options: Allow avoiding system-wide configuration

The added option SSH_BIND_OPTIONS_PROCESS_CONFIG allows to skip processing the system-wide configuration file. The global configuration file is processed automatically if this option is not set as false. This option will only be effective if set before any call to ssh_bind_options_parse_config(). Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
2025-08-08 19:02:06 +03:00 · 2019-05-16 13:20:27 +02:00
parent 07faf95a10
commit 79f0c38fbd
3 changed files with 29 additions and 9 deletions
--- a/include/libssh/server.h
+++ b/include/libssh/server.h
@@ -55,6 +55,7 @@ enum ssh_bind_options_e {
  SSH_BIND_OPTIONS_CONFIG_DIR,
  SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES,
  SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS,
+  SSH_BIND_OPTIONS_PROCESS_CONFIG,
 };

 typedef struct ssh_bind_struct* ssh_bind;
--- a/src/bind.c
+++ b/src/bind.c
@@ -132,7 +132,6 @@ static socket_t bind_socket(ssh_bind sshbind, const char *hostname,

 ssh_bind ssh_bind_new(void) {
    ssh_bind ptr;
-    int rc;

    ptr = calloc(1, sizeof(struct ssh_bind_struct));
    if (ptr == NULL) {
@@ -142,13 +141,6 @@ ssh_bind ssh_bind_new(void) {
    ptr->bindport = 22;
    ptr->common.log_verbosity = 0;

-    /* Apply global bind configurations */
-    rc = ssh_bind_options_parse_config(ptr, NULL);
-    if (rc != 0) {
-        ssh_bind_free(ptr);
-        ptr = NULL;
-    }
-
    return ptr;
 }

@@ -431,14 +423,25 @@ void ssh_bind_free(ssh_bind sshbind){
 int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){
    int i, rc;

+    if (sshbind == NULL) {
+        return SSH_ERROR;
+    }
+
    if (session == NULL){
        ssh_set_error(sshbind, SSH_FATAL,"session is null");
        return SSH_ERROR;
    }

+    /* Apply global bind configurations, if it hasn't been applied before */
+    rc = ssh_bind_options_parse_config(sshbind, NULL);
+    if (rc != 0) {
+        ssh_set_error(sshbind, SSH_FATAL,"Could not parse global config");
+        return SSH_ERROR;
+    }
+
    session->server = 1;

-    /* copy options */
+    /* Copy options from bind to session */
    for (i = 0; i < 10; i++) {
      if (sshbind->wanted_methods[i]) {
        session->opts.wanted_methods[i] = strdup(sshbind->wanted_methods[i]);
--- a/src/options.c
+++ b/src/options.c
@@ -1608,6 +1608,13 @@ static int ssh_bind_set_algo(ssh_bind sshbind,
 *                        paths of configuration files to
 *                        ssh_bind_options_parse_config().
 *
+ *                      - SSH_BIND_OPTIONS_PROCESS_CONFIG
+ *                        Set it to false to disable automatic processing of
+ *                        system-wide configuration files. LibSSH automatically
+ *                        uses these configuration files otherwise. This
+ *                        option will only have effect if set before any call
+ *                        to ssh_bind_options_parse_config() (bool).
+ *
 *                      - SSH_BIND_OPTIONS_PUBKEY_ACCEPTED_KEY_TYPES:
 *                        Set the public key algorithm accepted by the server
 *                        (const char *, comma-separated list).
@@ -1955,6 +1962,15 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
            }
        }
        break;
+    case SSH_BIND_OPTIONS_PROCESS_CONFIG:
+        if (value == NULL) {
+            ssh_set_error_invalid(sshbind);
+            return -1;
+        } else {
+            bool *x = (bool *)value;
+            sshbind->config_processed = !(*x);
+        }
+        break;
    default:
      ssh_set_error(sshbind, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
      return -1;