$NetBSD: patch-bf,v 1.1 2000/03/20 02:25:42 itojun Exp $

--- servconf.c.orig	Wed May 12 07:19:28 1999
+++ servconf.c	Fri Dec 24 21:50:42 1999
@@ -81,8 +81,8 @@
 void initialize_server_options(ServerOptions *options)
 {
   memset(options, 0, sizeof(*options));
-  options->port = -1;
-  options->listen_addr.s_addr = INADDR_ANY;
+  options->num_ports = 0;
+  options->listen_addrs = NULL;
   options->host_key_file = NULL;
   options->random_seed_file = NULL;
   options->pid_file = NULL;
@@ -92,6 +92,9 @@
   options->permit_root_login = -1;
   options->ignore_rhosts = -1;
   options->ignore_root_rhosts = -1;
+#ifdef ENABLE_LOG_AUTH
+  options->log_auth = -1;
+#endif /* ENABLE_LOG_AUTH */
   options->quiet_mode = -1;
   options->fascist_logging = -1;
   options->print_motd = -1;
@@ -106,6 +109,12 @@
   options->kerberos_authentication = -1;
   options->kerberos_or_local_passwd = -1;
   options->kerberos_tgt_passing = -1;
+#if defined(KRB4)
+  options->kerberos_ticket_cleanup = -1;
+#endif /* KRB4 */
+#ifdef AFS
+  options->afs_token_passing = -1;
+#endif
   options->tis_authentication = -1;
   options->allow_tcp_forwarding = -1;
   options->password_authentication = -1;
@@ -138,16 +147,31 @@
 
 void fill_default_server_options(ServerOptions *options)
 {
-  if (options->port == -1)
+  struct addrinfo hints, *ai, *aitop;
+  char strport[PORTSTRLEN];
+  int i;
+
+  if (options->num_ports == 0)
+    options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
+  if (options->listen_addrs == NULL)
     {
-      struct servent *sp;
-
-      sp = getservbyname(SSH_SERVICE_NAME, "tcp");
-      if (sp)
-	options->port = ntohs(sp->s_port);
-      else
-	options->port = SSH_DEFAULT_PORT;
-      endservent();
+      for (i = 0; i < options->num_ports; i++)
+	{
+	  memset(&hints, 0, sizeof(hints));
+	  hints.ai_flags = AI_PASSIVE;
+	  hints.ai_family = IPv4or6;
+	  hints.ai_socktype = SOCK_STREAM;
+	  sprintf(strport, "%d", options->ports[i]);
+	  if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)
+	    {
+	      fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n");
+	      exit(1);
+	    }
+	  for (ai = aitop; ai->ai_next; ai = ai->ai_next);
+	  ai->ai_next = options->listen_addrs;
+	  options->listen_addrs = aitop;
+	}
+      /* freeaddrinfo(options->listen_addrs) in sshd.c */
     }
   if (options->host_key_file == NULL)
     options->host_key_file = HOST_KEY_FILE;
@@ -190,19 +214,27 @@
   if (options->rsa_authentication == -1)
     options->rsa_authentication = 1;
   if (options->kerberos_authentication == -1)
-#if defined(KERBEROS) && defined(KRB5)
+#if defined(KRB4) || defined(KRB5)
     options->kerberos_authentication = 1;
-#else  /* defined(KERBEROS) && defined(KRB5) */
+#else
     options->kerberos_authentication = 0;
-#endif /* defined(KERBEROS) && defined(KRB5) */
+#endif /* defined(KRB4 || KRB5 */
   if (options->kerberos_or_local_passwd == -1)
     options->kerberos_or_local_passwd = 0;
   if (options->kerberos_tgt_passing == -1)
-#if defined(KERBEROS_TGT_PASSING) && defined(KRB5)
+#if defined(AFS) || defined(KRB5)
     options->kerberos_tgt_passing = 1;
-#else  /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */
+#else
     options->kerberos_tgt_passing = 0;
-#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */
+#endif /* AFS || KRB5 */
+#if defined(KRB4)
+  if (options->kerberos_ticket_cleanup == -1)
+    options->kerberos_ticket_cleanup = 1;
+#endif /* KRB4 */
+#ifdef AFS
+  if (options->afs_token_passing == -1)
+    options->afs_token_passing = 1;
+#endif /* AFS */
   if (options->allow_tcp_forwarding == -1)
     options->allow_tcp_forwarding = 1;
   if (options->tis_authentication == -1)
@@ -243,13 +275,23 @@
 {
   sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
   sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
+#ifdef ENABLE_LOG_AUTH
+  sLogAuth,
+#endif /* ENABLE_LOG_AUTH */
   sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
   sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts,
   sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
   sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sPidFile,
   sForcedPasswd, sForcedEmptyPasswd, sUmask, sSilentDeny, sIdleTimeout,
   sUseLogin, sKerberosAuthentication, sKerberosOrLocalPasswd,
-  sKerberosTgtPassing, sAllowTcpForwarding, sAllowUsers, sDenyUsers,
+  sKerberosTgtPassing,
+#ifdef KRB4
+  sKerberosTicketCleanup,
+#ifdef AFS
+  sAFSTokenPassing,
+#endif /* AFS */
+#endif /* KRB4 */
+  sAllowTcpForwarding, sAllowUsers, sDenyUsers,
   sXauthPath, sCheckMail, sDenyGroups, sAllowGroups, sIgnoreRootRhosts,
   sAllowSHosts, sDenySHosts, sPasswordExpireWarningDays,
   sAccountExpireWarningDays
@@ -275,6 +317,9 @@
   { "quietmode", sQuietMode },
   { "fascistlogging", sFascistLogging },
   { "syslogfacility", sLogFacility },
+#ifdef ENABLE_LOG_AUTH
+  { "logauth", sLogAuth },
+#endif /* ENABLE_LOG_AUTH */
   { "rhostsauthentication", sRhostsAuthentication },
   { "rhostsrsaauthentication", sRhostsRSAAuthentication },
   { "rsaauthentication", sRSAAuthentication },
@@ -313,6 +358,12 @@
   { "kerberosauthentication", sKerberosAuthentication },
   { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
   { "kerberostgtpassing", sKerberosTgtPassing },
+#ifdef KRB4
+  { "kerberosticketcleanup", sKerberosTicketCleanup },
+#endif
+#ifdef AFS
+  { "afstokenpassing", sAFSTokenPassing },
+#endif
   { "allowtcpforwarding", sAllowTcpForwarding },
   { "xauthlocation", sXauthPath },
   { "checkmail", sCheckMail },
@@ -367,6 +418,9 @@
   char *cp, **charptr;
   int linenum, *intptr, i, value;
   ServerOpCodes opcode;
+  struct addrinfo hints, *ai, *aitop;
+  char strport[PORTSTRLEN];
+  int gaierr;
 
   f = fopen(filename, "r");
   if (!f)
@@ -389,7 +443,14 @@
       switch (opcode)
 	{
 	case sPort:
-	  intptr = &options->port;
+	  if (options->num_ports >= MAX_PORTS)
+	    {
+	      fprintf(stderr, "%s line %d: too many ports.\n",
+		      filename, linenum);
+	      exit(1);
+	    }
+	  options->ports[options->num_ports] = -1;
+	  intptr = &options->ports[options->num_ports++];
 	parse_int:
 	  cp = strtok(NULL, WHITESPACE);
 	  if (!cp)
@@ -452,11 +513,25 @@
 		      filename, linenum);
 	      exit(1);
 	    }
-#ifdef BROKEN_INET_ADDR
-	  options->listen_addr.s_addr = inet_network(cp);
-#else /* BROKEN_INET_ADDR */
-	  options->listen_addr.s_addr = inet_addr(cp);
-#endif /* BROKEN_INET_ADDR */
+	  if (options->num_ports == 0)
+	    options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
+	  for (i = 0; i < options->num_ports; i++)
+	    {
+	      memset(&hints, 0, sizeof(hints));
+	      hints.ai_family = IPv4or6;
+	      hints.ai_socktype = SOCK_STREAM;
+	      sprintf(strport, "%d", options->ports[i]);
+	      if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0)
+		{
+		  fprintf(stderr, "%s line %d: bad addr or host. (%s)\n",
+			  filename, linenum, gai_strerror(gaierr));
+		  exit(1);
+		}
+	      for (ai = aitop; ai->ai_next; ai = ai->ai_next);
+	      ai->ai_next = options->listen_addrs;
+	      options->listen_addrs = aitop;
+	    }
+	  strtok(cp, WHITESPACE);	/* getaddrinfo() may use strtok() */
 	  break;
 
 	case sHostKeyFile:
@@ -532,6 +607,12 @@
 	    *intptr = value;
 	  break;
 
+#ifdef ENABLE_LOG_AUTH
+	case sLogAuth:
+	  intptr = &options->log_auth;
+	  goto parse_flag;
+#endif /* ENABLE_LOG_AUTH */
+
 	case sIgnoreRhosts:
 	  intptr = &options->ignore_rhosts;
 	  goto parse_flag;
@@ -571,6 +652,18 @@
  	case sKerberosTgtPassing:
  	  intptr = &options->kerberos_tgt_passing;
  	  goto parse_flag;
+
+#ifdef KRB4
+	case sKerberosTicketCleanup:
+	  intptr = &options->kerberos_ticket_cleanup;
+	  goto parse_flag;
+#endif /* KRB4 */
+
+#ifdef AFS
+	case sAFSTokenPassing:
+	  intptr = &options->afs_token_passing;
+	  goto parse_flag;
+#endif /* AFS */
 	  
  	case sAllowTcpForwarding:
  	  intptr = &options->allow_tcp_forwarding;