7 files changed, 346 insertions, 67 deletions

diff --git a/ChangeLog b/ChangeLog
index 261ca19ba..a87714da7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,7 @@
      rename *-skey.c *-chall.c since the files are not skey specific
  - (djm) Merge patch from Tim Waugh (via Nalin Dahyabhai <nalin@redhat.com>)
    to fix NULL pointer deref and fake authloop breakage in PAM code.
+ - (bal) Updated contrib/cygwin/ by Corinna Vinschen <vinschen@redhat.com>
  
 20010118
  - (bal) Super Sized OpenBSD Resync
diff --git a/auth1.c b/auth1.c
index ee165a442..e990ff57e 100644
--- a/auth1.c
+++ b/auth1.c
@@ -95,7 +95,7 @@ do_authloop(Authctxt *authctxt)
 #ifdef KRB4
             (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
 #endif
-#ifdef USE_PAM                          /* ISSUE: Right?? */
+#ifdef USE_PAM
             auth_pam_password(pw, password)) {
 #else
             auth_password(pw, "")) {
diff --git a/auth2-pam.c b/auth2-pam.c
index d1d840972..adb36163e 100644
--- a/auth2-pam.c
+++ b/auth2-pam.c
@@ -1,5 +1,5 @@
 #include "includes.h"
-RCSID("$Id: auth2-pam.c,v 1.4 2001/01/19 04:46:38 djm Exp $");
+RCSID("$Id: auth2-pam.c,v 1.5 2001/01/19 05:37:32 mouring Exp $");
 
 #ifdef USE_PAM
 #include "ssh.h"
@@ -44,10 +44,6 @@ auth2_pam(Authctxt *authctxt)
         retval = (do_pam_authenticate(0) == PAM_SUCCESS);
         dispatch_set(SSH2_MSG_USERAUTH_INFO_RESPONSE, NULL);
 
-#if 0           /* ISSUE: No longer valid, but should this still be
-                        handled?? */
-        userauth_log(authctxt, retval, method);
-#endif
         return retval;
 }
 
diff --git a/contrib/cygwin/README b/contrib/cygwin/README
index 8c9d0bb73..ac0955836 100644
--- a/contrib/cygwin/README
+++ b/contrib/cygwin/README
@@ -20,18 +20,41 @@ of the files has changed from /usr/local to /usr. The global configuration
 files are in /etc now.
 
 If you are installing OpenSSH the first time, you can generate
-global config files, server keys and your own user keys by running
+global config files and server keys by running
    
-   /usr/bin/ssh-config
+   /usr/bin/ssh-host-config
 
-If you are updating your installation you may run the above ssh-config
+Note that this binary archive doesn't contain default config files in /etc.
+That files are only created if ssh-host-config is started.
+
+If you are updating your installation you may run the above ssh-host-config
 as well to move your configuration files to the new location and to
 erase the files at the old location.
 
-Be sure to start the new ssh-config when updating!
+To support testing and unattended installation ssh-host-config got
+some options:
 
-Note that this binary archive doesn't contain default config files in /etc.
-That files are only created if ssh-config is started.
+usage: ssh-host-config [OPTION]...
+Options:
+    --debug      -d        Enable shell's debug output.
+    --yes        -y        Answer all questions with "yes" automatically.
+    --no         -n        Answer all questions with "no" automatically.
+
+You can create the private and public keys for a user now by running
+
+  /usr/bin/ssh-user-config
+
+under the users account.
+
+To support testing and unattended installation ssh-user-config got
+some options as well:
+
+usage: ssh-user-config [OPTION]...
+Options:
+    --debug      -d        Enable shell's debug output.
+    --yes        -y        Answer all questions with "yes" automatically.
+    --no         -n        Answer all questions with "no" automatically.
+    --passphrase -p word   Use "word" as passphrase automatically.
 
 Install sshd as daemon via SRVANY.EXE (recommended on NT/W2K), via inetd
 (results in very slow deamon startup!) or from the command line (recommended
diff --git a/contrib/cygwin/ssh-config b/contrib/cygwin/ssh-host-config
index 20c8cceb0..6fe2c7795 100755..100644
--- a/contrib/cygwin/ssh-config
+++ b/contrib/cygwin/ssh-host-config
@@ -1,11 +1,9 @@
 #!/bin/sh
 #
-# ssh-config, Copyright 2000, Red Hat Inc.
+# ssh-host-config, Copyright 2000, Red Hat Inc.
 #
 # This file is part of the Cygwin port of OpenSSH.
 
-# set -x
-
 # Subdirectory where the new package is being installed
 PREFIX=/usr
 
@@ -16,8 +14,19 @@ SYSCONFDIR=/etc
 OLDPREFIX=/usr/local
 OLDSYSCONFDIR=${OLDPREFIX}/etc
 
+progname=$0
+auto_answer=""
+
 request()
 {
+  if [ "${auto_answer}" = "yes" ]
+  then
+    return 0
+  elif [ "${auto_answer}" = "no" ]
+  then
+    return 1
+  fi
+
   answer=""
   while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
   do
@@ -32,6 +41,48 @@ request()
   fi
 }
 
+# Check options
+
+while :
+do
+  case $# in
+  0)
+    break
+    ;;
+  esac
+
+  option=$1
+  shift
+
+  case "$option" in
+  -d | --debug )
+    set -x
+    ;;
+
+  -y | --yes )
+    auto_answer=yes
+    ;;
+
+  -n | --no )
+    auto_answer=no
+    ;;
+
+  *)
+    echo "usage: ${progname} [OPTION]..."
+    echo
+    echo "This script creates an OpenSSH host configuration."
+    echo
+    echo "Options:"
+    echo "    --debug  -d     Enable shell's debug output."
+    echo "    --yes    -y     Answer all questions with \"yes\" automatically."
+    echo "    --no     -n     Answer all questions with \"no\" automatically."
+    echo
+    exit 1
+    ;;
+
+  esac
+done
+
 # Check for running ssh/sshd processes first. Refuse to do anything while
 # some ssh processes are still running
 
@@ -71,6 +122,7 @@ fi
 # Check for an old installation in ${OLDPREFIX} unless ${OLDPREFIX} isn't
 # the same as ${PREFIX}
 
+old_install=0
 if [ "${OLDPREFIX}" != "${PREFIX}" ]
 then
   if [ -f "${OLDPREFIX}/sbin/sshd" ]
@@ -116,6 +168,7 @@ then
       rm -f ${OLDPREFIX}/sbin/sshd.exe
       rm -f ${OLDPREFIX}/sbin/sftp-server.exe
     fi
+    old_install=1
   fi
 fi
 
@@ -124,13 +177,19 @@ fi
 if [ ! -f "${SYSCONFDIR}/ssh_host_key" ]
 then
   echo "Generating ${SYSCONFDIR}/ssh_host_key"
-  ssh-keygen -f ${SYSCONFDIR}/ssh_host_key -N ''
+  ssh-keygen -t rsa1 -f ${SYSCONFDIR}/ssh_host_key -N '' > /dev/null
+fi
+
+if [ ! -f "${SYSCONFDIR}/ssh_host_rsa_key" ]
+then
+  echo "Generating ${SYSCONFDIR}/ssh_host_rsa_key"
+  ssh-keygen -t rsa -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' > /dev/null
 fi
 
 if [ ! -f "${SYSCONFDIR}/ssh_host_dsa_key" ]
 then
   echo "Generating ${SYSCONFDIR}/ssh_host_dsa_key"
-  ssh-keygen -d -f ${SYSCONFDIR}/ssh_host_dsa_key -N ''
+  ssh-keygen -t dsa -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' > /dev/null
 fi
 
 # Check if ssh_config exists. If yes, ask for overwriting
@@ -151,7 +210,7 @@ fi
 
 if [ ! -f "${SYSCONFDIR}/ssh_config" ]
 then
-  echo "Creating default ${SYSCONFDIR}/ssh_config file"
+  echo "Generating ${SYSCONFDIR}/ssh_config file"
   cat > ${SYSCONFDIR}/ssh_config << EOF
 # This is ssh client systemwide configuration file.  This file provides 
 # defaults for users, and the values can be changed in per-user configuration
@@ -179,7 +238,6 @@ then
 #   BatchMode no
 #   CheckHostIP yes
 #   StrictHostKeyChecking no
-#   IdentityFile ~/.ssh/identity
 #   Port 22
 #   Protocol 2,1
 #   Cipher 3des
@@ -190,6 +248,11 @@ Host *
         ForwardAgent no
         ForwardX11 no
         FallBackToRsh no
+
+# Try authentification with the following identities
+        IdentityFile ~/.ssh/identity
+        IdentityFile ~/.ssh/id_rsa
+        IdentityFile ~/.ssh/id_dsa
 EOF
 fi
 
@@ -211,15 +274,20 @@ fi
 
 if [ ! -f "${SYSCONFDIR}/sshd_config" ]
 then
-  echo "Creating default ${SYSCONFDIR}/sshd_config file"
+  echo "Generating ${SYSCONFDIR}/sshd_config file"
   cat > ${SYSCONFDIR}/sshd_config << EOF
 # This is ssh server systemwide configuration file.
 
 Port 22
-#Protocol 2,1
+#
+Protocol 2,1
 ListenAddress 0.0.0.0
 #ListenAddress ::
-#HostKey /etc/ssh_host_key
+#
+# Uncomment the following lines according to the used authentication
+HostKey /etc/ssh_host_key
+HostKey /etc/ssh_host_rsa_key
+HostKey /etc/ssh_host_dsa_key
 ServerKeyBits 768
 LoginGraceTime 600
 KeyRegenerationInterval 3600
@@ -262,63 +330,55 @@ UseLogin no
 EOF
 fi
 
-# Ask user if user identity should be generated
-
-if [ "X${HOME}" = "X" ]
-then
-  echo '$HOME is nonexistant. Cannot create user identity files.'
-  exit 1
-fi
-
-if [ ! -d "${HOME}" ]
+# Add port 22/tcp to services
+_sys="`uname -a`"
+_nt=`expr "$_sys" : "CYGWIN_NT"`
+if [ $_nt -gt 0 ]
 then
-  echo '$HOME is not a valid directory. Cannot create user identity files.'
-  exit 1
-fi
-
-# If HOME is the root dir, set HOME to empty string to avoid error messages
-# in subsequent parts of that script.
-if [ "X${HOME}" = "X/" ]
-then
-  HOME=''
+  _wservices="${SYSTEMROOT}\\system32\\drivers\\etc\\services"
+  _wserv_tmp="${SYSTEMROOT}\\system32\\drivers\\etc\\srv.out.$$"
+else
+  _wservices="${WINDIR}\\SERVICES"
+  _wserv_tmp="${WINDIR}\\SERV.$$"
 fi
+_services=`cygpath -u "${_wservices}"`
+_serv_tmp=`cygpath -u "${_wserv_tmp}"`
 
-if [ -e "${HOME}/.ssh" -a ! -d "${HOME}/.ssh" ]
-then
-  echo '$HOME/.ssh is existant but not a directory. Cannot create user identity files.'
-  exit 1
-fi
+mount -b -f "${_wservices}" "${_services}"
+mount -b -f "${_wserv_tmp}" "${_serv_tmp}"
 
-if [ ! -e "${HOME}/.ssh" ]
+if [ `grep -q 'sshd[ \t][ \t]*22' "${_services}"; echo $?` -ne 0 ]
 then
-  mkdir "${HOME}/.ssh"
-  if [ ! -e "${HOME}/.ssh" ]
+  awk '{ if ( $2 ~ /^23\/tcp/ ) print "sshd               22/tcp                           #SSH daemon\r"; print $0; }' < "${_services}" > "${_serv_tmp}"
+  if [ -f "${_serv_tmp}" ]
   then
-    echo "Creating users ${HOME}/.ssh directory failed"
-    exit 1
+    if mv "${_serv_tmp}" "${_services}"
+    then
+      echo "Added sshd to ${_services}"
+    else
+      echo "Adding sshd to ${_services} failed\!"
+    fi
+    rm -f "${_serv_tmp}"
+  else
+    echo "Adding sshd to ${_services} failed\!"
   fi
 fi
 
-if [ ! -f "${HOME}/.ssh/identity" ]
+umount "${_services}"
+umount "${_serv_tmp}"
+
+# Add sshd line to inetd.conf
+if [ -f /etc/inetd.conf ]
 then
-  if request "Shall I create an RSA identity file for you?"
-  then
-    echo "Generating ${HOME}/.ssh/identity"
-    ssh-keygen -f "${HOME}/.ssh/identity"
-  fi
+  grep -q "^[# \t]*sshd" /etc/inetd.conf || echo "# sshd  stream  tcp     nowait  root    /usr/sbin/sshd -i" >> /etc/inetd.conf
 fi
 
-if [ ! -f "${HOME}/.ssh/id_dsa" ]
+if [ "${old_install}" = "1" ]
 then
-  if request "Shall I create an DSA identity file for you? (yes/no) "
-  then
-    echo "Generating ${HOME}/.ssh/id_dsa"
-    ssh-keygen -d -f "${HOME}/.ssh/id_dsa"
-  fi
+  echo
+  echo "Note: If you have used sshd as service or from inetd, don't forget to"
+  echo "      change the path to sshd.exe in the service entry or in inetd.conf."
 fi
 
 echo
-echo "Note: If you have used sshd as service or from inetd, don't forget to"
-echo "      change the path to sshd.exe in the service entry or in inetd.conf."
-echo
-echo "Configuration finished. Have fun!"
+echo "Host configuration finished. Have fun!"
diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config
new file mode 100644
index 000000000..5a76adbaf
--- /dev/null
+++ b/contrib/cygwin/ssh-user-config
@@ -0,0 +1,200 @@
+#!/bin/sh
+#
+# ssh-user-config, Copyright 2000, Red Hat Inc.
+#
+# This file is part of the Cygwin port of OpenSSH.
+
+progname=$0
+auto_answer=""
+auto_passphrase="no"
+passphrase=""
+
+request()
+{
+  if [ "${auto_answer}" = "yes" ]
+  then
+    return 0
+  elif [ "${auto_answer}" = "no" ]
+  then
+    return 1
+  fi
+
+  answer=""
+  while [ "X${answer}" != "Xyes" -a "X${answer}" != "Xno" ]
+  do
+    echo -n "$1 (yes/no) "
+    read answer
+  done
+  if [ "X${answer}" = "Xyes" ]
+  then
+    return 0
+  else
+    return 1
+  fi
+}
+
+# Check options
+
+while :
+do
+  case $# in
+  0)
+    break
+    ;;
+  esac
+
+  option=$1
+  shift
+
+  case "$option" in
+  -d | --debug )
+    set -x
+    ;;
+
+  -y | --yes )
+    auto_answer=yes
+    ;;
+
+  -n | --no )
+    auto_answer=no
+    ;;
+
+  -p | --passphrase )
+    with_passphrase="yes"
+    passphrase=$1
+    shift
+    ;;
+
+  *)
+    echo "usage: ${progname} [OPTION]..."
+    echo
+    echo "This script creates an OpenSSH user configuration."
+    echo
+    echo "Options:"
+    echo "    --debug      -d        Enable shell's debug output."
+    echo "    --yes        -y        Answer all questions with \"yes\" automatically."
+    echo "    --no         -n        Answer all questions with \"no\" automatically."
+    echo "    --passphrase -p word   Use \"word\" as passphrase automatically."
+    echo
+    exit 1
+    ;;
+
+  esac
+done
+
+# Ask user if user identity should be generated
+
+if [ ! -f /etc/passwd ]
+then
+  echo '/etc/passwd is nonexistant. Please generate an /etc/passwd file'
+  echo 'first using mkpasswd. Check if it contains an entry for you and'
+  echo 'please care for the home directory in your entry as well.'
+  exit 1
+fi
+
+uid=`id -u`
+pwdhome=`awk -F: '{ if ( $3 == '${uid}' ) print $6; }' < /etc/passwd`
+
+if [ "X${pwdhome}" = "X" ]
+then
+  echo 'There is no home directory set for you in /etc/passwd.'
+  echo 'Setting $HOME is not sufficient!'
+  exit 1
+fi
+
+if [ ! -d "${pwdhome}" ]
+then
+  echo "${pwdhome} is set in /etc/passwd as your home directory"
+  echo 'but it is not a valid directory. Cannot create user identity files.'
+  exit 1
+fi
+
+# If home is the root dir, set home to empty string to avoid error messages
+# in subsequent parts of that script.
+if [ "X${pwdhome}" = "X/" ]
+then
+  # But first raise a warning!
+  echo 'Your home directory in /etc/passwd is set to root (/). This is not recommended!'
+  if request "Would you like to proceed anyway?"
+  then
+    pwdhome=''
+  else
+    exit 1
+  fi
+fi
+
+if [ -e "${pwdhome}/.ssh" -a ! -d "${pwdhome}/.ssh" ]
+then
+  echo "${pwdhome}/.ssh is existant but not a directory. Cannot create user identity files."
+  exit 1
+fi
+
+if [ ! -e "${pwdhome}/.ssh" ]
+then
+  mkdir "${pwdhome}/.ssh"
+  if [ ! -e "${pwdhome}/.ssh" ]
+  then
+    echo "Creating users ${pwdhome}/.ssh directory failed"
+    exit 1
+  fi
+fi
+
+if [ ! -f "${pwdhome}/.ssh/identity" ]
+then
+  if request "Shall I create an SSH1 RSA identity file for you?"
+  then
+    echo "Generating ${pwdhome}/.ssh/identity"
+    if [ "${with_passphrase}" = "yes" ]
+    then
+      ssh-keygen -t rsa1 -N "${passphrase}" -f "${pwdhome}/.ssh/identity" > /dev/null
+    else
+      ssh-keygen -t rsa1 -f "${pwdhome}/.ssh/identity" > /dev/null
+    fi
+    if request "Do you want to use this identity to login to this machine?"
+    then
+      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
+      cat "${pwdhome}/.ssh/identity.pub" >> "${pwdhome}/.ssh/authorized_keys"
+    fi
+  fi
+fi
+
+if [ ! -f "${pwdhome}/.ssh/id_rsa" ]
+then
+  if request "Shall I create an SSH2 RSA identity file for you? (yes/no) "
+  then
+    echo "Generating ${pwdhome}/.ssh/id_rsa"
+    if [ "${with_passphrase}" = "yes" ]
+    then
+      ssh-keygen -t rsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_rsa" > /dev/null
+    else
+      ssh-keygen -t rsa -f "${pwdhome}/.ssh/id_rsa" > /dev/null
+    fi
+    if request "Do you want to use this identity to login to this machine?"
+    then
+      echo "Adding to ${pwdhome}/.ssh/authorized_keys2"
+      cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys2"
+    fi
+  fi
+fi
+
+if [ ! -f "${pwdhome}/.ssh/id_dsa" ]
+then
+  if request "Shall I create an SSH2 DSA identity file for you? (yes/no) "
+  then
+    echo "Generating ${pwdhome}/.ssh/id_dsa"
+    if [ "${with_passphrase}" = "yes" ]
+    then
+      ssh-keygen -t dsa -N "${passphrase}" -f "${pwdhome}/.ssh/id_dsa" > /dev/null
+    else
+      ssh-keygen -t dsa -f "${pwdhome}/.ssh/id_dsa" > /dev/null
+    fi
+    if request "Do you want to use this identity to login to this machine?"
+    then
+      echo "Adding to ${pwdhome}/.ssh/authorized_keys2"
+      cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys2"
+    fi
+  fi
+fi
+
+echo
+echo "Configuration finished. Have fun!"
diff --git a/session.c b/session.c
index 2c1500431..20975cb6c 100644
--- a/session.c
+++ b/session.c
@@ -2013,7 +2013,6 @@ do_authenticated2(Authctxt *authctxt)
                 startup_pipe = -1;
         }
 #if defined(HAVE_LOGIN_CAP) && defined(HAVE_PW_CLASS_IN_PASSWD)
-                /* ISSUE: Is this correct? */
         if ((lc = login_getclass(authctxt->pw->pw_class)) == NULL) {
                 error("unable to get login class");
                 return;