https://bugzilla.mindrot.org/show_bug.cgi?id=3122
--- Comment #6 from Jakub Jelen <[email protected]> --- (In reply to Damien Miller from comment #5) > Just so I understand what's going on in the patch, is *activep==2 > supposed to mean "only allow match/include directives"? Only options in match blocks are used. Regardless they are in the main file or in included file (after first match block). The includes are processed the same way as in normally, but if directive comes before any match block, it is ignored. > If so, rather than touch every *activep test but those, I think it > might be better to add a new inc_flags value, say SSHCFG_IN_MATCH or > perhaps SSHCFG_MATCH_ONLY drive the logic from that. What do you > think? Sure, if you would be able to plug it somehow together. I was not able to figure out correct conditions to make the flags working towards this goal. The main issue is that I need this flag to be active up to the first match block, but I do not have simple way to get this information out of process_server_config_line_depth() function to its caller, which is the only place I can for sure say "here was a Match block". I can probably introduce new parameters, modify return values or use global variables, but I was not satisfied with either direction so far. But what I put together and which is missing in my patch above is the regression test: @@ -150,5 +150,19 @@ ${SUDO} ${REAL_SSHD} -f $OBJ/sshd_config.i.x \ -C "host=x,user=test,addr=127.0.0.1" 2>/dev/null && \ fail "sshd allowed Include with no argument" +# Ensure the Include before any Match block works as expected (bug #3122) +cat > $OBJ/sshd_config.i << _EOF +Banner /xx +HostKey $OBJ/host.ssh-ed25519 +Include $OBJ/sshd_config.i.2 +_EOF +cat > $OBJ/sshd_config.i.2 << _EOF +Match host a + Banner /aa +_EOF + +trace "Include before match blocks" +trial a /aa "included file before match blocks is properly evaluated" + # cleanup rm -f $OBJ/sshd_config.i $OBJ/sshd_config.i.* $OBJ/sshd_config.out -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
