diff options
| author |   djm <djm@openbsd.org> | 2020-12-20 23:38:00 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2020-12-20 23:38:00 +0000 |
| commit | 352e345034e1a43e36b098397b5f3bcd1f86cda1 (patch) | |
| tree | 62aa86da8615e200563efab82d68ddb44e35f87f | |
| parent | load_hostkeys()/hostkeys_foreach() variants for FILE* (diff) | |
| download | wireguard-openbsd-352e345034e1a43e36b098397b5f3bcd1f86cda1.tar.xz wireguard-openbsd-352e345034e1a43e36b098397b5f3bcd1f86cda1.zip | |
allow UserKnownHostsFile=none; feedback and ok markus@
| -rw-r--r-- | usr.bin/ssh/ssh.c | 42 | ||||
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 6 |
2 files changed, 35 insertions, 13 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 9bdca2aefb5..82638a5b6d0 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.544 2020/12/17 23:26:11 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.545 2020/12/20 23:38:00 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1420,18 +1420,36 @@ main(int ac, char **av) options.forward_agent_sock_path = cp; } + if (options.num_system_hostfiles > 0 && + strcasecmp(options.system_hostfiles[0], "none") == 0) { + if (options.num_system_hostfiles > 1) + fatal("Invalid GlobalKnownHostsFiles: \"none\" " + "appears with other entries"); + free(options.system_hostfiles[0]); + options.system_hostfiles[0] = NULL; + options.num_system_hostfiles = 0; + } + + if (options.num_user_hostfiles > 0 && + strcasecmp(options.user_hostfiles[0], "none") == 0) { + if (options.num_user_hostfiles > 1) + fatal("Invalid UserKnownHostsFiles: \"none\" " + "appears with other entries"); + free(options.user_hostfiles[0]); + options.user_hostfiles[0] = NULL; + options.num_user_hostfiles = 0; + } for (j = 0; j < options.num_user_hostfiles; j++) { - if (options.user_hostfiles[j] != NULL) { - cp = tilde_expand_filename(options.user_hostfiles[j], - getuid()); - p = default_client_percent_dollar_expand(cp, cinfo); - if (strcmp(options.user_hostfiles[j], p) != 0) - debug3("expanded UserKnownHostsFile '%s' -> " - "'%s'", options.user_hostfiles[j], p); - free(options.user_hostfiles[j]); - free(cp); - options.user_hostfiles[j] = p; - } + if (options.user_hostfiles[j] == NULL) + continue; + cp = tilde_expand_filename(options.user_hostfiles[j], getuid()); + p = default_client_percent_dollar_expand(cp, cinfo); + if (strcmp(options.user_hostfiles[j], p) != 0) + debug3("expanded UserKnownHostsFile '%s' -> " + "'%s'", options.user_hostfiles[j], p); + free(options.user_hostfiles[j]); + free(cp); + options.user_hostfiles[j] = p; } for (i = 0; i < options.num_local_forwards; i++) { diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index c757d9cd154..424f148d619 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.346 2020/12/20 23:36:51 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.347 2020/12/20 23:38:00 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -911,6 +911,10 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, host_status = check_key_in_hostkeys(host_hostkeys, host_key, &host_found); + /* If no host files were specified, then don't try to touch them */ + if (!readonly && num_user_hostfiles == 0) + readonly = RDONLY; + /* * Also perform check for the ip address, skip the check if we are * localhost, looking for a certificate, or the hostname was an ip |