diff options
| author | dtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org> | 2017-11-03 03:18:53 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-11-03 16:20:41 +1100 |
| commit | 0208a48517b5e8e8b091f32fa4addcd67c31ca9e (patch) | |
| tree | 46491aae590608502d7a3ef3a1510b361093c07d /servconf.c | |
| parent | c357eed5a52cd2f4ff358b17e30e3f9a800644da (diff) | |
upstream commit
When doing a config test with sshd -T, only require the
attributes that are actually used in Match criteria rather than (an
incomplete list of) all criteria. ok djm@, man page help jmc@
OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc
Diffstat (limited to 'servconf.c')
| -rw-r--r-- | servconf.c | 47 |
1 files changed, 27 insertions, 20 deletions
diff --git a/servconf.c b/servconf.c index 53d81fb3c..44de35367 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | 1 | ||
| 2 | /* $OpenBSD: servconf.c,v 1.318 2017/10/25 02:10:39 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.319 2017/11/03 03:18:53 dtucker Exp $ */ |
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 5 | * All rights reserved | 5 | * All rights reserved |
| @@ -927,6 +927,13 @@ out: | |||
| 927 | return result; | 927 | return result; |
| 928 | } | 928 | } |
| 929 | 929 | ||
| 930 | static void | ||
| 931 | match_test_missing_fatal(const char *criteria, const char *attrib) | ||
| 932 | { | ||
| 933 | fatal("'Match %s' in configuration but '%s' not in connection " | ||
| 934 | "test specification.", criteria, attrib); | ||
| 935 | } | ||
| 936 | |||
| 930 | /* | 937 | /* |
| 931 | * All of the attributes on a single Match line are ANDed together, so we need | 938 | * All of the attributes on a single Match line are ANDed together, so we need |
| 932 | * to check every attribute and set the result to zero if any attribute does | 939 | * to check every attribute and set the result to zero if any attribute does |
| @@ -964,20 +971,24 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
| 964 | return -1; | 971 | return -1; |
| 965 | } | 972 | } |
| 966 | if (strcasecmp(attrib, "user") == 0) { | 973 | if (strcasecmp(attrib, "user") == 0) { |
| 967 | if (ci == NULL || ci->user == NULL) { | 974 | if (ci == NULL) { |
| 968 | result = 0; | 975 | result = 0; |
| 969 | continue; | 976 | continue; |
| 970 | } | 977 | } |
| 978 | if (ci->user == NULL) | ||
| 979 | match_test_missing_fatal("User", "user"); | ||
| 971 | if (match_pattern_list(ci->user, arg, 0) != 1) | 980 | if (match_pattern_list(ci->user, arg, 0) != 1) |
| 972 | result = 0; | 981 | result = 0; |
| 973 | else | 982 | else |
| 974 | debug("user %.100s matched 'User %.100s' at " | 983 | debug("user %.100s matched 'User %.100s' at " |
| 975 | "line %d", ci->user, arg, line); | 984 | "line %d", ci->user, arg, line); |
| 976 | } else if (strcasecmp(attrib, "group") == 0) { | 985 | } else if (strcasecmp(attrib, "group") == 0) { |
| 977 | if (ci == NULL || ci->user == NULL) { | 986 | if (ci == NULL) { |
| 978 | result = 0; | 987 | result = 0; |
| 979 | continue; | 988 | continue; |
| 980 | } | 989 | } |
| 990 | if (ci->user == NULL) | ||
| 991 | match_test_missing_fatal("Group", "user"); | ||
| 981 | switch (match_cfg_line_group(arg, line, ci->user)) { | 992 | switch (match_cfg_line_group(arg, line, ci->user)) { |
| 982 | case -1: | 993 | case -1: |
| 983 | return -1; | 994 | return -1; |
| @@ -985,20 +996,24 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
| 985 | result = 0; | 996 | result = 0; |
| 986 | } | 997 | } |
| 987 | } else if (strcasecmp(attrib, "host") == 0) { | 998 | } else if (strcasecmp(attrib, "host") == 0) { |
| 988 | if (ci == NULL || ci->host == NULL) { | 999 | if (ci == NULL) { |
| 989 | result = 0; | 1000 | result = 0; |
| 990 | continue; | 1001 | continue; |
| 991 | } | 1002 | } |
| 1003 | if (ci->host == NULL) | ||
| 1004 | match_test_missing_fatal("Host", "host"); | ||
| 992 | if (match_hostname(ci->host, arg) != 1) | 1005 | if (match_hostname(ci->host, arg) != 1) |
| 993 | result = 0; | 1006 | result = 0; |
| 994 | else | 1007 | else |
| 995 | debug("connection from %.100s matched 'Host " | 1008 | debug("connection from %.100s matched 'Host " |
| 996 | "%.100s' at line %d", ci->host, arg, line); | 1009 | "%.100s' at line %d", ci->host, arg, line); |
| 997 | } else if (strcasecmp(attrib, "address") == 0) { | 1010 | } else if (strcasecmp(attrib, "address") == 0) { |
| 998 | if (ci == NULL || ci->address == NULL) { | 1011 | if (ci == NULL) { |
| 999 | result = 0; | 1012 | result = 0; |
| 1000 | continue; | 1013 | continue; |
| 1001 | } | 1014 | } |
| 1015 | if (ci->address == NULL) | ||
| 1016 | match_test_missing_fatal("Address", "addr"); | ||
| 1002 | switch (addr_match_list(ci->address, arg)) { | 1017 | switch (addr_match_list(ci->address, arg)) { |
| 1003 | case 1: | 1018 | case 1: |
| 1004 | debug("connection from %.100s matched 'Address " | 1019 | debug("connection from %.100s matched 'Address " |
| @@ -1012,10 +1027,13 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
| 1012 | return -1; | 1027 | return -1; |
| 1013 | } | 1028 | } |
| 1014 | } else if (strcasecmp(attrib, "localaddress") == 0){ | 1029 | } else if (strcasecmp(attrib, "localaddress") == 0){ |
| 1015 | if (ci == NULL || ci->laddress == NULL) { | 1030 | if (ci == NULL) { |
| 1016 | result = 0; | 1031 | result = 0; |
| 1017 | continue; | 1032 | continue; |
| 1018 | } | 1033 | } |
| 1034 | if (ci->laddress == NULL) | ||
| 1035 | match_test_missing_fatal("LocalAddress", | ||
| 1036 | "laddr"); | ||
| 1019 | switch (addr_match_list(ci->laddress, arg)) { | 1037 | switch (addr_match_list(ci->laddress, arg)) { |
| 1020 | case 1: | 1038 | case 1: |
| 1021 | debug("connection from %.100s matched " | 1039 | debug("connection from %.100s matched " |
| @@ -1035,10 +1053,12 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
| 1035 | arg); | 1053 | arg); |
| 1036 | return -1; | 1054 | return -1; |
| 1037 | } | 1055 | } |
| 1038 | if (ci == NULL || ci->lport == 0) { | 1056 | if (ci == NULL) { |
| 1039 | result = 0; | 1057 | result = 0; |
| 1040 | continue; | 1058 | continue; |
| 1041 | } | 1059 | } |
| 1060 | if (ci->lport == 0) | ||
| 1061 | match_test_missing_fatal("LocalPort", "lport"); | ||
| 1042 | /* TODO support port lists */ | 1062 | /* TODO support port lists */ |
| 1043 | if (port == ci->lport) | 1063 | if (port == ci->lport) |
| 1044 | debug("connection from %.100s matched " | 1064 | debug("connection from %.100s matched " |
| @@ -2117,19 +2137,6 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec) | |||
| 2117 | } | 2137 | } |
| 2118 | 2138 | ||
| 2119 | /* | 2139 | /* |
| 2120 | * returns 1 for a complete spec, 0 for partial spec and -1 for an | ||
| 2121 | * empty spec. | ||
| 2122 | */ | ||
| 2123 | int server_match_spec_complete(struct connection_info *ci) | ||
| 2124 | { | ||
| 2125 | if (ci->user && ci->host && ci->address) | ||
| 2126 | return 1; /* complete */ | ||
| 2127 | if (!ci->user && !ci->host && !ci->address) | ||
| 2128 | return -1; /* empty */ | ||
| 2129 | return 0; /* partial */ | ||
| 2130 | } | ||
| 2131 | |||
| 2132 | /* | ||
| 2133 | * Copy any supported values that are set. | 2140 | * Copy any supported values that are set. |
| 2134 | * | 2141 | * |
| 2135 | * If the preauth flag is set, we do not bother copying the string or | 2142 | * If the preauth flag is set, we do not bother copying the string or |