Update to OpenSSH 2.3.0 with FreeBSD modifications. OpenSSH 2.3.0

new features description elided in favor of checking out their
website.

Important new FreeBSD-version stuff: PAM support has been worked
in, partially from the "Unix" OpenSSH version, and a lot due to the
work of Eivind Eklend, too.

This requires at least the following in pam.conf:

sshd    auth    sufficient      pam_skey.so
sshd    auth    required        pam_unix.so                     try_first_pass
sshd    session required        pam_permit.so

Parts by:	Eivind Eklend <eivind@FreeBSD.org>

1 files changed, 20 insertions, 3 deletions

diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c
index ae0c9cb..ec6682f 100644
--- a/crypto/openssh/servconf.c
+++ b/crypto/openssh/servconf.c
@@ -10,7 +10,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: servconf.c,v 1.51 2000/09/07 20:27:53 deraadt Exp $");
+RCSID("$OpenBSD: servconf.c,v 1.53 2000/10/14 12:12:09 markus Exp $");
 RCSID("$FreeBSD$");
 
 #include "ssh.h"
@@ -66,11 +66,13 @@ initialize_server_options(ServerOptions *options)
 	options->afs_token_passing = -1;
 #endif
 	options->password_authentication = -1;
+	options->kbd_interactive_authentication = -1;
 #ifdef SKEY
 	options->skey_authentication = -1;
 #endif
 	options->permit_empty_passwd = -1;
 	options->use_login = -1;
+	options->allow_tcp_forwarding = -1;
 	options->num_allow_users = 0;
 	options->num_deny_users = 0;
 	options->num_allow_groups = 0;
@@ -161,6 +163,8 @@ fill_default_server_options(ServerOptions *options)
 #endif /* AFS */
 	if (options->password_authentication == -1)
 		options->password_authentication = 1;
+	if (options->kbd_interactive_authentication == -1)
+		options->kbd_interactive_authentication = 0;
 #ifdef SKEY
 	if (options->skey_authentication == -1)
 		options->skey_authentication = 1;
@@ -169,6 +173,8 @@ fill_default_server_options(ServerOptions *options)
 		options->permit_empty_passwd = 0;
 	if (options->use_login == -1)
 		options->use_login = 0;
+	if (options->allow_tcp_forwarding == -1)
+		options->allow_tcp_forwarding = 1;
 	if (options->protocol == SSH_PROTO_UNKNOWN)
 		options->protocol = SSH_PROTO_1|SSH_PROTO_2;
 	if (options->gateway_ports == -1)
@@ -199,10 +205,11 @@ typedef enum {
 #ifdef SKEY
 	sSkeyAuthentication,
 #endif
-	sPasswordAuthentication, sListenAddress,
+	sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress,
 	sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset,
 	sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail,
-	sUseLogin, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
+	sUseLogin, sAllowTcpForwarding,
+	sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
 	sIgnoreUserKnownHosts, sHostDSAKeyFile, sCiphers, sProtocol, sPidFile,
 	sGatewayPorts, sDSAAuthentication, sConnectionsPerPeriod, sXAuthLocation,
 	sSubsystem, sMaxStartups
@@ -241,6 +248,7 @@ static struct {
 	{ "afstokenpassing", sAFSTokenPassing },
 #endif
 	{ "passwordauthentication", sPasswordAuthentication },
+	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication },
 #ifdef SKEY
 	{ "skeyauthentication", sSkeyAuthentication },
 #endif
@@ -257,6 +265,7 @@ static struct {
 	{ "uselogin", sUseLogin },
 	{ "randomseed", sRandomSeedFile },
 	{ "keepalive", sKeepAlives },
+	{ "allowtcpforwarding", sAllowTcpForwarding },
 	{ "allowusers", sAllowUsers },
 	{ "denyusers", sDenyUsers },
 	{ "allowgroups", sAllowGroups },
@@ -534,6 +543,10 @@ parse_flag:
 			intptr = &options->password_authentication;
 			goto parse_flag;
 
+		case sKbdInteractiveAuthentication:
+			intptr = &options->kbd_interactive_authentication;
+			goto parse_flag;
+
 		case sCheckMail:
 			intptr = &options->check_mail;
 			goto parse_flag;
@@ -602,6 +615,10 @@ parse_flag:
 				*intptr = (LogLevel) value;
 			break;
 
+		case sAllowTcpForwarding:
+			intptr = &options->allow_tcp_forwarding;
+			goto parse_flag;
+
 		case sAllowUsers:
 			while ((arg = strdelim(&cp)) && *arg != '\0') {
 				if (options->num_allow_users >= MAX_ALLOW_USERS)