summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2013-12-05 01:16:42 +0000
committerDamien Miller <djm@cvs.openbsd.org>2013-12-05 01:16:42 +0000
commit126d857b1c9bbed67bb0ba78d922048740d74e6c (patch)
tree51d9ec1bb770ffc9f29b0d7e944ac3275c81abb2 /usr.bin/ssh
parent82f04cd6bd94f6525004cd8973c73bfca7e05629 (diff)
bz#2161 - fix AuthorizedKeysCommand inside a Match block and
rearrange things so the same error is harder to make next time; with and ok dtucker@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/servconf.c41
-rw-r--r--usr.bin/ssh/servconf.h5
2 files changed, 24 insertions, 22 deletions
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index 79d77a39475..e0a931dabe5 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.246 2013/11/21 00:45:44 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.247 2013/12/05 01:16:41 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -1695,24 +1695,6 @@ int server_match_spec_complete(struct connection_info *ci)
return 0; /* partial */
}
-/* Helper macros */
-#define M_CP_INTOPT(n) do {\
- if (src->n != -1) \
- dst->n = src->n; \
-} while (0)
-#define M_CP_STROPT(n) do {\
- if (src->n != NULL) { \
- free(dst->n); \
- dst->n = src->n; \
- } \
-} while(0)
-#define M_CP_STRARRAYOPT(n, num_n) do {\
- if (src->num_n != 0) { \
- for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
- dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
- } \
-} while(0)
-
/*
* Copy any supported values that are set.
*
@@ -1723,6 +1705,11 @@ int server_match_spec_complete(struct connection_info *ci)
void
copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
{
+#define M_CP_INTOPT(n) do {\
+ if (src->n != -1) \
+ dst->n = src->n; \
+} while (0)
+
M_CP_INTOPT(password_authentication);
M_CP_INTOPT(gss_authentication);
M_CP_INTOPT(rsa_authentication);
@@ -1732,8 +1719,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(hostbased_uses_name_from_packet_only);
M_CP_INTOPT(kbd_interactive_authentication);
M_CP_INTOPT(zero_knowledge_password_authentication);
- M_CP_STROPT(authorized_keys_command);
- M_CP_STROPT(authorized_keys_command_user);
M_CP_INTOPT(permit_root_login);
M_CP_INTOPT(permit_empty_passwd);
@@ -1752,6 +1737,20 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
M_CP_INTOPT(rekey_limit);
M_CP_INTOPT(rekey_interval);
+ /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
+#define M_CP_STROPT(n) do {\
+ if (src->n != NULL && dst->n != src->n) { \
+ free(dst->n); \
+ dst->n = src->n; \
+ } \
+} while(0)
+#define M_CP_STRARRAYOPT(n, num_n) do {\
+ if (src->num_n != 0) { \
+ for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
+ dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
+ } \
+} while(0)
+
/* See comment in servconf.h */
COPY_MATCH_STRING_OPTS();
diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h
index 76b7fa67f13..140b2d1222d 100644
--- a/usr.bin/ssh/servconf.h
+++ b/usr.bin/ssh/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.110 2013/10/29 09:48:02 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.111 2013/12/05 01:16:41 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -200,6 +200,9 @@ struct connection_info {
* Match sub-config and the main config, and must be sent from the
* privsep slave to the privsep master. We use a macro to ensure all
* the options are copied and the copies are done in the correct order.
+ *
+ * NB. an option must appear in servconf.c:copy_set_server_options() or
+ * COPY_MATCH_STRING_OPTS here but never both.
*/
#define COPY_MATCH_STRING_OPTS() do { \
M_CP_STROPT(banner); \