6 files changed, 47 insertions, 40 deletions

diff --git a/ChangeLog b/ChangeLog
index eeceec348..f015f5620 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,16 @@
  - OpenBSD CVS update
    [packet.c]
    - send debug messages in SSH2 format
+   [scp.c]
+   - fix very rare EAGAIN/EINTR issues; based on work by djm
+   [packet.c]
+   - less debug, rm unused
+   [auth2.c]
+   - disable kerb,s/key in ssh2
+   [sshd.8]
+   - Minor tweaks and typo fixes.
+   [ssh-keygen.c]
+   - Put -d into usage and reorder. markus ok.
  - Include missing headers for OpenSSL tests. Fix from Phil Karn 
    <karn@ka9q.ampr.org>
  - Fixed __progname symbol collisions reported by Andre Lucas 
diff --git a/auth2.c b/auth2.c
index 9937ed678..cfe63cdf1 100644
--- a/auth2.c
+++ b/auth2.c
@@ -27,7 +27,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: auth2.c,v 1.3 2000/04/27 15:23:02 markus Exp $");
+RCSID("$OpenBSD: auth2.c,v 1.4 2000/05/01 07:45:08 markus Exp $");
 
 #include <openssl/dsa.h>
 #include <openssl/rsa.h>
@@ -92,6 +92,10 @@ static int userauth_success = 0;
 void
 do_authentication2()
 {
+        /* turn off skey/kerberos, not supported by SSH2 */
+        options.skey_authentication = 0;
+        options.kerberos_authentication = 0;
+
         dispatch_init(&protocol_error);
         dispatch_set(SSH2_MSG_SERVICE_REQUEST, &input_service_request);
         dispatch_run(DISPATCH_BLOCK, &userauth_success);
diff --git a/packet.c b/packet.c
index 73a96b986..e70d06091 100644
--- a/packet.c
+++ b/packet.c
@@ -17,7 +17,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: packet.c,v 1.20 2000/04/30 22:24:07 damien Exp $");
+RCSID("$Id: packet.c,v 1.21 2000/05/01 11:10:33 damien Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -130,7 +130,7 @@ clear_enc_keys(Enc *enc, int len)
 void
 packet_set_ssh2_format(void)
 {
-        debug("use_ssh2_packet_format");
+        DBG(debug("use_ssh2_packet_format"));
         use_ssh2_packet_format = 1;
 }
 
@@ -613,7 +613,7 @@ packet_send2()
                         fatal("packet_send2: no KEX");
                 if (mac->md != NULL)
                         mac->enabled = 1;
-                debug("cipher_set_key_iv send_context");
+                DBG(debug("cipher_set_key_iv send_context"));
                 cipher_set_key_iv(&send_context, enc->type,
                     enc->key, enc->key_len,
                     enc->iv, enc->iv_len);
@@ -636,13 +636,6 @@ packet_send()
         DBG(debug("packet_send done"));
 }
 
-void
-packet_send_and_wait()
-{
-        packet_send();
-        packet_write_wait();
-}
-
 /*
  * Waits until a packet has been received, and returns its type.  Note that
  * no other data is processed until this returns, so this function should not
@@ -921,7 +914,7 @@ packet_read_poll2(int *payload_len_ptr)
                         fatal("packet_read_poll2: no KEX");
                 if (mac->md != NULL)
                         mac->enabled = 1;
-                debug("cipher_set_key_iv receive_context");
+                DBG(debug("cipher_set_key_iv receive_context"));
                 cipher_set_key_iv(&receive_context, enc->type,
                     enc->key, enc->key_len,
                     enc->iv, enc->iv_len);
diff --git a/scp.c b/scp.c
index 64869f976..2ac106290 100644
--- a/scp.c
+++ b/scp.c
@@ -45,7 +45,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: scp.c,v 1.20 2000/04/19 06:26:14 damien Exp $");
+RCSID("$Id: scp.c,v 1.21 2000/05/01 11:10:33 damien Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -543,7 +543,7 @@ syserr:			run_err("%s: %s", name, strerror(errno));
                         (void) sprintf(buf, "T%lu 0 %lu 0\n",
                                        (unsigned long) stb.st_mtime,
                                        (unsigned long) stb.st_atime);
-                        (void) write(remout, buf, strlen(buf));
+                        (void) atomicio(write, remout, buf, strlen(buf));
                         if (response() < 0)
                                 goto next;
                 }
@@ -556,7 +556,7 @@ syserr:			run_err("%s: %s", name, strerror(errno));
                         fprintf(stderr, "Sending file modes: %s", buf);
                         fflush(stderr);
                 }
-                (void) write(remout, buf, strlen(buf));
+                (void) atomicio(write, remout, buf, strlen(buf));
                 if (response() < 0)
                         goto next;
                 if ((bp = allocbuf(&buffer, fd, 2048)) == NULL) {
@@ -578,7 +578,7 @@ next:			(void) close(fd);
                                         haderr = result >= 0 ? EIO : errno;
                         }
                         if (haderr)
-                                (void) write(remout, bp->buf, amt);
+                                (void) atomicio(write, remout, bp->buf, amt);
                         else {
                                 result = atomicio(write, remout, bp->buf, amt);
                                 if (result != amt)
@@ -592,7 +592,7 @@ next:			(void) close(fd);
                 if (close(fd) < 0 && !haderr)
                         haderr = errno;
                 if (!haderr)
-                        (void) write(remout, "", 1);
+                        (void) atomicio(write, remout, "", 1);
                 else
                         run_err("%s: %s", name, strerror(haderr));
                 (void) response();
@@ -621,7 +621,7 @@ rsource(name, statp)
                 (void) sprintf(path, "T%lu 0 %lu 0\n",
                                (unsigned long) statp->st_mtime,
                                (unsigned long) statp->st_atime);
-                (void) write(remout, path, strlen(path));
+                (void) atomicio(write, remout, path, strlen(path));
                 if (response() < 0) {
                         closedir(dirp);
                         return;
@@ -632,7 +632,7 @@ rsource(name, statp)
                        0, last);
         if (verbose_mode)
                 fprintf(stderr, "Entering directory: %s", path);
-        (void) write(remout, path, strlen(path));
+        (void) atomicio(write, remout, path, strlen(path));
         if (response() < 0) {
                 closedir(dirp);
                 return;
@@ -651,7 +651,7 @@ rsource(name, statp)
                 source(1, vect);
         }
         (void) closedir(dirp);
-        (void) write(remout, "E\n", 2);
+        (void) atomicio(write, remout, "E\n", 2);
         (void) response();
 }
 
@@ -687,7 +687,7 @@ sink(argc, argv)
         if (targetshouldbedirectory)
                 verifydir(targ);
 
-        (void) write(remout, "", 1);
+        (void) atomicio(write, remout, "", 1);
         if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode))
                 targisdir = 1;
         for (first = 1;; first = 0) {
@@ -705,7 +705,7 @@ sink(argc, argv)
 
                 if (buf[0] == '\01' || buf[0] == '\02') {
                         if (iamremote == 0)
-                                (void) write(STDERR_FILENO,
+                                (void) atomicio(write, STDERR_FILENO,
                                              buf + 1, strlen(buf + 1));
                         if (buf[0] == '\02')
                                 exit(1);
@@ -713,7 +713,7 @@ sink(argc, argv)
                         continue;
                 }
                 if (buf[0] == 'E') {
-                        (void) write(remout, "", 1);
+                        (void) atomicio(write, remout, "", 1);
                         return;
                 }
                 if (ch == '\n')
@@ -737,7 +737,7 @@ sink(argc, argv)
                         getnum(dummy_usec);
                         if (*cp++ != '\0')
                                 SCREWUP("atime.usec not delimited");
-                        (void) write(remout, "", 1);
+                        (void) atomicio(write, remout, "", 1);
                         continue;
                 }
                 if (*cp != 'C' && *cp != 'D') {
@@ -816,7 +816,7 @@ sink(argc, argv)
 bad:                    run_err("%s: %s", np, strerror(errno));
                         continue;
                 }
-                (void) write(remout, "", 1);
+                (void) atomicio(write, remout, "", 1);
                 if ((bp = allocbuf(&buffer, ofd, 4096)) == NULL) {
                         (void) close(ofd);
                         continue;
@@ -897,7 +897,7 @@ bad:			run_err("%s: %s", np, strerror(errno));
                         run_err("%s: %s", np, strerror(wrerrno));
                         break;
                 case NO:
-                        (void) write(remout, "", 1);
+                        (void) atomicio(write, remout, "", 1);
                         break;
                 case DISPLAYED:
                         break;
@@ -932,7 +932,7 @@ response()
                 } while (cp < &rbuf[sizeof(rbuf) - 1] && ch != '\n');
 
                 if (!iamremote)
-                        (void) write(STDERR_FILENO, rbuf, cp - rbuf);
+                        (void) atomicio(write, STDERR_FILENO, rbuf, cp - rbuf);
                 ++errs;
                 if (resp == 1)
                         return (-1);
@@ -1008,7 +1008,7 @@ run_err(const char *fmt,...)
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- *      $Id: scp.c,v 1.20 2000/04/19 06:26:14 damien Exp $
+ *      $Id: scp.c,v 1.21 2000/05/01 11:10:33 damien Exp $
  */
 
 char *
@@ -1240,7 +1240,7 @@ progressmeter(int flag)
                 alarmtimer(1);
         } else if (flag == 1) {
                 alarmtimer(0);
-                write(fileno(stdout), "\n", 1);
+                atomicio(write, fileno(stdout), "\n", 1);
                 statbytes = 0;
         }
 }
diff --git a/ssh-keygen.c b/ssh-keygen.c
index d86396896..2154e1ebf 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -7,7 +7,7 @@
  */
 
 #include "includes.h"
-RCSID("$Id: ssh-keygen.c,v 1.15 2000/05/01 10:59:51 damien Exp $");
+RCSID("$Id: ssh-keygen.c,v 1.16 2000/05/01 11:10:34 damien Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -492,7 +492,7 @@ void
 usage(void)
 {
         printf("ssh-keygen version %s\n", SSH_VERSION);
-        printf("Usage: %s [-b bits] [-p] [-c] [-l] [-x] [-X] [-y] [-f file] [-P pass] [-N new-pass] [-C comment]\n", __progname);
+        printf("Usage: %s [-b bits] [-c] [-d] [-f file] [-l] [-p] [-q] [-x] [-y] [-C comment] [-N new-pass] [-P pass] [-X]\n", __progname);
         exit(1);
 }
 
diff --git a/sshd.8 b/sshd.8
index cd7f9002f..9d8764a9c 100644
--- a/sshd.8
+++ b/sshd.8
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: sshd.8,v 1.18 2000/04/20 13:27:27 damien Exp $
+.\" $Id: sshd.8,v 1.19 2000/05/01 11:10:34 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSHD 8
@@ -31,7 +31,7 @@
 .Nm
 (Secure Shell Daemon) is the daemon program for
 .Xr ssh 1 .
-Together these programs replace rlogin and rsh programs, and
+Together these programs replace rlogin and rsh, and
 provide secure encrypted communications between two untrusted hosts
 over an insecure network.
 The programs are intended to be as easy to
@@ -56,19 +56,19 @@ the daemon starts, it generates a server RSA key (normally 768 bits).
 This key is normally regenerated every hour if it has been used, and
 is never stored on disk.
 .Pp
-Whenever a client connects the daemon, the daemon sends its host
-and server public keys to the client.
+Whenever a client connects the daemon responds with its public
+host and server keys.
 The client compares the
 host key against its own database to verify that it has not changed.
 The client then generates a 256 bit random number.
 It encrypts this
 random number using both the host key and the server key, and sends
 the encrypted number to the server.
-Both sides then start to use this
+Both sides then use this
 random number as a session key which is used to encrypt all further
 communications in the session.
 The rest of the session is encrypted
-using a conventional cipher, currently Blowfish and 3DES, with 3DES
+using a conventional cipher, currently Blowfish or 3DES, with 3DES
 being used by default.
 The client selects the encryption algorithm
 to use from those offered by the server.
@@ -95,7 +95,7 @@ are disabled (thus completely disabling
 .Xr rlogin 1
 and
 .Xr rsh 1
-into that machine).
+into the machine).
 .Pp
 If the client successfully authenticates itself, a dialog for
 preparing the session is entered.
@@ -188,9 +188,9 @@ authentication, and termination of each connection is logged.
 Do not print an error message if RSA support is missing.
 .It Fl V Ar client_protocol_id
 SSH2 compatibility mode.
-When this options is specified
+When this option is specified
 .Nm
-assumes the client has sent the given version string
+assumes the client has sent the supplied version string
 and skips the
 Protocol Version Identification Exchange.
 .It Fl 4