split security/ssh and security/ssh6.

security/ssh6: IPv4/v6 ready, socks unavailable, kerberos available (not tested)
security/ssh: IPv4 onlyready, socks available, kerberos available (not tested)

should be integrated into one whenever socks support becomes aware of
getaddrinfo/getnameinfo.  two directories with tons of patches/patch-* is
a maintenance headache.

1 files changed, 8 insertions, 159 deletions

diff --git a/security/ssh/patches/patch-bf b/security/ssh/patches/patch-bf
index aa10e57e19a..b6f2c8c5652 100644
--- a/security/ssh/patches/patch-bf
+++ b/security/ssh/patches/patch-bf
@@ -1,29 +1,8 @@
-$NetBSD: patch-bf,v 1.1 1999/12/25 05:28:37 kim Exp $
+$NetBSD: patch-bf,v 1.2 2000/03/20 02:25:55 itojun Exp $
 
---- servconf.c.orig	Wed May 12 07:19:28 1999
-+++ servconf.c	Fri Dec 24 21:50:42 1999
-@@ -81,8 +81,8 @@
- void initialize_server_options(ServerOptions *options)
- {
-   memset(options, 0, sizeof(*options));
--  options->port = -1;
--  options->listen_addr.s_addr = INADDR_ANY;
-+  options->num_ports = 0;
-+  options->listen_addrs = NULL;
-   options->host_key_file = NULL;
-   options->random_seed_file = NULL;
-   options->pid_file = NULL;
-@@ -92,6 +92,9 @@
-   options->permit_root_login = -1;
-   options->ignore_rhosts = -1;
-   options->ignore_root_rhosts = -1;
-+#ifdef ENABLE_LOG_AUTH
-+  options->log_auth = -1;
-+#endif /* ENABLE_LOG_AUTH */
-   options->quiet_mode = -1;
-   options->fascist_logging = -1;
-   options->print_motd = -1;
-@@ -106,6 +109,12 @@
+--- servconf.c-	Wed May 12 20:19:28 1999
++++ servconf.c	Mon Mar 20 09:47:32 2000
+@@ -106,6 +106,12 @@
    options->kerberos_authentication = -1;
    options->kerberos_or_local_passwd = -1;
    options->kerberos_tgt_passing = -1;
@@ -36,48 +15,7 @@ $NetBSD: patch-bf,v 1.1 1999/12/25 05:28:37 kim Exp $
    options->tis_authentication = -1;
    options->allow_tcp_forwarding = -1;
    options->password_authentication = -1;
-@@ -138,16 +147,31 @@
- 
- void fill_default_server_options(ServerOptions *options)
- {
--  if (options->port == -1)
-+  struct addrinfo hints, *ai, *aitop;
-+  char strport[PORTSTRLEN];
-+  int i;
-+
-+  if (options->num_ports == 0)
-+    options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
-+  if (options->listen_addrs == NULL)
-     {
--      struct servent *sp;
--
--      sp = getservbyname(SSH_SERVICE_NAME, "tcp");
--      if (sp)
--	options->port = ntohs(sp->s_port);
--      else
--	options->port = SSH_DEFAULT_PORT;
--      endservent();
-+      for (i = 0; i < options->num_ports; i++)
-+	{
-+	  memset(&hints, 0, sizeof(hints));
-+	  hints.ai_flags = AI_PASSIVE;
-+	  hints.ai_family = IPv4or6;
-+	  hints.ai_socktype = SOCK_STREAM;
-+	  sprintf(strport, "%d", options->ports[i]);
-+	  if (getaddrinfo(NULL, strport, &hints, &aitop) != 0)
-+	    {
-+	      fprintf(stderr, "fatal: getaddrinfo: Cannot get anyaddr.\n");
-+	      exit(1);
-+	    }
-+	  for (ai = aitop; ai->ai_next; ai = ai->ai_next);
-+	  ai->ai_next = options->listen_addrs;
-+	  options->listen_addrs = aitop;
-+	}
-+      /* freeaddrinfo(options->listen_addrs) in sshd.c */
-     }
-   if (options->host_key_file == NULL)
-     options->host_key_file = HOST_KEY_FILE;
-@@ -190,19 +214,27 @@
+@@ -190,19 +196,27 @@
    if (options->rsa_authentication == -1)
      options->rsa_authentication = 1;
    if (options->kerberos_authentication == -1)
@@ -111,16 +49,7 @@ $NetBSD: patch-bf,v 1.1 1999/12/25 05:28:37 kim Exp $
    if (options->allow_tcp_forwarding == -1)
      options->allow_tcp_forwarding = 1;
    if (options->tis_authentication == -1)
-@@ -243,13 +275,23 @@
- {
-   sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime,
-   sPermitRootLogin, sQuietMode, sFascistLogging, sLogFacility,
-+#ifdef ENABLE_LOG_AUTH
-+  sLogAuth,
-+#endif /* ENABLE_LOG_AUTH */
-   sRhostsAuthentication, sRhostsRSAAuthentication, sRSAAuthentication,
-   sTISAuthentication, sPasswordAuthentication, sAllowHosts, sDenyHosts,
-   sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
+@@ -249,7 +263,14 @@
    sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sPidFile,
    sForcedPasswd, sForcedEmptyPasswd, sUmask, sSilentDeny, sIdleTimeout,
    sUseLogin, sKerberosAuthentication, sKerberosOrLocalPasswd,
@@ -136,17 +65,7 @@ $NetBSD: patch-bf,v 1.1 1999/12/25 05:28:37 kim Exp $
    sXauthPath, sCheckMail, sDenyGroups, sAllowGroups, sIgnoreRootRhosts,
    sAllowSHosts, sDenySHosts, sPasswordExpireWarningDays,
    sAccountExpireWarningDays
-@@ -275,6 +317,9 @@
-   { "quietmode", sQuietMode },
-   { "fascistlogging", sFascistLogging },
-   { "syslogfacility", sLogFacility },
-+#ifdef ENABLE_LOG_AUTH
-+  { "logauth", sLogAuth },
-+#endif /* ENABLE_LOG_AUTH */
-   { "rhostsauthentication", sRhostsAuthentication },
-   { "rhostsrsaauthentication", sRhostsRSAAuthentication },
-   { "rsaauthentication", sRSAAuthentication },
-@@ -313,6 +358,12 @@
+@@ -313,6 +334,12 @@
    { "kerberosauthentication", sKerberosAuthentication },
    { "kerberosorlocalpasswd", sKerberosOrLocalPasswd },
    { "kerberostgtpassing", sKerberosTgtPassing },
@@ -159,77 +78,7 @@ $NetBSD: patch-bf,v 1.1 1999/12/25 05:28:37 kim Exp $
    { "allowtcpforwarding", sAllowTcpForwarding },
    { "xauthlocation", sXauthPath },
    { "checkmail", sCheckMail },
-@@ -367,6 +418,9 @@
-   char *cp, **charptr;
-   int linenum, *intptr, i, value;
-   ServerOpCodes opcode;
-+  struct addrinfo hints, *ai, *aitop;
-+  char strport[PORTSTRLEN];
-+  int gaierr;
- 
-   f = fopen(filename, "r");
-   if (!f)
-@@ -389,7 +443,14 @@
-       switch (opcode)
- 	{
- 	case sPort:
--	  intptr = &options->port;
-+	  if (options->num_ports >= MAX_PORTS)
-+	    {
-+	      fprintf(stderr, "%s line %d: too many ports.\n",
-+		      filename, linenum);
-+	      exit(1);
-+	    }
-+	  options->ports[options->num_ports] = -1;
-+	  intptr = &options->ports[options->num_ports++];
- 	parse_int:
- 	  cp = strtok(NULL, WHITESPACE);
- 	  if (!cp)
-@@ -452,11 +513,25 @@
- 		      filename, linenum);
- 	      exit(1);
- 	    }
--#ifdef BROKEN_INET_ADDR
--	  options->listen_addr.s_addr = inet_network(cp);
--#else /* BROKEN_INET_ADDR */
--	  options->listen_addr.s_addr = inet_addr(cp);
--#endif /* BROKEN_INET_ADDR */
-+	  if (options->num_ports == 0)
-+	    options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
-+	  for (i = 0; i < options->num_ports; i++)
-+	    {
-+	      memset(&hints, 0, sizeof(hints));
-+	      hints.ai_family = IPv4or6;
-+	      hints.ai_socktype = SOCK_STREAM;
-+	      sprintf(strport, "%d", options->ports[i]);
-+	      if ((gaierr = getaddrinfo(cp, strport, &hints, &aitop)) != 0)
-+		{
-+		  fprintf(stderr, "%s line %d: bad addr or host. (%s)\n",
-+			  filename, linenum, gai_strerror(gaierr));
-+		  exit(1);
-+		}
-+	      for (ai = aitop; ai->ai_next; ai = ai->ai_next);
-+	      ai->ai_next = options->listen_addrs;
-+	      options->listen_addrs = aitop;
-+	    }
-+	  strtok(cp, WHITESPACE);	/* getaddrinfo() may use strtok() */
- 	  break;
- 
- 	case sHostKeyFile:
-@@ -532,6 +607,12 @@
- 	    *intptr = value;
- 	  break;
- 
-+#ifdef ENABLE_LOG_AUTH
-+	case sLogAuth:
-+	  intptr = &options->log_auth;
-+	  goto parse_flag;
-+#endif /* ENABLE_LOG_AUTH */
-+
- 	case sIgnoreRhosts:
- 	  intptr = &options->ignore_rhosts;
- 	  goto parse_flag;
-@@ -571,6 +652,18 @@
+@@ -571,6 +598,18 @@
   	case sKerberosTgtPassing:
   	  intptr = &options->kerberos_tgt_passing;
   	  goto parse_flag;