summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog10
-rw-r--r--INSTALL19
-rw-r--r--auth-chall.c2
-rw-r--r--auth-pam.c84
-rw-r--r--cipher-3des1.c4
-rw-r--r--cipher-aes.c4
-rw-r--r--cipher-bf1.c5
-rw-r--r--cipher-ctr.c6
-rw-r--r--cipher.c2
-rw-r--r--configure.ac4
-rw-r--r--log.c3
-rw-r--r--servconf.c2
-rw-r--r--sftp-int.c1
13 files changed, 95 insertions, 51 deletions
diff --git a/ChangeLog b/ChangeLog
index b49a8536e..9b34d4a6e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,14 @@
13 - markus@cvs.openbsd.org 2003/09/19 09:02:02 13 - markus@cvs.openbsd.org 2003/09/19 09:02:02
14 [packet.c] 14 [packet.c]
15 buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471 15 buffer_dump only if PACKET_DEBUG is defined; Jedi/Sector One; pr 3471
16 - (djm) Fix SSH1 challenge kludge
17 - (djm) Bug #671: Fix builds on OpenBSD
18 - (djm) Bug #676: Fix PAM stack corruption
19 - (djm) Fix bad free() in PAM code
20 - (djm) Don't call pam_end before pam_init
21 - (djm) Enable build with old OpenSSL again
22 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
23 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
16 24
1720030922 2520030922
18 - (dtucker) [Makefile.in] Bug #644: Fix "make clean" for out-of-tree 26 - (dtucker) [Makefile.in] Bug #644: Fix "make clean" for out-of-tree
@@ -1178,4 +1186,4 @@
1178 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. 1186 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
1179 Report from murple@murple.net, diagnosis from dtucker@zip.com.au 1187 Report from murple@murple.net, diagnosis from dtucker@zip.com.au
1180 1188
1181$Id: ChangeLog,v 1.2994.2.31 2003/09/23 09:00:41 dtucker Exp $ 1189$Id: ChangeLog,v 1.2994.2.32 2003/09/23 09:24:21 djm Exp $
diff --git a/INSTALL b/INSTALL
index 7b6f71d53..0df6fba10 100644
--- a/INSTALL
+++ b/INSTALL
@@ -101,11 +101,8 @@ name).
101 101
102There are a few other options to the configure script: 102There are a few other options to the configure script:
103 103
104--with-pam enables PAM support. 104--with-pam enables PAM support. If PAM support is compiled in, it must
105 105also be enabled in sshd_config (refer to the UsePAM directive).
106--enable-gnome-askpass will build the GNOME passphrase dialog. You
107need a working installation of GNOME, including the development
108headers, for this to work.
109 106
110--with-prngd-socket=/some/file allows you to enable EGD or PRNGD 107--with-prngd-socket=/some/file allows you to enable EGD or PRNGD
111support and to specify a PRNGd socket. Use this if your Unix lacks 108support and to specify a PRNGd socket. Use this if your Unix lacks
@@ -126,16 +123,6 @@ it if lastlog is installed in a different place.
126--with-osfsia, --without-osfsia will enable or disable OSF1's Security 123--with-osfsia, --without-osfsia will enable or disable OSF1's Security
127Integration Architecture. The default for OSF1 machines is enable. 124Integration Architecture. The default for OSF1 machines is enable.
128 125
129--with-kerberos4=PATH will enable Kerberos IV support. You will need
130to have the Kerberos libraries and header files installed for this
131to work. Use the optional PATH argument to specify the root of your
132Kerberos installation.
133
134--with-afs=PATH will enable AFS support. You will need to have the
135Kerberos IV and the AFS libraries and header files installed for this
136to work. Use the optional PATH argument to specify the root of your
137AFS installation. AFS requires Kerberos support to be enabled.
138
139--with-skey=PATH will enable S/Key one time password support. You will 126--with-skey=PATH will enable S/Key one time password support. You will
140need the S/Key libraries and header files installed for this to work. 127need the S/Key libraries and header files installed for this to work.
141 128
@@ -211,4 +198,4 @@ Please refer to the "reporting bugs" section of the webpage at
211http://www.openssh.com/ 198http://www.openssh.com/
212 199
213 200
214$Id: INSTALL,v 1.56.2.3 2003/09/22 03:29:00 dtucker Exp $ 201$Id: INSTALL,v 1.56.2.4 2003/09/23 09:24:21 djm Exp $
diff --git a/auth-chall.c b/auth-chall.c
index 6b7c8bd13..00d6e0ec5 100644
--- a/auth-chall.c
+++ b/auth-chall.c
@@ -92,7 +92,7 @@ verify_response(Authctxt *authctxt, const char *response)
92 xfree(info); 92 xfree(info);
93 } 93 }
94 /* if we received more prompts, we're screwed */ 94 /* if we received more prompts, we're screwed */
95 res = (numprompts != 0); 95 res = (res == 0 && numprompts == 0) ? 0 : -1;
96 } 96 }
97 device->free_ctx(authctxt->kbdintctxt); 97 device->free_ctx(authctxt->kbdintctxt);
98 authctxt->kbdintctxt = NULL; 98 authctxt->kbdintctxt = NULL;
diff --git a/auth-pam.c b/auth-pam.c
index 754cbf6df..2c8feb65d 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -31,7 +31,7 @@
31 31
32/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */ 32/* Based on $FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $ */
33#include "includes.h" 33#include "includes.h"
34RCSID("$Id: auth-pam.c,v 1.72.2.1 2003/09/16 06:00:52 djm Exp $"); 34RCSID("$Id: auth-pam.c,v 1.72.2.2 2003/09/23 09:24:21 djm Exp $");
35 35
36#ifdef USE_PAM 36#ifdef USE_PAM
37#include <security/pam_appl.h> 37#include <security/pam_appl.h>
@@ -111,12 +111,12 @@ pthread_join(sp_pthread_t thread, void **value __unused)
111#endif 111#endif
112 112
113 113
114static pam_handle_t *sshpam_handle; 114static pam_handle_t *sshpam_handle = NULL;
115static int sshpam_err; 115static int sshpam_err = 0;
116static int sshpam_authenticated; 116static int sshpam_authenticated = 0;
117static int sshpam_new_authtok_reqd; 117static int sshpam_new_authtok_reqd = 0;
118static int sshpam_session_open; 118static int sshpam_session_open = 0;
119static int sshpam_cred_established; 119static int sshpam_cred_established = 0;
120 120
121struct pam_ctxt { 121struct pam_ctxt {
122 sp_pthread_t pam_thread; 122 sp_pthread_t pam_thread;
@@ -136,42 +136,51 @@ sshpam_thread_conv(int n, const struct pam_message **msg,
136{ 136{
137 Buffer buffer; 137 Buffer buffer;
138 struct pam_ctxt *ctxt; 138 struct pam_ctxt *ctxt;
139 struct pam_response *reply;
139 int i; 140 int i;
140 141
142 *resp = NULL;
143
141 ctxt = data; 144 ctxt = data;
142 if (n <= 0 || n > PAM_MAX_NUM_MSG) 145 if (n <= 0 || n > PAM_MAX_NUM_MSG)
143 return (PAM_CONV_ERR); 146 return (PAM_CONV_ERR);
144 *resp = xmalloc(n * sizeof **resp); 147
148 if ((reply = malloc(n * sizeof(*reply))) == NULL)
149 return (PAM_CONV_ERR);
150 memset(reply, 0, n * sizeof(*reply));
151
145 buffer_init(&buffer); 152 buffer_init(&buffer);
146 for (i = 0; i < n; ++i) { 153 for (i = 0; i < n; ++i) {
147 resp[i]->resp_retcode = 0;
148 resp[i]->resp = NULL;
149 switch (PAM_MSG_MEMBER(msg, i, msg_style)) { 154 switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
150 case PAM_PROMPT_ECHO_OFF: 155 case PAM_PROMPT_ECHO_OFF:
151 buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); 156 buffer_put_cstring(&buffer,
157 PAM_MSG_MEMBER(msg, i, msg));
152 ssh_msg_send(ctxt->pam_csock, 158 ssh_msg_send(ctxt->pam_csock,
153 PAM_MSG_MEMBER(msg, i, msg_style), &buffer); 159 PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
154 ssh_msg_recv(ctxt->pam_csock, &buffer); 160 ssh_msg_recv(ctxt->pam_csock, &buffer);
155 if (buffer_get_char(&buffer) != PAM_AUTHTOK) 161 if (buffer_get_char(&buffer) != PAM_AUTHTOK)
156 goto fail; 162 goto fail;
157 resp[i]->resp = buffer_get_string(&buffer, NULL); 163 reply[i].resp = buffer_get_string(&buffer, NULL);
158 break; 164 break;
159 case PAM_PROMPT_ECHO_ON: 165 case PAM_PROMPT_ECHO_ON:
160 buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); 166 buffer_put_cstring(&buffer,
167 PAM_MSG_MEMBER(msg, i, msg));
161 ssh_msg_send(ctxt->pam_csock, 168 ssh_msg_send(ctxt->pam_csock,
162 PAM_MSG_MEMBER(msg, i, msg_style), &buffer); 169 PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
163 ssh_msg_recv(ctxt->pam_csock, &buffer); 170 ssh_msg_recv(ctxt->pam_csock, &buffer);
164 if (buffer_get_char(&buffer) != PAM_AUTHTOK) 171 if (buffer_get_char(&buffer) != PAM_AUTHTOK)
165 goto fail; 172 goto fail;
166 resp[i]->resp = buffer_get_string(&buffer, NULL); 173 reply[i].resp = buffer_get_string(&buffer, NULL);
167 break; 174 break;
168 case PAM_ERROR_MSG: 175 case PAM_ERROR_MSG:
169 buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); 176 buffer_put_cstring(&buffer,
177 PAM_MSG_MEMBER(msg, i, msg));
170 ssh_msg_send(ctxt->pam_csock, 178 ssh_msg_send(ctxt->pam_csock,
171 PAM_MSG_MEMBER(msg, i, msg_style), &buffer); 179 PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
172 break; 180 break;
173 case PAM_TEXT_INFO: 181 case PAM_TEXT_INFO:
174 buffer_put_cstring(&buffer, PAM_MSG_MEMBER(msg, i, msg)); 182 buffer_put_cstring(&buffer,
183 PAM_MSG_MEMBER(msg, i, msg));
175 ssh_msg_send(ctxt->pam_csock, 184 ssh_msg_send(ctxt->pam_csock,
176 PAM_MSG_MEMBER(msg, i, msg_style), &buffer); 185 PAM_MSG_MEMBER(msg, i, msg_style), &buffer);
177 break; 186 break;
@@ -181,12 +190,15 @@ sshpam_thread_conv(int n, const struct pam_message **msg,
181 buffer_clear(&buffer); 190 buffer_clear(&buffer);
182 } 191 }
183 buffer_free(&buffer); 192 buffer_free(&buffer);
193 *resp = reply;
184 return (PAM_SUCCESS); 194 return (PAM_SUCCESS);
195
185 fail: 196 fail:
186 while (i) 197 for(i = 0; i < n; i++) {
187 xfree(resp[--i]); 198 if (reply[i].resp != NULL)
188 xfree(*resp); 199 xfree(reply[i].resp);
189 *resp = NULL; 200 }
201 xfree(reply);
190 buffer_free(&buffer); 202 buffer_free(&buffer);
191 return (PAM_CONV_ERR); 203 return (PAM_CONV_ERR);
192} 204}
@@ -258,6 +270,8 @@ sshpam_cleanup(void *arg)
258{ 270{
259 (void)arg; 271 (void)arg;
260 debug("PAM: cleanup"); 272 debug("PAM: cleanup");
273 if (sshpam_handle == NULL)
274 return;
261 pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv); 275 pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
262 if (sshpam_cred_established) { 276 if (sshpam_cred_established) {
263 pam_setcred(sshpam_handle, PAM_DELETE_CRED); 277 pam_setcred(sshpam_handle, PAM_DELETE_CRED);
@@ -600,40 +614,50 @@ pam_chauthtok_conv(int n, const struct pam_message **msg,
600 struct pam_response **resp, void *data) 614 struct pam_response **resp, void *data)
601{ 615{
602 char input[PAM_MAX_MSG_SIZE]; 616 char input[PAM_MAX_MSG_SIZE];
617 struct pam_response *reply;
603 int i; 618 int i;
604 619
620 *resp = NULL;
621
605 if (n <= 0 || n > PAM_MAX_NUM_MSG) 622 if (n <= 0 || n > PAM_MAX_NUM_MSG)
606 return (PAM_CONV_ERR); 623 return (PAM_CONV_ERR);
607 *resp = xmalloc(n * sizeof **resp); 624
625 if ((reply = malloc(n * sizeof(*reply))) == NULL)
626 return (PAM_CONV_ERR);
627 memset(reply, 0, n * sizeof(*reply));
628
608 for (i = 0; i < n; ++i) { 629 for (i = 0; i < n; ++i) {
609 switch (PAM_MSG_MEMBER(msg, i, msg_style)) { 630 switch (PAM_MSG_MEMBER(msg, i, msg_style)) {
610 case PAM_PROMPT_ECHO_OFF: 631 case PAM_PROMPT_ECHO_OFF:
611 resp[i]->resp = 632 reply[i].resp =
612 read_passphrase(PAM_MSG_MEMBER(msg, i, msg), 633 read_passphrase(PAM_MSG_MEMBER(msg, i, msg),
613 RP_ALLOW_STDIN); 634 RP_ALLOW_STDIN);
614 resp[i]->resp_retcode = PAM_SUCCESS; 635 reply[i].resp_retcode = PAM_SUCCESS;
615 break; 636 break;
616 case PAM_PROMPT_ECHO_ON: 637 case PAM_PROMPT_ECHO_ON:
617 fputs(PAM_MSG_MEMBER(msg, i, msg), stderr); 638 fputs(PAM_MSG_MEMBER(msg, i, msg), stderr);
618 fgets(input, sizeof input, stdin); 639 fgets(input, sizeof input, stdin);
619 resp[i]->resp = xstrdup(input); 640 reply[i].resp = xstrdup(input);
620 resp[i]->resp_retcode = PAM_SUCCESS; 641 reply[i].resp_retcode = PAM_SUCCESS;
621 break; 642 break;
622 case PAM_ERROR_MSG: 643 case PAM_ERROR_MSG:
623 case PAM_TEXT_INFO: 644 case PAM_TEXT_INFO:
624 fputs(PAM_MSG_MEMBER(msg, i, msg), stderr); 645 fputs(PAM_MSG_MEMBER(msg, i, msg), stderr);
625 resp[i]->resp_retcode = PAM_SUCCESS; 646 reply[i].resp_retcode = PAM_SUCCESS;
626 break; 647 break;
627 default: 648 default:
628 goto fail; 649 goto fail;
629 } 650 }
630 } 651 }
652 *resp = reply;
631 return (PAM_SUCCESS); 653 return (PAM_SUCCESS);
654
632 fail: 655 fail:
633 while (i) 656 for(i = 0; i < n; i++) {
634 xfree(resp[--i]); 657 if (reply[i].resp != NULL)
635 xfree(*resp); 658 xfree(reply[i].resp);
636 *resp = NULL; 659 }
660 xfree(reply);
637 return (PAM_CONV_ERR); 661 return (PAM_CONV_ERR);
638} 662}
639 663
diff --git a/cipher-3des1.c b/cipher-3des1.c
index f9a352397..6f9f5dd6b 100644
--- a/cipher-3des1.c
+++ b/cipher-3des1.c
@@ -29,6 +29,10 @@ RCSID("$OpenBSD: cipher-3des1.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
29#include "xmalloc.h" 29#include "xmalloc.h"
30#include "log.h" 30#include "log.h"
31 31
32#if OPENSSL_VERSION_NUMBER < 0x00906000L
33#define SSH_OLD_EVP
34#endif
35
32/* 36/*
33 * This is used by SSH1: 37 * This is used by SSH1:
34 * 38 *
diff --git a/cipher-aes.c b/cipher-aes.c
index c41def600..7ba950191 100644
--- a/cipher-aes.c
+++ b/cipher-aes.c
@@ -31,6 +31,10 @@ RCSID("$OpenBSD: cipher-aes.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
31#include "xmalloc.h" 31#include "xmalloc.h"
32#include "log.h" 32#include "log.h"
33 33
34#if OPENSSL_VERSION_NUMBER < 0x00906000L
35#define SSH_OLD_EVP
36#endif
37
34#define RIJNDAEL_BLOCKSIZE 16 38#define RIJNDAEL_BLOCKSIZE 16
35struct ssh_rijndael_ctx 39struct ssh_rijndael_ctx
36{ 40{
diff --git a/cipher-bf1.c b/cipher-bf1.c
index 64578bae8..5af695c17 100644
--- a/cipher-bf1.c
+++ b/cipher-bf1.c
@@ -28,6 +28,11 @@ RCSID("$OpenBSD: cipher-bf1.c,v 1.1 2003/05/15 03:08:29 markus Exp $");
28#include <openssl/evp.h> 28#include <openssl/evp.h>
29#include "xmalloc.h" 29#include "xmalloc.h"
30#include "log.h" 30#include "log.h"
31
32#if OPENSSL_VERSION_NUMBER < 0x00906000L
33#define SSH_OLD_EVP
34#endif
35
31/* 36/*
32 * SSH1 uses a variation on Blowfish, all bytes must be swapped before 37 * SSH1 uses a variation on Blowfish, all bytes must be swapped before
33 * and after encryption/decryption. Thus the swap_bytes stuff (yuk). 38 * and after encryption/decryption. Thus the swap_bytes stuff (yuk).
diff --git a/cipher-ctr.c b/cipher-ctr.c
index a2bab5c14..4f0814b22 100644
--- a/cipher-ctr.c
+++ b/cipher-ctr.c
@@ -21,6 +21,10 @@ RCSID("$OpenBSD: cipher-ctr.c,v 1.2 2003/06/17 18:14:23 markus Exp $");
21#include "log.h" 21#include "log.h"
22#include "xmalloc.h" 22#include "xmalloc.h"
23 23
24#if OPENSSL_VERSION_NUMBER < 0x00906000L
25#define SSH_OLD_EVP
26#endif
27
24#if OPENSSL_VERSION_NUMBER < 0x00907000L 28#if OPENSSL_VERSION_NUMBER < 0x00907000L
25#include "rijndael.h" 29#include "rijndael.h"
26#define AES_KEY rijndael_ctx 30#define AES_KEY rijndael_ctx
@@ -135,7 +139,9 @@ evp_aes_128_ctr(void)
135 aes_ctr.init = ssh_aes_ctr_init; 139 aes_ctr.init = ssh_aes_ctr_init;
136 aes_ctr.cleanup = ssh_aes_ctr_cleanup; 140 aes_ctr.cleanup = ssh_aes_ctr_cleanup;
137 aes_ctr.do_cipher = ssh_aes_ctr; 141 aes_ctr.do_cipher = ssh_aes_ctr;
142#ifndef SSH_OLD_EVP
138 aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | 143 aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
139 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; 144 EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
145#endif
140 return (&aes_ctr); 146 return (&aes_ctr);
141} 147}
diff --git a/cipher.c b/cipher.c
index e7c3c5411..ce533670b 100644
--- a/cipher.c
+++ b/cipher.c
@@ -87,9 +87,11 @@ struct Cipher {
87 { "rijndael-cbc@lysator.liu.se", 87 { "rijndael-cbc@lysator.liu.se",
88 SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc }, 88 SSH_CIPHER_SSH2, 16, 32, EVP_aes_256_cbc },
89#endif 89#endif
90#if OPENSSL_VERSION_NUMBER >= 0x00906000L
90 { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr }, 91 { "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, evp_aes_128_ctr },
91 { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr }, 92 { "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, evp_aes_128_ctr },
92 { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr }, 93 { "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, evp_aes_128_ctr },
94#endif
93 95
94 { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL } 96 { NULL, SSH_CIPHER_ILLEGAL, 0, 0, NULL }
95}; 97};
diff --git a/configure.ac b/configure.ac
index 716431080..916dc1075 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.154.2.10 2003/09/23 02:51:37 tim Exp $ 1# $Id: configure.ac,v 1.154.2.11 2003/09/23 09:24:21 djm Exp $
2 2
3AC_INIT 3AC_INIT
4AC_CONFIG_SRCDIR([ssh.c]) 4AC_CONFIG_SRCDIR([ssh.c])
@@ -480,7 +480,7 @@ AC_CHECK_HEADERS(bstring.h crypt.h endian.h features.h floatingpoint.h \
480 sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \ 480 sys/cdefs.h sys/mman.h sys/pstat.h sys/select.h sys/stat.h \
481 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \ 481 sys/stropts.h sys/sysmacros.h sys/time.h sys/timers.h \
482 sys/un.h time.h tmpdir.h ttyent.h usersec.h \ 482 sys/un.h time.h tmpdir.h ttyent.h usersec.h \
483 util.h utime.h utmp.h utmpx.h) 483 util.h utime.h utmp.h utmpx.h vis.h)
484 484
485# Checks for libraries. 485# Checks for libraries.
486AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match)) 486AC_CHECK_FUNC(yp_match, , AC_CHECK_LIB(nsl, yp_match))
diff --git a/log.c b/log.c
index 58ce8e5dd..9bce2555b 100644
--- a/log.c
+++ b/log.c
@@ -40,6 +40,9 @@ RCSID("$OpenBSD: log.c,v 1.28 2003/05/24 09:02:22 djm Exp $");
40#include "xmalloc.h" 40#include "xmalloc.h"
41 41
42#include <syslog.h> 42#include <syslog.h>
43#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
44# include <vis.h>
45#endif
43 46
44static LogLevel log_level = SYSLOG_LEVEL_INFO; 47static LogLevel log_level = SYSLOG_LEVEL_INFO;
45static int log_on_stderr = 1; 48static int log_on_stderr = 1;
diff --git a/servconf.c b/servconf.c
index 71e28b3cb..58f49a2f4 100644
--- a/servconf.c
+++ b/servconf.c
@@ -110,7 +110,7 @@ fill_default_server_options(ServerOptions *options)
110{ 110{
111 /* Portable-specific options */ 111 /* Portable-specific options */
112 if (options->use_pam == -1) 112 if (options->use_pam == -1)
113 options->use_pam = 1; 113 options->use_pam = 0;
114 114
115 /* Standard Options */ 115 /* Standard Options */
116 if (options->protocol == SSH_PROTO_UNKNOWN) 116 if (options->protocol == SSH_PROTO_UNKNOWN)
diff --git a/sftp-int.c b/sftp-int.c
index 94299aa43..c93eaabff 100644
--- a/sftp-int.c
+++ b/sftp-int.c
@@ -351,6 +351,7 @@ get_pathname(const char **cpp, char **path)
351 for (i = j = 0; i <= strlen(cp); i++) { 351 for (i = j = 0; i <= strlen(cp); i++) {
352 if (cp[i] == quot) { /* Found quote */ 352 if (cp[i] == quot) { /* Found quote */
353 (*path)[j] = '\0'; 353 (*path)[j] = '\0';
354 i++;
354 break; 355 break;
355 } 356 }
356 if (cp[i] == '\0') { /* End of string */ 357 if (cp[i] == '\0') { /* End of string */