RFE: EndMatch

[Darren Tucker]

On Fri, Sep 14, 2012 at 09:46:16AM +1000, Darren Tucker wrote:
> On Thu, Sep 13, 2012 at 04:56:19PM +0200, Biltong wrote:
> > Currently a Match block can only be ended by another Match block or an
> > end of file.
> > 
> > I'd like to suggest adding the keyword "EndMatch" to mark the end of a
> > Match block.
> 
> Rather than adding a new keyword, it would probably be doable by
> extending Match to understand "Match all", which should have the
> semantics you want.  You could end up with some configs that were pretty
> hard to understand, though.

Something like this (warning: untested).

Index: servconf.c
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/servconf.c,v
retrieving revision 1.226
diff -u -p -r1.226 servconf.c
--- servconf.c	31 Jul 2012 02:22:38 -0000	1.226
+++ servconf.c	14 Sep 2012 00:06:49 -0000
@@ -637,7 +637,18 @@ match_cfg_line(char **condition, int lin
 		    ci->address ? ci->address : "(null)",
 		    ci->laddress ? ci->laddress : "(null)", ci->lport);
 
+	if (strcasecmp(cp, "all") == 0) {
+		debug3("matching due to 'match all'");
+		attrib = strdelim(&cp);  /* consume token */
+		*condition = cp;
+		return 1;
+	}
+
 	while ((attrib = strdelim(&cp)) && *attrib != '\0') {
+		if (strcasecmp(attrib, "all") == 0) {
+			error("'Match all' used with additional criteria.");
+			return -1;
+		}
 		if ((arg = strdelim(&cp)) == NULL || *arg == '\0') {
 			error("Missing Match criteria for %s", attrib);
 			return -1;

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.