diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/servconf.c b/servconf.c index 365e6ff1e..4464d51a5 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.350 2019/03/25 22:33:44 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.352 2019/09/06 14:45:34 naddy Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -1071,7 +1071,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
1071 | return -1; | 1071 | return -1; |
1072 | } | 1072 | } |
1073 | if (strcasecmp(attrib, "user") == 0) { | 1073 | if (strcasecmp(attrib, "user") == 0) { |
1074 | if (ci == NULL) { | 1074 | if (ci == NULL || (ci->test && ci->user == NULL)) { |
1075 | result = 0; | 1075 | result = 0; |
1076 | continue; | 1076 | continue; |
1077 | } | 1077 | } |
@@ -1083,7 +1083,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
1083 | debug("user %.100s matched 'User %.100s' at " | 1083 | debug("user %.100s matched 'User %.100s' at " |
1084 | "line %d", ci->user, arg, line); | 1084 | "line %d", ci->user, arg, line); |
1085 | } else if (strcasecmp(attrib, "group") == 0) { | 1085 | } else if (strcasecmp(attrib, "group") == 0) { |
1086 | if (ci == NULL) { | 1086 | if (ci == NULL || (ci->test && ci->user == NULL)) { |
1087 | result = 0; | 1087 | result = 0; |
1088 | continue; | 1088 | continue; |
1089 | } | 1089 | } |
@@ -1096,7 +1096,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
1096 | result = 0; | 1096 | result = 0; |
1097 | } | 1097 | } |
1098 | } else if (strcasecmp(attrib, "host") == 0) { | 1098 | } else if (strcasecmp(attrib, "host") == 0) { |
1099 | if (ci == NULL) { | 1099 | if (ci == NULL || (ci->test && ci->host == NULL)) { |
1100 | result = 0; | 1100 | result = 0; |
1101 | continue; | 1101 | continue; |
1102 | } | 1102 | } |
@@ -1108,7 +1108,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
1108 | debug("connection from %.100s matched 'Host " | 1108 | debug("connection from %.100s matched 'Host " |
1109 | "%.100s' at line %d", ci->host, arg, line); | 1109 | "%.100s' at line %d", ci->host, arg, line); |
1110 | } else if (strcasecmp(attrib, "address") == 0) { | 1110 | } else if (strcasecmp(attrib, "address") == 0) { |
1111 | if (ci == NULL) { | 1111 | if (ci == NULL || (ci->test && ci->address == NULL)) { |
1112 | result = 0; | 1112 | result = 0; |
1113 | continue; | 1113 | continue; |
1114 | } | 1114 | } |
@@ -1127,7 +1127,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
1127 | return -1; | 1127 | return -1; |
1128 | } | 1128 | } |
1129 | } else if (strcasecmp(attrib, "localaddress") == 0){ | 1129 | } else if (strcasecmp(attrib, "localaddress") == 0){ |
1130 | if (ci == NULL) { | 1130 | if (ci == NULL || (ci->test && ci->laddress == NULL)) { |
1131 | result = 0; | 1131 | result = 0; |
1132 | continue; | 1132 | continue; |
1133 | } | 1133 | } |
@@ -1153,7 +1153,7 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
1153 | arg); | 1153 | arg); |
1154 | return -1; | 1154 | return -1; |
1155 | } | 1155 | } |
1156 | if (ci == NULL) { | 1156 | if (ci == NULL || (ci->test && ci->lport == -1)) { |
1157 | result = 0; | 1157 | result = 0; |
1158 | continue; | 1158 | continue; |
1159 | } | 1159 | } |
@@ -1167,10 +1167,12 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) | |||
1167 | else | 1167 | else |
1168 | result = 0; | 1168 | result = 0; |
1169 | } else if (strcasecmp(attrib, "rdomain") == 0) { | 1169 | } else if (strcasecmp(attrib, "rdomain") == 0) { |
1170 | if (ci == NULL || ci->rdomain == NULL) { | 1170 | if (ci == NULL || (ci->test && ci->rdomain == NULL)) { |
1171 | result = 0; | 1171 | result = 0; |
1172 | continue; | 1172 | continue; |
1173 | } | 1173 | } |
1174 | if (ci->rdomain == NULL) | ||
1175 | match_test_missing_fatal("RDomain", "rdomain"); | ||
1174 | if (match_pattern_list(ci->rdomain, arg, 0) != 1) | 1176 | if (match_pattern_list(ci->rdomain, arg, 0) != 1) |
1175 | result = 0; | 1177 | result = 0; |
1176 | else | 1178 | else |
@@ -1471,7 +1473,8 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1471 | fatal("%s line %d: Missing argument.", | 1473 | fatal("%s line %d: Missing argument.", |
1472 | filename, linenum); | 1474 | filename, linenum); |
1473 | if (*arg != '-' && | 1475 | if (*arg != '-' && |
1474 | !sshkey_names_valid2(*arg == '+' ? arg + 1 : arg, 1)) | 1476 | !sshkey_names_valid2(*arg == '+' || *arg == '^' ? |
1477 | arg + 1 : arg, 1)) | ||
1475 | fatal("%s line %d: Bad key types '%s'.", | 1478 | fatal("%s line %d: Bad key types '%s'.", |
1476 | filename, linenum, arg ? arg : "<NONE>"); | 1479 | filename, linenum, arg ? arg : "<NONE>"); |
1477 | if (*activep && *charptr == NULL) | 1480 | if (*activep && *charptr == NULL) |
@@ -1762,7 +1765,8 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1762 | arg = strdelim(&cp); | 1765 | arg = strdelim(&cp); |
1763 | if (!arg || *arg == '\0') | 1766 | if (!arg || *arg == '\0') |
1764 | fatal("%s line %d: Missing argument.", filename, linenum); | 1767 | fatal("%s line %d: Missing argument.", filename, linenum); |
1765 | if (*arg != '-' && !ciphers_valid(*arg == '+' ? arg + 1 : arg)) | 1768 | if (*arg != '-' && |
1769 | !ciphers_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) | ||
1766 | fatal("%s line %d: Bad SSH2 cipher spec '%s'.", | 1770 | fatal("%s line %d: Bad SSH2 cipher spec '%s'.", |
1767 | filename, linenum, arg ? arg : "<NONE>"); | 1771 | filename, linenum, arg ? arg : "<NONE>"); |
1768 | if (options->ciphers == NULL) | 1772 | if (options->ciphers == NULL) |
@@ -1773,7 +1777,8 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1773 | arg = strdelim(&cp); | 1777 | arg = strdelim(&cp); |
1774 | if (!arg || *arg == '\0') | 1778 | if (!arg || *arg == '\0') |
1775 | fatal("%s line %d: Missing argument.", filename, linenum); | 1779 | fatal("%s line %d: Missing argument.", filename, linenum); |
1776 | if (*arg != '-' && !mac_valid(*arg == '+' ? arg + 1 : arg)) | 1780 | if (*arg != '-' && |
1781 | !mac_valid(*arg == '+' || *arg == '^' ? arg + 1 : arg)) | ||
1777 | fatal("%s line %d: Bad SSH2 mac spec '%s'.", | 1782 | fatal("%s line %d: Bad SSH2 mac spec '%s'.", |
1778 | filename, linenum, arg ? arg : "<NONE>"); | 1783 | filename, linenum, arg ? arg : "<NONE>"); |
1779 | if (options->macs == NULL) | 1784 | if (options->macs == NULL) |
@@ -1786,7 +1791,8 @@ process_server_config_line(ServerOptions *options, char *line, | |||
1786 | fatal("%s line %d: Missing argument.", | 1791 | fatal("%s line %d: Missing argument.", |
1787 | filename, linenum); | 1792 | filename, linenum); |
1788 | if (*arg != '-' && | 1793 | if (*arg != '-' && |
1789 | !kex_names_valid(*arg == '+' ? arg + 1 : arg)) | 1794 | !kex_names_valid(*arg == '+' || *arg == '^' ? |
1795 | arg + 1 : arg)) | ||
1790 | fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", | 1796 | fatal("%s line %d: Bad SSH2 KexAlgorithms '%s'.", |
1791 | filename, linenum, arg ? arg : "<NONE>"); | 1797 | filename, linenum, arg ? arg : "<NONE>"); |
1792 | if (options->kex_algorithms == NULL) | 1798 | if (options->kex_algorithms == NULL) |