13 files changed, 159 insertions, 145 deletions
diff --git a/ChangeLog b/ChangeLog
index c610abc91..f224a77cd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,17 @@
 - Released 1.2pre10
 - Added INSTALL documentation
+ - Merged yet more changes from OpenBSD CVS
+   - [auth-rh-rsa.c auth-rhosts.c auth-rsa.c channels.c clientloop.c]
+     [ssh.c ssh.h sshconnect.c sshd.c]
+     make all access to options via 'extern Options options'
+     and 'extern ServerOptions options' respectively;
+     options are no longer passed as arguments:
+      * make options handling more consistent
+      * remove #include "readconf.h" from ssh.h
+      * readconf.h is only included if necessary
+   - [mpaux.c] clear temp buffer
+   - [servconf.c] print _all_ bad options found in configfile
 19991111
 - Added (untested) Entropy Gathering Daemon (EGD) support
diff --git a/auth-rh-rsa.c b/auth-rh-rsa.c
index b6f1d6c73..fa855a1a8 100644
--- a/auth-rh-rsa.c
+++ b/auth-rh-rsa.c
@@ -15,7 +15,7 @@ authentication.
 */
 #include "includes.h"
-RCSID("$Id: auth-rh-rsa.c,v 1.3 1999/11/12 00:33:04 damien Exp $");
+RCSID("$Id: auth-rh-rsa.c,v 1.4 1999/11/12 04:19:27 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
@@ -38,7 +38,7 @@ int auth_rhosts_rsa(struct passwd *pw, const char *client_user,
  debug("Trying rhosts with RSA host authentication for %.100s", client_user);
  /* Check if we would accept it using rhosts authentication. */
-  if (!auth_rhosts(pw, client_user, options.ignore_rhosts, options.strict_modes))
+  if (!auth_rhosts(pw, client_user))
    return 0;
  canonical_hostname = get_canonical_hostname();
diff --git a/auth-rhosts.c b/auth-rhosts.c
index ebf2fcbc2..7e5614cb8 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -16,12 +16,13 @@ the login based on rhosts authentication.  This file also processes
 */
 #include "includes.h"
-RCSID("$Id: auth-rhosts.c,v 1.1 1999/10/27 03:42:43 damien Exp $");
+RCSID("$Id: auth-rhosts.c,v 1.2 1999/11/12 04:19:27 damien Exp $");
 #include "packet.h"
 #include "ssh.h"
 #include "xmalloc.h"
 #include "uidswap.h"
+#include "servconf.h"
 /* This function processes an rhosts-style file (.rhosts, .shosts, or
   /etc/hosts.equiv).  This returns true if authentication can be granted
@@ -155,9 +156,9 @@ int check_rhosts_file(const char *filename, const char *hostname,
   true, only /etc/hosts.equiv will be considered (.rhosts and .shosts
   are ignored). */
-int auth_rhosts(struct passwd *pw, const char *client_user,
+int auth_rhosts(struct passwd *pw, const char *client_user)
-                int ignore_rhosts, int strict_modes)
 {
+  extern ServerOptions options;
  char buf[1024];
  const char *hostname, *ipaddr;
  int port;
@@ -234,7 +235,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user,
                        pw->pw_name, pw->pw_dir);
      return 0;
    }
-  if (strict_modes && 
+  if (options.strict_modes && 
      ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
       (st.st_mode & 022) != 0))
    {
@@ -261,7 +262,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user,
         and make sure it is not writable by anyone but the owner.  This is
         to help avoid novices accidentally allowing access to their account
         by anyone. */
-      if (strict_modes &&
+      if (options.strict_modes &&
          ((st.st_uid != 0 && st.st_uid != pw->pw_uid) ||
           (st.st_mode & 022) != 0))
        {
@@ -273,7 +274,7 @@ int auth_rhosts(struct passwd *pw, const char *client_user,
      /* Check if we have been configured to ignore .rhosts and .shosts 
         files. */
-      if (ignore_rhosts)
+      if (options.ignore_rhosts)
        {
          packet_send_debug("Server has been configured to ignore %.100s.",
                            rhosts_files[rhosts_file_index]);
diff --git a/auth-rsa.c b/auth-rsa.c
index dc1ad81a2..6968df58c 100644
--- a/auth-rsa.c
+++ b/auth-rsa.c
@@ -17,7 +17,7 @@ validity of the host key.
 #include "config.h"
 #include "includes.h"
-RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
+RCSID("$Id: auth-rsa.c,v 1.5 1999/11/12 04:19:27 damien Exp $");
 #include "rsa.h"
 #include "packet.h"
@@ -25,6 +25,7 @@ RCSID("$Id: auth-rsa.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
 #include "ssh.h"
 #include "mpaux.h"
 #include "uidswap.h"
+#include "servconf.h"
 #ifdef HAVE_OPENSSL
 #include <openssl/rsa.h>
@@ -100,7 +101,6 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n)
  len = BN_num_bytes(challenge);
  if (len <= 0 || len > 32)
    fatal("auth_rsa_challenge_dialog: bad challenge length %d", len);
  memset(buf, 0, 32);
  BN_bn2bin(challenge, buf + 32 - len);
  MD5_Init(&md);
@@ -136,8 +136,9 @@ auth_rsa_challenge_dialog(unsigned int bits, BIGNUM *e, BIGNUM *n)
   successful.  This may exit if there is a serious protocol violation. */
 int
-auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes)
+auth_rsa(struct passwd *pw, BIGNUM *client_n)
 {
+  extern ServerOptions options;
  char line[8192];
  int authenticated;
  unsigned int bits;
@@ -172,7 +173,7 @@ auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes)
      return 0;
    }
-  if (strict_modes) {
+  if (options.strict_modes) {
    int fail=0;
    char buf[1024];
    /* Check open file in order to avoid open/stat races */
diff --git a/channels.c b/channels.c
index 032e8f2af..c5ec1fc87 100644
--- a/channels.c
+++ b/channels.c
@@ -16,7 +16,7 @@ arbitrary tcp/ip connections, and the authentication agent connection.
 */
 #include "includes.h"
-RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
+RCSID("$Id: channels.c,v 1.5 1999/11/12 04:19:27 damien Exp $");
 #include "ssh.h"
 #include "packet.h"
@@ -24,6 +24,7 @@ RCSID("$Id: channels.c,v 1.4 1999/11/08 05:15:55 damien Exp $");
 #include "buffer.h"
 #include "authfd.h"
 #include "uidswap.h"
+#include "readconf.h"
 #include "servconf.h"
 #include "channels.h"
diff --git a/clientloop.c b/clientloop.c
index a236ce9b2..410dc54de 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -15,7 +15,7 @@ The main loop for the interactive session (client side).
 */
 #include "includes.h"
-RCSID("$Id: clientloop.c,v 1.2 1999/11/11 06:57:39 damien Exp $");
+RCSID("$Id: clientloop.c,v 1.3 1999/11/12 04:19:27 damien Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
@@ -24,9 +24,6 @@ RCSID("$Id: clientloop.c,v 1.2 1999/11/11 06:57:39 damien Exp $");
 #include "authfd.h"
 #include "readconf.h"
-/* Flag indicating whether quiet mode is on. */
-extern Options options;
 /* Flag indicating that stdin should be redirected from /dev/null. */
 extern int stdin_null_flag;
@@ -764,6 +761,7 @@ void client_process_output(fd_set *writeset)
 int client_loop(int have_pty, int escape_char_arg)
 {
+  extern Options options;
  double start_time, total_time;
  int len;
  char buf[100];
diff --git a/mpaux.c b/mpaux.c
index e1b97a158..0622f5b47 100644
--- a/mpaux.c
+++ b/mpaux.c
@@ -16,7 +16,7 @@ precision integers.
 #include "config.h"
 #include "includes.h"
-RCSID("$Id: mpaux.c,v 1.3 1999/10/28 05:23:30 damien Exp $");
+RCSID("$Id: mpaux.c,v 1.4 1999/11/12 04:19:27 damien Exp $");
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
@@ -50,5 +50,6 @@ compute_session_id(unsigned char session_id[16],
  MD5_Init(&md);
  MD5_Update(&md, buf, bytes);
  MD5_Final(session_id, &md);
+  memset(buf, 0, bytes);
  xfree(buf);
 }
diff --git a/servconf.c b/servconf.c
index b1e52638c..f6d063989 100644
--- a/servconf.c
+++ b/servconf.c
@@ -12,7 +12,7 @@ Created: Mon Aug 21 15:48:58 1995 ylo
 */
 #include "includes.h"
-RCSID("$Id: servconf.c,v 1.3 1999/11/12 00:33:04 damien Exp $");
+RCSID("$Id: servconf.c,v 1.4 1999/11/12 04:19:27 damien Exp $");
 #include "ssh.h"
 #include "servconf.h"
@@ -144,6 +144,7 @@ void fill_default_server_options(ServerOptions *options)
 /* Keyword tokens. */
 typedef enum 
 {
+  sBadOption, /* == unknown option */
  sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
  sPermitRootLogin, sLogFacility, sLogLevel,
  sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
@@ -260,9 +261,9 @@ static ServerOpCodes parse_token(const char *cp, const char *filename,
    if (strcmp(cp, keywords[i].name) == 0)
      return keywords[i].opcode;
-  fprintf(stderr, "%s line %d: Bad configuration option: %s\n", 
+  fprintf(stderr, "%s: line %d: Bad configuration option: %s\n", 
          filename, linenum, cp);
-  exit(1);
+  return sBadOption;
 }
 /* Reads the server configuration file. */
@@ -273,6 +274,7 @@ void read_server_config(ServerOptions *options, const char *filename)
  char line[1024];
  char *cp, **charptr;
  int linenum, *intptr, i, value;
+  int bad_options = 0;
  ServerOpCodes opcode;
  f = fopen(filename, "r");
@@ -300,6 +302,9 @@ void read_server_config(ServerOptions *options, const char *filename)
      opcode = parse_token(cp, filename, linenum);
      switch (opcode)
        {
+        case sBadOption:
+          bad_options++;
+          continue;
        case sPort:
          intptr = &options->port;
        parse_int:
@@ -596,4 +601,9 @@ void read_server_config(ServerOptions *options, const char *filename)
        }
    }
  fclose(f);
+  if (bad_options > 0) {
+    fprintf(stderr, "%s: terminating, %d bad configuration options\n", 
+            filename, bad_options);
+    exit(1);
+  }
 }
diff --git a/ssh-keygen.c b/ssh-keygen.c
index e2cb48fd9..4d950aee8 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -14,7 +14,7 @@ Identity and host key generation and maintenance.
 */
 #include "includes.h"
-RCSID("$Id: ssh-keygen.c,v 1.2 1999/11/08 04:30:59 damien Exp $");
+RCSID("$Id: ssh-keygen.c,v 1.3 1999/11/12 04:19:27 damien Exp $");
 #include "rsa.h"
 #include "ssh.h"
@@ -117,7 +117,7 @@ do_change_passphrase(struct passwd *pw)
    xfree(old_passphrase);
  }
  printf("Key has comment '%s'\n", comment);
-   
+  
  /* Ask the new passphrase (twice). */
  if (identity_new_passphrase)
    {
diff --git a/ssh.c b/ssh.c
index be5ad2cc7..1514e185c 100644
--- a/ssh.c
+++ b/ssh.c
@@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada.
 */
 #include "includes.h"
-RCSID("$Id: ssh.c,v 1.5 1999/11/11 06:57:40 damien Exp $");
+RCSID("$Id: ssh.c,v 1.6 1999/11/12 04:19:27 damien Exp $");
 #include "xmalloc.h"
 #include "ssh.h"
@@ -590,7 +590,7 @@ main(int ac, char **av)
  /* Log into the remote system.  This never returns if the login fails. */
  ssh_login(host_private_key_loaded, host_private_key, 
-            host, &hostaddr, &options, original_real_uid);
+            host, &hostaddr, original_real_uid);
  /* We no longer need the host private key.  Clear it now. */
  if (host_private_key_loaded)
diff --git a/ssh.h b/ssh.h
index f33621320..ac98d1814 100644
--- a/ssh.h
+++ b/ssh.h
@@ -13,7 +13,7 @@ Generic header file for ssh.
 */
-/* RCSID("$Id: ssh.h,v 1.11 1999/11/12 00:33:04 damien Exp $"); */
+/* RCSID("$Id: ssh.h,v 1.12 1999/11/12 04:19:27 damien Exp $"); */
 #ifndef SSH_H
 #define SSH_H
@@ -221,60 +221,6 @@ only by root, whereas ssh_config should be world-readable. */
 #define SSH_CMSG_HAVE_KERBEROS_TGT              44      /* credentials (s) */
 #define SSH_CMSG_HAVE_AFS_TOKEN                 65      /* token (s) */
-/*------------ Definitions for logging. -----------------------*/
-/* Supported syslog facilities and levels. */
-typedef enum
-{
-  SYSLOG_FACILITY_DAEMON,
-  SYSLOG_FACILITY_USER,
-  SYSLOG_FACILITY_AUTH,
-  SYSLOG_FACILITY_LOCAL0,
-  SYSLOG_FACILITY_LOCAL1,
-  SYSLOG_FACILITY_LOCAL2,
-  SYSLOG_FACILITY_LOCAL3,
-  SYSLOG_FACILITY_LOCAL4,
-  SYSLOG_FACILITY_LOCAL5,
-  SYSLOG_FACILITY_LOCAL6,
-  SYSLOG_FACILITY_LOCAL7
-} SyslogFacility;
-typedef enum
-{
-  SYSLOG_LEVEL_QUIET,
-  SYSLOG_LEVEL_FATAL,
-  SYSLOG_LEVEL_ERROR,
-  SYSLOG_LEVEL_INFO,
-  SYSLOG_LEVEL_CHAT,
-  SYSLOG_LEVEL_DEBUG
-} LogLevel;
-/* Initializes logging. */
-void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
-/* Logging implementation, depending on server or client */
-void do_log(LogLevel level, const char *fmt, va_list args);
-/* Output a message to syslog or stderr */
-void fatal(const char *fmt, ...);
-void error(const char *fmt, ...);
-void log(const char *fmt, ...);
-void chat(const char *fmt, ...);
-void debug(const char *fmt, ...);
-/* same as fatal() but w/o logging */
-void fatal_cleanup(void);
-/* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting. 
-   It is permissible to call fatal_remove_cleanup for the function itself
-   from the function. */
-void fatal_add_cleanup(void (*proc)(void *context), void *context);
-/* Removes a cleanup function to be called at fatal(). */
-void fatal_remove_cleanup(void (*proc)(void *context), void *context);
 /*------------ definitions for login.c -------------*/
 /* Returns the time when the user last logged in.  Returns 0 if the 
@@ -314,21 +260,15 @@ int ssh_connect(const char *host, struct sockaddr_in *hostaddr,
   This initializes the random state, and leaves it initialized (it will also
   have references from the packet module). */
-/* for Options */
-#include "readconf.h"
 void ssh_login(int host_key_valid, RSA *host_key, const char *host,
-               struct sockaddr_in *hostaddr, Options *options,
+               struct sockaddr_in *hostaddr, uid_t original_real_uid);
-               uid_t original_real_uid);
 /*------------ Definitions for various authentication methods. -------*/
 /* Tries to authenticate the user using the .rhosts file.  Returns true if
   authentication succeeds.  If ignore_rhosts is non-zero, this will not
-   consider .rhosts and .shosts (/etc/hosts.equiv will still be used). 
+   consider .rhosts and .shosts (/etc/hosts.equiv will still be used).  */
-   If strict_modes is true, checks ownership and modes of .rhosts/.shosts. */
+int auth_rhosts(struct passwd *pw, const char *client_user);
-int auth_rhosts(struct passwd *pw, const char *client_user,
-                int ignore_rhosts, int strict_modes);
 /* Tries to authenticate the user using the .rhosts file and the host using
   its host key.  Returns true if authentication succeeds. */
@@ -343,7 +283,7 @@ int auth_password(struct passwd *pw, const char *password);
 /* Performs the RSA authentication dialog with the client.  This returns
   0 if the client could not be authenticated, and 1 if authentication was
   successful.  This may exit if there is a serious protocol violation. */
-int auth_rsa(struct passwd *pw, BIGNUM *client_n, int strict_modes);
+int auth_rsa(struct passwd *pw, BIGNUM *client_n);
 /* Parses an RSA key (number of bits, e, n) from a string.  Moves the pointer
   over the key.  Skips any whitespace at the beginning and at end. */
@@ -421,6 +361,58 @@ int load_public_key(const char *filename, RSA *pub,
 int load_private_key(const char *filename, const char *passphrase,
                     RSA *private_key, char **comment_return);
+/*------------ Definitions for logging. -----------------------*/
+/* Supported syslog facilities and levels. */
+typedef enum
+{
+  SYSLOG_FACILITY_DAEMON,
+  SYSLOG_FACILITY_USER,
+  SYSLOG_FACILITY_AUTH,
+  SYSLOG_FACILITY_LOCAL0,
+  SYSLOG_FACILITY_LOCAL1,
+  SYSLOG_FACILITY_LOCAL2,
+  SYSLOG_FACILITY_LOCAL3,
+  SYSLOG_FACILITY_LOCAL4,
+  SYSLOG_FACILITY_LOCAL5,
+  SYSLOG_FACILITY_LOCAL6,
+  SYSLOG_FACILITY_LOCAL7
+} SyslogFacility;
+typedef enum
+{
+  SYSLOG_LEVEL_QUIET,
+  SYSLOG_LEVEL_FATAL,
+  SYSLOG_LEVEL_ERROR,
+  SYSLOG_LEVEL_INFO,
+  SYSLOG_LEVEL_CHAT,
+  SYSLOG_LEVEL_DEBUG
+} LogLevel;
+/* Initializes logging. */
+void log_init(char *av0, LogLevel level, SyslogFacility facility, int on_stderr);
+/* Logging implementation, depending on server or client */
+void do_log(LogLevel level, const char *fmt, va_list args);
+/* Output a message to syslog or stderr */
+void fatal(const char *fmt, ...);
+void error(const char *fmt, ...);
+void log(const char *fmt, ...);
+void chat(const char *fmt, ...);
+void debug(const char *fmt, ...);
+/* same as fatal() but w/o logging */
+void fatal_cleanup(void);
+/* Registers a cleanup function to be called by fatal()/fatal_cleanup() before exiting. 
+   It is permissible to call fatal_remove_cleanup for the function itself
+   from the function. */
+void fatal_add_cleanup(void (*proc)(void *context), void *context);
+/* Removes a cleanup function to be called at fatal(). */
+void fatal_remove_cleanup(void (*proc)(void *context), void *context);
 /*---------------- definitions for channels ------------------*/
 /* Sets specific protocol options. */
diff --git a/sshconnect.c b/sshconnect.c
index a16e25a8d..80e4aff4a 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -16,7 +16,7 @@ login (authentication) dialog.
 #include "config.h"
 #include "includes.h"
-RCSID("$Id: sshconnect.c,v 1.5 1999/11/08 23:35:52 damien Exp $");
+RCSID("$Id: sshconnect.c,v 1.6 1999/11/12 04:19:27 damien Exp $");
 #ifdef HAVE_OPENSSL
 #include <openssl/bn.h>
@@ -36,7 +36,7 @@ RCSID("$Id: sshconnect.c,v 1.5 1999/11/08 23:35:52 damien Exp $");
 #include "mpaux.h"
 #include "uidswap.h"
 #include "compat.h"
+#include "readconf.h"
 /* Session id for the current session. */
 unsigned char session_id[16];
@@ -486,9 +486,9 @@ respond_to_rsa_challenge(BIGNUM *challenge, RSA *prv)
   the user using it. */
 int
-try_rsa_authentication(struct passwd *pw, const char *authfile,
+try_rsa_authentication(struct passwd *pw, const char *authfile)
-                       int may_ask_passphrase)
 {
+  extern Options options;
  BIGNUM *challenge;
  RSA *private_key;
  RSA *public_key;
@@ -550,7 +550,7 @@ try_rsa_authentication(struct passwd *pw, const char *authfile,
         return. */
      snprintf(buf, sizeof buf,
        "Enter passphrase for RSA key '%.100s': ", comment);
-      if (may_ask_passphrase)
+      if (!options.batch_mode)
        passphrase = read_passphrase(buf, 0);
      else
        {
@@ -1014,8 +1014,9 @@ void ssh_login(int host_key_valid,
               RSA *own_host_key,
               const char *orighost, 
               struct sockaddr_in *hostaddr,
-               Options *options, uid_t original_real_uid)
+               uid_t original_real_uid)
 {
+  extern Options options;
  int i, type;
  char *password;
  struct passwd *pw;
@@ -1035,7 +1036,7 @@ void ssh_login(int host_key_valid,
  int payload_len, clen, sum_len = 0;
  u_int32_t rand = 0;
-  if (options->check_host_ip)
+  if (options.check_host_ip)
    ip = xstrdup(inet_ntoa(hostaddr->sin_addr));
  /* Convert the user-supplied hostname into all lowercase. */
@@ -1056,7 +1057,7 @@ void ssh_login(int host_key_valid,
  if (!pw)
    fatal("User id %d not found from user database.", original_real_uid);
  local_user = xstrdup(pw->pw_name);
-  server_user = options->user ? options->user : local_user;
+  server_user = options.user ? options.user : local_user;
  debug("Waiting for server public key.");
@@ -1132,12 +1133,12 @@ void ssh_login(int host_key_valid,
  /* Check if the host key is present in the user\'s list of known hosts
     or in the systemwide list. */
-  host_status = check_host_in_hostfile(options->user_hostfile, 
+  host_status = check_host_in_hostfile(options.user_hostfile, 
                                       host, BN_num_bits(host_key->n), 
                                       host_key->e, host_key->n,
                                       file_key->e, file_key->n);
  if (host_status == HOST_NEW)
-    host_status = check_host_in_hostfile(options->system_hostfile, host, 
+    host_status = check_host_in_hostfile(options.system_hostfile, host, 
                                         BN_num_bits(host_key->n),
                                         host_key->e, host_key->n,
                                         file_key->e, file_key->n);
@@ -1154,17 +1155,17 @@ void ssh_login(int host_key_valid,
  /* Also perform check for the ip address, skip the check if we are
     localhost or the hostname was an ip address to begin with */
-  if (options->check_host_ip && !local && strcmp(host, ip)) {
+  if (options.check_host_ip && !local && strcmp(host, ip)) {
    RSA *ip_key = RSA_new();
    ip_key->n = BN_new();
    ip_key->e = BN_new();
-    ip_status = check_host_in_hostfile(options->user_hostfile, ip,
+    ip_status = check_host_in_hostfile(options.user_hostfile, ip,
                                       BN_num_bits(host_key->n),
                                       host_key->e, host_key->n,
                                       ip_key->e, ip_key->n);
    if (ip_status == HOST_NEW)
-      ip_status = check_host_in_hostfile(options->system_hostfile, ip,
+      ip_status = check_host_in_hostfile(options.system_hostfile, ip,
                                         BN_num_bits(host_key->n),
                                         host_key->e, host_key->n,
                                         ip_key->e, ip_key->n);
@@ -1183,13 +1184,13 @@ void ssh_login(int host_key_valid,
  case HOST_OK:
    /* The host is known and the key matches. */
    debug("Host '%.200s' is known and matches the host key.", host);
-    if (options->check_host_ip) {
+    if (options.check_host_ip) {
      if (ip_status == HOST_NEW) {
-        if (!add_host_to_hostfile(options->user_hostfile, ip,
+        if (!add_host_to_hostfile(options.user_hostfile, ip,
                                  BN_num_bits(host_key->n), 
                                  host_key->e, host_key->n))
          log("Failed to add the host ip to the list of known hosts (%.30s).", 
-              options->user_hostfile);
+              options.user_hostfile);
        else
          log("Warning: Permanently added host ip '%.30s' to the list of known hosts.", ip);
      } else if (ip_status != HOST_OK)
@@ -1201,12 +1202,12 @@ void ssh_login(int host_key_valid,
    {
      char hostline[1000], *hostp = hostline;
      /* The host is new. */
-      if (options->strict_host_key_checking == 1) {
+      if (options.strict_host_key_checking == 1) {
        /* User has requested strict host key checking.  We will not
           add the host key automatically.  The only alternative left
           is to abort. */
        fatal("No host key is known for %.200s and you have requested strict checking.", host);
-      } else if (options->strict_host_key_checking == 2) { /* The default */
+      } else if (options.strict_host_key_checking == 2) { /* The default */
        char prompt[1024];
        snprintf(prompt, sizeof(prompt),
                 "The authenticity of host '%.200s' can't be established.\n"
@@ -1216,25 +1217,25 @@ void ssh_login(int host_key_valid,
          fatal("Aborted by user!\n");
      }
      
-      if (options->check_host_ip && ip_status == HOST_NEW && strcmp(host, ip))
+      if (options.check_host_ip && ip_status == HOST_NEW && strcmp(host, ip))
        snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
      else
        hostp = host;
      
      /* If not in strict mode, add the key automatically to the local
         known_hosts file. */
-      if (!add_host_to_hostfile(options->user_hostfile, hostp,
+      if (!add_host_to_hostfile(options.user_hostfile, hostp,
                                BN_num_bits(host_key->n), 
                                host_key->e, host_key->n))
        log("Failed to add the host to the list of known hosts (%.500s).", 
-            options->user_hostfile);
+            options.user_hostfile);
      else
        log("Warning: Permanently added '%.200s' to the list of known hosts.",
            hostp);
      break;
    }
  case HOST_CHANGED:
-    if (options->check_host_ip) {
+    if (options.check_host_ip) {
      if (host_ip_differ) {
        error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
        error("@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @");
@@ -1256,23 +1257,23 @@ void ssh_login(int host_key_valid,
    error("It is also possible that the host key has just been changed.");
    error("Please contact your system administrator.");
    error("Add correct host key in %.100s to get rid of this message.", 
-          options->user_hostfile);
+          options.user_hostfile);
    
    /* If strict host key checking is in use, the user will have to edit
       the key manually and we can only abort. */
-    if (options->strict_host_key_checking)
+    if (options.strict_host_key_checking)
      fatal("Host key for %.200s has changed and you have requested strict checking.", host);
    
    /* If strict host key checking has not been requested, allow the
       connection but without password authentication or
       agent forwarding. */
-    if (options->password_authentication) {
+    if (options.password_authentication) {
      error("Password authentication is disabled to avoid trojan horses.");
-      options->password_authentication = 0;
+      options.password_authentication = 0;
    }
-    if (options->forward_agent) {
+    if (options.forward_agent) {
      error("Agent forwarding is disabled to avoid trojan horses.");
-      options->forward_agent = 0;
+      options.forward_agent = 0;
    }
    /* XXX Should permit the user to change to use the new id.  This could
       be done by converting the host key to an identifying sentence, tell
@@ -1281,7 +1282,7 @@ void ssh_login(int host_key_valid,
    break;
  }
-  if (options->check_host_ip)
+  if (options.check_host_ip)
    xfree(ip);
  
  /* Generate a session key. */
@@ -1344,27 +1345,27 @@ void ssh_login(int host_key_valid,
      rsa_public_encrypt(key, key, public_key);
    }
-  if (options->cipher == SSH_CIPHER_NOT_SET) {
+  if (options.cipher == SSH_CIPHER_NOT_SET) {
    if (cipher_mask() & supported_ciphers & (1 << ssh_cipher_default))
-      options->cipher = ssh_cipher_default;
+      options.cipher = ssh_cipher_default;
    else {
      debug("Cipher %d not supported, using %.100s instead.",
            cipher_name(ssh_cipher_default),
            cipher_name(SSH_FALLBACK_CIPHER));
-      options->cipher = SSH_FALLBACK_CIPHER;
+      options.cipher = SSH_FALLBACK_CIPHER;
    }
  }
  /* Check that the selected cipher is supported. */
-  if (!(supported_ciphers & (1 << options->cipher)))
+  if (!(supported_ciphers & (1 << options.cipher)))
    fatal("Selected cipher type %.100s not supported by server.", 
-          cipher_name(options->cipher));
+          cipher_name(options.cipher));
-  debug("Encryption type: %.100s", cipher_name(options->cipher));
+  debug("Encryption type: %.100s", cipher_name(options.cipher));
  /* Send the encrypted session key to the server. */
  packet_start(SSH_CMSG_SESSION_KEY);
-  packet_put_char(options->cipher);
+  packet_put_char(options.cipher);
  /* Send the check bytes back to the server. */
  for (i = 0; i < 8; i++)
@@ -1390,7 +1391,7 @@ void ssh_login(int host_key_valid,
  
  /* Set the encryption key. */
  packet_set_encryption_key(session_key, SSH_SESSION_KEY_LENGTH, 
-                            options->cipher, 1);
+                            options.cipher, 1);
  /* We will no longer need the session key here.  Destroy any extra copies. */
  memset(session_key, 0, sizeof(session_key));
@@ -1420,17 +1421,17 @@ void ssh_login(int host_key_valid,
 #ifdef AFS
  /* Try Kerberos tgt passing if the server supports it. */
  if ((supported_authentications & (1 << SSH_PASS_KERBEROS_TGT)) &&
-      options->kerberos_tgt_passing)
+      options.kerberos_tgt_passing)
    {
-      if (options->cipher == SSH_CIPHER_NONE)
+      if (options.cipher == SSH_CIPHER_NONE)
        log("WARNING: Encryption is disabled! Ticket will be transmitted in the clear!");
      (void)send_kerberos_tgt();
    }
  /* Try AFS token passing if the server supports it. */
  if ((supported_authentications & (1 << SSH_PASS_AFS_TOKEN)) &&
-      options->afs_token_passing && k_hasafs())  {
+      options.afs_token_passing && k_hasafs())  {
-    if (options->cipher == SSH_CIPHER_NONE)
+    if (options.cipher == SSH_CIPHER_NONE)
      log("WARNING: Encryption is disabled! Token will be transmitted in the clear!");
    send_afs_tokens();
  }
@@ -1438,7 +1439,7 @@ void ssh_login(int host_key_valid,
  
 #ifdef KRB4
  if ((supported_authentications & (1 << SSH_AUTH_KERBEROS)) &&
-      options->kerberos_authentication)
+      options.kerberos_authentication)
    {
      debug("Trying Kerberos authentication.");
      if (try_kerberos_authentication()) {
@@ -1455,7 +1456,7 @@ void ssh_login(int host_key_valid,
  /* Use rhosts authentication if running in privileged socket and we do not
     wish to remain anonymous. */
  if ((supported_authentications & (1 << SSH_AUTH_RHOSTS)) && 
-      options->rhosts_authentication)
+      options.rhosts_authentication)
    {
      debug("Trying rhosts authentication.");
      packet_start(SSH_CMSG_AUTH_RHOSTS);
@@ -1475,7 +1476,7 @@ void ssh_login(int host_key_valid,
  /* Try .rhosts or /etc/hosts.equiv authentication with RSA host 
     authentication. */
  if ((supported_authentications & (1 << SSH_AUTH_RHOSTS_RSA)) &&
-      options->rhosts_rsa_authentication && host_key_valid)
+      options.rhosts_rsa_authentication && host_key_valid)
    {
      if (try_rhosts_rsa_authentication(local_user, own_host_key))
        return; /* Successful authentication. */
@@ -1483,7 +1484,7 @@ void ssh_login(int host_key_valid,
  /* Try RSA authentication if the server supports it. */
  if ((supported_authentications & (1 << SSH_AUTH_RSA)) &&
-      options->rsa_authentication)
+      options.rsa_authentication)
    {
      /* Try RSA authentication using the authentication agent.  The agent
         is tried first because no passphrase is needed for it, whereas
@@ -1492,23 +1493,22 @@ void ssh_login(int host_key_valid,
        return; /* Successful connection. */
      /* Try RSA authentication for each identity. */
-      for (i = 0; i < options->num_identity_files; i++)
+      for (i = 0; i < options.num_identity_files; i++)
-        if (try_rsa_authentication(pw, options->identity_files[i],
+        if (try_rsa_authentication(pw, options.identity_files[i]))
-                                   !options->batch_mode))
          return; /* Successful connection. */
    }
  
  /* Try password authentication if the server supports it. */
  if ((supported_authentications & (1 << SSH_AUTH_PASSWORD)) &&
-      options->password_authentication && !options->batch_mode)
+      options.password_authentication && !options.batch_mode)
    {
      char prompt[80];
      snprintf(prompt, sizeof(prompt), "%.30s@%.30s's password: ",
        server_user, host);
      debug("Doing password authentication.");
-      if (options->cipher == SSH_CIPHER_NONE)
+      if (options.cipher == SSH_CIPHER_NONE)
        log("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
-      for (i = 0; i < options->number_of_password_prompts; i++) {
+      for (i = 0; i < options.number_of_password_prompts; i++) {
        if (i != 0)
          error("Permission denied, please try again.");
        password = read_passphrase(prompt, 0);
diff --git a/sshd.c b/sshd.c
index 7cc24cd1a..b975c8dcc 100644
--- a/sshd.c
+++ b/sshd.c
@@ -18,7 +18,7 @@ agent connections.
 */
 #include "includes.h"
-RCSID("$Id: sshd.c,v 1.16 1999/11/12 00:33:04 damien Exp $");
+RCSID("$Id: sshd.c,v 1.17 1999/11/12 04:19:27 damien Exp $");
 #include "xmalloc.h"
 #include "rsa.h"
@@ -1343,8 +1343,7 @@ do_authentication(char *user, int privileged_port)
          }
          /* Try to authenticate using /etc/hosts.equiv and .rhosts. */
-          if (auth_rhosts(pw, client_user, options.ignore_rhosts,
+          if (auth_rhosts(pw, client_user))
-                          options.strict_modes))
            {
              /* Authentication accepted. */
              log("Rhosts authentication accepted for %.100s, remote %.100s on %.700s.",
@@ -1431,7 +1430,7 @@ do_authentication(char *user, int privileged_port)
            packet_integrity_check(plen, nlen, type);
            
-            if (auth_rsa(pw, n, options.strict_modes))
+            if (auth_rsa(pw, n))
              { 
                /* Successful authentication. */
                BN_clear_free(n);