- djm@cvs.openbsd.org 2007/08/23 03:22:16

[auth2-none.c sshd_config sshd_config.5] Support "Banner=none" to disable displaying of the pre-login banner; ok dtucker@ deraadt@
2007-09-17 11:57:38 +10:00 · 2007-09-17 11:57:38 +10:00 · 4890e53977
parent 6f40204c44
commit 4890e53977
4 changed files with 17 additions and 9 deletions
--- a/6
+++ b/6
@ -12,6 +12,10 @@
     [auth.h]
     login_cap.h doesn't belong here
     NB. RCS ID sync only for portable
+   - djm@cvs.openbsd.org 2007/08/23 03:22:16
+     [auth2-none.c sshd_config sshd_config.5]
+     Support "Banner=none" to disable displaying of the pre-login banner;
+     ok dtucker@ deraadt@

 20070914
 - (dtucker) [openbsd-compat/bsd-asprintf.c] Plug mem leak in error path.
@ -3209,4 +3213,4 @@
   OpenServer 6 and add osr5bigcrypt support so when someone migrates
   passwords between UnixWare and OpenServer they will still work. OK dtucker@

-$Id: ChangeLog,v 1.4745 2007/09/17 01:55:25 djm Exp $
+$Id: ChangeLog,v 1.4746 2007/09/17 01:57:38 djm Exp $
--- a/auth2-none.c
+++ b/auth2-none.c
@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-none.c,v 1.13 2006/08/05 07:52:52 dtucker Exp $ */
+/* $OpenBSD: auth2-none.c,v 1.14 2007/08/23 03:22:16 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 *
@ -32,6 +32,7 @@
 #include <fcntl.h>
 #include <stdarg.h>
 #include <unistd.h>
+#include <string.h>

 #include "xmalloc.h"
 #include "key.h"
@ -106,7 +107,9 @@ userauth_banner(void)
 {
 	char *banner = NULL;

-	if (options.banner == NULL || (datafellows & SSH_BUG_BANNER))
+	if (options.banner == NULL ||
+	    strcasecmp(options.banner, "none") == 0 ||
+	    (datafellows & SSH_BUG_BANNER) != 0)
 		return;

 	if ((banner = PRIVSEP(auth2_read_banner())) == NULL)
--- a/4
+++ b/4
@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $
+#	$OpenBSD: sshd_config,v 1.76 2007/08/23 03:22:16 djm Exp $

 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@ -104,7 +104,7 @@ Protocol 2
 #PermitTunnel no

 # no default banner path
-#Banner /some/path
+#Banner none

 # override default of no subsystems
 Subsystem	sftp	/usr/libexec/sftp-server
--- a/sshd_config.5
+++ b/sshd_config.5
@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.77 2007/06/08 07:48:09 jmc Exp $
-.Dd $Mdocdate: June 8 2007 $
+.\" $OpenBSD: sshd_config.5,v 1.78 2007/08/23 03:22:16 djm Exp $
+.Dd $Mdocdate: June 11 2007 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@ -159,10 +159,11 @@ directory.
 The default is
 .Dq .ssh/authorized_keys .
 .It Cm Banner
-In some jurisdictions, sending a warning message before authentication
-may be relevant for getting legal protection.
 The contents of the specified file are sent to the remote user before
 authentication is allowed.
+If the argument is
+.Dq none
+then no banner is displayed.
 This option is only available for protocol version 2.
 By default, no banner is displayed.
 .It Cm ChallengeResponseAuthentication