diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/readconf.c b/readconf.c index f3cac6b3a..2afcbaeca 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.326 2020/02/06 22:46:31 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.329 2020/04/24 03:33:21 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -324,6 +324,24 @@ kex_default_pk_alg(void) | |||
324 | return kex_default_pk_alg_filtered; | 324 | return kex_default_pk_alg_filtered; |
325 | } | 325 | } |
326 | 326 | ||
327 | char * | ||
328 | ssh_connection_hash(const char *thishost, const char *host, const char *portstr, | ||
329 | const char *user) | ||
330 | { | ||
331 | struct ssh_digest_ctx *md; | ||
332 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; | ||
333 | |||
334 | if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || | ||
335 | ssh_digest_update(md, thishost, strlen(thishost)) < 0 || | ||
336 | ssh_digest_update(md, host, strlen(host)) < 0 || | ||
337 | ssh_digest_update(md, portstr, strlen(portstr)) < 0 || | ||
338 | ssh_digest_update(md, user, strlen(user)) < 0 || | ||
339 | ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0) | ||
340 | fatal("%s: mux digest failed", __func__); | ||
341 | ssh_digest_free(md); | ||
342 | return tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); | ||
343 | } | ||
344 | |||
327 | /* | 345 | /* |
328 | * Adds a local TCP/IP port forward to options. Never returns if there is an | 346 | * Adds a local TCP/IP port forward to options. Never returns if there is an |
329 | * error. | 347 | * error. |
@@ -646,6 +664,8 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
646 | if (r == (negate ? 1 : 0)) | 664 | if (r == (negate ? 1 : 0)) |
647 | this_result = result = 0; | 665 | this_result = result = 0; |
648 | } else if (strcasecmp(attrib, "exec") == 0) { | 666 | } else if (strcasecmp(attrib, "exec") == 0) { |
667 | char *conn_hash_hex; | ||
668 | |||
649 | if (gethostname(thishost, sizeof(thishost)) == -1) | 669 | if (gethostname(thishost, sizeof(thishost)) == -1) |
650 | fatal("gethostname: %s", strerror(errno)); | 670 | fatal("gethostname: %s", strerror(errno)); |
651 | strlcpy(shorthost, thishost, sizeof(shorthost)); | 671 | strlcpy(shorthost, thishost, sizeof(shorthost)); |
@@ -653,8 +673,11 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
653 | snprintf(portstr, sizeof(portstr), "%d", port); | 673 | snprintf(portstr, sizeof(portstr), "%d", port); |
654 | snprintf(uidstr, sizeof(uidstr), "%llu", | 674 | snprintf(uidstr, sizeof(uidstr), "%llu", |
655 | (unsigned long long)pw->pw_uid); | 675 | (unsigned long long)pw->pw_uid); |
676 | conn_hash_hex = ssh_connection_hash(thishost, host, | ||
677 | portstr, ruser); | ||
656 | 678 | ||
657 | cmd = percent_expand(arg, | 679 | cmd = percent_expand(arg, |
680 | "C", conn_hash_hex, | ||
658 | "L", shorthost, | 681 | "L", shorthost, |
659 | "d", pw->pw_dir, | 682 | "d", pw->pw_dir, |
660 | "h", host, | 683 | "h", host, |
@@ -665,6 +688,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
665 | "u", pw->pw_name, | 688 | "u", pw->pw_name, |
666 | "i", uidstr, | 689 | "i", uidstr, |
667 | (char *)NULL); | 690 | (char *)NULL); |
691 | free(conn_hash_hex); | ||
668 | if (result != 1) { | 692 | if (result != 1) { |
669 | /* skip execution if prior predicate failed */ | 693 | /* skip execution if prior predicate failed */ |
670 | debug3("%.200s line %d: skipped exec " | 694 | debug3("%.200s line %d: skipped exec " |
@@ -1151,7 +1175,7 @@ parse_char_array: | |||
1151 | while ((arg = strdelim(&s)) != NULL && *arg != '\0') { | 1175 | while ((arg = strdelim(&s)) != NULL && *arg != '\0') { |
1152 | if ((*uintptr) >= max_entries) | 1176 | if ((*uintptr) >= max_entries) |
1153 | fatal("%s line %d: " | 1177 | fatal("%s line %d: " |
1154 | "too many authorized keys files.", | 1178 | "too many known hosts files.", |
1155 | filename, linenum); | 1179 | filename, linenum); |
1156 | cpptr[(*uintptr)++] = xstrdup(arg); | 1180 | cpptr[(*uintptr)++] = xstrdup(arg); |
1157 | } | 1181 | } |