Ronan Pigott
2023-Dec-20 19:24 UTC
[PATCH RESEND 0/2] Permit %L and %l percent escapes in Include
Using these escapes, the include directive can be crafted to include differing, host-specific configuration. Ronan Pigott (2): Permit %L and %l percent escapes in ssh Include Permit %L and %l percent escapes in sshd Include readconf.c | 16 +++++++++++++--- servconf.c | 17 ++++++++++++++--- 2 files changed, 27 insertions(+), 6 deletions(-) base-commit: 8241b9c0529228b4b86d88b1a6076fb9f97e4a99 -- 2.43.0
Ronan Pigott
2023-Dec-20 19:24 UTC
[PATCH RESEND 1/2] Permit %L and %l percent escapes in ssh Include
This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific ssh configuration. --- readconf.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/readconf.c b/readconf.c index a2282b562df0..ad47d0e9730a 100644 --- a/readconf.c +++ b/readconf.c @@ -1030,7 +1030,8 @@ process_config_line_depth(Options *options, struct passwd *pw, const char *host, const char *original_host, char *line, const char *filename, int linenum, int *activep, int flags, int *want_final_pass, int depth) { - char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p; + char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *arg_pre, *p; + char thishost[NI_MAXHOST], shorthost[NI_MAXHOST]; char **cpptr, ***cppptr, fwdarg[256]; u_int i, *uintptr, uvalue, max_entries = 0; int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0; @@ -1951,6 +1952,12 @@ parse_pubkey_algos: "command-line option"); goto out; } + + if (gethostname(thishost, sizeof(thishost)) == -1) + fatal("gethostname: %s", strerror(errno)); + strlcpy(shorthost, thishost, sizeof(shorthost)); + shorthost[strcspn(thishost, ".")] = '\0'; + value = 0; while ((arg = argv_next(&ac, &av)) != NULL) { if (*arg == '\0') { @@ -1971,11 +1978,14 @@ parse_pubkey_algos: goto out; } if (!path_absolute(arg) && *arg != '~') { - xasprintf(&arg2, "%s/%s", + xasprintf(&arg_pre, "%s/%s", (flags & SSHCONF_USERCONF) ? "~/" _PATH_SSH_USER_DIR : SSHDIR, arg); } else - arg2 = xstrdup(arg); + arg_pre = xstrdup(arg); + arg2 = percent_expand(arg_pre, + "l", thishost, "L", shorthost, (char *) NULL); + free(arg_pre); memset(&gl, 0, sizeof(gl)); r = glob(arg2, GLOB_TILDE, NULL, &gl); if (r == GLOB_NOMATCH) { -- 2.43.0
Ronan Pigott
2023-Dec-20 19:24 UTC
[PATCH RESEND 2/2] Permit %L and %l percent escapes in sshd Include
This allows the localhost percent-style escapes in arguments to the Include directive. These are useful for including host-specific sshd configuration. --- servconf.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/servconf.c b/servconf.c index 86c2979360c5..daf8f2df15a2 100644 --- a/servconf.c +++ b/servconf.c @@ -1297,7 +1297,8 @@ process_server_config_line_depth(ServerOptions *options, char *line, struct connection_info *connectinfo, int *inc_flags, int depth, struct include_list *includes) { - char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword; + char *str, ***chararrayptr, **charptr, *arg, *arg2, *arg_pre, *p, *keyword; + char thishost[NI_MAXHOST], shorthost[NI_MAXHOST]; int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found; int ca_only = 0; SyslogFacility *log_facility_ptr; @@ -2130,6 +2131,12 @@ process_server_config_line_depth(ServerOptions *options, char *line, fatal("Include directive not supported as a " "command-line option"); } + + if (gethostname(thishost, sizeof(thishost)) == -1) + fatal("gethostname: %s", strerror(errno)); + strlcpy(shorthost, thishost, sizeof(shorthost)); + shorthost[strcspn(thishost, ".")] = '\0'; + value = 0; while ((arg2 = argv_next(&ac, &av)) != NULL) { if (*arg2 == '\0') { @@ -2140,9 +2147,13 @@ process_server_config_line_depth(ServerOptions *options, char *line, value++; found = 0; if (*arg2 != '/' && *arg2 != '~') { - xasprintf(&arg, "%s/%s", SSHDIR, arg2); + xasprintf(&arg_pre, "%s/%s", SSHDIR, arg2); } else - arg = xstrdup(arg2); + arg_pre = xstrdup(arg2); + + arg = percent_expand(arg_pre, + "l", thishost, "L", shorthost, (char *) NULL); + free(arg_pre); /* * Don't let included files clobber the containing -- 2.43.0
Reasonably Related Threads
- [PATCH RESEND 0/2] Permit %L and %L percent escapes in Include
- [PATCH v3 1/2] Permit %L and %l percent escapes in ssh Include
- [PATCH RESEND 1/2] Permit %L and %l percent escapes in Include
- [PATCH v3 2/2] Permit %L and %l percent escapes in sshd Include
- [PATCH RESEND 2/2] Permit %L and %l percent escapes in server Include