[openssh] keep track of which IndentityFile options were manually supplied and which were default options, and
plautrba
plautrba at fedoraproject.org
Tue Apr 9 21:49:36 UTC 2013
commit fcef7f6231a8dba8483489a93f1be27fabedbcb6
Author: Petr Lautrbach <plautrba at redhat.com>
Date: Tue Apr 9 23:22:42 2013 +0200
keep track of which IndentityFile options were manually supplied and which were default options, and don't warn if the latter are missing. (mindrot#2084)
openssh-6.2p1-track-IdentifyFile.patch | 235 ++++++++++++++++++++++++++++++++
openssh.spec | 3 +
2 files changed, 238 insertions(+), 0 deletions(-)
---
diff --git a/openssh-6.2p1-track-IdentifyFile.patch b/openssh-6.2p1-track-IdentifyFile.patch
new file mode 100644
index 0000000..3124781
--- /dev/null
+++ b/openssh-6.2p1-track-IdentifyFile.patch
@@ -0,0 +1,235 @@
+diff --git a/readconf.c b/readconf.c
+index 99c04a9..375ca32 100644
+--- a/readconf.c
++++ b/readconf.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: readconf.c,v 1.194 2011/09/23 07:45:05 markus Exp $ */
++/* $OpenBSD: readconf.c,v 1.196 2013/02/22 04:45:08 dtucker Exp $ */
+ /*
+ * Author: Tatu Ylonen <ylo at cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
+@@ -337,6 +337,26 @@ clear_forwardings(Options *options)
+ options->tun_open = SSH_TUNMODE_NO;
+ }
+
++void
++add_identity_file(Options *options, const char *dir, const char *filename,
++ int userprovided)
++{
++ char *path;
++
++ if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES)
++ fatal("Too many identity files specified (max %d)",
++ SSH_MAX_IDENTITY_FILES);
++
++ if (dir == NULL) /* no dir, filename is absolute */
++ path = xstrdup(filename);
++ else
++ (void)xasprintf(&path, "%.100s%.100s", dir, filename);
++
++ options->identity_file_userprovided[options->num_identity_files] =
++ userprovided;
++ options->identity_files[options->num_identity_files++] = path;
++}
++
+ /*
+ * Returns the number of the token pointed to by cp or oBadOption.
+ */
+@@ -364,7 +384,7 @@ parse_token(const char *cp, const char *filename, int linenum)
+ int
+ process_config_line(Options *options, const char *host,
+ char *line, const char *filename, int linenum,
+- int *activep)
++ int *activep, int userconfig)
+ {
+ char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
+ char **cpptr, fwdarg[256];
+@@ -617,9 +637,7 @@ parse_yesnoask:
+ if (*intptr >= SSH_MAX_IDENTITY_FILES)
+ fatal("%.200s line %d: Too many identity files specified (max %d).",
+ filename, linenum, SSH_MAX_IDENTITY_FILES);
+- charptr = &options->identity_files[*intptr];
+- *charptr = xstrdup(arg);
+- *intptr = *intptr + 1;
++ add_identity_file(options, NULL, arg, userconfig);
+ }
+ break;
+
+@@ -1106,7 +1124,7 @@ parse_int:
+
+ int
+ read_config_file(const char *filename, const char *host, Options *options,
+- int checkperm)
++ int flags)
+ {
+ FILE *f;
+ char line[1024];
+@@ -1116,7 +1134,7 @@ read_config_file(const char *filename, const char *host, Options *options,
+ if ((f = fopen(filename, "r")) == NULL)
+ return 0;
+
+- if (checkperm) {
++ if (flags & SSHCONF_CHECKPERM) {
+ struct stat sb;
+
+ if (fstat(fileno(f), &sb) == -1)
+@@ -1137,7 +1155,8 @@ read_config_file(const char *filename, const char *host, Options *options,
+ while (fgets(line, sizeof(line), f)) {
+ /* Update line number counter. */
+ linenum++;
+- if (process_config_line(options, host, line, filename, linenum, &active) != 0)
++ if (process_config_line(options, host, line, filename, linenum,
++ &active, flags & SSHCONF_USERCONF) != 0)
+ bad_options++;
+ }
+ fclose(f);
+@@ -1322,30 +1341,17 @@ fill_default_options(Options * options)
+ options->protocol = SSH_PROTO_2;
+ if (options->num_identity_files == 0) {
+ if (options->protocol & SSH_PROTO_1) {
+- len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1;
+- options->identity_files[options->num_identity_files] =
+- xmalloc(len);
+- snprintf(options->identity_files[options->num_identity_files++],
+- len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
++ add_identity_file(options, "~/",
++ _PATH_SSH_CLIENT_IDENTITY, 0);
+ }
+ if (options->protocol & SSH_PROTO_2) {
+- len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1;
+- options->identity_files[options->num_identity_files] =
+- xmalloc(len);
+- snprintf(options->identity_files[options->num_identity_files++],
+- len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
+-
+- len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
+- options->identity_files[options->num_identity_files] =
+- xmalloc(len);
+- snprintf(options->identity_files[options->num_identity_files++],
+- len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
++ add_identity_file(options, "~/",
++ _PATH_SSH_CLIENT_ID_RSA, 0);
++ add_identity_file(options, "~/",
++ _PATH_SSH_CLIENT_ID_DSA, 0);
+ #ifdef OPENSSL_HAS_ECC
+- len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1;
+- options->identity_files[options->num_identity_files] =
+- xmalloc(len);
+- snprintf(options->identity_files[options->num_identity_files++],
+- len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA);
++ add_identity_file(options, "~/",
++ _PATH_SSH_CLIENT_ID_ECDSA, 0);
+ #endif
+ }
+ }
+diff --git a/readconf.h b/readconf.h
+index 41f1bef..0835cb6 100644
+--- a/readconf.h
++++ b/readconf.h
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: readconf.h,v 1.91 2011/09/23 07:45:05 markus Exp $ */
++/* $OpenBSD: readconf.h,v 1.93 2013/02/22 04:45:09 dtucker Exp $ */
+
+ /*
+ * Author: Tatu Ylonen <ylo at cs.hut.fi>
+@@ -101,6 +101,7 @@ typedef struct {
+
+ int num_identity_files; /* Number of files for RSA/DSA identities. */
+ char *identity_files[SSH_MAX_IDENTITY_FILES];
++ int identity_file_userprovided[SSH_MAX_IDENTITY_FILES];
+ Key *identity_keys[SSH_MAX_IDENTITY_FILES];
+
+ /* Local TCP/IP forward requests. */
+@@ -153,15 +154,20 @@ typedef struct {
+ #define REQUEST_TTY_YES 2
+ #define REQUEST_TTY_FORCE 3
+
++#define SSHCONF_CHECKPERM 1 /* check permissions on config file */
++#define SSHCONF_USERCONF 2 /* user provided config file not system */
++
+ void initialize_options(Options *);
+ void fill_default_options(Options *);
+ int read_config_file(const char *, const char *, Options *, int);
+ int parse_forward(Forward *, const char *, int, int);
+
+ int
+-process_config_line(Options *, const char *, char *, const char *, int, int *);
++process_config_line(Options *, const char *, char *, const char *, int, int *,
++ int);
+
+ void add_local_forward(Options *, const Forward *);
+ void add_remote_forward(Options *, const Forward *);
++void add_identity_file(Options *, const char *, const char *, int);
+
+ #endif /* READCONF_H */
+diff --git a/ssh.c b/ssh.c
+index 21b3fc7..606d449 100644
+--- a/ssh.c
++++ b/ssh.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: ssh.c,v 1.370 2012/07/06 01:47:38 djm Exp $ */
++/* $OpenBSD: ssh.c,v 1.372 2013/02/22 04:45:09 dtucker Exp $ */
+ /*
+ * Author: Tatu Ylonen <ylo at cs.hut.fi>
+ * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
+@@ -414,12 +414,7 @@ main(int ac, char **av)
+ strerror(errno));
+ break;
+ }
+- if (options.num_identity_files >=
+- SSH_MAX_IDENTITY_FILES)
+- fatal("Too many identity files specified "
+- "(max %d)", SSH_MAX_IDENTITY_FILES);
+- options.identity_files[options.num_identity_files++] =
+- xstrdup(optarg);
++ add_identity_file(&options, NULL, optarg, 1);
+ break;
+ case 'I':
+ #ifdef ENABLE_PKCS11
+@@ -593,7 +588,8 @@ main(int ac, char **av)
+ dummy = 1;
+ line = xstrdup(optarg);
+ if (process_config_line(&options, host ? host : "",
+- line, "command-line", 0, &dummy) != 0)
++ line, "command-line", 0, &dummy, SSHCONF_USERCONF)
++ != 0)
+ exit(255);
+ xfree(line);
+ break;
+@@ -686,14 +682,15 @@ main(int ac, char **av)
+ * file if the user specifies a config file on the command line.
+ */
+ if (config != NULL) {
+- if (!read_config_file(config, host, &options, 0))
++ if (!read_config_file(config, host, &options, SSHCONF_USERCONF))
+ fatal("Can't open user config file %.100s: "
+ "%.100s", config, strerror(errno));
+ } else {
+ r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
+ _PATH_SSH_USER_CONFFILE);
+ if (r > 0 && (size_t)r < sizeof(buf))
+- (void)read_config_file(buf, host, &options, 1);
++ (void)read_config_file(buf, host, &options,
++ SSHCONF_CHECKPERM|SSHCONF_USERCONF);
+
+ /* Read systemwide configuration file after user config. */
+ (void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
+diff --git a/sshconnect2.c b/sshconnect2.c
+index 350abb5..a8b6276 100644
+--- a/sshconnect2.c
++++ b/sshconnect2.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: sshconnect2.c,v 1.191 2013/02/15 00:21:01 dtucker Exp $ */
++/* $OpenBSD: sshconnect2.c,v 1.192 2013/02/17 23:16:57 dtucker Exp $ */
+ /*
+ * Copyright (c) 2000 Markus Friedl. All rights reserved.
+ * Copyright (c) 2008 Damien Miller. All rights reserved.
+@@ -1515,7 +1515,7 @@ pubkey_prepare(Authctxt *authctxt)
+ id = xcalloc(1, sizeof(*id));
+ id->key = key;
+ id->filename = xstrdup(options.identity_files[i]);
+- id->userprovided = 1;
++ id->userprovided = options.identity_file_userprovided[i];
+ TAILQ_INSERT_TAIL(&files, id, next);
+ }
+ /* Prefer PKCS11 keys that are explicitly listed */
diff --git a/openssh.spec b/openssh.spec
index c8e0ca8..e7fd647 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -216,6 +216,8 @@ Patch904: openssh-6.1p1-change-max-startups.patch
# build regress/modpipe tests with $(CFLAGS), based on
# http://lists.mindrot.org/pipermail/openssh-unix-dev/2013-March/031167.html
Patch905: openssh-6.2p1-modpipe-cflags.patch
+# https://bugzilla.mindrot.org/show_bug.cgi?id=2084
+Patch906: openssh-6.2p1-track-IdentifyFile.patch
#---
#https://bugzilla.mindrot.org/show_bug.cgi?id=1604
@@ -465,6 +467,7 @@ popd
# %patch903 -p1 -b .required-authentication
# %patch904 -p1 -b .max-startups
%patch905 -p1 -b .modpipe-cflags
+%patch906 -p1 -b .identityfile
%if 0
# Nothing here yet
More information about the scm-commits
mailing list