diff options
| author | Damien Miller <djm@mindrot.org> | 2014-02-24 15:56:45 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2014-02-24 15:56:45 +1100 |
| commit | 0628780abe61e7e50cba48cdafb1837f49ff23b2 (patch) | |
| tree | 306239f5d1de77fc6ab9678299f8e0be35747599 | |
| parent | 0890dc8191bb201eb01c3429feec0300a9d3a930 (diff) | |
- djm@cvs.openbsd.org 2014/02/22 01:32:19
[readconf.c]
when processing Match blocks, skip 'exec' clauses if previous predicates
failed to match; ok markus@
| -rw-r--r-- | ChangeLog | 7 | ||||
| -rw-r--r-- | readconf.c | 31 |
2 files changed, 25 insertions, 13 deletions
@@ -8,9 +8,10 @@ [channels.c] avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W; bz#2200, debian#738692 via Colin Watson; ok dtucker@ - -20140221 - - (tim) [configure.ac] Fix cut-and-paste error. Patch from Bryan Drewery. + - djm@cvs.openbsd.org 2014/02/22 01:32:19 + [readconf.c] + when processing Match blocks, skip 'exec' clauses if previous predicates + failed to match; ok markus@ 20140213 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compat @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.216 2014/01/29 06:18:35 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.217 2014/02/22 01:32:19 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -537,16 +537,27 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, "r", ruser, "u", pw->pw_name, (char *)NULL); - r = execute_in_shell(cmd); - if (r == -1) { - fatal("%.200s line %d: match exec '%.100s' " - "error", filename, linenum, cmd); - } else if (r == 0) { - debug("%.200s line %d: matched " - "'exec \"%.100s\"' ", + if (result != 1) { + /* skip execution if prior predicate failed */ + debug("%.200s line %d: skipped exec \"%.100s\"", filename, linenum, cmd); - } else - result = 0; + } else { + r = execute_in_shell(cmd); + if (r == -1) { + fatal("%.200s line %d: match exec " + "'%.100s' error", filename, + linenum, cmd); + } else if (r == 0) { + debug("%.200s line %d: matched " + "'exec \"%.100s\"'", filename, + linenum, cmd); + } else { + debug("%.200s line %d: no match " + "'exec \"%.100s\"'", filename, + linenum, cmd); + result = 0; + } + } free(cmd); } else { error("Unsupported Match attribute %s", attrib); |