1 files changed, 49 insertions, 16 deletions

diff --git a/sshd.c b/sshd.c
index 46fdf7ee3..57fab0425 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.545 2020/01/24 23:56:01 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.546 2020/01/31 22:42:45 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -251,6 +251,9 @@ struct sshauthopt *auth_opts = NULL;
 /* sshd_config buffer */
 struct sshbuf *cfg;
 
+/* Included files from the configuration file */
+struct include_list includes = TAILQ_HEAD_INITIALIZER(includes);
+
 /* message to be displayed after login */
 struct sshbuf *loginmsg;
 
@@ -870,30 +873,45 @@ usage(void)
 static void
 send_rexec_state(int fd, struct sshbuf *conf)
 {
-        struct sshbuf *m;
+        struct sshbuf *m = NULL, *inc = NULL;
+        struct include_item *item = NULL;
         int r;
 
         debug3("%s: entering fd = %d config len %zu", __func__, fd,
             sshbuf_len(conf));
 
+        if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
+                fatal("%s: sshbuf_new failed", __func__);
+
+        /* pack includes into a string */
+        TAILQ_FOREACH(item, &includes, entry) {
+                if ((r = sshbuf_put_cstring(inc, item->selector)) != 0 ||
+                    (r = sshbuf_put_cstring(inc, item->filename)) != 0 ||
+                    (r = sshbuf_put_stringb(inc, item->contents)) != 0)
+                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
+        }
+
         /*
          * Protocol from reexec master to child:
          *      string  configuration
-         *      string rngseed          (only if OpenSSL is not self-seeded)
+         *      string  included_files[] {
+         *              string  selector
+         *              string  filename
+         *              string  contents
+         *      }
+         *      string  rng_seed (if required)
          */
-        if ((m = sshbuf_new()) == NULL)
-                fatal("%s: sshbuf_new failed", __func__);
-        if ((r = sshbuf_put_stringb(m, conf)) != 0)
+        if ((r = sshbuf_put_stringb(m, conf)) != 0 ||
+            (r = sshbuf_put_stringb(m, inc)) != 0)
                 fatal("%s: buffer error: %s", __func__, ssh_err(r));
-
 #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
         rexec_send_rng_seed(m);
 #endif
-
         if (ssh_msg_send(fd, 0, m) == -1)
                 fatal("%s: ssh_msg_send failed", __func__);
 
         sshbuf_free(m);
+        sshbuf_free(inc);
 
         debug3("%s: done", __func__);
 }
@@ -901,14 +919,15 @@ send_rexec_state(int fd, struct sshbuf *conf)
 static void
 recv_rexec_state(int fd, struct sshbuf *conf)
 {
-        struct sshbuf *m;
+        struct sshbuf *m, *inc;
         u_char *cp, ver;
         size_t len;
         int r;
+        struct include_item *item;
 
         debug3("%s: entering fd = %d", __func__, fd);
 
-        if ((m = sshbuf_new()) == NULL)
+        if ((m = sshbuf_new()) == NULL || (inc = sshbuf_new()) == NULL)
                 fatal("%s: sshbuf_new failed", __func__);
         if (ssh_msg_recv(fd, m) == -1)
                 fatal("%s: ssh_msg_recv failed", __func__);
@@ -916,14 +935,28 @@ recv_rexec_state(int fd, struct sshbuf *conf)
                 fatal("%s: buffer error: %s", __func__, ssh_err(r));
         if (ver != 0)
                 fatal("%s: rexec version mismatch", __func__);
-        if ((r = sshbuf_get_string(m, &cp, &len)) != 0)
-                fatal("%s: buffer error: %s", __func__, ssh_err(r));
-        if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
+        if ((r = sshbuf_get_string(m, &cp, &len)) != 0 ||
+            (r = sshbuf_get_stringb(m, inc)) != 0)
                 fatal("%s: buffer error: %s", __func__, ssh_err(r));
+
 #if defined(WITH_OPENSSL) && !defined(OPENSSL_PRNG_ONLY)
         rexec_recv_rng_seed(m);
 #endif
 
+        if (conf != NULL && (r = sshbuf_put(conf, cp, len)))
+                fatal("%s: buffer error: %s", __func__, ssh_err(r));
+
+        while (sshbuf_len(inc) != 0) {
+                item = xcalloc(1, sizeof(*item));
+                if ((item->contents = sshbuf_new()) == NULL)
+                        fatal("%s: sshbuf_new failed", __func__);
+                if ((r = sshbuf_get_cstring(inc, &item->selector, NULL)) != 0 ||
+                    (r = sshbuf_get_cstring(inc, &item->filename, NULL)) != 0 ||
+                    (r = sshbuf_get_stringb(inc, item->contents)) != 0)
+                        fatal("%s: buffer error: %s", __func__, ssh_err(r));
+                TAILQ_INSERT_TAIL(&includes, item, entry);
+        }
+
         free(cp);
         sshbuf_free(m);
 
@@ -1600,7 +1633,7 @@ main(int ac, char **av)
                 case 'o':
                         line = xstrdup(optarg);
                         if (process_server_config_line(&options, line,
-                            "command-line", 0, NULL, NULL) != 0)
+                            "command-line", 0, NULL, NULL, &includes) != 0)
                                 exit(1);
                         free(line);
                         break;
@@ -1669,7 +1702,7 @@ main(int ac, char **av)
                 load_server_config(config_file_name, cfg);
 
         parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name,
-            cfg, NULL);
+            cfg, &includes, NULL);
 
         /* Fill in default values for those options not explicitly set. */
         fill_default_server_options(&options);
@@ -1895,7 +1928,7 @@ main(int ac, char **av)
                 if (connection_info == NULL)
                         connection_info = get_connection_info(ssh, 0, 0);
                 connection_info->test = 1;
-                parse_server_match_config(&options, connection_info);
+                parse_server_match_config(&options, &includes, connection_info);
                 dump_config(&options);
         }