upstream: allow UserKnownHostsFile=none; feedback and ok markus@

OpenBSD-Commit-ID: c46d515eac94a35a1d50d5fd71c4b1ca53334b48

diff --git a/ssh.c b/ssh.c
index 7cece4efc583125684c8c040ebd012928d008c9d..5d14ba442321c7c35e6accf2f152c69236ecb54d 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.544 2020/12/17 23:26:11 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.545 2020/12/20 23:38:00 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1441,18 +1441,36 @@ main(int ac, char **av)
                options.forward_agent_sock_path = cp;
        }
 
+       if (options.num_system_hostfiles > 0 &&
+           strcasecmp(options.system_hostfiles[0], "none") == 0) {
+               if (options.num_system_hostfiles > 1)
+                       fatal("Invalid GlobalKnownHostsFiles: \"none\" "
+                           "appears with other entries");
+               free(options.system_hostfiles[0]);
+               options.system_hostfiles[0] = NULL;
+               options.num_system_hostfiles = 0;
+       }
+
+       if (options.num_user_hostfiles > 0 &&
+           strcasecmp(options.user_hostfiles[0], "none") == 0) {
+               if (options.num_user_hostfiles > 1)
+                       fatal("Invalid UserKnownHostsFiles: \"none\" "
+                           "appears with other entries");
+               free(options.user_hostfiles[0]);
+               options.user_hostfiles[0] = NULL;
+               options.num_user_hostfiles = 0;
+       }
        for (j = 0; j < options.num_user_hostfiles; j++) {
-               if (options.user_hostfiles[j] != NULL) {
-                       cp = tilde_expand_filename(options.user_hostfiles[j],
-                           getuid());
-                       p = default_client_percent_dollar_expand(cp, cinfo);
-                       if (strcmp(options.user_hostfiles[j], p) != 0)
-                               debug3("expanded UserKnownHostsFile '%s' -> "
-                                   "'%s'", options.user_hostfiles[j], p);
-                       free(options.user_hostfiles[j]);
-                       free(cp);
-                       options.user_hostfiles[j] = p;
-               }
+               if (options.user_hostfiles[j] == NULL)
+                       continue;
+               cp = tilde_expand_filename(options.user_hostfiles[j], getuid());
+               p = default_client_percent_dollar_expand(cp, cinfo);
+               if (strcmp(options.user_hostfiles[j], p) != 0)
+                       debug3("expanded UserKnownHostsFile '%s' -> "
+                           "'%s'", options.user_hostfiles[j], p);
+               free(options.user_hostfiles[j]);
+               free(cp);
+               options.user_hostfiles[j] = p;
        }
 
        for (i = 0; i < options.num_local_forwards; i++) {

diff --git a/sshconnect.c b/sshconnect.c
index 5921141666b7369fd84cf13d3e6023d7ee3f18ff..c17e44ae22e0c82b85556423ff00e21d0ca9416d 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.346 2020/12/20 23:36:51 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.347 2020/12/20 23:38:00 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -949,6 +949,10 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
        host_status = check_key_in_hostkeys(host_hostkeys, host_key,
            &host_found);
 
+       /* If no host files were specified, then don't try to touch them */
+       if (!readonly && num_user_hostfiles == 0)
+               readonly = RDONLY;
+
        /*
         * Also perform check for the ip address, skip the check if we are
         * localhost, looking for a certificate, or the hostname was an ip