Process OpenSSH configuration files by default.

This will allow to use the same configuration in client applications including the users aliases or system wide cryptographic configuration. As the configuration parsing is the last thing before doing the actual connection, it might overwrite previously set options. If this is not intended, the client application can ask the configuration files to be parsed before setting some other options that should not ve overwritten. The code ensures that the configuration is not parsed again. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-10-29 14:39:05 +01:00 · 2018-10-29 14:39:05 +01:00 · 89a8a6fcf0
--- a/include/libssh/session.h
+++ b/include/libssh/session.h
@ -20,6 +20,8 @@

 #ifndef SESSION_H_
 #define SESSION_H_
+#include <stdbool.h>
+
 #include "libssh/priv.h"
 #include "libssh/kex.h"
 #include "libssh/packet.h"
@ -217,6 +219,7 @@ struct ssh_session_struct {
        int gss_delegate_creds;
        int flags;
        int nodelay;
+        bool config_processed;
    } opts;
    /* counters */
    ssh_counter socket_counter;
--- a/src/client.c
+++ b/src/client.c
@ -526,6 +526,16 @@ int ssh_connect(ssh_session session) {
    return SSH_ERROR;
  }

+  /* If the system configuration files were not yet processed, do it now */
+  if (!session->opts.config_processed) {
+    ret = ssh_options_parse_config(session, NULL);
+    if (ret != 0) {
+      ssh_set_error(session, SSH_FATAL,
+                    "Failed to process system configuration files");
+      return SSH_ERROR;
+    }
+  }
+
  ret = ssh_options_apply(session);
  if (ret < 0) {
      ssh_set_error(session, SSH_FATAL, "Couldn't apply options");
--- a/src/options.c
+++ b/src/options.c
@ -1335,6 +1335,8 @@ int ssh_options_parse_config(ssh_session session, const char *filename) {
      r = ssh_config_parse_file(session, "/etc/ssh/ssh_config");
  }

+  /* Do not process the default configuration as part of connection again */
+  session->opts.config_processed = true;
 out:
  free(expanded_filename);
  return r;
--- a/tests/client/torture_connect.c
+++ b/tests/client/torture_connect.c
@ -68,6 +68,7 @@ static int session_setup(void **state)
    assert_non_null(s->ssh.session);

    ssh_options_set(s->ssh.session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+    ssh_options_set(s->ssh.session, SSH_OPTIONS_HOST, BLACKHOLE);

    return 0;
 }