switching to global vars

--HG--
extra : convert_revision : 800073097767c2ac153ab834cbcf0121cb765118

Makefile.in

@@ -6,7 +6,7 @@ COMMONOBJS=dbutil.o common-session.o common-packet.o common-algo.o buffer.o \
 		signkey.o rsa.o random.o common-channel.o \
 		common-chansession.o queue.o termcodes.o  \
 		loginrec.o atomicio.o svr-x11fwd.o tcpfwd-direct.o compat.o \
-		tcpfwd-remote.o listener.o process-packet.o
+		tcpfwd-remote.o listener.o process-packet.o common-runopts.o
 
 SVROBJS=svr-kex.o svr-algo.o svr-auth.o sshpty.o \
 		svr-authpasswd.o svr-authpubkey.o svr-session.o svr-service.o \

TODO

@@ -24,4 +24,6 @@ Things which need doing:
 - CTR mode, SSH_MSG_IGNORE sending to improve CBC security
 - DH Group Exchange possibly
 
+- Use m_burn for clearing sensitive items in LTM/LTC
+
 - fix scp.c for IRIX

common-session.c

@@ -35,14 +35,14 @@
 #include "channel.h"
 #include "atomicio.h"
 
-struct sshsession ses;
+struct sshsession ses; /* GLOBAL */
 
 /* need to know if the session struct has been initialised, this way isn't the
  * cleanest, but works OK */
-int sessinitdone = 0;
+int sessinitdone = 0; /* GLOBAL */
 
 /* this is set when we get SIGINT or SIGTERM, the handler is in main.c */
-int exitflag = 0;
+int exitflag = 0; /* GLOBAL */
 
 static int ident_readln(int fd, char* buf, int count);
 
@@ -51,7 +51,7 @@ void(*session_remoteclosed)() = NULL;
 
 
 /* called only at the start of a session, set up initial state */
-void common_session_init(int sock, runopts *opts) {
+void common_session_init(int sock) {
 
 	TRACE(("enter session_init"));
 
@@ -61,8 +61,6 @@ void common_session_init(int sock, runopts *opts) {
 	ses.sock = sock;
 	ses.maxfd = sock;
 
-	ses.opts = opts;
-
 	ses.connecttimeout = 0;
 	
 	kexinitialise(); /* initialise the kex state */
@@ -128,7 +126,6 @@ void common_session_cleanup() {
 	}
 	
 	m_free(ses.session_id);
-	freerunopts(ses.opts);
 	m_burn(ses.keys, sizeof(struct key_context));
 	m_free(ses.keys);
 

dbutil.h

@@ -32,7 +32,6 @@
 #ifndef DISABLE_SYSLOG
 void startsyslog();
 #endif
-extern int usingsyslog;
 
 extern void (*_dropbear_exit)(int exitcode, const char* format, va_list param);
 extern void (*_dropbear_log)(int priority, const char* format, va_list param);

main.c

@@ -29,7 +29,7 @@
 #include "signkey.h"
 #include "runopts.h"
 
-static int listensockets(int *sock, runopts * opts, int *maxfd);
+static int listensockets(int *sock, int *maxfd);
 static void sigchld_handler(int dummy);
 static void sigsegv_handler(int);
 static void sigintterm_handler(int fish);
@@ -53,7 +53,6 @@ int main(int argc, char ** argv)
 	int remoteaddrlen;
 	int listensocks[MAX_LISTEN_ADDR];
 	unsigned int listensockcount = 0;
-	runopts * opts;
 	FILE * pidfile;
 
 	int childsock;
@@ -66,13 +65,13 @@ int main(int argc, char ** argv)
 	_dropbear_log = svr_dropbear_log;
 
 	/* get commandline options */
-	opts = svr_getopts(argc, argv);
+	svr_getopts(argc, argv);
 
 	/* fork */
-	if (opts->forkbg) {
+	if (svr_opts.forkbg) {
 		int closefds = 0;
 #ifndef DEBUG_TRACE
-		if (!usingsyslog) {
+		if (!svr_opts.usingsyslog) {
 			closefds = 1;
 		}
 #endif
@@ -83,13 +82,13 @@ int main(int argc, char ** argv)
 	}
 
 #ifndef DISABLE_SYSLOG
-	if (usingsyslog) {
+	if (svr_opts.usingsyslog) {
 		startsyslog();
 	}
 #endif
 
 	/* should be done after syslog is working */
-	if (opts->forkbg) {
+	if (svr_opts.forkbg) {
 		dropbear_log(LOG_INFO, "Running in background");
 	} else {
 		dropbear_log(LOG_INFO, "Not forking");
@@ -128,7 +127,7 @@ int main(int argc, char ** argv)
 	
 	/* Set up the listening sockets */
 	/* XXX XXX ports */
-	listensockcount = listensockets(listensocks, opts, &maxsock);
+	listensockcount = listensockets(listensocks, &maxsock);
 
 	/* incoming connection select loop */
 	for(;;) {
@@ -242,7 +241,7 @@ int main(int argc, char ** argv)
 					dropbear_exit("Couldn't close socket");
 				}
 				/* start the session */
-				svr_session(childsock, opts, childpipe[1], &remoteaddr);
+				svr_session(childsock, childpipe[1], &remoteaddr);
 				/* don't return */
 				assert(0);
 			}
@@ -288,7 +287,7 @@ static void sigintterm_handler(int fish) {
 }
 
 /* Set up listening sockets for all the requested ports */
-static int listensockets(int *sock, runopts * opts, int *maxfd) {
+static int listensockets(int *sock, int *maxfd) {
 	
 	int listensock; /* listening fd */
 	struct sockaddr_in listen_addr;
@@ -296,7 +295,7 @@ static int listensockets(int *sock, runopts * opts, int *maxfd) {
 	unsigned int i;
 	int val;
 
-	for (i = 0; i < opts->portcount; i++) {
+	for (i = 0; i < svr_opts.portcount; i++) {
 
 		/* iterate through all the sockets to listen on */
 		listensock = socket(PF_INET, SOCK_STREAM, 0);
@@ -319,13 +318,13 @@ static int listensockets(int *sock, runopts * opts, int *maxfd) {
 
 		memset((void*)&listen_addr, 0x0, sizeof(listen_addr));
 		listen_addr.sin_family = AF_INET;
-		listen_addr.sin_port = htons(opts->ports[i]);
+		listen_addr.sin_port = htons(svr_opts.ports[i]);
 		listen_addr.sin_addr.s_addr = htonl(INADDR_ANY);
 		memset(&(listen_addr.sin_zero), '\0', 8);
 
 		if (bind(listensock, (struct sockaddr *)&listen_addr,
 					sizeof(listen_addr)) < 0) {
-			dropbear_exit("Bind failed port %d", opts->ports[i]);
+			dropbear_exit("Bind failed port %d", svr_opts.ports[i]);
 		}
 
 		/* listen */
@@ -342,5 +341,5 @@ static int listensockets(int *sock, runopts * opts, int *maxfd) {
 		*maxfd = MAX(listensock, *maxfd);
 	}
 
-	return opts->portcount;
+	return svr_opts.portcount;
 }

runopts.h

@@ -29,12 +29,23 @@
 #include "signkey.h"
 #include "buffer.h"
 
-struct SvrRunOpts {
+typedef struct runopts {
+
+	int nolocaltcp;
+	int noremotetcp;
+
+} runopts;
+
+extern runopts opts;
+
+typedef struct svr_runopts {
 
 	char * rsakeyfile;
 	char * dsskeyfile;
 	char * bannerfile;
+
 	int forkbg;
+	int usingsyslog;
 
 	/* ports is an array of the portcount listening ports */
 	uint16_t *ports;
@@ -56,17 +67,23 @@ struct SvrRunOpts {
 	int noauthpass;
 	int norootpass;
 
-	int nolocaltcp;
-	int noremotetcp;
-	
 	sign_key *hostkey;
 	buffer * banner;
 
-};
+} svr_runopts;
 
-typedef struct SvrRunOpts runopts;
+extern svr_runopts svr_opts;
 
-runopts * getrunopts(int argc, char ** argv);
+void svr_getopts(int argc, char ** argv);
-void freerunopts(runopts* opts);
+
+/* Uncompleted XXX matt */
+typedef struct cli_runopts {
+
+	int todo;
+
+} cli_runopts;
+
+extern cli_runopts cli_opts;
+void cli_getopts(int argc, char ** argv);
 
 #endif /* _RUNOPTS_H_ */

session.h

@@ -32,14 +32,13 @@
 #include "auth.h"
 #include "channel.h"
 #include "queue.h"
-#include "runopts.h"
 #include "listener.h"
 #include "packet.h"
 
 extern int sessinitdone; /* Is set to 0 somewhere */
 extern int exitflag;
 
-void common_session_init(int sock, runopts *opts);
+void common_session_init(int sock);
 void common_session_cleanup();
 void checktimeouts();
 void session_identification();
@@ -47,8 +46,7 @@ void session_identification();
 extern void(*session_remoteclosed)();
 
 /* Server */
-void svr_session(int sock, runopts *opts, int childpipe,
+void svr_session(int sock, int childpipe, struct sockaddr *remoteaddr);
-		struct sockaddr *remoteaddr);
 void svr_dropbear_exit(int exitcode, const char* format, va_list param);
 void svr_dropbear_log(int priority, const char* format, va_list param);
 
@@ -82,8 +80,6 @@ struct sshsession {
 	/* Is it a client or server? */
 	unsigned char isserver;
 
-	runopts * opts; /* runtime options, incl hostkey, banner etc */
-
 	long connecttimeout; /* time to disconnect if we have a timeout (for
 							userauth etc), or 0 for no timeout */
 

svr-auth.c

@@ -34,6 +34,7 @@
 #include "auth.h"
 #include "authpasswd.h"
 #include "authpubkey.h"
+#include "runopts.h"
 
 static void authclear();
 static int checkusername(unsigned char *username, unsigned int userlen);
@@ -61,7 +62,7 @@ static void authclear() {
 	svr_ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
 #endif
 #ifdef DROPBEAR_PASSWORD_AUTH
-	if (!ses.opts->noauthpass) {
+	if (svr_opts.noauthpass) {
 		svr_ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
 	}
 #endif
@@ -73,7 +74,7 @@ static void authclear() {
 static void send_msg_userauth_banner() {
 
 	TRACE(("enter send_msg_userauth_banner"));
-	if (ses.opts->banner == NULL) {
+	if (svr_opts.banner == NULL) {
 		TRACE(("leave send_msg_userauth_banner: banner is NULL"));
 		return;
 	}
@@ -81,13 +82,13 @@ static void send_msg_userauth_banner() {
 	CHECKCLEARTOWRITE();
 
 	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_BANNER);
-	buf_putstring(ses.writepayload, buf_getptr(ses.opts->banner,
+	buf_putstring(ses.writepayload, buf_getptr(svr_opts.banner,
-				ses.opts->banner->len), ses.opts->banner->len);
+				svr_opts.banner->len), svr_opts.banner->len);
 	buf_putstring(ses.writepayload, "en", 2);
 
 	encrypt_packet();
-	buf_free(ses.opts->banner);
+	buf_free(svr_opts.banner);
-	ses.opts->banner = NULL;
+	svr_opts.banner = NULL;
 
 	TRACE(("leave send_msg_userauth_banner"));
 }
@@ -107,7 +108,7 @@ void recv_msg_userauth_request() {
 	}
 
 	/* send the banner if it exists, it will only exist once */
-	if (ses.opts->banner) {
+	if (svr_opts.banner) {
 		send_msg_userauth_banner();
 	}
 
@@ -145,8 +146,8 @@ void recv_msg_userauth_request() {
 	}
 
 #ifdef DROPBEAR_PASSWORD_AUTH
-	if (!ses.opts->noauthpass &&
+	if (!svr_opts.noauthpass &&
-			!(ses.opts->norootpass && svr_ses.authstate.pw->pw_uid == 0) ) {
+			!(svr_opts.norootpass && svr_ses.authstate.pw->pw_uid == 0) ) {
 		/* user wants to try password auth */
 		if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
 				strncmp(methodname, AUTH_METHOD_PASSWORD,
@@ -217,7 +218,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
 	svr_ses.authstate.printableuser = m_strdup(svr_ses.authstate.pw->pw_name);
 
 	/* check for non-root if desired */
-	if (ses.opts->norootlogin && svr_ses.authstate.pw->pw_uid == 0) {
+	if (svr_opts.norootlogin && svr_ses.authstate.pw->pw_uid == 0) {
 		TRACE(("leave checkusername: root login disabled"));
 		dropbear_log(LOG_WARNING, "root login rejected");
 		send_msg_userauth_failure(0, 1);

svr-chansession.c

@@ -36,6 +36,7 @@
 #include "utmp.h"
 #include "x11fwd.h"
 #include "agentfwd.h"
+#include "runopts.h"
 
 /* Handles sessions (either shells or programs) requested by the client */
 
@@ -690,7 +691,7 @@ static int ptycommand(struct Channel *channel, struct ChanSess *chansess) {
 		m_free(chansess->tty);
 
 #ifdef DO_MOTD
-		if (ses.opts->domotd) {
+		if (svr_opts.domotd) {
 			/* don't show the motd if ~/.hushlogin exists */
 
 			/* 11 == strlen("/hushlogin\0") */
@@ -776,8 +777,8 @@ static void execchild(struct ChanSess *chansess) {
 	unsigned int i;
 
 	/* wipe the hostkey */
-	sign_key_free(ses.opts->hostkey);
+	sign_key_free(svr_opts.hostkey);
-	ses.opts->hostkey = NULL;
+	svr_opts.hostkey = NULL;
 
 	/* overwrite the prng state */
 	seedrandom();

svr-kex.c

@@ -32,6 +32,7 @@
 #include "packet.h"
 #include "bignum.h"
 #include "random.h"
+#include "runopts.h"
 
 
 static void send_msg_kexdh_reply(mp_int *dh_e);
@@ -125,7 +126,7 @@ static void send_msg_kexdh_reply(mp_int *dh_e) {
 
 	/* Create the remainder of the hash buffer, to generate the exchange hash */
 	/* K_S, the host key */
-	buf_put_pub_key(ses.kexhashbuf, ses.opts->hostkey, 
+	buf_put_pub_key(ses.kexhashbuf, svr_opts.hostkey, 
 			ses.newkeys->algo_hostkey);
 	/* e, exchange value sent by the client */
 	buf_putmpint(ses.kexhashbuf, dh_e);
@@ -153,7 +154,7 @@ static void send_msg_kexdh_reply(mp_int *dh_e) {
 	/* we can start creating the kexdh_reply packet */
 	CHECKCLEARTOWRITE();
 	buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_REPLY);
-	buf_put_pub_key(ses.writepayload, ses.opts->hostkey,
+	buf_put_pub_key(ses.writepayload, svr_opts.hostkey,
 			ses.newkeys->algo_hostkey);
 
 	/* put f */
@@ -161,7 +162,7 @@ static void send_msg_kexdh_reply(mp_int *dh_e) {
 	mp_clear(&dh_f);
 
 	/* calc the signature */
-	buf_put_sign(ses.writepayload, ses.opts->hostkey, 
+	buf_put_sign(ses.writepayload, svr_opts.hostkey, 
 			ses.newkeys->algo_hostkey, ses.hash, SHA1_HASH_SIZE);
 
 	/* the SSH_MSG_KEXDH_REPLY is done */

svr-runopts.c

@@ -29,6 +29,8 @@
 #include "dbutil.h"
 #include "algo.h"
 
+svr_runopts svr_opts; /* GLOBAL */
+
 static sign_key * loadhostkeys(const char * dsskeyfile,
 		const char * rsakeyfile);
 static int readhostkey(const char * filename, sign_key * hostkey, int type);
@@ -84,38 +86,34 @@ static void printhelp(const char * progname) {
 					DROPBEAR_MAX_PORTS, DROPBEAR_PORT);
 }
 
-/* returns NULL on failure, or a pointer to a freshly allocated
+void svr_getopts(int argc, char ** argv) {
- * runopts structure */
-runopts * svr_getopts(int argc, char ** argv) {
 
 	unsigned int i;
 	char ** next = 0;
-	runopts * opts;
 	unsigned int portnum = 0;
 	char *portstring[DROPBEAR_MAX_PORTS];
 	unsigned int longport;
 
 	/* see printhelp() for options */
-	opts = (runopts*)m_malloc(sizeof(runopts));
+	svr_opts.rsakeyfile = NULL;
-	opts->rsakeyfile = NULL;
+	svr_opts.dsskeyfile = NULL;
-	opts->dsskeyfile = NULL;
+	svr_opts.bannerfile = NULL;
-	opts->bannerfile = NULL;
+	svr_opts.banner = NULL;
-	opts->banner = NULL;
+	svr_opts.forkbg = 1;
-	opts->forkbg = 1;
+	svr_opts.norootlogin = 0;
-	opts->norootlogin = 0;
+	svr_opts.noauthpass = 0;
-	opts->noauthpass = 0;
+	svr_opts.norootpass = 0;
-	opts->norootpass = 0;
+	opts.nolocaltcp = 0;
-	opts->nolocaltcp = 0;
+	opts.noremotetcp = 0;
-	opts->noremotetcp = 0;
 	/* not yet
-	opts->ipv4 = 1;
+	svr_opts.ipv4 = 1;
-	opts->ipv6 = 1;
+	svr_opts.ipv6 = 1;
 	*/
 #ifdef DO_MOTD
-	opts->domotd = 1;
+	svr_opts.domotd = 1;
 #endif
 #ifndef DISABLE_SYSLOG
-	usingsyslog = 1;
+	svr_opts.usingsyslog = 1;
 #endif
 
 	for (i = 1; i < (unsigned int)argc; i++) {
@@ -131,34 +129,34 @@ runopts * svr_getopts(int argc, char ** argv) {
 		if (argv[i][0] == '-') {
 			switch (argv[i][1]) {
 				case 'b':
-					next = &opts->bannerfile;
+					next = &svr_opts.bannerfile;
 					break;
 #ifdef DROPBEAR_DSS
 				case 'd':
-					next = &opts->dsskeyfile;
+					next = &svr_opts.dsskeyfile;
 					break;
 #endif
 #ifdef DROPBEAR_RSA
 				case 'r':
-					next = &opts->rsakeyfile;
+					next = &svr_opts.rsakeyfile;
 					break;
 #endif
 				case 'F':
-					opts->forkbg = 0;
+					svr_opts.forkbg = 0;
 					break;
 #ifndef DISABLE_SYSLOG
 				case 'E':
-					usingsyslog = 0;
+					svr_opts.usingsyslog = 0;
 					break;
 #endif
 #ifndef DISABLE_LOCALTCPFWD
 				case 'j':
-					opts->nolocaltcp = 1;
+					opts.nolocaltcp = 1;
 					break;
 #endif
 #ifndef DISABLE_REMOTETCPFWD
 				case 'k':
-					opts->noremotetcp = 1;
+					opts.noremotetcp = 1;
 					break;
 #endif
 				case 'p':
@@ -171,18 +169,18 @@ runopts * svr_getopts(int argc, char ** argv) {
 #ifdef DO_MOTD
 				/* motd is displayed by default, -m turns it off */
 				case 'm':
-					opts->domotd = 0;
+					svr_opts.domotd = 0;
 					break;
 #endif
 				case 'w':
-					opts->norootlogin = 1;
+					svr_opts.norootlogin = 1;
 					break;
 #ifdef DROPBEAR_PASSWORD_AUTH
 				case 's':
-					opts->noauthpass = 1;
+					svr_opts.noauthpass = 1;
 					break;
 				case 'g':
-					opts->norootpass = 1;
+					svr_opts.norootpass = 1;
 					break;
 #endif
 				case 'h':
@@ -191,10 +189,10 @@ runopts * svr_getopts(int argc, char ** argv) {
 					break;
 					/*
 				case '4':
-					opts->ipv4 = 0;
+					svr_opts.ipv4 = 0;
 					break;
 				case '6':
-					opts->ipv6 = 0;
+					svr_opts.ipv6 = 0;
 					break;
 					*/
 				default:
@@ -206,19 +204,19 @@ runopts * svr_getopts(int argc, char ** argv) {
 		}
 	}
 
-	if (opts->dsskeyfile == NULL) {
+	if (svr_opts.dsskeyfile == NULL) {
-		opts->dsskeyfile = DSS_PRIV_FILENAME;
+		svr_opts.dsskeyfile = DSS_PRIV_FILENAME;
 	}
-	if (opts->rsakeyfile == NULL) {
+	if (svr_opts.rsakeyfile == NULL) {
-		opts->rsakeyfile = RSA_PRIV_FILENAME;
+		svr_opts.rsakeyfile = RSA_PRIV_FILENAME;
 	}
-	opts->hostkey = loadhostkeys(opts->dsskeyfile, opts->rsakeyfile);
+	svr_opts.hostkey = loadhostkeys(svr_opts.dsskeyfile, svr_opts.rsakeyfile);
 
-	if (opts->bannerfile) {
+	if (svr_opts.bannerfile) {
 		struct stat buf;
-		if (stat(opts->bannerfile, &buf) != 0) {
+		if (stat(svr_opts.bannerfile, &buf) != 0) {
 			dropbear_exit("Error opening banner file '%s'",
-					opts->bannerfile);
+					svr_opts.bannerfile);
 		}
 		
 		if (buf.st_size > MAX_BANNER_SIZE) {
@@ -226,16 +224,16 @@ runopts * svr_getopts(int argc, char ** argv) {
 					MAX_BANNER_SIZE);
 		}
 
-		opts->banner = buf_new(buf.st_size);
+		svr_opts.banner = buf_new(buf.st_size);
-		if (buf_readfile(opts->banner, opts->bannerfile)!=DROPBEAR_SUCCESS) {
+		if (buf_readfile(svr_opts.banner, svr_opts.bannerfile)!=DROPBEAR_SUCCESS) {
 			dropbear_exit("Error reading banner file '%s'",
-					opts->bannerfile);
+					svr_opts.bannerfile);
 		}
-		buf_setpos(opts->banner, 0);
+		buf_setpos(svr_opts.banner, 0);
 	}
 
 	/* not yet
-	if (!(opts->ipv4 || opts->ipv6)) {
+	if (!(svr_opts.ipv4 || svr_opts.ipv6)) {
 		fprintf(stderr, "You can't disable ipv4 and ipv6.\n");
 		exit(1);
 	}
@@ -244,17 +242,17 @@ runopts * svr_getopts(int argc, char ** argv) {
 	/* create the array of listening ports */
 	if (portnum == 0) {
 		/* non specified */
-		opts->portcount = 1;
+		svr_opts.portcount = 1;
-		opts->ports = m_malloc(sizeof(uint16_t));
+		svr_opts.ports = m_malloc(sizeof(uint16_t));
-		opts->ports[0] = DROPBEAR_PORT;
+		svr_opts.ports[0] = DROPBEAR_PORT;
 	} else {
-		opts->portcount = portnum;
+		svr_opts.portcount = portnum;
-		opts->ports = (uint16_t*)m_malloc(sizeof(uint16_t)*portnum);
+		svr_opts.ports = (uint16_t*)m_malloc(sizeof(uint16_t)*portnum);
 		for (i = 0; i < portnum; i++) {
 			if (portstring[i]) {
 				longport = atoi(portstring[i]);
 					if (longport <= 65535 && longport > 0) {
-						opts->ports[i] = (uint16_t)longport;
+						svr_opts.ports[i] = (uint16_t)longport;
 						continue;
 					}
 			}
@@ -263,23 +261,8 @@ runopts * svr_getopts(int argc, char ** argv) {
 		}
 	}
 
-	return opts;
 }
 
-void freerunopts(runopts* opts) {
-
-	if (!opts) {
-		return;
-	}
-
-	if (opts->hostkey) {
-		sign_key_free(opts->hostkey);
-		opts->hostkey = NULL;
-	}
-
-	m_free(opts->ports);
-	m_free(opts);
-}
 
 /* returns success or failure */
 static int readhostkey(const char * filename, sign_key * hostkey, int type) {

svr-session.c

@@ -39,10 +39,11 @@
 #include "service.h"
 #include "auth.h"
 #include "tcpfwd-remote.h"
+#include "runopts.h"
 
 static void svr_remoteclosed();
 
-struct serversession svr_ses;
+struct serversession svr_ses; /* GLOBAL */
 
 static const packettype svr_packettypes[] = {
 	/* TYPE, AUTHREQUIRED, FUNCTION */
@@ -69,15 +70,14 @@ static const struct ChanType *svr_chantypes[] = {
 	NULL /* Null termination is mandatory. */
 };
 
-void svr_session(int sock, runopts *opts, int childpipe, 
+void svr_session(int sock, int childpipe, struct sockaddr* remoteaddr) {
-		struct sockaddr* remoteaddr) {
 
 	fd_set readfd, writefd;
 	struct timeval timeout;
 	int val;
 	
 	crypto_init();
-	common_session_init(sock, opts);
+	common_session_init(sock);
 
 	ses.remoteaddr = remoteaddr;
 	ses.remotehost = getaddrhostname(remoteaddr);
@@ -227,7 +227,7 @@ void svr_dropbear_log(int priority, const char* format, va_list param) {
 	vsnprintf(printbuf, sizeof(printbuf), format, param);
 
 #ifndef DISABLE_SYSLOG
-	if (usingsyslog) {
+	if (svr_opts.usingsyslog) {
 		syslog(priority, "%s", printbuf);
 	}
 #endif
@@ -238,7 +238,7 @@ void svr_dropbear_log(int priority, const char* format, va_list param) {
 	havetrace = 1;
 #endif
 
-	if (!usingsyslog || havetrace)
+	if (!svr_opts.usingsyslog || havetrace)
 	{
 		timesec = time(NULL);
 		if (strftime(datestr, sizeof(datestr), "%b %d %H:%M:%S", 

tcpfwd-direct.c

@@ -3,6 +3,7 @@
 #include "dbutil.h"
 #include "channel.h"
 #include "tcpfwd-direct.h"
+#include "runopts.h"
 
 #ifndef DISABLE_TCPFWD_DIRECT
 static int newtcpdirect(struct Channel * channel);
@@ -30,7 +31,7 @@ static int newtcpdirect(struct Channel * channel) {
 	int len;
 	int ret = DROPBEAR_FAILURE;
 
-	if (ses.opts->nolocaltcp) {
+	if (opts.nolocaltcp) {
 		TRACE(("leave newtcpdirect: local tcp forwarding disabled"));
 		goto out;
 	}

tcpfwd-remote.c

@@ -6,6 +6,7 @@
 #include "buffer.h"
 #include "packet.h"
 #include "listener.h"
+#include "runopts.h"
 
 #ifndef DISABLE_REMOTETCPFWD
 
@@ -35,7 +36,7 @@ void recv_msg_global_request_remotetcp() {
 
 	TRACE(("enter recv_msg_global_request_remotetcp"));
 
-	if (ses.opts->noremotetcp) {
+	if (opts.noremotetcp) {
 		TRACE(("leave recv_msg_global_request_remotetcp: remote tcp forwarding disabled"));
 		goto out;
 	}