diff options
author | Darren Tucker <dtucker@zip.com.au> | 2008-06-10 23:01:51 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-10 23:01:51 +1000 |
commit | e7140f20cb2da1456e6080059eef54cf0f3533f2 (patch) | |
tree | 7c4809d2dbb4b9e93599a2fb29c51a4621f88346 /sshd.c | |
parent | b06cc4abf8e2eb4d1e14f19911a7e0afde50ee95 (diff) |
- dtucker@cvs.openbsd.org 2008/06/10 04:50:25
[sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8]
Add extended test mode (-T) and connection parameters for test mode (-C).
-T causes sshd to write its effective configuration to stdout and exit.
-C causes any relevant Match rules to be applied before output. The
combination allows tesing of the parser and config files. ok deraadt djm
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 47 |
1 files changed, 44 insertions, 3 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.357 2008/05/08 12:02:23 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.358 2008/06/10 04:50:25 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1240,8 +1240,9 @@ main(int ac, char **av) | |||
1240 | int opt, i, on = 1; | 1240 | int opt, i, on = 1; |
1241 | int sock_in = -1, sock_out = -1, newsock = -1; | 1241 | int sock_in = -1, sock_out = -1, newsock = -1; |
1242 | const char *remote_ip; | 1242 | const char *remote_ip; |
1243 | char *test_user = NULL, *test_host = NULL, *test_addr = NULL; | ||
1243 | int remote_port; | 1244 | int remote_port; |
1244 | char *line; | 1245 | char *line, *p, *cp; |
1245 | int config_s[2] = { -1 , -1 }; | 1246 | int config_s[2] = { -1 , -1 }; |
1246 | Key *key; | 1247 | Key *key; |
1247 | Authctxt *authctxt; | 1248 | Authctxt *authctxt; |
@@ -1276,7 +1277,7 @@ main(int ac, char **av) | |||
1276 | initialize_server_options(&options); | 1277 | initialize_server_options(&options); |
1277 | 1278 | ||
1278 | /* Parse command-line arguments. */ | 1279 | /* Parse command-line arguments. */ |
1279 | while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:dDeiqrtQR46")) != -1) { | 1280 | while ((opt = getopt(ac, av, "f:p:b:k:h:g:u:o:C:dDeiqrtQRT46")) != -1) { |
1280 | switch (opt) { | 1281 | switch (opt) { |
1281 | case '4': | 1282 | case '4': |
1282 | options.address_family = AF_INET; | 1283 | options.address_family = AF_INET; |
@@ -1354,6 +1355,25 @@ main(int ac, char **av) | |||
1354 | case 't': | 1355 | case 't': |
1355 | test_flag = 1; | 1356 | test_flag = 1; |
1356 | break; | 1357 | break; |
1358 | case 'T': | ||
1359 | test_flag = 2; | ||
1360 | break; | ||
1361 | case 'C': | ||
1362 | cp = optarg; | ||
1363 | while ((p = strsep(&cp, ",")) && *p != '\0') { | ||
1364 | if (strncmp(p, "addr=", 5) == 0) | ||
1365 | test_addr = xstrdup(p + 5); | ||
1366 | else if (strncmp(p, "host=", 5) == 0) | ||
1367 | test_host = xstrdup(p + 5); | ||
1368 | else if (strncmp(p, "user=", 5) == 0) | ||
1369 | test_user = xstrdup(p + 5); | ||
1370 | else { | ||
1371 | fprintf(stderr, "Invalid test " | ||
1372 | "mode specification %s\n", p); | ||
1373 | exit(1); | ||
1374 | } | ||
1375 | } | ||
1376 | break; | ||
1357 | case 'u': | 1377 | case 'u': |
1358 | utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL); | 1378 | utmp_len = (u_int)strtonum(optarg, 0, MAXHOSTNAMELEN+1, NULL); |
1359 | if (utmp_len > MAXHOSTNAMELEN) { | 1379 | if (utmp_len > MAXHOSTNAMELEN) { |
@@ -1415,6 +1435,20 @@ main(int ac, char **av) | |||
1415 | sensitive_data.have_ssh1_key = 0; | 1435 | sensitive_data.have_ssh1_key = 0; |
1416 | sensitive_data.have_ssh2_key = 0; | 1436 | sensitive_data.have_ssh2_key = 0; |
1417 | 1437 | ||
1438 | /* | ||
1439 | * If we're doing an extended config test, make sure we have all of | ||
1440 | * the parameters we need. If we're not doing an extended test, | ||
1441 | * do not silently ignore connection test params. | ||
1442 | */ | ||
1443 | if (test_flag >= 2 && (test_user != NULL || test_host != NULL || test_addr != NULL) | ||
1444 | && (test_user == NULL || test_host == NULL || test_addr == NULL)) | ||
1445 | fatal("user, host and addr are all required when testing " | ||
1446 | "Match configs"); | ||
1447 | if (test_flag < 2 && (test_user != NULL || test_host != NULL || | ||
1448 | test_addr != NULL)) | ||
1449 | fatal("Config test connection parameter (-C) provided without " | ||
1450 | "test mode (-T)"); | ||
1451 | |||
1418 | /* Fetch our configuration */ | 1452 | /* Fetch our configuration */ |
1419 | buffer_init(&cfg); | 1453 | buffer_init(&cfg); |
1420 | if (rexeced_flag) | 1454 | if (rexeced_flag) |
@@ -1543,6 +1577,13 @@ main(int ac, char **av) | |||
1543 | "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); | 1577 | "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); |
1544 | } | 1578 | } |
1545 | 1579 | ||
1580 | if (test_flag > 1) { | ||
1581 | if (test_user != NULL && test_addr != NULL && test_host != NULL) | ||
1582 | parse_server_match_config(&options, test_user, | ||
1583 | test_host, test_addr); | ||
1584 | dump_config(&options); | ||
1585 | } | ||
1586 | |||
1546 | /* Configuration looks good, so exit if in test mode. */ | 1587 | /* Configuration looks good, so exit if in test mode. */ |
1547 | if (test_flag) | 1588 | if (test_flag) |
1548 | exit(0); | 1589 | exit(0); |