upstream: make IgnoreRhosts a tri-state option: "yes" ignore

rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only" to allow
.shosts files but not .rhosts. ok dtucker@

OpenBSD-Commit-ID: d08d6930ed06377a80cf53923c1955e9589342e9

4 files changed, 43 insertions, 14 deletions

diff --git a/auth-rhosts.c b/auth-rhosts.c
index 7a10210b6..e81321b49 100644
--- a/auth-rhosts.c
+++ b/auth-rhosts.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-rhosts.c,v 1.51 2019/10/02 00:42:30 djm Exp $ */
+/* $OpenBSD: auth-rhosts.c,v 1.52 2020/04/17 03:30:05 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -298,7 +298,9 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
                  * Check if we have been configured to ignore .rhosts
                  * and .shosts files.
                  */
-                if (options.ignore_rhosts) {
+                if (options.ignore_rhosts == IGNORE_RHOSTS_YES ||
+                    (options.ignore_rhosts == IGNORE_RHOSTS_SHOSTS &&
+                    strcmp(rhosts_files[rhosts_file_index], ".shosts") != 0)) {
                         auth_debug_add("Server has been configured to "
                             "ignore %.100s.", rhosts_files[rhosts_file_index]);
                         continue;
diff --git a/servconf.c b/servconf.c
index ae45099ab..7e422ec8f 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.362 2020/04/17 03:23:13 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.363 2020/04/17 03:30:05 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1213,6 +1213,12 @@ static const struct multistate multistate_flag[] = {
         { "no",                         0 },
         { NULL, -1 }
 };
+static const struct multistate multistate_ignore_rhosts[] = {
+        { "yes",                        IGNORE_RHOSTS_YES },
+        { "no",                         IGNORE_RHOSTS_NO },
+        { "shosts-only",                IGNORE_RHOSTS_SHOSTS },
+        { NULL, -1 }
+};
 static const struct multistate multistate_addressfamily[] = {
         { "inet",                       AF_INET },
         { "inet6",                      AF_INET6 },
@@ -1462,13 +1468,14 @@ process_server_config_line_depth(ServerOptions *options, char *line,
 
         case sIgnoreRhosts:
                 intptr = &options->ignore_rhosts;
- parse_flag:
-                multistate_ptr = multistate_flag;
+                multistate_ptr = multistate_ignore_rhosts;
                 goto parse_multistate;
 
         case sIgnoreUserKnownHosts:
                 intptr = &options->ignore_user_known_hosts;
-                goto parse_flag;
+ parse_flag:
+                multistate_ptr = multistate_flag;
+                goto parse_multistate;
 
         case sHostbasedAuthentication:
                 intptr = &options->hostbased_authentication;
@@ -2628,6 +2635,8 @@ fmt_intarg(ServerOpCodes code, int val)
                 return fmt_multistate_int(val, multistate_tcpfwd);
         case sAllowStreamLocalForwarding:
                 return fmt_multistate_int(val, multistate_tcpfwd);
+        case sIgnoreRhosts:
+                return fmt_multistate_int(val, multistate_ignore_rhosts);
         case sFingerprintHash:
                 return ssh_digest_alg_name(val);
         default:
diff --git a/servconf.h b/servconf.h
index 4202a2d02..a420f398d 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.143 2020/01/31 22:42:45 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.144 2020/04/17 03:30:05 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -38,6 +38,11 @@
 #define PERMITOPEN_ANY          0
 #define PERMITOPEN_NONE         -2
 
+/* IgnoreRhosts */
+#define IGNORE_RHOSTS_NO        0
+#define IGNORE_RHOSTS_YES       1
+#define IGNORE_RHOSTS_SHOSTS    2
+
 #define DEFAULT_AUTH_FAIL_MAX   6       /* Default for MaxAuthTries */
 #define DEFAULT_SESSIONS_MAX    10      /* Default for MaxSessions */
 
diff --git a/sshd_config.5 b/sshd_config.5
index a60be383d..5648337a6 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.308 2020/04/17 03:23:13 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.309 2020/04/17 03:30:05 djm Exp $
 .Dd $Mdocdate: April 17 2020 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -778,19 +778,32 @@ rsa-sha2-512,rsa-sha2-256,ssh-rsa
 The list of available key types may also be obtained using
 .Qq ssh -Q HostKeyAlgorithms .
 .It Cm IgnoreRhosts
-Specifies that
+Specifies whether to ignore per-user
 .Pa .rhosts
 and
 .Pa .shosts
-files will not be used in
+files during
 .Cm HostbasedAuthentication .
-.Pp
+The system-wide
 .Pa /etc/hosts.equiv
 and
 .Pa /etc/shosts.equiv
-are still used.
-The default is
-.Cm yes .
+are still used regardless of this setting.
+.Pp
+Accepted values are
+.Cm yes
+(the default) to ignore all per-user files,
+.Cm shosts-only
+to allow the use of
+.Pa .shosts
+but to ignore
+.Pa .rhosts
+or
+.Cm no
+to allow both
+.Pa .shosts
+and
+.Pa rhosts.
 .It Cm IgnoreUserKnownHosts
 Specifies whether
 .Xr sshd 8