Vendor import of OpenSSH 3.8p1.

45 files changed, 662 insertions, 170 deletions

diff --git a/crypto/openssh/openbsd-compat/Makefile.in b/crypto/openssh/openbsd-compat/Makefile.in
index c48593f..5de20ab 100644
--- a/crypto/openssh/openbsd-compat/Makefile.in
+++ b/crypto/openssh/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.28 2003/07/24 06:52:14 mouring Exp $
+# $Id: Makefile.in,v 1.30 2004/01/21 06:07:23 djm Exp $
 
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -16,9 +16,9 @@ RANLIB=@RANLIB@
 INSTALL=@INSTALL@
 LDFLAGS=-L. @LDFLAGS@
 
-OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o vis.o
+OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtoul.o vis.o
 
-COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
+COMPAT=bsd-arc4random.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
 
 PORTS=port-irix.o port-aix.o
 
diff --git a/crypto/openssh/openbsd-compat/base64.c b/crypto/openssh/openbsd-compat/base64.c
index 91a5ab0..dcaa03e 100644
--- a/crypto/openssh/openbsd-compat/base64.c
+++ b/crypto/openssh/openbsd-compat/base64.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/net/base64.c */
+
 /*	$OpenBSD: base64.c,v 1.4 2002/01/02 23:00:10 deraadt Exp $	*/
 
 /*
diff --git a/crypto/openssh/openbsd-compat/basename.c b/crypto/openssh/openbsd-compat/basename.c
index 2054c80..552dc1e 100644
--- a/crypto/openssh/openbsd-compat/basename.c
+++ b/crypto/openssh/openbsd-compat/basename.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/basename.c */
+
 /*	$OpenBSD: basename.c,v 1.11 2003/06/17 21:56:23 millert Exp $	*/
 
 /*
diff --git a/crypto/openssh/openbsd-compat/bsd-arc4random.c b/crypto/openssh/openbsd-compat/bsd-arc4random.c
index 5f89096..22003ff 100644
--- a/crypto/openssh/openbsd-compat/bsd-arc4random.c
+++ b/crypto/openssh/openbsd-compat/bsd-arc4random.c
@@ -1,31 +1,23 @@
 /*
- * Copyright (c) 1999-2000 Damien Miller.  All rights reserved.
+ * Copyright (c) 1999,2000,2004 Damien Miller <djm@mindrot.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include "includes.h"
 #include "log.h"
 
-RCSID("$Id: bsd-arc4random.c,v 1.7 2003/05/18 14:13:38 djm Exp $");
+RCSID("$Id: bsd-arc4random.c,v 1.8 2004/02/17 05:49:55 djm Exp $");
 
 #ifndef HAVE_ARC4RANDOM
 
diff --git a/crypto/openssh/openbsd-compat/bsd-cray.c b/crypto/openssh/openbsd-compat/bsd-cray.c
index f2ac428..f630366 100644
--- a/crypto/openssh/openbsd-compat/bsd-cray.c
+++ b/crypto/openssh/openbsd-compat/bsd-cray.c
@@ -1,5 +1,5 @@
 /* 
- * $Id: bsd-cray.c,v 1.12 2003/06/03 02:45:27 dtucker Exp $
+ * $Id: bsd-cray.c,v 1.13 2004/01/30 03:34:22 dtucker Exp $
  *
  * bsd-cray.c
  *
@@ -59,6 +59,28 @@
 #include <ia.h>
 #include <urm.h>
 #include "ssh.h"
+
+#include "includes.h"
+#include "sys/types.h"
+
+#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
+# define      _SS_MAXSIZE     128     /* Implementation specific max size */
+# define       _SS_PADSIZE     (_SS_MAXSIZE - sizeof (struct sockaddr))
+
+# define ss_family ss_sa.sa_family
+#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */
+
+#ifndef IN6_IS_ADDR_LOOPBACK
+# define IN6_IS_ADDR_LOOPBACK(a) \
+	(((u_int32_t *) (a))[0] == 0 && ((u_int32_t *) (a))[1] == 0 && \
+	 ((u_int32_t *) (a))[2] == 0 && ((u_int32_t *) (a))[3] == htonl (1))
+#endif /* !IN6_IS_ADDR_LOOPBACK */
+
+#ifndef AF_INET6
+/* Define it to something that should never appear */
+#define AF_INET6 AF_MAX
+#endif
+
 #include "log.h"
 #include "servconf.h"
 #include "bsd-cray.h"
@@ -182,7 +204,7 @@ cray_setup (uid_t uid, char *username, const char *command)
 	/* passwd stuff for ia_user */
 	passwd_t pwdacm, pwddialup, pwdudb, pwdwal, pwddce;
 	ia_user_ret_t uret;		/* stuff returned from ia_user */
-	ia_user_t usent			/* ia_user main structure */
+	ia_user_t usent;		/* ia_user main structure */
 	int ia_rcode;			/* ia_user return code */
 	ia_failure_t fsent;		/* ia_failure structure */
 	ia_failure_ret_t fret;		/* ia_failure return stuff */
@@ -501,54 +523,54 @@ cray_setup (uid_t uid, char *username, const char *command)
 					break;
 				default:
 					valid_acct = nam2acid(acct_name);
-					if (valid_acct == -1) {
+					if (valid_acct == -1) 
 						printf(
 						    "Account id not found for"
 						    " account name \"%s\"\n\n",
 						    acct_name);
 					break;
-					}
-					/*
-					 * If an account was given, search the user's
-					 * acids array to verify they can use this account.
-					 */
-					if ((valid_acct != -1) &&
-					    !(ue.ue_permbits & PERMBITS_ACCTID)) {
-						for (i = 0; i < MAXVIDS; i++) {
-							if (ue.ue_acids[i] == -1)
-								break;
-							if (valid_acct == ue.ue_acids[i])
-								break;
-						}
-						if (i == MAXVIDS ||
-						    ue.ue_acids[i] == -1) {
-							fprintf(stderr, "Cannot set"
-							    " account name to "
-							    "\"%s\", permission "
-							    "denied\n\n", acct_name);
-							valid_acct = -1;
-						}
-					}
 				}
-			} else {
 				/*
-				 * The client isn't connected to a terminal and can't
-				 * respond to an acid prompt.  Use default acid.
+				 * If an account was given, search the user's
+				 * acids array to verify they can use this account.
 				 */
-				debug("cray_setup: ttyname false case, %.100s",
-				    ttyname);
-				valid_acct = ue.ue_acids[0];
+				if ((valid_acct != -1) &&
+				    !(ue.ue_permbits & PERMBITS_ACCTID)) {
+					for (i = 0; i < MAXVIDS; i++) {
+						if (ue.ue_acids[i] == -1)
+							break;
+						if (valid_acct == ue.ue_acids[i])
+							break;
+					}
+					if (i == MAXVIDS ||
+					    ue.ue_acids[i] == -1) {
+						fprintf(stderr, "Cannot set"
+						    " account name to "
+						    "\"%s\", permission "
+						    "denied\n\n", acct_name);
+						valid_acct = -1;
+					}
+				}
 			}
 		} else {
 			/*
-			 * The user doesn't have the askacid permbit set or
-			 * only has one valid account to use.
+			 * The client isn't connected to a terminal and can't
+			 * respond to an acid prompt.  Use default acid.
 			 */
+			debug("cray_setup: ttyname false case, %.100s",
+			    ttyname);
 			valid_acct = ue.ue_acids[0];
 		}
-		if (acctid(0, valid_acct) < 0) {
-			printf ("Bad account id: %d\n", valid_acct);
-			exit(1);
+	} else {
+		/*
+		 * The user doesn't have the askacid permbit set or
+		 * only has one valid account to use.
+		 */
+		valid_acct = ue.ue_acids[0];
+	}
+	if (acctid(0, valid_acct) < 0) {
+		printf ("Bad account id: %d\n", valid_acct);
+		exit(1);
 	}
 
 	/* 
@@ -778,4 +800,17 @@ cray_set_tmpdir(struct utmp *ut)
 	ut->ut_jid = jid;
 	strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ);
 }
-#endif
+#endif /* UNICOS */
+
+#ifdef _UNICOSMP
+#include <pwd.h>
+/*
+ * Set job id and create tmpdir directory.
+ */
+void
+cray_init_job(struct passwd *pw)
+{
+	initrm_silent(pw->pw_uid);
+	return;
+}
+#endif /* _UNICOSMP */
diff --git a/crypto/openssh/openbsd-compat/bsd-cray.h b/crypto/openssh/openbsd-compat/bsd-cray.h
index a121ea1..de6ba1a 100644
--- a/crypto/openssh/openbsd-compat/bsd-cray.h
+++ b/crypto/openssh/openbsd-compat/bsd-cray.h
@@ -1,4 +1,4 @@
-/* $Id: bsd-cray.h,v 1.10 2003/08/29 16:59:52 mouring Exp $ */
+/* $Id: bsd-cray.h,v 1.11 2004/01/30 03:34:22 dtucker Exp $ */
 
 /*
  * Copyright (c) 2002, Cray Inc.  (Wendy Palm <wendyp@cray.com>)
@@ -53,7 +53,6 @@ extern char cray_tmpdir[];
 # define MAXHOSTNAMELEN  64
 #endif
 #ifndef _CRAYT3E
-# include <sys/ttold.h>
 # define TIOCGPGRP (tIOC|20)
 #endif
 
diff --git a/crypto/openssh/openbsd-compat/bsd-getpeereid.c b/crypto/openssh/openbsd-compat/bsd-getpeereid.c
index bcda2c1..fe2edad 100644
--- a/crypto/openssh/openbsd-compat/bsd-getpeereid.c
+++ b/crypto/openssh/openbsd-compat/bsd-getpeereid.c
@@ -1,30 +1,22 @@
 /*
- * Copyright (c) 2002 Damien Miller.  All rights reserved.
+ * Copyright (c) 2002,2004 Damien Miller <djm@mindrot.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include "includes.h"
 
-RCSID("$Id: bsd-getpeereid.c,v 1.2 2003/03/24 22:07:52 djm Exp $");
+RCSID("$Id: bsd-getpeereid.c,v 1.3 2004/02/17 05:49:55 djm Exp $");
 
 #if !defined(HAVE_GETPEEREID)
 
diff --git a/crypto/openssh/openbsd-compat/bsd-misc.c b/crypto/openssh/openbsd-compat/bsd-misc.c
index 08b089b..7b06786 100644
--- a/crypto/openssh/openbsd-compat/bsd-misc.c
+++ b/crypto/openssh/openbsd-compat/bsd-misc.c
@@ -1,31 +1,23 @@
 /*
- * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
+ * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #include "includes.h"
 #include "xmalloc.h"
 
-RCSID("$Id: bsd-misc.c,v 1.19 2003/08/25 01:16:21 mouring Exp $");
+RCSID("$Id: bsd-misc.c,v 1.21 2004/02/17 05:49:55 djm Exp $");
 
 /*
  * NB. duplicate __progname in case it is an alias for argv[0]
@@ -164,7 +156,6 @@ int nanosleep(const struct timespec *req, struct timespec *rem)
 
 	return(rc);
 }
-
 #endif
 
 #ifndef HAVE_TCGETPGRP
@@ -223,6 +214,7 @@ mysignal(int sig, mysig_t act)
 	}
 	return (osa.sa_handler);
 #else
+	#undef signal
 	return (signal(sig, act));
 #endif
 }
diff --git a/crypto/openssh/openbsd-compat/bsd-misc.h b/crypto/openssh/openbsd-compat/bsd-misc.h
index 6b70473..c807394 100644
--- a/crypto/openssh/openbsd-compat/bsd-misc.h
+++ b/crypto/openssh/openbsd-compat/bsd-misc.h
@@ -1,27 +1,19 @@
-/* $Id: bsd-misc.h,v 1.13 2003/08/29 16:59:52 mouring Exp $ */
+/* $Id: bsd-misc.h,v 1.14 2004/02/17 05:49:55 djm Exp $ */
 
 /*
- * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
+ * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
  *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
  *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
 #ifndef _BSD_MISC_H
diff --git a/crypto/openssh/openbsd-compat/bsd-openpty.c b/crypto/openssh/openbsd-compat/bsd-openpty.c
new file mode 100644
index 0000000..daf5f8b
--- /dev/null
+++ b/crypto/openssh/openbsd-compat/bsd-openpty.c
@@ -0,0 +1,203 @@
+/*
+ * Please note: this implementation of openpty() is far from complete.
+ * it is just enough for portable OpenSSH's needs.
+ */
+
+/*
+ * Copyright (c) 2004 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+ *                    All rights reserved
+ * Allocating a pseudo-terminal, and making it the controlling tty.
+ *
+ * As far as I am concerned, the code I have written for this software
+ * can be used freely for any purpose.  Any derived versions of this
+ * software must be clearly marked as such, and if the derived work is
+ * incompatible with the protocol description in the RFC file, it must be
+ * called by a name other than "ssh" or "Secure Shell".
+ */
+
+#include "includes.h"
+#if !defined(HAVE_OPENPTY)
+
+#ifdef HAVE_UTIL_H
+# include <util.h>
+#endif /* HAVE_UTIL_H */
+
+#ifdef HAVE_PTY_H
+# include <pty.h>
+#endif
+#if defined(HAVE_DEV_PTMX) && defined(HAVE_SYS_STROPTS_H)
+# include <sys/stropts.h>
+#endif
+
+#ifndef O_NOCTTY
+#define O_NOCTTY 0
+#endif
+
+int
+openpty(int *amaster, int *aslave, char *name, struct termios *termp,
+   struct winsize *winp)
+{
+#if defined(HAVE__GETPTY)
+	/*
+	 * _getpty(3) exists in SGI Irix 4.x, 5.x & 6.x -- it generates more
+	 * pty's automagically when needed
+	 */
+	char *slave;
+
+	if ((slave = _getpty(amaster, O_RDWR, 0622, 0)) == NULL)
+		return (-1);
+
+	/* Open the slave side. */
+	if ((*aslave = open(slave, O_RDWR | O_NOCTTY)) == -1) {
+		close(*amaster);
+		return (-1);
+	}
+	return (0);
+
+#elif defined(HAVE_DEV_PTMX)
+	/*
+	 * This code is used e.g. on Solaris 2.x.  (Note that Solaris 2.3
+	 * also has bsd-style ptys, but they simply do not work.)
+	 */
+	int ptm;
+	char *pts;
+	mysig_t old_signal;
+
+	if ((ptm = open("/dev/ptmx", O_RDWR | O_NOCTTY)) == -1)
+		return (-1);
+
+	/* XXX: need to close ptm on error? */
+	old_signal = signal(SIGCHLD, SIG_DFL);
+	if (grantpt(ptm) < 0)
+		return (-1);
+	signal(SIGCHLD, old_signal);
+
+	if (unlockpt(ptm) < 0)
+		return (-1);
+
+	if ((pts = ptsname(ptm)) == NULL)
+		return (-1);
+	*amaster = ptm;
+
+	/* Open the slave side. */
+	if ((*aslave = open(pts, O_RDWR | O_NOCTTY)) == -1) {
+		close(*amaster);
+		return (-1);
+	}
+
+#ifndef HAVE_CYGWIN
+	/*
+	 * Try to push the appropriate streams modules, as described 
+	 * in Solaris pts(7).
+	 */
+	ioctl(*aslave, I_PUSH, "ptem");
+	ioctl(*aslave, I_PUSH, "ldterm");
+# ifndef __hpux
+	ioctl(*aslave, I_PUSH, "ttcompat");
+# endif /* __hpux */
+#endif /* HAVE_CYGWIN */
+
+	return (0);
+
+#elif defined(HAVE_DEV_PTS_AND_PTC)
+	/* AIX-style pty code. */
+	const char *ttname;
+
+	if ((*amaster = open("/dev/ptc", O_RDWR | O_NOCTTY)) == -1)
+		return (-1);
+	if ((ttname = ttyname(*amaster)) == NULL)
+		return (-1);
+	if ((*aslave = open(ttname, O_RDWR | O_NOCTTY)) == -1) {
+		close(*amaster);
+		return (-1);
+	}
+	return (0);
+
+#elif defined(_UNICOS)
+	char ptbuf[64], ttbuf[64];
+	int i;
+	int highpty;
+
+	highpty = 128;
+#ifdef _SC_CRAY_NPTY
+	if ((highpty = sysconf(_SC_CRAY_NPTY)) == -1)
+		highpty = 128;
+#endif /* _SC_CRAY_NPTY */
+
+	for (i = 0; i < highpty; i++) {
+		snprintf(ptbuf, sizeof(ptbuf), "/dev/pty/%03d", i);
+		snprintf(ttbuf, sizeof(ttbuf), "/dev/ttyp%03d", i);
+		if ((*amaster = open(ptbuf, O_RDWR|O_NOCTTY)) == -1)
+			continue;
+		/* Open the slave side. */
+		if ((*aslave = open(ttbuf, O_RDWR|O_NOCTTY)) == -1) {
+			close(*amaster);
+			return (-1);
+		}
+		return (0);
+	}
+	return (-1);
+
+#else
+	/* BSD-style pty code. */
+	char ptbuf[64], ttbuf[64];
+	int i;
+	const char *ptymajors = "pqrstuvwxyzabcdefghijklmno"
+	    "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+	const char *ptyminors = "0123456789abcdef";
+	int num_minors = strlen(ptyminors);
+	int num_ptys = strlen(ptymajors) * num_minors;
+	struct termios tio;
+
+	for (i = 0; i < num_ptys; i++) {
+		snprintf(ptbuf, sizeof(ptbuf), "/dev/pty%c%c", 
+		    ptymajors[i / num_minors], ptyminors[i % num_minors]);
+		snprintf(ttbuf, sizeof(ttbuf), "/dev/tty%c%c",
+		    ptymajors[i / num_minors], ptyminors[i % num_minors]);
+
+		if ((*amaster = open(ptbuf, O_RDWR | O_NOCTTY)) == -1) {
+			/* Try SCO style naming */
+			snprintf(ptbuf, sizeof(ptbuf), "/dev/ptyp%d", i);
+			snprintf(ttbuf, sizeof(ttbuf), "/dev/ttyp%d", i);
+			if ((*amaster = open(ptbuf, O_RDWR | O_NOCTTY)) == -1)
+				continue;
+		}
+
+		/* Open the slave side. */
+		if ((*aslave = open(ttbuf, O_RDWR | O_NOCTTY)) == -1) {
+			close(*amaster);
+			return (-1);
+		}
+		/* set tty modes to a sane state for broken clients */
+		if (tcgetattr(*amaster, &tio) != -1) {
+			tio.c_lflag |= (ECHO | ISIG | ICANON);
+			tio.c_oflag |= (OPOST | ONLCR);
+			tio.c_iflag |= ICRNL;
+			tcsetattr(*amaster, TCSANOW, &tio);
+		}
+
+		return (0);
+	}
+	return (-1);
+#endif
+}
+
+#endif /* !defined(HAVE_OPENPTY) */
+
diff --git a/crypto/openssh/openbsd-compat/daemon.c b/crypto/openssh/openbsd-compat/daemon.c
index 6dd45f6..c0be5ff 100644
--- a/crypto/openssh/openbsd-compat/daemon.c
+++ b/crypto/openssh/openbsd-compat/daemon.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/daemon.c */
+
 /*-
  * Copyright (c) 1990, 1993
  *	The Regents of the University of California.  All rights reserved.
diff --git a/crypto/openssh/openbsd-compat/dirname.c b/crypto/openssh/openbsd-compat/dirname.c
index 1ab7516..25ab34d 100644
--- a/crypto/openssh/openbsd-compat/dirname.c
+++ b/crypto/openssh/openbsd-compat/dirname.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/dirname.c */
+
 /*      $OpenBSD: dirname.c,v 1.10 2003/06/17 21:56:23 millert Exp $    */
 
 /*
diff --git a/crypto/openssh/openbsd-compat/fake-rfc2553.c b/crypto/openssh/openbsd-compat/fake-rfc2553.c
index b0cc69b..0186b53 100644
--- a/crypto/openssh/openbsd-compat/fake-rfc2553.c
+++ b/crypto/openssh/openbsd-compat/fake-rfc2553.c
@@ -37,7 +37,7 @@
 
 #include "includes.h"
 
-RCSID("$Id: fake-rfc2553.c,v 1.4.2.1 2003/09/22 02:09:18 dtucker Exp $");
+RCSID("$Id: fake-rfc2553.c,v 1.5 2003/09/22 02:08:23 dtucker Exp $");
 
 #ifndef HAVE_GETNAMEINFO
 int getnameinfo(const struct sockaddr *sa, size_t salen, char *host, 
diff --git a/crypto/openssh/openbsd-compat/fake-rfc2553.h b/crypto/openssh/openbsd-compat/fake-rfc2553.h
index 2d54392..eb88605 100644
--- a/crypto/openssh/openbsd-compat/fake-rfc2553.h
+++ b/crypto/openssh/openbsd-compat/fake-rfc2553.h
@@ -1,4 +1,4 @@
-/* $Id: fake-rfc2553.h,v 1.6.2.1 2003/09/22 02:09:18 dtucker Exp $ */
+/* $Id: fake-rfc2553.h,v 1.8 2004/02/10 02:05:41 dtucker Exp $ */
 
 /*
  * Copyright (C) 2000-2003 Damien Miller.  All rights reserved.
@@ -133,19 +133,23 @@ struct addrinfo {
 #endif /* !HAVE_STRUCT_ADDRINFO */
 
 #ifndef HAVE_GETADDRINFO
+#define getaddrinfo(a,b,c,d)	(ssh_getaddrinfo(a,b,c,d))
 int getaddrinfo(const char *, const char *, 
     const struct addrinfo *, struct addrinfo **);
 #endif /* !HAVE_GETADDRINFO */
 
 #if !defined(HAVE_GAI_STRERROR) && !defined(HAVE_CONST_GAI_STRERROR_PROTO)
+#define gai_strerror(a)		(ssh_gai_strerror(a))
 char *gai_strerror(int);
 #endif /* !HAVE_GAI_STRERROR */
 
 #ifndef HAVE_FREEADDRINFO
+#define freeaddrinfo(a)		(ssh_freeaddrinfo(a))
 void freeaddrinfo(struct addrinfo *);
 #endif /* !HAVE_FREEADDRINFO */
 
 #ifndef HAVE_GETNAMEINFO
+#define getnameinfo(a,b,c,d,e,f,g) (ssh_getnameinfo(a,b,c,d,e,f,g))
 int getnameinfo(const struct sockaddr *, size_t, char *, size_t, 
     char *, size_t, int);
 #endif /* !HAVE_GETNAMEINFO */
diff --git a/crypto/openssh/openbsd-compat/getcwd.c b/crypto/openssh/openbsd-compat/getcwd.c
index 31d1cfe..19be591 100644
--- a/crypto/openssh/openbsd-compat/getcwd.c
+++ b/crypto/openssh/openbsd-compat/getcwd.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/getcwd.c */
+
 /*
  * Copyright (c) 1989, 1991, 1993
  *	The Regents of the University of California.  All rights reserved.
diff --git a/crypto/openssh/openbsd-compat/getgrouplist.c b/crypto/openssh/openbsd-compat/getgrouplist.c
index 085cda8..59c164f 100644
--- a/crypto/openssh/openbsd-compat/getgrouplist.c
+++ b/crypto/openssh/openbsd-compat/getgrouplist.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/getgrouplist.c */
+
 /*
  * Copyright (c) 1991, 1993
  *	The Regents of the University of California.  All rights reserved.
diff --git a/crypto/openssh/openbsd-compat/getopt.c b/crypto/openssh/openbsd-compat/getopt.c
index 2136fbf..f5ee677 100644
--- a/crypto/openssh/openbsd-compat/getopt.c
+++ b/crypto/openssh/openbsd-compat/getopt.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/stdlib/getopt.c */
+
 /*
  * Copyright (c) 1987, 1993, 1994
  *	The Regents of the University of California.  All rights reserved.
diff --git a/crypto/openssh/openbsd-compat/getrrsetbyname.c b/crypto/openssh/openbsd-compat/getrrsetbyname.c
index 44fa275..66d1814 100644
--- a/crypto/openssh/openbsd-compat/getrrsetbyname.c
+++ b/crypto/openssh/openbsd-compat/getrrsetbyname.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/net/getrrsetbyname.c */
+
 /* $OpenBSD: getrrsetbyname.c,v 1.7 2003/03/07 07:34:14 itojun Exp $ */
 
 /*
@@ -45,12 +47,10 @@
 
 #include "includes.h"
 
-#if defined(DNS) && !defined(HAVE_GETRRSETBYNAME)
+#ifndef HAVE_GETRRSETBYNAME
 
 #include "getrrsetbyname.h"
 
-/* #include "thread_private.h" */
-
 #define ANSWER_BUFFER_SIZE 1024*64
 
 struct dns_query {
@@ -159,7 +159,6 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
     unsigned int rdtype, unsigned int flags,
     struct rrsetinfo **res)
 {
-	struct __res_state *_resp = &_res;
 	int result;
 	struct rrsetinfo *rrset = NULL;
 	struct dns_response *response;
@@ -188,19 +187,19 @@ getrrsetbyname(const char *hostname, unsigned int rdclass,
 	}
 
 	/* initialize resolver */
-	if ((_resp->options & RES_INIT) == 0 && res_init() == -1) {
+	if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
 		result = ERRSET_FAIL;
 		goto fail;
 	}
 
 #ifdef DEBUG
-	_resp->options |= RES_DEBUG;
+	_res.options |= RES_DEBUG;
 #endif /* DEBUG */
 
 #ifdef RES_USE_DNSSEC
 	/* turn on DNSSEC if EDNS0 is configured */
-	if (_resp->options & RES_USE_EDNS0)
-		_resp->options |= RES_USE_DNSSEC;
+	if (_res.options & RES_USE_EDNS0)
+		_res.options |= RES_USE_DNSSEC;
 #endif /* RES_USE_DNSEC */
 
 	/* make query */
@@ -575,4 +574,4 @@ count_dns_rr(struct dns_rr *p, u_int16_t class, u_int16_t type)
 	return (n);
 }
 
-#endif /* defined(DNS) && !defined(HAVE_GETRRSETBYNAME) */
+#endif /* !defined(HAVE_GETRRSETBYNAME) */
diff --git a/crypto/openssh/openbsd-compat/getrrsetbyname.h b/crypto/openssh/openbsd-compat/getrrsetbyname.h
index 6466a54..39995b6 100644
--- a/crypto/openssh/openbsd-compat/getrrsetbyname.h
+++ b/crypto/openssh/openbsd-compat/getrrsetbyname.h
@@ -1,3 +1,5 @@
+/* OPENBSD BASED ON : include/netdb.h */
+
 /* $OpenBSD: getrrsetbyname.c,v 1.4 2001/08/16 18:16:43 ho Exp $ */
 
 /*
@@ -48,7 +50,7 @@
 
 #include "includes.h"
 
-#if defined(DNS) && !defined(HAVE_GETRRSETBYNAME)
+#ifndef HAVE_GETRRSETBYNAME
 
 #include <sys/types.h>
 #include <netinet/in.h>
@@ -56,6 +58,14 @@
 #include <netdb.h>
 #include <resolv.h>
 
+#ifndef HFIXEDSZ
+#define HFIXEDSZ 12
+#endif
+
+#ifndef T_SIG
+#define T_SIG 24
+#endif
+
 /*
  * Flags for getrrsetbyname()
  */
@@ -95,6 +105,6 @@ struct rrsetinfo {
 int		getrrsetbyname(const char *, unsigned int, unsigned int, unsigned int, struct rrsetinfo **);
 void		freerrset(struct rrsetinfo *);
 
-#endif /* defined(DNS) && !defined(HAVE_GETRRSETBYNAME) */
+#endif /* !defined(HAVE_GETRRSETBYNAME) */
 
 #endif /* _GETRRSETBYNAME_H */
diff --git a/crypto/openssh/openbsd-compat/glob.c b/crypto/openssh/openbsd-compat/glob.c
index 50f35c3..7fafc8c 100644
--- a/crypto/openssh/openbsd-compat/glob.c
+++ b/crypto/openssh/openbsd-compat/glob.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/glob.c */
+
 /*
  * Copyright (c) 1989, 1993
  *	The Regents of the University of California.  All rights reserved.
diff --git a/crypto/openssh/openbsd-compat/glob.h b/crypto/openssh/openbsd-compat/glob.h
index aceddbc..3428b20 100644
--- a/crypto/openssh/openbsd-compat/glob.h
+++ b/crypto/openssh/openbsd-compat/glob.h
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: include/glob.h */
+
 /*	$OpenBSD: glob.h,v 1.8 2003/06/02 19:34:12 millert Exp $	*/
 /*	$NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $	*/
 
diff --git a/crypto/openssh/openbsd-compat/inet_aton.c b/crypto/openssh/openbsd-compat/inet_aton.c
index 5de4986..c141bcc 100644
--- a/crypto/openssh/openbsd-compat/inet_aton.c
+++ b/crypto/openssh/openbsd-compat/inet_aton.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/net/inet_addr.c */
+
 /*	$OpenBSD: inet_addr.c,v 1.7 2003/06/02 20:18:35 millert Exp $	*/
 
 /*
diff --git a/crypto/openssh/openbsd-compat/inet_ntoa.c b/crypto/openssh/openbsd-compat/inet_ntoa.c
index f9fdc9e..dc010dc 100644
--- a/crypto/openssh/openbsd-compat/inet_ntoa.c
+++ b/crypto/openssh/openbsd-compat/inet_ntoa.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/net/inet_ntoa.c */
+
 /*
  * Copyright (c) 1983, 1993
  *	The Regents of the University of California.  All rights reserved.
diff --git a/crypto/openssh/openbsd-compat/inet_ntop.c b/crypto/openssh/openbsd-compat/inet_ntop.c
index 075eac4..7031625 100644
--- a/crypto/openssh/openbsd-compat/inet_ntop.c
+++ b/crypto/openssh/openbsd-compat/inet_ntop.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/net/inet_ntop.c */
+
 /*	$OpenBSD: inet_ntop.c,v 1.5 2002/08/23 16:27:31 itojun Exp $	*/
 
 /* Copyright (c) 1996 by Internet Software Consortium.
diff --git a/crypto/openssh/openbsd-compat/mktemp.c b/crypto/openssh/openbsd-compat/mktemp.c
index 2cd7478..aff8d20 100644
--- a/crypto/openssh/openbsd-compat/mktemp.c
+++ b/crypto/openssh/openbsd-compat/mktemp.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/stdio/mktemp.c */
+
 /* THIS FILE HAS BEEN MODIFIED FROM THE ORIGINAL OPENBSD SOURCE */
 /* Changes: Removed mktemp */
 
diff --git a/crypto/openssh/openbsd-compat/openbsd-compat.h b/crypto/openssh/openbsd-compat/openbsd-compat.h
index 852948c..6be1bcd 100644
--- a/crypto/openssh/openbsd-compat/openbsd-compat.h
+++ b/crypto/openssh/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.24 2003/08/29 16:59:52 mouring Exp $ */
+/* $Id: openbsd-compat.h,v 1.25 2004/01/21 06:07:23 djm Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -138,8 +138,9 @@ unsigned int arc4random(void);
 void arc4random_stir(void);
 #endif /* !HAVE_ARC4RANDOM */
 
-
-
+#ifndef HAVE_OPENPTY
+int openpty(int *, int *, char *, struct termios *, struct winsize *);
+#endif /* HAVE_OPENPTY */
 
 /* #include <sys/types.h> XXX needed? For size_t */
 
diff --git a/crypto/openssh/openbsd-compat/port-aix.c b/crypto/openssh/openbsd-compat/port-aix.c
index 9fbcce9..2895f0d 100644
--- a/crypto/openssh/openbsd-compat/port-aix.c
+++ b/crypto/openssh/openbsd-compat/port-aix.c
@@ -24,11 +24,13 @@
  *
  */
 #include "includes.h"
+#include "auth.h"
 #include "ssh.h"
 #include "log.h"
 #include "servconf.h"
 #include "canohost.h"
 #include "xmalloc.h"
+#include "buffer.h"
 
 #ifdef _AIX
 
@@ -36,6 +38,11 @@
 #include "port-aix.h"
 
 extern ServerOptions options;
+extern Buffer loginmsg;
+
+# ifdef HAVE_SETAUTHDB
+static char old_registry[REGISTRY_SIZE] = "";
+# endif
 
 /*
  * AIX has a "usrinfo" area where logname and other stuff is stored - 
@@ -63,7 +70,7 @@ aix_usrinfo(struct passwd *pw)
 	xfree(cp);
 }
 
-#ifdef WITH_AIXAUTHENTICATE
+# ifdef WITH_AIXAUTHENTICATE
 /*
  * Remove embedded newlines in string (if any).
  * Used before logging messages returned by AIX authentication functions
@@ -83,41 +90,113 @@ aix_remove_embedded_newlines(char *p)
 	if (*--p == ' ')
 		*p = '\0';
 }
-#endif /* WITH_AIXAUTHENTICATE */
+
+/*
+ * Do authentication via AIX's authenticate routine.  We loop until the
+ * reenter parameter is 0, but normally authenticate is called only once.
+ *
+ * Note: this function returns 1 on success, whereas AIX's authenticate()
+ * returns 0.
+ */
+int
+sys_auth_passwd(Authctxt *ctxt, const char *password)
+{
+	char *authmsg = NULL, *host, *msg, *name = ctxt->pw->pw_name;
+	int authsuccess = 0, expired, reenter, result;
+
+	do {
+		result = authenticate((char *)name, (char *)password, &reenter,
+		    &authmsg);
+		aix_remove_embedded_newlines(authmsg);	
+		debug3("AIX/authenticate result %d, msg %.100s", result,
+		    authmsg);
+	} while (reenter);
+
+	if (result == 0) {
+		authsuccess = 1;
+
+		host = (char *)get_canonical_hostname(options.use_dns);
+
+	       	/*
+		 * Record successful login.  We don't have a pty yet, so just
+		 * label the line as "ssh"
+		 */
+		aix_setauthdb(name);
+	       	if (loginsuccess((char *)name, (char *)host, "ssh", &msg) == 0) {
+			if (msg != NULL) {
+				debug("%s: msg %s", __func__, msg);
+				buffer_append(&loginmsg, msg, strlen(msg));
+				xfree(msg);
+			}
+		}
+
+		/*
+		 * Check if the user's password is expired.
+		 */
+                expired = passwdexpired(name, &msg);
+                if (msg && *msg) {
+                        buffer_append(&loginmsg, msg, strlen(msg));
+                        aix_remove_embedded_newlines(msg);
+                }
+                debug3("AIX/passwdexpired returned %d msg %.100s", expired, msg);
+
+		switch (expired) {
+		case 0: /* password not expired */
+			break;
+		case 1: /* expired, password change required */
+			ctxt->force_pwchange = 1;
+			disable_forwarding();
+			break;
+		default: /* user can't change(2) or other error (-1) */
+			logit("Password can't be changed for user %s: %.100s",
+			    name, msg);
+			if (msg)
+				xfree(msg);
+			authsuccess = 0;
+		}
+
+		aix_restoreauthdb();
+	}
+
+	if (authmsg != NULL)
+		xfree(authmsg);
+
+	return authsuccess;
+}
   
-# ifdef CUSTOM_FAILED_LOGIN
+#  ifdef CUSTOM_FAILED_LOGIN
 /*
  * record_failed_login: generic "login failed" interface function
  */
 void
 record_failed_login(const char *user, const char *ttyname)
 {
-	char *hostname = get_canonical_hostname(options.use_dns);
+	char *hostname = (char *)get_canonical_hostname(options.use_dns);
 
 	if (geteuid() != 0)
 		return;
 
 	aix_setauthdb(user);
-#  ifdef AIX_LOGINFAILED_4ARG
+#   ifdef AIX_LOGINFAILED_4ARG
 	loginfailed((char *)user, hostname, (char *)ttyname, AUDIT_FAIL_AUTH);
-#  else
+#   else
 	loginfailed((char *)user, hostname, (char *)ttyname);
-#  endif
+#   endif
+	aix_restoreauthdb();
 }
+#  endif /* CUSTOM_FAILED_LOGIN */
 
 /*
  * If we have setauthdb, retrieve the password registry for the user's
- * account then feed it to setauthdb.  This may load registry-specific method
- * code.  If we don't have setauthdb or have already called it this is a no-op.
+ * account then feed it to setauthdb.  This will mean that subsequent AIX auth
+ * functions will only use the specified loadable module.  If we don't have
+ * setauthdb this is a no-op.
  */
 void
 aix_setauthdb(const char *user)
 {
 #  ifdef HAVE_SETAUTHDB
-	static char *registry = NULL;
-
-	if (registry != NULL)	/* have already done setauthdb */
-		return;
+	char *registry;
 
 	if (setuserdb(S_READ) == -1) {
 		debug3("%s: Could not open userdb to read", __func__);
@@ -125,18 +204,37 @@ aix_setauthdb(const char *user)
 	}
 	
 	if (getuserattr((char *)user, S_REGISTRY, &registry, SEC_CHAR) == 0) {
-		if (setauthdb(registry, NULL) == 0)
-			debug3("%s: AIX/setauthdb set registry %s", __func__,
-			    registry);
+		if (setauthdb(registry, old_registry) == 0)
+			debug3("AIX/setauthdb set registry '%s'", registry);
 		else 
-			debug3("%s: AIX/setauthdb set registry %s failed: %s",
-			    __func__, registry, strerror(errno));
+			debug3("AIX/setauthdb set registry '%s' failed: %s",
+			    registry, strerror(errno));
 	} else
 		debug3("%s: Could not read S_REGISTRY for user: %s", __func__,
 		    strerror(errno));
 	enduserdb();
-#  endif
+#  endif /* HAVE_SETAUTHDB */
 }
-# endif /* CUSTOM_FAILED_LOGIN */
-#endif /* _AIX */
 
+/*
+ * Restore the user's registry settings from old_registry.
+ * Note that if the first aix_setauthdb fails, setauthdb("") is still safe
+ * (it restores the system default behaviour).  If we don't have setauthdb,
+ * this is a no-op.
+ */
+void
+aix_restoreauthdb(void)
+{
+#  ifdef HAVE_SETAUTHDB
+	if (setauthdb(old_registry, NULL) == 0)
+		debug3("%s: restoring old registry '%s'", __func__,
+		    old_registry);
+	else
+		debug3("%s: failed to restore old registry %s", __func__,
+		    old_registry);
+#  endif /* HAVE_SETAUTHDB */
+}
+
+# endif /* WITH_AIXAUTHENTICATE */
+
+#endif /* _AIX */
diff --git a/crypto/openssh/openbsd-compat/port-aix.h b/crypto/openssh/openbsd-compat/port-aix.h
index 94c8c51..3118af9 100644
--- a/crypto/openssh/openbsd-compat/port-aix.h
+++ b/crypto/openssh/openbsd-compat/port-aix.h
@@ -1,4 +1,4 @@
-/* $Id: port-aix.h,v 1.14.2.1 2003/09/19 10:46:22 dtucker Exp $ */
+/* $Id: port-aix.h,v 1.19 2004/02/10 04:27:35 dtucker Exp $ */
 
 /*
  *
@@ -51,12 +51,23 @@
 # include <sys/timers.h>
 #endif
 
+/*
+ * According to the setauthdb man page, AIX password registries must be 15
+ * chars or less plus terminating NUL.
+ */
+#ifdef HAVE_SETAUTHDB
+# define REGISTRY_SIZE	16
+#endif
+
+void aix_usrinfo(struct passwd *);
+
 #ifdef WITH_AIXAUTHENTICATE
+# define CUSTOM_SYS_AUTH_PASSWD 1
 # define CUSTOM_FAILED_LOGIN 1
 void record_failed_login(const char *, const char *);
-void aix_setauthdb(const char *);
 #endif
 
-void aix_usrinfo(struct passwd *);
+void aix_setauthdb(const char *);
+void aix_restoreauthdb(void);
 void aix_remove_embedded_newlines(char *);
 #endif /* _AIX */
diff --git a/crypto/openssh/openbsd-compat/readpassphrase.c b/crypto/openssh/openbsd-compat/readpassphrase.c
index 0d0baf5..4ee1be5 100644
--- a/crypto/openssh/openbsd-compat/readpassphrase.c
+++ b/crypto/openssh/openbsd-compat/readpassphrase.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */
+
 /*	$OpenBSD: readpassphrase.c,v 1.16 2003/06/17 21:56:23 millert Exp $	*/
 
 /*
diff --git a/crypto/openssh/openbsd-compat/readpassphrase.h b/crypto/openssh/openbsd-compat/readpassphrase.h
index 92908a4..178edf3 100644
--- a/crypto/openssh/openbsd-compat/readpassphrase.h
+++ b/crypto/openssh/openbsd-compat/readpassphrase.h
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: include/readpassphrase.h */
+
 /*	$OpenBSD: readpassphrase.h,v 1.3 2002/06/28 12:32:22 millert Exp $	*/
 
 /*
diff --git a/crypto/openssh/openbsd-compat/realpath.c b/crypto/openssh/openbsd-compat/realpath.c
index 77da14e..218fbec 100644
--- a/crypto/openssh/openbsd-compat/realpath.c
+++ b/crypto/openssh/openbsd-compat/realpath.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/stdlib/realpath.c */
+
 /*
  * Copyright (c) 1994
  *	The Regents of the University of California.  All rights reserved.
@@ -150,7 +152,7 @@ loop:
 			serrno = ENAMETOOLONG;
 			goto err1;
 		}
-		if (needslash == 0)
+		if (needslash)
 			strlcat(resolved, "/", MAXPATHLEN);
 		strlcat(resolved, wbuf, MAXPATHLEN);
 	}
diff --git a/crypto/openssh/openbsd-compat/rresvport.c b/crypto/openssh/openbsd-compat/rresvport.c
index 608a3b1..7516706 100644
--- a/crypto/openssh/openbsd-compat/rresvport.c
+++ b/crypto/openssh/openbsd-compat/rresvport.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/net/rresvport.c */
+
 /*
  * Copyright (c) 1995, 1996, 1998 Theo de Raadt.  All rights reserved.
  * Copyright (c) 1983, 1993, 1994
diff --git a/crypto/openssh/openbsd-compat/setenv.c b/crypto/openssh/openbsd-compat/setenv.c
index c9941c1..b7ba0ce 100644
--- a/crypto/openssh/openbsd-compat/setenv.c
+++ b/crypto/openssh/openbsd-compat/setenv.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/stdlib/setenv.c */
+
 /*
  * Copyright (c) 1987 Regents of the University of California.
  * All rights reserved.
diff --git a/crypto/openssh/openbsd-compat/setproctitle.c b/crypto/openssh/openbsd-compat/setproctitle.c
index b41100f..6e2b19b 100644
--- a/crypto/openssh/openbsd-compat/setproctitle.c
+++ b/crypto/openssh/openbsd-compat/setproctitle.c
@@ -41,8 +41,8 @@
 #endif
 
 #define SPT_NONE	0	/* don't use it at all */
-#define SPT_PSTAT	1	/* cover argv with title information */
-#define SPT_REUSEARGV	2	/* use pstat(PSTAT_SETCMD, ...) */
+#define SPT_PSTAT	1	/* use pstat(PSTAT_SETCMD, ...) */
+#define SPT_REUSEARGV	2	/* cover argv with title information */
 
 #ifndef SPT_TYPE
 # define SPT_TYPE	SPT_NONE
diff --git a/crypto/openssh/openbsd-compat/sigact.c b/crypto/openssh/openbsd-compat/sigact.c
index 35fbab0..2772ac5 100644
--- a/crypto/openssh/openbsd-compat/sigact.c
+++ b/crypto/openssh/openbsd-compat/sigact.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libcurses/base/sigaction.c */
+
 /*	$OpenBSD: sigaction.c,v 1.3 1999/06/27 08:14:21 millert Exp $	*/
 
 /****************************************************************************
diff --git a/crypto/openssh/openbsd-compat/strlcat.c b/crypto/openssh/openbsd-compat/strlcat.c
index cae1665..70f01cb 100644
--- a/crypto/openssh/openbsd-compat/strlcat.c
+++ b/crypto/openssh/openbsd-compat/strlcat.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/string/strlcat.c */
+
 /*	$OpenBSD: strlcat.c,v 1.11 2003/06/17 21:56:24 millert Exp $	*/
 
 /*
diff --git a/crypto/openssh/openbsd-compat/strlcpy.c b/crypto/openssh/openbsd-compat/strlcpy.c
index c8fe299..ccfa12a 100644
--- a/crypto/openssh/openbsd-compat/strlcpy.c
+++ b/crypto/openssh/openbsd-compat/strlcpy.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */
+
 /*	$OpenBSD: strlcpy.c,v 1.8 2003/06/17 21:56:24 millert Exp $	*/
 
 /*
diff --git a/crypto/openssh/openbsd-compat/strmode.c b/crypto/openssh/openbsd-compat/strmode.c
index adf5e27..ea8d515e 100644
--- a/crypto/openssh/openbsd-compat/strmode.c
+++ b/crypto/openssh/openbsd-compat/strmode.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/string/strmode.c */
+
 /*-
  * Copyright (c) 1990 The Regents of the University of California.
  * All rights reserved.
diff --git a/crypto/openssh/openbsd-compat/strsep.c b/crypto/openssh/openbsd-compat/strsep.c
index b136713..330d84c 100644
--- a/crypto/openssh/openbsd-compat/strsep.c
+++ b/crypto/openssh/openbsd-compat/strsep.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/string/strsep.c */
+
 /*	$OpenBSD: strsep.c,v 1.5 2003/06/11 21:08:16 deraadt Exp $	*/
 
 /*-
diff --git a/crypto/openssh/openbsd-compat/strtoul.c b/crypto/openssh/openbsd-compat/strtoul.c
new file mode 100644
index 0000000..24d0e25
--- /dev/null
+++ b/crypto/openssh/openbsd-compat/strtoul.c
@@ -0,0 +1,114 @@
+/* OPENBSD ORIGINAL: lib/libc/stdlib/strtoul.c */
+
+/*
+ * Copyright (c) 1990 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "includes.h"
+#ifndef HAVE_STRTOUL
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static char *rcsid = "$OpenBSD: strtoul.c,v 1.5 2003/06/02 20:18:38 millert Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdlib.h>
+
+/*
+ * Convert a string to an unsigned long integer.
+ *
+ * Ignores `locale' stuff.  Assumes that the upper and lower case
+ * alphabets and digits are each contiguous.
+ */
+unsigned long
+strtoul(nptr, endptr, base)
+	const char *nptr;
+	char **endptr;
+	register int base;
+{
+	register const char *s;
+	register unsigned long acc, cutoff;
+	register int c;
+	register int neg, any, cutlim;
+
+	/*
+	 * See strtol for comments as to the logic used.
+	 */
+	s = nptr;
+	do {
+		c = (unsigned char) *s++;
+	} while (isspace(c));
+	if (c == '-') {
+		neg = 1;
+		c = *s++;
+	} else {
+		neg = 0;
+		if (c == '+')
+			c = *s++;
+	}
+	if ((base == 0 || base == 16) &&
+	    c == '0' && (*s == 'x' || *s == 'X')) {
+		c = s[1];
+		s += 2;
+		base = 16;
+	}
+	if (base == 0)
+		base = c == '0' ? 8 : 10;
+
+	cutoff = ULONG_MAX / (unsigned long)base;
+	cutlim = ULONG_MAX % (unsigned long)base;
+	for (acc = 0, any = 0;; c = (unsigned char) *s++) {
+		if (isdigit(c))
+			c -= '0';
+		else if (isalpha(c))
+			c -= isupper(c) ? 'A' - 10 : 'a' - 10;
+		else
+			break;
+		if (c >= base)
+			break;
+		if (any < 0)
+			continue;
+		if (acc > cutoff || acc == cutoff && c > cutlim) {
+			any = -1;
+			acc = ULONG_MAX;
+			errno = ERANGE;
+		} else {
+			any = 1;
+			acc *= (unsigned long)base;
+			acc += c;
+		}
+	}
+	if (neg && any > 0)
+		acc = -acc;
+	if (endptr != 0)
+		*endptr = (char *) (any ? s - 1 : nptr);
+	return (acc);
+}
+#endif /* !HAVE_STRTOUL */
diff --git a/crypto/openssh/openbsd-compat/sys-queue.h b/crypto/openssh/openbsd-compat/sys-queue.h
index dd5c475..8ff19e4 100644
--- a/crypto/openssh/openbsd-compat/sys-queue.h
+++ b/crypto/openssh/openbsd-compat/sys-queue.h
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: sys/sys/queue.h */
+
 /*	$OpenBSD: queue.h,v 1.23 2003/06/02 23:28:21 millert Exp $	*/
 /*	$NetBSD: queue.h,v 1.11 1996/05/16 05:17:14 mycroft Exp $	*/
 
diff --git a/crypto/openssh/openbsd-compat/sys-tree.h b/crypto/openssh/openbsd-compat/sys-tree.h
index 927ca04..73cfbe7 100644
--- a/crypto/openssh/openbsd-compat/sys-tree.h
+++ b/crypto/openssh/openbsd-compat/sys-tree.h
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: sys/sys/tree.h */
+
 /*	$OpenBSD: tree.h,v 1.7 2002/10/17 21:51:54 art Exp $	*/
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
diff --git a/crypto/openssh/openbsd-compat/vis.c b/crypto/openssh/openbsd-compat/vis.c
index e6a2ce9..1fb7a01 100644
--- a/crypto/openssh/openbsd-compat/vis.c
+++ b/crypto/openssh/openbsd-compat/vis.c
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: lib/libc/gen/vis.c */
+
 /*-
  * Copyright (c) 1989, 1993
  *	The Regents of the University of California.  All rights reserved.
diff --git a/crypto/openssh/openbsd-compat/vis.h b/crypto/openssh/openbsd-compat/vis.h
index 1c131cc..663355a 100644
--- a/crypto/openssh/openbsd-compat/vis.h
+++ b/crypto/openssh/openbsd-compat/vis.h
@@ -1,3 +1,5 @@
+/* OPENBSD ORIGINAL: include/vis.h */
+
 /*	$OpenBSD: vis.h,v 1.6 2003/06/02 19:34:12 millert Exp $	*/
 /*	$NetBSD: vis.h,v 1.4 1994/10/26 00:56:41 cgd Exp $	*/
 
diff --git a/crypto/openssh/openbsd-compat/xcrypt.c b/crypto/openssh/openbsd-compat/xcrypt.c
index 5b5d69c..a0fe6c6 100644
--- a/crypto/openssh/openbsd-compat/xcrypt.c
+++ b/crypto/openssh/openbsd-compat/xcrypt.c
@@ -104,10 +104,6 @@ shadow_pw(struct passwd *pw)
 
 	if (spw != NULL)
 		pw_password = spw->ufld.fd_encrypt;
-# elif defined(__hpux) && !defined(HAVE_SECUREWARE)
-	struct pr_passwd *spw;
-        if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
-                pw_password = spw->ufld.fd_encrypt;
 # endif
 
 	return pw_password;