https://bugzilla.mindrot.org/show_bug.cgi?id=3122
Damien Miller <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected], | |[email protected] --- Comment #1 from Damien Miller <[email protected]> --- This is the stanza that is causing this: > /* consult cache of include files */ > TAILQ_FOREACH(item, includes, entry) { > if (strcmp(item->selector, arg) != 0) > continue; > if (item->filename != NULL) { > parse_server_config_depth(options, > item->filename, item->contents, > includes, connectinfo, > (oactive ? 0 : SSHCFG_NEVERMATCH), > activep, depth + 1); > } > found = 1; > *activep = oactive; > } I'm not sure what the intention around NEVERMATCH is. There are a few cases to consider: 1) Include in sshd_config before Match 2) Include in sshd_config after Match directive and for each of those: a) included file contains non-match directives b) included file contains at least one Match directive >From this I think we get case (b) wrong wrt processing of the Match - as NEVERMATCH gets set and the match never gets considered. I need to think about it a little more Adding Jakub, the author of the Include patch (well, before I mangled it anyway) in case he has something to add. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
