openssh unix dev - Nov 2023 - [PATCH v3 1/2] Permit %L and %l percent escapes in ssh Include

This allows the localhost percent-style escapes in arguments to the
Include directive. These are useful for including host-specific ssh
configuration.
---
 readconf.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/readconf.c b/readconf.c
index a2282b562df0..ad47d0e9730a 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1030,7 +1030,8 @@ process_config_line_depth(Options *options, struct passwd
*pw, const char *host,
     const char *original_host, char *line, const char *filename,
     int linenum, int *activep, int flags, int *want_final_pass, int depth)
 {
-	char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p;
+	char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *arg_pre, *p;
+	char thishost[NI_MAXHOST], shorthost[NI_MAXHOST];
 	char **cpptr, ***cppptr, fwdarg[256];
 	u_int i, *uintptr, uvalue, max_entries = 0;
 	int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0;
@@ -1951,6 +1952,12 @@ parse_pubkey_algos:
 			    "command-line option");
 			goto out;
 		}
+
+		if (gethostname(thishost, sizeof(thishost)) == -1)
+			fatal("gethostname: %s", strerror(errno));
+		strlcpy(shorthost, thishost, sizeof(shorthost));
+		shorthost[strcspn(thishost, ".")] = '\0';
+
 		value = 0;
 		while ((arg = argv_next(&ac, &av)) != NULL) {
 			if (*arg == '\0') {
@@ -1971,11 +1978,14 @@ parse_pubkey_algos:
 				goto out;
 			}
 			if (!path_absolute(arg) && *arg != '~') {
-				xasprintf(&arg2, "%s/%s",
+				xasprintf(&arg_pre, "%s/%s",
 				    (flags & SSHCONF_USERCONF) ?
 				    "~/" _PATH_SSH_USER_DIR : SSHDIR, arg);
 			} else
-				arg2 = xstrdup(arg);
+				arg_pre = xstrdup(arg);
+			arg2 = percent_expand(arg_pre,
+					"l", thishost, "L", shorthost, (char *) NULL);
+			free(arg_pre);
 			memset(&gl, 0, sizeof(gl));
 			r = glob(arg2, GLOB_TILDE, NULL, &gl);
 			if (r == GLOB_NOMATCH) {

base-commit: 64e0600f23c6dec36c3875392ac95b8a9100c2d6
-- 
2.42.1

This allows the localhost percent-style escapes in arguments to the
Include directive. These are useful for including host-specific sshd
configuration.
---
 servconf.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/servconf.c b/servconf.c
index 86c2979360c5..daf8f2df15a2 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1297,7 +1297,8 @@ process_server_config_line_depth(ServerOptions *options,
char *line,
     struct connection_info *connectinfo, int *inc_flags, int depth,
     struct include_list *includes)
 {
-	char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword;
+	char *str, ***chararrayptr, **charptr, *arg, *arg2, *arg_pre, *p, *keyword;
+	char thishost[NI_MAXHOST], shorthost[NI_MAXHOST];
 	int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
 	int ca_only = 0;
 	SyslogFacility *log_facility_ptr;
@@ -2130,6 +2131,12 @@ process_server_config_line_depth(ServerOptions *options,
char *line,
 			fatal("Include directive not supported as a "
 			    "command-line option");
 		}
+
+		if (gethostname(thishost, sizeof(thishost)) == -1)
+			fatal("gethostname: %s", strerror(errno));
+		strlcpy(shorthost, thishost, sizeof(shorthost));
+		shorthost[strcspn(thishost, ".")] = '\0';
+
 		value = 0;
 		while ((arg2 = argv_next(&ac, &av)) != NULL) {
 			if (*arg2 == '\0') {
@@ -2140,9 +2147,13 @@ process_server_config_line_depth(ServerOptions *options,
char *line,
 			value++;
 			found = 0;
 			if (*arg2 != '/' && *arg2 != '~') {
-				xasprintf(&arg, "%s/%s", SSHDIR, arg2);
+				xasprintf(&arg_pre, "%s/%s", SSHDIR, arg2);
 			} else
-				arg = xstrdup(arg2);
+				arg_pre = xstrdup(arg2);
+
+			arg = percent_expand(arg_pre,
+					"l", thishost, "L", shorthost, (char *) NULL);
+			free(arg_pre);
 
 			/*
 			 * Don't let included files clobber the containing
-- 
2.42.1