Bugzilla – Attachment 3371 Details for
Bug 3014
[Enhancement] Tokens for RemoteForward - for unix sockets
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Add percent expansion to LocalForward and RemoteForward
openssh-forward-percent-expansion.patch (text/plain), 10.43 KB, created by
Darren Tucker
on 2020-04-03 15:39:01 AEDT
(
hide
)
Description:
Add percent expansion to LocalForward and RemoteForward
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2020-04-03 15:39:01 AEDT
Size:
10.43 KB
patch
obsolete
>Index: usr.bin/ssh/ssh.c >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh.c,v >retrieving revision 1.522 >diff -u -p -r1.522 ssh.c >--- usr.bin/ssh/ssh.c 3 Apr 2020 02:27:12 -0000 1.522 >+++ usr.bin/ssh/ssh.c 3 Apr 2020 04:31:19 -0000 >@@ -160,13 +160,6 @@ char *forward_agent_sock_path = NULL; > /* Various strings used to to percent_expand() arguments */ > static char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; > static char uidstr[32], *host_arg, *conn_hash_hex; >-#define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS \ >- "C", conn_hash_hex, \ >- "L", shorthost, \ >- "i", uidstr, \ >- "l", thishost, \ >- "n", host_arg, \ >- "p", portstr > > /* socket address the host resolves to */ > struct sockaddr_storage hostaddr; >@@ -222,6 +215,34 @@ tilde_expand_paths(char **paths, u_int n > } > } > >+#define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS \ >+ "C", conn_hash_hex, \ >+ "L", shorthost, \ >+ "i", uidstr, \ >+ "l", thishost, \ >+ "n", host_arg, \ >+ "p", portstr >+ >+/* >+ * Expands the set of percent_expand options used by the majority of keywords >+ * in the client that support percent expansion. >+ * Caller must free returned string. >+ */ >+static char * >+default_client_percent_expand(const char *str, const char *homedir, >+ const char *remhost, const char *remuser, const char *locuser) >+{ >+ return percent_expand(str, >+ /* values from statics above */ >+ DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, >+ /* values from arguments */ >+ "d", homedir, >+ "h", remhost, >+ "r", remuser, >+ "u", locuser, >+ (char *)NULL); >+} >+ > /* > * Attempt to resolve a host name / port to a set of addresses and > * optionally return any CNAMEs encountered along the way. >@@ -1324,13 +1345,8 @@ main(int ac, char **av) > if (options.remote_command != NULL) { > debug3("expanding RemoteCommand: %s", options.remote_command); > cp = options.remote_command; >- options.remote_command = percent_expand(cp, >- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, >- "d", pw->pw_dir, >- "h", host, >- "r", options.user, >- "u", pw->pw_name, >- (char *)NULL); >+ options.remote_command = default_client_percent_expand(cp, >+ pw->pw_dir, host, options.user, pw->pw_name); > debug3("expanded RemoteCommand: %s", options.remote_command); > free(cp); > if ((r = sshbuf_put(command, options.remote_command, >@@ -1341,25 +1357,15 @@ main(int ac, char **av) > if (options.control_path != NULL) { > cp = tilde_expand_filename(options.control_path, getuid()); > free(options.control_path); >- options.control_path = percent_expand(cp, >- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, >- "d", pw->pw_dir, >- "h", host, >- "r", options.user, >- "u", pw->pw_name, >- (char *)NULL); >+ options.control_path = default_client_percent_expand(cp, >+ pw->pw_dir, host, options.user, pw->pw_name); > free(cp); > } > > if (options.identity_agent != NULL) { > p = tilde_expand_filename(options.identity_agent, getuid()); >- cp = percent_expand(p, >- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, >- "d", pw->pw_dir, >- "h", host, >- "r", options.user, >- "u", pw->pw_name, >- (char *)NULL); >+ cp = default_client_percent_expand(p, >+ pw->pw_dir, host, options.user, pw->pw_name); > free(p); > free(options.identity_agent); > options.identity_agent = cp; >@@ -1368,18 +1374,59 @@ main(int ac, char **av) > if (options.forward_agent_sock_path != NULL) { > p = tilde_expand_filename(options.forward_agent_sock_path, > getuid()); >- cp = percent_expand(p, >- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, >- "d", pw->pw_dir, >- "h", host, >- "r", options.user, >- "u", pw->pw_name, >- (char *)NULL); >+ cp = default_client_percent_expand(p, >+ pw->pw_dir, host, options.user, pw->pw_name); > free(p); > free(options.forward_agent_sock_path); > options.forward_agent_sock_path = cp; > } > >+ for (i = 0; i < options.num_local_forwards; i++) { >+ if (options.local_forwards[i].listen_path != NULL) { >+ cp = options.local_forwards[i].listen_path; >+ p = options.local_forwards[i].listen_path = >+ default_client_percent_expand(cp, >+ pw->pw_dir, host, options.user, pw->pw_name); >+ if (strcmp(cp, p) != 0) >+ debug3("expanded LocalForward listen path " >+ "'%s' -> '%s'", cp, p); >+ free(cp); >+ } >+ if (options.local_forwards[i].connect_path != NULL) { >+ cp = options.local_forwards[i].connect_path; >+ p = options.local_forwards[i].connect_path = >+ default_client_percent_expand(cp, >+ pw->pw_dir, host, options.user, pw->pw_name); >+ if (strcmp(cp, p) != 0) >+ debug3("expanded LocalForward connect path " >+ "'%s' -> '%s'", cp, p); >+ free(cp); >+ } >+ } >+ >+ for (i = 0; i < options.num_remote_forwards; i++) { >+ if (options.remote_forwards[i].listen_path != NULL) { >+ cp = options.remote_forwards[i].listen_path; >+ p = options.remote_forwards[i].listen_path = >+ default_client_percent_expand(cp, >+ pw->pw_dir, host, options.user, pw->pw_name); >+ if (strcmp(cp, p) != 0) >+ debug3("expanded RemoteForward listen path " >+ "'%s' -> '%s'", cp, p); >+ free(cp); >+ } >+ if (options.remote_forwards[i].connect_path != NULL) { >+ cp = options.remote_forwards[i].connect_path; >+ p = options.remote_forwards[i].connect_path = >+ default_client_percent_expand(cp, >+ pw->pw_dir, host, options.user, pw->pw_name); >+ if (strcmp(cp, p) != 0) >+ debug3("expanded RemoteForward connect path " >+ "'%s' -> '%s'", cp, p); >+ free(cp); >+ } >+ } >+ > if (config_test) { > dump_client_config(&options, host); > exit(0); >@@ -2099,13 +2146,8 @@ load_public_identity_files(struct passwd > continue; > } > cp = tilde_expand_filename(options.identity_files[i], getuid()); >- filename = percent_expand(cp, >- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, >- "d", pw->pw_dir, >- "h", host, >- "r", options.user, >- "u", pw->pw_name, >- (char *)NULL); >+ filename = default_client_percent_expand(cp, >+ pw->pw_dir, host, options.user, pw->pw_name); > free(cp); > check_load(sshkey_load_public(filename, &public, NULL), > filename, "pubkey"); >@@ -2154,13 +2196,8 @@ load_public_identity_files(struct passwd > for (i = 0; i < options.num_certificate_files; i++) { > cp = tilde_expand_filename(options.certificate_files[i], > getuid()); >- filename = percent_expand(cp, >- DEFAULT_CLIENT_PERCENT_EXPAND_ARGS, >- "d", pw->pw_dir, >- "h", host, >- "r", options.user, >- "u", pw->pw_name, >- (char *)NULL); >+ filename = default_client_percent_expand(cp, >+ pw->pw_dir, host, options.user, pw->pw_name); > free(cp); > > check_load(sshkey_load_public(filename, &public, NULL), >Index: usr.bin/ssh/ssh_config.5 >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v >retrieving revision 1.323 >diff -u -p -r1.323 ssh_config.5 >--- usr.bin/ssh/ssh_config.5 3 Apr 2020 02:27:12 -0000 1.323 >+++ usr.bin/ssh/ssh_config.5 3 Apr 2020 04:31:19 -0000 >@@ -1126,12 +1126,15 @@ has been enabled. > .It Cm LocalForward > Specifies that a TCP port on the local machine be forwarded over > the secure channel to the specified host and port from the remote machine. >-The first argument must be >+The first argument specifies the listener and may be > .Sm off > .Oo Ar bind_address : Oc Ar port > .Sm on >-and the second argument must be >-.Ar host : Ns Ar hostport . >+or a Unix domain socket path. >+The second argument is the destination and may be >+.Ar host : Ns Ar hostport >+or a Unix domain socket path if the remote host supports it. >+.Pp > IPv6 addresses can be specified by enclosing addresses in square brackets. > Multiple forwardings may be specified, and additional forwardings can be > given on the command line. >@@ -1150,6 +1153,9 @@ indicates that the listening port be bou > empty address or > .Sq * > indicates that the port should be available from all interfaces. >+Unix domain socket paths accept the tokens described in the >+.Sx TOKENS >+section. > .It Cm LogLevel > Gives the verbosity level that is used when logging messages from > .Xr ssh 1 . >@@ -1402,12 +1408,14 @@ the secure channel. > The remote port may either be forwarded to a specified host and port > from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote > client to connect to arbitrary destinations from the local machine. >-The first argument must be >+The first argument is the listening specification and may be > .Sm off > .Oo Ar bind_address : Oc Ar port > .Sm on >+or, if the remote host supports it, a Unix domain socket path. > If forwarding to a specific destination then the second argument must be >-.Ar host : Ns Ar hostport , >+.Ar host : Ns Ar hostport >+or a Unix domain socket path, > otherwise if no destination argument is specified then the remote forwarding > will be established as a SOCKS proxy. > .Pp >@@ -1416,6 +1424,9 @@ Multiple forwardings may be specified, a > forwardings can be given on the command line. > Privileged ports can be forwarded only when > logging in as root on the remote machine. >+Unix domain socket paths accept the tokens described in the >+.Sx TOKENS >+section. > .Pp > If the > .Ar port >@@ -1846,13 +1857,15 @@ otherwise. > The local username. > .El > .Pp >-.Cm Match exec , > .Cm CertificateFile , > .Cm ControlPath , > .Cm IdentityAgent , > .Cm IdentityFile , >+.Cm LocalForward, >+.Cm Match exec , >+.Cm RemoteCommand , > and >-.Cm RemoteCommand >+.Cm RemoteForward > accept the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u. > .Pp > .Cm Hostname >Index: regress/usr.bin/ssh/percent.sh >=================================================================== >RCS file: /cvs/src/regress/usr.bin/ssh/percent.sh,v >retrieving revision 1.2 >diff -u -p -r1.2 percent.sh >--- regress/usr.bin/ssh/percent.sh 3 Apr 2020 03:14:03 -0000 1.2 >+++ regress/usr.bin/ssh/percent.sh 3 Apr 2020 04:31:19 -0000 >@@ -33,6 +33,13 @@ trial() > ${SSH} -F $OBJ/ssh_proxy_match remuser@somehost true || true > got=`cat $OBJ/actual` > ;; >+ *forward) >+ # LocalForward and RemoteForward take two args and only >+ # operate on Unix domain socket paths >+ got=`${SSH} -F $OBJ/ssh_proxy -o $opt="/$arg /$arg" -G \ >+ remuser@somehost | awk '$1=="'$opt'"{print $2" "$3}'` >+ expect="/$expect /$expect" >+ ;; > *) > got=`${SSH} -F $OBJ/ssh_proxy -o $opt="$arg" -G \ > remuser@somehost | awk '$1=="'$opt'"{print $2}'` >@@ -45,7 +52,7 @@ trial() > } > > for i in matchexec localcommand remotecommand controlpath identityagent \ >- forwardagent; do >+ forwardagent localforward remoteforward; do > if [ "$i" = "localcommand" ]; then > HASH=94237ca18fe6b187dccf57e5593c0bb0a29cc302 > REMUSER=$USER
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3014
: 3371