diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-06-19 04:59:41 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-06-19 05:00:50 +0200 |
| commit | 87ddd676da0f3abd08b778b12b53b91b670dc93c (patch) | |
| tree | 57bf11cf56aeddffdafdc97b74d7bc632c317df7 /auth-options.c | |
| parent | upstream: invalidate supplemental group cache used by (diff) | |
| download | openssh-87ddd676da0f3abd08b778b12b53b91b670dc93c.tar.xz openssh-87ddd676da0f3abd08b778b12b53b91b670dc93c.zip | |
upstream: allow bare port numbers to appear in PermitListen directives,
e.g.
PermitListen 2222 8080
is equivalent to:
PermitListen *:2222 *:8080
Some bonus manpage improvements, mostly from markus@
"looks fine" markus@
OpenBSD-Commit-ID: 6546b0cc5aab7f53d65ad0a348ca0ae591d6dd24
Diffstat (limited to 'auth-options.c')
| -rw-r--r-- | auth-options.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/auth-options.c b/auth-options.c index 151b16ece..27c0eb05e 100644 --- a/auth-options.c +++ b/auth-options.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.82 2018/06/07 09:26:42 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.83 2018/06/19 02:59:41 djm Exp $ */ /* * Copyright (c) 2018 Damien Miller <djm@mindrot.org> * @@ -313,8 +313,8 @@ sshauthopt_new_with_keys_defaults(void) * Return 0 on success. Return -1 on failure and sets *errstrp to error reason. */ static int -handle_permit(const char **optsp, char ***permitsp, size_t *npermitsp, - const char **errstrp) +handle_permit(const char **optsp, int allow_bare_port, + char ***permitsp, size_t *npermitsp, const char **errstrp) { char *opt, *tmp, *cp, *host, **permits = *permitsp; size_t npermits = *npermitsp; @@ -327,6 +327,18 @@ handle_permit(const char **optsp, char ***permitsp, size_t *npermitsp, if ((opt = opt_dequote(optsp, &errstr)) == NULL) { return -1; } + if (allow_bare_port && strchr(opt, ':') == NULL) { + /* + * Allow a bare port number in permitlisten to indicate a + * listen_host wildcard. + */ + if (asprintf(&tmp, "*:%s", opt) < 0) { + *errstrp = "memory allocation failed"; + return -1; + } + free(opt); + opt = tmp; + } if ((tmp = strdup(opt)) == NULL) { free(opt); *errstrp = "memory allocation failed"; @@ -474,11 +486,11 @@ sshauthopt_parse(const char *opts, const char **errstrp) } ret->env[ret->nenv++] = opt; } else if (opt_match(&opts, "permitopen")) { - if (handle_permit(&opts, &ret->permitopen, + if (handle_permit(&opts, 0, &ret->permitopen, &ret->npermitopen, &errstr) != 0) goto fail; } else if (opt_match(&opts, "permitlisten")) { - if (handle_permit(&opts, &ret->permitlisten, + if (handle_permit(&opts, 1, &ret->permitlisten, &ret->npermitlisten, &errstr) != 0) goto fail; } else if (opt_match(&opts, "tunnel")) { |