forked from openssh/openssh-portable
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
make internal handling of filename arguments of "none" more consistent with ssh. "none" arguments are now replaced with NULL when the configuration is finalised. Simplifies checking later on (just need to test not-NULL rather than that + strcmp) and cleans up some inconsistencies. ok markus@
- Loading branch information
Showing
4 changed files
with
46 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
|
|
||
| /* $OpenBSD: servconf.c,v 1.256 2014/12/21 22:27:56 djm Exp $ */ | ||
| /* $OpenBSD: servconf.c,v 1.257 2014/12/22 07:55:51 djm Exp $ */ | ||
| /* | ||
| * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland | ||
| * All rights reserved | ||
|
|
@@ -162,9 +162,18 @@ initialize_server_options(ServerOptions *options) | |
| options->fingerprint_hash = -1; | ||
| } | ||
|
|
||
| /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ | ||
| static int | ||
| option_clear_or_none(const char *o) | ||
| { | ||
| return o == NULL || strcasecmp(o, "none") == 0; | ||
| } | ||
|
|
||
| void | ||
| fill_default_server_options(ServerOptions *options) | ||
| { | ||
| int i; | ||
|
|
||
| /* Portable-specific options */ | ||
| if (options->use_pam == -1) | ||
| options->use_pam = 0; | ||
|
|
@@ -196,7 +205,7 @@ fill_default_server_options(ServerOptions *options) | |
| if (options->listen_addrs == NULL) | ||
| add_listen_addr(options, NULL, 0); | ||
| if (options->pid_file == NULL) | ||
| options->pid_file = _PATH_SSH_DAEMON_PID_FILE; | ||
| options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE); | ||
| if (options->server_key_bits == -1) | ||
| options->server_key_bits = 1024; | ||
| if (options->login_grace_time == -1) | ||
|
|
@@ -220,7 +229,7 @@ fill_default_server_options(ServerOptions *options) | |
| if (options->x11_use_localhost == -1) | ||
| options->x11_use_localhost = 1; | ||
| if (options->xauth_location == NULL) | ||
| options->xauth_location = _PATH_XAUTH; | ||
| options->xauth_location = xstrdup(_PATH_XAUTH); | ||
| if (options->permit_tty == -1) | ||
| options->permit_tty = 1; | ||
| if (options->permit_user_rc == -1) | ||
|
|
@@ -321,6 +330,24 @@ fill_default_server_options(ServerOptions *options) | |
| if (use_privsep == -1) | ||
| use_privsep = PRIVSEP_NOSANDBOX; | ||
|
|
||
| #define CLEAR_ON_NONE(v) \ | ||
| do { \ | ||
| if (option_clear_or_none(v)) { \ | ||
| free(v); \ | ||
| v = NULL; \ | ||
| } \ | ||
| } while(0) | ||
| CLEAR_ON_NONE(options->pid_file); | ||
| CLEAR_ON_NONE(options->xauth_location); | ||
| CLEAR_ON_NONE(options->banner); | ||
| CLEAR_ON_NONE(options->trusted_user_ca_keys); | ||
| CLEAR_ON_NONE(options->revoked_keys_file); | ||
| for (i = 0; i < options->num_host_key_files; i++) | ||
| CLEAR_ON_NONE(options->host_key_files[i]); | ||
| for (i = 0; i < options->num_host_cert_files; i++) | ||
| CLEAR_ON_NONE(options->host_cert_files[i]); | ||
| #undef CLEAR_ON_NONE | ||
|
|
||
| #ifndef HAVE_MMAP | ||
| if (use_privsep && options->compression == 1) { | ||
| error("This platform does not support both privilege " | ||
|
|
@@ -538,6 +565,8 @@ derelativise_path(const char *path) | |
| { | ||
| char *expanded, *ret, cwd[MAXPATHLEN]; | ||
|
|
||
| if (strcasecmp(path, "none") == 0) | ||
| return xstrdup("none"); | ||
| expanded = tilde_expand_filename(path, getuid()); | ||
| if (*expanded == '/') | ||
| return expanded; | ||
|
|
@@ -1982,7 +2011,8 @@ dump_cfg_string(ServerOpCodes code, const char *val) | |
| { | ||
| if (val == NULL) | ||
| return; | ||
| printf("%s %s\n", lookup_opcode_name(code), val); | ||
| printf("%s %s\n", lookup_opcode_name(code), | ||
| val == NULL ? "none" : val); | ||
| } | ||
|
|
||
| static void | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| /* $OpenBSD: session.c,v 1.274 2014/07/15 15:54:14 millert Exp $ */ | ||
| /* $OpenBSD: session.c,v 1.275 2014/12/22 07:55:51 djm Exp $ */ | ||
| /* | ||
| * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland | ||
| * All rights reserved | ||
|
|
@@ -2648,7 +2648,7 @@ session_setup_x11fwd(Session *s) | |
| debug("X11 forwarding disabled in server configuration file."); | ||
| return 0; | ||
| } | ||
| if (!options.xauth_location || | ||
| if (options.xauth_location == NULL || | ||
| (stat(options.xauth_location, &st) == -1)) { | ||
| packet_send_debug("No xauth program; cannot forward with spoofing."); | ||
| return 0; | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| /* $OpenBSD: sshd.c,v 1.429 2014/12/11 08:20:09 djm Exp $ */ | ||
| /* $OpenBSD: sshd.c,v 1.430 2014/12/22 07:55:51 djm Exp $ */ | ||
| /* | ||
| * Author: Tatu Ylonen <[email protected]> | ||
| * Copyright (c) 1995 Tatu Ylonen <[email protected]>, Espoo, Finland | ||
|
|
@@ -1208,7 +1208,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s) | |
| logit("Received signal %d; terminating.", | ||
| (int) received_sigterm); | ||
| close_listen_socks(); | ||
| unlink(options.pid_file); | ||
| if (options.pid_file != NULL) | ||
| unlink(options.pid_file); | ||
| exit(received_sigterm == SIGTERM ? 0 : 255); | ||
| } | ||
| if (key_used && key_do_regen) { | ||
|
|
@@ -1694,10 +1695,6 @@ main(int ac, char **av) | |
| sizeof(Key *)); | ||
| sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files, | ||
| sizeof(Key *)); | ||
| for (i = 0; i < options.num_host_key_files; i++) { | ||
| sensitive_data.host_keys[i] = NULL; | ||
| sensitive_data.host_pubkeys[i] = NULL; | ||
| } | ||
|
|
||
| if (options.host_key_agent) { | ||
| if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME)) | ||
|
|
@@ -1707,6 +1704,8 @@ main(int ac, char **av) | |
| } | ||
|
|
||
| for (i = 0; i < options.num_host_key_files; i++) { | ||
| if (options.host_key_files[i] == NULL) | ||
| continue; | ||
| key = key_load_private(options.host_key_files[i], "", NULL); | ||
| pubkey = key_load_public(options.host_key_files[i], NULL); | ||
| sensitive_data.host_keys[i] = key; | ||
|
|
@@ -1765,6 +1764,8 @@ main(int ac, char **av) | |
| sensitive_data.host_certificates[i] = NULL; | ||
|
|
||
| for (i = 0; i < options.num_host_cert_files; i++) { | ||
| if (options.host_cert_files[i] == NULL) | ||
| continue; | ||
| key = key_load_public(options.host_cert_files[i], NULL); | ||
| if (key == NULL) { | ||
| error("Could not load host certificate: %s", | ||
|
|
@@ -1932,7 +1933,7 @@ main(int ac, char **av) | |
| * Write out the pid file after the sigterm handler | ||
| * is setup and the listen sockets are bound | ||
| */ | ||
| if (!debug_flag) { | ||
| if (options.pid_file != NULL && !debug_flag) { | ||
| FILE *f = fopen(options.pid_file, "w"); | ||
|
|
||
| if (f == NULL) { | ||
|
|
||