- djm@cvs.openbsd.org 2013/12/05 01:16:41
[servconf.c servconf.h]
bz#2161 - fix AuthorizedKeysCommand inside a Match block and
rearrange things so the same error is harder to make next time;
with and ok dtucker@
diff --git a/ChangeLog b/ChangeLog
index 9f29954..410ae1b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -43,6 +43,11 @@
[sftp-client.c]
bz#2171: don't leak local_fd on error; from Loganaden Velvindron @
AfriNIC
+ - djm@cvs.openbsd.org 2013/12/05 01:16:41
+ [servconf.c servconf.h]
+ bz#2161 - fix AuthorizedKeysCommand inside a Match block and
+ rearrange things so the same error is harder to make next time;
+ with and ok dtucker@
- (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
-L location for libedit. Patch from Serge van den Boom.
diff --git a/servconf.c b/servconf.c
index cb21bd2..6db89f7 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.246 2013/11/21 00:45:44 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.247 2013/12/05 01:16:41 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -1742,24 +1742,6 @@
return 0; /* partial */
}
-/* Helper macros */
-#define M_CP_INTOPT(n) do {\
- if (src->n != -1) \
- dst->n = src->n; \
-} while (0)
-#define M_CP_STROPT(n) do {\
- if (src->n != NULL) { \
- free(dst->n); \
- dst->n = src->n; \
- } \
-} while(0)
-#define M_CP_STRARRAYOPT(n, num_n) do {\
- if (src->num_n != 0) { \
- for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
- dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
- } \
-} while(0)
-
/*
* Copy any supported values that are set.
*
@@ -1770,6 +1752,11 @@
void
copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
{
+#define M_CP_INTOPT(n) do {\
+ if (src->n != -1) \
+ dst->n = src->n; \
+} while (0)
+
M_CP_INTOPT(password_authentication);
M_CP_INTOPT(gss_authentication);
M_CP_INTOPT(rsa_authentication);
@@ -1779,8 +1766,6 @@
M_CP_INTOPT(hostbased_uses_name_from_packet_only);
M_CP_INTOPT(kbd_interactive_authentication);
M_CP_INTOPT(zero_knowledge_password_authentication);
- M_CP_STROPT(authorized_keys_command);
- M_CP_STROPT(authorized_keys_command_user);
M_CP_INTOPT(permit_root_login);
M_CP_INTOPT(permit_empty_passwd);
@@ -1799,6 +1784,20 @@
M_CP_INTOPT(rekey_limit);
M_CP_INTOPT(rekey_interval);
+ /* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
+#define M_CP_STROPT(n) do {\
+ if (src->n != NULL && dst->n != src->n) { \
+ free(dst->n); \
+ dst->n = src->n; \
+ } \
+} while(0)
+#define M_CP_STRARRAYOPT(n, num_n) do {\
+ if (src->num_n != 0) { \
+ for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
+ dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
+ } \
+} while(0)
+
/* See comment in servconf.h */
COPY_MATCH_STRING_OPTS();
diff --git a/servconf.h b/servconf.h
index 2d4b6ec..8812c5a 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.110 2013/10/29 09:48:02 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.111 2013/12/05 01:16:41 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -202,6 +202,9 @@
* Match sub-config and the main config, and must be sent from the
* privsep slave to the privsep master. We use a macro to ensure all
* the options are copied and the copies are done in the correct order.
+ *
+ * NB. an option must appear in servconf.c:copy_set_server_options() or
+ * COPY_MATCH_STRING_OPTS here but never both.
*/
#define COPY_MATCH_STRING_OPTS() do { \
M_CP_STROPT(banner); \