summaryrefslogtreecommitdiff
path: root/ssh.c
diff options
context:
space:
mode:
authordtucker@openbsd.org <dtucker@openbsd.org>2020-04-10 00:52:07 +0000
committerDarren Tucker <dtucker@dtucker.net>2020-04-10 11:47:19 +1000
commit990687a0336098566c3a854d23cce74a31ec6fe2 (patch)
tree2d32e3b853cacabf9bd489882b830d0e4f38f039 /ssh.c
parent2b13d3934d5803703c04803ca3a93078ecb5b715 (diff)
upstream: Add TOKEN percent expansion to LocalFoward and RemoteForward
when used for Unix domain socket forwarding. Factor out the code for the config keywords that use the most common subset of TOKENS into its own function. bz#3014, ok jmc@ (man page bits) djm@ OpenBSD-Commit-ID: bffc9f7e7b5cf420309a057408bef55171fd0b97
Diffstat (limited to 'ssh.c')
-rw-r--r--ssh.c137
1 files changed, 87 insertions, 50 deletions
diff --git a/ssh.c b/ssh.c
index 17608564..98b6ce78 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.526 2020/04/03 06:07:57 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.527 2020/04/10 00:52:07 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -176,13 +176,6 @@ char *forward_agent_sock_path = NULL;
/* Various strings used to to percent_expand() arguments */
static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
static char uidstr[32], *host_arg, *conn_hash_hex;
-#define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS \
- "C", conn_hash_hex, \
- "L", shorthost, \
- "i", uidstr, \
- "l", thishost, \
- "n", host_arg, \
- "p", portstr
/* socket address the host resolves to */
struct sockaddr_storage hostaddr;
@@ -238,6 +231,34 @@ tilde_expand_paths(char **paths, u_int num_paths)
}
}
+#define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS \
+ "C", conn_hash_hex, \
+ "L", shorthost, \
+ "i", uidstr, \
+ "l", thishost, \
+ "n", host_arg, \
+ "p", portstr
+
+/*
+ * Expands the set of percent_expand options used by the majority of keywords
+ * in the client that support percent expansion.
+ * Caller must free returned string.
+ */
+static char *
+default_client_percent_expand(const char *str, const char *homedir,
+ const char *remhost, const char *remuser, const char *locuser)
+{
+ return percent_expand(str,
+ /* values from statics above */
+ DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
+ /* values from arguments */
+ "d", homedir,
+ "h", remhost,
+ "r", remuser,
+ "u", locuser,
+ (char *)NULL);
+}
+
/*
* Attempt to resolve a host name / port to a set of addresses and
* optionally return any CNAMEs encountered along the way.
@@ -1345,13 +1366,8 @@ main(int ac, char **av)
if (options.remote_command != NULL) {
debug3("expanding RemoteCommand: %s", options.remote_command);
cp = options.remote_command;
- options.remote_command = percent_expand(cp,
- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
- "d", pw->pw_dir,
- "h", host,
- "r", options.user,
- "u", pw->pw_name,
- (char *)NULL);
+ options.remote_command = default_client_percent_expand(cp,
+ pw->pw_dir, host, options.user, pw->pw_name);
debug3("expanded RemoteCommand: %s", options.remote_command);
free(cp);
if ((r = sshbuf_put(command, options.remote_command,
@@ -1362,25 +1378,15 @@ main(int ac, char **av)
if (options.control_path != NULL) {
cp = tilde_expand_filename(options.control_path, getuid());
free(options.control_path);
- options.control_path = percent_expand(cp,
- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
- "d", pw->pw_dir,
- "h", host,
- "r", options.user,
- "u", pw->pw_name,
- (char *)NULL);
+ options.control_path = default_client_percent_expand(cp,
+ pw->pw_dir, host, options.user, pw->pw_name);
free(cp);
}
if (options.identity_agent != NULL) {
p = tilde_expand_filename(options.identity_agent, getuid());
- cp = percent_expand(p,
- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
- "d", pw->pw_dir,
- "h", host,
- "r", options.user,
- "u", pw->pw_name,
- (char *)NULL);
+ cp = default_client_percent_expand(p,
+ pw->pw_dir, host, options.user, pw->pw_name);
free(p);
free(options.identity_agent);
options.identity_agent = cp;
@@ -1389,18 +1395,59 @@ main(int ac, char **av)
if (options.forward_agent_sock_path != NULL) {
p = tilde_expand_filename(options.forward_agent_sock_path,
getuid());
- cp = percent_expand(p,
- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
- "d", pw->pw_dir,
- "h", host,
- "r", options.user,
- "u", pw->pw_name,
- (char *)NULL);
+ cp = default_client_percent_expand(p,
+ pw->pw_dir, host, options.user, pw->pw_name);
free(p);
free(options.forward_agent_sock_path);
options.forward_agent_sock_path = cp;
}
+ for (i = 0; i < options.num_local_forwards; i++) {
+ if (options.local_forwards[i].listen_path != NULL) {
+ cp = options.local_forwards[i].listen_path;
+ p = options.local_forwards[i].listen_path =
+ default_client_percent_expand(cp,
+ pw->pw_dir, host, options.user, pw->pw_name);
+ if (strcmp(cp, p) != 0)
+ debug3("expanded LocalForward listen path "
+ "'%s' -> '%s'", cp, p);
+ free(cp);
+ }
+ if (options.local_forwards[i].connect_path != NULL) {
+ cp = options.local_forwards[i].connect_path;
+ p = options.local_forwards[i].connect_path =
+ default_client_percent_expand(cp,
+ pw->pw_dir, host, options.user, pw->pw_name);
+ if (strcmp(cp, p) != 0)
+ debug3("expanded LocalForward connect path "
+ "'%s' -> '%s'", cp, p);
+ free(cp);
+ }
+ }
+
+ for (i = 0; i < options.num_remote_forwards; i++) {
+ if (options.remote_forwards[i].listen_path != NULL) {
+ cp = options.remote_forwards[i].listen_path;
+ p = options.remote_forwards[i].listen_path =
+ default_client_percent_expand(cp,
+ pw->pw_dir, host, options.user, pw->pw_name);
+ if (strcmp(cp, p) != 0)
+ debug3("expanded RemoteForward listen path "
+ "'%s' -> '%s'", cp, p);
+ free(cp);
+ }
+ if (options.remote_forwards[i].connect_path != NULL) {
+ cp = options.remote_forwards[i].connect_path;
+ p = options.remote_forwards[i].connect_path =
+ default_client_percent_expand(cp,
+ pw->pw_dir, host, options.user, pw->pw_name);
+ if (strcmp(cp, p) != 0)
+ debug3("expanded RemoteForward connect path "
+ "'%s' -> '%s'", cp, p);
+ free(cp);
+ }
+ }
+
if (config_test) {
dump_client_config(&options, host);
exit(0);
@@ -2154,13 +2201,8 @@ load_public_identity_files(struct passwd *pw)
continue;
}
cp = tilde_expand_filename(options.identity_files[i], getuid());
- filename = percent_expand(cp,
- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
- "d", pw->pw_dir,
- "h", host,
- "r", options.user,
- "u", pw->pw_name,
- (char *)NULL);
+ filename = default_client_percent_expand(cp,
+ pw->pw_dir, host, options.user, pw->pw_name);
free(cp);
check_load(sshkey_load_public(filename, &public, NULL),
filename, "pubkey");
@@ -2209,13 +2251,8 @@ load_public_identity_files(struct passwd *pw)
for (i = 0; i < options.num_certificate_files; i++) {
cp = tilde_expand_filename(options.certificate_files[i],
getuid());
- filename = percent_expand(cp,
- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
- "d", pw->pw_dir,
- "h", host,
- "r", options.user,
- "u", pw->pw_name,
- (char *)NULL);
+ filename = default_client_percent_expand(cp,
+ pw->pw_dir, host, options.user, pw->pw_name);
free(cp);
check_load(sshkey_load_public(filename, &public, NULL),