diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2020-04-03 02:27:12 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-04-03 13:33:37 +1100 |
| commit | ed833da176611a39d3376d62154eb88eb440d31c (patch) | |
| tree | f9fe72b08478c0ad599538f9dbfb94e582e93a93 /readconf.c | |
| parent | 6ec7457171468da2bbd908b8cd63d298b0e049ea (diff) | |
upstream: Make with config keywords support which
percent_expansions more consistent. - %C is moved into its own function and
added to Match Exec. - move the common (global) options into a macro. This
is ugly but it's the least-ugly way I could come up with. - move
IdentityAgent and ForwardAgent percent expansion to before the config dump
to make it regression-testable. - document all of the above
ok jmc@ for man page bits, "makes things less terrible" djm@ for the rest.
OpenBSD-Commit-ID: 4b65664bd6d8ae2a9afaf1a2438ddd1b614b1d75
Diffstat (limited to 'readconf.c')
| -rw-r--r-- | readconf.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/readconf.c b/readconf.c index f3cac6b3a..1a3b2db29 100644 --- a/readconf.c +++ b/readconf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: readconf.c,v 1.326 2020/02/06 22:46:31 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.327 2020/04/03 02:27:12 dtucker Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -324,6 +324,24 @@ kex_default_pk_alg(void) | |||
| 324 | return kex_default_pk_alg_filtered; | 324 | return kex_default_pk_alg_filtered; |
| 325 | } | 325 | } |
| 326 | 326 | ||
| 327 | char * | ||
| 328 | ssh_connection_hash(const char *thishost, const char *host, const char *portstr, | ||
| 329 | const char *user) | ||
| 330 | { | ||
| 331 | struct ssh_digest_ctx *md; | ||
| 332 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; | ||
| 333 | |||
| 334 | if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || | ||
| 335 | ssh_digest_update(md, thishost, strlen(thishost)) < 0 || | ||
| 336 | ssh_digest_update(md, host, strlen(host)) < 0 || | ||
| 337 | ssh_digest_update(md, portstr, strlen(portstr)) < 0 || | ||
| 338 | ssh_digest_update(md, user, strlen(user)) < 0 || | ||
| 339 | ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0) | ||
| 340 | fatal("%s: mux digest failed", __func__); | ||
| 341 | ssh_digest_free(md); | ||
| 342 | return tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); | ||
| 343 | } | ||
| 344 | |||
| 327 | /* | 345 | /* |
| 328 | * Adds a local TCP/IP port forward to options. Never returns if there is an | 346 | * Adds a local TCP/IP port forward to options. Never returns if there is an |
| 329 | * error. | 347 | * error. |
| @@ -646,6 +664,8 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
| 646 | if (r == (negate ? 1 : 0)) | 664 | if (r == (negate ? 1 : 0)) |
| 647 | this_result = result = 0; | 665 | this_result = result = 0; |
| 648 | } else if (strcasecmp(attrib, "exec") == 0) { | 666 | } else if (strcasecmp(attrib, "exec") == 0) { |
| 667 | char *conn_hash_hex; | ||
| 668 | |||
| 649 | if (gethostname(thishost, sizeof(thishost)) == -1) | 669 | if (gethostname(thishost, sizeof(thishost)) == -1) |
| 650 | fatal("gethostname: %s", strerror(errno)); | 670 | fatal("gethostname: %s", strerror(errno)); |
| 651 | strlcpy(shorthost, thishost, sizeof(shorthost)); | 671 | strlcpy(shorthost, thishost, sizeof(shorthost)); |
| @@ -653,8 +673,11 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
| 653 | snprintf(portstr, sizeof(portstr), "%d", port); | 673 | snprintf(portstr, sizeof(portstr), "%d", port); |
| 654 | snprintf(uidstr, sizeof(uidstr), "%llu", | 674 | snprintf(uidstr, sizeof(uidstr), "%llu", |
| 655 | (unsigned long long)pw->pw_uid); | 675 | (unsigned long long)pw->pw_uid); |
| 676 | conn_hash_hex = ssh_connection_hash(thishost, host, | ||
| 677 | portstr, pw->pw_name); | ||
| 656 | 678 | ||
| 657 | cmd = percent_expand(arg, | 679 | cmd = percent_expand(arg, |
| 680 | "C", conn_hash_hex, | ||
| 658 | "L", shorthost, | 681 | "L", shorthost, |
| 659 | "d", pw->pw_dir, | 682 | "d", pw->pw_dir, |
| 660 | "h", host, | 683 | "h", host, |
| @@ -665,6 +688,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
| 665 | "u", pw->pw_name, | 688 | "u", pw->pw_name, |
| 666 | "i", uidstr, | 689 | "i", uidstr, |
| 667 | (char *)NULL); | 690 | (char *)NULL); |
| 691 | free(conn_hash_hex); | ||
| 668 | if (result != 1) { | 692 | if (result != 1) { |
| 669 | /* skip execution if prior predicate failed */ | 693 | /* skip execution if prior predicate failed */ |
| 670 | debug3("%.200s line %d: skipped exec " | 694 | debug3("%.200s line %d: skipped exec " |