summaryrefslogtreecommitdiff
path: root/match.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-07-04 13:49:31 +0000
committerDamien Miller <djm@mindrot.org>2018-07-04 23:51:52 +1000
commit312d2f2861a2598ed08587cb6c45c0e98a85408f (patch)
treee3bdc4facef48a89cd76fa793d9e70211b7ff8d2 /match.c
parent303af5803bd74bf05d375c04e1a83b40c30b2be5 (diff)
upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA
signature work - returns ability to add/remove/specify algorithms by wildcard. Algorithm lists are now fully expanded when the server/client configs are finalised, so errors are reported early and the config dumps (e.g. "ssh -G ...") now list the actual algorithms selected. Clarify that, while wildcards are accepted in algorithm lists, they aren't full pattern-lists that support negation. (lots of) feedback, ok markus@ OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
Diffstat (limited to 'match.c')
-rw-r--r--match.c36
1 files changed, 30 insertions, 6 deletions
diff --git a/match.c b/match.c
index 3cf40306b..bb3e95f67 100644
--- a/match.c
+++ b/match.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: match.c,v 1.37 2017/03/10 04:24:55 djm Exp $ */ 1/* $OpenBSD: match.c,v 1.38 2018/07/04 13:49:31 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -294,16 +294,20 @@ match_list(const char *client, const char *server, u_int *next)
294} 294}
295 295
296/* 296/*
297 * Filters a comma-separated list of strings, excluding any entry matching 297 * Filter proposal using pattern-list filter.
298 * the 'filter' pattern list. Caller must free returned string. 298 * "blacklist" determines sense of filter:
299 * non-zero indicates that items matching filter should be excluded.
300 * zero indicates that only items matching filter should be included.
301 * returns NULL on allocation error, otherwise caller must free result.
299 */ 302 */
300char * 303static char *
301match_filter_list(const char *proposal, const char *filter) 304filter_list(const char *proposal, const char *filter, int blacklist)
302{ 305{
303 size_t len = strlen(proposal) + 1; 306 size_t len = strlen(proposal) + 1;
304 char *fix_prop = malloc(len); 307 char *fix_prop = malloc(len);
305 char *orig_prop = strdup(proposal); 308 char *orig_prop = strdup(proposal);
306 char *cp, *tmp; 309 char *cp, *tmp;
310 int r;
307 311
308 if (fix_prop == NULL || orig_prop == NULL) { 312 if (fix_prop == NULL || orig_prop == NULL) {
309 free(orig_prop); 313 free(orig_prop);
@@ -314,7 +318,8 @@ match_filter_list(const char *proposal, const char *filter)
314 tmp = orig_prop; 318 tmp = orig_prop;
315 *fix_prop = '\0'; 319 *fix_prop = '\0';
316 while ((cp = strsep(&tmp, ",")) != NULL) { 320 while ((cp = strsep(&tmp, ",")) != NULL) {
317 if (match_pattern_list(cp, filter, 0) != 1) { 321 r = match_pattern_list(cp, filter, 0);
322 if ((blacklist && r != 1) || (!blacklist && r == 1)) {
318 if (*fix_prop != '\0') 323 if (*fix_prop != '\0')
319 strlcat(fix_prop, ",", len); 324 strlcat(fix_prop, ",", len);
320 strlcat(fix_prop, cp, len); 325 strlcat(fix_prop, cp, len);
@@ -324,3 +329,22 @@ match_filter_list(const char *proposal, const char *filter)
324 return fix_prop; 329 return fix_prop;
325} 330}
326 331
332/*
333 * Filters a comma-separated list of strings, excluding any entry matching
334 * the 'filter' pattern list. Caller must free returned string.
335 */
336char *
337match_filter_blacklist(const char *proposal, const char *filter)
338{
339 return filter_list(proposal, filter, 1);
340}
341
342/*
343 * Filters a comma-separated list of strings, including only entries matching
344 * the 'filter' pattern list. Caller must free returned string.
345 */
346char *
347match_filter_whitelist(const char *proposal, const char *filter)
348{
349 return filter_list(proposal, filter, 0);
350}