From e566972f00f528eb7ed5e5fa468f53ed3c0074e8 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Thu, 28 Mar 2019 18:36:45 +0000 Subject: [PATCH] Uppity: configurable SSH-2 authentication banner. I've had to test banner handling several times recently, what with trust sigils and the fix for CONF_ssh_show_banner. So it's the thing I've most wanted to keep reconfiguring about Uppity so far. --- ssh2userauth-server.c | 7 +++++++ sshserver.h | 2 +- unix/uxserver.c | 17 +++++++++++++++++ 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/ssh2userauth-server.c b/ssh2userauth-server.c index b515afeb..37753956 100644 --- a/ssh2userauth-server.c +++ b/ssh2userauth-server.c @@ -127,6 +127,13 @@ static void ssh2_userauth_server_process_queue(PacketProtocolLayer *ppl) s->session_id = ssh2_transport_get_session_id(s->transport_layer); + if (s->ssc->banner.ptr) { + pktout = ssh_bpp_new_pktout(s->ppl.bpp, SSH2_MSG_USERAUTH_BANNER); + put_stringpl(pktout, s->ssc->banner); + put_stringz(pktout, ""); /* language tag */ + pq_push(s->ppl.out_pq, pktout); + } + while (1) { crMaybeWaitUntilV((pktin = ssh2_userauth_server_pop(s)) != NULL); if (pktin->type != SSH2_MSG_USERAUTH_REQUEST) { diff --git a/sshserver.h b/sshserver.h index c91eb724..9c00c829 100644 --- a/sshserver.h +++ b/sshserver.h @@ -1,7 +1,7 @@ typedef struct AuthPolicy AuthPolicy; struct SshServerConfig { - int dummy; /* no fields in here yet */ + ptrlen banner; /* banner.ptr == NULL indicates no banner */ }; Plug *ssh_server_plug( diff --git a/unix/uxserver.c b/unix/uxserver.c index 04229a29..97ee749b 100644 --- a/unix/uxserver.c +++ b/unix/uxserver.c @@ -510,6 +510,23 @@ int main(int argc, char **argv) "(%s)\n", appname, val, key_type_to_str(keytype)); exit(1); } + } else if (longoptarg(arg, "--bannerfile", &val, &argc, &argv)) { + FILE *fp = fopen(val, "r"); + if (!fp) { + fprintf(stderr, "%s: %s: open: %s\n", appname, + val, strerror(errno)); + exit(1); + } + strbuf *sb = strbuf_new(); + if (!read_file_into(BinarySink_UPCAST(sb), fp)) { + fprintf(stderr, "%s: %s: read: %s\n", appname, + val, strerror(errno)); + exit(1); + } + fclose(fp); + ssc.banner = ptrlen_from_strbuf(sb); + } else if (longoptarg(arg, "--bannertext", &val, &argc, &argv)) { + ssc.banner = ptrlen_from_asciz(val); } else if (longoptarg(arg, "--sshlog", &val, &argc, &argv) || longoptarg(arg, "-sshlog", &val, &argc, &argv)) { Filename *logfile = filename_from_str(val);