summaryrefslogtreecommitdiff
path: root/readconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'readconf.c')
-rw-r--r--readconf.c28
1 files changed, 26 insertions, 2 deletions
diff --git a/readconf.c b/readconf.c
index 1b9494d7c..9a646dcaa 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.326 2020/02/06 22:46:31 djm Exp $ */ 1/* $OpenBSD: readconf.c,v 1.329 2020/04/24 03:33:21 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -343,6 +343,24 @@ kex_default_pk_alg(void)
343 return kex_default_pk_alg_filtered; 343 return kex_default_pk_alg_filtered;
344} 344}
345 345
346char *
347ssh_connection_hash(const char *thishost, const char *host, const char *portstr,
348 const char *user)
349{
350 struct ssh_digest_ctx *md;
351 u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
352
353 if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL ||
354 ssh_digest_update(md, thishost, strlen(thishost)) < 0 ||
355 ssh_digest_update(md, host, strlen(host)) < 0 ||
356 ssh_digest_update(md, portstr, strlen(portstr)) < 0 ||
357 ssh_digest_update(md, user, strlen(user)) < 0 ||
358 ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0)
359 fatal("%s: mux digest failed", __func__);
360 ssh_digest_free(md);
361 return tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1));
362}
363
346/* 364/*
347 * Adds a local TCP/IP port forward to options. Never returns if there is an 365 * Adds a local TCP/IP port forward to options. Never returns if there is an
348 * error. 366 * error.
@@ -665,6 +683,8 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
665 if (r == (negate ? 1 : 0)) 683 if (r == (negate ? 1 : 0))
666 this_result = result = 0; 684 this_result = result = 0;
667 } else if (strcasecmp(attrib, "exec") == 0) { 685 } else if (strcasecmp(attrib, "exec") == 0) {
686 char *conn_hash_hex;
687
668 if (gethostname(thishost, sizeof(thishost)) == -1) 688 if (gethostname(thishost, sizeof(thishost)) == -1)
669 fatal("gethostname: %s", strerror(errno)); 689 fatal("gethostname: %s", strerror(errno));
670 strlcpy(shorthost, thishost, sizeof(shorthost)); 690 strlcpy(shorthost, thishost, sizeof(shorthost));
@@ -672,8 +692,11 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
672 snprintf(portstr, sizeof(portstr), "%d", port); 692 snprintf(portstr, sizeof(portstr), "%d", port);
673 snprintf(uidstr, sizeof(uidstr), "%llu", 693 snprintf(uidstr, sizeof(uidstr), "%llu",
674 (unsigned long long)pw->pw_uid); 694 (unsigned long long)pw->pw_uid);
695 conn_hash_hex = ssh_connection_hash(thishost, host,
696 portstr, ruser);
675 697
676 cmd = percent_expand(arg, 698 cmd = percent_expand(arg,
699 "C", conn_hash_hex,
677 "L", shorthost, 700 "L", shorthost,
678 "d", pw->pw_dir, 701 "d", pw->pw_dir,
679 "h", host, 702 "h", host,
@@ -684,6 +707,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
684 "u", pw->pw_name, 707 "u", pw->pw_name,
685 "i", uidstr, 708 "i", uidstr,
686 (char *)NULL); 709 (char *)NULL);
710 free(conn_hash_hex);
687 if (result != 1) { 711 if (result != 1) {
688 /* skip execution if prior predicate failed */ 712 /* skip execution if prior predicate failed */
689 debug3("%.200s line %d: skipped exec " 713 debug3("%.200s line %d: skipped exec "
@@ -1202,7 +1226,7 @@ parse_char_array:
1202 while ((arg = strdelim(&s)) != NULL && *arg != '\0') { 1226 while ((arg = strdelim(&s)) != NULL && *arg != '\0') {
1203 if ((*uintptr) >= max_entries) 1227 if ((*uintptr) >= max_entries)
1204 fatal("%s line %d: " 1228 fatal("%s line %d: "
1205 "too many authorized keys files.", 1229 "too many known hosts files.",
1206 filename, linenum); 1230 filename, linenum);
1207 cpptr[(*uintptr)++] = xstrdup(arg); 1231 cpptr[(*uintptr)++] = xstrdup(arg);
1208 } 1232 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 07:11:26 +0000