upstream: silence (to log level debug2) failure messages when

loading the default hostkeys. Hostkeys explicitly specified in the
configuration or on the command-line are still reported as errors, and
failure to load at least one host key remains a fatal error.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Based on patch from Dag-Erling Smørgrav via
https://github.com/openssh/openssh-portable/pull/103

ok markus@

OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684

3 files changed, 39 insertions, 19 deletions

diff --git a/servconf.c b/servconf.c
index a8727c0fa..52d9be429 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.343 2018/11/16 03:26:01 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.344 2018/11/19 04:12:32 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -221,26 +221,40 @@ assemble_algorithms(ServerOptions *o)
 }
 
 static void
-array_append(const char *file, const int line, const char *directive,
-    char ***array, u_int *lp, const char *s)
+array_append2(const char *file, const int line, const char *directive,
+    char ***array, int **iarray, u_int *lp, const char *s, int i)
 {
 
         if (*lp >= INT_MAX)
                 fatal("%s line %d: Too many %s entries", file, line, directive);
 
+        if (iarray != NULL) {
+                *iarray = xrecallocarray(*iarray, *lp, *lp + 1,
+                    sizeof(**iarray));
+                (*iarray)[*lp] = i;
+        }
+
         *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
         (*array)[*lp] = xstrdup(s);
         (*lp)++;
 }
 
+static void
+array_append(const char *file, const int line, const char *directive,
+    char ***array, u_int *lp, const char *s)
+{
+        array_append2(file, line, directive, array, NULL, lp, s, 0);
+}
+
 void
 servconf_add_hostkey(const char *file, const int line,
-    ServerOptions *options, const char *path)
+    ServerOptions *options, const char *path, int userprovided)
 {
         char *apath = derelativise_path(path);
 
-        array_append(file, line, "HostKey",
-            &options->host_key_files, &options->num_host_key_files, apath);
+        array_append2(file, line, "HostKey",
+            &options->host_key_files, &options->host_key_file_userprovided,
+            &options->num_host_key_files, apath, userprovided);
         free(apath);
 }
 
@@ -268,16 +282,16 @@ fill_default_server_options(ServerOptions *options)
         if (options->num_host_key_files == 0) {
                 /* fill default hostkeys for protocols */
                 servconf_add_hostkey("[default]", 0, options,
-                    _PATH_HOST_RSA_KEY_FILE);
+                    _PATH_HOST_RSA_KEY_FILE, 0);
 #ifdef OPENSSL_HAS_ECC
                 servconf_add_hostkey("[default]", 0, options,
-                    _PATH_HOST_ECDSA_KEY_FILE);
+                    _PATH_HOST_ECDSA_KEY_FILE, 0);
 #endif
                 servconf_add_hostkey("[default]", 0, options,
-                    _PATH_HOST_ED25519_KEY_FILE);
+                    _PATH_HOST_ED25519_KEY_FILE, 0);
 #ifdef WITH_XMSS
                 servconf_add_hostkey("[default]", 0, options,
-                    _PATH_HOST_XMSS_KEY_FILE);
+                    _PATH_HOST_XMSS_KEY_FILE, 0);
 #endif /* WITH_XMSS */
         }
         /* No certificates by default */
@@ -1355,8 +1369,10 @@ process_server_config_line(ServerOptions *options, char *line,
                 if (!arg || *arg == '\0')
                         fatal("%s line %d: missing file name.",
                             filename, linenum);
-                if (*activep)
-                        servconf_add_hostkey(filename, linenum, options, arg);
+                if (*activep) {
+                        servconf_add_hostkey(filename, linenum,
+                            options, arg, 1);
+                }
                 break;
 
         case sHostKeyAgent:
diff --git a/servconf.h b/servconf.h
index 0175e00e8..548ad5a0c 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.137 2018/09/20 03:28:06 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.138 2018/11/19 04:12:32 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -75,6 +75,7 @@ typedef struct {
         char    *routing_domain;        /* Bind session to routing domain */
 
         char   **host_key_files;        /* Files containing host keys. */
+        int     *host_key_file_userprovided; /* Key was specified by user. */
         u_int   num_host_key_files;     /* Number of files for host keys. */
         char   **host_cert_files;       /* Files containing host certs. */
         u_int   num_host_cert_files;    /* Number of files for host certs. */
@@ -273,7 +274,7 @@ void	 copy_set_server_options(ServerOptions *, ServerOptions *, int);
 void     dump_config(ServerOptions *);
 char    *derelativise_path(const char *);
 void     servconf_add_hostkey(const char *, const int,
-            ServerOptions *, const char *path);
+            ServerOptions *, const char *path, int);
 void     servconf_add_hostcert(const char *, const int,
             ServerOptions *, const char *path);
 
diff --git a/sshd.c b/sshd.c
index 362736977..afd959329 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.518 2018/11/16 03:26:01 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.519 2018/11/19 04:12:32 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1588,7 +1588,7 @@ main(int ac, char **av)
                         break;
                 case 'h':
                         servconf_add_hostkey("[command-line]", 0,
-                            &options, optarg);
+                            &options, optarg, 1);
                         break;
                 case 't':
                         test_flag = 1;
@@ -1760,15 +1760,18 @@ main(int ac, char **av)
         }
 
         for (i = 0; i < options.num_host_key_files; i++) {
+                int ll = options.host_key_file_userprovided[i] ?
+                    SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_DEBUG1;
+
                 if (options.host_key_files[i] == NULL)
                         continue;
                 if ((r = sshkey_load_private(options.host_key_files[i], "",
                     &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
-                        error("Error loading host key \"%s\": %s",
+                        do_log2(ll, "Unable to load host key \"%s\": %s",
                             options.host_key_files[i], ssh_err(r));
                 if ((r = sshkey_load_public(options.host_key_files[i],
                     &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
-                        error("Error loading host key \"%s\": %s",
+                        do_log2(ll, "Unable to load host key \"%s\": %s",
                             options.host_key_files[i], ssh_err(r));
                 if (pubkey == NULL && key != NULL)
                         if ((r = sshkey_from_private(key, &pubkey)) != 0)
@@ -1785,7 +1788,7 @@ main(int ac, char **av)
                         keytype = key->type;
                         accumulate_host_timing_secret(cfg, key);
                 } else {
-                        error("Could not load host key: %s",
+                        do_log2(ll, "Unable to load host key: %s",
                             options.host_key_files[i]);
                         sensitive_data.host_keys[i] = NULL;
                         sensitive_data.host_pubkeys[i] = NULL;