diff options
Diffstat (limited to 'ssh.c')
-rw-r--r-- | ssh.c | 137 |
1 files changed, 87 insertions, 50 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh.c,v 1.526 2020/04/03 06:07:57 djm Exp $ */ | 1 | /* $OpenBSD: ssh.c,v 1.527 2020/04/10 00:52:07 dtucker Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -176,13 +176,6 @@ char *forward_agent_sock_path = NULL; | |||
176 | /* Various strings used to to percent_expand() arguments */ | 176 | /* Various strings used to to percent_expand() arguments */ |
177 | static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; | 177 | static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; |
178 | static char uidstr[32], *host_arg, *conn_hash_hex; | 178 | static char uidstr[32], *host_arg, *conn_hash_hex; |
179 | #define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS \ | ||
180 | "C", conn_hash_hex, \ | ||
181 | "L", shorthost, \ | ||
182 | "i", uidstr, \ | ||
183 | "l", thishost, \ | ||
184 | "n", host_arg, \ | ||
185 | "p", portstr | ||
186 | 179 | ||
187 | /* socket address the host resolves to */ | 180 | /* socket address the host resolves to */ |
188 | struct sockaddr_storage hostaddr; | 181 | struct sockaddr_storage hostaddr; |
@@ -238,6 +231,34 @@ tilde_expand_paths(char **paths, u_int num_paths) | |||
238 | } | 231 | } |
239 | } | 232 | } |
240 | 233 | ||
234 | #define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS \ | ||
235 | "C", conn_hash_hex, \ | ||
236 | "L", shorthost, \ | ||
237 | "i", uidstr, \ | ||
238 | "l", thishost, \ | ||
239 | "n", host_arg, \ | ||
240 | "p", portstr | ||
241 | |||
242 | /* | ||
243 | * Expands the set of percent_expand options used by the majority of keywords | ||
244 | * in the client that support percent expansion. | ||
245 | * Caller must free returned string. | ||
246 | */ | ||
247 | static char * | ||
248 | default_client_percent_expand(const char *str, const char *homedir, | ||
249 | const char *remhost, const char *remuser, const char *locuser) | ||
250 | { | ||
251 | return percent_expand(str, | ||
252 | /* values from statics above */ | ||
253 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | ||
254 | /* values from arguments */ | ||
255 | "d", homedir, | ||
256 | "h", remhost, | ||
257 | "r", remuser, | ||
258 | "u", locuser, | ||
259 | (char *)NULL); | ||
260 | } | ||
261 | |||
241 | /* | 262 | /* |
242 | * Attempt to resolve a host name / port to a set of addresses and | 263 | * Attempt to resolve a host name / port to a set of addresses and |
243 | * optionally return any CNAMEs encountered along the way. | 264 | * optionally return any CNAMEs encountered along the way. |
@@ -1345,13 +1366,8 @@ main(int ac, char **av) | |||
1345 | if (options.remote_command != NULL) { | 1366 | if (options.remote_command != NULL) { |
1346 | debug3("expanding RemoteCommand: %s", options.remote_command); | 1367 | debug3("expanding RemoteCommand: %s", options.remote_command); |
1347 | cp = options.remote_command; | 1368 | cp = options.remote_command; |
1348 | options.remote_command = percent_expand(cp, | 1369 | options.remote_command = default_client_percent_expand(cp, |
1349 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | 1370 | pw->pw_dir, host, options.user, pw->pw_name); |
1350 | "d", pw->pw_dir, | ||
1351 | "h", host, | ||
1352 | "r", options.user, | ||
1353 | "u", pw->pw_name, | ||
1354 | (char *)NULL); | ||
1355 | debug3("expanded RemoteCommand: %s", options.remote_command); | 1371 | debug3("expanded RemoteCommand: %s", options.remote_command); |
1356 | free(cp); | 1372 | free(cp); |
1357 | if ((r = sshbuf_put(command, options.remote_command, | 1373 | if ((r = sshbuf_put(command, options.remote_command, |
@@ -1362,25 +1378,15 @@ main(int ac, char **av) | |||
1362 | if (options.control_path != NULL) { | 1378 | if (options.control_path != NULL) { |
1363 | cp = tilde_expand_filename(options.control_path, getuid()); | 1379 | cp = tilde_expand_filename(options.control_path, getuid()); |
1364 | free(options.control_path); | 1380 | free(options.control_path); |
1365 | options.control_path = percent_expand(cp, | 1381 | options.control_path = default_client_percent_expand(cp, |
1366 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | 1382 | pw->pw_dir, host, options.user, pw->pw_name); |
1367 | "d", pw->pw_dir, | ||
1368 | "h", host, | ||
1369 | "r", options.user, | ||
1370 | "u", pw->pw_name, | ||
1371 | (char *)NULL); | ||
1372 | free(cp); | 1383 | free(cp); |
1373 | } | 1384 | } |
1374 | 1385 | ||
1375 | if (options.identity_agent != NULL) { | 1386 | if (options.identity_agent != NULL) { |
1376 | p = tilde_expand_filename(options.identity_agent, getuid()); | 1387 | p = tilde_expand_filename(options.identity_agent, getuid()); |
1377 | cp = percent_expand(p, | 1388 | cp = default_client_percent_expand(p, |
1378 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | 1389 | pw->pw_dir, host, options.user, pw->pw_name); |
1379 | "d", pw->pw_dir, | ||
1380 | "h", host, | ||
1381 | "r", options.user, | ||
1382 | "u", pw->pw_name, | ||
1383 | (char *)NULL); | ||
1384 | free(p); | 1390 | free(p); |
1385 | free(options.identity_agent); | 1391 | free(options.identity_agent); |
1386 | options.identity_agent = cp; | 1392 | options.identity_agent = cp; |
@@ -1389,18 +1395,59 @@ main(int ac, char **av) | |||
1389 | if (options.forward_agent_sock_path != NULL) { | 1395 | if (options.forward_agent_sock_path != NULL) { |
1390 | p = tilde_expand_filename(options.forward_agent_sock_path, | 1396 | p = tilde_expand_filename(options.forward_agent_sock_path, |
1391 | getuid()); | 1397 | getuid()); |
1392 | cp = percent_expand(p, | 1398 | cp = default_client_percent_expand(p, |
1393 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | 1399 | pw->pw_dir, host, options.user, pw->pw_name); |
1394 | "d", pw->pw_dir, | ||
1395 | "h", host, | ||
1396 | "r", options.user, | ||
1397 | "u", pw->pw_name, | ||
1398 | (char *)NULL); | ||
1399 | free(p); | 1400 | free(p); |
1400 | free(options.forward_agent_sock_path); | 1401 | free(options.forward_agent_sock_path); |
1401 | options.forward_agent_sock_path = cp; | 1402 | options.forward_agent_sock_path = cp; |
1402 | } | 1403 | } |
1403 | 1404 | ||
1405 | for (i = 0; i < options.num_local_forwards; i++) { | ||
1406 | if (options.local_forwards[i].listen_path != NULL) { | ||
1407 | cp = options.local_forwards[i].listen_path; | ||
1408 | p = options.local_forwards[i].listen_path = | ||
1409 | default_client_percent_expand(cp, | ||
1410 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1411 | if (strcmp(cp, p) != 0) | ||
1412 | debug3("expanded LocalForward listen path " | ||
1413 | "'%s' -> '%s'", cp, p); | ||
1414 | free(cp); | ||
1415 | } | ||
1416 | if (options.local_forwards[i].connect_path != NULL) { | ||
1417 | cp = options.local_forwards[i].connect_path; | ||
1418 | p = options.local_forwards[i].connect_path = | ||
1419 | default_client_percent_expand(cp, | ||
1420 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1421 | if (strcmp(cp, p) != 0) | ||
1422 | debug3("expanded LocalForward connect path " | ||
1423 | "'%s' -> '%s'", cp, p); | ||
1424 | free(cp); | ||
1425 | } | ||
1426 | } | ||
1427 | |||
1428 | for (i = 0; i < options.num_remote_forwards; i++) { | ||
1429 | if (options.remote_forwards[i].listen_path != NULL) { | ||
1430 | cp = options.remote_forwards[i].listen_path; | ||
1431 | p = options.remote_forwards[i].listen_path = | ||
1432 | default_client_percent_expand(cp, | ||
1433 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1434 | if (strcmp(cp, p) != 0) | ||
1435 | debug3("expanded RemoteForward listen path " | ||
1436 | "'%s' -> '%s'", cp, p); | ||
1437 | free(cp); | ||
1438 | } | ||
1439 | if (options.remote_forwards[i].connect_path != NULL) { | ||
1440 | cp = options.remote_forwards[i].connect_path; | ||
1441 | p = options.remote_forwards[i].connect_path = | ||
1442 | default_client_percent_expand(cp, | ||
1443 | pw->pw_dir, host, options.user, pw->pw_name); | ||
1444 | if (strcmp(cp, p) != 0) | ||
1445 | debug3("expanded RemoteForward connect path " | ||
1446 | "'%s' -> '%s'", cp, p); | ||
1447 | free(cp); | ||
1448 | } | ||
1449 | } | ||
1450 | |||
1404 | if (config_test) { | 1451 | if (config_test) { |
1405 | dump_client_config(&options, host); | 1452 | dump_client_config(&options, host); |
1406 | exit(0); | 1453 | exit(0); |
@@ -2154,13 +2201,8 @@ load_public_identity_files(struct passwd *pw) | |||
2154 | continue; | 2201 | continue; |
2155 | } | 2202 | } |
2156 | cp = tilde_expand_filename(options.identity_files[i], getuid()); | 2203 | cp = tilde_expand_filename(options.identity_files[i], getuid()); |
2157 | filename = percent_expand(cp, | 2204 | filename = default_client_percent_expand(cp, |
2158 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | 2205 | pw->pw_dir, host, options.user, pw->pw_name); |
2159 | "d", pw->pw_dir, | ||
2160 | "h", host, | ||
2161 | "r", options.user, | ||
2162 | "u", pw->pw_name, | ||
2163 | (char *)NULL); | ||
2164 | free(cp); | 2206 | free(cp); |
2165 | check_load(sshkey_load_public(filename, &public, NULL), | 2207 | check_load(sshkey_load_public(filename, &public, NULL), |
2166 | filename, "pubkey"); | 2208 | filename, "pubkey"); |
@@ -2209,13 +2251,8 @@ load_public_identity_files(struct passwd *pw) | |||
2209 | for (i = 0; i < options.num_certificate_files; i++) { | 2251 | for (i = 0; i < options.num_certificate_files; i++) { |
2210 | cp = tilde_expand_filename(options.certificate_files[i], | 2252 | cp = tilde_expand_filename(options.certificate_files[i], |
2211 | getuid()); | 2253 | getuid()); |
2212 | filename = percent_expand(cp, | 2254 | filename = default_client_percent_expand(cp, |
2213 | DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, | 2255 | pw->pw_dir, host, options.user, pw->pw_name); |
2214 | "d", pw->pw_dir, | ||
2215 | "h", host, | ||
2216 | "r", options.user, | ||
2217 | "u", pw->pw_name, | ||
2218 | (char *)NULL); | ||
2219 | free(cp); | 2256 | free(cp); |
2220 | 2257 | ||
2221 | check_load(sshkey_load_public(filename, &public, NULL), | 2258 | check_load(sshkey_load_public(filename, &public, NULL), |