- djm@cvs.openbsd.org 2013/05/16 04:27:50

[ssh_config.5 readconf.h readconf.c] add the ability to ignore specific unrecognised ssh_config options; bz#866; ok markus@
2013-05-16 20:30:03 +10:00 · 2013-05-16 20:30:03 +10:00 · 0763698f71
parent 5f96f3b4be
commit 0763698f71
4 changed files with 45 additions and 11 deletions
--- a/4
+++ b/4
@ -33,6 +33,10 @@
     sshd.c] Add RekeyLimit to sshd with the same syntax as the client allowing
     rekeying based on traffic volume or time.  ok djm@, help & ok jmc@ for the man
     page.
+   - djm@cvs.openbsd.org 2013/05/16 04:27:50
+     [ssh_config.5 readconf.h readconf.c]
+     add the ability to ignore specific unrecognised ssh_config options;
+     bz#866; ok markus@

 20130510
 - (dtucker) [configure.ac] Enable -Wsizeof-pointer-memaccess if the compiler
--- a/readconf.c
+++ b/readconf.c
@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.198 2013/05/16 02:00:34 dtucker Exp $ */
+/* $OpenBSD: readconf.c,v 1.199 2013/05/16 04:27:50 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -134,8 +134,8 @@ typedef enum {
 	oHashKnownHosts,
 	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
 	oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
-	oKexAlgorithms, oIPQoS, oRequestTTY,
-	oDeprecated, oUnsupported
+	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
+	oIgnoredUnknownOption, oDeprecated, oUnsupported
 } OpCodes;

 /* Textual representations of the tokens. */
@ -246,6 +246,7 @@ static struct {
 	{ "kexalgorithms", oKexAlgorithms },
 	{ "ipqos", oIPQoS },
 	{ "requesttty", oRequestTTY },
+	{ "ignoreunknown", oIgnoreUnknown },

 	{ NULL, oBadOption }
 };
@ -351,14 +352,17 @@ add_identity_file(Options *options, const char *dir, const char *filename,
 */

 static OpCodes
-parse_token(const char *cp, const char *filename, int linenum)
+parse_token(const char *cp, const char *filename, int linenum,
+    const char *ignored_unknown)
 {
-	u_int i;
+	int i;

 	for (i = 0; keywords[i].name; i++)
-		if (strcasecmp(cp, keywords[i].name) == 0)
+		if (strcmp(cp, keywords[i].name) == 0)
 			return keywords[i].opcode;
-
+	if (ignored_unknown != NULL && match_pattern_list(cp, ignored_unknown,
+	    strlen(ignored_unknown), 1) == 1)
+		return oIgnoredUnknownOption;
 	error("%s: line %d: Bad configuration option: %s",
 	    filename, linenum, cp);
 	return oBadOption;
@ -377,7 +381,7 @@ process_config_line(Options *options, const char *host,
 {
 	char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
 	char **cpptr, fwdarg[256];
-	u_int *uintptr, max_entries = 0;
+	u_int i, *uintptr, max_entries = 0;
 	int negated, opcode, *intptr, value, value2, scale;
 	LogLevel *log_level_ptr;
 	long long orig, val64;
@ -400,14 +404,22 @@ process_config_line(Options *options, const char *host,
 		keyword = strdelim(&s);
 	if (keyword == NULL || !*keyword || *keyword == '\n' || *keyword == '#')
 		return 0;
+	/* Match lowercase keyword */
+	for (i = 0; i < strlen(keyword); i++)
+		keyword[i] = tolower(keyword[i]);

-	opcode = parse_token(keyword, filename, linenum);
+	opcode = parse_token(keyword, filename, linenum,
+	    options->ignored_unknown);

 	switch (opcode) {
 	case oBadOption:
 		/* don't panic, but count bad options */
 		return -1;
 		/* NOTREACHED */
+	case oIgnoredUnknownOption:
+		debug("%s line %d: Ignored unknown option \"%s\"",
+		    filename, linenum, keyword);
+		return 0;
 	case oConnectTimeout:
 		intptr = &options->connection_timeout;
 parse_time:
@ -1077,6 +1089,10 @@ parse_int:
 			*intptr = value;
 		break;

+	case oIgnoreUnknown:
+		charptr = &options->ignored_unknown;
+		goto parse_string;
+
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
 		    filename, linenum, keyword);
@ -1238,6 +1254,7 @@ initialize_options(Options * options)
 	options->ip_qos_interactive = -1;
 	options->ip_qos_bulk = -1;
 	options->request_tty = -1;
+	options->ignored_unknown = NULL;
 }

 /*
--- a/readconf.h
+++ b/readconf.h
@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.94 2013/05/16 02:00:34 dtucker Exp $ */
+/* $OpenBSD: readconf.h,v 1.95 2013/05/16 04:27:50 djm Exp $ */

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -137,6 +137,8 @@ typedef struct {
 	int	use_roaming;

 	int	request_tty;
+
+	char	*ignored_unknown; /* Pattern list of unknown tokens to ignore */
 }       Options;

 #define SSHCTL_MASTER_NO	0
--- a/ssh_config.5
+++ b/ssh_config.5
@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.162 2013/05/16 02:00:34 dtucker Exp $
+.\" $OpenBSD: ssh_config.5,v 1.163 2013/05/16 04:27:50 djm Exp $
 .Dd $Mdocdate: May 16 2013 $
 .Dt SSH_CONFIG 5
 .Os
@ -597,6 +597,17 @@ The default is the name given on the command line.
 Numeric IP addresses are also permitted (both on the command line and in
 .Cm HostName
 specifications).
+.It Cm IgnoreUnknown
+Specifies a pattern-list of unknown options to be ignored if they are
+encountered in configuration parsing.
+This may be used to suppress errors if
+.Nm
+contains options that are unrecognised by
+.Xr ssh 1 .
+It is recommended that
+.Cm IgnoreUnknown
+be listed early in the configuration file as it will not be applied
+to unknown options that appear before it.
 .It Cm IdentitiesOnly
 Specifies that
 .Xr ssh 1