8 files changed, 39 insertions, 147 deletions
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c
index 38be7e350..e90c1597f 100644
--- a/openbsd-compat/bsd-cygwin_util.c
+++ b/openbsd-compat/bsd-cygwin_util.c
@@ -39,9 +39,6 @@
 #endif
 #include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/utsname.h>
-#include <sys/vfs.h>
 #include <fcntl.h>
 #include <stdlib.h>
@@ -49,11 +46,6 @@
 #include <windows.h>
 #include "xmalloc.h"
-#define is_winnt       (GetVersion() < 0x80000000)
-#define ntsec_on(c)     ((c) && strstr((c),"ntsec") && !strstr((c),"nontsec"))
-#define ntsec_off(c)    ((c) && strstr((c),"nontsec"))
-#define ntea_on(c)      ((c) && strstr((c),"ntea") && !strstr((c),"nontea"))
 int 
 binary_open(const char *filename, int flags, ...)
@@ -79,128 +71,12 @@ binary_pipe(int fd[2])
        return (ret);
 }
-#define HAS_CREATE_TOKEN 1
-#define HAS_NTSEC_BY_DEFAULT 2
-#define HAS_CREATE_TOKEN_WO_NTSEC 3
-static int 
-has_capability(int what)
-{
-        static int inited;
-        static int has_create_token;
-        static int has_ntsec_by_default;
-        static int has_create_token_wo_ntsec;
-        /* 
-         * has_capability() basically calls uname() and checks if
-         * specific capabilities of Cygwin can be evaluated from that.
-         * This simplifies the calling functions which only have to ask
-         * for a capability using has_capability() instead of having
-         * to figure that out by themselves.
-         */
-        if (!inited) {
-                struct utsname uts;
-                
-                if (!uname(&uts)) {
-                        int major_high = 0, major_low = 0, minor = 0;
-                        int api_major_version = 0, api_minor_version = 0;
-                        char *c;
-                        sscanf(uts.release, "%d.%d.%d", &major_high,
-                            &major_low, &minor);
-                        if ((c = strchr(uts.release, '(')) != NULL) {
-                                sscanf(c + 1, "%d.%d", &api_major_version,
-                                    &api_minor_version);
-                        }
-                        if (major_high > 1 ||
-                            (major_high == 1 && (major_low > 3 ||
-                            (major_low == 3 && minor >= 2))))
-                                has_create_token = 1;
-                        if (api_major_version > 0 || api_minor_version >= 56)
-                                has_ntsec_by_default = 1;
-                        if (major_high > 1 ||
-                            (major_high == 1 && major_low >= 5))
-                                has_create_token_wo_ntsec = 1;
-                        inited = 1;
-                }
-        }
-        switch (what) {
-        case HAS_CREATE_TOKEN:
-                return (has_create_token);
-        case HAS_NTSEC_BY_DEFAULT:
-                return (has_ntsec_by_default);
-        case HAS_CREATE_TOKEN_WO_NTSEC:
-                return (has_create_token_wo_ntsec);
-        }
-        return (0);
-}
-int
-check_nt_auth(int pwd_authenticated, struct passwd *pw)
-{
-        /*
-        * The only authentication which is able to change the user
-        * context on NT systems is the password authentication. So
-        * we deny all requsts for changing the user context if another
-        * authentication method is used.
-        *
-        * This doesn't apply to Cygwin versions >= 1.3.2 anymore which
-        * uses the undocumented NtCreateToken() call to create a user
-        * token if the process has the appropriate privileges and if
-        * CYGWIN ntsec setting is on.
-        */
-        static int has_create_token = -1;
-        if (pw == NULL)
-                return 0;
-        if (is_winnt) {
-                if (has_create_token < 0) {
-                        char *cygwin = getenv("CYGWIN");
-                        has_create_token = 0;
-                        if (has_capability(HAS_CREATE_TOKEN) &&
-                            (ntsec_on(cygwin) ||
-                            (has_capability(HAS_NTSEC_BY_DEFAULT) &&
-                             !ntsec_off(cygwin)) ||
-                             has_capability(HAS_CREATE_TOKEN_WO_NTSEC)))
-                                has_create_token = 1;
-                }
-                if (has_create_token < 1 &&
-                    !pwd_authenticated && geteuid() != pw->pw_uid)
-                        return (0);
-        }
-        return (1);
-}
 int
 check_ntsec(const char *filename)
 {
        return (pathconf(filename, _PC_POSIX_PERMISSIONS));
 }
-void
-register_9x_service(void)
-{
-        HINSTANCE kerneldll;
-        DWORD (*RegisterServiceProcess)(DWORD, DWORD);
-        /* The service register mechanism in 9x/Me is pretty different from
-         * NT/2K/XP.  In NT/2K/XP we're using a special service starter
-         * application to register and control sshd as service.  This method
-         * doesn't play nicely with 9x/Me.  For that reason we register here
-         * as service when running under 9x/Me.  This function is only called
-         * by the child sshd when it's going to daemonize.
-         */
-        if (is_winnt)
-                return;
-        if (!(kerneldll = LoadLibrary("KERNEL32.DLL")))
-                return;
-        if (!(RegisterServiceProcess = (DWORD (*)(DWORD, DWORD))
-                GetProcAddress(kerneldll, "RegisterServiceProcess")))
-                return;
-        RegisterServiceProcess(0, 1);
-}
 #define NL(x) x, (sizeof (x) - 1)
 #define WENV_SIZ (sizeof (wenv_arr) / sizeof (wenv_arr[0]))
diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h
index 6719b8a49..39b8eb788 100644
--- a/openbsd-compat/bsd-cygwin_util.h
+++ b/openbsd-compat/bsd-cygwin_util.h
@@ -1,4 +1,4 @@
-/* $Id: bsd-cygwin_util.h,v 1.11 2004/08/30 10:42:08 dtucker Exp $ */
+/* $Id: bsd-cygwin_util.h,v 1.12 2009/03/08 00:40:28 dtucker Exp $ */
 /*
 * Copyright (c) 2000, 2001, Corinna Vinschen <vinschen@cygnus.com>
@@ -35,7 +35,6 @@
 #ifdef HAVE_CYGWIN
 #undef ERROR
-#define is_winnt       (GetVersion() < 0x80000000)
 #include <windows.h>
 #include <sys/cygwin.h>
@@ -43,9 +42,7 @@
 int binary_open(const char *, int , ...);
 int binary_pipe(int fd[2]);
-int check_nt_auth(int, struct passwd *);
 int check_ntsec(const char *);
-void register_9x_service(void);
 char **fetch_windows_environment(void);
 void free_windows_environment(char **);
diff --git a/openbsd-compat/daemon.c b/openbsd-compat/daemon.c
index e3a6886bd..3efe14c68 100644
--- a/openbsd-compat/daemon.c
+++ b/openbsd-compat/daemon.c
@@ -57,18 +57,8 @@ daemon(int nochdir, int noclose)
        case -1:
                return (-1);
        case 0:
-#ifdef HAVE_CYGWIN
-                register_9x_service();
-#endif
                break;
        default:
-#ifdef HAVE_CYGWIN
-                /*
-                 * This sleep avoids a race condition which kills the
-                 * child process if parent is started by a NT/W2K service.
-                 */
-                sleep(1);
-#endif
                _exit(0);
        }
diff --git a/openbsd-compat/getrrsetbyname.c b/openbsd-compat/getrrsetbyname.c
index 785b22569..98876673d 100644
--- a/openbsd-compat/getrrsetbyname.c
+++ b/openbsd-compat/getrrsetbyname.c
@@ -143,7 +143,7 @@ u_int32_t _getlong(register const u_char *);
 /* ************** */
-#define ANSWER_BUFFER_SIZE 1024*64
+#define ANSWER_BUFFER_SIZE 0xffff
 struct dns_query {
        char                    *name;
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index 49238ba80..dd326c00f 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.6 2008/02/28 08:13:52 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.8 2009/03/07 11:22:35 dtucker Exp $ */
 /*
 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -49,6 +49,15 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
 }
 #endif
+#ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
+int
+ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt)
+{
+        EVP_DigestUpdate(ctx, d, cnt);
+        return 1;
+}
+#endif
 #ifdef  USE_OPENSSL_ENGINE
 void
 ssh_SSLeay_add_all_algorithms(void)
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index 6a1bed5b2..fcc762867 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.12 2008/02/28 08:22:04 dtucker Exp $ */
+/* $Id: openssl-compat.h,v 1.14 2009/03/07 11:22:35 dtucker Exp $ */
 /*
 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -80,6 +80,10 @@ extern const EVP_CIPHER *evp_acss(void);
 #  define EVP_CIPHER_CTX_cleanup(a)     ssh_EVP_CIPHER_CTX_cleanup((a))
 # endif /* SSH_OLD_EVP */
+# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID
+#  define EVP_DigestUpdate(a,b,c)       ssh_EVP_DigestUpdate((a),(b),(c))
+#  endif
 # ifdef USE_OPENSSL_ENGINE
 #  ifdef SSLeay_add_all_algorithms
 #   undef SSLeay_add_all_algorithms
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 5b1cb7387..d9c0876f3 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -57,6 +57,8 @@
 #include "port-aix.h"
+static char *lastlogin_msg = NULL;
 # ifdef HAVE_SETAUTHDB
 static char old_registry[REGISTRY_SIZE] = "";
 # endif
@@ -276,23 +278,30 @@ sys_auth_record_login(const char *user, const char *host, const char *ttynm,
    Buffer *loginmsg)
 {
        char *msg = NULL;
-        static int msg_done = 0;
        int success = 0;
        aix_setauthdb(user);
        if (loginsuccess((char *)user, (char *)host, (char *)ttynm, &msg) == 0) {
                success = 1;
-                if (msg != NULL && loginmsg != NULL && !msg_done) {
+                if (msg != NULL) {
                        debug("AIX/loginsuccess: msg %s", msg);
-                        buffer_append(loginmsg, msg, strlen(msg));
+                        if (lastlogin_msg == NULL)
-                        xfree(msg);
+                                lastlogin_msg = msg;
-                        msg_done = 1;
                }
        }
        aix_restoreauthdb();
        return (success);
 }
+char *
+sys_auth_get_lastlogin_msg(const char *user, uid_t uid)
+{
+        char *msg = lastlogin_msg;
+        lastlogin_msg = NULL;
+        return msg;
+}
 #  ifdef CUSTOM_FAILED_LOGIN
 /*
 * record_failed_login: generic "login failed" interface function
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index ecb9feae8..3ac76ae15 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -1,4 +1,4 @@
-/* $Id: port-aix.h,v 1.29 2008/03/09 05:36:55 dtucker Exp $ */
+/* $Id: port-aix.h,v 1.31 2009/08/20 06:20:50 dtucker Exp $ */
 /*
 *
@@ -71,6 +71,11 @@ int passwdexpired(char *, char **);
 # include <sys/timers.h>
 #endif
+/* for setpcred and friends */
+#ifdef HAVE_USERSEC_H
+# include <usersec.h>
+#endif
 /*
 * According to the setauthdb man page, AIX password registries must be 15
 * chars or less plus terminating NUL.
@@ -87,6 +92,8 @@ void aix_usrinfo(struct passwd *);
 int sys_auth_allowed_user(struct passwd *, Buffer *);
 # define CUSTOM_SYS_AUTH_RECORD_LOGIN 1
 int sys_auth_record_login(const char *, const char *, const char *, Buffer *);
+# define CUSTOM_SYS_AUTH_GET_LASTLOGIN_MSG
+char *sys_auth_get_lastlogin_msg(const char *, uid_t);
 # define CUSTOM_FAILED_LOGIN 1
 #endif