Last active
December 14, 2015 11:29
-
-
Save ryancdotorg/5079621 to your computer and use it in GitHub Desktop.
Patch for OpenSSH that adds a ClearIdentityFiles option for use in ~/.ssh/config. Can be set to no - nothing happens,
yes - all IdentityFile entries currently present are removed,
never - any future attempts to use the option will be ignored,
always - all all IdentityFile entries currently are removed and adding more is disabled. WARNING - this …
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/readconf.c b/readconf.c | |
| index 91dfa56..701c79a 100644 | |
| + if (options->clear_identity_files > 0) { | |
| + intptr = &options->num_identity_files; | |
| + while (*intptr > 0) { | |
| + *intptr = *intptr - 1; | |
| + charptr = &options->identity_files[*intptr]; | |
| + debug("removing identity %i (%p %p) %s", | |
| + *intptr, charptr, *charptr, *charptr); | |
| + if (charptr && *charptr) { | |
| + xfree(*charptr); | |
| + *charptr = NULL; | |
| + } | |
| + } | |
| + } | |
| } | |
| break; | |
| @@ -1162,6 +1203,7 @@ initialize_options(Options * options) | |
| options->hostkeyalgorithms = NULL; | |
| options->protocol = SSH_PROTO_UNKNOWN; | |
| options->num_identity_files = 0; | |
| + options->clear_identity_files = -1; | |
| options->hostname = NULL; | |
| options->host_key_alias = NULL; | |
| options->proxy_command = NULL; | |
| @@ -1277,7 +1319,9 @@ fill_default_options(Options * options) | |
| /* options->hostkeyalgorithms, default set in myproposals.h */ | |
| if (options->protocol == SSH_PROTO_UNKNOWN) | |
| options->protocol = SSH_PROTO_2; | |
| - if (options->num_identity_files == 0) { | |
| + if (options->clear_identity_files == -1) | |
| + options->clear_identity_files = 0; | |
| + if (options->num_identity_files == 0 && options->clear_identity_files == 0) { | |
| if (options->protocol & SSH_PROTO_1) { | |
| len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1; | |
| options->identity_files[options->num_identity_files] = | |
| diff --git a/readconf.h b/readconf.h | |
| index 5944cff..bc6ab6c 100644 | |
| --- a/readconf.h | |
| +++ b/readconf.h | |
| @@ -96,6 +96,7 @@ typedef struct { | |
| int num_identity_files; /* Number of files for RSA/DSA identities. */ | |
| char *identity_files[SSH_MAX_IDENTITY_FILES]; | |
| Key *identity_keys[SSH_MAX_IDENTITY_FILES]; | |
| + int clear_identity_files; | |
| /* Local TCP/IP forward requests. */ | |
| int num_local_forwards; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment