Attachment #3664 for bug #3460

View | Details | Raw Unified | Return to bug 3460
Collapse All | Expand All

Lines 43-49 Link Here

(-)a/sshd.8 (-1 / +15 lines)
43	.Sh SYNOPSIS	43	.Sh SYNOPSIS
44	.Nm sshd	44	.Nm sshd
45	.Bk -words	45	.Bk -words
46	.Op Fl 46DdeiqTtV	46	.Op Fl 46DGdeiqTtV
47	.Op Fl C Ar connection_spec	47	.Op Fl C Ar connection_spec
48	.Op Fl c Ar host_certificate_file	48	.Op Fl c Ar host_certificate_file
49	.Op Fl E Ar log_file	49	.Op Fl E Ar log_file
Lines 154-159 The default is Link Here
154	.Pa /etc/ssh/sshd_config .	154	.Pa /etc/ssh/sshd_config .
155	.Nm	155	.Nm
156	refuses to start if there is no configuration file.	156	refuses to start if there is no configuration file.
		157	.It Fl G
		158	Parse and print configuration file.
		159	Check the validity of the configuration file, output the effective configuration
		160	to stdout and then exit.
		161	Optionally,
		162	.Cm Match
		163	rules may be applied by specifying the connection parameters using one or more
		164	.Fl C
		165	options.
157	.It Fl g Ar login_grace_time	166	.It Fl g Ar login_grace_time
158	Gives the grace time for clients to authenticate themselves (default	167	Gives the grace time for clients to authenticate themselves (default
159	120 seconds).	168	120 seconds).
Lines 208-213 Optionally, Link Here
208	rules may be applied by specifying the connection parameters using one or more	217	rules may be applied by specifying the connection parameters using one or more
209	.Fl C	218	.Fl C
210	options.	219	options.
		220	This is similar to the
		221	.Fl G
		222	flag, but it includes the additional testing performed by the
		223	.Fl t
		224	flag.
211	.It Fl t	225	.It Fl t
212	Test mode.	226	Test mode.
213	Only check the validity of the configuration file and sanity of the keys.	227	Only check the validity of the configuration file and sanity of the keys.




	return ret;
}

static void
print_config(struct ssh *ssh, struct connection_info *connection_info)
{
	/*
	 * If no connection info was provided by -C then use
	 * use a blank one that will cause no predicate to match.
	 */
	if (connection_info == NULL)
		connection_info = get_connection_info(ssh, 0, 0);
	connection_info->test = 1;
	parse_server_match_config(&options, &includes, connection_info);
	dump_config(&options);
	exit(0);
}

/*
 * Main program for the daemon.
 */

	struct ssh *ssh = NULL;
	extern char *optarg;
	extern int optind;
	int r, opt, on = 1, do_dump_cfg = 0, already_daemon, remote_port;
	int sock_in = -1, sock_out = -1, newsock = -1;
	const char *remote_ip, *rdomain;
	char *fp, *line, *laddr, *logfile = NULL;


	/* Parse command-line arguments. */
	while ((opt = getopt(ac, av,
	    "C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) {
		switch (opt) {
		case '4':
			options.address_family = AF_INET;

		case 'D':
			no_daemon_flag = 1;
			break;
		case 'G':
			do_dump_cfg = 1;
			break;
		case 'E':
			logfile = optarg;
			/* FALLTHROUGH */

	}
	if (rexeced_flag || inetd_flag)
		rexec_flag = 0;
	if (!test_flag && !do_dump_cfg && rexec_flag && !path_absolute(av[0]))
		fatal("sshd re-exec requires execution with an absolute path");
	if (rexeced_flag)
		closefrom(REEXEC_MIN_FREE_FD);


	debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION);

	if (do_dump_cfg)
		print_config(ssh, connection_info);

	/* load host keys */
	sensitive_data.host_keys = xcalloc(options.num_host_key_files,
	    sizeof(struct sshkey *));

			    "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
	}

	if (test_flag > 1)
		print_config(ssh, connection_info);
		 * If no connection info was provided by -C then use
		 * use a blank one that will cause no predicate to match.
		 */
		if (connection_info == NULL)
			connection_info = get_connection_info(ssh, 0, 0);
		connection_info->test = 1;
		parse_server_match_config(&options, &includes, connection_info);
		dump_config(&options);
	}

	/* Configuration looks good, so exit if in test mode. */
	if (test_flag)

Return to bug 3460

Lines 1444-1449 prepare_proctitle(int ac, char **av) Link Here

(-)a/sshd.c (-14 / +26 lines)
1444	return ret;	1444	return ret;
1445	}	1445	}
1446		1446
		1447	static void
		1448	print_config(struct ssh ssh, struct connection_info connection_info)
		1449	{
		1450	/*
		1451	* If no connection info was provided by -C then use
		1452	* use a blank one that will cause no predicate to match.
		1453	*/
		1454	if (connection_info == NULL)
		1455	connection_info = get_connection_info(ssh, 0, 0);
		1456	connection_info->test = 1;
		1457	parse_server_match_config(&options, &includes, connection_info);
		1458	dump_config(&options);
		1459	exit(0);
		1460	}
		1461
1447	/*	1462	/*
1448	* Main program for the daemon.	1463	* Main program for the daemon.
1449	*/	1464	*/
Lines 1453-1459 main(int ac, char **av) Link Here
1453	struct ssh *ssh = NULL;	1468	struct ssh *ssh = NULL;
1454	extern char *optarg;	1469	extern char *optarg;
1455	extern int optind;	1470	extern int optind;
1456	int r, opt, on = 1, already_daemon, remote_port;	1471	int r, opt, on = 1, do_dump_cfg = 0, already_daemon, remote_port;
1457	int sock_in = -1, sock_out = -1, newsock = -1;	1472	int sock_in = -1, sock_out = -1, newsock = -1;
1458	const char remote_ip, rdomain;	1473	const char remote_ip, rdomain;
1459	char fp, line, laddr, logfile = NULL;	1474	char fp, line, laddr, logfile = NULL;
Lines 1483-1489 main(int ac, char **av) Link Here
1483		1498
1484	/* Parse command-line arguments. */	1499	/* Parse command-line arguments. */
1485	while ((opt = getopt(ac, av,	1500	while ((opt = getopt(ac, av,
1486	"C:E:b:c:f:g:h:k:o:p:u:46DQRTdeiqrtV")) != -1) {	1501	"C:E:b:c:f:g:h:k:o:p:u:46DGQRTdeiqrtV")) != -1) {
1487	switch (opt) {	1502	switch (opt) {
1488	case '4':	1503	case '4':
1489	options.address_family = AF_INET;	1504	options.address_family = AF_INET;
Lines 1508-1513 main(int ac, char **av) Link Here
1508	case 'D':	1523	case 'D':
1509	no_daemon_flag = 1;	1524	no_daemon_flag = 1;
1510	break;	1525	break;
		1526	case 'G':
		1527	do_dump_cfg = 1;
		1528	break;
1511	case 'E':	1529	case 'E':
1512	logfile = optarg;	1530	logfile = optarg;
1513	/* FALLTHROUGH */	1531	/* FALLTHROUGH */
Lines 1595-1601 main(int ac, char **av) Link Here
1595	}	1613	}
1596	if (rexeced_flag \|\| inetd_flag)	1614	if (rexeced_flag \|\| inetd_flag)
1597	rexec_flag = 0;	1615	rexec_flag = 0;
1598	if (!test_flag && rexec_flag && !path_absolute(av[0]))	1616	if (!test_flag && !do_dump_cfg && rexec_flag && !path_absolute(av[0]))
1599	fatal("sshd re-exec requires execution with an absolute path");	1617	fatal("sshd re-exec requires execution with an absolute path");
1600	if (rexeced_flag)	1618	if (rexeced_flag)
1601	closefrom(REEXEC_MIN_FREE_FD);	1619	closefrom(REEXEC_MIN_FREE_FD);
Lines 1696-1701 main(int ac, char **av) Link Here
1696		1714
1697	debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION);	1715	debug("sshd version %s, %s", SSH_VERSION, SSH_OPENSSL_VERSION);
1698		1716
		1717	if (do_dump_cfg)
		1718	print_config(ssh, connection_info);
		1719
1699	/* load host keys */	1720	/* load host keys */
1700	sensitive_data.host_keys = xcalloc(options.num_host_key_files,	1721	sensitive_data.host_keys = xcalloc(options.num_host_key_files,
1701	sizeof(struct sshkey *));	1722	sizeof(struct sshkey *));
Lines 1862-1878 main(int ac, char **av) Link Here
1862	"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);	1883	"world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
1863	}	1884	}
1864		1885
1865	if (test_flag > 1) {	1886	if (test_flag > 1)
1866	/*	1887	print_config(ssh, connection_info);
1867	* If no connection info was provided by -C then use
1868	* use a blank one that will cause no predicate to match.
1869	*/
1870	if (connection_info == NULL)
1871	connection_info = get_connection_info(ssh, 0, 0);
1872	connection_info->test = 1;
1873	parse_server_match_config(&options, &includes, connection_info);
1874	dump_config(&options);
1875	}
1876		1888
1877	/* Configuration looks good, so exit if in test mode. */	1889	/* Configuration looks good, so exit if in test mode. */
1878	if (test_flag)	1890	if (test_flag)