search for: process_server_config_line

...GLOBAL }, + { "kexalgorithms", sKexAlgorithms, SSHCFG_ALL }, { "ipqos", sIPQoS, SSHCFG_ALL }, { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, @@ -1239,7 +1239,7 @@ process_server_config_line(ServerOptions if (!ciphers_valid(arg)) fatal("%s line %d: Bad SSH2 cipher spec '%s'.", filename, linenum, arg ? arg : "<NONE>"); - if (options->ciphers == NULL) + if (*activep && options->ciphers == NULL) options->ciphers = xst...

Hi All. For various reasons, we're currently looking at extending (or even overhauling) the config parser used for sshd_config. Right now the syntax I'm looking at is a cumulative "Match" keyword that matches when all of the specified criteria are met. This would be similar the the Host directive used in ssh_config, although it's still limiting (eg you can't easily

...d it found several issues. Although the scan was run on patched rhel sources, some results are applicable to vanilla sources too. * servconf.c:1458:dead_error_line ? Execution cannot reach this statement "*intptr = *intptr + 1;" --- a/servconf.c +++ b/servconf.c @@ -1451,12 +1451,8 @@ process_server_config_line(ServerOptions *options, char *line, if (!arg || *arg == '\0') fatal("%s line %d: missing file name.", filename, linenum); - if (*activep && *charptr == NULL) { + if (*activep &a...

...ReportedBy: dtucker at zip.com.au Blocks: 1353 Recent versions of gcc emit a the following warnings: readconf.c: In function 'process_config_line': readconf.c:695: warning: dereferencing type-punned pointer will break strict-aliasing rules servconf.c: In function 'process_server_config_line': servconf.c:979: warning: dereferencing type-punned pointer will break strict-aliasing rules servconf.c:990: warning: dereferencing type-punned pointer will break strict-aliasing rules Dmitry V. Levin has posted a diff to fix these (see URL). -- Configure bugmail: http://bugzilla.mindrot....

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, I just came across a contradiction between the man page of AuthenticationMethods and the accepted methods list. According to the sshd_config manual page: """ AuthenticationMethods Specifies the authentication methods that must be successfully completed for a user to be granted access. This option must be followed by one

On 01/06/15 22:17, Tom G. Christensen wrote: > On sparc-sun-solaris2.6 and sparc-sun-solaris2.7 the testsuite fails: > run test cfgparse.sh ... > reparse minimal config > reparse regress config > listenaddress order > bad addr or host: ::1 (no address associated with name) > listenaddress order 1 > bad addr or host: ::1 (no address associated with name) > listenaddress

...log, when the key pointer is always null (it is ensured that it is freed before) the call. 2. mm_pty_allocate contains Dead code (if the second dup fails, it can't be different than -1) and comparison of the return dup() return value should be >=0 instead of >0 -- 0 is also valid FD. 3. process_server_config_line: sAuthorizedPrincipalsFile option handles intptr, without any possible label (therefore always null), which is dead code (probably copy-paste error from sHostKeyFile) 4. box variable for sandbox context is not freed in the child process after calling ssh_sandbox_child(), which makes it memory leak...

...rds[] = { /* Portable-specific options */ { "PAMAuthenticationViaKbdInt", sPAMAuthenticationViaKbdInt }, + { "PAMServiceNameAppend", sPAMServiceNameAppend }, /* Standard Options */ { "port", sPort }, { "hostkey", sHostKeyFile }, @@ -461,6 +469,15 @@ process_server_config_line(ServerOptions case sPAMAuthenticationViaKbdInt: intptr = &options->pam_authentication_via_kbd_int; goto parse_flag; +#ifdef USE_PAM + case sPAMServiceNameAppend: + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: Missing argument.", file...

...keys_file; /* File containing public keys */ char *authorized_keys_file2; int pam_authentication_via_kbd_int; + char *pam_service_name; } ServerOptions; void initialize_server_options(ServerOptions *); @@ -139,5 +140,8 @@ void fill_default_server_options(ServerOptions *); int process_server_config_line(ServerOptions *, char *, const char *, int); +#if !defined(SSHD_PAM_SERVICE) +# define SSHD_PAM_SERVICE __progname +#endif #endif /* SERVCONF_H */ diff -ru openssh-3.5p1.orig/sshd_config.5 openssh-3.5p1/sshd_config.5 --- openssh-3.5p1.orig/sshd_config.5 Thu Sep 19 02:51:22 2002 +++ openssh...

This patch series consists of minor fixes and cleanups I made during update to openssh V_4_6 branch. openssh/auth-pam.c | 9 ++++----- openssh/auth2.c | 2 -- openssh/readconf.c | 7 ++++--- openssh/servconf.c | 14 ++++++++------ openssh/sftp-server.c | 9 ++++++--- openssh/sshd.c | 2 +- 6 files changed, 23 insertions(+), 20 deletions(-) -- ldv

https://bugzilla.mindrot.org/show_bug.cgi?id=2335 Bug ID: 2335 Summary: Config parser accepts ip/port in ListenAddress and PermitOpen Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd

...ocation, SSHCFG_GLOBAL }, + { "nopty", sNoPty, SSHCFG_ALL }, { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, @@ -1075,6 +1079,10 @@ process_server_config_line(ServerOptions charptr = &options->xauth_location; goto parse_filename; + case sNoPty: + intptr = &options->no_pty; + goto parse_flag; + case sStrictModes: intptr = &options->strict_modes; goto parse_flag; @@ -1657,6 +1665,7 @@ copy_set_server_options(ServerOpt...

...,12 @@ static const struct multistate multistat { "no", 0 }, { NULL, -1 } }; +static const struct multistate multistate_privsep[] = { + { "sandbox", PRIVSEP_SANDBOX }, + { "yes", PRIVSEP_ON }, + { "no", PRIVSEP_OFF }, + { NULL, -1 } +}; int process_server_config_line(ServerOptions *options, char *line, @@ -1066,7 +1072,8 @@ process_server_config_line(ServerOptions case sUsePrivilegeSeparation: intptr = &use_privsep; - goto parse_flag; + multistate_ptr = multistate_privsep; + goto parse_multistate; case sAllowUsers: while ((arg = strdelim(&a...

On Thu, 25 Jun 2015, Michael Felt wrote: > Just running a standard make, and then a make install to a packaging > directory. It seems to be complaining about missing keys - not sure yet if > this is a show stopper For packaging you want the install-nokeys rule not install. -- Tim Rice Multitalents tim at multitalents.net

I was wondering what everyone's thoughts were on a simpler way to exclude addresses from having listeners on them. I know a lot of people have multiple subnets, especially larger corporations. Some networks are non-route-able, and therefor unsuitable for use with SSH, aside from communication between other servers on the same subnet. Given that we may want to exclude those non-route-able

...e = SOCK_STREAM; hints.ai_flags = (addr == NULL) ? AI_PASSIVE : 0; + hints.ai_protocol = proto; snprintf(strport, sizeof strport, "%d", port); if ((gaierr = getaddrinfo(addr, strport, &hints, &aitop)) != 0) fatal("bad addr or host: %s (%s)", @@ -949,6 +972,12 @@ process_server_config_line(ServerOptions *options, char *line, break; +#ifdef USE_SCTP + case sListenViaSCTP: + intptr = &options->listen_via_sctp; + goto parse_flag; +#endif + case sAddressFamily: intptr = &options->address_family; multistate_ptr = multistate_addressfamily; @@ -1974,6 +2003,9...

Hi, Is there any way to store HostKey in hardware (and delegate the related processing)? I have been using Roumen Petrov's x509 patch for clients, which works via an OpenSSL engine, but it does not seem to support server HostKey: http://roumenpetrov.info/pipermail/ssh_x509_roumenpetrov.info/2012q4/000019.html For PKCS#11, I have found an email on this list from a year back suggesting this

Hi All. OpenSSH 4.7 is preparing for release so we are asking for any interested folks to please test a snapshot. The main changes are: * sshd(8) in new installations defaults to SSH Protocol 2 only. Existing installations are unchanged. * The SSH channel window size has been increased, which improves performance on high-BDP networks. * ssh(1) and sshd(8) now preserve MAC

...", sStreamLocalBindRootDirectory, SSHCFG_ALL }, { "allowstreamlocalforwarding", sAllowStreamLocalForwarding, SSHCFG_ALL }, { "fingerprinthash", sFingerprintHash, SSHCFG_GLOBAL }, { "disableforwarding", sDisableForwarding, SSHCFG_ALL }, @@ -1823,6 +1827,17 @@ process_server_config_line(ServerOptions *options, char *line, intptr = &options->fwd_opts.streamlocal_bind_unlink; goto parse_flag; + case sStreamLocalBindRootDirectory: + charptr = &options->fwd_opts.streamlocal_bind_root_directory; + + arg = strdelim(&cp); + if (!arg || *arg == '\0') +...

https://bugzilla.mindrot.org/show_bug.cgi?id=2370 Bug ID: 2370 Summary: make fails with "rmd160.c", line 35.10: 1506-296 (S) #include file <endian.h> not found. when using --without-openssl on AIX Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: AIX