| Summary: | %u and %h not handled in IdentityFile | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | John Bowman <imaging> | ||||||||||
| Component: | ssh | Assignee: | Assigned to nobody <unassigned-bugs> | ||||||||||
| Status: | CLOSED FIXED | ||||||||||||
| Severity: | normal | CC: | djm, imaging, jprondak | ||||||||||
| Priority: | P2 | Keywords: | patch | ||||||||||
| Version: | 4.3p2 | ||||||||||||
| Hardware: | All | ||||||||||||
| OS: | Linux | ||||||||||||
| URL: | http://www.math.ualberta.ca/imaging/snfs/openssh.html | ||||||||||||
| Bug Depends on: | |||||||||||||
| Bug Blocks: | 1155 | ||||||||||||
| Attachments: |
|
||||||||||||
|
Description
John Bowman
2006-02-22 16:40:00 AEDT
Created attachment 1076 [details]
User-dependent IdentityFile
portable version
Created attachment 1077 [details]
User-dependent IdentityFile
OpenBSD version
Comment on attachment 1077 [details] User-dependent IdentityFile >diff -ru ssh/ssh-keygen.c sshJ/ssh-keygen.c >--- ssh/ssh-keygen.c 2005-11-28 19:04:55.000000000 -0700 >+++ sshJ/ssh-keygen.c 2006-02-21 15:52:36.000000000 -0700 ... >+ /* Read systemwide configuration file after user config. */ >+ (void)read_config_file(_PATH_HOST_CONFIG_FILE, hostname, &options, 0); I don't think we want the other tools to depend on ssh_config. >--- ssh/ssh.c 2005-12-19 21:41:07.000000000 -0700 >+++ sshJ/ssh.c 2006-02-21 15:52:36.000000000 -0700 ... > for (; i < options.num_identity_files; i++) { > filename = tilde_expand_filename(options.identity_files[i], > original_real_uid); >+ filename = percent_expand(filename, "h", pw->pw_dir, >+ "u", pw->pw_name, (char *)NULL); > public = key_load_public(filename, NULL); This leaks memory. Also, I think it would be better to have: %u -> user %h -> local hostname %d -> home directory I'll attach a revised patch Created attachment 1083 [details] Revised diff This diff fixes the memory leak and uses the mnemonics from Comment #3. Note that the diff doesn't touch ssh-keygen. (In reply to comment #3) > Also, I think it would be better to have: > > %u -> user > %h -> local hostname > %d -> home directory The current uses of percent_expand() are, with this proposal at the bottom: ClHost ClUser SrvHost SrvUser SrvPort Homedir authorized_keys %u %h ControlPath %l %h %r %p ProxyCommand %h %p IdentityFile %h %u %d To keep the client-side consistent, those could be: %u -> local user %l -> local hostname %d -> home directory The following might also be useful: %h -> remote host %r -> remote username Created attachment 1097 [details]
Improved diff, with dtucker's suggestions
Good points Darren, revised diff attached.
*** Bug 95 has been marked as a duplicate of this bug. *** Comment on attachment 1097 [details]
Improved diff, with dtucker's suggestions
Looks and tests fine here.
I would have used something other than "me" ("thishost"? "lhost"?) to prevent confusing it with the local user name.
Patch applied (with s/me/thishost/) and will be in 4.4. Thanks With the release of 4.4, we believe that this bug is now closed. For information about the release please see http://www.openssh.com/txt/release-4.4 . |