add VersionAddendum to ssh client, mirroring what happens on server side

epaulson · Jul 11, 2017 · 69daef3 · 69daef3
1 parent ff3507a
commit 69daef3
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 8 deletions.
diff --git a/readconf.c b/readconf.c
@@ -171,7 +171,7 @@ typedef enum {
 	oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
 	oStreamLocalBindMask, oStreamLocalBindUnlink, oRevokedHostKeys,
 	oFingerprintHash, oUpdateHostkeys, oHostbasedKeyTypes,
-	oPubkeyAcceptedKeyTypes, oProxyJump,
+	oPubkeyAcceptedKeyTypes, oProxyJump, oVersionAddendum,
 	oIgnore, oIgnoredUnknownOption, oDeprecated, oUnsupported
 } OpCodes;
 
@@ -305,6 +305,7 @@ static struct {
 	{ "pubkeyacceptedkeytypes", oPubkeyAcceptedKeyTypes },
 	{ "ignoreunknown", oIgnoreUnknown },
 	{ "proxyjump", oProxyJump },
+	{ "versionaddendum", oVersionAddendum },
 
 	{ NULL, oBadOption }
 };
@@ -1653,6 +1654,10 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host,
 		charptr = &options->identity_agent;
 		goto parse_string;
 
+	case oVersionAddendum:
+		charptr = &options->version_addendum;
+		goto parse_string;
+
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
 		    filename, linenum, keyword);
@@ -1853,6 +1858,7 @@ initialize_options(Options * options)
 	options->update_hostkeys = -1;
 	options->hostbased_key_types = NULL;
 	options->pubkey_key_types = NULL;
+	options->version_addendum = NULL;
 }
 
 /*
@@ -2022,6 +2028,10 @@ fill_default_options(Options * options)
 		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
 	if (options->update_hostkeys == -1)
 		options->update_hostkeys = 0;
+	if (options->version_addendum == NULL)
+		options->version_addendum = xstrdup("");
+	if(strcasecmp(options->version_addendum, "none") == 0)
+		options->version_addendum = xstrdup("");
 	if (kex_assemble_names(KEX_CLIENT_ENCRYPT, &options->ciphers) != 0 ||
 	    kex_assemble_names(KEX_CLIENT_MAC, &options->macs) != 0 ||
 	    kex_assemble_names(KEX_CLIENT_KEX, &options->kex_algorithms) != 0 ||
@@ -2527,6 +2537,8 @@ dump_client_config(Options *o, const char *host)
 	dump_cfg_string(oPubkeyAcceptedKeyTypes, o->pubkey_key_types);
 	dump_cfg_string(oRevokedHostKeys, o->revoked_host_keys);
 	dump_cfg_string(oXAuthLocation, o->xauth_location);
+	dump_cfg_string(oVersionAddendum, *o->version_addendum == '\0'
+		? "none" : o->version_addendum);
 
 	/* Forwards */
 	dump_cfg_forwards(oDynamicForward, o->num_local_forwards, o->local_forwards);

diff --git a/readconf.h b/readconf.h
@@ -164,6 +164,7 @@ typedef struct {
 	char   *jump_extra;
 
 	char	*ignored_unknown; /* Pattern list of unknown tokens to ignore */
+	char	*version_addendum;	/* Appended to SSH banner */
 }       Options;
 
 #define SSH_CANONICALISE_NO	0

diff --git a/sshconnect.c b/sshconnect.c
@@ -508,11 +508,23 @@ ssh_connect(const char *host, struct addrinfo *addrs,
 }
 
 static void
-send_client_banner(int connection_out, int minor1)
+send_client_banner(int connection_out, int minor1, const char *host)
 {
 	/* Send our own protocol version identification. */
-	xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
-	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
+	char *tmp, *expanded;
+	xasprintf(&tmp, "%s%s", *options.version_addendum == '\0' ? "" : " ", 
+              options.version_addendum); 
+	expanded = percent_expand(tmp, "h", host, (char *)NULL);	
+	if (strchr(expanded, '\r') != NULL)
+		fatal("send_client_banner: cannot include carriage return " 
+			"in version addendum");	
+	xasprintf(&client_version_string, "SSH-%d.%d-%.100s%s\r\n",
+	    PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, expanded);
+	free(tmp);
+	free(expanded);
+	if(strlen(client_version_string) > 255)
+		fatal("send_client_banner: banner too long: %.255s", 
+			client_version_string);	
 	if (atomicio(vwrite, connection_out, client_version_string,
 	    strlen(client_version_string)) != strlen(client_version_string))
 		fatal("write: %.100s", strerror(errno));
@@ -525,7 +537,7 @@ send_client_banner(int connection_out, int minor1)
  * identification string.
  */
 void
-ssh_exchange_identification(int timeout_ms)
+ssh_exchange_identification(int timeout_ms, const char *host)
 {
 	char buf[256], remote_version[256];	/* must be same size! */
 	int remote_major, remote_minor, mismatch;
@@ -535,7 +547,7 @@ ssh_exchange_identification(int timeout_ms)
 	size_t len;
 	int rc;
 
-	send_client_banner(connection_out, 0);
+	send_client_banner(connection_out, 0, host);
 
 	/* Read other side's version identification. */
 	for (n = 0;;) {
@@ -1306,7 +1318,7 @@ ssh_login(Sensitive *sensitive, const char *orighost,
 	lowercase(host);
 
 	/* Exchange protocol version identification strings with the server. */
-	ssh_exchange_identification(timeout_ms);
+	ssh_exchange_identification(timeout_ms, host);
 
 	/* Put the connection into non-blocking mode. */
 	packet_set_nonblocking();

diff --git a/sshconnect.h b/sshconnect.h
@@ -39,7 +39,7 @@ void	 ssh_kill_proxy_command(void);
 void	 ssh_login(Sensitive *, const char *, struct sockaddr *, u_short,
     struct passwd *, int);
 
-void	 ssh_exchange_identification(int);
+void	 ssh_exchange_identification(int, const char *);
 
 int	 verify_host_key(char *, struct sockaddr *, struct sshkey *);