Bug#562048: updated to name option "DebianBanner"

To: 562048@bugs.debian.org
Subject: Bug#562048: updated to name option "DebianBanner"
From: Kees Cook <kees@debian.org>
Date: Fri, 15 Jan 2010 15:04:06 -0800
Message-id: <20100115230406.GD5185@outflux.net>
Reply-to: Kees Cook <kees@debian.org>, 562048@bugs.debian.org

Hi,

This patch renames the config variable to "DebianBanner", as a way to make
it clearly a non-upstream configuration option.

Thanks,

-Kees

-- 
Kees Cook                                            @debian.org

diff -uNrp openssh-5.1p1~/debian/changelog openssh-5.1p1/debian/changelog
--- openssh-5.1p1~/debian/changelog	2009-12-22 01:16:09.000000000 -0800
+++ openssh-5.1p1/debian/changelog	2009-12-22 01:11:57.986834956 -0800
@@ -1,3 +1,12 @@
+openssh (1:5.1p1-9) unstable; urgency=low
+
+  * servconf.[ch], sshd.c, version.h, sshd_config.5: implement
+    DebianBanner server configuration flag that can be set to
+    "no" to allow sshd to run without the Debian-specific extra version
+    in the initial protocol handshake.
+
+ -- Kees Cook <kees@debian.org>  Tue, 22 Dec 2009 01:11:04 -0800
+
 openssh (1:5.1p1-8) unstable; urgency=low
 
   * Build with just -fPIC on mips/mipsel, not -fPIE as well (thanks, LIU Qi;
diff -uNrp openssh-5.1p1~/servconf.c openssh-5.1p1/servconf.c
--- openssh-5.1p1~/servconf.c	2009-12-22 01:16:09.000000000 -0800
+++ openssh-5.1p1/servconf.c	2009-12-22 01:10:50.496829718 -0800
@@ -130,6 +130,7 @@ initialize_server_options(ServerOptions 
 	options->num_permitted_opens = -1;
 	options->adm_forced_command = NULL;
 	options->chroot_directory = NULL;
+	options->debian_banner = -1;
 }
 
 void
@@ -267,6 +268,8 @@ fill_default_server_options(ServerOption
 		options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
 	if (options->permit_tun == -1)
 		options->permit_tun = SSH_TUNMODE_NO;
+	if (options->debian_banner == -1)
+		options->debian_banner = 1;
 
 	/* Turn privilege separation on by default */
 	if (use_privsep == -1)
@@ -313,6 +316,7 @@ typedef enum {
 	sAcceptEnv, sPermitTunnel,
 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
 	sUsePrivilegeSeparation, sAllowAgentForwarding,
+	sDebianBanner,
 	sDeprecated, sUnsupported
 } ServerOpCodes;
 
@@ -435,6 +439,7 @@ static struct {
 	{ "permitopen", sPermitOpen, SSHCFG_ALL },
 	{ "forcecommand", sForceCommand, SSHCFG_ALL },
 	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
+	{ "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
 	{ NULL, sBadOption, 0 }
 };
 
@@ -1313,6 +1318,10 @@ process_server_config_line(ServerOptions
 			*charptr = xstrdup(arg);
 		break;
 
+	case sDebianBanner:
+		intptr = &options->debian_banner;
+		goto parse_int;
+
 	case sDeprecated:
 		logit("%s line %d: Deprecated option %s",
 		    filename, linenum, arg);
diff -uNrp openssh-5.1p1~/servconf.h openssh-5.1p1/servconf.h
--- openssh-5.1p1~/servconf.h	2009-12-22 01:16:09.000000000 -0800
+++ openssh-5.1p1/servconf.h	2009-12-22 01:10:50.496829718 -0800
@@ -151,6 +151,8 @@ typedef struct {
 
 	int	num_permitted_opens;
 
+	int	debian_banner;
+
 	char   *chroot_directory;
 }       ServerOptions;
 
diff -uNrp openssh-5.1p1~/sshd.c openssh-5.1p1/sshd.c
--- openssh-5.1p1~/sshd.c	2009-12-22 01:16:09.000000000 -0800
+++ openssh-5.1p1/sshd.c	2009-12-22 01:10:50.496829718 -0800
@@ -425,7 +425,8 @@ sshd_exchange_identification(int sock_in
 		minor = PROTOCOL_MINOR_1;
 	}
 	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
-	    SSH_RELEASE, newline);
+	    options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM,
+	    newline);
 	server_version_string = xstrdup(buf);
 
 	/* Send our protocol version identification. */
diff -uNrp openssh-5.1p1~/sshd_config.5 openssh-5.1p1/sshd_config.5
--- openssh-5.1p1~/sshd_config.5	2009-12-22 01:16:09.000000000 -0800
+++ openssh-5.1p1/sshd_config.5	2009-12-22 01:10:50.496829718 -0800
@@ -862,6 +862,11 @@ Specifies whether public key authenticat
 The default is
 .Dq yes .
 Note that this option applies to protocol version 2 only.
+.It Cm DebianBanner
+Specifies whether the distribution-specified extra version suffix is
+included during initial protocol handshake.
+The default is
+.Dq yes .
 .It Cm RhostsRSAAuthentication
 Specifies whether rhosts or /etc/hosts.equiv authentication together
 with successful RSA host authentication is allowed.
diff -uNrp openssh-5.1p1~/version.h openssh-5.1p1/version.h
--- openssh-5.1p1~/version.h	2009-12-22 01:16:09.000000000 -0800
+++ openssh-5.1p1/version.h	2009-12-22 01:10:50.496829718 -0800
@@ -3,8 +3,9 @@
 #define SSH_VERSION	"OpenSSH_5.1"
 
 #define SSH_PORTABLE	"p1"
+#define SSH_RELEASE_MINIMUM	SSH_VERSION SSH_PORTABLE
 #ifdef SSH_EXTRAVERSION
-#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE " " SSH_EXTRAVERSION
+#define SSH_RELEASE	SSH_RELEASE_MINIMUM " " SSH_EXTRAVERSION
 #else
-#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
+#define SSH_RELEASE	SSH_RELEASE_MINIMUM
 #endif

Reply to:

Follow-Ups:
- Bug#562048: updated to name option "DebianBanner"
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: openssh 1:5.2p1-1 MIGRATED to testing
Next by Date: Bug#562048: updated to name option "DebianBanner"
Previous by thread: openssh 1:5.2p1-1 MIGRATED to testing
Next by thread: Bug#562048: updated to name option "DebianBanner"
Index(es):
- Date
- Thread