|
Lines 34-39
Link Here
|
| 34 |
#ifdef HAVE_UTIL_H |
34 |
#ifdef HAVE_UTIL_H |
| 35 |
#include <util.h> |
35 |
#include <util.h> |
| 36 |
#endif |
36 |
#endif |
|
|
37 |
#include <glob.h> |
| 37 |
|
38 |
|
| 38 |
#include "openbsd-compat/sys-queue.h" |
39 |
#include "openbsd-compat/sys-queue.h" |
| 39 |
#include "xmalloc.h" |
40 |
#include "xmalloc.h" |
|
Lines 64-69
static void add_one_listen_addr(ServerOptions *, char *, int);
Link Here
|
| 64 |
/* Use of privilege separation or not */ |
65 |
/* Use of privilege separation or not */ |
| 65 |
extern int use_privsep; |
66 |
extern int use_privsep; |
| 66 |
extern Buffer cfg; |
67 |
extern Buffer cfg; |
|
|
68 |
struct include_item *include_list = NULL, *include_last = NULL; |
| 69 |
|
| 70 |
#define INCLUDE_LIST_APPEND(item) \ |
| 71 |
(item)->next = NULL; \ |
| 72 |
if (include_list == NULL) { \ |
| 73 |
include_list = (item); \ |
| 74 |
} else \ |
| 75 |
include_last->next = (item); \ |
| 76 |
include_last = (item); |
| 67 |
|
77 |
|
| 68 |
/* Initializes the server options to their default values. */ |
78 |
/* Initializes the server options to their default values. */ |
| 69 |
|
79 |
|
|
Lines 415-421
typedef enum {
Link Here
|
| 415 |
sAcceptEnv, sPermitTunnel, |
425 |
sAcceptEnv, sPermitTunnel, |
| 416 |
sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
426 |
sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 417 |
sUsePrivilegeSeparation, sAllowAgentForwarding, |
427 |
sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 418 |
sHostCertificate, |
428 |
sHostCertificate, sInclude, |
| 419 |
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
429 |
sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
| 420 |
sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, |
430 |
sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser, |
| 421 |
sKexAlgorithms, sIPQoS, sVersionAddendum, |
431 |
sKexAlgorithms, sIPQoS, sVersionAddendum, |
|
Lines 550-555
static struct {
Link Here
|
| 550 |
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
560 |
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
| 551 |
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, |
561 |
{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, |
| 552 |
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, |
562 |
{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, |
|
|
563 |
{ "include", sInclude, SSHCFG_ALL }, |
| 553 |
{ "ipqos", sIPQoS, SSHCFG_ALL }, |
564 |
{ "ipqos", sIPQoS, SSHCFG_ALL }, |
| 554 |
{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, |
565 |
{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, |
| 555 |
{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, |
566 |
{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, |
|
Lines 964-969
process_server_config_line(ServerOptions *options, char *line,
Link Here
|
| 964 |
size_t len; |
975 |
size_t len; |
| 965 |
long long val64; |
976 |
long long val64; |
| 966 |
const struct multistate *multistate_ptr; |
977 |
const struct multistate *multistate_ptr; |
|
|
978 |
struct include_item *item; |
| 979 |
int found = 0; |
| 980 |
glob_t gbuf; |
| 967 |
|
981 |
|
| 968 |
cp = line; |
982 |
cp = line; |
| 969 |
if ((arg = strdelim(&cp)) == NULL) |
983 |
if ((arg = strdelim(&cp)) == NULL) |
|
Lines 981-987
process_server_config_line(ServerOptions *options, char *line,
Link Here
|
| 981 |
cmdline = 1; |
995 |
cmdline = 1; |
| 982 |
activep = &cmdline; |
996 |
activep = &cmdline; |
| 983 |
} |
997 |
} |
| 984 |
if (*activep && opcode != sMatch) |
998 |
if (*activep && opcode != sMatch && opcode != sInclude) |
| 985 |
debug3("%s:%d setting %s %s", filename, linenum, arg, cp); |
999 |
debug3("%s:%d setting %s %s", filename, linenum, arg, cp); |
| 986 |
if (*activep == 0 && !(flags & SSHCFG_MATCH)) { |
1000 |
if (*activep == 0 && !(flags & SSHCFG_MATCH)) { |
| 987 |
if (connectinfo == NULL) { |
1001 |
if (connectinfo == NULL) { |
|
Lines 1632-1637
process_server_config_line(ServerOptions *options, char *line,
Link Here
|
| 1632 |
*intptr = value; |
1646 |
*intptr = value; |
| 1633 |
break; |
1647 |
break; |
| 1634 |
|
1648 |
|
|
|
1649 |
case sInclude: |
| 1650 |
arg = strdelim(&cp); |
| 1651 |
if (!arg || *arg == '\0') |
| 1652 |
fatal("%s line %d: missing argument - file to include", |
| 1653 |
filename, linenum); |
| 1654 |
// browse cached list of files |
| 1655 |
for (item = include_list; item != NULL; item = item->next) { |
| 1656 |
if (strcmp(item->selector, arg) == 0) { |
| 1657 |
if (item->filename != NULL) |
| 1658 |
parse_server_config(options, item->filename, &(item->buffer), connectinfo); |
| 1659 |
found = 1; |
| 1660 |
} |
| 1661 |
} |
| 1662 |
// no match. Go glob |
| 1663 |
if (found == 0) { |
| 1664 |
debug3("Glob configuration file to include %s", arg); |
| 1665 |
if (glob(arg, 0, NULL, &gbuf) == 0) |
| 1666 |
for (i = 0; i < gbuf.gl_pathc; i++) { |
| 1667 |
debug3("Including configuration file %s", |
| 1668 |
gbuf.gl_pathv[i]); |
| 1669 |
item = malloc(sizeof(struct include_item)); |
| 1670 |
item->selector = strdup(arg); |
| 1671 |
item->filename = strdup(gbuf.gl_pathv[i]); |
| 1672 |
buffer_init(&(item->buffer)); |
| 1673 |
load_server_config(item->filename, &(item->buffer)); |
| 1674 |
parse_server_config(options, item->filename, &(item->buffer), connectinfo); |
| 1675 |
// append item to the end of the list |
| 1676 |
INCLUDE_LIST_APPEND(item) |
| 1677 |
} |
| 1678 |
else { /* no match or other error */ |
| 1679 |
// store placeholder to avoid aditional globs |
| 1680 |
item = malloc(sizeof(struct include_item)); |
| 1681 |
item->selector = strdup(arg); |
| 1682 |
item->filename = NULL; |
| 1683 |
buffer_init(&(item->buffer)); |
| 1684 |
// append item to the end of the list |
| 1685 |
INCLUDE_LIST_APPEND(item) |
| 1686 |
} |
| 1687 |
globfree(&gbuf); |
| 1688 |
} |
| 1689 |
break; |
| 1690 |
|
| 1635 |
case sMatch: |
1691 |
case sMatch: |
| 1636 |
if (cmdline) |
1692 |
if (cmdline) |
| 1637 |
fatal("Match directive not supported as a command-line " |
1693 |
fatal("Match directive not supported as a command-line " |