summaryrefslogtreecommitdiff
path: root/auth2-pubkey.c
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-06-01 03:33:53 +0000
committerDamien Miller <djm@mindrot.org>2018-06-01 13:35:59 +1000
commit9c935dd9bf05628826ad2495d3e8bdf3d3271c21 (patch)
tree35ccf63e51d3daf2fa927b843d813295e41e96e6 /auth2-pubkey.c
parentd8748b91d1d6c108c0c260ed41fa55f37b9ef34b (diff)
upstream: make UID available as a %-expansion everywhere that the
username is available currently. In the client this is via %i, in the server %U (since %i was already used in the client in some places for this, but used for something different in the server); bz#2870, ok dtucker@ OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95
Diffstat (limited to 'auth2-pubkey.c')
-rw-r--r--auth2-pubkey.c12
1 files changed, 9 insertions, 3 deletions
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 8024b1d6a..5603f5ef3 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: auth2-pubkey.c,v 1.77 2018/03/03 03:15:51 djm Exp $ */ 1/* $OpenBSD: auth2-pubkey.c,v 1.78 2018/06/01 03:33:53 djm Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -387,7 +387,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
387 pid_t pid; 387 pid_t pid;
388 char *tmp, *username = NULL, *command = NULL, **av = NULL; 388 char *tmp, *username = NULL, *command = NULL, **av = NULL;
389 char *ca_fp = NULL, *key_fp = NULL, *catext = NULL, *keytext = NULL; 389 char *ca_fp = NULL, *key_fp = NULL, *catext = NULL, *keytext = NULL;
390 char serial_s[16]; 390 char serial_s[16], uidstr[32];
391 void (*osigchld)(int); 391 void (*osigchld)(int);
392 392
393 if (authoptsp != NULL) 393 if (authoptsp != NULL)
@@ -447,8 +447,11 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
447 } 447 }
448 snprintf(serial_s, sizeof(serial_s), "%llu", 448 snprintf(serial_s, sizeof(serial_s), "%llu",
449 (unsigned long long)cert->serial); 449 (unsigned long long)cert->serial);
450 snprintf(uidstr, sizeof(uidstr), "%llu",
451 (unsigned long long)user_pw->pw_uid);
450 for (i = 1; i < ac; i++) { 452 for (i = 1; i < ac; i++) {
451 tmp = percent_expand(av[i], 453 tmp = percent_expand(av[i],
454 "U", uidstr,
452 "u", user_pw->pw_name, 455 "u", user_pw->pw_name,
453 "h", user_pw->pw_dir, 456 "h", user_pw->pw_dir,
454 "t", sshkey_ssh_name(key), 457 "t", sshkey_ssh_name(key),
@@ -852,7 +855,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
852 int i, uid_swapped = 0, ac = 0; 855 int i, uid_swapped = 0, ac = 0;
853 pid_t pid; 856 pid_t pid;
854 char *username = NULL, *key_fp = NULL, *keytext = NULL; 857 char *username = NULL, *key_fp = NULL, *keytext = NULL;
855 char *tmp, *command = NULL, **av = NULL; 858 char uidstr[32], *tmp, *command = NULL, **av = NULL;
856 void (*osigchld)(int); 859 void (*osigchld)(int);
857 860
858 if (authoptsp != NULL) 861 if (authoptsp != NULL)
@@ -902,8 +905,11 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
902 command); 905 command);
903 goto out; 906 goto out;
904 } 907 }
908 snprintf(uidstr, sizeof(uidstr), "%llu",
909 (unsigned long long)user_pw->pw_uid);
905 for (i = 1; i < ac; i++) { 910 for (i = 1; i < ac; i++) {
906 tmp = percent_expand(av[i], 911 tmp = percent_expand(av[i],
912 "U", uidstr,
907 "u", user_pw->pw_name, 913 "u", user_pw->pw_name,
908 "h", user_pw->pw_dir, 914 "h", user_pw->pw_dir,
909 "t", sshkey_ssh_name(key), 915 "t", sshkey_ssh_name(key),