diff options
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | acconfig.h | 4 | ||||
| -rw-r--r-- | bsd-bindresvport.c | 3 | ||||
| -rw-r--r-- | configure.in | 61 | ||||
| -rw-r--r-- | defines.h | 4 |
5 files changed, 47 insertions, 31 deletions
@@ -1,5 +1,11 @@ 20010117 - (djm) Only write random seed file at exit + - (djm) Make PAM support optional, enable with --with-pam + - (djm) Try to use libcrypt on Linux, but link it after OpenSSL (which + provides a crypt() of its own) + - (djm) Avoid a warning in bsd-bindresvport.c + - (djm) Try to avoid adding -I/usr/include to CPPFLAGS during SSL tests. This + can cause weird segfaults errors on Solaris 20010115 - (bal) sftp-server.c change to use chmod() if fchmod() does not exist. @@ -66,8 +66,8 @@ /* Define if you are on NEWS-OS */ #undef HAVE_NEWS4 -/* Define if you want to disable PAM support */ -#undef DISABLE_PAM +/* Define if you want to enable PAM support */ +#undef USE_PAM /* Define if you want to enable AIX4's authenticate function */ #undef WITH_AIXAUTHENTICATE diff --git a/bsd-bindresvport.c b/bsd-bindresvport.c index 536a5056..7faf7319 100644 --- a/bsd-bindresvport.c +++ b/bsd-bindresvport.c @@ -88,6 +88,9 @@ bindresvport_af(sd, sa, af) if (port == 0) port = (arc4random() % NPORTS) + STARTPORT; + /* Avoid warning */ + error = -1; + for(i = 0; i < NPORTS; i++) { *portp = htons(port); diff --git a/configure.in b/configure.in index 82cb5d4b..0dd8c004 100644 --- a/configure.in +++ b/configure.in @@ -62,12 +62,10 @@ case "$host" in *-*-cygwin*) LIBS="$LIBS -lregex /usr/lib/textmode.o" AC_DEFINE(HAVE_CYGWIN) - AC_DEFINE(DISABLE_PAM) AC_DEFINE(DISABLE_SHADOW) AC_DEFINE(IPV4_DEFAULT) AC_DEFINE(IP_TOS_IS_BROKEN) AC_DEFINE(BROKEN_VHANGUP) - no_pam=1 no_libsocket=1 no_libnsl=1 ;; @@ -122,6 +120,7 @@ case "$host" in ;; *-*-linux*) no_dev_ptmx=1 + check_for_libcrypt_later=1 AC_DEFINE(DONT_TRY_OTHER_AF) AC_DEFINE(PAM_TTY_KLUDGE) inet6_default_4in6=yes @@ -368,27 +367,30 @@ fi AC_FUNC_GETPGRP +# Check for PAM libs PAM_MSG="no" AC_ARG_WITH(pam, - [ --without-pam Disable PAM support ], + [ --with-pam Enable PAM support ], [ - if test "x$withval" = "xno" ; then - no_pam=1 - AC_DEFINE(DISABLE_PAM) - PAM_MSG="disabled" - fi - ] -) -if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; then - AC_CHECK_LIB(dl, dlopen, , ) - LIBS="$LIBS -lpam" + if test "x$withval" != "xno" ; then + if test "x$ac_cv_header_security_pam_appl_h" != "xyes" ; then + AC_MSG_ERROR([PAM headers not found]) + fi - AC_CHECK_FUNCS(pam_getenvlist) + AC_CHECK_LIB(dl, dlopen, , ) + AC_CHECK_LIB(pam, pam_set_item, , AC_MSG_ERROR([*** libpam missing])) + AC_CHECK_FUNCS(pam_getenvlist) - disable_shadow=yes + disable_shadow=yes + PAM_MSG="yes" - PAM_MSG="yes" + AC_DEFINE(USE_PAM) + fi + ] +) +# Check for older PAM +if test "x$PAM_MSG" = "xyes" ; then # Check PAM strerror arguments (old PAM) AC_MSG_CHECKING([whether pam_strerror takes only one argument]) AC_TRY_COMPILE( @@ -403,7 +405,7 @@ if (test -z "$no_pam" && test "x$ac_cv_header_security_pam_appl_h" = "xyes") ; t AC_MSG_RESULT(yes) PAM_MSG="yes (old library)" ] - ) + ) fi # The big search for OpenSSL @@ -425,7 +427,7 @@ fi AC_CACHE_CHECK([for OpenSSL directory], ac_cv_openssldir, [ for ssldir in $tryssldir "" /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do - if test ! -z "$ssldir" ; then + if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir" CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include" if test ! -z "$need_dash_r" ; then @@ -476,13 +478,16 @@ if (test ! -z "$ac_cv_openssldir" && test "x$ac_cv_openssldir" != "x(system)") ; AC_DEFINE(HAVE_OPENSSL) dnl Need to recover ssldir - test above runs in subshell ssldir=$ac_cv_openssldir - CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include" - LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir" - if test ! -z "$need_dash_r" ; then - LDFLAGS="$LDFLAGS -R$ssldir/lib -R$ssldir" - fi - if test ! -z "$blibpath" ; then - blibpath="$blibpath:$ssldir:$ssldir/lib" + + if test ! -z "$ssldir" -a "x$ssldir" != "x/usr"; then + CPPFLAGS="$saved_CPPFLAGS -I$ssldir/include" + LDFLAGS="$saved_LDFLAGS -L$ssldir/lib -L$ssldir" + if test ! -z "$need_dash_r" ; then + LDFLAGS="$LDFLAGS -R$ssldir/lib -R$ssldir" + fi + if test ! -z "$blibpath" ; then + blibpath="$blibpath:$ssldir:$ssldir/lib" + fi fi fi LIBS="$saved_LIBS -lcrypto" @@ -537,6 +542,12 @@ else fi fi +# Some Linux systems (Slackware) need crypt() from libcrypt, *not* the +# version in OpenSSL. Skip this for PAM +if test "x$PAM_MSG" = "xno" -a "x$check_for_libcrypt_later" = "x1"; then + AC_CHECK_LIB(crypt, crypt, , ) +fi + # Cheap hack to ensure NEWS-OS libraries are arranged right. if test ! -z "$SONY" ; then LIBS="$LIBS -liberty"; @@ -332,10 +332,6 @@ struct winsize { # define __attribute__(x) #endif /* !defined(__GNUC__) || (__GNUC__ < 2) */ -#if defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM) -# define USE_PAM -#endif /* defined(HAVE_SECURITY_PAM_APPL_H) && !defined(DISABLE_PAM) */ - #ifndef SUN_LEN #define SUN_LEN(su) \ (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path)) |