summaryrefslogtreecommitdiff
path: root/servconf.c
diff options
context:
space:
mode:
authordtucker@openbsd.org@openbsd.org <dtucker@openbsd.org@openbsd.org>2017-11-03 03:18:53 +0000
committerDamien Miller <djm@mindrot.org>2017-11-03 16:20:41 +1100
commit0208a48517b5e8e8b091f32fa4addcd67c31ca9e (patch)
tree46491aae590608502d7a3ef3a1510b361093c07d /servconf.c
parentc357eed5a52cd2f4ff358b17e30e3f9a800644da (diff)
upstream commit
When doing a config test with sshd -T, only require the attributes that are actually used in Match criteria rather than (an incomplete list of) all criteria. ok djm@, man page help jmc@ OpenBSD-Commit-ID: b4e773c4212d3dea486d0259ae977551aab2c1fc
Diffstat (limited to 'servconf.c')
-rw-r--r--servconf.c47
1 files changed, 27 insertions, 20 deletions
diff --git a/servconf.c b/servconf.c
index 53d81fb3c..44de35367 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.318 2017/10/25 02:10:39 djm Exp $ */ 2/* $OpenBSD: servconf.c,v 1.319 2017/11/03 03:18:53 dtucker Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -927,6 +927,13 @@ out:
927 return result; 927 return result;
928} 928}
929 929
930static void
931match_test_missing_fatal(const char *criteria, const char *attrib)
932{
933 fatal("'Match %s' in configuration but '%s' not in connection "
934 "test specification.", criteria, attrib);
935}
936
930/* 937/*
931 * All of the attributes on a single Match line are ANDed together, so we need 938 * All of the attributes on a single Match line are ANDed together, so we need
932 * to check every attribute and set the result to zero if any attribute does 939 * to check every attribute and set the result to zero if any attribute does
@@ -964,20 +971,24 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
964 return -1; 971 return -1;
965 } 972 }
966 if (strcasecmp(attrib, "user") == 0) { 973 if (strcasecmp(attrib, "user") == 0) {
967 if (ci == NULL || ci->user == NULL) { 974 if (ci == NULL) {
968 result = 0; 975 result = 0;
969 continue; 976 continue;
970 } 977 }
978 if (ci->user == NULL)
979 match_test_missing_fatal("User", "user");
971 if (match_pattern_list(ci->user, arg, 0) != 1) 980 if (match_pattern_list(ci->user, arg, 0) != 1)
972 result = 0; 981 result = 0;
973 else 982 else
974 debug("user %.100s matched 'User %.100s' at " 983 debug("user %.100s matched 'User %.100s' at "
975 "line %d", ci->user, arg, line); 984 "line %d", ci->user, arg, line);
976 } else if (strcasecmp(attrib, "group") == 0) { 985 } else if (strcasecmp(attrib, "group") == 0) {
977 if (ci == NULL || ci->user == NULL) { 986 if (ci == NULL) {
978 result = 0; 987 result = 0;
979 continue; 988 continue;
980 } 989 }
990 if (ci->user == NULL)
991 match_test_missing_fatal("Group", "user");
981 switch (match_cfg_line_group(arg, line, ci->user)) { 992 switch (match_cfg_line_group(arg, line, ci->user)) {
982 case -1: 993 case -1:
983 return -1; 994 return -1;
@@ -985,20 +996,24 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
985 result = 0; 996 result = 0;
986 } 997 }
987 } else if (strcasecmp(attrib, "host") == 0) { 998 } else if (strcasecmp(attrib, "host") == 0) {
988 if (ci == NULL || ci->host == NULL) { 999 if (ci == NULL) {
989 result = 0; 1000 result = 0;
990 continue; 1001 continue;
991 } 1002 }
1003 if (ci->host == NULL)
1004 match_test_missing_fatal("Host", "host");
992 if (match_hostname(ci->host, arg) != 1) 1005 if (match_hostname(ci->host, arg) != 1)
993 result = 0; 1006 result = 0;
994 else 1007 else
995 debug("connection from %.100s matched 'Host " 1008 debug("connection from %.100s matched 'Host "
996 "%.100s' at line %d", ci->host, arg, line); 1009 "%.100s' at line %d", ci->host, arg, line);
997 } else if (strcasecmp(attrib, "address") == 0) { 1010 } else if (strcasecmp(attrib, "address") == 0) {
998 if (ci == NULL || ci->address == NULL) { 1011 if (ci == NULL) {
999 result = 0; 1012 result = 0;
1000 continue; 1013 continue;
1001 } 1014 }
1015 if (ci->address == NULL)
1016 match_test_missing_fatal("Address", "addr");
1002 switch (addr_match_list(ci->address, arg)) { 1017 switch (addr_match_list(ci->address, arg)) {
1003 case 1: 1018 case 1:
1004 debug("connection from %.100s matched 'Address " 1019 debug("connection from %.100s matched 'Address "
@@ -1012,10 +1027,13 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
1012 return -1; 1027 return -1;
1013 } 1028 }
1014 } else if (strcasecmp(attrib, "localaddress") == 0){ 1029 } else if (strcasecmp(attrib, "localaddress") == 0){
1015 if (ci == NULL || ci->laddress == NULL) { 1030 if (ci == NULL) {
1016 result = 0; 1031 result = 0;
1017 continue; 1032 continue;
1018 } 1033 }
1034 if (ci->laddress == NULL)
1035 match_test_missing_fatal("LocalAddress",
1036 "laddr");
1019 switch (addr_match_list(ci->laddress, arg)) { 1037 switch (addr_match_list(ci->laddress, arg)) {
1020 case 1: 1038 case 1:
1021 debug("connection from %.100s matched " 1039 debug("connection from %.100s matched "
@@ -1035,10 +1053,12 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
1035 arg); 1053 arg);
1036 return -1; 1054 return -1;
1037 } 1055 }
1038 if (ci == NULL || ci->lport == 0) { 1056 if (ci == NULL) {
1039 result = 0; 1057 result = 0;
1040 continue; 1058 continue;
1041 } 1059 }
1060 if (ci->lport == 0)
1061 match_test_missing_fatal("LocalPort", "lport");
1042 /* TODO support port lists */ 1062 /* TODO support port lists */
1043 if (port == ci->lport) 1063 if (port == ci->lport)
1044 debug("connection from %.100s matched " 1064 debug("connection from %.100s matched "
@@ -2117,19 +2137,6 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec)
2117} 2137}
2118 2138
2119/* 2139/*
2120 * returns 1 for a complete spec, 0 for partial spec and -1 for an
2121 * empty spec.
2122 */
2123int server_match_spec_complete(struct connection_info *ci)
2124{
2125 if (ci->user && ci->host && ci->address)
2126 return 1; /* complete */
2127 if (!ci->user && !ci->host && !ci->address)
2128 return -1; /* empty */
2129 return 0; /* partial */
2130}
2131
2132/*
2133 * Copy any supported values that are set. 2140 * Copy any supported values that are set.
2134 * 2141 *
2135 * If the preauth flag is set, we do not bother copying the string or 2142 * If the preauth flag is set, we do not bother copying the string or