Bugzilla – Attachment 3686 Details for
Bug 3552
ssh_config option RevokedHostKeys doesn't do tilde expansion on the filename
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Add tilde and environment variable support to RevokedHostKeys
openssh-revokedhostkeys-expand.patch (text/plain), 2.51 KB, created by
Darren Tucker
on 2023-03-26 06:03:50 AEDT
(
hide
)
Description:
Add tilde and environment variable support to RevokedHostKeys
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2023-03-26 06:03:50 AEDT
Size:
2.51 KB
patch
obsolete
>Index: usr.bin/ssh/ssh.c >=================================================================== >RCS file: /export/cvs/src/usr.bin/ssh/ssh.c,v >retrieving revision 1.585 >diff -u -p -r1.585 ssh.c >--- usr.bin/ssh/ssh.c 10 Feb 2023 04:40:28 -0000 1.585 >+++ usr.bin/ssh/ssh.c 25 Mar 2023 18:34:29 -0000 >@@ -1400,6 +1400,14 @@ main(int ac, char **av) > options.identity_agent = cp; > } > >+ if (options.revoked_host_keys != NULL) { >+ p = tilde_expand_filename(options.revoked_host_keys, getuid()); >+ cp = default_client_percent_dollar_expand(p, cinfo); >+ free(p); >+ free(options.revoked_host_keys); >+ options.revoked_host_keys = cp; >+ } >+ > if (options.forward_agent_sock_path != NULL) { > p = tilde_expand_filename(options.forward_agent_sock_path, > getuid()); >Index: usr.bin/ssh/ssh_config.5 >=================================================================== >RCS file: /export/cvs/src/usr.bin/ssh/ssh_config.5,v >retrieving revision 1.379 >diff -u -p -r1.379 ssh_config.5 >--- usr.bin/ssh/ssh_config.5 10 Mar 2023 02:32:04 -0000 1.379 >+++ usr.bin/ssh/ssh_config.5 25 Mar 2023 18:43:46 -0000 >@@ -1666,6 +1666,14 @@ an OpenSSH Key Revocation List (KRL) as > .Xr ssh-keygen 1 . > For more information on KRLs, see the KEY REVOCATION LISTS section in > .Xr ssh-keygen 1 . >+Arguments to >+.Cm RevokedHostKeys >+may use the tilde syntax to refer to a user's home directory, >+the tokens described in the >+.Sx TOKENS >+section and environment variables as described in the >+.Sx ENVIRONMENT VARIABLES >+section. > .It Cm SecurityKeyProvider > Specifies a path to a library that will be used when loading any > FIDO authenticator-hosted keys, overriding the default of using >@@ -2136,6 +2144,7 @@ The local username. > .Cm Match exec , > .Cm RemoteCommand , > .Cm RemoteForward , >+.Cm RevokedHostKeys , > and > .Cm UserKnownHostsFile > accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u. >Index: regress/usr.bin/ssh/percent.sh >=================================================================== >RCS file: /export/cvs/src/regress/usr.bin/ssh/percent.sh,v >retrieving revision 1.16 >diff -u -p -r1.16 percent.sh >--- regress/usr.bin/ssh/percent.sh 14 Jan 2023 09:57:08 -0000 1.16 >+++ regress/usr.bin/ssh/percent.sh 25 Mar 2023 18:44:50 -0000 >@@ -61,7 +61,8 @@ trial() > } > > for i in matchexec localcommand remotecommand controlpath identityagent \ >- forwardagent localforward remoteforward userknownhostsfile; do >+ forwardagent localforward remoteforward revokedhostkeys \ >+ userknownhostsfile; do > verbose $tid $i percent > case "$i" in > localcommand|userknownhostsfile)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3686">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
dtucker
:
ok?
(
djm
)
Actions:
View
|
Diff
Attachments on
bug 3552
: 3686