tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix merge conflict

This commit is contained in:
Tess Gauthier 2024-03-04 12:13:33 -05:00
parent c02b47e35d 3deb501f86
commit ed376e945e
10 changed files with 249 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/selfhosted.yml vendored
View File

@ -72,6 +72,7 @@ jobs:
- { target: fbsd14, config: pam, host: libvirt }
- { target: nbsd8, config: pam, host: libvirt }
- { target: nbsd9, config: pam, host: libvirt }
- { target: nbsd10, config: pam, host: libvirt }
# VMs with persistent disks that have their own runner.
- { target: win10, config: default, host: win10 }
- { target: win10, config: cygwin-release, host: win10 }

4
clientloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: clientloop.c,v 1.402 2023/11/24 00:31:30 dtucker Exp $ */
/* $OpenBSD: clientloop.c,v 1.403 2024/02/21 05:57:34 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -525,7 +525,7 @@ send_chaff(struct ssh *ssh)
{
int r;
if ((ssh->kex->flags & KEX_HAS_PING) == 0)
if (ssh->kex == NULL || (ssh->kex->flags & KEX_HAS_PING) == 0)
return 0;
/* XXX probabilistically send chaff? */
/*

2
configure.ac
View File

@ -3006,7 +3006,7 @@ if test "x$openssl" = "xyes" ; then
fi
# Check for OpenSSL without EVP_aes_{192,256}_cbc
AC_MSG_CHECKING([whether OpenSSL has crippled AES support])
AC_MSG_CHECKING([whether OpenSSL lacks support for AES 192/256])
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[
#include <stdlib.h>

15
misc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.c,v 1.189 2023/10/12 03:36:32 djm Exp $ */
/* $OpenBSD: misc.c,v 1.190 2024/03/04 02:16:11 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005-2020 Damien Miller. All rights reserved.
@ -2726,6 +2726,19 @@ opt_array_append(const char *file, const int line, const char *directive,
opt_array_append2(file, line, directive, array, NULL, lp, s, 0);
}
void
opt_array_free2(char **array, int **iarray, u_int l)
{
u_int i;
if (array == NULL || l == 0)
return;
for (i = 0; i < l; i++)
free(array[i]);
free(array);
free(iarray);
}
sshsig_t
ssh_signal(int signum, sshsig_t handler)
{

3
misc.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: misc.h,v 1.106 2023/10/11 22:42:26 djm Exp $ */
/* $OpenBSD: misc.h,v 1.107 2024/03/04 02:16:11 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -213,6 +213,7 @@ void opt_array_append(const char *file, const int line,
void opt_array_append2(const char *file, const int line,
const char *directive, char ***array, int **iarray, u_int *lp,
const char *s, int i);
void opt_array_free2(char **array, int **iarray, u_int l);
struct timespec;
void ptimeout_init(struct timespec *pt);

163
readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.384 2024/01/11 01:45:36 djm Exp $ */
/* $OpenBSD: readconf.c,v 1.386 2024/03/04 04:13:18 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -897,6 +897,20 @@ parse_token(const char *cp, const char *filename, int linenum,
return oBadOption;
}
static void
free_canon_cnames(struct allowed_cname *cnames, u_int n)
{
u_int i;
if (cnames == NULL || n == 0)
return;
for (i = 0; i < n; i++) {
free(cnames[i].source_list);
free(cnames[i].target_list);
}
free(cnames);
}
/* Multistate option parsing */
struct multistate {
char *key;
@ -1039,21 +1053,24 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
{
char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p;
char **cpptr, ***cppptr, fwdarg[256];
u_int *uintptr, uvalue, max_entries = 0;
u_int *uintptr, max_entries = 0;
int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0;
int remotefwd, dynamicfwd, ca_only = 0;
int remotefwd, dynamicfwd, ca_only = 0, found = 0;
LogLevel *log_level_ptr;
SyslogFacility *log_facility_ptr;
long long val64;
size_t len, i; // fix CodeQL SM01735
struct Forward fwd;
const struct multistate *multistate_ptr;
struct allowed_cname *cname;
glob_t gl;
const char *errstr;
char **oav = NULL, **av;
int oac = 0, ac;
int ret = -1;
struct allowed_cname *cnames = NULL;
u_int ncnames = 0;
char **strs = NULL; /* string array arguments; freed implicitly */
u_int nstrs = 0;
if (activep == NULL) { /* We are processing a command line directive */
cmdline = 1;
@ -1669,14 +1686,13 @@ parse_pubkey_algos:
case oPermitRemoteOpen:
uintptr = &options->num_permitted_remote_opens;
cppptr = &options->permitted_remote_opens;
uvalue = *uintptr; /* modified later */
i = 0;
found = *uintptr == 0;
while ((arg = argv_next(&ac, &av)) != NULL) {
arg2 = xstrdup(arg);
/* Allow any/none only in first position */
if (strcasecmp(arg, "none") == 0 ||
strcasecmp(arg, "any") == 0) {
if (i > 0 || ac > 0) {
if (nstrs > 0 || ac > 0) {
error("%s line %d: keyword %s \"%s\" "
"argument must appear alone.",
filename, linenum, keyword, arg);
@ -1702,17 +1718,20 @@ parse_pubkey_algos:
lookup_opcode_name(opcode));
}
}
if (*activep && uvalue == 0) {
opt_array_append(filename, linenum,
lookup_opcode_name(opcode),
cppptr, uintptr, arg2);
}
opt_array_append(filename, linenum,
lookup_opcode_name(opcode),
&strs, &nstrs, arg2);
free(arg2);
i++;
}
if (i == 0)
if (nstrs == 0)
fatal("%s line %d: missing %s specification",
filename, linenum, lookup_opcode_name(opcode));
if (found && *activep) {
*cppptr = strs;
*uintptr = nstrs;
strs = NULL; /* transferred */
nstrs = 0;
}
break;
case oClearAllForwardings:
@ -1830,12 +1849,14 @@ parse_pubkey_algos:
goto parse_int;
case oSendEnv:
/* XXX appends to list; doesn't respect first-match-wins */
while ((arg = argv_next(&ac, &av)) != NULL) {
if (*arg == '\0' || strchr(arg, '=') != NULL) {
error("%s line %d: Invalid environment name.",
filename, linenum);
goto out;
}
found = 1;
if (!*activep)
continue;
if (*arg == '-') {
@ -1847,27 +1868,38 @@ parse_pubkey_algos:
lookup_opcode_name(opcode),
&options->send_env, &options->num_send_env, arg);
}
if (!found) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
break;
case oSetEnv:
value = options->num_setenv;
found = options->num_setenv == 0;
while ((arg = argv_next(&ac, &av)) != NULL) {
if (strchr(arg, '=') == NULL) {
error("%s line %d: Invalid SetEnv.",
filename, linenum);
goto out;
}
if (!*activep || value != 0)
continue;
if (lookup_setenv_in_list(arg, options->setenv,
options->num_setenv) != NULL) {
if (lookup_setenv_in_list(arg, strs, nstrs) != NULL) {
debug2("%s line %d: ignoring duplicate env "
"name \"%.64s\"", filename, linenum, arg);
continue;
}
opt_array_append(filename, linenum,
lookup_opcode_name(opcode),
&options->setenv, &options->num_setenv, arg);
&strs, &nstrs, arg);
}
if (nstrs == 0) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
if (found && *activep) {
options->setenv = strs;
options->num_setenv = nstrs;
strs = NULL; /* transferred */
nstrs = 0;
}
break;
@ -2080,52 +2112,46 @@ parse_pubkey_algos:
goto parse_flag;
case oCanonicalDomains:
value = options->num_canonical_domains != 0;
i = 0;
found = options->num_canonical_domains == 0;
while ((arg = argv_next(&ac, &av)) != NULL) {
if (*arg == '\0') {
error("%s line %d: keyword %s empty argument",
filename, linenum, keyword);
goto out;
}
/* Allow "none" only in first position */
if (strcasecmp(arg, "none") == 0) {
if (i > 0 || ac > 0) {
if (nstrs > 0 || ac > 0) {
error("%s line %d: keyword %s \"none\" "
"argument must appear alone.",
filename, linenum, keyword);
goto out;
}
}
i++;
if (!valid_domain(arg, 1, &errstr)) {
error("%s line %d: %s", filename, linenum,
errstr);
goto out;
}
if (!*activep || value)
continue;
if (options->num_canonical_domains >=
MAX_CANON_DOMAINS) {
error("%s line %d: too many hostname suffixes.",
filename, linenum);
goto out;
}
options->canonical_domains[
options->num_canonical_domains++] = xstrdup(arg);
opt_array_append(filename, linenum, keyword,
&strs, &nstrs, arg);
}
if (nstrs == 0) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
if (found && *activep) {
options->canonical_domains = strs;
options->num_canonical_domains = nstrs;
strs = NULL; /* transferred */
nstrs = 0;
}
break;
case oCanonicalizePermittedCNAMEs:
value = options->num_permitted_cnames != 0;
i = 0;
found = options->num_permitted_cnames == 0;
while ((arg = argv_next(&ac, &av)) != NULL) {
/*
* Either 'none' (only in first position), '*' for
* everything or 'list:list'
*/
if (strcasecmp(arg, "none") == 0) {
if (i > 0 || ac > 0) {
if (ncnames > 0 || ac > 0) {
error("%s line %d: keyword %s \"none\" "
"argument must appear alone.",
filename, linenum, keyword);
@ -2146,20 +2172,23 @@ parse_pubkey_algos:
*arg2 = '\0';
arg2++;
}
i++;
if (!*activep || value)
continue;
if (options->num_permitted_cnames >=
MAX_CANON_DOMAINS) {
error("%s line %d: too many permitted CNAMEs.",
filename, linenum);
goto out;
}
cname = options->permitted_cnames +
options->num_permitted_cnames++;
cname->source_list = xstrdup(arg);
cname->target_list = xstrdup(arg2);
cnames = xrecallocarray(cnames, ncnames, ncnames + 1,
sizeof(*cnames));
cnames[ncnames].source_list = xstrdup(arg);
cnames[ncnames].target_list = xstrdup(arg2);
ncnames++;
}
if (ncnames == 0) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
if (found && *activep) {
options->permitted_cnames = cnames;
options->num_permitted_cnames = ncnames;
cnames = NULL; /* transferred */
ncnames = 0;
}
/* un-transferred cnames is cleaned up before exit */
break;
case oCanonicalizeHostname:
@ -2340,12 +2369,11 @@ parse_pubkey_algos:
break;
case oChannelTimeout:
uvalue = options->num_channel_timeouts;
i = 0;
found = options->num_channel_timeouts == 0;
while ((arg = argv_next(&ac, &av)) != NULL) {
/* Allow "none" only in first position */
if (strcasecmp(arg, "none") == 0) {
if (i > 0 || ac > 0) {
if (nstrs > 0 || ac > 0) {
error("%s line %d: keyword %s \"none\" "
"argument must appear alone.",
filename, linenum, keyword);
@ -2356,11 +2384,18 @@ parse_pubkey_algos:
fatal("%s line %d: invalid channel timeout %s",
filename, linenum, arg);
}
if (!*activep || uvalue != 0)
continue;
opt_array_append(filename, linenum, keyword,
&options->channel_timeouts,
&options->num_channel_timeouts, arg);
&strs, &nstrs, arg);
}
if (nstrs == 0) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
if (found && *activep) {
options->channel_timeouts = strs;
options->num_channel_timeouts = nstrs;
strs = NULL; /* transferred */
nstrs = 0;
}
break;
@ -2392,6 +2427,8 @@ parse_pubkey_algos:
/* success */
ret = 0;
out:
free_canon_cnames(cnames, ncnames);
opt_array_free2(strs, NULL, nstrs);
argv_free(oav, oac);
return ret;
}
@ -2430,7 +2467,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
if ((f = fopen(filename, "r")) == NULL)
return 0;
if (flags & SSHCONF_CHECKPERM) {
if (flags & SSHCONF_CHECKPERM) {
#if WINDOWS
/*
file permissions are designed differently on windows.

6
readconf.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.h,v 1.155 2024/01/11 01:45:36 djm Exp $ */
/* $OpenBSD: readconf.h,v 1.156 2024/03/04 02:16:11 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -155,12 +155,12 @@ typedef struct {
int proxy_use_fdpass;
int num_canonical_domains;
char *canonical_domains[MAX_CANON_DOMAINS];
char **canonical_domains;
int canonicalize_hostname;
int canonicalize_max_dots;
int canonicalize_fallback_local;
int num_permitted_cnames;
struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
struct allowed_cname *permitted_cnames;
char *revoked_host_keys;

166
servconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: servconf.c,v 1.404 2024/02/20 04:10:03 djm Exp $ */
/* $OpenBSD: servconf.c,v 1.405 2024/03/04 02:16:11 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@ -1302,12 +1302,12 @@ process_server_config_line_depth(ServerOptions *options, char *line,
struct include_list *includes)
{
char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword;
int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
int ca_only = 0;
int cmdline = 0, *intptr, value, value2, n, port, oactive, r;
int ca_only = 0, found = 0;
SyslogFacility *log_facility_ptr;
LogLevel *log_level_ptr;
ServerOpCodes opcode;
u_int i, *uintptr, uvalue, flags = 0;
u_int i, *uintptr, flags = 0;
size_t len;
long long val64;
const struct multistate *multistate_ptr;
@ -1317,6 +1317,8 @@ process_server_config_line_depth(ServerOptions *options, char *line,
char **oav = NULL, **av;
int oac = 0, ac;
int ret = -1;
char **strs = NULL; /* string array arguments; freed implicitly */
u_int nstrs = 0;
/* Strip trailing whitespace. Allow \f (form feed) at EOL only */
if ((len = strlen(line)) == 0)
@ -1779,7 +1781,6 @@ process_server_config_line_depth(ServerOptions *options, char *line,
case sLogVerbose:
found = options->num_log_verbose == 0;
i = 0;
while ((arg = argv_next(&ac, &av)) != NULL) {
if (*arg == '\0') {
error("%s line %d: keyword %s empty argument",
@ -1788,19 +1789,25 @@ process_server_config_line_depth(ServerOptions *options, char *line,
}
/* Allow "none" only in first position */
if (strcasecmp(arg, "none") == 0) {
if (i > 0 || ac > 0) {
if (nstrs > 0 || ac > 0) {
error("%s line %d: keyword %s \"none\" "
"argument must appear alone.",
filename, linenum, keyword);
goto out;
}
}
i++;
if (!found || !*activep)
continue;
opt_array_append(filename, linenum, keyword,
&options->log_verbose, &options->num_log_verbose,
arg);
&strs, &nstrs, arg);
}
if (nstrs == 0) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
if (found && *activep) {
options->log_verbose = strs;
options->num_log_verbose = nstrs;
strs = NULL; /* transferred */
nstrs = 0;
}
break;
@ -1826,16 +1833,22 @@ process_server_config_line_depth(ServerOptions *options, char *line,
chararrayptr = &options->allow_users;
uintptr = &options->num_allow_users;
parse_allowdenyusers:
/* XXX appends to list; doesn't respect first-match-wins */
while ((arg = argv_next(&ac, &av)) != NULL) {
if (*arg == '\0' ||
match_user(NULL, NULL, NULL, arg) == -1)
fatal("%s line %d: invalid %s pattern: \"%s\"",
filename, linenum, keyword, arg);
found = 1;
if (!*activep)
continue;
opt_array_append(filename, linenum, keyword,
chararrayptr, uintptr, arg);
}
if (!found) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
break;
case sDenyUsers:
@ -1846,16 +1859,22 @@ process_server_config_line_depth(ServerOptions *options, char *line,
case sAllowGroups:
chararrayptr = &options->allow_groups;
uintptr = &options->num_allow_groups;
/* XXX appends to list; doesn't respect first-match-wins */
parse_allowdenygroups:
while ((arg = argv_next(&ac, &av)) != NULL) {
if (*arg == '\0')
fatal("%s line %d: empty %s pattern",
filename, linenum, keyword);
found = 1;
if (!*activep)
continue;
opt_array_append(filename, linenum, keyword,
chararrayptr, uintptr, arg);
}
if (!found) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
break;
case sDenyGroups:
@ -2039,7 +2058,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
* AuthorizedKeysFile /etc/ssh_keys/%u
*/
case sAuthorizedKeysFile:
uvalue = options->num_authkeys_files;
found = options->num_authkeys_files == 0;
while ((arg = argv_next(&ac, &av)) != NULL) {
if (*arg == '\0') {
error("%s line %d: keyword %s empty argument",
@ -2047,13 +2066,20 @@ process_server_config_line_depth(ServerOptions *options, char *line,
goto out;
}
arg2 = tilde_expand_filename(arg, getuid());
if (*activep && uvalue == 0) {
opt_array_append(filename, linenum, keyword,
&options->authorized_keys_files,
&options->num_authkeys_files, arg2);
}
opt_array_append(filename, linenum, keyword,
&strs, &nstrs, arg2);
free(arg2);
}
if (nstrs == 0) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
if (found && *activep) {
options->authorized_keys_files = strs;
options->num_authkeys_files = nstrs;
strs = NULL; /* transferred */
nstrs = 0;
}
break;
case sAuthorizedPrincipalsFile:
@ -2079,34 +2105,47 @@ process_server_config_line_depth(ServerOptions *options, char *line,
goto parse_int;
case sAcceptEnv:
/* XXX appends to list; doesn't respect first-match-wins */
while ((arg = argv_next(&ac, &av)) != NULL) {
if (*arg == '\0' || strchr(arg, '=') != NULL)
fatal("%s line %d: Invalid environment name.",
filename, linenum);
found = 1;
if (!*activep)
continue;
opt_array_append(filename, linenum, keyword,
&options->accept_env, &options->num_accept_env,
arg);
}
if (!found) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
break;
case sSetEnv:
uvalue = options->num_setenv;
found = options->num_setenv == 0;
while ((arg = argv_next(&ac, &av)) != NULL) {
if (*arg == '\0' || strchr(arg, '=') == NULL)
fatal("%s line %d: Invalid environment.",
filename, linenum);
if (!*activep || uvalue != 0)
continue;
if (lookup_setenv_in_list(arg, options->setenv,
options->num_setenv) != NULL) {
if (lookup_setenv_in_list(arg, strs, nstrs) != NULL) {
debug2("%s line %d: ignoring duplicate env "
"name \"%.64s\"", filename, linenum, arg);
continue;
}
opt_array_append(filename, linenum, keyword,
&options->setenv, &options->num_setenv, arg);
&strs, &nstrs, arg);
}
if (nstrs == 0) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
if (found && *activep) {
options->setenv = strs;
options->num_setenv = nstrs;
strs = NULL; /* transferred */
nstrs = 0;
}
break;
@ -2260,21 +2299,20 @@ process_server_config_line_depth(ServerOptions *options, char *line,
uintptr = &options->num_permitted_opens;
chararrayptr = &options->permitted_opens;
}
arg = argv_next(&ac, &av);
if (!arg || *arg == '\0')
fatal("%s line %d: %s missing argument.",
filename, linenum, keyword);
uvalue = *uintptr; /* modified later */
if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
if (*activep && uvalue == 0) {
*uintptr = 1;
*chararrayptr = xcalloc(1,
sizeof(**chararrayptr));
(*chararrayptr)[0] = xstrdup(arg);
found = *uintptr == 0;
while ((arg = argv_next(&ac, &av)) != NULL) {
if (strcmp(arg, "any") == 0 ||
strcmp(arg, "none") == 0) {
if (nstrs != 0) {
fatal("%s line %d: %s must appear "
"alone on a %s line.",
filename, linenum, arg, keyword);
}
opt_array_append(filename, linenum, keyword,
&strs, &nstrs, arg);
continue;
}
break;
}
for (; arg != NULL && *arg != '\0'; arg = argv_next(&ac, &av)) {
if (opcode == sPermitListen &&
strchr(arg, ':') == NULL) {
/*
@ -2296,12 +2334,20 @@ process_server_config_line_depth(ServerOptions *options, char *line,
fatal("%s line %d: %s bad port number",
filename, linenum, keyword);
}
if (*activep && uvalue == 0) {
opt_array_append(filename, linenum, keyword,
chararrayptr, uintptr, arg2);
}
opt_array_append(filename, linenum, keyword,
&strs, &nstrs, arg2);
free(arg2);
}
if (nstrs == 0) {
fatal("%s line %d: %s missing argument.",
filename, linenum, keyword);
}
if (found && *activep) {
*chararrayptr = strs;
*uintptr = nstrs;
strs = NULL; /* transferred */
nstrs = 0;
}
break;
case sForceCommand:
@ -2430,10 +2476,9 @@ process_server_config_line_depth(ServerOptions *options, char *line,
case sAuthenticationMethods:
found = options->num_auth_methods == 0;
value = 0; /* seen "any" pseudo-method */
value2 = 0; /* successfully parsed any method */
while ((arg = argv_next(&ac, &av)) != NULL) {
if (strcmp(arg, "any") == 0) {
if (options->num_auth_methods > 0) {
if (nstrs > 0) {
fatal("%s line %d: \"any\" must "
"appear alone in %s",
filename, linenum, keyword);
@ -2446,17 +2491,19 @@ process_server_config_line_depth(ServerOptions *options, char *line,
fatal("%s line %d: invalid %s method list.",
filename, linenum, keyword);
}
value2 = 1;
if (!found || !*activep)
continue;
opt_array_append(filename, linenum, keyword,
&options->auth_methods,
&options->num_auth_methods, arg);
&strs, &nstrs, arg);
}
if (value2 == 0) {
if (nstrs == 0) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
if (found && *activep) {
options->auth_methods = strs;
options->num_auth_methods = nstrs;
strs = NULL; /* transferred */
nstrs = 0;
}
break;
case sStreamLocalBindMask:
@ -2516,12 +2563,11 @@ process_server_config_line_depth(ServerOptions *options, char *line,
goto parse_int;
case sChannelTimeout:
uvalue = options->num_channel_timeouts;
i = 0;
found = options->num_channel_timeouts == 0;
while ((arg = argv_next(&ac, &av)) != NULL) {
/* Allow "none" only in first position */
if (strcasecmp(arg, "none") == 0) {
if (i > 0 || ac > 0) {
if (nstrs > 0 || ac > 0) {
error("%s line %d: keyword %s \"none\" "
"argument must appear alone.",
filename, linenum, keyword);
@ -2532,11 +2578,18 @@ process_server_config_line_depth(ServerOptions *options, char *line,
fatal("%s line %d: invalid channel timeout %s",
filename, linenum, arg);
}
if (!*activep || uvalue != 0)
continue;
opt_array_append(filename, linenum, keyword,
&options->channel_timeouts,
&options->num_channel_timeouts, arg);
&strs, &nstrs, arg);
}
if (nstrs == 0) {
fatal("%s line %d: no %s specified",
filename, linenum, keyword);
}
if (found && *activep) {
options->channel_timeouts = strs;
options->num_channel_timeouts = nstrs;
strs = NULL; /* transferred */
nstrs = 0;
}
break;
@ -2576,6 +2629,7 @@ process_server_config_line_depth(ServerOptions *options, char *line,
/* success */
ret = 0;
out:
opt_array_free2(strs, NULL, nstrs);
argv_free(oav, oac);
return ret;
}

6
ssh_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh_config.5,v 1.393 2024/01/10 06:33:13 jmc Exp $
.Dd $Mdocdate: January 10 2024 $
.\" $OpenBSD: ssh_config.5,v 1.394 2024/02/21 06:01:13 djm Exp $
.Dd $Mdocdate: February 21 2024 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@ -144,7 +144,7 @@ The available criteria keywords are:
.Cm localnetwork ,
.Cm host ,
.Cm originalhost ,
.Cm Tag ,
.Cm tagged ,
.Cm user ,
and
.Cm localuser .

17
sshd_config.5
View File

@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.352 2024/01/10 06:33:13 jmc Exp $
.Dd $Mdocdate: January 10 2024 $
.\" $OpenBSD: sshd_config.5,v 1.355 2024/02/21 06:17:29 djm Exp $
.Dd $Mdocdate: February 21 2024 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@ -485,7 +485,7 @@ to after authentication.
At session startup
.Xr sshd 8
checks that all components of the pathname are root-owned directories
which are not writable by any other user or group.
which are not writable by group or others.
After the chroot,
.Xr sshd 8
changes the working directory to the user's home directory.
@ -1126,7 +1126,8 @@ DEBUG and DEBUG1 are equivalent.
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
Logging with a DEBUG level violates the privacy of users and is not recommended.
.It Cm LogVerbose
Specify one or more overrides to LogLevel.
Specify one or more overrides to
.Cm LogLevel .
An override consists of a pattern lists that matches the source file, function
and line number to force detailed logging for.
For example, an override pattern of:
@ -1791,6 +1792,14 @@ implements an in-process SFTP server.
This may simplify configurations using
.Cm ChrootDirectory
to force a different filesystem root on clients.
It accepts the same command line arguments as
.Cm sftp-server
and even though it is in-process, settings such as
.Cm LogLevel
or
.Cm SyslogFacility
do not apply to it and must be set explicitly via
command line arguments.
.Pp
By default no subsystems are defined.
.It Cm SyslogFacility