Bug 2870

Created attachment 3155 [details]
Support %U in sshd percent_expand for UID. Extend %i availability in ssh

This patch adds a %U expansion to all the sshd_config directives that accept a username (%u) token.

I would have used %i as is used in ssh, but unfortunately that's already collided by the certificate key-ID token in sshd (sorry, my fault).

This also expands the availability of %i in ssh to everywhere that currenly supports %u too.

Comment on attachment 3155 [details]
Support %U in sshd percent_expand for UID. Extend %i availability in ssh

> snprintf(uidstr, sizeof(uidstr), "%d", pw->pw_uid);

on some platforms uid_t is long not int?

Created attachment 3156 [details]
Cast to safe integral value

POSIX says that uid_t can be any integral type, so cast to unsigned long long. IMO this is safe wrt -ve values, whereas a signed type with be undefined behaviour on a platform with unsigned uid_t and sufficiently large UIDs.

Comment on attachment 3156 [details]
Cast to safe integral value

>+	snprintf(uidstr, sizeof(uidstr), "%llu",
>+	    (unsigned long long)pw->pw_uid);

check for truncation (or use xasprintf)?  shouldn't happen with 64bits, but maybe someone will make them GUIDs or something one day.

otherwise ok.

This has been committed and will be in OpenSSH 7.8 - thanks!

load_public_identity_files() expands %h and %i to same value. Please check.

In addition I would like client to use %U instead %i, i.e. %i to be considered as obsolete.
Of course for backward compatibility %i has to be available.
Using common TOKEN options (%U and %u) in client and daemon will minimize configuration errors.

Thanks I've fixed the incorrect %i expansion.

closing resolved bugs as of 8.6p1 release