diff options
| author | Darren Tucker <dtucker@zip.com.au> | 2008-06-11 09:34:46 +1000 |
|---|---|---|
| committer | Darren Tucker <dtucker@zip.com.au> | 2008-06-11 09:34:46 +1000 |
| commit | 896ad5a4e40c48fa9bea71624830cc9cc3ce4fe0 (patch) | |
| tree | aa6eaa6f9ce31379b0843fed78b7487c87e0f7f3 /addrmatch.c | |
| parent | 8901fa9c88d52ac1f099e7a3ce5bd75089e7e731 (diff) | |
- djm@cvs.openbsd.org 2008/06/10 23:06:19
[auth-options.c match.c servconf.c addrmatch.c sshd.8]
support CIDR address matching in .ssh/authorized_keys from="..." stanzas
ok and extensive testing dtucker@
Diffstat (limited to 'addrmatch.c')
| -rw-r--r-- | addrmatch.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/addrmatch.c b/addrmatch.c index a0559efa0..2086afe84 100644 --- a/addrmatch.c +++ b/addrmatch.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: addrmatch.c,v 1.2 2008/06/10 05:22:45 djm Exp $ */ | 1 | /* $OpenBSD: addrmatch.c,v 1.3 2008/06/10 23:06:19 djm Exp $ */ |
| 2 | 2 | ||
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> | 4 | * Copyright (c) 2004-2008 Damien Miller <djm@mindrot.org> |
| @@ -366,7 +366,8 @@ addr_netmatch(const struct xaddr *host, const struct xaddr *net, u_int masklen) | |||
| 366 | * | 366 | * |
| 367 | * Returns 1 on match found (never returned when addr == NULL). | 367 | * Returns 1 on match found (never returned when addr == NULL). |
| 368 | * Returns 0 on if no match found, or no errors found when addr == NULL. | 368 | * Returns 0 on if no match found, or no errors found when addr == NULL. |
| 369 | * Returns -1 on invalid list entry. | 369 | * Returns -1 on negated match found (never returned when addr == NULL). |
| 370 | * Returns -2 on invalid list entry. | ||
| 370 | */ | 371 | */ |
| 371 | int | 372 | int |
| 372 | addr_match_list(const char *addr, const char *_list) | 373 | addr_match_list(const char *addr, const char *_list) |
| @@ -387,7 +388,7 @@ addr_match_list(const char *addr, const char *_list) | |||
| 387 | if (neg) | 388 | if (neg) |
| 388 | cp++; | 389 | cp++; |
| 389 | if (*cp == '\0') { | 390 | if (*cp == '\0') { |
| 390 | ret = -1; | 391 | ret = -2; |
| 391 | break; | 392 | break; |
| 392 | } | 393 | } |
| 393 | /* Prefer CIDR address matching */ | 394 | /* Prefer CIDR address matching */ |
| @@ -395,14 +396,14 @@ addr_match_list(const char *addr, const char *_list) | |||
| 395 | if (r == -2) { | 396 | if (r == -2) { |
| 396 | error("Inconsistent mask length for " | 397 | error("Inconsistent mask length for " |
| 397 | "network \"%.100s\"", cp); | 398 | "network \"%.100s\"", cp); |
| 398 | ret = -1; | 399 | ret = -2; |
| 399 | break; | 400 | break; |
| 400 | } else if (r == 0) { | 401 | } else if (r == 0) { |
| 401 | if (addr != NULL && addr_netmatch(&try_addr, | 402 | if (addr != NULL && addr_netmatch(&try_addr, |
| 402 | &match_addr, masklen) == 0) { | 403 | &match_addr, masklen) == 0) { |
| 403 | foundit: | 404 | foundit: |
| 404 | if (neg) { | 405 | if (neg) { |
| 405 | ret = 0; | 406 | ret = -1; |
| 406 | break; | 407 | break; |
| 407 | } | 408 | } |
| 408 | ret = 1; | 409 | ret = 1; |