diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-06-19 02:59:41 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-06-19 13:00:50 +1000 |
| commit | 87ddd676da0f3abd08b778b12b53b91b670dc93c (patch) | |
| tree | 57bf11cf56aeddffdafdc97b74d7bc632c317df7 /auth-options.c | |
| parent | 26f96ca10ad0ec5da9b05b99de1e1ccea15a11be (diff) | |
upstream: allow bare port numbers to appear in PermitListen directives,
e.g.
PermitListen 2222 8080
is equivalent to:
PermitListen *:2222 *:8080
Some bonus manpage improvements, mostly from markus@
"looks fine" markus@
OpenBSD-Commit-ID: 6546b0cc5aab7f53d65ad0a348ca0ae591d6dd24
Diffstat (limited to 'auth-options.c')
| -rw-r--r-- | auth-options.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/auth-options.c b/auth-options.c index 151b16ece..27c0eb05e 100644 --- a/auth-options.c +++ b/auth-options.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: auth-options.c,v 1.82 2018/06/07 09:26:42 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.83 2018/06/19 02:59:41 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2018 Damien Miller <djm@mindrot.org> |
| 4 | * | 4 | * |
| @@ -313,8 +313,8 @@ sshauthopt_new_with_keys_defaults(void) | |||
| 313 | * Return 0 on success. Return -1 on failure and sets *errstrp to error reason. | 313 | * Return 0 on success. Return -1 on failure and sets *errstrp to error reason. |
| 314 | */ | 314 | */ |
| 315 | static int | 315 | static int |
| 316 | handle_permit(const char **optsp, char ***permitsp, size_t *npermitsp, | 316 | handle_permit(const char **optsp, int allow_bare_port, |
| 317 | const char **errstrp) | 317 | char ***permitsp, size_t *npermitsp, const char **errstrp) |
| 318 | { | 318 | { |
| 319 | char *opt, *tmp, *cp, *host, **permits = *permitsp; | 319 | char *opt, *tmp, *cp, *host, **permits = *permitsp; |
| 320 | size_t npermits = *npermitsp; | 320 | size_t npermits = *npermitsp; |
| @@ -327,6 +327,18 @@ handle_permit(const char **optsp, char ***permitsp, size_t *npermitsp, | |||
| 327 | if ((opt = opt_dequote(optsp, &errstr)) == NULL) { | 327 | if ((opt = opt_dequote(optsp, &errstr)) == NULL) { |
| 328 | return -1; | 328 | return -1; |
| 329 | } | 329 | } |
| 330 | if (allow_bare_port && strchr(opt, ':') == NULL) { | ||
| 331 | /* | ||
| 332 | * Allow a bare port number in permitlisten to indicate a | ||
| 333 | * listen_host wildcard. | ||
| 334 | */ | ||
| 335 | if (asprintf(&tmp, "*:%s", opt) < 0) { | ||
| 336 | *errstrp = "memory allocation failed"; | ||
| 337 | return -1; | ||
| 338 | } | ||
| 339 | free(opt); | ||
| 340 | opt = tmp; | ||
| 341 | } | ||
| 330 | if ((tmp = strdup(opt)) == NULL) { | 342 | if ((tmp = strdup(opt)) == NULL) { |
| 331 | free(opt); | 343 | free(opt); |
| 332 | *errstrp = "memory allocation failed"; | 344 | *errstrp = "memory allocation failed"; |
| @@ -474,11 +486,11 @@ sshauthopt_parse(const char *opts, const char **errstrp) | |||
| 474 | } | 486 | } |
| 475 | ret->env[ret->nenv++] = opt; | 487 | ret->env[ret->nenv++] = opt; |
| 476 | } else if (opt_match(&opts, "permitopen")) { | 488 | } else if (opt_match(&opts, "permitopen")) { |
| 477 | if (handle_permit(&opts, &ret->permitopen, | 489 | if (handle_permit(&opts, 0, &ret->permitopen, |
| 478 | &ret->npermitopen, &errstr) != 0) | 490 | &ret->npermitopen, &errstr) != 0) |
| 479 | goto fail; | 491 | goto fail; |
| 480 | } else if (opt_match(&opts, "permitlisten")) { | 492 | } else if (opt_match(&opts, "permitlisten")) { |
| 481 | if (handle_permit(&opts, &ret->permitlisten, | 493 | if (handle_permit(&opts, 1, &ret->permitlisten, |
| 482 | &ret->npermitlisten, &errstr) != 0) | 494 | &ret->npermitlisten, &errstr) != 0) |
| 483 | goto fail; | 495 | goto fail; |
| 484 | } else if (opt_match(&opts, "tunnel")) { | 496 | } else if (opt_match(&opts, "tunnel")) { |