diff --git a/servconf.c b/servconf.c index b378a8aee..006c216c7 100644 --- a/servconf.c +++ b/servconf.c @@ -95,7 +95,9 @@ initialize_server_options(ServerOptions *options) init_##funcsuffix(options) #define SSHCONF_NONCONF(funcsuffix) \ init_##funcsuffix(options) -#define SSHCONF_NOSUPPORT(var, conf, opcode, flags) /* empty */ +#define SSHCONF_DEPRECATE(conf, flags, opcode) /* empty */ +#define SSHCONF_UNSUPPORTED_INT(var, conf, flags) options->var = 0; +#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) options->var = NULL; #define SSHCONF_ALIAS(old, conf, flags) /* empty */ /* Using macros for these is a bit overkill but forces consistency */ @@ -184,7 +186,9 @@ initialize_server_options(ServerOptions *options) #undef SSHCONF_STRARRAY #undef SSHCONF_CUSTOM #undef SSHCONF_NONCONF -#undef SSHCONF_NOSUPPORT +#undef SSHCONF_DEPRECATE +#undef SSHCONF_UNSUPPORTED_INT +#undef SSHCONF_UNSUPPORTED_STRING #undef SSHCONF_ALIAS } @@ -276,7 +280,13 @@ fill_default_server_options(ServerOptions *options) #define SSHCONF_STRARRAY(var, nvar, conf, flags, cp) /* done manually */ #define SSHCONF_CUSTOM(conf, funcsuffix, flags, cp) /* done manually */ #define SSHCONF_NONCONF(funcsuffix) /* done manually */ -#define SSHCONF_NOSUPPORT(var, conf, opcode, flags) /* empty */ +#define SSHCONF_DEPRECATE(conf, flags, opcode) /* empty */ +#define SSHCONF_UNSUPPORTED_INT(var, conf, flags) options->var = 0; +#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) \ + do { \ + free(options->var); \ + options->var = NULL; \ + } while (0); #define SSHCONF_ALIAS(old, conf, flags) /* empty */ /* XXX maybe use macros here too to force consistency? */ @@ -289,9 +299,16 @@ fill_default_server_options(ServerOptions *options) #undef SSHCONF_STRARRAY #undef SSHCONF_CUSTOM #undef SSHCONF_NONCONF -#undef SSHCONF_NOSUPPORT +#undef SSHCONF_DEPRECATE +#undef SSHCONF_UNSUPPORTED_INT +#undef SSHCONF_UNSUPPORTED_STRING #undef SSHCONF_ALIAS +#ifdef USE_PAM + if (options->pam_service_name == NULL) + options->pam_service_name = xstrdup(SSHD_PAM_SERVICE); +#endif + if (options->num_host_key_files == 0) { /* fill default hostkeys */ servconf_add_hostkey("[default]", 0, options, @@ -442,7 +459,9 @@ fill_default_server_options(ServerOptions *options) #define SSHCONF_STRARRAY(var, nvar, conf, flags, cp) s##conf, #define SSHCONF_CUSTOM(conf, funcsuffix, flags, cp) s##conf, #define SSHCONF_NONCONF(funcsuffix) /* empty */ -#define SSHCONF_NOSUPPORT(var, conf, opcode, flags) /* empty */ +#define SSHCONF_DEPRECATE(conf, flags, opcode) /* empty */ +#define SSHCONF_UNSUPPORTED_INT(var, conf, flags) /* empty */ +#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) /* empty */ #define SSHCONF_ALIAS(old, conf, flags) /* empty */ /* Keyword tokens. */ @@ -458,7 +477,9 @@ typedef enum { #undef SSHCONF_STRARRAY #undef SSHCONF_CUSTOM #undef SSHCONF_NONCONF -#undef SSHCONF_NOSUPPORT +#undef SSHCONF_DEPRECATE +#undef SSHCONF_UNSUPPORTED_INT +#undef SSHCONF_UNSUPPORTED_STRING #undef SSHCONF_ALIAS #define SSHCFG_GLOBAL 0x01 /* allowed in main section of config */ @@ -477,9 +498,12 @@ typedef enum { #define SSHCONF_NONCONF(funcsuffix) /* empty */ #define SSHCONF_DEPRECATED sDeprecated #define SSHCONF_IGNORE sIgnore -#define SSHCONF_UNSUPPORTED sUnsupported -#define SSHCONF_NOSUPPORT(var, conf, opcode, flags) \ +#define SSHCONF_DEPRECATE(conf, flags, opcode) \ { #conf, opcode, flags }, +#define SSHCONF_UNSUPPORTED_INT(var, conf, flags) \ + { #conf, sUnsupported, flags }, +#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) \ + { #conf, sUnsupported, flags }, #define SSHCONF_ALIAS(old, conf, flags) \ { #old, s##conf, flags }, @@ -502,8 +526,9 @@ static struct { #undef SSHCONF_NONCONF #undef SSHCONF_DEPRECATED #undef SSHCONF_IGNORE -#undef SSHCONF_UNSUPPORTED -#undef SSHCONF_NOSUPPORT +#undef SSHCONF_DEPRECATE +#undef SSHCONF_UNSUPPORTED_INT +#undef SSHCONF_UNSUPPORTED_STRING #undef SSHCONF_ALIAS static struct { @@ -1143,7 +1168,7 @@ process_server_config_line_depth(ServerOptions *options, char *line, switch (opcode) { /* Portable-specific options */ -#ifdef WITH_PAM +#ifdef USE_PAM case sUsePAM: intptr = &options->use_pam; goto parse_flag; @@ -3080,7 +3105,9 @@ serialise_server_options(const ServerOptions *options, struct sshbuf **bufp) #define SSHCONF_NONCONF(funcsuffix) \ if ((r = serialise_##funcsuffix(options, buf)) != 0) \ goto out; -#define SSHCONF_NOSUPPORT(var, conf, opcode, flags) /* empty */ +#define SSHCONF_DEPRECATE(conf, flags, opcode) /* empty */ +#define SSHCONF_UNSUPPORTED_INT(var, conf, flags) /* empty */ +#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) /* empty */ #define SSHCONF_ALIAS(old, conf, flags) /* empty */ SSHD_CONFIG_ENTRIES @@ -3091,7 +3118,9 @@ serialise_server_options(const ServerOptions *options, struct sshbuf **bufp) #undef SSHCONF_STRARRAY #undef SSHCONF_CUSTOM #undef SSHCONF_NONCONF -#undef SSHCONF_NOSUPPORT +#undef SSHCONF_DEPRECATE +#undef SSHCONF_UNSUPPORTED_INT +#undef SSHCONF_UNSUPPORTED_STRING #undef SSHCONF_ALIAS /* success */ @@ -3611,7 +3640,13 @@ deserialise_server_options(struct sshbuf *buf, ServerOptions *options) #define SSHCONF_NONCONF(funcsuffix) \ if ((r = deserialise_##funcsuffix(&new_options, buf)) != 0) \ goto out; -#define SSHCONF_NOSUPPORT(var, conf, opcode, flags) /* empty */ +#define SSHCONF_DEPRECATE(conf, flags, opcode) /* empty */ +#define SSHCONF_UNSUPPORTED_INT(var, conf, flags) new_options.var = 0; +#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) \ + do { \ + free(new_options.var); \ + new_options.var = NULL; \ + } while (0); #define SSHCONF_ALIAS(old, conf, flags) /* empty */ SSHD_CONFIG_ENTRIES @@ -3628,7 +3663,9 @@ deserialise_server_options(struct sshbuf *buf, ServerOptions *options) #undef SSHCONF_STRARRAY #undef SSHCONF_CUSTOM #undef SSHCONF_NONCONF -#undef SSHCONF_NOSUPPORT +#undef SSHCONF_DEPRECATE +#undef SSHCONF_UNSUPPORTED_INT +#undef SSHCONF_UNSUPPORTED_STRING #undef SSHCONF_ALIAS /* success */ @@ -3701,7 +3738,13 @@ free_server_options(ServerOptions *options) free_##funcsuffix(options); #define SSHCONF_NONCONF(funcsuffix) \ free_##funcsuffix(options); -#define SSHCONF_NOSUPPORT(var, conf, opcode, flags) /* empty */ +#define SSHCONF_DEPRECATE(conf, flags, opcode) /* empty */ +#define SSHCONF_UNSUPPORTED_INT(var, conf, flags) options->var = 0; +#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) \ + do { \ + free(options->var); \ + options->var = NULL; \ + } while (0); #define SSHCONF_ALIAS(old, conf, flags) /* empty */ #define free_ipqos(options) @@ -3738,7 +3781,9 @@ free_server_options(ServerOptions *options) #undef SSHCONF_STRARRAY #undef SSHCONF_CUSTOM #undef SSHCONF_NONCONF -#undef SSHCONF_NOSUPPORT +#undef SSHCONF_DEPRECATE +#undef SSHCONF_UNSUPPORTED_INT +#undef SSHCONF_UNSUPPORTED_STRING #undef SSHCONF_ALIAS initialize_server_options(options); @@ -3869,7 +3914,13 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) #define SSHCONF_CUSTOM(conf, funcsuffix, flags, cp) \ cp(copy_##funcsuffix(dst, src);) #define SSHCONF_NONCONF(funcsuffix) /* empty */ -#define SSHCONF_NOSUPPORT(var, conf, opcode, flags) /* empty */ +#define SSHCONF_DEPRECATE(conf, flags, opcode) /* empty */ +#define SSHCONF_UNSUPPORTED_INT(var, conf, flags) dst->var = 0; +#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) \ + do { \ + free(dst->var); \ + dst->var = NULL; \ + } while (0); #define SSHCONF_ALIAS(old, conf, flags) /* empty */ SSHD_CONFIG_ENTRIES @@ -3880,7 +3931,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) #undef SSHCONF_STRARRAY #undef SSHCONF_CUSTOM #undef SSHCONF_NONCONF -#undef SSHCONF_NOSUPPORT +#undef SSHCONF_DEPRECATE +#undef SSHCONF_UNSUPPORTED_INT +#undef SSHCONF_UNSUPPORTED_STRING #undef SSHCONF_ALIAS /* diff --git a/servconf.h b/servconf.h index a78450343..9e64e4673 100644 --- a/servconf.h +++ b/servconf.h @@ -117,8 +117,10 @@ struct per_source_penalty { * their corresponding variable definitions in ServerOptions. The integer * options also include defaults for initialisation. * - * Unsupported, deprecated and ignored options use SSHCONF_NOSUPPORT and - * don't populate ServerOptions. Deprecated aliases that still work use + * Deprecated and ignored options use SSHCONF_DEPRECATE and don't populate + * ServerOptions. Unsupported options use SSHCONF_UNSUPPORTED_INT or + * SSHCONF_UNSUPPORTED_STRING to populate placeholders in ServerOptions that + * are not otherwise used. Deprecated aliases that still work use * SSHCONF_ALIAS. * * Why go to all this trouble? It ensures a level of consistency between @@ -133,7 +135,9 @@ struct per_source_penalty { * SSHCONF_STRARRAY(field, nfield, keyword, scope, copy) * SSHCONF_CUSTOM(keyword, suffix, scope, copy) * SSHCONF_NONCONF(suffix) - * SSHCONF_NOSUPPORT(field, keyword, token, scope) + * SSHCONF_DEPRECATE(keyword, scope, token) + * SSHCONF_UNSUPPORTED_INT(field, keyword, scope) + * SSHCONF_UNSUPPORTED_STRING(field, keyword, scope) * SSHCONF_ALIAS(old_keyword, keyword, scope) */ #define SSHD_CONFIG_ENTRIES_CUSTOM \ @@ -234,18 +238,20 @@ SSHCONF_STRING(sshd_auth_path, SshdAuthPath, SSHCFG_GLOBAL, SSHCFG_COPY_NONE) \ SSHCONF_INTFLAG(refuse_connection, RefuseConnection, SSHCFG_ALL, 0, SSHCFG_COPY_MATCH) #define SSHD_CONFIG_ENTRIES_LEGACY \ -SSHCONF_NOSUPPORT(server_key_bits, ServerKeyBits, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(key_regeneration_interval, KeyRegenerationInterval, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(rhosts_authentication, RHostsAuthentication, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(rhosts_rsa_authentication, RhostsRSAAuthentication, SSHCONF_DEPRECATED, SSHCFG_ALL) \ -SSHCONF_NOSUPPORT(rsa_authentication, RSAAuthentication, SSHCONF_DEPRECATED, SSHCFG_ALL) \ -SSHCONF_NOSUPPORT(check_mail, CheckMail, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(use_login, UseLogin, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(verify_reverse_mapping, VerifyReverseMapping, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(reverse_mapping_check, ReverseMappingCheck, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(authorized_keys_file2, AuthorizedKeysFile2, SSHCONF_DEPRECATED, SSHCFG_ALL) \ -SSHCONF_NOSUPPORT(use_privilege_separation, UsePrivilegeSeparation, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(protocol, Protocol, SSHCONF_IGNORE, SSHCFG_GLOBAL) +SSHCONF_DEPRECATE(ServerKeyBits, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \ +SSHCONF_DEPRECATE(KeyRegenerationInterval, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \ +SSHCONF_DEPRECATE(RHostsAuthentication, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \ +SSHCONF_DEPRECATE(RhostsRSAAuthentication, SSHCFG_ALL, SSHCONF_DEPRECATED) \ +SSHCONF_DEPRECATE(RSAAuthentication, SSHCFG_ALL, SSHCONF_DEPRECATED) \ +SSHCONF_DEPRECATE(CheckMail, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \ +SSHCONF_DEPRECATE(UseLogin, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \ +SSHCONF_DEPRECATE(VerifyReverseMapping, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \ +SSHCONF_DEPRECATE(ReverseMappingCheck, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \ +SSHCONF_DEPRECATE(AuthorizedKeysFile2, SSHCFG_ALL, SSHCONF_DEPRECATED) \ +SSHCONF_DEPRECATE(UsePrivilegeSeparation, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \ +SSHCONF_DEPRECATE(KerberosTgtPassing, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \ +SSHCONF_DEPRECATE(AFSTokenPassing, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \ +SSHCONF_DEPRECATE(Protocol, SSHCFG_GLOBAL, SSHCONF_IGNORE) #define SSHD_CONFIG_ENTRIES_ALIASES \ SSHCONF_ALIAS(HostDSAKey, HostKey, SSHCFG_GLOBAL) \ @@ -261,11 +267,22 @@ SSHCONF_ALIAS(KeepAlive, TCPKeepAlive, SSHCFG_GLOBAL) SSHD_CONFIG_ENTRIES_MAIN \ SSHD_CONFIG_ENTRIES_LEGACY \ SSHD_CONFIG_ENTRIES_ALIASES \ + SSHD_CONFIG_ENTRIES_PAM \ SSHD_CONFIG_ENTRIES_LASTLOG +#ifdef USE_PAM +#define SSHD_CONFIG_ENTRIES_PAM \ +SSHCONF_INTFLAG(use_pam, UsePAM, SSHCFG_GLOBAL, 0, SSHCFG_COPY_NONE) \ +SSHCONF_STRING(pam_service_name, PAMServiceName, SSHCFG_GLOBAL, SSHCFG_COPY_NONE) +#else +#define SSHD_CONFIG_ENTRIES_PAM \ +SSHCONF_UNSUPPORTED_INT(use_pam, UsePAM, SSHCFG_GLOBAL) \ +SSHCONF_UNSUPPORTED_STRING(pam_service_name, PAMServiceName, SSHCFG_GLOBAL) +#endif + #ifdef DISABLE_LASTLOG #define SSHD_CONFIG_ENTRIES_LASTLOG \ -SSHCONF_NOSUPPORT(print_lastlog, PrintLastLog, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) +SSHCONF_UNSUPPORTED_INT(print_lastlog, PrintLastLog, SSHCFG_GLOBAL) #else #define SSHD_CONFIG_ENTRIES_LASTLOG \ SSHCONF_INTFLAG(print_lastlog, PrintLastLog, SSHCFG_GLOBAL, 1, SSHCFG_COPY_NONE) @@ -279,7 +296,7 @@ SSHCONF_INTFLAG(print_lastlog, PrintLastLog, SSHCFG_GLOBAL, 1, SSHCFG_COPY_NONE) SSHCONF_INTFLAG(kerberos_get_afs_token, KerberosGetAFSToken, SSHCFG_GLOBAL, 0, SSHCFG_COPY_NONE) #else /* USE_AFS */ #define SSHD_CONFIG_KRB5_AFS \ -SSHCONF_NOSUPPORT(kerberos_get_afs_token, KerberosGetAFSToken, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) +SSHCONF_UNSUPPORTED_INT(kerberos_get_afs_token, KerberosGetAFSToken, SSHCFG_GLOBAL) #endif /* USE_AFS */ #define SSHD_CONFIG_ENTRIES_KRB5 \ @@ -289,12 +306,10 @@ SSHCONF_INTFLAG(kerberos_ticket_cleanup, KerberosTicketCleanup, SSHCFG_GLOBAL, 1 SSHD_CONFIG_KRB5_AFS #else /* KRB5 */ #define SSHD_CONFIG_ENTRIES_KRB5 \ -SSHCONF_NOSUPPORT(kerberos_authentication, KerberosAuthentication, SSHCONF_UNSUPPORTED, SSHCFG_ALL) \ -SSHCONF_NOSUPPORT(kerberos_or_local_passwd, KerberosOrLocalPasswd, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(kerberos_ticket_cleanup, KerberosTicketCleanup, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(kerberos_get_afs_token, KerberosGetAFSToken, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(kerberos_tgt_passing, KerberosTgtPassing, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(afs_token_passing, AFSTokenPassing, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) +SSHCONF_UNSUPPORTED_INT(kerberos_authentication, KerberosAuthentication, SSHCFG_ALL) \ +SSHCONF_UNSUPPORTED_INT(kerberos_or_local_passwd, KerberosOrLocalPasswd, SSHCFG_GLOBAL) \ +SSHCONF_UNSUPPORTED_INT(kerberos_ticket_cleanup, KerberosTicketCleanup, SSHCFG_GLOBAL) \ +SSHCONF_UNSUPPORTED_INT(kerberos_get_afs_token, KerberosGetAFSToken, SSHCFG_GLOBAL) #endif /* KRB5 */ #ifdef GSSAPI @@ -305,10 +320,10 @@ SSHCONF_INTFLAG(gss_deleg_creds, GssDelegateCreds, SSHCFG_GLOBAL, 1, SSHCFG_COPY SSHCONF_INTFLAG(gss_strict_acceptor, GssStrictAcceptor, SSHCFG_GLOBAL, 1, SSHCFG_COPY_NONE) #else /* GSSAPI */ #define SSHD_CONFIG_ENTRIES_GSS \ -SSHCONF_NOSUPPORT(gss_authentication, GssAuthentication, SSHCONF_UNSUPPORTED, SSHCFG_ALL) \ -SSHCONF_NOSUPPORT(gss_cleanup_creds, GssCleanupCreds, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(gss_deleg_creds, GssDelegateCreds, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) \ -SSHCONF_NOSUPPORT(gss_strict_acceptor, GssStrictAcceptor, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) +SSHCONF_UNSUPPORTED_INT(gss_authentication, GssAuthentication, SSHCFG_ALL) \ +SSHCONF_UNSUPPORTED_INT(gss_cleanup_creds, GssCleanupCreds, SSHCFG_GLOBAL) \ +SSHCONF_UNSUPPORTED_INT(gss_deleg_creds, GssDelegateCreds, SSHCFG_GLOBAL) \ +SSHCONF_UNSUPPORTED_INT(gss_strict_acceptor, GssStrictAcceptor, SSHCFG_GLOBAL) #endif /* GSSAPI */ #define SSHD_CONFIG_ENTRIES \ @@ -325,7 +340,9 @@ SSHCONF_NOSUPPORT(gss_strict_acceptor, GssStrictAcceptor, SSHCONF_UNSUPPORTED, S u_int nvar; #define SSHCONF_CUSTOM(conf, funcsuffix, flags, cp) /* empty */ #define SSHCONF_NONCONF(funcsuffix) /* empty */ -#define SSHCONF_NOSUPPORT(var, conf, opcode, flags) /* empty */ +#define SSHCONF_DEPRECATE(conf, flags, opcode) /* empty */ +#define SSHCONF_UNSUPPORTED_INT(var, conf, flags) int var; +#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) char *var; #define SSHCONF_ALIAS(old, conf, flags) /* empty */ typedef struct ServerOptions { @@ -374,17 +391,6 @@ typedef struct ServerOptions { int rekey_interval; /* Passed by config but not keyword for this */ uint64_t timing_secret; - /* Placeholders for compile-time disabled things */ - /* XXX djm redo macros to remove these */ -#ifndef WITH_PAM - int use_pam; -#endif -#ifdef DISABLE_LASTLOG - int print_lastlog; -#endif -#ifndef KRB5 - int kerberos_authentication; -#endif } ServerOptions; #undef SSHCONF_INT #undef SSHCONF_INTFLAG @@ -392,7 +398,9 @@ typedef struct ServerOptions { #undef SSHCONF_STRARRAY #undef SSHCONF_CUSTOM #undef SSHCONF_NONCONF -#undef SSHCONF_NOSUPPORT +#undef SSHCONF_DEPRECATE +#undef SSHCONF_UNSUPPORTED_INT +#undef SSHCONF_UNSUPPORTED_STRING #undef SSHCONF_ALIAS /* Information about the incoming connection as used by Match */