upstream: silence (to log level debug2) failure messages when

loading the default hostkeys. Hostkeys explicitly specified in the
configuration or on the command-line are still reported as errors, and
failure to load at least one host key remains a fatal error.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Based on patch from Dag-Erling Smørgrav via
https://github.com/openssh/openssh-portable/pull/103

ok markus@

OpenBSD-Commit-ID: ffc2e35a75d1008effaf05a5e27425041c27b684

diff --git a/servconf.c b/servconf.c
index a8727c0fa678ac75557b25793a7a973c220a9d63..52d9be4295be6dbaf27123380b16a4965f643a98 100644 (file)
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.343 2018/11/16 03:26:01 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.344 2018/11/19 04:12:32 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -221,26 +221,40 @@ assemble_algorithms(ServerOptions *o)
 }
 
 static void
-array_append(const char *file, const int line, const char *directive,
-    char ***array, u_int *lp, const char *s)
+array_append2(const char *file, const int line, const char *directive,
+    char ***array, int **iarray, u_int *lp, const char *s, int i)
 {
 
        if (*lp >= INT_MAX)
                fatal("%s line %d: Too many %s entries", file, line, directive);
 
+       if (iarray != NULL) {
+               *iarray = xrecallocarray(*iarray, *lp, *lp + 1,
+                   sizeof(**iarray));
+               (*iarray)[*lp] = i;
+       }
+
        *array = xrecallocarray(*array, *lp, *lp + 1, sizeof(**array));
        (*array)[*lp] = xstrdup(s);
        (*lp)++;
 }
 
+static void
+array_append(const char *file, const int line, const char *directive,
+    char ***array, u_int *lp, const char *s)
+{
+       array_append2(file, line, directive, array, NULL, lp, s, 0);
+}
+
 void
 servconf_add_hostkey(const char *file, const int line,
-    ServerOptions *options, const char *path)
+    ServerOptions *options, const char *path, int userprovided)
 {
        char *apath = derelativise_path(path);
 
-       array_append(file, line, "HostKey",
-           &options->host_key_files, &options->num_host_key_files, apath);
+       array_append2(file, line, "HostKey",
+           &options->host_key_files, &options->host_key_file_userprovided,
+           &options->num_host_key_files, apath, userprovided);
        free(apath);
 }
 
@@ -268,16 +282,16 @@ fill_default_server_options(ServerOptions *options)
        if (options->num_host_key_files == 0) {
                /* fill default hostkeys for protocols */
                servconf_add_hostkey("[default]", 0, options,
-                   _PATH_HOST_RSA_KEY_FILE);
+                   _PATH_HOST_RSA_KEY_FILE, 0);
 #ifdef OPENSSL_HAS_ECC
                servconf_add_hostkey("[default]", 0, options,
-                   _PATH_HOST_ECDSA_KEY_FILE);
+                   _PATH_HOST_ECDSA_KEY_FILE, 0);
 #endif
                servconf_add_hostkey("[default]", 0, options,
-                   _PATH_HOST_ED25519_KEY_FILE);
+                   _PATH_HOST_ED25519_KEY_FILE, 0);
 #ifdef WITH_XMSS
                servconf_add_hostkey("[default]", 0, options,
-                   _PATH_HOST_XMSS_KEY_FILE);
+                   _PATH_HOST_XMSS_KEY_FILE, 0);
 #endif /* WITH_XMSS */
        }
        /* No certificates by default */
@@ -1355,8 +1369,10 @@ process_server_config_line(ServerOptions *options, char *line,
                if (!arg || *arg == '\0')
                        fatal("%s line %d: missing file name.",
                            filename, linenum);
-               if (*activep)
-                       servconf_add_hostkey(filename, linenum, options, arg);
+               if (*activep) {
+                       servconf_add_hostkey(filename, linenum,
+                           options, arg, 1);
+               }
                break;
 
        case sHostKeyAgent:

diff --git a/servconf.h b/servconf.h
index 0175e00e8be00d12eeceeb1df1df1ec740e8616f..548ad5a0c10710e6561903645ffadf9ce842ea37 100644 (file)
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.137 2018/09/20 03:28:06 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.138 2018/11/19 04:12:32 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -75,6 +75,7 @@ typedef struct {
        char    *routing_domain;        /* Bind session to routing domain */
 
        char   **host_key_files;        /* Files containing host keys. */
+       int     *host_key_file_userprovided; /* Key was specified by user. */
        u_int   num_host_key_files;     /* Number of files for host keys. */
        char   **host_cert_files;       /* Files containing host certs. */
        u_int   num_host_cert_files;    /* Number of files for host certs. */
@@ -273,7 +274,7 @@ void         copy_set_server_options(ServerOptions *, ServerOptions *, int);
 void    dump_config(ServerOptions *);
 char   *derelativise_path(const char *);
 void    servconf_add_hostkey(const char *, const int,
-           ServerOptions *, const char *path);
+           ServerOptions *, const char *path, int);
 void    servconf_add_hostcert(const char *, const int,
            ServerOptions *, const char *path);
 

diff --git a/sshd.c b/sshd.c
index 3627369771f55ef63dfc176cb00510e7fb22a906..afd9593299394d3eb8bd6d1aa7cec86e5bba8c16 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.518 2018/11/16 03:26:01 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.519 2018/11/19 04:12:32 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1588,7 +1588,7 @@ main(int ac, char **av)
                        break;
                case 'h':
                        servconf_add_hostkey("[command-line]", 0,
-                           &options, optarg);
+                           &options, optarg, 1);
                        break;
                case 't':
                        test_flag = 1;
@@ -1760,15 +1760,18 @@ main(int ac, char **av)
        }
 
        for (i = 0; i < options.num_host_key_files; i++) {
+               int ll = options.host_key_file_userprovided[i] ?
+                   SYSLOG_LEVEL_ERROR : SYSLOG_LEVEL_DEBUG1;
+
                if (options.host_key_files[i] == NULL)
                        continue;
                if ((r = sshkey_load_private(options.host_key_files[i], "",
                    &key, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
-                       error("Error loading host key \"%s\": %s",
+                       do_log2(ll, "Unable to load host key \"%s\": %s",
                            options.host_key_files[i], ssh_err(r));
                if ((r = sshkey_load_public(options.host_key_files[i],
                    &pubkey, NULL)) != 0 && r != SSH_ERR_SYSTEM_ERROR)
-                       error("Error loading host key \"%s\": %s",
+                       do_log2(ll, "Unable to load host key \"%s\": %s",
                            options.host_key_files[i], ssh_err(r));
                if (pubkey == NULL && key != NULL)
                        if ((r = sshkey_from_private(key, &pubkey)) != 0)
@@ -1785,7 +1788,7 @@ main(int ac, char **av)
                        keytype = key->type;
                        accumulate_host_timing_secret(cfg, key);
                } else {
-                       error("Could not load host key: %s",
+                       do_log2(ll, "Unable to load host key: %s",
                            options.host_key_files[i]);
                        sensitive_data.host_keys[i] = NULL;
                        sensitive_data.host_pubkeys[i] = NULL;