summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog9
-rw-r--r--readconf.c26
-rw-r--r--ssh_config.511
3 files changed, 40 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index 00f54f924..caec1dd27 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,15 @@
23 [ssh.c ssh_config.5] 23 [ssh.c ssh_config.5]
24 add a %L expansion (short-form of the local host name) for ControlPath; 24 add a %L expansion (short-form of the local host name) for ControlPath;
25 sync some more expansions with LocalCommand; ok markus@ 25 sync some more expansions with LocalCommand; ok markus@
26 - djm@cvs.openbsd.org 2011/05/06 21:31:38
27 [readconf.c ssh_config.5]
28 support negated Host matching, e.g.
29
30 Host *.example.org !c.example.org
31 User mekmitasdigoat
32
33 Will match "a.example.org", "b.example.org", but not "c.example.org"
34 ok markus@
26 35
2720110510 3620110510
28 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix 37 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix
diff --git a/readconf.c b/readconf.c
index eb4a8b9ee..927e7fefa 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.190 2010/11/13 23:27:50 djm Exp $ */ 1/* $OpenBSD: readconf.c,v 1.191 2011/05/06 21:31:38 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -354,7 +354,7 @@ process_config_line(Options *options, const char *host,
354 int *activep) 354 int *activep)
355{ 355{
356 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; 356 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256];
357 int opcode, *intptr, value, value2, scale; 357 int negated, opcode, *intptr, value, value2, scale;
358 LogLevel *log_level_ptr; 358 LogLevel *log_level_ptr;
359 long long orig, val64; 359 long long orig, val64;
360 size_t len; 360 size_t len;
@@ -793,12 +793,28 @@ parse_int:
793 793
794 case oHost: 794 case oHost:
795 *activep = 0; 795 *activep = 0;
796 while ((arg = strdelim(&s)) != NULL && *arg != '\0') 796 arg2 = NULL;
797 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
798 negated = *arg == '!';
799 if (negated)
800 arg++;
797 if (match_pattern(host, arg)) { 801 if (match_pattern(host, arg)) {
798 debug("Applying options for %.100s", arg); 802 if (negated) {
803 debug("%.200s line %d: Skipping Host "
804 "block because of negated match "
805 "for %.100s", filename, linenum,
806 arg);
807 *activep = 0;
808 break;
809 }
810 if (!*activep)
811 arg2 = arg; /* logged below */
799 *activep = 1; 812 *activep = 1;
800 break;
801 } 813 }
814 }
815 if (*activep)
816 debug("%.200s line %d: Applying options for %.100s",
817 filename, linenum, arg2);
802 /* Avoid garbage check below, as strdelim is done. */ 818 /* Avoid garbage check below, as strdelim is done. */
803 return 0; 819 return 0;
804 820
diff --git a/ssh_config.5 b/ssh_config.5
index a5bad8cc7..5bdc7fec1 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.147 2011/05/06 21:18:02 djm Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.148 2011/05/06 21:31:38 djm Exp $
37.Dd $Mdocdate: May 6 2011 $ 37.Dd $Mdocdate: May 6 2011 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
@@ -112,6 +112,15 @@ The host is the
112argument given on the command line (i.e. the name is not converted to 112argument given on the command line (i.e. the name is not converted to
113a canonicalized host name before matching). 113a canonicalized host name before matching).
114.Pp 114.Pp
115A pattern entry may be negated by prefixing it with an exclamation mark
116.Pq Sq !\& .
117If a negated entry is matched, then the
118.Cm Host
119entry is ignored, regardless of whether any other patterns on the line
120match.
121Negated matches are therefore useful to provide exceptions for wildcard
122matches.
123.Pp
115See 124See
116.Sx PATTERNS 125.Sx PATTERNS
117for more information on patterns. 126for more information on patterns.