summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2013-05-16 20:30:03 +1000
committerDarren Tucker <dtucker@zip.com.au>2013-05-16 20:30:03 +1000
commit0763698f71efef8b3f8460c5700758359219eb7c (patch)
treeb0275009490908efaf218a90b640ae16032c1eed
parent5f96f3b4bee11ae2b9b32ff9b881c3693e210f96 (diff)
- djm@cvs.openbsd.org 2013/05/16 04:27:50
[ssh_config.5 readconf.h readconf.c] add the ability to ignore specific unrecognised ssh_config options; bz#866; ok markus@
-rw-r--r--ChangeLog4
-rw-r--r--readconf.c35
-rw-r--r--readconf.h4
-rw-r--r--ssh_config.513
4 files changed, 45 insertions, 11 deletions
diff --git a/ChangeLog b/ChangeLog
index 186c43247..ae0f84777 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,10 @@
33 sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing 33 sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
34 rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man 34 rekeying based on traffic volume or time. ok djm@, help & ok jmc@ for the man
35 page. 35 page.
36 - djm@cvs.openbsd.org 2013/05/16 04:27:50
37 [ssh_config.5 readconf.h readconf.c]
38 add the ability to ignore specific unrecognised ssh_config options;
39 bz#866; ok markus@
36 40
3720130510 4120130510
38 - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler 42 - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
diff --git a/readconf.c b/readconf.c
index d8898a029..51b23a3b8 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.198 2013/05/16 02:00:34 dtucker Exp $ */ 1/* $OpenBSD: readconf.c,v 1.199 2013/05/16 04:27:50 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -134,8 +134,8 @@ typedef enum {
134 oHashKnownHosts, 134 oHashKnownHosts,
135 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, 135 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
136 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, 136 oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
137 oKexAlgorithms, oIPQoS, oRequestTTY, 137 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
138 oDeprecated, oUnsupported 138 oIgnoredUnknownOption, oDeprecated, oUnsupported
139} OpCodes; 139} OpCodes;
140 140
141/* Textual representations of the tokens. */ 141/* Textual representations of the tokens. */
@@ -246,6 +246,7 @@ static struct {
246 { "kexalgorithms", oKexAlgorithms }, 246 { "kexalgorithms", oKexAlgorithms },
247 { "ipqos", oIPQoS }, 247 { "ipqos", oIPQoS },
248 { "requesttty", oRequestTTY }, 248 { "requesttty", oRequestTTY },
249 { "ignoreunknown", oIgnoreUnknown },
249 250
250 { NULL, oBadOption } 251 { NULL, oBadOption }
251}; 252};
@@ -351,14 +352,17 @@ add_identity_file(Options *options, const char *dir, const char *filename,
351 */ 352 */
352 353
353static OpCodes 354static OpCodes
354parse_token(const char *cp, const char *filename, int linenum) 355parse_token(const char *cp, const char *filename, int linenum,
356 const char *ignored_unknown)
355{ 357{
356 u_int i; 358 int i;
357 359
358 for (i = 0; keywords[i].name; i++) 360 for (i = 0; keywords[i].name; i++)
359 if (strcasecmp(cp, keywords[i].name) == 0) 361 if (strcmp(cp, keywords[i].name) == 0)
360 return keywords[i].opcode; 362 return keywords[i].opcode;
361 363 if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown,
364 strlen(ignored_unknown), 1) == 1)
365 return oIgnoredUnknownOption;
362 error("%s: line %d: Bad configuration option: %s", 366 error("%s: line %d: Bad configuration option: %s",
363 filename, linenum, cp); 367 filename, linenum, cp);
364 return oBadOption; 368 return oBadOption;
@@ -377,7 +381,7 @@ process_config_line(Options *options, const char *host,
377{ 381{
378 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2; 382 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
379 char **cpptr, fwdarg[256]; 383 char **cpptr, fwdarg[256];
380 u_int *uintptr, max_entries = 0; 384 u_int i, *uintptr, max_entries = 0;
381 int negated, opcode, *intptr, value, value2, scale; 385 int negated, opcode, *intptr, value, value2, scale;
382 LogLevel *log_level_ptr; 386 LogLevel *log_level_ptr;
383 long long orig, val64; 387 long long orig, val64;
@@ -400,14 +404,22 @@ process_config_line(Options *options, const char *host,
400 keyword = strdelim(&s); 404 keyword = strdelim(&s);
401 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#') 405 if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
402 return 0; 406 return 0;
407 /* Match lowercase keyword */
408 for (i = 0; i < strlen(keyword); i++)
409 keyword[i] = tolower(keyword[i]);
403 410
404 opcode = parse_token(keyword, filename, linenum); 411 opcode = parse_token(keyword, filename, linenum,
412 options->ignored_unknown);
405 413
406 switch (opcode) { 414 switch (opcode) {
407 case oBadOption: 415 case oBadOption:
408 /* don't panic, but count bad options */ 416 /* don't panic, but count bad options */
409 return -1; 417 return -1;
410 /* NOTREACHED */ 418 /* NOTREACHED */
419 case oIgnoredUnknownOption:
420 debug("%s line %d: Ignored unknown option \"%s\"",
421 filename, linenum, keyword);
422 return 0;
411 case oConnectTimeout: 423 case oConnectTimeout:
412 intptr = &options->connection_timeout; 424 intptr = &options->connection_timeout;
413parse_time: 425parse_time:
@@ -1077,6 +1089,10 @@ parse_int:
1077 *intptr = value; 1089 *intptr = value;
1078 break; 1090 break;
1079 1091
1092 case oIgnoreUnknown:
1093 charptr = &options->ignored_unknown;
1094 goto parse_string;
1095
1080 case oDeprecated: 1096 case oDeprecated:
1081 debug("%s line %d: Deprecated option \"%s\"", 1097 debug("%s line %d: Deprecated option \"%s\"",
1082 filename, linenum, keyword); 1098 filename, linenum, keyword);
@@ -1238,6 +1254,7 @@ initialize_options(Options * options)
1238 options->ip_qos_interactive = -1; 1254 options->ip_qos_interactive = -1;
1239 options->ip_qos_bulk = -1; 1255 options->ip_qos_bulk = -1;
1240 options->request_tty = -1; 1256 options->request_tty = -1;
1257 options->ignored_unknown = NULL;
1241} 1258}
1242 1259
1243/* 1260/*
diff --git a/readconf.h b/readconf.h
index e20573090..23fc500da 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.94 2013/05/16 02:00:34 dtucker Exp $ */ 1/* $OpenBSD: readconf.h,v 1.95 2013/05/16 04:27:50 djm Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -137,6 +137,8 @@ typedef struct {
137 int use_roaming; 137 int use_roaming;
138 138
139 int request_tty; 139 int request_tty;
140
141 char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
140} Options; 142} Options;
141 143
142#define SSHCTL_MASTER_NO 0 144#define SSHCTL_MASTER_NO 0
diff --git a/ssh_config.5 b/ssh_config.5
index 97897e00e..955afe351 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.162 2013/05/16 02:00:34 dtucker Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.163 2013/05/16 04:27:50 djm Exp $
37.Dd $Mdocdate: May 16 2013 $ 37.Dd $Mdocdate: May 16 2013 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
@@ -597,6 +597,17 @@ The default is the name given on the command line.
597Numeric IP addresses are also permitted (both on the command line and in 597Numeric IP addresses are also permitted (both on the command line and in
598.Cm HostName 598.Cm HostName
599specifications). 599specifications).
600.It Cm IgnoreUnknown
601Specifies a pattern-list of unknown options to be ignored if they are
602encountered in configuration parsing.
603This may be used to suppress errors if
604.Nm
605contains options that are unrecognised by
606.Xr ssh 1 .
607It is recommended that
608.Cm IgnoreUnknown
609be listed early in the configuration file as it will not be applied
610to unknown options that appear before it.
600.It Cm IdentitiesOnly 611.It Cm IdentitiesOnly
601Specifies that 612Specifies that
602.Xr ssh 1 613.Xr ssh 1