diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-12-20 23:38:00 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-12-21 10:52:28 +1100 |
commit | 729b05f59ded35483acef90a6f88aa03eae33b29 (patch) | |
tree | 574885e6cddda621c46df25a81803c3c2b416965 | |
parent | b4c7cd1185c5dc0593d47eafcc1a34fda569dd1d (diff) |
upstream: allow UserKnownHostsFile=none; feedback and ok markus@
OpenBSD-Commit-ID: c46d515eac94a35a1d50d5fd71c4b1ca53334b48
-rw-r--r-- | ssh.c | 42 | ||||
-rw-r--r-- | sshconnect.c | 6 |
2 files changed, 35 insertions, 13 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.544 2020/12/17 23:26:11 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.545 2020/12/20 23:38:00 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1441,18 +1441,36 @@ main(int ac, char **av) options.forward_agent_sock_path = cp; } + if (options.num_system_hostfiles > 0 && + strcasecmp(options.system_hostfiles[0], "none") == 0) { + if (options.num_system_hostfiles > 1) + fatal("Invalid GlobalKnownHostsFiles: \"none\" " + "appears with other entries"); + free(options.system_hostfiles[0]); + options.system_hostfiles[0] = NULL; + options.num_system_hostfiles = 0; + } + + if (options.num_user_hostfiles > 0 && + strcasecmp(options.user_hostfiles[0], "none") == 0) { + if (options.num_user_hostfiles > 1) + fatal("Invalid UserKnownHostsFiles: \"none\" " + "appears with other entries"); + free(options.user_hostfiles[0]); + options.user_hostfiles[0] = NULL; + options.num_user_hostfiles = 0; + } for (j = 0; j < options.num_user_hostfiles; j++) { - if (options.user_hostfiles[j] != NULL) { - cp = tilde_expand_filename(options.user_hostfiles[j], - getuid()); - p = default_client_percent_dollar_expand(cp, cinfo); - if (strcmp(options.user_hostfiles[j], p) != 0) - debug3("expanded UserKnownHostsFile '%s' -> " - "'%s'", options.user_hostfiles[j], p); - free(options.user_hostfiles[j]); - free(cp); - options.user_hostfiles[j] = p; - } + if (options.user_hostfiles[j] == NULL) + continue; + cp = tilde_expand_filename(options.user_hostfiles[j], getuid()); + p = default_client_percent_dollar_expand(cp, cinfo); + if (strcmp(options.user_hostfiles[j], p) != 0) + debug3("expanded UserKnownHostsFile '%s' -> " + "'%s'", options.user_hostfiles[j], p); + free(options.user_hostfiles[j]); + free(cp); + options.user_hostfiles[j] = p; } for (i = 0; i < options.num_local_forwards; i++) { diff --git a/sshconnect.c b/sshconnect.c index 59211416..c17e44ae 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.346 2020/12/20 23:36:51 djm Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.347 2020/12/20 23:38:00 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -949,6 +949,10 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, host_status = check_key_in_hostkeys(host_hostkeys, host_key, &host_found); + /* If no host files were specified, then don't try to touch them */ + if (!readonly && num_user_hostfiles == 0) + readonly = RDONLY; + /* * Also perform check for the ip address, skip the check if we are * localhost, looking for a certificate, or the hostname was an ip |