summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog4
-rw-r--r--readconf.c22
-rw-r--r--servconf.c19
-rw-r--r--ssh_config.59
-rw-r--r--sshd_config.58
5 files changed, 52 insertions, 10 deletions
diff --git a/ChangeLog b/ChangeLog
index 95040392f..8dcff45d3 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,10 @@
14 [moduli.c] 14 [moduli.c]
15 Periodically print progress and, if possible, expected time to completion 15 Periodically print progress and, if possible, expected time to completion
16 when screening moduli for DH groups. ok deraadt djm 16 when screening moduli for DH groups. ok deraadt djm
17 - dtucker@cvs.openbsd.org 2013/10/24 00:51:48
18 [readconf.c servconf.c ssh_config.5 sshd_config.5]
19 Disallow empty Match statements and add "Match all" which matches
20 everything. ok djm, man page help jmc@
17 21
1820131023 2220131023
19 - (djm) OpenBSD CVS Sync 23 - (djm) OpenBSD CVS Sync
diff --git a/readconf.c b/readconf.c
index f18666786..63c0ba196 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.212 2013/10/23 03:05:19 djm Exp $ */ 1/* $OpenBSD: readconf.c,v 1.213 2013/10/24 00:51:48 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -459,7 +459,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
459{ 459{
460 char *arg, *attrib, *cmd, *cp = *condition, *host; 460 char *arg, *attrib, *cmd, *cp = *condition, *host;
461 const char *ruser; 461 const char *ruser;
462 int r, port, result = 1; 462 int r, port, result = 1, attributes = 0;
463 size_t len; 463 size_t len;
464 char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; 464 char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
465 465
@@ -478,6 +478,19 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
478 478
479 debug3("checking match for '%s' host %s", cp, host); 479 debug3("checking match for '%s' host %s", cp, host);
480 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 480 while ((attrib = strdelim(&cp)) && *attrib != '\0') {
481 attributes++;
482 if (strcasecmp(attrib, "all") == 0) {
483 if (attributes != 1 ||
484 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
485 error("'all' cannot be combined with other "
486 "Match attributes");
487 result = -1;
488 goto out;
489 }
490 *condition = cp;
491 result = 1;
492 goto out;
493 }
481 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 494 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
482 error("Missing Match criteria for %s", attrib); 495 error("Missing Match criteria for %s", attrib);
483 result = -1; 496 result = -1;
@@ -544,6 +557,11 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
544 goto out; 557 goto out;
545 } 558 }
546 } 559 }
560 if (attributes == 0) {
561 error("One or more attributes required for Match");
562 result = -1;
563 goto out;
564 }
547 debug3("match %sfound", result ? "" : "not "); 565 debug3("match %sfound", result ? "" : "not ");
548 *condition = cp; 566 *condition = cp;
549 out: 567 out:
diff --git a/servconf.c b/servconf.c
index 100d38d9b..82146723f 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
1 1
2/* $OpenBSD: servconf.c,v 1.242 2013/10/23 05:40:58 dtucker Exp $ */ 2/* $OpenBSD: servconf.c,v 1.243 2013/10/24 00:51:48 dtucker Exp $ */
3/* 3/*
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 * All rights reserved 5 * All rights reserved
@@ -647,7 +647,7 @@ out:
647static int 647static int
648match_cfg_line(char **condition, int line, struct connection_info *ci) 648match_cfg_line(char **condition, int line, struct connection_info *ci)
649{ 649{
650 int result = 1, port; 650 int result = 1, attributes = 0, port;
651 char *arg, *attrib, *cp = *condition; 651 char *arg, *attrib, *cp = *condition;
652 size_t len; 652 size_t len;
653 653
@@ -661,6 +661,17 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
661 ci->laddress ? ci->laddress : "(null)", ci->lport); 661 ci->laddress ? ci->laddress : "(null)", ci->lport);
662 662
663 while ((attrib = strdelim(&cp)) && *attrib != '\0') { 663 while ((attrib = strdelim(&cp)) && *attrib != '\0') {
664 attributes++;
665 if (strcasecmp(attrib, "all") == 0) {
666 if (attributes != 1 ||
667 ((arg = strdelim(&cp)) != NULL && *arg != '\0')) {
668 error("'all' cannot be combined with other "
669 "Match attributes");
670 return -1;
671 }
672 *condition = cp;
673 return 1;
674 }
664 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { 675 if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
665 error("Missing Match criteria for %s", attrib); 676 error("Missing Match criteria for %s", attrib);
666 return -1; 677 return -1;
@@ -754,6 +765,10 @@ match_cfg_line(char **condition, int line, struct connection_info *ci)
754 return -1; 765 return -1;
755 } 766 }
756 } 767 }
768 if (attributes == 0) {
769 error("One or more attributes required for Match");
770 return -1;
771 }
757 if (ci != NULL) 772 if (ci != NULL)
758 debug3("match %sfound", result ? "" : "not "); 773 debug3("match %sfound", result ? "" : "not ");
759 *condition = cp; 774 *condition = cp;
diff --git a/ssh_config.5 b/ssh_config.5
index 4161a6624..3ef494618 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.177 2013/10/20 18:00:13 jmc Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.178 2013/10/24 00:51:48 dtucker Exp $
37.Dd $Mdocdate: October 20 2013 $ 37.Dd $Mdocdate: October 24 2013 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -134,7 +134,10 @@ or
134keyword) to be used only when the conditions following the 134keyword) to be used only when the conditions following the
135.Cm Match 135.Cm Match
136keyword are satisfied. 136keyword are satisfied.
137Match conditions are specified using one or more keyword/criteria pairs. 137Match conditions are specified using one or more keyword/criteria pairs
138or the single token
139.Cm all
140which matches all criteria.
138The available keywords are: 141The available keywords are:
139.Cm exec , 142.Cm exec ,
140.Cm host , 143.Cm host ,
diff --git a/sshd_config.5 b/sshd_config.5
index 3abac6c10..0536cc3c6 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd_config.5,v 1.162 2013/07/19 07:37:48 markus Exp $ 36.\" $OpenBSD: sshd_config.5,v 1.163 2013/10/24 00:51:48 dtucker Exp $
37.Dd $Mdocdate: July 19 2013 $ 37.Dd $Mdocdate: October 24 2013 $
38.Dt SSHD_CONFIG 5 38.Dt SSHD_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -750,7 +750,9 @@ line or the end of the file.
750.Pp 750.Pp
751The arguments to 751The arguments to
752.Cm Match 752.Cm Match
753are one or more criteria-pattern pairs. 753are one or more criteria-pattern pairs or the single token
754.Cm All
755which matches all criteria.
754The available criteria are 756The available criteria are
755.Cm User , 757.Cm User ,
756.Cm Group , 758.Cm Group ,