diff options
author | Colin Watson <cjwatson@debian.org> | 2020-06-07 10:19:23 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2020-06-07 10:19:23 +0100 |
commit | 202f5a676221c244cd450086c334c2b59f339e86 (patch) | |
tree | d2f90a3a9ce2b33485c271eab01a48f02ef6fb5a /ssh.c | |
parent | f0de78bd4f29fa688c5df116f3f9cd43543a76d0 (diff) | |
parent | 9ca7e9c861775dd6c6312bc8aaab687403d24676 (diff) |
Import openssh_8.3p1.orig.tar.gz
Diffstat (limited to 'ssh.c')
-rw-r--r-- | ssh.c | 274 |
1 files changed, 167 insertions, 107 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.519 2020/02/07 03:54:44 dtucker Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.527 2020/04/10 00:52:07 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -86,7 +86,6 @@ | |||
86 | #include "canohost.h" | 86 | #include "canohost.h" |
87 | #include "compat.h" | 87 | #include "compat.h" |
88 | #include "cipher.h" | 88 | #include "cipher.h" |
89 | #include "digest.h" | ||
90 | #include "packet.h" | 89 | #include "packet.h" |
91 | #include "sshbuf.h" | 90 | #include "sshbuf.h" |
92 | #include "channels.h" | 91 | #include "channels.h" |
@@ -191,7 +190,7 @@ struct sshbuf *command; | |||
191 | int subsystem_flag = 0; | 190 | int subsystem_flag = 0; |
192 | 191 | ||
193 | /* # of replies received for global requests */ | 192 | /* # of replies received for global requests */ |
194 | static int remote_forward_confirms_received = 0; | 193 | static int forward_confirms_pending = -1; |
195 | 194 | ||
196 | /* mux.c */ | 195 | /* mux.c */ |
197 | extern int muxserver_sock; | 196 | extern int muxserver_sock; |
@@ -232,6 +231,34 @@ tilde_expand_paths(char **paths, u_int num_paths) | |||
232 | } | 231 | } |
233 | } | 232 | } |
234 | 233 | ||
234 | #define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS \ | ||
235 | "C", conn_hash_hex, \ | ||
236 | "L", shorthost, \ | ||
237 | "i", uidstr, \ | ||
238 | "l", thishost, \ | ||
239 | "n", host_arg, \ | ||
240 | "p", portstr | ||
241 | |||
242 | /* | ||
243 | * Expands the set of percent_expand options used by the majority of keywords | ||
244 | * in the client that support percent expansion. | ||
245 | * Caller must free returned string. | ||
246 | */ | ||
247 | static char * | ||
248 | default_client_percent_expand(const char *str, const char *homedir, | ||
249 | const char *remhost, const char *remuser, const char *locuser) | ||
250 | { | ||
251 | return percent_expand(str, | ||
252 | /* values from statics above */ | ||
253 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | ||
254 | /* values from arguments */ | ||
255 | "d", homedir, | ||
256 | "h", remhost, | ||
257 | "r", remuser, | ||
258 | "u", locuser, | ||
259 | (char *)NULL); | ||
260 | } | ||
261 | |||
235 | /* | 262 | /* |
236 | * Attempt to resolve a host name / port to a set of addresses and | 263 | * Attempt to resolve a host name / port to a set of addresses and |
237 | * optionally return any CNAMEs encountered along the way. | 264 | * optionally return any CNAMEs encountered along the way. |
@@ -248,6 +275,8 @@ resolve_host(const char *name, int port, int logerr, char *cname, size_t clen) | |||
248 | 275 | ||
249 | if (port <= 0) | 276 | if (port <= 0) |
250 | port = default_ssh_port(); | 277 | port = default_ssh_port(); |
278 | if (cname != NULL) | ||
279 | *cname = '\0'; | ||
251 | 280 | ||
252 | snprintf(strport, sizeof strport, "%d", port); | 281 | snprintf(strport, sizeof strport, "%d", port); |
253 | memset(&hints, 0, sizeof(hints)); | 282 | memset(&hints, 0, sizeof(hints)); |
@@ -477,7 +506,6 @@ resolve_canonicalize(char **hostp, int port) | |||
477 | } | 506 | } |
478 | /* Attempt each supplied suffix */ | 507 | /* Attempt each supplied suffix */ |
479 | for (i = 0; i < options.num_canonical_domains; i++) { | 508 | for (i = 0; i < options.num_canonical_domains; i++) { |
480 | *newname = '\0'; | ||
481 | xasprintf(&fullhost, "%s.%s.", *hostp, | 509 | xasprintf(&fullhost, "%s.%s.", *hostp, |
482 | options.canonical_domains[i]); | 510 | options.canonical_domains[i]); |
483 | debug3("%s: attempting \"%s\" => \"%s\"", __func__, | 511 | debug3("%s: attempting \"%s\" => \"%s\"", __func__, |
@@ -600,8 +628,6 @@ main(int ac, char **av) | |||
600 | extern char *optarg; | 628 | extern char *optarg; |
601 | struct Forward fwd; | 629 | struct Forward fwd; |
602 | struct addrinfo *addrs = NULL; | 630 | struct addrinfo *addrs = NULL; |
603 | struct ssh_digest_ctx *md; | ||
604 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; | ||
605 | size_t n, len; | 631 | size_t n, len; |
606 | 632 | ||
607 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | 633 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
@@ -1208,6 +1234,14 @@ main(int ac, char **av) | |||
1208 | if (options.jump_host != NULL) { | 1234 | if (options.jump_host != NULL) { |
1209 | char port_s[8]; | 1235 | char port_s[8]; |
1210 | const char *sshbin = argv0; | 1236 | const char *sshbin = argv0; |
1237 | int port = options.port, jumpport = options.jump_port; | ||
1238 | |||
1239 | if (port <= 0) | ||
1240 | port = default_ssh_port(); | ||
1241 | if (jumpport <= 0) | ||
1242 | jumpport = default_ssh_port(); | ||
1243 | if (strcmp(options.jump_host, host) == 0 && port == jumpport) | ||
1244 | fatal("jumphost loop via %s", options.jump_host); | ||
1211 | 1245 | ||
1212 | /* | 1246 | /* |
1213 | * Try to use SSH indicated by argv[0], but fall back to | 1247 | * Try to use SSH indicated by argv[0], but fall back to |
@@ -1321,15 +1355,8 @@ main(int ac, char **av) | |||
1321 | snprintf(uidstr, sizeof(uidstr), "%llu", | 1355 | snprintf(uidstr, sizeof(uidstr), "%llu", |
1322 | (unsigned long long)pw->pw_uid); | 1356 | (unsigned long long)pw->pw_uid); |
1323 | 1357 | ||
1324 | if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || | 1358 | conn_hash_hex = ssh_connection_hash(thishost, host, portstr, |
1325 | ssh_digest_update(md, thishost, strlen(thishost)) < 0 || | 1359 | options.user); |
1326 | ssh_digest_update(md, host, strlen(host)) < 0 || | ||
1327 | ssh_digest_update(md, portstr, strlen(portstr)) < 0 || | ||
1328 | ssh_digest_update(md, options.user, strlen(options.user)) < 0 || | ||
1329 | ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0) | ||
1330 | fatal("%s: mux digest failed", __func__); | ||
1331 | ssh_digest_free(md); | ||
1332 | conn_hash_hex = tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); | ||
1333 | 1360 | ||
1334 | /* | 1361 | /* |
1335 | * Expand tokens in arguments. NB. LocalCommand is expanded later, | 1362 | * Expand tokens in arguments. NB. LocalCommand is expanded later, |
@@ -1339,18 +1366,8 @@ main(int ac, char **av) | |||
1339 | if (options.remote_command != NULL) { | 1366 | if (options.remote_command != NULL) { |
1340 | debug3("expanding RemoteCommand: %s", options.remote_command); | 1367 | debug3("expanding RemoteCommand: %s", options.remote_command); |
1341 | cp = options.remote_command; | 1368 | cp = options.remote_command; |
1342 | options.remote_command = percent_expand(cp, | 1369 | options.remote_command = default_client_percent_expand(cp, |
1343 | "C", conn_hash_hex, | 1370 | pw->pw_dir, host, options.user, pw->pw_name); |
1344 | "L", shorthost, | ||
1345 | "d", pw->pw_dir, | ||
1346 | "h", host, | ||
1347 | "i", uidstr, | ||
1348 | "l", thishost, | ||
1349 | "n", host_arg, | ||
1350 | "p", portstr, | ||
1351 | "r", options.user, | ||
1352 | "u", pw->pw_name, | ||
1353 | (char *)NULL); | ||
1354 | debug3("expanded RemoteCommand: %s", options.remote_command); | 1371 | debug3("expanded RemoteCommand: %s", options.remote_command); |
1355 | free(cp); | 1372 | free(cp); |
1356 | if ((r = sshbuf_put(command, options.remote_command, | 1373 | if ((r = sshbuf_put(command, options.remote_command, |
@@ -1361,21 +1378,76 @@ main(int ac, char **av) | |||
1361 | if (options.control_path != NULL) { | 1378 | if (options.control_path != NULL) { |
1362 | cp = tilde_expand_filename(options.control_path, getuid()); | 1379 | cp = tilde_expand_filename(options.control_path, getuid()); |
1363 | free(options.control_path); | 1380 | free(options.control_path); |
1364 | options.control_path = percent_expand(cp, | 1381 | options.control_path = default_client_percent_expand(cp, |
1365 | "C", conn_hash_hex, | 1382 | pw->pw_dir, host, options.user, pw->pw_name); |
1366 | "L", shorthost, | ||
1367 | "h", host, | ||
1368 | "i", uidstr, | ||
1369 | "l", thishost, | ||
1370 | "n", host_arg, | ||
1371 | "p", portstr, | ||
1372 | "r", options.user, | ||
1373 | "u", pw->pw_name, | ||
1374 | "i", uidstr, | ||
1375 | (char *)NULL); | ||
1376 | free(cp); | 1383 | free(cp); |
1377 | } | 1384 | } |
1378 | 1385 | ||
1386 | if (options.identity_agent != NULL) { | ||
1387 | p = tilde_expand_filename(options.identity_agent, getuid()); | ||
1388 | cp = default_client_percent_expand(p, | ||
1389 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1390 | free(p); | ||
1391 | free(options.identity_agent); | ||
1392 | options.identity_agent = cp; | ||
1393 | } | ||
1394 | |||
1395 | if (options.forward_agent_sock_path != NULL) { | ||
1396 | p = tilde_expand_filename(options.forward_agent_sock_path, | ||
1397 | getuid()); | ||
1398 | cp = default_client_percent_expand(p, | ||
1399 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1400 | free(p); | ||
1401 | free(options.forward_agent_sock_path); | ||
1402 | options.forward_agent_sock_path = cp; | ||
1403 | } | ||
1404 | |||
1405 | for (i = 0; i < options.num_local_forwards; i++) { | ||
1406 | if (options.local_forwards[i].listen_path != NULL) { | ||
1407 | cp = options.local_forwards[i].listen_path; | ||
1408 | p = options.local_forwards[i].listen_path = | ||
1409 | default_client_percent_expand(cp, | ||
1410 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1411 | if (strcmp(cp, p) != 0) | ||
1412 | debug3("expanded LocalForward listen path " | ||
1413 | "'%s' -> '%s'", cp, p); | ||
1414 | free(cp); | ||
1415 | } | ||
1416 | if (options.local_forwards[i].connect_path != NULL) { | ||
1417 | cp = options.local_forwards[i].connect_path; | ||
1418 | p = options.local_forwards[i].connect_path = | ||
1419 | default_client_percent_expand(cp, | ||
1420 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1421 | if (strcmp(cp, p) != 0) | ||
1422 | debug3("expanded LocalForward connect path " | ||
1423 | "'%s' -> '%s'", cp, p); | ||
1424 | free(cp); | ||
1425 | } | ||
1426 | } | ||
1427 | |||
1428 | for (i = 0; i < options.num_remote_forwards; i++) { | ||
1429 | if (options.remote_forwards[i].listen_path != NULL) { | ||
1430 | cp = options.remote_forwards[i].listen_path; | ||
1431 | p = options.remote_forwards[i].listen_path = | ||
1432 | default_client_percent_expand(cp, | ||
1433 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1434 | if (strcmp(cp, p) != 0) | ||
1435 | debug3("expanded RemoteForward listen path " | ||
1436 | "'%s' -> '%s'", cp, p); | ||
1437 | free(cp); | ||
1438 | } | ||
1439 | if (options.remote_forwards[i].connect_path != NULL) { | ||
1440 | cp = options.remote_forwards[i].connect_path; | ||
1441 | p = options.remote_forwards[i].connect_path = | ||
1442 | default_client_percent_expand(cp, | ||
1443 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1444 | if (strcmp(cp, p) != 0) | ||
1445 | debug3("expanded RemoteForward connect path " | ||
1446 | "'%s' -> '%s'", cp, p); | ||
1447 | free(cp); | ||
1448 | } | ||
1449 | } | ||
1450 | |||
1379 | if (config_test) { | 1451 | if (config_test) { |
1380 | dump_client_config(&options, host); | 1452 | dump_client_config(&options, host); |
1381 | exit(0); | 1453 | exit(0); |
@@ -1500,23 +1572,7 @@ main(int ac, char **av) | |||
1500 | if (strcmp(options.identity_agent, "none") == 0) { | 1572 | if (strcmp(options.identity_agent, "none") == 0) { |
1501 | unsetenv(SSH_AUTHSOCKET_ENV_NAME); | 1573 | unsetenv(SSH_AUTHSOCKET_ENV_NAME); |
1502 | } else { | 1574 | } else { |
1503 | p = tilde_expand_filename(options.identity_agent, | 1575 | cp = options.identity_agent; |
1504 | getuid()); | ||
1505 | cp = percent_expand(p, | ||
1506 | "d", pw->pw_dir, | ||
1507 | "h", host, | ||
1508 | "i", uidstr, | ||
1509 | "l", thishost, | ||
1510 | "r", options.user, | ||
1511 | "u", pw->pw_name, | ||
1512 | (char *)NULL); | ||
1513 | free(p); | ||
1514 | /* | ||
1515 | * If identity_agent represents an environment variable | ||
1516 | * then recheck that it is valid (since processing with | ||
1517 | * percent_expand() may have changed it) and substitute | ||
1518 | * its value. | ||
1519 | */ | ||
1520 | if (cp[0] == '$') { | 1576 | if (cp[0] == '$') { |
1521 | if (!valid_env_name(cp + 1)) { | 1577 | if (!valid_env_name(cp + 1)) { |
1522 | fatal("Invalid IdentityAgent " | 1578 | fatal("Invalid IdentityAgent " |
@@ -1530,22 +1586,11 @@ main(int ac, char **av) | |||
1530 | /* identity_agent specifies a path directly */ | 1586 | /* identity_agent specifies a path directly */ |
1531 | setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1); | 1587 | setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1); |
1532 | } | 1588 | } |
1533 | free(cp); | ||
1534 | } | 1589 | } |
1535 | } | 1590 | } |
1536 | 1591 | ||
1537 | if (options.forward_agent && (options.forward_agent_sock_path != NULL)) { | 1592 | if (options.forward_agent && options.forward_agent_sock_path != NULL) { |
1538 | p = tilde_expand_filename(options.forward_agent_sock_path, getuid()); | 1593 | cp = options.forward_agent_sock_path; |
1539 | cp = percent_expand(p, | ||
1540 | "d", pw->pw_dir, | ||
1541 | "h", host, | ||
1542 | "i", uidstr, | ||
1543 | "l", thishost, | ||
1544 | "r", options.user, | ||
1545 | "u", pw->pw_name, | ||
1546 | (char *)NULL); | ||
1547 | free(p); | ||
1548 | |||
1549 | if (cp[0] == '$') { | 1594 | if (cp[0] == '$') { |
1550 | if (!valid_env_name(cp + 1)) { | 1595 | if (!valid_env_name(cp + 1)) { |
1551 | fatal("Invalid ForwardAgent environment variable name %s", cp); | 1596 | fatal("Invalid ForwardAgent environment variable name %s", cp); |
@@ -1676,6 +1721,21 @@ fork_postauth(void) | |||
1676 | fatal("daemon() failed: %.200s", strerror(errno)); | 1721 | fatal("daemon() failed: %.200s", strerror(errno)); |
1677 | } | 1722 | } |
1678 | 1723 | ||
1724 | static void | ||
1725 | forwarding_success(void) | ||
1726 | { | ||
1727 | if (forward_confirms_pending == -1) | ||
1728 | return; | ||
1729 | if (--forward_confirms_pending == 0) { | ||
1730 | debug("%s: all expected forwarding replies received", __func__); | ||
1731 | if (fork_after_authentication_flag) | ||
1732 | fork_postauth(); | ||
1733 | } else { | ||
1734 | debug2("%s: %d expected forwarding replies remaining", | ||
1735 | __func__, forward_confirms_pending); | ||
1736 | } | ||
1737 | } | ||
1738 | |||
1679 | /* Callback for remote forward global requests */ | 1739 | /* Callback for remote forward global requests */ |
1680 | static void | 1740 | static void |
1681 | ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) | 1741 | ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) |
@@ -1735,11 +1795,7 @@ ssh_confirm_remote_forward(struct ssh *ssh, int type, u_int32_t seq, void *ctxt) | |||
1735 | "for listen port %d", rfwd->listen_port); | 1795 | "for listen port %d", rfwd->listen_port); |
1736 | } | 1796 | } |
1737 | } | 1797 | } |
1738 | if (++remote_forward_confirms_received == options.num_remote_forwards) { | 1798 | forwarding_success(); |
1739 | debug("All remote forwarding requests processed"); | ||
1740 | if (fork_after_authentication_flag) | ||
1741 | fork_postauth(); | ||
1742 | } | ||
1743 | } | 1799 | } |
1744 | 1800 | ||
1745 | static void | 1801 | static void |
@@ -1757,6 +1813,19 @@ ssh_stdio_confirm(struct ssh *ssh, int id, int success, void *arg) | |||
1757 | } | 1813 | } |
1758 | 1814 | ||
1759 | static void | 1815 | static void |
1816 | ssh_tun_confirm(struct ssh *ssh, int id, int success, void *arg) | ||
1817 | { | ||
1818 | if (!success) { | ||
1819 | error("Tunnel forwarding failed"); | ||
1820 | if (options.exit_on_forward_failure) | ||
1821 | cleanup_exit(255); | ||
1822 | } | ||
1823 | |||
1824 | debug("%s: tunnel forward established, id=%d", __func__, id); | ||
1825 | forwarding_success(); | ||
1826 | } | ||
1827 | |||
1828 | static void | ||
1760 | ssh_init_stdio_forwarding(struct ssh *ssh) | 1829 | ssh_init_stdio_forwarding(struct ssh *ssh) |
1761 | { | 1830 | { |
1762 | Channel *c; | 1831 | Channel *c; |
@@ -1784,6 +1853,8 @@ ssh_init_forwarding(struct ssh *ssh, char **ifname) | |||
1784 | int success = 0; | 1853 | int success = 0; |
1785 | int i; | 1854 | int i; |
1786 | 1855 | ||
1856 | if (options.exit_on_forward_failure) | ||
1857 | forward_confirms_pending = 0; /* track pending requests */ | ||
1787 | /* Initiate local TCP/IP port forwardings. */ | 1858 | /* Initiate local TCP/IP port forwardings. */ |
1788 | for (i = 0; i < options.num_local_forwards; i++) { | 1859 | for (i = 0; i < options.num_local_forwards; i++) { |
1789 | debug("Local connections to %.200s:%d forwarded to remote " | 1860 | debug("Local connections to %.200s:%d forwarded to remote " |
@@ -1819,32 +1890,33 @@ ssh_init_forwarding(struct ssh *ssh, char **ifname) | |||
1819 | options.remote_forwards[i].connect_path : | 1890 | options.remote_forwards[i].connect_path : |
1820 | options.remote_forwards[i].connect_host, | 1891 | options.remote_forwards[i].connect_host, |
1821 | options.remote_forwards[i].connect_port); | 1892 | options.remote_forwards[i].connect_port); |
1822 | options.remote_forwards[i].handle = | 1893 | if ((options.remote_forwards[i].handle = |
1823 | channel_request_remote_forwarding(ssh, | 1894 | channel_request_remote_forwarding(ssh, |
1824 | &options.remote_forwards[i]); | 1895 | &options.remote_forwards[i])) >= 0) { |
1825 | if (options.remote_forwards[i].handle < 0) { | ||
1826 | if (options.exit_on_forward_failure) | ||
1827 | fatal("Could not request remote forwarding."); | ||
1828 | else | ||
1829 | logit("Warning: Could not request remote " | ||
1830 | "forwarding."); | ||
1831 | } else { | ||
1832 | client_register_global_confirm( | 1896 | client_register_global_confirm( |
1833 | ssh_confirm_remote_forward, | 1897 | ssh_confirm_remote_forward, |
1834 | &options.remote_forwards[i]); | 1898 | &options.remote_forwards[i]); |
1835 | } | 1899 | forward_confirms_pending++; |
1900 | } else if (options.exit_on_forward_failure) | ||
1901 | fatal("Could not request remote forwarding."); | ||
1902 | else | ||
1903 | logit("Warning: Could not request remote forwarding."); | ||
1836 | } | 1904 | } |
1837 | 1905 | ||
1838 | /* Initiate tunnel forwarding. */ | 1906 | /* Initiate tunnel forwarding. */ |
1839 | if (options.tun_open != SSH_TUNMODE_NO) { | 1907 | if (options.tun_open != SSH_TUNMODE_NO) { |
1840 | if ((*ifname = client_request_tun_fwd(ssh, | 1908 | if ((*ifname = client_request_tun_fwd(ssh, |
1841 | options.tun_open, options.tun_local, | 1909 | options.tun_open, options.tun_local, |
1842 | options.tun_remote)) == NULL) { | 1910 | options.tun_remote, ssh_tun_confirm, NULL)) != NULL) |
1843 | if (options.exit_on_forward_failure) | 1911 | forward_confirms_pending++; |
1844 | fatal("Could not request tunnel forwarding."); | 1912 | else if (options.exit_on_forward_failure) |
1845 | else | 1913 | fatal("Could not request tunnel forwarding."); |
1846 | error("Could not request tunnel forwarding."); | 1914 | else |
1847 | } | 1915 | error("Could not request tunnel forwarding."); |
1916 | } | ||
1917 | if (forward_confirms_pending > 0) { | ||
1918 | debug("%s: expecting replies for %d forwards", __func__, | ||
1919 | forward_confirms_pending); | ||
1848 | } | 1920 | } |
1849 | } | 1921 | } |
1850 | 1922 | ||
@@ -1970,14 +2042,9 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) | |||
1970 | debug3("expanding LocalCommand: %s", options.local_command); | 2042 | debug3("expanding LocalCommand: %s", options.local_command); |
1971 | cp = options.local_command; | 2043 | cp = options.local_command; |
1972 | options.local_command = percent_expand(cp, | 2044 | options.local_command = percent_expand(cp, |
1973 | "C", conn_hash_hex, | 2045 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, |
1974 | "L", shorthost, | ||
1975 | "d", pw->pw_dir, | 2046 | "d", pw->pw_dir, |
1976 | "h", host, | 2047 | "h", host, |
1977 | "i", uidstr, | ||
1978 | "l", thishost, | ||
1979 | "n", host_arg, | ||
1980 | "p", portstr, | ||
1981 | "r", options.user, | 2048 | "r", options.user, |
1982 | "u", pw->pw_name, | 2049 | "u", pw->pw_name, |
1983 | "T", tun_fwd_ifname == NULL ? "NONE" : tun_fwd_ifname, | 2050 | "T", tun_fwd_ifname == NULL ? "NONE" : tun_fwd_ifname, |
@@ -2134,9 +2201,8 @@ load_public_identity_files(struct passwd *pw) | |||
2134 | continue; | 2201 | continue; |
2135 | } | 2202 | } |
2136 | cp = tilde_expand_filename(options.identity_files[i], getuid()); | 2203 | cp = tilde_expand_filename(options.identity_files[i], getuid()); |
2137 | filename = percent_expand(cp, "d", pw->pw_dir, | 2204 | filename = default_client_percent_expand(cp, |
2138 | "u", pw->pw_name, "l", thishost, "h", host, | 2205 | pw->pw_dir, host, options.user, pw->pw_name); |
2139 | "r", options.user, (char *)NULL); | ||
2140 | free(cp); | 2206 | free(cp); |
2141 | check_load(sshkey_load_public(filename, &public, NULL), | 2207 | check_load(sshkey_load_public(filename, &public, NULL), |
2142 | filename, "pubkey"); | 2208 | filename, "pubkey"); |
@@ -2185,14 +2251,8 @@ load_public_identity_files(struct passwd *pw) | |||
2185 | for (i = 0; i < options.num_certificate_files; i++) { | 2251 | for (i = 0; i < options.num_certificate_files; i++) { |
2186 | cp = tilde_expand_filename(options.certificate_files[i], | 2252 | cp = tilde_expand_filename(options.certificate_files[i], |
2187 | getuid()); | 2253 | getuid()); |
2188 | filename = percent_expand(cp, | 2254 | filename = default_client_percent_expand(cp, |
2189 | "d", pw->pw_dir, | 2255 | pw->pw_dir, host, options.user, pw->pw_name); |
2190 | "h", host, | ||
2191 | "i", uidstr, | ||
2192 | "l", thishost, | ||
2193 | "r", options.user, | ||
2194 | "u", pw->pw_name, | ||
2195 | (char *)NULL); | ||
2196 | free(cp); | 2256 | free(cp); |
2197 | 2257 | ||
2198 | check_load(sshkey_load_public(filename, &public, NULL), | 2258 | check_load(sshkey_load_public(filename, &public, NULL), |