diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-11-19 04:12:32 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-11-19 15:14:32 +1100 |
commit | 928f1231f65f88cd4c73e6e0edd63d2cf6295d77 (patch) | |
tree | e72cade439a4a56ad978e5624f36821c0af7c950 | |
parent | 7fca94edbe8ca9f879da9fdd2afd959c4180f4c7 (diff) |
upstream: silence (to log level debug2) failure messages when
loading the default hostkeys. Hostkeys explicitly specified in the
configuration or on the command-line are still reported as errors, and
failure to load at least one host key remains a fatal error.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Based on patch from Dag-Erling Smørgrav via
https://github.com/openssh/openssh-portable/pull/103
ok markus@
OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684
-rw-r--r-- | servconf.c | 40 | ||||
-rw-r--r-- | servconf.h | 5 | ||||
-rw-r--r-- | sshd.c | 13 |
3 files changed, 39 insertions, 19 deletions
diff --git a/servconf.c b/servconf.c index a8727c0fa..52d9be429 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.343 2018/11/16 03:26:01 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.344 2018/11/19 04:12:32 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -221,26 +221,40 @@ assemble_algorithms(ServerOptions *o) | |||
221 | } | 221 | } |
222 | 222 | ||
223 | static void | 223 | static void |
224 | array_append(const char *file, const int line, const char *directive, | 224 | array_append2(const char *file, const int line, const char *directive, |
225 | char ***array, u_int *lp, const char *s) | 225 | char ***array, int **iarray, u_int *lp, const char *s, int i) |
226 | { | 226 | { |
227 | 227 | ||
228 | if (*lp >= INT_MAX) | 228 | if (*lp >= INT_MAX) |
229 | fatal("%s line %d: Too many %s entries", file, line, directive); | 229 | fatal("%s line %d: Too many %s entries", file, line, directive); |
230 | 230 | ||
231 | if (iarray != NULL) { | ||
232 | *iarray = xrecallocarray(*iarray, *lp, *lp + 1, | ||
233 | sizeof(**iarray)); | ||
234 | (*iarray)[*lp] = i; | ||
235 | } | ||
236 | |||
231 | *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array)); | 237 | *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array)); |
232 | (*array)[*lp] = xstrdup(s); | 238 | (*array)[*lp] = xstrdup(s); |
233 | (*lp)++; | 239 | (*lp)++; |
234 | } | 240 | } |
235 | 241 | ||
242 | static void | ||
243 | array_append(const char *file, const int line, const char *directive, | ||
244 | char ***array, u_int *lp, const char *s) | ||
245 | { | ||
246 | array_append2(file, line, directive, array, NULL, lp, s, 0); | ||
247 | } | ||
248 | |||
236 | void | 249 | void |
237 | servconf_add_hostkey(const char *file, const int line, | 250 | servconf_add_hostkey(const char *file, const int line, |
238 | ServerOptions *options, const char *path) | 251 | ServerOptions *options, const char *path, int userprovided) |
239 | { | 252 | { |
240 | char *apath = derelativise_path(path); | 253 | char *apath = derelativise_path(path); |
241 | 254 | ||
242 | array_append(file, line, "HostKey", | 255 | array_append2(file, line, "HostKey", |
243 | &options->host_key_files, &options->num_host_key_files, apath); | 256 | &options->host_key_files, &options->host_key_file_userprovided, |
257 | &options->num_host_key_files, apath, userprovided); | ||
244 | free(apath); | 258 | free(apath); |
245 | } | 259 | } |
246 | 260 | ||
@@ -268,16 +282,16 @@ fill_default_server_options(ServerOptions *options) | |||
268 | if (options->num_host_key_files == 0) { | 282 | if (options->num_host_key_files == 0) { |
269 | /* fill default hostkeys for protocols */ | 283 | /* fill default hostkeys for protocols */ |
270 | servconf_add_hostkey("[default]", 0, options, | 284 | servconf_add_hostkey("[default]", 0, options, |
271 | _PATH_HOST_RSA_KEY_FILE); | 285 | _PATH_HOST_RSA_KEY_FILE, 0); |
272 | #ifdef OPENSSL_HAS_ECC | 286 | #ifdef OPENSSL_HAS_ECC |
273 | servconf_add_hostkey("[default]", 0, options, | 287 | servconf_add_hostkey("[default]", 0, options, |
274 | _PATH_HOST_ECDSA_KEY_FILE); | 288 | _PATH_HOST_ECDSA_KEY_FILE, 0); |
275 | #endif | 289 | #endif |
276 | servconf_add_hostkey("[default]", 0, options, | 290 | servconf_add_hostkey("[default]", 0, options, |
277 | _PATH_HOST_ED25519_KEY_FILE); | 291 | _PATH_HOST_ED25519_KEY_FILE, 0); |
278 | #ifdef WITH_XMSS | 292 | #ifdef WITH_XMSS |
279 | servconf_add_hostkey("[default]", 0, options, | 293 | servconf_add_hostkey("[default]", 0, options, |
280 | _PATH_HOST_XMSS_KEY_FILE); | 294 | _PATH_HOST_XMSS_KEY_FILE, 0); |
281 | #endif /* WITH_XMSS */ | 295 | #endif /* WITH_XMSS */ |
282 | } | 296 | } |
283 | /* No certificates by default */ | 297 | /* No certificates by default */ |
@@ -1355,8 +1369,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1355 | if (!arg || *arg == '\0') | 1369 | if (!arg || *arg == '\0') |
1356 | fatal("%s line %d: missing file name.", | 1370 | fatal("%s line %d: missing file name.", |
1357 | filename, linenum); | 1371 | filename, linenum); |
1358 | if (*activep) | 1372 | if (*activep) { |
1359 | servconf_add_hostkey(filename, linenum, options, arg); | 1373 | servconf_add_hostkey(filename, linenum, |
1374 | options, arg, 1); | ||
1375 | } | ||
1360 | break; | 1376 | break; |
1361 | 1377 | ||
1362 | case sHostKeyAgent: | 1378 | case sHostKeyAgent: |
diff --git a/servconf.h b/servconf.h index 0175e00e8..548ad5a0c 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.137 2018/09/20 03:28:06 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.138 2018/11/19 04:12:32 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -75,6 +75,7 @@ typedef struct { | |||
75 | char *routing_domain; /* Bind session to routing domain */ | 75 | char *routing_domain; /* Bind session to routing domain */ |
76 | 76 | ||
77 | char **host_key_files; /* Files containing host keys. */ | 77 | char **host_key_files; /* Files containing host keys. */ |
78 | int *host_key_file_userprovided; /* Key was specified by user. */ | ||
78 | u_int num_host_key_files; /* Number of files for host keys. */ | 79 | u_int num_host_key_files; /* Number of files for host keys. */ |
79 | char **host_cert_files; /* Files containing host certs. */ | 80 | char **host_cert_files; /* Files containing host certs. */ |
80 | u_int num_host_cert_files; /* Number of files for host certs. */ | 81 | u_int num_host_cert_files; /* Number of files for host certs. */ |
@@ -273,7 +274,7 @@ void copy_set_server_options(ServerOptions *, ServerOptions *, int); | |||
273 | void dump_config(ServerOptions *); | 274 | void dump_config(ServerOptions *); |
274 | char *derelativise_path(const char *); | 275 | char *derelativise_path(const char *); |
275 | void servconf_add_hostkey(const char *, const int, | 276 | void servconf_add_hostkey(const char *, const int, |
276 | ServerOptions *, const char *path); | 277 | ServerOptions *, const char *path, int); |
277 | void servconf_add_hostcert(const char *, const int, | 278 | void servconf_add_hostcert(const char *, const int, |
278 | ServerOptions *, const char *path); | 279 | ServerOptions *, const char *path); |
279 | 280 | ||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.518 2018/11/16 03:26:01 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.519 2018/11/19 04:12:32 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1588,7 +1588,7 @@ main(int ac, char **av) | |||
1588 | break; | 1588 | break; |
1589 | case 'h': | 1589 | case 'h': |
1590 | servconf_add_hostkey("[command-line]", 0, | 1590 | servconf_add_hostkey("[command-line]", 0, |
1591 | &options, optarg); | 1591 | &options, optarg, 1); |
1592 | break; | 1592 | break; |
1593 | case 't': | 1593 | case 't': |
1594 | test_flag = 1; | 1594 | test_flag = 1; |
@@ -1760,15 +1760,18 @@ main(int ac, char **av) | |||
1760 | } | 1760 | } |
1761 | 1761 | ||
1762 | for (i = 0; i < options.num_host_key_files; i++) { | 1762 | for (i = 0; i < options.num_host_key_files; i++) { |
1763 | int ll = options.host_key_file_userprovided[i] ? | ||
1764 | SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_DEBUG1; | ||
1765 | |||
1763 | if (options.host_key_files[i] == NULL) | 1766 | if (options.host_key_files[i] == NULL) |
1764 | continue; | 1767 | continue; |
1765 | if ((r = sshkey_load_private(options.host_key_files[i], "", | 1768 | if ((r = sshkey_load_private(options.host_key_files[i], "", |
1766 | &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) | 1769 | &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) |
1767 | error("Error loading host key \"%s\": %s", | 1770 | do_log2(ll, "Unable to load host key \"%s\": %s", |
1768 | options.host_key_files[i], ssh_err(r)); | 1771 | options.host_key_files[i], ssh_err(r)); |
1769 | if ((r = sshkey_load_public(options.host_key_files[i], | 1772 | if ((r = sshkey_load_public(options.host_key_files[i], |
1770 | &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) | 1773 | &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR) |
1771 | error("Error loading host key \"%s\": %s", | 1774 | do_log2(ll, "Unable to load host key \"%s\": %s", |
1772 | options.host_key_files[i], ssh_err(r)); | 1775 | options.host_key_files[i], ssh_err(r)); |
1773 | if (pubkey == NULL && key != NULL) | 1776 | if (pubkey == NULL && key != NULL) |
1774 | if ((r = sshkey_from_private(key, &pubkey)) != 0) | 1777 | if ((r = sshkey_from_private(key, &pubkey)) != 0) |
@@ -1785,7 +1788,7 @@ main(int ac, char **av) | |||
1785 | keytype = key->type; | 1788 | keytype = key->type; |
1786 | accumulate_host_timing_secret(cfg, key); | 1789 | accumulate_host_timing_secret(cfg, key); |
1787 | } else { | 1790 | } else { |
1788 | error("Could not load host key: %s", | 1791 | do_log2(ll, "Unable to load host key: %s", |
1789 | options.host_key_files[i]); | 1792 | options.host_key_files[i]); |
1790 | sensitive_data.host_keys[i] = NULL; | 1793 | sensitive_data.host_keys[i] = NULL; |
1791 | sensitive_data.host_pubkeys[i] = NULL; | 1794 | sensitive_data.host_pubkeys[i] = NULL; |