mirror of
https://github.com/PowerShell/openssh-portable.git
synced 2025-07-27 07:44:29 +02:00
upstream: silence (to log level debug2) failure messages when
loading the default hostkeys. Hostkeys explicitly specified in the configuration or on the command-line are still reported as errors, and failure to load at least one host key remains a fatal error. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Based on patch from Dag-Erling Smørgrav via https://github.com/openssh/openssh-portable/pull/103 ok markus@ OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684
This commit is contained in:
parent
7fca94edbe
commit
928f1231f6
40
servconf.c
40
servconf.c
@ -1,5 +1,5 @@
|
|||||||
|
|
||||||
/* $OpenBSD: servconf.c,v 1.343 2018/11/16 03:26:01 djm Exp $ */
|
/* $OpenBSD: servconf.c,v 1.344 2018/11/19 04:12:32 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
* All rights reserved
|
* All rights reserved
|
||||||
@ -221,26 +221,40 @@ assemble_algorithms(ServerOptions *o)
|
|||||||
}
|
}
|
||||||
|
|
||||||
static void
|
static void
|
||||||
array_append(const char *file, const int line, const char *directive,
|
array_append2(const char *file, const int line, const char *directive,
|
||||||
char ***array, u_int *lp, const char *s)
|
char ***array, int **iarray, u_int *lp, const char *s, int i)
|
||||||
{
|
{
|
||||||
|
|
||||||
if (*lp >= INT_MAX)
|
if (*lp >= INT_MAX)
|
||||||
fatal("%s line %d: Too many %s entries", file, line, directive);
|
fatal("%s line %d: Too many %s entries", file, line, directive);
|
||||||
|
|
||||||
|
if (iarray != NULL) {
|
||||||
|
*iarray = xrecallocarray(*iarray, *lp, *lp + 1,
|
||||||
|
sizeof(**iarray));
|
||||||
|
(*iarray)[*lp] = i;
|
||||||
|
}
|
||||||
|
|
||||||
*array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
|
*array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
|
||||||
(*array)[*lp] = xstrdup(s);
|
(*array)[*lp] = xstrdup(s);
|
||||||
(*lp)++;
|
(*lp)++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void
|
||||||
|
array_append(const char *file, const int line, const char *directive,
|
||||||
|
char ***array, u_int *lp, const char *s)
|
||||||
|
{
|
||||||
|
array_append2(file, line, directive, array, NULL, lp, s, 0);
|
||||||
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
servconf_add_hostkey(const char *file, const int line,
|
servconf_add_hostkey(const char *file, const int line,
|
||||||
ServerOptions *options, const char *path)
|
ServerOptions *options, const char *path, int userprovided)
|
||||||
{
|
{
|
||||||
char *apath = derelativise_path(path);
|
char *apath = derelativise_path(path);
|
||||||
|
|
||||||
array_append(file, line, "HostKey",
|
array_append2(file, line, "HostKey",
|
||||||
&options->host_key_files, &options->num_host_key_files, apath);
|
&options->host_key_files, &options->host_key_file_userprovided,
|
||||||
|
&options->num_host_key_files, apath, userprovided);
|
||||||
free(apath);
|
free(apath);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -268,16 +282,16 @@ fill_default_server_options(ServerOptions *options)
|
|||||||
if (options->num_host_key_files == 0) {
|
if (options->num_host_key_files == 0) {
|
||||||
/* fill default hostkeys for protocols */
|
/* fill default hostkeys for protocols */
|
||||||
servconf_add_hostkey("[default]", 0, options,
|
servconf_add_hostkey("[default]", 0, options,
|
||||||
_PATH_HOST_RSA_KEY_FILE);
|
_PATH_HOST_RSA_KEY_FILE, 0);
|
||||||
#ifdef OPENSSL_HAS_ECC
|
#ifdef OPENSSL_HAS_ECC
|
||||||
servconf_add_hostkey("[default]", 0, options,
|
servconf_add_hostkey("[default]", 0, options,
|
||||||
_PATH_HOST_ECDSA_KEY_FILE);
|
_PATH_HOST_ECDSA_KEY_FILE, 0);
|
||||||
#endif
|
#endif
|
||||||
servconf_add_hostkey("[default]", 0, options,
|
servconf_add_hostkey("[default]", 0, options,
|
||||||
_PATH_HOST_ED25519_KEY_FILE);
|
_PATH_HOST_ED25519_KEY_FILE, 0);
|
||||||
#ifdef WITH_XMSS
|
#ifdef WITH_XMSS
|
||||||
servconf_add_hostkey("[default]", 0, options,
|
servconf_add_hostkey("[default]", 0, options,
|
||||||
_PATH_HOST_XMSS_KEY_FILE);
|
_PATH_HOST_XMSS_KEY_FILE, 0);
|
||||||
#endif /* WITH_XMSS */
|
#endif /* WITH_XMSS */
|
||||||
}
|
}
|
||||||
/* No certificates by default */
|
/* No certificates by default */
|
||||||
@ -1355,8 +1369,10 @@ process_server_config_line(ServerOptions *options, char *line,
|
|||||||
if (!arg || *arg == '\0')
|
if (!arg || *arg == '\0')
|
||||||
fatal("%s line %d: missing file name.",
|
fatal("%s line %d: missing file name.",
|
||||||
filename, linenum);
|
filename, linenum);
|
||||||
if (*activep)
|
if (*activep) {
|
||||||
servconf_add_hostkey(filename, linenum, options, arg);
|
servconf_add_hostkey(filename, linenum,
|
||||||
|
options, arg, 1);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case sHostKeyAgent:
|
case sHostKeyAgent:
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: servconf.h,v 1.137 2018/09/20 03:28:06 djm Exp $ */
|
/* $OpenBSD: servconf.h,v 1.138 2018/11/19 04:12:32 djm Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
@ -75,6 +75,7 @@ typedef struct {
|
|||||||
char *routing_domain; /* Bind session to routing domain */
|
char *routing_domain; /* Bind session to routing domain */
|
||||||
|
|
||||||
char **host_key_files; /* Files containing host keys. */
|
char **host_key_files; /* Files containing host keys. */
|
||||||
|
int *host_key_file_userprovided; /* Key was specified by user. */
|
||||||
u_int num_host_key_files; /* Number of files for host keys. */
|
u_int num_host_key_files; /* Number of files for host keys. */
|
||||||
char **host_cert_files; /* Files containing host certs. */
|
char **host_cert_files; /* Files containing host certs. */
|
||||||
u_int num_host_cert_files; /* Number of files for host certs. */
|
u_int num_host_cert_files; /* Number of files for host certs. */
|
||||||
@ -273,7 +274,7 @@ void copy_set_server_options(ServerOptions *, ServerOptions *, int);
|
|||||||
void dump_config(ServerOptions *);
|
void dump_config(ServerOptions *);
|
||||||
char *derelativise_path(const char *);
|
char *derelativise_path(const char *);
|
||||||
void servconf_add_hostkey(const char *, const int,
|
void servconf_add_hostkey(const char *, const int,
|
||||||
ServerOptions *, const char *path);
|
ServerOptions *, const char *path, int);
|
||||||
void servconf_add_hostcert(const char *, const int,
|
void servconf_add_hostcert(const char *, const int,
|
||||||
ServerOptions *, const char *path);
|
ServerOptions *, const char *path);
|
||||||
|
|
||||||
|
13
sshd.c
13
sshd.c
@ -1,4 +1,4 @@
|
|||||||
/* $OpenBSD: sshd.c,v 1.518 2018/11/16 03:26:01 djm Exp $ */
|
/* $OpenBSD: sshd.c,v 1.519 2018/11/19 04:12:32 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
@ -1588,7 +1588,7 @@ main(int ac, char **av)
|
|||||||
break;
|
break;
|
||||||
case 'h':
|
case 'h':
|
||||||
servconf_add_hostkey("[command-line]", 0,
|
servconf_add_hostkey("[command-line]", 0,
|
||||||
&options, optarg);
|
&options, optarg, 1);
|
||||||
break;
|
break;
|
||||||
case 't':
|
case 't':
|
||||||
test_flag = 1;
|
test_flag = 1;
|
||||||
@ -1760,15 +1760,18 @@ main(int ac, char **av)
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < options.num_host_key_files; i++) {
|
for (i = 0; i < options.num_host_key_files; i++) {
|
||||||
|
int ll = options.host_key_file_userprovided[i] ?
|
||||||
|
SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_DEBUG1;
|
||||||
|
|
||||||
if (options.host_key_files[i] == NULL)
|
if (options.host_key_files[i] == NULL)
|
||||||
continue;
|
continue;
|
||||||
if ((r = sshkey_load_private(options.host_key_files[i], "",
|
if ((r = sshkey_load_private(options.host_key_files[i], "",
|
||||||
&key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
|
&key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
|
||||||
error("Error loading host key \"%s\": %s",
|
do_log2(ll, "Unable to load host key \"%s\": %s",
|
||||||
options.host_key_files[i], ssh_err(r));
|
options.host_key_files[i], ssh_err(r));
|
||||||
if ((r = sshkey_load_public(options.host_key_files[i],
|
if ((r = sshkey_load_public(options.host_key_files[i],
|
||||||
&pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
|
&pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
|
||||||
error("Error loading host key \"%s\": %s",
|
do_log2(ll, "Unable to load host key \"%s\": %s",
|
||||||
options.host_key_files[i], ssh_err(r));
|
options.host_key_files[i], ssh_err(r));
|
||||||
if (pubkey == NULL && key != NULL)
|
if (pubkey == NULL && key != NULL)
|
||||||
if ((r = sshkey_from_private(key, &pubkey)) != 0)
|
if ((r = sshkey_from_private(key, &pubkey)) != 0)
|
||||||
@ -1785,7 +1788,7 @@ main(int ac, char **av)
|
|||||||
keytype = key->type;
|
keytype = key->type;
|
||||||
accumulate_host_timing_secret(cfg, key);
|
accumulate_host_timing_secret(cfg, key);
|
||||||
} else {
|
} else {
|
||||||
error("Could not load host key: %s",
|
do_log2(ll, "Unable to load host key: %s",
|
||||||
options.host_key_files[i]);
|
options.host_key_files[i]);
|
||||||
sensitive_data.host_keys[i] = NULL;
|
sensitive_data.host_keys[i] = NULL;
|
||||||
sensitive_data.host_pubkeys[i] = NULL;
|
sensitive_data.host_pubkeys[i] = NULL;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user