diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2020-04-03 02:27:12 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-04-03 13:33:37 +1100 |
commit | ed833da176611a39d3376d62154eb88eb440d31c (patch) | |
tree | f9fe72b08478c0ad599538f9dbfb94e582e93a93 /readconf.c | |
parent | 6ec7457171468da2bbd908b8cd63d298b0e049ea (diff) |
upstream: Make with config keywords support which
percent_expansions more consistent. - %C is moved into its own function and
added to Match Exec. - move the common (global) options into a macro. This
is ugly but it's the least-ugly way I could come up with. - move
IdentityAgent and ForwardAgent percent expansion to before the config dump
to make it regression-testable. - document all of the above
ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest.
OpenBSD-Commit-ID: 4b65664bd6d8ae2a9afaf1a2438ddd1b614b1d75
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/readconf.c b/readconf.c index f3cac6b3a..1a3b2db29 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.326 2020/02/06 22:46:31 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.327 2020/04/03 02:27:12 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -324,6 +324,24 @@ kex_default_pk_alg(void) | |||
324 | return kex_default_pk_alg_filtered; | 324 | return kex_default_pk_alg_filtered; |
325 | } | 325 | } |
326 | 326 | ||
327 | char * | ||
328 | ssh_connection_hash(const char *thishost, const char *host, const char *portstr, | ||
329 | const char *user) | ||
330 | { | ||
331 | struct ssh_digest_ctx *md; | ||
332 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; | ||
333 | |||
334 | if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || | ||
335 | ssh_digest_update(md, thishost, strlen(thishost)) < 0 || | ||
336 | ssh_digest_update(md, host, strlen(host)) < 0 || | ||
337 | ssh_digest_update(md, portstr, strlen(portstr)) < 0 || | ||
338 | ssh_digest_update(md, user, strlen(user)) < 0 || | ||
339 | ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0) | ||
340 | fatal("%s: mux digest failed", __func__); | ||
341 | ssh_digest_free(md); | ||
342 | return tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); | ||
343 | } | ||
344 | |||
327 | /* | 345 | /* |
328 | * Adds a local TCP/IP port forward to options. Never returns if there is an | 346 | * Adds a local TCP/IP port forward to options. Never returns if there is an |
329 | * error. | 347 | * error. |
@@ -646,6 +664,8 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
646 | if (r == (negate ? 1 : 0)) | 664 | if (r == (negate ? 1 : 0)) |
647 | this_result = result = 0; | 665 | this_result = result = 0; |
648 | } else if (strcasecmp(attrib, "exec") == 0) { | 666 | } else if (strcasecmp(attrib, "exec") == 0) { |
667 | char *conn_hash_hex; | ||
668 | |||
649 | if (gethostname(thishost, sizeof(thishost)) == -1) | 669 | if (gethostname(thishost, sizeof(thishost)) == -1) |
650 | fatal("gethostname: %s", strerror(errno)); | 670 | fatal("gethostname: %s", strerror(errno)); |
651 | strlcpy(shorthost, thishost, sizeof(shorthost)); | 671 | strlcpy(shorthost, thishost, sizeof(shorthost)); |
@@ -653,8 +673,11 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
653 | snprintf(portstr, sizeof(portstr), "%d", port); | 673 | snprintf(portstr, sizeof(portstr), "%d", port); |
654 | snprintf(uidstr, sizeof(uidstr), "%llu", | 674 | snprintf(uidstr, sizeof(uidstr), "%llu", |
655 | (unsigned long long)pw->pw_uid); | 675 | (unsigned long long)pw->pw_uid); |
676 | conn_hash_hex = ssh_connection_hash(thishost, host, | ||
677 | portstr, pw->pw_name); | ||
656 | 678 | ||
657 | cmd = percent_expand(arg, | 679 | cmd = percent_expand(arg, |
680 | "C", conn_hash_hex, | ||
658 | "L", shorthost, | 681 | "L", shorthost, |
659 | "d", pw->pw_dir, | 682 | "d", pw->pw_dir, |
660 | "h", host, | 683 | "h", host, |
@@ -665,6 +688,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
665 | "u", pw->pw_name, | 688 | "u", pw->pw_name, |
666 | "i", uidstr, | 689 | "i", uidstr, |
667 | (char *)NULL); | 690 | (char *)NULL); |
691 | free(conn_hash_hex); | ||
668 | if (result != 1) { | 692 | if (result != 1) { |
669 | /* skip execution if prior predicate failed */ | 693 | /* skip execution if prior predicate failed */ |
670 | debug3("%.200s line %d: skipped exec " | 694 | debug3("%.200s line %d: skipped exec " |