OpenSSH: allow VersionAddendum to be used again

Prior to this, setting VersionAddendum will be a no-op: one will
always have BASE_VERSION + " " + VERSION_HPN for VersionAddendum
set in the config and a bare BASE_VERSION + VERSION_HPN when there
is no VersionAddendum is set.

HPN patch requires both parties to have the "hpn" inside their
advertized versions, so we add VERSION_HPN to the VERSION_BASE
if HPN is enabled and omitting it if HPN is disabled.

VersionAddendum now uses the following logics:
 * unset (default value): append " " and VERSION_ADDENDUM;
 * VersionAddendum is set and isn't empty: append " "
   and VersionAddendum;
 * VersionAddendum is set and empty: don't append anything.

Approved by: des
Reviewed by: bz
MFC after: 3 days

5 files changed, 60 insertions, 28 deletions

diff --git a/crypto/openssh/ssh.c b/crypto/openssh/ssh.c
index 21fe19b..ed3ab92 100644
--- a/crypto/openssh/ssh.c
+++ b/crypto/openssh/ssh.c
@@ -437,7 +437,8 @@ main(int ac, char **av)
 			/* FALLTHROUGH */
 		case 'V':
 			fprintf(stderr, "%s, %s\n",
-			    SSH_RELEASE, SSLeay_version(SSLEAY_VERSION));
+			    ssh_version_get(options.hpn_disabled),
+			    SSLeay_version(SSLEAY_VERSION));
 			if (opt == 'V')
 				exit(0);
 			break;
diff --git a/crypto/openssh/sshconnect.c b/crypto/openssh/sshconnect.c
index 042f2a6..f073178 100644
--- a/crypto/openssh/sshconnect.c
+++ b/crypto/openssh/sshconnect.c
@@ -585,7 +585,7 @@ ssh_exchange_identification(int timeout_ms)
 	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s",
 	    compat20 ? PROTOCOL_MAJOR_2 : PROTOCOL_MAJOR_1,
 	    compat20 ? PROTOCOL_MINOR_2 : minor1,
-	    SSH_RELEASE, compat20 ? "\r\n" : "\n");
+	    ssh_version_get(options.hpn_disabled), compat20 ? "\r\n" : "\n");
 	if (roaming_atomicio(vwrite, connection_out, buf, strlen(buf))
 	    != strlen(buf))
 		fatal("write: %.100s", strerror(errno));
diff --git a/crypto/openssh/sshd.c b/crypto/openssh/sshd.c
index 7851a6c..fa79b63 100644
--- a/crypto/openssh/sshd.c
+++ b/crypto/openssh/sshd.c
@@ -431,7 +431,7 @@ sshd_exchange_identification(int sock_in, int sock_out)
 		minor = PROTOCOL_MINOR_1;
 	}
 	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
-	    SSH_RELEASE, newline);
+	    ssh_version_get(options.hpn_disabled), newline);
 	server_version_string = xstrdup(buf);
 
 	/* Send our protocol version identification. */
@@ -894,7 +894,7 @@ static void
 usage(void)
 {
 	fprintf(stderr, "%s, %s\n",
-	    SSH_RELEASE, SSLeay_version(SSLEAY_VERSION));
+	    ssh_version_get(0), SSLeay_version(SSLEAY_VERSION));
 	fprintf(stderr,
 "usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]\n"
 "            [-f config_file] [-g login_grace_time] [-h host_key_file]\n"
@@ -1583,7 +1583,7 @@ main(int ac, char **av)
 		exit(1);
 	}
 
-	debug("sshd version %.100s", SSH_RELEASE);
+	debug("sshd version %.100s", ssh_version_get(options.hpn_disabled));
 
 	/* Store privilege separation user for later use if required. */
 	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
diff --git a/crypto/openssh/version.c b/crypto/openssh/version.c
index 3cb4b7a..2f46794 100644
--- a/crypto/openssh/version.c
+++ b/crypto/openssh/version.c
@@ -1,5 +1,6 @@
 /*-
  * Copyright (c) 2001 Brian Fundakowski Feldman
+ * Copyright (c) 2012 Eygene Ryabinkin <rea@FreeBSD.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -35,30 +36,60 @@ __RCSID("$FreeBSD$");
 
 
 static char *version = NULL;
+/* NULL means "use default value", empty string means "unset" */
+static const char *addendum = NULL;
+static unsigned char update_version = 1;
 
+/*
+ * Constructs the version string if it is empty or needs updating.
+ *
+ * HPN patch we're running requires both parties
+ * to have the "hpn" string inside the advertized version
+ * (see compat.c::compat_datafellows), so we should
+ * include it to the generated string if HPN is enabled.
+ */
 const char *
-ssh_version_get(void) {
+ssh_version_get(int hpn_disabled)
+{
+	const char *hpn = NULL, *add = NULL;
+	char *newvers = NULL;
+	size_t size = 0;
 
-	if (version == NULL)
-		version = xstrdup(SSH_VERSION);
-	return (version);
-}
+	if (version != NULL && !update_version)
+		return (version);
 
-void
-ssh_version_set_addendum(const char *add) {
-	char *newvers;
-	size_t size;
+	hpn = (hpn_disabled ? NULL : SSH_VERSION_HPN);
+	add = (addendum == NULL ? SSH_VERSION_ADDENDUM :
+	    (addendum[0] == '\0' ? NULL : addendum));
 
-	if (add != NULL) {
-		size = strlen(SSH_VERSION_BASE) + strlen(SSH_VERSION_HPN) + 1 +
-		    strlen(add) + 1;
-		newvers = xmalloc(size);
-		snprintf(newvers, size, "%s %s", SSH_VERSION_BASE,
-		    SSH_VERSION_HPN, add);
-	} else {
-		newvers = xstrdup(SSH_VERSION_BASE SSH_VERSION_HPN);
+	size = strlen(SSH_VERSION_BASE) + (hpn ? strlen(hpn) : 0) +
+	    (add ? strlen(add) + 1 : 0) + 1;
+	newvers = xmalloc(size);
+	strcpy(newvers, SSH_VERSION_BASE);
+	if (hpn)
+		strcat(newvers, hpn);
+	if (add) {
+		strcat(newvers, " ");
+		strcat(newvers, add);
 	}
-	if (version != NULL)
+
+	if (version)
 		xfree(version);
 	version = newvers;
+	update_version = 0;
+
+	return (version);
+}
+
+void
+ssh_version_set_addendum(const char *add)
+{
+	if (add && addendum && !strcmp(add, addendum))
+		return;
+
+	if (addendum)
+		xfree((void *)addendum);
+	addendum = (add ? xstrdup(add) : xstrdup(""));
+
+	update_version = 1;
 }
diff --git a/crypto/openssh/version.h b/crypto/openssh/version.h
index 3eb10fc..129aad4 100644
--- a/crypto/openssh/version.h
+++ b/crypto/openssh/version.h
@@ -1,13 +1,13 @@
 /* $OpenBSD: version.h,v 1.62 2011/08/02 23:13:01 djm Exp $ */
 /* $FreeBSD$ */
 
-#ifndef SSH_VERSION
+#ifndef _VERSION_H_
+#define _VERSION_H_
+
 #define SSH_VERSION_BASE	"OpenSSH_5.9p1"
 #define SSH_VERSION_ADDENDUM	"FreeBSD-20111001"
 #define SSH_VERSION_HPN		"_hpn13v11"
-#define SSH_VERSION		SSH_VERSION_BASE SSH_VERSION_HPN " " SSH_VERSION_ADDENDUM
-#define SSH_RELEASE		(ssh_version_get())
 
-const char *ssh_version_get(void);
+const char *ssh_version_get(int hpn_disabled);
 void ssh_version_set_addendum(const char *);
-#endif /* SSH_VERSION */
+#endif /* _VERSION_H_ */