head 1.3; access; symbols pkgsrc-2013Q2:1.3.0.50 pkgsrc-2013Q2-base:1.3 pkgsrc-2012Q4:1.3.0.48 pkgsrc-2012Q4-base:1.3 pkgsrc-2011Q4:1.3.0.46 pkgsrc-2011Q4-base:1.3 pkgsrc-2011Q2:1.3.0.44 pkgsrc-2011Q2-base:1.3 pkgsrc-2009Q4:1.3.0.42 pkgsrc-2009Q4-base:1.3 pkgsrc-2008Q4:1.3.0.40 pkgsrc-2008Q4-base:1.3 pkgsrc-2008Q3:1.3.0.38 pkgsrc-2008Q3-base:1.3 cube-native-xorg:1.3.0.36 cube-native-xorg-base:1.3 pkgsrc-2008Q2:1.3.0.34 pkgsrc-2008Q2-base:1.3 pkgsrc-2008Q1:1.3.0.32 pkgsrc-2008Q1-base:1.3 pkgsrc-2007Q4:1.3.0.30 pkgsrc-2007Q4-base:1.3 pkgsrc-2007Q3:1.3.0.28 pkgsrc-2007Q3-base:1.3 pkgsrc-2007Q2:1.3.0.26 pkgsrc-2007Q2-base:1.3 pkgsrc-2007Q1:1.3.0.24 pkgsrc-2007Q1-base:1.3 pkgsrc-2006Q4:1.3.0.22 pkgsrc-2006Q4-base:1.3 pkgsrc-2006Q3:1.3.0.20 pkgsrc-2006Q3-base:1.3 pkgsrc-2006Q2:1.3.0.18 pkgsrc-2006Q2-base:1.3 pkgsrc-2006Q1:1.3.0.16 pkgsrc-2006Q1-base:1.3 pkgsrc-2005Q4:1.3.0.14 pkgsrc-2005Q4-base:1.3 pkgsrc-2005Q3:1.3.0.12 pkgsrc-2005Q3-base:1.3 pkgsrc-2005Q2:1.3.0.10 pkgsrc-2005Q2-base:1.3 pkgsrc-2005Q1:1.3.0.8 pkgsrc-2005Q1-base:1.3 pkgsrc-2004Q4:1.3.0.6 pkgsrc-2004Q4-base:1.3 pkgsrc-2004Q3:1.3.0.4 pkgsrc-2004Q3-base:1.3 pkgsrc-2004Q2:1.3.0.2 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.2.0.12 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.2.0.10 pkgsrc-2003Q4-base:1.2 netbsd-1-6-1:1.2.0.6 netbsd-1-6-1-base:1.2 netbsd-1-6:1.2.0.8 netbsd-1-6-RELEASE-base:1.2 pkgviews:1.2.0.4 pkgviews-base:1.2 buildlink2:1.2.0.2 buildlink2-base:1.2 netbsd-1-5-PATCH003:1.2 netbsd-1-5-PATCH001:1.2 netbsd-1-5-RELEASE:1.2 netbsd-1-4-PATCH003:1.2 netbsd-1-4-PATCH002:1.1; locks; strict; comment @# @; 1.3 date 2004.06.01.21.50.38; author kristerw; state dead; branches; next 1.2; 1.2 date 2000.03.20.02.25.55; author itojun; state Exp; branches; next 1.1; 1.1 date 99.12.25.05.28.37; author kim; state Exp; branches; next ; desc @@ 1.3 log @Remove obsolete packages, per discussion on tech-pkg. @ text @$NetBSD: patch-bf,v 1.2 2000/03/20 02:25:55 itojun Exp $ --- servconf.c- Wed May 12 20:19:28 1999 +++ servconf.c Mon Mar 20 09:47:32 2000 @@@@ -106,6 +106,12 @@@@ options->kerberos_authentication = -1; options->kerberos_or_local_passwd = -1; options->kerberos_tgt_passing = -1; +#if defined(KRB4) + options->kerberos_ticket_cleanup = -1; +#endif /* KRB4 */ +#ifdef AFS + options->afs_token_passing = -1; +#endif options->tis_authentication = -1; options->allow_tcp_forwarding = -1; options->password_authentication = -1; @@@@ -190,19 +196,27 @@@@ if (options->rsa_authentication == -1) options->rsa_authentication = 1; if (options->kerberos_authentication == -1) -#if defined(KERBEROS) && defined(KRB5) +#if defined(KRB4) || defined(KRB5) options->kerberos_authentication = 1; -#else /* defined(KERBEROS) && defined(KRB5) */ +#else options->kerberos_authentication = 0; -#endif /* defined(KERBEROS) && defined(KRB5) */ +#endif /* defined(KRB4 || KRB5 */ if (options->kerberos_or_local_passwd == -1) options->kerberos_or_local_passwd = 0; if (options->kerberos_tgt_passing == -1) -#if defined(KERBEROS_TGT_PASSING) && defined(KRB5) +#if defined(AFS) || defined(KRB5) options->kerberos_tgt_passing = 1; -#else /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ +#else options->kerberos_tgt_passing = 0; -#endif /* defined(KERBEROS_TGT_PASSING) && defined(KRB5) */ +#endif /* AFS || KRB5 */ +#if defined(KRB4) + if (options->kerberos_ticket_cleanup == -1) + options->kerberos_ticket_cleanup = 1; +#endif /* KRB4 */ +#ifdef AFS + if (options->afs_token_passing == -1) + options->afs_token_passing = 1; +#endif /* AFS */ if (options->allow_tcp_forwarding == -1) options->allow_tcp_forwarding = 1; if (options->tis_authentication == -1) @@@@ -249,7 +263,14 @@@@ sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sPidFile, sForcedPasswd, sForcedEmptyPasswd, sUmask, sSilentDeny, sIdleTimeout, sUseLogin, sKerberosAuthentication, sKerberosOrLocalPasswd, - sKerberosTgtPassing, sAllowTcpForwarding, sAllowUsers, sDenyUsers, + sKerberosTgtPassing, +#ifdef KRB4 + sKerberosTicketCleanup, +#ifdef AFS + sAFSTokenPassing, +#endif /* AFS */ +#endif /* KRB4 */ + sAllowTcpForwarding, sAllowUsers, sDenyUsers, sXauthPath, sCheckMail, sDenyGroups, sAllowGroups, sIgnoreRootRhosts, sAllowSHosts, sDenySHosts, sPasswordExpireWarningDays, sAccountExpireWarningDays @@@@ -313,6 +334,12 @@@@ { "kerberosauthentication", sKerberosAuthentication }, { "kerberosorlocalpasswd", sKerberosOrLocalPasswd }, { "kerberostgtpassing", sKerberosTgtPassing }, +#ifdef KRB4 + { "kerberosticketcleanup", sKerberosTicketCleanup }, +#endif +#ifdef AFS + { "afstokenpassing", sAFSTokenPassing }, +#endif { "allowtcpforwarding", sAllowTcpForwarding }, { "xauthlocation", sXauthPath }, { "checkmail", sCheckMail }, @@@@ -571,6 +598,18 @@@@ case sKerberosTgtPassing: intptr = &options->kerberos_tgt_passing; goto parse_flag; + +#ifdef KRB4 + case sKerberosTicketCleanup: + intptr = &options->kerberos_ticket_cleanup; + goto parse_flag; +#endif /* KRB4 */ + +#ifdef AFS + case sAFSTokenPassing: + intptr = &options->afs_token_passing; + goto parse_flag; +#endif /* AFS */ case sAllowTcpForwarding: intptr = &options->allow_tcp_forwarding; @ 1.2 log @split security/ssh and security/ssh6. security/ssh6: IPv4/v6 ready, socks unavailable, kerberos available (not tested) security/ssh: IPv4 onlyready, socks available, kerberos available (not tested) should be integrated into one whenever socks support becomes aware of getaddrinfo/getnameinfo. two directories with tons of patches/patch-* is a maintenance headache. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Folded in IPv6 and Kerberos IV patches, so that both can be compiled. This also fixes problems with Kerberos IV and V support clashing (you still have to choose one or the other at compile time, though). Compiles and runs on 1.4O -- needs testing on 1.4.2, and also some closer looking at certain patches (e.g. patch-au has a "#if 0" that could maybe be something else). @ text @d3 3 a5 24 --- servconf.c.orig Wed May 12 07:19:28 1999 +++ servconf.c Fri Dec 24 21:50:42 1999 @@@@ -81,8 +81,8 @@@@ void initialize_server_options(ServerOptions *options) { memset(options, 0, sizeof(*options)); - options->port = -1; - options->listen_addr.s_addr = INADDR_ANY; + options->num_ports = 0; + options->listen_addrs = NULL; options->host_key_file = NULL; options->random_seed_file = NULL; options->pid_file = NULL; @@@@ -92,6 +92,9 @@@@ options->permit_root_login = -1; options->ignore_rhosts = -1; options->ignore_root_rhosts = -1; +#ifdef ENABLE_LOG_AUTH + options->log_auth = -1; +#endif /* ENABLE_LOG_AUTH */ options->quiet_mode = -1; options->fascist_logging = -1; options->print_motd = -1; @@@@ -106,6 +109,12 @@@@ d18 1 a18 42 @@@@ -138,16 +147,31 @@@@ void fill_default_server_options(ServerOptions *options) { - if (options->port == -1) + struct addrinfo hints, *ai, *aitop; + char strport[PORTSTRLEN]; + int i; + + if (options->num_ports == 0) + options->ports[options->num_ports++] = SSH_DEFAULT_PORT; + if (options->listen_addrs == NULL) { - struct servent *sp; - - sp = getservbyname(SSH_SERVICE_NAME, "tcp"); - if (sp) - options->port = ntohs(sp->s_port); - else - options->port = SSH_DEFAULT_PORT; - endservent(); + for (i = 0; i < options->num_ports; i++) + { + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_PASSIVE; + hints.ai_family = IPv4or6; + hints.ai_socktype = SOCK_STREAM; + sprintf(strport, "%d", options->ports[i]); + if (getaddrinfo(NULL, strport, &hints, &aitop) != 0) + { + fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n"); + exit(1); + } + for (ai = aitop; ai->ai_next; ai = ai->ai_next); + ai->ai_next = options->listen_addrs; + options->listen_addrs = aitop; + } + /* freeaddrinfo(options->listen_addrs) in sshd.c */ } if (options->host_key_file == NULL) options->host_key_file = HOST_KEY_FILE; @@@@ -190,19 +214,27 @@@@ d52 1 a52 10 @@@@ -243,13 +275,23 @@@@ { sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility, +#ifdef ENABLE_LOG_AUTH + sLogAuth, +#endif /* ENABLE_LOG_AUTH */ sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication, sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts, sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, d68 1 a68 11 @@@@ -275,6 +317,9 @@@@ { "quietmode", sQuietMode }, { "fascistlogging", sFascistLogging }, { "syslogfacility", sLogFacility }, +#ifdef ENABLE_LOG_AUTH + { "logauth", sLogAuth }, +#endif /* ENABLE_LOG_AUTH */ { "rhostsauthentication", sRhostsAuthentication }, { "rhostsrsaauthentication", sRhostsRSAAuthentication }, { "rsaauthentication", sRSAAuthentication }, @@@@ -313,6 +358,12 @@@@ d81 1 a81 71 @@@@ -367,6 +418,9 @@@@ char *cp, **charptr; int linenum, *intptr, i, value; ServerOpCodes opcode; + struct addrinfo hints, *ai, *aitop; + char strport[PORTSTRLEN]; + int gaierr; f = fopen(filename, "r"); if (!f) @@@@ -389,7 +443,14 @@@@ switch (opcode) { case sPort: - intptr = &options->port; + if (options->num_ports >= MAX_PORTS) + { + fprintf(stderr, "%s line %d: too many ports.\n", + filename, linenum); + exit(1); + } + options->ports[options->num_ports] = -1; + intptr = &options->ports[options->num_ports++]; parse_int: cp = strtok(NULL, WHITESPACE); if (!cp) @@@@ -452,11 +513,25 @@@@ filename, linenum); exit(1); } -#ifdef BROKEN_INET_ADDR - options->listen_addr.s_addr = inet_network(cp); -#else /* BROKEN_INET_ADDR */ - options->listen_addr.s_addr = inet_addr(cp); -#endif /* BROKEN_INET_ADDR */ + if (options->num_ports == 0) + options->ports[options->num_ports++] = SSH_DEFAULT_PORT; + for (i = 0; i < options->num_ports; i++) + { + memset(&hints, 0, sizeof(hints)); + hints.ai_family = IPv4or6; + hints.ai_socktype = SOCK_STREAM; + sprintf(strport, "%d", options->ports[i]); + if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0) + { + fprintf(stderr, "%s line %d: bad addr or host. (%s)\n", + filename, linenum, gai_strerror(gaierr)); + exit(1); + } + for (ai = aitop; ai->ai_next; ai = ai->ai_next); + ai->ai_next = options->listen_addrs; + options->listen_addrs = aitop; + } + strtok(cp, WHITESPACE); /* getaddrinfo() may use strtok() */ break; case sHostKeyFile: @@@@ -532,6 +607,12 @@@@ *intptr = value; break; +#ifdef ENABLE_LOG_AUTH + case sLogAuth: + intptr = &options->log_auth; + goto parse_flag; +#endif /* ENABLE_LOG_AUTH */ + case sIgnoreRhosts: intptr = &options->ignore_rhosts; goto parse_flag; @@@@ -571,6 +652,18 @@@@ @