Attachment #694 for bug #898




static void add_listen_addr(ServerOptions *, char *, u_short);
static void add_one_listen_addr(ServerOptions *, char *, u_short);

/* AF_UNSPEC or AF_INET or AF_INET6 */
extern int IPv4or6;
/* Use of privilege separation or not */
extern int use_privsep;


	options->num_ports = 0;
	options->ports_from_cmdline = 0;
	options->listen_addrs = NULL;
	options->address_family = -1;
	options->num_host_key_files = 0;
	options->pid_file = NULL;
	options->server_key_bits = -1;

	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
	sKerberosGetAFSToken,
	sKerberosTgtPassing, sChallengeResponseAuthentication,
	sPasswordAuthentication, sKbdInteractiveAuthentication,
	sListenAddress, sAddressFamily,
	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
	sStrictModes, sEmptyPasswd, sTCPKeepAlive,

	{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
	{ "checkmail", sDeprecated },
	{ "listenaddress", sListenAddress },
	{ "addressfamily", sAddressFamily },
	{ "printmotd", sPrintMotd },
	{ "printlastlog", sPrintLastLog },
	{ "ignorerhosts", sIgnoreRhosts },


	if (options->num_ports == 0)
		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
	if (options->address_family == -1)
		options->address_family = AF_UNSPEC;
	if (port == 0)
		for (i = 0; i < options->num_ports; i++)
			add_one_listen_addr(options, addr, options->ports[i]);

	int gaierr;

	memset(&hints, 0, sizeof(hints));
	hints.ai_family = options->address_family;
	hints.ai_socktype = SOCK_STREAM;
	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
	snprintf(strport, sizeof strport, "%u", port);

			    filename, linenum);
		break;

	case sAddressFamily:
		arg = strdelim(&cp);
		intptr = &options->address_family;
		if (options->listen_addrs != NULL)
			fatal("%s line %d: address family must be specified before "
			    "ListenAddress.", filename, linenum);
		if (strcasecmp(arg, "inet") == 0)
			value = AF_INET;
		else if (strcasecmp(arg, "inet6") == 0)
			value = AF_INET6;
		else if (strcasecmp(arg, "any") == 0)
			value = AF_UNSPEC;
		else
			fatal("%s line %d: unsupported address family \"%s\".",
			    filename, linenum, arg);
		if (*intptr == -1)
			*intptr = value;
		break;

	case sHostKeyFile:
		intptr = &options->num_host_key_files;
		if (*intptr >= MAX_HOSTKEYS)

Lines 39-44 Link Here

(-)openssh-3.8.1p1.old/servconf.h (+1 lines)
39	u_short ports[MAX_PORTS]; /* Port number to listen on. */	39	u_short ports[MAX_PORTS]; /* Port number to listen on. */
40	char listen_addr; / Address on which the server listens. */	40	char listen_addr; / Address on which the server listens. */
41	struct addrinfo listen_addrs; / Addresses on which the server listens. */	41	struct addrinfo listen_addrs; / Addresses on which the server listens. */
		42	int address_family; /* Address family used by the server. */
42	char host_key_files[MAX_HOSTKEYS]; / Files containing host keys. */	43	char host_key_files[MAX_HOSTKEYS]; / Files containing host keys. */
43	int num_host_key_files; /* Number of files for host keys. */	44	int num_host_key_files; /* Number of files for host keys. */
44	char pid_file; / Where to put our pid */	45	char pid_file; / Where to put our pid */




char *config_file_name = _PATH_SERVER_CONFIG_FILE;

/*
 * Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
 * Default value is AF_UNSPEC means both IPv4 and IPv6.
 */
int IPv4or6 = AF_UNSPEC;

/*
 * Debug mode flag.  This can be set on the command line.  If debug
 * mode is enabled, extra debugging output will be sent to the system
 * log, the daemon will not go to background, and will exit after processing

	while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqtQ46")) != -1) {
		switch (opt) {
		case '4':
			options.address_family = AF_INET;
			break;
		case '6':
			options.address_family = AF_INET6;
			break;
		case 'f':
			config_file_name = optarg;

		}
	}
	SSLeay_add_all_algorithms();
	channel_set_af(IPv4or6);

	/*
	 * Force logging to stderr until we have loaded the private host

	/* Fill in default values for those options not explicitly set. */
	fill_default_server_options(&options);

	/* set default channel AF */
	channel_set_af(options.address_family);

	/* Check that there are no remaining arguments. */
	if (optind < ac) {
		fprintf(stderr, "Extra argument %s.\n", av[optind]);

Lines 12-17 Link Here

(-)openssh-3.8.1p1.old/sshd_config (+1 lines)
12		12
13	#Port 22	13	#Port 22
14	#Protocol 2,1	14	#Protocol 2,1
		15	#AddressFamily any
15	#ListenAddress 0.0.0.0	16	#ListenAddress 0.0.0.0
16	#ListenAddress ::	17	#ListenAddress ::
17		18




keywords and their meanings are as follows (note that
keywords are case-insensitive and arguments are case-sensitive):
.Bl -tag -width Ds
.It Cm AddressFamily
Specifies which address family should be used by
.Nm sshd .
Valid arguments are
.Dq any ,
.Dq inet
(use IPv4 only) or
.Dq inet6
(use IPv6 only).
The default is
.Dq any .
.It Cm AllowGroups
This keyword can be followed by a list of group name patterns, separated
by spaces.

Return to bug 898

Lines 27-34 Link Here

(-)openssh-3.8.1p1.old/servconf.c (-4 / +26 lines)
27	static void add_listen_addr(ServerOptions , char , u_short);	27	static void add_listen_addr(ServerOptions , char , u_short);
28	static void add_one_listen_addr(ServerOptions , char , u_short);	28	static void add_one_listen_addr(ServerOptions , char , u_short);
29		29
30	/* AF_UNSPEC or AF_INET or AF_INET6 */
31	extern int IPv4or6;
32	/* Use of privilege separation or not */	30	/* Use of privilege separation or not */
33	extern int use_privsep;	31	extern int use_privsep;
34		32
Lines 46-51 Link Here
46	options->num_ports = 0;	44	options->num_ports = 0;
47	options->ports_from_cmdline = 0;	45	options->ports_from_cmdline = 0;
48	options->listen_addrs = NULL;	46	options->listen_addrs = NULL;
		47	options->address_family = -1;
49	options->num_host_key_files = 0;	48	options->num_host_key_files = 0;
50	options->pid_file = NULL;	49	options->pid_file = NULL;
51	options->server_key_bits = -1;	50	options->server_key_bits = -1;
Lines 255-261 Link Here
255	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,	254	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
256	sKerberosGetAFSToken,	255	sKerberosGetAFSToken,
257	sKerberosTgtPassing, sChallengeResponseAuthentication,	256	sKerberosTgtPassing, sChallengeResponseAuthentication,
258	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,	257	sPasswordAuthentication, sKbdInteractiveAuthentication,
		258	sListenAddress, sAddressFamily,
259	sPrintMotd, sPrintLastLog, sIgnoreRhosts,	259	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
260	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,	260	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
261	sStrictModes, sEmptyPasswd, sTCPKeepAlive,	261	sStrictModes, sEmptyPasswd, sTCPKeepAlive,
Lines 331-336 Link Here
331	{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */	331	{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
332	{ "checkmail", sDeprecated },	332	{ "checkmail", sDeprecated },
333	{ "listenaddress", sListenAddress },	333	{ "listenaddress", sListenAddress },
		334	{ "addressfamily", sAddressFamily },
334	{ "printmotd", sPrintMotd },	335	{ "printmotd", sPrintMotd },
335	{ "printlastlog", sPrintLastLog },	336	{ "printlastlog", sPrintLastLog },
336	{ "ignorerhosts", sIgnoreRhosts },	337	{ "ignorerhosts", sIgnoreRhosts },
Lines 395-400 Link Here
395		396
396	if (options->num_ports == 0)	397	if (options->num_ports == 0)
397	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;	398	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
		399	if (options->address_family == -1)
		400	options->address_family = AF_UNSPEC;
398	if (port == 0)	401	if (port == 0)
399	for (i = 0; i < options->num_ports; i++)	402	for (i = 0; i < options->num_ports; i++)
400	add_one_listen_addr(options, addr, options->ports[i]);	403	add_one_listen_addr(options, addr, options->ports[i]);
Lines 410-416 Link Here
410	int gaierr;	413	int gaierr;
411		414
412	memset(&hints, 0, sizeof(hints));	415	memset(&hints, 0, sizeof(hints));
413	hints.ai_family = IPv4or6;	416	hints.ai_family = options->address_family;
414	hints.ai_socktype = SOCK_STREAM;	417	hints.ai_socktype = SOCK_STREAM;
415	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;	418	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
416	snprintf(strport, sizeof strport, "%u", port);	419	snprintf(strport, sizeof strport, "%u", port);
Lines 538-543 Link Here
538	filename, linenum);	541	filename, linenum);
539	break;	542	break;
540		543
		544	case sAddressFamily:
		545	arg = strdelim(&cp);
		546	intptr = &options->address_family;
		547	if (options->listen_addrs != NULL)
		548	fatal("%s line %d: address family must be specified before "
		549	"ListenAddress.", filename, linenum);
		550	if (strcasecmp(arg, "inet") == 0)
		551	value = AF_INET;
		552	else if (strcasecmp(arg, "inet6") == 0)
		553	value = AF_INET6;
		554	else if (strcasecmp(arg, "any") == 0)
		555	value = AF_UNSPEC;
		556	else
		557	fatal("%s line %d: unsupported address family \"%s\".",
		558	filename, linenum, arg);
		559	if (*intptr == -1)
		560	*intptr = value;
		561	break;
		562
541	case sHostKeyFile:	563	case sHostKeyFile:
542	intptr = &options->num_host_key_files;	564	intptr = &options->num_host_key_files;
543	if (*intptr >= MAX_HOSTKEYS)	565	if (*intptr >= MAX_HOSTKEYS)

Lines 109-120 Link Here

(-)openssh-3.8.1p1.old/sshd.c (-9 / +5 lines)
109	char *config_file_name = _PATH_SERVER_CONFIG_FILE;	109	char *config_file_name = _PATH_SERVER_CONFIG_FILE;
110		110
111	/*	111	/*
112	* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
113	* Default value is AF_UNSPEC means both IPv4 and IPv6.
114	*/
115	int IPv4or6 = AF_UNSPEC;
116
117	/*
118	* Debug mode flag. This can be set on the command line. If debug	112	* Debug mode flag. This can be set on the command line. If debug
119	* mode is enabled, extra debugging output will be sent to the system	113	* mode is enabled, extra debugging output will be sent to the system
120	* log, the daemon will not go to background, and will exit after processing	114	* log, the daemon will not go to background, and will exit after processing
Lines 827-836 Link Here
827	while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqtQ46")) != -1) {	821	while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqtQ46")) != -1) {
828	switch (opt) {	822	switch (opt) {
829	case '4':	823	case '4':
830	IPv4or6 = AF_INET;	824	options.address_family = AF_INET;
831	break;	825	break;
832	case '6':	826	case '6':
833	IPv4or6 = AF_INET6;	827	options.address_family = AF_INET6;
834	break;	828	break;
835	case 'f':	829	case 'f':
836	config_file_name = optarg;	830	config_file_name = optarg;
Lines 915-921 Link Here
915	}	909	}
916	}	910	}
917	SSLeay_add_all_algorithms();	911	SSLeay_add_all_algorithms();
918	channel_set_af(IPv4or6);
919		912
920	/*	913	/*
921	* Force logging to stderr until we have loaded the private host	914	* Force logging to stderr until we have loaded the private host
Lines 950-955 Link Here
950	/* Fill in default values for those options not explicitly set. */	943	/* Fill in default values for those options not explicitly set. */
951	fill_default_server_options(&options);	944	fill_default_server_options(&options);
952		945
		946	/* set default channel AF */
		947	channel_set_af(options.address_family);
		948
953	/* Check that there are no remaining arguments. */	949	/* Check that there are no remaining arguments. */
954	if (optind < ac) {	950	if (optind < ac) {
955	fprintf(stderr, "Extra argument %s.\n", av[optind]);	951	fprintf(stderr, "Extra argument %s.\n", av[optind]);

Lines 61-66 Link Here

(-)openssh-3.8.1p1.old/sshd_config.5 (+11 lines)
61	keywords and their meanings are as follows (note that	61	keywords and their meanings are as follows (note that
62	keywords are case-insensitive and arguments are case-sensitive):	62	keywords are case-insensitive and arguments are case-sensitive):
63	.Bl -tag -width Ds	63	.Bl -tag -width Ds
		64	.It Cm AddressFamily
		65	Specifies which address family should be used by
		66	.Nm sshd .
		67	Valid arguments are
		68	.Dq any ,
		69	.Dq inet
		70	(use IPv4 only) or
		71	.Dq inet6
		72	(use IPv6 only).
		73	The default is
		74	.Dq any .
64	.It Cm AllowGroups	75	.It Cm AllowGroups
65	This keyword can be followed by a list of group name patterns, separated	76	This keyword can be followed by a list of group name patterns, separated
66	by spaces.	77	by spaces.