Hopefully things did not get mixed around too much. It compiles under

Linux and works.  So that is at least a good sign. =)
20010122
 - (bal) OpenBSD Resync
   - [email protected] 2001/01/19 12:45:26 GMT 2001 by markus
     [servconf.c ssh.h sshd.c]
     only auth-chall.c needs #ifdef SKEY
   - [email protected] 2001/01/19 15:55:10 GMT 2001 by markus
     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
      ssh1.h sshconnect1.c sshd.c ttymodes.c]
     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
   - [email protected] 2001/01/19 16:48:14
     [sshd.8]
     fix typo; from stevesk@
   - [email protected] 2001/01/19 16:50:58
     [ssh-dss.c]
     clear and free digest, make consistent with other code (use dlen); from
     stevesk@
   - [email protected] 2001/01/20 15:55:20 GMT 2001 by markus
     [auth-options.c auth-options.h auth-rsa.c auth2.c]
     pass the filename to auth_parse_options()
   - [email protected] 2001/01/20 17:59:40 GMT 2001
     [readconf.c]
     fix SIGSEGV from -o ""; problem noted by [email protected]
   - [email protected] 2001/01/20 18:20:29
     [sshconnect2.c]
     dh_new_group() does not return NULL.  ok markus@
   - [email protected] 2001/01/20 21:33:42
     [ssh-add.c]
     do not loop forever if askpass does not exist; from
     [email protected]
   - [email protected] 2001/01/20 23:00:56
     [servconf.c]
     Check for NULL return from strdelim; ok markus
   - [email protected] 2001/01/20 23:02:07
     [readconf.c]
     KNF; ok markus
   - [email protected] 2001/01/21 9:00:33
     [ssh-keygen.1]
     remove -R flag; ok markus@
   - [email protected] 2001/01/21 19:05:40
     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h
      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
      ttysmodes.c uidswap.c xmalloc.c]
     split ssh.h and try to cleanup the #include mess. remove unnecessary
     #includes.  rename util.[ch] -> misc.[ch]
 - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
 - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve
   conflict when compiling for non-kerb install
 - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
   on 1/19.

ChangeLog

@@ -1,3 +1,66 @@
+20010122
+ - (bal) OpenBSD Resync
+   - [email protected] 2001/01/19 12:45:26 GMT 2001 by markus
+     [servconf.c ssh.h sshd.c]
+     only auth-chall.c needs #ifdef SKEY
+   - [email protected] 2001/01/19 15:55:10 GMT 2001 by markus
+     [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+      auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c
+      packet.c pathname.h readconf.c scp.c servconf.c serverloop.c
+      session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h
+      ssh1.h sshconnect1.c sshd.c ttymodes.c]
+     move ssh1 definitions to ssh1.h, pathnames to pathnames.h
+   - [email protected] 2001/01/19 16:48:14
+     [sshd.8]
+     fix typo; from stevesk@
+   - [email protected] 2001/01/19 16:50:58
+     [ssh-dss.c]
+     clear and free digest, make consistent with other code (use dlen); from 
+     stevesk@
+   - [email protected] 2001/01/20 15:55:20 GMT 2001 by markus
+     [auth-options.c auth-options.h auth-rsa.c auth2.c]
+     pass the filename to auth_parse_options()
+   - [email protected] 2001/01/20 17:59:40 GMT 2001 
+     [readconf.c]
+     fix SIGSEGV from -o ""; problem noted by [email protected]
+   - [email protected] 2001/01/20 18:20:29
+     [sshconnect2.c]
+     dh_new_group() does not return NULL.  ok markus@
+   - [email protected] 2001/01/20 21:33:42
+     [ssh-add.c]
+     do not loop forever if askpass does not exist; from 
+     [email protected]
+   - [email protected] 2001/01/20 23:00:56
+     [servconf.c]
+     Check for NULL return from strdelim; ok markus
+   - [email protected] 2001/01/20 23:02:07
+     [readconf.c]
+     KNF; ok markus
+   - [email protected] 2001/01/21 9:00:33
+     [ssh-keygen.1]
+     remove -R flag; ok markus@
+   - [email protected] 2001/01/21 19:05:40
+     [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c
+      auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c
+      auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c
+      bufaux.c  bufaux.h buffer.c canahost.c canahost.h channels.c
+      cipher.c cli.c clientloop.c clientloop.h compat.c compress.c
+      deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c
+      key.c key.h log-client.c log-server.c log.c log.h login.c login.h
+      match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c
+      readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h
+      session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c
+      ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h 
+      sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h
+      ttysmodes.c uidswap.c xmalloc.c]
+     split ssh.h and try to cleanup the #include mess. remove unnecessary 
+     #includes.  rename util.[ch] -> misc.[ch]
+ - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree
+ - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve 
+   conflict when compiling for non-kerb install
+ - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes
+   on 1/19.
+
 20010120
  - (bal) OpenBSD Resync
    - [email protected] 2001/01/19 12:45:26

Makefile.in

@@ -37,7 +37,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
 
 TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) $(SFTP-SERVER)
 
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o 
+LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 
 
 LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
 

acconfig.h

@@ -268,7 +268,7 @@
 #undef USER_PATH
 
 /* Specify location of ssh.pid */
-#undef PIDDIR
+#undef _PATH_SSH_PIDDIR
 
 /* Use IPv4 for connection by default, IPv6 can still if explicity asked */
 #undef IPV4_DEFAULT

atomicio.c

@@ -24,10 +24,10 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: atomicio.c,v 1.7 2000/10/18 18:04:02 markus Exp $");
+RCSID("$OpenBSD: atomicio.c,v 1.8 2001/01/21 19:05:40 markus Exp $");
 
 #include "xmalloc.h"
-#include "ssh.h"
+#include "atomicio.h"
 
 /*
  * ensure all of data on socket comes through. f==read || f==write

atomicio.h

@@ -0,0 +1,29 @@
+/*
+ * Copyright (c) 1995,1999 Theo de Raadt
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*
+ * Ensure all of data on socket comes through. f==read || f==write
+ */
+ssize_t	atomicio(ssize_t (*f)(), int fd, void *s, size_t n);

auth-chall.c

@@ -23,9 +23,8 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-chall.c,v 1.2 2001/01/19 12:45:26 markus Exp $");
+RCSID("$OpenBSD: auth-chall.c,v 1.3 2001/01/21 19:05:41 markus Exp $");
 
-#include "ssh.h"
 #include "auth.h"
 
 #ifdef SKEY

auth-krb4.c

@@ -23,14 +23,18 @@
  */
 
 #include "includes.h"
+RCSID("$OpenBSD: auth-krb4.c,v 1.22 2001/01/21 19:05:41 markus Exp $");
+
+#ifdef KRB4
+#include "ssh.h"
+#include "ssh1.h"
 #include "packet.h"
 #include "xmalloc.h"
-#include "ssh.h"
+#include "log.h"
 #include "servconf.h"
+#include "auth.h"
+#include "radix.h"
 
-RCSID("$OpenBSD: auth-krb4.c,v 1.20 2000/12/19 23:17:54 markus Exp $");
-
-#ifdef KRB4
 char *ticket = NULL;
 
 extern ServerOptions options;

auth-options.c

@@ -10,12 +10,14 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.11 2001/01/21 19:05:41 markus Exp $");
 
-#include "ssh.h"
 #include "packet.h"
 #include "xmalloc.h"
 #include "match.h"
+#include "log.h"
+#include "canohost.h"
+#include "auth-options.h"
 
 /* Flags set authorized_keys flags */
 int no_port_forwarding_flag = 0;
@@ -48,9 +50,12 @@ auth_clear_options(void)
 	}
 }
 
-/* return 1 if access is granted, 0 if not. side effect: sets key option flags */
+/*
+ * return 1 if access is granted, 0 if not.
+ * side effect: sets key option flags
+ */
 int
-auth_parse_options(struct passwd *pw, char *options, u_long linenum)
+auth_parse_options(struct passwd *pw, char *options, char *file, u_long linenum)
 {
 	const char *cp;
 	if (!options)
@@ -106,9 +111,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
 			}
 			if (!*options) {
 				debug("%.100s, line %lu: missing end quote",
-				    SSH_USER_PERMITTED_KEYS, linenum);
+				    file, linenum);
 				packet_send_debug("%.100s, line %lu: missing end quote",
-				    SSH_USER_PERMITTED_KEYS, linenum);
+				    file, linenum);
 				continue;
 			}
 			forced_command[i] = 0;
@@ -136,9 +141,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
 			}
 			if (!*options) {
 				debug("%.100s, line %lu: missing end quote",
-				    SSH_USER_PERMITTED_KEYS, linenum);
+				    file, linenum);
 				packet_send_debug("%.100s, line %lu: missing end quote",
-				    SSH_USER_PERMITTED_KEYS, linenum);
+				    file, linenum);
 				continue;
 			}
 			s[i] = 0;
@@ -170,9 +175,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
 			}
 			if (!*options) {
 				debug("%.100s, line %lu: missing end quote",
-				    SSH_USER_PERMITTED_KEYS, linenum);
+				    file, linenum);
 				packet_send_debug("%.100s, line %lu: missing end quote",
-				    SSH_USER_PERMITTED_KEYS, linenum);
+				    file, linenum);
 				continue;
 			}
 			patterns[i] = 0;
@@ -219,9 +224,9 @@ auth_parse_options(struct passwd *pw, char *options, u_long linenum)
 
 bad_option:
 	log("Bad options in %.100s file, line %lu: %.50s",
-	    SSH_USER_PERMITTED_KEYS, linenum, options);
+	    file, linenum, options);
 	packet_send_debug("Bad options in %.100s file, line %lu: %.50s",
-	    SSH_USER_PERMITTED_KEYS, linenum, options);
+	    file, linenum, options);
 	/* deny access */
 	return 0;
 }

auth-options.h

@@ -11,10 +11,17 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* $OpenBSD: auth-options.h,v 1.6 2000/12/19 23:17:55 markus Exp $ */
+/* $OpenBSD: auth-options.h,v 1.8 2001/01/21 19:05:42 markus Exp $ */
 
 #ifndef AUTH_OPTIONS_H
 #define AUTH_OPTIONS_H
+
+/* Linked list of custom environment strings */
+struct envstring {
+	struct envstring *next;
+	char   *s;
+};
+
 /* Flags that may be set in authorized_keys options. */
 extern int no_port_forwarding_flag;
 extern int no_agent_forwarding_flag;
@@ -23,8 +30,14 @@ extern int no_pty_flag;
 extern char *forced_command;
 extern struct envstring *custom_environment;
 
-/* return 1 if access is granted, 0 if not. side effect: sets key option flags */
-int	auth_parse_options(struct passwd *pw, char *options, u_long linenum);
+/*
+ * return 1 if access is granted, 0 if not.
+ * side effect: sets key option flags
+ */
+int
+auth_parse_options(struct passwd *pw, char *options, char *file,
+    u_long linenum);
+
 /* reset options flags */
 void	auth_clear_options(void);
 

auth-pam.c

@@ -27,9 +27,12 @@
 #ifdef USE_PAM
 #include "ssh.h"
 #include "xmalloc.h"
+#include "log.h"
 #include "servconf.h"
+#include "canohost.h"
+#include "readpass.h"
 
-RCSID("$Id: auth-pam.c,v 1.21 2001/01/19 04:46:38 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.22 2001/01/22 05:34:40 mouring Exp $");
 
 #define NEW_AUTHTOK_MSG \
 	"Warning: Your password has expired, please change it now"

auth-passwd.c

@@ -36,15 +36,14 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-passwd.c,v 1.19 2001/01/18 16:59:59 markus Exp $");
+RCSID("$OpenBSD: auth-passwd.c,v 1.20 2001/01/21 19:05:42 markus Exp $");
 
 #if !defined(USE_PAM) && !defined(HAVE_OSF_SIA)
 
 #include "packet.h"
-#include "ssh.h"
-#include "servconf.h"
 #include "xmalloc.h"
-
+#include "log.h"
+#include "servconf.h"
 #include "auth.h"
 
 #ifdef WITH_AIXAUTHENTICATE

auth-rh-rsa.c

@@ -13,18 +13,19 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rh-rsa.c,v 1.19 2000/12/21 15:10:16 markus Exp $");
+RCSID("$OpenBSD: auth-rh-rsa.c,v 1.21 2001/01/21 19:05:42 markus Exp $");
 
 #include "packet.h"
-#include "ssh.h"
 #include "xmalloc.h"
 #include "uidswap.h"
+#include "log.h"
 #include "servconf.h"
-
-#include <openssl/rsa.h>
-#include <openssl/dsa.h>
 #include "key.h"
 #include "hostfile.h"
+#include "pathnames.h"
+#include "auth.h"
+#include "tildexpand.h"
+#include "canohost.h"
 
 /*
  * Tries to authenticate the user using the .rhosts file and the host using
@@ -59,15 +60,15 @@ auth_rhosts_rsa(struct passwd *pw, const char *client_user, RSA *client_host_key
 	found = key_new(KEY_RSA1);
 
 	/* Check if we know the host and its host key. */
-	host_status = check_host_in_hostfile(SSH_SYSTEM_HOSTFILE, canonical_hostname,
+	host_status = check_host_in_hostfile(_PATH_SSH_SYSTEM_HOSTFILE, canonical_hostname,
 	    client_key, found, NULL);
 
 	/* Check user host file unless ignored. */
 	if (host_status != HOST_OK && !options.ignore_user_known_hosts) {
 		struct stat st;
-		char *user_hostfile = tilde_expand_filename(SSH_USER_HOSTFILE, pw->pw_uid);
+		char *user_hostfile = tilde_expand_filename(_PATH_SSH_USER_HOSTFILE, pw->pw_uid);
 		/*
-		 * Check file permissions of SSH_USER_HOSTFILE, auth_rsa()
+		 * Check file permissions of _PATH_SSH_USER_HOSTFILE, auth_rsa()
 		 * did already check pw->pw_dir, but there is a race XXX
 		 */
 		if (options.strict_modes &&

auth-rhosts.c

@@ -14,13 +14,15 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.17 2000/12/19 23:17:55 markus Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.19 2001/01/21 19:05:42 markus Exp $");
 
 #include "packet.h"
-#include "ssh.h"
 #include "xmalloc.h"
 #include "uidswap.h"
+#include "pathnames.h"
+#include "log.h"
 #include "servconf.h"
+#include "canohost.h"
 
 /*
  * This function processes an rhosts-style file (.rhosts, .shosts, or
@@ -177,8 +179,8 @@ auth_rhosts(struct passwd *pw, const char *client_user)
 
 	/* Deny if The user has no .shosts or .rhosts file and there are no system-wide files. */
 	if (!rhosts_files[rhosts_file_index] &&
-	    stat("/etc/hosts.equiv", &st) < 0 &&
-	    stat(SSH_HOSTS_EQUIV, &st) < 0)
+	    stat(_PATH_RHOSTS_EQUIV, &st) < 0 &&
+	    stat(_PATH_SSH_HOSTS_EQUIV, &st) < 0)
 		return 0;
 
 	hostname = get_canonical_hostname();
@@ -192,10 +194,10 @@ auth_rhosts(struct passwd *pw, const char *client_user)
 					  hostname, ipaddr);
 			return 1;
 		}
-		if (check_rhosts_file(SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
+		if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
 				      pw->pw_name)) {
 			packet_send_debug("Accepted for %.100s [%.100s] by %.100s.",
-				      hostname, ipaddr, SSH_HOSTS_EQUIV);
+				      hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
 			return 1;
 		}
 	}