Skip to content
This repository has been archived by the owner on Oct 5, 2022. It is now read-only.

Commit

Permalink
Enable more non-able options in Match clauses.
Browse files Browse the repository at this point in the history 
Summary:
Some options can be `None`d during match clauses and need to be cleared
otherwise the word 'none' is stored in the config

Differential Revision: D19826055

fbshipit-source-id: 804be567
  • Loading branch information
@RichardScothern @facebook-github-bot
RichardScothern authored and facebook-github-bot committed Feb 14, 2020
1 parent 6dac6cd commit 34ca6e0
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 7 deletions.
12 changes: 7 additions & 5 deletions CHANGES.md
View file
Expand Up @@ -5,21 +5,23 @@ based on time in microseconds that applies to a sshd process and its children.

- Output a structured log line when a session is opened, fails to open and is
closed. The log line contains various data about the session and can be
configured by LogFormatPrefix, LogFormatJson and LogFormatKeys.
configured by `LogFormatPrefix`, `LogFormatJson` and `LogFormatKeys`.

- Output a line in the logs whenever a local or remote tunnel is created.

- Increase the maximum number of principals in a certificate to 1024
- Increase the maximum number of principals in a certificate to 1024.

- Output a line in the logs showing the command run, or shell request and the
user
user.

- Output a line in the logs showing which principal was matched when certificate
authentication was used
authentication was used.

- Set an environment variable SSH_CERT_PRINCIPALS in the child process to be the
- Set an environment variable `SSH_CERT_PRINCIPALS` in the child process to be the
full principal list of a user's SSH certificate when forced ommand is present
and the user is authenticated by the certificate.

- Read the kerberos ticket cache location from the ssh section of the kerberos
config file.

- Fix a bug where some options in `Match` clauses are not correctly `none`able.
8 changes: 6 additions & 2 deletions servconf.c
View file
Expand Up @@ -458,7 +458,6 @@ fill_default_server_options(ServerOptions *options)
CLEAR_ON_NONE(options->host_key_files[i]);
for (i = 0; i < options->num_host_cert_files; i++)
CLEAR_ON_NONE(options->host_cert_files[i]);
#undef CLEAR_ON_NONE

/* Similar handling for AuthenticationMethods=any */
if (options->num_auth_methods == 1 &&
Expand Down Expand Up @@ -2390,6 +2389,11 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
/* See comment in servconf.h */
COPY_MATCH_STRING_OPTS();

CLEAR_ON_NONE(dst->banner);
CLEAR_ON_NONE(dst->trusted_user_ca_keys);
CLEAR_ON_NONE(dst->revoked_keys_file);
CLEAR_ON_NONE(dst->authorized_principals_file);

/* Arguments that accept '+...' need to be expanded */
assemble_algorithms(dst);

Expand All @@ -2412,7 +2416,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
dst->chroot_directory = NULL;
}
}

#undef CLEAR_ON_NONE
#undef M_CP_INTOPT
#undef M_CP_STROPT
#undef M_CP_STRARRAYOPT
Expand Down

0 comments on commit 34ca6e0

Please sign in to comment.