Attachment 2706 Details for Bug 2468 – proposed patch

[patch] proposed patch

include_server.patch (text/plain), 5.01 KB, created by Jakub Jelen on 2015-09-15 22:16:22 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Jakub Jelen

Created: 2015-09-15 22:16:22 AEST

Size: 5.01 KB

patch

obsolete

>From 3e7500d8cb4f6cbc877159e84e797c0b1f08e77b Mon Sep 17 00:00:00 2001
>From: Jakub Jelen <jjelen@redhat.com>
>Date: Thu, 3 Sep 2015 10:43:37 +0200
>Subject: [PATCH] Include server version
>
>---
> servconf.c    | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
> servconf.h    |  7 +++++++
> sshd_config.5 |  4 ++++
> 3 files changed, 69 insertions(+), 2 deletions(-)
>
>diff --git a/servconf.c b/servconf.c
>index b5db0f7..7e9bd95 100644
>--- a/servconf.c
>+++ b/servconf.c
>@@ -34,6 +34,7 @@
> #ifdef HAVE_UTIL_H
> #include <util.h>
> #endif
>+#include <glob.h>
> 
> #include "openbsd-compat/sys-queue.h"
> #include "xmalloc.h"
>@@ -64,6 +65,15 @@ static void add_one_listen_addr(ServerOptions *, char *, int);
> /* Use of privilege separation or not */
> extern int use_privsep;
> extern Buffer cfg;
>+struct include_item *include_list = NULL, *include_last = NULL;
>+
>+#define INCLUDE_LIST_APPEND(item) \
>+	(item)->next = NULL; \
>+	if (include_list == NULL) { \
>+		include_list = (item); \
>+	} else \
>+		include_last->next = (item); \
>+	include_last = (item);
> 
> /* Initializes the server options to their default values. */
> 
>@@ -415,7 +425,7 @@ typedef enum {
> 	sAcceptEnv, sPermitTunnel,
> 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
> 	sUsePrivilegeSeparation, sAllowAgentForwarding,
>-	sHostCertificate,
>+	sHostCertificate, sInclude,
> 	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
> 	sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
> 	sKexAlgorithms, sIPQoS, sVersionAddendum,
>@@ -550,6 +560,7 @@ static struct {
> 	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
> 	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
> 	{ "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
>+	{ "include", sInclude, SSHCFG_ALL },
> 	{ "ipqos", sIPQoS, SSHCFG_ALL },
> 	{ "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
> 	{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
>@@ -964,6 +975,9 @@ process_server_config_line(ServerOptions *options, char *line,
> 	size_t len;
> 	long long val64;
> 	const struct multistate *multistate_ptr;
>+	struct include_item *item;
>+	int found = 0;
>+	glob_t gbuf;
> 
> 	cp = line;
> 	if ((arg = strdelim(&cp)) == NULL)
>@@ -981,7 +995,7 @@ process_server_config_line(ServerOptions *options, char *line,
> 		cmdline = 1;
> 		activep = &cmdline;
> 	}
>-	if (*activep && opcode != sMatch)
>+	if (*activep && opcode != sMatch && opcode != sInclude)
> 		debug3("%s:%d setting %s %s", filename, linenum, arg, cp);
> 	if (*activep == 0 && !(flags & SSHCFG_MATCH)) {
> 		if (connectinfo == NULL) {
>@@ -1632,6 +1646,48 @@ process_server_config_line(ServerOptions *options, char *line,
> 			*intptr = value;
> 		break;
> 
>+	case sInclude:
>+		arg = strdelim(&cp);
>+		if (!arg || *arg == '\0')
>+			fatal("%s line %d: missing argument - file to include",
>+			    filename, linenum);
>+		// browse cached list of files
>+		for (item = include_list; item != NULL; item = item->next) {
>+			if (strcmp(item->selector, arg) == 0) {
>+				if (item->filename != NULL)
>+					parse_server_config(options, item->filename, &(item->buffer), connectinfo);
>+				found = 1;
>+			}
>+		}
>+		// no match. Go glob
>+		if (found == 0) {
>+			debug3("Glob configuration file to include %s", arg);
>+			if (glob(arg, 0, NULL, &gbuf) == 0)
>+				for (i = 0; i < gbuf.gl_pathc; i++) {
>+					debug3("Including configuration file %s",
>+						gbuf.gl_pathv[i]);
>+					item = malloc(sizeof(struct include_item));
>+					item->selector = strdup(arg);
>+					item->filename = strdup(gbuf.gl_pathv[i]);
>+					buffer_init(&(item->buffer));
>+					load_server_config(item->filename, &(item->buffer));
>+					parse_server_config(options, item->filename, &(item->buffer), connectinfo);
>+					// append item to the end of the list
>+					INCLUDE_LIST_APPEND(item)
>+				}
>+			else { /* no match or other error */
>+				// store placeholder to avoid aditional globs
>+				item = malloc(sizeof(struct include_item));
>+				item->selector = strdup(arg);
>+				item->filename = NULL;
>+				buffer_init(&(item->buffer));
>+				// append item to the end of the list
>+				INCLUDE_LIST_APPEND(item)
>+			}
>+			globfree(&gbuf);
>+		}
>+		break;
>+
> 	case sMatch:
> 		if (cmdline)
> 			fatal("Match directive not supported as a command-line "
>diff --git a/servconf.h b/servconf.h
>index f4137af..4d9736f 100644
>--- a/servconf.h
>+++ b/servconf.h
>@@ -206,6 +206,13 @@ struct connection_info {
> 	int lport;		/* local port */
> };
> 
>+struct include_item {
>+	const char *selector;
>+	const char *filename;
>+	Buffer buffer;
>+	struct include_item *next;
>+};
>+
> 
> /*
>  * These are string config options that must be copied between the
>diff --git a/sshd_config.5 b/sshd_config.5
>index b18d340..a5908dd 100644
>--- a/sshd_config.5
>+++ b/sshd_config.5
>@@ -788,6 +788,10 @@ or
> .Cm HostbasedAuthentication .
> The default is
> .Dq no .
>+.It Cm Include
>+Read the specified files as if their contents were pasted here.
>+You can specify wildcard character to include all matching
>+files, for exanple "/etc/ssh/sshd_config.d/*.conf".
> .It Cm IPQoS
> Specifies the IPv4 type-of-service or DSCP class for the connection.
> Accepted values are
>-- 
>2.1.0
>

Actions: View | Diff

Attachments on bug 2468: 2706 | 2869 | 3223 | 3250 | 3333 | 3350 | 3351