AIX openssh patches

David Rankin drankin at bohemians.lexington.ky.us
Thu Jan 20 08:41:02 EST 2000


On Wed, Jan 19, 2000 at 02:00:19PM -0500, Matt Richards wrote:
(AIX 4 patch discussion truncated.)
> I did make a mistake in the inline. The configure script works fine
> for inline, just need to include config.h in cipher.c in order to get
> the inline define. I've updated the patch to reflect this.

I've attached the revised patch. I don't have SOCKS4 or SOCKS5 to play
with, so if you can test it, that'd be good. As mentioned, AIX users get
WITH_AIXAUTHENTICATE without choice now.

I did not include any of your USE_SYSRANDOM patches into this patch. I looked
at one of the AIX boxes I have access to, and srandom() is pseudorandom,
not truly random (or at least nearly as random as EGD). I don't feel
comfortable in making this an option given the attack possibilities 
pseudorandom numbers give. Sorry.

> Is it feasible to have a configure switch to turn off using priviledged
> ports, even is the user has priviledges?

I'd think this is reasonable, although I'm so low on time I can't even
think about working on it.

Note: This patch is against pre27, which probably fixes almost all of
the "unsigned long" versus "int" problems you were seeing.

Index: acconfig.h
===================================================================
RCS file: /usr/local/cvs/openssh/acconfig.h,v
retrieving revision 1.19
diff -u -r1.19 acconfig.h
--- acconfig.h	2000/01/17 19:23:50	1.19
+++ acconfig.h	2000/01/19 21:08:57
@@ -12,6 +12,9 @@
 /* Define if you want to disable PAM support */
 #undef DISABLE_PAM
 
+/* Define if you want to disable AIX4's authenticate function */
+#undef WITH_AIXAUTHENTICATE
+
 /* Define if you want to disable lastlog support */
 #undef DISABLE_LASTLOG
 
@@ -29,6 +32,12 @@
 
 /* Define if using the Dante SOCKS library. */
 #undef HAVE_DANTE
+
+/* Define if using the Socks4 SOCKS library. */
+#undef HAVE_SOCKS4
+
+/* Define if using the Socks5 SOCKS library. */
+#undef HAVE_SOCKS5
 
 /* Define if your ssl headers are included with #include <ssl/header.h>  */
 #undef HAVE_SSL
Index: auth-passwd.c
===================================================================
RCS file: /usr/local/cvs/openssh/auth-passwd.c,v
retrieving revision 1.14
diff -u -r1.14 auth-passwd.c
--- auth-passwd.c	2000/01/17 18:39:32	1.14
+++ auth-passwd.c	2000/01/19 20:38:38
@@ -18,6 +18,10 @@
 #include "servconf.h"
 #include "xmalloc.h"
 
+#ifdef WITH_AIXAUTHENTICATE
+#include <login.h>
+#endif
+
 #ifdef HAVE_SHADOW_H
 # include <shadow.h>
 #endif
@@ -40,6 +44,12 @@
 	struct spwd *spw;
 #endif
 
+#ifdef WITH_AIXAUTHENTICATE
+	char *authmsg;
+	char *loginmsg;
+	int reenter = 1;
+#endif
+
 	/* deny if no user. */
 	if (pw == NULL)
 		return 0;
@@ -55,6 +65,15 @@
 			return ret;
 		/* Fall back to ordinary passwd authentication. */
 	}
+#endif
+#ifdef WITH_AIXAUTHENTICATE
+
+	if ( (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0) &&
+	     (loginrestrictions(pw->pw_name,S_LOGIN,NULL,&loginmsg) == 0))
+              return 1;
+	else 
+	      return 0;
+	
 #endif
 #ifdef KRB4
 	if (options.kerberos_authentication == 1) {
Index: bsd-misc.c
===================================================================
RCS file: /usr/local/cvs/openssh/bsd-misc.c,v
retrieving revision 1.2
diff -u -r1.2 bsd-misc.c
--- bsd-misc.c	2000/01/17 18:39:33	1.2
+++ bsd-misc.c	2000/01/19 21:14:36
@@ -47,6 +47,9 @@
 #include <sys/socket.h>
 #include <sys/un.h>
 #include <fcntl.h>
+#ifdef _AIX
+#include <stddef.h>
+#endif
 
 #include "xmalloc.h"
 #include "ssh.h"
Index: cipher.c
===================================================================
RCS file: /usr/local/cvs/openssh/cipher.c,v
retrieving revision 1.7
diff -u -r1.7 cipher.c
--- cipher.c	2000/01/17 17:27:31	1.7
+++ cipher.c	2000/01/19 20:38:38
@@ -16,6 +16,7 @@
 
 #include "ssh.h"
 #include "cipher.h"
+#include "config.h"
 
 #ifdef HAVE_OPENSSL
 #include <openssl/md5.h>
Index: config.h.in
===================================================================
RCS file: /usr/local/cvs/openssh/config.h.in,v
retrieving revision 1.22
diff -u -r1.22 config.h.in
--- config.h.in	2000/01/17 19:34:11	1.22
+++ config.h.in	2000/01/19 21:13:52
@@ -15,6 +15,9 @@
 /* Define if you want to disable PAM support */
 #undef DISABLE_PAM
 
+/* Define if you want to disable AIX4's authenticate function */
+#undef WITH_AIXAUTHENTICATE
+
 /* Define if you want to disable lastlog support */
 #undef DISABLE_LASTLOG
 
@@ -32,6 +35,12 @@
 
 /* Define if using the Dante SOCKS library. */
 #undef HAVE_DANTE
+
+/* Define if using the Socks4 SOCKS library. */
+#undef HAVE_SOCKS4
+
+/* Define if using the Socks5 SOCKS library. */
+#undef HAVE_SOCKS5
 
 /* Define if your ssl headers are included with #include <ssl/header.h>  */
 #undef HAVE_SSL
Index: configure.in
===================================================================
RCS file: /usr/local/cvs/openssh/configure.in,v
retrieving revision 1.22
diff -u -r1.22 configure.in
--- configure.in	2000/01/17 19:34:14	1.22
+++ configure.in	2000/01/19 21:28:41
@@ -55,6 +55,8 @@
 case "$host" in
 *-*-aix*)
 	AFS_LIBS="-lld"
+	AC_DEFINE(WITH_AIXAUTHENTICATE)
+	LIBS="$LIBS -ls"
 	;;
 *-*-hpux10*)
 	if test -z "$GCC"; then
@@ -497,13 +499,53 @@
 AC_ARG_WITH(dante,
 	[  --with-dante=DIR        Use Dante SOCKS lib (default is system library path)],
 	[
-		AC_DEFINE(HAVE_DANTE)
+		SAVELIBS="$LIBS"
+		SOCKSLIBS=""
+		SOCKSLIBPATH=""
 		if test "x$withval" != "xno" ; then
 			if test -n $withval ; then
 				LIBS="$LIBS -L$withval"
+				SOCKSLIBPATH="-L$withval"
 			fi
-			LIBS="$LIBS -lsocks"
+			AC_CHECK_LIB(socks, Rconnect, AC_DEFINE(HAVE_DANTE) SOCKSLIBS="$SOCKSLIBPATH -lsocks")
 		fi
+		LIBS="$SAVELIBS $SOCKSLIBS"
+	]
+)
+
+dnl Compile with SOCKS4 SOCKS library
+AC_ARG_WITH(socks4,
+	[  --with-socks4=DIR        Use Socks4 SOCKS lib (default is system library path)],
+	[
+		SAVELIBS="$LIBS"
+		SOCKSLIBS=""
+		SOCKSLIBPATH=""
+		if test "x$withval" != "xno" ; then
+			if test -n $withval ; then
+				LIBS="$LIBS -L$withval"
+				SOCKSLIBPATH="-L$withval"
+			fi
+			AC_CHECK_LIB(socks, Rconnect, AC_DEFINE(HAVE_SOCKS4) SOCKSLIBS="$SOCKSLIBPATH -lsocks")
+		fi
+		LIBS="$SAVELIBS $SOCKSLIBS"
+	]
+)
+
+dnl Compile with SOCKS5 SOCKS library
+AC_ARG_WITH(socks5,
+	[  --with-socks5=DIR        Use Socks5 SOCKS lib (default is system library path)],
+	[
+		SAVELIBS="$LIBS"
+		SOCKSLIBS=""
+		SOCKSLIBPATH=""
+		if test "x$withval" != "xno" ; then
+			if test -n $withval ; then
+				LIBS="$LIBS -L$withval"
+				SOCKSLIBPATH="-L$withval"
+			fi
+			AC_CHECK_LIB(socks5, SOCKSconnect, AC_DEFINE(HAVE_SOCKS5) SOCKSLIBS="$SOCKSLIBPATH -lsocks5")
+		fi
+		LIBS="$SAVELIBS $SOCKSLIBS"
 	]
 )
 
Index: ssh-keygen.c
===================================================================
RCS file: /usr/local/cvs/openssh/ssh-keygen.c,v
retrieving revision 1.7
diff -u -r1.7 ssh-keygen.c
--- ssh-keygen.c	2000/01/17 16:53:27	1.7
+++ ssh-keygen.c	2000/01/19 20:38:39
@@ -101,7 +101,7 @@
 		if (f && fgets(line, sizeof(line), f)) {
 			cp = line;
 			line[strlen(line) - 1] = '\0';
-			if (auth_rsa_read_key(&cp, &dummy, e, n)) {
+			if (auth_rsa_read_key(&cp, (unsigned int *)&dummy, e, n)) {
 				public_key->e = e;
 				public_key->n = n;
 				comment = xstrdup(cp ? cp : "no comment");
Index: ssh.c
===================================================================
RCS file: /usr/local/cvs/openssh/ssh.c,v
retrieving revision 1.13
diff -u -r1.13 ssh.c
--- ssh.c	2000/01/17 19:24:17	1.13
+++ ssh.c	2000/01/19 20:38:39
@@ -213,6 +213,10 @@
 	/* Save our own name. */
 	av0 = av[0];
 
+#ifdef SOCKS
+	SOCKSinit(av0);
+#endif /* SOCKS */
+
 	/* Initialize option structure to indicate that no values have been set. */
 	initialize_options(&options);
 
Index: ssh.h
===================================================================
RCS file: /usr/local/cvs/openssh/ssh.h,v
retrieving revision 1.15
diff -u -r1.15 ssh.h
--- ssh.h	2000/01/17 19:24:19	1.15
+++ ssh.h	2000/01/19 21:16:53
@@ -752,7 +752,7 @@
 #include "auth-pam.h"
 #endif /* USE_PAM */
 
-#ifdef HAVE_DANTE
+#if defined(HAVE_DANTE) || defined(HAVE_SOCKS4)
 /*
  * The following defines map the normal socket operations to SOCKSified
  * versions coming from the Dante SOCKS package.
@@ -795,6 +795,54 @@
             size_t, int, const struct sockaddr *, socklen_t);
 ssize_t Rwrite(int , const void *, size_t );
 ssize_t Rwritev(int , const struct iovec *, int );
-#endif /* HAVE_DANTE */
+#endif /* HAVE_DANTE || HAVE_SOCKS4 */
 
+#if defined(HAVE_SOCKS5) 
+/*
+ * The following defines map the normal socket operations to SOCKSified
+ * versions coming from the Dante SOCKS package.
+ */
+#define accept SOCKSaccept
+#define bind SOCKSbind
+#define bindresvport SOCKSbindresvport
+#define connect SOCKSconnect
+#define gethostbyname SOCKSgethostbyname
+#define gethostbyname2 SOCKSgethostbyname2
+#define getpeername SOCKSgetpeername
+#define getsockname SOCKSgetsockname
+#define read SOCKSread
+#define readv SOCKSreadv
+#define recv SOCKSrecv
+#define recvmsg SOCKSrecvmsg
+#define recvfrom SOCKSrecvfrom
+#define rresvport SOCKSrresvport
+#define send SOCKSsend
+#define sendmsg SOCKSsendmsg
+#define sendto SOCKSsendto
+#define write SOCKSwrite
+#define writev SOCKSwritev
+int     SOCKSaccept (int, struct sockaddr *, socklen_t *);
+int     SOCKSbind (int, const struct sockaddr *, socklen_t);
+int	SOCKSbindresvport(int , struct sockaddr_in *);
+int     SOCKSconnect (int, const struct sockaddr *, socklen_t);
+struct hostent *SOCKSgethostbyname(const char *);
+struct hostent *SOCKSgethostbyname2(const char *, int);
+int     SOCKSgetpeername (int, struct sockaddr *, socklen_t *);
+int     SOCKSgetsockname (int, struct sockaddr *, socklen_t *);
+ssize_t SOCKSread(int , void *, size_t );
+ssize_t SOCKSreadv(int d, const struct iovec *iov, int iovcnt);
+ssize_t SOCKSrecv (int, void *, size_t, int);
+ssize_t SOCKSrecvfrom (int, void *, size_t, int, struct sockaddr *,
+            socklen_t *);
+ssize_t SOCKSsend (int, const void *, size_t, int);
+ssize_t SOCKSsendmsg (int, const struct msghdr *, int);
+ssize_t SOCKSsendto (int, const void *,
+            size_t, int, const struct sockaddr *, socklen_t);
+ssize_t SOCKSwrite(int , const void *, size_t );
+ssize_t SOCKSwritev(int , const struct iovec *, int );
+#endif /* SOCKS5 */
+
+#if defined(DANTE) || defined(SOCKS4) || defined(SOCKS5)
+#define SOCKS
+#endif /* defined(DANTE) || defined(SOCKS4) || defined(SOCKS5) */
 #endif				/* SSH_H */
Index: sshconnect.c
===================================================================
RCS file: /usr/local/cvs/openssh/sshconnect.c,v
retrieving revision 1.14
diff -u -r1.14 sshconnect.c
--- sshconnect.c	2000/01/17 19:24:20	1.14
+++ sshconnect.c	2000/01/19 20:38:40
@@ -883,7 +883,7 @@
 		debug("No challenge for skey authentication.");
 		return 0;
 	}
-	challenge = packet_get_string(&payload_len);
+	challenge = packet_get_string((unsigned int *)&payload_len);
 	if (options.cipher == SSH_CIPHER_NONE)
 		log("WARNING: Encryption is disabled! "
 		    "Reponse will be transmitted in clear text.");
Index: sshd.c
===================================================================
RCS file: /usr/local/cvs/openssh/sshd.c,v
retrieving revision 1.18
diff -u -r1.18 sshd.c
--- sshd.c	2000/01/17 19:24:22	1.18
+++ sshd.c	2000/01/19 21:02:01
@@ -1076,7 +1076,7 @@
 	packet_read_expect(&plen, SSH_CMSG_USER);
 
 	/* Get the user name. */
-	user = packet_get_string(&ulen);
+	user = packet_get_string((unsigned int*)&ulen);
 	packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
 
 	/* Destroy the private and public keys.  They will no longer be needed. */
@@ -1172,6 +1172,10 @@
 {
 	struct passwd *pw, pwcopy;
 
+#ifdef WITH_AIXAUTHENTICATE
+	char *loginmsg;
+#endif /* WITH_AIXAUTHENTICATE */
+
 #ifdef AFS
 	/* If machine has AFS, set process authentication group. */
 	if (k_hasafs()) {
@@ -1180,6 +1184,8 @@
 	}
 #endif /* AFS */
 
+	pw = (struct passwd *) malloc (sizeof(struct passwd));
+
 	/* Verify that the user is a valid user. */
 	pw = getpwnam(user);
 	if (!pw || !allowed_user(pw))
@@ -1237,6 +1243,9 @@
 					  get_canonical_hostname());
 	}
 	/* The user has been authenticated and accepted. */
+#ifdef WITH_AIXAUTHENTICATE
+	loginsuccess(user,get_canonical_hostname(),"ssh",&loginmsg);
+#endif /* WITH_AIXAUTHENTICATE */
 	packet_start(SSH_SMSG_SUCCESS);
 	packet_send();
 	packet_write_wait();
@@ -1349,7 +1358,7 @@
 			 * authentication is insecure. (Another is
 			 * IP-spoofing on a local network.)
 			 */
-			client_user = packet_get_string(&ulen);
+			client_user = packet_get_string((unsigned int *)&ulen);
 			packet_integrity_check(plen, 4 + ulen, type);
 
 			/* Try to authenticate using /etc/hosts.equiv and
@@ -1369,7 +1378,7 @@
 			 * trust the client; root on the client machine can
 			 * claim to be any user.
 			 */
-			client_user = packet_get_string(&ulen);
+			client_user = packet_get_string((unsigned int *)&ulen);
 
 			/* Get the client host key. */
 			client_host_key_e = BN_new();
@@ -1414,7 +1423,7 @@
 			 * transmitted over the encrypted channel so it is
 			 * not visible to an outside observer.
 			 */
-			password = packet_get_string(&dlen);
+			password = packet_get_string((unsigned int *)&dlen);
 			packet_integrity_check(plen, 4 + dlen, type);
 
 #ifdef USE_PAM
@@ -1493,26 +1502,42 @@
 #ifdef USE_PAM
 			if (!do_pam_account(pw->pw_name, client_user))
 			{
-				if (client_user != NULL)
+				if (client_user != NULL) {
 					xfree(client_user);
+					client_user = NULL;
+				}
 
 				do_fake_authloop(pw->pw_name);
 			}
 #endif /* USE_PAM */
 			return;
-		}
+		} 
 
-		if (client_user != NULL)
+/* HEAP*/
+#if 1
+		if (client_user != NULL) {
 			xfree(client_user);
+			client_user = NULL;
+		}
+#endif
 
 		if (attempt > AUTH_FAIL_MAX)
 			packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
 
 		/* Send a message indicating that the authentication attempt failed. */
+#ifdef WITH_AIXAUTHENTICATE 
+		if (strncmp(get_authname(type),"password",
+			      strlen(get_authname(type))) == 0)
+	          loginfailed(pw->pw_name,get_canonical_hostname(),"ssh");
+#endif /* WITH_AIXAUTHENTICATE */
+
 		packet_start(SSH_SMSG_FAILURE);
 		packet_send();
 		packet_write_wait();
 	}
+
+
+
 }
 
 /*
@@ -1691,7 +1716,7 @@
 				      ttyname, tty_mode, strerror(errno));
 
 			/* Get TERM from the packet.  Note that the value may be of arbitrary length. */
-			term = packet_get_string(&dlen);
+			term = packet_get_string((unsigned int *)&dlen);
 			packet_integrity_check(dlen, strlen(term), type);
 			/* packet_integrity_check(plen, 4 + dlen + 4*4 + n_bytes, type); */
 			/* Remaining bytes */
@@ -1736,8 +1761,8 @@
 				packet_disconnect("Protocol error: X11 display already set.");
 			{
 				int proto_len, data_len;
-				proto = packet_get_string(&proto_len);
-				data = packet_get_string(&data_len);
+				proto = packet_get_string((unsigned int *)&proto_len);
+				data = packet_get_string((unsigned int *)&data_len);
 				packet_integrity_check(plen, 4 + proto_len + 4 + data_len + 4, type);
 			}
 			if (packet_get_protocol_flags() & SSH_PROTOFLAG_SCREEN_NUMBER)
@@ -1820,7 +1845,7 @@
 			/* Get command from the packet. */
 			{
 				int dlen;
-				command = packet_get_string(&dlen);
+				command = packet_get_string((unsigned int *)&dlen);
 				debug("Executing command '%.500s'", command);
 				packet_integrity_check(plen, 4 + dlen, type);
 			}
@@ -2416,6 +2441,16 @@
 	if (display)
 		child_set_env(&env, &envsize, "DISPLAY", display);
 
+	{
+           char *authstate,*krb5cc;
+
+	   if ((authstate = getenv("AUTHSTATE")) != NULL)
+		 child_set_env(&env,&envsize,"AUTHSTATE",authstate);
+
+	   if ((krb5cc = getenv("KRB5CCNAME")) != NULL)
+		 child_set_env(&env,&envsize,"KRB5CCNAME",krb5cc);
+	}
+
 #ifdef KRB4
 	{
 		extern char *ticket;
@@ -2436,6 +2471,8 @@
 	if (auth_get_socket_name() != NULL)
 		child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
 			      auth_get_socket_name());
+
+	read_environment_file(&env,&envsize,"/etc/environment");
 
 	/* read $HOME/.ssh/environment. */
 	if (!options.use_login) {
Index: configure
===================================================================
RCS file: /usr/local/cvs/openssh/configure,v
retrieving revision 1.22
diff -u -r1.22 configure
--- configure	2000/01/17 19:34:11	1.22
+++ configure	2000/01/19 21:32:12
@@ -28,6 +28,10 @@
 ac_help="$ac_help
   --with-dante=DIR        Use Dante SOCKS lib (default is system library path)"
 ac_help="$ac_help
+  --with-socks4=DIR        Use Socks4 SOCKS lib (default is system library path)"
+ac_help="$ac_help
+  --with-socks5=DIR        Use Socks5 SOCKS lib (default is system library path)"
+ac_help="$ac_help
   --with-kerberos4=PATH   Enable Kerberos 4 support"
 ac_help="$ac_help
   --with-afs=PATH         Enable AFS support"
@@ -1236,6 +1240,11 @@
 case "$host" in
 *-*-aix*)
 	AFS_LIBS="-lld"
+	cat >> confdefs.h <<\EOF
+#define WITH_AIXAUTHENTICATE 1
+EOF
+
+	LIBS="$LIBS -ls"
 	;;
 *-*-hpux10*)
 	if test -z "$GCC"; then
@@ -2878,16 +2887,183 @@
 if test "${with_dante+set}" = set; then
   withval="$with_dante"
   
-		cat >> confdefs.h <<\EOF
+		SAVELIBS="$LIBS"
+		SOCKSLIBS=""
+		SOCKSLIBPATH=""
+		if test "x$withval" != "xno" ; then
+			if test -n $withval ; then
+				LIBS="$LIBS -L$withval"
+				SOCKSLIBPATH="-L$withval"
+			fi
+			echo $ac_n "checking for Rconnect in -lsocks""... $ac_c" 1>&6
+echo "configure:2900: checking for Rconnect in -lsocks" >&5
+ac_lib_var=`echo socks'_'Rconnect | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsocks  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 2908 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char Rconnect();
+
+int main() {
+Rconnect()
+; return 0; }
+EOF
+if { (eval echo configure:2919: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  cat >> confdefs.h <<\EOF
 #define HAVE_DANTE 1
 EOF
+ SOCKSLIBS="$SOCKSLIBPATH -lsocks"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+		fi
+		LIBS="$SAVELIBS $SOCKSLIBS"
+	
 
+fi
+
+
+# Check whether --with-socks4 or --without-socks4 was given.
+if test "${with_socks4+set}" = set; then
+  withval="$with_socks4"
+  
+		SAVELIBS="$LIBS"
+		SOCKSLIBS=""
+		SOCKSLIBPATH=""
 		if test "x$withval" != "xno" ; then
 			if test -n $withval ; then
 				LIBS="$LIBS -L$withval"
+				SOCKSLIBPATH="-L$withval"
 			fi
-			LIBS="$LIBS -lsocks"
+			echo $ac_n "checking for Rconnect in -lsocks""... $ac_c" 1>&6
+echo "configure:2962: checking for Rconnect in -lsocks" >&5
+ac_lib_var=`echo socks'_'Rconnect | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsocks  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 2970 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char Rconnect();
+
+int main() {
+Rconnect()
+; return 0; }
+EOF
+if { (eval echo configure:2981: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  cat >> confdefs.h <<\EOF
+#define HAVE_SOCKS4 1
+EOF
+ SOCKSLIBS="$SOCKSLIBPATH -lsocks"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
+		fi
+		LIBS="$SAVELIBS $SOCKSLIBS"
+	
+
+fi
+
+
+# Check whether --with-socks5 or --without-socks5 was given.
+if test "${with_socks5+set}" = set; then
+  withval="$with_socks5"
+  
+		SAVELIBS="$LIBS"
+		SOCKSLIBS=""
+		SOCKSLIBPATH=""
+		if test "x$withval" != "xno" ; then
+			if test -n $withval ; then
+				LIBS="$LIBS -L$withval"
+				SOCKSLIBPATH="-L$withval"
+			fi
+			echo $ac_n "checking for SOCKSconnect in -lsocks5""... $ac_c" 1>&6
+echo "configure:3024: checking for SOCKSconnect in -lsocks5" >&5
+ac_lib_var=`echo socks5'_'SOCKSconnect | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lsocks5  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 3032 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char SOCKSconnect();
+
+int main() {
+SOCKSconnect()
+; return 0; }
+EOF
+if { (eval echo configure:3043: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+  cat >> confdefs.h <<\EOF
+#define HAVE_SOCKS5 1
+EOF
+ SOCKSLIBS="$SOCKSLIBPATH -lsocks5"
+else
+  echo "$ac_t""no" 1>&6
+fi
+
 		fi
+		LIBS="$SAVELIBS $SOCKSLIBS"
 	
 
 fi





More information about the openssh-unix-dev mailing list