- OpenBSD CVS update:

  - markus@cvs.openbsd.org
    [ssh.c]
    fix usage()
    [ssh2.h]
    draft-ietf-secsh-architecture-05.txt
    [ssh.1]
    document ssh -T -N (ssh2 only)
    [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
    enable nonblocking IO for sshd w/ proto 1, too; split out common code
    [aux.c]
    missing include

11 files changed, 102 insertions, 74 deletions

diff --git a/ChangeLog b/ChangeLog
index 4f0c42d6b..e14392af2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,18 @@
  - Avoid WCOREDUMP complation errors for systems that lack it
  - Avoid SIGCHLD warnings from entropy commands 
  - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw@dcs.ed.ac.uk>
+ - OpenBSD CVS update:
+  - markus@cvs.openbsd.org 
+    [ssh.c]
+    fix usage()
+    [ssh2.h]
+    draft-ietf-secsh-architecture-05.txt
+    [ssh.1]
+    document ssh -T -N (ssh2 only)
+    [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
+    enable nonblocking IO for sshd w/ proto 1, too; split out common code
+    [aux.c]
+    missing include
 
 20000513
  - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz 
diff --git a/Makefile.in b/Makefile.in
index 403b75faa..3aeced934 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -34,7 +34,7 @@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
 
 TARGETS=ssh sshd ssh-add ssh-keygen ssh-agent scp $(EXTRA_TARGETS)
 
-LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 
+LIBSSH_OBJS=atomicio.o authfd.o authfile.o aux.o bufaux.o buffer.o canohost.o channels.o cipher.o compat.o compress.o crc32.o deattack.o dispatch.o dsa.o fingerprint.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o entropy.o readpass.o rsa.o tildexpand.o ttymodes.o uidswap.o uuencode.o xmalloc.o 
 
 LIBOPENBSD_COMPAT_OBJS=bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-misc.o bsd-mktemp.o bsd-rresvport.o bsd-setenv.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o fake-getaddrinfo.o fake-getnameinfo.o 
 
diff --git a/aux.c b/aux.c
new file mode 100644
index 000000000..899142da7
--- /dev/null
+++ b/aux.c
@@ -0,0 +1,36 @@
+#include "includes.h"
+RCSID("$OpenBSD: aux.c,v 1.2 2000/05/17 09:47:59 markus Exp $");
+
+#include "ssh.h"
+
+char *
+chop(char *s)
+{
+        char *t = s;
+        while (*t) {
+                if(*t == '\n' || *t == '\r') {
+                        *t = '\0';
+                        return s;
+                }
+                t++;
+        }
+        return s;
+
+}
+
+void
+set_nonblock(int fd)
+{
+        int val;
+        val = fcntl(fd, F_GETFL, 0);
+        if (val < 0) {
+                error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
+                return;
+        }
+        if (val & O_NONBLOCK)
+                return;
+        debug("fd %d setting O_NONBLOCK", fd);
+        val |= O_NONBLOCK;
+        if (fcntl(fd, F_SETFL, val) == -1)
+                error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno));
+}
diff --git a/channels.c b/channels.c
index a18c7e300..f26b3a65b 100644
--- a/channels.c
+++ b/channels.c
@@ -17,7 +17,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: channels.c,v 1.30 2000/05/09 01:02:59 damien Exp $");
+RCSID("$Id: channels.c,v 1.31 2000/05/17 12:34:23 damien Exp $");
 
 #include "ssh.h"
 #include "packet.h"
@@ -147,23 +147,6 @@ channel_lookup(int id)
         return c;
 }
 
-void
-set_nonblock(int fd)
-{
-        int val;
-        val = fcntl(fd, F_GETFL, 0);
-        if (val < 0) {
-                error("fcntl(%d, F_GETFL, 0): %s", fd, strerror(errno));
-                return;
-        }
-        if (val & O_NONBLOCK)
-                return;
-        debug("fd %d setting O_NONBLOCK", fd);
-        val |= O_NONBLOCK;
-        if (fcntl(fd, F_SETFL, val) == -1)
-                error("fcntl(%d, F_SETFL, O_NONBLOCK): %s", fd, strerror(errno));
-}
-
 /*
  * Register filedescriptors for a channel, used when allocating a channel or
  * when the channel consumer/producer is ready, e.g. shell exec'd
diff --git a/serverloop.c b/serverloop.c
index 1bc5d8b75..79bdf77ba 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -259,20 +259,15 @@ process_input(fd_set * readset)
                 if (len == 0) {
                         verbose("Connection closed by remote host.");
                         fatal_cleanup();
+                } else if (len < 0) {
+                        if (errno != EINTR && errno != EAGAIN) {
+                                verbose("Read error from remote host: %.100s", strerror(errno));
+                                fatal_cleanup();
+                        }
+                } else {
+                        /* Buffer any received data. */
+                        packet_process_incoming(buf, len);
                 }
-                /*
-                 * There is a kernel bug on Solaris that causes select to
-                 * sometimes wake up even though there is no data available.
-                 */
-                if (len < 0 && errno == EAGAIN)
-                        len = 0;
-
-                if (len < 0) {
-                        verbose("Read error from remote host: %.100s", strerror(errno));
-                        fatal_cleanup();
-                }
-                /* Buffer any received data. */
-                packet_process_incoming(buf, len);
         }
         if (compat20)
                 return;
@@ -280,9 +275,11 @@ process_input(fd_set * readset)
         /* Read and buffer any available stdout data from the program. */
         if (!fdout_eof && FD_ISSET(fdout, readset)) {
                 len = read(fdout, buf, sizeof(buf));
-                if (len <= 0)
+                if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+                        /* do nothing */
+                } else if (len <= 0) {
                         fdout_eof = 1;
-                else {
+                } else {
                         buffer_append(&stdout_buffer, buf, len);
                         fdout_bytes += len;
                 }
@@ -290,10 +287,13 @@ process_input(fd_set * readset)
         /* Read and buffer any available stderr data from the program. */
         if (!fderr_eof && FD_ISSET(fderr, readset)) {
                 len = read(fderr, buf, sizeof(buf));
-                if (len <= 0)
+                if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+                        /* do nothing */
+                } else if (len <= 0) {
                         fderr_eof = 1;
-                else
+                } else {
                         buffer_append(&stderr_buffer, buf, len);
+                }
         }
 }
 
@@ -309,7 +309,9 @@ process_output(fd_set * writeset)
         if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
                 len = write(fdin, buffer_ptr(&stdin_buffer),
                     buffer_len(&stdin_buffer));
-                if (len <= 0) {
+                if (len < 0 && (errno == EINTR || errno == EAGAIN)) {
+                        /* do nothing */
+                } else if (len <= 0) {
 #ifdef USE_PIPES
                         close(fdin);
 #else
@@ -396,6 +398,12 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
         fdin = fdin_arg;
         fdout = fdout_arg;
         fderr = fderr_arg;
+
+        /* nonblocking IO */
+        set_nonblock(fdin);
+        set_nonblock(fdout);
+        set_nonblock(fderr);
+
         connection_in = packet_get_connection_in();
         connection_out = packet_get_connection_out();
 
diff --git a/ssh.1 b/ssh.1
index 48040c439..d8e9eb0b9 100644
--- a/ssh.1
+++ b/ssh.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: ssh.1,v 1.25 2000/05/09 01:03:02 damien Exp $
+.\" $Id: ssh.1,v 1.26 2000/05/17 12:34:24 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH 1
@@ -24,7 +24,7 @@
 .Op Ar command
 .Pp
 .Nm ssh
-.Op Fl afgknqtvxCPX246
+.Op Fl afgknqtvxCNPTX246
 .Op Fl c Ar cipher_spec
 .Op Fl e Ar escape_char
 .Op Fl i Ar identity_file
@@ -416,6 +416,10 @@ program will be put in the background.
 needs to ask for a password or passphrase; see also the
 .Fl f
 option.)
+.It Fl N
+Do not execute a remote command.
+This is usefull if you just want to forward ports
+(protocol version 2 only).
 .It Fl o Ar option
 Can be used to give options in the format used in the config file.
 This is useful for specifying options for which there is no separate
@@ -442,6 +446,8 @@ Force pseudo-tty allocation.
 This can be used to execute arbitrary
 screen-based programs on a remote machine, which can be very useful,
 e.g., when implementing menu services.
+.It Fl T
+Disable pseudo-tty allocation (protocol version 2 only).
 .It Fl v
 Verbose mode.
 Causes
diff --git a/ssh.c b/ssh.c
index 2dfc2b02f..bf4f8b1c6 100644
--- a/ssh.c
+++ b/ssh.c
@@ -11,7 +11,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: ssh.c,v 1.30 2000/05/09 01:03:02 damien Exp $");
+RCSID("$Id: ssh.c,v 1.31 2000/05/17 12:34:24 damien Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/dsa.h>
@@ -120,6 +120,7 @@ usage()
 #ifdef AFS
         fprintf(stderr, "  -k          Disable Kerberos ticket and AFS token forwarding.\n");
 #endif                          /* AFS */
+        fprintf(stderr, "  -X          Enable X11 connection forwarding.\n");
         fprintf(stderr, "  -x          Disable X11 connection forwarding.\n");
         fprintf(stderr, "  -i file     Identity for RSA authentication (default: ~/.ssh/identity).\n");
         fprintf(stderr, "  -t          Tty; allocate a tty even if command is given.\n");
diff --git a/ssh.h b/ssh.h
index 42a710088..ed124cece 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@
  *
  */
 
-/* RCSID("$Id: ssh.h,v 1.39 2000/05/09 01:03:02 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.40 2000/05/17 12:34:24 damien Exp $"); */
 
 #ifndef SSH_H
 #define SSH_H
@@ -486,6 +486,12 @@ void    fatal_remove_cleanup(void (*proc) (void *context), void *context);
  */
 char   *tilde_expand_filename(const char *filename, uid_t my_uid);
 
+/* remove newline at end of string */
+char    *chop(char *s);
+
+/* set filedescriptor to non-blocking */
+void    set_nonblock(int fd);
+
 /*
  * Performs the interactive session.  This handles data transmission between
  * the client and the program.  Note that the notion of stdin, stdout, and
diff --git a/ssh2.h b/ssh2.h
index cf684bacf..1fa4c0a0d 100644
--- a/ssh2.h
+++ b/ssh2.h
@@ -1,5 +1,5 @@
 /*
- * draft-ietf-secsh-architecture-04.txt
+ * draft-ietf-secsh-architecture-05.txt
  *
  *   Transport layer protocol:
  *
@@ -28,6 +28,7 @@
  *
  *     192-255  Local extensions
  */
+/* RCSID("$OpenBSD: ssh2.h,v 1.3 2000/05/15 07:03:12 markus Exp $"); */
 
 /* transport layer: generic */
 
@@ -88,6 +89,7 @@
 #define SSH2_DISCONNECT_PROTOCOL_ERROR                  2
 #define SSH2_DISCONNECT_KEY_EXCHANGE_FAILED             3
 #define SSH2_DISCONNECT_HOST_AUTHENTICATION_FAILED      4
+#define SSH2_DISCONNECT_RESERVED                        4
 #define SSH2_DISCONNECT_MAC_ERROR                       5
 #define SSH2_DISCONNECT_COMPRESSION_ERROR               6
 #define SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE           7
@@ -95,6 +97,10 @@
 #define SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE         9
 #define SSH2_DISCONNECT_CONNECTION_LOST                 10
 #define SSH2_DISCONNECT_BY_APPLICATION                  11
+#define SSH2_DISCONNECT_TOO_MANY_CONNECTIONS            12
+#define SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER          13
+#define SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE  14
+#define SSH2_DISCONNECT_ILLEGAL_USER_NAME               15
 
 /* misc */
 
diff --git a/sshconnect.c b/sshconnect.c
index d74658c96..40e359ceb 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -8,7 +8,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.72 2000/05/04 09:50:22 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.73 2000/05/17 08:20:15 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
@@ -301,21 +301,6 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
         return 1;
 }
 
-char *
-chop(char *s)
-{
-        char *t = s;
-        while (*t) {
-                if(*t == '\n' || *t == '\r') {
-                        *t = '\0';
-                        return s;
-                }
-                t++;
-        }
-        return s;
-
-}
-
 /*
  * Waits for the server identification string, and sends our own
  * identification string.
diff --git a/sshd.c b/sshd.c
index d1ed1506e..a13332cbd 100644
--- a/sshd.c
+++ b/sshd.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.115 2000/05/03 10:21:49 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.116 2000/05/17 08:20:16 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -262,21 +262,6 @@ key_regeneration_alarm(int sig)
         errno = save_errno;
 }
 
-char *
-chop(char *s)
-{
-        char *t = s;
-        while (*t) {
-                if(*t == '\n' || *t == '\r') {
-                        *t = '\0';
-                        return s;
-                }
-                t++;
-        }
-        return s;
-
-}
-
 void
 sshd_exchange_identification(int sock_in, int sock_out)
 {