Stupid djm commits experimental code to head instead of branch

revert
2025-07-31 01:35:11 +02:00 · 2002-03-13 13:19:42 +11:00 · 2002-03-13 13:19:42 +11:00 · 3a5b023330
commit 3a5b023330
parent 3225fb454d
20 changed files with 109 additions and 561 deletions
--- a/Makefile.in
+++ b/Makefile.in
@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.198 2002/03/13 01:47:54 djm Exp $
+# $Id: Makefile.in,v 1.199 2002/03/13 02:19:42 djm Exp $
 prefix=@prefix@
 exec_prefix=@exec_prefix@
@ -50,11 +50,11 @@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
 TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} $(SFTP_PROGS)
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o monitor_fdpass.c monitor_wrap.c mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 
+LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dh.o dispatch.o fatal.o mac.o hostfile.o key.o kex.o kexdh.o kexgex.o log.o match.o misc.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o scard.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 
 SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o sshtty.o readconf.o clientloop.o
-SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o monitor.c monitor_mm.c sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o
+SSHDOBJS= sshd.o auth.o auth1.o auth2.o auth-chall.o auth2-chall.o auth-rhosts.o auth-options.o auth-krb4.o auth-pam.o auth2-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o auth-sia.o sshpty.o sshlogin.o loginrec.o servconf.o serverloop.o md5crypt.o session.o groupaccess.o auth-skey.o auth-bsdauth.o
 MANPAGES	= scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out
 MANPAGES_IN	= scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1
--- a/auth.h
+++ b/auth.h
@ -121,8 +121,8 @@ void	krb5_cleanup_proc(void *authctxt);
 #include "auth-pam.h"
 #include "auth2-pam.h"
-Authctxt *do_authentication(void);
+void	do_authentication(void);
-Authctxt *do_authentication2(void);
+void	do_authentication2(void);
 Authctxt *authctxt_new(void);
 void	auth_log(Authctxt *, int, char *, char *);
--- a/auth1.c
+++ b/auth1.c
@ -26,13 +26,8 @@ RCSID("$OpenBSD: auth1.c,v 1.35 2002/02/03 17:53:25 markus Exp $");
 #include "session.h"
 #include "misc.h"
 #include "uidswap.h"
 #include "monitor.h"
 #include "monitor_wrap.h"
 /* import */
 extern int use_privsep;
 extern int mm_recvfd;
 extern ServerOptions options;
 /*
@ -360,13 +355,12 @@ do_authloop(Authctxt *authctxt)
 * Performs authentication of an incoming connection.  Session key has already
 * been exchanged and encryption is enabled.
 */
-Authctxt *
+void
 do_authentication(void)
 {
 	Authctxt *authctxt;
-	struct passwd *pw = NULL, *pwent;
+	struct passwd *pw;
 	u_int ulen;
 	int allowed;
 	char *p, *user, *style = NULL;
 	/* Get the name of the user that we wish to log in as. */
@ -388,26 +382,17 @@ do_authentication(void)
 	authctxt->style = style;
 	/* Verify that the user is a valid user. */
-	if (!use_privsep) {
+	pw = getpwnam(user);
-		pwent = getpwnam(user);
+	if (pw && allowed_user(pw)) {
 		allowed = pwent ? allowed_user(pwent) : 0;
 	} else
 		pwent = mm_getpwnamallow(mm_recvfd, user, &allowed);
 	if (pwent && allowed) {
 		authctxt->valid = 1;
-		pw = pwcopy(pwent);
+		pw = pwcopy(pw);
 	} else {
 		debug("do_authentication: illegal user %s", user);
 		pw = NULL;
 	}
 	/* Free memory */
 	if (use_privsep)
 		pwfree(pwent);
 	authctxt->pw = pw;
-	setproctitle("%s%s", use_privsep ? " [net]" : "",
+	setproctitle("%s", pw ? user : "unknown");
 	    pw ? user : "unknown");
 #ifdef USE_PAM
 	start_pam(pw == NULL ? "NOUSER" : user);
@ -433,5 +418,6 @@ do_authentication(void)
 	packet_send();
 	packet_write_wait();
-	return (authctxt);
+	/* Perform session preparation. */
 	do_authenticated(authctxt);
 }
--- a/auth2.c
+++ b/auth2.c
@ -51,13 +51,8 @@ RCSID("$OpenBSD: auth2.c,v 1.85 2002/02/24 19:14:59 markus Exp $");
 #include "hostfile.h"
 #include "canohost.h"
 #include "match.h"
 #include "monitor.h"
 #include "monitor_wrap.h"
 /* import */
 extern int use_privsep;
 extern int mm_recvfd;
 extern ServerOptions options;
 extern u_char *session_id2;
 extern int session_id2_len;
@ -80,8 +75,8 @@ static void input_userauth_request(int, u_int32_t, void *);
 /* helper */
 static Authmethod *authmethod_lookup(const char *);
 static char *authmethods_get(void);
-int user_key_allowed(struct passwd *, Key *);
+static int user_key_allowed(struct passwd *, Key *);
-int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
+static int hostbased_key_allowed(struct passwd *, const char *, char *, Key *);
 /* auth */
 static void userauth_banner(void);
@ -114,7 +109,7 @@ Authmethod authmethods[] = {
 * loop until authctxt->success == TRUE
 */
-Authctxt *
+void
 do_authentication2(void)
 {
 	Authctxt *authctxt = authctxt_new();
@ -130,8 +125,7 @@ do_authentication2(void)
 	dispatch_init(&dispatch_protocol_error);
 	dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
 	dispatch_run(DISPATCH_BLOCK, &authctxt->success, authctxt);
-
+	do_authenticated(authctxt);
 	return(authctxt);
 }
 static void
@ -188,15 +182,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 		*style++ = 0;
 	if (authctxt->attempt++ == 0) {
-  		/* setup auth context */
+		/* setup auth context */
 		int allowed;
 		struct passwd *pw = NULL;
-		if (!use_privsep) {
+		pw = getpwnam(user);
-			pw = getpwnam(user);
+		if (pw && allowed_user(pw) && strcmp(service, "ssh-connection")==0) {
 			allowed = pw ? allowed_user(pw) : 0;
 		} else
 			pw = mm_getpwnamallow(mm_recvfd, user, &allowed);
 		if (pw && allowed && strcmp(service, "ssh-connection")==0) {
 			authctxt->pw = pwcopy(pw);
 			authctxt->valid = 1;
 			debug2("input_userauth_request: setting up authctxt for %s", user);
@ -209,18 +198,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
 			start_pam("NOUSER");
 #endif
 		}
-		/* Free memory */
+		setproctitle("%s", pw ? user : "unknown");
 		if (use_privsep)
 			pwfree(pw);
 		setproctitle("%s%s", use_privsep ? " [net]" : "",
 		    pw ? user : "unknown");
 		authctxt->user = xstrdup(user);
 		authctxt->service = xstrdup(service);
 		authctxt->style = style ? xstrdup(style) : NULL;
 		if (use_privsep)
 			mm_inform_authserv(mm_recvfd, service, style);
 	} else if (strcmp(user, authctxt->user) != 0 ||
 	    strcmp(service, authctxt->service) != 0) {
 		packet_disconnect("Change of username or service not allowed: "
@ -332,8 +313,6 @@ done:
 static int
 userauth_none(Authctxt *authctxt)
 {
 	int res = 0;
 	/* disable method "none", only allowed one time */
 	Authmethod *m = authmethod_lookup("none");
 	if (m != NULL)
@ -343,16 +322,18 @@ userauth_none(Authctxt *authctxt)
 	if (authctxt->valid == 0)
 		return(0);
-	if (!authctxt->valid)
+
-		return (0);
+#ifdef HAVE_CYGWIN
-	if (use_privsep)
+	if (check_nt_auth(1, authctxt->pw) == 0)
-#if defined(USE_PAM) || defined(HAVE_OSF_SIA)
+		return(0);
 #error NOT IMPLEMENTED FOR PRIVSEP
 #endif
-		res = mm_auth_password(mm_recvfd, "");
+#ifdef USE_PAM
-	else
+	return auth_pam_password(authctxt->pw, "");
-		res = auth_password(authctxt, "");
+#elif defined(HAVE_OSF_SIA)
-	return (res);
+	return 0;
 #else /* !HAVE_OSF_SIA && !USE_PAM */
 	return auth_password(authctxt, "");
 #endif /* USE_PAM */
 }
 static int
@ -367,16 +348,18 @@ userauth_passwd(Authctxt *authctxt)
 		log("password change not supported");
 	password = packet_get_string(&len);
 	packet_check_eom();
-
+	if (authctxt->valid &&
-#if defined(HAVE_CYGWIN) || defined(USE_PAM) || defined(HAVE_OSF_SIA)
+#ifdef HAVE_CYGWIN
-#error NOT IMPLEMENTED FOR PRIVSEP
+	    check_nt_auth(1, authctxt->pw) &&
 #endif
-	if (authctxt->valid) {
+#ifdef USE_PAM
-		if (use_privsep)
+	    auth_pam_password(authctxt->pw, password) == 1)
-			authenticated = mm_auth_password(mm_recvfd, password);
+#elif defined(HAVE_OSF_SIA)
-		else
+	    auth_sia_password(authctxt->user, password) == 1)
-			authenticated = auth_password(authctxt, password);
+#else /* !USE_PAM && !HAVE_OSF_SIA */
-	}
+	    auth_password(authctxt, password) == 1)
 #endif /* USE_PAM */
 		authenticated = 1;
 	memset(password, 0, len);
 	xfree(password);
 	return authenticated;
@ -484,23 +467,12 @@ userauth_pubkey(Authctxt *authctxt)
 		buffer_dump(&b);
 #endif
 		/* test for correct signature */
-		authenticated = 0;
+		if (user_key_allowed(authctxt->pw, key) &&
-		if (use_privsep) {
+		    key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
-			if (mm_user_key_allowed(mm_recvfd, key) &&
+			authenticated = 1;
 			    mm_key_verify(mm_recvfd,
 				MM_USERKEY, NULL, NULL,	key, sig, slen,
 				buffer_ptr(&b), buffer_len(&b)) == 1)
 				authenticated = 1;
 		} else {
 			if (user_key_allowed(authctxt->pw, key) &&
 			    key_verify(key, sig, slen, buffer_ptr(&b),
 				buffer_len(&b)) == 1)
 				authenticated = 1;
 		}
 		buffer_clear(&b);
 		xfree(sig);
 	} else {
 		int res = 0;
 		debug("test whether pkalg/pkblob are acceptable");
 		packet_check_eom();
@ -512,11 +484,7 @@ userauth_pubkey(Authctxt *authctxt)
 		 * if a user is not allowed to login. is this an
 		 * issue? -markus
 		 */
-		if (use_privsep)
+		if (user_key_allowed(authctxt->pw, key)) {
 			res = mm_user_key_allowed(mm_recvfd, key);
 		else
 			res = user_key_allowed(authctxt->pw, key);
 		if (res) {
 			packet_start(SSH2_MSG_USERAUTH_PK_OK);
 			packet_put_string(pkalg, alen);
 			packet_put_string(pkblob, blen);
@ -604,18 +572,9 @@ userauth_hostbased(Authctxt *authctxt)
 	buffer_dump(&b);
 #endif
 	/* test for allowed key and correct signature */
-	authenticated = 0;
+	if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) &&
-	if (use_privsep) {
+	    key_verify(key, sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
-		if (mm_hostbased_key_allowed(mm_recvfd, cuser, chost, key) &&
+		authenticated = 1;
 		    mm_key_verify(mm_recvfd, MM_HOSTKEY, cuser, chost, key,
 			sig, slen, buffer_ptr(&b), buffer_len(&b)) == 1)
 			authenticated = 1;
 	} else {
 		if (hostbased_key_allowed(authctxt->pw, cuser, chost, key) &&
 		    key_verify(key, sig, slen, buffer_ptr(&b),
 			buffer_len(&b)) == 1)
 			authenticated = 1;
 	}
 	buffer_clear(&b);
 done:
@ -771,7 +730,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
 }
 /* check whether given key is in .ssh/authorized_keys* */
-int
+static int
 user_key_allowed(struct passwd *pw, Key *key)
 {
 	int success;
@ -791,7 +750,7 @@ user_key_allowed(struct passwd *pw, Key *key)
 }
 /* return 1 if given hostkey is allowed */
-int
+static int
 hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
    Key *key)
 {
--- a/bufaux.c
+++ b/bufaux.c
@ -221,8 +221,6 @@ buffer_put_string(Buffer *buffer, const void *buf, u_int len)
 void
 buffer_put_cstring(Buffer *buffer, const char *s)
 {
 	if (s == NULL)
 		fatal("buffer_put_cstring: s == NULL");
 	buffer_put_string(buffer, s, strlen(s));
 }
--- a/cipher.c
+++ b/cipher.c
@ -541,43 +541,3 @@ evp_rijndael(void)
 #endif
 	return (&rijndal_cbc);
 }
 /* 
 * Exports an IV from the CipherContext required to export the key
 * state back from the unprivileged child to the privileged parent
 * process.
 */
 void
 cipher_get_keyiv(CipherContext *cc, u_char *iv, u_int len)
 {
 	Cipher *c = cc->cipher;
 	u_char *civ = NULL;
 	int evplen;
 	switch (c->number) {
 	case SSH_CIPHER_SSH2:
 		evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
 		if (evplen == 0)
 			return;
 		if (evplen != len)
 			fatal("%s: wrong iv length %d != %d", __FUNCTION__,
 			    evplen, len);
 		if (strncmp(c->name, "aes", 3) == 0) {
 			struct ssh_rijndael_ctx *aesc;
 			aesc = EVP_CIPHER_CTX_get_app_data(&cc->evp);
 			if (aesc == NULL)
 				fatal("ssh_rijndael_cbc: no context");
 			civ = aesc->r_iv;
 		} else {
 			civ = cc->evp.iv;
 		}
 		break;
 	default:
 		fatal("%s: bad cipher %d", __FUNCTION__, c->number);
 	}
 	memcpy(iv, civ, len);
 }
--- a/cipher.h
+++ b/cipher.h
@ -81,6 +81,4 @@ void	 cipher_cleanup(CipherContext *);
 void	 cipher_set_key_string(CipherContext *, Cipher *, const char *, int);
 u_int	 cipher_blocksize(Cipher *);
 u_int	 cipher_keylen(Cipher *);
 void	 cipher_get_keyiv(CipherContext *, u_char *, u_int);
 #endif				/* CIPHER_H */
--- a/compress.c
+++ b/compress.c
@ -19,8 +19,8 @@ RCSID("$OpenBSD: compress.c,v 1.17 2001/12/29 21:56:01 stevesk Exp $");
 #include "zlib.h"
 #include "compress.h"
-z_stream incoming_stream;
+static z_stream incoming_stream;
-z_stream outgoing_stream;
+static z_stream outgoing_stream;
 static int compress_init_send_called = 0;
 static int compress_init_recv_called = 0;
--- a/kex.c
+++ b/kex.c
@ -43,10 +43,6 @@ RCSID("$OpenBSD: kex.c,v 1.47 2002/02/28 15:46:33 markus Exp $");
 #define KEX_COOKIE_LEN	16
 /* Use privilege separation for sshd */
 int use_privsep;
 int mm_recvfd;
 /* prototype */
 static void kex_kexinit_finish(Kex *);
 static void kex_choose_conf(Kex *);
--- a/kex.h
+++ b/kex.h
@ -111,7 +111,6 @@ struct Kex {
 	char	*server_version_string;
 	int	(*verify_host_key)(Key *);
 	Key	*(*load_host_key)(int);
 	int	(*host_key_index)(Key *);
 };
 Kex	*kex_setup(char *[PROPOSAL_MAX]);
--- a/kexdh.c
+++ b/kexdh.c
@ -37,12 +37,6 @@ RCSID("$OpenBSD: kexdh.c,v 1.17 2002/02/28 15:46:33 markus Exp $");
 #include "packet.h"
 #include "dh.h"
 #include "ssh2.h"
 #include "monitor.h"
 #include "monitor_wrap.h"
 /* Imports */
 extern int use_privsep;
 extern int mm_recvfd;
 static u_char *
 kex_dh_hash(
@ -281,12 +275,7 @@ kexdh_server(Kex *kex)
 	/* sign H */
 	/* XXX hashlen depends on KEX */
-	if (use_privsep)
+	key_sign(server_host_key, &signature, &slen, hash, 20);
 		mm_key_sign(mm_recvfd,
 		    kex->host_key_index(server_host_key),
 		    &signature, &slen, hash, 20);
 	else
 		key_sign(server_host_key, &signature, &slen, hash, 20);
 	/* destroy_sensitive_data(); */
--- a/kexgex.c
+++ b/kexgex.c
@ -38,12 +38,6 @@ RCSID("$OpenBSD: kexgex.c,v 1.20 2002/02/28 15:46:33 markus Exp $");
 #include "dh.h"
 #include "ssh2.h"
 #include "compat.h"
 #include "monitor.h"
 #include "monitor_wrap.h"
 /* Imports */
 extern int use_privsep;
 extern int mm_recvfd;
 static u_char *
 kexgex_hash(
@ -302,11 +296,7 @@ kexgex_server(Kex *kex)
 		fatal("DH_GEX_REQUEST, bad parameters: %d !< %d !< %d",
 		    min, nbits, max);
-	/* Contact privileged parent */
+	dh = choose_dh(min, nbits, max);
 	if (use_privsep)
 		dh = mm_choose_dh(mm_recvfd, min, nbits, max);
 	else
 		dh = choose_dh(min, nbits, max);
 	if (dh == NULL)
 		packet_disconnect("Protocol error: no matching DH grp found");
@ -389,11 +379,7 @@ kexgex_server(Kex *kex)
 	/* sign H */
 	/* XXX hashlen depends on KEX */
-	if (use_privsep)
+	key_sign(server_host_key, &signature, &slen, hash, 20);
 		mm_key_sign(mm_recvfd, kex->host_key_index(server_host_key),
 		    &signature, &slen, hash, 20);
 	else
 		key_sign(server_host_key, &signature, &slen, hash, 20);
 	/* destroy_sensitive_data(); */
@ -404,7 +390,6 @@ kexgex_server(Kex *kex)
 	packet_put_bignum2(dh->pub_key);	/* f */
 	packet_put_string(signature, slen);
 	packet_send();
 	xfree(signature);
 	xfree(server_host_key_blob);
 	/* have keys, free DH */
--- a/key.c
+++ b/key.c
@ -801,46 +801,3 @@ key_verify(
 		break;
 	}
 }
 /* Converts a private to a public key */
 Key *
 key_demote(Key *k)
 {
 	Key *pk;
 	pk = xmalloc(sizeof(*pk));
 	pk->type = k->type;
 	pk->flags = k->flags;
 	pk->dsa = NULL;
 	pk->rsa = NULL;
 	switch (k->type) {
 	case KEY_RSA1:
 	case KEY_RSA:
 		if ((pk->rsa = RSA_new()) == NULL)
 			fatal("key_demote: RSA_new failed");
 		if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
 			fatal("key_demote: BN_dup failed");
 		if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
 			fatal("key_demote: BN_dup failed");
 		break;
 	case KEY_DSA:
 		if ((pk->dsa = DSA_new()) == NULL)
 			fatal("key_demote: DSA_new failed");
 		if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
 			fatal("key_demote: BN_dup failed");
 		if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
 			fatal("key_demote: BN_dup failed");
 		if ((pk->dsa->g = BN_dup(k->dsa->g)) == NULL)
 			fatal("key_demote: BN_dup failed");
 		if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL)
 			fatal("key_demote: BN_dup failed");
 		break;
 	default:
 		fatal("key_free: bad key type %d", k->type);
 		break;
 	}
 	return (pk);
 }
--- a/key.h
+++ b/key.h
@ -58,7 +58,6 @@ struct Key {
 Key	*key_new(int);
 Key	*key_new_private(int);
 void	 key_free(Key *);
 Key	*key_demote(Key *);
 int	 key_equal(Key *, Key *);
 char	*key_fingerprint(Key *, enum fp_type, enum fp_rep);
 char	*key_type(Key *);
--- a/packet.c
+++ b/packet.c
@ -115,8 +115,6 @@ static int interactive_mode = 0;
 /* Session key information for Encryption and MAC */
 Newkeys *newkeys[MODE_MAX];
 static u_int32_t read_seqnr = 0;
 static u_int32_t send_seqnr = 0;
 /* roundup current message to extra_pad bytes */
 static u_char extra_pad = 0;
@ -173,87 +171,6 @@ packet_connection_is_on_socket(void)
 	return 1;
 }
 /* 
 * Exports an IV from the CipherContext required to export the key
 * state back from the unprivileged child to the privileged parent
 * process.
 */
 void
 packet_get_keyiv(int mode, u_char *iv, u_int len)
 {
 	CipherContext *cc;
 	if (mode == MODE_OUT)
 		cc = &send_context;
 	else
 		cc = &receive_context;
 	cipher_get_keyiv(cc, iv, len);
 }
 int
 packet_get_keycontext(int mode, u_char *dat)
 {
 	int plen;
 	CipherContext *cc;
 	if (mode == MODE_OUT)
 		cc = &send_context;
 	else
 		cc = &receive_context;
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
 	plen = sizeof(cc->evp.c);
 #else
 	plen = cc->evp.cipher->ctx_size;
 #endif
 	if (dat == NULL)
 		return (plen);
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
 	memcpy(dat, &cc->evp.c, sizeof(cc->evp.c));
 #else
 	memcpy(dat, &cc->evp.cipher_data, plen);
 #endif
 	return (plen);
 }
 void
 packet_set_keycontext(int mode, u_char *dat)
 {
 	CipherContext *cc;
 	if (mode == MODE_OUT)
 		cc = &send_context;
 	else
 		cc = &receive_context;
 #if OPENSSL_VERSION_NUMBER < 0x00907000L
 	memcpy(&cc->evp.c, dat, sizeof(cc->evp.c));
 #else
 	memcpy(&cc->evp.cipher_data, dat, cc->evp.cipher->ctx_size);
 #endif
 }
 u_int32_t
 packet_get_seqnr(int mode)
 {
 	return (mode == MODE_IN ? read_seqnr : send_seqnr);
 }
 void
 packet_set_seqnr(int mode, u_int32_t seqnr)
 {
 	if (mode == MODE_IN)
 		read_seqnr = seqnr;
 	else if (mode == MODE_OUT)
 		send_seqnr = seqnr;
 	else
 		fatal("%s: bad mode %d", __FUNCTION__, mode);
 }
 /* returns 1 if connection is via ipv4 */
 int
@ -516,7 +433,7 @@ packet_send1(void)
 	 */
 }
-void
+static void
 set_newkeys(int mode)
 {
 	Enc *enc;
@ -560,9 +477,8 @@ set_newkeys(int mode)
 	DBG(debug("cipher_init_context: %d", mode));
 	cipher_init(cc, enc->cipher, enc->key, enc->key_len,
 	    enc->iv, enc->block_size, encrypt);
-	/* Deleting the keys does not gain extra security */
+	memset(enc->iv,  0, enc->block_size);
-	/* memset(enc->iv,  0, enc->block_size);
+	memset(enc->key, 0, enc->key_len);
 	   memset(enc->key, 0, enc->key_len); */
 	if (comp->type != 0 && comp->enabled == 0) {
 		packet_init_compression();
 		if (mode == MODE_OUT)
@ -579,6 +495,7 @@ set_newkeys(int mode)
 static void
 packet_send2(void)
 {
 	static u_int32_t seqnr = 0;
 	u_char type, *cp, *macbuf = NULL;
 	u_char padlen, pad;
 	u_int packet_length = 0;
@ -659,10 +576,10 @@ packet_send2(void)
 	/* compute MAC over seqnr and packet(length fields, payload, padding) */
 	if (mac && mac->enabled) {
-		macbuf = mac_compute(mac, send_seqnr,
+		macbuf = mac_compute(mac, seqnr,
 		    buffer_ptr(&outgoing_packet),
 		    buffer_len(&outgoing_packet));
-		DBG(debug("done calc MAC out #%d", send_seqnr));
+		DBG(debug("done calc MAC out #%d", seqnr));
 	}
 	/* encrypt packet and append to output buffer. */
 	cp = buffer_append_space(&output, buffer_len(&outgoing_packet));
@ -676,7 +593,7 @@ packet_send2(void)
 	buffer_dump(&output);
 #endif
 	/* increment sequence number for outgoing packets */
-	if (++send_seqnr == 0)
+	if (++seqnr == 0)
 		log("outgoing seqnr wraps around");
 	buffer_clear(&outgoing_packet);
@ -866,6 +783,7 @@ packet_read_poll1(void)
 static int
 packet_read_poll2(u_int32_t *seqnr_p)
 {
 	static u_int32_t seqnr = 0;
 	static u_int packet_length = 0;
 	u_int padlen, need;
 	u_char *macbuf, *cp, type;
@ -927,17 +845,17 @@ packet_read_poll2(u_int32_t *seqnr_p)
 	 * increment sequence number for incoming packet
 	 */
 	if (mac && mac->enabled) {
-		macbuf = mac_compute(mac, read_seqnr,
+		macbuf = mac_compute(mac, seqnr,
 		    buffer_ptr(&incoming_packet),
 		    buffer_len(&incoming_packet));
 		if (memcmp(macbuf, buffer_ptr(&input), mac->mac_len) != 0)
 			packet_disconnect("Corrupted MAC on input.");
-		DBG(debug("MAC #%d ok", read_seqnr));
+		DBG(debug("MAC #%d ok", seqnr));
 		buffer_consume(&input, mac->mac_len);
 	}
 	if (seqnr_p != NULL)
-		*seqnr_p = read_seqnr;
+		*seqnr_p = seqnr;
-	if (++read_seqnr == 0)
+	if (++seqnr == 0)
 		log("incoming seqnr wraps around");
 	/* get padlen */
--- a/packet.h
+++ b/packet.h
@ -56,13 +56,6 @@ void	*packet_get_string(u_int *length_ptr);
 void     packet_disconnect(const char *fmt,...) __attribute__((format(printf, 1, 2)));
 void     packet_send_debug(const char *fmt,...) __attribute__((format(printf, 1, 2)));
 void	 set_newkeys(int mode);
 void	 packet_get_keyiv(int, u_char *, u_int);
 int	 packet_get_keycontext(int, u_char *);
 void	 packet_set_keycontext(int, u_char *);
 u_int32_t packet_get_seqnr(int);
 void	 packet_set_seqnr(int, u_int32_t);
 void     packet_write_poll(void);
 void     packet_write_wait(void);
 int      packet_have_data_to_write(void);
--- a/servconf.c
+++ b/servconf.c
@ -36,8 +36,6 @@ static void add_one_listen_addr(ServerOptions *, char *, u_short);
 /* AF_UNSPEC or AF_INET or AF_INET6 */
 extern int IPv4or6;
 /* Use of privilege separation or not */
 extern int use_privsep;
 /* Initializes the server options to their default values. */
@ -112,9 +110,6 @@ initialize_server_options(ServerOptions *options)
 	options->client_alive_count_max = -1;
 	options->authorized_keys_file = NULL;
 	options->authorized_keys_file2 = NULL;
 	/* Needs to be accessable in many places */
 	use_privsep = -1;
 }
 void
@ -240,10 +235,6 @@ fill_default_server_options(ServerOptions *options)
 	}
 	if (options->authorized_keys_file == NULL)
 		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
 	/* Turn privilege separation on by default */
 	if (use_privsep == -1)
 		use_privsep = 1;
 }
 /* Keyword tokens. */
@ -276,7 +267,6 @@ typedef enum {
 	sBanner, sVerifyReverseMapping, sHostbasedAuthentication,
 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
 	sUsePrivilegeSeparation,
 	sDeprecated
 } ServerOpCodes;
@ -352,7 +342,6 @@ static struct {
 	{ "clientalivecountmax", sClientAliveCountMax },
 	{ "authorizedkeysfile", sAuthorizedKeysFile },
 	{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
 	{ "useprivilegeseparation", sUsePrivilegeSeparation},
 	{ NULL, sBadOption }
 };
@ -729,10 +718,6 @@ parse_flag:
 		intptr = &options->allow_tcp_forwarding;
 		goto parse_flag;
 	case sUsePrivilegeSeparation:
 		intptr = &use_privsep;
 		goto parse_flag;
 	case sAllowUsers:
 		while ((arg = strdelim(&cp)) && *arg != '\0') {
 			if (options->num_allow_users >= MAX_ALLOW_USERS)
--- a/session.c
+++ b/session.c
@ -56,8 +56,6 @@ RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $");
 #include "serverloop.h"
 #include "canohost.h"
 #include "session.h"
 #include "monitor.h"
 #include "monitor_wrap.h"
 #ifdef HAVE_CYGWIN
 #include <windows.h>
@ -65,15 +63,39 @@ RCSID("$OpenBSD: session.c,v 1.128 2002/02/16 00:51:44 markus Exp $");
 #define is_winnt       (GetVersion() < 0x80000000)
 #endif
-/* Imports */
+/* types */
-extern int use_privsep;
+
-extern int mm_recvfd;
+#define TTYSZ 64
 typedef struct Session Session;
 struct Session {
 	int	used;
 	int	self;
 	struct passwd *pw;
 	Authctxt *authctxt;
 	pid_t	pid;
 	/* tty */
 	char	*term;
 	int	ptyfd, ttyfd, ptymaster;
 	int	row, col, xpixel, ypixel;
 	char	tty[TTYSZ];
 	/* X11 */
 	int	display_number;
 	char	*display;
 	int	screen;
 	char	*auth_display;
 	char	*auth_proto;
 	char	*auth_data;
 	int	single_connection;
 	/* proto 2 */
 	int	chanid;
 	int	is_subsystem;
 };
 /* func */
 Session *session_new(void);
 void	session_set_fds(Session *, int, int, int);
-void	session_pty_cleanup(void *);
+static void	session_pty_cleanup(void *);
 void	session_proctitle(Session *);
 int	session_setup_x11fwd(Session *);
 void	do_exec_pty(Session *, const char *);
@ -90,6 +112,7 @@ int	check_quietlogin(Session *, const char *);
 static void do_authenticated1(Authctxt *);
 static void do_authenticated2(Authctxt *);
 static void session_close(Session *);
 static int session_pty_req(Session *);
 /* import */
@ -1425,8 +1448,7 @@ session_pty_req(Session *s)
 {
 	u_int len;
 	int n_bytes;
-	int res;
+
 	if (no_pty_flag) {
 		debug("Allocating a pty not permitted for this authentication.");
 		return 0;
@ -1455,15 +1477,7 @@ session_pty_req(Session *s)
 	/* Allocate a pty and open it. */
 	debug("Allocating pty.");
-	if (!use_privsep) {
+	if (!pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty))) {
 		res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty,
 			sizeof(s->tty));
 		if (res)
 			pty_setowner(s->pw, s->tty);
 	} else 
 		res = mm_pty_allocown(mm_recvfd,
 		    &s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
 	if (!res) {
 		if (s->term)
 			xfree(s->term);
 		s->term = NULL;
@ -1484,6 +1498,7 @@ session_pty_req(Session *s)
 	 * time in case we call fatal() (e.g., the connection gets closed).
 	 */
 	fatal_add_cleanup(session_pty_cleanup, (void *)s);
 	pty_setowner(s->pw, s->tty);
 	/* Set window size from the packet. */
 	pty_change_window_size(s->ptyfd, s->row, s->col, s->xpixel, s->ypixel);
@ -1646,7 +1661,7 @@ session_set_fds(Session *s, int fdin, int fdout, int fderr)
 * Function to perform pty cleanup. Also called if we get aborted abnormally
 * (e.g., due to a dropped connection).
 */
-void
+static void
 session_pty_cleanup(void *session)
 {
 	Session *s = session;
@ -1724,7 +1739,7 @@ session_exit_message(Session *s, int status)
 	s->chanid = -1;
 }
-void
+static void
 session_close(Session *s)
 {
 	debug("session_close: session %d pid %d", s->self, s->pid);
--- a/session.h
+++ b/session.h
@ -26,32 +26,6 @@
 #ifndef SESSION_H
 #define SESSION_H
 #define TTYSZ 64
 typedef struct Session Session;
 struct Session {
 	int	used;
 	int	self;
 	struct passwd *pw;
 	Authctxt *authctxt;
 	pid_t	pid;
 	/* tty */
 	char	*term;
 	int	ptyfd, ttyfd, ptymaster;
 	int	row, col, xpixel, ypixel;
 	char	tty[TTYSZ];
 	/* X11 */
 	int	display_number;
 	char	*display;
 	int	screen;
 	char	*auth_display;
 	char	*auth_proto;
 	char	*auth_data;
 	int	single_connection;
 	/* proto 2 */
 	int	chanid;
 	int	is_subsystem;
 };
 void	 do_authenticated(Authctxt *);
 int	 session_open(Authctxt*, int);
@ -60,6 +34,4 @@ void	 session_close_by_pid(pid_t, int);
 void	 session_close_by_channel(int, void *);
 void	 session_destroy_all(void);
 Session	*session_new(void);
 void	 session_close(Session *);
 #endif
--- a/sshd.c
+++ b/sshd.c
@ -72,11 +72,6 @@ RCSID("$OpenBSD: sshd.c,v 1.228 2002/02/27 21:23:13 stevesk Exp $");
 #include "misc.h"
 #include "dispatch.h"
 #include "channels.h"
 #include "session.h"
 #include "monitor_mm.h"
 #include "monitor.h"
 #include "monitor_wrap.h"
 #include "monitor_fdpass.h"
 #ifdef LIBWRAP
 #include <tcpd.h>
@ -194,20 +189,8 @@ u_int utmp_len = MAXHOSTNAMELEN;
 int *startup_pipes = NULL;
 int startup_pipe;		/* in child */
 /* variables used for privilege separation */
 #define MM_MEMSIZE	65536
 struct mm_master *mm_zback;
 struct mm_master *mm_zlib;
 extern int use_privsep;
 /* Socket for the child to receive a fd */
 extern int mm_recvfd;
 /* Socket for the parent to send a fd */
 int mm_sendfd;
 /* Prototypes for various functions defined later in this file. */
 void destroy_sensitive_data(void);
 void demote_sensitive_data(void);
 static void do_ssh1_kex(void);
 static void do_ssh2_kex(void);
@ -494,69 +477,6 @@ destroy_sensitive_data(void)
 	memset(sensitive_data.ssh1_cookie, 0, SSH_SESSION_KEY_LENGTH);
 }
 /* Demote private to public keys for network child */
 void
 demote_sensitive_data(void)
 {
 	Key *tmp;
 	int i;
 	if (sensitive_data.server_key) {
 		tmp = key_demote(sensitive_data.server_key);
 		key_free(sensitive_data.server_key);
 		sensitive_data.server_key = tmp;
 	}
 	for (i = 0; i < options.num_host_key_files; i++) {
 		if (sensitive_data.host_keys[i]) {
 			tmp = key_demote(sensitive_data.host_keys[i]);
 			key_free(sensitive_data.host_keys[i]);
 			sensitive_data.host_keys[i] = tmp;
 		}
 	}
 	/* We do not clear ssh1_host key and cookie.  XXX - Okay Niels? */
 }
 void
 privsep_postauth(Authctxt *authctxt)
 {
 	pid_t pid;
 	if (0) {
 		/* File descriptor passing is broken */
 		mm_apply_keystate(mm_zlib);
 		use_privsep = 0;
 		return;
 	}
 	pid = fork();
 	if (pid == -1)
 		fatal("fork of unprivileged child failed");
 	else if (pid != 0) {
 		debug2("User child is on pid %d", pid);
 		close(mm_recvfd);
 		monitor_child_postauth(mm_sendfd);
 		/* Teardown? */
 		exit(0);
 	}
 	close(mm_sendfd);
 	/* Demote the private keys to public keys. */
 	demote_sensitive_data();
 	/* Drop privileges */
 	if (seteuid(authctxt->pw->pw_uid) == -1)
 		fatal("%s: seteuid", __FUNCTION__);
 	if (setuid(authctxt->pw->pw_uid) == -1)
 		fatal("%s: setuid", __FUNCTION__);
 	/* It is safe now to apply the key state */
 	mm_apply_keystate(mm_zlib);
 }
 static char *
 list_hostkey_types(void)
 {
@ -598,25 +518,6 @@ get_hostkey_by_type(int type)
 	return NULL;
 }
 Key *
 get_hostkey_by_index(int ind)
 {
 	if (ind < 0 || ind >= options.num_host_key_files)
 		return (NULL);
 	return (sensitive_data.host_keys[ind]);
 }
 int
 get_hostkey_index(Key *key)
 {
 	int i;
 	for (i = 0; i < options.num_host_key_files; i++) {
 		if (key == sensitive_data.host_keys[i])
 			return (i);
 	}
 	return (-1);
 }
 /*
 * returns 1 if connection should be dropped, 0 otherwise.
 * dropping starts at connection #max_startups_begin with a probability
@ -693,8 +594,6 @@ main(int ac, char **av)
 	int listen_sock, maxfd;
 	int startup_p[2];
 	int startups = 0;
 	Authctxt *authctxt;
 	int sp[2];
 	Key *key;
 	int ret, key_used = 0;
@ -1332,84 +1231,23 @@ main(int ac, char **av)
 	packet_set_nonblocking();
 	if (!use_privsep)
 		goto skip_privilegeseparation;
 	/* Set up unprivileged child process to deal with network data */
 	monitor_socketpair(sp);
 	mm_recvfd = sp[0];
 	mm_sendfd = sp[1];
 	/* Used to share zlib space across processes */
 	mm_zback = mm_create(NULL, MM_MEMSIZE);
 	mm_zlib = mm_create(mm_zback, 20 * MM_MEMSIZE);
 	/* Compression needs to share state across borders */
 	mm_init_compression(mm_zlib);
 	pid = fork();
 	if (pid == -1)
 		fatal("fork of unprivileged child failed");
 	else if (pid != 0) {
 		debug2("Network child is on pid %d", pid);
 		authctxt = monitor_child_preauth(mm_sendfd);
 		/* The member allocation is not visible, so sync it */
 		mm_share_sync(&mm_zlib, &mm_zback);
 		goto authenticated;
 	} else {
 		/* Demote the private keys to public keys. */
 		demote_sensitive_data();
 		/* Change our root directory - /var/empty is standard*/
 		if (chroot("/var/empty") == -1)
 			fatal("chroot(/var/empty)");
 		if (chdir("/") == -1)
 			fatal("chdir(/)");
 		/* Drop our privileges */
 		seteuid(32767); /* XXX - Niels */
 		setuid(32767);
 	}		
 skip_privilegeseparation:
 	/* perform the key exchange */
 	/* authenticate user and start session */
 	if (compat20) {
 		do_ssh2_kex();
-		authctxt = do_authentication2();
+		do_authentication2();
 		if (use_privsep)
 			mm_send_keystate(mm_recvfd);
 	} else {
 		do_ssh1_kex();
-		authctxt = do_authentication();
+		do_authentication();
 	}
-
+	/* The connection has been terminated. */
-	/* If we use privilege separation, the unprivileged child exits */
+	verbose("Closing connection to %.100s", remote_ip);
 	if (use_privsep)
 		exit(0);
 authenticated:
 	/* 
 	 * In privilege separation, we fork another child and prepare
 	 * file descriptor passing.
 	 */
 	if (use_privsep)
 		privsep_postauth(authctxt);
 	/* Perform session preparation. */
 	do_authenticated(authctxt);
 #ifdef USE_PAM
 	finish_pam();
 #endif /* USE_PAM */
 	packet_close();
 	if (use_privsep)
 		mm_terminate(mm_recvfd);
 	exit(0);
 }
@ -1615,6 +1453,8 @@ do_ssh1_kex(void)
 		for (i = 0; i < 16; i++)
 			session_id[i] = session_key[i] ^ session_key[i + 16];
 	}
 	/* Destroy the private and public keys.  They will no longer be needed. */
 	destroy_sensitive_data();
 	/* Destroy the decrypted integer.  It is no longer needed. */
 	BN_clear_free(session_key_int);
@ -1662,7 +1502,6 @@ do_ssh2_kex(void)
 	kex->client_version_string=client_version_string;
 	kex->server_version_string=server_version_string;
 	kex->load_host_key=&get_hostkey_by_type;
 	kex->host_key_index=&get_hostkey_index;
 	xxx_kex = kex;