- (djm) Add summary of configure options to end of ./configure run

 - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from
   Michael Stone <mstone@cs.loyola.edu>
 - (djm) rusage is a privileged operation on some Unices (incl.
   Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
 - (djm) Avoid PAM failures when running without a TTY. Report from
   Martin Petrak <petrak@spsknm.schools.sk>
 - (djm) Include sys/types.h when including netinet/in.h in configure tests.
   Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>

4 files changed, 118 insertions, 15 deletions

diff --git a/ChangeLog b/ChangeLog
index 1baf2347..9ca8e55f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+20000618
+ - (djm) Add summary of configure options to end of ./configure run
+ - (djm) Not all systems define RUSAGE_SELF & RUSAGE_CHILDREN. Report from 
+   Michael Stone <mstone@cs.loyola.edu>
+ - (djm) rusage is a privileged operation on some Unices (incl. 
+   Solaris 2.5.1). Report from Paul D. Smith <pausmith@nortelnetworks.com>
+ - (djm) Avoid PAM failures when running without a TTY. Report from 
+   Martin Petrak <petrak@spsknm.schools.sk>
+ - (djm) Include sys/types.h when including netinet/in.h in configure tests.
+   Patch from Jun-ichiro itojun Hagino <itojun@iijlab.net>
+
 20000613
  - (djm) Fixes from Andrew McGill <andrewm@datrix.co.za>:
   - Platform define for SCO 3.x which breaks on /dev/ptmx
diff --git a/auth-pam.c b/auth-pam.c
index 67a851d1..8ceb2691 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -34,7 +34,7 @@
 #include "xmalloc.h"
 #include "servconf.h"
 
-RCSID("$Id: auth-pam.c,v 1.6 2000/06/12 06:38:54 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.7 2000/06/18 04:07:04 djm Exp $");
 
 #define NEW_AUTHTOK_MSG \
 	"Warning: You password has expired, please change it now"
@@ -246,6 +246,12 @@ void start_pam(struct passwd *pw)
 			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
 	}
 	
+	pam_retval = pam_set_item((pam_handle_t *)pamh, PAM_TTY, "ssh");
+	if (pam_retval != PAM_SUCCESS) {
+		fatal("PAM set tty failed: %.200s", 
+			PAM_STRERROR((pam_handle_t *)pamh, pam_retval));
+	}
+
 	fatal_add_cleanup(&pam_cleanup_proc, NULL);
 }
 
diff --git a/configure.in b/configure.in
index 0e755e4b..f0edebac 100644
--- a/configure.in
+++ b/configure.in
@@ -208,12 +208,14 @@ AC_CHECK_FUNC(getpagesize,
 	[AC_CHECK_LIB(ucb, getpagesize, [LIBS="$LIBS -lucb"; AC_DEFINE(HAVE_GETPAGESIZE)])]
 )
 
+PAM_MSG="no"
 AC_ARG_WITH(pam,
 	[  --without-pam           Disable PAM support ],
 	[
 		if test "x$withval" = "xno" ; then
 			no_pam=1
 			AC_DEFINE(DISABLE_PAM)
+			PAM_MSG="disabled"
 		fi
 	]
 )
@@ -223,6 +225,8 @@ if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then
 
 	AC_CHECK_FUNCS(pam_getenvlist)
 
+	PAM_MSG="yes"
+
 	# Check PAM strerror arguments (old PAM)
 	AC_MSG_CHECKING([whether pam_strerror takes only one argument])
 	AC_TRY_COMPILE(
@@ -235,6 +239,7 @@ if test -z "$no_pam" -a "x$ac_cv_header_security_pam_appl_h" = "xyes" ; then
 		[
 			AC_DEFINE(HAVE_OLD_PAM)
 			AC_MSG_RESULT(yes)
+			PAM_MSG="yes (old library)"
 		]
 	) 
 fi
@@ -353,13 +358,17 @@ done
 
 if test ! -z "$no_rsa" ; then
 	AC_MSG_RESULT(disabled)
+	RSA_MSG="disabled"
 else
 	if test -z "$rsa_works" ; then
 		AC_MSG_WARN([*** No RSA support found *** ])
+		RSA_MSG="no"
 	else
 		if test -z "$WANTS_RSAREF" ; then
 			AC_MSG_RESULT(yes)
+			RSA_MSG="yes"
 		else
+			RSA_MSG="yes (using RSAref)"
 			AC_MSG_RESULT(using RSAref)
 			LIBS="$saved_LIBS -lcrypto -lRSAglue -lrsaref"
 		fi
@@ -501,6 +510,7 @@ fi
 AC_CACHE_CHECK([for struct sockaddr_in6], ac_cv_have_struct_sockaddr_in6, [
 	AC_TRY_COMPILE(
 		[
+#include <sys/types.h>
 #include <netinet/in.h>
 		],
 		[ struct sockaddr_in6 s; s.sin6_family = 0; ],
@@ -515,6 +525,7 @@ fi
 AC_CACHE_CHECK([for struct in6_addr], ac_cv_have_struct_in6_addr, [
 	AC_TRY_COMPILE(
 		[
+#include <sys/types.h>
 #include <netinet/in.h>
 		],
 		[ struct in6_addr s; s.s6_addr[0] = 0; ],
@@ -562,8 +573,6 @@ OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
 
-
-
 AC_CACHE_CHECK([for ss_family field in struct sockaddr_storage],
 		ac_cv_have_ss_family_in_struct_ss, [
 	AC_TRY_COMPILE(
@@ -580,7 +589,6 @@ if test "x$ac_cv_have_ss_family_in_struct_ss" = "xyes" ; then
 	AC_DEFINE(HAVE_SS_FAMILY_IN_SS)
 fi
 
-
 AC_CACHE_CHECK([for __ss_family field in struct sockaddr_storage],
 		ac_cv_have___ss_family_in_struct_ss, [
 	AC_TRY_COMPILE(
@@ -615,7 +623,7 @@ AC_ARG_WITH(rsh,
 	[  --with-rsh=PATH         Specify path to remote shell program ],
 	[
 		if test "x$withval" != "$no" ; then
-			AC_DEFINE_UNQUOTED(RSH_PATH, "$withval")
+			rsa_path=$withval
 		fi
 	],
 	[
@@ -627,7 +635,7 @@ AC_ARG_WITH(xauth,
 	[  --with-xauth=PATH       Specify path to xauth program ],
 	[
 		if test "x$withval" != "$xno" ; then
-			AC_DEFINE_UNQUOTED(XAUTH_PATH, "$withval")
+			xauth_path=$withval
 		fi
 	],
 	[
@@ -746,6 +754,7 @@ AC_SUBST(MANTYPE)
 AC_SUBST(mansubdir)
 
 # Check whether user wants Kerberos support
+KRB4_MSG="no" 
 AC_ARG_WITH(kerberos4,
 	[  --with-kerberos4=PATH   Enable Kerberos 4 support],
 	[
@@ -778,12 +787,14 @@ AC_ARG_WITH(kerberos4,
 			KLIBS="-lkrb -ldes"
 			AC_CHECK_LIB(resolv, dn_expand, , )
 			KRB4=yes
+			KRB4_MSG="yes" 
 			AC_DEFINE(KRB4)
 		fi
 	]
 )
 
 # Check whether user wants AFS support
+AFS_MSG="no" 
 AC_ARG_WITH(afs,
 	[  --with-afs=PATH         Enable AFS support],
 	[
@@ -803,23 +814,27 @@ AC_ARG_WITH(afs,
 				LIBS="$LIBS $AFS_LIBS"
 			fi
 			AC_DEFINE(AFS)
+			AFS_MSG="yes" 
 		fi
 	]
 )
 LIBS="$LIBS $KLIBS"
 
 # Check whether user wants S/Key support
+SKEY_MSG="no" 
 AC_ARG_WITH(skey,
 	[  --with-skey             Enable S/Key support],
 	[
 		if test "x$withval" != "xno" ; then
 			AC_DEFINE(SKEY)
 			LIBS="$LIBS -lskey"
+			SKEY_MSG="yes" 
 		fi
 	]
 )
 
 # Check whether user wants TCP wrappers support
+TCPW_MSG="no" 
 AC_ARG_WITH(tcp-wrappers,
 	[  --with-tcp-wrappers     Enable tcpwrappers support],
 	[
@@ -836,11 +851,10 @@ AC_ARG_WITH(tcp-wrappers,
 				[
 					AC_MSG_RESULT(yes)
 					AC_DEFINE(LIBWRAP)
+					TCPW_MSG="yes" 
 				],
 				[
-					AC_MSG_RESULT(no)
-					AC_MSG_WARN([*** libwrap missing - tcpwrapper support disabled ***])
-					LIBS="$saved_LIBS"
+					AC_MSG_ERROR([*** libwrap missing])
 				]
 			)
 		fi
@@ -848,11 +862,13 @@ AC_ARG_WITH(tcp-wrappers,
 )
 
 # Check whether to enable MD5 passwords
+MD5_MSG="no" 
 AC_ARG_WITH(md5-passwords,
 	[  --with-md5-passwords    Enable use of MD5 passwords],
 	[
 		if test "x$withval" != "xno" ; then
 			AC_DEFINE(HAVE_MD5_PASSWORDS)
+			MD5_MSG="yes" 
 		fi
 	]
 )
@@ -868,42 +884,50 @@ AC_ARG_WITH(shadow,
 )
 
 # Use ip address instead of hostname in $DISPLAY
+DISPLAY_HACK_MSG="no" 
 AC_ARG_WITH(ipaddr-display,
 	[  --with-ipaddr-display   Use ip address instead of hostname in \$DISPLAY],
 	[
 		if test "x$withval" = "xno" ; then	
 			AC_DEFINE(IPADDR_IN_DISPLAY)
+			DISPLAY_HACK_MSG="yes" 
 		fi
 	]
 )
 
 # Whether to mess with the default path
+SERVER_PATH_MSG="(default)" 
 AC_ARG_WITH(default-path,
 	[  --with-default-path=PATH Specify default \$PATH environment for server],
 	[
 		if test "x$withval" != "xno" ; then	
 			AC_DEFINE_UNQUOTED(USER_PATH, "$withval")
+			SERVER_PATH_MSG="$withval" 
 		fi
 	]
 )
 
 # Whether to force IPv4 by default (needed on broken glibc Linux)
+IPV4_HACK_MSG="no" 
 AC_ARG_WITH(ipv4-default,
 	[  --with-ipv4-default     Use IPv4 by connections unless '-6' specified],
 	[
 		if test "x$withval" != "xno" ; then	
 			AC_DEFINE(IPV4_DEFAULT)
+			IPV4_HACK_MSG="yes" 
 		fi
 	]
 )
 
 AC_MSG_CHECKING([if we need to convert IPv4 in IPv6-mapped addresses])
+IPV4_IN6_HACK_MSG="no" 
 AC_ARG_WITH(4in6,
 	[  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
 	[
 		if test "x$withval" != "xno" ; then
 			AC_MSG_RESULT(yes)
 			AC_DEFINE(IPV4_IN_IPV6)
+			IPV4_IN6_HACK_MSG="yes" 
 		else
 			AC_MSG_RESULT(no)
 		fi
@@ -911,6 +935,7 @@ AC_ARG_WITH(4in6,
 		if test "x$inet6_default_4in6" = "xyes"; then
 			AC_MSG_RESULT([yes (default)])
 			AC_DEFINE(IPV4_IN_IPV6)
+			IPV4_IN6_HACK_MSG="yes" 
 		else
 			AC_MSG_RESULT([no (default)])
 		fi
@@ -1162,3 +1187,57 @@ fi
 
 AC_OUTPUT(Makefile ssh_prng_cmds)
 
+# Print summary of options
+
+if test x$MANTYPE = x'$(CATMAN)' ; then
+	MAN_MSG=cat
+else 
+	MAN_MSG=man
+fi
+if test ! -z "$RANDOM_POOL" ; then
+	RAND_MSG="Device ($RANDOM_POOL)"
+else
+	if test ! -z "$EGD_SOCKET" ; then
+		RAND_MSG="EGD ($EGD_SOCKET)"
+	else
+		RAND_MSG="Builtin (timeout $entropy_timeout)"
+	fi
+fi
+
+# Someone please show me a better way :)
+A=`eval echo ${prefix}` ; A=`eval echo ${A}`
+B=`eval echo ${bindir}` ; B=`eval echo ${B}`
+C=`eval echo ${sbindir}` ; C=`eval echo ${C}`
+D=`eval echo ${sysconfdir}` ; D=`eval echo ${D}`
+E=`eval echo ${libexecdir}/ssh/ssh-askpass` ; E=`eval echo ${E}`
+F=`eval echo ${mandir}/${mansubdir}X` ; F=`eval echo ${F}`
+G=`eval echo ${piddir}` ; G=`eval echo ${G}`
+
+echo ""
+echo "OpenSSH configured has been configured with the following options."
+echo "                 User binaries: $B"
+echo "               System binaries: $C"
+echo "           Configuration files: $D"
+echo "               Askpass program: $E"
+echo "                  Manual pages: $F"
+echo "                      PID file: $G"
+echo "      Random number collection: $RAND_MSG"
+echo "                Manpage format: $MAN_MSG"
+echo "                   PAM support: ${PAM_MSG}"
+echo "            KerberosIV support: $KRB4_MSG"
+echo "                   AFS support: $AFS_MSG"
+echo "                 S/KEY support: $SKEY_MSG"
+echo "          TCP Wrappers support: $TCPW_MSG"
+echo "          MD5 password support: $MD5_MSG"
+echo "   IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+echo "      Use IPv4 by default hack: $IPV4_HACK_MSG"
+echo "       Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+
+echo ""
+
+echo "Compiler flags: ${CFLAGS}"
+echo "Linker flags: ${LDFLAGS}"
+echo "Libraries: ${LIBS}"
+
+echo ""
+
diff --git a/entropy.c b/entropy.c
index cbb36fd2..09dcae3b 100644
--- a/entropy.c
+++ b/entropy.c
@@ -35,7 +35,7 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
-RCSID("$Id: entropy.c,v 1.13 2000/06/07 12:20:23 djm Exp $");
+RCSID("$Id: entropy.c,v 1.14 2000/06/18 04:07:04 djm Exp $");
 
 #ifndef offsetof
 # define offsetof(type, member) ((size_t) &((type *)0)->member)
@@ -55,6 +55,13 @@ RCSID("$Id: entropy.c,v 1.13 2000/06/07 12:20:23 djm Exp $");
 
 #define WHITESPACE " \t\n"
 
+#ifndef RUSAGE_SELF
+# define RUSAGE_SELF 0
+#endif
+#ifndef RUSAGE_CHILDREN
+# define RUSAGE_CHILDREN 0
+#endif
+
 #if defined(EGD_SOCKET) || defined(RANDOM_POOL)
 
 #ifdef EGD_SOCKET
@@ -187,11 +194,11 @@ stir_from_system(void)
 	total_entropy_estimate = 0;
 	
 	i = getpid();
-	RAND_add(&i, sizeof(i), 0.1);
+	RAND_add(&i, sizeof(i), 0.5);
 	total_entropy_estimate += 0.1;
 	
 	i = getppid();
-	RAND_add(&i, sizeof(i), 0.1);
+	RAND_add(&i, sizeof(i), 0.5);
 	total_entropy_estimate += 0.1;
 
 	i = getuid();
@@ -200,7 +207,7 @@ stir_from_system(void)
 	RAND_add(&i, sizeof(i), 0.0);
 
 	total_entropy_estimate += stir_gettimeofday(1.0);
-	total_entropy_estimate += stir_clock(0.2);
+	total_entropy_estimate += stir_clock(0.5);
 	total_entropy_estimate += stir_rusage(RUSAGE_SELF, 2.0);
 
 	return(total_entropy_estimate);
@@ -301,9 +308,9 @@ stir_rusage(int who, double entropy_estimate)
 	struct rusage ru;
 	
 	if (getrusage(who, &ru) == -1)
-		fatal("Couldn't getrusage: %s", strerror(errno));
+		return(0);
 
-	RAND_add(&ru, sizeof(ru), 0.1);
+	RAND_add(&ru, sizeof(ru), entropy_estimate);
 
 	return(entropy_estimate);
 #else /* _HAVE_GETRUSAGE */