- stevesk@cvs.openbsd.org 2001/07/26 17:18:22

     [sshd.8 sshd.c]
     add -t option to test configuration file and keys; pekkas@netcore.fi
     ok markus@

diff --git a/ChangeLog b/ChangeLog
index 58aca32884698bd72798006c1b25084b0f78dbb5..0cff9f7138e5f876007eb3aa99bc9e3e260827b0 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,6 +36,10 @@
      [readconf.c ssh.1 ssh.c sshconnect.c]
      cleanup connect(); connection_attempts 4 -> 1; from 
      eivind@freebsd.org
+   - stevesk@cvs.openbsd.org 2001/07/26 17:18:22
+     [sshd.8 sshd.c]
+     add -t option to test configuration file and keys; pekkas@netcore.fi
+     ok markus@
 
 20010803
  - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on

diff --git a/sshd.8 b/sshd.8
index 01fd2142104de1ca7c23fb64cc8e73b1de7e9f28..94bd627386457531093cdb2616d8d5f21c1582a6 100644 (file)
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.136 2001/07/22 22:24:16 markus Exp $
+.\" $OpenBSD: sshd.8,v 1.137 2001/07/26 17:18:22 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -247,6 +247,12 @@ Quiet mode.
 Nothing is sent to the system log.
 Normally the beginning,
 authentication, and termination of each connection is logged.
+.It Fl t
+Test mode.
+Only check the validity of the configuration file and sanity of the keys.
+This is useful for updating 
+.Nm
+reliably as configuration options may change.
 .It Fl u Ar len
 This option is used to specify the size of the field
 in the

diff --git a/sshd.c b/sshd.c
index dd5d7ab2ca61db2327b28eb22fe3499f0a8d5a41..d1c68445d3e0f96d4438c0fe40ec559efd3f7a43 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.202 2001/06/26 16:15:25 dugsong Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.203 2001/07/26 17:18:22 stevesk Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -113,6 +113,9 @@ int IPv4or6 = AF_UNSPEC;
  */
 int debug_flag = 0;
 
+/* Flag indicating that the daemon should only test the configuration and keys. */
+int test_flag = 0;
+
 /* Flag indicating that the daemon is being started from inetd. */
 int inetd_flag = 0;
 
@@ -560,7 +563,7 @@ main(int ac, char **av)
        initialize_server_options(&options);
 
        /* Parse command-line arguments. */
-       while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDeiqQ46")) != -1) {
+       while ((opt = getopt(ac, av, "f:p:b:k:h:g:V:u:dDeiqtQ46")) != -1) {
                switch (opt) {
                case '4':
                        IPv4or6 = AF_INET;
@@ -636,6 +639,9 @@ main(int ac, char **av)
                        /* only makes sense with inetd_flag, i.e. no listen() */
                        inetd_flag = 1;
                        break;
+               case 't':
+                       test_flag = 1;
+                       break;
                case 'u':
                        utmp_len = atoi(optarg);
                        break;
@@ -648,6 +654,7 @@ main(int ac, char **av)
                        fprintf(stderr, "  -d         Debugging mode (multiple -d means more debugging)\n");
                        fprintf(stderr, "  -i         Started from inetd\n");
                        fprintf(stderr, "  -D         Do not fork into daemon mode\n");
+                       fprintf(stderr, "  -t         Only test configuration file and keys\n");
                        fprintf(stderr, "  -q         Quiet (no logging)\n");
                        fprintf(stderr, "  -p port    Listen on the specified port (default: 22)\n");
                        fprintf(stderr, "  -k seconds Regenerate server key every this many seconds (default: 3600)\n");
@@ -755,6 +762,10 @@ main(int ac, char **av)
                }
        }
 
+       /* Configuration looks good, so exit if in test mode. */
+       if (test_flag)
+               exit(0);
+
 #ifdef HAVE_SCO_PROTECTED_PW
        (void) set_auth_parameters(ac, av);
 #endif