diff options
| author | Kees Cook <kees@debian.org> | 2014-02-09 16:10:06 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2014-02-10 02:40:17 +0000 |
| commit | 68ebfc0e90ceb0f7b24dfb38979df6a80b7ec9e4 (patch) | |
| tree | c264cfab2bf2b7d01b08823450daf8ddc29bbc3f /servconf.c | |
| parent | 03b1ae877da1db4c517747bee89f1a494cce8566 (diff) | |
Add DebianBanner server configuration option
Setting this to "no" causes sshd to omit the Debian revision from its
initial protocol handshake, for those scared by package-versioning.patch.
Bug-Debian: http://bugs.debian.org/562048
Forwarded: not-needed
Last-Update: 2013-09-14
Patch-Name: debian-banner.patch
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/servconf.c b/servconf.c index 65f71ade8..63ff4ffbc 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -157,6 +157,7 @@ initialize_server_options(ServerOptions *options) | |||
| 157 | options->ip_qos_interactive = -1; | 157 | options->ip_qos_interactive = -1; |
| 158 | options->ip_qos_bulk = -1; | 158 | options->ip_qos_bulk = -1; |
| 159 | options->version_addendum = NULL; | 159 | options->version_addendum = NULL; |
| 160 | options->debian_banner = -1; | ||
| 160 | } | 161 | } |
| 161 | 162 | ||
| 162 | void | 163 | void |
| @@ -312,6 +313,8 @@ fill_default_server_options(ServerOptions *options) | |||
| 312 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | 313 | options->ip_qos_bulk = IPTOS_THROUGHPUT; |
| 313 | if (options->version_addendum == NULL) | 314 | if (options->version_addendum == NULL) |
| 314 | options->version_addendum = xstrdup(""); | 315 | options->version_addendum = xstrdup(""); |
| 316 | if (options->debian_banner == -1) | ||
| 317 | options->debian_banner = 1; | ||
| 315 | /* Turn privilege separation on by default */ | 318 | /* Turn privilege separation on by default */ |
| 316 | if (use_privsep == -1) | 319 | if (use_privsep == -1) |
| 317 | use_privsep = PRIVSEP_NOSANDBOX; | 320 | use_privsep = PRIVSEP_NOSANDBOX; |
| @@ -362,6 +365,7 @@ typedef enum { | |||
| 362 | sKexAlgorithms, sIPQoS, sVersionAddendum, | 365 | sKexAlgorithms, sIPQoS, sVersionAddendum, |
| 363 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | 366 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
| 364 | sAuthenticationMethods, sHostKeyAgent, | 367 | sAuthenticationMethods, sHostKeyAgent, |
| 368 | sDebianBanner, | ||
| 365 | sDeprecated, sUnsupported | 369 | sDeprecated, sUnsupported |
| 366 | } ServerOpCodes; | 370 | } ServerOpCodes; |
| 367 | 371 | ||
| @@ -504,6 +508,7 @@ static struct { | |||
| 504 | { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, | 508 | { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, |
| 505 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, | 509 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, |
| 506 | { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, | 510 | { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, |
| 511 | { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | ||
| 507 | { NULL, sBadOption, 0 } | 512 | { NULL, sBadOption, 0 } |
| 508 | }; | 513 | }; |
| 509 | 514 | ||
| @@ -1666,6 +1671,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1666 | } | 1671 | } |
| 1667 | return 0; | 1672 | return 0; |
| 1668 | 1673 | ||
| 1674 | case sDebianBanner: | ||
| 1675 | intptr = &options->debian_banner; | ||
| 1676 | goto parse_int; | ||
| 1677 | |||
| 1669 | case sDeprecated: | 1678 | case sDeprecated: |
| 1670 | logit("%s line %d: Deprecated option %s", | 1679 | logit("%s line %d: Deprecated option %s", |
| 1671 | filename, linenum, arg); | 1680 | filename, linenum, arg); |