From d26dcf3371657e64dddc7c86c61a89666d4e7053 Mon Sep 17 00:00:00 2001
From: Ben Lindstrom <mouring@eviladmin.org>
Date: Sat, 6 Jan 2001 15:18:16 +0000
Subject: [PATCH] 20010107  - (bal) OpenBSD Sync    - markus@cvs.openbsd.org
 2001/01/06 11:23:27      [ssh-rsa.c]      remove unused    -
 itojun@cvs.openbsd.org 2001/01/05 08:23:29      [ssh-keyscan.1]      missing
 .El    - markus@cvs.openbsd.org 2001/01/04 22:41:03      [session.c
 sshconnect.c]      consistent use of _PATH_BSHELL; from stevesk@pobox.com   
 - djm@cvs.openbsd.org 2001/01/04 22:35:32      [ssh.1 sshd.8]      Mention
 AES as available SSH2 Cipher; ok markus    - markus@cvs.openbsd.org
 2001/01/04 22:25:58      [sshd.c]      sync usage()/man with defaults; from
 stevesk@pobox.com    - markus@cvs.openbsd.org 2001/01/04 22:21:26     
 [sshconnect2.c]      handle SSH2_MSG_USERAUTH_BANNER; fixes bug when
 connecting to a server      that prints a banner (e.g. /etc/issue.net)

---
 ChangeLog     | 22 ++++++++++++++++++++++
 session.c     |  6 +++---
 ssh-keyscan.1 |  1 +
 ssh-rsa.c     |  5 +----
 ssh.1         |  4 ++--
 sshconnect.c  |  2 +-
 sshconnect2.c | 18 ++++++++++++++++--
 sshd.8        |  4 ++--
 sshd.c        |  4 ++--
 9 files changed, 50 insertions(+), 16 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8d6bea18e..e754c9002 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,25 @@
+20010107
+ - (bal) OpenBSD Sync
+   - markus@cvs.openbsd.org 2001/01/06 11:23:27
+     [ssh-rsa.c]
+     remove unused
+   - itojun@cvs.openbsd.org 2001/01/05 08:23:29
+     [ssh-keyscan.1]
+     missing .El
+   - markus@cvs.openbsd.org 2001/01/04 22:41:03
+     [session.c sshconnect.c]
+     consistent use of _PATH_BSHELL; from stevesk@pobox.com
+   - djm@cvs.openbsd.org 2001/01/04 22:35:32
+     [ssh.1 sshd.8]
+     Mention AES as available SSH2 Cipher; ok markus
+   - markus@cvs.openbsd.org 2001/01/04 22:25:58
+     [sshd.c]
+     sync usage()/man with defaults; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/04 22:21:26
+     [sshconnect2.c]
+     handle SSH2_MSG_USERAUTH_BANNER; fixes bug when connecting to a server
+     that prints a banner (e.g. /etc/issue.net)
+ 
 20010105
  - (bal) contrib/caldera/ provided by Tim Rice <tim@multitalents.net>
  - (bal) bsd-getcwd.c and bsd-setenv.c changed from bcopy() to memmove()
diff --git a/session.c b/session.c
index a376aa963..74f5fe255 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.45 2000/12/19 23:17:58 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.46 2001/01/04 22:41:03 markus Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -1336,7 +1336,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
 	if (!options.use_login) {
 		if (stat(SSH_USER_RC, &st) >= 0) {
 			if (debug_flag)
-				fprintf(stderr, "Running "_PATH_BSHELL" %s\n", SSH_USER_RC);
+				fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_USER_RC);
 
 			f = popen(_PATH_BSHELL " " SSH_USER_RC, "w");
 			if (f) {
@@ -1347,7 +1347,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
 				fprintf(stderr, "Could not run %s\n", SSH_USER_RC);
 		} else if (stat(SSH_SYSTEM_RC, &st) >= 0) {
 			if (debug_flag)
-				fprintf(stderr, "Running "_PATH_BSHELL" %s\n", SSH_SYSTEM_RC);
+				fprintf(stderr, "Running %s %s\n", _PATH_BSHELL, SSH_SYSTEM_RC);
 
 			f = popen(_PATH_BSHELL " " SSH_SYSTEM_RC, "w");
 			if (f) {
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index efd6e744a..31bae33c3 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -56,6 +56,7 @@ is supplied instead of a filename,
 will read hosts or 
 .Pa addrlist namelist
 pairs from the standard input.
+.El
 .Sh EXAMPLES
 .Pp
 Print the host key for machine
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 0f44051bc..aab9168eb 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.2 2000/12/19 23:17:58 markus Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.3 2001/01/06 11:23:27 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -37,9 +37,6 @@ RCSID("$OpenBSD: ssh-rsa.c,v 1.2 2000/12/19 23:17:58 markus Exp $");
 
 #include "key.h"
 
-#define INTBLOB_LEN	20
-#define SIGBLOB_LEN	(2*INTBLOB_LEN)
-
 /* RSASSA-PKCS1-v1_5 (PKCS #1 v2.0 signature) with SHA1 */
 int
 ssh_rsa_sign(
diff --git a/ssh.1 b/ssh.1
index 40cb6dfa8..f25c29987 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.74 2000/12/27 12:30:20 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.75 2001/01/04 22:35:32 djm Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -664,7 +664,7 @@ Specifies the ciphers allowed for protocol version 2
 in order of preference.
 Multiple ciphers must be comma-separated.
 The default is
-.Dq 3des-cbc,blowfish-cbc,cast128-cbc,arcfour .
+.Dq 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc .
 .It Cm Compression
 Specifies whether to use compression.
 The argument must be
diff --git a/sshconnect.c b/sshconnect.c
index 2102bef6f..f3244d35b 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.88 2001/01/02 20:50:56 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.89 2001/01/04 22:41:03 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
diff --git a/sshconnect2.c b/sshconnect2.c
index 34d72818f..8321c9eb7 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.34 2000/12/27 12:34:50 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.35 2001/01/04 22:21:26 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
@@ -467,6 +467,7 @@ struct Authmethod {
 
 void	input_userauth_success(int type, int plen, void *ctxt);
 void	input_userauth_failure(int type, int plen, void *ctxt);
+void	input_userauth_banner(int type, int plen, void *ctxt);
 void	input_userauth_error(int type, int plen, void *ctxt);
 void	input_userauth_info_req(int type, int plen, void *ctxt);
 
@@ -543,6 +544,7 @@ ssh_userauth2(const char *server_user, char *host)
 	dispatch_init(&input_userauth_error);
 	dispatch_set(SSH2_MSG_USERAUTH_SUCCESS, &input_userauth_success);
 	dispatch_set(SSH2_MSG_USERAUTH_FAILURE, &input_userauth_failure);
+	dispatch_set(SSH2_MSG_USERAUTH_BANNER, &input_userauth_banner);
 	dispatch_run(DISPATCH_BLOCK, &authctxt.success, &authctxt);	/* loop until success */
 
 	if (authctxt.agent != NULL)
@@ -553,7 +555,19 @@ ssh_userauth2(const char *server_user, char *host)
 void
 input_userauth_error(int type, int plen, void *ctxt)
 {
-	fatal("input_userauth_error: bad message during authentication");
+	fatal("input_userauth_error: bad message during authentication: "
+	   "type %d", type);
+}
+void
+input_userauth_banner(int type, int plen, void *ctxt)
+{
+	char *msg, *lang;
+	debug3("input_userauth_banner");
+	msg = packet_get_string(NULL);
+	lang = packet_get_string(NULL);
+	fprintf(stderr, "%s", msg);
+	xfree(msg);
+	xfree(lang);
 }
 void
 input_userauth_success(int type, int plen, void *ctxt)
diff --git a/sshd.8 b/sshd.8
index b2ff9a3e0..75406781c 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.76 2000/12/28 12:03:57 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.78 2001/01/04 22:35:32 djm Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -337,7 +337,7 @@ By default login is allowed regardless of the user name.
 Specifies the ciphers allowed for protocol version 2.
 Multiple ciphers must be comma-separated.
 The default is
-.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc .
+.Dq 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc .
 .It Cm CheckMail
 Specifies whether
 .Nm
diff --git a/sshd.c b/sshd.c
index dade6564e..9b309b891 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.144 2000/12/28 12:03:58 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.145 2001/01/04 22:25:58 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -657,7 +657,7 @@ main(int ac, char **av)
 			fprintf(stderr, "  -q         Quiet (no logging)\n");
 			fprintf(stderr, "  -p port    Listen on the specified port (default: 22)\n");
 			fprintf(stderr, "  -k seconds Regenerate server key every this many seconds (default: 3600)\n");
-			fprintf(stderr, "  -g seconds Grace period for authentication (default: 300)\n");
+			fprintf(stderr, "  -g seconds Grace period for authentication (default: 600)\n");
 			fprintf(stderr, "  -b bits    Size of server RSA key (default: 768 bits)\n");
 			fprintf(stderr, "  -h file    File from which to read host key (default: %s)\n",
 			    HOST_KEY_FILE);