Bring vendor patches onto the main branch, and resolve conflicts.

crypto/openssh/key.c

@@ -258,12 +258,14 @@ key_read(Key *ret, char **cpp)
 		blob = xmalloc(len);
 		n = uudecode(cp, blob, len);
 		if (n < 0) {
-			error("uudecode %s failed", cp);
+			error("key_read: uudecode %s failed", cp);
 			return 0;
 		}
 		k = dsa_key_from_blob(blob, n);
-		if (k == NULL)
-			 return 0;
+		if (k == NULL) {
+			error("key_read: dsa_key_from_blob %s failed", cp);
+			return 0;
+		}
 		xfree(blob);
 		if (ret->dsa != NULL)
 			DSA_free(ret->dsa);
@@ -271,10 +273,12 @@ key_read(Key *ret, char **cpp)
 		k->dsa = NULL;
 		key_free(k);
 		bits = BN_num_bits(ret->dsa->p);
-		cp = strchr(cp, '=');
-		if (cp == NULL)
-			return 0;
-		*cpp = cp + 1;
+		/* advance cp: skip whitespace and data */
+		while (*cp == ' ' || *cp == '\t')
+			cp++;
+		while (*cp != '\0' && *cp != ' ' && *cp != '\t')
+			cp++;
+		*cpp = cp;
 		break;
 	default:
 		fatal("key_read: bad key type: %d", ret->type);

crypto/openssh/readconf.c

@@ -15,7 +15,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: readconf.c,v 1.31 2000/05/08 17:12:15 markus Exp $");
+RCSID("$Id: readconf.c,v 1.33 2000/05/29 20:20:46 markus Exp $");
 
 #include "ssh.h"
 #include "cipher.h"
@@ -482,6 +482,8 @@ process_config_line(Options *options, const char *host,
 	case oCipher:
 		intptr = &options->cipher;
 		cp = strtok(NULL, WHITESPACE);
+		if (!cp)
+			fatal("%.200s line %d: Missing argument.", filename, linenum);
 		value = cipher_number(cp);
 		if (value == -1)
 			fatal("%.200s line %d: Bad cipher '%s'.",
@@ -492,6 +494,8 @@ process_config_line(Options *options, const char *host,
 
 	case oCiphers:
 		cp = strtok(NULL, WHITESPACE);
+		if (!cp)
+			fatal("%.200s line %d: Missing argument.", filename, linenum);
 		if (!ciphers_valid(cp))
 			fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
 			      filename, linenum, cp ? cp : "<NONE>");
@@ -502,6 +506,8 @@ process_config_line(Options *options, const char *host,
 	case oProtocol:
 		intptr = &options->protocol;
 		cp = strtok(NULL, WHITESPACE);
+		if (!cp)
+			fatal("%.200s line %d: Missing argument.", filename, linenum);
 		value = proto_spec(cp);
 		if (value == SSH_PROTO_UNKNOWN)
 			fatal("%.200s line %d: Bad protocol spec '%s'.",
@@ -713,7 +719,7 @@ void
 fill_default_options(Options * options)
 {
 	if (options->forward_agent == -1)
-		options->forward_agent = 1;
+		options->forward_agent = 0;
 	if (options->forward_x11 == -1)
 		options->forward_x11 = 0;
 	if (options->gateway_ports == -1)

crypto/openssh/session.c

@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.12 2000/05/03 18:03:07 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.15 2000/05/30 17:23:37 markus Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -315,8 +315,7 @@ do_authenticated(struct passwd * pw)
 				break;
 			}
 			debug("Received authentication agent forwarding request.");
-			auth_input_request_forwarding(pw);
-			success = 1;
+			success = auth_input_request_forwarding(pw);
 			break;
 
 		case SSH_CMSG_PORT_FORWARD_REQUEST:
@@ -723,7 +722,8 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
 #endif /* LOGIN_CAP */
 
 		/* Do common processing for the child, such as execing the command. */
-		do_child(command, pw, s->term, s->display, s->auth_proto, s->auth_data, s->tty);
+		do_child(command, pw, s->term, s->display, s->auth_proto,
+		    s->auth_data, s->tty);
 		/* NOTREACHED */
 	}
 	if (pid < 0)
@@ -827,7 +827,10 @@ read_environment_file(char ***env, unsigned int *envsize,
 			fprintf(stderr, "Bad line in %.100s: %.200s\n", filename, buf);
 			continue;
 		}
-		/* Replace the equals sign by nul, and advance value to the value string. */
+		/*
+		 * Replace the equals sign by nul, and advance value to
+		 * the value string.
+		 */
 		*value = '\0';
 		value++;
 		child_set_env(env, envsize, cp, value);
@@ -1059,7 +1062,8 @@ do_child(const char *command, struct passwd * pw, const char *term,
 
 	/* read $HOME/.ssh/environment. */
 	if (!options.use_login) {
-		snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir);
+		snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
+		    pw->pw_dir);
 		read_environment_file(&env, &envsize, buf);
 	}
 	if (debug_flag) {
@@ -1183,16 +1187,29 @@ do_child(const char *command, struct passwd * pw, const char *term,
 		else {
 			/* Add authority data to .Xauthority if appropriate. */
 			if (auth_proto != NULL && auth_data != NULL) {
-				if (debug_flag)
-					fprintf(stderr, "Running %.100s add %.100s %.100s %.100s\n",
-						XAUTH_PATH, display, auth_proto, auth_data);
-
+				char *screen = strchr(display, ':');
+				if (debug_flag) {
+					fprintf(stderr,
+					    "Running %.100s add %.100s %.100s %.100s\n",
+					    XAUTH_PATH, display, auth_proto, auth_data);
+					if (screen != NULL)
+						fprintf(stderr,
+						    "Adding %.*s/unix%s %s %s\n",
+						    screen-display, display,
+						    screen, auth_proto, auth_data);
+				}
 				f = popen(XAUTH_PATH " -q -", "w");
 				if (f) {
-					fprintf(f, "add %s %s %s\n", display, auth_proto, auth_data);
+					fprintf(f, "add %s %s %s\n", display,
+					    auth_proto, auth_data);
+					if (screen != NULL) 
+						fprintf(f, "add %.*s/unix%s %s %s\n",
+						    screen-display, display,
+						    screen, auth_proto, auth_data);
 					pclose(f);
 				} else
-					fprintf(stderr, "Could not run %s -q -\n", XAUTH_PATH);
+					fprintf(stderr, "Could not run %s -q -\n",
+					    XAUTH_PATH);
 			}
 		}
 #endif /* XAUTH_PATH */
@@ -1222,7 +1239,8 @@ do_child(const char *command, struct passwd * pw, const char *term,
 				struct stat mailstat;
 				mailbox = getenv("MAIL");
 				if (mailbox != NULL) {
-					if (stat(mailbox, &mailstat) != 0 || mailstat.st_size == 0)
+					if (stat(mailbox, &mailstat) != 0 ||
+					    mailstat.st_size == 0)
 #ifdef __FreeBSD__
 						;
 #else /* !__FreeBSD__ */

crypto/openssh/ssh.1

@@ -9,9 +9,8 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: ssh.1,v 1.43 2000/03/24 03:04:46 brad Exp $
-.\" $Id: ssh.1,v 1.52 2000/05/08 17:21:32 hugh Exp $
-.\" $FreeBSD$
+.\" $Id: ssh.1,v 1.54 2000/05/29 20:20:46 markus Exp $
+/\" $FreeBSD$
 .\"
 .Dd September 25, 1999
 .Dt SSH 1
@@ -26,7 +25,7 @@
 .Op Ar command
 .Pp
 .Nm ssh
-.Op Fl afgknqtvxCPX246
+.Op Fl afgknqtvxACNPTX246
 .Op Fl c Ar cipher_spec
 .Op Fl e Ar escape_char
 .Op Fl i Ar identity_file
@@ -335,7 +334,9 @@ host key is not known or has changed.
 .Bl -tag -width Ds
 .It Fl a
 Disables forwarding of the authentication agent connection.
-This may also be specified on a per-host basis in the configuration file.
+.It Fl A
+Enables forwarding of the authentication agent connection.
+This can also be specified on a per-host basis in a configuration file.
 .It Fl c Ar blowfish|3des
 Selects the cipher to use for encrypting the session.
 .Ar 3des
@@ -419,6 +420,10 @@ program will be put in the background.
 needs to ask for a password or passphrase; see also the
 .Fl f
 option.)
+.It Fl N
+Do not execute a remote command.
+This is usefull if you just want to forward ports
+(protocol version 2 only).
 .It Fl o Ar option
 Can be used to give options in the format used in the config file.
 This is useful for specifying options for which there is no separate
@@ -445,6 +450,8 @@ Force pseudo-tty allocation.
 This can be used to execute arbitrary
 screen-based programs on a remote machine, which can be very useful,
 e.g., when implementing menu services.
+.It Fl T
+Disable pseudo-tty allocation (protocol version 2 only).
 .It Fl v
 Verbose mode.
 Causes
@@ -457,9 +464,9 @@ The verbose mode is also used to display
 challenges, if the user entered "s/key" as password.
 .It Fl x
 Disables X11 forwarding.
-This can also be specified on a per-host basis in a configuration file.
 .It Fl X
 Enables X11 forwarding.
+This can also be specified on a per-host basis in a configuration file.
 .It Fl C
 Requests compression of all data (including stdin, stdout, stderr, and
 data for forwarded X11 and TCP/IP connections).
@@ -668,6 +675,8 @@ The argument must be
 .Dq yes
 or
 .Dq no .
+The default is
+.Dq no .
 .It Cm ForwardX11
 Specifies whether X11 connections will be automatically redirected
 over the secure channel and

crypto/openssh/ssh.c

@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: ssh.c,v 1.51 2000/05/08 17:12:15 markus Exp $");
+RCSID("$Id: ssh.c,v 1.54 2000/05/30 17:32:06 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/dsa.h>
@@ -110,10 +110,12 @@ usage()
 	fprintf(stderr, "Options:\n");
 	fprintf(stderr, "  -l user     Log in using this user name.\n");
 	fprintf(stderr, "  -n          Redirect input from /dev/null.\n");
+	fprintf(stderr, "  -A          Enable authentication agent forwarding.\n");
 	fprintf(stderr, "  -a          Disable authentication agent forwarding.\n");
 #ifdef AFS
 	fprintf(stderr, "  -k          Disable Kerberos ticket and AFS token forwarding.\n");
 #endif				/* AFS */
+        fprintf(stderr, "  -X          Enable X11 connection forwarding.\n");
 	fprintf(stderr, "  -x          Disable X11 connection forwarding.\n");
 	fprintf(stderr, "  -X          Enable X11 connection forwarding.\n");
 	fprintf(stderr, "  -i file     Identity for RSA authentication (default: ~/.ssh/identity).\n");
@@ -312,6 +314,9 @@ main(int ac, char **av)
 		case 'a':
 			options.forward_agent = 0;
 			break;
+		case 'A':
+			options.forward_agent = 1;
+			break;
 #ifdef AFS
 		case 'k':
 			options.krb4_tgt_passing = 0;
@@ -429,7 +434,7 @@ main(int ac, char **av)
 	if (!host)
 		usage();
 
-        OpenSSL_add_all_algorithms();
+	SSLeay_add_all_algorithms();
 
 	/* Initialize the command to execute on remote host. */
 	buffer_init(&command);