diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2015-10-29 08:05:02 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2015-10-29 08:05:02 +0000 |
| commit | 3a057be6941d3f825782702bbbe16d36207e2ee3 (patch) | |
| tree | 13f46dccb724a215eeeba39de747923d84270eb6 /usr.bin/ssh | |
| parent | 61a74f87aac475c0d4b113aa666ff5cd74797d55 (diff) | |
Fix "PubkeyAcceptedKeyTypes +..." inside a Match block; ok dtucker@
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/servconf.c | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c index 7b9ad145721..4f05b5727d9 100644 --- a/usr.bin/ssh/servconf.c +++ b/usr.bin/ssh/servconf.c @@ -1,5 +1,5 @@ -/* $OpenBSD: servconf.c,v 1.281 2015/08/21 23:52:30 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.282 2015/10/29 08:05:01 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -168,6 +168,20 @@ option_clear_or_none(const char *o) return o == NULL || strcasecmp(o, "none") == 0; } +static void +assemble_algorithms(ServerOptions *o) +{ + if (kex_assemble_names(KEX_SERVER_ENCRYPT, &o->ciphers) != 0 || + kex_assemble_names(KEX_SERVER_MAC, &o->macs) != 0 || + kex_assemble_names(KEX_SERVER_KEX, &o->kex_algorithms) != 0 || + kex_assemble_names(KEX_DEFAULT_PK_ALG, + &o->hostkeyalgorithms) != 0 || + kex_assemble_names(KEX_DEFAULT_PK_ALG, + &o->hostbased_key_types) != 0 || + kex_assemble_names(KEX_DEFAULT_PK_ALG, &o->pubkey_key_types) != 0) + fatal("kex_assemble_names failed"); +} + void fill_default_server_options(ServerOptions *options) { @@ -323,16 +337,7 @@ fill_default_server_options(ServerOptions *options) if (options->fingerprint_hash == -1) options->fingerprint_hash = SSH_FP_HASH_DEFAULT; - if (kex_assemble_names(KEX_SERVER_ENCRYPT, &options->ciphers) != 0 || - kex_assemble_names(KEX_SERVER_MAC, &options->macs) != 0 || - kex_assemble_names(KEX_SERVER_KEX, &options->kex_algorithms) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, - &options->hostkeyalgorithms) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, - &options->hostbased_key_types) != 0 || - kex_assemble_names(KEX_DEFAULT_PK_ALG, - &options->pubkey_key_types) != 0) - fatal("%s: kex_assemble_names failed", __func__); + assemble_algorithms(options); /* Turn privilege separation on by default */ if (use_privsep == -1) @@ -1967,6 +1972,9 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) /* See comment in servconf.h */ COPY_MATCH_STRING_OPTS(); + /* Arguments that accept '+...' need to be expanded */ + assemble_algorithms(dst); + /* * The only things that should be below this point are string options * which are only used after authentication. |