diff options
| author |   dtucker <dtucker@openbsd.org> | 2013-10-24 00:51:48 +0000 |
|---|---|---|
| committer | dtucker <dtucker@openbsd.org> | 2013-10-24 00:51:48 +0000 |
| commit | 50b75bb5de20795ce71930697c8bdc072b74877e (patch) | |
| tree | ef76ce4217f6bee89b31676419d470a0bbb0f537 | |
| parent | Periodically print progress and, if possible, expected time to completion (diff) | |
| download | wireguard-openbsd-50b75bb5de20795ce71930697c8bdc072b74877e.tar.xz wireguard-openbsd-50b75bb5de20795ce71930697c8bdc072b74877e.zip | |
Disallow empty Match statements and add "Match all" which matches everything.
ok djm, man page help jmc@
| -rw-r--r-- | usr.bin/ssh/readconf.c | 22 | ||||
| -rw-r--r-- | usr.bin/ssh/servconf.c | 19 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh_config.5 | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 8 |
4 files changed, 48 insertions, 10 deletions
diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index e91a3cbc9e9..dee5a0b44e8 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.212 2013/10/23 03:05:19 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.213 2013/10/24 00:51:48 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -453,7 +453,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, { char *arg, *attrib, *cmd, *cp = *condition, *host; const char *ruser; - int r, port, result = 1; + int r, port, result = 1, attributes = 0; size_t len; char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; @@ -472,6 +472,19 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, debug3("checking match for '%s' host %s", cp, host); while ((attrib = strdelim(&cp)) && *attrib != '\0') { + attributes++; + if (strcasecmp(attrib, "all") == 0) { + if (attributes != 1 || + ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { + error("'all' cannot be combined with other " + "Match attributes"); + result = -1; + goto out; + } + *condition = cp; + result = 1; + goto out; + } if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { error("Missing Match criteria for %s", attrib); result = -1; @@ -538,6 +551,11 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, goto out; } } + if (attributes == 0) { + error("One or more attributes required for Match"); + result = -1; + goto out; + } debug3("match %sfound", result ? "" : "not "); *condition = cp; out: diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 0df10ecc9ef..34aaaea0059 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.242 2013/10/23 05:40:58 dtucker Exp $ */ +/* $OpenBSD: servconf.c,v 1.243 2013/10/24 00:51:48 dtucker Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -606,7 +606,7 @@ out: static int match_cfg_line(char **condition, int line, struct connection_info *ci) { - int result = 1, port; + int result = 1, attributes = 0, port; char *arg, *attrib, *cp = *condition; size_t len; @@ -620,6 +620,17 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) ci->laddress ? ci->laddress : "(null)", ci->lport); while ((attrib = strdelim(&cp)) && *attrib != '\0') { + attributes++; + if (strcasecmp(attrib, "all") == 0) { + if (attributes != 1 || + ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { + error("'all' cannot be combined with other " + "Match attributes"); + return -1; + } + *condition = cp; + return 1; + } if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { error("Missing Match criteria for %s", attrib); return -1; @@ -713,6 +724,10 @@ match_cfg_line(char **condition, int line, struct connection_info *ci) return -1; } } + if (attributes == 0) { + error("One or more attributes required for Match"); + return -1; + } if (ci != NULL) debug3("match %sfound", result ? "" : "not "); *condition = cp; diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 4161a66240f..3ef494618f5 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.177 2013/10/20 18:00:13 jmc Exp $ -.Dd $Mdocdate: October 20 2013 $ +.\" $OpenBSD: ssh_config.5,v 1.178 2013/10/24 00:51:48 dtucker Exp $ +.Dd $Mdocdate: October 24 2013 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -134,7 +134,10 @@ or keyword) to be used only when the conditions following the .Cm Match keyword are satisfied. -Match conditions are specified using one or more keyword/criteria pairs. +Match conditions are specified using one or more keyword/criteria pairs +or the single token +.Cm all +which matches all criteria. The available keywords are: .Cm exec , .Cm host , diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index f6870a2b581..bc752e4dc9b 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.162 2013/07/19 07:37:48 markus Exp $ -.Dd $Mdocdate: July 19 2013 $ +.\" $OpenBSD: sshd_config.5,v 1.163 2013/10/24 00:51:48 dtucker Exp $ +.Dd $Mdocdate: October 24 2013 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -751,7 +751,9 @@ line or the end of the file. .Pp The arguments to .Cm Match -are one or more criteria-pattern pairs. +are one or more criteria-pattern pairs or the single token +.Cm All +which matches all criteria. The available criteria are .Cm User , .Cm Group , |