diff options
Diffstat (limited to 'readconf.c')
-rw-r--r-- | readconf.c | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/readconf.c b/readconf.c index 1b9494d7c..9a646dcaa 100644 --- a/readconf.c +++ b/readconf.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readconf.c,v 1.326 2020/02/06 22:46:31 djm Exp $ */ | 1 | /* $OpenBSD: readconf.c,v 1.329 2020/04/24 03:33:21 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -343,6 +343,24 @@ kex_default_pk_alg(void) | |||
343 | return kex_default_pk_alg_filtered; | 343 | return kex_default_pk_alg_filtered; |
344 | } | 344 | } |
345 | 345 | ||
346 | char * | ||
347 | ssh_connection_hash(const char *thishost, const char *host, const char *portstr, | ||
348 | const char *user) | ||
349 | { | ||
350 | struct ssh_digest_ctx *md; | ||
351 | u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; | ||
352 | |||
353 | if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || | ||
354 | ssh_digest_update(md, thishost, strlen(thishost)) < 0 || | ||
355 | ssh_digest_update(md, host, strlen(host)) < 0 || | ||
356 | ssh_digest_update(md, portstr, strlen(portstr)) < 0 || | ||
357 | ssh_digest_update(md, user, strlen(user)) < 0 || | ||
358 | ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0) | ||
359 | fatal("%s: mux digest failed", __func__); | ||
360 | ssh_digest_free(md); | ||
361 | return tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); | ||
362 | } | ||
363 | |||
346 | /* | 364 | /* |
347 | * Adds a local TCP/IP port forward to options. Never returns if there is an | 365 | * Adds a local TCP/IP port forward to options. Never returns if there is an |
348 | * error. | 366 | * error. |
@@ -665,6 +683,8 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
665 | if (r == (negate ? 1 : 0)) | 683 | if (r == (negate ? 1 : 0)) |
666 | this_result = result = 0; | 684 | this_result = result = 0; |
667 | } else if (strcasecmp(attrib, "exec") == 0) { | 685 | } else if (strcasecmp(attrib, "exec") == 0) { |
686 | char *conn_hash_hex; | ||
687 | |||
668 | if (gethostname(thishost, sizeof(thishost)) == -1) | 688 | if (gethostname(thishost, sizeof(thishost)) == -1) |
669 | fatal("gethostname: %s", strerror(errno)); | 689 | fatal("gethostname: %s", strerror(errno)); |
670 | strlcpy(shorthost, thishost, sizeof(shorthost)); | 690 | strlcpy(shorthost, thishost, sizeof(shorthost)); |
@@ -672,8 +692,11 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
672 | snprintf(portstr, sizeof(portstr), "%d", port); | 692 | snprintf(portstr, sizeof(portstr), "%d", port); |
673 | snprintf(uidstr, sizeof(uidstr), "%llu", | 693 | snprintf(uidstr, sizeof(uidstr), "%llu", |
674 | (unsigned long long)pw->pw_uid); | 694 | (unsigned long long)pw->pw_uid); |
695 | conn_hash_hex = ssh_connection_hash(thishost, host, | ||
696 | portstr, ruser); | ||
675 | 697 | ||
676 | cmd = percent_expand(arg, | 698 | cmd = percent_expand(arg, |
699 | "C", conn_hash_hex, | ||
677 | "L", shorthost, | 700 | "L", shorthost, |
678 | "d", pw->pw_dir, | 701 | "d", pw->pw_dir, |
679 | "h", host, | 702 | "h", host, |
@@ -684,6 +707,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, | |||
684 | "u", pw->pw_name, | 707 | "u", pw->pw_name, |
685 | "i", uidstr, | 708 | "i", uidstr, |
686 | (char *)NULL); | 709 | (char *)NULL); |
710 | free(conn_hash_hex); | ||
687 | if (result != 1) { | 711 | if (result != 1) { |
688 | /* skip execution if prior predicate failed */ | 712 | /* skip execution if prior predicate failed */ |
689 | debug3("%.200s line %d: skipped exec " | 713 | debug3("%.200s line %d: skipped exec " |
@@ -1202,7 +1226,7 @@ parse_char_array: | |||
1202 | while ((arg = strdelim(&s)) != NULL && *arg != '\0') { | 1226 | while ((arg = strdelim(&s)) != NULL && *arg != '\0') { |
1203 | if ((*uintptr) >= max_entries) | 1227 | if ((*uintptr) >= max_entries) |
1204 | fatal("%s line %d: " | 1228 | fatal("%s line %d: " |
1205 | "too many authorized keys files.", | 1229 | "too many known hosts files.", |
1206 | filename, linenum); | 1230 | filename, linenum); |
1207 | cpptr[(*uintptr)++] = xstrdup(arg); | 1231 | cpptr[(*uintptr)++] = xstrdup(arg); |
1208 | } | 1232 | } |