diff options
author | Darren Tucker <dtucker@zip.com.au> | 2008-06-11 09:34:46 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-11 09:34:46 +1000 |
commit | 896ad5a4e40c48fa9bea71624830cc9cc3ce4fe0 (patch) | |
tree | aa6eaa6f9ce31379b0843fed78b7487c87e0f7f3 /addrmatch.c | |
parent | 8901fa9c88d52ac1f099e7a3ce5bd75089e7e731 (diff) |
- djm@cvs.openbsd.org 2008/06/10 23:06:19
[auth-options.c match.c servconf.c addrmatch.c sshd.8]
support CIDR address matching in .ssh/authorized_keys from="..." stanzas
ok and extensive testing dtucker@
Diffstat (limited to 'addrmatch.c')
-rw-r--r-- | addrmatch.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/addrmatch.c b/addrmatch.c index a0559efa0..2086afe84 100644 --- a/addrmatch.c +++ b/addrmatch.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: addrmatch.c,v 1.2 2008/06/10 05:22:45 djm Exp $ */ | 1 | /* $OpenBSD: addrmatch.c,v 1.3 2008/06/10 23:06:19 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> | 4 | * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> |
@@ -366,7 +366,8 @@ addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen) | |||
366 | * | 366 | * |
367 | * Returns 1 on match found (never returned when addr == NULL). | 367 | * Returns 1 on match found (never returned when addr == NULL). |
368 | * Returns 0 on if no match found, or no errors found when addr == NULL. | 368 | * Returns 0 on if no match found, or no errors found when addr == NULL. |
369 | * Returns -1 on invalid list entry. | 369 | * Returns -1 on negated match found (never returned when addr == NULL). |
370 | * Returns -2 on invalid list entry. | ||
370 | */ | 371 | */ |
371 | int | 372 | int |
372 | addr_match_list(const char *addr, const char *_list) | 373 | addr_match_list(const char *addr, const char *_list) |
@@ -387,7 +388,7 @@ addr_match_list(const char *addr, const char *_list) | |||
387 | if (neg) | 388 | if (neg) |
388 | cp++; | 389 | cp++; |
389 | if (*cp == '\0') { | 390 | if (*cp == '\0') { |
390 | ret = -1; | 391 | ret = -2; |
391 | break; | 392 | break; |
392 | } | 393 | } |
393 | /* Prefer CIDR address matching */ | 394 | /* Prefer CIDR address matching */ |
@@ -395,14 +396,14 @@ addr_match_list(const char *addr, const char *_list) | |||
395 | if (r == -2) { | 396 | if (r == -2) { |
396 | error("Inconsistent mask length for " | 397 | error("Inconsistent mask length for " |
397 | "network \"%.100s\"", cp); | 398 | "network \"%.100s\"", cp); |
398 | ret = -1; | 399 | ret = -2; |
399 | break; | 400 | break; |
400 | } else if (r == 0) { | 401 | } else if (r == 0) { |
401 | if (addr != NULL && addr_netmatch(&try_addr, | 402 | if (addr != NULL && addr_netmatch(&try_addr, |
402 | &match_addr, masklen) == 0) { | 403 | &match_addr, masklen) == 0) { |
403 | foundit: | 404 | foundit: |
404 | if (neg) { | 405 | if (neg) { |
405 | ret = 0; | 406 | ret = -1; |
406 | break; | 407 | break; |
407 | } | 408 | } |
408 | ret = 1; | 409 | ret = 1; |