merge of cc7d47b52fc39dc6940ea8fff5b782fbd44a2f6c

and f697d6be3bdf1a59bfd78dc1239ea417d52904a7

--HG--
extra : convert_revision : b1cb6d6bba496c942d1850d0f6ca5d71c0deaf1f

CHANGES

@@ -1,4 +1,79 @@
-0.44test1 - Sun Aug 16 2004 17:43:54 +0800
+0.44test4 - Tue Sept 14 21:15:54 +0800
+
+- Fix inetd mode so it actually loads the hostkeys (oops)
+
+- Changed DROPBEAR_DEFPORT properly everywhere
+
+- Fix a small memory leak in the auth code
+
+- WCOREDUMP is only used on systems which support it (ie not cygwin or AIX)
+
+- Check (and fail for) cases when we can't negotiate algorithms with the
+  remote side successfully (rather than bombing out ungracefully)
+
+- Handle authorized_keys files without a terminating newline
+
+- Fiddle the channel receive window size for possibly better performance
+
+- Added in the PAM authentication code (finally! thanks to Martin Carlsson)
+
+0.44test3 - Fri Aug 27 22:20:54 +0800
+
+- Fixed a bunch of warnings.
+
+- scp works correctly when passed a username (fix for the dbclient program
+  itself as well, "-lmatt" works as well as "-l matt").
+
+- Remove unrequired debian files
+
+- Exit with the remote process's return code for dbclient
+
+- Display stderr messages from the server in the client
+
+- Add circular buffering to the channel code. This should dramatically reduce
+  the amount of backtraffic sent in response to traffic incoming to the
+  Dropbear end - improves high-latency performance (ie dialup).
+
+- Various other related channel-handling fixups.
+
+- Allow leading lines in the banner when connecting to servers
+
+- Fixed printing out errors onto the network socket with stderr (for inetd
+  mode when using xinetd)
+
+- Remove obselete documentation
+
+- Fix a null-pointer exception when trying to free non-existant listeners
+  at cleanup.
+
+- DEBUG_TRACE now only works if you add "-v" to the program commandline
+
+- Don't leave stdin non-blocking on exit - this caused the parent shell
+  of dbclient to close when dbclient exited, for some shells in BusyBox
+
+- Server connections no longer timeout after 5 minutes
+
+- Fixed stupid DSS hostkey typo (server couldn't load host keys)
+
+0.44test2 - Tues Aug 17 2004 17:43:54 +0800
+
+- Fix up dropbearmulti targets in the Makefile - symlinks are now created
+
+- Compile fake-rfc2553 even with dropbearconvert/dropbearkey - this 
+  allows them to work on platforms without a native getaddrinfo()
+
+- Create ~/.ssh/known_hosts properly if it doesn't exist
+
+- Fix basename() function prototype
+
+- Backport some local changes (more #ifdefs for termcodes.c, a fix for missing
+  defines on AIX).
+
+- Let dbclient be run as "ssh"
+
+- Initialise mp_ints by default
+
+0.44test1 - Sun Aug 16 2005 17:43:54 +0800
 
 - TESTING RELEASE - this is the first public release of the client codebase,
   so there are sure to be bugs to be found. In addition, if you're just using

Makefile.in

@@ -3,11 +3,10 @@
 # invocation:
 # make PROGRAMS="dropbear dbclient scp" MULTI=1 STATIC=1 SCPPROGRESS=1
 #
-# to make a single multiple statically linked binary "staticdropbearmulti",
-# which includes dropbear, scp and dbclient functionality, and includes the
-# progress-bar functionality in scp. Hopefully that seems intuitive.
-
-# This makefile is quite evil.
+# to make a multiple-program statically linked binary "staticdropbearmulti".
+# This example will include dropbear, scp, dropbearkey, dropbearconvert, and
+# dbclient functionality, and includes the progress-bar functionality in scp.
+# Hopefully that seems intuitive.
 
 ifndef PROGRAMS
 	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert
@@ -20,21 +19,21 @@ COMMONOBJS=dbutil.o buffer.o \
 		dss.o bignum.o \
 		signkey.o rsa.o random.o \
 		queue.o \
-		atomicio.o compat.o 
+		atomicio.o compat.o  fake-rfc2553.o
 
 SVROBJS=svr-kex.o svr-algo.o svr-auth.o sshpty.o \
 		svr-authpasswd.o svr-authpubkey.o svr-session.o svr-service.o \
 		svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o\
-		svr-tcpfwd.o
+		svr-tcpfwd.o svr-authpam.o
 
 CLIOBJS=cli-algo.o cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \
 		cli-session.o cli-service.o cli-runopts.o cli-chansession.o \
-		cli-authpubkey.o cli-tcpfwd.o
+		cli-authpubkey.o cli-tcpfwd.o cli-channel.o
 
 CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \
 			common-channel.o common-chansession.o termcodes.o loginrec.o \
 			tcp-accept.o listener.o process-packet.o \
-			common-runopts.o fake-rfc2553.o
+			common-runopts.o circbuffer.o
 
 KEYOBJS=dropbearkey.o gendss.o genrsa.o
 
@@ -115,25 +114,36 @@ all: $(TARGETS)
 strip: $(TARGETS)
 	$(STRIP) $(addsuffix $(EXEEXT), $(addprefix $(SPREFIX), $(TARGETS)))
 
-install: $(addprefix install, $(TARGETS))
+install: $(addprefix inst, $(TARGETS))
+
+installdropbearmulti: insdbmulti $(addprefix insmulti, $(PROGRAMS)) 
+
+insdbmulti: dropbearmulti
+	$(INSTALL) -d -m 755 $(DESTDIR)$(bindir)
+	$(INSTALL) -m 755 $(SPREFIX)dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)
+	-chown root $(DESTDIR)$(bindir)/$(SPREFIX)dropbearmulti$(EXEEXT)
+	-chgrp 0 $(DESTDIR)$(bindir)/$(SPREFIX)dropbearmulti$(EXEEXT)
+
+insmultidropbear: dropbearmulti
+	-rm -f $(DESTDIR)$(sbindir)/$(SPREFIX)dropbear$(EXEEXT)
+	-ln -s $(DESTDIR)$(bindir)/$(SPREFIX)dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/$(SPREFIX)dropbear$(EXEEXT) 
+
+insmulti%: dropbearmulti
+	-rm -f $(DESTDIR)$(bindir)/$(SPREFIX)$*$(EXEEXT) 
+	-ln -s $(DESTDIR)$(bindir)/$(SPREFIX)dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$(SPREFIX)$*$(EXEEXT) 
 
 # dropbear should go in sbin, so it needs a seperate rule
-installdropbear: dropbear
+instdropbear: dropbear
 	$(INSTALL) -d -m 755 $(DESTDIR)$(sbindir)
 	$(INSTALL) -m 755 $(SPREFIX)dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
 	-chown root $(DESTDIR)$(sbindir)/$(SPREFIX)dropbear$(EXEEXT)
 	-chgrp 0 $(DESTDIR)$(sbindir)/$(SPREFIX)dropbear$(EXEEXT)
 
-install%: $*
+inst%: $*
 	$(INSTALL) -d -m 755 $(DESTDIR)$(bindir)
 	$(INSTALL) -m 755 $(SPREFIX)$*$(EXEEXT) $(DESTDIR)$(bindir)
-	-chown root $(DESTDIR)$(sbindir)/$(SPREFIX)$*$(EXEEXT)
-	-chgrp 0 $(DESTDIR)$(sbindir)/$(SPREFIX)$*$(EXEEXT)
-	ifeq ($(MULTI), 1)
-		@echo 
-		@echo "You must manually create links for $*"
-	endif
-
+	-chown root $(DESTDIR)$(bindir)/$(SPREFIX)$*$(EXEEXT)
+	-chgrp 0 $(DESTDIR)$(bindir)/$(SPREFIX)$*$(EXEEXT)
 
 
 # for some reason the rule further down doesn't like $($@objs) as a prereq.
@@ -158,11 +168,16 @@ ifeq ($(MULTI),1)
 	CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
 endif
 
-dropbearmulti: $(HEADERS) $(MULTIOBJS) $(LTC) $(LTM) Makefile
-	$(LD) $(LDFLAGS) -o $(SPREFIX)$@$(EXEEXT) $(MULTIOBJS) $(LIBS)
-	@echo
-	@echo "You should now create symlinks to the programs you have included"
-	@echo "ie 'ln -s dropbearmulti dropbear'"
+dropbearmulti: multilink 
+
+multibinary: $(HEADERS) $(MULTIOBJS) $(LTC) $(LTM) Makefile
+	$(LD) $(LDFLAGS) -o $(SPREFIX)dropbearmulti$(EXEEXT) $(MULTIOBJS) $(LIBS)
+
+multilink: multibinary $(addprefix link, $(PROGRAMS))
+
+link%:
+	-rm -f $(SPREFIX)$*$(EXEEXT)
+	-ln -s $(SPREFIX)dropbearmulti$(EXEEXT) $(SPREFIX)$*$(EXEEXT)
 
 $(LTC): options.h
 	cd libtomcrypt && $(MAKE) clean && $(MAKE)
@@ -179,7 +194,9 @@ ltm-clean:
 sizes: dropbear
 	objdump -t dropbear|grep ".text"|cut -d "." -f 2|sort -rn
 
-clean: ltc-clean ltm-clean
+clean: ltc-clean ltm-clean thisclean
+
+thisclean:
 	-rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress
 	-rm -f staticdropbear staticdropbearkey staticdropbearconvert staticscp
 	-rm -f dropbearmulti staticdropbearmulti

README

@@ -17,7 +17,7 @@ matt@ucc.asn.au
 In the absence of detailed documentation, some notes follow:
 ============================================================================
 
-Public key auth:
+Server public key auth:
 
 You can use ~/.ssh/authorized_keys in the same way as with OpenSSH, just put
 the key entries in that file. They should be of the form:
@@ -32,6 +32,21 @@ OpenSSH sshd manpage, and will not allow a login for these keys.
 
 ============================================================================
 
+Client public key auth:
+
+Dropbear can do public key auth as a client, but you will have to convert
+OpenSSH style keys to Dropbear format, or use dropbearkey to create them.
+
+If you have an OpenSSH-style private key ~/.ssh/id_rsa, you need to do:
+
+dropbearconvert openssh dropbear ~/.ssh/id_rsa  ~/.ssh/id_rsa.db
+dbclient -i ~/.ssh/id_rsa.db <hostname>
+
+Currently encrypted keys aren't supported, neither is agent forwarding. At some
+stage both hopefully will be.
+
+============================================================================
+
 If you want to get the public-key portion of a Dropbear private key, look at
 dropbearkey's '-y' option.
 

TODO

@@ -8,7 +8,7 @@ Things which might need doing:
 
 - fix agent fwd problems
 
-- improve channel window adjustment algorithm (circular buffering)
+- handle /etc/environment in AIX
 
 - check that there aren't timing issues with valid/invalid user authentication
   feedback.

auth.h

@@ -36,6 +36,7 @@ void send_msg_userauth_failure(int partial, int incrfail);
 void send_msg_userauth_success();
 void svr_auth_password();
 void svr_auth_pubkey();
+void svr_auth_pam();
 
 /* Client functions */
 void recv_msg_userauth_failure();

buffer.c

@@ -1,5 +1,5 @@
 /*
- * Dropbear - a SSH2 server
+ * Dropbear SSH
  * 
  * Copyright (c) 2002,2003 Matt Johnston
  * All rights reserved.

channel.h

@@ -27,6 +27,7 @@
 
 #include "includes.h"
 #include "buffer.h"
+#include "circbuffer.h"
 
 /* channel->type values */
 #define CHANNEL_ID_NONE 0
@@ -44,14 +45,15 @@
 /* Not a real type */
 #define SSH_OPEN_IN_PROGRESS					99
 
-#define MAX_CHANNELS 60 /* simple mem restriction, includes each tcp/x11
+#define MAX_CHANNELS 100 /* simple mem restriction, includes each tcp/x11
 							connection, so can't be _too_ small */
 
 #define CHAN_EXTEND_SIZE 3 /* how many extra slots to add when we need more */
 
-#define RECV_MAXWINDOW 6000 /* tweak */
-#define RECV_MAXPACKET 1400 /* tweak */
-#define RECV_MINWINDOW 19000 /* when we get below this, we send a windowadjust */
+#define RECV_MAXWINDOW 8000 /* tweak */
+#define RECV_WINDOWEXTEND 1000 /* We send a "window extend" every
+								RECV_WINDOWEXTEND bytes */
+#define RECV_MAXPACKET RECV_MAXWINDOW /* tweak */
 
 struct ChanType;
 
@@ -60,15 +62,16 @@ struct Channel {
 	unsigned int index; /* the local channel index */
 	unsigned int remotechan;
 	unsigned int recvwindow, transwindow;
+	unsigned int recvdonelen;
 	unsigned int recvmaxpacket, transmaxpacket;
 	void* typedata; /* a pointer to type specific data */
-	int infd; /* stdin for the program, we write to this */
-	int outfd; /* stdout for the program, we read from this */
-	int errfd; /* stdout for a program. This doesn't really fit here,
-				  but makes the code a lot tidyer without being too bad. This
-				  is -1 for channels which don't requre it. Currently only
-				  a 'session' without a pty will use it */
-	buffer *writebuf; /* data for the program */
+	int infd; /* data to send over the wire */
+	int outfd; /* data for consumption, what was in writebuf */
+	int errfd; /* used like infd or errfd, depending if it's client or server.
+				  Doesn't exactly belong here, but is cleaner here */
+	circbuffer *writebuf; /* data from the wire, for local consumption */
+	circbuffer *extrabuf; /* extended-data for the program - used like writebuf
+					     but for stderr */
 
 	int sentclosed, recvclosed;
 
@@ -97,6 +100,7 @@ void chaninitialise();
 void chancleanup();
 void setchannelfds(fd_set *readfd, fd_set *writefd);
 void channelio(fd_set *readfd, fd_set *writefd);
+struct Channel* getchannel(unsigned int chan);
 struct Channel* newchannel(unsigned int remotechan, 
 		const struct ChanType *type, 
 		unsigned int transwindow, unsigned int transmaxpacket);
@@ -106,10 +110,16 @@ void recv_msg_channel_request();
 void send_msg_channel_failure(struct Channel *channel);
 void send_msg_channel_success(struct Channel *channel);
 void recv_msg_channel_data();
+void recv_msg_channel_extended_data();
 void recv_msg_channel_window_adjust();
 void recv_msg_channel_close();
 void recv_msg_channel_eof();
 
+void common_recv_msg_channel_data(struct Channel *channel, int fd, 
+		circbuffer * buf);
+
+const struct ChanType clichansess;
+
 #ifdef USING_LISTENERS
 int send_msg_channel_open_init(int fd, const struct ChanType *type);
 void recv_msg_channel_open_confirmation();

chansession.h

@@ -68,11 +68,6 @@ struct ChildPid {
 };
 
 
-void chansessionrequest(struct Channel * channel);
-void send_msg_chansess_exitstatus(struct Channel * channel,
-		struct ChanSess * chansess);
-void send_msg_chansess_exitsignal(struct Channel * channel,
-		struct ChanSess * chansess);
 void addnewvar(const char* param, const char* var);
 
 void cli_send_chansess_request();

circbuffer.c

@@ -0,0 +1,138 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002-2004 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "dbutil.h"
+#include "circbuffer.h"
+
+#define MAX_CBUF_SIZE 100000000
+
+circbuffer * cbuf_new(unsigned int size) {
+
+	circbuffer *cbuf = NULL;
+
+	if (size > MAX_CBUF_SIZE) {
+		dropbear_exit("bad cbuf size");
+	}
+
+	cbuf = (circbuffer*)m_malloc(sizeof(circbuffer));
+	cbuf->data = (unsigned char*)m_malloc(size);
+	cbuf->used = 0;
+	cbuf->readpos = 0;
+	cbuf->writepos = 0;
+	cbuf->size = size;
+
+	return cbuf;
+}
+
+void cbuf_free(circbuffer * cbuf) {
+
+	m_free(cbuf->data);
+	m_free(cbuf);
+}
+
+unsigned int cbuf_getused(circbuffer * cbuf) {
+
+	return cbuf->used;
+
+}
+
+unsigned int cbuf_getavail(circbuffer * cbuf) {
+
+	return cbuf->size - cbuf->used;
+
+}
+
+unsigned int cbuf_readlen(circbuffer *cbuf) {
+
+	assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size);
+	assert(((2*cbuf->size)+cbuf->readpos-cbuf->writepos)%cbuf->size == (cbuf->size-cbuf->used)%cbuf->size);
+
+	if (cbuf->used == 0) {
+		TRACE(("cbuf_readlen: unused buffer"));
+		return 0;
+	}
+
+	if (cbuf->readpos < cbuf->writepos) {
+		return cbuf->writepos - cbuf->readpos;
+	}
+
+	return cbuf->size - cbuf->readpos;
+}
+
+unsigned int cbuf_writelen(circbuffer *cbuf) {
+
+	assert(cbuf->used <= cbuf->size);
+	assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size);
+	assert(((2*cbuf->size)+cbuf->readpos-cbuf->writepos)%cbuf->size == (cbuf->size-cbuf->used)%cbuf->size);
+
+	if (cbuf->used == cbuf->size) {
+		TRACE(("cbuf_writelen: full buffer"));
+		return 0; /* full */
+	}
+	
+	if (cbuf->writepos < cbuf->readpos) {
+		return cbuf->readpos - cbuf->writepos;
+	}
+
+	return cbuf->size - cbuf->writepos;
+}
+
+unsigned char* cbuf_readptr(circbuffer *cbuf, unsigned int len) {
+	if (len > cbuf_readlen(cbuf)) {
+		dropbear_exit("bad cbuf read");
+	}
+
+	return &cbuf->data[cbuf->readpos];
+}
+
+unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len) {
+
+	if (len > cbuf_writelen(cbuf)) {
+		dropbear_exit("bad cbuf write");
+	}
+
+	return &cbuf->data[cbuf->writepos];
+}
+
+void cbuf_incrwrite(circbuffer *cbuf, unsigned int len) {
+	if (len > cbuf_writelen(cbuf)) {
+		dropbear_exit("bad cbuf write");
+	}
+
+	cbuf->used += len;
+	assert(cbuf->used <= cbuf->size);
+	cbuf->writepos = (cbuf->writepos + len) % cbuf->size;
+}
+
+
+void cbuf_incrread(circbuffer *cbuf, unsigned int len) {
+	if (len > cbuf_readlen(cbuf)) {
+		dropbear_exit("bad cbuf read");
+	}
+
+	assert(cbuf->used >= len);
+	cbuf->used -= len;
+	cbuf->readpos = (cbuf->readpos + len) % cbuf->size;
+}

circbuffer.h

@@ -0,0 +1,50 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002-2004 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#ifndef _CIRCBUFFER_H_
+#define _CIRCBUFFER_H_
+struct circbuf {
+
+	unsigned int size;
+	unsigned int readpos;
+	unsigned int writepos;
+	unsigned int used;
+	unsigned char* data;
+};
+
+typedef struct circbuf circbuffer;
+
+circbuffer * cbuf_new(unsigned int size);
+void cbuf_free(circbuffer * cbuf);
+
+unsigned int cbuf_getused(circbuffer * cbuf); /* how much data stored */
+unsigned int cbuf_getavail(circbuffer * cbuf); /* how much we can write */
+unsigned int cbuf_readlen(circbuffer *cbuf); /* max linear read len */
+unsigned int cbuf_writelen(circbuffer *cbuf); /* max linear write len */
+
+unsigned char* cbuf_readptr(circbuffer *cbuf, unsigned int len);
+unsigned char* cbuf_writeptr(circbuffer *cbuf, unsigned int len);
+void cbuf_incrwrite(circbuffer *cbuf, unsigned int len);
+void cbuf_incrread(circbuffer *cbuf, unsigned int len);
+#endif

cli-auth.c

@@ -169,6 +169,8 @@ void recv_msg_userauth_failure() {
 		}
 	}
 
+	m_free(methods);
+
 	cli_ses.state = USERAUTH_FAIL_RCVD;
 		
 	TRACE(("leave recv_msg_userauth_failure"));

cli-channel.c

@@ -0,0 +1,65 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2002-2004 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "channel.h"
+#include "buffer.h"
+#include "circbuffer.h"
+#include "dbutil.h"
+#include "session.h"
+#include "ssh.h"
+
+/* We receive channel data - only used by the client chansession code*/
+void recv_msg_channel_extended_data() {
+
+	unsigned int chan;
+	struct Channel *channel;
+	unsigned int datatype;
+
+	TRACE(("enter recv_msg_channel_extended_data"));
+
+	chan = buf_getint(ses.payload);
+	channel = getchannel(chan);
+
+	if (channel == NULL) {
+		dropbear_exit("Unknown channel");
+	}
+
+	if (channel->type != &clichansess) {
+		TRACE(("leave recv_msg_channel_extended_data: chantype is wrong"));
+		return; /* we just ignore it */
+	}
+
+	datatype = buf_getint(ses.payload);
+	
+	if (datatype != SSH_EXTENDED_DATA_STDERR) {
+		TRACE(("leave recv_msg_channel_extended_data: wrong datatype: %d",
+					datatype));
+		return;	
+	}
+
+	common_recv_msg_channel_data(channel, channel->errfd, channel->extrabuf);
+
+	TRACE(("leave recv_msg_channel_extended_data"));
+}

cli-chansession.c

@@ -32,9 +32,11 @@
 #include "ssh.h"
 #include "runopts.h"
 #include "termcodes.h"
+#include "chansession.h"
 
 static void cli_closechansess(struct Channel *channel);
 static int cli_initchansess(struct Channel *channel);
+static void cli_chansessreq(struct Channel *channel);
 
 static void start_channel_request(struct Channel *channel, unsigned char *type);
 
@@ -42,19 +44,43 @@ static void send_chansess_pty_req(struct Channel *channel);
 static void send_chansess_shell_req(struct Channel *channel);
 
 static void cli_tty_setup();
-void cli_tty_cleanup();
 
-static const struct ChanType clichansess = {
+const struct ChanType clichansess = {
 	0, /* sepfds */
 	"session", /* name */
 	cli_initchansess, /* inithandler */
 	NULL, /* checkclosehandler */
-	NULL, /* reqhandler */
+	cli_chansessreq, /* reqhandler */
 	cli_closechansess, /* closehandler */
 };
 
+static void cli_chansessreq(struct Channel *channel) {
+
+	unsigned char* type = NULL;
+	int wantreply;
+
+	TRACE(("enter cli_chansessreq"));
+
+	type = buf_getstring(ses.payload, NULL);
+	wantreply = buf_getbyte(ses.payload);
+
+	if (strcmp(type, "exit-status") != 0) {
+		TRACE(("unknown request '%s'", type));
+		send_msg_channel_failure(channel);
+		goto out;
+	}
+		
+	/* We'll just trust what they tell us */
+	cli_ses.retval = buf_getint(ses.payload);
+	TRACE(("got exit-status of '%d'", cli_ses.retval));
+
+out:
+	m_free(type);
+}
+	
+
 /* If the main session goes, we close it up */
-static void cli_closechansess(struct Channel *channel) {
+static void cli_closechansess(struct Channel *UNUSED(channel)) {
 
 	/* This channel hasn't gone yet, so we have > 1 */
 	if (ses.chancount > 1) {
@@ -228,7 +254,7 @@ static void put_winsize() {
 
 }
 
-static void sigwinch_handler(int dummy) {
+static void sigwinch_handler(int UNUSED(unused)) {
 
 	cli_ses.winchange = 1;
 
@@ -313,9 +339,17 @@ static void send_chansess_shell_req(struct Channel *channel) {
 
 static int cli_initchansess(struct Channel *channel) {
 
+
 	channel->infd = STDOUT_FILENO;
-	//channel->outfd = STDIN_FILENO;
-	//channel->errfd = STDERR_FILENO;
+	setnonblocking(STDOUT_FILENO);
+
+	channel->outfd = STDIN_FILENO;
+	setnonblocking(STDIN_FILENO);
+
+	channel->errfd = STDERR_FILENO;
+	setnonblocking(STDERR_FILENO);
+
+	channel->extrabuf = cbuf_new(RECV_MAXWINDOW);
 
 	if (cli_opts.wantpty) {
 		send_chansess_pty_req(channel);

cli-kex.c

@@ -45,8 +45,8 @@ void send_msg_kexdh_init() {
 
 	cli_ses.dh_e = (mp_int*)m_malloc(sizeof(mp_int));
 	cli_ses.dh_x = (mp_int*)m_malloc(sizeof(mp_int));
-
 	m_mp_init_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
+
 	gen_kexdh_vals(cli_ses.dh_e, cli_ses.dh_x);
 
 	CHECKCLEARTOWRITE();
@@ -59,13 +59,18 @@ void send_msg_kexdh_init() {
 /* Handle a diffie-hellman key exchange reply. */
 void recv_msg_kexdh_reply() {
 
-	mp_int dh_f;
+	DEF_MP_INT(dh_f);
 	sign_key *hostkey = NULL;
 	unsigned int type, keybloblen;
 	unsigned char* keyblob = NULL;
 
 
 	TRACE(("enter recv_msg_kexdh_reply"));
+
+	if (cli_ses.kex_state != KEXDH_INIT_SENT) {
+		dropbear_exit("Received out-of-order kexdhreply");
+	}
+	m_mp_init(&dh_f);
 	type = ses.newkeys->algo_hostkey;
 	TRACE(("type is %d", type));
 
@@ -83,7 +88,6 @@ void recv_msg_kexdh_reply() {
 		dropbear_exit("Bad KEX packet");
 	}
 
-	m_mp_init(&dh_f);
 	if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) {
 		TRACE(("failed getting mpint"));
 		dropbear_exit("Bad KEX packet");
@@ -91,6 +95,9 @@ void recv_msg_kexdh_reply() {
 
 	kexdh_comb_key(cli_ses.dh_e, cli_ses.dh_x, &dh_f, hostkey);
 	mp_clear(&dh_f);
+	mp_clear_multi(cli_ses.dh_e, cli_ses.dh_x, NULL);
+	m_free(cli_ses.dh_e);
+	m_free(cli_ses.dh_x);
 
 	if (buf_verify(ses.payload, hostkey, ses.hash, SHA1_HASH_SIZE) 
 			!= DROPBEAR_SUCCESS) {
@@ -147,21 +154,30 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 	/* Check that ~/.ssh exists - easiest way is just to mkdir */
 	if (mkdir(filename, S_IRWXU) != 0) {
 		if (errno != EEXIST) {
+			dropbear_log(LOG_INFO, "Warning: failed creating ~/.ssh: %s",
+					strerror(errno));
+			TRACE(("mkdir didn't work: %s", strerror(errno)));
 			ask_to_confirm(keyblob, keybloblen);
 			goto out; /* only get here on success */
 		}
 	}
 
 	snprintf(filename, len+18, "%s/.ssh/known_hosts", pw->pw_dir);
-	hostsfile = fopen(filename, "r+");
+	hostsfile = fopen(filename, "a+");
 	
-	/* We mightn't have been able to open it if it was read-only */
-	if (hostsfile == NULL && (errno == EACCES || errno == EROFS)) {
-			readonly = 1;
-			hostsfile = fopen(filename, "r");
+	if (hostsfile != NULL) {
+		fseek(hostsfile, 0, SEEK_SET);
+	} else {
+		/* We mightn't have been able to open it if it was read-only */
+		if (errno == EACCES || errno == EROFS) {
+				TRACE(("trying readonly: %s", strerror(errno)));
+				readonly = 1;
+				hostsfile = fopen(filename, "r");
+		}
 	}
 
 	if (hostsfile == NULL) {
+		TRACE(("hostsfile didn't open: %s", strerror(errno)));
 		ask_to_confirm(keyblob, keybloblen);
 		goto out; /* We only get here on success */
 	}
@@ -228,11 +244,12 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 	/* If we get here, they said yes */
 
 	if (readonly) {
+		TRACE(("readonly"));
 		goto out;
 	}
 
 	/* put the new entry in the file */
-	fseek(hostsfile, 0, SEEK_END);
+	fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */
 	buf_setpos(line, 0);
 	buf_setlen(line, 0);
 	buf_putbytes(line, ses.remotehost, hostlen);
@@ -255,5 +272,7 @@ out:
 		fclose(hostsfile);
 	}
 	m_free(filename);
-	buf_free(line);
+	if (line != NULL) {
+		buf_free(line);
+	}
 }

cli-main.c

@@ -52,6 +52,10 @@ int main(int argc, char ** argv) {
 	TRACE(("user='%s' host='%s' port='%s'", cli_opts.username,
 				cli_opts.remotehost, cli_opts.remoteport));
 
+	if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
+		dropbear_exit("signal() error");
+	}
+
 	sock = connect_remote(cli_opts.remotehost, cli_opts.remoteport, 
 			0, &error);
 
@@ -96,7 +100,8 @@ static void cli_dropbear_exit(int exitcode, const char* format, va_list param) {
 	exit(exitcode);
 }
 
-static void cli_dropbear_log(int priority, const char* format, va_list param) {
+static void cli_dropbear_log(int UNUSED(priority), 
+		const char* format, va_list param) {
 
 	char printbuf[1024];
 

cli-runopts.c

@@ -59,6 +59,9 @@ static void printhelp() {
 					"-R <listenport:remotehost:remoteport> Remote port forwarding\n"
 #endif
 					"-l <username>\n"
+#ifdef DEBUG_TRACE
+					"-v    verbose\n"
+#endif
 					,DROPBEAR_VERSION, cli_opts.progname);
 }
 
@@ -140,12 +143,6 @@ void cli_getopts(int argc, char ** argv) {
 		if (argv[i][0] == '-') {
 			/* A flag *waves* */
 
-			if (strlen(argv[i]) > 2) {
-					fprintf(stderr, 
-						"WARNING: Ignoring unknown argument '%s'\n", argv[i]);
-					continue;
-			}
-
 			switch (argv[i][1]) {
 				case 'p': /* remoteport */
 					next = &cli_opts.remoteport;
@@ -178,6 +175,11 @@ void cli_getopts(int argc, char ** argv) {
 					printhelp();
 					exit(EXIT_SUCCESS);
 					break;
+#ifdef DEBUG_TRACE
+				case 'v':
+					debug_trace = 1;
+					break;
+#endif
 				case 'F':
 				case 'e':
 				case 'c':
@@ -197,6 +199,12 @@ void cli_getopts(int argc, char ** argv) {
 						"WARNING: Ignoring unknown argument '%s'\n", argv[i]);
 					break;
 			} /* Switch */
+			
+			/* Now we handle args where they might be "-luser" (no spaces)*/
+			if (next && strlen(argv[i]) > 2) {
+				*next = &argv[i][2];
+				next = NULL;
+			}
 
 			continue; /* next argument */
 

cli-session.c

@@ -48,6 +48,7 @@ struct clientsession cli_ses; /* GLOBAL */
 static const packettype cli_packettypes[] = {
 	/* TYPE, FUNCTION */
 	{SSH_MSG_CHANNEL_DATA, recv_msg_channel_data},
+	{SSH_MSG_CHANNEL_EXTENDED_DATA, recv_msg_channel_extended_data},
 	{SSH_MSG_CHANNEL_WINDOW_ADJUST, recv_msg_channel_window_adjust},
 	{SSH_MSG_USERAUTH_FAILURE, recv_msg_userauth_failure}, /* client */
 	{SSH_MSG_USERAUTH_SUCCESS, recv_msg_userauth_success}, /* client */
@@ -112,6 +113,14 @@ static void cli_session_init() {
 	cli_ses.tty_raw_mode = 0;
 	cli_ses.winchange = 0;
 
+	/* We store stdin's flags, so we can set them back on exit (otherwise
+	 * busybox's ash isn't happy */
+	cli_ses.stdincopy = dup(STDIN_FILENO);
+	cli_ses.stdinflags = fcntl(STDIN_FILENO, F_GETFL, 0);
+
+	cli_ses.retval = EXIT_SUCCESS; /* Assume it's clean if we don't get a
+									  specific exit status */
+
 	/* Auth */
 	cli_ses.lastpubkey = NULL;
 	cli_ses.lastauthtype = NULL;
@@ -240,6 +249,11 @@ void cli_session_cleanup() {
 	if (!sessinitdone) {
 		return;
 	}
+
+	/* Set stdin back to non-blocking - busybox ash dies nastily
+	 * if we don't revert the flags */
+	fcntl(cli_ses.stdincopy, F_SETFL, cli_ses.stdinflags);
+
 	cli_tty_cleanup();
 
 }
@@ -250,7 +264,7 @@ static void cli_finished() {
 	common_session_cleanup();
 	fprintf(stderr, "Connection to %s@%s:%s closed.\n", cli_opts.username,
 			cli_opts.remotehost, cli_opts.remoteport);
-	exit(EXIT_SUCCESS);
+	exit(cli_ses.retval);
 }
 
 

cli-tcpfwd.c

@@ -89,7 +89,7 @@ static int cli_localtcp(unsigned int listenport, const char* remoteaddr,
 				remoteport));
 
 	tcpinfo = (struct TCPListener*)m_malloc(sizeof(struct TCPListener*));
-	tcpinfo->sendaddr = remoteaddr;
+	tcpinfo->sendaddr = m_strdup(remoteaddr);
 	tcpinfo->sendport = remoteport;
 	tcpinfo->listenport = listenport;
 	tcpinfo->chantype = &cli_chan_tcplocal;

common-channel.c

@@ -1,7 +1,7 @@
 /*
- * Dropbear - a SSH2 server
+ * Dropbear SSH
  * 
- * Copyright (c) 2002,2003 Matt Johnston
+ * Copyright (c) 2002-2004 Matt Johnston
  * All rights reserved.
  * 
  * Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -29,6 +29,7 @@
 #include "packet.h"
 #include "ssh.h"
 #include "buffer.h"
+#include "circbuffer.h"
 #include "dbutil.h"
 #include "channel.h"
 #include "ssh.h"
@@ -39,7 +40,7 @@ static void send_msg_channel_open_failure(unsigned int remotechan, int reason,
 static void send_msg_channel_open_confirmation(struct Channel* channel,
 		unsigned int recvwindow, 
 		unsigned int recvmaxpacket);
-static void writechannel(struct Channel *channel);
+static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf);
 static void send_msg_channel_window_adjust(struct Channel *channel, 
 		unsigned int incr);
 static void send_msg_channel_data(struct Channel *channel, int isextended,
@@ -147,8 +148,10 @@ struct Channel* newchannel(unsigned int remotechan,
 	newchan->errfd = FD_CLOSED; /* this isn't always set to start with */
 	newchan->initconn = 0;
 
-	newchan->writebuf = buf_new(RECV_MAXWINDOW);
+	newchan->writebuf = cbuf_new(RECV_MAXWINDOW);
+	newchan->extrabuf = NULL; /* The user code can set it up */
 	newchan->recvwindow = RECV_MAXWINDOW;
+	newchan->recvdonelen = 0;
 	newchan->recvmaxpacket = RECV_MAXPACKET;
 
 	ses.channels[i] = newchan;
@@ -160,7 +163,7 @@ struct Channel* newchannel(unsigned int remotechan,
 }
 
 /* Get the channel structure corresponding to a channel number */
-static struct Channel* getchannel(unsigned int chan) {
+struct Channel* getchannel(unsigned int chan) {
 	if (chan >= ses.chansize || ses.channels[chan] == NULL) {
 		return NULL;
 	}
@@ -189,7 +192,8 @@ void channelio(fd_set *readfd, fd_set *writefd) {
 		}
 
 		/* read from program/pipe stderr */
-		if (channel->errfd >= 0 && FD_ISSET(channel->errfd, readfd)) {
+		if (channel->extrabuf == NULL &&
+				channel->errfd >= 0 && FD_ISSET(channel->errfd, readfd)) {
 				send_msg_channel_data(channel, 1, SSH_EXTENDED_DATA_STDERR);
 		}
 
@@ -218,7 +222,13 @@ void channelio(fd_set *readfd, fd_set *writefd) {
 				continue; /* Important not to use the channel after
 							 checkinitdone(), as it may be NULL */
 			}
-			writechannel(channel);
+			writechannel(channel, channel->infd, channel->writebuf);
+		}
+		
+		/* stderr for client mode */
+		if (channel->extrabuf != NULL 
+				&& channel->errfd >= 0 && FD_ISSET(channel->errfd, writefd)) {
+			writechannel(channel, channel->errfd, channel->extrabuf);
 		}
 	
 		/* now handle any of the channel-closing type stuff */
@@ -236,6 +246,14 @@ void channelio(fd_set *readfd, fd_set *writefd) {
 /* do all the EOF/close type stuff checking for a channel */
 static void checkclose(struct Channel *channel) {
 
+	TRACE(("checkclose: infd %d, outfd %d, errfd %d, sentclosed %d, recvclosed %d", 
+				channel->infd, channel->outfd,
+				channel->errfd, channel->sentclosed, channel->recvclosed));
+	TRACE(("writebuf %d extrabuf %s extrabuf %d",
+				cbuf_getused(channel->writebuf),
+				channel->writebuf,
+				channel->writebuf ? 0 : cbuf_getused(channel->extrabuf)));
+
 	if (!channel->sentclosed) {
 
 		/* check for exited - currently only used for server sessions,
@@ -248,13 +266,13 @@ static void checkclose(struct Channel *channel) {
 
 		if (!channel->senteof
 			&& channel->outfd == FD_CLOSED 
-			&& channel->errfd == FD_CLOSED) {
+			&& (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) {
 			send_msg_channel_eof(channel);
 		}
 
 		if (channel->infd == FD_CLOSED
-				&& channel->outfd == FD_CLOSED
-				&& channel->errfd == FD_CLOSED) {
+			&& channel->outfd == FD_CLOSED
+			&& (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) {
 			send_msg_channel_close(channel);
 		}
 	}
@@ -345,49 +363,53 @@ static void send_msg_channel_eof(struct Channel *channel) {
 	TRACE(("leave send_msg_channel_eof"));
 }
 
-/* Called to write data out to the server side of a channel (eg a shell or a
- * program.
+/* Called to write data out to the local side of the channel. 
  * Only called when we know we can write to a channel, writes as much as
  * possible */
-static void writechannel(struct Channel* channel) {
+static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) {
 
 	int len, maxlen;
-	buffer *buf;
 
 	TRACE(("enter writechannel"));
 
-	buf = channel->writebuf;
-	maxlen = buf->len - buf->pos;
+	maxlen = cbuf_readlen(cbuf);
 
-	len = write(channel->infd, buf_getptr(buf, maxlen), maxlen);
+	/* Write the data out */
+	len = write(fd, cbuf_readptr(cbuf, maxlen), maxlen);
 	if (len <= 0) {
 		if (len < 0 && errno != EINTR) {
-			/* no more to write */
+			/* no more to write - we close it even if the fd was stderr, since
+			 * that's a nasty failure too */
 			closeinfd(channel);
 		}
 		TRACE(("leave writechannel: len <= 0"));
 		return;
 	}
-	
-	if (len == maxlen) {
-		buf_setpos(buf, 0);
-		buf_setlen(buf, 0);
 
-		if (channel->recveof) {
-			/* we're closing up */
-			closeinfd(channel);
-			return;
-			TRACE(("leave writechannel: recveof set"));
-		}
+	cbuf_incrread(cbuf, len);
+	channel->recvdonelen += len;
 
-		/* extend the window if we're at the end*/
-		/* TODO - this is inefficient */
-		send_msg_channel_window_adjust(channel, buf->size
-				- channel->recvwindow);
-		channel->recvwindow = buf->size;
-	} else {
-		buf_incrpos(buf, len);
+	if (fd == channel->infd && len == maxlen && channel->recveof) { 
+		/* Check if we're closing up */
+		closeinfd(channel);
+		TRACE(("leave writechannel: recveof set"));
+		return;
 	}
+
+	/* Window adjust handling */
+	if (channel->recvdonelen >= RECV_WINDOWEXTEND) {
+		/* Set it back to max window */
+		send_msg_channel_window_adjust(channel, channel->recvdonelen);
+		channel->recvwindow += channel->recvdonelen;
+		channel->recvdonelen = 0;
+	}
+
+	assert(channel->recvwindow <= RECV_MAXWINDOW);
+	assert(channel->recvwindow <= cbuf_getavail(channel->writebuf));
+	assert(channel->extrabuf == NULL ||
+			channel->recvwindow <= cbuf_getavail(channel->extrabuf));
+	
+	
 	TRACE(("leave writechannel"));
 }
 
@@ -405,30 +427,38 @@ void setchannelfds(fd_set *readfd, fd_set *writefd) {
 			continue;
 		}
 
-		/* stdout and stderr */
+		/* Stuff to put over the wire */
 		if (channel->transwindow > 0) {
 
-			/* stdout */
 			if (channel->outfd >= 0) {
-				/* there's space to read more from the program */
 				FD_SET(channel->outfd, readfd);
 			}
-			/* stderr */
-			if (channel->errfd >= 0) {
+			
+			if (channel->extrabuf == NULL && channel->errfd >= 0) {
 					FD_SET(channel->errfd, readfd);
 			}
 		}
 
+		/* For checking FD status (ie closure etc) - we don't actually
+		 * read data from infd */
+		TRACE(("infd = %d, outfd %d, errfd %d, bufused %d", 
+					channel->infd, channel->outfd,
+					channel->errfd,
+					cbuf_getused(channel->writebuf) ));
 		if (channel->infd >= 0 && channel->infd != channel->outfd) {
 			FD_SET(channel->infd, readfd);
 		}
 
-		/* stdin */
-		if (channel->infd >= 0 &&
-				(channel->writebuf->pos < channel->writebuf->len ||
-				 channel->initconn)) {
-			/* there's space to write more to the program */
-			FD_SET(channel->infd, writefd);
+		/* Stuff from the wire, to local program/shell/user etc */
+		if ((channel->infd >= 0 && cbuf_getused(channel->writebuf) > 0 )
+				|| channel->initconn) {
+
+				FD_SET(channel->infd, writefd);
+		}
+
+		if (channel->extrabuf != NULL && channel->errfd >= 0 
+				&& cbuf_getused(channel->extrabuf) > 0 ) {
+				FD_SET(channel->errfd, writefd);
 		}
 
 	} /* foreach channel */
@@ -457,7 +487,9 @@ void recv_msg_channel_eof() {
 	}
 
 	channel->recveof = 1;
-	if (channel->writebuf->len == 0) {
+	if (cbuf_getused(channel->writebuf) == 0
+			&& (channel->extrabuf == NULL 
+					|| cbuf_getused(channel->extrabuf) == 0)) {
 		closeinfd(channel);
 	}
 
@@ -499,16 +531,21 @@ static void removechannel(struct Channel * channel) {
 	TRACE(("enter removechannel"));
 	TRACE(("channel index is %d", channel->index));
 
-	buf_free(channel->writebuf);
+	cbuf_free(channel->writebuf);
 	channel->writebuf = NULL;
 
+	if (channel->extrabuf) {
+		cbuf_free(channel->extrabuf);
+		channel->extrabuf = NULL;
+	}
+
+
 	/* close the FDs in case they haven't been done
 	 * yet (ie they were shutdown etc */
 	close(channel->infd);
 	close(channel->outfd);
-	if (channel->errfd >= 0) {
-		close(channel->errfd);
-	}
+	close(channel->errfd);
+
 	channel->typedata = NULL;
 
 	deletechannel(channel);
@@ -591,16 +628,19 @@ static void send_msg_channel_data(struct Channel *channel, int isextended,
 	}
 
 	/* read the data */
+	TRACE(("maxlen %d", maxlen));
 	buf = buf_new(maxlen);
+	TRACE(("buf pos %d data %x", buf->pos, buf->data));
 	len = read(fd, buf_getwriteptr(buf, maxlen), maxlen);
 	if (len <= 0) {
 		/* on error/eof, send eof */
 		if (len == 0 || errno != EINTR) {
 			closeoutfd(channel, fd);
-			TRACE(("leave send_msg_channel_data: read err %d", channel->index));
 		}
 		buf_free(buf);
 		buf = NULL;
+		TRACE(("leave send_msg_channel_data: read err or EOF for fd %d", 
+					channel->index));
 		return;
 	}
 	buf_incrlen(buf, len);
@@ -623,59 +663,72 @@ static void send_msg_channel_data(struct Channel *channel, int isextended,
 	TRACE(("leave send_msg_channel_data"));
 }
 
-
-/* when we receive channel data, put it in a buffer for writing to the program/
- * shell etc */
+/* We receive channel data */
 void recv_msg_channel_data() {
 
 	unsigned int chan;
-	struct Channel * channel;
-	unsigned int datalen;
-	unsigned int pos;
-	unsigned int maxdata;
+	struct Channel *channel;
 
-	TRACE(("enter recv_msg_channel_data"));
-	
 	chan = buf_getint(ses.payload);
 	channel = getchannel(chan);
+
 	if (channel == NULL) {
 		dropbear_exit("Unknown channel");
 	}
 
+	common_recv_msg_channel_data(channel, channel->infd, channel->writebuf);
+}
+
+/* Shared for data and stderr data - when we receive data, put it in a buffer
+ * for writing to the local file descriptor */
+void common_recv_msg_channel_data(struct Channel *channel, int fd, 
+		circbuffer * cbuf) {
+
+	unsigned int datalen;
+	unsigned int maxdata;
+	unsigned int buflen;
+	unsigned int len;
+
+	TRACE(("enter recv_msg_channel_data"));
+
 	if (channel->recveof) {
 		dropbear_exit("received data after eof");
 	}
 
- 	if (channel->infd < 0) {
+ 	if (fd < 0) {
 		dropbear_exit("received data with bad infd");
 	}
 
 	datalen = buf_getint(ses.payload);
 
-	/* if the client is going to send us more data than we've allocated, then 
-	 * it has ignored the windowsize, so we "MAY ignore all extra data" */
-	maxdata = channel->writebuf->size - channel->writebuf->pos;
+
+	maxdata = cbuf_getavail(cbuf);
+
+	/* Whilst the spec says we "MAY ignore data past the end" this could
+	 * lead to corrupted file transfers etc (chunks missed etc). It's better to
+	 * just die horribly */
 	if (datalen > maxdata) {
-		TRACE(("Warning: recv_msg_channel_data: extra data past window"));
-		datalen = maxdata;
+		dropbear_exit("Oversized packet");
 	}
 
-	/* write to the buffer - we always append to the end of the buffer */
-	pos = channel->writebuf->pos;
-	buf_setpos(channel->writebuf, channel->writebuf->len);
-	memcpy(buf_getwriteptr(channel->writebuf, datalen), 
-			buf_getptr(ses.payload, datalen), datalen);
-	buf_incrwritepos(channel->writebuf, datalen);
-	buf_setpos(channel->writebuf, pos); /* revert pos */
+	/* We may have to run throught twice, if the buffer wraps around. Can't
+	 * just "leave it for next time" like with writechannel, since this
+	 * is payload data */
+	len = datalen;
+	while (len > 0) {
+		buflen = cbuf_writelen(cbuf);
+		buflen = MIN(buflen, len);
 
+		memcpy(cbuf_writeptr(cbuf, buflen), 
+				buf_getptr(ses.payload, buflen), buflen);
+		cbuf_incrwrite(cbuf, buflen);
+		buf_incrpos(ses.payload, buflen);
+		len -= buflen;
+	}
+
+	assert(channel->recvwindow >= datalen);
 	channel->recvwindow -= datalen;
-
-	/* matt - this might be for later */
-/*	if (channel->recvwindow < RECV_MINWINDOW) {
-		send_msg_channel_window_adjust(channel, 
-				RECV_MAXWINDOW - channel->recvwindow);
-		channel->recvwindow = RECV_MAXWINDOW;
-	}*/
+	assert(channel->recvwindow <= RECV_MAXWINDOW);
 
 	TRACE(("leave recv_msg_channel_data"));
 }
@@ -886,10 +939,7 @@ int send_msg_channel_open_init(int fd, const struct ChanType *type) {
 	}
 
 	/* set fd non-blocking */
-	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
-		TRACE(("leave send_msg_channel_open_init() - FAILED in fcntl()"));
-		return DROPBEAR_FAILURE;
-	}
+	setnonblocking(fd);
 
 	chan->infd = chan->outfd = fd;
 	ses.maxfd = MAX(ses.maxfd, fd);
@@ -993,15 +1043,19 @@ static void closechanfd(struct Channel *channel, int fd, int how) {
 		closein = closeout = 1;
 	}
 
-	if (closeout && fd == channel->errfd) {
-		channel->errfd = FD_CLOSED;
-	}
 	if (closeout && fd == channel->outfd) {
 		channel->outfd = FD_CLOSED;
 	}
+	if (closeout && (channel->extrabuf == NULL) && (fd == channel->errfd)) {
+		channel->errfd = FD_CLOSED;
+	}
+
 	if (closein && fd == channel->infd) {
 		channel->infd = FD_CLOSED;
 	}
+	if (closein && (channel->extrabuf != NULL) && (fd == channel->errfd)) {
+		channel->errfd = FD_CLOSED;
+	}
 }
 
 #endif /* USING_LISTENERS */

common-kex.c

@@ -464,15 +464,18 @@ void recv_msg_kexinit() {
 
 /* Initialises and generate one side of the diffie-hellman key exchange values.
  * See the ietf-secsh-transport draft, section 6, for details */
+/* dh_pub and dh_priv MUST be already initialised */
 void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv) {
 
-	mp_int dh_p, dh_q, dh_g;
+	DEF_MP_INT(dh_p);
+	DEF_MP_INT(dh_q);
+	DEF_MP_INT(dh_g);
 	unsigned char randbuf[DH_P_LEN];
 	int dh_q_len;
 
 	TRACE(("enter send_msg_kexdh_reply"));
 	
-	m_mp_init_multi(&dh_g, &dh_p, &dh_q, dh_priv, dh_pub, NULL);
+	m_mp_init_multi(&dh_g, &dh_p, &dh_q, NULL);
 
 	/* read the prime and generator*/
 	if (mp_read_unsigned_bin(&dh_p, (unsigned char*)dh_p_val, DH_P_LEN)
@@ -631,42 +634,44 @@ static void read_kex_algos() {
 
 	/* encryption_algorithms_client_to_server */
 	c2s_cipher_algo = ses.buf_match_algo(ses.payload, sshciphers, &goodguess);
-	if (algo == NULL) {
+	if (c2s_cipher_algo == NULL) {
 		erralgo = "enc c->s";
 		goto error;
 	}
+	TRACE(("c2s is  %s", c2s_cipher_algo->name));
 
 	/* encryption_algorithms_server_to_client */
 	s2c_cipher_algo = ses.buf_match_algo(ses.payload, sshciphers, &goodguess);
-	if (algo == NULL) {
+	if (s2c_cipher_algo == NULL) {
 		erralgo = "enc s->c";
 		goto error;
 	}
+	TRACE(("s2c is  %s", s2c_cipher_algo->name));
 
 	/* mac_algorithms_client_to_server */
 	c2s_hash_algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess);
-	if (algo == NULL) {
+	if (c2s_hash_algo == NULL) {
 		erralgo = "mac c->s";
 		goto error;
 	}
 
 	/* mac_algorithms_server_to_client */
 	s2c_hash_algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess);
-	if (algo == NULL) {
+	if (s2c_hash_algo == NULL) {
 		erralgo = "mac s->c";
 		goto error;
 	}
 
 	/* compression_algorithms_client_to_server */
 	c2s_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
-	if (algo == NULL) {
+	if (c2s_comp_algo == NULL) {
 		erralgo = "comp c->s";
 		goto error;
 	}
 
 	/* compression_algorithms_server_to_client */
 	s2c_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
-	if (algo == NULL) {
+	if (s2c_comp_algo == NULL) {
 		erralgo = "comp s->c";
 		goto error;
 	}

common-session.c

@@ -35,6 +35,8 @@
 #include "channel.h"
 #include "atomicio.h"
 
+static void checktimeouts();
+static int ident_readln(int fd, char* buf, int count);
 
 struct sshsession ses; /* GLOBAL */
 
@@ -46,8 +48,6 @@ int sessinitdone = 0; /* GLOBAL */
 int exitflag = 0; /* GLOBAL */
 
 
-static void checktimeouts();
-static int ident_readln(int fd, char* buf, int count);
 
 /* called only at the start of a session, set up initial state */
 void common_session_init(int sock, char* remotehost) {
@@ -223,6 +223,7 @@ void session_identification() {
 	char linebuf[256];
 	int len = 0;
 	char done = 0;
+	int i;
 
 	/* write our version string, this blocks */
 	if (atomicio(write, ses.sock, LOCAL_IDENT "\r\n",
@@ -230,14 +231,27 @@ void session_identification() {
 		dropbear_exit("Error writing ident string");
 	}
 
-	len = ident_readln(ses.sock, linebuf, 256);
-	if (len >= 4 && memcmp(linebuf, "SSH-", 4) == 0) {
-		/* start of line matches */
-		done = 1;
+	/* We allow up to 9 lines before the actual version string, to
+	 * account for wrappers/cruft etc. According to the spec only the client
+	 * needs to handle this, but no harm in letting the server handle it too */
+	for (i = 0; i < 10; i++) {
+		len = ident_readln(ses.sock, linebuf, sizeof(linebuf));
+
+		if (len < 0 && errno != EINTR) {
+			/* It failed */
+			break;
+		}
+
+		if (len >= 4 && memcmp(linebuf, "SSH-", 4) == 0) {
+			/* start of line matches */
+			done = 1;
+			break;
+		}
 	}
 
 	if (!done) {
-		dropbear_exit("Failed to get client version");
+		TRACE(("err: %s for '%s'\n", strerror(errno), linebuf));
+		dropbear_exit("Failed to get remote version");
 	} else {
 		/* linebuf is already null terminated */
 		ses.remoteident = m_malloc(len);

compat.c

@@ -190,7 +190,7 @@ int daemon(int nochdir, int noclose) {
 
 #ifndef HAVE_BASENAME
 
-char *basename(char *path) {
+char *basename(const char *path) {
 
 	char *foo = strrchr(path, '/');
 	return ++foo;

configure.in

@@ -117,6 +117,43 @@ AC_ARG_ENABLE(zlib,
 	]
 )
 
+# Check if pam is needed
+AC_ARG_WITH(pam,
+	[  --with-pam=PATH        Use pam in PATH],
+	[
+		# option is given
+		if test -d "$withval/lib"; then
+			LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+		else
+			LDFLAGS="-L${withval} ${LDFLAGS}"
+		fi
+		if test -d "$withval/include"; then
+			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+		else
+			CPPFLAGS="-I${withval} ${CPPFLAGS}"
+		fi
+	]
+)
+
+
+AC_ARG_ENABLE(pam,
+	[  --enable-pam          Try to include PAM support],
+	[
+		if test "x$enableval" = "xyes"; then
+			AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***]))
+			AC_MSG_RESULT(Enabling PAM)
+		else
+			AC_DEFINE(DISABLE_PAM,, Use PAM)
+			AC_MSG_RESULT(Disabling PAM)
+		fi
+	],
+	[
+		# disable it by default
+		AC_DEFINE(DISABLE_PAM,, Use PAM)
+		AC_MSG_RESULT(Disabling PAM)
+	]
+)
+
 AC_ARG_ENABLE(openpty,
 	[  --disable-openpty       Don't use openpty, use alternative method],
 	[
@@ -169,7 +206,7 @@ AC_ARG_ENABLE(shadow,
 # Checks for header files.
 AC_HEADER_STDC
 AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS([fcntl.h limits.h netinet/in.h netinet/tcp.h stdlib.h string.h sys/socket.h sys/time.h termios.h unistd.h crypt.h pty.h ioctl.h libutil.h libgen.h inttypes.h stropts.h utmp.h utmpx.h lastlog.h paths.h util.h netdb.h])
+AC_CHECK_HEADERS([fcntl.h limits.h netinet/in.h netinet/tcp.h stdlib.h string.h sys/socket.h sys/time.h termios.h unistd.h crypt.h pty.h ioctl.h libutil.h libgen.h inttypes.h stropts.h utmp.h utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h pam/pam_appl.h])
 
 # Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST

dbmulti.c

@@ -44,7 +44,8 @@ int main(int argc, char ** argv) {
 		}
 #endif
 #ifdef DBMULTI_dbclient
-		if (strcmp(progname, "dbclient") == 0) {
+		if (strcmp(progname, "dbclient") == 0
+				|| strcmp(progname, "ssh") == 0) {
 			return cli_main(argc, argv);
 		}
 #endif
@@ -71,7 +72,7 @@ int main(int argc, char ** argv) {
 			"'dropbear' - the Dropbear server\n"
 #endif
 #ifdef DBMULTI_dbclient
-			"'dbclient' - the Dropbear client\n"
+			"'dbclient' or 'ssh' - the Dropbear client\n"
 #endif
 #ifdef DBMULTI_dropbearkey
 			"'dropbearkey' - the key generator\n"

dbutil.c

@@ -66,6 +66,10 @@ void (*_dropbear_exit)(int exitcode, const char* format, va_list param)
 void (*_dropbear_log)(int priority, const char* format, va_list param)
 						= generic_dropbear_log;
 
+#ifdef DEBUG_TRACE
+int debug_trace = 0;
+#endif
+
 int usingsyslog = 0; /* set by runopts, but required externally to sessions */
 #ifndef DISABLE_SYSLOG
 void startsyslog() {
@@ -107,7 +111,7 @@ static void generic_dropbear_exit(int exitcode, const char* format,
 	exit(exitcode);
 }
 
-static void generic_dropbear_log(int priority, const char* format, 
+static void generic_dropbear_log(int UNUSED(priority), const char* format, 
 		va_list param) {
 
 	char printbuf[1024];
@@ -134,6 +138,10 @@ void dropbear_trace(const char* format, ...) {
 
 	va_list param;
 
+	if (!debug_trace) {
+		return;
+	}
+
 	va_start(param, format);
 	fprintf(stderr, "TRACE: ");
 	vfprintf(stderr, format, param);
@@ -498,18 +506,17 @@ int buf_getline(buffer * line, FILE * authfile) {
 
 out:
 
-	buf_setpos(line, 0);
 
 	/* if we didn't read anything before EOF or error, exit */
 	if (c == EOF && line->pos == 0) {
-		TRACE(("leave getauthline: failure"));
+		TRACE(("leave buf_getline: failure"));
 		return DROPBEAR_FAILURE;
 	} else {
-		TRACE(("leave getauthline: success"));
+		TRACE(("leave buf_getline: success"));
+		buf_setpos(line, 0);
 		return DROPBEAR_SUCCESS;
 	}
 
-	TRACE(("leave buf_getline"));
 }	
 #endif
 
@@ -537,7 +544,7 @@ void * m_malloc(size_t size) {
 	if (size == 0) {
 		dropbear_exit("m_malloc failed");
 	}
-	ret = malloc(size);
+	ret = calloc(1, size);
 	if (ret == NULL) {
 		dropbear_exit("m_malloc failed");
 	}
@@ -587,3 +594,13 @@ void m_burn(void *data, unsigned int len) {
 	}
 }
 
+
+void setnonblocking(int fd) {
+
+	TRACE(("setnonblocking: %d", fd));
+
+	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
+		dropbear_exit("Couldn't set nonblocking");
+	}
+	TRACE(("leave setnonblocking"));
+}

dbutil.h

@@ -42,6 +42,7 @@ void dropbear_log(int priority, const char* format, ...);
 #ifdef DEBUG_TRACE
 void dropbear_trace(const char* format, ...);
 void printhex(unsigned char* buf, int len);
+extern int debug_trace;
 #endif
 char * stripcontrol(const char * text);
 unsigned char * getaddrstring(struct sockaddr_storage* addr, int withport);
@@ -60,6 +61,7 @@ void * m_realloc(void* ptr, size_t size);
 #define m_free(X) __m_free(X); (X) = NULL;
 void __m_free(void* ptr);
 void m_burn(void* data, unsigned int len);
+void setnonblocking(int fd);
 
 /* Used to force mp_ints to be initialised */
 #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}

debian/changelog

@@ -1,3 +1,21 @@
+dropbear (0.44test4-1) unstable; urgency=medium
+
+  * New upstream beta, various useful fixes.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Tues, 14 September 2004 21:20:00 +0800
+
+dropbear (0.44test3-1) unstable; urgency=medium
+
+  * New upstream beta, various useful fixes.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 27 August 2004 22:20:00 +0800
+
+dropbear (0.44test2-1) unstable; urgency=low
+
+  * New upstream beta, various minor fixes.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Tues, 17 August 2004 19:00:00 +0800
+
 dropbear (0.44test1-1) unstable; urgency=low
 
   * Upstream beta 0.44test1

debian/compat

@@ -1 +0,0 @@
-4

debian/dirs

@@ -1,2 +0,0 @@
-usr/bin
-usr/sbin

debian/docs

@@ -1,2 +0,0 @@
-README
-TODO

debian/postinst

@@ -1,90 +0,0 @@
-#! /bin/sh
-# postinst script for #PACKAGE#
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <postinst> `configure' <most-recently-configured-version>
-#        * <old-postinst> `abort-upgrade' <new version>
-#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-#          <new-version>
-#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-#          <failed-install-package> <version> `removing'
-#          <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-#
-# quoting from the policy:
-#     Any necessary prompting should almost always be confined to the
-#     post-installation script, and should be protected with a conditional
-#     so that unnecessary prompting doesn't happen if a package's
-#     installation fails and the `postinst' is called with `abort-upgrade',
-#     `abort-remove' or `abort-deconfigure'.
-
-case "$1" in
-    configure)
-        if [ ! -e /etc/dropbear/dropbear_rsa_host_key ]; then
-            if [ -f /etc/ssh/ssh_host_rsa_key ]; then
-                echo "Converting existing OpenSSH RSA host key to Dropbear format."
-                /usr/bin/dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key /etc/dropbear/dropbear_rsa_host_key
-            else
-                echo "Generating Dropbear RSA key. Please wait."
-                /usr/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
-            fi
-        fi
-        if [ ! -e /etc/dropbear/dropbear_dss_host_key ]; then
-            if [ -f /etc/ssh/ssh_host_dsa_key ]; then
-                echo "Converting existing OpenSSH RSA host key to Dropbear format."
-                /usr/bin/dropbearconvert openssh dropbear /etc/ssh/ssh_host_dsa_key /etc/dropbear/dropbear_dss_host_key
-            else
-                echo "Generating Dropbear DSS key. Please wait."
-                /usr/bin/dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
-            fi
-        fi
-        if [ ! -s /etc/default/dropbear ]; then 
-            # check whether OpenSSH seems to be installed.
-            if dpkg -l ssh >/dev/null 2>&1; then 
-                echo "OpenSSH appears to be installed. Setting /etc/default/dropbear"
-                echo "so that Dropbear will not start by default. Edit this file to change"
-                echo "this behaviour."
-                echo "# disabled because OpenSSH is installed, change to NO_START=0 to enable Dropbear" > /etc/default/dropbear
-                echo "NO_START=1" >> /etc/default/dropbear
-            fi
-            echo "# the TCP port that Dropbear listens on" >> /etc/default/dropbear
-            echo "DROPBEAR_PORT=22" >> /etc/default/dropbear
-            echo "# any additional arguments for Dropbear" >> /etc/default/dropbear
-            echo "DROPBEAR_EXTRA_ARGS=" >> /etc/default/dropbear
-			echo "# specify an optional banner file containing a message to be" >> /etc/default/dropbear
-			echo "# sent to clients before they connect, such as \"/etc/issue.net\"" >> /etc/default/dropbear
-			echo "DROPBEAR_BANNER=\"\"" >> /etc/default/dropbear
-			echo "# RSA hostkey file (default: /etc/dropbear/dropbear_rsa_host_key" >> /etc/default/dropbear
-			echo "#DROPBEAR_RSAKEY=\"/etc/dropbear/dropbear_rsa_host_key\"" >> /etc/default/dropbear
-			echo "# DSS hostkey file (default: /etc/dropbear/dropbear_dss_host_key" >> /etc/default/dropbear
-			echo "#DROPBEAR_DSSKEY=\"/etc/dropbear/dropbear_dss_host_key\"" >> /etc/default/dropbear
-        fi
-        if [ -e /etc/init.d/dropbear ]; then
-            update-rc.d dropbear defaults >/dev/null
-            /etc/init.d/dropbear restart
-        fi
-    ;;
-
-    abort-upgrade|abort-remove|abort-deconfigure)
-
-    ;;
-
-    *)
-        echo "postinst called with unknown argument \`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-
-
-exit 0
-
-

debian/postrm

@@ -1,45 +0,0 @@
-#! /bin/sh
-# postrm script for #PACKAGE#
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <postrm> `remove'
-#        * <postrm> `purge'
-#        * <old-postrm> `upgrade' <new-version>
-#        * <new-postrm> `failed-upgrade' <old-version>
-#        * <new-postrm> `abort-install'
-#        * <new-postrm> `abort-install' <old-version>
-#        * <new-postrm> `abort-upgrade' <old-version>
-#        * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
-       purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-        if [ "$1" = "purge" ]
-        then
-            if [ -e /etc/dropbear ]; then
-                rm -f /etc/dropbear/dropbear_rsa_host_key
-                rm -f /etc/dropbear/dropbear_dss_host_key
-                rmdir --ignore-fail-on-non-empty /etc/dropbear
-			fi
-            update-rc.d dropbear remove >/dev/null
-        fi
-        ;;
-
-    *)
-        echo "postrm called with unknown argument \`$1'" >&2
-        exit 1
-
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0

debug.h

@@ -33,9 +33,12 @@
  * etc. Don't use this normally, it might cause problems */
 /* #define DEBUG_VALGRIND */
 
-/* Define this to print trace statements - very verbose */
-/* Caution: Don't use this in an unfriendly environment (ie unfirewalled),
- * since the printing does not sanitise strings etc */
+/* Define this to compile in trace debugging printf()s. 
+ * You'll need to run programs with "-v" to turn this on.
+ *
+ * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
+ * since the printing may not sanitise strings etc. This will add a reasonable
+ * amount to your executable size. */
 /* #define DEBUG_TRACE */
 
 /* All functions writing to the cleartext payload buffer call
@@ -47,6 +50,7 @@
 /* Define this, compile with -pg and set GMON_OUT_PREFIX=gmon to get gmon
  * output when Dropbear forks. This will allow it gprof to be used.
  * It's useful to run dropbear -F, so you don't fork as much */
+/* (This is Linux specific) */
 /*#define DEBUG_FORKGPROF*/
 
 /* A couple of flags, not usually useful, and mightn't do anything */

dropbear.8

@@ -0,0 +1,81 @@
+.TH dropbear 8
+.SH NAME
+dropbear \- lightweight SSH2 server
+.SH SYNOPSIS
+.B dropbear
+[\-FEmwsgjki] [\-b
+.I banner\fR] [\-d
+.I dsskey\fR] [\-r
+.I rsakey\fR] [\-p
+.IR port ]
+.SH DESCRIPTION
+.B dropbear
+is a SSH 2 server designed to be small enough to be used in small memory
+environments, while still being functional and secure enough for general use.
+.SH OPTIONS
+.TP
+.B \-b \fIbanner
+bannerfile.
+Display the contents of the file
+.I banner
+before user login (default: none).
+.TP
+.B \-d \fIdsskey
+dsskeyfile.
+Use the contents of the file
+.I dsskey
+for the dss host key (default: /etc/dropbear/dropbear_dss_host_key).
+This file is generated with
+.BR dropbearkey (8).
+.TP
+.B \-r \fIrsakey
+rsakeyfile.
+Use the contents of the file
+.I rsakey
+for the rsa host key (default: /etc/dropbear/dropbear_rsa_host_key).
+This file is generated with
+.BR dropbearkey (8).
+.TP
+.B \-F
+Don't fork into background.
+.TP
+.B \-E
+Log to standard error rather than syslog.
+.TP
+.B \-m
+Don't display the message of the day on login.
+.TP
+.B \-w
+Disallow root logins.
+.TP
+.B \-s
+Disable password logins.
+.TP
+.B \-g
+Disable password logins for root.
+.TP
+.B \-j
+Disable local port forwarding.
+.TP
+.B \-k
+Disable remote port forwarding.
+.TP
+.B \-p \fIport
+Listen on specified tcp port
+.IR port ;
+up to 10 can be specified (default 22 if none specified).
+.TP
+.B \-i
+Service program mode.
+Use this option to run
+.B dropbear
+under TCP/IP servers like inetd, tcpsvd, or tcpserver.
+In program mode the \-F option is implied, and \-p options are ignored.
+.SH AUTHOR
+Matt Johnston (matt@ucc.asn.au).
+.br
+Gerrit Pape (pape@smarden.org) wrote this manual page.
+.SH SEE ALSO
+dropbearkey(8)
+.P
+http://matt.ucc.asn.au/dropbear/dropbear.html

dropbearconvert.c

@@ -47,10 +47,8 @@ static void printhelp(char * progname) {
 					"dropbear\n"
 					"\n"
 					"Example:\n"
-					"dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key /etc/dropbear_rsa_host_key\n"
-					"\n"
-					"The inputfile and outputfile can be '-' to specify\n"
-					"standard input or standard output.\n", progname);
+					"dropbearconvert openssh dropbear /etc/ssh/ssh_host_rsa_key /etc/dropbear_rsa_host_key\n",
+					progname);
 }
 
 #if defined(DBMULTI_dropbearconvert) || !defined(DROPBEAR_MULTI)
@@ -64,6 +62,11 @@ int main(int argc, char ** argv) {
 	const char* infile;
 	const char* outfile;
 
+#ifdef DEBUG_TRACE
+	/* It's hard for it to get in the way _too_ much */
+	debug_trace = 1;
+#endif
+
 	/* get the commandline options */
 	if (argc != 5) {
 		fprintf(stderr, "All arguments must be specified\n");

dropbearkey.8

@@ -0,0 +1,47 @@
+.TH dropbearkey 8
+.SH NAME
+dropbearkey \- create private keys for the use with dropbear(8)
+.SH SYNOPSIS
+.B dropbearkey
+\-t
+.I type
+\-f
+.I file
+[\-s
+.IR bits ]
+.SH DESCRIPTION
+.B dropbearkey
+generates a type
+.I rsa
+or
+.I dss
+SSH private key, and saves it to a file for the use with the
+.BR dropbear (8)
+SSH 2 server.
+.SH OPTIONS
+.TP
+.B \-t \fItype
+Type of key to generate.
+Must be one of
+.I rsa
+or
+.IR dss .
+.TP
+.B \-f \fIfile
+Write the secret key to the file
+.IR file .
+.TP
+.B \-s \fIbits
+Set the key size to
+.I bits
+bits, should be multiple of 8 (optional).
+.SH EXAMPLE
+ # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
+.SH AUTHOR
+Matt Johnston (matt@ucc.asn.au).
+.br
+Gerrit Pape (pape@smarden.org) wrote this manual page.
+.SH SEE ALSO
+dropbear(8)
+.P
+http://matt.ucc.asn.au/dropbear/dropbear.html

dropbearkey.c

@@ -75,8 +75,11 @@ static void printhelp(char * progname) {
 #endif
 					"-f filename	Use filename for the secret key\n"
 					"-s bits	Key size in bits, should be a multiple of 8 (optional)\n"
-					"-y		Just print the publickey and fingerprint for the\n		private key in <filename>.\n",
-					progname);
+					"-y		Just print the publickey and fingerprint for the\n		private key in <filename>.\n"
+#ifdef DEBUG_TRACE
+					"-v		verbose\n"
+#endif
+					,progname);
 }
 
 #if defined(DBMULTI_dropbearkey) || !defined(DROPBEAR_MULTI)
@@ -127,6 +130,11 @@ int main(int argc, char ** argv) {
 					printhelp(argv[0]);
 					exit(EXIT_SUCCESS);
 					break;
+#ifdef DEBUG_TRACE
+				case 'v':
+					debug_trace = 1;
+					break;
+#endif
 				default:
 					fprintf(stderr, "Unknown argument %s\n", argv[i]);
 					printhelp(argv[0]);

dss.c

@@ -164,7 +164,10 @@ int buf_dss_verify(buffer* buf, dss_key *key, const unsigned char* data,
 	unsigned char msghash[SHA1_HASH_SIZE];
 	hash_state hs;
 	int ret = DROPBEAR_FAILURE;
-	mp_int val1, val2, val3, val4;
+	DEF_MP_INT(val1);
+	DEF_MP_INT(val2);
+	DEF_MP_INT(val3);
+	DEF_MP_INT(val4);
 	char * string = NULL;
 	int stringlen;
 
@@ -281,13 +284,16 @@ void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data,
 	unsigned char privkeyhash[SHA512_HASH_SIZE];
 	unsigned char *privkeytmp;
 	unsigned char proto_k[SHA512_HASH_SIZE];
-	mp_int dss_protok;
+	DEF_MP_INT(dss_protok);
 #else
 	unsigned char kbuf[SHA1_HASH_SIZE];
 #endif
-	mp_int dss_k, dss_m;
-	mp_int dss_temp1, dss_temp2;
-	mp_int dss_r, dss_s;
+	DEF_MP_INT(dss_k);
+	DEF_MP_INT(dss_m);
+	DEF_MP_INT(dss_temp1);
+	DEF_MP_INT(dss_temp2);
+	DEF_MP_INT(dss_r);
+	DEF_MP_INT(dss_s);
 	hash_state hs;
 	
 	TRACE(("enter buf_put_dss_sign"));

gendss.c

@@ -33,6 +33,8 @@
 
 #define QSIZE 20 /* 160 bit */
 
+/* This is just a test */
+
 #ifdef DROPBEAR_DSS
 
 static void getq(dss_key *key);
@@ -89,7 +91,10 @@ static void getq(dss_key *key) {
 
 static void getp(dss_key *key, unsigned int size) {
 
-	mp_int tempX, tempC, tempP, temp2q;
+	DEF_MP_INT(tempX);
+	DEF_MP_INT(tempC);
+	DEF_MP_INT(tempP);
+	DEF_MP_INT(temp2q);
 	int result;
 	unsigned char *buf;
 
@@ -147,8 +152,9 @@ static void getp(dss_key *key, unsigned int size) {
 
 static void getg(dss_key * key) {
 
-	char printbuf[1000];
-	mp_int div, h, val;
+	DEF_MP_INT(div);
+	DEF_MP_INT(h);
+	DEF_MP_INT(val);
 
 	m_mp_init_multi(&div, &h, &val, NULL);
 
@@ -178,14 +184,12 @@ static void getg(dss_key * key) {
 	
 	} while (mp_cmp_d(key->g, 1) != MP_GT);
 
-	mp_toradix(key->g, printbuf, 10);
-
 	mp_clear_multi(&div, &h, &val, NULL);
 }
 
 static void getx(dss_key *key) {
 
-	mp_int val;
+	DEF_MP_INT(val);
 	char buf[QSIZE];
 	
 	m_mp_init(&val);

genrsa.c

@@ -40,7 +40,9 @@ static void getrsaprime(mp_int* prime, mp_int *primeminus,
 rsa_key * gen_rsa_priv_key(unsigned int size) {
 
 	rsa_key * key;
-	mp_int pminus, qminus, lcm;
+	DEF_MP_INT(pminus);
+	DEF_MP_INT(qminus);
+	DEF_MP_INT(lcm);
 
 	key = (rsa_key*)m_malloc(sizeof(rsa_key));
 
@@ -95,7 +97,7 @@ static void getrsaprime(mp_int* prime, mp_int *primeminus,
 		mp_int* rsa_e, unsigned int size) {
 
 	unsigned char *buf;
-	mp_int temp_gcd;
+	DEF_MP_INT(temp_gcd);
 
 	buf = (unsigned char*)m_malloc(size+1);
 

includes.h

@@ -128,4 +128,14 @@ typedef u_int16_t uint16_t;
 #define LOG_AUTHPRIV LOG_AUTH
 #endif
 
+/* so we can avoid warnings about unused params (ie in signal handlers etc) */
+#ifdef UNUSED 
+#elif defined(__GNUC__) 
+# define UNUSED(x) UNUSED_ ## x __attribute__((unused)) 
+#elif defined(__LCLINT__) 
+# define UNUSED(x) /*@unused@*/ x 
+#else 
+# define UNUSED(x) x 
+#endif
+
 #endif /* _INCLUDES_H_ */

keyimport.c

@@ -108,13 +108,10 @@ int import_write(const char *filename, sign_key *key, char *passphrase,
 static sign_key *dropbear_read(const char* filename) {
 
 	buffer * buf = NULL;
-	int len, maxlen;
-	FILE *fp = NULL;
 	sign_key *ret = NULL;
 	int type;
 
 	buf = buf_new(MAX_PRIVKEY_SIZE);
-	/* buf_readfile knows about "-" */
 	if (buf_readfile(buf, filename) == DROPBEAR_FAILURE) {
 		goto error;
 	}
@@ -163,11 +160,7 @@ static int dropbear_write(const char*filename, sign_key * key) {
 	buf = buf_new(MAX_PRIVKEY_SIZE);
 	buf_put_priv_key(buf, key, keytype);
 
-	if (strlen(filename) == 1 && filename[0] == '-') {
-		fp = stdout;
-	} else {
-		fp = fopen(filename, "w");
-	}
+	fp = fopen(filename, "w");
 	if (!fp) {
 		ret = 0;
 		goto out;

options.h

@@ -1,26 +1,6 @@
-/*
- * Dropbear - a SSH2 server
- * 
+/* Dropbear SSH
  * Copyright (c) 2002,2003 Matt Johnston
- * All rights reserved.
- * 
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- * 
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- * 
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- * SOFTWARE. */
+ * All rights reserved. See LICENSE for the license. */
 
 #ifndef _OPTIONS_H_
 #define _OPTIONS_H_
@@ -30,8 +10,8 @@
  * parts are to allow for commandline -DDROPBEAR_XXX options etc.
  ******************************************************************/
 
-#ifndef DROPBEAR_PORT
-#define DROPBEAR_PORT 22
+#ifndef DROPBEAR_DEFPORT
+#define DROPBEAR_DEFPORT "22"
 #endif
 
 /* Default hostkey paths - these can be specified on the command line */
@@ -130,16 +110,26 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #define MOTD_FILENAME "/etc/motd"
 #endif
 
-/* Authentication types to enable, at least one required.
+/* Authentication Types - at least one required.
    RFC Draft requires pubkey auth, and recommends password */
+
+/* PAM auth is quite simple, and only works for PAM modules which just do a
+ * simple "Login: " "Password: " (or something like that - if your module is
+ * similar but not quite like that, edit the strings in svr-authpam.c).
+ * Basically, it's useful for systems like OS X where standard password crypts
+ * don't work, but there's and interface via a PAM module. You'll need to
+ * configure with --enable-pam as well, since it's off by default. And you
+ * should only enable either PASSWORD _or_ PAM auth, not both. */
+
 #define ENABLE_SVR_PASSWORD_AUTH
+/*#define ENABLE_SVR_PAM_AUTH*/
 #define ENABLE_SVR_PUBKEY_AUTH
 
 #define ENABLE_CLI_PASSWORD_AUTH
 #define ENABLE_CLI_PUBKEY_AUTH
 
 /* Random device to use - you must specify _one only_.
- * DEV_RANDOM is recommended on hosts with a good /dev/urandom, otherwise use
+ * DEV_URANDOM is recommended on hosts with a good /dev/urandom, otherwise use
  * PRNGD and run prngd, specifying the socket. This device must be able to
  * produce a large amount of random data, so using /dev/random or Entropy
  * Gathering Daemon (egd) may result in halting, as it waits for more random
@@ -193,7 +183,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  *******************************************************************/
 
 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "0.44test1"
+#define DROPBEAR_VERSION "0.44test4"
 #endif
 
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
@@ -342,6 +332,10 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
 #endif
 
+#if defined(ENABLE_SVR_PASSWORD_AUTH) && defined(ENABLE_SVR_PAM_AUTH)
+#error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
+#endif
+
 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
  * code, if we're just compiling as client or server */
 #if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT)

rsa.c

@@ -201,7 +201,8 @@ int buf_rsa_verify(buffer * buf, rsa_key *key, const unsigned char* data,
 		unsigned int len) {
 
 	unsigned int slen;
-	mp_int rsa_s, rsa_mdash;
+	DEF_MP_INT(rsa_s);
+	DEF_MP_INT(rsa_mdash);
 	mp_int *rsa_em = NULL;
 	int ret = DROPBEAR_FAILURE;
 
@@ -262,7 +263,7 @@ void buf_put_rsa_sign(buffer* buf, rsa_key *key, const unsigned char* data,
 
 	unsigned int nsize, ssize;
 	unsigned int i;
-	mp_int rsa_s;
+	DEF_MP_INT(rsa_s);
 	mp_int *rsa_em = NULL;
 	
 	TRACE(("enter buf_put_rsa_sign"));

runopts.h

@@ -52,7 +52,7 @@ typedef struct svr_runopts {
 	int usingsyslog;
 
 	/* ports is an array of the portcount listening ports */
-	uint16_t *ports;
+	char *ports[DROPBEAR_MAX_PORTS];
 	unsigned int portcount;
 
 	int inetdmode;
@@ -81,6 +81,7 @@ typedef struct svr_runopts {
 extern svr_runopts svr_opts;
 
 void svr_getopts(int argc, char ** argv);
+void loadhostkeys();
 
 /* Uncompleted XXX matt */
 typedef struct cli_runopts {

scp.c

@@ -178,8 +178,10 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout, int argc)
 		close(pout[1]);
 
 		args.list[0] = ssh_program;
-		if (remuser != NULL)
-			addargs(&args, "-l%s", remuser);
+		if (remuser != NULL) {
+			addargs(&args, "-l");
+			addargs(&args, "%s", remuser);
+		}
 		addargs(&args, "%s", host);
 		addargs(&args, "%s", cmd);
 

session.h

@@ -43,7 +43,6 @@ extern int exitflag;
 void common_session_init(int sock, char* remotehost);
 void session_loop(void(*loophandler)());
 void common_session_cleanup();
-void checktimeouts();
 void session_identification();
 
 
@@ -54,8 +53,6 @@ void svr_dropbear_log(int priority, const char* format, va_list param);
 
 /* Client */
 void cli_session(int sock, char *remotehost);
-void cli_dropbear_exit(int exitcode, const char* format, va_list param);
-void cli_dropbear_log(int priority, const char* format, va_list param);
 void cli_session_cleanup();
 void cleantext(unsigned char* dirtytext);
 
@@ -212,12 +209,16 @@ struct clientsession {
 
 	int tty_raw_mode; /* Whether we're in raw mode (and have to clean up) */
 	struct termios saved_tio;
+	int stdincopy;
+	int stdinflags;
 
 	int winchange; /* Set to 1 when a windowchange signal happens */
 
 	int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD,
 						 for the last type of auth we tried */
 	struct PubkeyList *lastpubkey;
+
+	int retval; /* What the command exit status was - we emulate it */
 #if 0
 	TODO
 	struct AgentkeyList *agentkeys; /* Keys to use for public-key auth */

signkey.c

@@ -153,6 +153,7 @@ int buf_get_priv_key(buffer *buf, sign_key *key, int *type) {
 	m_free(ident);
 
 	if (*type != DROPBEAR_SIGNKEY_ANY && *type != keytype) {
+		TRACE(("wrong key type: %d %d", *type, keytype));
 		return DROPBEAR_FAILURE;
 	}
 

svr-agentfwd.c

@@ -73,9 +73,7 @@ int agentreq(struct ChanSess * chansess) {
 	}
 
 	/* set non-blocking */
-	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
-		goto fail;
-	}
+	setnonblocking(fd);
 
 	/* pass if off to listener */
 	chansess->agentlistener = new_listener( &fd, 1, 0, chansess, 
@@ -97,7 +95,7 @@ fail:
 /* accepts a connection on the forwarded socket and opens a new channel for it
  * back to the client */
 /* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-static void agentaccept(struct Listener * listener, int sock) {
+static void agentaccept(struct Listener *UNUSED(listener), int sock) {
 
 	int fd;
 

svr-auth.c

@@ -55,7 +55,7 @@ static void authclear() {
 #ifdef ENABLE_SVR_PUBKEY_AUTH
 	ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
 #endif
-#ifdef ENABLE_SVR_PASSWORD_AUTH
+#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
 	if (!svr_opts.noauthpass) {
 		ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
 	}
@@ -154,6 +154,19 @@ void recv_msg_userauth_request() {
 	}
 #endif
 
+#ifdef ENABLE_SVR_PAM_AUTH
+	if (!svr_opts.noauthpass &&
+			!(svr_opts.norootpass && ses.authstate.pw->pw_uid == 0) ) {
+		/* user wants to try password auth */
+		if (methodlen == AUTH_METHOD_PASSWORD_LEN &&
+				strncmp(methodname, AUTH_METHOD_PASSWORD,
+					AUTH_METHOD_PASSWORD_LEN) == 0) {
+			svr_auth_pam();
+			goto out;
+		}
+	}
+#endif
+
 #ifdef ENABLE_SVR_PUBKEY_AUTH
 	/* user wants to try pubkey auth */
 	if (methodlen == AUTH_METHOD_PUBKEY_LEN &&
@@ -340,6 +353,8 @@ void send_msg_userauth_success() {
 	encrypt_packet();
 
 	ses.authstate.authdone = 1;
+	ses.connecttimeout = 0;
+
 
 	if (ses.authstate.pw->pw_uid == 0) {
 		ses.allowprivport = 1;

svr-authpam.c

@@ -0,0 +1,223 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2004 Martin Carlsson
+ * Portions (c) 2004 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+/* Validates a user password using PAM */
+
+#include "includes.h"
+#include "session.h"
+#include "buffer.h"
+#include "dbutil.h"
+#include "auth.h"
+
+#if defined(HAVE_SECURITY_PAM_APPL_H)
+#include <security/pam_appl.h>
+#elif defined (HAVE_PAM_PAM_APPL_H)
+#include <pam/pam_appl.h>
+#endif
+
+#ifdef ENABLE_SVR_PAM_AUTH
+
+struct UserDataS {
+	char* user;
+	char* passwd;
+};
+
+/* PAM conversation function - for now we only handle one message */
+int 
+pamConvFunc(int num_msg, 
+		const struct pam_message **msg,
+		struct pam_response **respp, 
+		void *appdata_ptr) {
+
+	int rc = PAM_SUCCESS;
+	struct pam_response* resp = NULL;
+	struct UserDataS* userDatap = (struct UserDataS*) appdata_ptr;
+
+	const char* message = (*msg)->msg;
+
+	TRACE(("enter pamConvFunc"));
+
+	if (num_msg != 1) {
+		/* If you're getting here - Dropbear probably can't support your pam
+		 * modules. This whole file is a bit of a hack around lack of
+		 * asynchronocity in PAM anyway */
+		dropbear_log(LOG_INFO, "pamConvFunc() called with >1 messages: not supported.");
+		return PAM_CONV_ERR;
+	}
+	
+	TRACE(("msg_style is %d", (*msg)->msg_style));
+	if (message) {
+		TRACE(("message is '%s'", message));
+	} else {
+		TRACE(("null message"));
+	}
+
+	switch((*msg)->msg_style) {
+
+		case PAM_PROMPT_ECHO_OFF:
+
+			if (strcmp(message, "Password:") != 0) {
+					TRACE(("PAM_PROMPT_ECHO_OFF: unrecognized prompt"));
+					rc = PAM_CONV_ERR;
+					break;
+			}
+
+			/* This looks leaky, but the PAM module-writer docs
+			 * assure us that the caller will free it... */
+			resp = (struct pam_response*) m_malloc(sizeof(struct pam_response));
+			memset(resp, 0, sizeof(struct pam_response));
+
+			/* Safe to just use the direct pointer (no strdup) since
+			 * it shouldn't be getting munged at all */
+			resp->resp = userDatap->passwd;
+			(*respp) = resp;
+			break;
+
+
+		case PAM_PROMPT_ECHO_ON:
+
+			if ((strcmp(message, "login: " ) != 0) 
+					&& (strcmp(message, "login:" ) != 0)
+					&& (strcmp(message, "Please enter username: " ) != 0)) {
+				TRACE(("PAM_PROMPT_ECHO_ON: unrecognized prompt"));
+				rc = PAM_CONV_ERR;
+				break;
+			}
+
+			/* This looks leaky, but the PAM module-writer docs
+			 * assure us that the caller will free it... */
+			resp = (struct pam_response*) m_malloc(sizeof(struct pam_response));
+			memset(resp, 0, sizeof(struct pam_response));
+
+			/* Safe to just use the direct pointer (no strdup) since
+			 * it shouldn't be getting munged at all */
+			resp->resp = userDatap->user;
+			TRACE(("userDatap->user='%s'", userDatap->user));
+			(*respp) = resp;
+			break;
+
+		default:
+			TRACE(("Unknown message type"));
+			rc = PAM_CONV_ERR;
+			break;      
+	}
+
+	TRACE(("leave pamConvFunc, rc %d", rc));
+
+	return rc;
+}
+
+/* Process a password auth request, sending success or failure messages as
+ * appropriate. To the client it looks like it's doing normal password auth (as
+ * opposed to keyboard-interactive or something), so the pam module has to be
+ * fairly standard (ie just "what's your username, what's your password, OK").
+ *
+ * Keyboard interactive would be a lot nicer, but since PAM is synchronous, it
+ * gets very messy trying to send the interactive challenges, and read the
+ * interactive responses, over the network. */
+void svr_auth_pam() {
+
+	struct UserDataS userData;
+	struct pam_conv pamConv = {
+		pamConvFunc,
+		&userData /* submitted to pamvConvFunc as appdata_ptr */ 
+	};
+
+	pam_handle_t* pamHandlep = NULL;
+
+	unsigned char * password = NULL;
+	unsigned int passwordlen;
+
+	int rc = PAM_SUCCESS;
+	unsigned char changepw;
+
+	/* check if client wants to change password */
+	changepw = buf_getbyte(ses.payload);
+	if (changepw) {
+		/* not implemented by this server */
+		send_msg_userauth_failure(0, 1);
+		goto cleanup;
+	}
+
+	password = buf_getstring(ses.payload, &passwordlen);
+
+	/* used to pass data to the PAM conversation function */
+	userData.user = ses.authstate.printableuser;
+	userData.passwd = password;
+
+	/* Init pam */
+	if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) {
+		dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s\n", 
+				rc, pam_strerror(pamHandlep, rc));
+		goto cleanup;
+	}
+
+	/* just to set it to something */
+	if ((rc = pam_set_item(pamHandlep, PAM_TTY, "ssh") != PAM_SUCCESS)) {
+		dropbear_log(LOG_WARNING, "pam_set_item() failed, rc=%d, %s\n", 
+				rc, pam_strerror(pamHandlep, rc));
+		goto cleanup;
+	}
+
+	(void) pam_fail_delay(pamHandlep, 0 /* musec_delay */);
+
+	/* (void) pam_set_item(pamHandlep, PAM_FAIL_DELAY, (void*) pamDelayFunc); */
+
+	if ((rc = pam_authenticate(pamHandlep, 0)) != PAM_SUCCESS) {
+		dropbear_log(LOG_WARNING, "pam_authenticate() failed, rc=%d, %s\n", 
+				rc, pam_strerror(pamHandlep, rc));
+		dropbear_log(LOG_WARNING,
+				"bad pam password attempt for '%s'",
+				ses.authstate.printableuser);
+		send_msg_userauth_failure(0, 1);
+		goto cleanup;
+	}
+
+	if ((rc = pam_acct_mgmt(pamHandlep, 0)) != PAM_SUCCESS) {
+		dropbear_log(LOG_WARNING, "pam_acct_mgmt() failed, rc=%d, %s\n", 
+				rc, pam_strerror(pamHandlep, rc));
+		dropbear_log(LOG_WARNING,
+				"bad pam password attempt for '%s'",
+				ses.authstate.printableuser);
+		send_msg_userauth_failure(0, 1);
+		goto cleanup;
+	}
+
+	/* successful authentication */
+	dropbear_log(LOG_NOTICE, "pam password auth succeeded for '%s'",
+			ses.authstate.printableuser);
+	send_msg_userauth_success();
+
+cleanup:
+	if (password != NULL) {
+		m_burn(password, passwordlen);
+		m_free(password);
+	}
+	if (pamHandlep != NULL) {
+		(void) pam_end(pamHandlep, 0 /* pam_status */);
+	}
+}
+
+#endif /* ENABLE_SVR_PAM_AUTH */

svr-authpasswd.c

@@ -80,10 +80,6 @@ void svr_auth_password() {
 
 	password = buf_getstring(ses.payload, &passwordlen);
 
-	/* clear the buffer containing the password */
-	buf_incrpos(ses.payload, -passwordlen - 4);
-	m_burn(buf_getptr(ses.payload, passwordlen + 4), passwordlen + 4);
-
 	/* the first bytes of passwdcrypt are the salt */
 	testcrypt = crypt((char*)password, passwdcrypt);
 	m_burn(password, passwordlen);

svr-chansession.c

@@ -55,6 +55,10 @@ static int newchansess(struct Channel *channel);
 static void chansessionrequest(struct Channel *channel);
 
 static void send_exitsignalstatus(struct Channel *channel);
+static void send_msg_chansess_exitstatus(struct Channel * channel,
+		struct ChanSess * chansess);
+static void send_msg_chansess_exitsignal(struct Channel * channel,
+		struct ChanSess * chansess);
 static int sesscheckclose(struct Channel *channel);
 static void get_termmodes(struct ChanSess *chansess);
 
@@ -68,7 +72,7 @@ static int sesscheckclose(struct Channel *channel) {
 }
 
 /* handler for childs exiting, store the state for return to the client */
-static void sesssigchild_handler(int dummy) {
+static void sesssigchild_handler(int UNUSED(dummy)) {
 
 	int status;
 	pid_t pid;
@@ -78,7 +82,6 @@ static void sesssigchild_handler(int dummy) {
 
 	TRACE(("enter sigchld handler"));
 	while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
-
 		/* find the corresponding chansess */
 		for (i = 0; i < svr_ses.childpidsize; i++) {
 			if (svr_ses.childpids[i].pid == pid) {
@@ -90,8 +93,10 @@ static void sesssigchild_handler(int dummy) {
 				}
 				if (WIFSIGNALED(status)) {
 					chansess->exitsignal = WTERMSIG(status);
-#ifndef AIX
+#if !defined(AIX) && defined(WCOREDUMP)
 					chansess->exitcore = WCOREDUMP(status);
+#else
+					chansess->exitcore = 0;
 #endif
 				} else {
 					/* we use this to determine how pid exited */
@@ -497,7 +502,9 @@ static int sessionpty(struct ChanSess * chansess) {
 	}
 
 	/* allocate the pty */
-	assert(chansess->master == -1); /* haven't already got one */
+	if (chansess->master != -1) {
+		dropbear_exit("multiple pty requests");
+	}
 	if (pty_allocate(&chansess->master, &chansess->slave, namebuf, 64) == 0) {
 		TRACE(("leave sessionpty: failed to allocate pty"));
 		return DROPBEAR_FAILURE;
@@ -628,7 +635,10 @@ static int noptycommand(struct Channel *channel, struct ChanSess *chansess) {
 		TRACE(("continue noptycommand: parent"));
 		chansess->pid = pid;
 
-		/* add a child pid */
+		/* add a child pid - Beware: there's a race between this, and the
+		 * exec() called from the child. If the child finishes before we've
+		 * done this (ie if it was a shell builtin and fast), we won't return a
+		 * proper return code. For now, we ignore this case. */
 		addchildpid(chansess, pid);
 
 		close(infds[FDIN]);
@@ -641,11 +651,10 @@ static int noptycommand(struct Channel *channel, struct ChanSess *chansess) {
 		ses.maxfd = MAX(ses.maxfd, channel->outfd);
 		ses.maxfd = MAX(ses.maxfd, channel->errfd);
 
-		if ((fcntl(channel->outfd, F_SETFL, O_NONBLOCK) < 0) ||
-			(fcntl(channel->infd, F_SETFL, O_NONBLOCK) < 0) ||
-			(fcntl(channel->errfd, F_SETFL, O_NONBLOCK) < 0)) {
-			dropbear_exit("Couldn't set nonblocking");
-		}
+		setnonblocking(channel->outfd);
+		setnonblocking(channel->infd);
+		setnonblocking(channel->errfd);
+
 	}
 #undef FDIN
 #undef FDOUT
@@ -751,9 +760,7 @@ static int ptycommand(struct Channel *channel, struct ChanSess *chansess) {
 		/* don't need to set stderr here */
 		ses.maxfd = MAX(ses.maxfd, chansess->master);
 
-		if (fcntl(chansess->master, F_SETFL, O_NONBLOCK) < 0) {
-			dropbear_exit("Couldn't set nonblocking");
-		}
+		setnonblocking(chansess->master);
 
 	}
 

svr-kex.c

@@ -44,7 +44,7 @@ static void send_msg_kexdh_reply(mp_int *dh_e);
  * that function, then brings the new keys into use */
 void recv_msg_kexdh_init() {
 
-	mp_int dh_e;
+	DEF_MP_INT(dh_e);
 
 	TRACE(("enter recv_msg_kexdh_init"));
 	if (!ses.kexstate.recvkexinit) {
@@ -71,9 +71,11 @@ void recv_msg_kexdh_init() {
  * See the ietf-secsh-transport draft, section 6, for details */
 static void send_msg_kexdh_reply(mp_int *dh_e) {
 
-	mp_int dh_y, dh_f;
+	DEF_MP_INT(dh_y);
+	DEF_MP_INT(dh_f);
 
 	TRACE(("enter send_msg_kexdh_reply"));
+	m_mp_init_multi(&dh_y, &dh_f, NULL);
 	
 	gen_kexdh_vals(&dh_f, &dh_y);
 

svr-main.c

@@ -123,7 +123,6 @@ void main_noinetd() {
 	pid_t childpid;
 	int childpipe[2];
 
-	struct sigaction sa_chld;
 	/* fork */
 	if (svr_opts.forkbg) {
 		int closefds = 0;
@@ -139,6 +138,7 @@ void main_noinetd() {
 
 	commonsetup();
 
+
 	/* should be done after syslog is working */
 	if (svr_opts.forkbg) {
 		dropbear_log(LOG_INFO, "Running in background");
@@ -299,7 +299,7 @@ void main_noinetd() {
 
 
 /* catch + reap zombie children */
-static void sigchld_handler(int fish) {
+static void sigchld_handler(int UNUSED(unused)) {
 	struct sigaction sa_chld;
 
 	while(waitpid(-1, NULL, WNOHANG) > 0); 
@@ -312,14 +312,14 @@ static void sigchld_handler(int fish) {
 }
 
 /* catch any segvs */
-static void sigsegv_handler(int fish) {
+static void sigsegv_handler(int UNUSED(unused)) {
 	fprintf(stderr, "Aiee, segfault! You should probably report "
 			"this as a bug to the developer\n");
 	exit(EXIT_FAILURE);
 }
 
 /* catch ctrl-c or sigterm */
-static void sigintterm_handler(int fish) {
+static void sigintterm_handler(int UNUSED(unused)) {
 
 	exitflag = 1;
 }
@@ -352,27 +352,33 @@ static void commonsetup() {
 	if (signal(SIGSEGV, sigsegv_handler) == SIG_ERR) {
 		dropbear_exit("signal() error");
 	}
+
+	/* Now we can setup the hostkeys - needs to be after logging is on,
+	 * otherwise we might end up blatting error messages to the socket */
+	loadhostkeys();
 }
 
 /* Set up listening sockets for all the requested ports */
 static int listensockets(int *sock, int sockcount, int *maxfd) {
 	
 	unsigned int i;
-	char portstring[NI_MAXSERV];
 	char* errstring = NULL;
 	unsigned int sockpos = 0;
 	int nsock;
 
+	TRACE(("listensockets: %d to try\n", svr_opts.portcount));
+
 	for (i = 0; i < svr_opts.portcount; i++) {
 
-		snprintf(portstring, sizeof(portstring), "%d", svr_opts.ports[i]);
-		nsock = dropbear_listen(NULL, portstring, &sock[sockpos], 
+		TRACE(("listening on '%s'", svr_opts.ports[i]));
+
+		nsock = dropbear_listen(NULL, svr_opts.ports[i], &sock[sockpos], 
 				sockcount - sockpos,
 				&errstring, maxfd);
 
 		if (nsock < 0) {
-			dropbear_log(LOG_WARNING, "Failed listening on port %s: %s", 
-							portstring, errstring);
+			dropbear_log(LOG_WARNING, "Failed listening on '%s': %s", 
+							svr_opts.ports[i], errstring);
 			m_free(errstring);
 			continue;
 		}

svr-runopts.c

@@ -31,8 +31,6 @@
 
 svr_runopts svr_opts; /* GLOBAL */
 
-static sign_key * loadhostkeys(const char * dsskeyfile,
-		const char * rsakeyfile);
 static void printhelp(const char * progname);
 
 static void printhelp(const char * progname) {
@@ -61,7 +59,7 @@ static void printhelp(const char * progname) {
 					"-m		Don't display the motd on login\n"
 #endif
 					"-w		Disallow root logins\n"
-#ifdef ENABLE_SVR_PASSWORD_AUTH
+#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
 					"-s		Disable password logins\n"
 					"-g		Disable password logins for root\n"
 #endif
@@ -72,9 +70,12 @@ static void printhelp(const char * progname) {
 					"-k		Disable remote port forwarding\n"
 #endif
 					"-p port	Listen on specified tcp port, up to %d can be specified\n"
-					"		(default %d if none specified)\n"
+					"		(default %s if none specified)\n"
 #ifdef INETD_MODE
 					"-i		Start for inetd\n"
+#endif
+#ifdef DEBUG_TRACE
+					"-v		verbose\n"
 #endif
 					,DROPBEAR_VERSION, progname,
 #ifdef DROPBEAR_DSS
@@ -83,16 +84,13 @@ static void printhelp(const char * progname) {
 #ifdef DROPBEAR_RSA
 					RSA_PRIV_FILENAME,
 #endif
-					DROPBEAR_MAX_PORTS, DROPBEAR_PORT);
+					DROPBEAR_MAX_PORTS, DROPBEAR_DEFPORT);
 }
 
 void svr_getopts(int argc, char ** argv) {
 
 	unsigned int i;
 	char ** next = 0;
-	unsigned int portnum = 0;
-	char *portstring[DROPBEAR_MAX_PORTS];
-	unsigned int longport;
 
 	/* see printhelp() for options */
 	svr_opts.rsakeyfile = NULL;
@@ -104,6 +102,8 @@ void svr_getopts(int argc, char ** argv) {
 	svr_opts.noauthpass = 0;
 	svr_opts.norootpass = 0;
 	svr_opts.inetdmode = 0;
+	svr_opts.portcount = 0;
+	svr_opts.hostkey = NULL;
 	opts.nolocaltcp = 0;
 	opts.noremotetcp = 0;
 	/* not yet
@@ -166,10 +166,12 @@ void svr_getopts(int argc, char ** argv) {
 					break;
 #endif
 				case 'p':
-					if (portnum < DROPBEAR_MAX_PORTS) {
-						portstring[portnum] = NULL;
-						next = &portstring[portnum];
-						portnum++;
+					if (svr_opts.portcount < DROPBEAR_MAX_PORTS) {
+						svr_opts.ports[svr_opts.portcount] = NULL;
+						next = &svr_opts.ports[svr_opts.portcount];
+						/* Note: if it doesn't actually get set, we'll
+						 * decrement it after the loop */
+						svr_opts.portcount++;
 					}
 					break;
 #ifdef DO_MOTD
@@ -181,7 +183,7 @@ void svr_getopts(int argc, char ** argv) {
 				case 'w':
 					svr_opts.norootlogin = 1;
 					break;
-#ifdef ENABLE_SVR_PASSWORD_AUTH
+#if defined(ENABLE_SVR_PASSWORD_AUTH) || defined(ENABLE_SVR_PAM_AUTH)
 				case 's':
 					svr_opts.noauthpass = 1;
 					break;
@@ -193,14 +195,11 @@ void svr_getopts(int argc, char ** argv) {
 					printhelp(argv[0]);
 					exit(EXIT_FAILURE);
 					break;
-					/*
-				case '4':
-					svr_opts.ipv4 = 0;
+#ifdef DEBUG_TRACE
+				case 'v':
+					debug_trace = 1;
 					break;
-				case '6':
-					svr_opts.ipv6 = 0;
-					break;
-					*/
+#endif
 				default:
 					fprintf(stderr, "Unknown argument %s\n", argv[i]);
 					printhelp(argv[0]);
@@ -210,13 +209,24 @@ void svr_getopts(int argc, char ** argv) {
 		}
 	}
 
+	/* Set up listening ports */
+	if (svr_opts.portcount == 0) {
+		svr_opts.ports[0] = m_strdup(DROPBEAR_DEFPORT);
+		svr_opts.portcount = 1;
+	} else {
+		/* we may have been given a -p option but no argument to go with
+		 * it */
+		if (svr_opts.ports[svr_opts.portcount-1] == NULL) {
+			svr_opts.portcount--;
+		}
+	}
+
 	if (svr_opts.dsskeyfile == NULL) {
 		svr_opts.dsskeyfile = DSS_PRIV_FILENAME;
 	}
 	if (svr_opts.rsakeyfile == NULL) {
 		svr_opts.rsakeyfile = RSA_PRIV_FILENAME;
 	}
-	svr_opts.hostkey = loadhostkeys(svr_opts.dsskeyfile, svr_opts.rsakeyfile);
 
 	if (svr_opts.bannerfile) {
 		struct stat buf;
@@ -238,35 +248,6 @@ void svr_getopts(int argc, char ** argv) {
 		buf_setpos(svr_opts.banner, 0);
 	}
 
-	/* not yet
-	if (!(svr_opts.ipv4 || svr_opts.ipv6)) {
-		fprintf(stderr, "You can't disable ipv4 and ipv6.\n");
-		exit(1);
-	}
-	*/
-
-	/* create the array of listening ports */
-	if (portnum == 0) {
-		/* non specified */
-		svr_opts.portcount = 1;
-		svr_opts.ports = m_malloc(sizeof(uint16_t));
-		svr_opts.ports[0] = DROPBEAR_PORT;
-	} else {
-		svr_opts.portcount = portnum;
-		svr_opts.ports = (uint16_t*)m_malloc(sizeof(uint16_t)*portnum);
-		for (i = 0; i < portnum; i++) {
-			if (portstring[i]) {
-				longport = atoi(portstring[i]);
-					if (longport <= 65535 && longport > 0) {
-						svr_opts.ports[i] = (uint16_t)longport;
-						continue;
-					}
-			}
-			fprintf(stderr, "Bad port '%s'\n",
-					portstring[i] ? portstring[i] : "null");
-		}
-	}
-
 }
 
 static void disablekey(int type, const char* filename) {
@@ -279,47 +260,45 @@ static void disablekey(int type, const char* filename) {
 			break;
 		}
 	}
-	fprintf(stderr, "Failed reading '%s', disabling %s\n", filename,
+	dropbear_log(LOG_WARNING, "Failed reading '%s', disabling %s", filename,
 			type == DROPBEAR_SIGNKEY_DSS ? "DSS" : "RSA");
 }
 
-static sign_key * loadhostkeys(const char * dsskeyfile, 
-		const char * rsakeyfile) {
+/* Must be called after syslog/etc is working */
+void loadhostkeys() {
 
-	sign_key * hostkey;
 	int ret;
 	int type;
 
 	TRACE(("enter loadhostkeys"));
 
-	hostkey = new_sign_key();
+	svr_opts.hostkey = new_sign_key();
 
 #ifdef DROPBEAR_RSA
 	type = DROPBEAR_SIGNKEY_RSA;
-	ret = readhostkey(rsakeyfile, hostkey, &type);
+	ret = readhostkey(svr_opts.rsakeyfile, svr_opts.hostkey, &type);
 	if (ret == DROPBEAR_FAILURE) {
-		disablekey(DROPBEAR_SIGNKEY_RSA, rsakeyfile);
+		disablekey(DROPBEAR_SIGNKEY_RSA, svr_opts.rsakeyfile);
 	}
 #endif
 #ifdef DROPBEAR_DSS
-	type = DROPBEAR_SIGNKEY_RSA;
-	ret = readhostkey(dsskeyfile, hostkey, &type);
+	type = DROPBEAR_SIGNKEY_DSS;
+	ret = readhostkey(svr_opts.dsskeyfile, svr_opts.hostkey, &type);
 	if (ret == DROPBEAR_FAILURE) {
-		disablekey(DROPBEAR_SIGNKEY_DSS, dsskeyfile);
+		disablekey(DROPBEAR_SIGNKEY_DSS, svr_opts.dsskeyfile);
 	}
 #endif
 
 	if ( 1
 #ifdef DROPBEAR_DSS
-		&& hostkey->dsskey == NULL
+		&& svr_opts.hostkey->dsskey == NULL
 #endif
 #ifdef DROPBEAR_RSA
-		&& hostkey->rsakey == NULL
+		&& svr_opts.hostkey->rsakey == NULL
 #endif
 		) {
 		dropbear_exit("No hostkeys available");
 	}
 
 	TRACE(("leave loadhostkeys"));
-	return hostkey;
 }

svr-session.c

@@ -168,7 +168,7 @@ void svr_dropbear_log(int priority, const char* format, va_list param) {
 	/* if we are using DEBUG_TRACE, we want to print to stderr even if
 	 * syslog is used, so it is included in error reports */
 #ifdef DEBUG_TRACE
-	havetrace = 1;
+	havetrace = debug_trace;
 #endif
 
 	if (!svr_opts.usingsyslog || havetrace)

svr-x11fwd.c

@@ -75,9 +75,7 @@ int x11req(struct ChanSess * chansess) {
 	}
 
 	/* set non-blocking */
-	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
-		goto fail;
-	}
+	setnonblocking(fd);
 
 	/* listener code will handle the socket now.
 	 * No cleanup handler needed, since listener_remove only happens
@@ -171,8 +169,12 @@ void x11cleanup(struct ChanSess *chansess) {
 
 	m_free(chansess->x11authprot);
 	m_free(chansess->x11authcookie);
-	remove_listener(chansess->x11listener);
-	chansess->x11listener = NULL;
+
+	TRACE(("chansess %s", chansess));
+	if (chansess->x11listener != NULL) {
+		remove_listener(chansess->x11listener);
+		chansess->x11listener = NULL;
+	}
 }
 
 static const struct ChanType chan_x11 = {

tcpfwd.h

@@ -47,7 +47,7 @@ struct TCPListener {
 /* A link in a list of forwards */
 struct TCPFwdList {
 
-	char* connectaddr;
+	const unsigned char* connectaddr;
 	unsigned int connectport;
 	unsigned int listenport;
 	struct TCPFwdList * next;
@@ -60,6 +60,7 @@ extern const struct ChanType svr_chan_tcpdirect;
 
 /* Client */
 void setup_localtcp();
+void setup_remotetcp();
 extern const struct ChanType cli_chan_tcpremote;
 
 /* Common */

termcodes.c

@@ -131,7 +131,11 @@ const struct TermCode termcodes[MAX_TERMCODE+1] = {
 		{IEXTEN, TERMCODE_LOCAL},
 		{ECHOCTL, TERMCODE_LOCAL},
 		{ECHOKE, TERMCODE_LOCAL},
+#ifdef PENDIN
 		{PENDIN, TERMCODE_LOCAL},
+#else
+		{0, 0},
+#endif
 		{0, 0}, /* 63 */
 		{0, 0},
 		{0, 0},