diff options
author | djm@openbsd.org <djm@openbsd.org> | 2014-12-22 07:55:51 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2014-12-22 19:08:12 +1100 |
commit | 161cf419f412446635013ac49e8c660cadc36080 (patch) | |
tree | 849be0516d697c2bad7277ed780144a84602d86f | |
parent | f69b69b8625be447b8826b21d87713874dac25a6 (diff) |
upstream commit
make internal handling of filename arguments of "none"
more consistent with ssh. "none" arguments are now replaced with NULL when
the configuration is finalised.
Simplifies checking later on (just need to test not-NULL rather than
that + strcmp) and cleans up some inconsistencies. ok markus@
-rw-r--r-- | auth2.c | 6 | ||||
-rw-r--r-- | servconf.c | 38 | ||||
-rw-r--r-- | session.c | 4 | ||||
-rw-r--r-- | sshd.c | 15 |
4 files changed, 46 insertions, 17 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2.c,v 1.133 2014/12/18 23:58:04 djm Exp $ */ | 1 | /* $OpenBSD: auth2.c,v 1.134 2014/12/22 07:55:51 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -151,9 +151,7 @@ userauth_banner(void) | |||
151 | { | 151 | { |
152 | char *banner = NULL; | 152 | char *banner = NULL; |
153 | 153 | ||
154 | if (options.banner == NULL || | 154 | if (options.banner == NULL || (datafellows & SSH_BUG_BANNER) != 0) |
155 | strcasecmp(options.banner, "none") == 0 || | ||
156 | (datafellows & SSH_BUG_BANNER) != 0) | ||
157 | return; | 155 | return; |
158 | 156 | ||
159 | if ((banner = PRIVSEP(auth2_read_banner())) == NULL) | 157 | if ((banner = PRIVSEP(auth2_read_banner())) == NULL) |
diff --git a/servconf.c b/servconf.c index abc3c72fb..6eb368661 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.256 2014/12/21 22:27:56 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.257 2014/12/22 07:55:51 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -162,9 +162,18 @@ initialize_server_options(ServerOptions *options) | |||
162 | options->fingerprint_hash = -1; | 162 | options->fingerprint_hash = -1; |
163 | } | 163 | } |
164 | 164 | ||
165 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ | ||
166 | static int | ||
167 | option_clear_or_none(const char *o) | ||
168 | { | ||
169 | return o == NULL || strcasecmp(o, "none") == 0; | ||
170 | } | ||
171 | |||
165 | void | 172 | void |
166 | fill_default_server_options(ServerOptions *options) | 173 | fill_default_server_options(ServerOptions *options) |
167 | { | 174 | { |
175 | int i; | ||
176 | |||
168 | /* Portable-specific options */ | 177 | /* Portable-specific options */ |
169 | if (options->use_pam == -1) | 178 | if (options->use_pam == -1) |
170 | options->use_pam = 0; | 179 | options->use_pam = 0; |
@@ -196,7 +205,7 @@ fill_default_server_options(ServerOptions *options) | |||
196 | if (options->listen_addrs == NULL) | 205 | if (options->listen_addrs == NULL) |
197 | add_listen_addr(options, NULL, 0); | 206 | add_listen_addr(options, NULL, 0); |
198 | if (options->pid_file == NULL) | 207 | if (options->pid_file == NULL) |
199 | options->pid_file = _PATH_SSH_DAEMON_PID_FILE; | 208 | options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); |
200 | if (options->server_key_bits == -1) | 209 | if (options->server_key_bits == -1) |
201 | options->server_key_bits = 1024; | 210 | options->server_key_bits = 1024; |
202 | if (options->login_grace_time == -1) | 211 | if (options->login_grace_time == -1) |
@@ -220,7 +229,7 @@ fill_default_server_options(ServerOptions *options) | |||
220 | if (options->x11_use_localhost == -1) | 229 | if (options->x11_use_localhost == -1) |
221 | options->x11_use_localhost = 1; | 230 | options->x11_use_localhost = 1; |
222 | if (options->xauth_location == NULL) | 231 | if (options->xauth_location == NULL) |
223 | options->xauth_location = _PATH_XAUTH; | 232 | options->xauth_location = xstrdup(_PATH_XAUTH); |
224 | if (options->permit_tty == -1) | 233 | if (options->permit_tty == -1) |
225 | options->permit_tty = 1; | 234 | options->permit_tty = 1; |
226 | if (options->permit_user_rc == -1) | 235 | if (options->permit_user_rc == -1) |
@@ -321,6 +330,24 @@ fill_default_server_options(ServerOptions *options) | |||
321 | if (use_privsep == -1) | 330 | if (use_privsep == -1) |
322 | use_privsep = PRIVSEP_NOSANDBOX; | 331 | use_privsep = PRIVSEP_NOSANDBOX; |
323 | 332 | ||
333 | #define CLEAR_ON_NONE(v) \ | ||
334 | do { \ | ||
335 | if (option_clear_or_none(v)) { \ | ||
336 | free(v); \ | ||
337 | v = NULL; \ | ||
338 | } \ | ||
339 | } while(0) | ||
340 | CLEAR_ON_NONE(options->pid_file); | ||
341 | CLEAR_ON_NONE(options->xauth_location); | ||
342 | CLEAR_ON_NONE(options->banner); | ||
343 | CLEAR_ON_NONE(options->trusted_user_ca_keys); | ||
344 | CLEAR_ON_NONE(options->revoked_keys_file); | ||
345 | for (i = 0; i < options->num_host_key_files; i++) | ||
346 | CLEAR_ON_NONE(options->host_key_files[i]); | ||
347 | for (i = 0; i < options->num_host_cert_files; i++) | ||
348 | CLEAR_ON_NONE(options->host_cert_files[i]); | ||
349 | #undef CLEAR_ON_NONE | ||
350 | |||
324 | #ifndef HAVE_MMAP | 351 | #ifndef HAVE_MMAP |
325 | if (use_privsep && options->compression == 1) { | 352 | if (use_privsep && options->compression == 1) { |
326 | error("This platform does not support both privilege " | 353 | error("This platform does not support both privilege " |
@@ -538,6 +565,8 @@ derelativise_path(const char *path) | |||
538 | { | 565 | { |
539 | char *expanded, *ret, cwd[MAXPATHLEN]; | 566 | char *expanded, *ret, cwd[MAXPATHLEN]; |
540 | 567 | ||
568 | if (strcasecmp(path, "none") == 0) | ||
569 | return xstrdup("none"); | ||
541 | expanded = tilde_expand_filename(path, getuid()); | 570 | expanded = tilde_expand_filename(path, getuid()); |
542 | if (*expanded == '/') | 571 | if (*expanded == '/') |
543 | return expanded; | 572 | return expanded; |
@@ -1982,7 +2011,8 @@ dump_cfg_string(ServerOpCodes code, const char *val) | |||
1982 | { | 2011 | { |
1983 | if (val == NULL) | 2012 | if (val == NULL) |
1984 | return; | 2013 | return; |
1985 | printf("%s %s\n", lookup_opcode_name(code), val); | 2014 | printf("%s %s\n", lookup_opcode_name(code), |
2015 | val == NULL ? "none" : val); | ||
1986 | } | 2016 | } |
1987 | 2017 | ||
1988 | static void | 2018 | static void |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.274 2014/07/15 15:54:14 millert Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.275 2014/12/22 07:55:51 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -2648,7 +2648,7 @@ session_setup_x11fwd(Session *s) | |||
2648 | debug("X11 forwarding disabled in server configuration file."); | 2648 | debug("X11 forwarding disabled in server configuration file."); |
2649 | return 0; | 2649 | return 0; |
2650 | } | 2650 | } |
2651 | if (!options.xauth_location || | 2651 | if (options.xauth_location == NULL || |
2652 | (stat(options.xauth_location, &st) == -1)) { | 2652 | (stat(options.xauth_location, &st) == -1)) { |
2653 | packet_send_debug("No xauth program; cannot forward with spoofing."); | 2653 | packet_send_debug("No xauth program; cannot forward with spoofing."); |
2654 | return 0; | 2654 | return 0; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.429 2014/12/11 08:20:09 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.430 2014/12/22 07:55:51 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1208,7 +1208,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
1208 | logit("Received signal %d; terminating.", | 1208 | logit("Received signal %d; terminating.", |
1209 | (int) received_sigterm); | 1209 | (int) received_sigterm); |
1210 | close_listen_socks(); | 1210 | close_listen_socks(); |
1211 | unlink(options.pid_file); | 1211 | if (options.pid_file != NULL) |
1212 | unlink(options.pid_file); | ||
1212 | exit(received_sigterm == SIGTERM ? 0 : 255); | 1213 | exit(received_sigterm == SIGTERM ? 0 : 255); |
1213 | } | 1214 | } |
1214 | if (key_used && key_do_regen) { | 1215 | if (key_used && key_do_regen) { |
@@ -1694,10 +1695,6 @@ main(int ac, char **av) | |||
1694 | sizeof(Key *)); | 1695 | sizeof(Key *)); |
1695 | sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, | 1696 | sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, |
1696 | sizeof(Key *)); | 1697 | sizeof(Key *)); |
1697 | for (i = 0; i < options.num_host_key_files; i++) { | ||
1698 | sensitive_data.host_keys[i] = NULL; | ||
1699 | sensitive_data.host_pubkeys[i] = NULL; | ||
1700 | } | ||
1701 | 1698 | ||
1702 | if (options.host_key_agent) { | 1699 | if (options.host_key_agent) { |
1703 | if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) | 1700 | if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) |
@@ -1707,6 +1704,8 @@ main(int ac, char **av) | |||
1707 | } | 1704 | } |
1708 | 1705 | ||
1709 | for (i = 0; i < options.num_host_key_files; i++) { | 1706 | for (i = 0; i < options.num_host_key_files; i++) { |
1707 | if (options.host_key_files[i] == NULL) | ||
1708 | continue; | ||
1710 | key = key_load_private(options.host_key_files[i], "", NULL); | 1709 | key = key_load_private(options.host_key_files[i], "", NULL); |
1711 | pubkey = key_load_public(options.host_key_files[i], NULL); | 1710 | pubkey = key_load_public(options.host_key_files[i], NULL); |
1712 | sensitive_data.host_keys[i] = key; | 1711 | sensitive_data.host_keys[i] = key; |
@@ -1765,6 +1764,8 @@ main(int ac, char **av) | |||
1765 | sensitive_data.host_certificates[i] = NULL; | 1764 | sensitive_data.host_certificates[i] = NULL; |
1766 | 1765 | ||
1767 | for (i = 0; i < options.num_host_cert_files; i++) { | 1766 | for (i = 0; i < options.num_host_cert_files; i++) { |
1767 | if (options.host_cert_files[i] == NULL) | ||
1768 | continue; | ||
1768 | key = key_load_public(options.host_cert_files[i], NULL); | 1769 | key = key_load_public(options.host_cert_files[i], NULL); |
1769 | if (key == NULL) { | 1770 | if (key == NULL) { |
1770 | error("Could not load host certificate: %s", | 1771 | error("Could not load host certificate: %s", |
@@ -1932,7 +1933,7 @@ main(int ac, char **av) | |||
1932 | * Write out the pid file after the sigterm handler | 1933 | * Write out the pid file after the sigterm handler |
1933 | * is setup and the listen sockets are bound | 1934 | * is setup and the listen sockets are bound |
1934 | */ | 1935 | */ |
1935 | if (!debug_flag) { | 1936 | if (options.pid_file != NULL && !debug_flag) { |
1936 | FILE *f = fopen(options.pid_file, "w"); | 1937 | FILE *f = fopen(options.pid_file, "w"); |
1937 | 1938 | ||
1938 | if (f == NULL) { | 1939 | if (f == NULL) { |