6635417 more memory leaks in SunSSH

6687441 typo in comment for record_login() in sshlogin.c
6686336 ssh source code should use FD_CLOEXEC macro instead of 1
6839514 SSH's debug3() says login while it should mention logout
6820920 Sun SSH daemon crashes if /usr/bin/locale isn't present
6368560 extra backslashes in RB_PROTOTYPE
6496644 deprecate UseLogin and remove code supporting this feature from sshd(1m)
6445661 confusing debug message printed at debug level 3
6531556 ssh "You don't exist, go away" message is not helpful and rude
6670875 remove SECUREWARE code from SunSSH
6663391 confusing message in sshconnect1.c when all authentication methods fail
6822495 unlocalized message "illegal option" is seen with ssh command
6545293 ssh: ~? help and man page do not quite match for definition of ~B
6656381 ssh can crash when using libumem and given a bad local forwarding specification

23 files changed, 215 insertions, 335 deletions

diff --git a/usr/src/cmd/ssh/include/config.h b/usr/src/cmd/ssh/include/config.h
index 963aee5bb2..978559f2d0 100644
--- a/usr/src/cmd/ssh/include/config.h
+++ b/usr/src/cmd/ssh/include/config.h
@@ -28,9 +28,6 @@ extern "C" {
 /* SCO workaround */
 /* #undef BROKEN_SYS_TERMIO_H */
 
-/* Define if you have SecureWare-based protected password database */
-/* #undef HAVE_SECUREWARE */
-
 /* If your header files don't define LOGIN_PROGRAM, then use this (detected) */
 /* from environment and PATH */
 #define	LOGIN_PROGRAM_FALLBACK "/usr/bin/login"
diff --git a/usr/src/cmd/ssh/include/sshconnect.h b/usr/src/cmd/ssh/include/sshconnect.h
index 60404e13e5..74eaccfbbc 100644
--- a/usr/src/cmd/ssh/include/sshconnect.h
+++ b/usr/src/cmd/ssh/include/sshconnect.h
@@ -1,20 +1,4 @@
 /*
- * Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-/*	$OpenBSD: sshconnect.h,v 1.17 2002/06/19 00:27:55 deraadt Exp $	*/
-
-#ifndef	_SSHCONNECT_H
-#define	_SSHCONNECT_H
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
-/*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -37,6 +21,19 @@ extern "C" {
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
+
+/*	$OpenBSD: sshconnect.h,v 1.17 2002/06/19 00:27:55 deraadt Exp $	*/
+
+#ifndef	_SSHCONNECT_H
+#define	_SSHCONNECT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
 
 typedef struct Sensitive Sensitive;
 struct Sensitive {
@@ -46,11 +43,11 @@ struct Sensitive {
 };
 
 int
-ssh_connect(const char *, struct sockaddr_storage *, u_short, int, int,
+ssh_connect(const char *, struct sockaddr_storage *, ushort_t, int, int,
     int, const char *);
 
 void
-ssh_login(Sensitive *, const char *, struct sockaddr *, struct passwd *);
+ssh_login(Sensitive *, const char *, struct sockaddr *, char *);
 
 int	 verify_host_key(char *, struct sockaddr *, Key *);
 int	 accept_host_key(char *, struct sockaddr *, Key *);
@@ -67,15 +64,15 @@ void	 ssh_put_password(char *);
 /*
  * Macros to raise/lower permissions.
  */
-#define PRIV_START do {				\
+#define	PRIV_START do {				\
 	int save_errno = errno;			\
-	(void)seteuid(original_effective_uid);	\
+	(void) seteuid(original_effective_uid);	\
 	errno = save_errno;			\
 } while (0)
 
-#define PRIV_END do {				\
+#define	PRIV_END do {				\
 	int save_errno = errno;			\
-	(void)seteuid(original_real_uid);	\
+	(void) seteuid(original_real_uid);	\
 	errno = save_errno;			\
 } while (0)
 
diff --git a/usr/src/cmd/ssh/include/sshlogin.h b/usr/src/cmd/ssh/include/sshlogin.h
index 23ced22a9c..e7d2ee7c89 100644
--- a/usr/src/cmd/ssh/include/sshlogin.h
+++ b/usr/src/cmd/ssh/include/sshlogin.h
@@ -1,15 +1,3 @@
-/*	$OpenBSD: sshlogin.h,v 1.4 2002/08/29 15:57:25 stevesk Exp $	*/
-
-#ifndef	_SSHLOGIN_H
-#define	_SSHLOGIN_H
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -22,10 +10,19 @@ extern "C" {
  * called by a name other than "ssh" or "Secure Shell".
  */
 /*
- * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
+/*	$OpenBSD: sshlogin.h,v 1.4 2002/08/29 15:57:25 stevesk Exp $	*/
+
+#ifndef	_SSHLOGIN_H
+#define	_SSHLOGIN_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 void
 record_login(pid_t pid, const char *ttyname, const char *progname,
 		const char *user);
@@ -36,12 +33,6 @@ record_logout(pid_t pid, const char *ttyname, const char *progname,
 u_long
 get_last_login_time(uid_t uid, const char *logname, char *buf, u_int bufsize);
 
-#ifdef LOGIN_NEEDS_UTMPX
-void
-record_utmp_only(pid_t pid, const char *ttyname, const char *user,
-		const char *host, struct sockaddr *addr);
-#endif
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/usr/src/cmd/ssh/include/sys-tree.h b/usr/src/cmd/ssh/include/sys-tree.h
index 93d55e4a2c..fbd31a8f7c 100644
--- a/usr/src/cmd/ssh/include/sys-tree.h
+++ b/usr/src/cmd/ssh/include/sys-tree.h
@@ -27,8 +27,6 @@
 #ifndef	_SYS_TREE_H
 #define	_SYS_TREE_H
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -384,8 +382,7 @@ struct type *name##_RB_REMOVE(struct name *, struct type *);		\
 struct type *name##_RB_INSERT(struct name *, struct type *);		\
 struct type *name##_RB_FIND(struct name *, struct type *);		\
 struct type *name##_RB_NEXT(struct name *, struct type *);		\
-struct type *name##_RB_MINMAX(struct name *, int);			\
-									\
+struct type *name##_RB_MINMAX(struct name *, int);
 
 /* Main rb operation.
  * Moves node close to the key of elm to top
diff --git a/usr/src/cmd/ssh/include/tildexpand.h b/usr/src/cmd/ssh/include/tildexpand.h
index c81ceb9c7b..22e95b7779 100644
--- a/usr/src/cmd/ssh/include/tildexpand.h
+++ b/usr/src/cmd/ssh/include/tildexpand.h
@@ -1,15 +1,3 @@
-/*	$OpenBSD: tildexpand.h,v 1.4 2001/06/26 17:27:25 markus Exp $	*/
-
-#ifndef	_TILDEXPAND_H
-#define	_TILDEXPAND_H
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -22,6 +10,15 @@ extern "C" {
  * called by a name other than "ssh" or "Secure Shell".
  */
 
+/*	$OpenBSD: tildexpand.h,v 1.4 2001/06/26 17:27:25 markus Exp $	*/
+
+#ifndef	_TILDEXPAND_H
+#define	_TILDEXPAND_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 char	*tilde_expand_filename(const char *, uid_t);
 
 #ifdef __cplusplus
diff --git a/usr/src/cmd/ssh/libopenbsd-compat/common/getopt.c b/usr/src/cmd/ssh/libopenbsd-compat/common/getopt.c
index 2b32420cd8..f69487950f 100644
--- a/usr/src/cmd/ssh/libopenbsd-compat/common/getopt.c
+++ b/usr/src/cmd/ssh/libopenbsd-compat/common/getopt.c
@@ -89,16 +89,16 @@ BSDgetopt(nargc, nargv, ostr)
 		if (!*place)
 			++BSDoptind;
 		if (BSDopterr && *ostr != ':')
-			(void)fprintf(stderr,
-			    "%s: illegal option -- %c\n", __progname, BSDoptopt);
+			(void) fprintf(stderr,
+			    gettext("%s: illegal option -- %c\n"), __progname,
+			    BSDoptopt);
 		return (BADCH);
 	}
 	if (*++oli != ':') {			/* don't need argument */
 		BSDoptarg = NULL;
 		if (!*place)
 			++BSDoptind;
-	}
-	else {					/* need an argument */
+	} else {				/* need an argument */
 		if (*place)			/* no white space */
 			BSDoptarg = place;
 		else if (nargc <= ++BSDoptind) {	/* no arg */
@@ -106,13 +106,14 @@ BSDgetopt(nargc, nargv, ostr)
 			if (*ostr == ':')
 				return (BADARG);
 			if (BSDopterr)
-				(void)fprintf(stderr,
+				(void) fprintf(stderr,
 				    "%s: option requires an argument -- %c\n",
 				    __progname, BSDoptopt);
 			return (BADCH);
-		}
-	 	else				/* white space */
+		/* white space */
+		} else
 			BSDoptarg = nargv[BSDoptind];
+
 		place = EMSG;
 		++BSDoptind;
 	}
@@ -120,5 +121,3 @@ BSDgetopt(nargc, nargv, ostr)
 }
 
 #endif /* !defined(HAVE_GETOPT) || !defined(HAVE_OPTRESET) */
-
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
diff --git a/usr/src/cmd/ssh/libssh/common/authfd.c b/usr/src/cmd/ssh/libssh/common/authfd.c
index 5c5e911f06..43fbfbeb3c 100644
--- a/usr/src/cmd/ssh/libssh/common/authfd.c
+++ b/usr/src/cmd/ssh/libssh/common/authfd.c
@@ -99,7 +99,7 @@ ssh_get_authentication_socket(void)
 		return -1;
 
 	/* close on exec */
-	if (fcntl(sock, F_SETFD, 1) == -1) {
+	if (fcntl(sock, F_SETFD, FD_CLOEXEC) == -1) {
 		close(sock);
 		return -1;
 	}
diff --git a/usr/src/cmd/ssh/libssh/common/g11n.c b/usr/src/cmd/ssh/libssh/common/g11n.c
index ac35a1c8c5..558b410c96 100644
--- a/usr/src/cmd/ssh/libssh/common/g11n.c
+++ b/usr/src/cmd/ssh/libssh/common/g11n.c
@@ -576,6 +576,9 @@ g11n_langtag_set_locale_set_intersect(char *langtag_set, char **locale_set)
 	char *s;
 	uint_t do_append, n_langtags, n_locales, n_results, max_results;
 
+	if (locale_set == NULL)
+		return (NULL);
+
 	/* count lang tags and locales */
 	for (n_locales = 0, p = locale_set; p && *p; p++)
 		n_locales++;
@@ -668,7 +671,7 @@ g11n_srvr_locale_negotiate(char *clnt_langtags, char **srvr_locales)
 	xfree_split_list(results);
 
 err:
-	if (locales != srvr_locales)
+	if (locales != NULL && locales != srvr_locales)
 		g11n_freelist(locales);
 	return (result);
 }
diff --git a/usr/src/cmd/ssh/libssh/common/readconf.c b/usr/src/cmd/ssh/libssh/common/readconf.c
index fe0b7a3ee8..c289e14d6b 100644
--- a/usr/src/cmd/ssh/libssh/common/readconf.c
+++ b/usr/src/cmd/ssh/libssh/common/readconf.c
@@ -11,7 +11,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -1210,14 +1210,13 @@ parse_forward(int long_form, Forward *fwd, const char *fwdspec)
 		break;
 	}
 
-	xfree(p);
-
 	if (fwd->listen_port == 0 || (fwd->connect_port == 0 && i > 2))
 		goto fail_free;
 
+	xfree(p);
 	return (i);
 
- fail_free:
+fail_free:
 	if (p != NULL)
 		xfree(p);
 	if (fwd->connect_host != NULL)
diff --git a/usr/src/cmd/ssh/libssh/common/ssh-gss.c b/usr/src/cmd/ssh/libssh/common/ssh-gss.c
index 4de5abb1da..37aeb04873 100644
--- a/usr/src/cmd/ssh/libssh/common/ssh-gss.c
+++ b/usr/src/cmd/ssh/libssh/common/ssh-gss.c
@@ -21,7 +21,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -741,7 +741,7 @@ ssh_gssapi_import_name(Gssctxt *ctx, const char *server_host)
 	    SSH_GSS_HOSTBASED_SERVICE, server_host);
 
 	debug3("%s: snprintf() returned %d, expected %d", __func__, ret,
-	    name_buf.length + 1);
+	    name_buf.length);
 
 	ctx->major = gss_import_name(&ctx->minor, &name_buf,
 	    GSS_C_NT_HOSTBASED_SERVICE, &ctx->desired_name);
diff --git a/usr/src/cmd/ssh/libssh/common/tildexpand.c b/usr/src/cmd/ssh/libssh/common/tildexpand.c
index 6d3850a9ea..5fcd07ebe6 100644
--- a/usr/src/cmd/ssh/libssh/common/tildexpand.c
+++ b/usr/src/cmd/ssh/libssh/common/tildexpand.c
@@ -9,11 +9,15 @@
  * incompatible with the protocol description in the RFC file, it must be
  * called by a name other than "ssh" or "Secure Shell".
  */
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
 
 #include "includes.h"
 RCSID("$OpenBSD: tildexpand.c,v 1.13 2002/06/23 03:25:50 deraadt Exp $");
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
+#include <libgen.h>
 
 #include "xmalloc.h"
 #include "log.h"
@@ -27,15 +31,16 @@ char *
 tilde_expand_filename(const char *filename, uid_t my_uid)
 {
 	const char *cp;
-	u_int userlen;
+	uint_t userlen;
 	char *expanded;
 	struct passwd *pw;
+	char *pw_dir;
 	char user[100];
 	int len;
 
 	/* Return immediately if no tilde. */
 	if (filename[0] != '~')
-		return xstrdup(filename);
+		return (xstrdup(filename));
 
 	/* Skip the tilde. */
 	filename++;
@@ -46,30 +51,45 @@ tilde_expand_filename(const char *filename, uid_t my_uid)
 		userlen = cp - filename;	/* Something after username. */
 	else
 		userlen = strlen(filename);	/* Nothing after username. */
+
+	/* This is the ~/xyz case with no ~username specification. */
 	if (userlen == 0)
-		pw = getpwuid(my_uid);		/* Own home directory. */
+		pw = getpwuid(my_uid);
 	else {
 		/* Tilde refers to someone elses home directory. */
-		if (userlen > sizeof(user) - 1)
+		if (userlen > sizeof (user) - 1)
 			fatal("User name after tilde too long.");
 		memcpy(user, filename, userlen);
 		user[userlen] = 0;
 		pw = getpwnam(user);
 	}
-	if (!pw)
-		fatal("Unknown user %100s.", user);
+
+	/* Use the HOME variable now. */
+	if (pw == NULL) {
+		debug("User account's password entry not found, trying to use "
+		    "the HOME variable.");
+		if ((pw_dir = getenv("HOME")) == NULL) {
+			fatal("User account's password entry not found and "
+			    "the HOME variable not set.");
+		}
+	} else {
+		pw_dir = pw->pw_dir;
+	}
 
 	/* If referring to someones home directory, return it now. */
-	if (!cp) {
+	if (cp == NULL) {
 		/* Only home directory specified */
-		return xstrdup(pw->pw_dir);
+		return (xstrdup(pw_dir));
 	}
+
 	/* Build a path combining the specified directory and path. */
-	len = strlen(pw->pw_dir) + strlen(cp + 1) + 2;
+	len = strlen(pw_dir) + strlen(cp + 1) + 2;
 	if (len > MAXPATHLEN)
-		fatal("Home directory too long (%d > %d", len-1, MAXPATHLEN-1);
+		fatal("Home directory too long (%d > %d)", len - 1,
+		    MAXPATHLEN - 1);
+
 	expanded = xmalloc(len);
-	snprintf(expanded, len, "%s%s%s", pw->pw_dir,
-	    strcmp(pw->pw_dir, "/") ? "/" : "", cp + 1);
-	return expanded;
+	snprintf(expanded, len, "%s%s%s", pw_dir,
+	    strcmp(pw_dir, "/") ? "/" : "", cp + 1);
+	return (expanded);
 }
diff --git a/usr/src/cmd/ssh/ssh/clientloop.c b/usr/src/cmd/ssh/ssh/clientloop.c
index e23f081e6a..bd94ebaa26 100644
--- a/usr/src/cmd/ssh/ssh/clientloop.c
+++ b/usr/src/cmd/ssh/ssh/clientloop.c
@@ -857,7 +857,7 @@ process_escapes(Buffer *bin, Buffer *bout, Buffer *berr, char *buf, int len)
 "%c?\n\
 Supported escape sequences:\n\
 %c.  - terminate connection\n\
-%cB  - send break\n\
+%cB  - send break (SSH protocol 2 only)\n\
 %cC  - open a command line\n\
 %cR  - Request rekey (SSH protocol 2 only)\n\
 %c^Z - suspend ssh\n\
diff --git a/usr/src/cmd/ssh/ssh/ssh.c b/usr/src/cmd/ssh/ssh/ssh.c
index f951618428..d122875470 100644
--- a/usr/src/cmd/ssh/ssh/ssh.c
+++ b/usr/src/cmd/ssh/ssh/ssh.c
@@ -39,7 +39,7 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -223,7 +223,7 @@ int
 main(int ac, char **av)
 {
 	int i, opt, exit_status;
-	char *p, *cp, buf[256];
+	char *p, *cp, buf[256], *pw_name, *pw_dir;
 	struct stat st;
 	struct passwd *pw;
 	int dummy;
@@ -262,14 +262,37 @@ main(int ac, char **av)
 			fatal("setrlimit failed: %.100s", strerror(errno));
 	}
 #endif
-	/* Get user data. */
+	/*
+	 * Get user data. It may happen that NIS or LDAP connection breaks down
+	 * during the user's session. We should try to do our best and use the
+	 * HOME and LOGNAME variables. Remember that the SSH client might be the
+	 * only tool available to fix the problem with the naming services.
+	 */
 	pw = getpwuid(original_real_uid);
-	if (!pw) {
-		log("You don't exist, go away!");
-		exit(1);
+	if (pw == NULL) {
+		if ((pw_dir = getenv("HOME")) == NULL) {
+			log("User account's password entry not found and HOME "
+			    "not set. Set it manually and try again. "
+			    "Exiting.");
+			exit(1);
+		}
+		log("User account's password entry not found, using "
+		    "the HOME variable.");
+
+		if ((pw_name = getenv("LOGNAME")) == NULL) {
+			log("Need a local user name but LOGNAME is not set. "
+			   "Set it manually and try again. Exiting.");
+			exit(1);
+		}
+		log("Local user name '%s' set from the LOGNAME variable.",
+		    pw_name);
+
+		pw_dir = xstrdup(pw_dir);
+		pw_name = xstrdup(pw_name);
+	} else {
+		pw_name = xstrdup(pw->pw_name);
+		pw_dir = xstrdup(pw->pw_dir);
 	}
-	/* Take a copy of the returned structure. */
-	pw = pwcopy(pw);
 
 	/*
 	 * Set our umask to something reasonable, as some files are created
@@ -585,7 +608,7 @@ again:
 			fatal("Can't open user config file %.100s: "
 			    "%.100s", config, strerror(errno));
 	} else  {
-		snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
+		snprintf(buf, sizeof buf, "%.100s/%.100s", pw_dir,
 		    _PATH_SSH_USER_CONFFILE);
 		(void)read_config_file(buf, host, &options);
 
@@ -604,7 +627,7 @@ again:
 	seed_rng();
 
 	if (options.user == NULL)
-		options.user = xstrdup(pw->pw_name);
+		options.user = xstrdup(pw_name);
 
 	if (options.hostname != NULL)
 		host = options.hostname;
@@ -699,7 +722,9 @@ again:
 	 * Now that we are back to our own permissions, create ~/.ssh
 	 * directory if it doesn\'t already exist.
 	 */
-	snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
+	snprintf(buf, sizeof buf, "%.100s%s%.100s", pw_dir,
+	    strcmp(pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
+	xfree(pw_dir);
 	if (stat(buf, &st) < 0)
 		if (mkdir(buf, 0700) < 0)
 			error("Could not create directory '%.200s'.", buf);
@@ -721,7 +746,8 @@ again:
 	signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
 
 	/* Log into the remote system.  This never returns if the login fails. */
-	ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, pw);
+	ssh_login(&sensitive_data, host, (struct sockaddr *)&hostaddr, pw_name);
+	xfree(pw_name);
 
 	/* We no longer need the private host keys.  Clear them now. */
 	if (sensitive_data.nkeys != 0) {
diff --git a/usr/src/cmd/ssh/ssh/sshconnect.c b/usr/src/cmd/ssh/ssh/sshconnect.c
index 98d6831c5b..f7931d6257 100644
--- a/usr/src/cmd/ssh/ssh/sshconnect.c
+++ b/usr/src/cmd/ssh/ssh/sshconnect.c
@@ -12,7 +12,7 @@
  * called by a name other than "ssh" or "Secure Shell".
  */
 /*
- * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -315,7 +315,7 @@ timeout_connect(int sockfd, const struct sockaddr *serv_addr,
  */
 int
 ssh_connect(const char *host, struct sockaddr_storage * hostaddr,
-    u_short port, int family, int connection_attempts,
+    ushort_t port, int family, int connection_attempts,
     int needpriv, const char *proxy_command)
 {
 	int gaierr;
@@ -966,12 +966,12 @@ accept_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
  */
 void
 ssh_login(Sensitive *sensitive, const char *orighost,
-    struct sockaddr *hostaddr, struct passwd *pw)
+    struct sockaddr *hostaddr, char *pw_name)
 {
 	char *host, *cp;
 	char *server_user, *local_user;
 
-	local_user = xstrdup(pw->pw_name);
+	local_user = xstrdup(pw_name);
 	server_user = options.user ? options.user : local_user;
 
 	/* Convert the user-supplied hostname into all lowercase. */
@@ -1009,6 +1009,9 @@ ssh_login(Sensitive *sensitive, const char *orighost,
 		ssh_kex(host, hostaddr);
 		ssh_userauth1(local_user, server_user, host, sensitive);
 	}
+
+	xfree(host);
+	xfree(local_user);
 }
 
 void
diff --git a/usr/src/cmd/ssh/ssh/sshconnect1.c b/usr/src/cmd/ssh/ssh/sshconnect1.c
index bd3b24e39d..19cdd84cb6 100644
--- a/usr/src/cmd/ssh/ssh/sshconnect1.c
+++ b/usr/src/cmd/ssh/ssh/sshconnect1.c
@@ -1,8 +1,4 @@
 /*
- * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-/*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -15,12 +11,14 @@
  * incompatible with the protocol description in the RFC file, it must be
  * called by a name other than "ssh" or "Secure Shell".
  */
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
 
 #include "includes.h"
 RCSID("$OpenBSD: sshconnect1.c,v 1.52 2002/08/08 13:50:23 aaron Exp $");
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include <openssl/bn.h>
 #include <openssl/md5.h>
 
@@ -1275,7 +1273,7 @@ ssh_userauth1(const char *local_user, const char *server_user, char *host,
 			goto success;
 	}
 	/* All authentication methods have failed.  Exit with an error message. */
-	fatal("Permission denied.");
+	fatal("Permission denied (all authentication methods have failed).");
 	/* NOTREACHED */
 
  success:
diff --git a/usr/src/cmd/ssh/ssh/sshconnect2.c b/usr/src/cmd/ssh/ssh/sshconnect2.c
index 77d1bbd690..e485355b6a 100644
--- a/usr/src/cmd/ssh/ssh/sshconnect2.c
+++ b/usr/src/cmd/ssh/ssh/sshconnect2.c
@@ -1625,7 +1625,6 @@ static char *preferred = NULL;
 static Authmethod *
 authmethod_get(char *authlist)
 {
-
 	char *name = NULL;
 	u_int next;
 
@@ -1657,8 +1656,10 @@ authmethod_get(char *authlist)
 		    authmethod_is_enabled(current)) {
 			debug3("authmethod_is_enabled %s", name);
 			debug("Next authentication method: %s", name);
+			xfree(name);
 			return current;
 		}
+		xfree(name);
 	}
 }
 
diff --git a/usr/src/cmd/ssh/sshd/auth-passwd.c b/usr/src/cmd/ssh/sshd/auth-passwd.c
index af4635bef8..815231d4d4 100644
--- a/usr/src/cmd/ssh/sshd/auth-passwd.c
+++ b/usr/src/cmd/ssh/sshd/auth-passwd.c
@@ -38,8 +38,6 @@
 #include "includes.h"
 RCSID("$OpenBSD: auth-passwd.c,v 1.27 2002/05/24 16:45:16 stevesk Exp $");
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include "packet.h"
 #include "log.h"
 #include "servconf.h"
@@ -57,11 +55,6 @@ RCSID("$OpenBSD: auth-passwd.c,v 1.27 2002/05/24 16:45:16 stevesk Exp $");
 #  include <hpsecurity.h>
 #  include <prot.h>
 # endif
-# ifdef HAVE_SECUREWARE
-#  include <sys/security.h>
-#  include <sys/audit.h>
-#  include <prot.h>
-# endif /* HAVE_SECUREWARE */
 # if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
 #  include <shadow.h>
 # endif
@@ -107,9 +100,6 @@ auth_password(Authctxt *authctxt, const char *password)
 	char *encrypted_password;
 	char *pw_password;
 	char *salt;
-#if defined(__hpux) || defined(HAVE_SECUREWARE)
-	struct pr_passwd *spw;
-#endif /* __hpux || HAVE_SECUREWARE */
 #if defined(HAVE_SHADOW_H) && !defined(DISABLE_SHADOW)
 	struct spwd *spw;
 #endif
@@ -192,16 +182,6 @@ auth_password(Authctxt *authctxt, const char *password)
 		pw_password = spw->pwa_passwd;
 #endif /* defined(HAVE_GETPWANAM) && !defined(DISABLE_SHADOW) */
 
-#ifdef HAVE_SECUREWARE
-	if ((spw = getprpwnam(pw->pw_name)) != NULL)
-		pw_password = spw->ufld.fd_encrypt;
-#endif /* HAVE_SECUREWARE */
-
-#if defined(__hpux) && !defined(HAVE_SECUREWARE)
-	if (iscomsec() && (spw = getprpwnam(pw->pw_name)) != NULL)
-		pw_password = spw->ufld.fd_encrypt;
-#endif /* defined(__hpux) && !defined(HAVE_SECUREWARE) */
-
 	/* Check for users with no password. */
 	if ((password[0] == '\0') && (pw_password[0] == '\0'))
 		return 1;
@@ -217,18 +197,7 @@ auth_password(Authctxt *authctxt, const char *password)
 	else
 		encrypted_password = crypt(password, salt);
 #else /* HAVE_MD5_PASSWORDS */
-# if defined(__hpux) && !defined(HAVE_SECUREWARE)
-	if (iscomsec())
-		encrypted_password = bigcrypt(password, salt);
-	else
-		encrypted_password = crypt(password, salt);
-# else
-#  ifdef HAVE_SECUREWARE
-	encrypted_password = bigcrypt(password, salt);
-#  else
 	encrypted_password = crypt(password, salt);
-#  endif /* HAVE_SECUREWARE */
-# endif /* __hpux && !defined(HAVE_SECUREWARE) */
 #endif /* HAVE_MD5_PASSWORDS */
 
 	/* Authentication is accepted if the encrypted passwords are identical. */
diff --git a/usr/src/cmd/ssh/sshd/loginrec.c b/usr/src/cmd/ssh/sshd/loginrec.c
index 66adaa3d65..33998b02b9 100644
--- a/usr/src/cmd/ssh/sshd/loginrec.c
+++ b/usr/src/cmd/ssh/sshd/loginrec.c
@@ -1,8 +1,4 @@
 /*
- * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
- * Use is subject to license terms.
- */
-/*
  * Copyright (c) 2000 Andre Lucas.  All rights reserved.
  * Portions copyright (c) 1998 Todd C. Miller
  * Portions copyright (c) 1996 Jason Downs
@@ -33,6 +29,10 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Use is subject to license terms.
+ */
 
 /**
  ** loginrec.c:  platform-independent login recording and lastlog retrieval
@@ -169,8 +169,6 @@
 
 RCSID("$Id: loginrec.c,v 1.44 2002/09/26 00:38:49 tim Exp $");
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #ifdef HAVE_UTIL_H
 #  include <util.h>
 #endif
@@ -459,28 +457,6 @@ login_write (struct logininfo *li)
 	return 0;
 }
 
-#ifdef LOGIN_NEEDS_UTMPX
-int
-login_utmp_only(struct logininfo *li)
-{
-	li->type = LTYPE_LOGIN; 
-	login_set_current_time(li);
-# ifdef USE_UTMP
-	utmp_write_entry(li);
-# endif
-# ifdef USE_WTMP
-	wtmp_write_entry(li);
-# endif
-# ifdef USE_UTMPX
-	(void) utmpx_write_entry(li);
-# endif
-# ifdef USE_WTMPX
-	(void) wtmpx_write_entry(li);
-# endif
-	return 0;
-}
-#endif
-
 /**
  ** getlast_entry: Call low-level functions to retrieve the last login
  **                time.
diff --git a/usr/src/cmd/ssh/sshd/servconf.c b/usr/src/cmd/ssh/sshd/servconf.c
index 51e0b9bbe7..6d91626b13 100644
--- a/usr/src/cmd/ssh/sshd/servconf.c
+++ b/usr/src/cmd/ssh/sshd/servconf.c
@@ -119,7 +119,6 @@ initialize_server_options(ServerOptions *options)
 	options->challenge_response_authentication = -1;
 	options->permit_empty_passwd = -1;
 	options->permit_user_env = -1;
-	options->use_login = -1;
 	options->compression = -1;
 	options->allow_tcp_forwarding = -1;
 	options->num_allow_users = 0;
@@ -336,8 +335,6 @@ fill_default_server_options(ServerOptions *options)
 		options->permit_empty_passwd = 0;
 	if (options->permit_user_env == -1)
 		options->permit_user_env = 0;
-	if (options->use_login == -1)
-		options->use_login = 0;
 	if (options->compression == -1)
 		options->compression = 1;
 	if (options->allow_tcp_forwarding == -1)
@@ -876,8 +873,11 @@ parse_flag:
 		goto parse_flag;
 
 	case sUseLogin:
-		intptr = &options->use_login;
-		goto parse_flag;
+		log("%s line %d: ignoring UseLogin option value."
+		    " This option is always off.", filename, linenum);
+		while (arg)
+			arg = strdelim(&cp);
+		break;
 
 	case sCompression:
 		intptr = &options->compression;
@@ -930,7 +930,7 @@ parse_flag:
 		log("%s line %d: ignoring UsePrivilegeSeparation option value."
 		    " This option is always on.", filename, linenum);
 		while (arg)
-		    arg = strdelim(&cp);
+			arg = strdelim(&cp);
 		break;
 
 	case sAllowUsers:
diff --git a/usr/src/cmd/ssh/sshd/serverloop.c b/usr/src/cmd/ssh/sshd/serverloop.c
index c568b3c19c..4cbb76d875 100644
--- a/usr/src/cmd/ssh/sshd/serverloop.c
+++ b/usr/src/cmd/ssh/sshd/serverloop.c
@@ -111,8 +111,8 @@ notify_setup(void)
 {
 	if (pipe(notify_pipe) < 0) {
 		error("pipe(notify_pipe) failed %s", strerror(errno));
-	} else if ((fcntl(notify_pipe[0], F_SETFD, 1) == -1) ||
-	    (fcntl(notify_pipe[1], F_SETFD, 1) == -1)) {
+	} else if ((fcntl(notify_pipe[0], F_SETFD, FD_CLOEXEC) == -1) ||
+	    (fcntl(notify_pipe[1], F_SETFD, FD_CLOEXEC) == -1)) {
 		error("fcntl(notify_pipe, F_SETFD) failed %s", strerror(errno));
 		(void) close(notify_pipe[0]);
 		(void) close(notify_pipe[1]);
diff --git a/usr/src/cmd/ssh/sshd/session.c b/usr/src/cmd/ssh/sshd/session.c
index 529b286597..de5b903eea 100644
--- a/usr/src/cmd/ssh/sshd/session.c
+++ b/usr/src/cmd/ssh/sshd/session.c
@@ -105,9 +105,6 @@ void	do_exec_pty(Session *, const char *);
 void	do_exec_no_pty(Session *, const char *);
 void	do_exec(Session *, const char *);
 void	do_login(Session *, const char *);
-#ifdef LOGIN_NEEDS_UTMPX
-static void	do_pre_login(Session *s);
-#endif
 void	do_child(Session *, const char *);
 void	do_motd(void);
 int	check_quietlogin(Session *, const char *);
@@ -656,22 +653,10 @@ do_exec_pty(Session *s, const char *command)
 		close(ttyfd);
 
 		/* record login, etc. similar to login(1) */
-#if !defined(HAVE_OSF_SIA)
-		if (!(options.use_login && command == NULL)) {
-#ifdef _UNICOS
-			cray_init_job(s->pw); /* set up cray jid and tmpdir */
-#endif /* _UNICOS */
-			do_login(s, command);
-		}
-# ifdef LOGIN_NEEDS_UTMPX
-		else
-			do_pre_login(s);
-# endif
-#endif /* !HAVE_OSF_SIA */
+		do_login(s, command);
 
 		/*
-		 * do_pre_login() will have completed the record_login(), so
-		 * close the pipe to the parent so it can re-enter its event
+		 * Close the pipe to the parent so it can re-enter its event
 		 * loop and service the ptm; if enough debug messages get
 		 * written to the pty before this happens there will be a
 		 * deadlock.
@@ -728,34 +713,6 @@ do_exec_pty(Session *s, const char *command)
 	}
 }
 
-#ifdef LOGIN_NEEDS_UTMPX
-static void
-do_pre_login(Session *s)
-{
-	socklen_t fromlen;
-	struct sockaddr_storage from;
-	pid_t pid = getpid();
-
-	/*
-	 * Get IP address of client. If the connection is not a socket, let
-	 * the address be 0.0.0.0.
-	 */
-	memset(&from, 0, sizeof(from));
-	fromlen = sizeof(from);
-	if (packet_connection_is_on_socket()) {
-		if (getpeername(packet_get_connection_in(),
-		    (struct sockaddr *) & from, &fromlen) < 0) {
-			debug("getpeername: %.100s", strerror(errno));
-			fatal_cleanup();
-		}
-	}
-
-	record_utmp_only(pid, s->tty, s->pw->pw_name,
-	    get_remote_name_or_ip(utmp_len, options.verify_reverse_mapping),
-	    (struct sockaddr *)&from);
-}
-#endif
-
 /*
  * This is called to fork and execute a command.  If another command is
  * to be forced, execute that instead.
@@ -1068,47 +1025,45 @@ do_setup_env(Session *s, const char *shell)
 	ssh_gssapi_do_child(xxx_gssctxt, &env,&envsize);
 #endif
 
-	if (!options.use_login) {
-		/* Set basic environment. */
-		child_set_env(&env, &envsize, "USER", pw->pw_name);
-		child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
-		child_set_env(&env, &envsize, "HOME", pw->pw_dir);
+	/* Set basic environment. */
+	child_set_env(&env, &envsize, "USER", pw->pw_name);
+	child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
+	child_set_env(&env, &envsize, "HOME", pw->pw_dir);
 #ifdef HAVE_LOGIN_CAP
-		if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
-			child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
-		else
-			child_set_env(&env, &envsize, "PATH", getenv("PATH"));
+	if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH) < 0)
+		child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
+	else
+		child_set_env(&env, &envsize, "PATH", getenv("PATH"));
 #else /* HAVE_LOGIN_CAP */
 # ifndef HAVE_CYGWIN
-		/*
-		 * There's no standard path on Windows. The path contains
-		 * important components pointing to the system directories,
-		 * needed for loading shared libraries. So the path better
-		 * remains intact here.
-		 */
+	/*
+	 * There's no standard path on Windows. The path contains
+	 * important components pointing to the system directories,
+	 * needed for loading shared libraries. So the path better
+	 * remains intact here.
+	 */
 #  ifdef SUPERUSER_PATH
-		child_set_env(&env, &envsize, "PATH", 
-		    s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);
+	child_set_env(&env, &envsize, "PATH", 
+	    s->pw->pw_uid == 0 ? SUPERUSER_PATH : _PATH_STDPATH);
 #  else 
-		child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
+	child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
 #  endif /* SUPERUSER_PATH */
 # endif /* HAVE_CYGWIN */
 #endif /* HAVE_LOGIN_CAP */
 
-		pm_len = strlen(path_maildir);
-		if (path_maildir[pm_len - 1] == '/' && pm_len > 1)
-			path_maildir[pm_len - 1] = NULL;
-		snprintf(buf, sizeof buf, "%.200s/%.50s",
-			 path_maildir, pw->pw_name);
-		child_set_env(&env, &envsize, "MAIL", buf);
+	pm_len = strlen(path_maildir);
+	if (path_maildir[pm_len - 1] == '/' && pm_len > 1)
+		path_maildir[pm_len - 1] = NULL;
+	snprintf(buf, sizeof buf, "%.200s/%.50s",
+		 path_maildir, pw->pw_name);
+	child_set_env(&env, &envsize, "MAIL", buf);
 
-		/* Normal systems set SHELL by default. */
-		child_set_env(&env, &envsize, "SHELL", shell);
+	/* Normal systems set SHELL by default. */
+	child_set_env(&env, &envsize, "SHELL", shell);
 
 #ifdef HAVE_DEFOPEN
-		deflt_do_setup_env(s, shell, &env, &envsize);
+	deflt_do_setup_env(s, shell, &env, &envsize);
 #endif /* HAVE_DEFOPEN */
-	}
 
 #define PASS_ENV(x) \
 	if (getenv(x)) \
@@ -1135,21 +1090,19 @@ do_setup_env(Session *s, const char *shell)
 		copy_environment(s->env, &env, &envsize);
 
 	/* Set custom environment options from RSA authentication. */
-	if (!options.use_login) {
-		while (custom_environment) {
-			struct envstring *ce = custom_environment;
-			char *str = ce->s;
-
-			for (i = 0; str[i] != '=' && str[i]; i++)
-				;
-			if (str[i] == '=') {
-				str[i] = 0;
-				child_set_env(&env, &envsize, str, str + i + 1);
-			}
-			custom_environment = ce->next;
-			xfree(ce->s);
-			xfree(ce);
+	while (custom_environment) {
+		struct envstring *ce = custom_environment;
+		char *str = ce->s;
+
+		for (i = 0; str[i] != '=' && str[i]; i++)
+			;
+		if (str[i] == '=') {
+			str[i] = 0;
+			child_set_env(&env, &envsize, str, str + i + 1);
 		}
+		custom_environment = ce->next;
+		xfree(ce->s);
+		xfree(ce);
 	}
 
 	/* SSH_CLIENT deprecated */
@@ -1217,7 +1170,7 @@ do_setup_env(Session *s, const char *shell)
 		    auth_sock_name);
 
 	/* read $HOME/.ssh/environment. */
-	if (options.permit_user_env && !options.use_login) {
+	if (options.permit_user_env) {
 		snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
 		    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
 		read_environment_file(&env, &envsize, buf);
@@ -1427,28 +1380,14 @@ do_child(Session *s, const char *command)
 	extern char **environ;
 	char **env;
 	char *argv[ARGV_MAX];
-	const char *shell, *shell0, *hostname = NULL;
+	const char *shell, *shell0;
 	struct passwd *pw = s->pw;
 
 	/* remove hostkey from the child's memory */
 	destroy_sensitive_data();
 
-	/* login(1) is only called if we execute the login shell */
-	if (options.use_login && command != NULL)
-		options.use_login = 0;
-
-#ifdef _UNICOS
-	cray_setup(pw->pw_uid, pw->pw_name, command);
-#endif /* _UNICOS */
-
-	/*
-	 * Login(1) does this as well, and it needs uid 0 for the "-h"
-	 * switch, so we let login(1) to this for us.
-	 */
-	if (!options.use_login) {
-		do_nologin(pw);
-		chroot_if_needed(pw);
-	}
+	do_nologin(pw);
+	chroot_if_needed(pw);
 
 	/*
 	 * Get the shell from the password data.  An empty shell field is
@@ -1461,10 +1400,6 @@ do_child(Session *s, const char *command)
 
 	env = do_setup_env(s, shell);
 
-	/* we have to stash the hostname before we close our socket. */
-	if (options.use_login)
-		hostname = get_remote_name_or_ip(utmp_len,
-		    options.verify_reverse_mapping);
 	/*
 	 * Close the connection descriptors; note that this is the child, and
 	 * the server will still have the socket open, and it is important
@@ -1533,8 +1468,7 @@ do_child(Session *s, const char *command)
 			    strerror(errno));
 	}
 
-	if (!options.use_login)
-		do_rc_files(s, shell);
+	do_rc_files(s, shell);
 
 	/* restore SIGPIPE for child */
 	signal(SIGPIPE,  SIG_DFL);
@@ -1562,11 +1496,6 @@ do_child(Session *s, const char *command)
 		exit(sftp_server_main(i, argv, s->pw));
 	}
 
-	if (options.use_login) {
-		launch_login(pw, hostname);
-		/* NEVERREACHED */
-	}
-
 	/* Get the last component of the shell name. */
 	if ((shell0 = strrchr(shell, '/')) != NULL)
 		shell0++;
@@ -2222,7 +2151,7 @@ session_pty_cleanup2(void *session)
 
 	/* Record that the user has logged out. */
 	if (s->pid != 0) {
-		debug3("Recording SSHv2 channel login in utmpx/wtmpx");
+		debug3("Recording SSHv2 channel logout in utmpx/wtmpx");
 #ifdef ALTPRIVSEP
 		altprivsep_record_logout(s->pid);
 #endif /* ALTPRIVSEP */
@@ -2490,11 +2419,6 @@ session_setup_x11fwd(Session *s)
 		packet_send_debug("No xauth program; cannot forward with spoofing.");
 		return 0;
 	}
-	if (options.use_login) {
-		packet_send_debug("X11 forwarding disabled; "
-		    "not compatible with UseLogin=yes.");
-		return 0;
-	}
 	if (s->display != NULL) {
 		debug("X11 display already set.");
 		return 0;
diff --git a/usr/src/cmd/ssh/sshd/sshd.c b/usr/src/cmd/ssh/sshd/sshd.c
index d3b1f0c940..6172234454 100644
--- a/usr/src/cmd/ssh/sshd/sshd.c
+++ b/usr/src/cmd/ssh/sshd/sshd.c
@@ -53,10 +53,6 @@ RCSID("$OpenBSD: sshd.c,v 1.260 2002/09/27 10:42:09 mickey Exp $");
 #include <openssl/md5.h>
 
 #include <openssl/rand.h>
-#ifdef HAVE_SECUREWARE
-#include <sys/security.h>
-#include <prot.h>
-#endif
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -847,10 +843,6 @@ main(int ac, char **av)
 
 	(void) g11n_setlocale(LC_ALL, "");
 
-#ifdef HAVE_SECUREWARE
-	(void)set_auth_parameters(ac, av);
-#endif
-
 	init_rng();
 
 	/* Save argv. */
@@ -1951,7 +1943,7 @@ prepare_for_ssh2_kex(void)
 	if (locales != NULL)
 		g11n_freelist(locales);
 
-	if ((myproposal[PROPOSAL_LANG_STOC] != NULL) || 
+	if ((myproposal[PROPOSAL_LANG_STOC] != NULL) &&
 	    (strcmp(myproposal[PROPOSAL_LANG_STOC], "")) != 0)
 		myproposal[PROPOSAL_LANG_CTOS] =
 			xstrdup(myproposal[PROPOSAL_LANG_STOC]);
@@ -1963,9 +1955,16 @@ prepare_for_ssh2_kex(void)
 
 	kex = kex_setup(NULL, myproposal, kex_hook);
 
-	if (myproposal[PROPOSAL_LANG_STOC] != NULL)
+	/*
+	 * Note that the my_srv_proposal variable (ie., myproposal) is staticly
+	 * initialized with "" for the language fields; we must not xfree such
+	 * strings.
+	 */
+	if (myproposal[PROPOSAL_LANG_STOC] != NULL &&
+	    strcmp(myproposal[PROPOSAL_LANG_STOC], "") != 0)
 		xfree(myproposal[PROPOSAL_LANG_STOC]);
-	if (myproposal[PROPOSAL_LANG_CTOS] != NULL)
+	if (myproposal[PROPOSAL_LANG_CTOS] != NULL &&
+	    strcmp(myproposal[PROPOSAL_LANG_STOC], "") != 0)
 		xfree(myproposal[PROPOSAL_LANG_CTOS]);
 
 	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
diff --git a/usr/src/cmd/ssh/sshd/sshlogin.c b/usr/src/cmd/ssh/sshd/sshlogin.c
index 396a63ad48..53a3d6e299 100644
--- a/usr/src/cmd/ssh/sshd/sshlogin.c
+++ b/usr/src/cmd/ssh/sshd/sshlogin.c
@@ -38,15 +38,13 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 /*
- * Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
 #include "includes.h"
 RCSID("$OpenBSD: sshlogin.c,v 1.5 2002/08/29 15:57:25 stevesk Exp $");
 
-#pragma ident	"%Z%%M%	%I%	%E% SMI"
-
 #include "loginrec.h"
 #include "log.h"
 #include "servconf.h"
@@ -73,8 +71,8 @@ get_last_login_time(uid_t uid, const char *logname,
 }
 
 /*
- * Records that the user has logged in.  I these parts of operating systems
- * were more standardized.
+ * Records that the user has logged in.  If only these parts of operating
+ * systems were more standardized.
  */
 void
 record_login(pid_t pid, const char *ttyname, const char *progname,
@@ -114,20 +112,6 @@ record_login(pid_t pid, const char *ttyname, const char *progname,
   login_free_entry(li);
 }
 
-#ifdef LOGIN_NEEDS_UTMPX
-void
-record_utmp_only(pid_t pid, const char *ttyname, const char *user,
-		 const char *host, struct sockaddr * addr)
-{
-  struct logininfo *li;
-
-  li = login_alloc_entry(pid, user, host, ttyname, NULL);
-  login_set_addr(li, addr, sizeof(struct sockaddr));
-  (void) login_utmp_only(li);
-  login_free_entry(li);
-}
-#endif
-
 /* Records that the user has logged out. */
 void
 record_logout(pid_t pid, const char *ttyname, const char *progname,