Attachment #3156 for bug #2870

Lines 422-432 auth_root_allowed(struct ssh ssh, const char method) Link Here

(-)a/auth.c (-2 / +4 lines)
422	char *	422	char *
423	expand_authorized_keys(const char filename, struct passwd pw)	423	expand_authorized_keys(const char filename, struct passwd pw)
424	{	424	{
425	char *file, ret[PATH_MAX];	425	char *file, uidstr[32], ret[PATH_MAX];
426	int i;	426	int i;
427		427
		428	snprintf(uidstr, sizeof(uidstr), "%llu",
		429	(unsigned long long)pw->pw_uid);
428	file = percent_expand(filename, "h", pw->pw_dir,	430	file = percent_expand(filename, "h", pw->pw_dir,
429	"u", pw->pw_name, (char *)NULL);	431	"u", pw->pw_name, "U", uidstr, (char *)NULL);
430		432
431	/*	433	/*
432	* Ensure that filename starts anchored. If not, be backward	434	* Ensure that filename starts anchored. If not, be backward

Lines 387-393 match_principals_command(struct ssh ssh, struct passwd user_pw, Link Here

(-)a/auth2-pubkey.c (-2 / +8 lines)
387	pid_t pid;	387	pid_t pid;
388	char tmp, username = NULL, command = NULL, *av = NULL;	388	char tmp, username = NULL, command = NULL, *av = NULL;
389	char ca_fp = NULL, key_fp = NULL, catext = NULL, keytext = NULL;	389	char ca_fp = NULL, key_fp = NULL, catext = NULL, keytext = NULL;
390	char serial_s[16];	390	char serial_s[16], uidstr[32];
391	void (*osigchld)(int);	391	void (*osigchld)(int);
392		392
393	if (authoptsp != NULL)	393	if (authoptsp != NULL)
Lines 447-454 match_principals_command(struct ssh ssh, struct passwd user_pw, Link Here
447	}	447	}
448	snprintf(serial_s, sizeof(serial_s), "%llu",	448	snprintf(serial_s, sizeof(serial_s), "%llu",
449	(unsigned long long)cert->serial);	449	(unsigned long long)cert->serial);
		450	snprintf(uidstr, sizeof(uidstr), "%llu",
		451	(unsigned long long)user_pw->pw_uid);
450	for (i = 1; i < ac; i++) {	452	for (i = 1; i < ac; i++) {
451	tmp = percent_expand(av[i],	453	tmp = percent_expand(av[i],
		454	"U", uidstr,
452	"u", user_pw->pw_name,	455	"u", user_pw->pw_name,
453	"h", user_pw->pw_dir,	456	"h", user_pw->pw_dir,
454	"t", sshkey_ssh_name(key),	457	"t", sshkey_ssh_name(key),
Lines 852-858 user_key_command_allowed2(struct ssh ssh, struct passwd user_pw, Link Here
852	int i, uid_swapped = 0, ac = 0;	855	int i, uid_swapped = 0, ac = 0;
853	pid_t pid;	856	pid_t pid;
854	char username = NULL, key_fp = NULL, *keytext = NULL;	857	char username = NULL, key_fp = NULL, *keytext = NULL;
855	char tmp, command = NULL, **av = NULL;	858	char uidstr[32], tmp, command = NULL, **av = NULL;
856	void (*osigchld)(int);	859	void (*osigchld)(int);
857		860
858	if (authoptsp != NULL)	861	if (authoptsp != NULL)
Lines 902-909 user_key_command_allowed2(struct ssh ssh, struct passwd user_pw, Link Here
902	command);	905	command);
903	goto out;	906	goto out;
904	}	907	}
		908	snprintf(uidstr, sizeof(uidstr), "%llu",
		909	(unsigned long long)user_pw->pw_uid);
905	for (i = 1; i < ac; i++) {	910	for (i = 1; i < ac; i++) {
906	tmp = percent_expand(av[i],	911	tmp = percent_expand(av[i],
		912	"U", uidstr,
907	"u", user_pw->pw_name,	913	"u", user_pw->pw_name,
908	"h", user_pw->pw_dir,	914	"h", user_pw->pw_dir,
909	"t", sshkey_ssh_name(key),	915	"t", sshkey_ssh_name(key),

Lines 551-556 match_cfg_line(Options options, char condition, struct passwd pw, Link Here

(-)a/readconf.c (+4 lines)
551	const char *ruser;	551	const char *ruser;
552	int r, port, this_result, result = 1, attributes = 0, negate;	552	int r, port, this_result, result = 1, attributes = 0, negate;
553	char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];	553	char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
		554	char uidstr[32];
554		555
555	/*	556	/*
556	* Configuration is likely to be incomplete at this point so we	557	* Configuration is likely to be incomplete at this point so we
Lines 631-636 match_cfg_line(Options options, char condition, struct passwd pw, Link Here
631	strlcpy(shorthost, thishost, sizeof(shorthost));	632	strlcpy(shorthost, thishost, sizeof(shorthost));
632	shorthost[strcspn(thishost, ".")] = '\0';	633	shorthost[strcspn(thishost, ".")] = '\0';
633	snprintf(portstr, sizeof(portstr), "%d", port);	634	snprintf(portstr, sizeof(portstr), "%d", port);
		635	snprintf(uidstr, sizeof(uidstr), "%llu",
		636	(unsigned long long)pw->pw_uid);
634		637
635	cmd = percent_expand(arg,	638	cmd = percent_expand(arg,
636	"L", shorthost,	639	"L", shorthost,
Lines 641-646 match_cfg_line(Options options, char condition, struct passwd pw, Link Here
641	"p", portstr,	644	"p", portstr,
642	"r", ruser,	645	"r", ruser,
643	"u", pw->pw_name,	646	"u", pw->pw_name,
		647	"i", uidstr,
644	(char *)NULL);	648	(char *)NULL);
645	if (result != 1) {	649	if (result != 1) {
646	/* skip execution if prior predicate failed */	650	/* skip execution if prior predicate failed */

Lines 1324-1330 safely_chroot(const char *path, uid_t uid) Link Here

(-)a/session.c (-2 / +4 lines)
1324	void	1324	void
1325	do_setusercontext(struct passwd *pw)	1325	do_setusercontext(struct passwd *pw)
1326	{	1326	{
1327	char chroot_path, tmp;	1327	char uidstr[32], chroot_path, tmp;
1328		1328
1329	platform_setusercontext(pw);	1329	platform_setusercontext(pw);
1330		1330
Lines 1356-1363 do_setusercontext(struct passwd *pw) Link Here
1356	strcasecmp(options.chroot_directory, "none") != 0) {	1356	strcasecmp(options.chroot_directory, "none") != 0) {
1357	tmp = tilde_expand_filename(options.chroot_directory,	1357	tmp = tilde_expand_filename(options.chroot_directory,
1358	pw->pw_uid);	1358	pw->pw_uid);
		1359	snprintf(uidstr, sizeof(uidstr), "%llu",
		1360	(unsigned long long)pw->pw_uid);
1359	chroot_path = percent_expand(tmp, "h", pw->pw_dir,	1361	chroot_path = percent_expand(tmp, "h", pw->pw_dir,
1360	"u", pw->pw_name, (char *)NULL);	1362	"u", pw->pw_name, "U", uidstr, (char *)NULL);
1361	safely_chroot(chroot_path, pw->pw_uid);	1363	safely_chroot(chroot_path, pw->pw_uid);
1362	free(tmp);	1364	free(tmp);
1363	free(chroot_path);	1365	free(chroot_path);

Lines 1503-1509 sftp_server_main(int argc, char *argv, struct passwd user_pw) Link Here

(-)a/sftp-server.c (-2 / +4 lines)
1503	int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0;	1503	int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0;
1504	ssize_t len, olen, set_size;	1504	ssize_t len, olen, set_size;
1505	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;	1505	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
1506	char cp, homedir = NULL, buf[4*4096];	1506	char cp, homedir = NULL, uidstr[32], buf[4*4096];
1507	long mask;	1507	long mask;
1508		1508
1509	extern char *optarg;	1509	extern char *optarg;
Lines 1554-1561 sftp_server_main(int argc, char *argv, struct passwd user_pw) Link Here
1554	break;	1554	break;
1555	case 'd':	1555	case 'd':
1556	cp = tilde_expand_filename(optarg, user_pw->pw_uid);	1556	cp = tilde_expand_filename(optarg, user_pw->pw_uid);
		1557	snprintf(uidstr, sizeof(uidstr), "%llu",
		1558	(unsigned long long)pw->pw_uid);
1557	homedir = percent_expand(cp, "d", user_pw->pw_dir,	1559	homedir = percent_expand(cp, "d", user_pw->pw_dir,
1558	"u", user_pw->pw_name, (char *)NULL);	1560	"u", user_pw->pw_name, "U", uidstr, (char *)NULL);
1559	free(cp);	1561	free(cp);
1560	break;	1562	break;
1561	case 'p':	1563	case 'p':




	strlcpy(shorthost, thishost, sizeof(shorthost));
	shorthost[strcspn(thishost, ".")] = '\0';
	snprintf(portstr, sizeof(portstr), "%d", options.port);
	snprintf(uidstr, sizeof(uidstr), "%llu",
	    (unsigned long long)pw->pw_uid);

	if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL ||
	    ssh_digest_update(md, thishost, strlen(thishost)) < 0 ||

		    "L", shorthost,
		    "d", pw->pw_dir,
		    "h", host,
		    "i", uidstr,
		    "l", thishost,
		    "n", host_arg,
		    "p", portstr,

		    "C", conn_hash_hex,
		    "L", shorthost,
		    "h", host,
		    "i", uidstr,
		    "l", thishost,
		    "n", host_arg,
		    "p", portstr,

		} else {
			p = tilde_expand_filename(options.identity_agent,
			    original_real_uid);
			cp = percent_expand(p,
			    "d", pw->pw_dir,
			    "h", host,
			    "i", uidstr,
			    "l", thishost,
			    "r", options.user,
			    "u", pw->pw_name,
			    (char *)NULL);
			setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);
			free(cp);
			free(p);

		    "L", shorthost,
		    "d", pw->pw_dir,
		    "h", host,
		    "i", uidstr,
		    "l", thishost,
		    "n", host_arg,
		    "p", portstr,

	for (i = 0; i < options.num_certificate_files; i++) {
		cp = tilde_expand_filename(options.certificate_files[i],
		    original_real_uid);
		filename = percent_expand(cp,
		    "d", pw->pw_dir,
		    "h", host,
		    "i", host,
		    "l", thishost,
		    "r", options.user,
		    "u", pw->pw_name,
		    (char *)NULL);
		free(cp);

		public = key_load_public(filename, NULL);




.El
.Pp
.Cm Match exec
accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u.
.Pp
.Cm CertificateFile
accepts the tokens %%, %d, %h, %i %l, %r, and %u.
.Pp
.Cm ControlPath
accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u.

.Cm IdentityAgent
and
.Cm IdentityFile
accept the tokens %%, %d, %h, %i %l, %r, and %u.
.Pp
.Cm LocalCommand
accepts the tokens %%, %C, %d, %h, %i %l, %n, %p, %r, %T, and %u.
.Pp
.Cm ProxyCommand
accepts the tokens %%, %h, %p, and %r.
.Pp
.Cm RemoteCommand
accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u.
.Sh FILES
.Bl -tag -width Ds
.It Pa ~/.ssh/config




The type of the CA key.
.It %t
The key or certificate type.
.It %U
The numeric user-id id of the target user.
.It %u
The username.
.El
.Pp
.Cm AuthorizedKeysCommand
accepts the tokens %%, %f, %h, %k, %t, %U and %u.
.Pp
.Cm AuthorizedKeysFile
accepts the tokens %%, %h, %U and %u.
.Pp
.Cm AuthorizedPrincipalsCommand
accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, %U and %u.
.Pp
.Cm AuthorizedPrincipalsFile
accepts the tokens %%, %h, and %U %u.
.Pp
.Cm ChrootDirectory
accepts the tokens %%, %h, and %U %u.
.Pp
.Cm RoutingDomain
accepts the token %D.

Return to bug 2870

Lines 1269-1275 main(int ac, char **av) Link Here

(-)a/ssh.c (-7 / +21 lines)
1269	strlcpy(shorthost, thishost, sizeof(shorthost));	1269	strlcpy(shorthost, thishost, sizeof(shorthost));
1270	shorthost[strcspn(thishost, ".")] = '\0';	1270	shorthost[strcspn(thishost, ".")] = '\0';
1271	snprintf(portstr, sizeof(portstr), "%d", options.port);	1271	snprintf(portstr, sizeof(portstr), "%d", options.port);
1272	snprintf(uidstr, sizeof(uidstr), "%d", pw->pw_uid);	1272	snprintf(uidstr, sizeof(uidstr), "%llu",
		1273	(unsigned long long)pw->pw_uid);
1273		1274
1274	if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL \|\|	1275	if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL \|\|
1275	ssh_digest_update(md, thishost, strlen(thishost)) < 0 \|\|	1276	ssh_digest_update(md, thishost, strlen(thishost)) < 0 \|\|
Lines 1294-1299 main(int ac, char **av) Link Here
1294	"L", shorthost,	1295	"L", shorthost,
1295	"d", pw->pw_dir,	1296	"d", pw->pw_dir,
1296	"h", host,	1297	"h", host,
		1298	"i", uidstr,
1297	"l", thishost,	1299	"l", thishost,
1298	"n", host_arg,	1300	"n", host_arg,
1299	"p", portstr,	1301	"p", portstr,
Lines 1314-1319 main(int ac, char **av) Link Here
1314	"C", conn_hash_hex,	1316	"C", conn_hash_hex,
1315	"L", shorthost,	1317	"L", shorthost,
1316	"h", host,	1318	"h", host,
		1319	"i", uidstr,
1317	"l", thishost,	1320	"l", thishost,
1318	"n", host_arg,	1321	"n", host_arg,
1319	"p", portstr,	1322	"p", portstr,
Lines 1492-1500 main(int ac, char **av) Link Here
1492	} else {	1495	} else {
1493	p = tilde_expand_filename(options.identity_agent,	1496	p = tilde_expand_filename(options.identity_agent,
1494	original_real_uid);	1497	original_real_uid);
1495	cp = percent_expand(p, "d", pw->pw_dir,	1498	cp = percent_expand(p,
1496	"u", pw->pw_name, "l", thishost, "h", host,	1499	"d", pw->pw_dir,
1497	"r", options.user, (char *)NULL);	1500	"h", host,
		1501	"i", uidstr,
		1502	"l", thishost,
		1503	"r", options.user,
		1504	"u", pw->pw_name,
		1505	(char *)NULL);
1498	setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);	1506	setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);
1499	free(cp);	1507	free(cp);
1500	free(p);	1508	free(p);
Lines 1899-1904 ssh_session2(struct ssh ssh, struct passwd pw) Link Here
1899	"L", shorthost,	1907	"L", shorthost,
1900	"d", pw->pw_dir,	1908	"d", pw->pw_dir,
1901	"h", host,	1909	"h", host,
		1910	"i", uidstr,
1902	"l", thishost,	1911	"l", thishost,
1903	"n", host_arg,	1912	"n", host_arg,
1904	"p", portstr,	1913	"p", portstr,
Lines 2097-2105 load_public_identity_files(struct passwd *pw) Link Here
2097	for (i = 0; i < options.num_certificate_files; i++) {	2106	for (i = 0; i < options.num_certificate_files; i++) {
2098	cp = tilde_expand_filename(options.certificate_files[i],	2107	cp = tilde_expand_filename(options.certificate_files[i],
2099	original_real_uid);	2108	original_real_uid);
2100	filename = percent_expand(cp, "d", pw->pw_dir,	2109	filename = percent_expand(cp,
2101	"u", pw->pw_name, "l", thishost, "h", host,	2110	"d", pw->pw_dir,
2102	"r", options.user, (char *)NULL);	2111	"h", host,
		2112	"i", host,
		2113	"l", thishost,
		2114	"r", options.user,
		2115	"u", pw->pw_name,
		2116	(char *)NULL);
2103	free(cp);	2117	free(cp);
2104		2118
2105	public = key_load_public(filename, NULL);	2119	public = key_load_public(filename, NULL);

Lines 1743-1752 The local username. Link Here

(-)a/ssh_config.5 (-5 / +5 lines)
1743	.El	1743	.El
1744	.Pp	1744	.Pp
1745	.Cm Match exec	1745	.Cm Match exec
1746	accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u.	1746	accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u.
1747	.Pp	1747	.Pp
1748	.Cm CertificateFile	1748	.Cm CertificateFile
1749	accepts the tokens %%, %d, %h, %l, %r, and %u.	1749	accepts the tokens %%, %d, %h, %i %l, %r, and %u.
1750	.Pp	1750	.Pp
1751	.Cm ControlPath	1751	.Cm ControlPath
1752	accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u.	1752	accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u.
Lines 1757-1772 accepts the tokens %% and %h. Link Here
1757	.Cm IdentityAgent	1757	.Cm IdentityAgent
1758	and	1758	and
1759	.Cm IdentityFile	1759	.Cm IdentityFile
1760	accept the tokens %%, %d, %h, %l, %r, and %u.	1760	accept the tokens %%, %d, %h, %i %l, %r, and %u.
1761	.Pp	1761	.Pp
1762	.Cm LocalCommand	1762	.Cm LocalCommand
1763	accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, %T, and %u.	1763	accepts the tokens %%, %C, %d, %h, %i %l, %n, %p, %r, %T, and %u.
1764	.Pp	1764	.Pp
1765	.Cm ProxyCommand	1765	.Cm ProxyCommand
1766	accepts the tokens %%, %h, %p, and %r.	1766	accepts the tokens %%, %h, %p, and %r.
1767	.Pp	1767	.Pp
1768	.Cm RemoteCommand	1768	.Cm RemoteCommand
1769	accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u.	1769	accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u.
1770	.Sh FILES	1770	.Sh FILES
1771	.Bl -tag -width Ds	1771	.Bl -tag -width Ds
1772	.It Pa ~/.ssh/config	1772	.It Pa ~/.ssh/config

Lines 1689-1712 The serial number of the certificate. Link Here

(-)a/sshd_config.5 (-5 / +7 lines)
1689	The type of the CA key.	1689	The type of the CA key.
1690	.It %t	1690	.It %t
1691	The key or certificate type.	1691	The key or certificate type.
		1692	.It %U
		1693	The numeric user-id id of the target user.
1692	.It %u	1694	.It %u
1693	The username.	1695	The username.
1694	.El	1696	.El
1695	.Pp	1697	.Pp
1696	.Cm AuthorizedKeysCommand	1698	.Cm AuthorizedKeysCommand
1697	accepts the tokens %%, %f, %h, %k, %t, and %u.	1699	accepts the tokens %%, %f, %h, %k, %t, %U and %u.
1698	.Pp	1700	.Pp
1699	.Cm AuthorizedKeysFile	1701	.Cm AuthorizedKeysFile
1700	accepts the tokens %%, %h, and %u.	1702	accepts the tokens %%, %h, %U and %u.
1701	.Pp	1703	.Pp
1702	.Cm AuthorizedPrincipalsCommand	1704	.Cm AuthorizedPrincipalsCommand
1703	accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, and %u.	1705	accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, %U and %u.
1704	.Pp	1706	.Pp
1705	.Cm AuthorizedPrincipalsFile	1707	.Cm AuthorizedPrincipalsFile
1706	accepts the tokens %%, %h, and %u.	1708	accepts the tokens %%, %h, and %U %u.
1707	.Pp	1709	.Pp
1708	.Cm ChrootDirectory	1710	.Cm ChrootDirectory
1709	accepts the tokens %%, %h, and %u.	1711	accepts the tokens %%, %h, and %U %u.
1710	.Pp	1712	.Pp
1711	.Cm RoutingDomain	1713	.Cm RoutingDomain
1712	accepts the token %D.	1714	accepts the token %D.