- djm@cvs.openbsd.org 2013/12/05 01:16:41

[servconf.c servconf.h]
     bz#2161 - fix AuthorizedKeysCommand inside a Match block and
     rearrange things so the same error is harder to make next time;
     with and ok dtucker@

ChangeLog

@@ -43,6 +43,11 @@
      [sftp-client.c]
      bz#2171: don't leak local_fd on error; from Loganaden Velvindron @
      AfriNIC
+   - djm@cvs.openbsd.org 2013/12/05 01:16:41
+     [servconf.c servconf.h]
+     bz#2161 - fix AuthorizedKeysCommand inside a Match block and
+     rearrange things so the same error is harder to make next time;
+     with and ok dtucker@
  - (dtucker) [configure.ac] bz#2173: use pkg-config --libs to include correct
    -L location for libedit.  Patch from Serge van den Boom.
 

servconf.c

@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.246 2013/11/21 00:45:44 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.247 2013/12/05 01:16:41 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1742,24 +1742,6 @@ int server_match_spec_complete(struct connection_info *ci)
 	return 0;	/* partial */
 }
 
-/* Helper macros */
-#define M_CP_INTOPT(n) do {\
-	if (src->n != -1) \
-		dst->n = src->n; \
-} while (0)
-#define M_CP_STROPT(n) do {\
-	if (src->n != NULL) { \
-		free(dst->n); \
-		dst->n = src->n; \
-	} \
-} while(0)
-#define M_CP_STRARRAYOPT(n, num_n) do {\
-	if (src->num_n != 0) { \
-		for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
-			dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
-	} \
-} while(0)
-
 /*
  * Copy any supported values that are set.
  *
@@ -1770,6 +1752,11 @@ int server_match_spec_complete(struct connection_info *ci)
 void
 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
 {
+#define M_CP_INTOPT(n) do {\
+	if (src->n != -1) \
+		dst->n = src->n; \
+} while (0)
+
 	M_CP_INTOPT(password_authentication);
 	M_CP_INTOPT(gss_authentication);
 	M_CP_INTOPT(rsa_authentication);
@@ -1779,8 +1766,6 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
 	M_CP_INTOPT(hostbased_uses_name_from_packet_only);
 	M_CP_INTOPT(kbd_interactive_authentication);
 	M_CP_INTOPT(zero_knowledge_password_authentication);
-	M_CP_STROPT(authorized_keys_command);
-	M_CP_STROPT(authorized_keys_command_user);
 	M_CP_INTOPT(permit_root_login);
 	M_CP_INTOPT(permit_empty_passwd);
 
@@ -1799,6 +1784,20 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
 	M_CP_INTOPT(rekey_limit);
 	M_CP_INTOPT(rekey_interval);
 
+	/* M_CP_STROPT and M_CP_STRARRAYOPT should not appear before here */
+#define M_CP_STROPT(n) do {\
+	if (src->n != NULL && dst->n != src->n) { \
+		free(dst->n); \
+		dst->n = src->n; \
+	} \
+} while(0)
+#define M_CP_STRARRAYOPT(n, num_n) do {\
+	if (src->num_n != 0) { \
+		for (dst->num_n = 0; dst->num_n < src->num_n; dst->num_n++) \
+			dst->n[dst->num_n] = xstrdup(src->n[dst->num_n]); \
+	} \
+} while(0)
+
 	/* See comment in servconf.h */
 	COPY_MATCH_STRING_OPTS();
 

servconf.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.110 2013/10/29 09:48:02 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.111 2013/12/05 01:16:41 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -202,6 +202,9 @@ struct connection_info {
  * Match sub-config and the main config, and must be sent from the
  * privsep slave to the privsep master. We use a macro to ensure all
  * the options are copied and the copies are done in the correct order.
+ *
+ * NB. an option must appear in servconf.c:copy_set_server_options() or
+ * COPY_MATCH_STRING_OPTS here but never both.
  */
 #define COPY_MATCH_STRING_OPTS() do { \
 		M_CP_STROPT(banner); \