From 76d412ec206fd85356c55dbbf3446bb298f8e775 Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Sun, 31 May 2026 13:12:07 +0000
Subject: [PATCH] handle compiled-time unsupported options in servconf.h
 better; leave a zero placeholder variable so we don't have #ifdef around
 their absence elsehwere in the tree

---
 usr.bin/ssh/servconf.c | 86 ++++++++++++++++++++++++++++++++----------
 usr.bin/ssh/servconf.h | 69 +++++++++++++++++----------------
 2 files changed, 103 insertions(+), 52 deletions(-)

diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index 25cefef817a..ab25d5be7b9 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.447 2026/05/31 11:30:50 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.448 2026/05/31 13:12:07 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -85,7 +85,9 @@ initialize_server_options(ServerOptions *options)
 	init_##funcsuffix(options)
 #define SSHCONF_NONCONF(funcsuffix) \
 	init_##funcsuffix(options)
-#define SSHCONF_NOSUPPORT(var, conf, opcode, flags)	/* empty */
+#define SSHCONF_DEPRECATE(conf, flags, opcode)		/* empty */
+#define SSHCONF_UNSUPPORTED_INT(var, conf, flags)	options->var = 0;
+#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags)	options->var = NULL;
 #define SSHCONF_ALIAS(old, conf, flags)			/* empty */
 
 	/* Using macros for these is a bit overkill but forces consistency */
@@ -174,7 +176,9 @@ initialize_server_options(ServerOptions *options)
 #undef SSHCONF_STRARRAY
 #undef SSHCONF_CUSTOM
 #undef SSHCONF_NONCONF
-#undef SSHCONF_NOSUPPORT
+#undef SSHCONF_DEPRECATE
+#undef SSHCONF_UNSUPPORTED_INT
+#undef SSHCONF_UNSUPPORTED_STRING
 #undef SSHCONF_ALIAS
 }
 
@@ -266,7 +270,13 @@ fill_default_server_options(ServerOptions *options)
 #define SSHCONF_STRARRAY(var, nvar, conf, flags, cp)	/* done manually */
 #define SSHCONF_CUSTOM(conf, funcsuffix, flags, cp)	/* done manually */
 #define SSHCONF_NONCONF(funcsuffix)			/* done manually */
-#define SSHCONF_NOSUPPORT(var, conf, opcode, flags)	/* empty */
+#define SSHCONF_DEPRECATE(conf, flags, opcode)		/* empty */
+#define SSHCONF_UNSUPPORTED_INT(var, conf, flags)	options->var = 0;
+#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) \
+	do { \
+		free(options->var); \
+		options->var = NULL; \
+	} while (0);
 #define SSHCONF_ALIAS(old, conf, flags)			/* empty */
 
 	/* XXX maybe use macros here too to force consistency? */
@@ -279,7 +289,9 @@ fill_default_server_options(ServerOptions *options)
 #undef SSHCONF_STRARRAY
 #undef SSHCONF_CUSTOM
 #undef SSHCONF_NONCONF
-#undef SSHCONF_NOSUPPORT
+#undef SSHCONF_DEPRECATE
+#undef SSHCONF_UNSUPPORTED_INT
+#undef SSHCONF_UNSUPPORTED_STRING
 #undef SSHCONF_ALIAS
 
 	if (options->num_host_key_files == 0) {
@@ -430,7 +442,9 @@ fill_default_server_options(ServerOptions *options)
 #define SSHCONF_STRARRAY(var, nvar, conf, flags, cp)	s##conf,
 #define SSHCONF_CUSTOM(conf, funcsuffix, flags, cp)	s##conf,
 #define SSHCONF_NONCONF(funcsuffix)			/* empty */
-#define SSHCONF_NOSUPPORT(var, conf, opcode, flags)	/* empty */
+#define SSHCONF_DEPRECATE(conf, flags, opcode)		/* empty */
+#define SSHCONF_UNSUPPORTED_INT(var, conf, flags)	/* empty */
+#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags)	/* empty */
 #define SSHCONF_ALIAS(old, conf, flags)			/* empty */
 
 /* Keyword tokens. */
@@ -446,7 +460,9 @@ typedef enum {
 #undef SSHCONF_STRARRAY
 #undef SSHCONF_CUSTOM
 #undef SSHCONF_NONCONF
-#undef SSHCONF_NOSUPPORT
+#undef SSHCONF_DEPRECATE
+#undef SSHCONF_UNSUPPORTED_INT
+#undef SSHCONF_UNSUPPORTED_STRING
 #undef SSHCONF_ALIAS
 
 #define SSHCFG_GLOBAL		0x01	/* allowed in main section of config */
@@ -465,9 +481,12 @@ typedef enum {
 #define SSHCONF_NONCONF(funcsuffix)			/* empty */
 #define SSHCONF_DEPRECATED				sDeprecated
 #define SSHCONF_IGNORE					sIgnore
-#define SSHCONF_UNSUPPORTED				sUnsupported
-#define SSHCONF_NOSUPPORT(var, conf, opcode, flags) \
+#define SSHCONF_DEPRECATE(conf, flags, opcode) \
 	{ #conf, opcode, flags },
+#define SSHCONF_UNSUPPORTED_INT(var, conf, flags) \
+	{ #conf, sUnsupported, flags },
+#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) \
+	{ #conf, sUnsupported, flags },
 #define SSHCONF_ALIAS(old, conf, flags) \
 	{ #old, s##conf, flags },
 
@@ -490,8 +509,9 @@ static struct {
 #undef SSHCONF_NONCONF
 #undef SSHCONF_DEPRECATED
 #undef SSHCONF_IGNORE
-#undef SSHCONF_UNSUPPORTED
-#undef SSHCONF_NOSUPPORT
+#undef SSHCONF_DEPRECATE
+#undef SSHCONF_UNSUPPORTED_INT
+#undef SSHCONF_UNSUPPORTED_STRING
 #undef SSHCONF_ALIAS
 
 static struct {
@@ -3036,7 +3056,9 @@ serialise_server_options(const ServerOptions *options, struct sshbuf **bufp)
 #define SSHCONF_NONCONF(funcsuffix) \
 	if ((r = serialise_##funcsuffix(options, buf)) != 0) \
 		goto out;
-#define SSHCONF_NOSUPPORT(var, conf, opcode, flags)	/* empty */
+#define SSHCONF_DEPRECATE(conf, flags, opcode)		/* empty */
+#define SSHCONF_UNSUPPORTED_INT(var, conf, flags)	/* empty */
+#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags)	/* empty */
 #define SSHCONF_ALIAS(old, conf, flags)			/* empty */
 
 	SSHD_CONFIG_ENTRIES
@@ -3047,7 +3069,9 @@ serialise_server_options(const ServerOptions *options, struct sshbuf **bufp)
 #undef SSHCONF_STRARRAY
 #undef SSHCONF_CUSTOM
 #undef SSHCONF_NONCONF
-#undef SSHCONF_NOSUPPORT
+#undef SSHCONF_DEPRECATE
+#undef SSHCONF_UNSUPPORTED_INT
+#undef SSHCONF_UNSUPPORTED_STRING
 #undef SSHCONF_ALIAS
 
 	/* success */
@@ -3567,7 +3591,13 @@ deserialise_server_options(struct sshbuf *buf, ServerOptions *options)
 #define SSHCONF_NONCONF(funcsuffix) \
 	if ((r = deserialise_##funcsuffix(&new_options, buf)) != 0) \
 		goto out;
-#define SSHCONF_NOSUPPORT(var, conf, opcode, flags)	/* empty */
+#define SSHCONF_DEPRECATE(conf, flags, opcode)		/* empty */
+#define SSHCONF_UNSUPPORTED_INT(var, conf, flags)	new_options.var = 0;
+#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) \
+	do { \
+		free(new_options.var); \
+		new_options.var = NULL; \
+	} while (0);
 #define SSHCONF_ALIAS(old, conf, flags)			/* empty */
 
 	SSHD_CONFIG_ENTRIES
@@ -3584,7 +3614,9 @@ deserialise_server_options(struct sshbuf *buf, ServerOptions *options)
 #undef SSHCONF_STRARRAY
 #undef SSHCONF_CUSTOM
 #undef SSHCONF_NONCONF
-#undef SSHCONF_NOSUPPORT
+#undef SSHCONF_DEPRECATE
+#undef SSHCONF_UNSUPPORTED_INT
+#undef SSHCONF_UNSUPPORTED_STRING
 #undef SSHCONF_ALIAS
 
 	/* success */
@@ -3657,7 +3689,13 @@ free_server_options(ServerOptions *options)
 	free_##funcsuffix(options);
 #define SSHCONF_NONCONF(funcsuffix) \
 	free_##funcsuffix(options);
-#define SSHCONF_NOSUPPORT(var, conf, opcode, flags)	/* empty */
+#define SSHCONF_DEPRECATE(conf, flags, opcode)		/* empty */
+#define SSHCONF_UNSUPPORTED_INT(var, conf, flags)	options->var = 0;
+#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) \
+	do { \
+		free(options->var); \
+		options->var = NULL; \
+	} while (0);
 #define SSHCONF_ALIAS(old, conf, flags)			/* empty */
 
 #define free_ipqos(options)
@@ -3694,7 +3732,9 @@ free_server_options(ServerOptions *options)
 #undef SSHCONF_STRARRAY
 #undef SSHCONF_CUSTOM
 #undef SSHCONF_NONCONF
-#undef SSHCONF_NOSUPPORT
+#undef SSHCONF_DEPRECATE
+#undef SSHCONF_UNSUPPORTED_INT
+#undef SSHCONF_UNSUPPORTED_STRING
 #undef SSHCONF_ALIAS
 
 	initialize_server_options(options);
@@ -3825,7 +3865,13 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
 #define SSHCONF_CUSTOM(conf, funcsuffix, flags, cp) \
 	cp(copy_##funcsuffix(dst, src);)
 #define SSHCONF_NONCONF(funcsuffix)			/* empty */
-#define SSHCONF_NOSUPPORT(var, conf, opcode, flags)	/* empty */
+#define SSHCONF_DEPRECATE(conf, flags, opcode)		/* empty */
+#define SSHCONF_UNSUPPORTED_INT(var, conf, flags)	dst->var = 0;
+#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags) \
+	do { \
+		free(dst->var); \
+		dst->var = NULL; \
+	} while (0);
 #define SSHCONF_ALIAS(old, conf, flags)			/* empty */
 
 	SSHD_CONFIG_ENTRIES
@@ -3836,7 +3882,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
 #undef SSHCONF_STRARRAY
 #undef SSHCONF_CUSTOM
 #undef SSHCONF_NONCONF
-#undef SSHCONF_NOSUPPORT
+#undef SSHCONF_DEPRECATE
+#undef SSHCONF_UNSUPPORTED_INT
+#undef SSHCONF_UNSUPPORTED_STRING
 #undef SSHCONF_ALIAS
 
 	/*
diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h
index 3b8f876bad8..f6c46722ab6 100644
--- a/usr.bin/ssh/servconf.h
+++ b/usr.bin/ssh/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.177 2026/05/31 11:30:50 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.178 2026/05/31 13:12:07 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -117,8 +117,10 @@ struct per_source_penalty {
  * their corresponding variable definitions in ServerOptions. The integer
  * options also include defaults for initialisation.
  *
- * Unsupported, deprecated and ignored options use SSHCONF_NOSUPPORT and
- * don't populate ServerOptions. Deprecated aliases that still work use
+ * Deprecated and ignored options use SSHCONF_DEPRECATE and don't populate
+ * ServerOptions. Unsupported options use SSHCONF_UNSUPPORTED_INT or
+ * SSHCONF_UNSUPPORTED_STRING to populate placeholders in ServerOptions that
+ * are not otherwise used. Deprecated aliases that still work use
  * SSHCONF_ALIAS.
  *
  * Why go to all this trouble? It ensures a level of consistency between
@@ -133,7 +135,9 @@ struct per_source_penalty {
  *   SSHCONF_STRARRAY(field, nfield, keyword, scope, copy)
  *   SSHCONF_CUSTOM(keyword, suffix, scope, copy)
  *   SSHCONF_NONCONF(suffix)
- *   SSHCONF_NOSUPPORT(field, keyword, token, scope)
+ *   SSHCONF_DEPRECATE(keyword, scope, token)
+ *   SSHCONF_UNSUPPORTED_INT(field, keyword, scope)
+ *   SSHCONF_UNSUPPORTED_STRING(field, keyword, scope)
  *   SSHCONF_ALIAS(old_keyword, keyword, scope)
  */
 #define SSHD_CONFIG_ENTRIES_CUSTOM \
@@ -234,18 +238,20 @@ SSHCONF_STRING(sshd_auth_path, SshdAuthPath, SSHCFG_GLOBAL, SSHCFG_COPY_NONE) \
 SSHCONF_INTFLAG(refuse_connection, RefuseConnection, SSHCFG_ALL, 0, SSHCFG_COPY_MATCH)
 
 #define SSHD_CONFIG_ENTRIES_LEGACY \
-SSHCONF_NOSUPPORT(server_key_bits, ServerKeyBits, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(key_regeneration_interval, KeyRegenerationInterval, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(rhosts_authentication, RHostsAuthentication, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(rhosts_rsa_authentication, RhostsRSAAuthentication, SSHCONF_DEPRECATED, SSHCFG_ALL) \
-SSHCONF_NOSUPPORT(rsa_authentication, RSAAuthentication, SSHCONF_DEPRECATED, SSHCFG_ALL) \
-SSHCONF_NOSUPPORT(check_mail, CheckMail, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(use_login, UseLogin, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(verify_reverse_mapping, VerifyReverseMapping, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(reverse_mapping_check, ReverseMappingCheck, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(authorized_keys_file2, AuthorizedKeysFile2, SSHCONF_DEPRECATED, SSHCFG_ALL) \
-SSHCONF_NOSUPPORT(use_privilege_separation, UsePrivilegeSeparation, SSHCONF_DEPRECATED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(protocol, Protocol, SSHCONF_IGNORE, SSHCFG_GLOBAL)
+SSHCONF_DEPRECATE(ServerKeyBits, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \
+SSHCONF_DEPRECATE(KeyRegenerationInterval, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \
+SSHCONF_DEPRECATE(RHostsAuthentication, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \
+SSHCONF_DEPRECATE(RhostsRSAAuthentication, SSHCFG_ALL, SSHCONF_DEPRECATED) \
+SSHCONF_DEPRECATE(RSAAuthentication, SSHCFG_ALL, SSHCONF_DEPRECATED) \
+SSHCONF_DEPRECATE(CheckMail, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \
+SSHCONF_DEPRECATE(UseLogin, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \
+SSHCONF_DEPRECATE(VerifyReverseMapping, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \
+SSHCONF_DEPRECATE(ReverseMappingCheck, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \
+SSHCONF_DEPRECATE(AuthorizedKeysFile2, SSHCFG_ALL, SSHCONF_DEPRECATED) \
+SSHCONF_DEPRECATE(UsePrivilegeSeparation, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \
+SSHCONF_DEPRECATE(KerberosTgtPassing, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \
+SSHCONF_DEPRECATE(AFSTokenPassing, SSHCFG_GLOBAL, SSHCONF_DEPRECATED) \
+SSHCONF_DEPRECATE(Protocol, SSHCFG_GLOBAL, SSHCONF_IGNORE)
 
 #define SSHD_CONFIG_ENTRIES_ALIASES \
 SSHCONF_ALIAS(HostDSAKey, HostKey, SSHCFG_GLOBAL) \
@@ -263,13 +269,8 @@ SSHCONF_ALIAS(KeepAlive, TCPKeepAlive, SSHCFG_GLOBAL)
 	SSHD_CONFIG_ENTRIES_ALIASES \
 	SSHD_CONFIG_ENTRIES_LASTLOG
 
-#ifdef DISABLE_LASTLOG
-#define SSHD_CONFIG_ENTRIES_LASTLOG \
-SSHCONF_NOSUPPORT(print_lastlog, PrintLastLog, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL)
-#else
 #define SSHD_CONFIG_ENTRIES_LASTLOG \
 SSHCONF_INTFLAG(print_lastlog, PrintLastLog, SSHCFG_GLOBAL, 1, SSHCFG_COPY_NONE)
-#endif
 
 /* Compile-time enabled options */
 #ifdef KRB5
@@ -282,12 +283,10 @@ SSHCONF_INTFLAG(kerberos_ticket_cleanup, KerberosTicketCleanup, SSHCFG_GLOBAL, 1
 SSHCONF_INTFLAG(kerberos_get_afs_token, KerberosGetAFSToken, SSHCFG_GLOBAL, 0, SSHCFG_COPY_NONE)
 #else /* KRB5 */
 #define SSHD_CONFIG_ENTRIES_KRB5 \
-SSHCONF_NOSUPPORT(kerberos_authentication, KerberosAuthentication, SSHCONF_UNSUPPORTED, SSHCFG_ALL) \
-SSHCONF_NOSUPPORT(kerberos_or_local_passwd, KerberosOrLocalPasswd, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(kerberos_ticket_cleanup, KerberosTicketCleanup, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(kerberos_get_afs_token, KerberosGetAFSToken, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(kerberos_tgt_passing, KerberosTgtPassing, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(afs_token_passing, AFSTokenPassing, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL)
+SSHCONF_UNSUPPORTED_INT(kerberos_authentication, KerberosAuthentication, SSHCFG_ALL) \
+SSHCONF_UNSUPPORTED_INT(kerberos_or_local_passwd, KerberosOrLocalPasswd, SSHCFG_GLOBAL) \
+SSHCONF_UNSUPPORTED_INT(kerberos_ticket_cleanup, KerberosTicketCleanup, SSHCFG_GLOBAL) \
+SSHCONF_UNSUPPORTED_INT(kerberos_get_afs_token, KerberosGetAFSToken, SSHCFG_GLOBAL)
 #endif /* KRB5 */
 
 #ifdef GSSAPI
@@ -298,10 +297,10 @@ SSHCONF_INTFLAG(gss_deleg_creds, GssDelegateCreds, SSHCFG_GLOBAL, 1, SSHCFG_COPY
 SSHCONF_INTFLAG(gss_strict_acceptor, GssStrictAcceptor, SSHCFG_GLOBAL, 1, SSHCFG_COPY_NONE)
 #else /* GSSAPI */
 #define SSHD_CONFIG_ENTRIES_GSS \
-SSHCONF_NOSUPPORT(gss_authentication, GssAuthentication, SSHCONF_UNSUPPORTED, SSHCFG_ALL) \
-SSHCONF_NOSUPPORT(gss_cleanup_creds, GssCleanupCreds, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(gss_deleg_creds, GssDelegateCreds, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL) \
-SSHCONF_NOSUPPORT(gss_strict_acceptor, GssStrictAcceptor, SSHCONF_UNSUPPORTED, SSHCFG_GLOBAL)
+SSHCONF_UNSUPPORTED_INT(gss_authentication, GssAuthentication, SSHCFG_ALL) \
+SSHCONF_UNSUPPORTED_INT(gss_cleanup_creds, GssCleanupCreds, SSHCFG_GLOBAL) \
+SSHCONF_UNSUPPORTED_INT(gss_deleg_creds, GssDelegateCreds, SSHCFG_GLOBAL) \
+SSHCONF_UNSUPPORTED_INT(gss_strict_acceptor, GssStrictAcceptor, SSHCFG_GLOBAL)
 #endif /* GSSAPI */
 
 #define SSHD_CONFIG_ENTRIES \
@@ -318,7 +317,9 @@ SSHCONF_NOSUPPORT(gss_strict_acceptor, GssStrictAcceptor, SSHCONF_UNSUPPORTED, S
 	u_int nvar;
 #define SSHCONF_CUSTOM(conf, funcsuffix, flags, cp)	/* empty */
 #define SSHCONF_NONCONF(funcsuffix)			/* empty */
-#define SSHCONF_NOSUPPORT(var, conf, opcode, flags)	/* empty */
+#define SSHCONF_DEPRECATE(conf, flags, opcode)		/* empty */
+#define SSHCONF_UNSUPPORTED_INT(var, conf, flags)	int var;
+#define SSHCONF_UNSUPPORTED_STRING(var, conf, flags)	char *var;
 #define SSHCONF_ALIAS(old, conf, flags)			/* empty */
 
 typedef struct ServerOptions {
@@ -374,7 +375,9 @@ typedef struct ServerOptions {
 #undef SSHCONF_STRARRAY
 #undef SSHCONF_CUSTOM
 #undef SSHCONF_NONCONF
-#undef SSHCONF_NOSUPPORT
+#undef SSHCONF_DEPRECATE
+#undef SSHCONF_UNSUPPORTED_INT
+#undef SSHCONF_UNSUPPORTED_STRING
 #undef SSHCONF_ALIAS
 
 /* Information about the incoming connection as used by Match */