[Bug 2267] Host matching uses modified hostname as well as original
https://bugzilla.mindrot.org/show_bug.cgi?id=2267 --- Comment #5 from Richard Birkett --- Hi Damien, The diff doesn't include the changes to readconf.h, so all of the defines are missing... can you upload that diff, please? (Don't worry, I know all about working-while-asleep!) I've double-checked the previous patch, though, and Host is definitely behaving like "Match host" (ie. taking HostName into account), even with canonicalisation off. I'll check the new patch as soon as readconf.h is there. I'd like to have a go at a proof of concept of my idea, since I still have concerns about the double-pass parsing and its scope for surprises. Obviously it needs to be (a) easy to understand, and unfortunately (b) backward compatible with the behaviour documented in 6.6 (though luckily the 6.6 docs are a little ambiguous!). I know 6.7 is already in its final testing phase, but is there any chance either of our solutions might still get into that? Or are we now targetting 6.8 (or 6.7.1)? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2267] Host matching uses modified hostname as well as original
https://bugzilla.mindrot.org/show_bug.cgi?id=2267 Damien Miller changed: What|Removed |Added Attachment #2466|0 |1 is obsolete|| --- Comment #6 from Damien Miller --- Created attachment 2467 --> https://bugzilla.mindrot.org/attachment.cgi?id=2467&action=edit attempt #3 This one includes readconf.h and ssh-keysign.c that I also missed. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2266] Bugs intended to be fixed in 6.8
https://bugzilla.mindrot.org/show_bug.cgi?id=2266 Damien Miller changed: What|Removed |Added Depends on||2267 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2267] Host matching uses modified hostname as well as original
https://bugzilla.mindrot.org/show_bug.cgi?id=2267 Damien Miller changed: What|Removed |Added Blocks||2266 --- Comment #7 from Damien Miller --- Unfortunately this is too late for 6.7 - we're only considering portability fixes at this stage, but I expect that 6.8 won't be too far away. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 2267] Host matching uses modified hostname as well as original
https://bugzilla.mindrot.org/show_bug.cgi?id=2267 --- Comment #8 from Richard Birkett --- Thanks for attachment 2467 (attempt #3). Looks much better! I've put together a config file that tests all the different hostnames (original from the command-line and HostName, bare and canonicalised) against each of the different criteria, and the results are below. Each is Y (matched) or N (didn't match). With canonicalisation off: cmdline HostName bare canon bare canon HostY N N N Match originalhost Y N N N Match host N N Y N Match canonical originalhostN N N N Match canonical hostN N N N With canonicalisation on, the second pass gives: cmdline HostName bare canon bare canon HostY++ N++ N N Match originalhost Y N N N Match host N N Y N Match canonical originalhostY** N** N N Match canonical hostN N Y** N** ** looks like a bug ++ also looks like a bug (but is actually the behaviour I'd prefer!) My proposal would give this: originalHostName bare canon bare canon HostY N N N Match originalhost Y N N N Match host N N Y N Match canonical originalhostN Y N N Match canonical hostN N N Y (with the global CanonicalizeHostname option causing the first three lines to mirror the last two). Incidently, RereadConfig seems to be defaulting to "no" instead of "if-canon", I think because fill_default_options is called too late. So for the above tests I've set it to "if-canon" explicitly. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. ___ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs