# HG changeset patch
# User Matt Johnston <matt@ucc.asn.au>
# Date 1519656288 -28800
# Node ID bb8eaa26bc933a5eb82915d50d14ff169ca339c0
# Parent  63fa53d3b6c7ea5948dc2c1d9ac57a8484ffaea5# Parent  d1a8a05216ff6778b74b184bc8015e0a7a3b2d06
merge from main

diff -r 63fa53d3b6c7 -r bb8eaa26bc93 .gitignore
--- a/.gitignore	Wed Feb 21 21:59:52 2018 +0800
+++ b/.gitignore	Mon Feb 26 22:44:48 2018 +0800
@@ -19,3 +19,4 @@
 config.h
 config.h.in
 configure
+default_options_guard.h
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 CHANGES
--- a/CHANGES	Wed Feb 21 21:59:52 2018 +0800
+++ b/CHANGES	Mon Feb 26 22:44:48 2018 +0800
@@ -1,3 +1,76 @@
+Upcoming...
+
+- IMPORTANT:
+  Custom configuration is now specified in local_options.h rather than options.h
+  Available options and defaults can be seen in default_options.h
+
+  To migrate your configuration, compare your customised options.h against the
+  upstream options.h from your relevant version. Any customised options should
+  be put in localoptions.h
+
+- "configure --enable-static" should now be used instead of "make STATIC=1"
+
+- Add group14-256 and group16 key exchange options
+
+- Set hardened build flags by default if supported by the compiler.
+  -Wl,-pie
+  -Wl,-z,now -Wl,-z,relro
+  -fstack-protector-strong
+  -D_FORTIFY_SOURCE=2
+  # spectre v2 mitigation
+  -mfunction-return=thunk
+  -mindirect-branch=thunk
+
+  These can be disabled with configure --disable-harden if needed
+  Spectre patch from Loganaden Velvindron
+
+- Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant
+
+- Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket.
+  See dbclient manpage for a socat example. Patch from Harald Becker
+
+- Add "-c forced_command" option. Patch from Jeremy Kerr
+
+- Support server-chosen TCP forwarding ports, patch from houseofkodai
+
+- Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port]
+  Patch from houseofkodai
+
+- Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1
+
+- Minimum RSA key length has been increased to 1024 bits
+
+- Set PAM_RHOST which is needed by modules such as pam_abl
+
+- Improvements to DSS public key validation, found by OSS-Fuzz. 
+
+- Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz
+
+- Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz
+
+- Numerous code cleanups and small issues fixed by Francois Perrad
+
+- Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl
+  platforms. Reported by Oliver Schneider and Andrew Bainbridge
+
+- Fix some platform portability problems, from Ben Gardner
+
+- Add EXEEXT filename suffix for building dropbearmulti, from William Foster
+
+- Support --enable-<option> properly for configure, from Stefan Hauser
+
+- configure have_openpty result can be cached, from Eric Bénard
+
+- handle platforms that return close() < -1 on failure, from Marco Wenzel
+
+- Build and configuration cleanups from Michael Witten
+
+- Fix libtomcrypt/libtommath linking order, from Andre McCurdy
+
+- Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC
+
+- Update curve25519-donna implementation to current version
+
 2017.75 - 18 May 2017
 
 - Security: Fix double-free in server TCP listener cleanup
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 INSTALL
--- a/INSTALL	Wed Feb 21 21:59:52 2018 +0800
+++ b/INSTALL	Mon Feb 26 22:44:48 2018 +0800
@@ -1,7 +1,7 @@
 Basic Dropbear build instructions:
 
 - Edit localoptions.h to set which features you want. Available options
-  are described in default_options.h.in, these will be overridden by
+  are described in default_options.h, these will be overridden by
   anything set in localoptions.h
 
 - If using a Mercurial or Git checkout, "autoconf; autoheader"
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 Makefile.in
--- a/Makefile.in	Wed Feb 21 21:59:52 2018 +0800
+++ b/Makefile.in	Mon Feb 26 22:44:48 2018 +0800
@@ -20,12 +20,13 @@
 ifeq (@BUNDLED_LIBTOM@, 1)
 LIBTOM_DEPS=$(STATIC_LTC) $(STATIC_LTM) 
 CFLAGS+=-I$(srcdir)/libtomcrypt/src/headers/
-LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM) 
+LIBTOM_LIBS=$(STATIC_LTC) $(STATIC_LTM)
 endif
 
+OPTION_HEADERS = default_options_guard.h sysoptions.h
 ifneq ($(wildcard localoptions.h),)
 CFLAGS+=-DLOCALOPTIONS_H_EXISTS
-LOCALOPTIONS_H=localoptions.h
+OPTION_HEADERS += localoptions.h
 endif
 
 COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
@@ -103,7 +104,6 @@
 	CFLAGS+= -DDROPBEAR_CLIENT
 endif
 
-
 # these are exported so that libtomcrypt's makefile will use them
 export CC
 export CFLAGS
@@ -126,9 +126,16 @@
 
 all: $(TARGETS)
 
-# a bit lazy, but safer
-HEADERS=$(wildcard $(srcdir)/*.h *.h)
-*.o: $(HEADERS)
+# for simplicity assume all source depends on all headers
+HEADERS=$(wildcard $(srcdir)/*.h *.h) $(OPTION_HEADERS)
+%.o : %.c $(HEADERS)
+	$(CC) -c $(CFLAGS) $(CPPFLAGS) $< -o $@
+
+default_options_guard.h: default_options.h
+	@echo Creating $@
+	@printf "/*\n > > > Do not edit this file (default_options_guard.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp
+	@$(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp
+	@mv $@.tmp $@
 
 strip: $(TARGETS)
 	$(STRIP) $(addsuffix $(EXEEXT), $(TARGETS))
@@ -202,10 +209,10 @@
 	-rm -f $*$(EXEEXT)
 	-ln -s dropbearmulti$(EXEEXT) $*$(EXEEXT)
 
-$(STATIC_LTC): 
+$(STATIC_LTC): $(OPTION_HEADERS)
 	$(MAKE) -C libtomcrypt
 
-$(STATIC_LTM):
+$(STATIC_LTM): $(OPTION_HEADERS)
 	$(MAKE) -C libtommath
 
 .PHONY : clean sizes thisclean distclean tidy ltc-clean ltm-clean
@@ -229,18 +236,11 @@
 distclean: clean tidy
 	-rm -f config.h
 	-rm -f Makefile
+	-rm -f default_options_guard.h
 
 tidy:
 	-rm -f *~ *.gcov */*~
 
-# default_options.h is stored in version control, could not find a workaround
-# for parallel "make -j" and dependency rules.
-default_options.h: default_options.h.in 
-	@echo Creating $@
-	@echo "/*\n > > > Do not edit this file (default_options.h) < < <\nGenerated from "$^"\nLocal customisation goes in localoptions.h\n*/\n\n" > $@.tmp
-	@$(srcdir)/ifndef_wrapper.sh < $^ >> $@.tmp
-	@mv $@.tmp $@
-
 ## Fuzzing targets
 
 # list of fuzz targets
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 TODO
--- a/TODO	Wed Feb 21 21:59:52 2018 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-Current:
-
-Things which might need doing:
-
-- default private dbclient keys
-
-- Make options.h generated from configure perhaps?
-
-- handle /etc/environment in AIX
-
-- check that there aren't timing issues with valid/invalid user authentication
-  feedback.
-
-- Binding to different interfaces
-
-- CTR mode
-- SSH_MSG_IGNORE sending to improve CBC security
-- DH Group Exchange possibly, or just add group14 (whatever it's called today)
-
-- fix scp.c for IRIX
-
-- Be able to use OpenSSH keys for the client? or at least have some form of 
-  encrypted keys.
-
-- Client agent forwarding
-
-- Handle restrictions in ~/.ssh/authorized_keys ?
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 auth.h
--- a/auth.h	Wed Feb 21 21:59:52 2018 +0800
+++ b/auth.h	Mon Feb 26 22:44:48 2018 +0800
@@ -105,12 +105,14 @@
 	unsigned char authtypes; /* Flags indicating which auth types are still 
 								valid */
 	unsigned int failcount; /* Number of (failed) authentication attempts.*/
-	unsigned authdone : 1; /* 0 if we haven't authed, 1 if we have. Applies for
+	unsigned int authdone; /* 0 if we haven't authed, 1 if we have. Applies for
 							  client and server (though has differing 
 							  meanings). */
-	unsigned perm_warn : 1; /* Server only, set if bad permissions on 
+	unsigned int perm_warn; /* Server only, set if bad permissions on 
 							   ~/.ssh/authorized_keys have already been
 							   logged. */
+	unsigned int checkusername_failed;  /* Server only, set if checkusername
+	                                has already failed */
 
 	/* These are only used for the server */
 	uid_t pw_uid;
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 cli-auth.c
--- a/cli-auth.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/cli-auth.c	Mon Feb 26 22:44:48 2018 +0800
@@ -60,7 +60,7 @@
 	*/
 	if (ses.keys->trans.algo_comp != DROPBEAR_COMP_ZLIB_DELAY) {
 		ses.authstate.authtypes = AUTH_TYPE_PUBKEY;
-#if DROPBEAR_USE_DROPBEAR_PASSWORD
+#if DROPBEAR_USE_PASSWORD_ENV
 		if (getenv(DROPBEAR_PASSWORD_ENV)) {
 			ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
 		}
@@ -337,7 +337,7 @@
 {
 	char* password = NULL;
 	
-#if DROPBEAR_USE_DROPBEAR_PASSWORD
+#if DROPBEAR_USE_PASSWORD_ENV
 	/* Password provided in an environment var */
 	password = getenv(DROPBEAR_PASSWORD_ENV);
 	if (password)
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 cli-main.c
--- a/cli-main.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/cli-main.c	Mon Feb 26 22:44:48 2018 +0800
@@ -158,6 +158,21 @@
 	size_t ex_cmdlen;
 	int ret;
 
+	/* File descriptor "-j &3" */
+	if (*cli_opts.proxycmd == '&') {
+		char *p = cli_opts.proxycmd + 1;
+		int sock = strtoul(p, &p, 10);
+		/* must be a single number, and not stdin/stdout/stderr */
+		if (sock > 2 && sock < 1024 && *p == '\0') {
+			*sock_in = sock;
+			*sock_out = sock;
+			return;
+		}
+	}
+
+	/* Normal proxycommand */
+
+	/* So that spawn_command knows which shell to run */
 	fill_passwd(cli_opts.own_user);
 
 	ex_cmdlen = strlen(cli_opts.proxycmd) + 6; /* "exec " + command + '\0' */
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 cli-session.c
--- a/cli-session.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/cli-session.c	Mon Feb 26 22:44:48 2018 +0800
@@ -181,7 +181,7 @@
 
 }
 
-static void send_msg_service_request(char* servicename) {
+static void send_msg_service_request(const char* servicename) {
 
 	TRACE(("enter send_msg_service_request: servicename='%s'", servicename))
 
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 cli-tcpfwd.c
--- a/cli-tcpfwd.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/cli-tcpfwd.c	Mon Feb 26 22:44:48 2018 +0800
@@ -23,7 +23,6 @@
  * SOFTWARE. */
 
 #include "includes.h"
-#include "options.h"
 #include "dbutil.h"
 #include "tcpfwd.h"
 #include "channel.h"
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 common-algo.c
--- a/common-algo.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/common-algo.c	Mon Feb 26 22:44:48 2018 +0800
@@ -276,6 +276,7 @@
 
 algo_type sshkex[] = {
 #if DROPBEAR_CURVE25519
+	{"curve25519-sha256", 0, &kex_curve25519, 1, NULL},
 	{"curve25519-sha256@libssh.org", 0, &kex_curve25519, 1, NULL},
 #endif
 #if DROPBEAR_ECDH
@@ -289,12 +290,12 @@
 	{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
 #endif
 #endif
+#if DROPBEAR_DH_GROUP14_SHA256
+	{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
+#endif
 #if DROPBEAR_DH_GROUP14_SHA1
 	{"diffie-hellman-group14-sha1", 0, &kex_dh_group14_sha1, 1, NULL},
 #endif
-#if DROPBEAR_DH_GROUP14_SHA256
-	{"diffie-hellman-group14-sha256", 0, &kex_dh_group14_sha256, 1, NULL},
-#endif
 #if DROPBEAR_DH_GROUP1
 	{"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
 #endif
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 common-session.c
--- a/common-session.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/common-session.c	Mon Feb 26 22:44:48 2018 +0800
@@ -140,7 +140,7 @@
 	TRACE(("leave session_init"))
 }
 
-void session_loop(void(*loophandler)()) {
+void session_loop(void(*loophandler)(void)) {
 
 	fd_set readfd, writefd;
 	struct timeval timeout;
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 dbclient.1
--- a/dbclient.1	Wed Feb 21 21:59:52 2018 +0800
+++ b/dbclient.1	Mon Feb 26 22:44:48 2018 +0800
@@ -111,11 +111,22 @@
 .B \-I \fIidle_timeout
 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
 .TP
+
+.\" TODO: how to avoid a line break between these two -J arguments?
 .B \-J \fIproxy_command
+.TP
+.B \-J \fI&fd
+.br
 Use the standard input/output of the program \fIproxy_command\fR rather than using
 a normal TCP connection. A hostname should be still be provided, as this is used for
 comparing saved hostkeys. This command will be executed as "exec proxy_command ..." with the
 default shell.
+
+The second form &fd will make dbclient use the numeric file descriptor as a socket. This
+can be used for more complex tunnelling scenarios. Example usage with socat is
+
+socat EXEC:'dbclient -J &38 ev',fdin=38,fdout=38 TCP4:host.example.com:22
+
 .TP
 .B \-B \fIendhost:endport
 "Netcat-alike" mode, where Dropbear will connect to the given host, then create a
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 dbhelpers.h
--- a/dbhelpers.h	Wed Feb 21 21:59:52 2018 +0800
+++ b/dbhelpers.h	Mon Feb 26 22:44:48 2018 +0800
@@ -3,7 +3,7 @@
 
 /* This header defines some things that are also used by libtomcrypt/math. 
    We avoid including normal include.h since that can result in conflicting 
-   definitinos - only include config.h */
+   definitions - only include config.h */
 #include "config.h"
 
 #ifdef __GNUC__
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 default_options.h
--- a/default_options.h	Wed Feb 21 21:59:52 2018 +0800
+++ b/default_options.h	Mon Feb 26 22:44:48 2018 +0800
@@ -1,44 +1,27 @@
-/*
- > > > Do not edit this file (default_options.h) < < <
-Generated from ../default_options.h.in
-Local customisation goes in localoptions.h
-*/
-
-
 #ifndef DROPBEAR_DEFAULT_OPTIONS_H_
 #define DROPBEAR_DEFAULT_OPTIONS_H_
 /*
                      > > > Read This < < <
 
-default_options.h.in  documents compile-time options, and provides default values.
+default_options.h  documents compile-time options, and provides default values.
 
 Local customisation should be added to localoptions.h which is
 used if it exists. Options defined there will override any options in this
 file.
 
-Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS
-
-IMPORTANT: Many options will require "make clean" after changes */
+Options can also be defined with -DDROPBEAR_XXX=[0,1] in Makefile CFLAGS
 
-#ifndef DROPBEAR_DEFPORT
+IMPORTANT: Some options will require "make clean" after changes */
+
 #define DROPBEAR_DEFPORT "22"
-#endif
 
 /* Listen on all interfaces */
-#ifndef DROPBEAR_DEFADDRESS
 #define DROPBEAR_DEFADDRESS ""
-#endif
 
 /* Default hostkey paths - these can be specified on the command line */
-#ifndef DSS_PRIV_FILENAME
 #define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
-#endif
-#ifndef RSA_PRIV_FILENAME
 #define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
-#endif
-#ifndef ECDSA_PRIV_FILENAME
 #define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
-#endif
 
 /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
  * on chosen ports and keeps accepting connections. This is the default.
@@ -50,140 +33,76 @@
  *
  * Both of these flags can be defined at once, don't compile without at least
  * one of them. */
-#ifndef NON_INETD_MODE
 #define NON_INETD_MODE 1
-#endif
-#ifndef INETD_MODE
 #define INETD_MODE 1
-#endif
 
-/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
- * perhaps 20% slower for pubkey operations (it is probably worth experimenting
- * if you want to use this) */
-/*#define NO_FAST_EXPTMOD*/
+/* Include verbose debug output, enabled with -v at runtime. 
+ * This will add a reasonable amount to your executable size. */
+#define DEBUG_TRACE 0
 
 /* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
-several kB in binary size however will make the symmetrical ciphers and hashes
-slower, perhaps by 50%. Recommended for small systems that aren't doing
-much traffic. */
-#ifndef DROPBEAR_SMALL_CODE
+ * several kB in binary size however will make the symmetrical ciphers and hashes
+ * slower, perhaps by 50%. Recommended for small systems that aren't doing
+ * much traffic. */
 #define DROPBEAR_SMALL_CODE 1
-#endif
 
 /* Enable X11 Forwarding - server only */
-#ifndef DROPBEAR_X11FWD
 #define DROPBEAR_X11FWD 1
-#endif
 
 /* Enable TCP Fowarding */
 /* 'Local' is "-L" style (client listening port forwarded via server)
  * 'Remote' is "-R" style (server listening port forwarded via client) */
-
-#ifndef DROPBEAR_CLI_LOCALTCPFWD
 #define DROPBEAR_CLI_LOCALTCPFWD 1
-#endif
-#ifndef DROPBEAR_CLI_REMOTETCPFWD
 #define DROPBEAR_CLI_REMOTETCPFWD 1
-#endif
 
-#ifndef DROPBEAR_SVR_LOCALTCPFWD
 #define DROPBEAR_SVR_LOCALTCPFWD 1
-#endif
-#ifndef DROPBEAR_SVR_REMOTETCPFWD
 #define DROPBEAR_SVR_REMOTETCPFWD 1
-#endif
 
 /* Enable Authentication Agent Forwarding */
-#ifndef DROPBEAR_SVR_AGENTFWD
 #define DROPBEAR_SVR_AGENTFWD 1
-#endif
-#ifndef DROPBEAR_CLI_AGENTFWD
 #define DROPBEAR_CLI_AGENTFWD 1
-#endif
-
 
 /* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to
  * allow multihop dbclient connections */
 
 /* Allow using -J <proxycommand> to run the connection through a 
    pipe to a program, rather the normal TCP connection */
-#ifndef DROPBEAR_CLI_PROXYCMD
 #define DROPBEAR_CLI_PROXYCMD 1
-#endif
 
 /* Enable "Netcat mode" option. This will forward standard input/output
  * to a remote TCP-forwarded connection */
-#ifndef DROPBEAR_CLI_NETCAT
 #define DROPBEAR_CLI_NETCAT 1
-#endif
 
 /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
-#ifndef ENABLE_USER_ALGO_LIST
-#define ENABLE_USER_ALGO_LIST 1
-#endif
+#define DROPBEAR_USER_ALGO_LIST 1
 
 /* Encryption - at least one required.
- * Protocol RFC requires 3DES and recommends AES128 for interoperability.
- * Including multiple keysize variants the same cipher 
- * (eg AES256 as well as AES128) will result in a minimal size increase.*/
-#ifndef DROPBEAR_AES128
+ * AES128 should be enabled, some very old implementations might only
+ * support 3DES.
+ * Including both AES keysize variants (128 and 256) will result in 
+ * a minimal size increase */
 #define DROPBEAR_AES128 1
-#endif
-#ifndef DROPBEAR_3DES
 #define DROPBEAR_3DES 1
-#endif
-#ifndef DROPBEAR_AES256
 #define DROPBEAR_AES256 1
-#endif
+#define DROPBEAR_TWOFISH256 0
+#define DROPBEAR_TWOFISH128 0
 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
-/*#define DROPBEAR_BLOWFISH*/
-#ifndef DROPBEAR_TWOFISH256
-#define DROPBEAR_TWOFISH256 1
-#endif
-#ifndef DROPBEAR_TWOFISH128
-#define DROPBEAR_TWOFISH128 1
-#endif
+#define DROPBEAR_BLOWFISH 0
 
 /* Enable CBC mode for ciphers. This has security issues though
  * is the most compatible with older SSH implementations */
-#ifndef DROPBEAR_ENABLE_CBC_MODE
 #define DROPBEAR_ENABLE_CBC_MODE 1
-#endif
 
-/* Enable "Counter Mode" for ciphers. This is more secure than normal
+/* Enable "Counter Mode" for ciphers. This is more secure than
  * CBC mode against certain attacks. It is recommended for security
  * and forwards compatibility */
-#ifndef DROPBEAR_ENABLE_CTR_MODE
 #define DROPBEAR_ENABLE_CTR_MODE 1
-#endif
-
-/* Twofish counter mode is disabled by default because it 
-has not been tested for interoperability with other SSH implementations.
-If you test it please contact the Dropbear author */
-#ifndef DROPBEAR_TWOFISH_CTR
-#define DROPBEAR_TWOFISH_CTR 0
-#endif
 
 /* Message integrity. sha2-256 is recommended as a default, 
    sha1 for compatibility */
-#ifndef DROPBEAR_SHA1_HMAC
 #define DROPBEAR_SHA1_HMAC 1
-#endif
-#ifndef DROPBEAR_SHA1_96_HMAC
 #define DROPBEAR_SHA1_96_HMAC 1
-#endif
-#ifndef DROPBEAR_SHA2_256_HMAC
 #define DROPBEAR_SHA2_256_HMAC 1
-#endif
-/* Default is to include it is sha512 is being compiled in for ECDSA */
-#ifndef DROPBEAR_SHA2_512_HMAC
-#define DROPBEAR_SHA2_512_HMAC (DROPBEAR_ECDSA)
-#endif
-
-/* XXX needed for fingerprints */
-#ifndef DROPBEAR_MD5_HMAC
-#define DROPBEAR_MD5_HMAC 0
-#endif
 
 /* Hostkey/public key algorithms - at least one required, these are used
  * for hostkey as well as for verifying signatures with pubkey auth.
@@ -191,23 +110,15 @@
  * RSA is recommended
  * DSS may be necessary to connect to some systems though
    is not recommended for new keys */
-#ifndef DROPBEAR_RSA
 #define DROPBEAR_RSA 1
-#endif
-#ifndef DROPBEAR_DSS
 #define DROPBEAR_DSS 1
-#endif
 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
  * code (either ECDSA or ECDH) increases binary size - around 30kB
  * on x86-64 */
-#ifndef DROPBEAR_ECDSA
 #define DROPBEAR_ECDSA 1
-#endif
 
 /* RSA must be >=1024 */
-#ifndef DROPBEAR_DEFAULT_RSA_SIZE
 #define DROPBEAR_DEFAULT_RSA_SIZE 2048
-#endif
 /* DSS is always 1024 */
 /* ECDSA defaults to largest size configured, usually 521 */
 
@@ -215,46 +126,40 @@
    connection using that key type occurs.
    This avoids the need to otherwise run "dropbearkey" and avoids some problems
    with badly seeded /dev/urandom when systems first boot. */
-#ifndef DROPBEAR_DELAY_HOSTKEY
 #define DROPBEAR_DELAY_HOSTKEY 1
-#endif
 
-/* Enable Curve25519 for key exchange. This is another elliptic
- * curve method with good security properties. Increases binary size
- * by ~8kB on x86-64 */
-#ifndef DROPBEAR_CURVE25519
-#define DROPBEAR_CURVE25519 1
-#endif
-
-/* Enable elliptic curve Diffie Hellman key exchange, see note about
- * ECDSA above */
-#ifndef DROPBEAR_ECDH
-#define DROPBEAR_ECDH 1
-#endif
 
 /* Key exchange algorithm.
+
  * group14_sha1 - 2048 bit, sha1
  * group14_sha256 - 2048 bit, sha2-256
  * group16 - 4096 bit, sha2-512
  * group1 - 1024 bit, sha1
+ * curve25519 - elliptic curve DH
+ * ecdh - NIST elliptic curve DH (256, 384, 521)
  *
- * group14 is supported by most implementations.
- * group16 provides a greater strength level but is slower and increases binary size
  * group1 is too small for security though is necessary if you need 
      compatibility with some implementations such as Dropbear versions < 0.53
+ * group14 is supported by most implementations.
+ * group16 provides a greater strength level but is slower and increases binary size
+ * curve25519 and ecdh algorithms are faster than non-elliptic curve methods
+ * curve25519 increases binary size by ~8kB on x86-64
+ * including either ECDH or ECDSA increases binary size by ~30kB on x86-64
+
+ * Small systems should generally include either curve25519 or ecdh for performance.
+ * curve25519 is less widely supported but is faster
  */ 
-#ifndef DROPBEAR_DH_GROUP1
-#define DROPBEAR_DH_GROUP1 1
-#endif
-#ifndef DROPBEAR_DH_GROUP14_SHA1
 #define DROPBEAR_DH_GROUP14_SHA1 1
-#endif
-#ifndef DROPBEAR_DH_GROUP14_SHA256
 #define DROPBEAR_DH_GROUP14_SHA256 1
-#endif
-#ifndef DROPBEAR_DH_GROUP16
 #define DROPBEAR_DH_GROUP16 0
-#endif
+#define DROPBEAR_CURVE25519 1
+#define DROPBEAR_ECDH 1
+#define DROPBEAR_DH_GROUP1 1
+
+/* When group1 is enabled it will only be allowed by Dropbear client
+not as a server, due to concerns over its strength. Set to 0 to allow
+group1 in Dropbear server too */
+#define DROPBEAR_DH_GROUP1_CLIENTONLY 1
 
 /* Control the memory/performance/compression tradeoff for zlib.
  * Set windowBits=8 for least memory usage, see your system's
@@ -263,27 +168,18 @@
  * windowBits=8 will use 129kB for compression.
  * Both modes will use ~35kB for decompression (using windowBits=15 for
  * interoperability) */
-#ifndef DROPBEAR_ZLIB_WINDOW_BITS
 #define DROPBEAR_ZLIB_WINDOW_BITS 15 
-#endif
 
 /* Whether to do reverse DNS lookups. */
-#ifndef DO_HOST_LOOKUP
 #define DO_HOST_LOOKUP 0
-#endif
 
 /* Whether to print the message of the day (MOTD). */
-#ifndef DO_MOTD
 #define DO_MOTD 0
-#endif
-
-/* The MOTD file path */
-#ifndef MOTD_FILENAME
 #define MOTD_FILENAME "/etc/motd"
-#endif
 
 /* Authentication Types - at least one required.
    RFC Draft requires pubkey auth, and recommends password */
+#define DROPBEAR_SVR_PASSWORD_AUTH 1
 
 /* Note: PAM auth is quite simple and only works for PAM modules which just do
  * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
@@ -291,138 +187,79 @@
  * but there's an interface via a PAM module. It won't work for more complex
  * PAM challenge/response.
  * You can't enable both PASSWORD and PAM. */
+#define DROPBEAR_SVR_PAM_AUTH 0
 
-/* This requires crypt() */
-#ifdef HAVE_CRYPT
-#ifndef DROPBEAR_SVR_PASSWORD_AUTH
-#define DROPBEAR_SVR_PASSWORD_AUTH 1
-#endif
-#else
-#ifndef DROPBEAR_SVR_PASSWORD_AUTH
-#define DROPBEAR_SVR_PASSWORD_AUTH 0
-#endif
-#endif
-/* PAM requires ./configure --enable-pam */
-#ifndef DROPBEAR_SVR_PAM_AUTH
-#define DROPBEAR_SVR_PAM_AUTH 0
-#endif
-#ifndef DROPBEAR_SVR_PUBKEY_AUTH
+/* ~/.ssh/authorized_keys authentication */
 #define DROPBEAR_SVR_PUBKEY_AUTH 1
-#endif
 
 /* Whether to take public key options in 
  * authorized_keys file into account */
-#ifndef DROPBEAR_SVR_PUBKEY_OPTIONS
 #define DROPBEAR_SVR_PUBKEY_OPTIONS 1
-#endif
 
-/* This requires getpass. */
-#ifdef HAVE_GETPASS
-#ifndef DROPBEAR_CLI_PASSWORD_AUTH
+/* Client authentication options */
 #define DROPBEAR_CLI_PASSWORD_AUTH 1
-#endif
-#ifndef DROPBEAR_CLI_INTERACT_AUTH
-#define DROPBEAR_CLI_INTERACT_AUTH 1
-#endif
-#endif
-#ifndef DROPBEAR_CLI_PUBKEY_AUTH
 #define DROPBEAR_CLI_PUBKEY_AUTH 1
-#endif
 
 /* A default argument for dbclient -i <privatekey>. 
 Homedir is prepended unless path begins with / */
-#ifndef DROPBEAR_DEFAULT_CLI_AUTHKEY
 #define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear"
-#endif
 
-/* This variable can be used to set a password for client
- * authentication on the commandline. Beware of platforms
- * that don't protect environment variables of processes etc. Also
- * note that it will be provided for all "hidden" client-interactive
- * style prompts - if you want something more sophisticated, use 
- * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
-#ifndef DROPBEAR_PASSWORD_ENV
-#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
-#endif
+/* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD
+ * environment variable. */
+#define DROPBEAR_USE_PASSWORD_ENV 1
 
 /* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of
  * a helper program for the ssh client. The helper program should be
  * specified in the SSH_ASKPASS environment variable, and dbclient
  * should be run with DISPLAY set and no tty. The program should
  * return the password on standard output */
-#ifndef DROPBEAR_CLI_ASKPASS_HELPER
 #define DROPBEAR_CLI_ASKPASS_HELPER 0
-#endif
 
 /* Save a network roundtrip by sendng a real auth request immediately after
- * sending a query for the available methods.  It is at the expense of < 100
- * bytes of extra network traffic. This is not yet enabled by default since it
- * could cause problems with non-compliant servers */
-#ifndef DROPBEAR_CLI_IMMEDIATE_AUTH
+ * sending a query for the available methods. This is not yet enabled by default 
+ since it could cause problems with non-compliant servers */ 
 #define DROPBEAR_CLI_IMMEDIATE_AUTH 0
-#endif
 
-/* Source for randomness. This must be able to provide hundreds of bytes per SSH
- * connection without blocking. In addition /dev/random is used for seeding
- * rsa/dss key generation */
-#ifndef DROPBEAR_URANDOM_DEV
-#define DROPBEAR_URANDOM_DEV "/dev/urandom"
-#endif
-
-/* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */
-/*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
-
+/* Set this to use PRNGD or EGD instead of /dev/urandom */
+#define DROPBEAR_USE_PRNGD 0
+#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
 
 /* Specify the number of clients we will allow to be connected but
  * not yet authenticated. After this limit, connections are rejected */
 /* The first setting is per-IP, to avoid denial of service */
-#ifndef MAX_UNAUTH_PER_IP
 #define MAX_UNAUTH_PER_IP 5
-#endif
 
 /* And then a global limit to avoid chewing memory if connections 
  * come from many IPs */
-#ifndef MAX_UNAUTH_CLIENTS
 #define MAX_UNAUTH_CLIENTS 30
-#endif
 
 /* Default maximum number of failed authentication tries (server option) */
 /* -T server option overrides */
-#ifndef MAX_AUTH_TRIES
 #define MAX_AUTH_TRIES 10
-#endif
 
 /* The default file to store the daemon's process ID, for shutdown
    scripts etc. This can be overridden with the -P flag */
-#ifndef DROPBEAR_PIDFILE
 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
-#endif
 
 /* The command to invoke for xauth when using X11 forwarding.
  * "-q" for quiet */
-#ifndef XAUTH_COMMAND
 #define XAUTH_COMMAND "/usr/bin/xauth -q"
-#endif
+
 
 /* if you want to enable running an sftp server (such as the one included with
- * OpenSSH), set the path below. If the path isn't defined, sftp will not
- * be enabled */
-#ifndef SFTPSERVER_PATH
+ * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. 
+ * The sftp-server program is not provided by Dropbear itself */
+#define DROPBEAR_SFTPSERVER 1
 #define SFTPSERVER_PATH "/usr/libexec/sftp-server"
-#endif
 
 /* This is used by the scp binary when used as a client binary. If you're
  * not using the Dropbear client, you'll need to change it */
-#ifndef DROPBEAR_PATH_SSH_PROGRAM
 #define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
-#endif
 
 /* Whether to log commands executed by a client. This only logs the 
  * (single) command sent to the server, not what a user did in a 
  * shell/sftp session etc. */
-#ifndef LOG_COMMANDS
 #define LOG_COMMANDS 0
-#endif
 
 /* Window size limits. These tend to be a trade-off between memory
    usage and network performance: */
@@ -431,42 +268,28 @@
    significant difference to network performance. 24kB was empirically
    chosen for a 100mbit ethernet network. The value can be altered at
    runtime with the -W argument. */
-#ifndef DEFAULT_RECV_WINDOW
 #define DEFAULT_RECV_WINDOW 24576
-#endif
 /* Maximum size of a received SSH data packet - this _MUST_ be >= 32768
    in order to interoperate with other implementations */
-#ifndef RECV_MAX_PAYLOAD_LEN
 #define RECV_MAX_PAYLOAD_LEN 32768
-#endif
 /* Maximum size of a transmitted data packet - this can be any value,
    though increasing it may not make a significant difference. */
-#ifndef TRANS_MAX_PAYLOAD_LEN
 #define TRANS_MAX_PAYLOAD_LEN 16384
-#endif
 
 /* Ensure that data is transmitted every KEEPALIVE seconds. This can
 be overridden at runtime with -K. 0 disables keepalives */
-#ifndef DEFAULT_KEEPALIVE
 #define DEFAULT_KEEPALIVE 0
-#endif
 
 /* If this many KEEPALIVES are sent with no packets received from the
 other side, exit. Not run-time configurable - if you have a need
 for runtime configuration please mail the Dropbear list */
-#ifndef DEFAULT_KEEPALIVE_LIMIT
 #define DEFAULT_KEEPALIVE_LIMIT 3
-#endif
 
 /* Ensure that data is received within IDLE_TIMEOUT seconds. This can
 be overridden at runtime with -I. 0 disables idle timeouts */
-#ifndef DEFAULT_IDLE_TIMEOUT
 #define DEFAULT_IDLE_TIMEOUT 0
-#endif
 
 /* The default path. This will often get replaced by the shell */
-#ifndef DEFAULT_PATH
 #define DEFAULT_PATH "/usr/bin:/bin"
-#endif
 
 #endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 default_options.h.in
--- a/default_options.h.in	Wed Feb 21 21:59:52 2018 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,365 +0,0 @@
-#ifndef DROPBEAR_DEFAULT_OPTIONS_H_
-#define DROPBEAR_DEFAULT_OPTIONS_H_
-/*
-                     > > > Read This < < <
-
-default_options.h.in  documents compile-time options, and provides default values.
-
-Local customisation should be added to localoptions.h which is
-used if it exists. Options defined there will override any options in this
-file.
-
-Options can also be defined with -DDROPBEAR_XXX in Makefile CFLAGS
-
-IMPORTANT: Many options will require "make clean" after changes */
-
-#define DROPBEAR_DEFPORT "22"
-
-/* Listen on all interfaces */
-#define DROPBEAR_DEFADDRESS ""
-
-/* Default hostkey paths - these can be specified on the command line */
-#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
-#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
-#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
-
-/* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
- * on chosen ports and keeps accepting connections. This is the default.
- *
- * Set INETD_MODE if you want to be able to run Dropbear with inetd (or
- * similar), where it will use stdin/stdout for connections, and each process
- * lasts for a single connection. Dropbear should be invoked with the -i flag
- * for inetd, and can only accept IPv4 connections.
- *
- * Both of these flags can be defined at once, don't compile without at least
- * one of them. */
-#define NON_INETD_MODE 1
-#define INETD_MODE 1
-
-#if !(NON_INETD_MODE || INETD_MODE)
-	#error "NON_INETD_MODE or INETD_MODE (or both) must be enabled."
-#endif
-
-/* Set this if you want to use the DROPBEAR_SMALL_CODE option. This can save
-several kB in binary size however will make the symmetrical ciphers and hashes
-slower, perhaps by 50%. Recommended for small systems that aren't doing
-much traffic. */
-#define DROPBEAR_SMALL_CODE 1
-
-/* Enable X11 Forwarding - server only */
-#define DROPBEAR_X11FWD 1
-
-/* Enable TCP Fowarding */
-/* 'Local' is "-L" style (client listening port forwarded via server)
- * 'Remote' is "-R" style (server listening port forwarded via client) */
-
-#define DROPBEAR_CLI_LOCALTCPFWD 1
-#define DROPBEAR_CLI_REMOTETCPFWD 1
-
-#define DROPBEAR_SVR_LOCALTCPFWD 1
-#define DROPBEAR_SVR_REMOTETCPFWD 1
-
-/* Enable Authentication Agent Forwarding */
-#define DROPBEAR_SVR_AGENTFWD 1
-#define DROPBEAR_CLI_AGENTFWD 1
-
-
-/* Note: Both DROPBEAR_CLI_PROXYCMD and DROPBEAR_CLI_NETCAT must be set to
- * allow multihop dbclient connections */
-
-/* Allow using -J <proxycommand> to run the connection through a 
-   pipe to a program, rather the normal TCP connection */
-#define DROPBEAR_CLI_PROXYCMD 1
-
-/* Enable "Netcat mode" option. This will forward standard input/output
- * to a remote TCP-forwarded connection */
-#define DROPBEAR_CLI_NETCAT 1
-
-/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
-#define DROPBEAR_USER_ALGO_LIST 1
-
-/* Encryption - at least one required.
- * Protocol RFC requires 3DES and recommends AES128 for interoperability.
- * Including multiple keysize variants the same cipher 
- * (eg AES256 as well as AES128) will result in a minimal size increase.*/
-#define DROPBEAR_AES128 1
-#define DROPBEAR_3DES 1
-#define DROPBEAR_AES256 1
-#define DROPBEAR_TWOFISH256 1
-#define DROPBEAR_TWOFISH128 1
-/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
-#define DROPBEAR_BLOWFISH 0
-
-#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \
-      || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128)
-	#error "At least one encryption algorithm must be enabled; 3DES and AES128 are recommended."
-#endif
-
-/* Enable CBC mode for ciphers. This has security issues though
- * is the most compatible with older SSH implementations */
-#define DROPBEAR_ENABLE_CBC_MODE 1
-
-/* Enable "Counter Mode" for ciphers. This is more secure than normal
- * CBC mode against certain attacks. It is recommended for security
- * and forwards compatibility */
-#define DROPBEAR_ENABLE_CTR_MODE 1
-
-/* Twofish counter mode is disabled by default because it 
-has not been tested for interoperability with other SSH implementations.
-If you test it please contact the Dropbear author */
-#define DROPBEAR_TWOFISH_CTR 0
-
-/* Message integrity. sha2-256 is recommended as a default, 
-   sha1 for compatibility */
-#define DROPBEAR_SHA1_HMAC 1
-#define DROPBEAR_SHA1_96_HMAC 1
-#define DROPBEAR_SHA2_256_HMAC 1
-/* Default is to include it is sha512 is being compiled in for ECDSA */
-#define DROPBEAR_SHA2_512_HMAC (DROPBEAR_ECDSA)
-
-/* XXX needed for fingerprints */
-#define DROPBEAR_MD5_HMAC 0
-
-/* Hostkey/public key algorithms - at least one required, these are used
- * for hostkey as well as for verifying signatures with pubkey auth.
- * Removing either of these won't save very much space.
- * RSA is recommended
- * DSS may be necessary to connect to some systems though
-   is not recommended for new keys */
-#define DROPBEAR_RSA 1
-#define DROPBEAR_DSS 1
-/* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
- * code (either ECDSA or ECDH) increases binary size - around 30kB
- * on x86-64 */
-#define DROPBEAR_ECDSA 1
-
-#if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA)
-	#error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended."
-#endif
-
-/* RSA must be >=1024 */
-#define DROPBEAR_DEFAULT_RSA_SIZE 2048
-/* DSS is always 1024 */
-/* ECDSA defaults to largest size configured, usually 521 */
-
-/* Add runtime flag "-R" to generate hostkeys as-needed when the first 
-   connection using that key type occurs.
-   This avoids the need to otherwise run "dropbearkey" and avoids some problems
-   with badly seeded /dev/urandom when systems first boot. */
-#define DROPBEAR_DELAY_HOSTKEY 1
-
-/* Enable Curve25519 for key exchange. This is another elliptic
- * curve method with good security properties. Increases binary size
- * by ~8kB on x86-64 */
-#define DROPBEAR_CURVE25519 1
-
-/* Enable elliptic curve Diffie Hellman key exchange, see note about
- * ECDSA above */
-#define DROPBEAR_ECDH 1
-
-/* Key exchange algorithm.
- * group14_sha1 - 2048 bit, sha1
- * group14_sha256 - 2048 bit, sha2-256
- * group16 - 4096 bit, sha2-512
- * group1 - 1024 bit, sha1
- *
- * group14 is supported by most implementations.
- * group16 provides a greater strength level but is slower and increases binary size
- * group1 is too small for security though is necessary if you need 
-     compatibility with some implementations such as Dropbear versions < 0.53
- */ 
-#define DROPBEAR_DH_GROUP1 1
-#define DROPBEAR_DH_GROUP14_SHA1 1
-#define DROPBEAR_DH_GROUP14_SHA256 1
-#define DROPBEAR_DH_GROUP16 0
-
-/* Control the memory/performance/compression tradeoff for zlib.
- * Set windowBits=8 for least memory usage, see your system's
- * zlib.h for full details.
- * Default settings (windowBits=15) will use 256kB for compression
- * windowBits=8 will use 129kB for compression.
- * Both modes will use ~35kB for decompression (using windowBits=15 for
- * interoperability) */
-#define DROPBEAR_ZLIB_WINDOW_BITS 15 
-
-/* Whether to do reverse DNS lookups. */
-#define DO_HOST_LOOKUP 0
-
-/* Whether to print the message of the day (MOTD). */
-#define DO_MOTD 0
-
-/* The MOTD file path */
-#define MOTD_FILENAME "/etc/motd"
-
-/* Authentication Types - at least one required.
-   RFC Draft requires pubkey auth, and recommends password */
-
-/* Note: PAM auth is quite simple and only works for PAM modules which just do
- * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
- * It's useful for systems like OS X where standard password crypts don't work
- * but there's an interface via a PAM module. It won't work for more complex
- * PAM challenge/response.
- * You can't enable both PASSWORD and PAM. */
-
-/* PAM requires ./configure --enable-pam */
-#if defined(HAVE_LIBPAM) && !DROPBEAR_SVR_PASSWORD_AUTH
-	#define DROPBEAR_SVR_PAM_AUTH 1
-#else
-	#define DROPBEAR_SVR_PAM_AUTH 0
-#endif
-
-/* This requires crypt() */
-#if defined(HAVE_CRYPT) && !DROPBEAR_SVR_PAM_AUTH
-	#define DROPBEAR_SVR_PASSWORD_AUTH 1
-#else
-	#define DROPBEAR_SVR_PASSWORD_AUTH 0
-#endif
-
-#define DROPBEAR_SVR_PUBKEY_AUTH 1
-
-#if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH)
-	#error "At least one server authentication type must be enabled; PUBKEY and PASSWORD are recommended."
-#endif
-
-#if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT
-	#error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
-#endif
-
-#if DROPBEAR_SVR_PAM_AUTH
-	#if DISABLE_PAM
-		#error "DROPBEAR_SVR_PAM_AUTH requires 'configure --enable-pam' to succeed."
-	#endif
-	#if DROPBEAR_SVR_PASSWORD_AUTH
-		#error "DROPBEAR_SVR_PASSWORD_AUTH cannot be enabled at the same time as DROPBEAR_SVR_PAM_AUTH."
-	#endif
-#endif
-
-/* Whether to take public key options in 
- * authorized_keys file into account */
-#define DROPBEAR_SVR_PUBKEY_OPTIONS 1
-
-/* This requires getpass. */
-#ifdef HAVE_GETPASS
-	#define DROPBEAR_CLI_PASSWORD_AUTH 1
-	#define DROPBEAR_CLI_INTERACT_AUTH 1
-#else
-	#define DROPBEAR_CLI_PASSWORD_AUTH 0
-	#define DROPBEAR_CLI_INTERACT_AUTH 0
-#endif
-#define DROPBEAR_CLI_PUBKEY_AUTH 1
-
-#if !(DROPBEAR_CLI_PASSWORD_AUTH || DROPBEAR_CLI_PUBKEY_AUTH)
-	#error "At least one client authentication type must be enabled; PUBKEY and PASSWORD are recommended."
-#endif
-
-/* A default argument for dbclient -i <privatekey>. 
-Homedir is prepended unless path begins with / */
-#define DROPBEAR_DEFAULT_CLI_AUTHKEY ".ssh/id_dropbear"
-
-/* This variable can be used to set a password for client
- * authentication on the commandline. Beware of platforms
- * that don't protect environment variables of processes etc. Also
- * note that it will be provided for all "hidden" client-interactive
- * style prompts - if you want something more sophisticated, use 
- * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
-#define DROPBEAR_USE_DROPBEAR_PASSWORD 1
-
-/* Define this (as well as DROPBEAR_CLI_PASSWORD_AUTH) to allow the use of
- * a helper program for the ssh client. The helper program should be
- * specified in the SSH_ASKPASS environment variable, and dbclient
- * should be run with DISPLAY set and no tty. The program should
- * return the password on standard output */
-#define DROPBEAR_CLI_ASKPASS_HELPER 0
-
-#if DROPBEAR_CLI_ASKPASS_HELPER
-	#define DROPBEAR_CLI_PASSWORD_AUTH 1
-#endif
-
-/* Save a network roundtrip by sendng a real auth request immediately after
- * sending a query for the available methods.  It is at the expense of < 100
- * bytes of extra network traffic. This is not yet enabled by default since it
- * could cause problems with non-compliant servers */
-#define DROPBEAR_CLI_IMMEDIATE_AUTH 0
-
-/* Source for randomness. This must be able to provide hundreds of bytes per SSH
- * connection without blocking. In addition /dev/random is used for seeding
- * rsa/dss key generation */
-#define DROPBEAR_URANDOM_DEV "/dev/urandom"
-
-/* Set this to use PRNGD or EGD instead of /dev/urandom or /dev/random */
-#define DROPBEAR_USE_PRNGD 0
-#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
-
-/* Specify the number of clients we will allow to be connected but
- * not yet authenticated. After this limit, connections are rejected */
-/* The first setting is per-IP, to avoid denial of service */
-#define MAX_UNAUTH_PER_IP 5
-
-/* And then a global limit to avoid chewing memory if connections 
- * come from many IPs */
-#define MAX_UNAUTH_CLIENTS 30
-
-/* Default maximum number of failed authentication tries (server option) */
-/* -T server option overrides */
-#define MAX_AUTH_TRIES 10
-
-/* The default file to store the daemon's process ID, for shutdown
-   scripts etc. This can be overridden with the -P flag */
-#define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
-
-/* The command to invoke for xauth when using X11 forwarding.
- * "-q" for quiet */
-#define XAUTH_COMMAND "/usr/bin/xauth -q"
-
-#define DROPBEAR_SFTPSERVER 1
-
-/* if you want to enable running an sftp server (such as the one included with
- * OpenSSH), set the path below. If the path isn't defined, sftp will not
- * be enabled */
-#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
-
-/* This is used by the scp binary when used as a client binary. If you're
- * not using the Dropbear client, you'll need to change it */
-#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
-
-/* Whether to log commands executed by a client. This only logs the 
- * (single) command sent to the server, not what a user did in a 
- * shell/sftp session etc. */
-#define LOG_COMMANDS 0
-
-/* Window size limits. These tend to be a trade-off between memory
-   usage and network performance: */
-/* Size of the network receive window. This amount of memory is allocated
-   as a per-channel receive buffer. Increasing this value can make a
-   significant difference to network performance. 24kB was empirically
-   chosen for a 100mbit ethernet network. The value can be altered at
-   runtime with the -W argument. */
-#define DEFAULT_RECV_WINDOW 24576
-/* Maximum size of a received SSH data packet - this _MUST_ be >= 32768
-   in order to interoperate with other implementations */
-#define RECV_MAX_PAYLOAD_LEN 32768
-/* Maximum size of a transmitted data packet - this can be any value,
-   though increasing it may not make a significant difference. */
-#define TRANS_MAX_PAYLOAD_LEN 16384
-
-/* Ensure that data is transmitted every KEEPALIVE seconds. This can
-be overridden at runtime with -K. 0 disables keepalives */
-#define DEFAULT_KEEPALIVE 0
-
-/* If this many KEEPALIVES are sent with no packets received from the
-other side, exit. Not run-time configurable - if you have a need
-for runtime configuration please mail the Dropbear list */
-#define DEFAULT_KEEPALIVE_LIMIT 3
-
-/* Ensure that data is received within IDLE_TIMEOUT seconds. This can
-be overridden at runtime with -I. 0 disables idle timeouts */
-#define DEFAULT_IDLE_TIMEOUT 0
-
-/* The default path. This will often get replaced by the shell */
-#define DEFAULT_PATH "/usr/bin:/bin"
-
-/* Include verbose debug output, enabled with -v at runtime. 
- * This will add a reasonable amount to your executable size. */
-#define DEBUG_TRACE 0
-
-#endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 dropbear.8
--- a/dropbear.8	Wed Feb 21 21:59:52 2018 +0800
+++ b/dropbear.8	Mon Feb 26 22:44:48 2018 +0800
@@ -148,8 +148,10 @@
 Host key files are read at startup from a standard location, by default
 /etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, and 
 /etc/dropbear/dropbear_ecdsa_host_key
-or specified on the commandline with -r. These are of the form generated
-by dropbearkey. The -R option can be used to automatically generate keys
+
+If the -r command line option is specified the default files are not loaded.
+Host key files are of the form generated by dropbearkey. 
+The -R option can be used to automatically generate keys
 in the default location - keys will be generated after startup when the first
 connection is established. This had the benefit that the system /dev/urandom
 random number source has a better chance of being securely seeded.
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 ecc.c
--- a/ecc.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/ecc.c	Mon Feb 26 22:44:48 2018 +0800
@@ -1,5 +1,4 @@
 #include "includes.h"
-#include "options.h"
 #include "ecc.h"
 #include "dbutil.h"
 #include "bignum.h"
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 ecc.h
--- a/ecc.h	Wed Feb 21 21:59:52 2018 +0800
+++ b/ecc.h	Mon Feb 26 22:44:48 2018 +0800
@@ -2,7 +2,6 @@
 #define DROPBEAR_DROPBEAR_ECC_H
 
 #include "includes.h"
-#include "options.h"
 
 #include "buffer.h"
 
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 ecdsa.c
--- a/ecdsa.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/ecdsa.c	Mon Feb 26 22:44:48 2018 +0800
@@ -1,4 +1,3 @@
-#include "options.h"
 #include "includes.h"
 #include "dbutil.h"
 #include "crypto_desc.h"
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 ecdsa.h
--- a/ecdsa.h	Wed Feb 21 21:59:52 2018 +0800
+++ b/ecdsa.h	Mon Feb 26 22:44:48 2018 +0800
@@ -7,13 +7,14 @@
 
 #if DROPBEAR_ECDSA
 
-/* Prefer the larger size - it's fast anyway */
-#if DROPBEAR_ECC_521
-#define ECDSA_DEFAULT_SIZE 521
+/* prefer 256 or 384 since those are SHOULD for
+   draft-ietf-curdle-ssh-kex-sha2.txt */
+#if DROPBEAR_ECC_256
+#define ECDSA_DEFAULT_SIZE 256
 #elif DROPBEAR_ECC_384
 #define ECDSA_DEFAULT_SIZE 384
-#elif DROPBEAR_ECC_256
-#define ECDSA_DEFAULT_SIZE 256
+#elif DROPBEAR_ECC_521
+#define ECDSA_DEFAULT_SIZE 521
 #else
 #define ECDSA_DEFAULT_SIZE 0
 #endif
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 ifndef_wrapper.sh
--- a/ifndef_wrapper.sh	Wed Feb 21 21:59:52 2018 +0800
+++ b/ifndef_wrapper.sh	Mon Feb 26 22:44:48 2018 +0800
@@ -2,6 +2,6 @@
 
 # Wrap all "#define X Y" with a #ifndef X...#endif"
 
-sed -E 's/^(#define ([^ ]+) .*)/#ifndef \2\
+sed -E 's/^( *#define ([^ ]+) .*)/#ifndef \2\
 \1\
 #endif/' 
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 includes.h
--- a/includes.h	Wed Feb 21 21:59:52 2018 +0800
+++ b/includes.h	Mon Feb 26 22:44:48 2018 +0800
@@ -26,7 +26,6 @@
 #define DROPBEAR_INCLUDES_H_
 
 
-#include "config.h"
 #include "options.h"
 #include "debug.h"
 
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 libtommath/Makefile.in
--- a/libtommath/Makefile.in	Wed Feb 21 21:59:52 2018 +0800
+++ b/libtommath/Makefile.in	Mon Feb 26 22:44:48 2018 +0800
@@ -126,19 +126,6 @@
 pretty:
 	perl pretty.build
 
-#\zipup the project (take that!)
-no_oops: clean
-	cd .. ; cvs commit
-	echo Scanning for scratch/dirty files
-	find . -type f | grep -v CVS | xargs -n 1 bash mess.sh
-
-clean:
-	rm -f *.bat *.pdf *.o *.a *.obj *.lib *.exe *.dll etclib/*.o demo/demo.o test ltmtest mpitest mtest/mtest mtest/mtest.exe \
-        *.idx *.toc *.log *.aux *.dvi *.lof *.ind *.ilg *.ps *.log *.s mpi.c *.da *.dyn *.dpi tommath.tex `find . -type f | grep [~] | xargs` *.lo *.la
-	rm -rf .libs
-	-cd etc && MAKE=${MAKE} ${MAKE} clean
-	-cd pics && MAKE=${MAKE} ${MAKE} clean
-
 .PHONY: pre_gen
 pre_gen:
 	perl gen.pl
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 libtommath/makefile.include
--- a/libtommath/makefile.include	Wed Feb 21 21:59:52 2018 +0800
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,105 +0,0 @@
-#
-# Include makefile for libtommath
-#
-
-#version of library
-VERSION=1.0
-VERSION_SO=1:0
-
-# default make target
-default: ${LIBNAME}
-
-# Compiler and Linker Names
-ifndef PREFIX
-  PREFIX=
-endif
-
-ifeq ($(CC),cc)
-  CC = $(PREFIX)gcc
-endif
-LD=$(PREFIX)ld
-AR=$(PREFIX)ar
-RANLIB=$(PREFIX)ranlib
-
-ifndef MAKE
-   MAKE=make
-endif
-
-CFLAGS += -I./ -Wall -Wsign-compare -Wextra -Wshadow
-
-ifndef NO_ADDTL_WARNINGS
-# additional warnings
-CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align
-CFLAGS += -Wstrict-prototypes -Wpointer-arith
-endif
-
-ifdef COMPILE_DEBUG
-#debug
-CFLAGS += -g3
-else
-
-ifdef COMPILE_SIZE
-#for size
-CFLAGS += -Os
-else
-
-ifndef IGNORE_SPEED
-#for speed
-CFLAGS += -O3 -funroll-loops
-
-#x86 optimizations [should be valid for any GCC install though]
-CFLAGS  += -fomit-frame-pointer
-endif
-
-endif # COMPILE_SIZE
-endif # COMPILE_DEBUG
-
-# adjust coverage set
-ifneq ($(filter $(shell arch), i386 i686 x86_64 amd64 ia64),)
-   COVERAGE = test_standalone timing
-   COVERAGE_APP = ./test && ./ltmtest
-else
-   COVERAGE = test_standalone
-   COVERAGE_APP = ./test
-endif
-
-HEADERS_PUB=tommath.h tommath_class.h tommath_superclass.h
-HEADERS=tommath_private.h $(HEADERS_PUB)
-
-test_standalone: CFLAGS+=-DLTM_DEMO_TEST_VS_MTEST=0
-
-#LIBPATH-The directory for libtommath to be installed to.
-#INCPATH-The directory to install the header files for libtommath.
-#DATAPATH-The directory to install the pdf docs.
-LIBPATH?=/usr/lib
-INCPATH?=/usr/include
-DATAPATH?=/usr/share/doc/libtommath/pdf
-
-#make the code coverage of the library
-#
-coverage: CFLAGS += -fprofile-arcs -ftest-coverage -DTIMING_NO_LOGS
-coverage: LFLAGS += -lgcov
-coverage: LDFLAGS += -lgcov
-
-coverage: $(COVERAGE)
-	$(COVERAGE_APP)
-
-lcov: coverage
-	rm -f coverage.info
-	lcov --capture --no-external --no-recursion $(LCOV_ARGS) --output-file coverage.info -q
-	genhtml coverage.info --output-directory coverage -q
-
-# target that removes all coverage output
-cleancov-clean:
-	rm -f `find . -type f -name "*.info" | xargs`
-	rm -rf coverage/
-
-# cleans everything - coverage output and standard 'clean'
-cleancov: cleancov-clean clean
-
-clean:
-	rm -f *.gcda *.gcno *.bat *.o *.a *.obj *.lib *.exe *.dll etclib/*.o demo/demo.o test ltmtest mpitest mtest/mtest mtest/mtest.exe \
-        *.idx *.toc *.log *.aux *.dvi *.lof *.ind *.ilg *.ps *.log *.s mpi.c *.da *.dyn *.dpi tommath.tex `find . -type f | grep [~] | xargs` *.lo *.la
-	rm -rf .libs/
-	cd etc ; MAKE=${MAKE} ${MAKE} clean
-	cd pics ; MAKE=${MAKE} ${MAKE} clean
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 libtommath/makefile_include.mk
--- a/libtommath/makefile_include.mk	Wed Feb 21 21:59:52 2018 +0800
+++ b/libtommath/makefile_include.mk	Mon Feb 26 22:44:48 2018 +0800
@@ -17,12 +17,13 @@
   CROSS_COMPILE=
 endif
 
-ifeq ($(CC),cc)
-  CC = $(CROSS_COMPILE)gcc
-endif
-LD=$(CROSS_COMPILE)ld
-AR=$(CROSS_COMPILE)ar
-RANLIB=$(CROSS_COMPILE)ranlib
+# Dropbear passes these down
+#ifeq ($(CC),cc)
+#  CC = $(CROSS_COMPILE)gcc
+#endif
+#LD=$(CROSS_COMPILE)ld
+#AR=$(CROSS_COMPILE)ar
+#RANLIB=$(CROSS_COMPILE)ranlib
 
 ifndef MAKE
    MAKE=make
@@ -113,5 +114,5 @@
 	rm -f *.gcda *.gcno *.gcov *.bat *.o *.a *.obj *.lib *.exe *.dll etclib/*.o demo/demo.o test ltmtest mpitest mtest/mtest mtest/mtest.exe \
         *.idx *.toc *.log *.aux *.dvi *.lof *.ind *.ilg *.ps *.log *.s mpi.c *.da *.dyn *.dpi tommath.tex `find . -type f | grep [~] | xargs` *.lo *.la
 	rm -rf .libs/
-	${MAKE} -C etc/ clean MAKE=${MAKE}
-	${MAKE} -C doc/ clean MAKE=${MAKE}
+	#${MAKE} -C etc/ clean MAKE=${MAKE}
+	#${MAKE} -C doc/ clean MAKE=${MAKE}
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 list.c
--- a/list.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/list.c	Mon Feb 26 22:44:48 2018 +0800
@@ -1,4 +1,4 @@
-#include "options.h"
+#include "includes.h"
 #include "dbutil.h"
 #include "list.h"
 
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 loginrec.c
--- a/loginrec.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/loginrec.c	Mon Feb 26 22:44:48 2018 +0800
@@ -1330,7 +1330,8 @@
 
 		if ( lseek(*fd, offset, SEEK_SET) != offset ) {
 			dropbear_log(LOG_WARNING, "lastlog_openseek: %s->lseek(): %s",
-			 lastlog_file, strerror(errno));
+				lastlog_file, strerror(errno));
+			m_close(*fd);
 			return 0;
 		}
 	}
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 ltc_prng.c
--- a/ltc_prng.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/ltc_prng.c	Mon Feb 26 22:44:48 2018 +0800
@@ -11,7 +11,6 @@
  *
  * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
  */
-#include "options.h"
 #include "includes.h"
 #include "dbrandom.h"
 #include "ltc_prng.h"
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 ltc_prng.h
--- a/ltc_prng.h	Wed Feb 21 21:59:52 2018 +0800
+++ b/ltc_prng.h	Mon Feb 26 22:44:48 2018 +0800
@@ -1,7 +1,6 @@
 #ifndef DROPBEAR_LTC_PRNG_H_DROPBEAR
 #define DROPBEAR_LTC_PRNG_H_DROPBEAR
 
-#include "options.h"
 #include "includes.h"
 
 #if DROPBEAR_LTC_PRNG
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 options.h
--- a/options.h	Wed Feb 21 21:59:52 2018 +0800
+++ b/options.h	Mon Feb 26 22:44:48 2018 +0800
@@ -8,11 +8,15 @@
 See default_options.h.in for a description of the available options.
 */
 
+/* Some configuration options or checks depend on system config */
+#include "config.h"
+
 #ifdef LOCALOPTIONS_H_EXISTS
 #include "localoptions.h"
 #endif
 
-#include "default_options.h"
+/* default_options.h is processed to add #ifndef guards */
+#include "default_options_guard.h"
 
 /* Some other defines that mostly should be left alone are defined
  * in sysoptions.h */
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 rsa.c
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 runopts.h
--- a/runopts.h	Wed Feb 21 21:59:52 2018 +0800
+++ b/runopts.h	Mon Feb 26 22:44:48 2018 +0800
@@ -92,6 +92,8 @@
 #endif
 
 	int norootlogin;
+	char *restrict_group;
+	gid_t restrict_group_gid;
 
 	int noauthpass;
 	int norootpass;
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 session.h
--- a/session.h	Wed Feb 21 21:59:52 2018 +0800
+++ b/session.h	Mon Feb 26 22:44:48 2018 +0800
@@ -26,7 +26,6 @@
 #define DROPBEAR_SESSION_H_
 
 #include "includes.h"
-#include "options.h"
 #include "buffer.h"
 #include "signkey.h"
 #include "kex.h"
@@ -41,7 +40,7 @@
 #include "netio.h"
 
 void common_session_init(int sock_in, int sock_out);
-void session_loop(void(*loophandler)()) ATTRIB_NORETURN;
+void session_loop(void(*loophandler)(void)) ATTRIB_NORETURN;
 void session_cleanup(void);
 void send_session_identification(void);
 void send_msg_ignore(void);
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 svr-auth.c
--- a/svr-auth.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/svr-auth.c	Mon Feb 26 22:44:48 2018 +0800
@@ -25,6 +25,8 @@
 /* This file (auth.c) handles authentication requests, passing it to the
  * particular type (auth-passwd, auth-pubkey). */
 
+#include <limits.h>
+
 #include "includes.h"
 #include "dbutil.h"
 #include "session.h"
@@ -35,26 +37,10 @@
 #include "runopts.h"
 #include "dbrandom.h"
 
-static void authclear(void);
-static int checkusername(char *username, unsigned int userlen);
+static int checkusername(const char *username, unsigned int userlen);
 
 /* initialise the first time for a session, resetting all parameters */
 void svr_authinitialise() {
-
-	ses.authstate.failcount = 0;
-	ses.authstate.pw_name = NULL;
-	ses.authstate.pw_dir = NULL;
-	ses.authstate.pw_shell = NULL;
-	ses.authstate.pw_passwd = NULL;
-	authclear();
-	
-}
-
-/* Reset the auth state, but don't reset the failcount. This is for if the
- * user decides to try with a different username etc, and is also invoked
- * on initialisation */
-static void authclear() {
-	
 	memset(&ses.authstate, 0, sizeof(ses.authstate));
 #if DROPBEAR_SVR_PUBKEY_AUTH
 	ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
@@ -64,19 +50,6 @@
 		ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
 	}
 #endif
-	if (ses.authstate.pw_name) {
-		m_free(ses.authstate.pw_name);
-	}
-	if (ses.authstate.pw_shell) {
-		m_free(ses.authstate.pw_shell);
-	}
-	if (ses.authstate.pw_dir) {
-		m_free(ses.authstate.pw_dir);
-	}
-	if (ses.authstate.pw_passwd) {
-		m_free(ses.authstate.pw_passwd);
-	}
-	
 }
 
 /* Send a banner message if specified to the client. The client might
@@ -224,31 +197,76 @@
 	m_free(methodname);
 }
 
+/* returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
+static int check_group_membership(gid_t check_gid, const char* username, gid_t user_gid) {
+	int ngroups, i, ret;
+	gid_t *grouplist = NULL;
+	int match = DROPBEAR_FAILURE;
+
+	for (ngroups = 32; ngroups <= DROPBEAR_NGROUP_MAX; ngroups *= 2) {
+		grouplist = m_malloc(sizeof(gid_t) * ngroups);
+
+		/* BSD returns ret==0 on success. Linux returns ret==ngroups on success */
+		ret = getgrouplist(username, user_gid, grouplist, &ngroups);
+		if (ret >= 0) {
+			break;
+		}
+		m_free(grouplist);
+		grouplist = NULL;
+	}
+
+	if (!grouplist) {
+		dropbear_log(LOG_ERR, "Too many groups for user '%s'", username);
+		return DROPBEAR_FAILURE;
+	}
+
+	for (i = 0; i < ngroups; i++) {
+		if (grouplist[i] == check_gid) {
+			match = DROPBEAR_SUCCESS;
+			break;
+		}
+	}
+	m_free(grouplist);
+
+	return match;
+}
+
 
 /* Check that the username exists and isn't disallowed (root), and has a valid shell.
  * returns DROPBEAR_SUCCESS on valid username, DROPBEAR_FAILURE on failure */
-static int checkusername(char *username, unsigned int userlen) {
+static int checkusername(const char *username, unsigned int userlen) {
 
 	char* listshell = NULL;
 	char* usershell = NULL;
 	uid_t uid;
+
 	TRACE(("enter checkusername"))
 	if (userlen > MAX_USERNAME_LEN) {
 		return DROPBEAR_FAILURE;
 	}
 
-	/* new user or username has changed */
-	if (ses.authstate.username == NULL ||
-		strcmp(username, ses.authstate.username) != 0) {
-			/* the username needs resetting */
-			if (ses.authstate.username != NULL) {
-				dropbear_log(LOG_WARNING, "Client trying multiple usernames from %s",
-							svr_ses.addrstring);
-				m_free(ses.authstate.username);
-			}
-			authclear();
-			fill_passwd(username);
-			ses.authstate.username = m_strdup(username);
+	if (strlen(username) != userlen) {
+		dropbear_exit("Attempted username with a null byte from %s",
+			svr_ses.addrstring);
+	}
+
+	if (ses.authstate.username == NULL) {
+		/* first request */
+		fill_passwd(username);
+		ses.authstate.username = m_strdup(username);
+	} else {
+		/* check username hasn't changed */
+		if (strcmp(username, ses.authstate.username) != 0) {
+			dropbear_exit("Client trying multiple usernames from %s",
+				svr_ses.addrstring);
+		}
+	}
+
+	/* avoids cluttering logs with repeated failure messages from
+	consecutive authentication requests in a sesssion */
+	if (ses.authstate.checkusername_failed) {
+		TRACE(("checkusername: returning cached failure"))
+		return DROPBEAR_FAILURE;
 	}
 
 	/* check that user exists */
@@ -257,6 +275,7 @@
 		dropbear_log(LOG_WARNING,
 				"Login attempt for nonexistent user from %s",
 				svr_ses.addrstring);
+		ses.authstate.checkusername_failed = 1;
 		return DROPBEAR_FAILURE;
 	}
 
@@ -268,6 +287,7 @@
 				"Login attempt with wrong user %s from %s",
 				ses.authstate.pw_name,
 				svr_ses.addrstring);
+		ses.authstate.checkusername_failed = 1;
 		return DROPBEAR_FAILURE;
 	}
 
@@ -275,9 +295,22 @@
 	if (svr_opts.norootlogin && ses.authstate.pw_uid == 0) {
 		TRACE(("leave checkusername: root login disabled"))
 		dropbear_log(LOG_WARNING, "root login rejected");
+		ses.authstate.checkusername_failed = 1;
 		return DROPBEAR_FAILURE;
 	}
 
+	/* check for login restricted to certain group if desired */
+	if (svr_opts.restrict_group) {
+		if (check_group_membership(svr_opts.restrict_group_gid,
+				ses.authstate.pw_name, ses.authstate.pw_gid) == DROPBEAR_FAILURE) {
+			dropbear_log(LOG_WARNING,
+				"Logins are restricted to the group %s but user '%s' is not a member",
+				svr_opts.restrict_group, ses.authstate.pw_name);
+			ses.authstate.checkusername_failed = 1;
+			return DROPBEAR_FAILURE;
+		}
+	}
+
 	TRACE(("shell is %s", ses.authstate.pw_shell))
 
 	/* check that the shell is set */
@@ -301,6 +334,7 @@
 	/* no matching shell */
 	endusershell();
 	TRACE(("no matching shell"))
+	ses.authstate.checkusername_failed = 1;
 	dropbear_log(LOG_WARNING, "User '%s' has invalid shell, rejected",
 				ses.authstate.pw_name);
 	return DROPBEAR_FAILURE;
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 svr-runopts.c
--- a/svr-runopts.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/svr-runopts.c	Mon Feb 26 22:44:48 2018 +0800
@@ -30,6 +30,8 @@
 #include "algo.h"
 #include "ecdsa.h"
 
+#include <grp.h>
+
 svr_runopts svr_opts; /* GLOBAL */
 
 static void printhelp(const char * progname);
@@ -68,6 +70,7 @@
 					"-m		Don't display the motd on login\n"
 #endif
 					"-w		Disallow root logins\n"
+					"-G		Restrict logins to members of specified group\n"
 #if DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH
 					"-s		Disable password logins\n"
 					"-g		Disable password logins for root\n"
@@ -132,6 +135,8 @@
 	svr_opts.forced_command = NULL;
 	svr_opts.forkbg = 1;
 	svr_opts.norootlogin = 0;
+	svr_opts.restrict_group = NULL;
+	svr_opts.restrict_group_gid = 0;
 	svr_opts.noauthpass = 0;
 	svr_opts.norootpass = 0;
 	svr_opts.allowblankpass = 0;
@@ -230,6 +235,9 @@
 				case 'w':
 					svr_opts.norootlogin = 1;
 					break;
+				case 'G':
+					next = &svr_opts.restrict_group;
+					break;
 				case 'W':
 					next = &recv_window_arg;
 					break;
@@ -331,6 +339,17 @@
 		}
 		buf_setpos(svr_opts.banner, 0);
 	}
+
+	if (svr_opts.restrict_group) {
+		struct group *restrictedgroup = getgrnam(svr_opts.restrict_group);
+
+		if (restrictedgroup){
+			svr_opts.restrict_group_gid = restrictedgroup->gr_gid;
+		} else {
+			dropbear_exit("Cannot restrict logins to group '%s' as the group does not exist", svr_opts.restrict_group);
+		}
+
+	}
 	
 	if (recv_window_arg) {
 		opts.recv_window = atol(recv_window_arg);
@@ -511,17 +530,20 @@
 		m_free(hostkey_file);
 	}
 
+	/* Only load default host keys if a host key is not specified by the user */
+	if (svr_opts.num_hostkey_files == 0) {
 #if DROPBEAR_RSA
-	loadhostkey(RSA_PRIV_FILENAME, 0);
+		loadhostkey(RSA_PRIV_FILENAME, 0);
 #endif
 
 #if DROPBEAR_DSS
-	loadhostkey(DSS_PRIV_FILENAME, 0);
+		loadhostkey(DSS_PRIV_FILENAME, 0);
 #endif
 
 #if DROPBEAR_ECDSA
-	loadhostkey(ECDSA_PRIV_FILENAME, 0);
+		loadhostkey(ECDSA_PRIV_FILENAME, 0);
 #endif
+	}
 
 #if DROPBEAR_DELAY_HOSTKEY
 	if (svr_opts.delay_hostkey) {
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 svr-service.c
--- a/svr-service.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/svr-service.c	Mon Feb 26 22:44:48 2018 +0800
@@ -30,7 +30,7 @@
 #include "ssh.h"
 #include "auth.h"
 
-static void send_msg_service_accept(char *name, int len);
+static void send_msg_service_accept(const char *name, int len);
 
 /* processes a SSH_MSG_SERVICE_REQUEST, returning 0 if finished,
  * 1 if not */
@@ -73,7 +73,7 @@
 
 }
 
-static void send_msg_service_accept(char *name, int len) {
+static void send_msg_service_accept(const char *name, int len) {
 
 	TRACE(("accepting service %s", name))
 
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 svr-session.c
--- a/svr-session.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/svr-session.c	Mon Feb 26 22:44:48 2018 +0800
@@ -43,6 +43,7 @@
 #include "fuzz.h"
 
 static void svr_remoteclosed(void);
+static void svr_algos_initialise(void);
 
 struct serversession svr_ses; /* GLOBAL */
 
@@ -103,6 +104,7 @@
 	svr_authinitialise();
 	chaninitialise(svr_chantypes);
 	svr_chansessinitialise();
+	svr_algos_initialise();
 
 	/* for logging the remote address */
 	get_socket_address(ses.sock_in, NULL, NULL, &host, &port, 0);
@@ -254,3 +256,14 @@
 
 }
 
+static void svr_algos_initialise(void) {
+#if DROPBEAR_DH_GROUP1 && DROPBEAR_DH_GROUP1_CLIENTONLY
+	algo_type *algo;
+	for (algo = sshkex; algo->name; algo++) {
+		if (strcmp(algo->name, "diffie-hellman-group1-sha1") == 0) {
+			algo->usable = 0;
+		}
+	}
+#endif
+}
+
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 svr-tcpfwd.c
--- a/svr-tcpfwd.c	Wed Feb 21 21:59:52 2018 +0800
+++ b/svr-tcpfwd.c	Mon Feb 26 22:44:48 2018 +0800
@@ -94,7 +94,7 @@
 			buf_putbyte(ses.writepayload, SSH_MSG_REQUEST_SUCCESS);
 			buf_putint(ses.writepayload, allocated_listen_port);
 			encrypt_packet();
-			wantreply = 0; //so out does not do so
+			wantreply = 0; /* avoid out: below sending another reply */
 		}
 	} else if (strcmp("cancel-tcpip-forward", reqname) == 0) {
 		ret = svr_cancelremotetcp();
@@ -212,9 +212,6 @@
 	if (DROPBEAR_SUCCESS == ret) {
 		tcpinfo->listenport = get_sock_port(ses.listeners[0]->socks[0]);
 		*allocated_listen_port = tcpinfo->listenport;
-		dropbear_log(LOG_INFO, "tcpip-forward %s:%d '%s'", 
-			((NULL == tcpinfo->listenaddr)?"localhost":tcpinfo->listenaddr), 
-			tcpinfo->listenport, ses.authstate.pw_name);
 	}
 
 out:
diff -r 63fa53d3b6c7 -r bb8eaa26bc93 sysoptions.h
--- a/sysoptions.h	Wed Feb 21 21:59:52 2018 +0800
+++ b/sysoptions.h	Mon Feb 26 22:44:48 2018 +0800
@@ -23,7 +23,11 @@
 #define AUTH_TIMEOUT 300 /* we choose 5 minutes */
 #endif
 
- #define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS))
+#define DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT ((DROPBEAR_SVR_PUBKEY_AUTH) && (DROPBEAR_SVR_PUBKEY_OPTIONS))
+
+#if !(NON_INETD_MODE || INETD_MODE)
+	#error "NON_INETD_MODE or INETD_MODE (or both) must be enabled."
+#endif
 
 /* A client should try and send an initial key exchange packet guessing
  * the algorithm that will match - saves a round trip connecting, has little
@@ -77,6 +81,8 @@
  
 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
 
+#define DROPBEAR_NGROUP_MAX 1024
+
 /* Required for pubkey auth */
 #define DROPBEAR_SIGNKEY_VERIFY ((DROPBEAR_SVR_PUBKEY_AUTH) || (DROPBEAR_CLIENT))
 
@@ -95,6 +101,23 @@
 #define MAX_MAC_LEN 20
 #endif
 
+/* sha2-512 is not necessary unless unforseen problems arise with sha2-256 */
+#ifndef DROPBEAR_SHA2_512_HMAC
+#define DROPBEAR_SHA2_512_HMAC 0
+#endif
+
+/* might be needed for compatibility with very old implementations */
+#ifndef DROPBEAR_MD5_HMAC
+#define DROPBEAR_MD5_HMAC 0
+#endif
+
+/* Twofish counter mode is disabled by default because it 
+has not been tested for interoperability with other SSH implementations.
+If you test it please contact the Dropbear author */
+#ifndef DROPBEAR_TWOFISH_CTR
+#define DROPBEAR_TWOFISH_CTR 0
+#endif
+
 
 #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA))
 
@@ -205,6 +228,39 @@
 #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h"
 #endif
 
+/* PAM requires ./configure --enable-pam */
+#if !defined(HAVE_LIBPAM) && DROPBEAR_SVR_PAM_AUTH
+#error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?"
+#endif
+
+#if DROPBEAR_SVR_PASSWORD_AUTH && !HAVE_CRYPT
+	#error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
+#endif
+
+#if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH)
+	#error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended."
+#endif
+
+
+#if !(DROPBEAR_AES128 || DROPBEAR_3DES || DROPBEAR_AES256 || DROPBEAR_BLOWFISH \
+      || DROPBEAR_TWOFISH256 || DROPBEAR_TWOFISH128)
+	#error "At least one encryption algorithm must be enabled. AES128 is recommended."
+#endif
+
+#if !(DROPBEAR_RSA || DROPBEAR_DSS || DROPBEAR_ECDSA)
+	#error "At least one hostkey or public-key algorithm must be enabled; RSA is recommended."
+#endif
+
+/* Source for randomness. This must be able to provide hundreds of bytes per SSH
+ * connection without blocking. */
+#ifndef DROPBEAR_URANDOM_DEV
+#define DROPBEAR_URANDOM_DEV "/dev/urandom"
+#endif
+
+/* client keyboard interactive authentication is often used for password auth.
+ rfc4256 */
+#define DROPBEAR_CLI_INTERACT_AUTH (DROPBEAR_CLI_PASSWORD_AUTH)
+
 /* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
  * code, if we're just compiling as client or server */
 #if (DROPBEAR_SERVER) && (DROPBEAR_CLIENT)