Attachment #752 for bug #898




static void add_listen_addr(ServerOptions *, char *, u_short);
static void add_one_listen_addr(ServerOptions *, char *, u_short);

/* AF_UNSPEC or AF_INET or AF_INET6 */
extern int IPv4or6;
/* Use of privilege separation or not */
extern int use_privsep;


	options->num_ports = 0;
	options->ports_from_cmdline = 0;
	options->listen_addrs = NULL;
	options->address_family = -1;
	options->num_host_key_files = 0;
	options->pid_file = NULL;
	options->server_key_bits = -1;

	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
	sKerberosGetAFSToken,
	sKerberosTgtPassing, sChallengeResponseAuthentication,
	sPasswordAuthentication, sKbdInteractiveAuthentication,
	sListenAddress, sAddressFamily,
	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
	sStrictModes, sEmptyPasswd, sTCPKeepAlive,

	{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
	{ "checkmail", sDeprecated },
	{ "listenaddress", sListenAddress },
	{ "addressfamily", sAddressFamily },
	{ "printmotd", sPrintMotd },
	{ "printlastlog", sPrintLastLog },
	{ "ignorerhosts", sIgnoreRhosts },


	if (options->num_ports == 0)
		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
	if (options->address_family == -1)
		options->address_family = AF_UNSPEC;
	if (port == 0)
		for (i = 0; i < options->num_ports; i++)
			add_one_listen_addr(options, addr, options->ports[i]);

	int gaierr;

	memset(&hints, 0, sizeof(hints));
	hints.ai_family = options->address_family;
	hints.ai_socktype = SOCK_STREAM;
	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
	snprintf(strport, sizeof strport, "%u", port);

		else
			fatal("%s line %d: bad inet addr usage.",
			    filename, linenum);
		break;

	case sAddressFamily:
		arg = strdelim(&cp);
		intptr = &options->address_family;
		if (options->listen_addrs != NULL)
			fatal("%s line %d: address family must be specified before "
			    "ListenAddress.", filename, linenum);
		if (strcasecmp(arg, "inet") == 0)
			value = AF_INET;
		else if (strcasecmp(arg, "inet6") == 0)
			value = AF_INET6;
		else if (strcasecmp(arg, "any") == 0)
			value = AF_UNSPEC;
		else
			fatal("%s line %d: unsupported address family \"%s\".",
			    filename, linenum, arg);
		if (*intptr == -1)
			*intptr = value;
		break;

	case sHostKeyFile:

Lines 43-48 Link Here

(-)servconf.h (+1 lines)
43	u_short ports[MAX_PORTS]; /* Port number to listen on. */	43	u_short ports[MAX_PORTS]; /* Port number to listen on. */
44	char listen_addr; / Address on which the server listens. */	44	char listen_addr; / Address on which the server listens. */
45	struct addrinfo listen_addrs; / Addresses on which the server listens. */	45	struct addrinfo listen_addrs; / Addresses on which the server listens. */
		46	int address_family; /* Address family used by the server. */
46	char host_key_files[MAX_HOSTKEYS]; / Files containing host keys. */	47	char host_key_files[MAX_HOSTKEYS]; / Files containing host keys. */
47	int num_host_key_files; /* Number of files for host keys. */	48	int num_host_key_files; /* Number of files for host keys. */
48	char pid_file; / Where to put our pid */	49	char pid_file; / Where to put our pid */




char *config_file_name = _PATH_SERVER_CONFIG_FILE;

/*
 * Flag indicating whether IPv4 or IPv6.  This can be set on the command line.
 * Default value is AF_UNSPEC means both IPv4 and IPv6.
 */
int IPv4or6 = AF_UNSPEC;

/*
 * Debug mode flag.  This can be set on the command line.  If debug
 * mode is enabled, extra debugging output will be sent to the system
 * log, the daemon will not go to background, and will exit after processing

	while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) {
		switch (opt) {
		case '4':
			options.address_family = AF_INET;
			break;
		case '6':
			options.address_family = AF_INET6;
			break;
		case 'f':
			config_file_name = optarg;

		closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);

	SSLeay_add_all_algorithms();
	channel_set_af(IPv4or6);

	/*
	 * Force logging to stderr until we have loaded the private host


	/* Fill in default values for those options not explicitly set. */
	fill_default_server_options(&options);

	/* set default channel AF */
	channel_set_af(options.address_family);

	/* Check that there are no remaining arguments. */
	if (optind < ac) {

Lines 10-15 Link Here

(-)sshd_config (+1 lines)
10		10
11	#Port 22	11	#Port 22
12	#Protocol 2,1	12	#Protocol 2,1
		13	#AddressFamily any
13	#ListenAddress 0.0.0.0	14	#ListenAddress 0.0.0.0
14	#ListenAddress ::	15	#ListenAddress ::
15		16




user environments.
For this reason, care should be taken in the use of this directive.
The default is not to accept any environment variables.
.It Cm AddressFamily
Specifies which address family should be used by
.Nm sshd .
Valid arguments are
.Dq any ,
.Dq inet
(use IPv4 only) or
.Dq inet6
(use IPv6 only).
The default is
.Dq any .
.It Cm AllowGroups
This keyword can be followed by a list of group name patterns, separated
by spaces.

Return to bug 898

Lines 26-33 Link Here

(-)servconf.c (-4 / +26 lines)
26	static void add_listen_addr(ServerOptions , char , u_short);	26	static void add_listen_addr(ServerOptions , char , u_short);
27	static void add_one_listen_addr(ServerOptions , char , u_short);	27	static void add_one_listen_addr(ServerOptions , char , u_short);
28		28
29	/* AF_UNSPEC or AF_INET or AF_INET6 */
30	extern int IPv4or6;
31	/* Use of privilege separation or not */	29	/* Use of privilege separation or not */
32	extern int use_privsep;	30	extern int use_privsep;
33		31
Lines 40-45 Link Here
40	options->num_ports = 0;	38	options->num_ports = 0;
41	options->ports_from_cmdline = 0;	39	options->ports_from_cmdline = 0;
42	options->listen_addrs = NULL;	40	options->listen_addrs = NULL;
		41	options->address_family = -1;
43	options->num_host_key_files = 0;	42	options->num_host_key_files = 0;
44	options->pid_file = NULL;	43	options->pid_file = NULL;
45	options->server_key_bits = -1;	44	options->server_key_bits = -1;
Lines 235-241 Link Here
235	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,	234	sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
236	sKerberosGetAFSToken,	235	sKerberosGetAFSToken,
237	sKerberosTgtPassing, sChallengeResponseAuthentication,	236	sKerberosTgtPassing, sChallengeResponseAuthentication,
238	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,	237	sPasswordAuthentication, sKbdInteractiveAuthentication,
		238	sListenAddress, sAddressFamily,
239	sPrintMotd, sPrintLastLog, sIgnoreRhosts,	239	sPrintMotd, sPrintLastLog, sIgnoreRhosts,
240	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,	240	sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
241	sStrictModes, sEmptyPasswd, sTCPKeepAlive,	241	sStrictModes, sEmptyPasswd, sTCPKeepAlive,
Lines 300-305 Link Here
300	{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */	300	{ "skeyauthentication", sChallengeResponseAuthentication }, /* alias */
301	{ "checkmail", sDeprecated },	301	{ "checkmail", sDeprecated },
302	{ "listenaddress", sListenAddress },	302	{ "listenaddress", sListenAddress },
		303	{ "addressfamily", sAddressFamily },
303	{ "printmotd", sPrintMotd },	304	{ "printmotd", sPrintMotd },
304	{ "printlastlog", sPrintLastLog },	305	{ "printlastlog", sPrintLastLog },
305	{ "ignorerhosts", sIgnoreRhosts },	306	{ "ignorerhosts", sIgnoreRhosts },
Lines 366-371 Link Here
366		367
367	if (options->num_ports == 0)	368	if (options->num_ports == 0)
368	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;	369	options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
		370	if (options->address_family == -1)
		371	options->address_family = AF_UNSPEC;
369	if (port == 0)	372	if (port == 0)
370	for (i = 0; i < options->num_ports; i++)	373	for (i = 0; i < options->num_ports; i++)
371	add_one_listen_addr(options, addr, options->ports[i]);	374	add_one_listen_addr(options, addr, options->ports[i]);
Lines 381-387 Link Here
381	int gaierr;	384	int gaierr;
382		385
383	memset(&hints, 0, sizeof(hints));	386	memset(&hints, 0, sizeof(hints));
384	hints.ai_family = IPv4or6;	387	hints.ai_family = options->address_family;
385	hints.ai_socktype = SOCK_STREAM;	388	hints.ai_socktype = SOCK_STREAM;
386	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;	389	hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0;
387	snprintf(strport, sizeof strport, "%u", port);	390	snprintf(strport, sizeof strport, "%u", port);
Lines 501-506 Link Here
501	else	504	else
502	fatal("%s line %d: bad inet addr usage.",	505	fatal("%s line %d: bad inet addr usage.",
503	filename, linenum);	506	filename, linenum);
		507	break;
		508
		509	case sAddressFamily:
		510	arg = strdelim(&cp);
		511	intptr = &options->address_family;
		512	if (options->listen_addrs != NULL)
		513	fatal("%s line %d: address family must be specified before "
		514	"ListenAddress.", filename, linenum);
		515	if (strcasecmp(arg, "inet") == 0)
		516	value = AF_INET;
		517	else if (strcasecmp(arg, "inet6") == 0)
		518	value = AF_INET6;
		519	else if (strcasecmp(arg, "any") == 0)
		520	value = AF_UNSPEC;
		521	else
		522	fatal("%s line %d: unsupported address family \"%s\".",
		523	filename, linenum, arg);
		524	if (*intptr == -1)
		525	*intptr = value;
504	break;	526	break;
505		527
506	case sHostKeyFile:	528	case sHostKeyFile:

Lines 108-119 Link Here

(-)sshd.c (-9 / +5 lines)
108	char *config_file_name = _PATH_SERVER_CONFIG_FILE;	108	char *config_file_name = _PATH_SERVER_CONFIG_FILE;
109		109
110	/*	110	/*
111	* Flag indicating whether IPv4 or IPv6. This can be set on the command line.
112	* Default value is AF_UNSPEC means both IPv4 and IPv6.
113	*/
114	int IPv4or6 = AF_UNSPEC;
115
116	/*
117	* Debug mode flag. This can be set on the command line. If debug	111	* Debug mode flag. This can be set on the command line. If debug
118	* mode is enabled, extra debugging output will be sent to the system	112	* mode is enabled, extra debugging output will be sent to the system
119	* log, the daemon will not go to background, and will exit after processing	113	* log, the daemon will not go to background, and will exit after processing
Lines 891-900 Link Here
891	while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) {	885	while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) {
892	switch (opt) {	886	switch (opt) {
893	case '4':	887	case '4':
894	IPv4or6 = AF_INET;	888	options.address_family = AF_INET;
895	break;	889	break;
896	case '6':	890	case '6':
897	IPv4or6 = AF_INET6;	891	options.address_family = AF_INET6;
898	break;	892	break;
899	case 'f':	893	case 'f':
900	config_file_name = optarg;	894	config_file_name = optarg;
Lines 995-1001 Link Here
995	closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);	989	closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
996		990
997	SSLeay_add_all_algorithms();	991	SSLeay_add_all_algorithms();
998	channel_set_af(IPv4or6);
999		992
1000	/*	993	/*
1001	* Force logging to stderr until we have loaded the private host	994	* Force logging to stderr until we have loaded the private host
Lines 1028-1033 Link Here
1028		1021
1029	/* Fill in default values for those options not explicitly set. */	1022	/* Fill in default values for those options not explicitly set. */
1030	fill_default_server_options(&options);	1023	fill_default_server_options(&options);
		1024
		1025	/* set default channel AF */
		1026	channel_set_af(options.address_family);
1031		1027
1032	/* Check that there are no remaining arguments. */	1028	/* Check that there are no remaining arguments. */
1033	if (optind < ac) {	1029	if (optind < ac) {

Lines 83-88 Link Here

(-)sshd_config.5 (+11 lines)
83	user environments.	83	user environments.
84	For this reason, care should be taken in the use of this directive.	84	For this reason, care should be taken in the use of this directive.
85	The default is not to accept any environment variables.	85	The default is not to accept any environment variables.
		86	.It Cm AddressFamily
		87	Specifies which address family should be used by
		88	.Nm sshd .
		89	Valid arguments are
		90	.Dq any ,
		91	.Dq inet
		92	(use IPv4 only) or
		93	.Dq inet6
		94	(use IPv6 only).
		95	The default is
		96	.Dq any .
86	.It Cm AllowGroups	97	.It Cm AllowGroups
87	This keyword can be followed by a list of group name patterns, separated	98	This keyword can be followed by a list of group name patterns, separated
88	by spaces.	99	by spaces.