merge 2017.75

45b27b01 · Matt Johnston · 2a921c2c · 9f674382 · 45b27b01 · 45b27b01
Commit 45b27b01 authored 7 years ago by Matt Johnston
--- a/.hgsigs
+++ b/.hgsigs
@@ -20,5 +20,6 @@ af074dbcb68ff8670b3818e0d66d5dc6f1bd5877 0 iQIcBAABCgAGBQJWVdQfAAoJEPSYMBLCC7qs+
 5bb5976e6902a0c9fba974a880c68c9487ee1e77 0 iQIcBAABCgAGBQJWVyIKAAoJEESTFJTynGdzQosP/0k5bVTerpUKZLjyNuMU8o0eyc7njkX8EyMOyGbtcArKpzO2opSBTRsuCT9Zsk1iiQ1GMTY1quKD7aNr86Hipqo4th/+ZXmLe9mmaCDukKjD0ZYC4dBVUy6RSUAMvdkDP9sZs7CMTO/22a9SqOsKTv3s2NN6XnsBGnmNbvVx5hkAk5hMVNFrjKIaexzI/7bWQIDRo2HQCaWaL06JvWEDSEQd2mynGSXxT/+m4hBnuGg6qxn2pd4XfG0g10tDAFx64HQkWgZqSB+F8z71Cvfjondy1zjJYgtABqNlwCKQJZhRUW2+PblqQnz08TUy83XN2vtisOju4avGcHSaBgBbMvg8Wx4ZtM7sPP9pLrhhOTd5ceERHeTceTJy+iI1SQFvccjrRfs5aJ0zAQX5q6f4bV0zp5SmxkvnZUEkZIoetkM8VrPOYugqx31LtHAWfVT9NM+VkV/rrxLhk6J0giIQvC9MPWxRDileFVDszPiOgTLcxWjOziOLT+xijcj7dtx1b/f2bNCduN5G7i+icjjTlCNtyRPRqhBqn705W7F+xESP2gsscM/1BjQ7TGidU5m1njdkUjbrqm3+Qic6iqkG7SfETHmQB9mHqpJ0hACRPvZlhwB7oimNHllkrlw8UJw9f0SiuLjfERIgVS2EOp+mAia0RU7MlTt19o017M1ffEYL
 926e7275cef4f4f2a4251597ee4814748394824c 0 iQIcBAABCgAGBQJWYES4AAoJEESTFJTynGdzdT0P/0O/1frevtr698DwMe6kmJx35P6Bqq8szntMxYucv0HROTfr85JRcCCSvl/2SflDS215QmOxdvYLGLUWPJNz/gURCLpzsT88KLF68Y1tC72nl4Fj+LGIOlsWsvwEqQqw0v4iQkHIfcxI6q7g1r9Hfldf/ju4bzQ4HnKLxm6KNcLLoAsuehVpQ+njHpLmlLAGHU5a84B7xeXHFR+U/EBPxSdm637rNhmpLpkuK2Mym/Mzv7BThKDstpB8lhFHIwAVNqi3Cy4nGYxFZOJpooUN9pDornqAwuzHmOAMs9+49L8GZ1de5PBRGyFKibzjBIUWPEU9EIkfJVaVwTlqYK8Q/IRi9HjITPx6GpE8cZhdSvAibrQdb6BbIDrZ8eCvD9vnod6Uk0Jb9/ui6nCF9x+CN/3Qez4epV5+JCMYsqCiXFkVPm9Lab6L2eGZis7Q2TXImA/sSV+E4BGfH2urpkKlnuXTTtDp4XRG+lOISkIBXgjVY+uy8soVKNdx1gv+LeY8hu/oQ2NyOlaOeL47aSQ3who4Pk6pVRUOl6zfcKo9Vs6xDWm35A3Z6x/mrAENaXasB0JrfY5nIbefJUpbeSmi76fYldU98HdQNHPHCSeiKVYl7v/B6gi2JXp5xngLZz/5VVAurago7sRmpIp7G/AqU6LNE85IUzG8aQz8AfR0d1dW
 fd1981f41c626a969f07b4823848deaefef3c8aa 0 iQIcBAABCgAGBQJW4W2TAAoJEESTFJTynGdzuOcP/j6tvB2WRwSj39KoJuRcRebFWWv4ZHiQXYMXWa3X0Ppzz52r9W0cXDjjlp5FyGdovCQsK+IXmjPo5cCvWBrZJYA6usFr9ssnUtTC+45lvPxPYwj47ZGPngCXDt7LD+v08XhqCu4LsctXIP/zejd30KVS1eR2RHI+tnEyaIKC0Xaa0igcv74MZX7Q8/U+B730QMX5adfYAHoeyRhoctRWaxVV3To7Vadd9jNXP45MRY5auhRcK7XyQcS85vJeCRoysfDUas4ERRQWYkX+68GyzO9GrkYFle931Akw2K6ZZfUuiC2TrF5xv1eRP1Zm2GX481U4ZGFTI8IzZL8sVQ6tvzq2Mxsecu589JNui9aB2d8Gp2Su/E2zn0h0ShIRmviGzf2HiBt+Bnji5X2h/fJKWbLaWge0MdOU5Jidfyh9k0YT7xo4piJLJYSaZ3nv+j4jTYnTfL7uYvuWbYkJ1T32aQVCan7Eup3BFAgQjzbWYi1XQVg6fvu8uHPpS3tNNA9EAMeeyTyg1l6zI2EIU5gPfd/dKmdyotY2lZBkFZNJqFkKRZuzjWekcw7hAxS+Bd68GKklt/DGrQiVycAgimqwXrfkzzQagawq2fXL2uXB8ghlsyxKLSQPnAtBF2Jcn5FH2z7HOQ+e18ZrFfNy0cYa/4OdH6K5aK1igTzhZZP2Urn0
+70705edee9dd29cd3d410f19fbd15cc3489313e2 0 iQIcBAABCgAGBQJW7CQRAAoJEESTFJTynGdzTj0QAJL38CKSZthBAeI9c6B+IlwIeT6kPZaPqk1pkycCTWOe87NiNU9abrsF+JrjTuRQiO1EpM2IvfQEIXTijUcMxvld3PnzrZDDv6UvBLtOkn3i++HSVRO0MOuTKI8gFDEPUxRtcaCKXEbqYnf1OTK25FT09Vb//qP9mK1thvlLJmbV+D2a9MkMK66rom1d1h+347IsuwsM+ycHjB80VVAQLA7VYLC5YIwmL17dSmcQLvetfikAMwwmUE+KES4qiLSaqOcAWcKcU67RZzgMMv5o0rESlQmv1nj0mHZtHoUR71sd21emPaRXLOr0oT5YogWUphKq2qVthRn2B06+vd3hPdtn92CmJw9j7zT2jl4OeSjNm9qfAajsRzHIANssFxkGAb7w/LxcMoO29JC+01iUUJMdOVm+4Ns6wGI7qxssWPKdB+VbQUDlHrXLR+sopO524uhkYoWB6DVfTj4R6tImaHtj5/VXON0lsYaLGj8cSH60emL6nNQ0lYV/bSlk6l0s+0x3uXGZnp9oKA+vqMzHfG3vJeMm6KUqtFVjUsYx+q8nHm5/SlWxj1EwnkH8s8ELKZAUXjd76nWEwJ7JFRNRSQWvjOUh3/rsOo4JopzZXPsjCjm+Vql9TG0X6hB21noai32oD5RvfhtR/NX6sXNS5TKZz/j/cMsMnAAsSKb6W7Jm
 9030ffdbe5625e35ed7189ab84a41dfc8d413e9c 0 iQIcBAABCgAGBQJXkOg0AAoJEESTFJTynGdzc1kP/3vSKCnhOOvjCjnpTQadYcCUq8vTNnfLHYVu0R4ItPa/jT6RmxoaYP+lZnLnnBx9+aX7kzwHsa9BUX3MbMEyLrOzX2I+bDJbNPhQyupyCuPYlf5Q9KVcO9YlpbsC4q5XBzCn3j2+pT8kSfi9uD8fgY3TgE4w9meINrfQAealfjwMLT8S/I49/ni0r+usSfk/dnSShJYDUO7Ja0VWbJea/GkkZTu30bCnMUZPjRApipU3hPP63WFjkSMT1rp2mAXbWqyr9lf8z32yxzM9nMSjq4ViRFzFlkGtE3EVRJ4PwkO7JuiWAMPJpiQcEr+r52cCsmWhiGyHuINo01MwoMO9/n6uL1WVa3mJcE9se3xBOvfgDu2FRFGCAdm1tef+AGVo9EG1uJXi0sX2yUc6DMeuYaRWrXMMlZh7zp9cuNU9Y/lLui9RFmq66yeXG3Z2B72doju3Ig5QGrNNw2AOsSzeHdAtOp6ychqPcl9QfIeJQG18KyPSefZKM3G8YRKBRIwXFEH6iZJe5ZIP4iXrHDMn2JqtTRtDqKR8VNDAgb9z4Ffx8QRxFyj5JzTTMM1GddHb9udLvTQlO0ULYG7hCSMRNzvUBE2aTw8frjLRyfyyg3QpDu/hz8op8s1ecE8rTCD8RuX9DiiylNozypPtGNS+UDbAmkc1PCWaRpPVl+9K6787
 5c9207ceedaea794f958224c19214d66af6e2d56 0 iQIzBAABCgAdFiEE9zR+8u4uB6JnYoypRJMUlPKcZ3MFAlkdtooACgkQRJMUlPKcZ3P6ZxAAmLy/buZB/d96DJF/pViRWt/fWdjQFC4MqWfeSLW02OZ8Qkm1vPL3ln6WPHC2thy3xZWVg2uan3pLk/XXnsIFu8Q7r1EAfFFpvlMUmdl7asE8V6ilaeqmiI7bIvGMFbf4cZkQliLjiFkJX56tFHRCNi+rb7WgRuru3/GzPXUq2AvXZvFpFJgik0B72TxVlmCKeBRZq1FvP0UhAH48RJWYJksdEyzh2paMfjX9ZO5Q2SFFrmPw6k2ArdJFC1AYcgceZC84y06RKJ0WiSntUPlEUXgQbQVVWbtQDhjfJXMr/beuroNdT/vsRraLVkAzvhaDXNnHlAJNLQxci+AcLpnzZhxMW+ax7RRtrpXGxRN4cs0lBGUcSkaDybFqMYXwEjXAE8w6fdJRWCIlxctkAW/iNEO4kAG97hI2Qwcw5oU2Ymnv09zyGR+XJE35pJqPulJHExdwanJHvmjH0QF7TNFS82yxS5dKnP954cj3Lu9SWGYWjxQJRmLtOwb+lqqol4VTxG7Ois4uef9/Tpp9skeMZXVeNlpn2wrp6iFcX3uiiVDg9VKkl3ig6UqCiqQSuiIN87RXwUOeHXlCnW3adz3Xei0ziBrwLSql7lBIHGEAlUUNmJ3CrR8IwQtcynGEMKfNIeZ/XK+uNlm9cJIqZf1fzqc8KexlyS9AS0i/kiYZTr4=
--- a/.hgtags
+++ b/.hgtags
@@ -52,5 +52,6 @@ cbd674d63cd4f3781464a8d4056a5506c8ae926f DROPBEAR_2015.67
 79a6ef02307d05cb9dda10465cb5b807baa8f62e DROPBEAR_2015.70
 9a944a243f08be6b22d32f166a0690eb4872462b DROPBEAR_2015.71
 78b12b6549be08b0bea3da329b2578060a76ca31 DROPBEAR_2016.72
+309e1c4a87682b6ca7d80b8555a1db416c3cb7ac DROPBEAR_2016.73
 0ed3d2bbf956cb8a9bf0f4b5a86b7dd9688205cb DROPBEAR_2016.74
 c31276613181c5cff7854e7ef586ace03424e55e DROPBEAR_2017.75
--- a/.travis.yml
+++ b/.travis.yml
@@ -41,7 +41,9 @@ install:
 script:
  - autoconf && autoheader && ./configure "$BUNDLEDLIBTOM" CFLAGS="-O2 -Wall -Wno-pointer-sign $WEXTRAFLAGS" --prefix="$HOME/inst"
  - if [ "$NOWRITEV" = "1" ]; then sed -i -e s/HAVE_WRITEV/DONT_HAVE_WRITEV/ config.h ; fi
-  - make -j3 install
+  - make -j3 
+  # avoid concurrent install, osx/freebsd is racey (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208093)
+  - make install 
  
 after_success:
  - ~/inst/bin/dropbearkey -t rsa -f testrsa

--- a/Makefile.in
+++ b/Makefile.in
@@ -24,6 +24,10 @@ CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/
 LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM) 
 endif
  
+ifneq ($(wildcard localoptions.h),)
+CFLAGS+=-DLOCALOPTIONS_H_EXISTS
+endif
+
 COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
 		dss.o bignum.o \
 		signkey.o rsa.o dbrandom.o \
@@ -76,6 +80,8 @@ bindir=@bindir@
 sbindir=@sbindir@
 mandir=@mandir@
  
+.DELETE_ON_ERROR:
+
 CC=@CC@
 AR=@AR@
 RANLIB=@RANLIB@
@@ -155,7 +161,6 @@ inst_%: %
  
 inst_dropbearmulti: $(addprefix insmulti, $(PROGRAMS)) 
  
-
 # for some reason the rule further down doesn't like $($@objs) as a prereq.
 dropbear: $(dropbearobjs)
 dbclient: $(dbclientobjs)
@@ -195,18 +200,18 @@ link%:
 	-ln -s dropbearmulti$(EXEEXT) $*$(EXEEXT)
  
 $(STATIC_LTC): options.h
-	cd libtomcrypt && $(MAKE)
+	$(MAKE) -C libtomcrypt
  
 $(STATIC_LTM): options.h
-	cd libtommath && $(MAKE)
+	$(MAKE) -C libtommath
  
 .PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean
  
 ltc-clean:
-	cd libtomcrypt && $(MAKE) clean
+	$(MAKE) -C libtomcrypt clean
  
 ltm-clean:
-	cd libtommath && $(MAKE) clean
+	$(MAKE) -C libtommath clean
  
 sizes: dropbear
 	objdump -t dropbear|grep ".text"|cut -d "." -f 2|sort -rn
@@ -215,7 +220,7 @@ clean: ltc-clean ltm-clean thisclean
  
 thisclean:
 	-rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress \
-			dropbearmulti *.o *.da *.bb *.bbg *.prof 
+			dropbearmulti *.o *.da *.bb *.bbg *.prof
  
 distclean: clean tidy
 	-rm -f config.h
@@ -223,3 +228,11 @@ distclean: clean tidy
  
 tidy:
 	-rm -f *~ *.gcov */*~
+
+# default_options.h is stored in version control, could not find a workaround
+# for parallel "make -j" and dependency rules.
+default_options.h: default_options.h.in 
+	echo "# > > > Generated from $^, edit that file instead !" > $@.tmp
+	echo >> $@.tmp
+	$(srcdir)/ifndef_wrapper.sh < $^ > $@.tmp
+	mv $@.tmp $@
--- a/agentfwd.h
+++ b/agentfwd.h
@@ -30,7 +30,7 @@
 #include "auth.h"
 #include "list.h"
  
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
  
 /* An agent reply can be reasonably large, as it can
 * contain a list of all public keys held by the agent.
@@ -50,14 +50,14 @@ void cli_setup_agent(struct Channel *channel);
  
 extern const struct ChanType cli_chan_agent;
  
-#endif /* ENABLE_CLI_AGENTFWD */
+#endif /* DROPBEAR_CLI_AGENTFWD */
  
-#ifdef ENABLE_SVR_AGENTFWD
+#if DROPBEAR_SVR_AGENTFWD
  
 int svr_agentreq(struct ChanSess * chansess);
 void svr_agentcleanup(struct ChanSess * chansess);
 void svr_agentset(struct ChanSess *chansess);
  
-#endif /* ENABLE_SVR_AGENTFWD */
+#endif /* DROPBEAR_SVR_AGENTFWD */
  
 #endif /* DROPBEAR_AGENTFWD_H_ */
--- a/algo.h
+++ b/algo.h
@@ -83,9 +83,15 @@ struct dropbear_hash {
 };
  
 enum dropbear_kex_mode {
+#if DROPBEAR_NORMAL_DH
 	DROPBEAR_KEX_NORMAL_DH,
+#endif
+#if DROPBEAR_ECDH
 	DROPBEAR_KEX_ECDH,
+#endif
+#if DROPBEAR_CURVE25519
 	DROPBEAR_KEX_CURVE25519,
+#endif
 };
  
 struct dropbear_kex {
@@ -96,7 +102,7 @@ struct dropbear_kex {
 	const int dh_p_len;
  
 	/* elliptic curve DH KEX */
-#ifdef DROPBEAR_ECDH
+#if DROPBEAR_ECDH
 	const struct dropbear_ecc_curve *ecc_curve;
 #else
 	const void* dummy;
@@ -122,7 +128,7 @@ enum kexguess2_used {
 algo_type * buf_match_algo(buffer* buf, algo_type localalgos[],
 		enum kexguess2_used *kexguess2, int *goodguess);
  
-#ifdef ENABLE_USER_ALGO_LIST
+#if DROPBEAR_USER_ALGO_LIST
 int check_user_algos(const char* user_algo_list, algo_type * algos, 
 		const char *algo_desc);
 char * algolist_string(algo_type algos[]);

--- a/atomicio.c
+++ b/atomicio.c
+/* $OpenBSD: atomicio.c,v 1.17 2006/04/01 05:51:34 djm Exp $ */
 /*
- * Copied from OpenSSH 3.6.1p2.
+ * Copied from OpenSSH/OpenBSD.
 * 
+ * Copyright (c) 2005 Anil Madhavapeddy. All rights reserved.
 * Copyright (c) 1995,1999 Theo de Raadt.  All rights reserved.
 * All rights reserved.
 *
@@ -25,39 +27,32 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
  
-/* RCSID("OpenBSD: atomicio.c,v 1.10 2001/05/08 22:48:07 markus Exp "); */
+#include "includes.h"
  
 #include "atomicio.h"
  
 /*
- * ensure all of data on socket comes through. f==read || f==write
+ * ensure all of data on socket comes through. f==read || f==vwrite
 */
-ssize_t
-atomicio(f, fd, _s, n)
-	ssize_t (*f) ();
-	int fd;
-	void *_s;
-	size_t n;
+size_t
+atomicio(ssize_t (*f) (int, void *, size_t), int fd, void *_s, size_t n)
 {
 	char *s = _s;
-	ssize_t res;
 	size_t pos = 0;
+	ssize_t res;
  
 	while (n > pos) {
 		res = (f) (fd, s + pos, n - pos);
 		switch (res) {
 		case -1:
-#ifdef EWOULDBLOCK
-			if (errno == EINTR || errno == EAGAIN || errno == EWOULDBLOCK)
-#else
 			if (errno == EINTR || errno == EAGAIN)
-#endif
 				continue;
-			/* FALLTHROUGH */
+			return 0;
 		case 0:
-			return (res);
+			errno = EPIPE;
+			return pos;
 		default:
-			pos += res;
+			pos += (size_t)res;
 		}
 	}
 	return (pos);

--- a/atomicio.h
+++ b/atomicio.h
+/* $OpenBSD: atomicio.h,v 1.7 2006/03/25 22:22:42 djm Exp $ */
  
 /*
- * Copied from OpenSSH 3.6.1p2, required for loginrec.c
- *
- * $OpenBSD: atomicio.h,v 1.4 2001/06/26 06:32:46 itojun Exp $
+ * Copied from OpenSSH/OpenBSD, required for loginrec.c
 *
 * Copyright (c) 1995,1999 Theo de Raadt.  All rights reserved.
 * All rights reserved.
@@ -28,9 +27,9 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
  
-#include "includes.h"
-
 /*
- * Ensure all of data on socket comes through. f==read || f==write
+ * Ensure all of data on socket comes through. f==read || f==vwrite
 */
-ssize_t	atomicio(ssize_t (*)(), int, void *, size_t);
+size_t	atomicio(ssize_t (*)(int, void *, size_t), int, void *, size_t);
+
+#define vwrite (ssize_t (*)(int, void *, size_t))write
--- a/auth.h
+++ b/auth.h
@@ -41,7 +41,7 @@ void svr_auth_password(void);
 void svr_auth_pubkey(void);
 void svr_auth_pam(void);
  
-#ifdef ENABLE_SVR_PUBKEY_OPTIONS
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
 int svr_pubkey_allows_agentfwd(void);
 int svr_pubkey_allows_tcpfwd(void);
 int svr_pubkey_allows_x11fwd(void);
@@ -119,12 +119,12 @@ struct AuthState {
 	char *pw_shell;
 	char *pw_name;
 	char *pw_passwd;
-#ifdef ENABLE_SVR_PUBKEY_OPTIONS
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
 	struct PubKeyOptions* pubkey_options;
 #endif
 };
  
-#ifdef ENABLE_SVR_PUBKEY_OPTIONS
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
 struct PubKeyOptions;
 struct PubKeyOptions {
 	/* Flags */

--- a/channel.h
+++ b/channel.h
@@ -126,11 +126,11 @@ void recv_msg_channel_eof(void);
 void common_recv_msg_channel_data(struct Channel *channel, int fd, 
 		circbuffer * buf);
  
-#ifdef DROPBEAR_CLIENT
+#if DROPBEAR_CLIENT
 extern const struct ChanType clichansess;
 #endif
  
-#if defined(USING_LISTENERS) || defined(DROPBEAR_CLIENT)
+#if DROPBEAR_LISTENERS || DROPBEAR_CLIENT
 int send_msg_channel_open_init(int fd, const struct ChanType *type);
 void recv_msg_channel_open_confirmation(void);
 void recv_msg_channel_open_failure(void);

--- a/chansession.h
+++ b/chansession.h
@@ -58,7 +58,7 @@ struct ChanSess {
 	/* Used to set $SSH_CLIENT in the child session. */
 	char *client_string;
 	
-#ifndef DISABLE_X11FWD
+#if DROPBEAR_X11FWD
 	struct Listener * x11listener;
 	int x11port;
 	char * x11authprot;
@@ -67,13 +67,13 @@ struct ChanSess {
 	unsigned char x11singleconn;
 #endif
  
-#ifdef ENABLE_SVR_AGENTFWD
+#if DROPBEAR_SVR_AGENTFWD
 	struct Listener * agentlistener;
 	char * agentfile;
 	char * agentdir;
 #endif
  
-#ifdef ENABLE_SVR_PUBKEY_OPTIONS
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
 	char *original_command;
 #endif
 };
@@ -89,7 +89,7 @@ void addnewvar(const char* param, const char* var);
 void cli_send_chansess_request(void);
 void cli_tty_cleanup(void);
 void cli_chansess_winchange(void);
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 void cli_send_netcat_request(void);
 #endif
  

--- a/cli-agentfwd.c
+++ b/cli-agentfwd.c
@@ -24,7 +24,7 @@
  
 #include "includes.h"
  
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
  
 #include "agentfwd.h"
 #include "session.h"
@@ -130,7 +130,7 @@ static buffer * agent_request(unsigned char type, buffer *data) {
 	}
 	buf_setpos(payload, 0);
  
-	ret = atomicio(write, fd, buf_getptr(payload, payload->len), payload->len);
+	ret = atomicio(vwrite, fd, buf_getptr(payload, payload->len), payload->len);
 	if ((size_t)ret != payload->len) {
 		TRACE(("write failed fd %d for agent_request, %s", fd, strerror(errno)))
 		goto out;

--- a/cli-auth.c
+++ b/cli-auth.c
@@ -51,7 +51,7 @@ void cli_auth_getmethods() {
  
 	encrypt_packet();
  
-#ifdef DROPBEAR_CLI_IMMEDIATE_AUTH
+#if DROPBEAR_CLI_IMMEDIATE_AUTH
 	/* We can't haven't two auth requests in-flight with delayed zlib mode
 	since if the first one succeeds then the remote side will 
 	expect the second one to be compressed. 
@@ -78,6 +78,7 @@ void recv_msg_userauth_banner() {
 	char* banner = NULL;
 	unsigned int bannerlen;
 	unsigned int i, linecount;
+	int truncated = 0;
  
 	TRACE(("enter recv_msg_userauth_banner"))
 	if (ses.authstate.authdone) {
@@ -90,26 +91,29 @@ void recv_msg_userauth_banner() {
  
 	if (bannerlen > MAX_BANNER_SIZE) {
 		TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen))
-		goto out;
-	}
-
-	cleantext(banner);
-
-	/* Limit to 25 lines */
-	linecount = 1;
-	for (i = 0; i < bannerlen; i++) {
-		if (banner[i] == '\n') {
-			if (linecount >= MAX_BANNER_LINES) {
-				banner[i] = '\0';
-				break;
+		truncated = 1;
+	} else {
+		cleantext(banner);
+
+		/* Limit to 24 lines */
+		linecount = 1;
+		for (i = 0; i < bannerlen; i++) {
+			if (banner[i] == '\n') {
+				if (linecount >= MAX_BANNER_LINES) {
+					banner[i] = '\0';
+					truncated = 1;
+					break;
+				}
+				linecount++;
 			}
-			linecount++;
 		}
+		fprintf(stderr, "%s\n", banner);
 	}
  
-	fprintf(stderr, "%s\n", banner);
+	if (truncated) {
+		fprintf(stderr, "[Banner from the server is too long]\n");
+	}
  
-out:
 	m_free(banner);
 	TRACE(("leave recv_msg_userauth_banner"))
 }
@@ -121,21 +125,21 @@ out:
 * SSH_MSG_USERAUTH_INFO_REQUEST. */
 void recv_msg_userauth_specific_60() {
  
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 	if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
 		recv_msg_userauth_pk_ok();
 		return;
 	}
 #endif
  
-#ifdef ENABLE_CLI_INTERACT_AUTH
+#if DROPBEAR_CLI_INTERACT_AUTH
 	if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT) {
 		recv_msg_userauth_info_request();
 		return;
 	}
 #endif
  
-#ifdef ENABLE_CLI_PASSWORD_AUTH
+#if DROPBEAR_CLI_PASSWORD_AUTH
 	if (cli_ses.lastauthtype == AUTH_TYPE_PASSWORD) {
 		/* Eventually there could be proper password-changing
 		 * support. However currently few servers seem to
@@ -179,7 +183,7 @@ void recv_msg_userauth_failure() {
 		TRACE(("leave recv_msg_userauth_failure, ignored response, state set to USERAUTH_REQ_SENT"));
 		return;
 	} else  {
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 		/* If it was a pubkey auth request, we should cross that key 
 		 * off the list. */
 		if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
@@ -187,7 +191,7 @@ void recv_msg_userauth_failure() {
 		}
 #endif
  
-#ifdef ENABLE_CLI_INTERACT_AUTH
+#if DROPBEAR_CLI_INTERACT_AUTH
 		/* If we get a failure message for keyboard interactive without
 		 * receiving any request info packet, then we don't bother trying
 		 * keyboard interactive again */
@@ -227,19 +231,19 @@ void recv_msg_userauth_failure() {
 	for (i = 0; i <= methlen; i++) {
 		if (methods[i] == '\0') {
 			TRACE(("auth method '%s'", tok))
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 			if (strncmp(AUTH_METHOD_PUBKEY, tok,
 				AUTH_METHOD_PUBKEY_LEN) == 0) {
 				ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
 			}
 #endif
-#ifdef ENABLE_CLI_INTERACT_AUTH
+#if DROPBEAR_CLI_INTERACT_AUTH
 			if (strncmp(AUTH_METHOD_INTERACT, tok,
 				AUTH_METHOD_INTERACT_LEN) == 0) {
 				ses.authstate.authtypes |= AUTH_TYPE_INTERACT;
 			}
 #endif
-#ifdef ENABLE_CLI_PASSWORD_AUTH
+#if DROPBEAR_CLI_PASSWORD_AUTH
 			if (strncmp(AUTH_METHOD_PASSWORD, tok,
 				AUTH_METHOD_PASSWORD_LEN) == 0) {
 				ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
@@ -267,7 +271,7 @@ void recv_msg_userauth_success() {
 	cli_ses.state = USERAUTH_SUCCESS_RCVD;
 	cli_ses.lastauthtype = AUTH_TYPE_NONE;
  
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 	cli_auth_pubkey_cleanup();
 #endif
 }
@@ -281,14 +285,14 @@ int cli_auth_try() {
 	
 	/* Order to try is pubkey, interactive, password.
 	 * As soon as "finished" is set for one, we don't do any more. */
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 	if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
 		finished = cli_auth_pubkey();
 		cli_ses.lastauthtype = AUTH_TYPE_PUBKEY;
 	}
 #endif
  
-#ifdef ENABLE_CLI_PASSWORD_AUTH
+#if DROPBEAR_CLI_PASSWORD_AUTH
 	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
 		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
 			fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
@@ -300,7 +304,7 @@ int cli_auth_try() {
 	}
 #endif
  
-#ifdef ENABLE_CLI_INTERACT_AUTH
+#if DROPBEAR_CLI_INTERACT_AUTH
 	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) {
 		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
 			fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
@@ -324,7 +328,7 @@ int cli_auth_try() {
 	return DROPBEAR_FAILURE;
 }
  
-#if defined(ENABLE_CLI_PASSWORD_AUTH) || defined(ENABLE_CLI_INTERACT_AUTH)
+#if DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_INTERACT_AUTH
 /* A helper for getpass() that exits if the user cancels. The returned
 * password is statically allocated by getpass() */
 char* getpass_or_cancel(char* prompt)

--- a/cli-authinteract.c
+++ b/cli-authinteract.c
@@ -29,7 +29,7 @@
 #include "ssh.h"
 #include "runopts.h"
  
-#ifdef ENABLE_CLI_INTERACT_AUTH
+#if DROPBEAR_CLI_INTERACT_AUTH
  
 static char* get_response(char* prompt)
 {
@@ -172,4 +172,4 @@ void cli_auth_interactive() {
 	TRACE(("leave cli_auth_interactive"))
  
 }
-#endif	/* ENABLE_CLI_INTERACT_AUTH */
+#endif	/* DROPBEAR_CLI_INTERACT_AUTH */
--- a/cli-authpasswd.c
+++ b/cli-authpasswd.c
@@ -29,9 +29,9 @@
 #include "ssh.h"
 #include "runopts.h"
  
-#ifdef ENABLE_CLI_PASSWORD_AUTH
+#if DROPBEAR_CLI_PASSWORD_AUTH
  
-#ifdef ENABLE_CLI_ASKPASS_HELPER
+#if DROPBEAR_CLI_ASKPASS_HELPER
 /* Returns 1 if we want to use the askpass program, 0 otherwise */
 static int want_askpass()
 {
@@ -113,7 +113,7 @@ static char *gui_getpass(const char *prompt) {
 	TRACE(("leave gui_getpass"))
 	return(buf);
 }
-#endif /* ENABLE_CLI_ASKPASS_HELPER */
+#endif /* DROPBEAR_CLI_ASKPASS_HELPER */
  
 void cli_auth_password() {
  
@@ -125,7 +125,7 @@ void cli_auth_password() {
  
 	snprintf(prompt, sizeof(prompt), "%s@%s's password: ", 
 				cli_opts.username, cli_opts.remotehost);
-#ifdef ENABLE_CLI_ASKPASS_HELPER
+#if DROPBEAR_CLI_ASKPASS_HELPER
 	if (want_askpass())
 	{
 		password = gui_getpass(prompt);
@@ -158,4 +158,4 @@ void cli_auth_password() {
  
 	TRACE(("leave cli_auth_password"))
 }
-#endif	/* ENABLE_CLI_PASSWORD_AUTH */
+#endif	/* DROPBEAR_CLI_PASSWORD_AUTH */
--- a/cli-authpubkey.c
+++ b/cli-authpubkey.c
@@ -32,7 +32,7 @@
 #include "auth.h"
 #include "agentfwd.h"
  
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign);
  
 /* Called when we receive a SSH_MSG_USERAUTH_FAILURE for a pubkey request.
@@ -122,7 +122,7 @@ void recv_msg_userauth_pk_ok() {
  
 void cli_buf_put_sign(buffer* buf, sign_key *key, int type, 
 			buffer *data_buf) {
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 	if (key->source == SIGNKEY_SOURCE_AGENT) {
 		/* Format the agent signature ourselves, as buf_put_sign would. */
 		buffer *sigblob;
@@ -131,7 +131,7 @@ void cli_buf_put_sign(buffer* buf, sign_key *key, int type,
 		buf_putbufstring(buf, sigblob);
 		buf_free(sigblob);
 	} else 
-#endif /* ENABLE_CLI_AGENTFWD */
+#endif /* DROPBEAR_CLI_AGENTFWD */
 	{
 		buf_put_sign(buf, key, type, data_buf);
 	}
@@ -185,7 +185,7 @@ int cli_auth_pubkey() {
  
 	TRACE(("enter cli_auth_pubkey"))
  
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 	if (!cli_opts.agent_keys_loaded) {
 		/* get the list of available keys from the agent */
 		cli_load_agent_keys(cli_opts.privkeys);
@@ -209,7 +209,7 @@ int cli_auth_pubkey() {
  
 void cli_auth_pubkey_cleanup() {
  
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 	m_close(cli_opts.agent_fd);
 	cli_opts.agent_fd = -1;
 #endif

--- a/cli-chansession.c
+++ b/cli-chansession.c
@@ -355,7 +355,7 @@ static int cli_initchansess(struct Channel *channel) {
  
 	cli_init_stdpipe_sess(channel);
  
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 	if (cli_opts.agent_fwd) {
 		cli_setup_agent(channel);
 	}
@@ -379,7 +379,7 @@ static int cli_initchansess(struct Channel *channel) {
 	return 0; /* Success */
 }
  
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
  
 static const struct ChanType cli_chan_netcat = {
 	0, /* sepfds */

--- a/cli-kex.c
+++ b/cli-kex.c
@@ -48,6 +48,7 @@ void send_msg_kexdh_init() {
 	CHECKCLEARTOWRITE();
 	buf_putbyte(ses.writepayload, SSH_MSG_KEXDH_INIT);
 	switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
 		case DROPBEAR_KEX_NORMAL_DH:
 			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
 				|| !cli_ses.dh_param) {
@@ -58,8 +59,9 @@ void send_msg_kexdh_init() {
 			}
 			buf_putmpint(ses.writepayload, &cli_ses.dh_param->pub);
 			break;
+#endif
+#if DROPBEAR_ECDH
 		case DROPBEAR_KEX_ECDH:
-#ifdef DROPBEAR_ECDH
 			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
 				|| !cli_ses.ecdh_param) {
 				if (cli_ses.ecdh_param) {
@@ -68,9 +70,9 @@ void send_msg_kexdh_init() {
 				cli_ses.ecdh_param = gen_kexecdh_param();
 			}
 			buf_put_ecc_raw_pubkey_string(ses.writepayload, &cli_ses.ecdh_param->key);
-#endif
 			break;
-#ifdef DROPBEAR_CURVE25519
+#endif
+#if DROPBEAR_CURVE25519
 		case DROPBEAR_KEX_CURVE25519:
 			if (ses.newkeys->algo_kex != cli_ses.param_kex_algo
 				|| !cli_ses.curve25519_param) {
@@ -80,8 +82,8 @@ void send_msg_kexdh_init() {
 				cli_ses.curve25519_param = gen_kexcurve25519_param();
 			}
 			buf_putstring(ses.writepayload, (const char*)cli_ses.curve25519_param->pub, CURVE25519_LEN);
-#endif
 			break;
+#endif
 	}
  
 	cli_ses.param_kex_algo = ses.newkeys->algo_kex;
@@ -118,6 +120,7 @@ void recv_msg_kexdh_reply() {
 	}
  
 	switch (ses.newkeys->algo_kex->mode) {
+#if DROPBEAR_NORMAL_DH
 		case DROPBEAR_KEX_NORMAL_DH:
 			{
 			DEF_MP_INT(dh_f);
@@ -131,37 +134,38 @@ void recv_msg_kexdh_reply() {
 			mp_clear(&dh_f);
 			}
 			break;
+#endif
+#if DROPBEAR_ECDH
 		case DROPBEAR_KEX_ECDH:
-#ifdef DROPBEAR_ECDH
 			{
 			buffer *ecdh_qs = buf_getstringbuf(ses.payload);
 			kexecdh_comb_key(cli_ses.ecdh_param, ecdh_qs, hostkey);
 			buf_free(ecdh_qs);
 			}
-#endif
 			break;
-#ifdef DROPBEAR_CURVE25519
+#endif
+#if DROPBEAR_CURVE25519
 		case DROPBEAR_KEX_CURVE25519:
 			{
 			buffer *ecdh_qs = buf_getstringbuf(ses.payload);
 			kexcurve25519_comb_key(cli_ses.curve25519_param, ecdh_qs, hostkey);
 			buf_free(ecdh_qs);
 			}
-#endif
 			break;
+#endif
 	}
  
 	if (cli_ses.dh_param) {
 		free_kexdh_param(cli_ses.dh_param);
 		cli_ses.dh_param = NULL;
 	}
-#ifdef DROPBEAR_ECDH
+#if DROPBEAR_ECDH
 	if (cli_ses.ecdh_param) {
 		free_kexecdh_param(cli_ses.ecdh_param);
 		cli_ses.ecdh_param = NULL;
 	}
 #endif
-#ifdef DROPBEAR_CURVE25519
+#if DROPBEAR_CURVE25519
 	if (cli_ses.curve25519_param) {
 		free_kexcurve25519_param(cli_ses.curve25519_param);
 		cli_ses.curve25519_param = NULL;

--- a/cli-main.c
+++ b/cli-main.c
@@ -35,13 +35,13 @@
 static void cli_dropbear_exit(int exitcode, const char* format, va_list param) ATTRIB_NORETURN;
 static void cli_dropbear_log(int priority, const char* format, va_list param);
  
-#ifdef ENABLE_CLI_PROXYCMD
+#if DROPBEAR_CLI_PROXYCMD
 static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out);
 static void kill_proxy_sighandler(int signo);
 #endif
  
-#if defined(DBMULTI_dbclient) || !defined(DROPBEAR_MULTI)
-#if defined(DBMULTI_dbclient) && defined(DROPBEAR_MULTI)
+#if defined(DBMULTI_dbclient) || !DROPBEAR_MULTI
+#if defined(DBMULTI_dbclient) && DROPBEAR_MULTI
 int cli_main(int argc, char ** argv) {
 #else
 int main(int argc, char ** argv) {
@@ -74,7 +74,7 @@ int main(int argc, char ** argv) {
 	}
  
 	pid_t proxy_cmd_pid = 0;
-#ifdef ENABLE_CLI_PROXYCMD
+#if DROPBEAR_CLI_PROXYCMD
 	if (cli_opts.proxycmd) {
 		cli_proxy_cmd(&sock_in, &sock_out, &proxy_cmd_pid);
 		m_free(cli_opts.proxycmd);
@@ -151,7 +151,7 @@ static void exec_proxy_cmd(void *user_data_cmd) {
 	dropbear_exit("Failed to run '%s'\n", cmd);
 }
  
-#ifdef ENABLE_CLI_PROXYCMD
+#if DROPBEAR_CLI_PROXYCMD
 static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) {
 	char * ex_cmd = NULL;
 	size_t ex_cmdlen;
@@ -176,4 +176,4 @@ static void kill_proxy_sighandler(int UNUSED(signo)) {
 	kill_proxy_command();
 	_exit(1);
 }
-#endif /* ENABLE_CLI_PROXYCMD */
+#endif /* DROPBEAR_CLI_PROXYCMD */
--- a/cli-runopts.c
+++ b/cli-runopts.c
@@ -37,13 +37,13 @@ static void printhelp(void);
 static void parse_hostname(const char* orighostarg);
 static void parse_multihop_hostname(const char* orighostarg, const char* argv0);
 static void fill_own_user(void);
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 static void loadidentityfile(const char* filename, int warnfail);
 #endif
-#ifdef ENABLE_CLI_ANYTCPFWD
+#if DROPBEAR_CLI_ANYTCPFWD
 static void addforward(const char* str, m_list *fwdlist);
 #endif
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 static void add_netcat(const char *str);
 #endif
 static void add_extendedopt(const char *str);
@@ -51,7 +51,7 @@ static void add_extendedopt(const char *str);
 static void printhelp() {
  
 	fprintf(stderr, "Dropbear SSH client v%s https://matt.ucc.asn.au/dropbear/dropbear.html\n"
-#ifdef ENABLE_CLI_MULTIHOP
+#if DROPBEAR_CLI_MULTIHOP
 					"Usage: %s [options] [user@]host[/port][,[user@]host/port],...] [command]\n"
 #else
 					"Usage: %s [options] [user@]host[/port] [command]\n"
@@ -66,38 +66,38 @@ static void printhelp() {
 					"-y -y Don't perform any remote host key checking (caution)\n"
 					"-s    Request a subsystem (use by external sftp)\n"
 					"-o option     Set option in OpenSSH-like format ('-o help' to list options)\n"
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 					"-i <identityfile>   (multiple allowed, default %s)\n"
 #endif
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 					"-A    Enable agent auth forwarding\n"
 #endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
+#if DROPBEAR_CLI_LOCALTCPFWD
 					"-L <[listenaddress:]listenport:remotehost:remoteport> Local port forwarding\n"
 					"-g    Allow remote hosts to connect to forwarded ports\n"
 #endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
+#if DROPBEAR_CLI_REMOTETCPFWD
 					"-R <[listenaddress:]listenport:remotehost:remoteport> Remote port forwarding\n"
 #endif
 					"-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n"
 					"-K <keepalive>  (0 is never, default %d)\n"
 					"-I <idle_timeout>  (0 is never, default %d)\n"
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 					"-B <endhost:endport> Netcat-alike forwarding\n"
 #endif				
-#ifdef ENABLE_CLI_PROXYCMD
+#if DROPBEAR_CLI_PROXYCMD
 					"-J <proxy_program> Use program pipe rather than TCP connection\n"
 #endif
-#ifdef ENABLE_USER_ALGO_LIST
+#if DROPBEAR_USER_ALGO_LIST
 					"-c <cipher list> Specify preferred ciphers ('-c help' to list options)\n"
 					"-m <MAC list> Specify preferred MACs for packet verification (or '-m help')\n"
 #endif
 					"-V    Version\n"
-#ifdef DEBUG_TRACE
+#if DEBUG_TRACE
 					"-v    verbose (compiled with DEBUG_TRACE)\n"
 #endif
 					,DROPBEAR_VERSION, cli_opts.progname,
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 					DROPBEAR_DEFAULT_CLI_AUTHKEY,
 #endif
 					DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
@@ -109,16 +109,16 @@ void cli_getopts(int argc, char ** argv) {
 	char ** next = 0;
 	enum {
 		OPT_EXTENDED_OPTIONS,
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 		OPT_AUTHKEY,
 #endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
+#if DROPBEAR_CLI_LOCALTCPFWD
 		OPT_LOCALTCPFWD,
 #endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
+#if DROPBEAR_CLI_REMOTETCPFWD
 		OPT_REMOTETCPFWD,
 #endif
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 		OPT_NETCAT,
 #endif
 		/* a flag (no arg) if 'next' is NULL, a string-valued option otherwise */
@@ -145,31 +145,31 @@ void cli_getopts(int argc, char ** argv) {
 	cli_opts.always_accept_key = 0;
 	cli_opts.no_hostkey_check = 0;
 	cli_opts.is_subsystem = 0;
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 	cli_opts.privkeys = list_new();
 #endif
-#ifdef ENABLE_CLI_ANYTCPFWD
+#if DROPBEAR_CLI_ANYTCPFWD
 	cli_opts.exit_on_fwd_failure = 0;
 #endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
+#if DROPBEAR_CLI_LOCALTCPFWD
 	cli_opts.localfwds = list_new();
 	opts.listen_fwd_all = 0;
 #endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
+#if DROPBEAR_CLI_REMOTETCPFWD
 	cli_opts.remotefwds = list_new();
 #endif
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 	cli_opts.agent_fwd = 0;
 	cli_opts.agent_fd = -1;
 	cli_opts.agent_keys_loaded = 0;
 #endif
-#ifdef ENABLE_CLI_PROXYCMD
+#if DROPBEAR_CLI_PROXYCMD
 	cli_opts.proxycmd = NULL;
 #endif
 #ifndef DISABLE_ZLIB
 	opts.compress_mode = DROPBEAR_COMPRESS_ON;
 #endif
-#ifdef ENABLE_USER_ALGO_LIST
+#if DROPBEAR_USER_ALGO_LIST
 	opts.cipher_list = NULL;
 	opts.mac_list = NULL;
 #endif
@@ -213,7 +213,7 @@ void cli_getopts(int argc, char ** argv) {
 				case 'p': /* remoteport */
 					next = &cli_opts.remoteport;
 					break;
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 				case 'i': /* an identityfile */
 					opt = OPT_AUTHKEY;
 					break;
@@ -236,7 +236,7 @@ void cli_getopts(int argc, char ** argv) {
 				case 'o':
 					opt = OPT_EXTENDED_OPTIONS;
 					break;
-#ifdef ENABLE_CLI_LOCALTCPFWD
+#if DROPBEAR_CLI_LOCALTCPFWD
 				case 'L':
 					opt = OPT_LOCALTCPFWD;
 					break;
@@ -244,17 +244,17 @@ void cli_getopts(int argc, char ** argv) {
 					opts.listen_fwd_all = 1;
 					break;
 #endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
+#if DROPBEAR_CLI_REMOTETCPFWD
 				case 'R':
 					opt = OPT_REMOTETCPFWD;
 					break;
 #endif
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 				case 'B':
 					opt = OPT_NETCAT;
 					break;
 #endif
-#ifdef ENABLE_CLI_PROXYCMD
+#if DROPBEAR_CLI_PROXYCMD
 				case 'J':
 					next = &cli_opts.proxycmd;
 					break;
@@ -278,12 +278,12 @@ void cli_getopts(int argc, char ** argv) {
 				case 'I':
 					next = &idle_timeout_arg;
 					break;
-#ifdef ENABLE_CLI_AGENTFWD
+#if DROPBEAR_CLI_AGENTFWD
 				case 'A':
 					cli_opts.agent_fwd = 1;
 					break;
 #endif
-#ifdef ENABLE_USER_ALGO_LIST
+#if DROPBEAR_USER_ALGO_LIST
 				case 'c':
 					next = &opts.cipher_list;
 					break;
@@ -291,22 +291,22 @@ void cli_getopts(int argc, char ** argv) {
 					next = &opts.mac_list;
 					break;
 #endif
-#ifdef DEBUG_TRACE
+#if DEBUG_TRACE
 				case 'v':
 					debug_trace = 1;
 					break;
 #endif
 				case 'F':
 				case 'e':
-#ifndef ENABLE_USER_ALGO_LIST
+#if !DROPBEAR_USER_ALGO_LIST
 				case 'c':
 				case 'm':
 #endif
 				case 'D':
-#ifndef ENABLE_CLI_REMOTETCPFWD
+#ifndef DROPBEAR_CLI_REMOTETCPFWD
 				case 'R':
 #endif
-#ifndef ENABLE_CLI_LOCALTCPFWD
+#ifndef DROPBEAR_CLI_LOCALTCPFWD
 				case 'L':
 #endif
 				case 'V':
@@ -338,28 +338,28 @@ void cli_getopts(int argc, char ** argv) {
 			add_extendedopt(&argv[i][j]);
 		}
 		else
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 		if (opt == OPT_AUTHKEY) {
 			TRACE(("opt authkey"))
 			loadidentityfile(&argv[i][j], 1);
 		}
 		else
 #endif
-#ifdef ENABLE_CLI_REMOTETCPFWD
+#if DROPBEAR_CLI_REMOTETCPFWD
 		if (opt == OPT_REMOTETCPFWD) {
 			TRACE(("opt remotetcpfwd"))
 			addforward(&argv[i][j], cli_opts.remotefwds);
 		}
 		else
 #endif
-#ifdef ENABLE_CLI_LOCALTCPFWD
+#if DROPBEAR_CLI_LOCALTCPFWD
 		if (opt == OPT_LOCALTCPFWD) {
 			TRACE(("opt localtcpfwd"))
 			addforward(&argv[i][j], cli_opts.localfwds);
 		}
 		else
 #endif
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 		if (opt == OPT_NETCAT) {
 			TRACE(("opt netcat"))
 			add_netcat(&argv[i][j]);
@@ -405,11 +405,11 @@ void cli_getopts(int argc, char ** argv) {
  
 	/* And now a few sanity checks and setup */
  
-#ifdef ENABLE_USER_ALGO_LIST
+#if DROPBEAR_USER_ALGO_LIST
 	parse_ciphers_macs();
 #endif
  
-#ifdef ENABLE_CLI_PROXYCMD                                                                                                                                   
+#if DROPBEAR_CLI_PROXYCMD                                                                                                                                   
 	if (cli_opts.proxycmd) {
 		/* To match the common path of m_freeing it */
 		cli_opts.proxycmd = m_strdup(cli_opts.proxycmd);
@@ -457,13 +457,13 @@ void cli_getopts(int argc, char ** argv) {
 		opts.idle_timeout_secs = val;
 	}
  
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 	if (cli_opts.cmd && cli_opts.netcat_host) {
 		dropbear_log(LOG_INFO, "Ignoring command '%s' in netcat mode", cli_opts.cmd);
 	}
 #endif
  
-#if defined(DROPBEAR_DEFAULT_CLI_AUTHKEY) && defined(ENABLE_CLI_PUBKEY_AUTH)
+#if (DROPBEAR_CLI_PUBKEY_AUTH)
 	{
 		char *expand_path = expand_homedir_path(DROPBEAR_DEFAULT_CLI_AUTHKEY);
 		loadidentityfile(expand_path, 0);
@@ -474,14 +474,14 @@ void cli_getopts(int argc, char ** argv) {
 	/* The hostname gets set up last, since
 	 * in multi-hop mode it will require knowledge
 	 * of other flags such as -i */
-#ifdef ENABLE_CLI_MULTIHOP
+#if DROPBEAR_CLI_MULTIHOP
 	parse_multihop_hostname(host_arg, argv[0]);
 #else
 	parse_hostname(host_arg);
 #endif
 }
  
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 static void loadidentityfile(const char* filename, int warnfail) {
 	sign_key *key;
 	enum signkey_type keytype;
@@ -504,7 +504,7 @@ static void loadidentityfile(const char* filename, int warnfail) {
 }
 #endif
  
-#ifdef ENABLE_CLI_MULTIHOP
+#if DROPBEAR_CLI_MULTIHOP
  
 static char*
 multihop_passthrough_args() {
@@ -514,13 +514,13 @@ multihop_passthrough_args() {
 	m_list_elem *iter;
 	/* Fill out -i, -y, -W options that make sense for all
 	 * the intermediate processes */
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 	for (iter = cli_opts.privkeys->first; iter; iter = iter->next)
 	{
 		sign_key * key = (sign_key*)iter->item;
 		len += 3 + strlen(key->filename);
 	}
-#endif /* ENABLE_CLI_PUBKEY_AUTH */
+#endif /* DROPBEAR_CLI_PUBKEY_AUTH */
  
 	len += 30; /* space for -W <size>, terminator. */
 	ret = m_malloc(len);
@@ -543,7 +543,7 @@ multihop_passthrough_args() {
 		total += written;
 	}
  
-#ifdef ENABLE_CLI_PUBKEY_AUTH
+#if DROPBEAR_CLI_PUBKEY_AUTH
 	for (iter = cli_opts.privkeys->first; iter; iter = iter->next)
 	{
 		sign_key * key = (sign_key*)iter->item;
@@ -552,7 +552,7 @@ multihop_passthrough_args() {
 		dropbear_assert((unsigned int)written < size);
 		total += written;
 	}
-#endif /* ENABLE_CLI_PUBKEY_AUTH */
+#endif /* DROPBEAR_CLI_PUBKEY_AUTH */
  
 	/* if args were passed, total will be not zero, and it will have a space at the end, so remove that */
 	if (total > 0) 
@@ -636,7 +636,7 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0)
 	}
 	m_free(hostbuf);
 }
-#endif /* !ENABLE_CLI_MULTIHOP */
+#endif /* !DROPBEAR_CLI_MULTIHOP */
  
 /* Parses a [user@]hostname[/port] argument. */
 static void parse_hostname(const char* orighostarg) {
@@ -675,7 +675,7 @@ static void parse_hostname(const char* orighostarg) {
 	}
 }
  
-#ifdef ENABLE_CLI_NETCAT
+#if DROPBEAR_CLI_NETCAT
 static void add_netcat(const char* origstr) {
 	char *portstr = NULL;
 	
@@ -728,7 +728,7 @@ static void fill_own_user() {
  
 }
  
-#ifdef ENABLE_CLI_ANYTCPFWD
+#if DROPBEAR_CLI_ANYTCPFWD
 /* Turn a "[listenaddr:]listenport:remoteaddr:remoteport" string into into a forwarding
 * set, and add it to the forwarding list */
 static void addforward(const char* origstr, m_list *fwdlist) {
@@ -870,7 +870,7 @@ static void add_extendedopt(const char* origstr) {
  
 	if (strcmp(origstr, "help") == 0) {
 		dropbear_log(LOG_INFO, "Available options:\n"
-#ifdef ENABLE_CLI_ANYTCPFWD
+#if DROPBEAR_CLI_ANYTCPFWD
 			"\tExitOnForwardFailure\n"
 #endif
 #ifndef DISABLE_SYSLOG
@@ -880,7 +880,7 @@ static void add_extendedopt(const char* origstr) {
 		exit(EXIT_SUCCESS);
 	}
  
-#ifdef ENABLE_CLI_ANYTCPFWD
+#if DROPBEAR_CLI_ANYTCPFWD
 	if (match_extendedopt(&optstr, "ExitOnForwardFailure") == DROPBEAR_SUCCESS) {
 		cli_opts.exit_on_fwd_failure = parse_flag_value(optstr);
 		return;