5 files changed, 45 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index ff81d0522..2cb2dce0c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,13 @@
   - dtucker@cvs.openbsd.org 2011/05/20 02:00:19
     [servconf.c]
     Add comment documenting what should be after the preauth check.  ok djm
+   - djm@cvs.openbsd.org 2011/05/20 03:25:45
+     [monitor.c monitor_wrap.c servconf.c servconf.h]
+     use a macro to define which string options to copy between configs
+     for Match. This avoids problems caused by forgetting to keep three
+     code locations in perfect sync and ordering
+     
+     "this is at once beautiful and horrible" + ok dtucker@
 20110515
 - (djm) OpenBSD CVS Sync
diff --git a/monitor.c b/monitor.c
index 732cb365d..c3a418319 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.111 2011/05/15 08:09:01 djm Exp $ */
+/* $OpenBSD: monitor.c,v 1.112 2011/05/20 03:25:45 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -671,8 +671,15 @@ mm_answer_pwnamallow(int sock, Buffer *m)
 out:
        buffer_put_string(m, &options, sizeof(options));
-        if (options.banner != NULL)
-                buffer_put_cstring(m, options.banner);
+#define M_CP_STROPT(x) do { \
+                if (options.x != NULL) \
+                        buffer_put_cstring(m, options.x); \
+        } while (0)
+        /* See comment in servconf.h */
+        COPY_MATCH_STRING_OPTS();
+#undef M_CP_STROPT
+        
        debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
        mm_request_send(sock, MONITOR_ANS_PWNAM, m);
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 1a5dda561..d3f274021 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.70 2010/08/31 11:54:45 djm Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.71 2011/05/20 03:25:45 djm Exp $ */
 /*
 * Copyright 2002 Niels Provos <provos@citi.umich.edu>
 * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -245,8 +245,15 @@ out:
        newopts = buffer_get_string(&m, &len);
        if (len != sizeof(*newopts))
                fatal("%s: option block size mismatch", __func__);
-        if (newopts->banner != NULL)
-                newopts->banner = buffer_get_string(&m, NULL);
+#define M_CP_STROPT(x) do { \
+                if (newopts->x != NULL) \
+                        newopts->x = buffer_get_string(&m, NULL); \
+        } while (0)
+        /* See comment in servconf.h */
+        COPY_MATCH_STRING_OPTS();
+#undef M_CP_STROPT
        copy_set_server_options(&options, newopts, 1);
        xfree(newopts);
diff --git a/servconf.c b/servconf.c
index 04a32973e..daed26a66 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.217 2011/05/20 02:00:19 dtucker Exp $ */
+/* $OpenBSD: servconf.c,v 1.218 2011/05/20 03:25:45 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@@ -1499,11 +1499,8 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
        M_CP_INTOPT(ip_qos_interactive);
        M_CP_INTOPT(ip_qos_bulk);
-        M_CP_STROPT(banner);
+        /* See comment in servconf.h */
-        M_CP_STROPT(trusted_user_ca_keys);
+        COPY_MATCH_STRING_OPTS();
-        M_CP_STROPT(revoked_keys_file);
-        M_CP_STROPT(authorized_keys_file);
-        M_CP_STROPT(authorized_principals_file);
        /*
         * The only things that should be below this point are string options
diff --git a/servconf.h b/servconf.h
index 3f04b8501..953ef8650 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.96 2011/05/11 04:47:06 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.97 2011/05/20 03:25:45 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -161,6 +161,20 @@ typedef struct {
        char   *authorized_principals_file;
 }       ServerOptions;
+/*
+ * These are string config options that must be copied between the
+ * Match sub-config and the main config, and must be sent from the
+ * privsep slave to the privsep master. We use a macro to ensure all
+ * the options are copied and the copies are done in the correct order.
+ */
+#define COPY_MATCH_STRING_OPTS() do { \
+                M_CP_STROPT(banner); \
+                M_CP_STROPT(trusted_user_ca_keys); \
+                M_CP_STROPT(revoked_keys_file); \
+                M_CP_STROPT(authorized_keys_file); \
+                M_CP_STROPT(authorized_principals_file); \
+        } while (0)
 void     initialize_server_options(ServerOptions *);
 void     fill_default_server_options(ServerOptions *);
 int      process_server_config_line(ServerOptions *, char *, const char *, int,

diff --git a/ChangeLog b/ChangeLog index ff81d0522..2cb2dce0c 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -23,6 +23,13 @@
23	- dtucker@cvs.openbsd.org 2011/05/20 02:00:19	23	- dtucker@cvs.openbsd.org 2011/05/20 02:00:19
24	[servconf.c]	24	[servconf.c]
25	Add comment documenting what should be after the preauth check. ok djm	25	Add comment documenting what should be after the preauth check. ok djm
		26	- djm@cvs.openbsd.org 2011/05/20 03:25:45
		27	[monitor.c monitor_wrap.c servconf.c servconf.h]
		28	use a macro to define which string options to copy between configs
		29	for Match. This avoids problems caused by forgetting to keep three
		30	code locations in perfect sync and ordering
		31
		32	"this is at once beautiful and horrible" + ok dtucker@
26		33
27	20110515	34	20110515
28	- (djm) OpenBSD CVS Sync	35	- (djm) OpenBSD CVS Sync


diff --git a/monitor.c b/monitor.c index 732cb365d..c3a418319 100644 --- a/monitor.c +++ b/monitor.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: monitor.c,v 1.111 2011/05/15 08:09:01 djm Exp $ */	1	/* $OpenBSD: monitor.c,v 1.112 2011/05/20 03:25:45 djm Exp $ */
2	/*	2	/*
3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>	3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
4	* Copyright 2002 Markus Friedl <markus@openbsd.org>	4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -671,8 +671,15 @@ mm_answer_pwnamallow(int sock, Buffer *m)
671		671
672	out:	672	out:
673	buffer_put_string(m, &options, sizeof(options));	673	buffer_put_string(m, &options, sizeof(options));
674	if (options.banner != NULL)	674
675	buffer_put_cstring(m, options.banner);	675	#define M_CP_STROPT(x) do { \
		676	if (options.x != NULL) \
		677	buffer_put_cstring(m, options.x); \
		678	} while (0)
		679	/* See comment in servconf.h */
		680	COPY_MATCH_STRING_OPTS();
		681	#undef M_CP_STROPT
		682
676	debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);	683	debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed);
677	mm_request_send(sock, MONITOR_ANS_PWNAM, m);	684	mm_request_send(sock, MONITOR_ANS_PWNAM, m);
678		685


diff --git a/monitor_wrap.c b/monitor_wrap.c index 1a5dda561..d3f274021 100644 --- a/monitor_wrap.c +++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: monitor_wrap.c,v 1.70 2010/08/31 11:54:45 djm Exp $ */	1	/* $OpenBSD: monitor_wrap.c,v 1.71 2011/05/20 03:25:45 djm Exp $ */
2	/*	2	/*
3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>	3	* Copyright 2002 Niels Provos <provos@citi.umich.edu>
4	* Copyright 2002 Markus Friedl <markus@openbsd.org>	4	* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -245,8 +245,15 @@ out:
245	newopts = buffer_get_string(&m, &len);	245	newopts = buffer_get_string(&m, &len);
246	if (len != sizeof(*newopts))	246	if (len != sizeof(*newopts))
247	fatal("%s: option block size mismatch", __func__);	247	fatal("%s: option block size mismatch", __func__);
248	if (newopts->banner != NULL)	248
249	newopts->banner = buffer_get_string(&m, NULL);	249	#define M_CP_STROPT(x) do { \
		250	if (newopts->x != NULL) \
		251	newopts->x = buffer_get_string(&m, NULL); \
		252	} while (0)
		253	/* See comment in servconf.h */
		254	COPY_MATCH_STRING_OPTS();
		255	#undef M_CP_STROPT
		256
250	copy_set_server_options(&options, newopts, 1);	257	copy_set_server_options(&options, newopts, 1);
251	xfree(newopts);	258	xfree(newopts);
252		259


diff --git a/servconf.c b/servconf.c index 04a32973e..daed26a66 100644 --- a/servconf.c +++ b/servconf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: servconf.c,v 1.217 2011/05/20 02:00:19 dtucker Exp $ */	1	/* $OpenBSD: servconf.c,v 1.218 2011/05/20 03:25:45 djm Exp $ */
2	/*	2	/*
3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	3	* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4	* All rights reserved	4	* All rights reserved
@@ -1499,11 +1499,8 @@ copy_set_server_options(ServerOptions dst, ServerOptions src, int preauth)
1499	M_CP_INTOPT(ip_qos_interactive);	1499	M_CP_INTOPT(ip_qos_interactive);
1500	M_CP_INTOPT(ip_qos_bulk);	1500	M_CP_INTOPT(ip_qos_bulk);
1501		1501
1502	M_CP_STROPT(banner);	1502	/* See comment in servconf.h */
1503	M_CP_STROPT(trusted_user_ca_keys);	1503	COPY_MATCH_STRING_OPTS();
1504	M_CP_STROPT(revoked_keys_file);
1505	M_CP_STROPT(authorized_keys_file);
1506	M_CP_STROPT(authorized_principals_file);
1507		1504
1508	/*	1505	/*
1509	* The only things that should be below this point are string options	1506	* The only things that should be below this point are string options


diff --git a/servconf.h b/servconf.h index 3f04b8501..953ef8650 100644 --- a/servconf.h +++ b/servconf.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: servconf.h,v 1.96 2011/05/11 04:47:06 djm Exp $ */	1	/* $OpenBSD: servconf.h,v 1.97 2011/05/20 03:25:45 djm Exp $ */
2		2
3	/*	3	/*
4	* Author: Tatu Ylonen <ylo@cs.hut.fi>	4	* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -161,6 +161,20 @@ typedef struct {
161	char *authorized_principals_file;	161	char *authorized_principals_file;
162	} ServerOptions;	162	} ServerOptions;
163		163
		164	/*
		165	* These are string config options that must be copied between the
		166	* Match sub-config and the main config, and must be sent from the
		167	* privsep slave to the privsep master. We use a macro to ensure all
		168	* the options are copied and the copies are done in the correct order.
		169	*/
		170	#define COPY_MATCH_STRING_OPTS() do { \
		171	M_CP_STROPT(banner); \
		172	M_CP_STROPT(trusted_user_ca_keys); \
		173	M_CP_STROPT(revoked_keys_file); \
		174	M_CP_STROPT(authorized_keys_file); \
		175	M_CP_STROPT(authorized_principals_file); \
		176	} while (0)
		177
164	void initialize_server_options(ServerOptions *);	178	void initialize_server_options(ServerOptions *);
165	void fill_default_server_options(ServerOptions *);	179	void fill_default_server_options(ServerOptions *);
166	int process_server_config_line(ServerOptions , char , const char *, int,	180	int process_server_config_line(ServerOptions , char , const char *, int,