$NetBSD: patch-bf,v 1.1 2000/03/20 02:25:42 itojun Exp $
--- servconf.c.orig Wed May 12 07:19:28 1999
+++ servconf.c Fri Dec 24 21:50:42 1999
@@ -81,8 +81,8 @@
void initialize_server_options(ServerOptions *options)
{
memset(options, 0, sizeof(*options));
- options->port = -1;
- options->listen_addr.s_addr = INADDR_ANY;
+ options->num_ports = 0;
+ options->listen_addrs = NULL;
options->host_key_file = NULL;
options->random_seed_file = NULL;
options->pid_file = NULL;
@@ -92,6 +92,9 @@
options->permit_root_login = -1;
options->ignore_rhosts = -1;
options->ignore_root_rhosts = -1;
+#ifdef ENABLE_LOG_AUTH
+ options->log_auth = -1;
+#endif /* ENABLE_LOG_AUTH */
options->quiet_mode = -1;
options->fascist_logging = -1;
options->print_motd = -1;
@@ -106,6 +109,12 @@
options->kerberos_authentication = -1;
options->kerberos_or_local_passwd = -1;
options->kerberos_tgt_passing = -1;
+#if defined(KRB4)
+ options->kerberos_ticket_cleanup = -1;
+#endif /* KRB4 */
+#ifdef AFS
+ options->afs_token_passing = -1;
+#endif
options->tis_authentication = -1;
options->allow_tcp_forwarding = -1;
options->password_authentication = -1;
@@ -138,16 +147,31 @@
void fill_default_server_options(ServerOptions *options)
{
- if (options->port == -1)
+ struct addrinfo hints, *ai, *aitop;
+ char strport[PORTSTRLEN];
+ int i;
+
+ if (options->num_ports == 0)
+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
+ if (options->listen_addrs == NULL)
{
- struct servent *sp;
-
- sp = getservbyname(SSH_SERVICE_NAME, "tcp");
- if (sp)
- options->port = ntohs(sp->s_port);
- else
- options->port = SSH_DEFAULT_PORT;
- endservent();
+ for (i = 0; i < options->num_ports; i++)
+ {
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_flags = AI_PASSIVE;
+ hints.ai_family = IPv4or6;
+ hints.ai_socktype = SOCK_STREAM;
+ sprintf(strport, "%d", options->ports[i]);
+ if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)
+ {
+ fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n");
+ exit(1);
+ }
+ for (ai = aitop; ai->ai_next; ai = ai->ai_next);
+ ai->ai_next = options->listen_addrs;
+ options->listen_addrs = aitop;
+ }
+ /* freeaddrinfo(options->listen_addrs) in sshd.c */
}
if (options->host_key_file == NULL)
options->host_key_file = HOST_KEY_FILE;
@@ -190,19 +214,27 @@
if (options->rsa_authentication == -1)
options->rsa_authentication = 1;
if (options->kerberos_authentication == -1)
-#if defined(KERBEROS) && defined(KRB5)
+#if defined(KRB4) || defined(KRB5)
options->kerberos_authentication = 1;
-#else /* defined(KERBEROS) && defined(KRB5) */
+#else
options->kerberos_authentication = 0;
-#endif /* defined(KERBEROS) && defined(KRB5) */
+#endif /* defined(KRB4 || KRB5 */
if (options->kerberos_or_local_passwd == -1)
options->kerberos_or_local_passwd = 0;
if (options->kerberos_tgt_passing == -1)
-#if defined(KERBEROS_TGT_PASSING) && defined(KRB5)
+#if defined(AFS) || defined(KRB5)
options->kerberos_tgt_passing = 1;
-#else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */
+#else
options->kerberos_tgt_passing = 0;
-#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */
+#endif /* AFS || KRB5 */
+#if defined(KRB4)
+ if (options->kerberos_ticket_cleanup == -1)
+ options->kerberos_ticket_cleanup = 1;
+#endif /* KRB4 */
+#ifdef AFS
+ if (options->afs_token_passing == -1)
+ options->afs_token_passing = 1;
+#endif /* AFS */
if (options->allow_tcp_forwarding == -1)
options->allow_tcp_forwarding = 1;
if (options->tis_authentication == -1)
@@ -243,13 +275,23 @@
{
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
+#ifdef ENABLE_LOG_AUTH
+ sLogAuth,
+#endif /* ENABLE_LOG_AUTH */
sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts,
sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sPidFile,
sForcedPasswd, sForcedEmptyPasswd, sUmask, sSilentDeny, sIdleTimeout,
sUseLogin, sKerberosAuthentication, sKerberosOrLocalPasswd,
- sKerberosTgtPassing, sAllowTcpForwarding, sAllowUsers, sDenyUsers,
+ sKerberosTgtPassing,
+#ifdef KRB4
+ sKerberosTicketCleanup,
+#ifdef AFS
+ sAFSTokenPassing,
+#endif /* AFS */
+#endif /* KRB4 */
+ sAllowTcpForwarding, sAllowUsers, sDenyUsers,
sXauthPath, sCheckMail, sDenyGroups, sAllowGroups, sIgnoreRootRhosts,
sAllowSHosts, sDenySHosts, sPasswordExpireWarningDays,
sAccountExpireWarningDays
@@ -275,6 +317,9 @@
{ "quietmode", sQuietMode },
{ "fascistlogging", sFascistLogging },
{ "syslogfacility", sLogFacility },
+#ifdef ENABLE_LOG_AUTH
+ { "logauth", sLogAuth },
+#endif /* ENABLE_LOG_AUTH */
{ "rhostsauthentication", sRhostsAuthentication },
{ "rhostsrsaauthentication", sRhostsRSAAuthentication },
{ "rsaauthentication", sRSAAuthentication },
@@ -313,6 +358,12 @@
{ "kerberosauthentication", sKerberosAuthentication },
{ "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
{ "kerberostgtpassing", sKerberosTgtPassing },
+#ifdef KRB4
+ { "kerberosticketcleanup", sKerberosTicketCleanup },
+#endif
+#ifdef AFS
+ { "afstokenpassing", sAFSTokenPassing },
+#endif
{ "allowtcpforwarding", sAllowTcpForwarding },
{ "xauthlocation", sXauthPath },
{ "checkmail", sCheckMail },
@@ -367,6 +418,9 @@
char *cp, **charptr;
int linenum, *intptr, i, value;
ServerOpCodes opcode;
+ struct addrinfo hints, *ai, *aitop;
+ char strport[PORTSTRLEN];
+ int gaierr;
f = fopen(filename, "r");
if (!f)
@@ -389,7 +443,14 @@
switch (opcode)
{
case sPort:
- intptr = &options->port;
+ if (options->num_ports >= MAX_PORTS)
+ {
+ fprintf(stderr, "%s line %d: too many ports.\n",
+ filename, linenum);
+ exit(1);
+ }
+ options->ports[options->num_ports] = -1;
+ intptr = &options->ports[options->num_ports++];
parse_int:
cp = strtok(NULL, WHITESPACE);
if (!cp)
@@ -452,11 +513,25 @@
filename, linenum);
exit(1);
}
-#ifdef BROKEN_INET_ADDR
- options->listen_addr.s_addr = inet_network(cp);
-#else /* BROKEN_INET_ADDR */
- options->listen_addr.s_addr = inet_addr(cp);
-#endif /* BROKEN_INET_ADDR */
+ if (options->num_ports == 0)
+ options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
+ for (i = 0; i < options->num_ports; i++)
+ {
+ memset(&hints, 0, sizeof(hints));
+ hints.ai_family = IPv4or6;
+ hints.ai_socktype = SOCK_STREAM;
+ sprintf(strport, "%d", options->ports[i]);
+ if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0)
+ {
+ fprintf(stderr, "%s line %d: bad addr or host. (%s)\n",
+ filename, linenum, gai_strerror(gaierr));
+ exit(1);
+ }
+ for (ai = aitop; ai->ai_next; ai = ai->ai_next);
+ ai->ai_next = options->listen_addrs;
+ options->listen_addrs = aitop;
+ }
+ strtok(cp, WHITESPACE); /* getaddrinfo() may use strtok() */
break;
case sHostKeyFile:
@@ -532,6 +607,12 @@
*intptr = value;
break;
+#ifdef ENABLE_LOG_AUTH
+ case sLogAuth:
+ intptr = &options->log_auth;
+ goto parse_flag;
+#endif /* ENABLE_LOG_AUTH */
+
case sIgnoreRhosts:
intptr = &options->ignore_rhosts;
goto parse_flag;
@@ -571,6 +652,18 @@
case sKerberosTgtPassing:
intptr = &options->kerberos_tgt_passing;
goto parse_flag;
+
+#ifdef KRB4
+ case sKerberosTicketCleanup:
+ intptr = &options->kerberos_ticket_cleanup;
+ goto parse_flag;
+#endif /* KRB4 */
+
+#ifdef AFS
+ case sAFSTokenPassing:
+ intptr = &options->afs_token_passing;
+ goto parse_flag;
+#endif /* AFS */
case sAllowTcpForwarding:
intptr = &options->allow_tcp_forwarding;