diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2020-04-10 00:52:07 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2020-04-10 11:47:19 +1000 |
commit | 990687a0336098566c3a854d23cce74a31ec6fe2 (patch) | |
tree | 2d32e3b853cacabf9bd489882b830d0e4f38f039 /ssh.c | |
parent | 2b13d3934d5803703c04803ca3a93078ecb5b715 (diff) |
upstream: Add TOKEN percent expansion to LocalFoward and RemoteForward
when used for Unix domain socket forwarding. Factor out the code for the
config keywords that use the most common subset of TOKENS into its own
function. bz#3014, ok jmc@ (man page bits) djm@
OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97
Diffstat (limited to 'ssh.c')
-rw-r--r-- | ssh.c | 137 |
1 files changed, 87 insertions, 50 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.526 2020/04/03 06:07:57 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.527 2020/04/10 00:52:07 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -176,13 +176,6 @@ char *forward_agent_sock_path = NULL; | |||
176 | /* Various strings used to to percent_expand() arguments */ | 176 | /* Various strings used to to percent_expand() arguments */ |
177 | static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; | 177 | static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; |
178 | static char uidstr[32], *host_arg, *conn_hash_hex; | 178 | static char uidstr[32], *host_arg, *conn_hash_hex; |
179 | #define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS \ | ||
180 | "C", conn_hash_hex, \ | ||
181 | "L", shorthost, \ | ||
182 | "i", uidstr, \ | ||
183 | "l", thishost, \ | ||
184 | "n", host_arg, \ | ||
185 | "p", portstr | ||
186 | 179 | ||
187 | /* socket address the host resolves to */ | 180 | /* socket address the host resolves to */ |
188 | struct sockaddr_storage hostaddr; | 181 | struct sockaddr_storage hostaddr; |
@@ -238,6 +231,34 @@ tilde_expand_paths(char **paths, u_int num_paths) | |||
238 | } | 231 | } |
239 | } | 232 | } |
240 | 233 | ||
234 | #define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS \ | ||
235 | "C", conn_hash_hex, \ | ||
236 | "L", shorthost, \ | ||
237 | "i", uidstr, \ | ||
238 | "l", thishost, \ | ||
239 | "n", host_arg, \ | ||
240 | "p", portstr | ||
241 | |||
242 | /* | ||
243 | * Expands the set of percent_expand options used by the majority of keywords | ||
244 | * in the client that support percent expansion. | ||
245 | * Caller must free returned string. | ||
246 | */ | ||
247 | static char * | ||
248 | default_client_percent_expand(const char *str, const char *homedir, | ||
249 | const char *remhost, const char *remuser, const char *locuser) | ||
250 | { | ||
251 | return percent_expand(str, | ||
252 | /* values from statics above */ | ||
253 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | ||
254 | /* values from arguments */ | ||
255 | "d", homedir, | ||
256 | "h", remhost, | ||
257 | "r", remuser, | ||
258 | "u", locuser, | ||
259 | (char *)NULL); | ||
260 | } | ||
261 | |||
241 | /* | 262 | /* |
242 | * Attempt to resolve a host name / port to a set of addresses and | 263 | * Attempt to resolve a host name / port to a set of addresses and |
243 | * optionally return any CNAMEs encountered along the way. | 264 | * optionally return any CNAMEs encountered along the way. |
@@ -1345,13 +1366,8 @@ main(int ac, char **av) | |||
1345 | if (options.remote_command != NULL) { | 1366 | if (options.remote_command != NULL) { |
1346 | debug3("expanding RemoteCommand: %s", options.remote_command); | 1367 | debug3("expanding RemoteCommand: %s", options.remote_command); |
1347 | cp = options.remote_command; | 1368 | cp = options.remote_command; |
1348 | options.remote_command = percent_expand(cp, | 1369 | options.remote_command = default_client_percent_expand(cp, |
1349 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | 1370 | pw->pw_dir, host, options.user, pw->pw_name); |
1350 | "d", pw->pw_dir, | ||
1351 | "h", host, | ||
1352 | "r", options.user, | ||
1353 | "u", pw->pw_name, | ||
1354 | (char *)NULL); | ||
1355 | debug3("expanded RemoteCommand: %s", options.remote_command); | 1371 | debug3("expanded RemoteCommand: %s", options.remote_command); |
1356 | free(cp); | 1372 | free(cp); |
1357 | if ((r = sshbuf_put(command, options.remote_command, | 1373 | if ((r = sshbuf_put(command, options.remote_command, |
@@ -1362,25 +1378,15 @@ main(int ac, char **av) | |||
1362 | if (options.control_path != NULL) { | 1378 | if (options.control_path != NULL) { |
1363 | cp = tilde_expand_filename(options.control_path, getuid()); | 1379 | cp = tilde_expand_filename(options.control_path, getuid()); |
1364 | free(options.control_path); | 1380 | free(options.control_path); |
1365 | options.control_path = percent_expand(cp, | 1381 | options.control_path = default_client_percent_expand(cp, |
1366 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | 1382 | pw->pw_dir, host, options.user, pw->pw_name); |
1367 | "d", pw->pw_dir, | ||
1368 | "h", host, | ||
1369 | "r", options.user, | ||
1370 | "u", pw->pw_name, | ||
1371 | (char *)NULL); | ||
1372 | free(cp); | 1383 | free(cp); |
1373 | } | 1384 | } |
1374 | 1385 | ||
1375 | if (options.identity_agent != NULL) { | 1386 | if (options.identity_agent != NULL) { |
1376 | p = tilde_expand_filename(options.identity_agent, getuid()); | 1387 | p = tilde_expand_filename(options.identity_agent, getuid()); |
1377 | cp = percent_expand(p, | 1388 | cp = default_client_percent_expand(p, |
1378 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | 1389 | pw->pw_dir, host, options.user, pw->pw_name); |
1379 | "d", pw->pw_dir, | ||
1380 | "h", host, | ||
1381 | "r", options.user, | ||
1382 | "u", pw->pw_name, | ||
1383 | (char *)NULL); | ||
1384 | free(p); | 1390 | free(p); |
1385 | free(options.identity_agent); | 1391 | free(options.identity_agent); |
1386 | options.identity_agent = cp; | 1392 | options.identity_agent = cp; |
@@ -1389,18 +1395,59 @@ main(int ac, char **av) | |||
1389 | if (options.forward_agent_sock_path != NULL) { | 1395 | if (options.forward_agent_sock_path != NULL) { |
1390 | p = tilde_expand_filename(options.forward_agent_sock_path, | 1396 | p = tilde_expand_filename(options.forward_agent_sock_path, |
1391 | getuid()); | 1397 | getuid()); |
1392 | cp = percent_expand(p, | 1398 | cp = default_client_percent_expand(p, |
1393 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | 1399 | pw->pw_dir, host, options.user, pw->pw_name); |
1394 | "d", pw->pw_dir, | ||
1395 | "h", host, | ||
1396 | "r", options.user, | ||
1397 | "u", pw->pw_name, | ||
1398 | (char *)NULL); | ||
1399 | free(p); | 1400 | free(p); |
1400 | free(options.forward_agent_sock_path); | 1401 | free(options.forward_agent_sock_path); |
1401 | options.forward_agent_sock_path = cp; | 1402 | options.forward_agent_sock_path = cp; |
1402 | } | 1403 | } |
1403 | 1404 | ||
1405 | for (i = 0; i < options.num_local_forwards; i++) { | ||
1406 | if (options.local_forwards[i].listen_path != NULL) { | ||
1407 | cp = options.local_forwards[i].listen_path; | ||
1408 | p = options.local_forwards[i].listen_path = | ||
1409 | default_client_percent_expand(cp, | ||
1410 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1411 | if (strcmp(cp, p) != 0) | ||
1412 | debug3("expanded LocalForward listen path " | ||
1413 | "'%s' -> '%s'", cp, p); | ||
1414 | free(cp); | ||
1415 | } | ||
1416 | if (options.local_forwards[i].connect_path != NULL) { | ||
1417 | cp = options.local_forwards[i].connect_path; | ||
1418 | p = options.local_forwards[i].connect_path = | ||
1419 | default_client_percent_expand(cp, | ||
1420 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1421 | if (strcmp(cp, p) != 0) | ||
1422 | debug3("expanded LocalForward connect path " | ||
1423 | "'%s' -> '%s'", cp, p); | ||
1424 | free(cp); | ||
1425 | } | ||
1426 | } | ||
1427 | |||
1428 | for (i = 0; i < options.num_remote_forwards; i++) { | ||
1429 | if (options.remote_forwards[i].listen_path != NULL) { | ||
1430 | cp = options.remote_forwards[i].listen_path; | ||
1431 | p = options.remote_forwards[i].listen_path = | ||
1432 | default_client_percent_expand(cp, | ||
1433 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1434 | if (strcmp(cp, p) != 0) | ||
1435 | debug3("expanded RemoteForward listen path " | ||
1436 | "'%s' -> '%s'", cp, p); | ||
1437 | free(cp); | ||
1438 | } | ||
1439 | if (options.remote_forwards[i].connect_path != NULL) { | ||
1440 | cp = options.remote_forwards[i].connect_path; | ||
1441 | p = options.remote_forwards[i].connect_path = | ||
1442 | default_client_percent_expand(cp, | ||
1443 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1444 | if (strcmp(cp, p) != 0) | ||
1445 | debug3("expanded RemoteForward connect path " | ||
1446 | "'%s' -> '%s'", cp, p); | ||
1447 | free(cp); | ||
1448 | } | ||
1449 | } | ||
1450 | |||
1404 | if (config_test) { | 1451 | if (config_test) { |
1405 | dump_client_config(&options, host); | 1452 | dump_client_config(&options, host); |
1406 | exit(0); | 1453 | exit(0); |
@@ -2154,13 +2201,8 @@ load_public_identity_files(struct passwd *pw) | |||
2154 | continue; | 2201 | continue; |
2155 | } | 2202 | } |
2156 | cp = tilde_expand_filename(options.identity_files[i], getuid()); | 2203 | cp = tilde_expand_filename(options.identity_files[i], getuid()); |
2157 | filename = percent_expand(cp, | 2204 | filename = default_client_percent_expand(cp, |
2158 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | 2205 | pw->pw_dir, host, options.user, pw->pw_name); |
2159 | "d", pw->pw_dir, | ||
2160 | "h", host, | ||
2161 | "r", options.user, | ||
2162 | "u", pw->pw_name, | ||
2163 | (char *)NULL); | ||
2164 | free(cp); | 2206 | free(cp); |
2165 | check_load(sshkey_load_public(filename, &public, NULL), | 2207 | check_load(sshkey_load_public(filename, &public, NULL), |
2166 | filename, "pubkey"); | 2208 | filename, "pubkey"); |
@@ -2209,13 +2251,8 @@ load_public_identity_files(struct passwd *pw) | |||
2209 | for (i = 0; i < options.num_certificate_files; i++) { | 2251 | for (i = 0; i < options.num_certificate_files; i++) { |
2210 | cp = tilde_expand_filename(options.certificate_files[i], | 2252 | cp = tilde_expand_filename(options.certificate_files[i], |
2211 | getuid()); | 2253 | getuid()); |
2212 | filename = percent_expand(cp, | 2254 | filename = default_client_percent_expand(cp, |
2213 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | 2255 | pw->pw_dir, host, options.user, pw->pw_name); |
2214 | "d", pw->pw_dir, | ||
2215 | "h", host, | ||
2216 | "r", options.user, | ||
2217 | "u", pw->pw_name, | ||
2218 | (char *)NULL); | ||
2219 | free(cp); | 2256 | free(cp); |
2220 | 2257 | ||
2221 | check_load(sshkey_load_public(filename, &public, NULL), | 2258 | check_load(sshkey_load_public(filename, &public, NULL), |