28 files changed, 424 insertions, 133 deletions

diff --git a/ChangeLog b/ChangeLog
index f3edcd44f..656779c25 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,70 @@
+20010118
+ - (bal) Super Sized OpenBSD Resync
+   - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus
+     [sshd.c]
+     maxfd+1
+   - markus@cvs.openbsd.org 2001/01/13 17:59:18
+     [ssh-keygen.1]
+     small ssh-keygen manpage cleanup; stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/13 18:03:07
+     [scp.c ssh-keygen.c sshd.c]
+     getopt() returns -1 not EOF; stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/13 18:06:54
+     [ssh-keyscan.c]
+     use SSH_DEFAULT_PORT; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/13 18:12:47
+     [ssh-keyscan.c]
+     free() -> xfree(); fix memory leak; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2001/01/13 18:14:13
+     [ssh-add.c]
+     typo, from stevesk@sweden.hp.com
+   - markus@cvs.openbsd.org 2001/01/13 18:32:50
+     [packet.c session.c ssh.c sshconnect.c sshd.c] 
+     split out keepalive from packet_interactive (from dale@accentre.com)
+     set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too.
+   - markus@cvs.openbsd.org 2001/01/13 18:36:45
+     [packet.c packet.h]
+     reorder, typo
+   - markus@cvs.openbsd.org 2001/01/13 18:38:00
+     [auth-options.c]
+     fix comment
+   - markus@cvs.openbsd.org 2001/01/13 18:43:31
+     [session.c]
+     Wall
+   - markus@cvs.openbsd.org 2001/01/13 19:14:08 
+     [clientloop.h clientloop.c ssh.c]
+     move callback to headerfile
+   - markus@cvs.openbsd.org 2001/01/15 21:40:10
+     [ssh.c]
+     use log() instead of stderr
+   - markus@cvs.openbsd.org 2001/01/15 21:43:51
+     [dh.c]
+     use error() not stderr!
+   - markus@cvs.openbsd.org 2001/01/15 21:45:29
+     [sftp-server.c]
+     rename must fail if newpath exists, debug off by default
+   - markus@cvs.openbsd.org 2001/01/15 21:46:38
+     [sftp-server.c]
+     readable long listing for sftp-server, ok deraadt@
+   - markus@cvs.openbsd.org 2001/01/16 19:20:06
+     [key.c ssh-rsa.c]
+     make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from 
+     galb@vandyke.com.  note that you have to delete older ssh2-rsa keys, 
+     since they are in the wrong format, too. they must be removed from 
+     .ssh/authorized_keys2 and .ssh/known_hosts2, etc.
+     (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP 
+     .ssh/authorized_keys2) additionally, we now check that 
+     BN_num_bits(rsa->n) >= 768.
+   - markus@cvs.openbsd.org 2001/01/16 20:54:27
+     [sftp-server.c]
+     remove some statics. simpler handles; idea from nisse@lysator.liu.se
+   - deraadt@cvs.openbsd.org 2001/01/16 23:58:08
+     [bufaux.c radix.c sshconnect.h sshconnect1.c]
+     indent
+ - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may
+   be missing such feature.
+
+ 
 20010117
  - (djm) Only write random seed file at exit
  - (djm) Make PAM support optional, enable with --with-pam
diff --git a/Makefile.in b/Makefile.in
index 1080f26ec..d56cd640a 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -39,7 +39,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keys
 
 LIBSSH_OBJS=atomicio.o authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o cipher.o cli.o compat.o compress.o crc32.o cygwin_util.o deattack.o dispatch.o hmac.o hostfile.o key.o kex.o log.o match.o mpaux.o nchan.o packet.o radix.o rijndael.o entropy.o readpass.o rsa.o ssh-dss.o ssh-rsa.o tildexpand.o ttymodes.o uidswap.o util.o uuencode.o xmalloc.o 
 
-LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
+LIBOPENBSD_COMPAT_OBJS=bsd-arc4random.o bsd-base64.o bsd-bindresvport.o bsd-daemon.o bsd-getcwd.o bsd-getgrouplist.o bsd-inet_aton.o bsd-inet_ntoa.o bsd-misc.o bsd-mktemp.o bsd-realpath.o bsd-rresvport.o bsd-setenv.o bsd-sigaction.o bsd-snprintf.o bsd-strlcat.o bsd-strlcpy.o bsd-strmode.o bsd-strsep.o bsd-strtok.o bsd-vis.o bsd-setproctitle.o bsd-waitpid.o fake-getaddrinfo.o fake-getnameinfo.o next-posix.o
 
 SSHOBJS= ssh.o sshconnect.o sshconnect1.o sshconnect2.o log-client.o readconf.o clientloop.o
 
diff --git a/auth-options.c b/auth-options.c
index c598f70df..ef61d8df8 100644
--- a/auth-options.c
+++ b/auth-options.c
@@ -2,10 +2,6 @@
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
- * RSA-based authentication.  This code determines whether to admit a login
- * based on RSA authentication.  This file also contains functions to check
- * validity of the host key.
- *
  * As far as I am concerned, the code I have written for this software
  * can be used freely for any purpose.  Any derived versions of this
  * software must be clearly marked as such, and if the derived work is
@@ -14,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.7 2000/12/19 23:17:54 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.8 2001/01/13 18:38:00 markus Exp $");
 
 #include "ssh.h"
 #include "packet.h"
diff --git a/bsd-strmode.c b/bsd-strmode.c
new file mode 100644
index 000000000..2e2d9054e
--- /dev/null
+++ b/bsd-strmode.c
@@ -0,0 +1,156 @@
+/*-
+ * Copyright (c) 1990 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *      This product includes software developed by the University of
+ *      California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#ifndef HAVE_STRMODE
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strmode.c,v 1.3 1997/06/13 13:57:20 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <string.h>
+
+void
+strmode(mode, p)
+        register mode_t mode;
+        register char *p;
+{
+         /* print type */
+        switch (mode & S_IFMT) {
+        case S_IFDIR:                   /* directory */
+                *p++ = 'd';
+                break;
+        case S_IFCHR:                   /* character special */
+                *p++ = 'c';
+                break;
+        case S_IFBLK:                   /* block special */
+                *p++ = 'b';
+                break;
+        case S_IFREG:                   /* regular */
+                *p++ = '-';
+                break;
+        case S_IFLNK:                   /* symbolic link */
+                *p++ = 'l';
+                break;
+        case S_IFSOCK:                  /* socket */
+                *p++ = 's';
+                break;
+#ifdef S_IFIFO
+        case S_IFIFO:                   /* fifo */
+                *p++ = 'p';
+                break;
+#endif
+#ifdef S_IFWHT
+        case S_IFWHT:                   /* whiteout */
+                *p++ = 'w';
+                break;
+#endif
+        default:                        /* unknown */
+                *p++ = '?';
+                break;
+        }
+        /* usr */
+        if (mode & S_IRUSR)
+                *p++ = 'r';
+        else
+                *p++ = '-';
+        if (mode & S_IWUSR)
+                *p++ = 'w';
+        else
+                *p++ = '-';
+        switch (mode & (S_IXUSR | S_ISUID)) {
+        case 0:
+                *p++ = '-';
+                break;
+        case S_IXUSR:
+                *p++ = 'x';
+                break;
+        case S_ISUID:
+                *p++ = 'S';
+                break;
+        case S_IXUSR | S_ISUID:
+                *p++ = 's';
+                break;
+        }
+        /* group */
+        if (mode & S_IRGRP)
+                *p++ = 'r';
+        else
+                *p++ = '-';
+        if (mode & S_IWGRP)
+                *p++ = 'w';
+        else
+                *p++ = '-';
+        switch (mode & (S_IXGRP | S_ISGID)) {
+        case 0:
+                *p++ = '-';
+                break;
+        case S_IXGRP:
+                *p++ = 'x';
+                break;
+        case S_ISGID:
+                *p++ = 'S';
+                break;
+        case S_IXGRP | S_ISGID:
+                *p++ = 's';
+                break;
+        }
+        /* other */
+        if (mode & S_IROTH)
+                *p++ = 'r';
+        else
+                *p++ = '-';
+        if (mode & S_IWOTH)
+                *p++ = 'w';
+        else
+                *p++ = '-';
+        switch (mode & (S_IXOTH | S_ISVTX)) {
+        case 0:
+                *p++ = '-';
+                break;
+        case S_IXOTH:
+                *p++ = 'x';
+                break;
+        case S_ISVTX:
+                *p++ = 'T';
+                break;
+        case S_IXOTH | S_ISVTX:
+                *p++ = 't';
+                break;
+        }
+        *p++ = ' ';             /* will be a '+' if ACL's implemented */
+        *p = '\0';
+}
+#endif
diff --git a/bsd-strmode.h b/bsd-strmode.h
new file mode 100644
index 000000000..773d6bdcd
--- /dev/null
+++ b/bsd-strmode.h
@@ -0,0 +1,5 @@
+#ifndef HAVE_STRMODE
+
+void strmode( register mode_t mode, register char *p);
+
+#endif
diff --git a/bufaux.c b/bufaux.c
index 149677f74..2d20ad6db 100644
--- a/bufaux.c
+++ b/bufaux.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: bufaux.c,v 1.15 2001/01/10 22:56:22 markus Exp $");
+RCSID("$OpenBSD: bufaux.c,v 1.16 2001/01/16 23:58:08 deraadt Exp $");
 
 #include "ssh.h"
 #include <openssl/bn.h>
@@ -90,7 +90,7 @@ buffer_get_bignum(Buffer *buffer, BIGNUM *value)
         bytes = (bits + 7) / 8;
         if (buffer_len(buffer) < bytes)
                 fatal("buffer_get_bignum: input buffer too small");
-        bin = (u_char*) buffer_ptr(buffer);
+        bin = (u_char *) buffer_ptr(buffer);
         BN_bin2bn(bin, bytes, value);
         buffer_consume(buffer, bytes);
 
diff --git a/clientloop.c b/clientloop.c
index 44a79d0e0..9079bcda8 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.42 2000/12/19 23:17:56 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.43 2001/01/13 19:14:08 markus Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -79,6 +79,7 @@ RCSID("$OpenBSD: clientloop.c,v 1.42 2000/12/19 23:17:56 markus Exp $");
 #include <openssl/rsa.h>
 #include "key.h"
 #include "authfd.h"
+#include "clientloop.h"
 
 /* import options */
 extern Options options;
@@ -1247,9 +1248,9 @@ client_input_channel_req(int id, void *arg)
 }
 
 void
-client_set_session_ident(int id)
+clientloop_set_session_ident(int id)
 {
-        debug2("client_set_session_ident: id %d", id);
+        debug2("clientloop_set_session_ident: id %d", id);
         session_ident = id;
         channel_register_callback(id, SSH2_MSG_CHANNEL_REQUEST,
             client_input_channel_req, (void *)0);
diff --git a/clientloop.h b/clientloop.h
new file mode 100644
index 000000000..3ad72aa55
--- /dev/null
+++ b/clientloop.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2001 Markus Friedl.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+void    clientloop_set_session_ident(int id);
diff --git a/configure.in b/configure.in
index 0dd8c0043..ad05a6e7c 100644
--- a/configure.in
+++ b/configure.in
@@ -315,7 +315,7 @@ AC_CHECK_FUNC(utimes,
 AC_CHECK_HEADERS(bstring.h endian.h floatingpoint.h getopt.h lastlog.h limits.h login.h login_cap.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/queue.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h sys/un.h stddef.h time.h ttyent.h usersec.h util.h utime.h utmp.h utmpx.h vis.h)
 
 dnl    Checks for library functions.
-AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv seteuid setlogin setproctitle setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy strsep strtok_r sysconf utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop)
+AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent inet_aton inet_ntoa innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv seteuid setlogin setproctitle setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy strmode strsep strtok_r sysconf utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop)
 dnl    Checks for time functions
 AC_CHECK_FUNCS(gettimeofday time)
 dnl    Checks for libutil functions
diff --git a/dh.c b/dh.c
index 35e901433..87a478450 100644
--- a/dh.c
+++ b/dh.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: dh.c,v 1.3 2000/11/16 17:55:43 markus Exp $");
+RCSID("$OpenBSD: dh.c,v 1.4 2001/01/15 21:43:51 markus Exp $");
 
 #include "xmalloc.h"
 
@@ -87,7 +87,7 @@ parse_prime(int linenum, char *line, struct dhgroup *dhg)
 
         return (1);
  fail:
-        fprintf(stderr, "Bad prime description in line %d\n", linenum);
+        error("Bad prime description in line %d\n", linenum);
         return (0);
 }
 
diff --git a/key.c b/key.c
index f9474b16b..21e13b863 100644
--- a/key.c
+++ b/key.c
@@ -46,7 +46,7 @@
 #include "buffer.h"
 #include "bufaux.h"
 
-RCSID("$OpenBSD: key.c,v 1.13 2000/12/19 23:17:56 markus Exp $");
+RCSID("$OpenBSD: key.c,v 1.14 2001/01/16 19:20:06 markus Exp $");
 
 Key *
 key_new(int type)
@@ -555,8 +555,8 @@ key_from_blob(char *blob, int blen)
         switch(type){
         case KEY_RSA:
                 key = key_new(type);
-                buffer_get_bignum2(&b, key->rsa->n);
                 buffer_get_bignum2(&b, key->rsa->e);
+                buffer_get_bignum2(&b, key->rsa->n);
 #ifdef DEBUG_PK
                 RSA_print_fp(stderr, key->rsa, 8);
 #endif
@@ -608,8 +608,8 @@ key_to_blob(Key *key, u_char **blobp, u_int *lenp)
                 break;
         case KEY_RSA:
                 buffer_put_cstring(&b, key_ssh_name(key));
-                buffer_put_bignum2(&b, key->rsa->n);
                 buffer_put_bignum2(&b, key->rsa->e);
+                buffer_put_bignum2(&b, key->rsa->n);
                 break;
         default:
                 error("key_to_blob: illegal key type %d", key->type);
diff --git a/openbsd-compat.h b/openbsd-compat.h
index 9213bead5..01dcb4a7b 100644
--- a/openbsd-compat.h
+++ b/openbsd-compat.h
@@ -12,6 +12,7 @@
 #include "bsd-misc.h"
 #include "bsd-strlcpy.h"
 #include "bsd-strlcat.h"
+#include "bsd-strmode.h"
 #include "bsd-mktemp.h"
 #include "bsd-snprintf.h"
 #include "bsd-daemon.h"
diff --git a/packet.c b/packet.c
index cd42f2f75..bf3a7ee0b 100644
--- a/packet.c
+++ b/packet.c
@@ -37,7 +37,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: packet.c,v 1.42 2001/01/09 21:19:50 markus Exp $");
+RCSID("$OpenBSD: packet.c,v 1.44 2001/01/13 18:36:45 markus Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -1230,22 +1230,23 @@ packet_not_very_much_data_to_write()
 /* Informs that the current session is interactive.  Sets IP flags for that. */
 
 void
-packet_set_interactive(int interactive, int keepalives)
+packet_set_interactive(int interactive)
 {
+        static int called = 0;
+        int lowdelay = IPTOS_LOWDELAY;
+        int throughput = IPTOS_THROUGHPUT;
         int on = 1;
 
+        if (called)
+                return;
+        called = 1;
+
         /* Record that we are in interactive mode. */
         interactive_mode = interactive;
 
         /* Only set socket options if using a socket.  */
         if (!packet_connection_is_on_socket())
                 return;
-        if (keepalives) {
-                /* Set keepalives if requested. */
-                if (setsockopt(connection_in, SOL_SOCKET, SO_KEEPALIVE, (void *) &on,
-                    sizeof(on)) < 0)
-                        error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
-        }
         /*
          * IPTOS_LOWDELAY and IPTOS_THROUGHPUT are IPv4 only
          */
@@ -1256,7 +1257,6 @@ packet_set_interactive(int interactive, int keepalives)
                  */
 #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
                 if (packet_connection_is_ipv4()) {
-                        int lowdelay = IPTOS_LOWDELAY;
                         if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, 
                             (void *) &lowdelay, sizeof(lowdelay)) < 0)
                                 error("setsockopt IPTOS_LOWDELAY: %.100s", 
@@ -1272,7 +1272,6 @@ packet_set_interactive(int interactive, int keepalives)
                  * IPTOS_THROUGHPUT.
                  */
 #if defined(IP_TOS) && !defined(IP_TOS_IS_BROKEN)
-                int throughput = IPTOS_THROUGHPUT;
                 if (setsockopt(connection_in, IPPROTO_IP, IP_TOS, (void *) &throughput,
                     sizeof(throughput)) < 0)
                         error("setsockopt IPTOS_THROUGHPUT: %.100s", strerror(errno));
diff --git a/packet.h b/packet.h
index 597fbb151..00f0c3778 100644
--- a/packet.h
+++ b/packet.h
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 
-/* RCSID("$OpenBSD: packet.h,v 1.18 2000/12/19 23:17:57 markus Exp $"); */
+/* RCSID("$OpenBSD: packet.h,v 1.19 2001/01/13 18:32:50 markus Exp $"); */
 
 #ifndef PACKET_H
 #define PACKET_H
@@ -65,7 +65,7 @@ void    packet_start_compression(int level);
  * Informs that the current session is interactive.  Sets IP flags for
  * optimal performance in interactive use.
  */
-void    packet_set_interactive(int interactive, int keepalives);
+void    packet_set_interactive(int interactive);
 
 /* Returns true if the current connection is interactive. */
 int     packet_is_interactive(void);
diff --git a/radix.c b/radix.c
index 939d0f7fc..3b149a82b 100644
--- a/radix.c
+++ b/radix.c
@@ -25,7 +25,7 @@
 #include "includes.h"
 #include "uuencode.h"
 
-RCSID("$OpenBSD: radix.c,v 1.14 2000/12/19 23:17:57 markus Exp $");
+RCSID("$OpenBSD: radix.c,v 1.15 2001/01/16 23:58:09 deraadt Exp $");
 
 #ifdef AFS
 #include <krb.h>
@@ -37,7 +37,7 @@ typedef u_short my_u_short;
 /* Nasty macros from BIND-4.9.2 */
 
 #define GETSHORT(s, cp) { \
-        register my_u_char *t_cp = (my_u_char*)(cp); \
+        register my_u_char *t_cp = (my_u_char *)(cp); \
         (s) = (((my_u_short)t_cp[0]) << 8) \
             | (((my_u_short)t_cp[1])) \
             ; \
@@ -45,7 +45,7 @@ typedef u_short my_u_short;
 }
 
 #define GETLONG(l, cp) { \
-        register my_u_char *t_cp = (my_u_char*)(cp); \
+        register my_u_char *t_cp = (my_u_char *)(cp); \
         (l) = (((my_u_int32_t)t_cp[0]) << 24) \
             | (((my_u_int32_t)t_cp[1]) << 16) \
             | (((my_u_int32_t)t_cp[2]) << 8) \
@@ -56,7 +56,7 @@ typedef u_short my_u_short;
 
 #define PUTSHORT(s, cp) { \
         register my_u_short t_s = (my_u_short)(s); \
-        register my_u_char *t_cp = (my_u_char*)(cp); \
+        register my_u_char *t_cp = (my_u_char *)(cp); \
         *t_cp++ = t_s >> 8; \
         *t_cp   = t_s; \
         (cp) += 2; \
@@ -64,7 +64,7 @@ typedef u_short my_u_short;
 
 #define PUTLONG(l, cp) { \
         register my_u_int32_t t_l = (my_u_int32_t)(l); \
-        register my_u_char *t_cp = (my_u_char*)(cp); \
+        register my_u_char *t_cp = (my_u_char *)(cp); \
         *t_cp++ = t_l >> 24; \
         *t_cp++ = t_l >> 16; \
         *t_cp++ = t_l >> 8; \
@@ -73,9 +73,9 @@ typedef u_short my_u_short;
 }
 
 #define GETSTRING(s, p, p_l) {                  \
-    register char* p_targ = (p) + p_l;          \
-    register char* s_c = (s);                   \
-    register char* p_c = (p);                   \
+    register char *p_targ = (p) + p_l;          \
+    register char *s_c = (s);                   \
+    register char *p_c = (p);                   \
     while (*p_c && (p_c < p_targ)) {            \
         *s_c++ = *p_c++;                        \
     }                                           \
diff --git a/scp.c b/scp.c
index 747749281..d353b5ead 100644
--- a/scp.c
+++ b/scp.c
@@ -75,7 +75,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: scp.c,v 1.48 2001/01/01 14:52:49 markus Exp $");
+RCSID("$OpenBSD: scp.c,v 1.49 2001/01/13 18:03:07 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -247,7 +247,7 @@ main(argc, argv)
         addargs("-oFallBackToRsh no");
 
         fflag = tflag = 0;
-        while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:")) != EOF)
+        while ((ch = getopt(argc, argv, "dfprtvBCc:i:P:q46S:o:")) != -1)
                 switch (ch) {
                 /* User-visible flags. */
                 case '4':
diff --git a/session.c b/session.c
index 74f5fe255..e52aed5a2 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.46 2001/01/04 22:41:03 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.48 2001/01/13 18:43:31 markus Exp $");
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -405,10 +405,6 @@ do_authenticated(struct passwd * pw)
 
                 case SSH_CMSG_EXEC_SHELL:
                 case SSH_CMSG_EXEC_CMD:
-                        /* Set interactive/non-interactive mode. */
-                        packet_set_interactive(have_pty || s->display != NULL,
-                            options.keepalives);
-
                         if (type == SSH_CMSG_EXEC_CMD) {
                                 command = packet_get_string(&dlen);
                                 debug("Exec command '%.500s'", command);
@@ -548,6 +544,8 @@ do_exec_no_pty(Session *s, const char *command, struct passwd * pw)
         if (pid < 0)
                 packet_disconnect("fork failed: %.100s", strerror(errno));
         s->pid = pid;
+        /* Set interactive/non-interactive mode. */
+        packet_set_interactive(s->display != NULL);
 #ifdef USE_PIPES
         /* We are the parent.  Close the child sides of the pipes. */
         close(pin[0]);
@@ -665,6 +663,7 @@ do_exec_pty(Session *s, const char *command, struct passwd * pw)
         s->ptymaster = ptymaster;
 
         /* Enter interactive session. */
+        packet_set_interactive(1);
         if (compat20) {
                 session_set_fds(s, ptyfd, fdout, -1);
         } else {
diff --git a/sftp-server.c b/sftp-server.c
index e4432ca51..b99f087fa 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -22,7 +22,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-RCSID("$OpenBSD: sftp-server.c,v 1.10 2001/01/10 22:56:22 markus Exp $");
+RCSID("$OpenBSD: sftp-server.c,v 1.13 2001/01/16 20:54:27 markus Exp $");
 
 #include "ssh.h"
 #include "buffer.h"
@@ -189,23 +189,21 @@ encode_attrib(Buffer *b, Attrib *a)
         }
 }
 
-Attrib *
-stat_to_attrib(struct stat *st)
+void
+stat_to_attrib(struct stat *st, Attrib *a)
 {
-        static Attrib a;
-        attrib_clear(&a);
-        a.flags = 0;
-        a.flags |= SSH2_FILEXFER_ATTR_SIZE;
-        a.size = st->st_size;
-        a.flags |= SSH2_FILEXFER_ATTR_UIDGID;
-        a.uid = st->st_uid;
-        a.gid = st->st_gid;
-        a.flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
-        a.perm = st->st_mode;
-        a.flags |= SSH2_FILEXFER_ATTR_ACMODTIME;
-        a.atime = st->st_atime;
-        a.mtime = st->st_mtime;
-        return &a;
+        attrib_clear(a);
+        a->flags = 0;
+        a->flags |= SSH2_FILEXFER_ATTR_SIZE;
+        a->size = st->st_size;
+        a->flags |= SSH2_FILEXFER_ATTR_UIDGID;
+        a->uid = st->st_uid;
+        a->gid = st->st_gid;
+        a->flags |= SSH2_FILEXFER_ATTR_PERMISSIONS;
+        a->perm = st->st_mode;
+        a->flags |= SSH2_FILEXFER_ATTR_ACMODTIME;
+        a->atime = st->st_atime;
+        a->mtime = st->st_mtime;
 }
 
 Attrib *
@@ -264,24 +262,21 @@ handle_is_ok(int i, int type)
 int
 handle_to_string(int handle, char **stringp, int *hlenp)
 {
-        char buf[1024];
         if (stringp == NULL || hlenp == NULL)
                 return -1;
-        snprintf(buf, sizeof buf, "%d", handle);
-        *stringp = xstrdup(buf);
-        *hlenp = strlen(*stringp);
+        *stringp = xmalloc(sizeof(int32_t));
+        PUT_32BIT(*stringp, handle);
+        *hlenp = sizeof(int32_t);
         return 0;
 }
 
 int
 handle_from_string(char *handle, u_int hlen)
 {
-/* XXX OVERFLOW ? */
-        char *ep;
-        long lval = strtol(handle, &ep, 10);
-        int val = lval;
-        if (*ep != '\0')
+        int val;
+        if (hlen != sizeof(int32_t))
                 return -1;
+        val = GET_32BIT(handle);
         if (handle_is_ok(val, HANDLE_FILE) ||
             handle_is_ok(val, HANDLE_DIR))
                 return val;
@@ -568,7 +563,7 @@ process_write(void)
 void
 process_do_stat(int do_lstat)
 {
-        Attrib *a;
+        Attrib a;
         struct stat st;
         u_int32_t id;
         char *name;
@@ -581,8 +576,8 @@ process_do_stat(int do_lstat)
         if (ret < 0) {
                 status = errno_to_portable(errno);
         } else {
-                a = stat_to_attrib(&st);
-                send_attrib(id, a);
+                stat_to_attrib(&st, &a);
+                send_attrib(id, &a);
                 status = SSH2_FX_OK;
         }
         if (status != SSH2_FX_OK)
@@ -605,7 +600,7 @@ process_lstat(void)
 void
 process_fstat(void)
 {
-        Attrib *a;
+        Attrib a;
         struct stat st;
         u_int32_t id;
         int fd, ret, handle, status = SSH2_FX_FAILURE;
@@ -619,8 +614,8 @@ process_fstat(void)
                 if (ret < 0) {
                         status = errno_to_portable(errno);
                 } else {
-                        a = stat_to_attrib(&st);
-                        send_attrib(id, a);
+                        stat_to_attrib(&st, &a);
+                        send_attrib(id, &a);
                         status = SSH2_FX_OK;
                 }
         }
@@ -736,18 +731,41 @@ process_opendir(void)
 }
 
 /*
- * XXX, draft-ietf-secsh-filexfer-00.txt says: 
- * The recommended format for the longname field is as follows:
- * -rwxr-xr-x   1 mjos     staff      348911 Mar 25 14:29 t-filexfer
- * 1234567890 123 12345678 12345678 12345678 123456789012
+ * drwxr-xr-x    5 markus   markus       1024 Jan 13 18:39 .ssh
  */
 char *
 ls_file(char *name, struct stat *st)
 {
-        char buf[1024];
-        snprintf(buf, sizeof buf, "0%o %d %d %lld %d %s",
-            st->st_mode, st->st_uid, st->st_gid, (long long)st->st_size,
-           (int)st->st_mtime, name);
+        int sz = 0;
+        struct passwd *pw;
+        struct group *gr;
+        struct tm *ltime = localtime(&st->st_mtime);
+        char *user, *group;
+        char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1];
+
+        strmode(st->st_mode, mode);
+        if ((pw = getpwuid(st->st_uid)) != NULL) {
+                user = pw->pw_name;
+        } else {
+                snprintf(ubuf, sizeof ubuf, "%d", st->st_uid);
+                user = ubuf;
+        }
+        if ((gr = getgrgid(st->st_gid)) != NULL) {
+                group = gr->gr_name;
+        } else {
+                snprintf(gbuf, sizeof gbuf, "%d", st->st_gid);
+                group = gbuf;
+        }
+        if (ltime != NULL) {
+                if (time(NULL) - st->st_mtime < (365*24*60*60)/2)
+                        sz = strftime(tbuf, sizeof tbuf, "%b %e %H:%M", ltime);
+                else
+                        sz = strftime(tbuf, sizeof tbuf, "%b %e  %Y", ltime);
+        }
+        if (sz == 0)
+                tbuf[0] = '\0';
+        snprintf(buf, sizeof buf, "%s %3d %-8.8s %-8.8s %8qd %s %s", mode,
+            st->st_nlink, user, group, (long long)st->st_size, tbuf, name);
         return xstrdup(buf);
 }
 
@@ -768,7 +786,6 @@ process_readdir(void)
         if (dirp == NULL || path == NULL) {
                 send_status(id, SSH2_FX_FAILURE);
         } else {
-                Attrib *a;
                 struct stat st;
                 char pathname[1024];
                 Stat *stats;
@@ -784,12 +801,12 @@ process_readdir(void)
                             "%s/%s", path, dp->d_name);
                         if (lstat(pathname, &st) < 0)
                                 continue;
-                        a = stat_to_attrib(&st);
-                        stats[count].attrib = *a;
+                        stat_to_attrib(&st, &(stats[count].attrib));
                         stats[count].name = xstrdup(dp->d_name);
                         stats[count].long_name = ls_file(dp->d_name, &st);
                         count++;
                         /* send up to 100 entries in one message */
+                        /* XXX check packet size instead */
                         if (count == 100)
                                 break;
                 }
@@ -888,15 +905,19 @@ void
 process_rename(void)
 {
         u_int32_t id;
+        struct stat st;
         char *oldpath, *newpath;
-        int ret, status;
+        int ret, status = SSH2_FX_FAILURE;
 
         id = get_int();
         oldpath = get_string(NULL);
         newpath = get_string(NULL);
         TRACE("rename id %d old %s new %s", id, oldpath, newpath);
-        ret = rename(oldpath, newpath);
-        status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+        /* fail if 'newpath' exists */
+        if (stat(newpath, &st) == -1) {
+                ret = rename(oldpath, newpath);
+                status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
+        }
         send_status(id, status);
         xfree(oldpath);
         xfree(newpath);
@@ -1006,7 +1027,9 @@ main(int ac, char **av)
         __progname = get_progname(av[0]);
         handle_init();
 
+#ifdef DEBUG_SFTP_SERVER
         log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
+#endif
 
         in = dup(STDIN_FILENO);
         out = dup(STDOUT_FILENO);
diff --git a/ssh-add.c b/ssh-add.c
index 857f3d741..c3b3ab4a9 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -35,7 +35,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-add.c,v 1.23 2000/11/12 19:50:38 markus Exp $");
+RCSID("$OpenBSD: ssh-add.c,v 1.24 2001/01/13 18:14:13 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
@@ -91,7 +91,7 @@ delete_all(AuthenticationConnection *ac)
         if (success)
                 fprintf(stderr, "All identities removed.\n");
         else
-                fprintf(stderr, "Failed to remove all identitities.\n");
+                fprintf(stderr, "Failed to remove all identities.\n");
 }
 
 char *
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index b1430f143..f7b08c983 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -81,7 +81,7 @@ generates and manages authentication keys for
 defaults to generating an RSA key for use by protocols 1.3 and 1.5;
 specifying the
 .Fl t
-allows you to create a key for use by protocol 2.0.
+option allows you to create a key for use by protocol 2.0.
 .Pp
 Normally each user wishing to use SSH
 with RSA or DSA authentication runs this once to create the authentication
@@ -100,7 +100,7 @@ The public key is stored in a file with the same name but
 appended.
 The program also asks for a passphrase.
 The passphrase may be empty to indicate no passphrase
-(host keys must have empty passphrase), or it may be a string of
+(host keys must have an empty passphrase), or it may be a string of
 arbitrary length.
 Good passphrases are 10-30 characters long and are
 not simple sentences or otherwise easily guessable (English
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 87be6a5f8..5d9fa644e 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.38 2000/12/28 18:58:39 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.39 2001/01/13 18:03:07 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -643,7 +643,7 @@ main(int ac, char **av)
                 exit(1);
         }
 
-        while ((opt = getopt(ac, av, "dqpclRxXyb:f:t:P:N:C:")) != EOF) {
+        while ((opt = getopt(ac, av, "dqpclRxXyb:f:t:P:N:C:")) != -1) {
                 switch (opt) {
                 case 'b':
                         bits = atoi(optarg);
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index 5d5427aad..69b029b05 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -8,7 +8,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keyscan.c,v 1.7 2001/01/08 22:03:23 markus Exp $");
+RCSID("$OpenBSD: ssh-keyscan.c,v 1.9 2001/01/13 18:12:47 markus Exp $");
 
 #if defined(HAVE_SYS_QUEUE_H)  &&  !defined(HAVE_BOGUS_SYS_QUEUE_H)
 #include <sys/queue.h>
@@ -31,7 +31,6 @@ static int argno = 1;		/* Number of argument currently being parsed */
 
 int family = AF_UNSPEC;         /* IPv4, IPv6 or both */
 
-#define PORT 22
 #define MAXMAXFD 256
 
 /* The number of seconds after which to give up on a TCP connection */
@@ -103,7 +102,7 @@ Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
         if (filename) {
                 lb->filename = filename;
                 if (!(lb->stream = fopen(filename, "r"))) {
-                        free(lb);
+                        xfree(lb);
                         if (errfun)
                                 (*errfun) ("%s: %s\n", filename, strerror(errno));
                         return (NULL);
@@ -116,7 +115,7 @@ Linebuf_alloc(const char *filename, void (*errfun) (const char *,...))
         if (!(lb->buf = malloc(lb->size = LINEBUF_SIZE))) {
                 if (errfun)
                         (*errfun) ("linebuf (%s): malloc failed\n", lb->filename);
-                free(lb);
+                xfree(lb);
                 return (NULL);
         }
         lb->errfun = errfun;
@@ -128,8 +127,8 @@ static inline void
 Linebuf_free(Linebuf * lb)
 {
         fclose(lb->stream);
-        free(lb->buf);
-        free(lb);
+        xfree(lb->buf);
+        xfree(lb);
 }
 
 static inline void
@@ -298,7 +297,7 @@ tcpconnect(char *host)
         char strport[NI_MAXSERV];
         int gaierr, s = -1;
 
-        snprintf(strport, sizeof strport, "%d", PORT);
+        snprintf(strport, sizeof strport, "%d", SSH_DEFAULT_PORT);
         memset(&hints, 0, sizeof(hints));
         hints.ai_family = family;
         hints.ai_socktype = SOCK_STREAM;
@@ -335,7 +334,7 @@ conalloc(char *iname, char *oname)
         do {
                 name = xstrsep(&namelist, ",");
                 if (!name) {
-                        free(namebase);
+                        xfree(namebase);
                         return (-1);
                 }
         } while ((s = tcpconnect(name)) < 0);
@@ -368,10 +367,10 @@ confree(int s)
         close(s);
         if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
                 fatal("confree: attempt to free bad fdno %d", s);
-        free(fdcon[s].c_namebase);
-        free(fdcon[s].c_output_name);
+        xfree(fdcon[s].c_namebase);
+        xfree(fdcon[s].c_output_name);
         if (fdcon[s].c_status == CS_KEYS)
-                free(fdcon[s].c_data);
+                xfree(fdcon[s].c_data);
         fdcon[s].c_status = CS_UNUSED;
         TAILQ_REMOVE(&tq, &fdcon[s], c_link);
         FD_CLR(s, &read_wait);
@@ -395,11 +394,11 @@ conrecycle(int s)
         char *iname, *oname;
 
         iname = xstrdup(c->c_namelist);
-        oname = c->c_output_name;
-        c->c_output_name = NULL;/* prevent it from being freed */
+        oname = xstrdup(c->c_output_name);
         confree(s);
         ret = conalloc(iname, oname);
-        free(iname);
+        xfree(iname);
+        xfree(oname);
         return (ret);
 }
 
diff --git a/ssh-rsa.c b/ssh-rsa.c
index aab9168eb..e53af9e0a 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -23,7 +23,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-rsa.c,v 1.3 2001/01/06 11:23:27 markus Exp $");
+RCSID("$OpenBSD: ssh-rsa.c,v 1.4 2001/01/16 19:20:06 markus Exp $");
 
 #include "ssh.h"
 #include "xmalloc.h"
@@ -122,6 +122,11 @@ ssh_rsa_verify(
                 error("ssh_rsa_verify: no RSA key");
                 return -1;
         }
+        if (BN_num_bits(key->rsa->n) < 768) {
+                error("ssh_rsa_verify: n too small: %d bits",
+                    BN_num_bits(key->rsa->n));
+                return -1;
+        }
         buffer_init(&b);
         buffer_append(&b, (char *) signature, signaturelen);
         ktype = buffer_get_string(&b, NULL);
diff --git a/ssh.c b/ssh.c
index 7035486e9..f1beb8c53 100644
--- a/ssh.c
+++ b/ssh.c
@@ -39,7 +39,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.79 2000/12/27 11:51:54 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.82 2001/01/15 21:40:10 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/dsa.h>
@@ -59,6 +59,7 @@ RCSID("$OpenBSD: ssh.c,v 1.79 2000/12/27 11:51:54 markus Exp $");
 #include "key.h"
 #include "authfd.h"
 #include "authfile.h"
+#include "clientloop.h"
 
 #ifdef HAVE___PROGNAME
 extern char *__progname;
@@ -526,14 +527,14 @@ main(int ac, char **av)
         /* Do not allocate a tty if stdin is not a tty. */
         if (!isatty(fileno(stdin)) && !force_tty_flag) {
                 if (tty_flag)
-                        fprintf(stderr, "Pseudo-terminal will not be allocated because stdin is not a terminal.\n");
+                        log("Pseudo-terminal will not be allocated because stdin is not a terminal.\n");
                 tty_flag = 0;
         }
 
         /* Get user data. */
         pw = getpwuid(original_real_uid);
         if (!pw) {
-                fprintf(stderr, "You don't exist, go away!\n");
+                log("You don't exist, go away!\n");
                 exit(1);
         }
         /* Take a copy of the returned structure. */
@@ -870,8 +871,7 @@ ssh_session(void)
                 }
         }
         /* Tell the packet module whether this is an interactive session. */
-        packet_set_interactive(interactive, options.keepalives);
-
+        packet_set_interactive(interactive);
 
         /* Request authentication agent forwarding if appropriate. */
         check_agent_present();
@@ -919,12 +919,12 @@ ssh_session(void)
         return client_loop(have_tty, tty_flag ? options.escape_char : -1, 0);
 }
 
-extern void client_set_session_ident(int id);
-
 void
 ssh_session2_callback(int id, void *arg)
 {
         int len;
+        int interactive = 0;
+
         debug("client_init id %d arg %d", id, (int)arg);
 
         if (no_shell_flag)
@@ -948,6 +948,7 @@ ssh_session2_callback(int id, void *arg)
                 packet_put_int(ws.ws_ypixel);
                 packet_put_cstring("");         /* XXX: encode terminal modes */
                 packet_send();
+                interactive = 1;
                 /* XXX wait for reply */
         }
         if (options.forward_x11 &&
@@ -958,6 +959,7 @@ ssh_session2_callback(int id, void *arg)
                 /* Request forwarding with authentication spoofing. */
                 debug("Requesting X11 forwarding with authentication spoofing.");
                 x11_request_forwarding_with_spoofing(id, proto, data);
+                interactive = 1;
                 /* XXX wait for reply */
         }
 
@@ -982,7 +984,8 @@ ssh_session2_callback(int id, void *arg)
         /* channel_callback(id, SSH2_MSG_OPEN_CONFIGMATION, client_init, 0); */
 done:
         /* register different callback, etc. XXX */
-        client_set_session_ident(id);
+        packet_set_interactive(interactive);
+        clientloop_set_session_ident(id);
 }
 
 int
diff --git a/sshconnect.c b/sshconnect.c
index 59b273a9c..e40ba984c 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect.c,v 1.89 2001/01/04 22:41:03 markus Exp $");
+RCSID("$OpenBSD: sshconnect.c,v 1.90 2001/01/13 18:32:50 markus Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
@@ -187,12 +187,13 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
             int anonymous, uid_t original_real_uid,
             const char *proxy_command)
 {
+        int gaierr;
+        int on = 1;
         int sock = -1, attempt;
-        struct servent *sp;
-        struct addrinfo hints, *ai, *aitop;
         char ntop[NI_MAXHOST], strport[NI_MAXSERV];
-        int gaierr;
+        struct addrinfo hints, *ai, *aitop;
         struct linger linger;
+        struct servent *sp;
 
         debug("ssh_connect: getuid %u geteuid %u anon %d",
               (u_int) getuid(), (u_int) geteuid(), anonymous);
@@ -298,7 +299,13 @@ ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
         /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */
         linger.l_onoff = 1;
         linger.l_linger = 5;
-        setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger));
+        setsockopt(sock, SOL_SOCKET, SO_LINGER, (void *)&linger, sizeof(linger));
+
+        /* Set keepalives if requested. */
+        if (options.keepalives &&
+            setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+            sizeof(on)) < 0)
+                error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
 
         /* Set the connection. */
         packet_set_connection(sock, sock);
diff --git a/sshconnect.h b/sshconnect.h
index 146a65baf..720004675 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -30,7 +30,7 @@ check_host_key(char *host, struct sockaddr *hostaddr, Key *host_key,
 
 void    ssh_kex(char *host, struct sockaddr *hostaddr);
 void
-ssh_userauth(const char* local_user, const char* server_user, char *host,
+ssh_userauth(const char * local_user, const char * server_user, char *host,
     int host_key_valid, RSA *own_host_key);
 
 void    ssh_kex2(char *host, struct sockaddr *hostaddr);
diff --git a/sshconnect1.c b/sshconnect1.c
index 09d0210a9..17b381c13 100644
--- a/sshconnect1.c
+++ b/sshconnect1.c
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect1.c,v 1.14 2001/01/08 21:55:41 markus Exp $");
+RCSID("$OpenBSD: sshconnect1.c,v 1.15 2001/01/16 23:58:09 deraadt Exp $");
 
 #include <openssl/bn.h>
 #include <openssl/dsa.h>
@@ -577,7 +577,7 @@ send_afs_tokens(void)
                 creds.pinst[0] = '\0';
 
                 /* Encode token, ship it off. */
-                if (creds_to_radix(&creds, (u_char*) buffer, sizeof buffer) <= 0)
+                if (creds_to_radix(&creds, (u_char *) buffer, sizeof buffer) <= 0)
                         break;
                 packet_start(SSH_CMSG_HAVE_AFS_TOKEN);
                 packet_put_string(buffer, strlen(buffer));
@@ -897,8 +897,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr)
  */
 void
 ssh_userauth(
-    const char* local_user,
-    const char* server_user,
+    const char *local_user,
+    const char *server_user,
     char *host,
     int host_key_valid, RSA *own_host_key)
 {
diff --git a/sshd.c b/sshd.c
index 298a1b6bd..be7ae5ab4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.147 2001/01/10 19:43:20 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.150 2001/01/13 18:32:51 markus Exp $");
 
 #include "xmalloc.h"
 #include "rsa.h"
@@ -580,7 +580,7 @@ main(int ac, char **av)
         initialize_server_options(&options);
 
         /* Parse command-line arguments. */
-        while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDiqQ46")) != EOF) {
+        while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDiqQ46")) != -1) {
                 switch (opt) {
                 case '4':
                         IPv4or6 = AF_INET;
@@ -927,7 +927,7 @@ main(int ac, char **av)
                                 sighup_restart();
                         if (fdset != NULL)
                                 xfree(fdset);
-                        fdsetsz = howmany(maxfd, NFDBITS) * sizeof(fd_mask);
+                        fdsetsz = howmany(maxfd+1, NFDBITS) * sizeof(fd_mask);
                         fdset = (fd_set *)xmalloc(fdsetsz);
                         memset(fdset, 0, fdsetsz);
 
@@ -938,7 +938,7 @@ main(int ac, char **av)
                                         FD_SET(startup_pipes[i], fdset);
 
                         /* Wait in select until there is a connection. */
-                        if (select(maxfd + 1, fdset, NULL, NULL, NULL) < 0) {
+                        if (select(maxfd+1, fdset, NULL, NULL, NULL) < 0) {
                                 if (errno != EINTR)
                                         error("select: %.100s", strerror(errno));
                                 continue;
@@ -1080,6 +1080,12 @@ main(int ac, char **av)
         linger.l_linger = 5;
         setsockopt(sock_in, SOL_SOCKET, SO_LINGER, (void *) &linger, sizeof(linger));
 
+        /* Set keepalives if requested. */
+        if (options.keepalives &&
+            setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
+            sizeof(on)) < 0)
+                error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
+
         /*
          * Register our connection.  This turns encryption off because we do
          * not have a key.