1 files changed, 54 insertions, 36 deletions
diff --git a/ssh.c b/ssh.c
index ca279fbb8..d9611848d 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.201 2003/09/01 18:15:50 markus Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.190 2003/02/06 09:27:29 markus Exp $");
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -79,6 +79,14 @@ extern char *__progname;
 char *__progname;
 #endif
+/* Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
+   Default value is AF_UNSPEC means both IPv4 and IPv6. */
+#ifdef IPV4_DEFAULT
+int IPv4or6 = AF_INET;
+#else
+int IPv4or6 = AF_UNSPEC;
+#endif
 /* Flag indicating whether debug mode is on.  This can be set on the command line. */
 int debug_flag = 0;
@@ -154,6 +162,9 @@ usage(void)
             _PATH_SSH_USER_CONFFILE);
        fprintf(stderr, "  -A          Enable authentication agent forwarding.\n");
        fprintf(stderr, "  -a          Disable authentication agent forwarding (default).\n");
+#ifdef AFS
+        fprintf(stderr, "  -k          Disable Kerberos ticket and AFS token forwarding.\n");
+#endif                          /* AFS */
        fprintf(stderr, "  -X          Enable X11 connection forwarding.\n");
        fprintf(stderr, "  -x          Disable X11 connection forwarding (default).\n");
        fprintf(stderr, "  -i file     Identity for public key authentication "
@@ -211,7 +222,7 @@ main(int ac, char **av)
        extern int optind, optreset;
        extern char *optarg;
-        __progname = ssh_get_progname(av[0]);
+        __progname = get_progname(av[0]);
        init_rng();
        /*
@@ -242,7 +253,7 @@ main(int ac, char **av)
        /* Get user data. */
        pw = getpwuid(original_real_uid);
        if (!pw) {
-                logit("You don't exist, go away!");
+                log("You don't exist, go away!");
                exit(1);
        }
        /* Take a copy of the returned structure. */
@@ -273,10 +284,10 @@ again:
                        options.protocol = SSH_PROTO_2;
                        break;
                case '4':
-                        options.address_family = AF_INET;
+                        IPv4or6 = AF_INET;
                        break;
                case '6':
-                        options.address_family = AF_INET6;
+                        IPv4or6 = AF_INET6;
                        break;
                case 'n':
                        stdin_null_flag = 1;
@@ -303,9 +314,12 @@ again:
                case 'A':
                        options.forward_agent = 1;
                        break;
+#ifdef AFS
                case 'k':
-                        /* ignored for backward compatibility */
+                        options.kerberos_tgt_passing = 0;
+                        options.afs_token_passing = 0;
                        break;
+#endif
                case 'i':
                        if (stat(optarg, &st) < 0) {
                                fprintf(stderr, "Warning: Identity file %s "
@@ -332,22 +346,22 @@ again:
                        tty_flag = 1;
                        break;
                case 'v':
-                        if (debug_flag == 0) {
+                        if (0 == debug_flag) {
                                debug_flag = 1;
                                options.log_level = SYSLOG_LEVEL_DEBUG1;
-                        } else {
+                        } else if (options.log_level < SYSLOG_LEVEL_DEBUG3) {
-                                if (options.log_level < SYSLOG_LEVEL_DEBUG3)
+                                options.log_level++;
-                                        options.log_level++;
                                break;
-                        }
+                        } else
+                                fatal("Too high debugging level.");
                        /* fallthrough */
                case 'V':
                        fprintf(stderr,
-                            "%s, SSH protocols %d.%d/%d.%d, %s\n",
+                            "%s, SSH protocols %d.%d/%d.%d, OpenSSL 0x%8.8lx\n",
                            SSH_VERSION,
                            PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1,
                            PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
-                            SSLeay_version(SSLEAY_VERSION));
+                            SSLeay());
                        if (opt == 'V')
                                exit(0);
                        break;
@@ -418,9 +432,9 @@ again:
                case 'L':
                case 'R':
-                        if (sscanf(optarg, "%5[0123456789]:%255[^:]:%5[0123456789]",
+                        if (sscanf(optarg, "%5[0-9]:%255[^:]:%5[0-9]",
                            sfwd_port, buf, sfwd_host_port) != 3 &&
-                            sscanf(optarg, "%5[0123456789]/%255[^/]/%5[0123456789]",
+                            sscanf(optarg, "%5[0-9]/%255[^/]/%5[0-9]",
                            sfwd_port, buf, sfwd_host_port) != 3) {
                                fprintf(stderr,
                                    "Bad forwarding specification '%s'\n",
@@ -449,7 +463,7 @@ again:
                                    optarg);
                                exit(1);
                        }
-                        add_local_forward(&options, fwd_port, "socks", 0);
+                        add_local_forward(&options, fwd_port, "socks4", 0);
                        break;
                case 'C':
@@ -509,6 +523,7 @@ again:
        SSLeay_add_all_algorithms();
        ERR_load_crypto_strings();
+        channel_set_af(IPv4or6);
        /* Initialize the command to execute on remote host. */
        buffer_init(&command);
@@ -549,7 +564,7 @@ again:
        /* Do not allocate a tty if stdin is not a tty. */
        if (!isatty(fileno(stdin)) && !force_tty_flag) {
                if (tty_flag)
-                        logit("Pseudo-terminal will not be allocated because stdin is not a terminal.");
+                        log("Pseudo-terminal will not be allocated because stdin is not a terminal.");
                tty_flag = 0;
        }
@@ -580,8 +595,6 @@ again:
        /* Fill configuration defaults. */
        fill_default_options(&options);
-        channel_set_af(options.address_family);
        /* reinit */
        log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
@@ -593,20 +606,25 @@ again:
        if (options.hostname != NULL)
                host = options.hostname;
-        /* force lowercase for hostkey matching */
-        if (options.host_key_alias != NULL) {
-                for (p = options.host_key_alias; *p; p++)
-                        if (isupper(*p))
-                                *p = tolower(*p);
-        }
        if (options.proxy_command != NULL &&
            strcmp(options.proxy_command, "none") == 0)
                options.proxy_command = NULL;
+        /* Disable rhosts authentication if not running as root. */
+#ifdef HAVE_CYGWIN
+        /* Ignore uid if running under Windows */
+        if (!options.use_privileged_port) {
+#else
+        if (original_effective_uid != 0 || !options.use_privileged_port) {
+#endif
+                debug("Rhosts Authentication disabled, "
+                    "originating port will not be trusted.");
+                options.rhosts_authentication = 0;
+        }
        /* Open a connection to the remote host. */
-        if (ssh_connect(host, &hostaddr, options.port,
-            options.address_family, options.connection_attempts,
+        if (ssh_connect(host, &hostaddr, options.port, IPv4or6,
+            options.connection_attempts,
 #ifdef HAVE_CYGWIN
            options.use_privileged_port,
 #else
@@ -780,7 +798,7 @@ x11_get_proto(char **_proto, char **_data)
        if (!got_data) {
                u_int32_t rand = 0;
-                logit("Warning: No xauth data; using fake authentication data for X11 forwarding.");
+                log("Warning: No xauth data; using fake authentication data for X11 forwarding.");
                strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);
                for (i = 0; i < 16; i++) {
                        if (i % 4 == 0)
@@ -860,7 +878,7 @@ ssh_session(void)
                if (type == SSH_SMSG_SUCCESS)
                        packet_start_compression(options.compression_level);
                else if (type == SSH_SMSG_FAILURE)
-                        logit("Warning: Remote host refused compression.");
+                        log("Warning: Remote host refused compression.");
                else
                        packet_disconnect("Protocol error waiting for compression response.");
        }
@@ -899,7 +917,7 @@ ssh_session(void)
                        interactive = 1;
                        have_tty = 1;
                } else if (type == SSH_SMSG_FAILURE)
-                        logit("Warning: Remote host failed or refused to allocate a pseudo tty.");
+                        log("Warning: Remote host failed or refused to allocate a pseudo tty.");
                else
                        packet_disconnect("Protocol error waiting for pty request response.");
        }
@@ -917,7 +935,7 @@ ssh_session(void)
                if (type == SSH_SMSG_SUCCESS) {
                        interactive = 1;
                } else if (type == SSH_SMSG_FAILURE) {
-                        logit("Warning: Remote host denied X11 forwarding.");
+                        log("Warning: Remote host denied X11 forwarding.");
                } else {
                        packet_disconnect("Protocol error waiting for X11 forwarding");
                }
@@ -936,7 +954,7 @@ ssh_session(void)
                type = packet_read();
                packet_check_eom();
                if (type != SSH_SMSG_SUCCESS)
-                        logit("Warning: Remote host denied authentication agent forwarding.");
+                        log("Warning: Remote host denied authentication agent forwarding.");
        }
        /* Initiate port forwardings. */
@@ -1004,7 +1022,7 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt)
            options.remote_forwards[i].host,
            options.remote_forwards[i].host_port);
        if (type == SSH2_MSG_REQUEST_FAILURE)
-                logit("Warning: remote port forwarding failed for listen port %d",
+                log("Warning: remote port forwarding failed for listen port %d",
                    options.remote_forwards[i].port);
 }
@@ -1119,7 +1137,7 @@ ssh_session2_open(void)
        c = channel_new(
            "session", SSH_CHANNEL_OPENING, in, out, err,
            window, packetmax, CHAN_EXTENDED_WRITE,
-            "client-session", /*nonblock*/0);
+            xstrdup("client-session"), /*nonblock*/0);
        debug3("ssh_session2_open: channel_new: %d", c->self);
@@ -1171,7 +1189,7 @@ load_public_identity_files(void)
                            sizeof(Key *) * (SSH_MAX_IDENTITY_FILES - 1));
                        options.num_identity_files++;
                        options.identity_keys[0] = keys[i];
-                        options.identity_files[0] = sc_get_key_label(keys[i]);
+                        options.identity_files[0] = xstrdup("smartcard key");;
                }
                if (options.num_identity_files > SSH_MAX_IDENTITY_FILES)
                        options.num_identity_files = SSH_MAX_IDENTITY_FILES;

diff --git a/ssh.c b/ssh.c index ca279fbb8..d9611848d 100644 --- a/ssh.c +++ b/ssh.c
@@ -40,7 +40,7 @@
40	*/	40	*/
41		41
42	#include "includes.h"	42	#include "includes.h"
43	RCSID("$OpenBSD: ssh.c,v 1.201 2003/09/01 18:15:50 markus Exp $");	43	RCSID("$OpenBSD: ssh.c,v 1.190 2003/02/06 09:27:29 markus Exp $");
44		44
45	#include <openssl/evp.h>	45	#include <openssl/evp.h>
46	#include <openssl/err.h>	46	#include <openssl/err.h>
@@ -79,6 +79,14 @@ extern char *__progname;
79	char *__progname;	79	char *__progname;
80	#endif	80	#endif
81		81
		82	/* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
		83	Default value is AF_UNSPEC means both IPv4 and IPv6. */
		84	#ifdef IPV4_DEFAULT
		85	int IPv4or6 = AF_INET;
		86	#else
		87	int IPv4or6 = AF_UNSPEC;
		88	#endif
		89
82	/* Flag indicating whether debug mode is on. This can be set on the command line. */	90	/* Flag indicating whether debug mode is on. This can be set on the command line. */
83	int debug_flag = 0;	91	int debug_flag = 0;
84		92
@@ -154,6 +162,9 @@ usage(void)
154	_PATH_SSH_USER_CONFFILE);	162	_PATH_SSH_USER_CONFFILE);
155	fprintf(stderr, " -A Enable authentication agent forwarding.\n");	163	fprintf(stderr, " -A Enable authentication agent forwarding.\n");
156	fprintf(stderr, " -a Disable authentication agent forwarding (default).\n");	164	fprintf(stderr, " -a Disable authentication agent forwarding (default).\n");
		165	#ifdef AFS
		166	fprintf(stderr, " -k Disable Kerberos ticket and AFS token forwarding.\n");
		167	#endif /* AFS */
157	fprintf(stderr, " -X Enable X11 connection forwarding.\n");	168	fprintf(stderr, " -X Enable X11 connection forwarding.\n");
158	fprintf(stderr, " -x Disable X11 connection forwarding (default).\n");	169	fprintf(stderr, " -x Disable X11 connection forwarding (default).\n");
159	fprintf(stderr, " -i file Identity for public key authentication "	170	fprintf(stderr, " -i file Identity for public key authentication "
@@ -211,7 +222,7 @@ main(int ac, char **av)
211	extern int optind, optreset;	222	extern int optind, optreset;
212	extern char *optarg;	223	extern char *optarg;
213		224
214	__progname = ssh_get_progname(av[0]);	225	__progname = get_progname(av[0]);
215	init_rng();	226	init_rng();
216		227
217	/*	228	/*
@@ -242,7 +253,7 @@ main(int ac, char **av)
242	/* Get user data. */	253	/* Get user data. */
243	pw = getpwuid(original_real_uid);	254	pw = getpwuid(original_real_uid);
244	if (!pw) {	255	if (!pw) {
245	logit("You don't exist, go away!");	256	log("You don't exist, go away!");
246	exit(1);	257	exit(1);
247	}	258	}
248	/* Take a copy of the returned structure. */	259	/* Take a copy of the returned structure. */
@@ -273,10 +284,10 @@ again:
273	options.protocol = SSH_PROTO_2;	284	options.protocol = SSH_PROTO_2;
274	break;	285	break;
275	case '4':	286	case '4':
276	options.address_family = AF_INET;	287	IPv4or6 = AF_INET;
277	break;	288	break;
278	case '6':	289	case '6':
279	options.address_family = AF_INET6;	290	IPv4or6 = AF_INET6;
280	break;	291	break;
281	case 'n':	292	case 'n':
282	stdin_null_flag = 1;	293	stdin_null_flag = 1;
@@ -303,9 +314,12 @@ again:
303	case 'A':	314	case 'A':
304	options.forward_agent = 1;	315	options.forward_agent = 1;
305	break;	316	break;
		317	#ifdef AFS
306	case 'k':	318	case 'k':
307	/* ignored for backward compatibility */	319	options.kerberos_tgt_passing = 0;
		320	options.afs_token_passing = 0;
308	break;	321	break;
		322	#endif
309	case 'i':	323	case 'i':
310	if (stat(optarg, &st) < 0) {	324	if (stat(optarg, &st) < 0) {
311	fprintf(stderr, "Warning: Identity file %s "	325	fprintf(stderr, "Warning: Identity file %s "
@@ -332,22 +346,22 @@ again:
332	tty_flag = 1;	346	tty_flag = 1;
333	break;	347	break;
334	case 'v':	348	case 'v':
335	if (debug_flag == 0) {	349	if (0 == debug_flag) {
336	debug_flag = 1;	350	debug_flag = 1;
337	options.log_level = SYSLOG_LEVEL_DEBUG1;	351	options.log_level = SYSLOG_LEVEL_DEBUG1;
338	} else {	352	} else if (options.log_level < SYSLOG_LEVEL_DEBUG3) {
339	if (options.log_level < SYSLOG_LEVEL_DEBUG3)	353	options.log_level++;
340	options.log_level++;
341	break;	354	break;
342	}	355	} else
		356	fatal("Too high debugging level.");
343	/* fallthrough */	357	/* fallthrough */
344	case 'V':	358	case 'V':
345	fprintf(stderr,	359	fprintf(stderr,
346	"%s, SSH protocols %d.%d/%d.%d, %s\n",	360	"%s, SSH protocols %d.%d/%d.%d, OpenSSL 0x%8.8lx\n",
347	SSH_VERSION,	361	SSH_VERSION,
348	PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1,	362	PROTOCOL_MAJOR_1, PROTOCOL_MINOR_1,
349	PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,	363	PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2,
350	SSLeay_version(SSLEAY_VERSION));	364	SSLeay());
351	if (opt == 'V')	365	if (opt == 'V')
352	exit(0);	366	exit(0);
353	break;	367	break;
@@ -418,9 +432,9 @@ again:
418		432
419	case 'L':	433	case 'L':
420	case 'R':	434	case 'R':
421	if (sscanf(optarg, "%5[0123456789]:%255[^:]:%5[0123456789]",	435	if (sscanf(optarg, "%5[0-9]:%255[^:]:%5[0-9]",
422	sfwd_port, buf, sfwd_host_port) != 3 &&	436	sfwd_port, buf, sfwd_host_port) != 3 &&
423	sscanf(optarg, "%5[0123456789]/%255[^/]/%5[0123456789]",	437	sscanf(optarg, "%5[0-9]/%255[^/]/%5[0-9]",
424	sfwd_port, buf, sfwd_host_port) != 3) {	438	sfwd_port, buf, sfwd_host_port) != 3) {
425	fprintf(stderr,	439	fprintf(stderr,
426	"Bad forwarding specification '%s'\n",	440	"Bad forwarding specification '%s'\n",
@@ -449,7 +463,7 @@ again:
449	optarg);	463	optarg);
450	exit(1);	464	exit(1);
451	}	465	}
452	add_local_forward(&options, fwd_port, "socks", 0);	466	add_local_forward(&options, fwd_port, "socks4", 0);
453	break;	467	break;
454		468
455	case 'C':	469	case 'C':
@@ -509,6 +523,7 @@ again:
509		523
510	SSLeay_add_all_algorithms();	524	SSLeay_add_all_algorithms();
511	ERR_load_crypto_strings();	525	ERR_load_crypto_strings();
		526	channel_set_af(IPv4or6);
512		527
513	/* Initialize the command to execute on remote host. */	528	/* Initialize the command to execute on remote host. */
514	buffer_init(&command);	529	buffer_init(&command);
@@ -549,7 +564,7 @@ again:
549	/* Do not allocate a tty if stdin is not a tty. */	564	/* Do not allocate a tty if stdin is not a tty. */
550	if (!isatty(fileno(stdin)) && !force_tty_flag) {	565	if (!isatty(fileno(stdin)) && !force_tty_flag) {
551	if (tty_flag)	566	if (tty_flag)
552	logit("Pseudo-terminal will not be allocated because stdin is not a terminal.");	567	log("Pseudo-terminal will not be allocated because stdin is not a terminal.");
553	tty_flag = 0;	568	tty_flag = 0;
554	}	569	}
555		570
@@ -580,8 +595,6 @@ again:
580	/* Fill configuration defaults. */	595	/* Fill configuration defaults. */
581	fill_default_options(&options);	596	fill_default_options(&options);
582		597
583	channel_set_af(options.address_family);
584
585	/* reinit */	598	/* reinit */
586	log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);	599	log_init(av[0], options.log_level, SYSLOG_FACILITY_USER, 1);
587		600
@@ -593,20 +606,25 @@ again:
593	if (options.hostname != NULL)	606	if (options.hostname != NULL)
594	host = options.hostname;	607	host = options.hostname;
595		608
596	/* force lowercase for hostkey matching */
597	if (options.host_key_alias != NULL) {
598	for (p = options.host_key_alias; *p; p++)
599	if (isupper(*p))
600	p = tolower(p);
601	}
602
603	if (options.proxy_command != NULL &&	609	if (options.proxy_command != NULL &&
604	strcmp(options.proxy_command, "none") == 0)	610	strcmp(options.proxy_command, "none") == 0)
605	options.proxy_command = NULL;	611	options.proxy_command = NULL;
606		612
		613	/* Disable rhosts authentication if not running as root. */
		614	#ifdef HAVE_CYGWIN
		615	/* Ignore uid if running under Windows */
		616	if (!options.use_privileged_port) {
		617	#else
		618	if (original_effective_uid != 0 \|\| !options.use_privileged_port) {
		619	#endif
		620	debug("Rhosts Authentication disabled, "
		621	"originating port will not be trusted.");
		622	options.rhosts_authentication = 0;
		623	}
607	/* Open a connection to the remote host. */	624	/* Open a connection to the remote host. */
608	if (ssh_connect(host, &hostaddr, options.port,	625
609	options.address_family, options.connection_attempts,	626	if (ssh_connect(host, &hostaddr, options.port, IPv4or6,
		627	options.connection_attempts,
610	#ifdef HAVE_CYGWIN	628	#ifdef HAVE_CYGWIN
611	options.use_privileged_port,	629	options.use_privileged_port,
612	#else	630	#else
@@ -780,7 +798,7 @@ x11_get_proto(char _proto, char _data)
780	if (!got_data) {	798	if (!got_data) {
781	u_int32_t rand = 0;	799	u_int32_t rand = 0;
782		800
783	logit("Warning: No xauth data; using fake authentication data for X11 forwarding.");	801	log("Warning: No xauth data; using fake authentication data for X11 forwarding.");
784	strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);	802	strlcpy(proto, "MIT-MAGIC-COOKIE-1", sizeof proto);
785	for (i = 0; i < 16; i++) {	803	for (i = 0; i < 16; i++) {
786	if (i % 4 == 0)	804	if (i % 4 == 0)
@@ -860,7 +878,7 @@ ssh_session(void)
860	if (type == SSH_SMSG_SUCCESS)	878	if (type == SSH_SMSG_SUCCESS)
861	packet_start_compression(options.compression_level);	879	packet_start_compression(options.compression_level);
862	else if (type == SSH_SMSG_FAILURE)	880	else if (type == SSH_SMSG_FAILURE)
863	logit("Warning: Remote host refused compression.");	881	log("Warning: Remote host refused compression.");
864	else	882	else
865	packet_disconnect("Protocol error waiting for compression response.");	883	packet_disconnect("Protocol error waiting for compression response.");
866	}	884	}
@@ -899,7 +917,7 @@ ssh_session(void)
899	interactive = 1;	917	interactive = 1;
900	have_tty = 1;	918	have_tty = 1;
901	} else if (type == SSH_SMSG_FAILURE)	919	} else if (type == SSH_SMSG_FAILURE)
902	logit("Warning: Remote host failed or refused to allocate a pseudo tty.");	920	log("Warning: Remote host failed or refused to allocate a pseudo tty.");
903	else	921	else
904	packet_disconnect("Protocol error waiting for pty request response.");	922	packet_disconnect("Protocol error waiting for pty request response.");
905	}	923	}
@@ -917,7 +935,7 @@ ssh_session(void)
917	if (type == SSH_SMSG_SUCCESS) {	935	if (type == SSH_SMSG_SUCCESS) {
918	interactive = 1;	936	interactive = 1;
919	} else if (type == SSH_SMSG_FAILURE) {	937	} else if (type == SSH_SMSG_FAILURE) {
920	logit("Warning: Remote host denied X11 forwarding.");	938	log("Warning: Remote host denied X11 forwarding.");
921	} else {	939	} else {
922	packet_disconnect("Protocol error waiting for X11 forwarding");	940	packet_disconnect("Protocol error waiting for X11 forwarding");
923	}	941	}
@@ -936,7 +954,7 @@ ssh_session(void)
936	type = packet_read();	954	type = packet_read();
937	packet_check_eom();	955	packet_check_eom();
938	if (type != SSH_SMSG_SUCCESS)	956	if (type != SSH_SMSG_SUCCESS)
939	logit("Warning: Remote host denied authentication agent forwarding.");	957	log("Warning: Remote host denied authentication agent forwarding.");
940	}	958	}
941		959
942	/* Initiate port forwardings. */	960	/* Initiate port forwardings. */
@@ -1004,7 +1022,7 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt)
1004	options.remote_forwards[i].host,	1022	options.remote_forwards[i].host,
1005	options.remote_forwards[i].host_port);	1023	options.remote_forwards[i].host_port);
1006	if (type == SSH2_MSG_REQUEST_FAILURE)	1024	if (type == SSH2_MSG_REQUEST_FAILURE)
1007	logit("Warning: remote port forwarding failed for listen port %d",	1025	log("Warning: remote port forwarding failed for listen port %d",
1008	options.remote_forwards[i].port);	1026	options.remote_forwards[i].port);
1009	}	1027	}
1010		1028
@@ -1119,7 +1137,7 @@ ssh_session2_open(void)
1119	c = channel_new(	1137	c = channel_new(
1120	"session", SSH_CHANNEL_OPENING, in, out, err,	1138	"session", SSH_CHANNEL_OPENING, in, out, err,
1121	window, packetmax, CHAN_EXTENDED_WRITE,	1139	window, packetmax, CHAN_EXTENDED_WRITE,
1122	"client-session", /nonblock/0);	1140	xstrdup("client-session"), /nonblock/0);
1123		1141
1124	debug3("ssh_session2_open: channel_new: %d", c->self);	1142	debug3("ssh_session2_open: channel_new: %d", c->self);
1125		1143
@@ -1171,7 +1189,7 @@ load_public_identity_files(void)
1171	sizeof(Key ) (SSH_MAX_IDENTITY_FILES - 1));	1189	sizeof(Key ) (SSH_MAX_IDENTITY_FILES - 1));
1172	options.num_identity_files++;	1190	options.num_identity_files++;
1173	options.identity_keys[0] = keys[i];	1191	options.identity_keys[0] = keys[i];
1174	options.identity_files[0] = sc_get_key_label(keys[i]);	1192	options.identity_files[0] = xstrdup("smartcard key");;
1175	}	1193	}
1176	if (options.num_identity_files > SSH_MAX_IDENTITY_FILES)	1194	if (options.num_identity_files > SSH_MAX_IDENTITY_FILES)
1177	options.num_identity_files = SSH_MAX_IDENTITY_FILES;	1195	options.num_identity_files = SSH_MAX_IDENTITY_FILES;