6 files changed, 188 insertions, 228 deletions

diff --git a/security/openssh/files/bindresvport.c b/security/openssh/files/bindresvport.c
index 258e8547b388..d575108f7462 100644
--- a/security/openssh/files/bindresvport.c
+++ b/security/openssh/files/bindresvport.c
@@ -31,7 +31,9 @@
 /*static char *sccsid = "from: @(#)bindresvport.c 1.8 88/02/08 SMI";*/
 /*static char *sccsid = "from: @(#)bindresvport.c	2.2 88/07/29 4.0 RPCSRC";*/
 /*from: OpenBSD: bindresvport.c,v 1.7 1996/07/30 16:25:47 downsj Exp */
-static char *rcsid = "$FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/bindresvport.c,v 1.1 2000-01-13 23:22:12 green Exp $";
+/*ported from:
+  FreeBSD: src/lib/libc/rpc/bindresvport.c,v 1.12 2000/01/26 09:02:42 shin Exp */
+static char *rcsid = "$FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/bindresvport.c,v 1.2 2000-04-17 22:20:22 sumikawa Exp $";
 #endif
 
 /*
@@ -57,95 +59,93 @@ bindresvport(sd, sin)
 	int sd;
 	struct sockaddr_in *sin;
 {
-	struct sockaddr_in myaddr;
-	int sinlen = sizeof(struct sockaddr_in);
-
-	if (sin == (struct sockaddr_in *)0) {
-		sin = &myaddr;
-		memset(sin, 0, sinlen);
-		sin->sin_len = sinlen;
-		sin->sin_family = AF_INET;
-	} else if (sin->sin_family != AF_INET) {
-		errno = EPFNOSUPPORT;
-		return (-1);
-	}
-
-	return (bindresvport2(sd, sin, sinlen));
+	return bindresvport_sa(sd, (struct sockaddr *)sin);
 }
 
+/*
+ * Bind a socket to a privileged port for whatever protocol.
+ */
 int
-bindresvport2(sd, sa, addrlen)
+bindresvport_sa(sd, sa)
 	int sd;
 	struct sockaddr *sa;
-	socklen_t addrlen;
 {
-	int on, old, error, level, optname;
-	u_short port;
+	int old, error, af;
+	struct sockaddr_storage myaddr;
+	struct sockaddr_in *sin;
+	struct sockaddr_in6 *sin6;
+	int proto, portrange, portlow;
+	u_int16_t port;
+	int salen;
 
 	if (sa == NULL) {
-		errno = EINVAL;
-		return (-1);
+		salen = sizeof(myaddr);
+		sa = (struct sockaddr *)&myaddr;
+
+		if (getsockname(sd, sa, &salen) == -1)
+			return -1;	/* errno is correctly set */
+
+		af = sa->sa_family;
+		memset(&myaddr, 0, salen);
+	} else
+		af = sa->sa_family;
+
+	if (af == AF_INET) {
+		proto = IPPROTO_IP;
+		portrange = IP_PORTRANGE;
+		portlow = IP_PORTRANGE_LOW;
+		sin = (struct sockaddr_in *)sa;
+		salen = sizeof(struct sockaddr_in);
+		port = sin->sin_port;
 	}
-	switch (sa->sa_family) {
-	case AF_INET:
-		port = ntohs(((struct sockaddr_in *)sa)->sin_port);
-		level = IPPROTO_IP;
-		optname = IP_PORTRANGE;
-		on = IP_PORTRANGE_LOW;
-		break;
 #ifdef INET6
-	case AF_INET6:
-		port = ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
-		level = IPPROTO_IPV6;
-		optname = IPV6_PORTRANGE;
-		on = IPV6_PORTRANGE_LOW;
-		break;
+	else if (af == AF_INET6) {
+		proto = IPPROTO_IPV6;
+		portrange = IPV6_PORTRANGE;
+		portlow = IPV6_PORTRANGE_LOW;
+		sin6 = (struct sockaddr_in6 *)sa;
+		salen = sizeof(struct sockaddr_in6);
+		port = sin6->sin6_port;
+	}
 #endif
-	default:
-		errno = EAFNOSUPPORT;
+	else {
+		errno = EPFNOSUPPORT;
 		return (-1);
 	}
+	sa->sa_family = af;
+	sa->sa_len = salen;
 
 	if (port == 0) {
 		int oldlen = sizeof(old);
-		error = getsockopt(sd, level, optname, &old, &oldlen);
+
+		error = getsockopt(sd, proto, portrange, &old, &oldlen);
 		if (error < 0)
-			return(error);
+			return (error);
 
-		error = setsockopt(sd, level, optname, &on, sizeof(on));
+		error = setsockopt(sd, proto, portrange, &portlow,
+		    sizeof(portlow));
 		if (error < 0)
-			return(error);
+			return (error);
 	}
 
-	error = bind(sd, sa, addrlen);
+	error = bind(sd, sa, salen);
 
-	switch (sa->sa_family) {
-	case AF_INET:
-		port = ntohs(((struct sockaddr_in *)sa)->sin_port);
-		break;
-#ifdef INET6
-	case AF_INET6:
-		port = ntohs(((struct sockaddr_in6 *)sa)->sin6_port);
-		break;
-#endif
-	default: /* shoud not match here */
-		errno = EAFNOSUPPORT;
-		return (-1);
-	}
 	if (port == 0) {
 		int saved_errno = errno;
 
 		if (error) {
-			if (setsockopt(sd, level, optname,
-			    &old, sizeof(old)) < 0)
+			if (setsockopt(sd, proto, portrange, &old,
+			    sizeof(old)) < 0)
 				errno = saved_errno;
 			return (error);
 		}
 
-		/* Hmm, what did the kernel assign... */
-		if (getsockname(sd, (struct sockaddr *)sa, &addrlen) < 0)
-			errno = saved_errno;
-		return (error);
+		if (sa != (struct sockaddr *)&myaddr) {
+			/* Hmm, what did the kernel assign... */
+			if (getsockname(sd, sa, &salen) < 0)
+				errno = saved_errno;
+			return (error);
+		}
 	}
 	return (error);
 }
diff --git a/security/openssh/files/getaddrinfo.c b/security/openssh/files/getaddrinfo.c
index a09abd96dc60..480dcabd04d4 100644
--- a/security/openssh/files/getaddrinfo.c
+++ b/security/openssh/files/getaddrinfo.c
@@ -26,7 +26,9 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/getaddrinfo.c,v 1.1 2000-01-13 23:22:12 green Exp $
+ * ported from:
+ * FreeBSD: src/lib/libc/net/getaddrinfo.c,v 1.7 2000/02/09 00:38:06 shin Exp 
+ * $FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/getaddrinfo.c,v 1.2 2000-04-17 22:20:23 sumikawa Exp $
  */
 
 /*
@@ -37,7 +39,14 @@
  * - Return values.  There are nonstandard return values defined and used
  *   in the source code.  This is because RFC2553 is silent about which error
  *   code must be returned for which situation.
- * - PF_UNSPEC case would be handled in getipnodebyname() with the AI_ALL flag.
+ * Note:
+ * - We use getipnodebyname() just for thread-safeness.  There's no intent
+ *   to let it do PF_UNSPEC (actually we never pass PF_UNSPEC to
+ *   getipnodebyname().
+ * - The code filters out AFs that are not supported by the kernel,
+ *   when globbing NULL hostname (to loopback, or wildcard).  Is it the right
+ *   thing to do?  What is the relationship with post-RFC2553 AI_ADDRCONFIG
+ *   in ai_flags?
  */
 
 #include <sys/types.h>
@@ -139,8 +148,6 @@ static int explore_numeric __P((const struct addrinfo *, const char *,
 	const char *, struct addrinfo **));
 static int explore_numeric_scope __P((const struct addrinfo *, const char *,
 	const char *, struct addrinfo **));
-static int get_name __P((const char *, const struct afd *, struct addrinfo **,
-	char *, const struct addrinfo *, const char *));
 static int get_canonname __P((const struct addrinfo *,
 	struct addrinfo *, const char *));
 static struct addrinfo *get_ai __P((const struct addrinfo *,
@@ -461,7 +468,6 @@ explore_fqdn(pai, hostname, servname, res)
 	const char *servname;
 	struct addrinfo **res;
 {
-	int s;
 	struct hostent *hp;
 	int h_error;
 	int af;
@@ -476,15 +482,6 @@ explore_fqdn(pai, hostname, servname, res)
 	cur = &sentinel;
 
 	/*
-	 * filter out AFs that are not supported by the kernel
-	 * XXX errno?
-	 */
-	s = socket(pai->ai_family, SOCK_DGRAM, 0);
-	if (s < 0)
-		return 0;
-	close(s);
-
-	/*
 	 * if the servname does not match socktype/protocol, ignore it.
 	 */
 	if (get_portmatch(pai, servname) != 0)
@@ -528,22 +525,15 @@ explore_fqdn(pai, hostname, servname, res)
 		if (af != pai->ai_family)
 			continue;
 
-		if ((pai->ai_flags & AI_CANONNAME) == 0) {
-			GET_AI(cur->ai_next, afd, ap);
-			GET_PORT(cur->ai_next, servname);
-		} else {
+		GET_AI(cur->ai_next, afd, ap);
+		GET_PORT(cur->ai_next, servname);
+		if ((pai->ai_flags & AI_CANONNAME) != 0) {
 			/*
-			 * if AI_CANONNAME and if reverse lookup
-			 * fail, return ai anyway to pacify
-			 * calling application.
-			 *
-			 * XXX getaddrinfo() is a name->address
-			 * translation function, and it looks
-			 * strange that we do addr->name
-			 * translation here.
+			 * RFC2553 says that ai_canonname will be set only for
+			 * the first element.  we do it for all the elements,
+			 * just for convenience.
 			 */
-			get_name(ap, afd, &cur->ai_next,
-				ap, pai, servname);
+			GET_CANONNAME(cur->ai_next, hp->h_name);
 		}
 
 		while (cur && cur->ai_next)
@@ -648,56 +638,10 @@ explore_numeric(pai, hostname, servname, res)
 	flags = pai->ai_flags;
 
 	if (inet_pton(afd->a_af, hostname, pton) == 1) {
-		u_int32_t v4a;
-#ifdef INET6
-		struct in6_addr * v6a;
-#endif
-
-		switch (afd->a_af) {
-		case AF_INET:
-			v4a = (u_int32_t)ntohl(((struct in_addr *)pton)->s_addr);
-			if (IN_MULTICAST(v4a) || IN_EXPERIMENTAL(v4a))
-				flags &= ~AI_CANONNAME;
-			v4a >>= IN_CLASSA_NSHIFT;
-			if (v4a == 0 || v4a == IN_LOOPBACKNET)
-				flags &= ~AI_CANONNAME;
-			break;
-#ifdef INET6
-		case AF_INET6:
-			v6a = (struct in6_addr *)pton;
-			if (IN6_IS_ADDR_MULTICAST(v6a))
-				flags &= ~AI_CANONNAME;
-			if (IN6_IS_ADDR_UNSPECIFIED(v6a) ||
-			    IN6_IS_ADDR_LOOPBACK(v6a))
-				flags &= ~AI_CANONNAME;
-			if (IN6_IS_ADDR_LINKLOCAL(v6a))
-				flags &= ~AI_CANONNAME;
-
-			/* should also do this for SITELOCAL ?? */
-
-			break;
-#endif
-		}
-
 		if (pai->ai_family == afd->a_af ||
 		    pai->ai_family == PF_UNSPEC /*?*/) {
-			if ((flags & AI_CANONNAME) == 0) {
-				GET_AI(cur->ai_next, afd, pton);
-				GET_PORT(cur->ai_next, servname);
-			} else {
-				/*
-				 * if AI_CANONNAME and if reverse lookup
-				 * fail, return ai anyway to pacify
-				 * calling application.
-				 *
-				 * XXX getaddrinfo() is a name->address
-				 * translation function, and it looks
-				 * strange that we do addr->name
-				 * translation here.
-				 */
-				get_name(pton, afd, &cur->ai_next,
-					pton, pai, servname);
-			}
+			GET_AI(cur->ai_next, afd, pton);
+			GET_PORT(cur->ai_next, servname);
 			while (cur && cur->ai_next)
 				cur = cur->ai_next;
 		} else
@@ -765,7 +709,7 @@ explore_numeric_scope(pai, hostname, servname, res)
 	switch (pai->ai_family) {
 #ifdef INET6
 	case AF_INET6:
-		scope = if_nametoindex(cp);
+		scope = if_nametoindex(hostname2);
 		if (scope == 0) {
 			error = EAI_SYSTEM;
 			goto free;
@@ -774,7 +718,7 @@ explore_numeric_scope(pai, hostname, servname, res)
 #endif
 	}
 
-	error = explore_numeric(pai, hostname2, servname, res);
+	error = explore_numeric(pai, cp, servname, res);
 	if (error == 0) {
 		for (cur = *res; cur; cur = cur->ai_next) {
 #ifdef INET6
@@ -798,47 +742,6 @@ free:
 }
 
 static int
-get_name(addr, afd, res, numaddr, pai, servname)
-	const char *addr;
-	const struct afd *afd;
-	struct addrinfo **res;
-	char *numaddr;
-	const struct addrinfo *pai;
-	const char *servname;
-{
-	struct hostent *hp;
-	struct addrinfo *cur;
-	int error = 0;
-	int h_error;
-
-	hp = getipnodebyaddr(addr, afd->a_addrlen, afd->a_af, &h_error);
-	if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) {
-		if (hp->h_addrtype == afd->a_af)
-			GET_AI(cur, afd, hp->h_addr_list[0]);
-		else /* IPv4 mapped IPv6 addr case */
-			GET_AI(cur, afd, numaddr);
-		GET_PORT(cur, servname);
-		GET_CANONNAME(cur, hp->h_name);
-	} else {
-		GET_AI(cur, afd, numaddr);
-		GET_PORT(cur, servname);
-	}
-
-	if (hp)
-		freehostent(hp);
-	*res = cur;
-	return SUCCESS;
- free:
-	if (cur)
-		freeaddrinfo(cur);
-	if (hp)
-		freehostent(hp);
- /* bad: */
-	*res = NULL;
-	return error;
-}
-
-static int
 get_canonname(pai, ai, str)
 	const struct addrinfo *pai;
 	struct addrinfo *ai;
diff --git a/security/openssh/files/getnameinfo.c b/security/openssh/files/getnameinfo.c
index 67f2ea77fd81..db2fc62334e4 100644
--- a/security/openssh/files/getnameinfo.c
+++ b/security/openssh/files/getnameinfo.c
@@ -26,7 +26,9 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/getnameinfo.c,v 1.1 2000-01-13 23:22:12 green Exp $
+ * ported from:
+ * FreeBSD: src/lib/libc/net/getnameinfo.c,v 1.3 2000/02/09 00:38:06 shin Exp 
+ * $FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/getnameinfo.c,v 1.2 2000-04-17 22:20:23 sumikawa Exp $
  */
 
 /*
@@ -151,7 +153,7 @@ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags)
 		if (IN_MULTICAST(v4a) || IN_EXPERIMENTAL(v4a))
 			flags |= NI_NUMERICHOST;
 		v4a >>= IN_CLASSA_NSHIFT;
-		if (v4a == 0 || v4a == IN_LOOPBACKNET)
+		if (v4a == 0)
 			flags |= NI_NUMERICHOST;
 		break;
 #ifdef INET6
@@ -189,14 +191,24 @@ getnameinfo(sa, salen, host, hostlen, serv, servlen, flags)
 				unsigned int ifindex =
 					((struct sockaddr_in6 *)sa)->sin6_scope_id;
 				char ifname[IF_NAMESIZE * 2 /* for safety */];
+				int scopelen, numaddrlen;
 
 				if ((if_indextoname(ifindex, ifname)) == NULL)
 					return ENI_SYSTEM;
-				if (strlen(host) + 1 /* SCOPE_DELIMITER */
-				    + strlen(ifname) > hostlen)
+				scopelen = strlen(ifname);
+				numaddrlen = strlen(host);
+				if (numaddrlen + 1 /* SCOPE_DELIMITER */
+				    + scopelen > hostlen)
 					return ENI_MEMORY;
-				*ep = SCOPE_DELIMITER;
-				strcpy(ep + 1, ifname);
+				/*
+				 * Shift the host string to allocate
+				 * space for the scope ID part.
+				 */
+				memmove(host + scopelen + 1, host, numaddrlen);
+				/* copy the scope ID and the delimiter */
+				memcpy(host, ifname, scopelen);
+				host[scopelen] = SCOPE_DELIMITER;
+				host[scopelen + 1 + numaddrlen] = '\0';
 			}
 		}
 #endif /* INET6 */
diff --git a/security/openssh/files/name6.c b/security/openssh/files/name6.c
index 978796ad15b4..cb3511315105 100644
--- a/security/openssh/files/name6.c
+++ b/security/openssh/files/name6.c
@@ -26,7 +26,9 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/name6.c,v 1.1 2000-01-13 23:22:13 green Exp $
+ * ported from:
+ * FreeBSD: src/lib/libc/net/name6.c,v 1.4 2000/01/27 23:06:30 jasone Exp
+ * $FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/name6.c,v 1.2 2000-04-17 22:20:24 sumikawa Exp $
  */
 /* $Id: name6.c,v 1.9 1999/10/29 03:04:26 itojun Exp $ */
 /*
@@ -1184,21 +1186,21 @@ _icmp_fqdn_query(const struct in6_addr *addr, int ifindex)
 			 (char *)&filter, sizeof(filter));
 	cc = sendmsg(s, &msg, 0);
 	if (cc < 0) {
-		_libc_close(s);
+		close(s);
 		return NULL;
 	}
 	FD_SET(s, &s_fds);
 	for (;;) {
 		fds = s_fds;
 		if (select(s + 1, &fds, NULL, NULL, &tout) <= 0) {
-			_libc_close(s);
+			close(s);
 			return NULL;
 		}
 		len = sizeof(sin6);
 		cc = recvfrom(s, buf, sizeof(buf), 0,
 			      (struct sockaddr *)&sin6, &len);
 		if (cc <= 0) {
-			_libc_close(s);
+			close(s);
 			return NULL;
 		}
 		if (cc < sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr))
@@ -1209,7 +1211,7 @@ _icmp_fqdn_query(const struct in6_addr *addr, int ifindex)
 		if (fr->icmp6_fqdn_type == ICMP6_FQDN_REPLY)
 			break;
 	}
-	_libc_close(s);
+	close(s);
 	if (fr->icmp6_fqdn_cookie[1] != 0) {
 		/* rfc1788 type */
 		name = buf + sizeof(struct ip6_hdr) + sizeof(struct icmp6_hdr) + 4;
diff --git a/security/openssh/files/netdb.h b/security/openssh/files/netdb.h
index 1a6d68dc527d..b154627031a7 100644
--- a/security/openssh/files/netdb.h
+++ b/security/openssh/files/netdb.h
@@ -55,7 +55,9 @@
 /*
  *      @(#)netdb.h	8.1 (Berkeley) 6/2/93
  *      From: Id: netdb.h,v 8.9 1996/11/19 08:39:29 vixie Exp $
- * $FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/netdb.h,v 1.1 2000-01-13 23:22:14 green Exp $
+ * ported from:
+ * FreeBSD: src/include/netdb.h,v 1.14 2000/02/08 05:12:45 shin Exp
+ * $FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/netdb.h,v 1.2 2000-04-17 22:20:24 sumikawa Exp $
  */
 
 #ifndef _NETDB_H_
@@ -190,7 +192,7 @@ struct addrinfo {
 /*
  * Scope delimit character
  */
-#define	SCOPE_DELIMITER	'@'
+#define	SCOPE_DELIMITER	'%'
 
 __BEGIN_DECLS
 void		endhostent __P((void));
diff --git a/security/openssh/files/rcmd.c b/security/openssh/files/rcmd.c
index b33e44967e3e..d1fbbee78c7a 100644
--- a/security/openssh/files/rcmd.c
+++ b/security/openssh/files/rcmd.c
@@ -30,7 +30,9 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/rcmd.c,v 1.1 2000-01-13 23:22:15 green Exp $ 
+ * ported from:
+ * FreeBSD: src/lib/libc/net/rcmd.c,v 1.22 2000/02/01 15:55:54 shin Exp
+ * $FreeBSD: /tmp/pcvs/ports/security/openssh/files/Attic/rcmd.c,v 1.2 2000-04-17 22:20:24 sumikawa Exp $
  */
 
 #if defined(LIBC_SCCS) && !defined(lint)
@@ -70,6 +72,7 @@ extern int innetgr __P(( const char *, const char *, const char *, const char *
 
 #define max(a, b)	((a > b) ? a : b)
 
+static int __iruserok_af __P((void *, int, const char *, const char *, int));
 int	__ivaliduser __P((FILE *, u_int32_t, const char *, const char *));
 static int __icheckhost __P((void *, char *, int, int));
 
@@ -83,6 +86,17 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
 	const char *locuser, *remuser, *cmd;
 	int *fd2p;
 {
+	return rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, AF_INET);
+}
+
+int
+rcmd_af(ahost, rport, locuser, remuser, cmd, fd2p, af)
+	char **ahost;
+	u_short rport;
+	const char *locuser, *remuser, *cmd;
+	int *fd2p;
+	int af;
+{
 	struct addrinfo hints, *res, *ai;
 	struct sockaddr_storage from;
 	fd_set reads;
@@ -97,7 +111,7 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
 
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_flags = AI_CANONNAME;
-	hints.ai_family = AF_UNSPEC;
+	hints.ai_family = af;
 	hints.ai_socktype = SOCK_STREAM;
 	hints.ai_protocol = 0;
 	(void)snprintf(num, sizeof(num), "%d", ntohs(rport));
@@ -158,7 +172,12 @@ rcmd(ahost, rport, locuser, remuser, cmd, fd2p)
 			continue;
 		}
 		if (refused && timo <= 16) {
-			(void)sleep(timo);
+			struct timespec time_to_sleep, time_remaining;
+
+			time_to_sleep.tv_sec = timo;
+			time_to_sleep.tv_nsec = 0;
+			(void)_nanosleep(&time_to_sleep, &time_remaining);
+			
 			timo *= 2;
 			ai = res;
 			refused = 0;
@@ -296,13 +315,13 @@ rresvport_af(alport, family)
 	ss.ss_family = family;
 	switch (family) {
 	case AF_INET:
-		ss.ss_len = sizeof(struct sockaddr_in);
+		((struct sockaddr *)&ss)->sa_len = sizeof(struct sockaddr_in);
 		sport = &((struct sockaddr_in *)&ss)->sin_port;
 		((struct sockaddr_in *)&ss)->sin_addr.s_addr = INADDR_ANY;
 		break;
 #ifdef INET6
 	case AF_INET6:
-		ss.ss_len = sizeof(struct sockaddr_in6);
+		((struct sockaddr *)&ss)->sa_len = sizeof(struct sockaddr_in6);
 		sport = &((struct sockaddr_in6 *)&ss)->sin6_port;
 		((struct sockaddr_in6 *)&ss)->sin6_addr = in6addr_any;
 		break;
@@ -325,7 +344,7 @@ rresvport_af(alport, family)
 	}
 #endif
 	*sport = 0;
-	if (bindresvport2(s, (struct sockaddr *)&ss, ss.ss_len) == -1) {
+	if (bindresvport_sa(s, (struct sockaddr *)&ss) == -1) {
 		(void)close(s);
 		return (-1);
 	}
@@ -341,36 +360,25 @@ ruserok(rhost, superuser, ruser, luser)
 	const char *rhost, *ruser, *luser;
 	int superuser;
 {
-	return ruserok_af(rhost, superuser, ruser, luser, AF_INET);
-}
-
-int
-ruserok_af(rhost, superuser, ruser, luser, af)
-	const char *rhost, *ruser, *luser;
-	int superuser, af;
-{
-	struct hostent *hp;
-	union {
-		struct in_addr addr_in;
-#ifdef INET6
-		struct in6_addr addr_in6;
-#endif
-	} addr;
-	char **ap;
-	int ret, h_error;
+	struct addrinfo hints, *res, *r;
+	int error;
 
-	if ((hp = getipnodebyname(rhost, af, AI_DEFAULT, &h_error)) == NULL)
+	memset(&hints, 0, sizeof(hints));
+	hints.ai_family = PF_UNSPEC;
+	hints.ai_socktype = SOCK_DGRAM;	/*dummy*/
+	error = getaddrinfo(rhost, "0", &hints, &res);
+	if (error)
 		return (-1);
-	ret = -1;
-	for (ap = hp->h_addr_list; *ap; ++ap) {
-		bcopy(*ap, &addr, hp->h_length);
-		if (iruserok_af(&addr, superuser, ruser, luser, af) == 0) {
-			ret = 0;
-			break;
+
+	for (r = res; r; r = r->ai_next) {
+		if (iruserok_sa(r->ai_addr, r->ai_addrlen, superuser, ruser,
+		    luser) == 0) {
+			freeaddrinfo(res);
+			return (0);
 		}
 	}
-	freehostent(hp);
-	return (ret);
+	freeaddrinfo(res);
+	return (-1);
 }
 
 /*
@@ -388,11 +396,12 @@ iruserok(raddr, superuser, ruser, luser)
 	int superuser;
 	const char *ruser, *luser;
 {
-	return iruserok_af(&raddr, superuser, ruser, luser, AF_INET);
+	return __iruserok_af(&raddr, superuser, ruser, luser, AF_INET);
 }
 
-int
-iruserok_af(raddr, superuser, ruser, luser, af)
+/* Other AF support extension of iruserok. */
+static int
+__iruserok_af(raddr, superuser, ruser, luser, af)
 	void *raddr;
 	int superuser;
 	const char *ruser, *luser;
@@ -475,6 +484,37 @@ again:
 }
 
 /*
+ * AF independent extension of iruserok. We are passed an sockaddr, and
+ * then call iruserok_af() as the type of sockaddr.
+ *
+ * Returns 0 if ok, -1 if not ok.
+ */
+int
+iruserok_sa(addr, addrlen, superuser, ruser, luser)
+	const void *addr;
+	int addrlen;
+	int superuser;
+	const char *ruser, *luser;
+{
+	struct sockaddr *sa;
+	void *raddr = NULL;
+
+	sa = (struct sockaddr *)addr;
+	switch (sa->sa_family) {
+	case AF_INET:
+		raddr = &((struct sockaddr_in *)sa)->sin_addr;
+		break;
+#ifdef INET6
+	case AF_INET6:
+		raddr = &((struct sockaddr_in6 *)sa)->sin6_addr;
+		break;
+#endif
+	}
+
+	__iruserok_af(raddr, superuser, ruser, luser, sa->sa_family);
+}
+
+/*
  * XXX
  * Don't make static, used by lpd(8).
  *
@@ -637,7 +677,8 @@ __icheckhost(raddr, lhost, af, len)
 	}
 
 	/* Better be a hostname. */
-	if ((hp = getipnodebyname(lhost, af, AI_DEFAULT, &h_error)) == NULL)
+	if ((hp = getipnodebyname(lhost, af, AI_ALL|AI_DEFAULT, &h_error))
+	    == NULL)
 		return (0);
 
 	/* Spin through ip addresses. */