- [email protected] 2001/02/04 08:32:27

     [many files; did this manually to our top-level source dir]
     unexpand and remove end-of-line whitespace; ok markus@

ChangeLog

@@ -1,7 +1,11 @@
 20010105
- - (bal) Disable groupaccess by setting NGROUP_MAX to 0 for platforms
+ - (bal) Disable groupaccess by setting NGROUPS_MAX to 0 for platforms
    that don't have NGROUPS_MAX.
  - (bal) AIX patch for auth1.c by William L. Jones <[email protected]>
+ - (stevesk) OpenBSD sync:
+   - [email protected] 2001/02/04 08:32:27
+     [many files; did this manually to our top-level source dir]
+     unexpand and remove end-of-line whitespace; ok markus@
 
 20010104
  - (bal) I think this is the last of the bsd-*.h that don't belong.

acconfig.h

@@ -225,7 +225,7 @@
 /* Define if you are using Solaris-derived PAM which passes pam_messages  */
 /* to the conversation function with an extra level of indirection */
 #undef PAM_SUN_CODEBASE
- 
+
 /* Set this to your mail directory if you don't have maillock.h */
 #undef MAIL_DIRECTORY
 

auth-chall.c

@@ -34,7 +34,7 @@ char *
 get_challenge(Authctxt *authctxt, char *devs)
 {
 	static char challenge[1024];
-        struct skey skey;
+	struct skey skey;
 	if (skeychallenge(&skey, authctxt->user, challenge) == -1)
 		return NULL;
 	strlcat(challenge, "\nS/Key Password: ", sizeof challenge);

auth-pam.c

@@ -32,7 +32,7 @@
 #include "canohost.h"
 #include "readpass.h"
 
-RCSID("$Id: auth-pam.c,v 1.23 2001/02/04 12:20:19 djm Exp $");
+RCSID("$Id: auth-pam.c,v 1.24 2001/02/05 12:42:17 stevesk Exp $");
 
 #define NEW_AUTHTOK_MSG \
 	"Warning: Your password has expired, please change it now"
@@ -97,7 +97,7 @@ static int pamconv(int num_msg, const struct pam_message **msg,
 	/* PAM will free this later */
 	reply = malloc(num_msg * sizeof(*reply));
 	if (reply == NULL)
-		return PAM_CONV_ERR; 
+		return PAM_CONV_ERR;
 
 	for (count = 0; count < num_msg; count++) {
 		switch(PAM_MSG_MEMBER(msg, count, msg_style)) {
@@ -120,7 +120,7 @@ static int pamconv(int num_msg, const struct pam_message **msg,
 					}
 					reply[count].resp = xstrdup(pampasswd);
 				} else {
-					reply[count].resp = 
+					reply[count].resp =
 						xstrdup(read_passphrase(PAM_MSG_MEMBER(msg, count, msg), 1));
 				}
 				reply[count].resp_retcode = PAM_SUCCESS;
@@ -158,19 +158,19 @@ void pam_cleanup_proc(void *context)
 	{
 		pam_retval = pam_close_session(pamh, 0);
 		if (pam_retval != PAM_SUCCESS) {
-			log("Cannot close PAM session[%d]: %.200s", 
+			log("Cannot close PAM session[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		}
 
 		pam_retval = pam_setcred(pamh, PAM_DELETE_CRED);
 		if (pam_retval != PAM_SUCCESS) {
-			debug("Cannot delete credentials[%d]: %.200s", 
+			debug("Cannot delete credentials[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		}
 
 		pam_retval = pam_end(pamh, pam_retval);
 		if (pam_retval != PAM_SUCCESS) {
-			log("Cannot release PAM authentication[%d]: %.200s", 
+			log("Cannot release PAM authentication[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		}
 	}
@@ -193,15 +193,15 @@ int auth_pam_password(struct passwd *pw, const char *password)
 		return 0;
 
 	pampasswd = password;
-	
+
 	pamstate = INITIAL_LOGIN;
 	pam_retval = do_pam_authenticate(0);
 	if (pam_retval == PAM_SUCCESS) {
-		debug("PAM Password authentication accepted for user \"%.100s\"", 
+		debug("PAM Password authentication accepted for user \"%.100s\"",
 			pw->pw_name);
 		return 1;
 	} else {
-		debug("PAM Password authentication for \"%.100s\" failed[%d]: %s", 
+		debug("PAM Password authentication for \"%.100s\" failed[%d]: %s",
 			pw->pw_name, pam_retval, PAM_STRERROR(pamh, pam_retval));
 		return 0;
 	}
@@ -212,21 +212,21 @@ int do_pam_account(char *username, char *remote_user)
 {
 	int pam_retval;
 	extern ServerOptions options;
-	
-	debug("PAM setting rhost to \"%.200s\"", 
+
+	debug("PAM setting rhost to \"%.200s\"",
 	    get_canonical_hostname(options.reverse_mapping_check));
-	pam_retval = pam_set_item(pamh, PAM_RHOST, 
+	pam_retval = pam_set_item(pamh, PAM_RHOST,
 		get_canonical_hostname(options.reverse_mapping_check));
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM set rhost failed[%d]: %.200s", 
+		fatal("PAM set rhost failed[%d]: %.200s",
 			pam_retval, PAM_STRERROR(pamh, pam_retval));
 	}
 
 	if (remote_user != NULL) {
 		debug("PAM setting ruser to \"%.200s\"", remote_user);
 		pam_retval = pam_set_item(pamh, PAM_RUSER, remote_user);
 		if (pam_retval != PAM_SUCCESS) {
-			fatal("PAM set ruser failed[%d]: %.200s", 
+			fatal("PAM set ruser failed[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		}
 	}
@@ -242,11 +242,11 @@ int do_pam_account(char *username, char *remote_user)
 			password_change_required = 1;
 			break;
 		default:
-			log("PAM rejected by account configuration[%d]: %.200s", 
+			log("PAM rejected by account configuration[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 			return(0);
 	}
-	
+
 	return(1);
 }
 
@@ -259,31 +259,31 @@ void do_pam_session(char *username, const char *ttyname)
 		debug("PAM setting tty to \"%.200s\"", ttyname);
 		pam_retval = pam_set_item(pamh, PAM_TTY, ttyname);
 		if (pam_retval != PAM_SUCCESS) {
-			fatal("PAM set tty failed[%d]: %.200s", 
+			fatal("PAM set tty failed[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		}
 	}
 
 	pam_retval = pam_open_session(pamh, 0);
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM session setup failed[%d]: %.200s", 
+		fatal("PAM session setup failed[%d]: %.200s",
 			pam_retval, PAM_STRERROR(pamh, pam_retval));
 	}
 }
 
-/* Set PAM credentials */ 
+/* Set PAM credentials */
 void do_pam_setcred(void)
 {
 	int pam_retval;
- 
+
 	debug("PAM establishing creds");
 	pam_retval = pam_setcred(pamh, PAM_ESTABLISH_CRED);
 	if (pam_retval != PAM_SUCCESS) {
 		if(was_authenticated) {
-			fatal("PAM setcred failed[%d]: %.200s", 
+			fatal("PAM setcred failed[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		} else {
-			debug("PAM setcred failed[%d]: %.200s", 
+			debug("PAM setcred failed[%d]: %.200s",
 				pam_retval, PAM_STRERROR(pamh, pam_retval));
 		}
 	}
@@ -295,7 +295,7 @@ int pam_password_change_required(void)
 	return password_change_required;
 }
 
-/* 
+/*
  * Have user change authentication token if pam_acct_mgmt() indicated
  * it was expired.  This needs to be called after an interactive
  * session is established and the user's pty is connected to
@@ -313,7 +313,7 @@ void do_pam_chauthtok(void)
 		do {
 			pam_retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
 			if (pam_retval != PAM_SUCCESS) {
-				log("PAM pam_chauthtok failed[%d]: %.200s", 
+				log("PAM pam_chauthtok failed[%d]: %.200s",
 					pam_retval, PAM_STRERROR(pamh, pam_retval));
 			}
 		} while (pam_retval != PAM_SUCCESS);
@@ -337,21 +337,21 @@ void start_pam(const char *user)
 	pam_retval = pam_start(SSHD_PAM_SERVICE, user, &conv, &pamh);
 
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM initialisation failed[%d]: %.200s", 
+		fatal("PAM initialisation failed[%d]: %.200s",
 			pam_retval, PAM_STRERROR(pamh, pam_retval));
 	}
 
 #ifdef PAM_TTY_KLUDGE
 	/*
 	 * Some PAM modules (e.g. pam_time) require a TTY to operate,
-	 * and will fail in various stupid ways if they don't get one. 
+	 * and will fail in various stupid ways if they don't get one.
 	 * sshd doesn't set the tty until too late in the auth process and may
 	 * not even need one (for tty-less connections)
-	 * Kludge: Set a fake PAM_TTY 
+	 * Kludge: Set a fake PAM_TTY
 	 */
 	pam_retval = pam_set_item(pamh, PAM_TTY, "ssh");
 	if (pam_retval != PAM_SUCCESS) {
-		fatal("PAM set tty failed[%d]: %.200s", 
+		fatal("PAM set tty failed[%d]: %.200s",
 			pam_retval, PAM_STRERROR(pamh, pam_retval));
 	}
 #endif /* PAM_TTY_KLUDGE */
@@ -383,9 +383,9 @@ void pam_msg_cat(const char *msg)
 	char *p;
 	size_t new_msg_len;
 	size_t pam_msg_len;
-	
+
 	new_msg_len = strlen(msg);
-	
+
 	if (pam_msg) {
 		pam_msg_len = strlen(pam_msg);
 		pam_msg = xrealloc(pam_msg, new_msg_len + pam_msg_len + 2);

auth-passwd.c

@@ -118,7 +118,7 @@ auth_password(struct passwd * pw, const char *password)
 	 * Empty password is only possible on NT if the user has _really_
 	 * an empty password and authentication is done, though.
 	 */
-        if (!is_winnt) 
+	if (!is_winnt)
 #endif
 	if (*password == '\0' && options.permit_empty_passwd == 0)
 		return 0;
@@ -155,13 +155,13 @@ auth_password(struct passwd * pw, const char *password)
 	 */
 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
 	spw = getspnam(pw->pw_name);
-	if (spw != NULL) 
+	if (spw != NULL)
 		pw_password = spw->sp_pwdp;
 #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
 
 #ifdef HAVE_SCO_PROTECTED_PW
 	spw = getprpwnam(pw->pw_name);
-	if (spw != NULL) 
+	if (spw != NULL)
 		pw_password = spw->ufld.fd_encrypt;
 #endif /* HAVE_SCO_PROTECTED_PW */
 
@@ -189,7 +189,7 @@ auth_password(struct passwd * pw, const char *password)
 		encrypted_password = md5_crypt(password, salt);
 	else
 		encrypted_password = crypt(password, salt);
-#else /* HAVE_MD5_PASSWORDS */    
+#else /* HAVE_MD5_PASSWORDS */
 # ifdef __hpux
 	if (iscomsec())
 		encrypted_password = bigcrypt(password, salt);
@@ -198,7 +198,7 @@ auth_password(struct passwd * pw, const char *password)
 # else
 	encrypted_password = crypt(password, salt);
 # endif /* __hpux */
-#endif /* HAVE_MD5_PASSWORDS */    
+#endif /* HAVE_MD5_PASSWORDS */
 
 	/* Authentication is accepted if the encrypted passwords are identical. */
 	return (strcmp(encrypted_password, pw_password) == 0);

auth.c

@@ -79,7 +79,7 @@ allowed_user(struct passwd * pw)
 			return 0;
 
 		/* Check password expiry */
-		if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) && 
+		if ((spw->sp_lstchg >= 0) && (spw->sp_max >= 0) &&
 		    (days > (spw->sp_lstchg + spw->sp_max)))
 			return 0;
 	}
@@ -165,9 +165,9 @@ allowed_user(struct passwd * pw)
 Authctxt *
 authctxt_new(void)
 {
-        Authctxt *authctxt = xmalloc(sizeof(*authctxt));
-        memset(authctxt, 0, sizeof(*authctxt));
-        return authctxt;
+	Authctxt *authctxt = xmalloc(sizeof(*authctxt));
+	memset(authctxt, 0, sizeof(*authctxt));
+	return authctxt;
 }
 
 struct passwd *

auth1.c

@@ -265,8 +265,8 @@ do_authloop(Authctxt *authctxt)
 			authenticated = auth_pam_password(pw, password);
 #elif defined(HAVE_OSF_SIA)
 			/* Do SIA auth with password */
-			if (sia_validate_user(NULL, saved_argc, saved_argv, 
-			    get_canonical_hostname(options.reverse_mapping_check), 
+			if (sia_validate_user(NULL, saved_argc, saved_argv,
+			    get_canonical_hostname(options.reverse_mapping_check),
 			    pw->pw_name, NULL, 0, NULL, password) == SIASUCCESS) {
 				authenticated = 1;
 			}
@@ -317,8 +317,8 @@ do_authloop(Authctxt *authctxt)
 			fatal("INTERNAL ERROR: authenticated invalid user %s",
 			    authctxt->user);
 
-#ifdef HAVE_CYGWIN		
-		if (authenticated && 
+#ifdef HAVE_CYGWIN
+		if (authenticated &&
 		    !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD,pw->pw_uid)) {
 			packet_disconnect("Authentication rejected for uid %d.",
 			(int)pw->pw_uid);
@@ -329,7 +329,7 @@ do_authloop(Authctxt *authctxt)
 		if (authenticated && authctxt->pw->pw_uid == 0 && !auth_root_allowed())
 			authenticated = 0;
 #endif
-#ifdef USE_PAM			
+#ifdef USE_PAM
 		if (authenticated && !do_pam_account(pw->pw_name, client_user))
 			authenticated = 0;
 #endif
@@ -346,9 +346,9 @@ do_authloop(Authctxt *authctxt)
 			return;
 
 		if (authctxt->failures++ > AUTH_FAIL_MAX) {
-#ifdef WITH_AIXAUTHENTICATE 
-			loginfailed(authctxt->user, 
-			    get_canonical_hostname(options.reverse_mapping_check), 
+#ifdef WITH_AIXAUTHENTICATE
+			loginfailed(authctxt->user,
+			    get_canonical_hostname(options.reverse_mapping_check),
 			    "ssh");
 #endif /* WITH_AIXAUTHENTICATE */
 			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
@@ -435,7 +435,7 @@ do_authentication()
 
 #ifdef WITH_AIXAUTHENTICATE
 	/* We don't have a pty yet, so just label the line as "ssh" */
-	if (loginsuccess(authctxt->user, 
+	if (loginsuccess(authctxt->user,
 	    get_canonical_hostname(options.reverse_mapping_check),
 	    "ssh", &aixloginmsg) < 0)
 		aixloginmsg = NULL;