- stevesk@cvs.openbsd.org 2001/07/26 17:18:22

[sshd.8 sshd.c] add -t option to test configuration file and keys; pekkas@netcore.fi ok markus@
2001-08-06 21:09:07 +00:00 · 2001-08-06 21:09:07 +00:00 · 794325ac7a
parent f9cedb9ca0
commit 794325ac7a
3 changed files with 25 additions and 4 deletions
--- a/6
+++ b/6
@ -36,6 +36,10 @@
     [readconf.c ssh.1 ssh.c sshconnect.c]
     cleanup connect(); connection_attempts 4 -> 1; from 
     eivind@freebsd.org
+   - stevesk@cvs.openbsd.org 2001/07/26 17:18:22
+     [sshd.8 sshd.c]
+     add -t option to test configuration file and keys; pekkas@netcore.fi
+     ok markus@

 20010803
 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@ -6146,4 +6150,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1

-$Id: ChangeLog,v 1.1436 2001/08/06 21:07:11 mouring Exp $
+$Id: ChangeLog,v 1.1437 2001/08/06 21:09:07 mouring Exp $
--- a/sshd.8
+++ b/sshd.8
@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.136 2001/07/22 22:24:16 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.137 2001/07/26 17:18:22 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@ -247,6 +247,12 @@ Quiet mode.
 Nothing is sent to the system log.
 Normally the beginning,
 authentication, and termination of each connection is logged.
+.It Fl t
+Test mode.
+Only check the validity of the configuration file and sanity of the keys.
+This is useful for updating 
+.Nm
+reliably as configuration options may change.
 .It Fl u Ar len
 This option is used to specify the size of the field
 in the
--- a/sshd.c
+++ b/sshd.c
@ -40,7 +40,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.202 2001/06/26 16:15:25 dugsong Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.203 2001/07/26 17:18:22 stevesk Exp $");

 #include <openssl/dh.h>
 #include <openssl/bn.h>
@ -113,6 +113,9 @@ int IPv4or6 = AF_UNSPEC;
 */
 int debug_flag = 0;

+/* Flag indicating that the daemon should only test the configuration and keys. */
+int test_flag = 0;
+
 /* Flag indicating that the daemon is being started from inetd. */
 int inetd_flag = 0;

@ -560,7 +563,7 @@ main(int ac, char **av)
 	initialize_server_options(&options);

 	/* Parse command-line arguments. */
-	while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDeiqQ46")) != -1) {
+	while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDeiqtQ46")) != -1) {
 		switch (opt) {
 		case '4':
 			IPv4or6 = AF_INET;
@ -636,6 +639,9 @@ main(int ac, char **av)
 			/* only makes sense with inetd_flag, i.e. no listen() */
 			inetd_flag = 1;
 			break;
+		case 't':
+			test_flag = 1;
+			break;
 		case 'u':
 			utmp_len = atoi(optarg);
 			break;
@ -648,6 +654,7 @@ main(int ac, char **av)
 			fprintf(stderr, "  -d         Debugging mode (multiple -d means more debugging)\n");
 			fprintf(stderr, "  -i         Started from inetd\n");
 			fprintf(stderr, "  -D         Do not fork into daemon mode\n");
+			fprintf(stderr, "  -t         Only test configuration file and keys\n");
 			fprintf(stderr, "  -q         Quiet (no logging)\n");
 			fprintf(stderr, "  -p port    Listen on the specified port (default: 22)\n");
 			fprintf(stderr, "  -k seconds Regenerate server key every this many seconds (default: 3600)\n");
@ -755,6 +762,10 @@ main(int ac, char **av)
 		}
 	}

+	/* Configuration looks good, so exit if in test mode. */
+	if (test_flag)
+		exit(0);
+
 #ifdef HAVE_SCO_PROTECTED_PW
 	(void) set_auth_parameters(ac, av);
 #endif