Ronan Pigott
2024-Jul-01 20:49 UTC
[PATCH RESEND 0/2] Permit %L and %L percent escapes in Include
Using these escapes, the include directive can be crafted to include differing, host-specific configuration. Ronan Pigott (2): Permit %L and %l percent escapes in Include Permit %L and %l percent escapes in server Include readconf.c | 16 +++++++++++++--- servconf.c | 21 ++++++++++++++++----- 2 files changed, 29 insertions(+), 8 deletions(-) base-commit: fa41f6592ff1b6ead4a652ac75af31eabb05b912 -- 2.45.2
Ronan Pigott
2024-Jul-01 20:49 UTC
[PATCH RESEND 1/2] Permit %L and %l percent escapes in Include
This allows the localhost percent-style escapes in arguments to the
Include directive. These are useful for including host-specific ssh
configuration.
---
readconf.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/readconf.c b/readconf.c
index 4e3791cb7cc6..6d99d2efae92 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1044,7 +1044,8 @@ process_config_line_depth(Options *options, struct passwd
*pw, const char *host,
const char *original_host, char *line, const char *filename,
int linenum, int *activep, int flags, int *want_final_pass, int depth)
{
- char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p;
+ char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *arg_pre, *p;
+ char thishost[NI_MAXHOST], shorthost[NI_MAXHOST];
char **cpptr, ***cppptr, fwdarg[256];
u_int i, *uintptr, max_entries = 0;
int r, oactive, negated, opcode, *intptr, value, value2, cmdline = 0;
@@ -1983,6 +1984,12 @@ parse_pubkey_algos:
"command-line option");
goto out;
}
+
+ if (gethostname(thishost, sizeof(thishost)) == -1)
+ fatal("gethostname: %s", strerror(errno));
+ strlcpy(shorthost, thishost, sizeof(shorthost));
+ shorthost[strcspn(thishost, ".")] = '\0';
+
value = 0;
while ((arg = argv_next(&ac, &av)) != NULL) {
if (*arg == '\0') {
@@ -2003,11 +2010,14 @@ parse_pubkey_algos:
goto out;
}
if (!path_absolute(arg) && *arg != '~') {
- xasprintf(&arg2, "%s/%s",
+ xasprintf(&arg_pre, "%s/%s",
(flags & SSHCONF_USERCONF) ?
"~/" _PATH_SSH_USER_DIR : SSHDIR, arg);
} else
- arg2 = xstrdup(arg);
+ arg_pre = xstrdup(arg);
+ arg2 = percent_expand(arg_pre,
+ "l", thishost, "L", shorthost, (char *) NULL);
+ free(arg_pre);
memset(&gl, 0, sizeof(gl));
r = glob(arg2, GLOB_TILDE, NULL, &gl);
if (r == GLOB_NOMATCH) {
--
2.45.2
Ronan Pigott
2024-Jul-01 20:49 UTC
[PATCH RESEND 2/2] Permit %L and %l percent escapes in server Include
This allows the localhost percent-style escapes in arguments to the
Include directive. These are useful for including host-specific sshd
configuration.
---
servconf.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/servconf.c b/servconf.c
index 5b32f0bfc8db..0bc281784b73 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1254,9 +1254,10 @@ process_server_config_line_depth(ServerOptions *options,
char *line,
struct connection_info *connectinfo, int *inc_flags, int depth,
struct include_list *includes)
{
- char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword;
- int cmdline = 0, *intptr, value, value2, n, port, oactive, r;
- int ca_only = 0, found = 0;
+ char *str, ***chararrayptr, **charptr, *arg, *arg2, *arg_pre, *p, *keyword;
+ char thishost[NI_MAXHOST], shorthost[NI_MAXHOST];
+ int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
+ int ca_only = 0;
SyslogFacility *log_facility_ptr;
LogLevel *log_level_ptr;
ServerOpCodes opcode;
@@ -2230,6 +2231,12 @@ process_server_config_line_depth(ServerOptions *options,
char *line,
fatal("Include directive not supported as a "
"command-line option");
}
+
+ if (gethostname(thishost, sizeof(thishost)) == -1)
+ fatal("gethostname: %s", strerror(errno));
+ strlcpy(shorthost, thishost, sizeof(shorthost));
+ shorthost[strcspn(thishost, ".")] = '\0';
+
value = 0;
while ((arg2 = argv_next(&ac, &av)) != NULL) {
if (*arg2 == '\0') {
@@ -2240,9 +2247,13 @@ process_server_config_line_depth(ServerOptions *options,
char *line,
value++;
found = 0;
if (*arg2 != '/' && *arg2 != '~') {
- xasprintf(&arg, "%s/%s", SSHDIR, arg2);
+ xasprintf(&arg_pre, "%s/%s", SSHDIR, arg2);
} else
- arg = xstrdup(arg2);
+ arg_pre = xstrdup(arg2);
+
+ arg = percent_expand(arg_pre,
+ "l", thishost, "L", shorthost, (char *) NULL);
+ free(arg_pre);
/*
* Don't let included files clobber the containing
--
2.45.2