- More reformatting merged from OpenBSD CVS

 - Merged OpenBSD CVS changes:
   - [channels.c]
     report from mrwizard@psu.edu via djm@ibs.com.au
   - [channels.c]
     set SO_REUSEADDR and SO_LINGER for forwarded ports.
     chip@valinux.com via damien@ibs.com.au
   - [nchan.c]
     it's not an error() if shutdown_write failes in nchan.
   - [readconf.c]
     remove dead #ifdef-0-code
   - [readconf.c servconf.c]
     strcasecmp instead of tolower
   - [scp.c]
     progress meter overflow fix from damien@ibs.com.au
   - [ssh-add.1 ssh-add.c]
     SSH_ASKPASS support
   - [ssh.1 ssh.c]
     postpone fork_after_authentication until command execution,
     request/patch from jahakala@cc.jyu.fi via damien@ibs.com.au
     plus: use daemon() for backgrounding

1 files changed, 47 insertions, 32 deletions

diff --git a/canohost.c b/canohost.c
index 3179ddc2..4209b6ab 100644
--- a/canohost.c
+++ b/canohost.c
@@ -14,14 +14,16 @@
  */
 
 #include "includes.h"
-RCSID("$Id: canohost.c,v 1.3 1999/11/24 13:26:22 damien Exp $");
+RCSID("$Id: canohost.c,v 1.4 1999/11/25 00:54:58 damien Exp $");
 
 #include "packet.h"
 #include "xmalloc.h"
 #include "ssh.h"
 
-/* Return the canonical name of the host at the other end of the socket.
-   The caller should free the returned string with xfree. */
+/*
+ * Return the canonical name of the host at the other end of the socket. The
+ * caller should free the returned string with xfree.
+ */
 
 char *
 get_remote_hostname(int socket)
@@ -52,19 +54,23 @@ get_remote_hostname(int socket)
 		else
 			strlcpy(name, hp->h_name, sizeof(name));
 
-		/* Convert it to all lowercase (which is expected by the
-		   rest of this software). */
+		/*
+		 * Convert it to all lowercase (which is expected by the rest
+		 * of this software).
+		 */
 		for (i = 0; name[i]; i++)
 			if (isupper(name[i]))
 				name[i] = tolower(name[i]);
 
-		/* Map it back to an IP address and check that the given
-		   address actually is an address of this host.  This is
-		   necessary because anyone with access to a name server
-		   can define arbitrary names for an IP address. Mapping
-		   from name to IP address can be trusted better (but can
-		   still be fooled if the intruder has access to the name
-		   server of the domain). */
+		/*
+		 * Map it back to an IP address and check that the given
+		 * address actually is an address of this host.  This is
+		 * necessary because anyone with access to a name server can
+		 * define arbitrary names for an IP address. Mapping from
+		 * name to IP address can be trusted better (but can still be
+		 * fooled if the intruder has access to the name server of
+		 * the domain).
+		 */
 		hp = gethostbyname(name);
 		if (!hp) {
 			log("reverse mapping checking gethostbyname for %.700s failed - POSSIBLE BREAKIN ATTEMPT!", name);
@@ -76,8 +82,10 @@ get_remote_hostname(int socket)
 			if (memcmp(hp->h_addr_list[i], &from.sin_addr, sizeof(from.sin_addr))
 			    == 0)
 				break;
-		/* If we reached the end of the list, the address was not
-		   there. */
+		/*
+		 * If we reached the end of the list, the address was not
+		 * there.
+		 */
 		if (!hp->h_addr_list[i]) {
 			/* Address not found for the host name. */
 			log("Address %.100s maps to %.600s, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!",
@@ -94,16 +102,17 @@ get_remote_hostname(int socket)
 
 check_ip_options:
 
-	/* If IP options are supported, make sure there are none (log and
-	   disconnect them if any are found).  Basically we are worried
-	   about source routing; it can be used to pretend you are
-	   somebody (ip-address) you are not. That itself may be "almost
-	   acceptable" under certain circumstances, but rhosts
-	   autentication is useless if source routing is accepted. Notice
-	   also that if we just dropped source routing here, the other
-	   side could use IP spoofing to do rest of the interaction and
-	   could still bypass security.  So we exit here if we detect any
-	   IP options. */
+	/*
+	 * If IP options are supported, make sure there are none (log and
+	 * disconnect them if any are found).  Basically we are worried about
+	 * source routing; it can be used to pretend you are somebody
+	 * (ip-address) you are not. That itself may be "almost acceptable"
+	 * under certain circumstances, but rhosts autentication is useless
+	 * if source routing is accepted. Notice also that if we just dropped
+	 * source routing here, the other side could use IP spoofing to do
+	 * rest of the interaction and could still bypass security.  So we
+	 * exit here if we detect any IP options.
+	 */
 	{
 		unsigned char options[200], *ucp;
 		char text[1024], *cp;
@@ -134,9 +143,11 @@ check_ip_options:
 static char *canonical_host_name = NULL;
 static char *canonical_host_ip = NULL;
 
-/* Return the canonical name of the host in the other side of the current
-   connection.  The host name is cached, so it is efficient to call this
-   several times. */
+/*
+ * Return the canonical name of the host in the other side of the current
+ * connection.  The host name is cached, so it is efficient to call this
+ * several times.
+ */
 
 const char *
 get_canonical_hostname()
@@ -154,8 +165,10 @@ get_canonical_hostname()
 	return canonical_host_name;
 }
 
-/* Returns the IP-address of the remote host as a string.  The returned
-   string need not be freed. */
+/*
+ * Returns the IP-address of the remote host as a string.  The returned
+ * string need not be freed.
+ */
 
 const char *
 get_remote_ipaddr()
@@ -163,7 +176,7 @@ get_remote_ipaddr()
 	struct sockaddr_in from;
 	int fromlen, socket;
 
-	/* Check if we have previously retrieved this same name. */
+	/* Check whether we have chached the name. */
 	if (canonical_host_ip != NULL)
 		return canonical_host_ip;
 
@@ -215,8 +228,10 @@ get_remote_port()
 {
 	int socket;
 
-	/* If the connection is not a socket, return 65535.  This is
-	   intentionally chosen to be an unprivileged port number. */
+	/*
+	 * If the connection is not a socket, return 65535.  This is
+	 * intentionally chosen to be an unprivileged port number.
+	 */
 	if (packet_get_connection_in() != packet_get_connection_out())
 		return 65535;