diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | readconf.c | 22 | ||||
-rw-r--r-- | servconf.c | 19 | ||||
-rw-r--r-- | ssh_config.5 | 9 | ||||
-rw-r--r-- | sshd_config.5 | 8 |
5 files changed, 52 insertions, 10 deletions
@@ -14,6 +14,10 @@ | |||
14 | [moduli.c] | 14 | [moduli.c] |
15 | Periodically print progress and, if possible, expected time to completion | 15 | Periodically print progress and, if possible, expected time to completion |
16 | when screening moduli for DH groups. ok deraadt djm | 16 | when screening moduli for DH groups. ok deraadt djm |
17 | - dtucker@cvs.openbsd.org 2013/10/24 00:51:48 | ||
18 | [readconf.c servconf.c ssh_config.5 sshd_config.5] | ||
19 | Disallow empty Match statements and add "Match all" which matches | ||
20 | everything. ok djm, man page help jmc@ | ||
17 | 21 | ||
18 | 20131023 | 22 | 20131023 |
19 | - (djm) OpenBSD CVS Sync | 23 | - (djm) OpenBSD CVS Sync |
diff --git a/readconf.c b/readconf.c index f18666786..63c0ba196 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.212 2013/10/23 03:05:19 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.213 2013/10/24 00:51:48 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -459,7 +459,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
459 | { | 459 | { |
460 | char *arg, *attrib, *cmd, *cp = *condition, *host; | 460 | char *arg, *attrib, *cmd, *cp = *condition, *host; |
461 | const char *ruser; | 461 | const char *ruser; |
462 | int r, port, result = 1; | 462 | int r, port, result = 1, attributes = 0; |
463 | size_t len; | 463 | size_t len; |
464 | char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; | 464 | char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; |
465 | 465 | ||
@@ -478,6 +478,19 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
478 | 478 | ||
479 | debug3("checking match for '%s' host %s", cp, host); | 479 | debug3("checking match for '%s' host %s", cp, host); |
480 | while ((attrib = strdelim(&cp)) && *attrib != '\0') { | 480 | while ((attrib = strdelim(&cp)) && *attrib != '\0') { |
481 | attributes++; | ||
482 | if (strcasecmp(attrib, "all") == 0) { | ||
483 | if (attributes != 1 || | ||
484 | ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { | ||
485 | error("'all' cannot be combined with other " | ||
486 | "Match attributes"); | ||
487 | result = -1; | ||
488 | goto out; | ||
489 | } | ||
490 | *condition = cp; | ||
491 | result = 1; | ||
492 | goto out; | ||
493 | } | ||
481 | if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { | 494 | if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { |
482 | error("Missing Match criteria for %s", attrib); | 495 | error("Missing Match criteria for %s", attrib); |
483 | result = -1; | 496 | result = -1; |
@@ -544,6 +557,11 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
544 | goto out; | 557 | goto out; |
545 | } | 558 | } |
546 | } | 559 | } |
560 | if (attributes == 0) { | ||
561 | error("One or more attributes required for Match"); | ||
562 | result = -1; | ||
563 | goto out; | ||
564 | } | ||
547 | debug3("match %sfound", result ? "" : "not "); | 565 | debug3("match %sfound", result ? "" : "not "); |
548 | *condition = cp; | 566 | *condition = cp; |
549 | out: | 567 | out: |
diff --git a/servconf.c b/servconf.c index 100d38d9b..82146723f 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.242 2013/10/23 05:40:58 dtucker Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.243 2013/10/24 00:51:48 dtucker Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -647,7 +647,7 @@ out: | |||
647 | static int | 647 | static int |
648 | match_cfg_line(char **condition, int line, struct connection_info *ci) | 648 | match_cfg_line(char **condition, int line, struct connection_info *ci) |
649 | { | 649 | { |
650 | int result = 1, port; | 650 | int result = 1, attributes = 0, port; |
651 | char *arg, *attrib, *cp = *condition; | 651 | char *arg, *attrib, *cp = *condition; |
652 | size_t len; | 652 | size_t len; |
653 | 653 | ||
@@ -661,6 +661,17 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
661 | ci->laddress ? ci->laddress : "(null)", ci->lport); | 661 | ci->laddress ? ci->laddress : "(null)", ci->lport); |
662 | 662 | ||
663 | while ((attrib = strdelim(&cp)) && *attrib != '\0') { | 663 | while ((attrib = strdelim(&cp)) && *attrib != '\0') { |
664 | attributes++; | ||
665 | if (strcasecmp(attrib, "all") == 0) { | ||
666 | if (attributes != 1 || | ||
667 | ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { | ||
668 | error("'all' cannot be combined with other " | ||
669 | "Match attributes"); | ||
670 | return -1; | ||
671 | } | ||
672 | *condition = cp; | ||
673 | return 1; | ||
674 | } | ||
664 | if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { | 675 | if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { |
665 | error("Missing Match criteria for %s", attrib); | 676 | error("Missing Match criteria for %s", attrib); |
666 | return -1; | 677 | return -1; |
@@ -754,6 +765,10 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
754 | return -1; | 765 | return -1; |
755 | } | 766 | } |
756 | } | 767 | } |
768 | if (attributes == 0) { | ||
769 | error("One or more attributes required for Match"); | ||
770 | return -1; | ||
771 | } | ||
757 | if (ci != NULL) | 772 | if (ci != NULL) |
758 | debug3("match %sfound", result ? "" : "not "); | 773 | debug3("match %sfound", result ? "" : "not "); |
759 | *condition = cp; | 774 | *condition = cp; |
diff --git a/ssh_config.5 b/ssh_config.5 index 4161a6624..3ef494618 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.177 2013/10/20 18:00:13 jmc Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.178 2013/10/24 00:51:48 dtucker Exp $ |
37 | .Dd $Mdocdate: October 20 2013 $ | 37 | .Dd $Mdocdate: October 24 2013 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -134,7 +134,10 @@ or | |||
134 | keyword) to be used only when the conditions following the | 134 | keyword) to be used only when the conditions following the |
135 | .Cm Match | 135 | .Cm Match |
136 | keyword are satisfied. | 136 | keyword are satisfied. |
137 | Match conditions are specified using one or more keyword/criteria pairs. | 137 | Match conditions are specified using one or more keyword/criteria pairs |
138 | or the single token | ||
139 | .Cm all | ||
140 | which matches all criteria. | ||
138 | The available keywords are: | 141 | The available keywords are: |
139 | .Cm exec , | 142 | .Cm exec , |
140 | .Cm host , | 143 | .Cm host , |
diff --git a/sshd_config.5 b/sshd_config.5 index 3abac6c10..0536cc3c6 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.162 2013/07/19 07:37:48 markus Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.163 2013/10/24 00:51:48 dtucker Exp $ |
37 | .Dd $Mdocdate: July 19 2013 $ | 37 | .Dd $Mdocdate: October 24 2013 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -750,7 +750,9 @@ line or the end of the file. | |||
750 | .Pp | 750 | .Pp |
751 | The arguments to | 751 | The arguments to |
752 | .Cm Match | 752 | .Cm Match |
753 | are one or more criteria-pattern pairs. | 753 | are one or more criteria-pattern pairs or the single token |
754 | .Cm All | ||
755 | which matches all criteria. | ||
754 | The available criteria are | 756 | The available criteria are |
755 | .Cm User , | 757 | .Cm User , |
756 | .Cm Group , | 758 | .Cm Group , |