diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2008-06-10 23:01:51 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-10 23:01:51 +1000 |
| commit | e7140f20cb2da1456e6080059eef54cf0f3533f2 (patch) | |
| tree | 7c4809d2dbb4b9e93599a2fb29c51a4621f88346 /sshd.c | |
| parent | b06cc4abf8e2eb4d1e14f19911a7e0afde50ee95 (diff) | |
- dtucker@cvs.openbsd.org 2008/06/10 04:50:25
[sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8]
Add extended test mode (-T) and connection parameters for test mode (-C).
-T causes sshd to write its effective configuration to stdout and exit.
-C causes any relevant Match rules to be applied before output. The
combination allows tesing of the parser and config files. ok deraadt djm
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 47 |
1 files changed, 44 insertions, 3 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: sshd.c,v 1.357 2008/05/08 12:02:23 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.358 2008/06/10 04:50:25 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1240,8 +1240,9 @@ main(int ac, char **av) | |||
| 1240 | int opt, i, on = 1; | 1240 | int opt, i, on = 1; |
| 1241 | int sock_in = -1, sock_out = -1, newsock = -1; | 1241 | int sock_in = -1, sock_out = -1, newsock = -1; |
| 1242 | const char *remote_ip; | 1242 | const char *remote_ip; |
| 1243 | char *test_user = NULL, *test_host = NULL, *test_addr = NULL; | ||
| 1243 | int remote_port; | 1244 | int remote_port; |
| 1244 | char *line; | 1245 | char *line, *p, *cp; |
| 1245 | int config_s[2] = { -1 , -1 }; | 1246 | int config_s[2] = { -1 , -1 }; |
| 1246 | Key *key; | 1247 | Key *key; |
| 1247 | Authctxt *authctxt; | 1248 | Authctxt *authctxt; |
| @@ -1276,7 +1277,7 @@ main(int ac, char **av) | |||
| 1276 | initialize_server_options(&options); | 1277 | initialize_server_options(&options); |
| 1277 | 1278 | ||
| 1278 | /* Parse command-line arguments. */ | 1279 | /* Parse command-line arguments. */ |
| 1279 | while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) { | 1280 | while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeiqrtQRT46")) != -1) { |
| 1280 | switch (opt) { | 1281 | switch (opt) { |
| 1281 | case '4': | 1282 | case '4': |
| 1282 | options.address_family = AF_INET; | 1283 | options.address_family = AF_INET; |
| @@ -1354,6 +1355,25 @@ main(int ac, char **av) | |||
| 1354 | case 't': | 1355 | case 't': |
| 1355 | test_flag = 1; | 1356 | test_flag = 1; |
| 1356 | break; | 1357 | break; |
| 1358 | case 'T': | ||
| 1359 | test_flag = 2; | ||
| 1360 | break; | ||
| 1361 | case 'C': | ||
| 1362 | cp = optarg; | ||
| 1363 | while ((p = strsep(&cp, ",")) && *p != '\0') { | ||
| 1364 | if (strncmp(p, "addr=", 5) == 0) | ||
| 1365 | test_addr = xstrdup(p + 5); | ||
| 1366 | else if (strncmp(p, "host=", 5) == 0) | ||
| 1367 | test_host = xstrdup(p + 5); | ||
| 1368 | else if (strncmp(p, "user=", 5) == 0) | ||
| 1369 | test_user = xstrdup(p + 5); | ||
| 1370 | else { | ||
| 1371 | fprintf(stderr, "Invalid test " | ||
| 1372 | "mode specification %s\n", p); | ||
| 1373 | exit(1); | ||
| 1374 | } | ||
| 1375 | } | ||
| 1376 | break; | ||
| 1357 | case 'u': | 1377 | case 'u': |
| 1358 | utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL); | 1378 | utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL); |
| 1359 | if (utmp_len > MAXHOSTNAMELEN) { | 1379 | if (utmp_len > MAXHOSTNAMELEN) { |
| @@ -1415,6 +1435,20 @@ main(int ac, char **av) | |||
| 1415 | sensitive_data.have_ssh1_key = 0; | 1435 | sensitive_data.have_ssh1_key = 0; |
| 1416 | sensitive_data.have_ssh2_key = 0; | 1436 | sensitive_data.have_ssh2_key = 0; |
| 1417 | 1437 | ||
| 1438 | /* | ||
| 1439 | * If we're doing an extended config test, make sure we have all of | ||
| 1440 | * the parameters we need. If we're not doing an extended test, | ||
| 1441 | * do not silently ignore connection test params. | ||
| 1442 | */ | ||
| 1443 | if (test_flag >= 2 && (test_user != NULL || test_host != NULL || test_addr != NULL) | ||
| 1444 | && (test_user == NULL || test_host == NULL || test_addr == NULL)) | ||
| 1445 | fatal("user, host and addr are all required when testing " | ||
| 1446 | "Match configs"); | ||
| 1447 | if (test_flag < 2 && (test_user != NULL || test_host != NULL || | ||
| 1448 | test_addr != NULL)) | ||
| 1449 | fatal("Config test connection parameter (-C) provided without " | ||
| 1450 | "test mode (-T)"); | ||
| 1451 | |||
| 1418 | /* Fetch our configuration */ | 1452 | /* Fetch our configuration */ |
| 1419 | buffer_init(&cfg); | 1453 | buffer_init(&cfg); |
| 1420 | if (rexeced_flag) | 1454 | if (rexeced_flag) |
| @@ -1543,6 +1577,13 @@ main(int ac, char **av) | |||
| 1543 | "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); | 1577 | "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); |
| 1544 | } | 1578 | } |
| 1545 | 1579 | ||
| 1580 | if (test_flag > 1) { | ||
| 1581 | if (test_user != NULL && test_addr != NULL && test_host != NULL) | ||
| 1582 | parse_server_match_config(&options, test_user, | ||
| 1583 | test_host, test_addr); | ||
| 1584 | dump_config(&options); | ||
| 1585 | } | ||
| 1586 | |||
| 1546 | /* Configuration looks good, so exit if in test mode. */ | 1587 | /* Configuration looks good, so exit if in test mode. */ |
| 1547 | if (test_flag) | 1588 | if (test_flag) |
| 1548 | exit(0); | 1589 | exit(0); |