- dtucker@cvs.openbsd.org 2007/02/19 10:45:58
[monitor_wrap.c servconf.c servconf.h monitor.c sshd_config.5]
Teach Match how handle config directives that are used before
authentication. This allows configurations such as permitting password
authentication from the local net only while requiring pubkey from
offsite. ok djm@, man page bits ok jmc@
diff --git a/monitor_wrap.c b/monitor_wrap.c
index 3865539..27cc1c5 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor_wrap.c,v 1.54 2006/08/12 20:46:46 miod Exp $ */
+/* $OpenBSD: monitor_wrap.c,v 1.55 2007/02/19 10:45:58 dtucker Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -73,6 +73,7 @@
#include "channels.h"
#include "session.h"
+#include "servconf.h"
/* Imports */
extern int compat20;
@@ -207,7 +208,8 @@
{
Buffer m;
struct passwd *pw;
- u_int pwlen;
+ u_int len;
+ ServerOptions *newopts;
debug3("%s entering", __func__);
@@ -223,8 +225,8 @@
buffer_free(&m);
return (NULL);
}
- pw = buffer_get_string(&m, &pwlen);
- if (pwlen != sizeof(struct passwd))
+ pw = buffer_get_string(&m, &len);
+ if (len != sizeof(struct passwd))
fatal("%s: struct passwd size mismatch", __func__);
pw->pw_name = buffer_get_string(&m, NULL);
pw->pw_passwd = buffer_get_string(&m, NULL);
@@ -234,6 +236,16 @@
#endif
pw->pw_dir = buffer_get_string(&m, NULL);
pw->pw_shell = buffer_get_string(&m, NULL);
+
+ /* copy options block as a Match directive may have changed some */
+ newopts = buffer_get_string(&m, &len);
+ if (len != sizeof(*newopts))
+ fatal("%s: option block size mismatch", __func__);
+ if (newopts->banner != NULL)
+ newopts->banner = buffer_get_string(&m, NULL);
+ copy_set_server_options(&options, newopts, 1);
+ xfree(newopts);
+
buffer_free(&m);
return (pw);