diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2020-05-29 04:25:40 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-05-29 15:46:47 +1000 |
commit | 4a1b46e6d032608b7ec00ae51c4e25b82f460b05 (patch) | |
tree | 7f345cd0424c5b6f7eff6e5d0f1b52747a960f9e /ssh.c | |
parent | c9bab1d3a9e183cef3a3412f57880a0374cc8cb2 (diff) |
upstream: Allow some keywords to expand shell-style ${ENV}
environment variables on the client side. The supported keywords are
CertificateFile, ControlPath, IdentityAgent and IdentityFile, plus
LocalForward and RemoteForward when used for Unix domain socket paths. This
would for example allow forwarding of Unix domain socket paths that change at
runtime. bz#3140, ok djm@
OpenBSD-Commit-ID: a4a2e801fc2d4df2fe0e58f50d9c81b03822dffa
Diffstat (limited to 'ssh.c')
-rw-r--r-- | ssh.c | 40 |
1 files changed, 33 insertions, 7 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.527 2020/04/10 00:52:07 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.528 2020/05/29 04:25:40 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -260,6 +260,31 @@ default_client_percent_expand(const char *str, const char *homedir, | |||
260 | } | 260 | } |
261 | 261 | ||
262 | /* | 262 | /* |
263 | * Expands the set of percent_expand options used by the majority of keywords | ||
264 | * AND perform environment variable substitution. | ||
265 | * Caller must free returned string. | ||
266 | */ | ||
267 | static char * | ||
268 | default_client_percent_dollar_expand(const char *str, const char *homedir, | ||
269 | const char *remhost, const char *remuser, const char *locuser) | ||
270 | { | ||
271 | char *ret; | ||
272 | |||
273 | ret = percent_dollar_expand(str, | ||
274 | /* values from statics above */ | ||
275 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | ||
276 | /* values from arguments */ | ||
277 | "d", homedir, | ||
278 | "h", remhost, | ||
279 | "r", remuser, | ||
280 | "u", locuser, | ||
281 | (char *)NULL); | ||
282 | if (ret == NULL) | ||
283 | fatal("invalid environment variable expansion"); | ||
284 | return ret; | ||
285 | } | ||
286 | |||
287 | /* | ||
263 | * Attempt to resolve a host name / port to a set of addresses and | 288 | * Attempt to resolve a host name / port to a set of addresses and |
264 | * optionally return any CNAMEs encountered along the way. | 289 | * optionally return any CNAMEs encountered along the way. |
265 | * Returns NULL on failure. | 290 | * Returns NULL on failure. |
@@ -1378,14 +1403,14 @@ main(int ac, char **av) | |||
1378 | if (options.control_path != NULL) { | 1403 | if (options.control_path != NULL) { |
1379 | cp = tilde_expand_filename(options.control_path, getuid()); | 1404 | cp = tilde_expand_filename(options.control_path, getuid()); |
1380 | free(options.control_path); | 1405 | free(options.control_path); |
1381 | options.control_path = default_client_percent_expand(cp, | 1406 | options.control_path = default_client_percent_dollar_expand(cp, |
1382 | pw->pw_dir, host, options.user, pw->pw_name); | 1407 | pw->pw_dir, host, options.user, pw->pw_name); |
1383 | free(cp); | 1408 | free(cp); |
1384 | } | 1409 | } |
1385 | 1410 | ||
1386 | if (options.identity_agent != NULL) { | 1411 | if (options.identity_agent != NULL) { |
1387 | p = tilde_expand_filename(options.identity_agent, getuid()); | 1412 | p = tilde_expand_filename(options.identity_agent, getuid()); |
1388 | cp = default_client_percent_expand(p, | 1413 | cp = default_client_percent_dollar_expand(p, |
1389 | pw->pw_dir, host, options.user, pw->pw_name); | 1414 | pw->pw_dir, host, options.user, pw->pw_name); |
1390 | free(p); | 1415 | free(p); |
1391 | free(options.identity_agent); | 1416 | free(options.identity_agent); |
@@ -1395,7 +1420,7 @@ main(int ac, char **av) | |||
1395 | if (options.forward_agent_sock_path != NULL) { | 1420 | if (options.forward_agent_sock_path != NULL) { |
1396 | p = tilde_expand_filename(options.forward_agent_sock_path, | 1421 | p = tilde_expand_filename(options.forward_agent_sock_path, |
1397 | getuid()); | 1422 | getuid()); |
1398 | cp = default_client_percent_expand(p, | 1423 | cp = default_client_percent_dollar_expand(p, |
1399 | pw->pw_dir, host, options.user, pw->pw_name); | 1424 | pw->pw_dir, host, options.user, pw->pw_name); |
1400 | free(p); | 1425 | free(p); |
1401 | free(options.forward_agent_sock_path); | 1426 | free(options.forward_agent_sock_path); |
@@ -1573,7 +1598,8 @@ main(int ac, char **av) | |||
1573 | unsetenv(SSH_AUTHSOCKET_ENV_NAME); | 1598 | unsetenv(SSH_AUTHSOCKET_ENV_NAME); |
1574 | } else { | 1599 | } else { |
1575 | cp = options.identity_agent; | 1600 | cp = options.identity_agent; |
1576 | if (cp[0] == '$') { | 1601 | /* legacy (limited) format */ |
1602 | if (cp[0] == '$' && cp[1] != '{') { | ||
1577 | if (!valid_env_name(cp + 1)) { | 1603 | if (!valid_env_name(cp + 1)) { |
1578 | fatal("Invalid IdentityAgent " | 1604 | fatal("Invalid IdentityAgent " |
1579 | "environment variable name %s", cp); | 1605 | "environment variable name %s", cp); |
@@ -2201,7 +2227,7 @@ load_public_identity_files(struct passwd *pw) | |||
2201 | continue; | 2227 | continue; |
2202 | } | 2228 | } |
2203 | cp = tilde_expand_filename(options.identity_files[i], getuid()); | 2229 | cp = tilde_expand_filename(options.identity_files[i], getuid()); |
2204 | filename = default_client_percent_expand(cp, | 2230 | filename = default_client_percent_dollar_expand(cp, |
2205 | pw->pw_dir, host, options.user, pw->pw_name); | 2231 | pw->pw_dir, host, options.user, pw->pw_name); |
2206 | free(cp); | 2232 | free(cp); |
2207 | check_load(sshkey_load_public(filename, &public, NULL), | 2233 | check_load(sshkey_load_public(filename, &public, NULL), |
@@ -2251,7 +2277,7 @@ load_public_identity_files(struct passwd *pw) | |||
2251 | for (i = 0; i < options.num_certificate_files; i++) { | 2277 | for (i = 0; i < options.num_certificate_files; i++) { |
2252 | cp = tilde_expand_filename(options.certificate_files[i], | 2278 | cp = tilde_expand_filename(options.certificate_files[i], |
2253 | getuid()); | 2279 | getuid()); |
2254 | filename = default_client_percent_expand(cp, | 2280 | filename = default_client_percent_dollar_expand(cp, |
2255 | pw->pw_dir, host, options.user, pw->pw_name); | 2281 | pw->pw_dir, host, options.user, pw->pw_name); |
2256 | free(cp); | 2282 | free(cp); |
2257 | 2283 | ||