh-agent commandline parsing - RPM spec file now installs ssh setuid root - Makefile creates libdir + - Merged beginnings of Solaris compability from Marc G. Fournier + <marc.fournier@acadiau.ca> 19991109 - Autodetection of SSL/Crypto library location via autoconf @@ -3,8 +3,20 @@ /* SSL directory. */ #undef ssldir +/* Random number pool */ +#undef RANDOM_POOL + +/* Are we using the Entropy gathering daemon */ +#undef HAVE_EGD + /* Define if your ssl headers are included with #include <ssl/header.h> */ #undef HAVE_SSL /* Define if your ssl headers are included with #include <openssl/header.h> */ #undef HAVE_OPENSSL + +/* Define is utmp.h has a ut_host field */ +#undef HAVE_HOST_IN_UTMP + +/* Define is libutil has login() function */ +#undef HAVE_LIBUTIL_LOGIN diff --git a/configure.in b/configure.in index fc59cbb8..b16c1291 100644 --- a/configure.in +++ b/configure.in @@ -1,44 +1,25 @@ -dnl Process this file with autoconf to produce a configure script. - -AC_INIT(auth-krb4.c) +AC_INIT(ssh.c) AC_CONFIG_HEADER(config.h) dnl Checks for programs. AC_PROG_CC +AC_PROG_CPP AC_PROG_RANLIB AC_CHECK_PROG(AR, ar, ar) if test "$GCC" = "yes"; then CFLAGS="$CFLAGS -Wall"; fi -dnl Checks for libraries. -dnl Replace `main' with a function in -lcrypto: -AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***])) -dnl Replace `main' with a function in -lutil: -AC_CHECK_LIB(util, logout, ,AC_MSG_ERROR([*** -lutil missing - this is part of libc. ***])) -dnl Replace `main' with a function in -lz: -AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) -dnl check for nsl -AC_CHECK_LIB(nsl, yp_match, , ) -dnl check for dl -AC_CHECK_LIB(dl, dlopen, , ) -dnl check for pam -AC_CHECK_LIB(pam, pam_authenticate, , ) - dnl Check for OpenSSL/SSLeay directories. AC_MSG_CHECKING([for OpenSSL/SSLeay directory]) -for dir in /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg ; do - ssldir="$dir" - if test -f "$dir/include/openssl/crypto.h"; then +for ssldir in /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local $prefix /usr/pkg ; do + if test -f "$ssldir/include/openssl/crypto.h"; then AC_DEFINE(HAVE_OPENSSL) break fi - if test -f "$dir/include/ssl/crypto.h"; then + if test -f "$ssldir/include/ssl/crypto.h"; then AC_DEFINE(HAVE_SSL) break fi - if test -f "$dir/include/crypto.h"; then - break - fi done AC_MSG_RESULT($ssldir) AC_SUBST(ssldir) @@ -57,17 +38,67 @@ AC_TRY_LINK([], [], [AC_MSG_RESULT(yes); ], [AC_MSG_RESULT(no)]; LIBS="$saved_LIBS") +dnl Checks for libraries. +AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***])) +AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***])) +AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil") +AC_CHECK_LIB(nsl, yp_match, , ) +AC_CHECK_LIB(socket, main, , ) + +dnl libdl is needed by PAM on Redhat systems +AC_CHECK_LIB(dl, dlopen, , ) +AC_CHECK_LIB(pam, pam_authenticate, , ) + dnl Checks for header files. -AC_CHECK_HEADERS(pty.h) +AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h) dnl Checks for library functions. AC_PROG_GCC_TRADITIONAL AC_CHECK_FUNCS(openpty strlcpy mkdtemp arc4random setproctitle) +dnl Check for ut_host field in utmp +AC_MSG_CHECKING([whether utmp.h has ut_host field]) +AC_EGREP_HEADER(ut_host, utmp.h, + [AC_DEFINE(HAVE_HOST_IN_UTMP) AC_MSG_RESULT(yes); ], + [AC_MSG_RESULT(no)] +) + dnl Check whether user wants GNOME ssh-askpass AC_ARG_WITH(gnome-askpass, [ --with-gnome-askpass Build and use the GNOME passphrase requester], [GNOME_ASKPASS="gnome-ssh-askpass"]) AC_SUBST(GNOME_ASKPASS) +dnl Check for user-specified random device +AC_ARG_WITH(random, + [ --with-random=FILE read randomness from FILE (default /dev/urandom)], + [ + RANDOM_POOL="$withval"; + AC_DEFINE(RANDOM_POOL, "$RANDOM_POOL") + ], + [ + dnl Check for random device + AC_CHECK_FILE("/dev/urandom", + [ + RANDOM_POOL="/dev/urandom"; + AC_DEFINE(RANDOM_POOL, "$RANDOM_POOL") + ] + ) + ] +) + +dnl Check for EGD pool file +AC_ARG_WITH(egd-pool, + [ --with-egd-pool=FILE read randomness from EGD pool FILE], + [ + RANDOM_POOL="$withval"; + AC_DEFINE(HAVE_EGD) + AC_DEFINE(RANDOM_POOL, "$RANDOM_POOL") + ] +) + +if test -z "$RANDOM_POOL" -a -z "$EGD_POOL"; then + AC_MSG_ERROR([No random device found, and no EGD random pool specified]) +fi + AC_OUTPUT(Makefile) @@ -45,6 +45,7 @@ #include "rc4.h" #include "xmalloc.h" +#include "ssh.h" #include "config.h" #include "helper.h" @@ -79,28 +80,35 @@ void arc4random_stir(void) void get_random_bytes(unsigned char *buf, int len) { - int urandom; + int random_pool; int c; +#ifdef HAVE_EGD + char egd_message[2] = { 0x02, 0x00 }; +#endif /* HAVE_EGD */ - urandom = open("/dev/urandom", O_RDONLY); - if (urandom == -1) - { - fprintf(stderr, "Couldn't open /dev/urandom: %s", strerror(errno)); - exit(1); - } + random_pool = open(RANDOM_POOL, O_RDONLY); + if (random_pool == -1) + fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); - c = read(urandom, buf, len); +#ifdef HAVE_EGD + if (len > 255) + fatal("Too many bytes to read from EGD"); + + /* Send blocking read request to EGD */ + egd_message[1] = len; + c = write(random_pool, egd_message, sizeof(egd_message)); + if (c == -1) + fatal("Couldn't write to EGD socket \"%s\": %s", RANDOM_POOL, strerror(errno)); +#endif /* HAVE_EGD */ + + c = read(random_pool, buf, len); if (c == -1) - { - fprintf(stderr, "Couldn't read from /dev/urandom: %s", strerror(errno)); - exit(1); - } + fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno)); if (c != len) - { - fprintf(stderr, "Short read from /dev/urandom"); - exit(1); - } + fatal("Short read from random pool \"%s\"", RANDOM_POOL); + + close(random_pool); } #endif /* !HAVE_ARC4RANDOM */ @@ -37,7 +37,6 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } #include <arpa/inet.h> #include <netdb.h> -#include <endian.h> #include <stdio.h> #include <ctype.h> #include <errno.h> @@ -52,13 +51,18 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } #include <grp.h> #include <unistd.h> #include <time.h> -#include <paths.h> #include <dirent.h> -#include "version.h" - #include "config.h" +#ifdef HAVE_PATHS_H +# include <paths.h> +#endif +#ifdef HAVE_ENDIAN_H +# include <endian.h> +#endif + +#include "version.h" #include "helper.h" #include "mktemp.h" #include "strlcpy.h" @@ -18,9 +18,14 @@ on a tty. */ #include "includes.h" -RCSID("$Id: login.c,v 1.1 1999/10/27 03:42:44 damien Exp $"); +RCSID("$Id: login.c,v 1.2 1999/11/10 23:40:23 damien Exp $"); #include <utmp.h> + +#ifdef HAVE_LASTLOG_H +# include <lastlog.h> +#endif + #include "ssh.h" /* Returns the time when the user last logged in. Returns 0 if the @@ -76,7 +81,9 @@ void record_login(int pid, const char *ttyname, const char *user, uid_t uid, strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line)); u.ut_time = time(NULL); strncpy(u.ut_name, user, sizeof(u.ut_name)); +#ifdef HAVE_HOST_IN_UTMP strncpy(u.ut_host, host, sizeof(u.ut_host)); +#endif /* Figure out the file names. */ utmp = _PATH_UTMP; @@ -108,11 +115,14 @@ void record_login(int pid, const char *ttyname, const char *user, uid_t uid, } } -/* Records that the user has logged out. */ - void record_logout(int pid, const char *ttyname) { +#ifdef HAVE_LIBUTIL_LOGIN const char *line = ttyname + 5; /* /dev/ttyq8 -> ttyq8 */ if (logout(line)) logwtmp(line, "", ""); +#else /* HAVE_LIBUTIL_LOGIN */ + record_login(pid, ttyname, "", -1, "", NULL); +#endif /* HAVE_LIBUTIL_LOGIN */ } + @@ -52,7 +52,7 @@ static char rcsid[] = "$OpenBSD: mktemp.c,v 1.13 1998/06/30 23:03:13 deraadt Exp #ifndef HAVE_MKDTEMP -static int _gettemp __P((char *, int *, int, int)); +static int _gettemp(char *, int *, int, int); int mkstemps(path, slen) @@ -13,7 +13,7 @@ RSA key generation, encryption and decryption. */ -/* RCSID("$Id: rsa.h,v 1.2 1999/10/28 03:25:17 damien Exp $"); */ +/* RCSID("$Id: rsa.h,v 1.3 1999/11/10 23:40:23 damien Exp $"); */ #include "config.h" #ifndef RSA_H @@ -34,11 +34,11 @@ void rsa_generate_key(RSA *prv, RSA *pub, unsigned int bits); /* Indicates whether the rsa module is permitted to show messages on the terminal. */ -void rsa_set_verbose __P((int verbose)); +void rsa_set_verbose(int verbose); -int rsa_alive __P((void)); +int rsa_alive(void); -void rsa_public_encrypt __P((BIGNUM *out, BIGNUM *in, RSA *prv)); -void rsa_private_decrypt __P((BIGNUM *out, BIGNUM *in, RSA *prv)); +void rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *prv); +void rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *prv); #endif /* RSA_H */ @@ -13,12 +13,14 @@ Generic header file for ssh. */ -/* RCSID("$Id: ssh.h,v 1.8 1999/11/08 23:28:04 damien Exp $"); */ +/* RCSID("$Id: ssh.h,v 1.9 1999/11/10 23:40:23 damien Exp $"); */ #ifndef SSH_H #define SSH_H -/* Added by Dan */ +#include <netinet/in.h> /* For struct sockaddr_in */ +#include <pwd.h> /* For struct pw */ + #ifndef SHUT_RDWR enum { |