Bugzilla – Attachment 2465 Details for
Bug 2267
Host matching uses modified hostname as well as original
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
multiple canonicalisation / config parsing fixes
canon.diff (text/plain), 11.24 KB, created by
Damien Miller
on 2014-08-31 16:27:27 AEST
(
hide
)
Description:
multiple canonicalisation / config parsing fixes
Filename:
MIME Type:
Creator:
Damien Miller
Created:
2014-08-31 16:27:27 AEST
Size:
11.24 KB
patch
obsolete
>Index: readconf.c >=================================================================== >RCS file: /var/cvs/openssh/readconf.c,v >retrieving revision 1.203 >diff -u -p -r1.203 readconf.c >--- readconf.c 18 Jul 2014 04:11:26 -0000 1.203 >+++ readconf.c 31 Aug 2014 06:21:36 -0000 >@@ -476,7 +476,8 @@ execute_in_shell(const char *cmd) > */ > static int > match_cfg_line(Options *options, char **condition, struct passwd *pw, >- const char *host_arg, const char *filename, int linenum) >+ const char *original_host, int post_canon, >+ const char *filename, int linenum) > { > char *arg, *attrib, *cmd, *cp = *condition, *host; > const char *ruser; >@@ -493,13 +494,14 @@ match_cfg_line(Options *options, char ** > if (options->hostname != NULL) { > /* NB. Please keep in sync with ssh.c:main() */ > host = percent_expand(options->hostname, >- "h", host_arg, (char *)NULL); >+ "h", original_host, (char *)NULL); > } else >- host = xstrdup(host_arg); >+ host = xstrdup(original_host); > > debug3("checking match for '%s' host %s", cp, host); > while ((attrib = strdelim(&cp)) && *attrib != '\0') { > attributes++; >+ /* criteria "all" and "canonical" have no argument */ > if (strcasecmp(attrib, "all") == 0) { > if (attributes != 1 || > ((arg = strdelim(&cp)) != NULL && *arg != '\0')) { >@@ -511,7 +513,15 @@ match_cfg_line(Options *options, char ** > *condition = cp; > result = 1; > goto out; >+ } else if (strcasecmp(attrib, "canonical") == 0) { >+ if (!post_canon) { >+ result = 0; >+ continue; >+ } else >+ debug("%.200s line %d: matched 'Canonical' ", >+ filename, linenum); > } >+ /* All other criteria require an argument */ > if ((arg = strdelim(&cp)) == NULL || *arg == '\0') { > error("Missing Match criteria for %s", attrib); > result = -1; >@@ -525,12 +535,12 @@ match_cfg_line(Options *options, char ** > debug("%.200s line %d: matched 'Host %.100s' ", > filename, linenum, host); > } else if (strcasecmp(attrib, "originalhost") == 0) { >- if (match_hostname(host_arg, arg, len) != 1) >+ if (match_hostname(original_host, arg, len) != 1) > result = 0; > else > debug("%.200s line %d: matched " > "'OriginalHost %.100s' ", >- filename, linenum, host_arg); >+ filename, linenum, original_host); > } else if (strcasecmp(attrib, "user") == 0) { > if (match_pattern_list(ruser, arg, len, 0) != 1) > result = 0; >@@ -556,7 +566,7 @@ match_cfg_line(Options *options, char ** > "d", pw->pw_dir, > "h", host, > "l", thishost, >- "n", host_arg, >+ "n", original_host, > "p", portstr, > "r", ruser, > "u", pw->pw_name, >@@ -719,7 +729,8 @@ static const struct multistate multistat > #define WHITESPACE " \t\r\n" > int > process_config_line(Options *options, struct passwd *pw, const char *host, >- char *line, const char *filename, int linenum, int *activep, int userconfig) >+ const char *original_host, char *line, const char *filename, >+ int linenum, int *activep, int flags) > { > char *s, **charptr, *endofnumber, *keyword, *arg, *arg2; > char **cpptr, fwdarg[256]; >@@ -947,7 +958,8 @@ parse_time: > if (*intptr >= SSH_MAX_IDENTITY_FILES) > fatal("%.200s line %d: Too many identity files specified (max %d).", > filename, linenum, SSH_MAX_IDENTITY_FILES); >- add_identity_file(options, NULL, arg, userconfig); >+ add_identity_file(options, NULL, >+ arg, flags & SSHCONF_USERCONF); > } > break; > >@@ -1195,8 +1207,8 @@ parse_int: > if (cmdline) > fatal("Host directive not supported as a command-line " > "option"); >- value = match_cfg_line(options, &s, pw, host, >- filename, linenum); >+ value = match_cfg_line(options, &s, pw, original_host, >+ flags & SSHCONF_POSTCANON, filename, linenum); > if (value < 0) > fatal("%.200s line %d: Bad Match condition", filename, > linenum); >@@ -1444,7 +1456,7 @@ parse_int: > return 0; > > default: >- fatal("process_config_line: Unimplemented opcode %d", opcode); >+ fatal("%s: Unimplemented opcode %d", __func__, opcode); > } > > /* Check that there is no garbage at end of line. */ >@@ -1464,7 +1476,7 @@ parse_int: > > int > read_config_file(const char *filename, struct passwd *pw, const char *host, >- Options *options, int flags) >+ const char *original_host, Options *options, int flags) > { > FILE *f; > char line[1024]; >@@ -1495,8 +1507,8 @@ read_config_file(const char *filename, s > while (fgets(line, sizeof(line), f)) { > /* Update line number counter. */ > linenum++; >- if (process_config_line(options, pw, host, line, filename, >- linenum, &active, flags & SSHCONF_USERCONF) != 0) >+ if (process_config_line(options, pw, host, original_host, >+ line, filename, linenum, &active, flags) != 0) > bad_options++; > } > fclose(f); >Index: readconf.h >=================================================================== >RCS file: /var/cvs/openssh/readconf.h,v >retrieving revision 1.94 >diff -u -p -r1.94 readconf.h >--- readconf.h 18 Jul 2014 04:11:26 -0000 1.94 >+++ readconf.h 31 Aug 2014 06:21:36 -0000 >@@ -164,14 +164,15 @@ typedef struct { > > #define SSHCONF_CHECKPERM 1 /* check permissions on config file */ > #define SSHCONF_USERCONF 2 /* user provided config file not system */ >+#define SSHCONF_POSTCANON 4 /* After hostname canonicalisation */ > > void initialize_options(Options *); > void fill_default_options(Options *); > void fill_default_options_for_canonicalization(Options *); >-int process_config_line(Options *, struct passwd *, const char *, char *, >- const char *, int, int *, int); >+int process_config_line(Options *, struct passwd *, const char *, >+ const char *, char *, const char *, int, int *, int); > int read_config_file(const char *, struct passwd *, const char *, >- Options *, int); >+ const char *, Options *, int); > int parse_forward(struct Forward *, const char *, int, int); > int default_ssh_port(void); > int option_clear_or_none(const char *); >Index: ssh.c >=================================================================== >RCS file: /var/cvs/openssh/ssh.c,v >retrieving revision 1.405 >diff -u -p -r1.405 ssh.c >--- ssh.c 18 Jul 2014 05:04:11 -0000 1.405 >+++ ssh.c 31 Aug 2014 06:21:36 -0000 >@@ -384,27 +384,29 @@ resolve_canonicalize(char **hostp, int p > * file if the user specifies a config file on the command line. > */ > static void >-process_config_files(struct passwd *pw) >+process_config_files(const char *host_arg, struct passwd *pw, int post_canon) > { > char buf[MAXPATHLEN]; > int r; > > if (config != NULL) { > if (strcasecmp(config, "none") != 0 && >- !read_config_file(config, pw, host, &options, >- SSHCONF_USERCONF)) >+ !read_config_file(config, pw, host, host_arg, &options, >+ SSHCONF_USERCONF | (post_canon ? SSHCONF_POSTCANON : 0))) > fatal("Can't open user config file %.100s: " > "%.100s", config, strerror(errno)); > } else { > r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, > _PATH_SSH_USER_CONFFILE); > if (r > 0 && (size_t)r < sizeof(buf)) >- (void)read_config_file(buf, pw, host, &options, >- SSHCONF_CHECKPERM|SSHCONF_USERCONF); >+ (void)read_config_file(buf, pw, host, host_arg, >+ &options, SSHCONF_CHECKPERM | SSHCONF_USERCONF | >+ (post_canon ? SSHCONF_POSTCANON : 0)); > > /* Read systemwide configuration file after user config. */ >- (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, host, >- &options, 0); >+ (void)read_config_file(_PATH_HOST_CONFIG_FILE, pw, >+ host, host_arg, &options, >+ post_canon ? SSHCONF_POSTCANON : 0); > } > } > >@@ -788,9 +790,9 @@ main(int ac, char **av) > break; > case 'o': > line = xstrdup(optarg); >- if (process_config_line(&options, pw, host ? host : "", >- line, "command-line", 0, NULL, SSHCONF_USERCONF) >- != 0) >+ if (process_config_line(&options, pw, >+ host ? host : "", host ? host : "", line, >+ "command-line", 0, NULL, SSHCONF_USERCONF) != 0) > exit(255); > free(line); > break; >@@ -899,7 +901,7 @@ main(int ac, char **av) > ); > > /* Parse the configuration files */ >- process_config_files(pw); >+ process_config_files(host_arg, pw, 0); > > /* Hostname canonicalisation needs a few options filled. */ > fill_default_options_for_canonicalization(&options); >@@ -944,13 +946,9 @@ main(int ac, char **av) > check_follow_cname(&host, cname); > } > >- /* >- * If the target hostname has changed as a result of canonicalisation >- * then re-parse the configuration files as new stanzas may match. >- */ >- if (strcasecmp(host_arg, host) != 0) { >- debug("Hostname has changed; re-reading configuration"); >- process_config_files(pw); >+ if (options.canonicalize_hostname != 0) { >+ debug("re-reading configuration"); >+ process_config_files(host_arg, pw, 1); > } > > /* Fill configuration defaults. */ >Index: ssh_config.5 >=================================================================== >RCS file: /var/cvs/openssh/ssh_config.5,v >retrieving revision 1.191 >diff -u -p -r1.191 ssh_config.5 >--- ssh_config.5 18 Jul 2014 04:11:26 -0000 1.191 >+++ ssh_config.5 31 Aug 2014 06:21:36 -0000 >@@ -65,7 +65,10 @@ The configuration files contain sections > .Dq Host > specifications, and that section is only applied for hosts that > match one of the patterns given in the specification. >-The matched host name is the one given on the command line. >+The matched host name is the one given on the command line >+(possibly modified by the >+.Cm CanonicalizeHostname >+option.) > .Pp > Since the first obtained value for each parameter is used, more > host-specific declarations should be given near the beginning of the >@@ -111,8 +114,9 @@ as a pattern can be used to provide glob > defaults for all hosts. > The host is the > .Ar hostname >-argument given on the command line (i.e. the name is not converted to >-a canonicalized host name before matching). >+argument given on the command line (possibly modified by the >+.Cm CanonicalizeHostname >+option.) > .Pp > A pattern entry may be negated by prefixing it with an exclamation mark > .Pq Sq !\& . >@@ -134,19 +138,37 @@ or > keyword) to be used only when the conditions following the > .Cm Match > keyword are satisfied. >-Match conditions are specified using one or more keyword/criteria pairs >+Match conditions are specified using one or more critera > or the single token > .Cm all >-which matches all criteria. >-The available keywords are: >+which always matches. >+The available criteria keywords are: >+.Cm canonical , > .Cm exec , > .Cm host , > .Cm originalhost , > .Cm user , > and > .Cm localuser . >+The >+.Cm all >+criteria must appear alone. >+Other criteria may be combined arbitrarily. >+All criteria but >+.Cm all >+and >+.Cm canonical >+require an argument. > .Pp > The >+.Cm canonical >+keywork matches only when the configuration file is being re-parsed >+after hostname canonicalization (see the >+.Cm CanonicalizeHostname >+option.) >+This may be useful to specify conditions that work with canonical host >+names only. >+The > .Cm exec > keyword executes the specified command under the user's shell. > If the command returns a zero exit status then the condition is considered true. >@@ -775,6 +797,12 @@ The default is the name given on the com > Numeric IP addresses are also permitted (both on the command line and in > .Cm HostName > specifications). >+.Pp >+If this option is enabled and results in the target hostname >+changing, then the configuration files are processed again using the new >+target name to pick up any new configuration in matching >+.Cm Host >+stanzas. > .It Cm IdentitiesOnly > Specifies that > .Xr ssh 1
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2465">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2267
:
2465
|
2466
|
2467
|
2469
|
2470