tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

Support "none" as an argument for sshd_config
 ForceCommand and ChrootDirectory. Useful inside Match blocks to override a
 global default. bz#2486 ok dtucker@

Upstream-ID: 7ef478d6592bc7db5c7376fc33b4443e63dccfa5
This commit is contained in:
djm@openbsd.org 2015-11-13 04:38:06 +00:00 committed by Damien Miller
parent 94bc0b72c2
commit 9fd04681a1
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
servconf.c
View File

@ -1,5 +1,5 @@
/* $OpenBSD: servconf.c,v 1.282 2015/10/29 08:05:01 djm Exp $ */ /* $OpenBSD: servconf.c,v 1.283 2015/11/13 04:38:06 djm Exp $ */
/* /*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved * All rights reserved
@ -373,6 +373,8 @@ fill_default_server_options(ServerOptions *options)
CLEAR_ON_NONE(options->trusted_user_ca_keys); CLEAR_ON_NONE(options->trusted_user_ca_keys);
CLEAR_ON_NONE(options->revoked_keys_file); CLEAR_ON_NONE(options->revoked_keys_file);
CLEAR_ON_NONE(options->authorized_principals_file); CLEAR_ON_NONE(options->authorized_principals_file);
CLEAR_ON_NONE(options->adm_forced_command);
CLEAR_ON_NONE(options->chroot_directory);
for (i = 0; i < options->num_host_key_files; i++) for (i = 0; i < options->num_host_key_files; i++)
CLEAR_ON_NONE(options->host_key_files[i]); CLEAR_ON_NONE(options->host_key_files[i]);
for (i = 0; i < options->num_host_cert_files; i++) for (i = 0; i < options->num_host_cert_files; i++)
@ -2034,8 +2036,17 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
if (preauth) if (preauth)
return; return;
/* These options may be "none" to clear a global setting */
M_CP_STROPT(adm_forced_command); M_CP_STROPT(adm_forced_command);
if (option_clear_or_none(dst->adm_forced_command)) {
free(dst->adm_forced_command);
dst->adm_forced_command = NULL;
}
M_CP_STROPT(chroot_directory); M_CP_STROPT(chroot_directory);
if (option_clear_or_none(dst->chroot_directory)) {
free(dst->chroot_directory);
dst->chroot_directory = NULL;
}
} }
#undef M_CP_INTOPT #undef M_CP_INTOPT

8
sshd_config.5
View File

@ -33,7 +33,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: sshd_config.5,v 1.214 2015/11/13 02:57:46 djm Exp $ .\" $OpenBSD: sshd_config.5,v 1.215 2015/11/13 04:38:06 djm Exp $
.Dd $Mdocdate: November 13 2015 $ .Dd $Mdocdate: November 13 2015 $
.Dt SSHD_CONFIG 5 .Dt SSHD_CONFIG 5
.Os .Os
@ -432,7 +432,9 @@ Misconfiguration can lead to unsafe environments which
.Xr sshd 8 .Xr sshd 8
cannot detect. cannot detect.
.Pp .Pp
The default is not to The default is
.Dq none ,
indicating not to
.Xr chroot 2 . .Xr chroot 2 .
.It Cm Ciphers .It Cm Ciphers
Specifies the ciphers allowed for protocol version 2. Specifies the ciphers allowed for protocol version 2.
@ -599,6 +601,8 @@ Specifying a command of
will force the use of an in-process sftp server that requires no support will force the use of an in-process sftp server that requires no support
files when used with files when used with
.Cm ChrootDirectory . .Cm ChrootDirectory .
The default is
.Dq none .
.It Cm GatewayPorts .It Cm GatewayPorts
Specifies whether remote hosts are allowed to connect to ports Specifies whether remote hosts are allowed to connect to ports
forwarded for the client. forwarded for the client.