openssh bugs - Oct 2014 - [Bug 2288] New: documentation of options defaulting to "none"

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

            Bug ID: 2288
           Summary: documentation of options defaulting to "none"
           Product: Portable OpenSSH
           Version: 6.7p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: calestyo at scientia.net

Hey.

I was just going through the documentation, and there are several
options which are documented to default to "none", e.g. in
sshd_config(5):
>AuthorizedPrincipalsFile
...
> The default is ?none?, i.e. not to use a principals file ? in
...

or
>Banner  The contents of the specified file are sent to the remote user
> before authentication is allowed.  If the argument is ?none? then
> no banner is displayed.  This option is only available for proto?
...

Now I looked through through the code, and it doesn't look as if
"none"
would really be handled special for these options, a test with "Banner
none" confirmed this, if there is a file /none, it's contents are
printed.


To the contrary, there are options in servconf.c for which "none" *is*
apparently actually considered special, as e.g. AuthorizedKeysCommand.


I would guess that the same issues may happen again for other options
for both, sshd and ssh.


1) So ideally someone should really go through all the options, and
check whether the defaults still match.

2) The manpages should somehow better denote, what is actually value
and what is just prose text, since ?none? (as it also appears for
?yes?) could mean both, the literal string "none", i.e.:
DirectiveName none
or that the directive's value is empty, i.e.:
DirectiveName ""

3) I personally tend to generally using the later or somehow better
handling cases when a directive may take special enums and aribtrary
strings like filenames.


Cheers,
Chris.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
                 CC|                            |djm at mindrot.org
             Blocks|                            |2266
         Resolution|---                         |FIXED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
fixed; will be in openssh-6.8

commit 8f6784f0cb56dc4fd00af3e81a10050a5785228d
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Mon Dec 22 09:05:17 2014 +0000

    upstream commit

    mention ssh -Q feature to list supported { MAC, cipher,
     KEX, key } algorithms in more places and include the query string
used to
     list the relevant information; bz#2288

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|FIXED                       |---
             Status|RESOLVED                    |REOPENED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
oops, wrong bug

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|2266                        |

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
OpenSSH 6.8 is approaching release and closed for major work. Retarget
these bugs for the next release.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2360

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Retarget to 6.9

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #5 from Jakub Jelen <jjelen at redhat.com> ---
Created attachment 2564
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2564&action=edit
make config parser more consistent

Tested option Banner with current upstream and it works fine now. FYI:
Fixed in
https://anongit.mindrot.org/openssh.git/commit/?id=161cf419f412446635013ac49e8c660cadc36080

AuthorizedPrincipalsFile option is fixed in different way in this
commit (which is fur sure not so elegant as the previous one and it
would be really nice to have it more consistent):
https://anongit.mindrot.org/openssh.git/commit/?id=9fed161e67b23977a1070419b356084295422f0c

If you want to have it in more elegant way, there is attached patch.
Otherwise you can close this issue as resolved.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au
   Attachment #2564|                            |ok?(dtucker at zip.com.au)
              Flags|                            |

--- Comment #6 from Damien Miller <djm at mindrot.org> ---
Comment on attachment 2564
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2564
make config parser more consistent

looks ok to me

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |ASSIGNED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2564|ok?(dtucker at zip.com.au)     |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #7 from Damien Miller <djm at mindrot.org> ---
patch applied, will be in openssh-6.9

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #8 from Damien Miller <djm at mindrot.org> ---
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

Christoph Anton Mitterer <calestyo at scientia.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CLOSED                      |REOPENED
         Resolution|FIXED                       |---

--- Comment #9 from Christoph Anton Mitterer <calestyo at scientia.net>
---
Hey.

I just tried to verify this, and it seems there are still options left
which can have a special value of "none" but for which this isn't
documented (at least as of 6.9):
- HostKey
- HostCertificate
and as already mentioned before:
- AuthorizedKeysCommand

Since this is marked as fixed in 6.9, I'm reopening it.

Cheers,
Chris.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

--- Comment #10 from Christoph Anton Mitterer <calestyo at scientia.net>
---
And one more where there is "none" but nothing mentioned in the docs:
- AuthorizedPrincipalsCommand

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

--- Comment #11 from Christoph Anton Mitterer <calestyo at scientia.net>
---
And another one, but this time in ssh_config:
- RevokedHostKeys

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|REOPENED                    |RESOLVED

--- Comment #12 from Damien Miller <djm at mindrot.org> ---
I don't think we need to chase this further.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

--- Comment #13 from Christoph Anton Mitterer <calestyo at scientia.net>
---
Well, it's your project, so decide as it pleases you... :-)

But I still think its a bad idea to not document specially handled
option values (i.e. "none") where otherwise a free form string could
be
used.

It may be unlikely but people could in principle use and
AuthorizedKeysCommand called "none" which would, AFIAU, *not* be
called
unlike the documentation would suggest (by not mentioning "none" is
special.
Same goes for the other commands I've found earlier (though I haven't
checked the current code, whether this is still the case).

Cheers,
Chris.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2288

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #14 from Damien Miller <djm at mindrot.org> ---
close bugs that were resolved in OpenSSH 8.5 release cycle

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.