From owner-svn-src-all@freebsd.org  Mon Aug  8 10:46:19 2016
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5670ABB20C6;
 Mon,  8 Aug 2016 10:46:19 +0000 (UTC) (envelope-from des@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0FAE31170;
 Mon,  8 Aug 2016 10:46:18 +0000 (UTC) (envelope-from des@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u78AkINm023624;
 Mon, 8 Aug 2016 10:46:18 GMT (envelope-from des@FreeBSD.org)
Received: (from des@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u78AkImJ023623;
 Mon, 8 Aug 2016 10:46:18 GMT (envelope-from des@FreeBSD.org)
Message-Id: <201608081046.u78AkImJ023623@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: des set sender to des@FreeBSD.org
 using -f
From: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org>
Date: Mon, 8 Aug 2016 10:46:18 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r303832 - head/crypto/openssh
X-SVN-Group: head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Aug 2016 10:46:19 -0000

Author: des
Date: Mon Aug  8 10:46:18 2016
New Revision: 303832
URL: https://svnweb.freebsd.org/changeset/base/303832

Log:
  Try to check whether each key file exists before adding it, and bail out
  if we didn't find any of them.  This reduces log spam about key files for
  deprecated algorithms, which we look for but don't generate.
  
  PR:		208254
  MFC after:	3 days

Modified:
  head/crypto/openssh/servconf.c

Modified: head/crypto/openssh/servconf.c
==============================================================================
--- head/crypto/openssh/servconf.c	Mon Aug  8 08:20:10 2016	(r303831)
+++ head/crypto/openssh/servconf.c	Mon Aug  8 10:46:18 2016	(r303832)
@@ -22,6 +22,7 @@ __RCSID("$FreeBSD$");
 #include <netinet/ip.h>
 
 #include <ctype.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <stdio.h>
@@ -206,24 +207,28 @@ fill_default_server_options(ServerOption
 	/* Standard Options */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
 		options->protocol = SSH_PROTO_2;
+#define add_host_key_file(path)						\
+	do {								\
+		if (access((path), O_RDONLY) == 0)			\
+			options->host_key_files				\
+			    [options->num_host_key_files++] = (path);	\
+	} while (0)
 	if (options->num_host_key_files == 0) {
 		/* fill default hostkeys for protocols */
 		if (options->protocol & SSH_PROTO_1)
-			options->host_key_files[options->num_host_key_files++] =
-			    _PATH_HOST_KEY_FILE;
+			add_host_key_file(_PATH_HOST_KEY_FILE);
 		if (options->protocol & SSH_PROTO_2) {
-			options->host_key_files[options->num_host_key_files++] =
-			    _PATH_HOST_RSA_KEY_FILE;
-			options->host_key_files[options->num_host_key_files++] =
-			    _PATH_HOST_DSA_KEY_FILE;
+			add_host_key_file(_PATH_HOST_RSA_KEY_FILE);
+			add_host_key_file(_PATH_HOST_DSA_KEY_FILE);
 #ifdef OPENSSL_HAS_ECC
-			options->host_key_files[options->num_host_key_files++] =
-			    _PATH_HOST_ECDSA_KEY_FILE;
+			add_host_key_file(_PATH_HOST_ECDSA_KEY_FILE);
 #endif
-			options->host_key_files[options->num_host_key_files++] =
-			    _PATH_HOST_ED25519_KEY_FILE;
+			add_host_key_file(_PATH_HOST_ED25519_KEY_FILE);
 		}
 	}
+#undef add_host_key_file
+	if (options->num_host_key_files == 0)
+		fatal("No host key files found");
 	/* No certificates by default */
 	if (options->num_ports == 0)
 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;