[Bug 3122] New Include functionality does not work as documented
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Apr 17 15:24:54 AEST 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3122
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org,
| |jjelen at redhat.com
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
This is the stanza that is causing this:
> /* consult cache of include files */
> TAILQ_FOREACH(item, includes, entry) {
> if (strcmp(item->selector, arg) != 0)
> continue;
> if (item->filename != NULL) {
> parse_server_config_depth(options,
> item->filename, item->contents,
> includes, connectinfo,
> (oactive ? 0 : SSHCFG_NEVERMATCH),
> activep, depth + 1);
> }
> found = 1;
> *activep = oactive;
> }
I'm not sure what the intention around NEVERMATCH is. There are a few
cases to consider:
1) Include in sshd_config before Match
2) Include in sshd_config after Match directive
and for each of those:
a) included file contains non-match directives
b) included file contains at least one Match directive
>From this I think we get case (b) wrong wrt processing of the Match -
as NEVERMATCH gets set and the match never gets considered. I need to
think about it a little more
Adding Jakub, the author of the Include patch (well, before I mangled
it anyway) in case he has something to add.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list