diff options
Diffstat (limited to 'servconf.c')
-rw-r--r-- | servconf.c | 31 |
1 files changed, 21 insertions, 10 deletions
diff --git a/servconf.c b/servconf.c index 391f4e827..bd8df7fce 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.364 2020/05/27 21:59:11 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.365 2020/05/27 22:37:53 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -550,6 +550,7 @@ typedef enum { | |||
550 | #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ | 550 | #define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ |
551 | #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) | 551 | #define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) |
552 | #define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */ | 552 | #define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */ |
553 | #define SSHCFG_MATCH_ONLY 0x08 /* Match only in conditional blocks; internal only */ | ||
553 | 554 | ||
554 | /* Textual representation of the tokens. */ | 555 | /* Textual representation of the tokens. */ |
555 | static struct { | 556 | static struct { |
@@ -1259,7 +1260,7 @@ static const struct multistate multistate_tcpfwd[] = { | |||
1259 | static int | 1260 | static int |
1260 | process_server_config_line_depth(ServerOptions *options, char *line, | 1261 | process_server_config_line_depth(ServerOptions *options, char *line, |
1261 | const char *filename, int linenum, int *activep, | 1262 | const char *filename, int linenum, int *activep, |
1262 | struct connection_info *connectinfo, int inc_flags, int depth, | 1263 | struct connection_info *connectinfo, int *inc_flags, int depth, |
1263 | struct include_list *includes) | 1264 | struct include_list *includes) |
1264 | { | 1265 | { |
1265 | char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; | 1266 | char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; |
@@ -2002,7 +2003,9 @@ process_server_config_line_depth(ServerOptions *options, char *line, | |||
2002 | parse_server_config_depth(options, | 2003 | parse_server_config_depth(options, |
2003 | item->filename, item->contents, | 2004 | item->filename, item->contents, |
2004 | includes, connectinfo, | 2005 | includes, connectinfo, |
2005 | (oactive ? 0 : SSHCFG_NEVERMATCH), | 2006 | (*inc_flags & SSHCFG_MATCH_ONLY |
2007 | ? SSHCFG_MATCH_ONLY : (oactive | ||
2008 | ? 0 : SSHCFG_NEVERMATCH)), | ||
2006 | activep, depth + 1); | 2009 | activep, depth + 1); |
2007 | } | 2010 | } |
2008 | found = 1; | 2011 | found = 1; |
@@ -2050,7 +2053,9 @@ process_server_config_line_depth(ServerOptions *options, char *line, | |||
2050 | parse_server_config_depth(options, | 2053 | parse_server_config_depth(options, |
2051 | item->filename, item->contents, | 2054 | item->filename, item->contents, |
2052 | includes, connectinfo, | 2055 | includes, connectinfo, |
2053 | (oactive ? 0 : SSHCFG_NEVERMATCH), | 2056 | (*inc_flags & SSHCFG_MATCH_ONLY |
2057 | ? SSHCFG_MATCH_ONLY : (oactive | ||
2058 | ? 0 : SSHCFG_NEVERMATCH)), | ||
2054 | activep, depth + 1); | 2059 | activep, depth + 1); |
2055 | *activep = oactive; | 2060 | *activep = oactive; |
2056 | TAILQ_INSERT_TAIL(includes, item, entry); | 2061 | TAILQ_INSERT_TAIL(includes, item, entry); |
@@ -2068,11 +2073,14 @@ process_server_config_line_depth(ServerOptions *options, char *line, | |||
2068 | if (cmdline) | 2073 | if (cmdline) |
2069 | fatal("Match directive not supported as a command-line " | 2074 | fatal("Match directive not supported as a command-line " |
2070 | "option"); | 2075 | "option"); |
2071 | value = match_cfg_line(&cp, linenum, connectinfo); | 2076 | value = match_cfg_line(&cp, linenum, |
2077 | (*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo)); | ||
2072 | if (value < 0) | 2078 | if (value < 0) |
2073 | fatal("%s line %d: Bad Match condition", filename, | 2079 | fatal("%s line %d: Bad Match condition", filename, |
2074 | linenum); | 2080 | linenum); |
2075 | *activep = (inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; | 2081 | *activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; |
2082 | /* The MATCH_ONLY is applicable only until the first match block */ | ||
2083 | *inc_flags &= ~SSHCFG_MATCH_ONLY; | ||
2076 | break; | 2084 | break; |
2077 | 2085 | ||
2078 | case sPermitListen: | 2086 | case sPermitListen: |
@@ -2375,8 +2383,10 @@ process_server_config_line(ServerOptions *options, char *line, | |||
2375 | const char *filename, int linenum, int *activep, | 2383 | const char *filename, int linenum, int *activep, |
2376 | struct connection_info *connectinfo, struct include_list *includes) | 2384 | struct connection_info *connectinfo, struct include_list *includes) |
2377 | { | 2385 | { |
2386 | int inc_flags = 0; | ||
2387 | |||
2378 | return process_server_config_line_depth(options, line, filename, | 2388 | return process_server_config_line_depth(options, line, filename, |
2379 | linenum, activep, connectinfo, 0, 0, includes); | 2389 | linenum, activep, connectinfo, &inc_flags, 0, includes); |
2380 | } | 2390 | } |
2381 | 2391 | ||
2382 | 2392 | ||
@@ -2581,14 +2591,15 @@ parse_server_config_depth(ServerOptions *options, const char *filename, | |||
2581 | if (depth < 0 || depth > SERVCONF_MAX_DEPTH) | 2591 | if (depth < 0 || depth > SERVCONF_MAX_DEPTH) |
2582 | fatal("Too many recursive configuration includes"); | 2592 | fatal("Too many recursive configuration includes"); |
2583 | 2593 | ||
2584 | debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf)); | 2594 | debug2("%s: config %s len %zu%s", __func__, filename, sshbuf_len(conf), |
2595 | (flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : "")); | ||
2585 | 2596 | ||
2586 | if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) | 2597 | if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) |
2587 | fatal("%s: sshbuf_dup_string failed", __func__); | 2598 | fatal("%s: sshbuf_dup_string failed", __func__); |
2588 | linenum = 1; | 2599 | linenum = 1; |
2589 | while ((cp = strsep(&cbuf, "\n")) != NULL) { | 2600 | while ((cp = strsep(&cbuf, "\n")) != NULL) { |
2590 | if (process_server_config_line_depth(options, cp, | 2601 | if (process_server_config_line_depth(options, cp, |
2591 | filename, linenum++, activep, connectinfo, flags, | 2602 | filename, linenum++, activep, connectinfo, &flags, |
2592 | depth, includes) != 0) | 2603 | depth, includes) != 0) |
2593 | bad_options++; | 2604 | bad_options++; |
2594 | } | 2605 | } |
@@ -2605,7 +2616,7 @@ parse_server_config(ServerOptions *options, const char *filename, | |||
2605 | { | 2616 | { |
2606 | int active = connectinfo ? 0 : 1; | 2617 | int active = connectinfo ? 0 : 1; |
2607 | parse_server_config_depth(options, filename, conf, includes, | 2618 | parse_server_config_depth(options, filename, conf, includes, |
2608 | connectinfo, 0, &active, 0); | 2619 | connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0); |
2609 | process_queued_listen_addrs(options); | 2620 | process_queued_listen_addrs(options); |
2610 | } | 2621 | } |
2611 | 2622 | ||