AIX openssh patches
David Rankin
drankin at bohemians.lexington.ky.us
Thu Jan 20 08:41:02 EST 2000
On Wed, Jan 19, 2000 at 02:00:19PM -0500, Matt Richards wrote:
(AIX 4 patch discussion truncated.)
> I did make a mistake in the inline. The configure script works fine
> for inline, just need to include config.h in cipher.c in order to get
> the inline define. I've updated the patch to reflect this.
I've attached the revised patch. I don't have SOCKS4 or SOCKS5 to play
with, so if you can test it, that'd be good. As mentioned, AIX users get
WITH_AIXAUTHENTICATE without choice now.
I did not include any of your USE_SYSRANDOM patches into this patch. I looked
at one of the AIX boxes I have access to, and srandom() is pseudorandom,
not truly random (or at least nearly as random as EGD). I don't feel
comfortable in making this an option given the attack possibilities
pseudorandom numbers give. Sorry.
> Is it feasible to have a configure switch to turn off using priviledged
> ports, even is the user has priviledges?
I'd think this is reasonable, although I'm so low on time I can't even
think about working on it.
Note: This patch is against pre27, which probably fixes almost all of
the "unsigned long" versus "int" problems you were seeing.
Index: acconfig.h
===================================================================
RCS file: /usr/local/cvs/openssh/acconfig.h,v
retrieving revision 1.19
diff -u -r1.19 acconfig.h
--- acconfig.h 2000/01/17 19:23:50 1.19
+++ acconfig.h 2000/01/19 21:08:57
@@ -12,6 +12,9 @@
/* Define if you want to disable PAM support */
#undef DISABLE_PAM
+/* Define if you want to disable AIX4's authenticate function */
+#undef WITH_AIXAUTHENTICATE
+
/* Define if you want to disable lastlog support */
#undef DISABLE_LASTLOG
@@ -29,6 +32,12 @@
/* Define if using the Dante SOCKS library. */
#undef HAVE_DANTE
+
+/* Define if using the Socks4 SOCKS library. */
+#undef HAVE_SOCKS4
+
+/* Define if using the Socks5 SOCKS library. */
+#undef HAVE_SOCKS5
/* Define if your ssl headers are included with #include <ssl/header.h> */
#undef HAVE_SSL
Index: auth-passwd.c
===================================================================
RCS file: /usr/local/cvs/openssh/auth-passwd.c,v
retrieving revision 1.14
diff -u -r1.14 auth-passwd.c
--- auth-passwd.c 2000/01/17 18:39:32 1.14
+++ auth-passwd.c 2000/01/19 20:38:38
@@ -18,6 +18,10 @@
#include "servconf.h"
#include "xmalloc.h"
+#ifdef WITH_AIXAUTHENTICATE
+#include <login.h>
+#endif
+
#ifdef HAVE_SHADOW_H
# include <shadow.h>
#endif
@@ -40,6 +44,12 @@
struct spwd *spw;
#endif
+#ifdef WITH_AIXAUTHENTICATE
+ char *authmsg;
+ char *loginmsg;
+ int reenter = 1;
+#endif
+
/* deny if no user. */
if (pw == NULL)
return 0;
@@ -55,6 +65,15 @@
return ret;
/* Fall back to ordinary passwd authentication. */
}
+#endif
+#ifdef WITH_AIXAUTHENTICATE
+
+ if ( (authenticate(pw->pw_name,password,&reenter,&authmsg) == 0) &&
+ (loginrestrictions(pw->pw_name,S_LOGIN,NULL,&loginmsg) == 0))
+ return 1;
+ else
+ return 0;
+
#endif
#ifdef KRB4
if (options.kerberos_authentication == 1) {
Index: bsd-misc.c
===================================================================
RCS file: /usr/local/cvs/openssh/bsd-misc.c,v
retrieving revision 1.2
diff -u -r1.2 bsd-misc.c
--- bsd-misc.c 2000/01/17 18:39:33 1.2
+++ bsd-misc.c 2000/01/19 21:14:36
@@ -47,6 +47,9 @@
#include <sys/socket.h>
#include <sys/un.h>
#include <fcntl.h>
+#ifdef _AIX
+#include <stddef.h>
+#endif
#include "xmalloc.h"
#include "ssh.h"
Index: cipher.c
===================================================================
RCS file: /usr/local/cvs/openssh/cipher.c,v
retrieving revision 1.7
diff -u -r1.7 cipher.c
--- cipher.c 2000/01/17 17:27:31 1.7
+++ cipher.c 2000/01/19 20:38:38
@@ -16,6 +16,7 @@
#include "ssh.h"
#include "cipher.h"
+#include "config.h"
#ifdef HAVE_OPENSSL
#include <openssl/md5.h>
Index: config.h.in
===================================================================
RCS file: /usr/local/cvs/openssh/config.h.in,v
retrieving revision 1.22
diff -u -r1.22 config.h.in
--- config.h.in 2000/01/17 19:34:11 1.22
+++ config.h.in 2000/01/19 21:13:52
@@ -15,6 +15,9 @@
/* Define if you want to disable PAM support */
#undef DISABLE_PAM
+/* Define if you want to disable AIX4's authenticate function */
+#undef WITH_AIXAUTHENTICATE
+
/* Define if you want to disable lastlog support */
#undef DISABLE_LASTLOG
@@ -32,6 +35,12 @@
/* Define if using the Dante SOCKS library. */
#undef HAVE_DANTE
+
+/* Define if using the Socks4 SOCKS library. */
+#undef HAVE_SOCKS4
+
+/* Define if using the Socks5 SOCKS library. */
+#undef HAVE_SOCKS5
/* Define if your ssl headers are included with #include <ssl/header.h> */
#undef HAVE_SSL
Index: configure.in
===================================================================
RCS file: /usr/local/cvs/openssh/configure.in,v
retrieving revision 1.22
diff -u -r1.22 configure.in
--- configure.in 2000/01/17 19:34:14 1.22
+++ configure.in 2000/01/19 21:28:41
@@ -55,6 +55,8 @@
case "$host" in
*-*-aix*)
AFS_LIBS="-lld"
+ AC_DEFINE(WITH_AIXAUTHENTICATE)
+ LIBS="$LIBS -ls"
;;
*-*-hpux10*)
if test -z "$GCC"; then
@@ -497,13 +499,53 @@
AC_ARG_WITH(dante,
[ --with-dante=DIR Use Dante SOCKS lib (default is system library path)],
[
- AC_DEFINE(HAVE_DANTE)
+ SAVELIBS="$LIBS"
+ SOCKSLIBS=""
+ SOCKSLIBPATH=""
if test "x$withval" != "xno" ; then
if test -n $withval ; then
LIBS="$LIBS -L$withval"
+ SOCKSLIBPATH="-L$withval"
fi
- LIBS="$LIBS -lsocks"
+ AC_CHECK_LIB(socks, Rconnect, AC_DEFINE(HAVE_DANTE) SOCKSLIBS="$SOCKSLIBPATH -lsocks")
fi
+ LIBS="$SAVELIBS $SOCKSLIBS"
+ ]
+)
+
+dnl Compile with SOCKS4 SOCKS library
+AC_ARG_WITH(socks4,
+ [ --with-socks4=DIR Use Socks4 SOCKS lib (default is system library path)],
+ [
+ SAVELIBS="$LIBS"
+ SOCKSLIBS=""
+ SOCKSLIBPATH=""
+ if test "x$withval" != "xno" ; then
+ if test -n $withval ; then
+ LIBS="$LIBS -L$withval"
+ SOCKSLIBPATH="-L$withval"
+ fi
+ AC_CHECK_LIB(socks, Rconnect, AC_DEFINE(HAVE_SOCKS4) SOCKSLIBS="$SOCKSLIBPATH -lsocks")
+ fi
+ LIBS="$SAVELIBS $SOCKSLIBS"
+ ]
+)
+
+dnl Compile with SOCKS5 SOCKS library
+AC_ARG_WITH(socks5,
+ [ --with-socks5=DIR Use Socks5 SOCKS lib (default is system library path)],
+ [
+ SAVELIBS="$LIBS"
+ SOCKSLIBS=""
+ SOCKSLIBPATH=""
+ if test "x$withval" != "xno" ; then
+ if test -n $withval ; then
+ LIBS="$LIBS -L$withval"
+ SOCKSLIBPATH="-L$withval"
+ fi
+ AC_CHECK_LIB(socks5, SOCKSconnect, AC_DEFINE(HAVE_SOCKS5) SOCKSLIBS="$SOCKSLIBPATH -lsocks5")
+ fi
+ LIBS="$SAVELIBS $SOCKSLIBS"
]
)
Index: ssh-keygen.c
===================================================================
RCS file: /usr/local/cvs/openssh/ssh-keygen.c,v
retrieving revision 1.7
diff -u -r1.7 ssh-keygen.c
--- ssh-keygen.c 2000/01/17 16:53:27 1.7
+++ ssh-keygen.c 2000/01/19 20:38:39
@@ -101,7 +101,7 @@
if (f && fgets(line, sizeof(line), f)) {
cp = line;
line[strlen(line) - 1] = '\0';
- if (auth_rsa_read_key(&cp, &dummy, e, n)) {
+ if (auth_rsa_read_key(&cp, (unsigned int *)&dummy, e, n)) {
public_key->e = e;
public_key->n = n;
comment = xstrdup(cp ? cp : "no comment");
Index: ssh.c
===================================================================
RCS file: /usr/local/cvs/openssh/ssh.c,v
retrieving revision 1.13
diff -u -r1.13 ssh.c
--- ssh.c 2000/01/17 19:24:17 1.13
+++ ssh.c 2000/01/19 20:38:39
@@ -213,6 +213,10 @@
/* Save our own name. */
av0 = av[0];
+#ifdef SOCKS
+ SOCKSinit(av0);
+#endif /* SOCKS */
+
/* Initialize option structure to indicate that no values have been set. */
initialize_options(&options);
Index: ssh.h
===================================================================
RCS file: /usr/local/cvs/openssh/ssh.h,v
retrieving revision 1.15
diff -u -r1.15 ssh.h
--- ssh.h 2000/01/17 19:24:19 1.15
+++ ssh.h 2000/01/19 21:16:53
@@ -752,7 +752,7 @@
#include "auth-pam.h"
#endif /* USE_PAM */
-#ifdef HAVE_DANTE
+#if defined(HAVE_DANTE) || defined(HAVE_SOCKS4)
/*
* The following defines map the normal socket operations to SOCKSified
* versions coming from the Dante SOCKS package.
@@ -795,6 +795,54 @@
size_t, int, const struct sockaddr *, socklen_t);
ssize_t Rwrite(int , const void *, size_t );
ssize_t Rwritev(int , const struct iovec *, int );
-#endif /* HAVE_DANTE */
+#endif /* HAVE_DANTE || HAVE_SOCKS4 */
+#if defined(HAVE_SOCKS5)
+/*
+ * The following defines map the normal socket operations to SOCKSified
+ * versions coming from the Dante SOCKS package.
+ */
+#define accept SOCKSaccept
+#define bind SOCKSbind
+#define bindresvport SOCKSbindresvport
+#define connect SOCKSconnect
+#define gethostbyname SOCKSgethostbyname
+#define gethostbyname2 SOCKSgethostbyname2
+#define getpeername SOCKSgetpeername
+#define getsockname SOCKSgetsockname
+#define read SOCKSread
+#define readv SOCKSreadv
+#define recv SOCKSrecv
+#define recvmsg SOCKSrecvmsg
+#define recvfrom SOCKSrecvfrom
+#define rresvport SOCKSrresvport
+#define send SOCKSsend
+#define sendmsg SOCKSsendmsg
+#define sendto SOCKSsendto
+#define write SOCKSwrite
+#define writev SOCKSwritev
+int SOCKSaccept (int, struct sockaddr *, socklen_t *);
+int SOCKSbind (int, const struct sockaddr *, socklen_t);
+int SOCKSbindresvport(int , struct sockaddr_in *);
+int SOCKSconnect (int, const struct sockaddr *, socklen_t);
+struct hostent *SOCKSgethostbyname(const char *);
+struct hostent *SOCKSgethostbyname2(const char *, int);
+int SOCKSgetpeername (int, struct sockaddr *, socklen_t *);
+int SOCKSgetsockname (int, struct sockaddr *, socklen_t *);
+ssize_t SOCKSread(int , void *, size_t );
+ssize_t SOCKSreadv(int d, const struct iovec *iov, int iovcnt);
+ssize_t SOCKSrecv (int, void *, size_t, int);
+ssize_t SOCKSrecvfrom (int, void *, size_t, int, struct sockaddr *,
+ socklen_t *);
+ssize_t SOCKSsend (int, const void *, size_t, int);
+ssize_t SOCKSsendmsg (int, const struct msghdr *, int);
+ssize_t SOCKSsendto (int, const void *,
+ size_t, int, const struct sockaddr *, socklen_t);
+ssize_t SOCKSwrite(int , const void *, size_t );
+ssize_t SOCKSwritev(int , const struct iovec *, int );
+#endif /* SOCKS5 */
+
+#if defined(DANTE) || defined(SOCKS4) || defined(SOCKS5)
+#define SOCKS
+#endif /* defined(DANTE) || defined(SOCKS4) || defined(SOCKS5) */
#endif /* SSH_H */
Index: sshconnect.c
===================================================================
RCS file: /usr/local/cvs/openssh/sshconnect.c,v
retrieving revision 1.14
diff -u -r1.14 sshconnect.c
--- sshconnect.c 2000/01/17 19:24:20 1.14
+++ sshconnect.c 2000/01/19 20:38:40
@@ -883,7 +883,7 @@
debug("No challenge for skey authentication.");
return 0;
}
- challenge = packet_get_string(&payload_len);
+ challenge = packet_get_string((unsigned int *)&payload_len);
if (options.cipher == SSH_CIPHER_NONE)
log("WARNING: Encryption is disabled! "
"Reponse will be transmitted in clear text.");
Index: sshd.c
===================================================================
RCS file: /usr/local/cvs/openssh/sshd.c,v
retrieving revision 1.18
diff -u -r1.18 sshd.c
--- sshd.c 2000/01/17 19:24:22 1.18
+++ sshd.c 2000/01/19 21:02:01
@@ -1076,7 +1076,7 @@
packet_read_expect(&plen, SSH_CMSG_USER);
/* Get the user name. */
- user = packet_get_string(&ulen);
+ user = packet_get_string((unsigned int*)&ulen);
packet_integrity_check(plen, (4 + ulen), SSH_CMSG_USER);
/* Destroy the private and public keys. They will no longer be needed. */
@@ -1172,6 +1172,10 @@
{
struct passwd *pw, pwcopy;
+#ifdef WITH_AIXAUTHENTICATE
+ char *loginmsg;
+#endif /* WITH_AIXAUTHENTICATE */
+
#ifdef AFS
/* If machine has AFS, set process authentication group. */
if (k_hasafs()) {
@@ -1180,6 +1184,8 @@
}
#endif /* AFS */
+ pw = (struct passwd *) malloc (sizeof(struct passwd));
+
/* Verify that the user is a valid user. */
pw = getpwnam(user);
if (!pw || !allowed_user(pw))
@@ -1237,6 +1243,9 @@
get_canonical_hostname());
}
/* The user has been authenticated and accepted. */
+#ifdef WITH_AIXAUTHENTICATE
+ loginsuccess(user,get_canonical_hostname(),"ssh",&loginmsg);
+#endif /* WITH_AIXAUTHENTICATE */
packet_start(SSH_SMSG_SUCCESS);
packet_send();
packet_write_wait();
@@ -1349,7 +1358,7 @@
* authentication is insecure. (Another is
* IP-spoofing on a local network.)
*/
- client_user = packet_get_string(&ulen);
+ client_user = packet_get_string((unsigned int *)&ulen);
packet_integrity_check(plen, 4 + ulen, type);
/* Try to authenticate using /etc/hosts.equiv and
@@ -1369,7 +1378,7 @@
* trust the client; root on the client machine can
* claim to be any user.
*/
- client_user = packet_get_string(&ulen);
+ client_user = packet_get_string((unsigned int *)&ulen);
/* Get the client host key. */
client_host_key_e = BN_new();
@@ -1414,7 +1423,7 @@
* transmitted over the encrypted channel so it is
* not visible to an outside observer.
*/
- password = packet_get_string(&dlen);
+ password = packet_get_string((unsigned int *)&dlen);
packet_integrity_check(plen, 4 + dlen, type);
#ifdef USE_PAM
@@ -1493,26 +1502,42 @@
#ifdef USE_PAM
if (!do_pam_account(pw->pw_name, client_user))
{
- if (client_user != NULL)
+ if (client_user != NULL) {
xfree(client_user);
+ client_user = NULL;
+ }
do_fake_authloop(pw->pw_name);
}
#endif /* USE_PAM */
return;
- }
+ }
- if (client_user != NULL)
+/* HEAP*/
+#if 1
+ if (client_user != NULL) {
xfree(client_user);
+ client_user = NULL;
+ }
+#endif
if (attempt > AUTH_FAIL_MAX)
packet_disconnect(AUTH_FAIL_MSG, pw->pw_name);
/* Send a message indicating that the authentication attempt failed. */
+#ifdef WITH_AIXAUTHENTICATE
+ if (strncmp(get_authname(type),"password",
+ strlen(get_authname(type))) == 0)
+ loginfailed(pw->pw_name,get_canonical_hostname(),"ssh");
+#endif /* WITH_AIXAUTHENTICATE */
+
packet_start(SSH_SMSG_FAILURE);
packet_send();
packet_write_wait();
}
+
+
+
}
/*
@@ -1691,7 +1716,7 @@
ttyname, tty_mode, strerror(errno));
/* Get TERM from the packet. Note that the value may be of arbitrary length. */
- term = packet_get_string(&dlen);
+ term = packet_get_string((unsigned int *)&dlen);
packet_integrity_check(dlen, strlen(term), type);
/* packet_integrity_check(plen, 4 + dlen + 4*4 + n_bytes, type); */
/* Remaining bytes */
@@ -1736,8 +1761,8 @@
packet_disconnect("Protocol error: X11 display already set.");
{
int proto_len, data_len;
- proto = packet_get_string(&proto_len);
- data = packet_get_string(&data_len);
+ proto = packet_get_string((unsigned int *)&proto_len);
+ data = packet_get_string((unsigned int *)&data_len);
packet_integrity_check(plen, 4 + proto_len + 4 + data_len + 4, type);
}
if (packet_get_protocol_flags() & SSH_PROTOFLAG_SCREEN_NUMBER)
@@ -1820,7 +1845,7 @@
/* Get command from the packet. */
{
int dlen;
- command = packet_get_string(&dlen);
+ command = packet_get_string((unsigned int *)&dlen);
debug("Executing command '%.500s'", command);
packet_integrity_check(plen, 4 + dlen, type);
}
@@ -2416,6 +2441,16 @@
if (display)
child_set_env(&env, &envsize, "DISPLAY", display);
+ {
+ char *authstate,*krb5cc;
+
+ if ((authstate = getenv("AUTHSTATE")) != NULL)
+ child_set_env(&env,&envsize,"AUTHSTATE",authstate);
+
+ if ((krb5cc = getenv("KRB5CCNAME")) != NULL)
+ child_set_env(&env,&envsize,"KRB5CCNAME",krb5cc);
+ }
+
#ifdef KRB4
{
extern char *ticket;
@@ -2436,6 +2471,8 @@
if (auth_get_socket_name() != NULL)
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_get_socket_name());
+
+ read_environment_file(&env,&envsize,"/etc/environment");
/* read $HOME/.ssh/environment. */
if (!options.use_login) {
Index: configure
===================================================================
RCS file: /usr/local/cvs/openssh/configure,v
retrieving revision 1.22
diff -u -r1.22 configure
--- configure 2000/01/17 19:34:11 1.22
+++ configure 2000/01/19 21:32:12
@@ -28,6 +28,10 @@
ac_help="$ac_help
--with-dante=DIR Use Dante SOCKS lib (default is system library path)"
ac_help="$ac_help
+ --with-socks4=DIR Use Socks4 SOCKS lib (default is system library path)"
+ac_help="$ac_help
+ --with-socks5=DIR Use Socks5 SOCKS lib (default is system library path)"
+ac_help="$ac_help
--with-kerberos4=PATH Enable Kerberos 4 support"
ac_help="$ac_help
--with-afs=PATH Enable AFS support"
@@ -1236,6 +1240,11 @@
case "$host" in
*-*-aix*)
AFS_LIBS="-lld"
+ cat >> confdefs.h <<\EOF
+#define WITH_AIXAUTHENTICATE 1
+EOF
+
+ LIBS="$LIBS -ls"
;;
*-*-hpux10*)
if test -z "$GCC"; then
@@ -2878,16 +2887,183 @@
if test "${with_dante+set}" = set; then
withval="$with_dante"
- cat >> confdefs.h <<\EOF
+ SAVELIBS="$LIBS"
+ SOCKSLIBS=""
+ SOCKSLIBPATH=""
+ if test "x$withval" != "xno" ; then
+ if test -n $withval ; then
+ LIBS="$LIBS -L$withval"
+ SOCKSLIBPATH="-L$withval"
+ fi
+ echo $ac_n "checking for Rconnect in -lsocks""... $ac_c" 1>&6
+echo "configure:2900: checking for Rconnect in -lsocks" >&5
+ac_lib_var=`echo socks'_'Rconnect | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-lsocks $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 2908 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char Rconnect();
+
+int main() {
+Rconnect()
+; return 0; }
+EOF
+if { (eval echo configure:2919: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ cat >> confdefs.h <<\EOF
#define HAVE_DANTE 1
EOF
+ SOCKSLIBS="$SOCKSLIBPATH -lsocks"
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ fi
+ LIBS="$SAVELIBS $SOCKSLIBS"
+
+fi
+
+
+# Check whether --with-socks4 or --without-socks4 was given.
+if test "${with_socks4+set}" = set; then
+ withval="$with_socks4"
+
+ SAVELIBS="$LIBS"
+ SOCKSLIBS=""
+ SOCKSLIBPATH=""
if test "x$withval" != "xno" ; then
if test -n $withval ; then
LIBS="$LIBS -L$withval"
+ SOCKSLIBPATH="-L$withval"
fi
- LIBS="$LIBS -lsocks"
+ echo $ac_n "checking for Rconnect in -lsocks""... $ac_c" 1>&6
+echo "configure:2962: checking for Rconnect in -lsocks" >&5
+ac_lib_var=`echo socks'_'Rconnect | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-lsocks $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 2970 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char Rconnect();
+
+int main() {
+Rconnect()
+; return 0; }
+EOF
+if { (eval echo configure:2981: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ cat >> confdefs.h <<\EOF
+#define HAVE_SOCKS4 1
+EOF
+ SOCKSLIBS="$SOCKSLIBPATH -lsocks"
+else
+ echo "$ac_t""no" 1>&6
+fi
+
+ fi
+ LIBS="$SAVELIBS $SOCKSLIBS"
+
+
+fi
+
+
+# Check whether --with-socks5 or --without-socks5 was given.
+if test "${with_socks5+set}" = set; then
+ withval="$with_socks5"
+
+ SAVELIBS="$LIBS"
+ SOCKSLIBS=""
+ SOCKSLIBPATH=""
+ if test "x$withval" != "xno" ; then
+ if test -n $withval ; then
+ LIBS="$LIBS -L$withval"
+ SOCKSLIBPATH="-L$withval"
+ fi
+ echo $ac_n "checking for SOCKSconnect in -lsocks5""... $ac_c" 1>&6
+echo "configure:3024: checking for SOCKSconnect in -lsocks5" >&5
+ac_lib_var=`echo socks5'_'SOCKSconnect | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+ echo $ac_n "(cached) $ac_c" 1>&6
+else
+ ac_save_LIBS="$LIBS"
+LIBS="-lsocks5 $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 3032 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error. */
+/* We use char because int might match the return type of a gcc2
+ builtin and then its argument prototype would still apply. */
+char SOCKSconnect();
+
+int main() {
+SOCKSconnect()
+; return 0; }
+EOF
+if { (eval echo configure:3043: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=yes"
+else
+ echo "configure: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ rm -rf conftest*
+ eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+ echo "$ac_t""yes" 1>&6
+ cat >> confdefs.h <<\EOF
+#define HAVE_SOCKS5 1
+EOF
+ SOCKSLIBS="$SOCKSLIBPATH -lsocks5"
+else
+ echo "$ac_t""no" 1>&6
+fi
+
fi
+ LIBS="$SAVELIBS $SOCKSLIBS"
fi
More information about the openssh-unix-dev
mailing list