- (djm) Merged big SCO portability patch from Tim Rice

<tim@multitalents.net>

CREDITS

@@ -62,13 +62,14 @@ Pavel Troller <patrol@omni.sinus.cz> - Bugfixes
 Pekka Savola <pekkas@netcore.fi> - Bugfixes
 Peter Kocks <peter.kocks@baygate.com> - Makefile fixes
 Phil Hands <phil@hands.com> - Debian scripts, assorted patches
-Phil Karn <karn@ka9q.ampr.org> - Autoconf fix
+Phil Karn <karn@ka9q.ampr.org> - Autoconf fixes
 Phill Camp <P.S.S.Camp@ukc.ac.uk> - login code fix
 Rip Loomis <loomisg@cist.saic.com> - Solaris package support, fixes
 SAKAI Kiyotaka <ksakai@kso.netwk.ntt-at.co.jp> - Multiple bugfixes
 Simon Wilkinson <sxw@dcs.ed.ac.uk> - PAM fixes
 Svante Signell <svante.signell@telia.com> - Bugfixes
 Thomas Neumann <tom@smart.ruhr.de> - Shadow passwords
+Tim Rice <tim@multitalents.net> - Portability & SCO fixes
 Tom Bertelson's <tbert@abac.com> - AIX auth fixes
 Tor-Ake Fransson <torake@hotmail.com> - AIX support
 Tudor Bosman <tudorb@jm.nu> - MD5 password support

ChangeLog

@@ -4,6 +4,8 @@
    <peak@argo.troja.mff.cuni.cz> 
  - (djm) Clean up. Strip some unnecessary differences with OpenBSD's code,
    tidy necessary differences. Use Markus' new debugN() in entropy.c
+ - (djm) Merged big SCO portability patch from Tim Rice 
+   <tim@multitalents.net>
 
 20000926
  - (djm) Update X11-askpass to 1.0.2 in RPM spec file

Makefile.in

@@ -20,7 +20,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
 CC=@CC@
 LD=@LD@
 PATHS=-DETCDIR=\"$(sysconfdir)\" -DSSH_PROGRAM=\"$(SSH_PROGRAM)\" -DSSH_ASKPASS_DEFAULT=\"$(ASKPASS_PROGRAM)\"
-CFLAGS=@CFLAGS@ -I. -I$(srcdir) $(PATHS) @DEFS@
+CFLAGS=@CFLAGS@ $(PATHS) @DEFS@
 LIBS=@LIBS@
 AR=@AR@
 RANLIB=@RANLIB@
@@ -29,6 +29,7 @@ PERL=@PERL@
 ENT=@ENT@
 LDFLAGS=-L. @LDFLAGS@
 EXEEXT=@EXEEXT@
+SSH_MODE= @SSHMODE@
 
 INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
 
@@ -121,13 +122,13 @@ distprep: catman-do
 install: manpages $(TARGETS) install-files host-key
 
 install-files:
-	./mkinstalldirs $(DESTDIR)$(bindir)
-	./mkinstalldirs $(DESTDIR)$(sbindir)
-	./mkinstalldirs $(DESTDIR)$(mandir)
-	./mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
-	./mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
-	./mkinstalldirs $(DESTDIR)$(libexecdir)
-	$(INSTALL) -m 4755 -s ssh $(DESTDIR)$(bindir)/ssh
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
+	$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
+	$(INSTALL) -m $(SSH_MODE) -s ssh $(DESTDIR)$(bindir)/ssh
 	$(INSTALL) -m 0755 -s scp $(DESTDIR)$(bindir)/scp
 	$(INSTALL) -m 0755 -s ssh-add $(DESTDIR)$(bindir)/ssh-add
 	$(INSTALL) -m 0755 -s ssh-agent $(DESTDIR)$(bindir)/ssh-agent
@@ -145,13 +146,14 @@ install-files:
 	ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
 	ln -s ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+	@FILEPRIV@ -f dev,filesys,driver $(DESTDIR)$(bindir)/ssh $(DESTDIR)$(bindir)/slogin
 	if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config -a ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \
-		./mkinstalldirs $(DESTDIR)$(sysconfdir); \
+		$(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \
 		$(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \
 		$(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \
 	fi
 	if [ -f ssh_prng_cmds -a ! -z "$(INSTALL_SSH_PRNG_CMDS)" ]; then \
-		$(PERL) fixprogs ssh_prng_cmds $(ENT); \
+		$(PERL) $(srcdir)/fixprogs ssh_prng_cmds $(ENT); \
 		$(INSTALL) -m 644 ssh_prng_cmds.out $(DESTDIR)$(sysconfdir)/ssh_prng_cmds; \
 	fi
 
@@ -160,18 +162,18 @@ host-key: ssh-keygen$(EXEEXT)
 		if [ -f "$(DESTDIR)$(sysconfdir)/ssh_host_key" ] ; then \
 			echo "$(DESTDIR)$(sysconfdir)/ssh_host_key already exists, skipping." ; \
 		else \
-			./ssh-keygen -b 1024 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" ; \
+			$(srcdir)/ssh-keygen -b 1024 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N "" ; \
 		fi ; \
 		if [ -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key ] ; then \
 			echo "$(DESTDIR)$(sysconfdir)/ssh_host_dsa_key already exists, skipping." ; \
 		else \
-			./ssh-keygen -d -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ; \
+			$(srcdir)/ssh-keygen -d -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N "" ; \
 		fi ; \
 	fi ;
 
 host-key-force: ssh-keygen$(EXEEXT)
-	./ssh-keygen -b 1024 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""
-	./ssh-keygen -d -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
+	$(srcdir)/ssh-keygen -b 1024 -f $(DESTDIR)$(sysconfdir)/ssh_host_key -N ""
+	$(srcdir)/ssh-keygen -d -f $(DESTDIR)$(sysconfdir)/ssh_host_dsa_key -N ""
 
 uninstallall:	uninstall
 	-rm -f $(DESTDIR)$(sysconfdir)/ssh_config

acconfig.h

@@ -6,6 +6,12 @@
 
 @TOP@
 
+/* SCO workaround */
+#undef BROKEN_SYS_TERMIO_H
+
+/* Define if you have SCO protected password database */
+#undef HAVE_SCO_PROTECTED_PW
+
 /* If your header files don't define LOGIN_PROGRAM, then use this (detected) */
 /* from environment and PATH */
 #undef LOGIN_PROGRAM_FALLBACK

auth-passwd.c

@@ -75,6 +75,11 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.17 2000/09/07 20:27:49 deraadt Exp $");
 # include <hpsecurity.h>
 # include <prot.h>
 #endif
+#ifdef HAVE_SCO_PROTECTED_PW
+# include <sys/security.h>
+# include <sys/audit.h>
+# include <prot.h>
+#endif /* HAVE_SCO_PROTECTED_PW */
 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
 # include <shadow.h>
 #endif
@@ -108,6 +113,9 @@ auth_password(struct passwd * pw, const char *password)
 #ifdef __hpux
 	struct pr_passwd *spw;
 #endif
+#ifdef HAVE_SCO_PROTECTED_PW
+	struct pr_passwd *spw;
+#endif /* HAVE_SCO_PROTECTED_PW */
 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
 	struct spwd *spw;
 #endif
@@ -181,10 +189,18 @@ auth_password(struct passwd * pw, const char *password)
 	if (spw != NULL) 
 		pw_password = spw->sp_pwdp;
 #endif /* defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW) */
+
+#ifdef HAVE_SCO_PROTECTED_PW
+	spw = getprpwnam(pw->pw_name);
+	if (spw != NULL) 
+		pw_password = spw->ufld.fd_encrypt;
+#endif /* HAVE_SCO_PROTECTED_PW */
+
 #if defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW)
 	if (issecure() && (spw = getpwanam(pw->pw_name)) != NULL)
 		pw_password = spw->pwa_passwd;
 #endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
+
 #if defined(__hpux)
 	if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
 		pw_password = spw->ufld.fd_encrypt;

authfile.c

@@ -147,7 +147,7 @@ save_private_key_rsa(const char *filename, const char *passphrase,
 		      strerror(errno));
 		buffer_free(&encrypted);
 		close(fd);
-		remove(filename);
+		unlink(filename);
 		return 0;
 	}
 	close(fd);

channels.c

@@ -1317,7 +1317,7 @@ channel_stop_listening()
 		switch (channels[i].type) {
 		case SSH_CHANNEL_AUTH_SOCKET:
 			close(channels[i].sock);
-			remove(channels[i].path);
+			unlink(channels[i].path);
 			channel_free(i);
 			break;
 		case SSH_CHANNEL_PORT_LISTENER:
@@ -2139,7 +2139,7 @@ auth_get_socket_name()
 void
 cleanup_socket(void)
 {
-	remove(channel_forwarded_auth_socket_name);
+	unlink(channel_forwarded_auth_socket_name);
 	rmdir(channel_forwarded_auth_socket_dir);
 }
 

configure.in

@@ -13,6 +13,7 @@ AC_PATH_PROG(PERL, perl)
 AC_SUBST(PERL)
 AC_PATH_PROG(ENT, ent)
 AC_SUBST(ENT)
+AC_PATH_PROGS(FILEPRIV, filepriv, true, /sbin:/usr/sbin)
 
 # Use LOGIN_PROGRAM from environment if possible
 if test ! -z "$LOGIN_PROGRAM" ; then
@@ -36,6 +37,8 @@ if test "$GCC" = "yes"; then
 	CFLAGS="$CFLAGS -Wall"
 fi
 
+CFLAGS="$CFLAGS -I. -I${srcdir-.}"
+
 # Check for some target-specific stuff
 case "$host" in
 *-*-aix*)
@@ -159,6 +162,22 @@ case "$host" in
 	mansubdir=cat
 	LIBS="$LIBS -lgen -lnsl -lucb"
 	;;
+*-*-sysv4.2*)
+	CFLAGS="$CFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib"
+	MANTYPE='$(CATMAN)'
+	mansubdir=cat
+	LIBS="$LIBS -lgen -lsocket -lnsl -lresolv"
+	enable_suid_ssh=no
+	;;
+*-*-sysv5*)
+	CFLAGS="$CFLAGS -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib"
+	MANTYPE='$(CATMAN)'
+	mansubdir=cat
+	LIBS="$LIBS -lgen -lsocket"
+	enable_suid_ssh=no
+	;;
 *-*-sysv*)
 	CFLAGS="$CFLAGS -I/usr/local/include"
 	LDFLAGS="$LDFLAGS -L/usr/local/lib"
@@ -166,14 +185,28 @@ case "$host" in
 	mansubdir=cat
 	LIBS="$LIBS -lgen -lsocket"
 	;;
-*-*-sco3*)
+*-*-sco3.2v4*)
 	AC_DEFINE(USE_PIPES)
+	CFLAGS="$CFLAGS -Dftruncate=chsize -I/usr/local/include"
+	LDFLAGS="$LDFLAGS -L/usr/local/lib"
+	MANTYPE='$(CATMAN)'
+	mansubdir=cat
+	LIBS="$LIBS -lgen -lsocket -los -lprot -lx"
+	no_dev_ptmx=1
+	RANLIB=true
+	AC_DEFINE(BROKEN_SYS_TERMIO_H)
+	rsh_path="/usr/bin/rcmd"
+	AC_DEFINE(HAVE_SCO_PROTECTED_PW)
+	;;
+*-*-sco3.2v5*)
 	CFLAGS="$CFLAGS -I/usr/local/include"
 	LDFLAGS="$LDFLAGS -L/usr/local/lib"
 	MANTYPE='$(CATMAN)'
 	mansubdir=cat
-	LIBS="$LIBS -lgen -lsocket"
+	LIBS="$LIBS -lgen -lsocket -lprot -lx"
 	no_dev_ptmx=1
+	rsh_path="/usr/bin/rcmd"
+	AC_DEFINE(HAVE_SCO_PROTECTED_PW)
 	;;
 *-dec-osf*)
 # This is untested
@@ -230,10 +263,10 @@ if test -z "$no_libnsl" ; then
 fi
 
 # Checks for header files.
-AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h stddef.h time.h ttyent.h usersec.h util.h utmp.h utmpx.h)
+AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h utmp.h utmpx.h)
 
 dnl    Checks for library functions.
-AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock freeaddrinfo futimes gai_strerror getaddrinfo getnameinfo getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty rresvport_af setenv seteuid setlogin setproctitle setreuid sigaction sigvec snprintf strerror strlcat strlcpy strsep strtok_r vsnprintf vhangup _getpty __b64_ntop)
+AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock fchmod freeaddrinfo futimes gai_strerror getaddrinfo getnameinfo getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty rresvport_af setenv seteuid setlogin setproctitle setreuid setrlimit sigaction sigvec snprintf strerror strlcat strlcpy strsep strtok_r vsnprintf vhangup _getpty __b64_ntop)
 dnl    Checks for time functions
 AC_CHECK_FUNCS(gettimeofday time)
 dnl    Checks for libutil functions
@@ -615,7 +648,17 @@ AC_CACHE_CHECK([for sa_family_t], ac_cv_have_sa_family_t, [
 		],
 		[ sa_family_t foo; foo = 1235; ],
 		[ ac_cv_have_sa_family_t="yes" ],
+		[ AC_TRY_COMPILE(
+		  [
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+		],
+		[ sa_family_t foo; foo = 1235; ],
+		[ ac_cv_have_sa_family_t="yes" ],
+
 		[ ac_cv_have_sa_family_t="no" ]
+	)]
 	)
 ])
 if test "x$ac_cv_have_sa_family_t" = "xyes" ; then
@@ -712,9 +755,7 @@ if test "x$ac_cv_have_struct_addrinfo" = "xyes" ; then
 	AC_DEFINE(HAVE_STRUCT_ADDRINFO)
 fi
 
-
-# Checks for structure members
-
+dnl Checks for structure members
 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmp.h, HAVE_HOST_IN_UTMP)
 OSSH_CHECK_HEADER_FOR_FIELD(ut_host, utmpx.h, HAVE_HOST_IN_UTMPX)
 OSSH_CHECK_HEADER_FOR_FIELD(syslen, utmpx.h, HAVE_SYSLEN_IN_UTMPX)
@@ -732,6 +773,7 @@ OSSH_CHECK_HEADER_FOR_FIELD(ut_exit, utmp.h, HAVE_EXIT_IN_UTMP)
 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmp.h, HAVE_TIME_IN_UTMP)
 OSSH_CHECK_HEADER_FOR_FIELD(ut_time, utmpx.h, HAVE_TIME_IN_UTMPX)
 OSSH_CHECK_HEADER_FOR_FIELD(ut_tv, utmpx.h, HAVE_TV_IN_UTMPX)
+AC_STRUCT_ST_BLKSIZE
 
 AC_CACHE_CHECK([for sun_len field in struct sockaddr_un],
 		ac_cv_have_sun_len_in_struct_sockaddr_un, [
@@ -855,7 +897,7 @@ AC_ARG_WITH(xauth,
 		fi
 	],
 	[
-		AC_PATH_PROG(xauth_path, xauth)
+		AC_PATH_PROG(xauth_path, xauth,,$PATH:/usr/X/bin:/usr/bin/X11:/usr/X11R6/bin:/usr/openwin/bin)
 		if (test ! -z "$xauth_path" && test -x "/usr/openwin/bin/xauth") ; then
 			xauth_path="/usr/openwin/bin/xauth"
 		fi
@@ -1142,7 +1184,7 @@ AC_ARG_WITH(default-path,
 	[  --with-default-path=PATH Specify default \$PATH environment for server],
 	[
 		if test "x$withval" != "xno" ; then	
-			AC_DEFINE_UNQUOTED(USER_PATH, "$withval")
+			user_path="$withval"
 			SERVER_PATH_MSG="$withval" 
 		fi
 	]
@@ -1183,6 +1225,25 @@ AC_ARG_WITH(4in6,
 	]
 )
 
+AC_MSG_CHECKING(whether to install ssh as suid root)
+AC_ARG_ENABLE(suid-ssh,
+[  --enable-suid-ssh       Install ssh as suid root (default)
+  --disable-suid-ssh      Install ssh without suid bit],
+[ case "$enableval" in
+  no)
+       AC_MSG_RESULT(no)
+       SSHMODE=0711
+       ;;
+  *)   AC_MSG_RESULT(yes)
+       SSHMODE=04711
+       ;;
+  esac ],
+  AC_MSG_RESULT(yes)
+  SSHMODE=04711
+)
+AC_SUBST(SSHMODE)
+
+
 # Where to place sshd.pid
 piddir=/var/run
 AC_ARG_WITH(pid-dir,
@@ -1194,6 +1255,14 @@ AC_ARG_WITH(pid-dir,
 	]
 )
 
+# make sure the directory exists
+if test ! -d $piddir ; then	
+	piddir=`eval echo ${sysconfdir}`
+	case $piddir in
+ 		NONE/*) piddir=`echo $piddir | sed "s~NONE~$ac_default_prefix~"` ;;
+	esac
+fi
+
 AC_DEFINE_UNQUOTED(PIDDIR, "$piddir")
 AC_SUBST(piddir)
 

defines.h

@@ -11,10 +11,12 @@
 #include <sys/types.h> /* For [u]intxx_t */
 #include <sys/socket.h> /* For SHUT_XXXX */
 #include <sys/param.h> /* For MAXPATHLEN */
-#include <sys/un.h> /* For SUN_LEN */
 #include <netinet/in_systm.h> /* For typedefs */
 #include <netinet/in.h> /* For IPv6 macros */
 #include <netinet/ip.h> /* For IPTOS macros */
+#ifdef HAVE_SYS_UN_H
+# include <sys/un.h> /* For SUN_LEN */
+#endif
 #ifdef HAVE_SYS_BITYPES_H
 # include <sys/bitypes.h> /* For u_intXX_t */
 #endif 
@@ -44,6 +46,7 @@
 #endif
 
 #include <unistd.h> /* For STDIN_FILENO, etc */
+#include <termios.h> /* Struct winsize */
 
 /* Constants */
 
@@ -219,6 +222,23 @@ typedef int mode_t;
 # define ss_family __ss_family
 #endif /* !defined(HAVE_SS_FAMILY_IN_SS) && defined(HAVE_SA_FAMILY_IN_SS) */
 
+#ifndef HAVE_SYS_UN_H
+struct	sockaddr_un {
+	short	sun_family;		/* AF_UNIX */
+	char	sun_path[108];		/* path name (gag) */
+};
+#endif /* HAVE_SYS_UN_H */
+
+#if defined(BROKEN_SYS_TERMIO_H) && !defined(_STRUCT_WINSIZE)
+#define _STRUCT_WINSIZE
+struct winsize {
+      unsigned short ws_row;          /* rows, in characters */
+      unsigned short ws_col;          /* columns, in character */
+      unsigned short ws_xpixel;       /* horizontal size, pixels */
+      unsigned short ws_ypixel;       /* vertical size, pixels */
+};
+#endif
+
 /* Paths */
 
 #ifndef _PATH_BSHELL

includes.h

@@ -38,7 +38,6 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 #include <errno.h>
 #include <fcntl.h>
 #include <signal.h>
-#include <termios.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stdarg.h>

scp.c

@@ -80,7 +80,9 @@ RCSID("$OpenBSD: scp.c,v 1.40 2000/09/21 11:11:42 markus Exp $");
 #include "ssh.h"
 #include "xmalloc.h"
 
+#ifndef _PATH_CP
 #define _PATH_CP "cp"
+#endif
 
 /* For progressmeter() -- number of seconds before xfer considered "stalled" */
 #define STALLTIME	5
@@ -915,12 +917,20 @@ bad:			run_err("%s: %s", np, strerror(errno));
 #endif
 		if (pflag) {
 			if (exists || omode != mode)
+#ifdef HAVE_FCHMOD
 				if (fchmod(ofd, omode))
+#else /* HAVE_FCHMOD */
+				if (chmod(np, omode))
+#endif /* HAVE_FCHMOD */
 					run_err("%s: set mode: %s",
 						np, strerror(errno));
 		} else {
 			if (!exists && omode != mode)
+#ifdef HAVE_FCHMOD
 				if (fchmod(ofd, omode & ~mask))
+#else /* HAVE_FCHMOD */
+				if (chmod(np, omode & ~mask))
+#endif /* HAVE_FCHMOD */
 					run_err("%s: set mode: %s",
 						np, strerror(errno));
 		}
@@ -1086,6 +1096,7 @@ allocbuf(bp, fd, blksize)
 	int fd, blksize;
 {
 	size_t size;
+#ifdef HAVE_ST_BLKSIZE
 	struct stat stb;
 
 	if (fstat(fd, &stb) < 0) {
@@ -1097,6 +1108,9 @@ allocbuf(bp, fd, blksize)
 	else
 		size = blksize + (stb.st_blksize - blksize % stb.st_blksize) %
 		    stb.st_blksize;
+#else /* HAVE_ST_BLKSIZE */
+        size = blksize;
+#endif /* HAVE_ST_BLKSIZE */
 	if (bp->cnt >= size)
 		return (bp);
 	if (bp->buf == NULL)

ssh-agent.c

@@ -638,7 +638,7 @@ check_parent_exists(int sig)
 void
 cleanup_socket(void)
 {
-	remove(socket_name);
+	unlink(socket_name);
 	rmdir(socket_dir);
 }
 

ssh.c

@@ -244,7 +244,7 @@ main(int ac, char **av)
 	original_real_uid = getuid();
 	original_effective_uid = geteuid();
 
-#ifndef HAVE_CYGWIN
+#if !defined(HAVE_SETRLIMIT) || !defined(HAVE_CYGWIN)
 	/* If we are installed setuid root be careful to not drop core. */
 	if (original_real_uid != original_effective_uid) {
 		struct rlimit rlim;

sshd.c

@@ -667,6 +667,10 @@ main(int ac, char **av)
 		}
 	}
 
+#ifdef HAVE_SCO_PROTECTED_PW
+	(void) set_auth_parameters(ac, av);
+#endif
+
 	/* Initialize the log (it is reinitialized below in case we forked). */
 	if (debug_flag && !inetd_flag)
 		log_stderr = 1;