- Added (untested) Entropy Gathering Daemon (EGD) support
- Merged several minor fixed:
- ssh-agent commandline parsing
- RPM spec file now installs ssh setuid root
- Makefile creates libdir
- Merged beginnings of Solaris compability from Marc G. Fournier
<marc.fournier@acadiau.ca>
diff --git a/ChangeLog b/ChangeLog
index 047c5b7..f95a7ec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,8 +1,13 @@
+19991111
+ - Added (untested) Entropy Gathering Daemon (EGD) support
+
19991110
- Merged several minor fixed:
- ssh-agent commandline parsing
- RPM spec file now installs ssh setuid root
- Makefile creates libdir
+ - Merged beginnings of Solaris compability from Marc G. Fournier
+ <marc.fournier@acadiau.ca>
19991109
- Autodetection of SSL/Crypto library location via autoconf
diff --git a/acconfig.h b/acconfig.h
index c859c25..063b917 100644
--- a/acconfig.h
+++ b/acconfig.h
@@ -3,8 +3,20 @@
/* SSL directory. */
#undef ssldir
+/* Random number pool */
+#undef RANDOM_POOL
+
+/* Are we using the Entropy gathering daemon */
+#undef HAVE_EGD
+
/* Define if your ssl headers are included with #include <ssl/header.h> */
#undef HAVE_SSL
/* Define if your ssl headers are included with #include <openssl/header.h> */
#undef HAVE_OPENSSL
+
+/* Define is utmp.h has a ut_host field */
+#undef HAVE_HOST_IN_UTMP
+
+/* Define is libutil has login() function */
+#undef HAVE_LIBUTIL_LOGIN
diff --git a/configure.in b/configure.in
index fc59cbb..b16c129 100644
--- a/configure.in
+++ b/configure.in
@@ -1,44 +1,25 @@
-dnl Process this file with autoconf to produce a configure script.
-
-AC_INIT(auth-krb4.c)
+AC_INIT(ssh.c)
AC_CONFIG_HEADER(config.h)
dnl Checks for programs.
AC_PROG_CC
+AC_PROG_CPP
AC_PROG_RANLIB
AC_CHECK_PROG(AR, ar, ar)
if test "$GCC" = "yes"; then CFLAGS="$CFLAGS -Wall"; fi
-dnl Checks for libraries.
-dnl Replace `main' with a function in -lcrypto:
-AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***]))
-dnl Replace `main' with a function in -lutil:
-AC_CHECK_LIB(util, logout, ,AC_MSG_ERROR([*** -lutil missing - this is part of libc. ***]))
-dnl Replace `main' with a function in -lz:
-AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***]))
-dnl check for nsl
-AC_CHECK_LIB(nsl, yp_match, , )
-dnl check for dl
-AC_CHECK_LIB(dl, dlopen, , )
-dnl check for pam
-AC_CHECK_LIB(pam, pam_authenticate, , )
-
dnl Check for OpenSSL/SSLeay directories.
AC_MSG_CHECKING([for OpenSSL/SSLeay directory])
-for dir in /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg ; do
- ssldir="$dir"
- if test -f "$dir/include/openssl/crypto.h"; then
+for ssldir in /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local $prefix /usr/pkg ; do
+ if test -f "$ssldir/include/openssl/crypto.h"; then
AC_DEFINE(HAVE_OPENSSL)
break
fi
- if test -f "$dir/include/ssl/crypto.h"; then
+ if test -f "$ssldir/include/ssl/crypto.h"; then
AC_DEFINE(HAVE_SSL)
break
fi
- if test -f "$dir/include/crypto.h"; then
- break
- fi
done
AC_MSG_RESULT($ssldir)
AC_SUBST(ssldir)
@@ -57,17 +38,67 @@
[AC_MSG_RESULT(yes); ],
[AC_MSG_RESULT(no)]; LIBS="$saved_LIBS")
+dnl Checks for libraries.
+AC_CHECK_LIB(crypto, CRYPTO_lock, ,AC_MSG_ERROR([*** libcrypto missing - please install first ***]))
+AC_CHECK_LIB(z, deflate, ,AC_MSG_ERROR([*** zlib missing - please install first ***]))
+AC_CHECK_LIB(util, login, AC_DEFINE(HAVE_LIBUTIL_LOGIN) LIBS="$LIBS -lutil")
+AC_CHECK_LIB(nsl, yp_match, , )
+AC_CHECK_LIB(socket, main, , )
+
+dnl libdl is needed by PAM on Redhat systems
+AC_CHECK_LIB(dl, dlopen, , )
+AC_CHECK_LIB(pam, pam_authenticate, , )
+
dnl Checks for header files.
-AC_CHECK_HEADERS(pty.h)
+AC_CHECK_HEADERS(pty.h endian.h paths.h lastlog.h)
dnl Checks for library functions.
AC_PROG_GCC_TRADITIONAL
AC_CHECK_FUNCS(openpty strlcpy mkdtemp arc4random setproctitle)
+dnl Check for ut_host field in utmp
+AC_MSG_CHECKING([whether utmp.h has ut_host field])
+AC_EGREP_HEADER(ut_host, utmp.h,
+ [AC_DEFINE(HAVE_HOST_IN_UTMP) AC_MSG_RESULT(yes); ],
+ [AC_MSG_RESULT(no)]
+)
+
dnl Check whether user wants GNOME ssh-askpass
AC_ARG_WITH(gnome-askpass,
[ --with-gnome-askpass Build and use the GNOME passphrase requester],
[GNOME_ASKPASS="gnome-ssh-askpass"])
AC_SUBST(GNOME_ASKPASS)
+dnl Check for user-specified random device
+AC_ARG_WITH(random,
+ [ --with-random=FILE read randomness from FILE (default /dev/urandom)],
+ [
+ RANDOM_POOL="$withval";
+ AC_DEFINE(RANDOM_POOL, "$RANDOM_POOL")
+ ],
+ [
+ dnl Check for random device
+ AC_CHECK_FILE("/dev/urandom",
+ [
+ RANDOM_POOL="/dev/urandom";
+ AC_DEFINE(RANDOM_POOL, "$RANDOM_POOL")
+ ]
+ )
+ ]
+)
+
+dnl Check for EGD pool file
+AC_ARG_WITH(egd-pool,
+ [ --with-egd-pool=FILE read randomness from EGD pool FILE],
+ [
+ RANDOM_POOL="$withval";
+ AC_DEFINE(HAVE_EGD)
+ AC_DEFINE(RANDOM_POOL, "$RANDOM_POOL")
+ ]
+)
+
+if test -z "$RANDOM_POOL" -a -z "$EGD_POOL"; then
+ AC_MSG_ERROR([No random device found, and no EGD random pool specified])
+fi
+
AC_OUTPUT(Makefile)
diff --git a/helper.c b/helper.c
index 6959535..6d77759 100644
--- a/helper.c
+++ b/helper.c
@@ -45,6 +45,7 @@
#include "rc4.h"
#include "xmalloc.h"
+#include "ssh.h"
#include "config.h"
#include "helper.h"
@@ -79,28 +80,35 @@
void get_random_bytes(unsigned char *buf, int len)
{
- int urandom;
+ int random_pool;
int c;
+#ifdef HAVE_EGD
+ char egd_message[2] = { 0x02, 0x00 };
+#endif /* HAVE_EGD */
- urandom = open("/dev/urandom", O_RDONLY);
- if (urandom == -1)
- {
- fprintf(stderr, "Couldn't open /dev/urandom: %s", strerror(errno));
- exit(1);
- }
+ random_pool = open(RANDOM_POOL, O_RDONLY);
+ if (random_pool == -1)
+ fatal("Couldn't open random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
- c = read(urandom, buf, len);
+#ifdef HAVE_EGD
+ if (len > 255)
+ fatal("Too many bytes to read from EGD");
+
+ /* Send blocking read request to EGD */
+ egd_message[1] = len;
+ c = write(random_pool, egd_message, sizeof(egd_message));
if (c == -1)
- {
- fprintf(stderr, "Couldn't read from /dev/urandom: %s", strerror(errno));
- exit(1);
- }
+ fatal("Couldn't write to EGD socket \"%s\": %s", RANDOM_POOL, strerror(errno));
+#endif /* HAVE_EGD */
+
+ c = read(random_pool, buf, len);
+ if (c == -1)
+ fatal("Couldn't read from random pool \"%s\": %s", RANDOM_POOL, strerror(errno));
if (c != len)
- {
- fprintf(stderr, "Short read from /dev/urandom");
- exit(1);
- }
+ fatal("Short read from random pool \"%s\"", RANDOM_POOL);
+
+ close(random_pool);
}
#endif /* !HAVE_ARC4RANDOM */
diff --git a/includes.h b/includes.h
index a1a6da6..198e729 100644
--- a/includes.h
+++ b/includes.h
@@ -37,7 +37,6 @@
#include <arpa/inet.h>
#include <netdb.h>
-#include <endian.h>
#include <stdio.h>
#include <ctype.h>
#include <errno.h>
@@ -52,13 +51,18 @@
#include <grp.h>
#include <unistd.h>
#include <time.h>
-#include <paths.h>
#include <dirent.h>
-#include "version.h"
-
#include "config.h"
+#ifdef HAVE_PATHS_H
+# include <paths.h>
+#endif
+#ifdef HAVE_ENDIAN_H
+# include <endian.h>
+#endif
+
+#include "version.h"
#include "helper.h"
#include "mktemp.h"
#include "strlcpy.h"
diff --git a/login.c b/login.c
index 0c1e61b..8791ec5 100644
--- a/login.c
+++ b/login.c
@@ -18,9 +18,14 @@
*/
#include "includes.h"
-RCSID("$Id: login.c,v 1.1 1999/10/27 03:42:44 damien Exp $");
+RCSID("$Id: login.c,v 1.2 1999/11/10 23:40:23 damien Exp $");
#include <utmp.h>
+
+#ifdef HAVE_LASTLOG_H
+# include <lastlog.h>
+#endif
+
#include "ssh.h"
/* Returns the time when the user last logged in. Returns 0 if the
@@ -76,7 +81,9 @@
strncpy(u.ut_line, ttyname + 5, sizeof(u.ut_line));
u.ut_time = time(NULL);
strncpy(u.ut_name, user, sizeof(u.ut_name));
+#ifdef HAVE_HOST_IN_UTMP
strncpy(u.ut_host, host, sizeof(u.ut_host));
+#endif
/* Figure out the file names. */
utmp = _PATH_UTMP;
@@ -108,11 +115,14 @@
}
}
-/* Records that the user has logged out. */
-
void record_logout(int pid, const char *ttyname)
{
+#ifdef HAVE_LIBUTIL_LOGIN
const char *line = ttyname + 5; /* /dev/ttyq8 -> ttyq8 */
if (logout(line))
logwtmp(line, "", "");
+#else /* HAVE_LIBUTIL_LOGIN */
+ record_login(pid, ttyname, "", -1, "", NULL);
+#endif /* HAVE_LIBUTIL_LOGIN */
}
+
diff --git a/mktemp.c b/mktemp.c
index de11a6b..be03ac9 100644
--- a/mktemp.c
+++ b/mktemp.c
@@ -52,7 +52,7 @@
#ifndef HAVE_MKDTEMP
-static int _gettemp __P((char *, int *, int, int));
+static int _gettemp(char *, int *, int, int);
int
mkstemps(path, slen)
diff --git a/rsa.h b/rsa.h
index 98a183f..c19b5a9 100644
--- a/rsa.h
+++ b/rsa.h
@@ -13,7 +13,7 @@
*/
-/* RCSID("$Id: rsa.h,v 1.2 1999/10/28 03:25:17 damien Exp $"); */
+/* RCSID("$Id: rsa.h,v 1.3 1999/11/10 23:40:23 damien Exp $"); */
#include "config.h"
#ifndef RSA_H
@@ -34,11 +34,11 @@
/* Indicates whether the rsa module is permitted to show messages on
the terminal. */
-void rsa_set_verbose __P((int verbose));
+void rsa_set_verbose(int verbose);
-int rsa_alive __P((void));
+int rsa_alive(void);
-void rsa_public_encrypt __P((BIGNUM *out, BIGNUM *in, RSA *prv));
-void rsa_private_decrypt __P((BIGNUM *out, BIGNUM *in, RSA *prv));
+void rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *prv);
+void rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *prv);
#endif /* RSA_H */
diff --git a/ssh.h b/ssh.h
index ddcb538..a91312a 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,12 +13,14 @@
*/
-/* RCSID("$Id: ssh.h,v 1.8 1999/11/08 23:28:04 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.9 1999/11/10 23:40:23 damien Exp $"); */
#ifndef SSH_H
#define SSH_H
-/* Added by Dan */
+#include <netinet/in.h> /* For struct sockaddr_in */
+#include <pwd.h> /* For struct pw */
+
#ifndef SHUT_RDWR
enum
{