[PATCH] Allow "ProxyCommand none" in ssh_config

Tue Oct 1 22:11:58 EST 2002

Hi!

On Tue, Oct 01, 2002 at 12:47:15PM +0200, Markus Friedl wrote:
> > You have to check for "none" after parsing of the config file
> > has finished.
> 
> this is why a prefer a check in sshconnect.c

I've attached a modified version of the patch. Of course, in that
case, you have to patch more than one occurence of proxy_command,
therefore the new patch introduces a new static function that
returns 1 if proxy_command is usable (i.e. not NULL and not
" none", 0 otherwise). All checks that compare proxy_command
against NULL got replaced with a call to that new function.

> but this won't happen for the 3.5 release, sorry, too late.

That's not really a problem for me :)


Ciao

Thomas
-------------- next part --------------
Index: sshconnect.c
===================================================================
RCS file: /cvs/openssh/sshconnect.c,v
retrieving revision 1.101
diff -u -r1.101 sshconnect.c

--- sshconnect.c	19 Sep 2002 02:05:04 -0000	1.101
+++ sshconnect.c	1 Oct 2002 12:06:16 -0000
@@ -50,6 +50,24 @@
 static int show_other_keys(const char *, Key *);
 
 /*
+ * Check whether the configured proxy command is to be used
+ */
+static int
+ssh_use_proxy_command(const char *proxy_command)
+{
+	/*
+	 * If proxy_command is NULL or points to " none", don't use it.
+	 * Note that we have to compare against " none" (and not "none"),
+	 * because the code that parses ProxyCommand in readconf.c always adds
+	 * a space in front of the actual command.
+	 */
+	if (proxy_command == NULL || strcmp(proxy_command, " none") == 0)
+		return 0;
+	else
+		return 1;
+}
+
+/*
  * Connect to the given ssh server using a proxy command.
  */
 static int
@@ -219,9 +237,9 @@
  * a privileged port will be allocated to make the connection.
  * This requires super-user privileges if needpriv is true.
  * Connection_attempts specifies the maximum number of tries (one per
- * second).  If proxy_command is non-NULL, it specifies the command (with %h
- * and %p substituted for host and port, respectively) to use to contact
- * the daemon.
+ * second).  If proxy_command is non-NULL and not "none", it specifies
+ * the command (with %h and %p substituted for host and port,
+ * respectively) to use to contact the daemon.
  * Return values:
  *    0 for OK
  *    ECONNREFUSED if we got a "Connection Refused" by the peer on any address
@@ -258,7 +276,7 @@
 			port = SSH_DEFAULT_PORT;
 	}
 	/* If a proxy command is given, connect using it. */
-	if (proxy_command != NULL)
+	if (ssh_use_proxy_command(proxy_command) == 1)
 		return ssh_proxy_connect(host, port, proxy_command);
 
 	/* No proxy command. */
@@ -535,7 +553,7 @@
 	 * We don't have the remote ip-address for connections
 	 * using a proxy command
 	 */
-	if (options.proxy_command == NULL) {
+	if (ssh_use_proxy_command(options.proxy_command) == 0) {
 		if (getnameinfo(hostaddr, salen, ntop, sizeof(ntop),
 		    NULL, 0, NI_NUMERICHOST) != 0)
 			fatal("check_host_key: getnameinfo failed");
@@ -548,7 +566,8 @@
 	 * command or if we don't have a hostname to compare with
 	 */
 	if (options.check_host_ip &&
-	    (local || strcmp(host, ip) == 0 || options.proxy_command != NULL))
+	    (local || strcmp(host, ip) == 0 ||
+	     ssh_use_proxy_command(options.proxy_command) == 1))
 		options.check_host_ip = 0;
 
 	/*
