diff options
| -rw-r--r-- | auth2.c | 6 | ||||
| -rw-r--r-- | servconf.c | 38 | ||||
| -rw-r--r-- | session.c | 4 | ||||
| -rw-r--r-- | sshd.c | 15 |
4 files changed, 46 insertions, 17 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.133 2014/12/18 23:58:04 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.134 2014/12/22 07:55:51 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -151,9 +151,7 @@ userauth_banner(void) { char *banner = NULL; - if (options.banner == NULL || - strcasecmp(options.banner, "none") == 0 || - (datafellows & SSH_BUG_BANNER) != 0) + if (options.banner == NULL || (datafellows & SSH_BUG_BANNER) != 0) return; if ((banner = PRIVSEP(auth2_read_banner())) == NULL) @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.256 2014/12/21 22:27:56 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.257 2014/12/22 07:55:51 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -162,9 +162,18 @@ initialize_server_options(ServerOptions *options) options->fingerprint_hash = -1; } +/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ +static int +option_clear_or_none(const char *o) +{ + return o == NULL || strcasecmp(o, "none") == 0; +} + void fill_default_server_options(ServerOptions *options) { + int i; + /* Portable-specific options */ if (options->use_pam == -1) options->use_pam = 0; @@ -196,7 +205,7 @@ fill_default_server_options(ServerOptions *options) if (options->listen_addrs == NULL) add_listen_addr(options, NULL, 0); if (options->pid_file == NULL) - options->pid_file = _PATH_SSH_DAEMON_PID_FILE; + options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); if (options->server_key_bits == -1) options->server_key_bits = 1024; if (options->login_grace_time == -1) @@ -220,7 +229,7 @@ fill_default_server_options(ServerOptions *options) if (options->x11_use_localhost == -1) options->x11_use_localhost = 1; if (options->xauth_location == NULL) - options->xauth_location = _PATH_XAUTH; + options->xauth_location = xstrdup(_PATH_XAUTH); if (options->permit_tty == -1) options->permit_tty = 1; if (options->permit_user_rc == -1) @@ -321,6 +330,24 @@ fill_default_server_options(ServerOptions *options) if (use_privsep == -1) use_privsep = PRIVSEP_NOSANDBOX; +#define CLEAR_ON_NONE(v) \ + do { \ + if (option_clear_or_none(v)) { \ + free(v); \ + v = NULL; \ + } \ + } while(0) + CLEAR_ON_NONE(options->pid_file); + CLEAR_ON_NONE(options->xauth_location); + CLEAR_ON_NONE(options->banner); + CLEAR_ON_NONE(options->trusted_user_ca_keys); + CLEAR_ON_NONE(options->revoked_keys_file); + for (i = 0; i < options->num_host_key_files; i++) + CLEAR_ON_NONE(options->host_key_files[i]); + for (i = 0; i < options->num_host_cert_files; i++) + CLEAR_ON_NONE(options->host_cert_files[i]); +#undef CLEAR_ON_NONE + #ifndef HAVE_MMAP if (use_privsep && options->compression == 1) { error("This platform does not support both privilege " @@ -538,6 +565,8 @@ derelativise_path(const char *path) { char *expanded, *ret, cwd[MAXPATHLEN]; + if (strcasecmp(path, "none") == 0) + return xstrdup("none"); expanded = tilde_expand_filename(path, getuid()); if (*expanded == '/') return expanded; @@ -1982,7 +2011,8 @@ dump_cfg_string(ServerOpCodes code, const char *val) { if (val == NULL) return; - printf("%s %s\n", lookup_opcode_name(code), val); + printf("%s %s\n", lookup_opcode_name(code), + val == NULL ? "none" : val); } static void @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.274 2014/07/15 15:54:14 millert Exp $ */ +/* $OpenBSD: session.c,v 1.275 2014/12/22 07:55:51 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -2648,7 +2648,7 @@ session_setup_x11fwd(Session *s) debug("X11 forwarding disabled in server configuration file."); return 0; } - if (!options.xauth_location || + if (options.xauth_location == NULL || (stat(options.xauth_location, &st) == -1)) { packet_send_debug("No xauth program; cannot forward with spoofing."); return 0; @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.429 2014/12/11 08:20:09 djm Exp $ */ +/* $OpenBSD: sshd.c,v 1.430 2014/12/22 07:55:51 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1208,7 +1208,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) logit("Received signal %d; terminating.", (int) received_sigterm); close_listen_socks(); - unlink(options.pid_file); + if (options.pid_file != NULL) + unlink(options.pid_file); exit(received_sigterm == SIGTERM ? 0 : 255); } if (key_used && key_do_regen) { @@ -1694,10 +1695,6 @@ main(int ac, char **av) sizeof(Key *)); sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, sizeof(Key *)); - for (i = 0; i < options.num_host_key_files; i++) { - sensitive_data.host_keys[i] = NULL; - sensitive_data.host_pubkeys[i] = NULL; - } if (options.host_key_agent) { if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) @@ -1707,6 +1704,8 @@ main(int ac, char **av) } for (i = 0; i < options.num_host_key_files; i++) { + if (options.host_key_files[i] == NULL) + continue; key = key_load_private(options.host_key_files[i], "", NULL); pubkey = key_load_public(options.host_key_files[i], NULL); sensitive_data.host_keys[i] = key; @@ -1765,6 +1764,8 @@ main(int ac, char **av) sensitive_data.host_certificates[i] = NULL; for (i = 0; i < options.num_host_cert_files; i++) { + if (options.host_cert_files[i] == NULL) + continue; key = key_load_public(options.host_cert_files[i], NULL); if (key == NULL) { error("Could not load host certificate: %s", @@ -1932,7 +1933,7 @@ main(int ac, char **av) * Write out the pid file after the sigterm handler * is setup and the listen sockets are bound */ - if (!debug_flag) { + if (options.pid_file != NULL && !debug_flag) { FILE *f = fopen(options.pid_file, "w"); if (f == NULL) { |