Attachment #1646 for bug #1604

Lines 131-137 Link Here

(-)openssh-5.2p1.orig/readconf.c (-2 / +11 lines)
131	oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,	131	oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
132	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,	132	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
133	oVisualHostKey, oZeroKnowledgePasswordAuthentication,	133	oVisualHostKey, oZeroKnowledgePasswordAuthentication,
134	oDeprecated, oUnsupported	134	oUseSCTP,oDeprecated, oUnsupported
135	} OpCodes;	135	} OpCodes;
136		136
137	/* Textual representations of the tokens. */	137	/* Textual representations of the tokens. */
Lines 234-240 Link Here
234	#else	234	#else
235	{ "zeroknowledgepasswordauthentication", oUnsupported },	235	{ "zeroknowledgepasswordauthentication", oUnsupported },
236	#endif	236	#endif
237		237	{ "usesctp", oUseSCTP },
238	{ NULL, oBadOption }	238	{ NULL, oBadOption }
239	};	239	};
240		240
Lines 914-919 Link Here
914	intptr = &options->visual_host_key;	914	intptr = &options->visual_host_key;
915	goto parse_flag;	915	goto parse_flag;
916		916
		917	case oUseSCTP:
		918	#ifdef IPPROTO_SCTP
		919	intptr = &options->use_sctp;
		920	goto parse_flag;
		921	#endif
		922
917	case oDeprecated:	923	case oDeprecated:
918	debug("%s line %d: Deprecated option \"%s\"",	924	debug("%s line %d: Deprecated option \"%s\"",
919	filename, linenum, keyword);	925	filename, linenum, keyword);
Lines 1065-1070 Link Here
1065	options->permit_local_command = -1;	1071	options->permit_local_command = -1;
1066	options->visual_host_key = -1;	1072	options->visual_host_key = -1;
1067	options->zero_knowledge_password_authentication = -1;	1073	options->zero_knowledge_password_authentication = -1;
		1074	options->use_sctp = -1;
1068	}	1075	}
1069		1076
1070	/*	1077	/*
Lines 1203-1208 Link Here
1203	options->visual_host_key = 0;	1210	options->visual_host_key = 0;
1204	if (options->zero_knowledge_password_authentication == -1)	1211	if (options->zero_knowledge_password_authentication == -1)
1205	options->zero_knowledge_password_authentication = 0;	1212	options->zero_knowledge_password_authentication = 0;
		1213	if (options->use_sctp == -1)
		1214	options->use_sctp = 0;
1206	/* options->local_command should not be set by default */	1215	/* options->local_command should not be set by default */
1207	/* options->proxy_command should not be set by default */	1216	/* options->proxy_command should not be set by default */
1208	/* options->user will be set in the main program if appropriate */	1217	/* options->user will be set in the main program if appropriate */

Lines 123-128 Link Here

(-)openssh-5.2p1.orig/readconf.h (+2 lines)
123	int permit_local_command;	123	int permit_local_command;
124	int visual_host_key;	124	int visual_host_key;
125		125
		126	int use_sctp;
		127
126	} Options;	128	} Options;
127		129
128	#define SSHCTL_MASTER_NO 0	130	#define SSHCTL_MASTER_NO 0

Lines 64-69 Link Here

(-)openssh-5.2p1.orig/servconf.c (-1 / +32 lines)
64	options->ports_from_cmdline = 0;	64	options->ports_from_cmdline = 0;
65	options->listen_addrs = NULL;	65	options->listen_addrs = NULL;
66	options->address_family = -1;	66	options->address_family = -1;
		67	options->ip_protocol = -1;
67	options->num_host_key_files = 0;	68	options->num_host_key_files = 0;
68	options->pid_file = NULL;	69	options->pid_file = NULL;
69	options->server_key_bits = -1;	70	options->server_key_bits = -1;
Lines 152-157 Link Here
152	_PATH_HOST_DSA_KEY_FILE;	153	_PATH_HOST_DSA_KEY_FILE;
153	}	154	}
154	}	155	}
		156	if (options->ip_protocol == -1)
		157	options->ip_protocol = IPPROTO_TCP;
155	if (options->num_ports == 0)	158	if (options->num_ports == 0)
156	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;	159	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
157	if (options->listen_addrs == NULL)	160	if (options->listen_addrs == NULL)
Lines 306-312 Link Here
306	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,	309	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
307	sUsePrivilegeSeparation, sAllowAgentForwarding,	310	sUsePrivilegeSeparation, sAllowAgentForwarding,
308	sZeroKnowledgePasswordAuthentication,	311	sZeroKnowledgePasswordAuthentication,
309	sDeprecated, sUnsupported	312	sIPProtocol, sDeprecated, sUnsupported
310	} ServerOpCodes;	313	} ServerOpCodes;
311		314
312	#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */	315	#define SSHCFG_GLOBAL 0x01 /* allowed in main section of sshd_config */
Lines 424-429 Link Here
424	{ "permitopen", sPermitOpen, SSHCFG_ALL },	427	{ "permitopen", sPermitOpen, SSHCFG_ALL },
425	{ "forcecommand", sForceCommand, SSHCFG_ALL },	428	{ "forcecommand", sForceCommand, SSHCFG_ALL },
426	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },	429	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
		430	{ "ipprotocol", sIPProtocol, SSHCFG_GLOBAL },
427	{ NULL, sBadOption, 0 }	431	{ NULL, sBadOption, 0 }
428	};	432	};
429		433
Lines 482-489 Link Here
482	char strport[NI_MAXSERV];	486	char strport[NI_MAXSERV];
483	int gaierr;	487	int gaierr;
484		488
		489	next:
485	memset(&hints, 0, sizeof(hints));	490	memset(&hints, 0, sizeof(hints));
486	hints.ai_family = options->address_family;	491	hints.ai_family = options->address_family;
		492	hints.ai_protocol = options->ip_protocol ? options->ip_protocol : IPPROTO_TCP;
487	hints.ai_socktype = SOCK_STREAM;	493	hints.ai_socktype = SOCK_STREAM;
488	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;	494	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
489	snprintf(strport, sizeof strport, "%d", port);	495	snprintf(strport, sizeof strport, "%d", port);
Lines 495-500 Link Here
495	;	501	;
496	ai->ai_next = options->listen_addrs;	502	ai->ai_next = options->listen_addrs;
497	options->listen_addrs = aitop;	503	options->listen_addrs = aitop;
		504	#ifdef IPPROTO_SCTP
		505	if (options->ip_protocol)
		506	return;
		507	options->ip_protocol = IPPROTO_SCTP;
		508	goto next;
		509	#endif
498	}	510	}
499		511
500	/*	512	/*
Lines 1294-1299 Link Here
1294	*charptr = xstrdup(arg);	1306	*charptr = xstrdup(arg);
1295	break;	1307	break;
1296		1308
		1309	case sIPProtocol:
		1310	#ifdef IPPROTO_SCTP
		1311	intptr = &options->ip_protocol;
		1312	arg = strdelim(&cp);
		1313	if (!arg \|\| *arg == '\0')
		1314	fatal("%s line %d: Missing argument.", filename, linenum);
		1315	value = 0; /* silence compiler */
		1316	if (strcmp(arg, "tcp") == 0)
		1317	value = IPPROTO_TCP;
		1318	else if (strcmp(arg, "sctp") == 0)
		1319	value = IPPROTO_SCTP;
		1320	else if (strcmp(arg, "both") == 0)
		1321	value = 0;
		1322	else
		1323	fatal("%s line %d: Bad tcp/sctp/both " , filename, linenum);
		1324	if (*intptr == IPPROTO_SCTP)
		1325	*intptr = value;
		1326	#endif
		1327
1297	case sDeprecated:	1328	case sDeprecated:
1298	logit("%s line %d: Deprecated option %s",	1329	logit("%s line %d: Deprecated option %s",
1299	filename, linenum, arg);	1330	filename, linenum, arg);

Lines 151-156 Link Here

(-)openssh-5.2p1.orig/servconf.h (+1 lines)
151	int num_permitted_opens;	151	int num_permitted_opens;
152		152
153	char *chroot_directory;	153	char *chroot_directory;
		154	int ip_protocol;
154	} ServerOptions;	155	} ServerOptions;
155		156
156	void initialize_server_options(ServerOptions *);	157	void initialize_server_options(ServerOptions *);

Lines 26-31 Link Here

(-)openssh-5.2p1.orig/ssh_config (+1 lines)
26	# HostbasedAuthentication no	26	# HostbasedAuthentication no
27	# GSSAPIAuthentication no	27	# GSSAPIAuthentication no
28	# GSSAPIDelegateCredentials no	28	# GSSAPIDelegateCredentials no
		29	# UseSCTP no
29	# BatchMode no	30	# BatchMode no
30	# CheckHostIP yes	31	# CheckHostIP yes
31	# AddressFamily any	32	# AddressFamily any

Lines 596-601 Link Here

(-)openssh-5.2p1.orig/ssh_config.0 (+4 lines)
596	Specifies a file to use for the user host key database instead of	596	Specifies a file to use for the user host key database instead of
597	~/.ssh/known_hosts.	597	~/.ssh/known_hosts.
598		598
		599	UseSCTP
		600	Specifies whether to use transport protocol SCTP instead of TCP.
		601	(Works only on SCTP compatible operating systems).
		602
599	VerifyHostKeyDNS	603	VerifyHostKeyDNS
600	Specifies whether to verify the remote key using DNS and SSHFP	604	Specifies whether to verify the remote key using DNS and SSHFP
601	resource records. If this option is set to ``yes'', the client	605	resource records. If this option is set to ``yes'', the client

Lines 1040-1045 Link Here

(-)openssh-5.2p1.orig/ssh_config.5 (+3 lines)
1040	Specifies a file to use for the user	1040	Specifies a file to use for the user
1041	host key database instead of	1041	host key database instead of
1042	.Pa ~/.ssh/known_hosts .	1042	.Pa ~/.ssh/known_hosts .
		1043	.It Cm UseSCTP
		1044	Specifies whether to use transport protocol SCTP instead of TCP.
		1045	(Works only on SCTP compatible operating systems).
1043	.It Cm VerifyHostKeyDNS	1046	.It Cm VerifyHostKeyDNS
1044	Specifies whether to verify the remote key using DNS and SSHFP resource	1047	Specifies whether to verify the remote key using DNS and SSHFP resource
1045	records.	1048	records.

Lines 362-367 Link Here

(-)openssh-5.2p1.orig/sshconnect.c (+5 lines)
362	debug("Connecting to %.200s [%.100s] port %s.",	362	debug("Connecting to %.200s [%.100s] port %s.",
363	host, ntop, strport);	363	host, ntop, strport);
364		364
		365	#ifdef IPPROTO_SCTP
		366	if (options.use_sctp)
		367	ai->ai_protocol=IPPROTO_SCTP;
		368	#endif
		369
365	/* Create a socket for connecting. */	370	/* Create a socket for connecting. */
366	sock = ssh_create_socket(needpriv, ai);	371	sock = ssh_create_socket(needpriv, ai);
367	if (sock < 0)	372	if (sock < 0)

Lines 104-109 Link Here

(-)openssh-5.2p1.orig/sshd_config (+1 lines)
104	#PidFile /var/run/sshd.pid	104	#PidFile /var/run/sshd.pid
105	#MaxStartups 10	105	#MaxStartups 10
106	#PermitTunnel no	106	#PermitTunnel no
		107	#IPProtocol both
107	#ChrootDirectory none	108	#ChrootDirectory none
108		109
109	# no default banner path	110	# no default banner path

Lines 253-258 Link Here

(-)openssh-5.2p1.orig/sshd_config.0 (+4 lines)
253	~/.ssh/known_hosts during RhostsRSAAuthentication or	253	~/.ssh/known_hosts during RhostsRSAAuthentication or
254	HostbasedAuthentication. The default is ``no''.	254	HostbasedAuthentication. The default is ``no''.
255		255
		256	IPProtocol
		257	Specifies IP transport protocol, possible values are tcp, sctp
		258	and both. (Works only on SCTP compatible operating systems).
		259
256	KerberosAuthentication	260	KerberosAuthentication
257	Specifies whether the password provided by the user for	261	Specifies whether the password provided by the user for
258	PasswordAuthentication will be validated through the Kerberos	262	PasswordAuthentication will be validated through the Kerberos

Lines 453-458 Link Here

(-)openssh-5.2p1.orig/sshd_config.5 (+7 lines)
453	.Cm HostbasedAuthentication .	453	.Cm HostbasedAuthentication .
454	The default is	454	The default is
455	.Dq no .	455	.Dq no .
		456	.It Cm IPProtocol
		457	Specifies IP transport protocol, possible values are
		458	.Cm tcp ,
		459	.Cm sctp
		460	and
		461	.Cm both .
		462	(Works only on SCTP compatible operating systems).
456	.It Cm KerberosAuthentication	463	.It Cm KerberosAuthentication
457	Specifies whether the password provided by the user for	464	Specifies whether the password provided by the user for
458	.Cm PasswordAuthentication	465	.Cm PasswordAuthentication

Return to bug 1604