- deraadt@cvs.openbsd.org 2001/12/19 07:18:56

[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h] [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c] [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c] [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c] [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c] [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c] [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config] [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c] basic KNF done while i was looking for something else
author: Damien Miller <djm@mindrot.org> 2001-12-21 14:45:46 +1100
committer: Damien Miller <djm@mindrot.org> 2001-12-21 14:45:46 +1100
commit: 9f0f5c64bc4b6144e3fed6a7f538f7c21819a492 (patch)
tree: f79317ab211f59181a61b526f566e9c8cfe70c73
parent: 89681214ca2f50a1b1ed6164c3afe1ce14995ffc (diff)
54 files changed, 666 insertions, 658 deletions
diff --git a/ChangeLog b/ChangeLog
index 552d6588d..3b9814f51 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -28,6 +28,16 @@
     [auth-rsa.c]
     log fingerprint on successful public key authentication, simplify 
     usage of key structs; ok markus@
+   - deraadt@cvs.openbsd.org 2001/12/19 07:18:56
+     [auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
+     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
+     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
+     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
+     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
+     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
+     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
+     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
+     basic KNF done while i was looking for something else
 20011219
 - (stevesk) OpenBSD CVS sync X11 localhost display
@@ -7056,4 +7066,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1700 2001/12/21 01:52:39 djm Exp $
+$Id: ChangeLog,v 1.1701 2001/12/21 03:45:46 djm Exp $
diff --git a/auth-bsdauth.c b/auth-bsdauth.c
index 3732477de..b70d48f20 100644
--- a/auth-bsdauth.c
+++ b/auth-bsdauth.c
@@ -22,7 +22,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth-bsdauth.c,v 1.1 2001/05/18 14:13:28 markus Exp $");
+RCSID("$OpenBSD: auth-bsdauth.c,v 1.2 2001/12/19 07:18:56 deraadt Exp $");
 #ifdef BSD_AUTH
 #include "xmalloc.h"
@@ -36,74 +36,74 @@ bsdauth_init_ctx(Authctxt *authctxt)
 }
 static int
-bsdauth_query(void *ctx, char **name, char **infotxt, 
+bsdauth_query(void *ctx, char **name, char **infotxt,
   u_int *numprompts, char ***prompts, u_int **echo_on)
 {
-        Authctxt *authctxt = ctx;
+        Authctxt *authctxt = ctx;
-        char *challenge = NULL;
+        char *challenge = NULL;
-        if (authctxt->as != NULL) {
+        if (authctxt->as != NULL) {
-                debug2("bsdauth_query: try reuse session");
+                debug2("bsdauth_query: try reuse session");
-                challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
+                challenge = auth_getitem(authctxt->as, AUTHV_CHALLENGE);
-                if (challenge == NULL) {
+                if (challenge == NULL) {
-                        auth_close(authctxt->as);
+                        auth_close(authctxt->as);
-                        authctxt->as = NULL;
+                        authctxt->as = NULL;
-                }
+                }
-        }
+        }
-        if (challenge == NULL) {
+        if (challenge == NULL) {
-                debug2("bsdauth_query: new bsd auth session");
+                debug2("bsdauth_query: new bsd auth session");
-                debug3("bsdauth_query: style %s",
+                debug3("bsdauth_query: style %s",
                    authctxt->style ? authctxt->style : "<default>");
-                authctxt->as = auth_userchallenge(authctxt->user,
+                authctxt->as = auth_userchallenge(authctxt->user,
                     authctxt->style, "auth-ssh", &challenge);
-                if (authctxt->as == NULL)
+                if (authctxt->as == NULL)
-                        challenge = NULL;
+                        challenge = NULL;
-                debug2("bsdauth_query: <%s>", challenge ? challenge : "empty");
+                debug2("bsdauth_query: <%s>", challenge ? challenge : "empty");
-        }
+        }
-        
-        if (challenge == NULL)
+        if (challenge == NULL)
-                return -1;
+                return -1;
-        *name       = xstrdup("");
+        *name       = xstrdup("");
-        *infotxt    = xstrdup("");
+        *infotxt    = xstrdup("");
-        *numprompts = 1;
+        *numprompts = 1;
-        *prompts = xmalloc(*numprompts * sizeof(char*));
+        *prompts = xmalloc(*numprompts * sizeof(char*));
-        *echo_on = xmalloc(*numprompts * sizeof(u_int));
+        *echo_on = xmalloc(*numprompts * sizeof(u_int));
-        (*echo_on)[0] = 0;
+        (*echo_on)[0] = 0;
-        (*prompts)[0] = xstrdup(challenge);
+        (*prompts)[0] = xstrdup(challenge);
-        return 0;
+        return 0;
 }
 static int
 bsdauth_respond(void *ctx, u_int numresponses, char **responses)
 {
-        Authctxt *authctxt = ctx;
+        Authctxt *authctxt = ctx;
-        int authok;
+        int authok;
-        
-        if (authctxt->as == 0)
+        if (authctxt->as == 0)
-                error("bsdauth_respond: no bsd auth session");
+                error("bsdauth_respond: no bsd auth session");
-        if (numresponses != 1)
+        if (numresponses != 1)
-                return -1;
+                return -1;
-        authok = auth_userresponse(authctxt->as, responses[0], 0);
+        authok = auth_userresponse(authctxt->as, responses[0], 0);
-        authctxt->as = NULL;
+        authctxt->as = NULL;
-        debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok);
+        debug3("bsdauth_respond: <%s> = <%d>", responses[0], authok);
-        return (authok == 0) ? -1 : 0;
+        return (authok == 0) ? -1 : 0;
 }
 static void
 bsdauth_free_ctx(void *ctx)
 {
-        Authctxt *authctxt = ctx;
+        Authctxt *authctxt = ctx;
-        if (authctxt && authctxt->as) {
+        if (authctxt && authctxt->as) {
-                auth_close(authctxt->as);
+                auth_close(authctxt->as);
-                authctxt->as = NULL;
+                authctxt->as = NULL;
-        }
+        }
 }
 KbdintDevice bsdauth_device = {
diff --git a/auth-krb4.c b/auth-krb4.c
index 031dcd301..f7a144f9d 100644
--- a/auth-krb4.c
+++ b/auth-krb4.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth-krb4.c,v 1.24 2001/06/26 16:15:22 dugsong Exp $");
+RCSID("$OpenBSD: auth-krb4.c,v 1.25 2001/12/19 07:18:56 deraadt Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -49,7 +49,7 @@ krb4_init(void *context)
        const char *tkt_root = TKT_ROOT;
        struct stat st;
        int fd;
-        
        if (!authctxt->krb4_ticket_file) {
                /* Set unique ticket string manually since we're still root. */
                authctxt->krb4_ticket_file = xmalloc(MAXPATHLEN);
@@ -79,13 +79,13 @@ krb4_init(void *context)
        }
        /* Failure - cancel cleanup function, leaving ticket for inspection. */
        log("WARNING: bad ticket file %s", authctxt->krb4_ticket_file);
-        
        fatal_remove_cleanup(krb4_cleanup_proc, authctxt);
        cleanup_registered = 0;
-        
        xfree(authctxt->krb4_ticket_file);
        authctxt->krb4_ticket_file = NULL;
-        
        return (0);
 }
@@ -103,10 +103,10 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
        char localhost[MAXHOSTNAMELEN], phost[INST_SZ], realm[REALM_SZ];
        u_int32_t faddr;
        int r;
-        
        if ((pw = authctxt->pw) == NULL)
                return (0);
-        
        /*
         * Try Kerberos password authentication only for non-root
         * users and only if Kerberos is installed.
@@ -128,7 +128,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
                }
                /* Successful authentication. */
                chown(tkt_string(), pw->pw_uid, pw->pw_gid);
-                
                /*
                 * Now that we have a TGT, try to get a local
                 * "rcmd" ticket to ensure that we are not talking
@@ -138,7 +138,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
                strlcpy(phost, (char *)krb_get_phost(localhost),
                    sizeof(phost));
                r = krb_mk_req(&tkt, KRB4_SERVICE_NAME, phost, realm, 33);
-                
                if (r == KSUCCESS) {
                        if ((hp = gethostbyname(localhost)) == NULL) {
                                log("Couldn't get local host address!");
@@ -146,7 +146,7 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
                        }
                        memmove((void *)&faddr, (void *)hp->h_addr,
                            sizeof(faddr));
-                        
                        /* Verify our "rcmd" ticket. */
                        r = krb_rd_req(&tkt, KRB4_SERVICE_NAME, phost,
                            faddr, &adata, "");
@@ -186,13 +186,13 @@ auth_krb4_password(Authctxt *authctxt, const char *password)
        } else
                /* Logging in as root or no local Kerberos realm. */
                debug("Unable to authenticate to Kerberos.");
-        
 failure:
        krb4_cleanup_proc(authctxt);
-        
        if (!options.kerberos_or_local_passwd)
                return (0);
-        
        /* Fall back to ordinary passwd authentication. */
        return (-1);
 }
@@ -220,9 +220,9 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client)
        socklen_t slen;
        u_int cksum;
        int r, s;
-        
        s = packet_get_connection_in();
-        
        slen = sizeof(local);
        memset(&local, 0, sizeof(local));
        if (getsockname(s, (struct sockaddr *) & local, &slen) < 0)
@@ -235,7 +235,7 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client)
        }
        instance[0] = '*';
        instance[1] = 0;
-        
        /* Get the encrypted request, challenge, and session key. */
        if ((r = krb_rd_req(auth, KRB4_SERVICE_NAME, instance,
            0, &adat, ""))) {
@@ -243,11 +243,11 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client)
                return (0);
        }
        des_key_sched((des_cblock *) adat.session, schedule);
-        
        *client = xmalloc(MAX_K_NAME_SZ);
        (void) snprintf(*client, MAX_K_NAME_SZ, "%s%s%s@%s", adat.pname,
            *adat.pinst ? "." : "", adat.pinst, adat.prealm);
-        
        /* Check ~/.klogin authorization now. */
        if (kuserok(&adat, authctxt->user) != KSUCCESS) {
                log("Kerberos v4 .klogin authorization failed for %s to "
@@ -259,7 +259,7 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client)
           session key. */
        cksum = adat.checksum + 1;
        cksum = htonl(cksum);
-        
        /* If we can't successfully encrypt the checksum, we send back an
           empty message, admitting our failure. */
        if ((r = krb_mk_priv((u_char *) & cksum, reply.dat, sizeof(cksum) + 1,
@@ -269,10 +269,10 @@ auth_krb4(Authctxt *authctxt, KTEXT auth, char **client)
                reply.length = 0;
        } else
                reply.length = r;
-        
        /* Clear session key. */
        memset(&adat.session, 0, sizeof(&adat.session));
-        
        packet_start(SSH_SMSG_AUTH_KERBEROS_RESPONSE);
        packet_put_string((char *) reply.dat, reply.length);
        packet_send();
@@ -287,19 +287,19 @@ auth_krb4_tgt(Authctxt *authctxt, const char *string)
 {
        CREDENTIALS creds;
        struct passwd *pw;
-        
        if ((pw = authctxt->pw) == NULL)
                goto failure;
-        
        temporarily_use_uid(pw);
-        
        if (!radix_to_creds(string, &creds)) {
                log("Protocol error decoding Kerberos v4 TGT");
                goto failure;
        }
        if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */
                strlcpy(creds.service, "krbtgt", sizeof creds.service);
-        
        if (strcmp(creds.service, "krbtgt")) {
                log("Kerberos v4 TGT (%s%s%s@%s) rejected for %s",
                    creds.pname, creds.pinst[0] ? "." : "", creds.pinst,
@@ -308,10 +308,10 @@ auth_krb4_tgt(Authctxt *authctxt, const char *string)
        }
        if (!krb4_init(authctxt))
                goto failure;
-        
        if (in_tkt(creds.pname, creds.pinst) != KSUCCESS)
                goto failure;
-        
        if (save_credentials(creds.service, creds.instance, creds.realm,
            creds.session, creds.lifetime, creds.kvno, &creds.ticket_st,
            creds.issue_date) != KSUCCESS) {
@@ -320,20 +320,20 @@ auth_krb4_tgt(Authctxt *authctxt, const char *string)
        }
        /* Successful authentication, passed all checks. */
        chown(tkt_string(), pw->pw_uid, pw->pw_gid);
-        
        debug("Kerberos v4 TGT accepted (%s%s%s@%s)",
            creds.pname, creds.pinst[0] ? "." : "", creds.pinst, creds.realm);
        memset(&creds, 0, sizeof(creds));
-        
        restore_uid();
-        
        return (1);
-        
 failure:
        krb4_cleanup_proc(authctxt);
        memset(&creds, 0, sizeof(creds));
        restore_uid();
-        
        return (0);
 }
@@ -343,22 +343,22 @@ auth_afs_token(Authctxt *authctxt, const char *token_string)
        CREDENTIALS creds;
        struct passwd *pw;
        uid_t uid;
-        
        if ((pw = authctxt->pw) == NULL)
                return (0);
-        
        if (!radix_to_creds(token_string, &creds)) {
                log("Protocol error decoding AFS token");
                return (0);
        }
        if (strncmp(creds.service, "", 1) == 0) /* backward compatibility */
                strlcpy(creds.service, "afs", sizeof creds.service);
-        
        if (strncmp(creds.pname, "AFS ID ", 7) == 0)
                uid = atoi(creds.pname + 7);
        else
                uid = pw->pw_uid;
-        
        if (kafs_settoken(creds.realm, uid, &creds)) {
                log("AFS token (%s@%s) rejected for %s",
                    creds.pname, creds.realm, pw->pw_name);
@@ -367,7 +367,7 @@ auth_afs_token(Authctxt *authctxt, const char *token_string)
        }
        debug("AFS token accepted (%s@%s)", creds.pname, creds.realm);
        memset(&creds, 0, sizeof(creds));
-        
        return (1);
 }
 #endif /* AFS */
diff --git a/auth-rhosts.c b/auth-rhosts.c
index 9ba64dbc3..cbceb6319 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -14,7 +14,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth-rhosts.c,v 1.24 2001/06/23 15:12:17 itojun Exp $");
+RCSID("$OpenBSD: auth-rhosts.c,v 1.25 2001/12/19 07:18:56 deraadt Exp $");
 #include "packet.h"
 #include "xmalloc.h"
@@ -186,7 +186,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
         * servers.
         */
        for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
-             rhosts_file_index++) {
+            rhosts_file_index++) {
                /* Check users .rhosts or .shosts. */
                snprintf(buf, sizeof buf, "%.500s/%.100s",
                         pw->pw_dir, rhosts_files[rhosts_file_index]);
@@ -204,16 +204,16 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
        /* If not logging in as superuser, try /etc/hosts.equiv and shosts.equiv. */
        if (pw->pw_uid != 0) {
-                if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr, client_user,
+                if (check_rhosts_file(_PATH_RHOSTS_EQUIV, hostname, ipaddr,
-                                      pw->pw_name)) {
+                    client_user, pw->pw_name)) {
                        packet_send_debug("Accepted for %.100s [%.100s] by /etc/hosts.equiv.",
-                                          hostname, ipaddr);
+                            hostname, ipaddr);
                        return 1;
                }
-                if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr, client_user,
+                if (check_rhosts_file(_PATH_SSH_HOSTS_EQUIV, hostname, ipaddr,
-                                      pw->pw_name)) {
+                    client_user, pw->pw_name)) {
                        packet_send_debug("Accepted for %.100s [%.100s] by %.100s.",
-                                      hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
+                            hostname, ipaddr, _PATH_SSH_HOSTS_EQUIV);
                        return 1;
                }
        }
@@ -230,7 +230,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
        }
        if (options.strict_modes &&
            ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-             (st.st_mode & 022) != 0)) {
+            (st.st_mode & 022) != 0)) {
                log("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.",
                    pw->pw_name);
                packet_send_debug("Rhosts authentication refused for %.100s: bad ownership or modes for home directory.",
@@ -242,7 +242,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
        /* Check all .rhosts files (currently .shosts and .rhosts). */
        for (rhosts_file_index = 0; rhosts_files[rhosts_file_index];
-             rhosts_file_index++) {
+            rhosts_file_index++) {
                /* Check users .rhosts or .shosts. */
                snprintf(buf, sizeof buf, "%.500s/%.100s",
                         pw->pw_dir, rhosts_files[rhosts_file_index]);
@@ -257,7 +257,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
                 */
                if (options.strict_modes &&
                    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-                     (st.st_mode & 022) != 0)) {
+                    (st.st_mode & 022) != 0)) {
                        log("Rhosts authentication refused for %.100s: bad modes for %.200s",
                            pw->pw_name, buf);
                        packet_send_debug("Bad file modes for %.200s", buf);
diff --git a/auth-skey.c b/auth-skey.c
index f921fc1bb..6dc71223b 100644
--- a/auth-skey.c
+++ b/auth-skey.c
@@ -22,7 +22,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth-skey.c,v 1.12 2001/05/18 14:13:28 markus Exp $");
+RCSID("$OpenBSD: auth-skey.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $");
 #ifdef SKEY
@@ -40,7 +40,7 @@ skey_init_ctx(Authctxt *authctxt)
 #define PROMPT "\nS/Key Password: "
 static int
-skey_query(void *ctx, char **name, char **infotxt, 
+skey_query(void *ctx, char **name, char **infotxt,
    u_int* numprompts, char ***prompts, u_int **echo_on)
 {
        Authctxt *authctxt = ctx;
@@ -72,9 +72,9 @@ static int
 skey_respond(void *ctx, u_int numresponses, char **responses)
 {
        Authctxt *authctxt = ctx;
- 
        if (authctxt->valid &&
-            numresponses == 1 && 
+            numresponses == 1 &&
            skey_haskey(authctxt->pw->pw_name) == 0 &&
            skey_passcheck(authctxt->pw->pw_name, responses[0]) != -1)
            return 0;
diff --git a/auth.c b/auth.c
index a21ad414a..9541640ae 100644
--- a/auth.c
+++ b/auth.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth.c,v 1.30 2001/11/17 19:14:34 stevesk Exp $");
+RCSID("$OpenBSD: auth.c,v 1.31 2001/12/19 07:18:56 deraadt Exp $");
 #ifdef HAVE_LOGIN_H
 #include <login.h>
@@ -272,7 +272,7 @@ expand_filename(const char *filename, struct passwd *pw)
                }
                if (cp[0] == '%' && cp[1] == 'u') {
                        buffer_append(&buffer, pw->pw_name,
-                             strlen(pw->pw_name));
+                            strlen(pw->pw_name));
                        cp++;
                        continue;
                }
@@ -326,7 +326,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
                if (options.strict_modes &&
                    (stat(user_hostfile, &st) == 0) &&
                    ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
-                     (st.st_mode & 022) != 0)) {
+                    (st.st_mode & 022) != 0)) {
                        log("Authentication refused for %.100s: "
                            "bad owner or modes for %.200s",
                            pw->pw_name, user_hostfile);
@@ -399,7 +399,7 @@ secure_filename(FILE *f, const char *file, struct passwd *pw,
                if (stat(buf, &st) < 0 ||
                    (st.st_uid != 0 && st.st_uid != uid) ||
                    (st.st_mode & 022) != 0) {
-                        snprintf(err, errlen, 
+                        snprintf(err, errlen,
                            "bad ownership or modes for directory %s", buf);
                        return -1;
                }
diff --git a/auth.h b/auth.h
index f1bc9db6c..017871952 100644
--- a/auth.h
+++ b/auth.h
@@ -21,7 +21,7 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
- * $OpenBSD: auth.h,v 1.24 2001/12/18 10:04:21 jakob Exp $
+ * $OpenBSD: auth.h,v 1.25 2001/12/19 07:18:56 deraadt Exp $
 */
 #ifndef AUTH_H
 #define AUTH_H
@@ -71,8 +71,8 @@ struct Authctxt {
 /*
 * Keyboard interactive device:
- * init_ctx     returns: non NULL upon success 
+ * init_ctx     returns: non NULL upon success
- * query        returns: 0 - success, otherwise failure 
+ * query        returns: 0 - success, otherwise failure
 * respond      returns: 0 - success, 1 - need further interaction,
 *              otherwise - failure
 */
diff --git a/auth1.c b/auth1.c
index 0e5e2e557..d7e80c28a 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.26 2001/12/05 03:56:39 itojun Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.27 2001/12/19 07:18:56 deraadt Exp $");
 #include "xmalloc.h"
 #include "rsa.h"
@@ -77,7 +77,7 @@ do_authloop(Authctxt *authctxt)
        struct passwd *pw = authctxt->pw;
        debug("Attempting authentication for %s%.100s.",
-             authctxt->valid ? "" : "illegal user ", authctxt->user);
+            authctxt->valid ? "" : "illegal user ", authctxt->user);
        /* If the user has no password, accept authentication immediately. */
        if (options.password_authentication &&
@@ -120,17 +120,17 @@ do_authloop(Authctxt *authctxt)
                                verbose("Kerberos authentication disabled.");
                        } else {
                                char *kdata = packet_get_string(&dlen);
-                                
                                packet_integrity_check(plen, 4 + dlen, type);
-                                
                                if (kdata[0] == 4) { /* KRB_PROT_VERSION */
 #ifdef KRB4
                                        KTEXT_ST tkt;
-                                        
                                        tkt.length = dlen;
                                        if (tkt.length < MAX_KTXT_LEN)
                                                memcpy(tkt.dat, kdata, tkt.length);
-                                        
                                        if (auth_krb4(authctxt, &tkt, &client_user)) {
                                                authenticated = 1;
                                                snprintf(info, sizeof(info),
@@ -143,7 +143,7 @@ do_authloop(Authctxt *authctxt)
                                        krb5_data tkt;
                                        tkt.length = dlen;
                                        tkt.data = kdata;
-                                        
                                        if (auth_krb5(authctxt, &tkt, &client_user)) {
                                                authenticated = 1;
                                                snprintf(info, sizeof(info),
@@ -156,7 +156,7 @@ do_authloop(Authctxt *authctxt)
                        }
                        break;
 #endif /* KRB4 || KRB5 */
-                        
 #if defined(AFS) || defined(KRB5)
                        /* XXX - punt on backward compatibility here. */
                case SSH_CMSG_HAVE_KERBEROS_TGT:
@@ -168,7 +168,7 @@ do_authloop(Authctxt *authctxt)
                        break;
 #endif /* AFS */
 #endif /* AFS || KRB5 */
-                        
                case SSH_CMSG_AUTH_RHOSTS:
                        if (!options.rhosts_authentication) {
                                verbose("Rhosts authentication disabled.");
@@ -381,7 +381,7 @@ do_authentication(void)
        /* XXX - SSH.com Kerberos v5 braindeath. */
        if ((p = strchr(user, '@')) != NULL)
                *p = '\0';
-        
        authctxt = authctxt_new();
        authctxt->user = user;
        authctxt->style = style;
diff --git a/auth2-chall.c b/auth2-chall.c
index 4b97e47bd..8ad1efcd6 100644
--- a/auth2-chall.c
+++ b/auth2-chall.c
@@ -23,7 +23,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth2-chall.c,v 1.9 2001/12/09 18:45:56 markus Exp $");
+RCSID("$OpenBSD: auth2-chall.c,v 1.10 2001/12/19 07:18:56 deraadt Exp $");
 #include "ssh2.h"
 #include "auth.h"
@@ -151,7 +151,7 @@ auth2_challenge(Authctxt *authctxt, char *devs)
        if (authctxt->user == NULL || !devs)
                return 0;
-        if (authctxt->kbdintctxt == NULL) 
+        if (authctxt->kbdintctxt == NULL)
                authctxt->kbdintctxt = kbdint_alloc(devs);
        return auth2_challenge_start(authctxt);
 }
diff --git a/auth2.c b/auth2.c
index 7a52c3b43..929e87baa 100644
--- a/auth2.c
+++ b/auth2.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.76 2001/12/18 10:05:15 jakob Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.77 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/evp.h>
@@ -721,7 +721,7 @@ user_key_allowed2(struct passwd *pw, Key *key, char *file)
                            file, linenum);
                        fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX);
                        verbose("Found matching %s key: %s",
-                             key_type(found), fp);
+                            key_type(found), fp);
                        xfree(fp);
                        break;
                }
diff --git a/authfile.c b/authfile.c
index 8a6021fc6..abf2877f5 100644
--- a/authfile.c
+++ b/authfile.c
@@ -36,7 +36,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: authfile.c,v 1.40 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: authfile.c,v 1.41 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/err.h>
 #include <openssl/evp.h>
@@ -147,7 +147,7 @@ key_save_private_rsa1(Key *key, const char *filename, const char *passphrase,
        if (write(fd, buffer_ptr(&encrypted), buffer_len(&encrypted)) !=
            buffer_len(&encrypted)) {
                error("write to key file %s failed: %s", filename,
-                      strerror(errno));
+                    strerror(errno));
                buffer_free(&encrypted);
                close(fd);
                unlink(filename);
@@ -450,7 +450,7 @@ key_load_private_pem(int fd, int type, const char *passphrase,
                debug("PEM_read_PrivateKey failed");
                (void)ERR_get_error();
        } else if (pk->type == EVP_PKEY_RSA &&
-             (type == KEY_UNSPEC||type==KEY_RSA)) {
+            (type == KEY_UNSPEC||type==KEY_RSA)) {
                prv = key_new(KEY_UNSPEC);
                prv->rsa = EVP_PKEY_get1_RSA(pk);
                prv->type = KEY_RSA;
@@ -459,7 +459,7 @@ key_load_private_pem(int fd, int type, const char *passphrase,
                RSA_print_fp(stderr, prv->rsa, 8);
 #endif
        } else if (pk->type == EVP_PKEY_DSA &&
-             (type == KEY_UNSPEC||type==KEY_DSA)) {
+            (type == KEY_UNSPEC||type==KEY_DSA)) {
                prv = key_new(KEY_UNSPEC);
                prv->dsa = EVP_PKEY_get1_DSA(pk);
                prv->type = KEY_DSA;
diff --git a/bufaux.c b/bufaux.c
index f6ca7e9ae..5bc718623 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,7 +37,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.18 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/bn.h>
 #include "bufaux.h"
@@ -62,7 +62,7 @@ buffer_put_bignum(Buffer *buffer, BIGNUM *value)
        oi = BN_bn2bin(value, buf);
        if (oi != bin_size)
                fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
-                      oi, bin_size);
+                    oi, bin_size);
        /* Store the number of bits in the buffer in two bytes, msb first. */
        PUT_16BIT(msg, bits);
@@ -112,14 +112,14 @@ buffer_put_bignum2(Buffer *buffer, BIGNUM *value)
        oi = BN_bn2bin(value, buf+1);
        if (oi != bytes-1)
                fatal("buffer_put_bignum: BN_bn2bin() failed: oi %d != bin_size %d",
-                      oi, bytes);
+                    oi, bytes);
        hasnohigh = (buf[1] & 0x80) ? 0 : 1;
        if (value->neg) {
                /**XXX should be two's-complement */
                int i, carry;
                u_char *uc = buf;
                log("negativ!");
-                for(i = bytes-1, carry = 1; i>=0; i--) {
+                for (i = bytes-1, carry = 1; i>=0; i--) {
                        uc[i] ^= 0xff;
                        if (carry)
                                carry = !++uc[i];
diff --git a/canohost.c b/canohost.c
index 015a328e8..4f2e576b2 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.28 2001/12/05 03:56:39 itojun Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.29 2001/12/19 07:18:56 deraadt Exp $");
 #include "packet.h"
 #include "xmalloc.h"
@@ -68,13 +68,13 @@ get_remote_hostname(int socket, int reverse_mapping_check)
                check_ip_options(socket, ntop);
        if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
-             NULL, 0, NI_NUMERICHOST) != 0)
+            NULL, 0, NI_NUMERICHOST) != 0)
                fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
        debug3("Trying to reverse map address %.100s.", ntop);
        /* Map the IP address to a host name. */
        if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name),
-             NULL, 0, NI_NAMEREQD) != 0) {
+            NULL, 0, NI_NAMEREQD) != 0) {
                /* Host name not found.  Use ip address. */
                log("Could not reverse map address %.100s.", ntop);
                return xstrdup(ntop);
@@ -230,7 +230,7 @@ get_socket_address(int socket, int remote, int flags)
        }
        /* Get the address in ascii. */
        if (getnameinfo((struct sockaddr *)&addr, addrlen, ntop, sizeof(ntop),
-             NULL, 0, flags) != 0) {
+            NULL, 0, flags) != 0) {
                error("get_socket_ipaddr: getnameinfo %d failed", flags);
                return NULL;
        }
@@ -316,7 +316,7 @@ get_sock_port(int sock, int local)
        }
        /* Return port number. */
        if (getnameinfo((struct sockaddr *)&from, fromlen, NULL, 0,
-             strport, sizeof(strport), NI_NUMERICSERV) != 0)
+            strport, sizeof(strport), NI_NUMERICSERV) != 0)
                fatal("get_sock_port: getnameinfo NI_NUMERICSERV failed");
        return atoi(strport);
 }
diff --git a/channels.c b/channels.c
index 97a865f56..63eb5bcff 100644
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.147 2001/12/08 17:49:28 stevesk Exp $");
+RCSID("$OpenBSD: channels.c,v 1.148 2001/12/19 07:18:56 deraadt Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -794,7 +794,7 @@ x11_open_helper(Buffer *b)
                data_len = ucp[8] + 256 * ucp[9];
        } else {
                debug("Initial X11 packet contains bad byte order byte: 0x%x",
-                      ucp[0]);
+                    ucp[0]);
                return -1;
        }
@@ -884,7 +884,7 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
 {
        u_char *p, *host;
        int len, have, i, found;
-        char username[256];     
+        char username[256];
        struct {
                u_int8_t version;
                u_int8_t command;
@@ -931,7 +931,7 @@ channel_decode_socks4(Channel *c, fd_set * readset, fd_set * writeset)
        host = inet_ntoa(s4_req.dest_addr);
        strlcpy(c->path, host, sizeof(c->path));
        c->host_port = ntohs(s4_req.dest_port);
-        
        debug("channel %d: dynamic request: socks4 host %s port %u command %u",
            c->self, host, c->host_port, s4_req.command);
@@ -1373,7 +1373,7 @@ channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset)
                    FD_ISSET(c->efd, readset)) {
                        len = read(c->efd, buf, sizeof(buf));
                        debug2("channel %d: read %d from efd %d",
-                             c->self, len, c->efd);
+                            c->self, len, c->efd);
                        if (len < 0 && (errno == EINTR || errno == EAGAIN))
                                return 1;
                        if (len <= 0) {
@@ -1509,7 +1509,7 @@ static void
 channel_handler_init(void)
 {
        int i;
-        for(i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) {
+        for (i = 0; i < SSH_CHANNEL_MAX_TYPE; i++) {
                channel_pre[i] = NULL;
                channel_post[i] = NULL;
        }
@@ -2414,8 +2414,8 @@ x11_create_display_inet(int x11_display_offset, int gateway_ports)
        int gaierr, n, num_socks = 0, socks[NUM_SOCKS];
        for (display_number = x11_display_offset;
-             display_number < MAX_DISPLAYS;
+            display_number < MAX_DISPLAYS;
-             display_number++) {
+            display_number++) {
                port = 6000 + display_number;
                memset(&hints, 0, sizeof(hints));
                hints.ai_family = IPv4or6;
@@ -2541,7 +2541,7 @@ x11_connect_display(void)
                /* Connect to the unix domain socket. */
                if (sscanf(strrchr(display, ':') + 1, "%d", &display_number) != 1) {
                        error("Could not parse display number from DISPLAY: %.100s",
-                              display);
+                            display);
                        return -1;
                }
                /* Create a socket. */
@@ -2566,7 +2566,7 @@ x11_connect_display(void)
        /* buf now contains the host name.  But first we parse the display number. */
        if (sscanf(cp + 1, "%d", &display_number) != 1) {
                error("Could not parse display number from DISPLAY: %.100s",
-                      display);
+                    display);
                return -1;
        }
diff --git a/cipher.c b/cipher.c
index de25ff096..c02b35161 100644
--- a/cipher.c
+++ b/cipher.c
@@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: cipher.c,v 1.47 2001/08/23 11:31:59 markus Exp $");
+RCSID("$OpenBSD: cipher.c,v 1.48 2001/12/19 07:18:56 deraadt Exp $");
 #include "xmalloc.h"
 #include "log.h"
@@ -184,14 +184,14 @@ blowfish_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
 }
 static void
 blowfish_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
-     u_int len)
+    u_int len)
 {
        BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
            BF_ENCRYPT);
 }
 static void
 blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
-     u_int len)
+    u_int len)
 {
        BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
            BF_DECRYPT);
@@ -289,7 +289,7 @@ rijndael_setkey(CipherContext *cc, const u_char *key, u_int keylen)
 static void
 rijndael_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
 {
-        if (iv == NULL || ivlen != RIJNDAEL_BLOCKSIZE) 
+        if (iv == NULL || ivlen != RIJNDAEL_BLOCKSIZE)
                fatal("bad/no IV for %s.", cc->cipher->name);
        memcpy(cc->u.rijndael.iv, iv, RIJNDAEL_BLOCKSIZE);
 }
@@ -417,7 +417,7 @@ u_int
 cipher_mask_ssh1(int client)
 {
        u_int mask = 0;
-        mask |= 1 << SSH_CIPHER_3DES;           /* Mandatory */
+        mask |= 1 << SSH_CIPHER_3DES;           /* Mandatory */
        mask |= 1 << SSH_CIPHER_BLOWFISH;
        if (client) {
                mask |= 1 << SSH_CIPHER_DES;
@@ -457,7 +457,7 @@ ciphers_valid(const char *names)
                return 0;
        ciphers = cp = xstrdup(names);
        for ((p = strsep(&cp, CIPHER_SEP)); p && *p != '\0';
-             (p = strsep(&cp, CIPHER_SEP))) {
+            (p = strsep(&cp, CIPHER_SEP))) {
                c = cipher_by_name(p);
                if (c == NULL || c->number != SSH_CIPHER_SSH2) {
                        debug("bad cipher %s [%s]", p, names);
diff --git a/clientloop.c b/clientloop.c
index 76b8101fe..84484604d 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.89 2001/12/05 03:50:01 itojun Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.90 2001/12/19 07:18:56 deraadt Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -254,7 +254,7 @@ client_make_packets_from_stdin_data(void)
        /* Send buffered stdin data to the server. */
        while (buffer_len(&stdin_buffer) > 0 &&
-               packet_not_very_much_data_to_write()) {
+            packet_not_very_much_data_to_write()) {
                len = buffer_len(&stdin_buffer);
                /* Keep the packets at reasonable size. */
                if (len > packet_get_maxsize())
@@ -417,9 +417,9 @@ client_suspend_self(Buffer *bin, Buffer *bout, Buffer *berr)
        /* Check if the window size has changed. */
        if (ioctl(fileno(stdin), TIOCGWINSZ, &newws) >= 0 &&
            (oldws.ws_row != newws.ws_row ||
-             oldws.ws_col != newws.ws_col ||
+            oldws.ws_col != newws.ws_col ||
-             oldws.ws_xpixel != newws.ws_xpixel ||
+            oldws.ws_xpixel != newws.ws_xpixel ||
-             oldws.ws_ypixel != newws.ws_ypixel))
+            oldws.ws_ypixel != newws.ws_ypixel))
                received_window_change_signal = 1;
        /* OK, we have been continued by the user. Reinitialize buffers. */
@@ -994,11 +994,11 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
        /* Report bytes transferred, and transfer rates. */
        total_time = get_current_time() - start_time;
        debug("Transferred: stdin %lu, stdout %lu, stderr %lu bytes in %.1f seconds",
-              stdin_bytes, stdout_bytes, stderr_bytes, total_time);
+            stdin_bytes, stdout_bytes, stderr_bytes, total_time);
        if (total_time > 0)
                debug("Bytes per second: stdin %.1f, stdout %.1f, stderr %.1f",
-                      stdin_bytes / total_time, stdout_bytes / total_time,
+                    stdin_bytes / total_time, stdout_bytes / total_time,
-                      stderr_bytes / total_time);
+                    stderr_bytes / total_time);
        /* Return the exit status of the program. */
        debug("Exit status %d", exit_status);
diff --git a/compat.c b/compat.c
index 09ca4a447..3f8d1c041 100644
--- a/compat.c
+++ b/compat.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.55 2001/12/05 16:54:51 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.56 2001/12/19 07:18:56 deraadt Exp $");
 #include "packet.h"
 #include "xmalloc.h"
@@ -82,19 +82,19 @@ compat_datafellows(const char *version)
                { "2.1 *",              SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
                                        SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
                                        SSH_BUG_RSASIGMD5|SSH_BUG_HBSERVICE },
-                { "2.0.13*,"    
+                { "2.0.13*,"
-                  "2.0.14*,"    
+                  "2.0.14*,"
-                  "2.0.15*,"    
+                  "2.0.15*,"
-                  "2.0.16*,"    
+                  "2.0.16*,"
-                  "2.0.17*,"    
+                  "2.0.17*,"
-                  "2.0.18*,"    
+                  "2.0.18*,"
                  "2.0.19*",            SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
                                        SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
                                        SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
                                        SSH_BUG_PKOK|SSH_BUG_RSASIGMD5|
                                        SSH_BUG_HBSERVICE|SSH_BUG_OPENFAILURE|
                                        SSH_BUG_DUMMYCHAN },
-                { "2.0.11*,"    
+                { "2.0.11*,"
                  "2.0.12*",            SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
                                        SSH_OLD_SESSIONID|SSH_BUG_DEBUG|
                                        SSH_BUG_PKSERVICE|SSH_BUG_X11FWD|
@@ -124,7 +124,7 @@ compat_datafellows(const char *version)
                { "1.3.2*",             SSH_BUG_IGNOREMSG },    /* f-secure */
                { "*SSH Compatible Server*",                    /* Netscreen */
                                        SSH_BUG_PASSWORDPAD },
-                { "*OSU_0*,"            
+                { "*OSU_0*,"
                  "OSU_1.0*,"
                  "OSU_1.1*,"
                  "OSU_1.2*,"
diff --git a/compress.c b/compress.c
index a779af6d7..73aebe89a 100644
--- a/compress.c
+++ b/compress.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: compress.c,v 1.15 2001/09/27 11:58:16 markus Exp $");
+RCSID("$OpenBSD: compress.c,v 1.16 2001/12/19 07:18:56 deraadt Exp $");
 #include "log.h"
 #include "buffer.h"
@@ -55,13 +55,13 @@ void
 buffer_compress_uninit(void)
 {
        debug("compress outgoing: raw data %lu, compressed %lu, factor %.2f",
-              outgoing_stream.total_in, outgoing_stream.total_out,
+            outgoing_stream.total_in, outgoing_stream.total_out,
-              outgoing_stream.total_in == 0 ? 0.0 :
+            outgoing_stream.total_in == 0 ? 0.0 :
-              (double) outgoing_stream.total_out / outgoing_stream.total_in);
+            (double) outgoing_stream.total_out / outgoing_stream.total_in);
        debug("compress incoming: raw data %lu, compressed %lu, factor %.2f",
-              incoming_stream.total_out, incoming_stream.total_in,
+            incoming_stream.total_out, incoming_stream.total_in,
-              incoming_stream.total_out == 0 ? 0.0 :
+            incoming_stream.total_out == 0 ? 0.0 :
-              (double) incoming_stream.total_in / incoming_stream.total_out);
+            (double) incoming_stream.total_in / incoming_stream.total_out);
        if (compress_init_recv_called == 1)
                inflateEnd(&incoming_stream);
        if (compress_init_send_called == 1)
diff --git a/deattack.c b/deattack.c
index 96a7ebf4c..12849a32d 100644
--- a/deattack.c
+++ b/deattack.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: deattack.c,v 1.16 2001/12/05 03:56:39 itojun Exp $    */
+/*      $OpenBSD: deattack.c,v 1.17 2001/12/19 07:18:56 deraadt Exp $   */
 /*
 * Cryptographic attack detector for ssh - source code
@@ -37,7 +37,7 @@
 #define HASH_FACTOR(x)  ((x)*3/2)
 #define HASH_UNUSEDCHAR (0xff)
 #define HASH_UNUSED     (0xffff)
-#define HASH_IV         (0xfffe)
+#define HASH_IV         (0xfffe)
 #define HASH_MINBLOCKS  (7*SSH_BLOCKSIZE)
@@ -135,7 +135,7 @@ detect_attack(u_char *buf, u_int32_t len, u_char *IV)
        for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
                for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
-                     i = (i + 1) & (n - 1)) {
+                    i = (i + 1) & (n - 1)) {
                        if (h[i] == HASH_IV) {
                                if (!CMP(c, IV)) {
                                        if (check_crc(c, buf, len, IV))
diff --git a/key.c b/key.c
index 87aeefa6b..1013578e1 100644
--- a/key.c
+++ b/key.c
@@ -32,7 +32,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: key.c,v 1.35 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: key.c,v 1.36 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/evp.h>
@@ -219,7 +219,7 @@ key_fingerprint_hex(u_char* dgst_raw, size_t dgst_raw_len)
        retval = xmalloc(dgst_raw_len * 3 + 1);
        retval[0] = '\0';
-        for(i = 0; i < dgst_raw_len; i++) {
+        for (i = 0; i < dgst_raw_len; i++) {
                char hex[4];
                snprintf(hex, sizeof(hex), "%02x:", dgst_raw[i]);
                strlcat(retval, hex, dgst_raw_len * 3);
@@ -281,7 +281,7 @@ key_fingerprint(Key *k, enum fp_type dgst_type, enum fp_rep dgst_rep)
        char *retval = NULL;
        u_char *dgst_raw;
        size_t dgst_raw_len;
-        
        dgst_raw = key_fingerprint_raw(k, dgst_type, &dgst_raw_len);
        if (!dgst_raw)
                fatal("key_fingerprint: null from key_fingerprint_raw()");
@@ -641,7 +641,7 @@ key_names_valid2(const char *names)
                return 0;
        s = cp = xstrdup(names);
        for ((p = strsep(&cp, ",")); p && *p != '\0';
-             (p = strsep(&cp, ","))) {
+            (p = strsep(&cp, ","))) {
                switch (key_type_from_name(p)) {
                case KEY_RSA1:
                case KEY_UNSPEC:
diff --git a/log.c b/log.c
index 39bc8b5d7..5e45f5559 100644
--- a/log.c
+++ b/log.c
@@ -34,7 +34,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: log.c,v 1.18 2001/06/26 17:27:23 markus Exp $");
+RCSID("$OpenBSD: log.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $");
 #include "log.h"
 #include "xmalloc.h"
@@ -242,7 +242,7 @@ fatal_cleanup(void)
        for (cu = fatal_cleanups; cu; cu = next_cu) {
                next_cu = cu->next;
                debug("Calling cleanup 0x%lx(0x%lx)",
-                      (u_long) cu->proc, (u_long) cu->context);
+                    (u_long) cu->proc, (u_long) cu->context);
                (*cu->proc) (cu->context);
        }
        exit(255);
diff --git a/mac.c b/mac.c
index e8b4267c3..bb342cef4 100644
--- a/mac.c
+++ b/mac.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: mac.c,v 1.2 2001/04/05 10:42:51 markus Exp $");
+RCSID("$OpenBSD: mac.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/hmac.h>
@@ -99,7 +99,7 @@ mac_valid(const char *names)
                return (0);
        maclist = cp = xstrdup(names);
        for ((p = strsep(&cp, MAC_SEP)); p && *p != '\0';
-             (p = strsep(&cp, MAC_SEP))) {
+            (p = strsep(&cp, MAC_SEP))) {
                if (mac_init(NULL, p) < 0) {
                        debug("bad mac %s [%s]", p, names);
                        xfree(maclist);
diff --git a/match.c b/match.c
index ca4d92c40..9e56989cc 100644
--- a/match.c
+++ b/match.c
@@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: match.c,v 1.15 2001/12/05 16:54:51 markus Exp $");
+RCSID("$OpenBSD: match.c,v 1.16 2001/12/19 07:18:56 deraadt Exp $");
 #include "match.h"
 #include "xmalloc.h"
@@ -133,10 +133,10 @@ match_pattern_list(const char *string, const char *pattern, u_int len,
                 * subpattern to lowercase.
                 */
                for (subi = 0;
-                     i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
+                    i < len && subi < sizeof(sub) - 1 && pattern[i] != ',';
-                     subi++, i++)
+                    subi++, i++)
                        sub[subi] = dolower && isupper(pattern[i]) ?
-                             tolower(pattern[i]) : pattern[i];
+                            tolower(pattern[i]) : pattern[i];
                /* If subpattern too long, return failure (no match). */
                if (subi >= sizeof(sub) - 1)
                        return 0;
@@ -239,7 +239,7 @@ match_list(const char *client, const char *server, u_int *next)
        s = sp = xstrdup(server);
        for ((p = strsep(&sp, SEP)), i=0; p && *p != '\0';
-             (p = strsep(&sp, SEP)), i++) {
+            (p = strsep(&sp, SEP)), i++) {
                if (i < MAX_PROP)
                        sproposals[i] = p;
                else
@@ -248,7 +248,7 @@ match_list(const char *client, const char *server, u_int *next)
        nproposals = i;
        for ((p = strsep(&cp, SEP)), i=0; p && *p != '\0';
-             (p = strsep(&cp, SEP)), i++) {
+            (p = strsep(&cp, SEP)), i++) {
                for (j = 0; j < nproposals; j++) {
                        if (strcmp(p, sproposals[j]) == 0) {
                                ret = xstrdup(p);
diff --git a/misc.c b/misc.c
index b74ebb894..04ea7a79b 100644
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: misc.c,v 1.13 2001/12/05 10:06:12 deraadt Exp $       */
+/*      $OpenBSD: misc.c,v 1.14 2001/12/19 07:18:56 deraadt Exp $       */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -25,7 +25,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: misc.c,v 1.13 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: misc.c,v 1.14 2001/12/19 07:18:56 deraadt Exp $");
 #include "misc.h"
 #include "log.h"
@@ -298,7 +298,7 @@ addargs(arglist *args, char *fmt, ...)
        if (args->list == NULL) {
                args->nalloc = 32;
                args->num = 0;
-        } else if (args->num+2 >= args->nalloc) 
+        } else if (args->num+2 >= args->nalloc)
                args->nalloc *= 2;
        args->list = xrealloc(args->list, args->nalloc * sizeof(char *));
diff --git a/nchan.c b/nchan.c
index 2680f0a68..ae5fb4aa3 100644
--- a/nchan.c
+++ b/nchan.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: nchan.c,v 1.32 2001/10/10 22:18:47 markus Exp $");
+RCSID("$OpenBSD: nchan.c,v 1.33 2001/12/19 07:18:56 deraadt Exp $");
 #include "ssh1.h"
 #include "ssh2.h"
@@ -273,7 +273,7 @@ chan_send_oclose1(Channel *c)
                break;
        default:
                error("channel %d: cannot send oclose for ostate %d",
-                     c->self, c->ostate);
+                    c->self, c->ostate);
                break;
        }
 }
@@ -322,7 +322,7 @@ chan_ibuf_empty2(Channel *c)
        debug("channel %d: ibuf empty", c->self);
        if (buffer_len(&c->input)) {
                error("channel %d: chan_ibuf_empty for non empty buffer",
-                     c->self);
+                    c->self);
                return;
        }
        switch (c->istate) {
@@ -334,7 +334,7 @@ chan_ibuf_empty2(Channel *c)
                break;
        default:
                error("channel %d: chan_ibuf_empty for istate %d",
-                     c->self, c->istate);
+                    c->self, c->istate);
                break;
        }
 }
@@ -458,7 +458,7 @@ chan_is_dead(Channel *c, int send)
                debug2("channel %d: active efd: %d len %d type %s",
                    c->self, c->efd, buffer_len(&c->extended),
                    c->extended_usage==CHAN_EXTENDED_READ ?
-                       "read": "write");
+                    "read": "write");
        } else {
                if (!(c->flags & CHAN_CLOSE_SENT)) {
                        if (send) {
diff --git a/packet.c b/packet.c
index 32d797122..9aeda3936 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.74 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: packet.c,v 1.75 2001/12/19 07:18:56 deraadt Exp $");
 #include "xmalloc.h"
 #include "buffer.h"
@@ -380,7 +380,7 @@ packet_send1(void)
                buffer_compress(&outgoing_packet, &compression_buffer);
                buffer_clear(&outgoing_packet);
                buffer_append(&outgoing_packet, buffer_ptr(&compression_buffer),
-                              buffer_len(&compression_buffer));
+                    buffer_len(&compression_buffer));
        }
        /* Compute packet length without padding (add checksum, remove padding). */
        len = buffer_len(&outgoing_packet) + 4 - 8;
@@ -414,7 +414,7 @@ packet_send1(void)
        buffer_append(&output, buf, 4);
        buffer_append_space(&output, &cp, buffer_len(&outgoing_packet));
        cipher_encrypt(&send_context, cp, buffer_ptr(&outgoing_packet),
-                       buffer_len(&outgoing_packet));
+            buffer_len(&outgoing_packet));
 #ifdef PACKET_DEBUG
        fprintf(stderr, "encrypted: ");
@@ -1277,7 +1277,7 @@ packet_send_ignore(int nbytes)
        packet_start(compat20 ? SSH2_MSG_IGNORE : SSH_MSG_IGNORE);
        packet_put_int(nbytes);
-        for(i = 0; i < nbytes; i++) {
+        for (i = 0; i < nbytes; i++) {
                if (i % 4 == 0)
                        rand = arc4random();
                packet_put_char(rand & 0xff);
diff --git a/readconf.c b/readconf.c
index 19fcfdd3f..6db96b978 100644
--- a/readconf.c
+++ b/readconf.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.92 2001/11/17 19:14:34 stevesk Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.93 2001/12/19 07:18:56 deraadt Exp $");
 #include "ssh.h"
 #include "xmalloc.h"
@@ -115,7 +115,7 @@ typedef enum {
        oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
        oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
        oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
-        oClearAllForwardings, oNoHostAuthenticationForLocalhost 
+        oClearAllForwardings, oNoHostAuthenticationForLocalhost
 } OpCodes;
 /* Textual representations of the tokens. */
@@ -185,8 +185,8 @@ static struct {
        { "hostkeyalgorithms", oHostKeyAlgorithms },
        { "bindaddress", oBindAddress },
        { "smartcarddevice", oSmartcardDevice },
-        { "clearallforwardings", oClearAllForwardings }, 
+        { "clearallforwardings", oClearAllForwardings },
-        { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost }, 
+        { "nohostauthenticationforlocalhost", oNoHostAuthenticationForLocalhost },
        { NULL, oBadOption }
 };
@@ -225,7 +225,7 @@ add_remote_forward(Options *options, u_short port, const char *host,
        Forward *fwd;
        if (options->num_remote_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION)
                fatal("Too many remote forwards (max %d).",
-                      SSH_MAX_FORWARDS_PER_DIRECTION);
+                    SSH_MAX_FORWARDS_PER_DIRECTION);
        fwd = &options->remote_forwards[options->num_remote_forwards++];
        fwd->port = port;
        fwd->host = xstrdup(host);
@@ -394,7 +394,7 @@ parse_flag:
                arg = strdelim(&s);
                if (!arg || *arg == '\0')
                        fatal("%.200s line %d: Missing yes/no/ask argument.",
-                              filename, linenum);
+                            filename, linenum);
                value = 0;      /* To avoid compiler warning... */
                if (strcmp(arg, "yes") == 0 || strcmp(arg, "true") == 0)
                        value = 1;
@@ -436,7 +436,7 @@ parse_flag:
                        intptr = &options->num_identity_files;
                        if (*intptr >= SSH_MAX_IDENTITY_FILES)
                                fatal("%.200s line %d: Too many identity files specified (max %d).",
-                                      filename, linenum, SSH_MAX_IDENTITY_FILES);
+                                    filename, linenum, SSH_MAX_IDENTITY_FILES);
                        charptr =  &options->identity_files[*intptr];
                        *charptr = xstrdup(arg);
                        *intptr = *intptr + 1;
@@ -536,7 +536,7 @@ parse_int:
                value = cipher_number(arg);
                if (value == -1)
                        fatal("%.200s line %d: Bad cipher '%s'.",
-                              filename, linenum, arg ? arg : "<NONE>");
+                            filename, linenum, arg ? arg : "<NONE>");
                if (*activep && *intptr == -1)
                        *intptr = value;
                break;
@@ -547,7 +547,7 @@ parse_int:
                        fatal("%.200s line %d: Missing argument.", filename, linenum);
                if (!ciphers_valid(arg))
                        fatal("%.200s line %d: Bad SSH2 cipher spec '%s'.",
-                              filename, linenum, arg ? arg : "<NONE>");
+                            filename, linenum, arg ? arg : "<NONE>");
                if (*activep && options->ciphers == NULL)
                        options->ciphers = xstrdup(arg);
                break;
@@ -558,7 +558,7 @@ parse_int:
                        fatal("%.200s line %d: Missing argument.", filename, linenum);
                if (!mac_valid(arg))
                        fatal("%.200s line %d: Bad SSH2 Mac spec '%s'.",
-                              filename, linenum, arg ? arg : "<NONE>");
+                            filename, linenum, arg ? arg : "<NONE>");
                if (*activep && options->macs == NULL)
                        options->macs = xstrdup(arg);
                break;
@@ -569,7 +569,7 @@ parse_int:
                        fatal("%.200s line %d: Missing argument.", filename, linenum);
                if (!key_names_valid2(arg))
                        fatal("%.200s line %d: Bad protocol 2 host key algorithms '%s'.",
-                              filename, linenum, arg ? arg : "<NONE>");
+                            filename, linenum, arg ? arg : "<NONE>");
                if (*activep && options->hostkeyalgorithms == NULL)
                        options->hostkeyalgorithms = xstrdup(arg);
                break;
@@ -582,7 +582,7 @@ parse_int:
                value = proto_spec(arg);
                if (value == SSH_PROTO_UNKNOWN)
                        fatal("%.200s line %d: Bad protocol spec '%s'.",
-                              filename, linenum, arg ? arg : "<NONE>");
+                            filename, linenum, arg ? arg : "<NONE>");
                if (*activep && *intptr == SSH_PROTO_UNKNOWN)
                        *intptr = value;
                break;
@@ -593,7 +593,7 @@ parse_int:
                value = log_level_number(arg);
                if (value == (LogLevel) - 1)
                        fatal("%.200s line %d: unsupported log level '%s'",
-                              filename, linenum, arg ? arg : "<NONE>");
+                            filename, linenum, arg ? arg : "<NONE>");
                if (*activep && (LogLevel) * intptr == -1)
                        *intptr = (LogLevel) value;
                break;
@@ -670,7 +670,7 @@ parse_int:
                        value = SSH_ESCAPECHAR_NONE;
                else {
                        fatal("%.200s line %d: Bad escape character.",
-                              filename, linenum);
+                            filename, linenum);
                        /* NOTREACHED */
                        value = 0;      /* Avoid compiler warning. */
                }
@@ -685,7 +685,7 @@ parse_int:
        /* Check that there is no garbage at end of line. */
        if ((arg = strdelim(&s)) != NULL && *arg != '\0') {
                fatal("%.200s line %d: garbage at end of line; \"%.200s\".",
-                      filename, linenum, arg);
+                     filename, linenum, arg);
        }
        return 0;
 }
@@ -727,7 +727,7 @@ read_config_file(const char *filename, const char *host, Options *options)
        fclose(f);
        if (bad_options > 0)
                fatal("%s: terminating, %d bad configuration options",
-                      filename, bad_options);
+                    filename, bad_options);
        return 1;
 }
diff --git a/rijndael.c b/rijndael.c
index f28a9c669..c8ba55e78 100644
--- a/rijndael.c
+++ b/rijndael.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: rijndael.c,v 1.12 2001/09/13 09:48:39 markus Exp $ */
+/*      $OpenBSD: rijndael.c,v 1.13 2001/12/19 07:18:56 deraadt Exp $ */
 /**
 * rijndael-alg-fst.c
@@ -775,32 +775,31 @@ static int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int
        rk[6] = GETU32(cipherKey + 24);
        rk[7] = GETU32(cipherKey + 28);
        if (keyBits == 256) {
-        for (;;) {
+                for (;;) {
-                temp = rk[ 7];
+                        temp = rk[ 7];
-                rk[ 8] = rk[ 0] ^
+                        rk[ 8] = rk[ 0] ^
-                        (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+                                (Te4[(temp >> 16) & 0xff] & 0xff000000) ^
-                        (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                                (Te4[(temp >>  8) & 0xff] & 0x00ff0000) ^
-                        (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
+                                (Te4[(temp      ) & 0xff] & 0x0000ff00) ^
-                        (Te4[(temp >> 24)       ] & 0x000000ff) ^
+                                (Te4[(temp >> 24)       ] & 0x000000ff) ^
-                        rcon[i];
+                                rcon[i];
-                rk[ 9] = rk[ 1] ^ rk[ 8];
+                        rk[ 9] = rk[ 1] ^ rk[ 8];
-                rk[10] = rk[ 2] ^ rk[ 9];
+                        rk[10] = rk[ 2] ^ rk[ 9];
-                rk[11] = rk[ 3] ^ rk[10];
+                        rk[11] = rk[ 3] ^ rk[10];
-                        if (++i == 7) {
+                                if (++i == 7) {
-                                return 14;
+                                        return 14;
-                        }
+                                }
-                temp = rk[11];
+                        temp = rk[11];
-                rk[12] = rk[ 4] ^
+                        rk[12] = rk[ 4] ^
-                        (Te4[(temp >> 24)       ] & 0xff000000) ^
+                                (Te4[(temp >> 24)       ] & 0xff000000) ^
-                        (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                                (Te4[(temp >> 16) & 0xff] & 0x00ff0000) ^
-                        (Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                                (Te4[(temp >>  8) & 0xff] & 0x0000ff00) ^
-                        (Te4[(temp      ) & 0xff] & 0x000000ff);
+                                (Te4[(temp      ) & 0xff] & 0x000000ff);
-                rk[13] = rk[ 5] ^ rk[12];
+                        rk[13] = rk[ 5] ^ rk[12];
-                rk[14] = rk[ 6] ^ rk[13];
+                        rk[14] = rk[ 6] ^ rk[13];
-                rk[15] = rk[ 7] ^ rk[14];
+                        rk[15] = rk[ 7] ^ rk[14];
                        rk += 8;
-        }
+                }
        }
        return 0;
 }
@@ -917,28 +916,28 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16
        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
    if (Nr > 10) {
-        /* round 10: */
+        /* round 10: */
-        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
-        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
-        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
-        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
-        /* round 11: */
+        /* round 11: */
-        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
-        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
-        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
-        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
-        if (Nr > 12) {
+        if (Nr > 12) {
-            /* round 12: */
+            /* round 12: */
-            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
-            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
-            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
-            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
-            /* round 13: */
+            /* round 13: */
-            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
-            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
-            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
-            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
-        }
+        }
    }
    rk += Nr << 2;
 #else  /* !FULL_UNROLL */
@@ -947,60 +946,60 @@ static void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16
         */
    r = Nr >> 1;
    for (;;) {
-        t0 =
+        t0 =
-            Te0[(s0 >> 24)       ] ^
+            Te0[(s0 >> 24)       ] ^
-            Te1[(s1 >> 16) & 0xff] ^
+            Te1[(s1 >> 16) & 0xff] ^
-            Te2[(s2 >>  8) & 0xff] ^
+            Te2[(s2 >>  8) & 0xff] ^
-            Te3[(s3      ) & 0xff] ^
+            Te3[(s3      ) & 0xff] ^
-            rk[4];
+            rk[4];
-        t1 =
+        t1 =
-            Te0[(s1 >> 24)       ] ^
+            Te0[(s1 >> 24)       ] ^
-            Te1[(s2 >> 16) & 0xff] ^
+            Te1[(s2 >> 16) & 0xff] ^
-            Te2[(s3 >>  8) & 0xff] ^
+            Te2[(s3 >>  8) & 0xff] ^
-            Te3[(s0      ) & 0xff] ^
+            Te3[(s0      ) & 0xff] ^
-            rk[5];
+            rk[5];
-        t2 =
+        t2 =
-            Te0[(s2 >> 24)       ] ^
+            Te0[(s2 >> 24)       ] ^
-            Te1[(s3 >> 16) & 0xff] ^
+            Te1[(s3 >> 16) & 0xff] ^
-            Te2[(s0 >>  8) & 0xff] ^
+            Te2[(s0 >>  8) & 0xff] ^
-            Te3[(s1      ) & 0xff] ^
+            Te3[(s1      ) & 0xff] ^
-            rk[6];
+            rk[6];
-        t3 =
+        t3 =
-            Te0[(s3 >> 24)       ] ^
+            Te0[(s3 >> 24)       ] ^
-            Te1[(s0 >> 16) & 0xff] ^
+            Te1[(s0 >> 16) & 0xff] ^
-            Te2[(s1 >>  8) & 0xff] ^
+            Te2[(s1 >>  8) & 0xff] ^
-            Te3[(s2      ) & 0xff] ^
+            Te3[(s2      ) & 0xff] ^
-            rk[7];
+            rk[7];
-        rk += 8;
+        rk += 8;
-        if (--r == 0) {
+        if (--r == 0) {
-            break;
+            break;
-        }
+        }
-        s0 =
+        s0 =
-            Te0[(t0 >> 24)       ] ^
+            Te0[(t0 >> 24)       ] ^
-            Te1[(t1 >> 16) & 0xff] ^
+            Te1[(t1 >> 16) & 0xff] ^
-            Te2[(t2 >>  8) & 0xff] ^
+            Te2[(t2 >>  8) & 0xff] ^
-            Te3[(t3      ) & 0xff] ^
+            Te3[(t3      ) & 0xff] ^
-            rk[0];
+            rk[0];
-        s1 =
+        s1 =
-            Te0[(t1 >> 24)       ] ^
+            Te0[(t1 >> 24)       ] ^
-            Te1[(t2 >> 16) & 0xff] ^
+            Te1[(t2 >> 16) & 0xff] ^
-            Te2[(t3 >>  8) & 0xff] ^
+            Te2[(t3 >>  8) & 0xff] ^
-            Te3[(t0      ) & 0xff] ^
+            Te3[(t0      ) & 0xff] ^
-            rk[1];
+            rk[1];
-        s2 =
+        s2 =
-            Te0[(t2 >> 24)       ] ^
+            Te0[(t2 >> 24)       ] ^
-            Te1[(t3 >> 16) & 0xff] ^
+            Te1[(t3 >> 16) & 0xff] ^
-            Te2[(t0 >>  8) & 0xff] ^
+            Te2[(t0 >>  8) & 0xff] ^
-            Te3[(t1      ) & 0xff] ^
+            Te3[(t1      ) & 0xff] ^
-            rk[2];
+            rk[2];
-        s3 =
+        s3 =
-            Te0[(t3 >> 24)       ] ^
+            Te0[(t3 >> 24)       ] ^
-            Te1[(t0 >> 16) & 0xff] ^
+            Te1[(t0 >> 16) & 0xff] ^
-            Te2[(t1 >>  8) & 0xff] ^
+            Te2[(t1 >>  8) & 0xff] ^
-            Te3[(t2      ) & 0xff] ^
+            Te3[(t2      ) & 0xff] ^
-            rk[3];
+            rk[3];
    }
 #endif /* ?FULL_UNROLL */
    /*
@@ -1098,28 +1097,28 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16
    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
    if (Nr > 10) {
-        /* round 10: */
+        /* round 10: */
-        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
-        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
-        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
-        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
-        /* round 11: */
+        /* round 11: */
-        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
-        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
-        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
-        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
-        if (Nr > 12) {
+        if (Nr > 12) {
-            /* round 12: */
+            /* round 12: */
-            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
-            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
-            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
-            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
-            /* round 13: */
+            /* round 13: */
-            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
-            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
-            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
-            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
-        }
+        }
    }
        rk += Nr << 2;
 #else  /* !FULL_UNROLL */
@@ -1128,60 +1127,60 @@ static void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16
     */
    r = Nr >> 1;
    for (;;) {
-        t0 =
+        t0 =
-            Td0[(s0 >> 24)       ] ^
+            Td0[(s0 >> 24)       ] ^
-            Td1[(s3 >> 16) & 0xff] ^
+            Td1[(s3 >> 16) & 0xff] ^
-            Td2[(s2 >>  8) & 0xff] ^
+            Td2[(s2 >>  8) & 0xff] ^
-            Td3[(s1      ) & 0xff] ^
+            Td3[(s1      ) & 0xff] ^
-            rk[4];
+            rk[4];
-        t1 =
+        t1 =
-            Td0[(s1 >> 24)       ] ^
+            Td0[(s1 >> 24)       ] ^
-            Td1[(s0 >> 16) & 0xff] ^
+            Td1[(s0 >> 16) & 0xff] ^
-            Td2[(s3 >>  8) & 0xff] ^
+            Td2[(s3 >>  8) & 0xff] ^
-            Td3[(s2      ) & 0xff] ^
+            Td3[(s2      ) & 0xff] ^
-            rk[5];
+            rk[5];
-        t2 =
+        t2 =
-            Td0[(s2 >> 24)       ] ^
+            Td0[(s2 >> 24)       ] ^
-            Td1[(s1 >> 16) & 0xff] ^
+            Td1[(s1 >> 16) & 0xff] ^
-            Td2[(s0 >>  8) & 0xff] ^
+            Td2[(s0 >>  8) & 0xff] ^
-            Td3[(s3      ) & 0xff] ^
+            Td3[(s3      ) & 0xff] ^
-            rk[6];
+            rk[6];
-        t3 =
+        t3 =
-            Td0[(s3 >> 24)       ] ^
+            Td0[(s3 >> 24)       ] ^
-            Td1[(s2 >> 16) & 0xff] ^
+            Td1[(s2 >> 16) & 0xff] ^
-            Td2[(s1 >>  8) & 0xff] ^
+            Td2[(s1 >>  8) & 0xff] ^
-            Td3[(s0      ) & 0xff] ^
+            Td3[(s0      ) & 0xff] ^
-            rk[7];
+            rk[7];
-        rk += 8;
+        rk += 8;
-        if (--r == 0) {
+        if (--r == 0) {
-            break;
+            break;
-        }
+        }
-        s0 =
+        s0 =
-            Td0[(t0 >> 24)       ] ^
+            Td0[(t0 >> 24)       ] ^
-            Td1[(t3 >> 16) & 0xff] ^
+            Td1[(t3 >> 16) & 0xff] ^
-            Td2[(t2 >>  8) & 0xff] ^
+            Td2[(t2 >>  8) & 0xff] ^
-            Td3[(t1      ) & 0xff] ^
+            Td3[(t1      ) & 0xff] ^
-            rk[0];
+            rk[0];
-        s1 =
+        s1 =
-            Td0[(t1 >> 24)       ] ^
+            Td0[(t1 >> 24)       ] ^
-            Td1[(t0 >> 16) & 0xff] ^
+            Td1[(t0 >> 16) & 0xff] ^
-            Td2[(t3 >>  8) & 0xff] ^
+            Td2[(t3 >>  8) & 0xff] ^
-            Td3[(t2      ) & 0xff] ^
+            Td3[(t2      ) & 0xff] ^
-            rk[1];
+            rk[1];
-        s2 =
+        s2 =
-            Td0[(t2 >> 24)       ] ^
+            Td0[(t2 >> 24)       ] ^
-            Td1[(t1 >> 16) & 0xff] ^
+            Td1[(t1 >> 16) & 0xff] ^
-            Td2[(t0 >>  8) & 0xff] ^
+            Td2[(t0 >>  8) & 0xff] ^
-            Td3[(t3      ) & 0xff] ^
+            Td3[(t3      ) & 0xff] ^
-            rk[2];
+            rk[2];
-        s3 =
+        s3 =
-            Td0[(t3 >> 24)       ] ^
+            Td0[(t3 >> 24)       ] ^
-            Td1[(t2 >> 16) & 0xff] ^
+            Td1[(t2 >> 16) & 0xff] ^
-            Td2[(t1 >>  8) & 0xff] ^
+            Td2[(t1 >>  8) & 0xff] ^
-            Td3[(t0      ) & 0xff] ^
+            Td3[(t0      ) & 0xff] ^
-            rk[3];
+            rk[3];
    }
 #endif /* ?FULL_UNROLL */
    /*
@@ -1222,13 +1221,13 @@ void
 rijndael_set_key(rijndael_ctx *ctx, u_char *key, int bits, int encrypt)
 {
        ctx->Nr = rijndaelKeySetupEnc(ctx->ek, key, bits);
-        if (encrypt) {
+        if (encrypt) {
                ctx->decrypt = 0;
                memset(ctx->dk, 0, sizeof(ctx->dk));
        } else {
                ctx->decrypt = 1;
                memcpy(ctx->dk, ctx->ek, sizeof(ctx->ek));
-                rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
+                rijndaelKeySetupDec(ctx->dk, key, bits, ctx->Nr);
        }
 }
diff --git a/rijndael.h b/rijndael.h
index 18a4d805e..c614bb188 100644
--- a/rijndael.h
+++ b/rijndael.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: rijndael.h,v 1.11 2001/09/13 09:48:39 markus Exp $ */
+/*      $OpenBSD: rijndael.h,v 1.12 2001/12/19 07:18:56 deraadt Exp $ */
 /**
 * rijndael-alg-fst.h
@@ -32,8 +32,8 @@
 #define MAXKB   (256/8)
 #define MAXNR   14
-typedef unsigned char   u8;     
+typedef unsigned char   u8;
-typedef unsigned short  u16;    
+typedef unsigned short  u16;
 typedef unsigned int    u32;
 /*  The structure for key information */
diff --git a/scard.c b/scard.c
index 251e5d30a..19d0e2a4c 100644
--- a/scard.c
+++ b/scard.c
@@ -24,7 +24,7 @@
 #include "includes.h"
 #ifdef SMARTCARD
-RCSID("$OpenBSD: scard.c,v 1.15 2001/09/28 09:49:31 djm Exp $");
+RCSID("$OpenBSD: scard.c,v 1.16 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/engine.h>
 #include <sectok.h>
@@ -48,7 +48,7 @@ static int cla = 0x00;	/* class */
 /* interface to libsectok */
-static int 
+static int
 sc_open(void)
 {
        int sw;
@@ -79,7 +79,7 @@ sc_open(void)
        return sc_fd;
 }
-static int 
+static int
 sc_enable_applet(void)
 {
        static u_char aid[] = {0xfc, 0x53, 0x73, 0x68, 0x2e, 0x62, 0x69, 0x6e};
@@ -95,7 +95,7 @@ sc_enable_applet(void)
        return 0;
 }
-static int 
+static int
 sc_init(void)
 {
        int status;
@@ -115,7 +115,7 @@ sc_init(void)
        return 0;
 }
-static int 
+static int
 sc_read_pubkey(Key * k)
 {
        u_char buf[2], *n;
@@ -133,7 +133,7 @@ sc_read_pubkey(Key * k)
        /* get key size */
        sectok_apdu(sc_fd, CLA_SSH, INS_GET_KEYLENGTH, 0, 0, 0, NULL,
-             sizeof(buf), buf, &sw);
+            sizeof(buf), buf, &sw);
        if (!sectok_swOK(sw)) {
                error("could not obtain key length: %s", sectok_get_sw(sw));
                goto err;
@@ -204,7 +204,7 @@ sc_private_decrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
                goto err;
        }
        sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
-             len, padded, &sw);
+            len, padded, &sw);
        if (!sectok_swOK(sw)) {
                error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
                    sectok_get_sw(sw));
@@ -249,7 +249,7 @@ sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding)
                goto err;
        }
        sectok_apdu(sc_fd, CLA_SSH, INS_GET_RESPONSE, 0, 0, 0, NULL,
-             len, to, &sw);
+            len, to, &sw);
        if (!sectok_swOK(sw)) {
                error("sc_private_decrypt: INS_GET_RESPONSE failed: %s",
                    sectok_get_sw(sw));
diff --git a/servconf.c b/servconf.c
index 0f0a7396b..76a80499d 100644
--- a/servconf.c
+++ b/servconf.c
@@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.94 2001/12/06 13:30:05 markus Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.95 2001/12/19 07:18:56 deraadt Exp $");
 #if defined(KRB4) || defined(KRB5)
 #include <krb.h>
@@ -190,7 +190,7 @@ fill_default_server_options(ServerOptions *options)
        if (options->kerberos_tgt_passing == -1)
                options->kerberos_tgt_passing = 0;
 #endif
-#ifdef AFS      
+#ifdef AFS
        if (options->afs_token_passing == -1)
                options->afs_token_passing = k_hasafs();
 #endif
@@ -217,7 +217,7 @@ fill_default_server_options(ServerOptions *options)
        if (options->reverse_mapping_check == -1)
                options->reverse_mapping_check = 0;
        if (options->client_alive_interval == -1)
-                options->client_alive_interval = 0;  
+                options->client_alive_interval = 0;
        if (options->client_alive_count_max == -1)
                options->client_alive_count_max = 3;
        if (options->authorized_keys_file2 == NULL) {
@@ -259,7 +259,7 @@ typedef enum {
        sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
        sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups,
        sBanner, sReverseMappingCheck, sHostbasedAuthentication,
-        sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, 
+        sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
        sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
        sDeprecated
 } ServerOpCodes;
@@ -772,7 +772,7 @@ parse_flag:
                value = proto_spec(arg);
                if (value == SSH_PROTO_UNKNOWN)
                        fatal("%s line %d: Bad protocol spec '%s'.",
-                              filename, linenum, arg ? arg : "<NONE>");
+                            filename, linenum, arg ? arg : "<NONE>");
                if (*intptr == SSH_PROTO_UNKNOWN)
                        *intptr = value;
                break;
@@ -780,21 +780,21 @@ parse_flag:
        case sSubsystem:
                if (options->num_subsystems >= MAX_SUBSYSTEMS) {
                        fatal("%s line %d: too many subsystems defined.",
-                              filename, linenum);
+                            filename, linenum);
                }
                arg = strdelim(&cp);
                if (!arg || *arg == '\0')
                        fatal("%s line %d: Missing subsystem name.",
-                              filename, linenum);
+                            filename, linenum);
                for (i = 0; i < options->num_subsystems; i++)
                        if (strcmp(arg, options->subsystem_name[i]) == 0)
                                fatal("%s line %d: Subsystem '%s' already defined.",
-                                      filename, linenum, arg);
+                                    filename, linenum, arg);
                options->subsystem_name[options->num_subsystems] = xstrdup(arg);
                arg = strdelim(&cp);
                if (!arg || *arg == '\0')
                        fatal("%s line %d: Missing subsystem command.",
-                              filename, linenum);
+                            filename, linenum);
                options->subsystem_command[options->num_subsystems] = xstrdup(arg);
                options->num_subsystems++;
                break;
@@ -803,7 +803,7 @@ parse_flag:
                arg = strdelim(&cp);
                if (!arg || *arg == '\0')
                        fatal("%s line %d: Missing MaxStartups spec.",
-                              filename, linenum);
+                            filename, linenum);
                if ((n = sscanf(arg, "%d:%d:%d",
                    &options->max_startups_begin,
                    &options->max_startups_rate,
diff --git a/servconf.h b/servconf.h
index 90ecbc70e..943c7ef56 100644
--- a/servconf.h
+++ b/servconf.h
@@ -11,7 +11,7 @@
 * called by a name other than "ssh" or "Secure Shell".
 */
-/* RCSID("$OpenBSD: servconf.h,v 1.50 2001/12/06 13:30:05 markus Exp $"); */
+/* RCSID("$OpenBSD: servconf.h,v 1.51 2001/12/19 07:18:56 deraadt Exp $"); */
 #ifndef SERVCONF_H
 #define SERVCONF_H
@@ -117,13 +117,13 @@ typedef struct {
        char   *banner;                 /* SSH-2 banner message */
        int     reverse_mapping_check;  /* cross-check ip and dns */
        int     client_alive_interval;  /*
-                                         * poke the client this often to 
+                                         * poke the client this often to
-                                         * see if it's still there 
+                                         * see if it's still there
                                         */
        int     client_alive_count_max; /*
                                         * If the client is unresponsive
                                         * for this many intervals above,
-                                         * disconnect the session 
+                                         * disconnect the session
                                         */
        char   *authorized_keys_file;   /* File containing public keys */
diff --git a/serverloop.c b/serverloop.c
index fd051070d..1fa1f5800 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: serverloop.c,v 1.85 2001/12/05 03:50:01 itojun Exp $");
+RCSID("$OpenBSD: serverloop.c,v 1.86 2001/12/19 07:18:56 deraadt Exp $");
 #include "xmalloc.h"
 #include "packet.h"
@@ -195,12 +195,12 @@ wait_until_can_do_something(fd_set **readsetp, fd_set **writesetp, int *maxfdp,
        int client_alive_scheduled = 0;
        /*
-         * if using client_alive, set the max timeout accordingly, 
+         * if using client_alive, set the max timeout accordingly,
         * and indicate that this particular timeout was for client
         * alive by setting the client_alive_scheduled flag.
         *
         * this could be randomized somewhat to make traffic
-         * analysis more difficult, but we're not doing it yet.  
+         * analysis more difficult, but we're not doing it yet.
         */
        if (compat20 &&
            max_time_milliseconds == 0 && options.client_alive_interval) {
@@ -598,7 +598,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg)
        drain_output();
        debug("End of interactive session; stdin %ld, stdout (read %ld, sent %ld), stderr %ld bytes.",
-              stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
+            stdin_bytes, fdout_bytes, stdout_bytes, stderr_bytes);
        /* Free and clear the buffers. */
        buffer_free(&stdin_buffer);
@@ -738,12 +738,12 @@ static void
 server_input_channel_failure(int type, int plen, void *ctxt)
 {
        debug("Got CHANNEL_FAILURE for keepalive");
-        /* 
+        /*
         * reset timeout, since we got a sane answer from the client.
         * even if this was generated by something other than
         * the bogus CHANNEL_REQUEST we send for keepalives.
         */
-        client_alive_timeouts = 0; 
+        client_alive_timeouts = 0;
 }
diff --git a/session.c b/session.c
index cc3fb0448..8850f8124 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.111 2001/12/06 18:09:23 stevesk Exp $");
+RCSID("$OpenBSD: session.c,v 1.112 2001/12/19 07:18:56 deraadt Exp $");
 #include "ssh.h"
 #include "ssh1.h"
@@ -258,7 +258,7 @@ do_authenticated1(Authctxt *authctxt)
                        compression_level = packet_get_int();
                        if (compression_level < 1 || compression_level > 9) {
                                packet_send_debug("Received illegal compression level %d.",
-                                     compression_level);
+                                    compression_level);
                                break;
                        }
                        /* Enable compression after we have responded with SUCCESS. */
@@ -323,7 +323,7 @@ do_authenticated1(Authctxt *authctxt)
                        if (packet_set_maxsize(packet_get_int()) > 0)
                                success = 1;
                        break;
-                        
 #if defined(AFS) || defined(KRB5)
                case SSH_CMSG_HAVE_KERBEROS_TGT:
                        if (!options.kerberos_tgt_passing) {
@@ -331,14 +331,14 @@ do_authenticated1(Authctxt *authctxt)
                        } else {
                                char *kdata = packet_get_string(&dlen);
                                packet_integrity_check(plen, 4 + dlen, type);
-                                
                                /* XXX - 0x41, see creds_to_radix version */
                                if (kdata[0] != 0x41) {
 #ifdef KRB5
                                        krb5_data tgt;
                                        tgt.data = kdata;
                                        tgt.length = dlen;
-                                        
                                        if (auth_krb5_tgt(s->authctxt, &tgt))
                                                success = 1;
                                        else
@@ -356,7 +356,7 @@ do_authenticated1(Authctxt *authctxt)
                        }
                        break;
 #endif /* AFS || KRB5 */
-                        
 #ifdef AFS
                case SSH_CMSG_HAVE_AFS_TOKEN:
                        if (!options.afs_token_passing || !k_hasafs()) {
@@ -365,7 +365,7 @@ do_authenticated1(Authctxt *authctxt)
                                /* Accept AFS token. */
                                char *token = packet_get_string(&dlen);
                                packet_integrity_check(plen, 4 + dlen, type);
-                                
                                if (auth_afs_token(s->authctxt, token))
                                        success = 1;
                                else
@@ -649,7 +649,7 @@ do_pre_login(Session *s)
        if (packet_connection_is_on_socket()) {
                fromlen = sizeof(from);
                if (getpeername(packet_get_connection_in(),
-                     (struct sockaddr *) & from, &fromlen) < 0) {
+                    (struct sockaddr *) & from, &fromlen) < 0) {
                        debug("getpeername: %.100s", strerror(errno));
                        fatal_cleanup();
                }
@@ -811,7 +811,7 @@ check_quietlogin(Session *s, const char *command)
 */
 static void
 child_set_env(char ***envp, u_int *envsizep, const char *name,
-              const char *value)
+        const char *value)
 {
        u_int i, namelen;
        char **env;
@@ -852,7 +852,7 @@ child_set_env(char ***envp, u_int *envsizep, const char *name,
 */
 static void
 read_environment_file(char ***env, u_int *envsize,
-                      const char *filename)
+        const char *filename)
 {
        FILE *f;
        char buf[4096];
@@ -1304,7 +1304,7 @@ do_child(Session *s, const char *command)
        if (auth_get_socket_name() != NULL)
                child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
-                              auth_get_socket_name());
+                    auth_get_socket_name());
        /* read $HOME/.ssh/environment. */
        if (!options.use_login) {
@@ -1367,10 +1367,10 @@ do_child(Session *s, const char *command)
        /* Try to get AFS tokens for the local cell. */
        if (k_hasafs()) {
                char cell[64];
-                
                if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
                        krb_afslog(cell, 0);
-                
                krb_afslog(0, 0);
        }
 #endif /* AFS */
@@ -1487,9 +1487,9 @@ do_child(Session *s, const char *command)
                        execl(LOGIN_PROGRAM, "login", "-h", hostname,
 #ifdef LOGIN_NEEDS_TERM
-                             s->term? s->term : "unknown",
+                            s->term? s->term : "unknown",
 #endif
-                             "-p", "-f", "--", pw->pw_name, (char *)NULL);
+                            "-p", "-f", "--", pw->pw_name, (char *)NULL);
                        /* Login couldn't be executed, die. */
@@ -1517,12 +1517,12 @@ session_new(void)
        static int did_init = 0;
        if (!did_init) {
                debug("session_new: init");
-                for(i = 0; i < MAX_SESSIONS; i++) {
+                for (i = 0; i < MAX_SESSIONS; i++) {
                        sessions[i].used = 0;
                }
                did_init = 1;
        }
-        for(i = 0; i < MAX_SESSIONS; i++) {
+        for (i = 0; i < MAX_SESSIONS; i++) {
                Session *s = &sessions[i];
                if (! s->used) {
                        memset(s, 0, sizeof(*s));
@@ -1542,7 +1542,7 @@ static void
 session_dump(void)
 {
        int i;
-        for(i = 0; i < MAX_SESSIONS; i++) {
+        for (i = 0; i < MAX_SESSIONS; i++) {
                Session *s = &sessions[i];
                debug("dump: used %d session %d %p channel %d pid %d",
                    s->used,
@@ -1575,7 +1575,7 @@ static Session *
 session_by_channel(int id)
 {
        int i;
-        for(i = 0; i < MAX_SESSIONS; i++) {
+        for (i = 0; i < MAX_SESSIONS; i++) {
                Session *s = &sessions[i];
                if (s->used && s->chanid == id) {
                        debug("session_by_channel: session %d channel %d", i, id);
@@ -1592,7 +1592,7 @@ session_by_pid(pid_t pid)
 {
        int i;
        debug("session_by_pid: pid %d", pid);
-        for(i = 0; i < MAX_SESSIONS; i++) {
+        for (i = 0; i < MAX_SESSIONS; i++) {
                Session *s = &sessions[i];
                if (s->used && s->pid == pid)
                        return s;
@@ -2001,9 +2001,9 @@ void
 session_destroy_all(void)
 {
        int i;
-        for(i = 0; i < MAX_SESSIONS; i++) {
+        for (i = 0; i < MAX_SESSIONS; i++) {
                Session *s = &sessions[i];
-                if (s->used) 
+                if (s->used)
                        session_close(s);
        }
 }
@@ -2014,7 +2014,7 @@ session_tty_list(void)
        static char buf[1024];
        int i;
        buf[0] = '\0';
-        for(i = 0; i < MAX_SESSIONS; i++) {
+        for (i = 0; i < MAX_SESSIONS; i++) {
                Session *s = &sessions[i];
                if (s->used && s->ttyfd != -1) {
                        if (buf[0] != '\0')
diff --git a/sftp-client.c b/sftp-client.c
index 4f2a1e280..ca5a48597 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -29,7 +29,7 @@
 /* XXX: copy between two remote sites */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-client.c,v 1.18 2001/07/14 15:10:16 stevesk Exp $");
+RCSID("$OpenBSD: sftp-client.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $");
 #include "buffer.h"
 #include "bufaux.h"
@@ -308,9 +308,8 @@ do_lsreaddir(int fd_in, int fd_out, char *path, int printflag,
                *dir = xmalloc(sizeof(**dir));
                (*dir)[0] = NULL;
        }
-        
-        for(;;) {
+        for (;;) {
                int count;
                id = expected_id = msg_id++;
@@ -356,7 +355,7 @@ do_lsreaddir(int fd_in, int fd_out, char *path, int printflag,
                if (count == 0)
                        break;
                debug3("Received %d SSH2_FXP_NAME responses", count);
-                for(i = 0; i < count; i++) {
+                for (i = 0; i < count; i++) {
                        char *filename, *longname;
                        Attrib *a;
@@ -404,8 +403,8 @@ do_readdir(int fd_in, int fd_out, char *path, SFTP_DIRENT ***dir)
 void free_sftp_dirents(SFTP_DIRENT **s)
 {
        int i;
-        
-        for(i = 0; s[i]; i++) {
+        for (i = 0; s[i]; i++) {
                xfree(s[i]->filename);
                xfree(s[i]->longname);
                xfree(s[i]);
@@ -726,7 +725,7 @@ do_download(int fd_in, int fd_out, char *remote_path, char *local_path,
        /* Read from remote and write to local */
        offset = 0;
-        for(;;) {
+        for (;;) {
                u_int len;
                char *data;
@@ -758,7 +757,7 @@ do_download(int fd_in, int fd_out, char *remote_path, char *local_path,
                        else {
                                error("Couldn't read from remote "
                                    "file \"%s\" : %s", remote_path,
-                                     fx2txt(status));
+                                    fx2txt(status));
                                do_close(fd_in, fd_out, handle, handle_len);
                                goto done;
                        }
@@ -868,7 +867,7 @@ do_upload(int fd_in, int fd_out, char *local_path, char *remote_path,
        /* Read from local and write to remote */
        offset = 0;
-        for(;;) {
+        for (;;) {
                int len;
                char data[COPY_SIZE];
diff --git a/sftp-glob.c b/sftp-glob.c
index a432bdfc2..849ac65ed 100644
--- a/sftp-glob.c
+++ b/sftp-glob.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-glob.c,v 1.8 2001/07/14 15:10:17 stevesk Exp $");
+RCSID("$OpenBSD: sftp-glob.c,v 1.9 2001/12/19 07:18:56 deraadt Exp $");
 #include "buffer.h"
 #include "bufaux.h"
@@ -49,9 +49,9 @@ static void *
 fudge_opendir(const char *path)
 {
        struct SFTP_OPENDIR *r;
-        
        r = xmalloc(sizeof(*r));
-        
        if (do_readdir(cur.fd_in, cur.fd_out, (char*)path, &r->dir))
                return(NULL);
@@ -110,7 +110,7 @@ static void
 attrib_to_stat(Attrib *a, struct stat *st)
 {
        memset(st, 0, sizeof(*st));
-        
        if (a->flags & SSH2_FILEXFER_ATTR_SIZE)
                st->st_size = a->size;
        if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
@@ -129,12 +129,12 @@ static int
 fudge_lstat(const char *path, struct stat *st)
 {
        Attrib *a;
-        
        if (!(a = do_lstat(cur.fd_in, cur.fd_out, (char*)path, 0)))
                return(-1);
-        
        attrib_to_stat(a, st);
-        
        return(0);
 }
@@ -142,12 +142,12 @@ static int
 fudge_stat(const char *path, struct stat *st)
 {
        Attrib *a;
-        
        if (!(a = do_stat(cur.fd_in, cur.fd_out, (char*)path, 0)))
                return(-1);
-        
        attrib_to_stat(a, st);
-        
        return(0);
 }
@@ -160,7 +160,7 @@ remote_glob(int fd_in, int fd_out, const char *pattern, int flags,
        pglob->gl_closedir = (void (*)(void *))fudge_closedir;
        pglob->gl_lstat = fudge_lstat;
        pglob->gl_stat = fudge_stat;
-        
        memset(&cur, 0, sizeof(cur));
        cur.fd_in = fd_in;
        cur.fd_out = fd_out;
diff --git a/sftp-int.c b/sftp-int.c
index 841e562e1..d8eec3f3d 100644
--- a/sftp-int.c
+++ b/sftp-int.c
@@ -26,7 +26,7 @@
 /* XXX: recursive operations */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-int.c,v 1.40 2001/08/14 09:23:02 markus Exp $");
+RCSID("$OpenBSD: sftp-int.c,v 1.41 2001/12/19 07:18:56 deraadt Exp $");
 #include "buffer.h"
 #include "xmalloc.h"
@@ -205,7 +205,7 @@ path_append(char *p1, char *p2)
        ret = xmalloc(len);
        strlcpy(ret, p1, len);
-        if (strcmp(p1, "/") != 0) 
+        if (strcmp(p1, "/") != 0)
                strlcat(ret, "/", len);
        strlcat(ret, p2, len);
@@ -393,7 +393,7 @@ process_get(int in, int out, char *src, char *dst, char *pwd, int pflag)
                goto out;
        }
-        for(i = 0; g.gl_pathv[i]; i++) {
+        for (i = 0; g.gl_pathv[i]; i++) {
                if (infer_path(g.gl_pathv[i], &tmp)) {
                        err = -1;
                        goto out;
@@ -475,7 +475,7 @@ process_put(int in, int out, char *src, char *dst, char *pwd, int pflag)
                goto out;
        }
-        for(i = 0; g.gl_pathv[i]; i++) {
+        for (i = 0; g.gl_pathv[i]; i++) {
                if (infer_path(g.gl_pathv[i], &tmp)) {
                        err = -1;
                        goto out;
@@ -517,7 +517,7 @@ parse_args(const char **cpp, int *pflag, unsigned long *n_arg,
                return(-1);
        /* Figure out which command we have */
-        for(i = 0; cmds[i].c; i++) {
+        for (i = 0; cmds[i].c; i++) {
                int cmdlen = strlen(cmds[i].c);
                /* Check for command followed by whitespace */
@@ -688,7 +688,7 @@ parse_dispatch_command(int in, int out, const char *cmd, char **pwd)
        case I_RM:
                path1 = make_absolute(path1, *pwd);
                remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g);
-                for(i = 0; g.gl_pathv[i]; i++) {
+                for (i = 0; g.gl_pathv[i]; i++) {
                        printf("Removing %s\n", g.gl_pathv[i]);
                        if (do_rm(in, out, g.gl_pathv[i]) == -1)
                                err = -1;
@@ -781,7 +781,7 @@ parse_dispatch_command(int in, int out, const char *cmd, char **pwd)
                a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
                a.perm = n_arg;
                remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g);
-                for(i = 0; g.gl_pathv[i]; i++) {
+                for (i = 0; g.gl_pathv[i]; i++) {
                        printf("Changing mode on %s\n", g.gl_pathv[i]);
                        do_setstat(in, out, g.gl_pathv[i], &a);
                }
@@ -789,7 +789,7 @@ parse_dispatch_command(int in, int out, const char *cmd, char **pwd)
        case I_CHOWN:
                path1 = make_absolute(path1, *pwd);
                remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g);
-                for(i = 0; g.gl_pathv[i]; i++) {
+                for (i = 0; g.gl_pathv[i]; i++) {
                        if (!(aa = do_stat(in, out, g.gl_pathv[i], 0)))
                                continue;
                        if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
@@ -806,7 +806,7 @@ parse_dispatch_command(int in, int out, const char *cmd, char **pwd)
        case I_CHGRP:
                path1 = make_absolute(path1, *pwd);
                remote_glob(in, out, path1, GLOB_NOCHECK, NULL, &g);
-                for(i = 0; g.gl_pathv[i]; i++) {
+                for (i = 0; g.gl_pathv[i]; i++) {
                        if (!(aa = do_stat(in, out, g.gl_pathv[i], 0)))
                                continue;
                        if (!(aa->flags & SSH2_FILEXFER_ATTR_UIDGID)) {
@@ -899,7 +899,7 @@ interactive_loop(int fd_in, int fd_out, char *file1, char *file2)
        setlinebuf(infile);
 #endif
-        for(;;) {
+        for (;;) {
                char *cp;
                printf("sftp> ");
diff --git a/sftp-server.c b/sftp-server.c
index 2ef9753bf..7c8a6b65b 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -22,7 +22,7 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.30 2001/07/31 12:42:50 jakob Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.31 2001/12/19 07:18:56 deraadt Exp $");
 #include "buffer.h"
 #include "bufaux.h"
@@ -144,7 +144,7 @@ handle_init(void)
 {
        int i;
-        for(i = 0; i < sizeof(handles)/sizeof(Handle); i++)
+        for (i = 0; i < sizeof(handles)/sizeof(Handle); i++)
                handles[i].use = HANDLE_UNUSED;
 }
@@ -153,7 +153,7 @@ handle_new(int use, char *name, int fd, DIR *dirp)
 {
        int i;
-        for(i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
+        for (i = 0; i < sizeof(handles)/sizeof(Handle); i++) {
                if (handles[i].use == HANDLE_UNUSED) {
                        handles[i].use = use;
                        handles[i].dirp = dirp;
@@ -771,7 +771,7 @@ process_readdir(void)
                }
                if (count > 0) {
                        send_names(id, count, stats);
-                        for(i = 0; i < count; i++) {
+                        for (i = 0; i < count; i++) {
                                xfree(stats[i].name);
                                xfree(stats[i].long_name);
                        }
@@ -897,7 +897,7 @@ process_readlink(void)
                send_status(id, errno_to_portable(errno));
        else {
                Stat s;
-                
                link[len] = '\0';
                attrib_clear(&s.attrib);
                s.name = s.long_name = link;
diff --git a/sftp.c b/sftp.c
index 06110f9af..97f670d6e 100644
--- a/sftp.c
+++ b/sftp.c
@@ -24,7 +24,7 @@
 #include "includes.h"
-RCSID("$OpenBSD: sftp.c,v 1.21 2001/09/19 19:24:19 stevesk Exp $");
+RCSID("$OpenBSD: sftp.c,v 1.22 2001/12/19 07:18:56 deraadt Exp $");
 /* XXX: commandline mode */
 /* XXX: short-form remote directory listings (like 'ls -C') */
@@ -114,7 +114,7 @@ main(int argc, char **argv)
        __progname = get_progname(argv[0]);
        args.list = NULL;
-        addargs(&args, "ssh");         /* overwritten with ssh_program */
+        addargs(&args, "ssh");          /* overwritten with ssh_program */
        addargs(&args, "-oFallBackToRsh no");
        addargs(&args, "-oForwardX11 no");
        addargs(&args, "-oForwardAgent no");
@@ -195,7 +195,7 @@ main(int argc, char **argv)
        addargs(&args, "-oProtocol %d", sshver);
        /* no subsystem if the server-spec contains a '/' */
-        if (sftp_server == NULL || strchr(sftp_server, '/') == NULL) 
+        if (sftp_server == NULL || strchr(sftp_server, '/') == NULL)
                addargs(&args, "-s");
        addargs(&args, "%s", host);
diff --git a/ssh-add.c b/ssh-add.c
index 585b71487..91603399a 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.46 2001/10/02 08:38:50 djm Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.47 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/evp.h>
@@ -90,7 +90,7 @@ delete_file(AuthenticationConnection *ac, const char *filename)
        key_free(public);
        xfree(comment);
-        
        return ret;
 }
@@ -160,7 +160,7 @@ add_file(AuthenticationConnection *ac, const char *filename)
        xfree(comment);
        key_free(private);
-        
        return ret;
 }
@@ -169,11 +169,11 @@ update_card(AuthenticationConnection *ac, int add, const char *id)
 {
        if (ssh_update_card(ac, add, id)) {
                fprintf(stderr, "Card %s: %s\n",
-                     add ? "added" : "removed", id);
+                    add ? "added" : "removed", id);
                return 0;
        } else {
                fprintf(stderr, "Could not %s card: %s\n",
-                     add ? "add" : "remove", id);
+                    add ? "add" : "remove", id);
                return -1;
        }
 }
@@ -188,8 +188,8 @@ list_identities(AuthenticationConnection *ac, int do_fp)
        for (version = 1; version <= 2; version++) {
                for (key = ssh_get_first_identity(ac, &comment, version);
-                     key != NULL;
+                    key != NULL;
-                     key = ssh_get_next_identity(ac, &comment, version)) {
+                    key = ssh_get_next_identity(ac, &comment, version)) {
                        had_identities = 1;
                        if (do_fp) {
                                fp = key_fingerprint(key, SSH_FP_MD5,
@@ -248,7 +248,7 @@ main(int argc, char **argv)
                fprintf(stderr, "Could not open a connection to your authentication agent.\n");
                exit(1);
        }
-        while ((ch = getopt(argc, argv, "lLdDe:s:")) != -1) {
+        while ((ch = getopt(argc, argv, "lLdDe:s:")) != -1) {
                switch (ch) {
                case 'l':
                case 'L':
@@ -267,7 +267,7 @@ main(int argc, char **argv)
                        sc_reader_id = optarg;
                        break;
                case 'e':
-                        deleting = 1; 
+                        deleting = 1;
                        sc_reader_id = optarg;
                        break;
                default:
diff --git a/ssh-agent.c b/ssh-agent.c
index 4db16e45e..e8018bf3a 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssh-agent.c,v 1.74 2001/12/05 10:06:12 deraadt Exp $  */
+/*      $OpenBSD: ssh-agent.c,v 1.75 2001/12/19 07:18:56 deraadt Exp $  */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -36,7 +36,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.74 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.75 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -457,7 +457,7 @@ process_add_smartcard_key (SocketEntry *e)
        Key *n = NULL, *k = NULL;
        char *sc_reader_id = NULL;
        int success = 0;
-        
        sc_reader_id = buffer_get_string(&e->input, NULL);
        k = sc_get_key(sc_reader_id);
        xfree(sc_reader_id);
@@ -615,10 +615,10 @@ process_message(SocketEntry *e)
 #ifdef SMARTCARD
        case SSH_AGENTC_ADD_SMARTCARD_KEY:
                process_add_smartcard_key(e);
-                break; 
+                break;
        case SSH_AGENTC_REMOVE_SMARTCARD_KEY:
                process_remove_smartcard_key(e);
-                break; 
+                break;
 #endif /* SMARTCARD */
        default:
                /* Unknown message.  Respond with failure. */
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 9b3b7f4c7..ccd737781 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.85 2001/12/05 10:06:12 deraadt Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.86 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -670,7 +670,7 @@ do_change_passphrase(struct passwd *pw)
                        read_passphrase("Enter new passphrase (empty for no "
                            "passphrase): ", RP_ALLOW_STDIN);
                passphrase2 = read_passphrase("Enter same passphrase again: ",
-                     RP_ALLOW_STDIN);
+                    RP_ALLOW_STDIN);
                /* Verify that they are the same. */
                if (strcmp(passphrase1, passphrase2) != 0) {
@@ -748,7 +748,7 @@ do_change_comment(struct passwd *pw)
                fprintf(stderr, "Comments are only supported for RSA1 keys.\n");
                key_free(private);
                exit(1);
-        }       
+        }
        printf("Key now has comment '%s'\n", comment);
        if (identity_comment) {
diff --git a/ssh.c b/ssh.c
index 9f4d1178b..aa557eb03 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.150 2001/11/30 20:39:28 stevesk Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.151 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -485,7 +485,7 @@ again:
                                    fwd_host_port);
                        else if (opt == 'R')
                                add_remote_forward(&options, fwd_port, buf,
-                                     fwd_host_port);
+                                    fwd_host_port);
                        break;
                case 'D':
@@ -1150,8 +1150,8 @@ ssh_session2_open(void)
        channel_send_open(c->self);
        if (!no_shell_flag)
                channel_register_callback(c->self,
-                     SSH2_MSG_CHANNEL_OPEN_CONFIRMATION,
+                    SSH2_MSG_CHANNEL_OPEN_CONFIRMATION,
-                     ssh_session2_setup, (void *)0);
+                    ssh_session2_setup, (void *)0);
        return c->self;
 }
diff --git a/sshconnect.c b/sshconnect.c
index 64eb8d5fa..785c9dbe2 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.117 2001/12/06 18:02:32 stevesk Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.118 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/bn.h>
@@ -109,7 +109,7 @@ ssh_proxy_connect(const char *host, u_short port, struct passwd *pw,
        /* Create pipes for communicating with the proxy. */
        if (pipe(pin) < 0 || pipe(pout) < 0)
                fatal("Could not create pipes to communicate with the proxy: %.100s",
-                      strerror(errno));
+                    strerror(errno));
        debug("Executing proxy command: %.500s", command_string);
@@ -258,7 +258,7 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
        int full_failure = 1;
        debug("ssh_connect: getuid %u geteuid %u anon %d",
-              (u_int) getuid(), (u_int) geteuid(), anonymous);
+            (u_int) getuid(), (u_int) geteuid(), anonymous);
        /* Get default port if port has not been set. */
        if (port == 0) {
@@ -428,7 +428,7 @@ ssh_exchange_identification(void)
            &remote_major, &remote_minor, remote_version) != 3)
                fatal("Bad remote protocol version identification: '%.100s'", buf);
        debug("Remote protocol version %d.%d, remote software version %.100s",
-              remote_major, remote_minor, remote_version);
+            remote_major, remote_minor, remote_version);
        compat_datafellows(remote_version);
        mismatch = 0;
@@ -620,7 +620,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
         */
        host_file = user_hostfile;
        host_status = check_host_in_hostfile(host_file, host, host_key,
-             file_key, &host_line);
+            file_key, &host_line);
        if (host_status == HOST_NEW) {
                host_file = system_hostfile;
                host_status = check_host_in_hostfile(host_file, host, host_key,
@@ -663,7 +663,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                                    "'%.128s' not in list of known hosts.",
                                    type, ip);
                        else if (!add_host_to_hostfile(user_hostfile, ip,
-                             host_key))
+                            host_key))
                                log("Failed to add the %s host key for IP "
                                    "address '%.128s' to the list of known "
                                    "hosts (%.30s).", type, ip, user_hostfile);
@@ -789,7 +789,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                        error("Port forwarding is disabled to avoid "
                            "man-in-the-middle attacks.");
                        options.num_local_forwards =
-                             options.num_remote_forwards = 0;
+                            options.num_remote_forwards = 0;
                }
                /*
                 * XXX Should permit the user to change to use the new id.
@@ -813,7 +813,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
                        error("Exiting, you have requested strict checking.");
                        goto fail;
                } else if (options.strict_host_key_checking == 2) {
-                        if (!confirm("Are you sure you want " 
+                        if (!confirm("Are you sure you want "
                            "to continue connecting (yes/no)? ")) {
                                goto fail;
                        }
diff --git a/sshconnect1.c b/sshconnect1.c
index d6b862352..2829ca5a7 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.41 2001/10/06 11:18:19 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.42 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/bn.h>
 #include <openssl/evp.h>
@@ -80,8 +80,8 @@ try_agent_authentication(void)
        /* Loop through identities served by the agent. */
        for (key = ssh_get_first_identity(auth, &comment, 1);
-             key != NULL;
+            key != NULL;
-             key = ssh_get_next_identity(auth, &comment, 1)) {
+            key = ssh_get_next_identity(auth, &comment, 1)) {
                /* Try this identity. */
                debug("Trying RSA authentication via agent with '%.100s'", comment);
@@ -400,10 +400,10 @@ try_krb4_authentication(void)
        /* Don't do anything if we don't have any tickets. */
        if (stat(tkt_string(), &st) < 0)
                return 0;
-        
        strlcpy(inst, (char *)krb_get_phost(get_canonical_hostname(1)),
            INST_SZ);
-        
        realm = (char *)krb_realmofhost(get_canonical_hostname(1));
        if (!realm) {
                debug("Kerberos v4: no realm for %s", get_canonical_hostname(1));
@@ -411,7 +411,7 @@ try_krb4_authentication(void)
        }
        /* This can really be anything. */
        checksum = (u_long)getpid();
-        
        r = krb_mk_req(&auth, KRB4_SERVICE_NAME, inst, realm, checksum);
        if (r != KSUCCESS) {
                debug("Kerberos v4 krb_mk_req failed: %s", krb_err_txt[r]);
@@ -424,22 +424,22 @@ try_krb4_authentication(void)
                return 0;
        }
        des_key_sched((des_cblock *) cred.session, schedule);
-        
        /* Send authentication info to server. */
        packet_start(SSH_CMSG_AUTH_KERBEROS);
        packet_put_string((char *) auth.dat, auth.length);
        packet_send();
        packet_write_wait();
-        
        /* Zero the buffer. */
        (void) memset(auth.dat, 0, MAX_KTXT_LEN);
-        
        slen = sizeof(local);
        memset(&local, 0, sizeof(local));
        if (getsockname(packet_get_connection_in(),
            (struct sockaddr *)&local, &slen) < 0)
                debug("getsockname failed: %s", strerror(errno));
-        
        slen = sizeof(foreign);
        memset(&foreign, 0, sizeof(foreign));
        if (getpeername(packet_get_connection_in(),
@@ -455,18 +455,18 @@ try_krb4_authentication(void)
                debug("Kerberos v4 authentication failed.");
                return 0;
                break;
-                
        case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
                /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
                debug("Kerberos v4 authentication accepted.");
-                
                /* Get server's response. */
                reply = packet_get_string((u_int *) &auth.length);
                memcpy(auth.dat, reply, auth.length);
                xfree(reply);
-                
                packet_integrity_check(plen, 4 + auth.length, type);
-                
                /*
                 * If his response isn't properly encrypted with the session
                 * key, and the decrypted checksum fails to match, he's
@@ -483,7 +483,7 @@ try_krb4_authentication(void)
                memcpy((char *)&cksum, (char *)msg_data.app_data,
                    sizeof(cksum));
                cksum = ntohl(cksum);
-                
                /* If it matches, we're golden. */
                if (cksum == checksum + 1) {
                        debug("Kerberos v4 challenge successful.");
@@ -491,7 +491,7 @@ try_krb4_authentication(void)
                } else
                        packet_disconnect("Kerberos v4 challenge failed!");
                break;
-                
        default:
                packet_disconnect("Protocol error on Kerberos v4 response: %d", type);
        }
@@ -513,26 +513,26 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
        int type, payload_len;
        krb5_ap_rep_enc_part *reply = NULL;
        int ret;
-        
        memset(&ap, 0, sizeof(ap));
-        
        problem = krb5_init_context(context);
        if (problem) {
                debug("Kerberos v5: krb5_init_context failed");
                ret = 0;
                goto out;
        }
-        
        tkfile = krb5_cc_default_name(*context);
        if (strncmp(tkfile, "FILE:", 5) == 0)
                tkfile += 5;
-        
        if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
                debug("Kerberos v5: could not get default ccache (permission denied).");
                ret = 0;
                goto out;
        }
-        
        problem = krb5_cc_default(*context, &ccache);
        if (problem) {
                debug("Kerberos v5: krb5_cc_default failed: %s",
@@ -540,9 +540,9 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
                ret = 0;
                goto out;
        }
-        
        remotehost = get_canonical_hostname(1);
-        
        problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
            "host", remotehost, NULL, ccache, &ap);
        if (problem) {
@@ -551,48 +551,48 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
                ret = 0;
                goto out;
        }
-        
        packet_start(SSH_CMSG_AUTH_KERBEROS);
        packet_put_string((char *) ap.data, ap.length);
        packet_send();
        packet_write_wait();
-        
        xfree(ap.data);
        ap.length = 0;
-        
        type = packet_read(&payload_len);
        switch (type) {
-        case SSH_SMSG_FAILURE:
+        case SSH_SMSG_FAILURE:
-                /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
+                /* Should really be SSH_SMSG_AUTH_KERBEROS_FAILURE */
-                debug("Kerberos v5 authentication failed.");
+                debug("Kerberos v5 authentication failed.");
-                ret = 0;
+                ret = 0;
-                break;
+                break;
-                
        case SSH_SMSG_AUTH_KERBEROS_RESPONSE:
-                /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
+                /* SSH_SMSG_AUTH_KERBEROS_SUCCESS */
-                debug("Kerberos v5 authentication accepted.");
+                debug("Kerberos v5 authentication accepted.");
-                
-                /* Get server's response. */
+                /* Get server's response. */
-                ap.data = packet_get_string((unsigned int *) &ap.length);
+                ap.data = packet_get_string((unsigned int *) &ap.length);
-                
-                packet_integrity_check(payload_len, 4 + ap.length, type);
+                packet_integrity_check(payload_len, 4 + ap.length, type);
-                /* XXX je to dobre? */
+                /* XXX je to dobre? */
-                
-                problem = krb5_rd_rep(*context, *auth_context, &ap, &reply);
+                problem = krb5_rd_rep(*context, *auth_context, &ap, &reply);
-                if (problem) {
+                if (problem) {
                        ret = 0;
                }
                ret = 1;
                break;
-                
        default:
                packet_disconnect("Protocol error on Kerberos v5 response: %d",
                    type);
                ret = 0;
                break;
-                
        }
-        
 out:
        if (ccache != NULL)
                krb5_cc_close(*context, ccache);
@@ -600,7 +600,7 @@ try_krb5_authentication(krb5_context *context, krb5_auth_context *auth_context)
                krb5_free_ap_rep_enc_part(*context, reply);
        if (ap.length > 0)
                krb5_data_free(&ap);
-        
        return (ret);
 }
@@ -614,62 +614,62 @@ send_krb5_tgt(krb5_context context, krb5_auth_context auth_context)
        krb5_creds creds;
        krb5_kdc_flags flags;
        const char *remotehost;
-        
        memset(&creds, 0, sizeof(creds));
        memset(&outbuf, 0, sizeof(outbuf));
-        
        fd = packet_get_connection_in();
-        
        problem = krb5_auth_con_setaddrs_from_fd(context, auth_context, &fd);
        if (problem)
                goto out;
-        
        problem = krb5_cc_default(context, &ccache);
        if (problem)
                goto out;
-        
        problem = krb5_cc_get_principal(context, ccache, &creds.client);
        if (problem)
                goto out;
-        
        problem = krb5_build_principal(context, &creds.server,
            strlen(creds.client->realm), creds.client->realm,
            "krbtgt", creds.client->realm, NULL);
        if (problem)
                goto out;
-        
        creds.times.endtime = 0;
-        
        flags.i = 0;
        flags.b.forwarded = 1;
        flags.b.forwardable = krb5_config_get_bool(context,  NULL,
            "libdefaults", "forwardable", NULL);
-        
        remotehost = get_canonical_hostname(1);
-        
        problem = krb5_get_forwarded_creds(context, auth_context,
            ccache, flags.i, remotehost, &creds, &outbuf);
        if (problem)
                goto out;
-        
        packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
        packet_put_string((char *)outbuf.data, outbuf.length);
        packet_send();
        packet_write_wait();
-        
        type = packet_read(&payload_len);
-        
        if (type == SSH_SMSG_SUCCESS) {
                char *pname;
-                
                krb5_unparse_name(context, creds.client, &pname);
                debug("Kerberos v5 TGT forwarded (%s).", pname);
                xfree(pname);
        } else
                debug("Kerberos v5 TGT forwarding failed.");
-        
        return;
-        
 out:
        if (problem)
                debug("Kerberos v5 TGT forwarding failed: %s",
@@ -693,44 +693,44 @@ send_krb4_tgt(void)
        struct stat st;
        char buffer[4096], pname[ANAME_SZ], pinst[INST_SZ], prealm[REALM_SZ];
        int problem, type, len;
-        
        /* Don't do anything if we don't have any tickets. */
        if (stat(tkt_string(), &st) < 0)
                return;
-        
        creds = xmalloc(sizeof(*creds));
-        
        problem = krb_get_tf_fullname(TKT_FILE, pname, pinst, prealm);
        if (problem)
                goto out;
-        
        problem = krb_get_cred("krbtgt", prealm, prealm, creds);
        if (problem)
                goto out;
-        
        if (time(0) > krb_life_to_time(creds->issue_date, creds->lifetime)) {
                problem = RD_AP_EXP;
                goto out;
        }
        creds_to_radix(creds, (u_char *)buffer, sizeof(buffer));
-        
        packet_start(SSH_CMSG_HAVE_KERBEROS_TGT);
        packet_put_cstring(buffer);
        packet_send();
        packet_write_wait();
-        
        type = packet_read(&len);
-        
        if (type == SSH_SMSG_SUCCESS)
                debug("Kerberos v4 TGT forwarded (%s%s%s@%s).",
                    creds->pname, creds->pinst[0] ? "." : "",
                    creds->pinst, creds->realm);
        else
                debug("Kerberos v4 TGT rejected.");
-        
        xfree(creds);
        return;
-        
 out:
        debug("Kerberos v4 TGT passing failed: %s", krb_err_txt[problem]);
        xfree(creds);
@@ -745,7 +745,7 @@ send_afs_tokens(void)
        int i, type, len;
        char buf[2048], *p, *server_cell;
        char buffer[8192];
-        
        /* Move over ktc_GetToken, here's something leaner. */
        for (i = 0; i < 100; i++) {     /* just in case */
                parms.in = (char *) &i;
@@ -755,7 +755,7 @@ send_afs_tokens(void)
                if (k_pioctl(0, VIOCGETTOK, &parms, 0) != 0)
                        break;
                p = buf;
-                
                /* Get secret token. */
                memcpy(&creds.ticket_st.length, p, sizeof(u_int));
                if (creds.ticket_st.length > MAX_KTXT_LEN)
@@ -763,7 +763,7 @@ send_afs_tokens(void)
                p += sizeof(u_int);
                memcpy(creds.ticket_st.dat, p, creds.ticket_st.length);
                p += creds.ticket_st.length;
-                
                /* Get clear token. */
                memcpy(&len, p, sizeof(len));
                if (len != sizeof(struct ClearToken))
@@ -773,7 +773,7 @@ send_afs_tokens(void)
                p += len;
                p += sizeof(len);       /* primary flag */
                server_cell = p;
-                
                /* Flesh out our credentials. */
                strlcpy(creds.service, "afs", sizeof(creds.service));
                creds.instance[0] = '\0';
@@ -785,7 +785,7 @@ send_afs_tokens(void)
                creds.kvno = ct.AuthHandle;
                snprintf(creds.pname, sizeof(creds.pname), "AFS ID %d", ct.ViceId);
                creds.pinst[0] = '\0';
-                
                /* Encode token, ship it off. */
                if (creds_to_radix(&creds, (u_char *)buffer,
                    sizeof(buffer)) <= 0)
@@ -798,7 +798,7 @@ send_afs_tokens(void)
                /* Roger, Roger. Clearance, Clarence. What's your vector,
                   Victor? */
                type = packet_read(&len);
-                
                if (type == SSH_SMSG_FAILURE)
                        debug("AFS token for cell %s rejected.", server_cell);
                else if (type != SSH_SMSG_SUCCESS)
@@ -842,7 +842,7 @@ try_challenge_response_authentication(void)
                challenge = packet_get_string(&clen);
                packet_integrity_check(payload_len, (4 + clen), type);
                snprintf(prompt, sizeof prompt, "%s%s", challenge,
-                     strchr(challenge, '\n') ? "" : "\nResponse: ");
+                    strchr(challenge, '\n') ? "" : "\nResponse: ");
                xfree(challenge);
                if (i != 0)
                        error("Permission denied, please try again.");
@@ -974,11 +974,11 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
        supported_authentications = packet_get_int();
        debug("Received server public key (%d bits) and host key (%d bits).",
-              BN_num_bits(public_key->n), BN_num_bits(host_key->n));
+            BN_num_bits(public_key->n), BN_num_bits(host_key->n));
        packet_integrity_check(payload_len,
-                               8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
+            8 + 4 + sum_len + 0 + 4 + 0 + 0 + 4 + 4 + 4,
-                               SSH_SMSG_PUBLIC_KEY);
+            SSH_SMSG_PUBLIC_KEY);
        k.type = KEY_RSA1;
        k.rsa = host_key;
        if (verify_host_key(host, hostaddr, &k) == -1)
@@ -1027,10 +1027,10 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
                if (BN_num_bits(host_key->n) <
                    BN_num_bits(public_key->n) + SSH_KEY_BITS_RESERVED) {
                        fatal("respond_to_rsa_challenge: host_key %d < public_key %d + "
-                              "SSH_KEY_BITS_RESERVED %d",
+                            "SSH_KEY_BITS_RESERVED %d",
-                              BN_num_bits(host_key->n),
+                            BN_num_bits(host_key->n),
-                              BN_num_bits(public_key->n),
+                            BN_num_bits(public_key->n),
-                              SSH_KEY_BITS_RESERVED);
+                            SSH_KEY_BITS_RESERVED);
                }
                rsa_public_encrypt(key, key, public_key);
                rsa_public_encrypt(key, key, host_key);
@@ -1039,10 +1039,10 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
                if (BN_num_bits(public_key->n) <
                    BN_num_bits(host_key->n) + SSH_KEY_BITS_RESERVED) {
                        fatal("respond_to_rsa_challenge: public_key %d < host_key %d + "
-                              "SSH_KEY_BITS_RESERVED %d",
+                            "SSH_KEY_BITS_RESERVED %d",
-                              BN_num_bits(public_key->n),
+                            BN_num_bits(public_key->n),
-                              BN_num_bits(host_key->n),
+                            BN_num_bits(host_key->n),
-                              SSH_KEY_BITS_RESERVED);
+                            SSH_KEY_BITS_RESERVED);
                }
                rsa_public_encrypt(key, key, host_key);
                rsa_public_encrypt(key, key, public_key);
@@ -1064,7 +1064,7 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
        /* Check that the selected cipher is supported. */
        if (!(supported_ciphers & (1 << options.cipher)))
                fatal("Selected cipher type %.100s not supported by server.",
-                      cipher_name(options.cipher));
+                    cipher_name(options.cipher));
        debug("Encryption type: %.100s", cipher_name(options.cipher));
@@ -1117,7 +1117,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
 #endif
        int i, type;
        int payload_len;
-        
        if (supported_authentications == 0)
                fatal("ssh_userauth1: server supports no auth methods");
@@ -1139,12 +1139,12 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
                goto success;
        if (type != SSH_SMSG_FAILURE)
                packet_disconnect("Protocol error: got %d in response to SSH_CMSG_USER", type);
-        
 #ifdef KRB5
        if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
-            options.kerberos_authentication) {
+            options.kerberos_authentication) {
                debug("Trying Kerberos v5 authentication.");
-                
                if (try_krb5_authentication(&context, &auth_context)) {
                        type = packet_read(&payload_len);
                        if (type == SSH_SMSG_SUCCESS)
@@ -1154,12 +1154,12 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
                }
        }
 #endif /* KRB5 */
-        
 #ifdef KRB4
        if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
            options.kerberos_authentication) {
                debug("Trying Kerberos v4 authentication.");
-                
                if (try_krb4_authentication()) {
                        type = packet_read(&payload_len);
                        if (type == SSH_SMSG_SUCCESS)
@@ -1169,7 +1169,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
                }
        }
 #endif /* KRB4 */
-        
        /*
         * Use rhosts authentication if running in privileged socket and we
         * do not wish to remain anonymous.
@@ -1254,7 +1254,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
        if (context)
                krb5_free_context(context);
 #endif
-        
 #ifdef AFS
        /* Try Kerberos v4 TGT passing if the server supports it. */
        if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
diff --git a/sshconnect2.c b/sshconnect2.c
index 514637f2d..8689da087 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,7 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.87 2001/12/05 10:06:13 deraadt Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.88 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/bn.h>
 #include <openssl/md5.h>
@@ -111,7 +111,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr)
                myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
        }
        if (options.hostkeyalgorithms != NULL)
-                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
+                myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
                    options.hostkeyalgorithms;
        /* start key exchange */
@@ -613,7 +613,7 @@ load_identity_file(char *filename)
                if (options.batch_mode)
                        return NULL;
                snprintf(prompt, sizeof prompt,
-                     "Enter passphrase for key '%.100s': ", filename);
+                    "Enter passphrase for key '%.100s': ", filename);
                for (i = 0; i < options.number_of_password_prompts; i++) {
                        passphrase = read_passphrase(prompt, 0);
                        if (strcmp(passphrase, "") != 0) {
@@ -646,7 +646,7 @@ identity_sign_cb(Authctxt *authctxt, Key *key, u_char **sigp, int *lenp,
                return -1;
        /* private key is stored in external hardware */
-        if (options.identity_keys[idx]->flags & KEY_FLAG_EXT) 
+        if (options.identity_keys[idx]->flags & KEY_FLAG_EXT)
                return key_sign(options.identity_keys[idx], sigp, lenp, data, datalen);
        private = load_identity_file(options.identity_files[idx]);
diff --git a/sshd.8 b/sshd.8
index 91da9adef..dafdf9a8c 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.156 2001/12/06 13:30:06 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.157 2001/12/19 07:18:56 deraadt Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -253,7 +253,7 @@ authentication, and termination of each connection is logged.
 .It Fl t
 Test mode.
 Only check the validity of the configuration file and sanity of the keys.
-This is useful for updating 
+This is useful for updating
 .Nm
 reliably as configuration options may change.
 .It Fl u Ar len
diff --git a/sshd.c b/sshd.c
index 91376de2e..c166a84ea 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.216 2001/12/10 16:45:04 stevesk Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.217 2001/12/19 07:18:56 deraadt Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -399,7 +399,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
                fatal_cleanup();
        }
        debug("Client protocol version %d.%d; client software version %.100s",
-              remote_major, remote_minor, remote_version);
+            remote_major, remote_minor, remote_version);
        compat_datafellows(remote_version);
@@ -467,7 +467,7 @@ destroy_sensitive_data(void)
                key_free(sensitive_data.server_key);
                sensitive_data.server_key = NULL;
        }
-        for(i = 0; i < options.num_host_key_files; i++) {
+        for (i = 0; i < options.num_host_key_files; i++) {
                if (sensitive_data.host_keys[i]) {
                        key_free(sensitive_data.host_keys[i]);
                        sensitive_data.host_keys[i] = NULL;
@@ -483,7 +483,7 @@ list_hostkey_types(void)
        static char buf[1024];
        int i;
        buf[0] = '\0';
-        for(i = 0; i < options.num_host_key_files; i++) {
+        for (i = 0; i < options.num_host_key_files; i++) {
                Key *key = sensitive_data.host_keys[i];
                if (key == NULL)
                        continue;
@@ -506,7 +506,7 @@ static Key *
 get_hostkey_by_type(int type)
 {
        int i;
-        for(i = 0; i < options.num_host_key_files; i++) {
+        for (i = 0; i < options.num_host_key_files; i++) {
                Key *key = sensitive_data.host_keys[i];
                if (key != NULL && key->type == type)
                        return key;
@@ -687,9 +687,9 @@ main(int ac, char **av)
                        utmp_len = atoi(optarg);
                        break;
                case 'o':
-                        if (process_server_config_line(&options, optarg,
+                        if (process_server_config_line(&options, optarg,
                            "command-line", 0) != 0)
-                                exit(1);
+                                exit(1);
                        break;
                case '?':
                default:
@@ -734,14 +734,14 @@ main(int ac, char **av)
        /* load private host keys */
        sensitive_data.host_keys = xmalloc(options.num_host_key_files*sizeof(Key*));
-        for(i = 0; i < options.num_host_key_files; i++)
+        for (i = 0; i < options.num_host_key_files; i++)
                sensitive_data.host_keys[i] = NULL;
        sensitive_data.server_key = NULL;
        sensitive_data.ssh1_host_key = NULL;
        sensitive_data.have_ssh1_key = 0;
        sensitive_data.have_ssh2_key = 0;
-        for(i = 0; i < options.num_host_key_files; i++) {
+        for (i = 0; i < options.num_host_key_files; i++) {
                key = key_load_private(options.host_key_files[i], "", NULL);
                sensitive_data.host_keys[i] = key;
                if (key == NULL) {
@@ -842,7 +842,7 @@ main(int ac, char **av)
        /* Chdir to the root directory so that the current disk can be
           unmounted if desired. */
        chdir("/");
-        
        /* ignore SIGPIPE */
        signal(SIGPIPE, SIG_IGN);
diff --git a/sshd_config b/sshd_config
index e1a052a16..41e3388da 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.42 2001/09/20 20:57:51 mouring Exp $
+#       $OpenBSD: sshd_config,v 1.43 2001/12/19 07:18:56 deraadt Exp $
 # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
@@ -50,7 +50,7 @@ HostbasedAuthentication no
 PasswordAuthentication yes
 PermitEmptyPasswords no
-# Uncomment to disable s/key passwords 
+# Uncomment to disable s/key passwords
 #ChallengeResponseAuthentication no
 # Uncomment to enable PAM keyboard-interactive authentication 
diff --git a/sshlogin.c b/sshlogin.c
index b7558b9e9..2fb96bb6c 100644
--- a/sshlogin.c
+++ b/sshlogin.c
@@ -39,7 +39,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshlogin.c,v 1.2 2001/03/24 16:43:27 stevesk Exp $");
+RCSID("$OpenBSD: sshlogin.c,v 1.3 2001/12/19 07:18:56 deraadt Exp $");
 #include "loginrec.h"
@@ -67,7 +67,7 @@ get_last_login_time(uid_t uid, const char *logname,
 void
 record_login(pid_t pid, const char *ttyname, const char *user, uid_t uid,
-             const char *host, struct sockaddr * addr)
+        const char *host, struct sockaddr * addr)
 {
  struct logininfo *li;
diff --git a/sshpty.c b/sshpty.c
index e1e603141..71c48b573 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshpty.c,v 1.3 2001/07/22 21:32:27 markus Exp $");
+RCSID("$OpenBSD: sshpty.c,v 1.4 2001/12/19 07:18:56 deraadt Exp $");
 #ifdef HAVE_UTIL_H
 # include <util.h>
@@ -156,7 +156,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
        *ttyfd = open(name, O_RDWR | O_NOCTTY);
        if (*ttyfd < 0) {
                error("Could not open pty slave side %.100s: %.100s",
-                      name, strerror(errno));
+                    name, strerror(errno));
                close(*ptyfd);
                return 0;
        }
@@ -328,7 +328,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
        fd = open(_PATH_TTY, O_WRONLY);
        if (fd < 0)
                error("open /dev/tty failed - could not set controlling tty: %.100s",
-                      strerror(errno));
+                    strerror(errno));
        else {
                close(fd);
        }
@@ -339,7 +339,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
 void
 pty_change_window_size(int ptyfd, int row, int col,
-                       int xpixel, int ypixel)
+        int xpixel, int ypixel)
 {
        struct winsize w;
        w.ws_row = row;
@@ -378,15 +378,15 @@ pty_setowner(struct passwd *pw, const char *ttyname)
        if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
                if (chown(ttyname, pw->pw_uid, gid) < 0) {
-                        if (errno == EROFS && 
+                        if (errno == EROFS &&
                           (st.st_uid == pw->pw_uid || st.st_uid == 0))
                                error("chown(%.100s, %d, %d) failed: %.100s",
-                                      ttyname, pw->pw_uid, gid,
+                                    ttyname, pw->pw_uid, gid,
-                                      strerror(errno));
+                                    strerror(errno));
                        else
                                fatal("chown(%.100s, %d, %d) failed: %.100s",
-                                      ttyname, pw->pw_uid, gid,
+                                    ttyname, pw->pw_uid, gid,
-                                      strerror(errno));
+                                    strerror(errno));
                }
        }
@@ -395,10 +395,10 @@ pty_setowner(struct passwd *pw, const char *ttyname)
                        if (errno == EROFS &&
                            (st.st_mode & (S_IRGRP | S_IROTH)) == 0)
                                error("chmod(%.100s, 0%o) failed: %.100s",
-                                      ttyname, mode, strerror(errno));
+                                    ttyname, mode, strerror(errno));
                        else
                                fatal("chmod(%.100s, 0%o) failed: %.100s",
-                                      ttyname, mode, strerror(errno));
+                                    ttyname, mode, strerror(errno));
                }
        }
 }
diff --git a/sshtty.c b/sshtty.c
index 78498908f..eed8cfdc2 100644
--- a/sshtty.c
+++ b/sshtty.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshtty.c,v 1.1 2001/04/14 16:33:20 stevesk Exp $ */
+/* $OpenBSD: sshtty.c,v 1.2 2001/12/19 07:18:56 deraadt Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -46,7 +46,7 @@ static int _in_raw_mode = 0;
 int
 in_raw_mode(void)
 {
-        return _in_raw_mode;    
+        return _in_raw_mode;
 }
 struct termios
diff --git a/ttymodes.c b/ttymodes.c
index c0bb0b1f8..ada3a1481 100644
--- a/ttymodes.c
+++ b/ttymodes.c
@@ -43,7 +43,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ttymodes.c,v 1.14 2001/06/24 17:18:31 markus Exp $");
+RCSID("$OpenBSD: ttymodes.c,v 1.15 2001/12/19 07:18:56 deraadt Exp $");
 #include "packet.h"
 #include "log.h"
@@ -396,7 +396,7 @@ tty_parse_modes(int fd, int *n_bytes_ptr)
                default:
                        debug("Ignoring unsupported tty mode opcode %d (0x%x)",
-                              opcode, opcode);
+                            opcode, opcode);
                        if (!compat20) {
                                /*
                                 * SSH1:
diff --git a/uidswap.c b/uidswap.c
index cc91fcf25..bc67d74b0 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -12,7 +12,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: uidswap.c,v 1.18 2001/08/08 21:34:19 markus Exp $");
+RCSID("$OpenBSD: uidswap.c,v 1.19 2001/12/19 07:18:56 deraadt Exp $");
 #include "log.h"
 #include "uidswap.h"
@@ -67,7 +67,7 @@ temporarily_use_uid(struct passwd *pw)
        privileged = 1;
        temporarily_use_uid_effective = 1;
-        saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);                           
+        saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
        if (saved_egroupslen < 0)
                fatal("getgroups: %.100s", strerror(errno));
@@ -76,7 +76,7 @@ temporarily_use_uid(struct passwd *pw)
                if (initgroups(pw->pw_name, pw->pw_gid) < 0)
                        fatal("initgroups: %s: %.100s", pw->pw_name,
                            strerror(errno));
-                user_groupslen = getgroups(NGROUPS_MAX, user_groups);                           
+                user_groupslen = getgroups(NGROUPS_MAX, user_groups);
                if (user_groupslen < 0)
                        fatal("getgroups: %.100s", strerror(errno));
        }
author	Damien Miller <djm@mindrot.org>	2001-12-21 14:45:46 +1100
committer	Damien Miller <djm@mindrot.org>	2001-12-21 14:45:46 +1100
commit	9f0f5c64bc4b6144e3fed6a7f538f7c21819a492 (patch)
tree	f79317ab211f59181a61b526f566e9c8cfe70c73
parent	89681214ca2f50a1b1ed6164c3afe1ce14995ffc (diff)