- djm@cvs.openbsd.org 2007/08/23 03:22:16

     [auth2-none.c sshd_config sshd_config.5]
     Support "Banner=none" to disable displaying of the pre-login banner;
     ok dtucker@ deraadt@

4 files changed, 17 insertions, 9 deletions

diff --git a/ChangeLog b/ChangeLog
index 348f7c1f1..9724473f8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,10 @@
      [auth.h]
      login_cap.h doesn't belong here
      NB. RCS ID sync only for portable
+   - djm@cvs.openbsd.org 2007/08/23 03:22:16
+     [auth2-none.c sshd_config sshd_config.5]
+     Support "Banner=none" to disable displaying of the pre-login banner;
+     ok dtucker@ deraadt@
 
 20070914
  - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
@@ -3209,4 +3213,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4745 2007/09/17 01:55:25 djm Exp $
+$Id: ChangeLog,v 1.4746 2007/09/17 01:57:38 djm Exp $
diff --git a/auth2-none.c b/auth2-none.c
index 952b44824..28e593e6c 100644
--- a/auth2-none.c
+++ b/auth2-none.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-none.c,v 1.13 2006/08/05 07:52:52 dtucker Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.14 2007/08/23 03:22:16 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -32,6 +32,7 @@
 #include <fcntl.h>
 #include <stdarg.h>
 #include <unistd.h>
+#include <string.h>
 
 #include "xmalloc.h"
 #include "key.h"
@@ -106,7 +107,9 @@ userauth_banner(void)
 {
         char *banner = NULL;
 
-        if (options.banner == NULL || (datafellows & SSH_BUG_BANNER))
+        if (options.banner == NULL ||
+            strcasecmp(options.banner, "none") == 0 ||
+            (datafellows & SSH_BUG_BANNER) != 0)
                 return;
 
         if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
diff --git a/sshd_config b/sshd_config
index 3393cec50..c7094e775 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-#       $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $
+#       $OpenBSD: sshd_config,v 1.76 2007/08/23 03:22:16 djm Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -104,7 +104,7 @@ Protocol 2
 #PermitTunnel no
 
 # no default banner path
-#Banner /some/path
+#Banner none
 
 # override default of no subsystems
 Subsystem       sftp    /usr/libexec/sftp-server
diff --git a/sshd_config.5 b/sshd_config.5
index 2a283ea2d..3d4afb459 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.77 2007/06/08 07:48:09 jmc Exp $
-.Dd $Mdocdate: June 8 2007 $
+.\" $OpenBSD: sshd_config.5,v 1.78 2007/08/23 03:22:16 djm Exp $
+.Dd $Mdocdate: June 11 2007 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -159,10 +159,11 @@ directory.
 The default is
 .Dq .ssh/authorized_keys .
 .It Cm Banner
-In some jurisdictions, sending a warning message before authentication
-may be relevant for getting legal protection.
 The contents of the specified file are sent to the remote user before
 authentication is allowed.
+If the argument is
+.Dq none
+then no banner is displayed.
 This option is only available for protocol version 2.
 By default, no banner is displayed.
 .It Cm ChallengeResponseAuthentication