4 # We have contributed back this feature to the OpenSSH upstream community. For |
4 # We have contributed back this feature to the OpenSSH upstream community. For |
5 # more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2242. |
5 # more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2242. |
6 # In the future, if this feature is accepted by the upsteam in a later release, |
6 # In the future, if this feature is accepted by the upsteam in a later release, |
7 # we will remove this patch when we upgrade to that release. |
7 # we will remove this patch when we upgrade to that release. |
8 # |
8 # |
9 diff -pur old/readconf.c new/readconf.c |
9 --- orig/readconf.c Mon Aug 15 15:45:25 2016 |
10 --- old/readconf.c 2015-03-28 21:57:35.551727235 +0100 |
10 +++ new/readconf.c Mon Aug 15 15:53:23 2016 |
11 +++ new/readconf.c 2015-03-28 22:06:01.694836272 +0100 |
11 @@ -163,6 +163,9 @@ |
12 @@ -150,6 +150,9 @@ typedef enum { |
|
13 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
12 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
14 oSendEnv, oControlPath, oControlMaster, oControlPersist, |
13 oSendEnv, oControlPath, oControlMaster, oControlPersist, |
15 oHashKnownHosts, |
14 oHashKnownHosts, |
16 +#ifdef DISABLE_BANNER |
15 +#ifdef DISABLE_BANNER |
17 + oDisableBanner, |
16 + oDisableBanner, |
18 +#endif |
17 +#endif |
19 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
18 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
20 oVisualHostKey, oUseRoaming, |
19 oVisualHostKey, |
21 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, |
20 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, |
22 @@ -254,6 +257,9 @@ static struct { |
21 @@ -271,6 +274,9 @@ |
23 { "controlmaster", oControlMaster }, |
22 { "controlmaster", oControlMaster }, |
24 { "controlpersist", oControlPersist }, |
23 { "controlpersist", oControlPersist }, |
25 { "hashknownhosts", oHashKnownHosts }, |
24 { "hashknownhosts", oHashKnownHosts }, |
26 +#ifdef DISABLE_BANNER |
25 +#ifdef DISABLE_BANNER |
27 + { "disablebanner", oDisableBanner }, |
26 + { "disablebanner", oDisableBanner }, |
28 +#endif |
27 +#endif |
|
28 { "include", oInclude }, |
29 { "tunnel", oTunnel }, |
29 { "tunnel", oTunnel }, |
30 { "tunneldevice", oTunnelDevice }, |
30 { "tunneldevice", oTunnelDevice }, |
31 { "localcommand", oLocalCommand }, |
31 @@ -794,6 +800,18 @@ |
32 @@ -754,6 +760,17 @@ static const struct multistate multistat |
|
33 { NULL, -1 } |
32 { NULL, -1 } |
34 }; |
33 }; |
35 |
34 |
|
35 + |
36 +#ifdef DISABLE_BANNER |
36 +#ifdef DISABLE_BANNER |
37 +static const struct multistate multistate_disablebanner[] = { |
37 +static const struct multistate multistate_disablebanner[] = { |
38 + { "true", SSH_DISABLEBANNER_YES }, |
38 + { "true", SSH_DISABLEBANNER_YES }, |
39 + { "false", SSH_DISABLEBANNER_NO }, |
39 + { "false", SSH_DISABLEBANNER_NO }, |
40 + { "yes", SSH_DISABLEBANNER_YES }, |
40 + { "yes", SSH_DISABLEBANNER_YES }, |
41 + { "no", SSH_DISABLEBANNER_NO }, |
41 + { "no", SSH_DISABLEBANNER_NO }, |
42 + { "in-exec-mode", SSH_DISABLEBANNER_INEXECMODE }, |
42 + { "in-exec-mode", SSH_DISABLEBANNER_INEXECMODE }, |
43 + { NULL, -1 } |
43 + { NULL, -1 } |
44 +}; |
44 +}; |
45 +#endif |
45 +#endif |
46 + |
46 + |
47 /* |
47 /* |
48 * Processes a single option line as used in the configuration files. This |
48 * Processes a single option line as used in the configuration files. This |
49 * only sets those values that have not already been set. |
49 * only sets those values that have not already been set. |
50 @@ -1514,6 +1531,13 @@ parse_int: |
50 @@ -1657,6 +1675,13 @@ |
51 *charptr = xstrdup(arg); |
51 charptr = &options->identity_agent; |
52 break; |
52 goto parse_string; |
53 |
53 |
54 +#ifdef DISABLE_BANNER |
54 +#ifdef DISABLE_BANNER |
55 + case oDisableBanner: |
55 + case oDisableBanner: |
56 + intptr = &options->disable_banner; |
56 + intptr = &options->disable_banner; |
57 + multistate_ptr = multistate_disablebanner; |
57 + multistate_ptr = multistate_disablebanner; |
58 + goto parse_multistate; |
58 + goto parse_multistate; |
59 +#endif |
59 +#endif |
60 + |
60 + |
61 case oDeprecated: |
61 case oDeprecated: |
62 debug("%s line %d: Deprecated option \"%s\"", |
62 debug("%s line %d: Deprecated option \"%s\"", |
63 filename, linenum, keyword); |
63 filename, linenum, keyword); |
64 @@ -1684,6 +1708,9 @@ initialize_options(Options * options) |
64 @@ -1847,6 +1872,9 @@ |
65 options->ip_qos_bulk = -1; |
65 options->ip_qos_bulk = -1; |
66 options->request_tty = -1; |
66 options->request_tty = -1; |
67 options->proxy_use_fdpass = -1; |
67 options->proxy_use_fdpass = -1; |
68 +#ifdef DISABLE_BANNER |
68 +#ifdef DISABLE_BANNER |
69 + options->disable_banner = -1; |
69 + options->disable_banner = -1; |
70 +#endif |
70 +#endif |
71 options->ignored_unknown = NULL; |
71 options->ignored_unknown = NULL; |
72 options->num_canonical_domains = 0; |
72 options->num_canonical_domains = 0; |
73 options->num_permitted_cnames = 0; |
73 options->num_permitted_cnames = 0; |
74 @@ -1871,6 +1898,10 @@ fill_default_options(Options * options) |
74 @@ -2041,6 +2069,10 @@ |
75 options->canonicalize_fallback_local = 1; |
75 options->canonicalize_fallback_local = 1; |
76 if (options->canonicalize_hostname == -1) |
76 if (options->canonicalize_hostname == -1) |
77 options->canonicalize_hostname = SSH_CANONICALISE_NO; |
77 options->canonicalize_hostname = SSH_CANONICALISE_NO; |
78 +#ifdef DISABLE_BANNER |
78 +#ifdef DISABLE_BANNER |
79 + if (options->disable_banner == -1) |
79 + if (options->disable_banner == -1) |
80 + options->disable_banner = 0; |
80 + options->disable_banner = 0; |
81 +#endif |
81 +#endif |
82 if (options->fingerprint_hash == -1) |
82 if (options->fingerprint_hash == -1) |
83 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; |
83 options->fingerprint_hash = SSH_FP_HASH_DEFAULT; |
84 if (options->update_hostkeys == -1) |
84 if (options->update_hostkeys == -1) |
85 diff -pur old/readconf.h new/readconf.h |
85 --- orig/readconf.h Mon Aug 15 15:45:28 2016 |
86 --- old/readconf.h 2015-03-17 06:49:20.000000000 +0100 |
86 +++ new/readconf.h Mon Aug 15 15:55:00 2016 |
87 +++ new/readconf.h 2015-03-28 21:57:35.684348892 +0100 |
87 @@ -169,6 +169,9 @@ |
88 @@ -153,6 +153,9 @@ typedef struct { |
88 char *jump_extra; |
89 char *hostbased_key_types; |
|
90 |
89 |
91 char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ |
90 char *ignored_unknown; /* Pattern list of unknown tokens to ignore */ |
92 +#ifdef DISABLE_BANNER |
91 +#ifdef DISABLE_BANNER |
93 + int disable_banner; /* Disable display of banner */ |
92 + int disable_banner; /* Disable display of banner */ |
94 +#endif |
93 +#endif |
95 } Options; |
94 } Options; |
96 |
95 |
97 #define SSH_CANONICALISE_NO 0 |
96 #define SSH_CANONICALISE_NO 0 |
98 @@ -178,6 +181,12 @@ typedef struct { |
97 @@ -195,6 +198,12 @@ |
99 #define SSH_UPDATE_HOSTKEYS_YES 1 |
98 #define SSH_UPDATE_HOSTKEYS_YES 1 |
100 #define SSH_UPDATE_HOSTKEYS_ASK 2 |
99 #define SSH_UPDATE_HOSTKEYS_ASK 2 |
101 |
100 |
102 +#ifdef DISABLE_BANNER |
101 +#ifdef DISABLE_BANNER |
103 +#define SSH_DISABLEBANNER_NO 0 |
102 +#define SSH_DISABLEBANNER_NO 0 |
104 +#define SSH_DISABLEBANNER_YES 1 |
103 +#define SSH_DISABLEBANNER_YES 1 |
105 +#define SSH_DISABLEBANNER_INEXECMODE 2 |
104 +#define SSH_DISABLEBANNER_INEXECMODE 2 |
106 +#endif |
105 +#endif |
107 + |
106 + |
108 void initialize_options(Options *); |
107 void initialize_options(Options *); |
109 void fill_default_options(Options *); |
108 void fill_default_options(Options *); |
110 void fill_default_options_for_canonicalization(Options *); |
109 void fill_default_options_for_canonicalization(Options *); |
111 diff -pur old/ssh_config.5 new/ssh_config.5 |
110 --- orig/ssh_config.5 Mon Aug 15 15:45:37 2016 |
112 --- old/ssh_config.5 2015-03-28 21:57:35.544033907 +0100 |
111 +++ new/ssh_config.5 Mon Aug 15 15:57:36 2016 |
113 +++ new/ssh_config.5 2015-03-28 21:57:35.684635985 +0100 |
112 @@ -643,6 +643,14 @@ |
114 @@ -566,6 +566,14 @@ If set to a time in seconds, or a time i |
|
115 then the backgrounded master connection will automatically terminate |
113 then the backgrounded master connection will automatically terminate |
116 after it has remained idle (with no client connections) for the |
114 after it has remained idle (with no client connections) for the |
117 specified time. |
115 specified time. |
118 +.It Cm DisableBanner |
116 +.It Cm DisableBanner |
119 +If set to yes, disables the display of the banner message. |
117 +If set to yes, disables the display of the banner message. |
120 +If set to in-exec-mode, disables the display of banner message when in remote |
118 +If set to in-exec-mode, disables the display of banner message when in remote |
121 +command mode only. |
119 +command mode only. |
122 +.Pp |
120 +.Pp |
123 +The default value is no, which means that the banner is displayed unless the |
121 +The default value is no, which means that the banner is displayed unless the |
124 +log level is QUIET, FATAL, or ERROR. See also the Banner option in |
122 +log level is QUIET, FATAL, or ERROR. See also the Banner option in |
125 +.Xr sshd_config 4 . This option applies to protocol version 2 only. |
123 ++.Xr sshd_config 5 . This option applies to protocol version 2 only. |
126 .It Cm DynamicForward |
124 .It Cm DynamicForward |
127 Specifies that a TCP port on the local machine be forwarded |
125 Specifies that a TCP port on the local machine be forwarded |
128 over the secure channel, and the application |
126 over the secure channel, and the application |
129 diff -pur old/sshconnect2.c new/sshconnect2.c |
127 --- orig/sshconnect2.c Mon Aug 15 15:45:44 2016 |
130 --- old/sshconnect2.c 2015-03-17 06:49:20.000000000 +0100 |
128 +++ new/sshconnect2.c Thu Aug 18 18:28:20 2016 |
131 +++ new/sshconnect2.c 2015-03-28 21:57:35.684940995 +0100 |
129 @@ -82,6 +82,10 @@ |
132 @@ -81,6 +81,10 @@ extern char *client_version_string; |
|
133 extern char *server_version_string; |
130 extern char *server_version_string; |
134 extern Options options; |
131 extern Options options; |
135 |
132 |
136 +#ifdef DISABLE_BANNER |
133 +#ifdef DISABLE_BANNER |
137 +extern Buffer command; |
134 +extern Buffer command; |
138 +#endif |
135 +#endif |
139 + |
136 + |
140 /* |
137 /* |
141 * SSH2 key exchange |
138 * SSH2 key exchange |
142 */ |
139 */ |
143 @@ -480,7 +484,20 @@ input_userauth_banner(int type, u_int32_ |
140 @@ -502,7 +506,20 @@ |
144 debug3("input_userauth_banner"); |
141 debug3("%s", __func__); |
145 raw = packet_get_string(&len); |
142 msg = packet_get_string(&len); |
146 lang = packet_get_string(NULL); |
143 lang = packet_get_string(NULL); |
147 + |
144 + |
148 +#ifdef DISABLE_BANNER |
145 +#ifdef DISABLE_BANNER |
149 + /* |
146 + /* |
150 + * Banner is a warning message according to RFC 4252. So, never print |
147 + * Banner is a warning message according to RFC 4252. So, never print |
151 + * a banner in error log level or lower. If the log level is higher, |
148 + * a banner in error log level or lower. If the log level is higher, |
152 + * use DisableBanner option to decide whether to display it or not. |
149 + * use DisableBanner option to decide whether to display it or not. |
153 + */ |
150 + */ |
154 + if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO && |
151 + if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO && |
155 + (options.disable_banner == SSH_DISABLEBANNER_NO || |
152 + (options.disable_banner == SSH_DISABLEBANNER_NO || |
156 + (options.disable_banner == SSH_DISABLEBANNER_INEXECMODE && |
153 + (options.disable_banner == SSH_DISABLEBANNER_INEXECMODE && |
157 + buffer_len(&command) == 0))) { |
154 + buffer_len(&command) == 0))) |
158 +#else |
155 +#else |
159 if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) { |
156 if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) |
160 +#endif |
157 +#endif |
161 if (len > 65536) |
158 fmprintf(stderr, "%s", msg); |
162 len = 65536; |
159 free(msg); |
163 msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */ |
160 free(lang); |