Attachment 3426 Details for Bug 1654 – expand tokens and env vars in UserKnownHostsFile

[patch] expand tokens and env vars in UserKnownHostsFile

ssh-userknownhostsfile-percent.patch (text/plain), 5.24 KB, created by Darren Tucker on 2020-07-10 20:26:48 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Darren Tucker

Created: 2020-07-10 20:26:48 AEST

Size: 5.24 KB

patch

obsolete

>Index: usr.bin/ssh/ssh.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/ssh.c,v
>retrieving revision 1.531
>diff -u -p -r1.531 ssh.c
>--- usr.bin/ssh/ssh.c	5 Jul 2020 23:59:45 -0000	1.531
>+++ usr.bin/ssh/ssh.c	10 Jul 2020 07:09:32 -0000
>@@ -638,6 +638,7 @@ main(int ac, char **av)
> 	struct Forward fwd;
> 	struct addrinfo *addrs = NULL;
> 	size_t n, len;
>+	u_int j;
> 
> 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
> 	sanitise_stdfd();
>@@ -1404,6 +1405,21 @@ main(int ac, char **av)
> 		free(p);
> 		free(options.forward_agent_sock_path);
> 		options.forward_agent_sock_path = cp;
>+	}
>+
>+	for (j = 0; j < options.num_user_hostfiles; j++) {
>+		if (options.user_hostfiles[j] != NULL) {
>+			cp = tilde_expand_filename(options.user_hostfiles[j],
>+			    getuid());
>+			p = default_client_percent_dollar_expand(cp,
>+			    pw->pw_dir, host, options.user, pw->pw_name);
>+			if (strcmp(options.user_hostfiles[j], p) != 0)
>+				debug3("expanded UserKnownHostsFile '%s' -> "
>+				    "'%s'", options.user_hostfiles[j], p);
>+			free(options.user_hostfiles[j]);
>+			free(cp);
>+			options.user_hostfiles[j] = p;
>+		}
> 	}
> 
> 	for (i = 0; i < options.num_local_forwards; i++) {
>Index: usr.bin/ssh/ssh_config.5
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/ssh_config.5,v
>retrieving revision 1.328
>diff -u -p -r1.328 ssh_config.5
>--- usr.bin/ssh/ssh_config.5	29 May 2020 05:48:39 -0000	1.328
>+++ usr.bin/ssh/ssh_config.5	10 Jul 2020 07:09:32 -0000
>@@ -1739,6 +1739,12 @@ having to remember to give the user name
> .It Cm UserKnownHostsFile
> Specifies one or more files to use for the user
> host key database, separated by whitespace.
>+Each filename may use tilde notation to refer to the user's home directory,
>+the tokens described in the
>+.Sx TOKENS
>+section and environment variables as described in the
>+.Sx ENVIRONMENT VARIABLES
>+section.
> The default is
> .Pa ~/.ssh/known_hosts ,
> .Pa ~/.ssh/known_hosts2 .
>@@ -1875,8 +1881,9 @@ The local username.
> .Cm LocalForward ,
> .Cm Match exec ,
> .Cm RemoteCommand ,
>+.Cm RemoteForward ,
> and
>-.Cm RemoteForward
>+.Com UserKnownHostsFile
> accept the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u.
> .Pp
> .Cm Hostname
>@@ -1900,9 +1907,10 @@ returned and the setting for that keywor
> The keywords
> .Cm CertificateFile ,
> .Cm ControlPath ,
>-.Cm IdentityAgent
>-and
>+.Cm IdentityAgent ,
> .Cm IdentityFile
>+and
>+.Cm UserKnownHostsFile
> support environment variables.
> The keywords
> .Cm LocalForward
>Index: regress/usr.bin/ssh/percent.sh
>===================================================================
>RCS file: /cvs/src/regress/usr.bin/ssh/percent.sh,v
>retrieving revision 1.7
>diff -u -p -r1.7 percent.sh
>--- regress/usr.bin/ssh/percent.sh	29 May 2020 04:32:26 -0000	1.7
>+++ regress/usr.bin/ssh/percent.sh	10 Jul 2020 07:09:32 -0000
>@@ -20,12 +20,21 @@ trial()
> 
> 	trace "test $opt=$arg $expect"
> 	rm -f $OBJ/actual
>+	got=""
> 	case "$opt" in
> 	localcommand)
> 		${SSH} -F $OBJ/ssh_proxy -o $opt="echo '$arg' >$OBJ/actual" \
> 		    somehost true
> 		got=`cat $OBJ/actual`
> 		;;
>+	userknownhostsfile)
>+		# Move the userknownhosts file to what the expansion says,
>+		# make sure ssh works then put it back.
>+		mv "$OBJ/known_hosts" "$OBJ/$expect"
>+		${SSH} -F $OBJ/ssh_proxy -o $opt="$OBJ/$arg" somehost true && \
>+			got="$expect"
>+		mv "$OBJ/$expect" "$OBJ/known_hosts"
>+		;;
> 	matchexec)
> 		(cat $OBJ/ssh_proxy && \
> 		 echo "Match Exec \"echo '$arg' >$OBJ/actual\"") \
>@@ -50,13 +59,18 @@ trial()
> }
> 
> for i in matchexec localcommand remotecommand controlpath identityagent \
>-    forwardagent localforward remoteforward; do
>+    forwardagent localforward remoteforward userknownhostsfile; do
> 	verbose $tid $i percent
>-	if [ "$i" = "localcommand" ]; then
>-		REMUSER=$USER
>+	case "$i" in
>+	localcommand|userknownhostsfile)
>+		# Any test that's going to actually make a connection needs
>+		# to use the real username.
>+		REMUSER=$USER ;;
>+	*)
>+		REMUSER=remuser ;;
>+	esac
>+	if [ "$i" = "$localcommand" ]; then
> 		trial $i '%T' NONE
>-	else
>-		REMUSER=remuser
> 	fi
> 	# Matches implementation in readconf.c:ssh_connection_hash()
> 	HASH=`printf "${HOSTNAME}127.0.0.1${PORT}$REMUSER" |
>@@ -65,20 +79,25 @@ for i in matchexec localcommand remoteco
> 	trial $i '%C' $HASH
> 	trial $i '%i' $USERID
> 	trial $i '%h' 127.0.0.1
>-	trial $i '%d' $HOME
> 	trial $i '%L' $HOST
> 	trial $i '%l' $HOSTNAME
> 	trial $i '%n' somehost
> 	trial $i '%p' $PORT
> 	trial $i '%r' $REMUSER
> 	trial $i '%u' $USER
>-	trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \
>-	    "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER"
>+	# We can't specify a full path outside the regress dir, so skip tests
>+	# containing %d for UserKnownHostsFile
>+	if [ "$i" != "userknownhostsfile" ]; then
>+		trial $i '%d' $HOME
>+		trial $i '%%/%C/%i/%h/%d/%L/%l/%n/%p/%r/%u' \
>+		    "%/$HASH/$USERID/127.0.0.1/$HOME/$HOST/$HOSTNAME/somehost/$PORT/$REMUSER/$USER"
>+	fi
> done
> 
> # Subset of above since we don't expand shell-style variables on anything that
> # runs a command because the shell will expand those.
>-for i in controlpath identityagent forwardagent localforward remoteforward; do
>+for i in controlpath identityagent forwardagent localforward remoteforward \
>+    userknownhostsfile; do
> 	verbose $tid $i dollar
> 	FOO=bar
> 	export FOO

Actions: View | Diff

Attachments on bug 1654: 3426