Commit 161cf419 authored by djm@openbsd.org's avatar djm@openbsd.org Committed by Damien Miller

upstream commit

make internal handling of filename arguments of "none"
 more consistent with ssh. "none" arguments are now replaced with NULL when
 the configuration is finalised.

Simplifies checking later on (just need to test not-NULL rather than
that + strcmp) and cleans up some inconsistencies. ok markus@
parent f69b69b8
/* $OpenBSD: auth2.c,v 1.133 2014/12/18 23:58:04 djm Exp $ */
/* $OpenBSD: auth2.c,v 1.134 2014/12/22 07:55:51 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
......@@ -151,9 +151,7 @@ userauth_banner(void)
{
char *banner = NULL;
if (options.banner == NULL ||
strcasecmp(options.banner, "none") == 0 ||
(datafellows & SSH_BUG_BANNER) != 0)
if (options.banner == NULL || (datafellows & SSH_BUG_BANNER) != 0)
return;
if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
......
/* $OpenBSD: servconf.c,v 1.256 2014/12/21 22:27:56 djm Exp $ */
/* $OpenBSD: servconf.c,v 1.257 2014/12/22 07:55:51 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
......@@ -162,9 +162,18 @@ initialize_server_options(ServerOptions *options)
options->fingerprint_hash = -1;
}
/* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
static int
option_clear_or_none(const char *o)
{
return o == NULL || strcasecmp(o, "none") == 0;
}
void
fill_default_server_options(ServerOptions *options)
{
int i;
/* Portable-specific options */
if (options->use_pam == -1)
options->use_pam = 0;
......@@ -196,7 +205,7 @@ fill_default_server_options(ServerOptions *options)
if (options->listen_addrs == NULL)
add_listen_addr(options, NULL, 0);
if (options->pid_file == NULL)
options->pid_file = _PATH_SSH_DAEMON_PID_FILE;
options->pid_file = xstrdup(_PATH_SSH_DAEMON_PID_FILE);
if (options->server_key_bits == -1)
options->server_key_bits = 1024;
if (options->login_grace_time == -1)
......@@ -220,7 +229,7 @@ fill_default_server_options(ServerOptions *options)
if (options->x11_use_localhost == -1)
options->x11_use_localhost = 1;
if (options->xauth_location == NULL)
options->xauth_location = _PATH_XAUTH;
options->xauth_location = xstrdup(_PATH_XAUTH);
if (options->permit_tty == -1)
options->permit_tty = 1;
if (options->permit_user_rc == -1)
......@@ -321,6 +330,24 @@ fill_default_server_options(ServerOptions *options)
if (use_privsep == -1)
use_privsep = PRIVSEP_NOSANDBOX;
#define CLEAR_ON_NONE(v) \
do { \
if (option_clear_or_none(v)) { \
free(v); \
v = NULL; \
} \
} while(0)
CLEAR_ON_NONE(options->pid_file);
CLEAR_ON_NONE(options->xauth_location);
CLEAR_ON_NONE(options->banner);
CLEAR_ON_NONE(options->trusted_user_ca_keys);
CLEAR_ON_NONE(options->revoked_keys_file);
for (i = 0; i < options->num_host_key_files; i++)
CLEAR_ON_NONE(options->host_key_files[i]);
for (i = 0; i < options->num_host_cert_files; i++)
CLEAR_ON_NONE(options->host_cert_files[i]);
#undef CLEAR_ON_NONE
#ifndef HAVE_MMAP
if (use_privsep && options->compression == 1) {
error("This platform does not support both privilege "
......@@ -538,6 +565,8 @@ derelativise_path(const char *path)
{
char *expanded, *ret, cwd[MAXPATHLEN];
if (strcasecmp(path, "none") == 0)
return xstrdup("none");
expanded = tilde_expand_filename(path, getuid());
if (*expanded == '/')
return expanded;
......@@ -1982,7 +2011,8 @@ dump_cfg_string(ServerOpCodes code, const char *val)
{
if (val == NULL)
return;
printf("%s %s\n", lookup_opcode_name(code), val);
printf("%s %s\n", lookup_opcode_name(code),
val == NULL ? "none" : val);
}
static void
......
/* $OpenBSD: session.c,v 1.274 2014/07/15 15:54:14 millert Exp $ */
/* $OpenBSD: session.c,v 1.275 2014/12/22 07:55:51 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
......@@ -2648,7 +2648,7 @@ session_setup_x11fwd(Session *s)
debug("X11 forwarding disabled in server configuration file.");
return 0;
}
if (!options.xauth_location ||
if (options.xauth_location == NULL ||
(stat(options.xauth_location, &st) == -1)) {
packet_send_debug("No xauth program; cannot forward with spoofing.");
return 0;
......
/* $OpenBSD: sshd.c,v 1.429 2014/12/11 08:20:09 djm Exp $ */
/* $OpenBSD: sshd.c,v 1.430 2014/12/22 07:55:51 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
......@@ -1208,7 +1208,8 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
logit("Received signal %d; terminating.",
(int) received_sigterm);
close_listen_socks();
unlink(options.pid_file);
if (options.pid_file != NULL)
unlink(options.pid_file);
exit(received_sigterm == SIGTERM ? 0 : 255);
}
if (key_used && key_do_regen) {
......@@ -1694,10 +1695,6 @@ main(int ac, char **av)
sizeof(Key *));
sensitive_data.host_pubkeys = xcalloc(options.num_host_key_files,
sizeof(Key *));
for (i = 0; i < options.num_host_key_files; i++) {
sensitive_data.host_keys[i] = NULL;
sensitive_data.host_pubkeys[i] = NULL;
}
if (options.host_key_agent) {
if (strcmp(options.host_key_agent, SSH_AUTHSOCKET_ENV_NAME))
......@@ -1707,6 +1704,8 @@ main(int ac, char **av)
}
for (i = 0; i < options.num_host_key_files; i++) {
if (options.host_key_files[i] == NULL)
continue;
key = key_load_private(options.host_key_files[i], "", NULL);
pubkey = key_load_public(options.host_key_files[i], NULL);
sensitive_data.host_keys[i] = key;
......@@ -1765,6 +1764,8 @@ main(int ac, char **av)
sensitive_data.host_certificates[i] = NULL;
for (i = 0; i < options.num_host_cert_files; i++) {
if (options.host_cert_files[i] == NULL)
continue;
key = key_load_public(options.host_cert_files[i], NULL);
if (key == NULL) {
error("Could not load host certificate: %s",
......@@ -1932,7 +1933,7 @@ main(int ac, char **av)
* Write out the pid file after the sigterm handler
* is setup and the listen sockets are bound
*/
if (!debug_flag) {
if (options.pid_file != NULL && !debug_flag) {
FILE *f = fopen(options.pid_file, "w");
if (f == NULL) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment