diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2015-10-29 08:05:01 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2015-10-29 19:07:18 +1100 |
| commit | ed08510d38aef930a061ae30d10f2a9cf233bafa (patch) | |
| tree | eb19b1fff54d472a34421ee3a95acd3d97643366 | |
| parent | a4aef3ed29071719b2af82fdf1ac3c2514f82bc5 (diff) | |
upstream commit
Fix "PubkeyAcceptedKeyTypes +..." inside a Match block;
ok dtucker@
Upstream-ID: 853662c4036730b966aab77684390c47b9738c69
| -rw-r--r-- | servconf.c | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/servconf.c b/servconf.c index f9be7f093..17cb094c7 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | 1 | ||
| 2 | /* $OpenBSD: servconf.c,v 1.281 2015/08/21 23:52:30 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.282 2015/10/29 08:05:01 djm Exp $ */ |
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 5 | * All rights reserved | 5 | * All rights reserved |
| @@ -178,6 +178,20 @@ option_clear_or_none(const char *o) | |||
| 178 | return o == NULL || strcasecmp(o, "none") == 0; | 178 | return o == NULL || strcasecmp(o, "none") == 0; |
| 179 | } | 179 | } |
| 180 | 180 | ||
| 181 | static void | ||
| 182 | assemble_algorithms(ServerOptions *o) | ||
| 183 | { | ||
| 184 | if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 || | ||
| 185 | kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 || | ||
| 186 | kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 || | ||
| 187 | kex_assemble_names(KEX_DEFAULT_PK_ALG, | ||
| 188 | &o->hostkeyalgorithms) != 0 || | ||
| 189 | kex_assemble_names(KEX_DEFAULT_PK_ALG, | ||
| 190 | &o->hostbased_key_types) != 0 || | ||
| 191 | kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0) | ||
| 192 | fatal("kex_assemble_names failed"); | ||
| 193 | } | ||
| 194 | |||
| 181 | void | 195 | void |
| 182 | fill_default_server_options(ServerOptions *options) | 196 | fill_default_server_options(ServerOptions *options) |
| 183 | { | 197 | { |
| @@ -340,16 +354,7 @@ fill_default_server_options(ServerOptions *options) | |||
| 340 | if (options->fingerprint_hash == -1) | 354 | if (options->fingerprint_hash == -1) |
| 341 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; | 355 | options->fingerprint_hash = SSH_FP_HASH_DEFAULT; |
| 342 | 356 | ||
| 343 | if (kex_assemble_names(KEX_SERVER_ENCRYPT, &options->ciphers) != 0 || | 357 | assemble_algorithms(options); |
| 344 | kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 || | ||
| 345 | kex_assemble_names(KEX_SERVER_KEX, &options->kex_algorithms) != 0 || | ||
| 346 | kex_assemble_names(KEX_DEFAULT_PK_ALG, | ||
| 347 | &options->hostkeyalgorithms) != 0 || | ||
| 348 | kex_assemble_names(KEX_DEFAULT_PK_ALG, | ||
| 349 | &options->hostbased_key_types) != 0 || | ||
| 350 | kex_assemble_names(KEX_DEFAULT_PK_ALG, | ||
| 351 | &options->pubkey_key_types) != 0) | ||
| 352 | fatal("%s: kex_assemble_names failed", __func__); | ||
| 353 | 358 | ||
| 354 | /* Turn privilege separation on by default */ | 359 | /* Turn privilege separation on by default */ |
| 355 | if (use_privsep == -1) | 360 | if (use_privsep == -1) |
| @@ -2019,6 +2024,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
| 2019 | /* See comment in servconf.h */ | 2024 | /* See comment in servconf.h */ |
| 2020 | COPY_MATCH_STRING_OPTS(); | 2025 | COPY_MATCH_STRING_OPTS(); |
| 2021 | 2026 | ||
| 2027 | /* Arguments that accept '+...' need to be expanded */ | ||
| 2028 | assemble_algorithms(dst); | ||
| 2029 | |||
| 2022 | /* | 2030 | /* |
| 2023 | * The only things that should be below this point are string options | 2031 | * The only things that should be below this point are string options |
| 2024 | * which are only used after authentication. | 2032 | * which are only used after authentication. |