diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-07-04 13:49:31 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-07-04 23:51:52 +1000 |
commit | 312d2f2861a2598ed08587cb6c45c0e98a85408f (patch) | |
tree | e3bdc4facef48a89cd76fa793d9e70211b7ff8d2 /match.c | |
parent | 303af5803bd74bf05d375c04e1a83b40c30b2be5 (diff) |
upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA
signature work - returns ability to add/remove/specify algorithms by
wildcard.
Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.
Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.
(lots of) feedback, ok markus@
OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207
Diffstat (limited to 'match.c')
-rw-r--r-- | match.c | 36 |
1 files changed, 30 insertions, 6 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.37 2017/03/10 04:24:55 djm Exp $ */ +/* $OpenBSD: match.c,v 1.38 2018/07/04 13:49:31 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -294,16 +294,20 @@ match_list(const char *client, const char *server, u_int *next) } /* - * Filters a comma-separated list of strings, excluding any entry matching - * the 'filter' pattern list. Caller must free returned string. + * Filter proposal using pattern-list filter. + * "blacklist" determines sense of filter: + * non-zero indicates that items matching filter should be excluded. + * zero indicates that only items matching filter should be included. + * returns NULL on allocation error, otherwise caller must free result. */ -char * -match_filter_list(const char *proposal, const char *filter) +static char * +filter_list(const char *proposal, const char *filter, int blacklist) { size_t len = strlen(proposal) + 1; char *fix_prop = malloc(len); char *orig_prop = strdup(proposal); char *cp, *tmp; + int r; if (fix_prop == NULL || orig_prop == NULL) { free(orig_prop); @@ -314,7 +318,8 @@ match_filter_list(const char *proposal, const char *filter) tmp = orig_prop; *fix_prop = '\0'; while ((cp = strsep(&tmp, ",")) != NULL) { - if (match_pattern_list(cp, filter, 0) != 1) { + r = match_pattern_list(cp, filter, 0); + if ((blacklist && r != 1) || (!blacklist && r == 1)) { if (*fix_prop != '\0') strlcat(fix_prop, ",", len); strlcat(fix_prop, cp, len); @@ -324,3 +329,22 @@ match_filter_list(const char *proposal, const char *filter) return fix_prop; } +/* + * Filters a comma-separated list of strings, excluding any entry matching + * the 'filter' pattern list. Caller must free returned string. + */ +char * +match_filter_blacklist(const char *proposal, const char *filter) +{ + return filter_list(proposal, filter, 1); +} + +/* + * Filters a comma-separated list of strings, including only entries matching + * the 'filter' pattern list. Caller must free returned string. + */ +char * +match_filter_whitelist(const char *proposal, const char *filter) +{ + return filter_list(proposal, filter, 0); +} |