D29953.id88117.diff
No OneTemporary
Actions

Size

7 KB

Referenced Files

None

Subscribers

None

D29953.id88117.diff
View Options

	Index: readconf.h
	===================================================================
	--- readconf.h
	+++ readconf.h
	@@ -168,6 +168,8 @@
	char *hostbased_accepted_algos;
	char *pubkey_accepted_algos;

	+ char version_addendum; / Appended to SSH banner */
	+
	char *jump_user;
	char *jump_host;
	int jump_port;
	Index: readconf.c
	===================================================================
	--- readconf.c
	+++ readconf.c
	@@ -67,6 +67,7 @@
	#include "uidswap.h"
	#include "myproposal.h"
	#include "digest.h"
	+#include "version.h"

	/* Format of the configuration file:

	@@ -141,6 +142,7 @@

	typedef enum {
	oBadOption,
	+ oVersionAddendum,
	oHost, oMatch, oInclude,
	oForwardAgent, oForwardX11, oForwardX11Trusted, oForwardX11Timeout,
	oGatewayPorts, oExitOnForwardFailure,
	@@ -316,6 +318,7 @@
	{ "proxyjump", oProxyJump },
	{ "securitykeyprovider", oSecurityKeyProvider },
	{ "knownhostscommand", oKnownHostsCommand },
	+ { "versionaddendum", oVersionAddendum },

	{ NULL, oBadOption }
	};
	@@ -1861,6 +1864,22 @@
	multistate_ptr = multistate_requesttty;
	goto parse_multistate;

	+ case oVersionAddendum:
	+ if (s == NULL)
	+ fatal("%.200s line %d: Missing argument.", filename,
	+ linenum);
	+ len = strspn(s, WHITESPACE);
	+ if (*activep && options->version_addendum == NULL) {
	+ if (strcasecmp(s + len, "none") == 0)
	+ options->version_addendum = xstrdup("");
	+ else if (strchr(s + len, '\r') != NULL)
	+ fatal("%.200s line %d: Invalid argument",
	+ filename, linenum);
	+ else
	+ options->version_addendum = xstrdup(s + len);
	+ }
	+ return 0;
	+
	case oIgnoreUnknown:
	charptr = &options->ignored_unknown;
	goto parse_string;
	@@ -2166,6 +2185,7 @@
	initialize_options(Options * options)
	{
	memset(options, 'X', sizeof(*options));
	+ options->version_addendum = NULL;
	options->forward_agent = -1;
	options->forward_agent_sock_path = NULL;
	options->forward_x11 = -1;
	@@ -2522,6 +2542,8 @@
	/* options->hostname will be set in the main program if appropriate */
	/* options->host_key_alias should not be set by default */
	/* options->preferred_authentications will be set in ssh */
	+ if (options->version_addendum == NULL)
	+ options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);

	/* success */
	ret = 0;
	Index: servconf.c
	===================================================================
	--- servconf.c
	+++ servconf.c
	@@ -70,6 +70,7 @@
	#include "auth.h"
	#include "myproposal.h"
	#include "digest.h"
	+#include "version.h"

	static void add_listen_addr(ServerOptions , const char ,
	const char *, int);
	@@ -431,7 +432,7 @@
	if (options->ip_qos_bulk == -1)
	options->ip_qos_bulk = IPTOS_DSCP_CS1;
	if (options->version_addendum == NULL)
	- options->version_addendum = xstrdup("");
	+ options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
	if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
	options->fwd_opts.streamlocal_bind_mask = 0177;
	if (options->fwd_opts.streamlocal_bind_unlink == -1)
	Index: ssh.1
	===================================================================
	--- ssh.1
	+++ ssh.1
	@@ -558,6 +558,7 @@
	.It User
	.It UserKnownHostsFile
	.It VerifyHostKeyDNS
	+.It VersionAddendum
	.It VisualHostKey
	.It XAuthLocation
	.El
	Index: ssh.c
	===================================================================
	--- ssh.c
	+++ ssh.c
	@@ -888,8 +888,14 @@
	}
	break;
	case 'V':
	- fprintf(stderr, "%s, %s\n",
	- SSH_RELEASE, SSH_OPENSSL_VERSION);
	+ if (options.version_addendum != NULL &&
	+ *options.version_addendum != '\0')
	+ fprintf(stderr, "%s %s, %s\n", SSH_RELEASE,
	+ options.version_addendum,
	+ OPENSSL_VERSION_STRING);
	+ else
	+ fprintf(stderr, "%s, %s\n", SSH_RELEASE,
	+ OPENSSL_VERSION_STRING);
	if (opt == 'V')
	exit(0);
	break;
	@@ -1150,7 +1156,8 @@
	!use_syslog);

	if (debug_flag)
	- logit("%s, %s", SSH_RELEASE, SSH_OPENSSL_VERSION);
	+ /* version_addendum is always NULL at this point */
	+ logit("%s, %s", SSH_RELEASE, OPENSSL_VERSION_STRING);

	/* Parse the configuration files */
	process_config_files(host_arg, pw, 0, &want_final_pass);
	Index: ssh_config
	===================================================================
	--- ssh_config
	+++ ssh_config
	@@ -44,3 +44,4 @@
	# ProxyCommand ssh -q -W %h:%p gateway.example.com
	# RekeyLimit 1G 1h
	# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
	+# VersionAddendum FreeBSD-2021XXXX
	Index: ssh_config.5
	===================================================================
	--- ssh_config.5
	+++ ssh_config.5
	@@ -1875,6 +1875,14 @@
	.Sx VERIFYING HOST KEYS
	in
	.Xr ssh 1 .
	+.It Cm VersionAddendum
	+Specifies a string to append to the regular version string to identify
	+OS- or site-specific modifications.
	+The default is
	+.Dq FreeBSD-2021XXXX .
	+The value
	+.Cm none
	+may be used to disable this.
	.It Cm VisualHostKey
	If this flag is set to
	.Cm yes ,
	Index: sshconnect.c
	===================================================================
	--- sshconnect.c
	+++ sshconnect.c
	@@ -1560,7 +1560,8 @@
	lowercase(host);

	/* Exchange protocol version identification strings with the server. */
	- if ((r = kex_exchange_identification(ssh, timeout_ms, NULL)) != 0)
	+ if ((r = kex_exchange_identification(ssh, timeout_ms,
	+ options.version_addendum)) != 0)
	sshpkt_fatal(ssh, r, "banner exchange");

	/* Put the connection into non-blocking mode. */
	Index: sshd.c
	===================================================================
	--- sshd.c
	+++ sshd.c
	@@ -900,7 +900,14 @@
	static void
	usage(void)
	{
	- fprintf(stderr, "%s, %s\n", SSH_RELEASE, SSH_OPENSSL_VERSION);
	+ if (options.version_addendum != NULL &&
	+ *options.version_addendum != '\0')
	+ fprintf(stderr, "%s %s, %s\n",
	+ SSH_RELEASE,
	+ options.version_addendum, OPENSSL_VERSION_STRING);
	+ else
	+ fprintf(stderr, "%s, %s\n",
	+ SSH_RELEASE, OPENSSL_VERSION_STRING);
	fprintf(stderr,
	"usage: sshd [-46DdeiqTt] [-C connection_spec] [-c host_cert_file]\n"
	" [-E log_file] [-f config_file] [-g login_grace_time]\n"
	Index: sshd_config
	===================================================================
	--- sshd_config
	+++ sshd_config
	@@ -100,7 +100,7 @@
	#MaxStartups 10:30:100
	#PermitTunnel no
	#ChrootDirectory none
	-#VersionAddendum none
	+#VersionAddendum FreeBSD-20200214

	# no default banner path
	#Banner none
	Index: sshd_config.5
	===================================================================
	--- sshd_config.5
	+++ sshd_config.5
	@@ -1772,7 +1772,10 @@
	Optionally specifies additional text to append to the SSH protocol banner
	sent by the server upon connection.
	The default is
	-.Cm none .
	+.Qq FreeBSD-2021XXXX .
	+The value
	+.Cm none
	+may be used to disable this.
	.It Cm X11DisplayOffset
	Specifies the first display number available for
	.Xr sshd 8 Ns 's
	Index: version.h
	===================================================================
	--- version.h
	+++ version.h
	@@ -4,3 +4,11 @@

	#define SSH_PORTABLE "p1"
	#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
	+
	+#define SSH_VERSION_FREEBSD "FreeBSD-2021XXXX"
	+
	+#ifdef WITH_OPENSSL
	+#define OPENSSL_VERSION_STRING OpenSSL_version(OPENSSL_VERSION)
	+#else
	+#define OPENSSL_VERSION_STRING "without OpenSSL"
	+#endif

File Metadata

Mime Type: text/plain
Expires: Sat, Nov 9, 2:04 AM (8 h, 22 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 14547936
Default Alt Text: D29953.id88117.diff (7 KB)

D29953.id88117.diffNo OneTemporaryActions

D29953.id88117.diffView Options

File Metadata

Event Timeline

D29953.id88117.diff
No OneTemporary
Actions

D29953.id88117.diff
View Options