[openssh-commits] [openssh] 06/07: upstream: allow UserKnownHostsFile=none; feedback and ok markus@

[git+noreply at mindrot.org]

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 729b05f59ded35483acef90a6f88aa03eae33b29
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun Dec 20 23:38:00 2020 +0000

    upstream: allow UserKnownHostsFile=none; feedback and ok markus@
    
    OpenBSD-Commit-ID: c46d515eac94a35a1d50d5fd71c4b1ca53334b48
---
 ssh.c        | 42 ++++++++++++++++++++++++++++++------------
 sshconnect.c |  6 +++++-
 2 files changed, 35 insertions(+), 13 deletions(-)

diff --git a/ssh.c b/ssh.c
index 7cece4ef..5d14ba44 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.544 2020/12/17 23:26:11 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.545 2020/12/20 23:38:00 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1441,18 +1441,36 @@ main(int ac, char **av)
 		options.forward_agent_sock_path = cp;
 	}
 
+	if (options.num_system_hostfiles > 0 &&
+	    strcasecmp(options.system_hostfiles[0], "none") == 0) {
+		if (options.num_system_hostfiles > 1)
+			fatal("Invalid GlobalKnownHostsFiles: \"none\" "
+			    "appears with other entries");
+		free(options.system_hostfiles[0]);
+		options.system_hostfiles[0] = NULL;
+		options.num_system_hostfiles = 0;
+	}
+
+	if (options.num_user_hostfiles > 0 &&
+	    strcasecmp(options.user_hostfiles[0], "none") == 0) {
+		if (options.num_user_hostfiles > 1)
+			fatal("Invalid UserKnownHostsFiles: \"none\" "
+			    "appears with other entries");
+		free(options.user_hostfiles[0]);
+		options.user_hostfiles[0] = NULL;
+		options.num_user_hostfiles = 0;
+	}
 	for (j = 0; j < options.num_user_hostfiles; j++) {
-		if (options.user_hostfiles[j] != NULL) {
-			cp = tilde_expand_filename(options.user_hostfiles[j],
-			    getuid());
-			p = default_client_percent_dollar_expand(cp, cinfo);
-			if (strcmp(options.user_hostfiles[j], p) != 0)
-				debug3("expanded UserKnownHostsFile '%s' -> "
-				    "'%s'", options.user_hostfiles[j], p);
-			free(options.user_hostfiles[j]);
-			free(cp);
-			options.user_hostfiles[j] = p;
-		}
+		if (options.user_hostfiles[j] == NULL)
+			continue;
+		cp = tilde_expand_filename(options.user_hostfiles[j], getuid());
+		p = default_client_percent_dollar_expand(cp, cinfo);
+		if (strcmp(options.user_hostfiles[j], p) != 0)
+			debug3("expanded UserKnownHostsFile '%s' -> "
+			    "'%s'", options.user_hostfiles[j], p);
+		free(options.user_hostfiles[j]);
+		free(cp);
+		options.user_hostfiles[j] = p;
 	}
 
 	for (i = 0; i < options.num_local_forwards; i++) {
diff --git a/sshconnect.c b/sshconnect.c
index 59211416..c17e44ae 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.346 2020/12/20 23:36:51 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.347 2020/12/20 23:38:00 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -949,6 +949,10 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 	host_status = check_key_in_hostkeys(host_hostkeys, host_key,
 	    &host_found);
 
+	/* If no host files were specified, then don't try to touch them */
+	if (!readonly && num_user_hostfiles == 0)
+		readonly = RDONLY;
+
 	/*
 	 * Also perform check for the ip address, skip the check if we are
 	 * localhost, looking for a certificate, or the hostname was an ip

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.