head	1.3;
access;
symbols
	RELEASE_7_4_0:1.2
	RELEASE_8_2_0:1.2
	RELEASE_6_EOL:1.2
	RELEASE_8_1_0:1.2
	RELEASE_7_3_0:1.2
	RELEASE_8_0_0:1.2
	RELEASE_7_2_0:1.2
	RELEASE_7_1_0:1.2
	RELEASE_6_4_0:1.2
	RELEASE_5_EOL:1.2
	RELEASE_7_0_0:1.2
	RELEASE_6_3_0:1.2
	PRE_XORG_7:1.2
	RELEASE_4_EOL:1.2
	RELEASE_6_2_0:1.2
	RELEASE_6_1_0:1.2
	RELEASE_5_5_0:1.2
	RELEASE_6_0_0:1.2
	RELEASE_5_4_0:1.2
	RELEASE_4_11_0:1.2
	RELEASE_5_3_0:1.2
	RELEASE_4_10_0:1.2
	RELEASE_5_2_1:1.2
	RELEASE_5_2_0:1.2
	RELEASE_4_9_0:1.2
	RELEASE_5_1_0:1.2
	RELEASE_4_8_0:1.2
	RELEASE_5_0_0:1.2
	RELEASE_4_7_0:1.2
	RELEASE_4_6_2:1.1
	RELEASE_4_6_1:1.1
	ssh_1_2_33:1.2
	ssh_1_2_32:1.2
	ssh_1_2_31:1.2
	ssh_1_2_30:1.2
	ssh_1_2_29:1.2
	ssh_1_2_28:1.2
	ssh_1_2_27:1.1
	RELEASE_4_6_0:1.1
	RELEASE_5_0_DP1:1.1
	RELEASE_4_5_0:1.1
	RELEASE_4_4_0:1.1
	RELEASE_4_3_0:1.1
	RELEASE_4_2_0:1.1
	RELEASE_4_1_1:1.1
	RELEASE_4_1_0:1.1
	RELEASE_3_5_0:1.1
	RELEASE_4_0_0:1.1;
locks; strict;
comment	@# @;


1.3
date	2011.05.01.20.14.19;	author bapt;	state dead;
branches;
next	1.2;

1.2
date	2002.06.29.18.13.36;	author obrien;	state Exp;
branches;
next	1.1;

1.1
date	2000.01.14.19.37.38;	author torstenb;	state Exp;
branches;
next	;


desc
@@


1.3
log
@Remove unmaintained expired ports from security

2011-05-01 security/aafid2: Upstream disapear and distfile is no more available
2011-05-01 security/bjorb: Upstream disapear and distfile is no more available
2011-05-01 security/borzoi: Upstream disapear and distfile is no more available
2011-05-01 security/cmd5checkpw: Upstream disapear and distfile is no more available
2011-05-01 security/cops: Upstream disapear and distfile is no more available
2011-05-01 security/find_ddos: Upstream disapear and distfile is no more available
2011-05-01 security/ftpmap: Upstream disapear and distfile is no more available
2011-05-01 security/hafiye: Upstream disapear and distfile is no more available
2011-05-01 security/ident2: Upstream disapear and distfile is no more available
2011-05-01 security/liedentd: Upstream disapear and distfile is no more available
2011-05-01 security/pam_pop3: Upstream disapear and distfile is no more available
2011-05-01 security/poc: Upstream disapear and distfile is no more available
2011-05-01 security/portscanner: Upstream disapear and distfile is no more available
2011-05-01 security/ppgen: Upstream disapear and distfile is no more available
2011-05-01 security/qident: Upstream disapear and distfile is no more available
2011-05-01 security/quintuple-agent: Upstream disapear and distfile is no more available
2011-05-01 security/rc5pipe: Upstream disapear and distfile is no more available
2011-05-01 security/rid: Upstream disapear and distfile is no more available
2011-05-01 security/ssh: Upstream disapear and distfile is no more available
2011-05-01 security/tea-total: Upstream disapear and distfile is no more available
2011-05-01 security/uberkey: Upstream disapear and distfile is no more available
@
text
@--- servconf.c.orig	Thu Jan 17 05:35:34 2002
+++ servconf.c	Fri Jun 21 16:22:56 2002
@@@@ -88,8 +88,8 @@@@
 void initialize_server_options(ServerOptions *options)
 {
   memset(options, 0, sizeof(*options));
-  options->port = -1;
-  options->listen_addr.s_addr = INADDR_ANY;
+  options->num_ports = 0;
+  options->listen_addrs = NULL;
   options->host_key_file = NULL;
   options->random_seed_file = NULL;
   options->pid_file = NULL;
@@@@ -99,6 +99,9 @@@@
   options->permit_root_login = -1;
   options->ignore_rhosts = -1;
   options->ignore_root_rhosts = -1;
+#ifdef ENABLE_LOG_AUTH
+  options->log_auth = -1;
+#endif /* ENABLE_LOG_AUTH */
   options->quiet_mode = -1;
   options->fascist_logging = -1;
   options->print_motd = -1;
@@@@ -145,17 +148,33 @@@@
 
 void fill_default_server_options(ServerOptions *options)
 {
-  if (options->port == -1)
+  struct addrinfo hints, *ai, *aitop;
+  char strport[PORTSTRLEN];
+  int i;
+
+  if (options->num_ports == 0)
+    options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
+  if (options->listen_addrs == NULL)
     {
-      struct servent *sp;
+      for (i = 0; i < options->num_ports; i++)
+	{
+	  memset(&hints, 0, sizeof(hints));
+	  hints.ai_flags = AI_PASSIVE;
+	  hints.ai_family = IPv4or6;
+	  hints.ai_socktype = SOCK_STREAM;
+	  sprintf(strport, "%d", options->ports[i]);
+	  if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)
+	    {
+	      fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n");
+	      exit(1);
+	    }
+	  for (ai = aitop; ai->ai_next; ai = ai->ai_next);
+	  ai->ai_next = options->listen_addrs;
+	  options->listen_addrs = aitop;
+	}
+      /* freeaddrinfo(options->listen_addrs) in sshd.c */
+      }
 
-      sp = getservbyname(SSH_SERVICE_NAME, "tcp");
-      if (sp)
-        options->port = ntohs(sp->s_port);
-      else
-        options->port = SSH_DEFAULT_PORT;
-      endservent();
-    }
   if (options->host_key_file == NULL)
     options->host_key_file = HOST_KEY_FILE;
   if (options->random_seed_file == NULL)
@@@@ -250,6 +269,9 @@@@
 {
   sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
   sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
+#ifdef ENABLE_LOG_AUTH
+  sLogAuth,
+#endif /* ENABLE_LOG_AUTH */
   sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
   sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts,
   sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
@@@@ -282,6 +304,9 @@@@
   { "quietmode", sQuietMode },
   { "fascistlogging", sFascistLogging },
   { "syslogfacility", sLogFacility },
+#ifdef ENABLE_LOG_AUTH
+  { "logauth", sLogAuth },
+#endif /* ENABLE_LOG_AUTH */
   { "rhostsauthentication", sRhostsAuthentication },
   { "rhostsrsaauthentication", sRhostsRSAAuthentication },
   { "rsaauthentication", sRSAAuthentication },
@@@@ -375,6 +400,9 @@@@
   char *cp, **charptr;
   int linenum, *intptr, i, value;
   ServerOpCodes opcode;
+  struct addrinfo hints, *ai, *aitop;
+  char strport[PORTSTRLEN];
+  int gaierr;
 
   f = fopen(filename, "r");
   if (!f)
@@@@ -397,7 +425,14 @@@@
       switch (opcode)
         {
         case sPort:
-          intptr = &options->port;
+	  if (options->num_ports >= MAX_PORTS)
+	    {
+	      fprintf(stderr, "%s line %d: too many ports.\n",
+		      filename, linenum);
+	      exit(1);
+	    }
+	  options->ports[options->num_ports] = -1;
+	  intptr = &options->ports[options->num_ports++];
         parse_int:
           cp = strtok(NULL, WHITESPACE);
           if (!cp)
@@@@ -460,12 +495,26 @@@@
                       filename, linenum);
               exit(1);
             }
-#ifdef BROKEN_INET_ADDR
-          options->listen_addr.s_addr = inet_network(cp);
-#else /* BROKEN_INET_ADDR */
-          options->listen_addr.s_addr = inet_addr(cp);
-#endif /* BROKEN_INET_ADDR */
-          break;
+	  if (options->num_ports == 0)
+	    options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
+	  for (i = 0; i < options->num_ports; i++)
+	    {
+	      memset(&hints, 0, sizeof(hints));
+	      hints.ai_family = IPv4or6;
+	      hints.ai_socktype = SOCK_STREAM;
+	      sprintf(strport, "%d", options->ports[i]);
+	      if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0)
+		{
+		  fprintf(stderr, "%s line %d: bad addr or host. (%s)\n",
+			  filename, linenum, gai_strerror(gaierr));
+		  exit(1);
+		}
+	      for (ai = aitop; ai->ai_next; ai = ai->ai_next);
+	      ai->ai_next = options->listen_addrs;
+	      options->listen_addrs = aitop;
+	    }
+	  strtok(cp, WHITESPACE);	/* getaddrinfo() may use strtok() */
+  	  break;
 
         case sHostKeyFile:
           charptr = &options->host_key_file;
@@@@ -539,6 +588,12 @@@@
           if (*intptr == -1)
             *intptr = value;
           break;
+
+#ifdef ENABLE_LOG_AUTH
+	case sLogAuth:
+	  intptr = &options->log_auth;
+	  goto parse_flag;
+#endif /* ENABLE_LOG_AUTH */
 
         case sIgnoreRhosts:
           intptr = &options->ignore_rhosts;
@


1.2
log
@Update to version 1.2.28.
@
text
@@


1.1
log
@Add IPv6 support to ssh.
The IPv6 patch was obtained from the kame repository and has been
been writen by KIKUCHI Takahiro <kick@@kyoto.wide.ad.jp>

Due to the whole mess with different patches it was necessary to include
both the IPv6 patch and patch-ssh-1.2.27-bsd.tty.chown in ${PATCHDIR}.
Since both patches modify the configure script it was also necessary
to rebuild it via autoconf from configure.in. I've decided to use
USE_AUTOCONF instead of including the re-build configure script in
${FILESDIR}

Obtained from:	KAME/WIDE
@
text
@d1 158
a158 197
*** servconf.c.orig	Wed May 12 13:19:28 1999
--- servconf.c	Mon Jan 10 22:56:13 2000
***************
*** 81,88 ****
  void initialize_server_options(ServerOptions *options)
  {
    memset(options, 0, sizeof(*options));
!   options->port = -1;
!   options->listen_addr.s_addr = INADDR_ANY;
    options->host_key_file = NULL;
    options->random_seed_file = NULL;
    options->pid_file = NULL;
--- 81,88 ----
  void initialize_server_options(ServerOptions *options)
  {
    memset(options, 0, sizeof(*options));
!   options->num_ports = 0;
!   options->listen_addrs = NULL;
    options->host_key_file = NULL;
    options->random_seed_file = NULL;
    options->pid_file = NULL;
***************
*** 92,97 ****
--- 92,100 ----
    options->permit_root_login = -1;
    options->ignore_rhosts = -1;
    options->ignore_root_rhosts = -1;
+ #ifdef ENABLE_LOG_AUTH
+   options->log_auth = -1;
+ #endif /* ENABLE_LOG_AUTH */
    options->quiet_mode = -1;
    options->fascist_logging = -1;
    options->print_motd = -1;
***************
*** 138,153 ****
  
  void fill_default_server_options(ServerOptions *options)
  {
!   if (options->port == -1)
      {
!       struct servent *sp;
! 
!       sp = getservbyname(SSH_SERVICE_NAME, "tcp");
!       if (sp)
! 	options->port = ntohs(sp->s_port);
!       else
! 	options->port = SSH_DEFAULT_PORT;
!       endservent();
      }
    if (options->host_key_file == NULL)
      options->host_key_file = HOST_KEY_FILE;
--- 141,171 ----
  
  void fill_default_server_options(ServerOptions *options)
  {
!   struct addrinfo hints, *ai, *aitop;
!   char strport[PORTSTRLEN];
!   int i;
! 
!   if (options->num_ports == 0)
!     options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
!   if (options->listen_addrs == NULL)
      {
!       for (i = 0; i < options->num_ports; i++)
! 	{
! 	  memset(&hints, 0, sizeof(hints));
! 	  hints.ai_flags = AI_PASSIVE;
! 	  hints.ai_family = IPv4or6;
! 	  hints.ai_socktype = SOCK_STREAM;
! 	  sprintf(strport, "%d", options->ports[i]);
! 	  if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)
! 	    {
! 	      fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n");
! 	      exit(1);
! 	    }
! 	  for (ai = aitop; ai->ai_next; ai = ai->ai_next);
! 	  ai->ai_next = options->listen_addrs;
! 	  options->listen_addrs = aitop;
! 	}
!       /* freeaddrinfo(options->listen_addrs) in sshd.c */
      }
    if (options->host_key_file == NULL)
      options->host_key_file = HOST_KEY_FILE;
***************
*** 243,248 ****
--- 261,269 ----
  {
    sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
    sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
+ #ifdef ENABLE_LOG_AUTH
+   sLogAuth,
+ #endif /* ENABLE_LOG_AUTH */
    sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
    sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts,
    sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
***************
*** 275,280 ****
--- 296,304 ----
    { "quietmode", sQuietMode },
    { "fascistlogging", sFascistLogging },
    { "syslogfacility", sLogFacility },
+ #ifdef ENABLE_LOG_AUTH
+   { "logauth", sLogAuth },
+ #endif /* ENABLE_LOG_AUTH */
    { "rhostsauthentication", sRhostsAuthentication },
    { "rhostsrsaauthentication", sRhostsRSAAuthentication },
    { "rsaauthentication", sRSAAuthentication },
***************
*** 367,372 ****
--- 391,399 ----
    char *cp, **charptr;
    int linenum, *intptr, i, value;
    ServerOpCodes opcode;
+   struct addrinfo hints, *ai, *aitop;
+   char strport[PORTSTRLEN];
+   int gaierr;
  
    f = fopen(filename, "r");
    if (!f)
***************
*** 389,395 ****
        switch (opcode)
  	{
  	case sPort:
! 	  intptr = &options->port;
  	parse_int:
  	  cp = strtok(NULL, WHITESPACE);
  	  if (!cp)
--- 416,429 ----
        switch (opcode)
  	{
  	case sPort:
! 	  if (options->num_ports >= MAX_PORTS)
! 	    {
! 	      fprintf(stderr, "%s line %d: too many ports.\n",
! 		      filename, linenum);
! 	      exit(1);
! 	    }
! 	  options->ports[options->num_ports] = -1;
! 	  intptr = &options->ports[options->num_ports++];
  	parse_int:
  	  cp = strtok(NULL, WHITESPACE);
  	  if (!cp)
***************
*** 452,462 ****
  		      filename, linenum);
  	      exit(1);
  	    }
! #ifdef BROKEN_INET_ADDR
! 	  options->listen_addr.s_addr = inet_network(cp);
! #else /* BROKEN_INET_ADDR */
! 	  options->listen_addr.s_addr = inet_addr(cp);
! #endif /* BROKEN_INET_ADDR */
  	  break;
  
  	case sHostKeyFile:
--- 486,510 ----
  		      filename, linenum);
  	      exit(1);
  	    }
! 	  if (options->num_ports == 0)
! 	    options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
! 	  for (i = 0; i < options->num_ports; i++)
! 	    {
! 	      memset(&hints, 0, sizeof(hints));
! 	      hints.ai_family = IPv4or6;
! 	      hints.ai_socktype = SOCK_STREAM;
! 	      sprintf(strport, "%d", options->ports[i]);
! 	      if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0)
! 		{
! 		  fprintf(stderr, "%s line %d: bad addr or host. (%s)\n",
! 			  filename, linenum, gai_strerror(gaierr));
! 		  exit(1);
! 		}
! 	      for (ai = aitop; ai->ai_next; ai = ai->ai_next);
! 	      ai->ai_next = options->listen_addrs;
! 	      options->listen_addrs = aitop;
! 	    }
! 	  strtok(cp, WHITESPACE);	/* getaddrinfo() may use strtok() */
  	  break;
  
  	case sHostKeyFile:
***************
*** 531,536 ****
--- 579,590 ----
  	  if (*intptr == -1)
  	    *intptr = value;
  	  break;
+ 
+ #ifdef ENABLE_LOG_AUTH
+ 	case sLogAuth:
+ 	  intptr = &options->log_auth;
+ 	  goto parse_flag;
+ #endif /* ENABLE_LOG_AUTH */
  
  	case sIgnoreRhosts:
  	  intptr = &options->ignore_rhosts;
@

