head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.54 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.52 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.50 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.48 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.46 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.44 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.42 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.40 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.38 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.36 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.34 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.32 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.30 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.28 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.26 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.24 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.22 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.20 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.18 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.16 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.14 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.12 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.10 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.8 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.2.0.6 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.4 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.2.0.2 pkgsrc-2003Q4-base:1.2 buildlink2-base:1.2 netbsd-1-5-PATCH001:1.1 netbsd-1-5-RELEASE:1.1 netbsd-1-4-PATCH003:1.1; locks; strict; comment @# @; 1.2 date 2001.08.02.12.55.32; author itojun; state dead; branches; next 1.1; 1.1 date 2000.03.20.02.25.42; author itojun; state Exp; branches; next ; desc @@ 1.2 log @say goodbye to security/ssh6. per comments on packages@@netbsd. @ text @$NetBSD: patch-bf,v 1.1 2000/03/20 02:25:42 itojun Exp $ --- servconf.c.orig Wed May 12 07:19:28 1999 +++ servconf.c Fri Dec 24 21:50:42 1999 @@@@ -81,8 +81,8 @@@@ void initialize_server_options(ServerOptions *options) { memset(options, 0, sizeof(*options)); - options->port = -1; - options->listen_addr.s_addr = INADDR_ANY; + options->num_ports = 0; + options->listen_addrs = NULL; options->host_key_file = NULL; options->random_seed_file = NULL; options->pid_file = NULL; @@@@ -92,6 +92,9 @@@@ options->permit_root_login = -1; options->ignore_rhosts = -1; options->ignore_root_rhosts = -1; +#ifdef ENABLE_LOG_AUTH + options->log_auth = -1; +#endif /* ENABLE_LOG_AUTH */ options->quiet_mode = -1; options->fascist_logging = -1; options->print_motd = -1; @@@@ -106,6 +109,12 @@@@ options->kerberos_authentication = -1; options->kerberos_or_local_passwd = -1; options->kerberos_tgt_passing = -1; +#if defined(KRB4) + options->kerberos_ticket_cleanup = -1; +#endif /* KRB4 */ +#ifdef AFS + options->afs_token_passing = -1; +#endif options->tis_authentication = -1; options->allow_tcp_forwarding = -1; options->password_authentication = -1; @@@@ -138,16 +147,31 @@@@ void fill_default_server_options(ServerOptions *options) { - if (options->port == -1) + struct addrinfo hints, *ai, *aitop; + char strport[PORTSTRLEN]; + int i; + + if (options->num_ports == 0) + options->ports[options->num_ports++] = SSH_DEFAULT_PORT; + if (options->listen_addrs == NULL) { - struct servent *sp; - - sp = getservbyname(SSH_SERVICE_NAME, "tcp"); - if (sp) - options->port = ntohs(sp->s_port); - else - options->port = SSH_DEFAULT_PORT; - endservent(); + for (i = 0; i < options->num_ports; i++) + { + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_PASSIVE; + hints.ai_family = IPv4or6; + hints.ai_socktype = SOCK_STREAM; + sprintf(strport, "%d", options->ports[i]); + if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) + { + fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n"); + exit(1); + } + for (ai = aitop; ai->ai_next; ai = ai->ai_next); + ai->ai_next = options->listen_addrs; + options->listen_addrs = aitop; + } + /* freeaddrinfo(options->listen_addrs) in sshd.c */ } if (options->host_key_file == NULL) options->host_key_file = HOST_KEY_FILE; @@@@ -190,19 +214,27 @@@@ if (options->rsa_authentication == -1) options->rsa_authentication = 1; if (options->kerberos_authentication == -1) -#if defined(KERBEROS) && defined(KRB5) +#if defined(KRB4) || defined(KRB5) options->kerberos_authentication = 1; -#else /* defined(KERBEROS) && defined(KRB5) */ +#else options->kerberos_authentication = 0; -#endif /* defined(KERBEROS) && defined(KRB5) */ +#endif /* defined(KRB4 || KRB5 */ if (options->kerberos_or_local_passwd == -1) options->kerberos_or_local_passwd = 0; if (options->kerberos_tgt_passing == -1) -#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) +#if defined(AFS) || defined(KRB5) options->kerberos_tgt_passing = 1; -#else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ +#else options->kerberos_tgt_passing = 0; -#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ +#endif /* AFS || KRB5 */ +#if defined(KRB4) + if (options->kerberos_ticket_cleanup == -1) + options->kerberos_ticket_cleanup = 1; +#endif /* KRB4 */ +#ifdef AFS + if (options->afs_token_passing == -1) + options->afs_token_passing = 1; +#endif /* AFS */ if (options->allow_tcp_forwarding == -1) options->allow_tcp_forwarding = 1; if (options->tis_authentication == -1) @@@@ -243,13 +275,23 @@@@ { sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility, +#ifdef ENABLE_LOG_AUTH + sLogAuth, +#endif /* ENABLE_LOG_AUTH */ sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts, sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sPidFile, sForcedPasswd, sForcedEmptyPasswd, sUmask, sSilentDeny, sIdleTimeout, sUseLogin, sKerberosAuthentication, sKerberosOrLocalPasswd, - sKerberosTgtPassing, sAllowTcpForwarding, sAllowUsers, sDenyUsers, + sKerberosTgtPassing, +#ifdef KRB4 + sKerberosTicketCleanup, +#ifdef AFS + sAFSTokenPassing, +#endif /* AFS */ +#endif /* KRB4 */ + sAllowTcpForwarding, sAllowUsers, sDenyUsers, sXauthPath, sCheckMail, sDenyGroups, sAllowGroups, sIgnoreRootRhosts, sAllowSHosts, sDenySHosts, sPasswordExpireWarningDays, sAccountExpireWarningDays @@@@ -275,6 +317,9 @@@@ { "quietmode", sQuietMode }, { "fascistlogging", sFascistLogging }, { "syslogfacility", sLogFacility }, +#ifdef ENABLE_LOG_AUTH + { "logauth", sLogAuth }, +#endif /* ENABLE_LOG_AUTH */ { "rhostsauthentication", sRhostsAuthentication }, { "rhostsrsaauthentication", sRhostsRSAAuthentication }, { "rsaauthentication", sRSAAuthentication }, @@@@ -313,6 +358,12 @@@@ { "kerberosauthentication", sKerberosAuthentication }, { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, { "kerberostgtpassing", sKerberosTgtPassing }, +#ifdef KRB4 + { "kerberosticketcleanup", sKerberosTicketCleanup }, +#endif +#ifdef AFS + { "afstokenpassing", sAFSTokenPassing }, +#endif { "allowtcpforwarding", sAllowTcpForwarding }, { "xauthlocation", sXauthPath }, { "checkmail", sCheckMail }, @@@@ -367,6 +418,9 @@@@ char *cp, **charptr; int linenum, *intptr, i, value; ServerOpCodes opcode; + struct addrinfo hints, *ai, *aitop; + char strport[PORTSTRLEN]; + int gaierr; f = fopen(filename, "r"); if (!f) @@@@ -389,7 +443,14 @@@@ switch (opcode) { case sPort: - intptr = &options->port; + if (options->num_ports >= MAX_PORTS) + { + fprintf(stderr, "%s line %d: too many ports.\n", + filename, linenum); + exit(1); + } + options->ports[options->num_ports] = -1; + intptr = &options->ports[options->num_ports++]; parse_int: cp = strtok(NULL, WHITESPACE); if (!cp) @@@@ -452,11 +513,25 @@@@ filename, linenum); exit(1); } -#ifdef BROKEN_INET_ADDR - options->listen_addr.s_addr = inet_network(cp); -#else /* BROKEN_INET_ADDR */ - options->listen_addr.s_addr = inet_addr(cp); -#endif /* BROKEN_INET_ADDR */ + if (options->num_ports == 0) + options->ports[options->num_ports++] = SSH_DEFAULT_PORT; + for (i = 0; i < options->num_ports; i++) + { + memset(&hints, 0, sizeof(hints)); + hints.ai_family = IPv4or6; + hints.ai_socktype = SOCK_STREAM; + sprintf(strport, "%d", options->ports[i]); + if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0) + { + fprintf(stderr, "%s line %d: bad addr or host. (%s)\n", + filename, linenum, gai_strerror(gaierr)); + exit(1); + } + for (ai = aitop; ai->ai_next; ai = ai->ai_next); + ai->ai_next = options->listen_addrs; + options->listen_addrs = aitop; + } + strtok(cp, WHITESPACE); /* getaddrinfo() may use strtok() */ break; case sHostKeyFile: @@@@ -532,6 +607,12 @@@@ *intptr = value; break; +#ifdef ENABLE_LOG_AUTH + case sLogAuth: + intptr = &options->log_auth; + goto parse_flag; +#endif /* ENABLE_LOG_AUTH */ + case sIgnoreRhosts: intptr = &options->ignore_rhosts; goto parse_flag; @@@@ -571,6 +652,18 @@@@ case sKerberosTgtPassing: intptr = &options->kerberos_tgt_passing; goto parse_flag; + +#ifdef KRB4 + case sKerberosTicketCleanup: + intptr = &options->kerberos_ticket_cleanup; + goto parse_flag; +#endif /* KRB4 */ + +#ifdef AFS + case sAFSTokenPassing: + intptr = &options->afs_token_passing; + goto parse_flag; +#endif /* AFS */ case sAllowTcpForwarding: intptr = &options->allow_tcp_forwarding; @ 1.1 log @split security/ssh and security/ssh6. security/ssh6: IPv4/v6 ready, socks unavailable, kerberos available (not tested) security/ssh: IPv4 onlyready, socks available, kerberos available (not tested) should be integrated into one whenever socks support becomes aware of getaddrinfo/getnameinfo. two directories with tons of patches/patch-* is a maintenance headache. @ text @d1 1 a1 1 $NetBSD: patch-bf,v 1.1 1999/12/25 05:28:37 kim Exp $ @