1 From debfde6b8d41a9b15452b519089ce2ee22b6addd Mon Sep 17 00:00:00 2001
2 From: oracle <solaris@oracle.com>
3 Date: Mon, 3 Aug 2015 14:36:00 -0700
4 Subject: [PATCH 10/36] Add DisableBanner option
5
6 #
7 # This patch is to add a new DisableBanner option to the ssh client command,
8 # which allows the ssh command to disable the display of the banner message.
9 # We have contributed back this feature to the OpenSSH upstream community. For
10 # more information, see https://bugzilla.mindrot.org/show_bug.cgi?id=2242.
11 # In the future, if this feature is accepted by the upsteam in a later release,
12 # we will remove this patch when we upgrade to that release.
13 #
14 ---
15 readconf.c | 31 +++++++++++++++++++++++++++++++
16 readconf.h | 9 +++++++++
17 ssh_config.4 | 8 ++++++++
18 sshconnect2.c | 17 +++++++++++++++++
19 4 files changed, 65 insertions(+)
20
21 diff --git a/readconf.c b/readconf.c
22 index 2c63d44..d0f4068 100644
23 --- a/readconf.c
24 +++ b/readconf.c
25 @@ -150,6 +150,9 @@ typedef enum {
26 oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
27 oSendEnv, oControlPath, oControlMaster, oControlPersist,
28 oHashKnownHosts,
29 +#ifdef DISABLE_BANNER
30 + oDisableBanner,
31 +#endif
32 oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
33 oVisualHostKey, oUseRoaming,
34 oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
35 @@ -255,6 +258,9 @@ static struct {
36 { "controlmaster", oControlMaster },
37 { "controlpersist", oControlPersist },
38 { "hashknownhosts", oHashKnownHosts },
39 +#ifdef DISABLE_BANNER
40 + { "disablebanner", oDisableBanner },
41 +#endif
42 { "tunnel", oTunnel },
43 { "tunneldevice", oTunnelDevice },
44 { "localcommand", oLocalCommand },
45 @@ -754,6 +760,17 @@ static const struct multistate multistate_canonicalizehostname[] = {
46 { NULL, -1 }
47 };
48
49 +#ifdef DISABLE_BANNER
50 +static const struct multistate multistate_disablebanner[] = {
51 + { "true", SSH_DISABLEBANNER_YES },
52 + { "false", SSH_DISABLEBANNER_NO },
53 + { "yes", SSH_DISABLEBANNER_YES },
54 + { "no", SSH_DISABLEBANNER_NO },
55 + { "in-exec-mode", SSH_DISABLEBANNER_INEXECMODE },
56 + { NULL, -1 }
57 +};
58 +#endif
59 +
60 /*
61 * Processes a single option line as used in the configuration files. This
62 * only sets those values that have not already been set.
63 @@ -1514,6 +1531,13 @@ parse_keytypes:
64 charptr = &options->pubkey_key_types;
65 goto parse_keytypes;
66
67 +#ifdef DISABLE_BANNER
68 + case oDisableBanner:
69 + intptr = &options->disable_banner;
70 + multistate_ptr = multistate_disablebanner;
71 + goto parse_multistate;
72 +#endif
73 +
74 case oDeprecated:
75 debug("%s line %d: Deprecated option \"%s\"",
76 filename, linenum, keyword);
77 @@ -1684,6 +1708,9 @@ initialize_options(Options * options)
78 options->ip_qos_bulk = -1;
79 options->request_tty = -1;
80 options->proxy_use_fdpass = -1;
81 +#ifdef DISABLE_BANNER
82 + options->disable_banner = -1;
83 +#endif
84 options->ignored_unknown = NULL;
85 options->num_canonical_domains = 0;
86 options->num_permitted_cnames = 0;
87 @@ -1868,6 +1895,10 @@ fill_default_options(Options * options)
88 options->canonicalize_fallback_local = 1;
89 if (options->canonicalize_hostname == -1)
90 options->canonicalize_hostname = SSH_CANONICALISE_NO;
91 +#ifdef DISABLE_BANNER
92 + if (options->disable_banner == -1)
93 + options->disable_banner = 0;
94 +#endif
95 if (options->fingerprint_hash == -1)
96 options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
97 if (options->update_hostkeys == -1)
98 diff --git a/readconf.h b/readconf.h
99 index bb2d552..b961309 100644
100 --- a/readconf.h
101 +++ b/readconf.h
102 @@ -154,6 +154,9 @@ typedef struct {
103 char *pubkey_key_types;
104
105 char *ignored_unknown; /* Pattern list of unknown tokens to ignore */
106 +#ifdef DISABLE_BANNER
107 + int disable_banner; /* Disable display of banner */
108 +#endif
109 } Options;
110
111 #define SSH_CANONICALISE_NO 0
112 @@ -179,6 +182,12 @@ typedef struct {
113 #define SSH_UPDATE_HOSTKEYS_YES 1
114 #define SSH_UPDATE_HOSTKEYS_ASK 2
115
116 +#ifdef DISABLE_BANNER
117 +#define SSH_DISABLEBANNER_NO 0
118 +#define SSH_DISABLEBANNER_YES 1
119 +#define SSH_DISABLEBANNER_INEXECMODE 2
120 +#endif
121 +
122 void initialize_options(Options *);
123 void fill_default_options(Options *);
124 void fill_default_options_for_canonicalization(Options *);
125 diff --git a/ssh_config.4 b/ssh_config.4
126 index 8c099eb..6325b3a 100644
127 --- a/ssh_config.4
128 +++ b/ssh_config.4
129 @@ -572,6 +572,14 @@ If set to a time in seconds, or a time in any of the formats documented in
130 then the backgrounded master connection will automatically terminate
131 after it has remained idle (with no client connections) for the
132 specified time.
133 +.It Cm DisableBanner
134 +If set to yes, disables the display of the banner message.
135 +If set to in-exec-mode, disables the display of banner message when in remote
136 +command mode only.
137 +.Pp
138 +The default value is no, which means that the banner is displayed unless the
139 +log level is QUIET, FATAL, or ERROR. See also the Banner option in
140 +.Xr sshd_config 4 . This option applies to protocol version 2 only.
141 .It Cm DynamicForward
142 Specifies that a TCP port on the local machine be forwarded
143 over the secure channel, and the application
144 diff --git a/sshconnect2.c b/sshconnect2.c
145 index 7751031..95593b9 100644
146 --- a/sshconnect2.c
147 +++ b/sshconnect2.c
148 @@ -81,6 +81,10 @@ extern char *client_version_string;
149 extern char *server_version_string;
150 extern Options options;
151
152 +#ifdef DISABLE_BANNER
153 +extern Buffer command;
154 +#endif
155 +
156 /*
157 * SSH2 key exchange
158 */
159 @@ -473,7 +477,20 @@ input_userauth_banner(int type, u_int32_t seq, void *ctxt)
160 debug3("input_userauth_banner");
161 raw = packet_get_string(&len);
162 lang = packet_get_string(NULL);
163 +
164 +#ifdef DISABLE_BANNER
165 + /*
166 + * Banner is a warning message according to RFC 4252. So, never print
167 + * a banner in error log level or lower. If the log level is higher,
168 + * use DisableBanner option to decide whether to display it or not.
169 + */
170 + if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO &&
171 + (options.disable_banner == SSH_DISABLEBANNER_NO ||
172 + (options.disable_banner == SSH_DISABLEBANNER_INEXECMODE &&
173 + buffer_len(&command) == 0))) {
174 +#else
175 if (len > 0 && options.log_level >= SYSLOG_LEVEL_INFO) {
176 +#endif
177 if (len > 65536)
178 len = 65536;
179 msg = xmalloc(len * 4 + 1); /* max expansion from strnvis() */
180 --
181 2.5.4 (Apple Git-61)
182