History log of /openssh-portable/match.c (Results 1 – 25 of 50)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
Revision tags: V_8_6_P1, V_8_5_P1
# 05bcd0ca 03-Nov-2020 djm@openbsd.org

upstream: fold consecutive '*' wildcards to mitigate combinatorial

explosion of recursive searches; ok dtucker

OpenBSD-Commit-ID: d18bcb39c40fb8a1ab61153db987e7d11dd3792b


Revision tags: V_8_4_P1
# 6d755706 05-Jul-2020 djm@openbsd.org

upstream: some language improvements; ok markus

OpenBSD-Commit-ID: 939d787d571b4d5da50b3b721fd0b2ac236acaa8


Revision tags: V_8_3_P1, V_8_2_P1
# 72687c8e 12-Nov-2019 deraadt@openbsd.org

upstream: stdarg.h required more broadly; ok djm

OpenBSD-Commit-ID: b5b15674cde1b54d6dbbae8faf30d47e6e5d6513


# 2b523d23 12-Nov-2019 Darren Tucker

Include stdarg.h for va_list in xmalloc.h.


# a4cc579c 12-Nov-2019 Darren Tucker

Fix comment in match_usergroup_pattern_list.

Spotted by balu.gajjala@gmail.com via bz#3092.


Revision tags: V_8_1_P1
# b7fbc75e 04-Oct-2019 djm@openbsd.org

upstream: space

OpenBSD-Commit-ID: 350648bcf00a2454e7ef998b7d88e42552b348ac


Revision tags: V_8_0_P1
# daa7505a 11-Mar-2019 Darren Tucker

Use Cygwin-specific matching only for users+groups.

Patch from vinschen at redhat.com, updated a little by me.


# fd10cf02 06-Mar-2019 dtucker@openbsd.org

upstream: Move checks for lists of users or groups into their own

function. This is a no-op on OpenBSD but will make things easier in
-portable, eg on systems where these checks should be case-insen

upstream: Move checks for lists of users or groups into their own

function. This is a no-op on OpenBSD but will make things easier in
-portable, eg on systems where these checks should be case-insensitive. ok
djm@

OpenBSD-Commit-ID: 8bc9c8d98670e23f8eaaaefe29c1f98e7ba0487e

show more ...


# 37638c75 20-Feb-2019 Corinna Vinschen

Cygwin: implement case-insensitive Unicode user and group name matching

The previous revert enabled case-insensitive user names again. This
patch implements the case-insensitive user and group name

Cygwin: implement case-insensitive Unicode user and group name matching

The previous revert enabled case-insensitive user names again. This
patch implements the case-insensitive user and group name matching.
To allow Unicode chars, implement the matcher using wchar_t chars in
Cygwin-specific code. Keep the generic code changes as small as possible.
Cygwin: implement case-insensitive Unicode user and group name matching

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>

show more ...


# bed1d436 21-Feb-2019 Darren Tucker

Revert unintended parts of previous commit.


# f02afa35 20-Feb-2019 Corinna Vinschen

Revert "[auth.c] On Cygwin, refuse usernames that have differences in case"

This reverts commit acc9b29486dfd649dfda474e5c1a03b317449f1c.

Signed-off-by: Corinna Vinschen <vinschen@redhat.com>


Revision tags: V_7_9_P1, V_7_8_P1
# 312d2f28 04-Jul-2018 djm@openbsd.org

upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA

signature work - returns ability to add/remove/specify algorithms by
wildcard.

Algorithm lists are now fully expanded when the server

upstream: repair PubkeyAcceptedKeyTypes (and friends) after RSA

signature work - returns ability to add/remove/specify algorithms by
wildcard.

Algorithm lists are now fully expanded when the server/client configs
are finalised, so errors are reported early and the config dumps
(e.g. "ssh -G ...") now list the actual algorithms selected.

Clarify that, while wildcards are accepted in algorithm lists, they
aren't full pattern-lists that support negation.

(lots of) feedback, ok markus@

OpenBSD-Commit-ID: a8894c5c81f399a002f02ff4fe6b4fa46b1f3207

show more ...


Revision tags: V_7_7_P1, V_7_6_P1, V_7_5_P1
# dd3e2298 09-Mar-2017 djm@openbsd.org

upstream commit

make hostname matching really insensitive to case;
bz#2685, reported by Petr Cerny; ok dtucker@

Upstream-ID: e467622ff154269e36ba8b6c9e3d105e1c4a9253


# 77a9be94 09-Mar-2017 djm@openbsd.org

upstream commit

reword a comment to make it fit 80 columns

Upstream-ID: 4ef509a66b96c7314bbcc87027c2af71fa9d0ba4


# df993693 09-Mar-2017 djm@openbsd.org

upstream commit

make hostname matching really insensitive to case;
bz#2685, reported by Petr Cerny; ok dtucker@

Upstream-ID: e632b7a9bf0d0558d5ff56dab98b7cca6c3db549


# ec2892b5 09-Mar-2017 djm@openbsd.org

upstream commit

reword a comment to make it fit 80 columns

Upstream-ID: b4b48b4487c0821d16e812c40c9b09f03b28e349


# b2afdaf1 15-Feb-2017 jsg@openbsd.org

upstream commit

Fix memory leaks in match_filter_list() error paths.

ok dtucker@ markus@

Upstream-ID: c7f96ac0877f6dc9188bbc908100a8d246cc7f0e


# 68bc8cfa 03-Feb-2017 djm@openbsd.org

upstream commit

support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@

Upstream-ID: c78c38f9f81a963b33d0eade

upstream commit

support =- for removing methods from algorithms lists,
e.g. Ciphers=-*cbc; suggested by Cristian Ionescu-Idbohrn in bz#2671 "I like
it" markus@

Upstream-ID: c78c38f9f81a963b33d0eade559f6048add24a6d

show more ...


Revision tags: V_7_4_P1
# 010359b3 06-Nov-2016 djm@openbsd.org

upstream commit

Validate address ranges for AllowUser/DenyUsers at
configuration load time and refuse to accept bad ones. It was previously
possible to specify invalid CIDR address ranges (e.g. djm@

upstream commit

Validate address ranges for AllowUser/DenyUsers at
configuration load time and refuse to accept bad ones. It was previously
possible to specify invalid CIDR address ranges (e.g. djm@127.1.2.3/55) and
these would always match.

Thanks to Laurence Parry for a detailed bug report. ok markus (for
a previous diff version)

Upstream-ID: 9dfcdd9672b06e65233ea4434c38226680d40bfb

show more ...


# a5ad3a9d 21-Sep-2016 djm@openbsd.org

upstream commit

Revert two recent changes to negated address matching. The
new behaviour offers unintuitive surprises. We'll find a better way to deal
with single negated matches.

match.c 1.31:
> f

upstream commit

Revert two recent changes to negated address matching. The
new behaviour offers unintuitive surprises. We'll find a better way to deal
with single negated matches.

match.c 1.31:
> fix matching for pattern lists that contain a single negated match,
> e.g. "Host !example"
>
> report and patch from Robin Becker. bz#1918 ok dtucker@

addrmatch.c 1.11:
> fix negated address matching where the address list consists of a
> single negated match, e.g. "Match addr !192.20.0.1"
>
> Report and patch from Jakub Jelen. bz#2397 ok dtucker@

Upstream-ID: ec96c770f0f5b9a54e5e72fda25387545e9c80c6

show more ...


# 4067ec8a 22-Aug-2016 djm@openbsd.org

upstream commit

fix matching for pattern lists that contain a single
negated match, e.g. "Host !example"

report and patch from Robin Becker. bz#1918 ok dtucker@

Upstream-ID: 05a0cb323ea4bc20e98db0

upstream commit

fix matching for pattern lists that contain a single
negated match, e.g. "Host !example"

report and patch from Robin Becker. bz#1918 ok dtucker@

Upstream-ID: 05a0cb323ea4bc20e98db099b42c067bfb9ea1ea

show more ...


Revision tags: V_7_3_P1, V_7_2_P2, V_7_2_P1, V_7_1_P2, V_7_1_P1, V_7_0_P1, V_6_9_P1
# e661a863 04-May-2015 djm@openbsd.org

upstream commit

Remove pattern length argument from match_pattern_list(), we
only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an i

upstream commit

Remove pattern length argument from match_pattern_list(), we
only ever use it for strlen(pattern).

Prompted by hanno AT hboeck.de pointing an out-of-bound read
error caused by an incorrect pattern length found using AFL
and his own tools.

ok markus@

show more ...


Revision tags: V_6_8_P1, V_6_7_P1, V_6_6_P1, V_6_5_P1
# fdb2306a 20-Nov-2013 Damien Miller

- deraadt@cvs.openbsd.org 2013/11/20 20:54:10
[canohost.c clientloop.c match.c readconf.c sftp.c]
unsigned casts for ctype macros where neccessary
ok guenther millert markus


Revision tags: V_6_4_P1, V_6_3_P1
# a627d42e 01-Jun-2013 Darren Tucker

- djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
gss-genr.c

- djm@cvs.openbsd.org 2013/05/17 00:13:13
[xmalloc.h cipher.c sftp-glob.c ssh-keyscan.c ssh.c sftp-common.c
ssh-ecdsa.c auth2-chall.c compat.c readconf.c kexgexs.c monitor.c
gss-genr.c cipher-3des1.c kex.c monitor_wrap.c ssh-pkcs11-client.c
auth-options.c rsa.c auth2-pubkey.c sftp.c hostfile.c auth2.c
servconf.c auth.c authfile.c xmalloc.c uuencode.c sftp-client.c
auth2-gss.c sftp-server.c bufaux.c mac.c session.c jpake.c kexgexc.c
sshconnect.c auth-chall.c auth2-passwd.c sshconnect1.c buffer.c
kexecdhs.c kexdhs.c ssh-rsa.c auth1.c ssh-pkcs11.c auth2-kbdint.c
kexdhc.c sshd.c umac.c ssh-dss.c auth2-jpake.c bufbn.c clientloop.c
monitor_mm.c scp.c roaming_client.c serverloop.c key.c auth-rsa.c
ssh-pkcs11-helper.c ssh-keysign.c ssh-keygen.c match.c channels.c
sshconnect2.c addrmatch.c mux.c canohost.c kexecdhc.c schnorr.c
ssh-add.c misc.c auth2-hostbased.c ssh-agent.c bufec.c groupaccess.c
dns.c packet.c readpass.c authfd.c moduli.c]
bye, bye xfree(); ok markus@

show more ...


Revision tags: V_6_2_P2, V_6_2_P1, V_6_1_P1, V_6_0_P1, V_5_9_P1, V_5_8_P2, V_5_8_P1, V_5_7_P1, V_5_6_P1, V_5_5_P1, V_5_4_P1, V_5_3_P1, V_5_2_P1, V_5_1_P1
# 896ad5a4 10-Jun-2008 Darren Tucker

- djm@cvs.openbsd.org 2008/06/10 23:06:19
[auth-options.c match.c servconf.c addrmatch.c sshd.8]
support CIDR address matching in .ssh/authorized_keys from="..." stanzas
ok and extensi

- djm@cvs.openbsd.org 2008/06/10 23:06:19
[auth-options.c match.c servconf.c addrmatch.c sshd.8]
support CIDR address matching in .ssh/authorized_keys from="..." stanzas
ok and extensive testing dtucker@

show more ...


12