diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-06-19 02:59:41 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-06-19 13:00:50 +1000 |
commit | 87ddd676da0f3abd08b778b12b53b91b670dc93c (patch) | |
tree | 57bf11cf56aeddffdafdc97b74d7bc632c317df7 /auth-options.c | |
parent | 26f96ca10ad0ec5da9b05b99de1e1ccea15a11be (diff) |
upstream: allow bare port numbers to appear in PermitListen directives,
e.g.
PermitListen 2222 8080
is equivalent to:
PermitListen *:2222 *:8080
Some bonus manpage improvements, mostly from markus@
"looks fine" markus@
OpenBSD-Commit-ID: 6546b0cc5aab7f53d65ad0a348ca0ae591d6dd24
Diffstat (limited to 'auth-options.c')
-rw-r--r-- | auth-options.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/auth-options.c b/auth-options.c index 151b16ece..27c0eb05e 100644 --- a/auth-options.c +++ b/auth-options.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: auth-options.c,v 1.82 2018/06/07 09:26:42 djm Exp $ */ | 1 | /* $OpenBSD: auth-options.c,v 1.83 2018/06/19 02:59:41 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2018 Damien Miller <djm@mindrot.org> | 3 | * Copyright (c) 2018 Damien Miller <djm@mindrot.org> |
4 | * | 4 | * |
@@ -313,8 +313,8 @@ sshauthopt_new_with_keys_defaults(void) | |||
313 | * Return 0 on success. Return -1 on failure and sets *errstrp to error reason. | 313 | * Return 0 on success. Return -1 on failure and sets *errstrp to error reason. |
314 | */ | 314 | */ |
315 | static int | 315 | static int |
316 | handle_permit(const char **optsp, char ***permitsp, size_t *npermitsp, | 316 | handle_permit(const char **optsp, int allow_bare_port, |
317 | const char **errstrp) | 317 | char ***permitsp, size_t *npermitsp, const char **errstrp) |
318 | { | 318 | { |
319 | char *opt, *tmp, *cp, *host, **permits = *permitsp; | 319 | char *opt, *tmp, *cp, *host, **permits = *permitsp; |
320 | size_t npermits = *npermitsp; | 320 | size_t npermits = *npermitsp; |
@@ -327,6 +327,18 @@ handle_permit(const char **optsp, char ***permitsp, size_t *npermitsp, | |||
327 | if ((opt = opt_dequote(optsp, &errstr)) == NULL) { | 327 | if ((opt = opt_dequote(optsp, &errstr)) == NULL) { |
328 | return -1; | 328 | return -1; |
329 | } | 329 | } |
330 | if (allow_bare_port && strchr(opt, ':') == NULL) { | ||
331 | /* | ||
332 | * Allow a bare port number in permitlisten to indicate a | ||
333 | * listen_host wildcard. | ||
334 | */ | ||
335 | if (asprintf(&tmp, "*:%s", opt) < 0) { | ||
336 | *errstrp = "memory allocation failed"; | ||
337 | return -1; | ||
338 | } | ||
339 | free(opt); | ||
340 | opt = tmp; | ||
341 | } | ||
330 | if ((tmp = strdup(opt)) == NULL) { | 342 | if ((tmp = strdup(opt)) == NULL) { |
331 | free(opt); | 343 | free(opt); |
332 | *errstrp = "memory allocation failed"; | 344 | *errstrp = "memory allocation failed"; |
@@ -474,11 +486,11 @@ sshauthopt_parse(const char *opts, const char **errstrp) | |||
474 | } | 486 | } |
475 | ret->env[ret->nenv++] = opt; | 487 | ret->env[ret->nenv++] = opt; |
476 | } else if (opt_match(&opts, "permitopen")) { | 488 | } else if (opt_match(&opts, "permitopen")) { |
477 | if (handle_permit(&opts, &ret->permitopen, | 489 | if (handle_permit(&opts, 0, &ret->permitopen, |
478 | &ret->npermitopen, &errstr) != 0) | 490 | &ret->npermitopen, &errstr) != 0) |
479 | goto fail; | 491 | goto fail; |
480 | } else if (opt_match(&opts, "permitlisten")) { | 492 | } else if (opt_match(&opts, "permitlisten")) { |
481 | if (handle_permit(&opts, &ret->permitlisten, | 493 | if (handle_permit(&opts, 1, &ret->permitlisten, |
482 | &ret->npermitlisten, &errstr) != 0) | 494 | &ret->npermitlisten, &errstr) != 0) |
483 | goto fail; | 495 | goto fail; |
484 | } else if (opt_match(&opts, "tunnel")) { | 496 | } else if (opt_match(&opts, "tunnel")) { |