upstream/oracle/userland-gate: comparison components/openssh/patches/014-disable

equal deleted inserted replaced

-:d039290bd031
+:72ec8810274b
+#
+# This patch is to add a new DisableBanner option to the ssh client command,
+# which allows the ssh command to disable the display of the banner message.
+# We have contributed back this feature to the OpenSSH upstream community. For
+# more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2242.
+# In the future, if this feature is accepted by the upsteam in a later release,
+# we will remove this patch when we upgrade to that release.
+#
+--- orig/readconf.c	Wed May 21 15:04:21 2014
++++ new/readconf.c	Wed May 28 11:56:04 2014
+@@ -148,7 +148,11 @@
+	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
+	oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
+	oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
++#ifdef DISABLE_BANNER
++	oDisableBanner, oIgnoredUnknownOption, oDeprecated, oUnsupported
++#else
+	oIgnoredUnknownOption, oDeprecated, oUnsupported
++#endif
+} OpCodes;
+/* Textual representations of the tokens. */
+@@ -266,6 +270,9 @@
+	{ "canonicalizehostname", oCanonicalizeHostname },
+	{ "canonicalizemaxdots", oCanonicalizeMaxDots },
+	{ "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
++#ifdef DISABLE_BANNER
++	{ "disablebanner", oDisableBanner },
++#endif
+	{ "ignoreunknown", oIgnoreUnknown },
+	{ NULL, oBadOption }
+@@ -682,6 +689,17 @@
+	{ NULL, -1 }
+};
++#ifdef DISABLE_BANNER
++static const struct multistate multistate_disablebanner[] = {
++	{ "true",			SSH_DISABLEBANNER_YES },
++	{ "false",			SSH_DISABLEBANNER_NO },
++	{ "yes",			SSH_DISABLEBANNER_YES },
++	{ "no",				SSH_DISABLEBANNER_NO },
++	{ "in-exec-mode",		SSH_DISABLEBANNER_INEXECMODE },
++	{ NULL, -1 }
++};
++#endif
++
+/*
+* Processes a single option line as used in the configuration files. This
+* only sets those values that have not already been set.
+@@ -1392,6 +1410,13 @@
+		intptr = &options->canonicalize_fallback_local;
+		goto parse_flag;
++#ifdef DISABLE_BANNER
++	case oDisableBanner:
++	        intptr = &options->disable_banner;
++                multistate_ptr = multistate_disablebanner;
++                goto parse_multistate;
++#endif
++
+	case oDeprecated:
+		debug("%s line %d: Deprecated option \"%s\"",
+		    filename, linenum, keyword);
+@@ -1554,6 +1579,9 @@
+	options->ip_qos_bulk = -1;
+	options->request_tty = -1;
+	options->proxy_use_fdpass = -1;
++#ifdef DISABLE_BANNER
++	options->disable_banner = -1;
++#endif
+	options->ignored_unknown = NULL;
+	options->num_canonical_domains = 0;
+	options->num_permitted_cnames = 0;
+@@ -1721,6 +1749,12 @@
+		options->canonicalize_fallback_local = 1;
+	if (options->canonicalize_hostname == -1)
+		options->canonicalize_hostname = SSH_CANONICALISE_NO;
++
++#ifdef DISABLE_BANNER
++	if (options->disable_banner == -1)
++		options->disable_banner = 0;
++#endif
++
+#define CLEAR_ON_NONE(v) \
+	do { \
+		if (v != NULL && strcasecmp(v, "none") == 0) { \
+--- orig/readconf.h	Wed May 21 15:04:35 2014
++++ new/readconf.h	Wed May 28 11:08:53 2014
+@@ -155,6 +155,9 @@
+	struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
+	char	*ignored_unknown; /* Pattern list of unknown tokens to ignore */
++#ifdef DISABLE_BANNER
++        int     disable_banner; /* Disable display of banner */
++#endif
+}       Options;
+#define SSH_CANONICALISE_NO	0
+@@ -175,6 +178,12 @@
+#define SSHCONF_CHECKPERM	1  /* check permissions on config file */
+#define SSHCONF_USERCONF	2  /* user provided config file not system */
++#ifdef DISABLE_BANNER
++#define SSH_DISABLEBANNER_NO		0
++#define SSH_DISABLEBANNER_YES		1
++#define SSH_DISABLEBANNER_INEXECMODE	2
++#endif
++
+void     initialize_options(Options *);
+void     fill_default_options(Options *);
+int	 process_config_line(Options *, struct passwd *, const char *, char *,
+--- orig/ssh_config.5	Thu May 22 15:05:04 2014
++++ new/ssh_config.5	Fri May 23 09:36:52 2014
+@@ -507,6 +507,14 @@
+then the backgrounded master connection will automatically terminate
+after it has remained idle (with no client connections) for the
+specified time.
++.It Cm DisableBanner
++If set to yes, disables the display of the  banner  message.
++If set to in-exec-mode, disables the display of banner message when in remote
++command mode only.
++.Pp
++The default value is no, which means that the banner is displayed unless the
++log level  is  QUIET, FATAL, or ERROR. See also the Banner option in
++.Xr sshd_config 4 . This option applies to protocol version 2 only.
+.It Cm DynamicForward
+Specifies that a TCP port on the local machine be forwarded
+over the secure channel, and the application
+--- orig/sshconnect2.c	Wed May 21 15:05:27 2014
++++ new/sshconnect2.c	Thu May 29 17:33:56 2014
+@@ -82,6 +82,10 @@
+extern char *server_version_string;
+extern Options options;
++#ifdef DISABLE_BANNER
++extern Buffer command;
++#endif
++
+/*
+* SSH2 key exchange
+*/
+@@ -480,7 +484,20 @@
+	debug3("input_userauth_banner");
+	raw = packet_get_string(&len);
+	lang = packet_get_string(NULL);
++
++#ifdef DISABLE_BANNER
++	/*
++	 * Banner is a warning message according to RFC 4252. So, never print
++	 * a banner in error log level or lower. If the log level is higher,
++	 * use DisableBanner option to decide whether to display it or not.
++	 */
++	if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO &&
++            (options.disable_banner == SSH_DISABLEBANNER_NO ||
++            (options.disable_banner == SSH_DISABLEBANNER_INEXECMODE &&
++            buffer_len(&command) == 0))) {
++#else
+	if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
++#endif
+		if (len > 65536)
+			len = 65536;
+		msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */

changeset 1924	72ec8810274b
child 4503	bf30d46ab06e