diff options
| author |   djm <djm@openbsd.org> | 2018-11-23 05:08:07 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2018-11-23 05:08:07 +0000 |
| commit | 23f959cd6377015217bef036557c33936f50eb1f (patch) | |
| tree | cfe4201126ec3c2b9d81f3d0cb43daff91999427 /usr.bin/ssh/ssh.c | |
| parent | Remove now-unneeded ifdef SIGINFO around handler since it is now always (diff) | |
| download | wireguard-openbsd-23f959cd6377015217bef036557c33936f50eb1f.tar.xz wireguard-openbsd-23f959cd6377015217bef036557c33936f50eb1f.zip | |
add a ssh_config "Match final" predicate
Matches in same pass as "Match canonical" but doesn't require
hostname canonicalisation be enabled. bz#2906 ok markus
Diffstat (limited to 'usr.bin/ssh/ssh.c')
| -rw-r--r-- | usr.bin/ssh/ssh.c | 31 |
1 files changed, 20 insertions, 11 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index c78f55fe384..3e815de5c9d 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.495 2018/10/23 05:56:35 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.496 2018/11/23 05:08:07 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -511,7 +511,8 @@ check_load(int r, const char *path, const char *message) * file if the user specifies a config file on the command line. */ static void -process_config_files(const char *host_name, struct passwd *pw, int post_canon) +process_config_files(const char *host_name, struct passwd *pw, int final_pass, + int *want_final_pass) { char buf[PATH_MAX]; int r; @@ -519,7 +520,8 @@ process_config_files(const char *host_name, struct passwd *pw, int post_canon) if (config != NULL) { if (strcasecmp(config, "none") != 0 && !read_config_file(config, pw, host, host_name, &options, - SSHCONF_USERCONF | (post_canon ? SSHCONF_POSTCANON : 0))) + SSHCONF_USERCONF | (final_pass ? SSHCONF_FINAL : 0), + want_final_pass)) fatal("Can't open user config file %.100s: " "%.100s", config, strerror(errno)); } else { @@ -528,12 +530,12 @@ process_config_files(const char *host_name, struct passwd *pw, int post_canon) if (r > 0 && (size_t)r < sizeof(buf)) (void)read_config_file(buf, pw, host, host_name, &options, SSHCONF_CHECKPERM | SSHCONF_USERCONF | - (post_canon ? SSHCONF_POSTCANON : 0)); + (final_pass ? SSHCONF_FINAL : 0), want_final_pass); /* Read systemwide configuration file after user config. */ (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, host, host_name, &options, - post_canon ? SSHCONF_POSTCANON : 0); + final_pass ? SSHCONF_FINAL : 0, want_final_pass); } } @@ -565,7 +567,7 @@ main(int ac, char **av) { struct ssh *ssh = NULL; int i, r, opt, exit_status, use_syslog, direct, timeout_ms; - int was_addr, config_test = 0, opt_terminated = 0; + int was_addr, config_test = 0, opt_terminated = 0, want_final_pass = 0; char *p, *cp, *line, *argv0, buf[PATH_MAX], *logfile; char cname[NI_MAXHOST]; struct stat st; @@ -1068,7 +1070,9 @@ main(int ac, char **av) ); /* Parse the configuration files */ - process_config_files(host_arg, pw, 0); + process_config_files(host_arg, pw, 0, &want_final_pass); + if (want_final_pass) + debug("configuration requests final Match pass"); /* Hostname canonicalisation needs a few options filled. */ fill_default_options_for_canonicalization(&options); @@ -1125,12 +1129,17 @@ main(int ac, char **av) * If canonicalisation is enabled then re-parse the configuration * files as new stanzas may match. */ - if (options.canonicalize_hostname != 0) { - debug("Re-reading configuration after hostname " - "canonicalisation"); + if (options.canonicalize_hostname != 0 && !want_final_pass) { + debug("hostname canonicalisation enabled, " + "will re-parse configuration"); + want_final_pass = 1; + } + + if (want_final_pass) { + debug("re-parsing configuration"); free(options.hostname); options.hostname = xstrdup(host); - process_config_files(host_arg, pw, 1); + process_config_files(host_arg, pw, 1, NULL); /* * Address resolution happens early with canonicalisation * enabled and the port number may have changed since, so |