version 1.364, 2020/05/27 21:59:11 |
version 1.365, 2020/05/27 22:37:53 |
|
|
#define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ |
#define SSHCFG_MATCH 0x02 /* allowed inside a Match section */ |
#define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) |
#define SSHCFG_ALL (SSHCFG_GLOBAL|SSHCFG_MATCH) |
#define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */ |
#define SSHCFG_NEVERMATCH 0x04 /* Match never matches; internal only */ |
|
#define SSHCFG_MATCH_ONLY 0x08 /* Match only in conditional blocks; internal only */ |
|
|
/* Textual representation of the tokens. */ |
/* Textual representation of the tokens. */ |
static struct { |
static struct { |
|
|
static int |
static int |
process_server_config_line_depth(ServerOptions *options, char *line, |
process_server_config_line_depth(ServerOptions *options, char *line, |
const char *filename, int linenum, int *activep, |
const char *filename, int linenum, int *activep, |
struct connection_info *connectinfo, int inc_flags, int depth, |
struct connection_info *connectinfo, int *inc_flags, int depth, |
struct include_list *includes) |
struct include_list *includes) |
{ |
{ |
char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; |
char ch, *cp, ***chararrayptr, **charptr, *arg, *arg2, *p; |
|
|
parse_server_config_depth(options, |
parse_server_config_depth(options, |
item->filename, item->contents, |
item->filename, item->contents, |
includes, connectinfo, |
includes, connectinfo, |
(oactive ? 0 : SSHCFG_NEVERMATCH), |
(*inc_flags & SSHCFG_MATCH_ONLY |
|
? SSHCFG_MATCH_ONLY : (oactive |
|
? 0 : SSHCFG_NEVERMATCH)), |
activep, depth + 1); |
activep, depth + 1); |
} |
} |
found = 1; |
found = 1; |
|
|
parse_server_config_depth(options, |
parse_server_config_depth(options, |
item->filename, item->contents, |
item->filename, item->contents, |
includes, connectinfo, |
includes, connectinfo, |
(oactive ? 0 : SSHCFG_NEVERMATCH), |
(*inc_flags & SSHCFG_MATCH_ONLY |
|
? SSHCFG_MATCH_ONLY : (oactive |
|
? 0 : SSHCFG_NEVERMATCH)), |
activep, depth + 1); |
activep, depth + 1); |
*activep = oactive; |
*activep = oactive; |
TAILQ_INSERT_TAIL(includes, item, entry); |
TAILQ_INSERT_TAIL(includes, item, entry); |
|
|
if (cmdline) |
if (cmdline) |
fatal("Match directive not supported as a command-line " |
fatal("Match directive not supported as a command-line " |
"option"); |
"option"); |
value = match_cfg_line(&cp, linenum, connectinfo); |
value = match_cfg_line(&cp, linenum, |
|
(*inc_flags & SSHCFG_NEVERMATCH ? NULL : connectinfo)); |
if (value < 0) |
if (value < 0) |
fatal("%s line %d: Bad Match condition", filename, |
fatal("%s line %d: Bad Match condition", filename, |
linenum); |
linenum); |
*activep = (inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; |
*activep = (*inc_flags & SSHCFG_NEVERMATCH) ? 0 : value; |
|
/* The MATCH_ONLY is applicable only until the first match block */ |
|
*inc_flags &= ~SSHCFG_MATCH_ONLY; |
break; |
break; |
|
|
case sPermitListen: |
case sPermitListen: |
|
|
const char *filename, int linenum, int *activep, |
const char *filename, int linenum, int *activep, |
struct connection_info *connectinfo, struct include_list *includes) |
struct connection_info *connectinfo, struct include_list *includes) |
{ |
{ |
|
int inc_flags = 0; |
|
|
return process_server_config_line_depth(options, line, filename, |
return process_server_config_line_depth(options, line, filename, |
linenum, activep, connectinfo, 0, 0, includes); |
linenum, activep, connectinfo, &inc_flags, 0, includes); |
} |
} |
|
|
|
|
|
|
if (depth < 0 || depth > SERVCONF_MAX_DEPTH) |
if (depth < 0 || depth > SERVCONF_MAX_DEPTH) |
fatal("Too many recursive configuration includes"); |
fatal("Too many recursive configuration includes"); |
|
|
debug2("%s: config %s len %zu", __func__, filename, sshbuf_len(conf)); |
debug2("%s: config %s len %zu%s", __func__, filename, sshbuf_len(conf), |
|
(flags & SSHCFG_NEVERMATCH ? " [checking syntax only]" : "")); |
|
|
if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) |
if ((obuf = cbuf = sshbuf_dup_string(conf)) == NULL) |
fatal("%s: sshbuf_dup_string failed", __func__); |
fatal("%s: sshbuf_dup_string failed", __func__); |
linenum = 1; |
linenum = 1; |
while ((cp = strsep(&cbuf, "\n")) != NULL) { |
while ((cp = strsep(&cbuf, "\n")) != NULL) { |
if (process_server_config_line_depth(options, cp, |
if (process_server_config_line_depth(options, cp, |
filename, linenum++, activep, connectinfo, flags, |
filename, linenum++, activep, connectinfo, &flags, |
depth, includes) != 0) |
depth, includes) != 0) |
bad_options++; |
bad_options++; |
} |
} |
|
|
{ |
{ |
int active = connectinfo ? 0 : 1; |
int active = connectinfo ? 0 : 1; |
parse_server_config_depth(options, filename, conf, includes, |
parse_server_config_depth(options, filename, conf, includes, |
connectinfo, 0, &active, 0); |
connectinfo, (connectinfo ? SSHCFG_MATCH_ONLY : 0), &active, 0); |
process_queued_listen_addrs(options); |
process_queued_listen_addrs(options); |
} |
} |
|
|