diff options
| author | Damien Miller <djm@mindrot.org> | 2011-05-15 08:44:45 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2011-05-15 08:44:45 +1000 |
| commit | fe92421772243702ecb18b862dbeb51a9bdbbc6e (patch) | |
| tree | cbe36e3617422cd47a7a9ba27b6e715cb2795cf1 | |
| parent | dfc85fa1815004bd885473068e7578be3dcbdfef (diff) | |
- djm@cvs.openbsd.org 2011/05/06 21:31:38
[readconf.c ssh_config.5]
support negated Host matching, e.g.
Host *.example.org !c.example.org
User mekmitasdigoat
Will match "a.example.org", "b.example.org", but not "c.example.org"
ok markus@
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | readconf.c | 26 | ||||
| -rw-r--r-- | ssh_config.5 | 11 |
3 files changed, 40 insertions, 6 deletions
@@ -23,6 +23,15 @@ [ssh.c ssh_config.5] add a %L expansion (short-form of the local host name) for ControlPath; sync some more expansions with LocalCommand; ok markus@ + - djm@cvs.openbsd.org 2011/05/06 21:31:38 + [readconf.c ssh_config.5] + support negated Host matching, e.g. + + Host *.example.org !c.example.org + User mekmitasdigoat + + Will match "a.example.org", "b.example.org", but not "c.example.org" + ok markus@ 20110510 - (dtucker) [openbsd-compat/openssl-compat.{c,h}] Bug #1882: fix @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.190 2010/11/13 23:27:50 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.191 2011/05/06 21:31:38 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -354,7 +354,7 @@ process_config_line(Options *options, const char *host, int *activep) { char *s, **charptr, *endofnumber, *keyword, *arg, *arg2, fwdarg[256]; - int opcode, *intptr, value, value2, scale; + int negated, opcode, *intptr, value, value2, scale; LogLevel *log_level_ptr; long long orig, val64; size_t len; @@ -793,12 +793,28 @@ parse_int: case oHost: *activep = 0; - while ((arg = strdelim(&s)) != NULL && *arg != '\0') + arg2 = NULL; + while ((arg = strdelim(&s)) != NULL && *arg != '\0') { + negated = *arg == '!'; + if (negated) + arg++; if (match_pattern(host, arg)) { - debug("Applying options for %.100s", arg); + if (negated) { + debug("%.200s line %d: Skipping Host " + "block because of negated match " + "for %.100s", filename, linenum, + arg); + *activep = 0; + break; + } + if (!*activep) + arg2 = arg; /* logged below */ *activep = 1; - break; } + } + if (*activep) + debug("%.200s line %d: Applying options for %.100s", + filename, linenum, arg2); /* Avoid garbage check below, as strdelim is done. */ return 0; diff --git a/ssh_config.5 b/ssh_config.5 index a5bad8cc..5bdc7fec 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,7 +33,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.147 2011/05/06 21:18:02 djm Exp $ +.\" $OpenBSD: ssh_config.5,v 1.148 2011/05/06 21:31:38 djm Exp $ .Dd $Mdocdate: May 6 2011 $ .Dt SSH_CONFIG 5 .Os @@ -112,6 +112,15 @@ The host is the argument given on the command line (i.e. the name is not converted to a canonicalized host name before matching). .Pp +A pattern entry may be negated by prefixing it with an exclamation mark +.Pq Sq !\& . +If a negated entry is matched, then the +.Cm Host +entry is ignored, regardless of whether any other patterns on the line +match. +Negated matches are therefore useful to provide exceptions for wildcard +matches. +.Pp See .Sx PATTERNS for more information on patterns. |