-/* $OpenBSD: readconf.c,v 1.394 2024/12/06 16:21:48 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.395 2025/02/15 01:48:30 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
*/
static int read_config_file_depth(const char *filename, struct passwd *pw,
- const char *host, const char *original_host, Options *options,
- int flags, int *activep, int *want_final_pass, int depth);
+ const char *host, const char *original_host, const char *remote_command,
+ Options *options, int flags, int *activep, int *want_final_pass, int depth);
static int process_config_line_depth(Options *options, struct passwd *pw,
- const char *host, const char *original_host, char *line,
- const char *filename, int linenum, int *activep, int flags,
+ const char *host, const char *original_host, const char *remote_command,
+ char *line, const char *filename, int linenum, int *activep, int flags,
int *want_final_pass, int depth);
/* Keyword tokens. */
static int
match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp,
struct passwd *pw, const char *host_arg, const char *original_host,
- int final_pass, int *want_final_pass, const char *filename, int linenum)
+ const char *remote_command, int final_pass, int *want_final_pass,
+ const char *filename, int linenum)
{
char *arg, *oattrib = NULL, *attrib = NULL, *cmd, *host, *criteria;
const char *ruser;
strprefix(attrib, "localuser=", 1) != NULL ||
strprefix(attrib, "localnetwork=", 1) != NULL ||
strprefix(attrib, "tagged=", 1) != NULL ||
+ strprefix(attrib, "command=", 1) != NULL ||
strprefix(attrib, "exec=", 1) != NULL) {
arg = strchr(attrib, '=');
*(arg++) = '\0';
arg = argv_next(acp, avp);
}
- /* All other criteria require an argument */
- if (arg == NULL || *arg == '\0' || *arg == '#') {
+ /*
+ * All other criteria require an argument, though it may
+ * be the empty string for the "tagged" and "command"
+ * options.
+ */
+ if (*arg == '\0' &&
+ strcasecmp(attrib, "tagged") != 0 &&
+ strcasecmp(attrib, "command") != 0)
+ arg = NULL;
+ if (arg == NULL || *arg == '#') {
error("Missing Match criteria for %s", attrib);
result = -1;
goto out;
} else if (strcasecmp(attrib, "tagged") == 0) {
criteria = xstrdup(options->tag == NULL ? "" :
options->tag);
- r = match_pattern_list(criteria, arg, 0) == 1;
+ /* Special case: empty criteria matches empty arg */
+ r = (*criteria == '\0') ? *arg == '\0' :
+ match_pattern_list(criteria, arg, 0) == 1;
+ if (r == (negate ? 1 : 0))
+ this_result = result = 0;
+ } else if (strcasecmp(attrib, "command") == 0) {
+ criteria = xstrdup(remote_command == NULL ?
+ "" : remote_command);
+ /* Special case: empty criteria matches empty arg */
+ r = (*criteria == '\0') ? *arg == '\0' :
+ match_pattern_list(criteria, arg, 0) == 1;
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "exec") == 0) {
*/
int
process_config_line(Options *options, struct passwd *pw, const char *host,
- const char *original_host, char *line, const char *filename,
- int linenum, int *activep, int flags)
+ const char *original_host, const char *remote_command, char *line,
+ const char *filename, int linenum, int *activep, int flags)
{
return process_config_line_depth(options, pw, host, original_host,
- line, filename, linenum, activep, flags, NULL, 0);
+ remote_command, line, filename, linenum, activep, flags, NULL, 0);
}
#define WHITESPACE " \t\r\n"
static int
process_config_line_depth(Options *options, struct passwd *pw, const char *host,
- const char *original_host, char *line, const char *filename,
- int linenum, int *activep, int flags, int *want_final_pass, int depth)
+ const char *original_host, const char *remote_command, char *line,
+ const char *filename, int linenum, int *activep, int flags,
+ int *want_final_pass, int depth)
{
char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p;
char **cpptr, ***cppptr, fwdarg[256];
goto out;
}
value = match_cfg_line(options, str, &ac, &av, pw, host,
- original_host, flags & SSHCONF_FINAL, want_final_pass,
- filename, linenum);
+ original_host, remote_command, flags & SSHCONF_FINAL,
+ want_final_pass, filename, linenum);
if (value < 0) {
error("%.200s line %d: Bad Match condition", filename,
linenum);
gl.gl_pathv[i], depth,
oactive ? "" : " (parse only)");
r = read_config_file_depth(gl.gl_pathv[i],
- pw, host, original_host, options,
- flags | SSHCONF_CHECKPERM |
+ pw, host, original_host, remote_command,
+ options, flags | SSHCONF_CHECKPERM |
(oactive ? 0 : SSHCONF_NEVERMATCH),
activep, want_final_pass, depth + 1);
if (r != 1 && errno != ENOENT) {
*/
int
read_config_file(const char *filename, struct passwd *pw, const char *host,
- const char *original_host, Options *options, int flags,
+ const char *original_host, const char *remote_command, Options *options, int flags,
int *want_final_pass)
{
int active = 1;
return read_config_file_depth(filename, pw, host, original_host,
- options, flags, &active, want_final_pass, 0);
+ remote_command, options, flags, &active, want_final_pass, 0);
}
#define READCONF_MAX_DEPTH 16
static int
read_config_file_depth(const char *filename, struct passwd *pw,
- const char *host, const char *original_host, Options *options,
- int flags, int *activep, int *want_final_pass, int depth)
+ const char *host, const char *original_host, const char *remote_command,
+ Options *options, int flags, int *activep, int *want_final_pass, int depth)
{
FILE *f;
char *line = NULL;
* line numbers later for error messages.
*/
if (process_config_line_depth(options, pw, host, original_host,
- line, filename, linenum, activep, flags, want_final_pass,
- depth) != 0)
+ remote_command, line, filename, linenum, activep, flags,
+ want_final_pass, depth) != 0)
bad_options++;
}
free(line);
-/* $OpenBSD: ssh.c,v 1.603 2025/02/10 23:19:26 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.604 2025/02/15 01:48:30 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
* file if the user specifies a config file on the command line.
*/
static void
-process_config_files(const char *host_name, struct passwd *pw, int final_pass,
- int *want_final_pass)
+process_config_files(const char *host_name, struct passwd *pw,
+ int final_pass, int *want_final_pass)
{
- char buf[PATH_MAX];
+ char *cmd, buf[PATH_MAX];
int r;
+ if ((cmd = sshbuf_dup_string(command)) == NULL)
+ fatal_f("sshbuf_dup_string failed");
if (config != NULL) {
if (strcasecmp(config, "none") != 0 &&
- !read_config_file(config, pw, host, host_name, &options,
+ !read_config_file(config, pw, host, host_name, cmd,
+ &options,
SSHCONF_USERCONF | (final_pass ? SSHCONF_FINAL : 0),
want_final_pass))
fatal("Can't open user config file %.100s: "
r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
_PATH_SSH_USER_CONFFILE);
if (r > 0 && (size_t)r < sizeof(buf))
- (void)read_config_file(buf, pw, host, host_name,
+ (void)read_config_file(buf, pw, host, host_name, cmd,
&options, SSHCONF_CHECKPERM | SSHCONF_USERCONF |
(final_pass ? SSHCONF_FINAL : 0), want_final_pass);
/* Read systemwide configuration file after user config. */
(void)read_config_file(_PATH_HOST_CONFIG_FILE, pw,
- host, host_name, &options,
+ host, host_name, cmd, &options,
final_pass ? SSHCONF_FINAL : 0, want_final_pass);
}
+ free(cmd);
}
/* Rewrite the port number in an addrinfo list of addresses */
case 'o':
line = xstrdup(optarg);
if (process_config_line(&options, pw,
- host ? host : "", host ? host : "", line,
+ host ? host : "", host ? host : "", "", line,
"command-line", 0, NULL, SSHCONF_USERCONF) != 0)
exit(255);
free(line);
projects / thirdparty / openssh-portable.git / commitdiff
