summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c28
1 files changed, 26 insertions, 2 deletions
diff --git a/readconf.c b/readconf.c
index f3cac6b3a..2afcbaeca 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.326 2020/02/06 22:46:31 djm Exp $ */ 1/* $OpenBSD: readconf.c,v 1.329 2020/04/24 03:33:21 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -324,6 +324,24 @@ kex_default_pk_alg(void)
324 return kex_default_pk_alg_filtered; 324 return kex_default_pk_alg_filtered;
325} 325}
326 326
327char *
328ssh_connection_hash(const char *thishost, const char *host, const char *portstr,
329 const char *user)
330{
331 struct ssh_digest_ctx *md;
332 u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
333
334 if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL ||
335 ssh_digest_update(md, thishost, strlen(thishost)) < 0 ||
336 ssh_digest_update(md, host, strlen(host)) < 0 ||
337 ssh_digest_update(md, portstr, strlen(portstr)) < 0 ||
338 ssh_digest_update(md, user, strlen(user)) < 0 ||
339 ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0)
340 fatal("%s: mux digest failed", __func__);
341 ssh_digest_free(md);
342 return tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1));
343}
344
327/* 345/*
328 * Adds a local TCP/IP port forward to options. Never returns if there is an 346 * Adds a local TCP/IP port forward to options. Never returns if there is an
329 * error. 347 * error.
@@ -646,6 +664,8 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
646 if (r == (negate ? 1 : 0)) 664 if (r == (negate ? 1 : 0))
647 this_result = result = 0; 665 this_result = result = 0;
648 } else if (strcasecmp(attrib, "exec") == 0) { 666 } else if (strcasecmp(attrib, "exec") == 0) {
667 char *conn_hash_hex;
668
649 if (gethostname(thishost, sizeof(thishost)) == -1) 669 if (gethostname(thishost, sizeof(thishost)) == -1)
650 fatal("gethostname: %s", strerror(errno)); 670 fatal("gethostname: %s", strerror(errno));
651 strlcpy(shorthost, thishost, sizeof(shorthost)); 671 strlcpy(shorthost, thishost, sizeof(shorthost));
@@ -653,8 +673,11 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
653 snprintf(portstr, sizeof(portstr), "%d", port); 673 snprintf(portstr, sizeof(portstr), "%d", port);
654 snprintf(uidstr, sizeof(uidstr), "%llu", 674 snprintf(uidstr, sizeof(uidstr), "%llu",
655 (unsigned long long)pw->pw_uid); 675 (unsigned long long)pw->pw_uid);
676 conn_hash_hex = ssh_connection_hash(thishost, host,
677 portstr, ruser);
656 678
657 cmd = percent_expand(arg, 679 cmd = percent_expand(arg,
680 "C", conn_hash_hex,
658 "L", shorthost, 681 "L", shorthost,
659 "d", pw->pw_dir, 682 "d", pw->pw_dir,
660 "h", host, 683 "h", host,
@@ -665,6 +688,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
665 "u", pw->pw_name, 688 "u", pw->pw_name,
666 "i", uidstr, 689 "i", uidstr,
667 (char *)NULL); 690 (char *)NULL);
691 free(conn_hash_hex);
668 if (result != 1) { 692 if (result != 1) {
669 /* skip execution if prior predicate failed */ 693 /* skip execution if prior predicate failed */
670 debug3("%.200s line %d: skipped exec " 694 debug3("%.200s line %d: skipped exec "
@@ -1151,7 +1175,7 @@ parse_char_array:
1151 while ((arg = strdelim(&s)) != NULL && *arg != '\0') { 1175 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1152 if ((*uintptr) >= max_entries) 1176 if ((*uintptr) >= max_entries)
1153 fatal("%s line %d: " 1177 fatal("%s line %d: "
1154 "too many authorized keys files.", 1178 "too many known hosts files.",
1155 filename, linenum); 1179 filename, linenum);
1156 cpptr[(*uintptr)++] = xstrdup(arg); 1180 cpptr[(*uintptr)++] = xstrdup(arg);
1157 } 1181 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 09:19:22 +0000