diff options
-rw-r--r-- | auth2.c | 6 | ||||
-rw-r--r-- | servconf.c | 38 | ||||
-rw-r--r-- | session.c | 4 | ||||
-rw-r--r-- | sshd.c | 15 |
4 files changed, 46 insertions, 17 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth2.c,v 1.133 2014/12/18 23:58:04 djm Exp $ */ | 1 | /* $OpenBSD: auth2.c,v 1.134 2014/12/22 07:55:51 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -151,9 +151,7 @@ userauth_banner(void) | |||
151 | { | 151 | { |
152 | char *banner = NULL; | 152 | char *banner = NULL; |
153 | 153 | ||
154 | if (options.banner == NULL || | 154 | if (options.banner == NULL || (datafellows & SSH_BUG_BANNER) != 0) |
155 | strcasecmp(options.banner, "none") == 0 || | ||
156 | (datafellows & SSH_BUG_BANNER) != 0) | ||
157 | return; | 155 | return; |
158 | 156 | ||
159 | if ((banner = PRIVSEP(auth2_read_banner())) == NULL) | 157 | if ((banner = PRIVSEP(auth2_read_banner())) == NULL) |
diff --git a/servconf.c b/servconf.c index abc3c72fb..6eb368661 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.256 2014/12/21 22:27:56 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.257 2014/12/22 07:55:51 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -162,9 +162,18 @@ initialize_server_options(ServerOptions *options) | |||
162 | options->fingerprint_hash = -1; | 162 | options->fingerprint_hash = -1; |
163 | } | 163 | } |
164 | 164 | ||
165 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ | ||
166 | static int | ||
167 | option_clear_or_none(const char *o) | ||
168 | { | ||
169 | return o == NULL || strcasecmp(o, "none") == 0; | ||
170 | } | ||
171 | |||
165 | void | 172 | void |
166 | fill_default_server_options(ServerOptions *options) | 173 | fill_default_server_options(ServerOptions *options) |
167 | { | 174 | { |
175 | int i; | ||
176 | |||
168 | /* Portable-specific options */ | 177 | /* Portable-specific options */ |
169 | if (options->use_pam == -1) | 178 | if (options->use_pam == -1) |
170 | options->use_pam = 0; | 179 | options->use_pam = 0; |
@@ -196,7 +205,7 @@ fill_default_server_options(ServerOptions *options) | |||
196 | if (options->listen_addrs == NULL) | 205 | if (options->listen_addrs == NULL) |
197 | add_listen_addr(options, NULL, 0); | 206 | add_listen_addr(options, NULL, 0); |
198 | if (options->pid_file == NULL) | 207 | if (options->pid_file == NULL) |
199 | options->pid_file = _PATH_SSH_DAEMON_PID_FILE; | 208 | options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); |
200 | if (options->server_key_bits == -1) | 209 | if (options->server_key_bits == -1) |
201 | options->server_key_bits = 1024; | 210 | options->server_key_bits = 1024; |
202 | if (options->login_grace_time == -1) | 211 | if (options->login_grace_time == -1) |
@@ -220,7 +229,7 @@ fill_default_server_options(ServerOptions *options) | |||
220 | if (options->x11_use_localhost == -1) | 229 | if (options->x11_use_localhost == -1) |
221 | options->x11_use_localhost = 1; | 230 | options->x11_use_localhost = 1; |
222 | if (options->xauth_location == NULL) | 231 | if (options->xauth_location == NULL) |
223 | options->xauth_location = _PATH_XAUTH; | 232 | options->xauth_location = xstrdup(_PATH_XAUTH); |
224 | if (options->permit_tty == -1) | 233 | if (options->permit_tty == -1) |
225 | options->permit_tty = 1; | 234 | options->permit_tty = 1; |
226 | if (options->permit_user_rc == -1) | 235 | if (options->permit_user_rc == -1) |
@@ -321,6 +330,24 @@ fill_default_server_options(ServerOptions *options) | |||
321 | if (use_privsep == -1) | 330 | if (use_privsep == -1) |
322 | use_privsep = PRIVSEP_NOSANDBOX; | 331 | use_privsep = PRIVSEP_NOSANDBOX; |
323 | 332 | ||
333 | #define CLEAR_ON_NONE(v) \ | ||
334 | do { \ | ||
335 | if (option_clear_or_none(v)) { \ | ||
336 | free(v); \ | ||
337 | v = NULL; \ | ||
338 | } \ | ||
339 | } while(0) | ||
340 | CLEAR_ON_NONE(options->pid_file); | ||
341 | CLEAR_ON_NONE(options->xauth_location); | ||
342 | CLEAR_ON_NONE(options->banner); | ||
343 | CLEAR_ON_NONE(options->trusted_user_ca_keys); | ||
344 | CLEAR_ON_NONE(options->revoked_keys_file); | ||
345 | for (i = 0; i < options->num_host_key_files; i++) | ||
346 | CLEAR_ON_NONE(options->host_key_files[i]); | ||
347 | for (i = 0; i < options->num_host_cert_files; i++) | ||
348 | CLEAR_ON_NONE(options->host_cert_files[i]); | ||
349 | #undef CLEAR_ON_NONE | ||
350 | |||
324 | #ifndef HAVE_MMAP | 351 | #ifndef HAVE_MMAP |
325 | if (use_privsep && options->compression == 1) { | 352 | if (use_privsep && options->compression == 1) { |
326 | error("This platform does not support both privilege " | 353 | error("This platform does not support both privilege " |
@@ -538,6 +565,8 @@ derelativise_path(const char *path) | |||
538 | { | 565 | { |
539 | char *expanded, *ret, cwd[MAXPATHLEN]; | 566 | char *expanded, *ret, cwd[MAXPATHLEN]; |
540 | 567 | ||
568 | if (strcasecmp(path, "none") == 0) | ||
569 | return xstrdup("none"); | ||
541 | expanded = tilde_expand_filename(path, getuid()); | 570 | expanded = tilde_expand_filename(path, getuid()); |
542 | if (*expanded == '/') | 571 | if (*expanded == '/') |
543 | return expanded; | 572 | return expanded; |
@@ -1982,7 +2011,8 @@ dump_cfg_string(ServerOpCodes code, const char *val) | |||
1982 | { | 2011 | { |
1983 | if (val == NULL) | 2012 | if (val == NULL) |
1984 | return; | 2013 | return; |
1985 | printf("%s %s\n", lookup_opcode_name(code), val); | 2014 | printf("%s %s\n", lookup_opcode_name(code), |
2015 | val == NULL ? "none" : val); | ||
1986 | } | 2016 | } |
1987 | 2017 | ||
1988 | static void | 2018 | static void |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.274 2014/07/15 15:54:14 millert Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.275 2014/12/22 07:55:51 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -2648,7 +2648,7 @@ session_setup_x11fwd(Session *s) | |||
2648 | debug("X11 forwarding disabled in server configuration file."); | 2648 | debug("X11 forwarding disabled in server configuration file."); |
2649 | return 0; | 2649 | return 0; |
2650 | } | 2650 | } |
2651 | if (!options.xauth_location || | 2651 | if (options.xauth_location == NULL || |
2652 | (stat(options.xauth_location, &st) == -1)) { | 2652 | (stat(options.xauth_location, &st) == -1)) { |
2653 | packet_send_debug("No xauth program; cannot forward with spoofing."); | 2653 | packet_send_debug("No xauth program; cannot forward with spoofing."); |
2654 | return 0; | 2654 | return 0; |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshd.c,v 1.429 2014/12/11 08:20:09 djm Exp $ */ | 1 | /* $OpenBSD: sshd.c,v 1.430 2014/12/22 07:55:51 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1208,7 +1208,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |||
1208 | logit("Received signal %d; terminating.", | 1208 | logit("Received signal %d; terminating.", |
1209 | (int) received_sigterm); | 1209 | (int) received_sigterm); |
1210 | close_listen_socks(); | 1210 | close_listen_socks(); |
1211 | unlink(options.pid_file); | 1211 | if (options.pid_file != NULL) |
1212 | unlink(options.pid_file); | ||
1212 | exit(received_sigterm == SIGTERM ? 0 : 255); | 1213 | exit(received_sigterm == SIGTERM ? 0 : 255); |
1213 | } | 1214 | } |
1214 | if (key_used && key_do_regen) { | 1215 | if (key_used && key_do_regen) { |
@@ -1694,10 +1695,6 @@ main(int ac, char **av) | |||
1694 | sizeof(Key *)); | 1695 | sizeof(Key *)); |
1695 | sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, | 1696 | sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, |
1696 | sizeof(Key *)); | 1697 | sizeof(Key *)); |
1697 | for (i = 0; i < options.num_host_key_files; i++) { | ||
1698 | sensitive_data.host_keys[i] = NULL; | ||
1699 | sensitive_data.host_pubkeys[i] = NULL; | ||
1700 | } | ||
1701 | 1698 | ||
1702 | if (options.host_key_agent) { | 1699 | if (options.host_key_agent) { |
1703 | if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) | 1700 | if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) |
@@ -1707,6 +1704,8 @@ main(int ac, char **av) | |||
1707 | } | 1704 | } |
1708 | 1705 | ||
1709 | for (i = 0; i < options.num_host_key_files; i++) { | 1706 | for (i = 0; i < options.num_host_key_files; i++) { |
1707 | if (options.host_key_files[i] == NULL) | ||
1708 | continue; | ||
1710 | key = key_load_private(options.host_key_files[i], "", NULL); | 1709 | key = key_load_private(options.host_key_files[i], "", NULL); |
1711 | pubkey = key_load_public(options.host_key_files[i], NULL); | 1710 | pubkey = key_load_public(options.host_key_files[i], NULL); |
1712 | sensitive_data.host_keys[i] = key; | 1711 | sensitive_data.host_keys[i] = key; |
@@ -1765,6 +1764,8 @@ main(int ac, char **av) | |||
1765 | sensitive_data.host_certificates[i] = NULL; | 1764 | sensitive_data.host_certificates[i] = NULL; |
1766 | 1765 | ||
1767 | for (i = 0; i < options.num_host_cert_files; i++) { | 1766 | for (i = 0; i < options.num_host_cert_files; i++) { |
1767 | if (options.host_cert_files[i] == NULL) | ||
1768 | continue; | ||
1768 | key = key_load_public(options.host_cert_files[i], NULL); | 1769 | key = key_load_public(options.host_cert_files[i], NULL); |
1769 | if (key == NULL) { | 1770 | if (key == NULL) { |
1770 | error("Could not load host certificate: %s", | 1771 | error("Could not load host certificate: %s", |
@@ -1932,7 +1933,7 @@ main(int ac, char **av) | |||
1932 | * Write out the pid file after the sigterm handler | 1933 | * Write out the pid file after the sigterm handler |
1933 | * is setup and the listen sockets are bound | 1934 | * is setup and the listen sockets are bound |
1934 | */ | 1935 | */ |
1935 | if (!debug_flag) { | 1936 | if (options.pid_file != NULL && !debug_flag) { |
1936 | FILE *f = fopen(options.pid_file, "w"); | 1937 | FILE *f = fopen(options.pid_file, "w"); |
1937 | 1938 | ||
1938 | if (f == NULL) { | 1939 | if (f == NULL) { |