upstream: Allow ssh_config IdentityAgent directive to accept

environment variable names as well as explicit paths. ok dtucker@ OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b
2018-10-03 06:38:35 +00:00 · 2018-10-03 06:38:35 +00:00 · 5eff5b858e
parent a46ac4d86b
commit 5eff5b858e
6 changed files with 72 additions and 16 deletions
--- a/auth-options.c
+++ b/auth-options.c
@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.83 2018/06/19 02:59:41 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.84 2018/10/03 06:38:35 djm Exp $ */
 /*
 * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
 *
@ -469,13 +469,16 @@ sshauthopt_parse(const char *opts, const char **errstrp)
 				errstr = "invalid environment string";
 				goto fail;
 			}
-			for (cp = opt; cp < tmp; cp++) {
+			if ((cp = strdup(opt)) == NULL)
-				if (!isalnum((u_char)*cp) && *cp != '_') {
+				goto alloc_fail;
 			cp[tmp - opt] = '\0'; /* truncate at '=' */
 			if (!valid_env_name(cp)) {
 				free(cp);
 				free(opt);
 				errstr = "invalid environment string";
 				goto fail;
 			}
-			}
+			free(cp);
 			/* Append it. */
 			oarray = ret->env;
 			if ((ret->env = recallocarray(ret->env, ret->nenv,
--- a/misc.c
+++ b/misc.c
@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.131 2018/07/27 05:13:02 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.132 2018/10/03 06:38:35 djm Exp $ */
 /*
 * Copyright (c) 2000 Markus Friedl.  All rights reserved.
 * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@ -1948,6 +1948,25 @@ bad:
 	return 0;
 }
 /*
 * Verify that a environment variable name (not including initial '$') is
 * valid; consisting of one or more alphanumeric or underscore characters only.
 * Returns 1 on valid, 0 otherwise.
 */
 int
 valid_env_name(const char *name)
 {
 	const char *cp;
 	if (name[0] == '\0')
 		return 0;
 	for (cp = name; *cp != '\0'; cp++) {
 		if (!isalnum((u_char)*cp) && *cp != '_')
 			return 0;
 	}
 	return 1;
 }
 const char *
 atoi_err(const char *nptr, int *val)
 {
--- a/misc.h
+++ b/misc.h
@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.74 2018/07/27 05:13:02 dtucker Exp $ */
+/* $OpenBSD: misc.h,v 1.75 2018/10/03 06:38:35 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -74,6 +74,7 @@ double	 monotime_double(void);
 void	 lowercase(char *s);
 int	 unix_listener(const char *, int, int);
 int	 valid_domain(char *, int, const char **);
 int	 valid_env_name(const char *);
 const char *atoi_err(const char *, int *);
 int	 parse_absolute_time(const char *, uint64_t *);
 void	 format_absolute_time(uint64_t, char *, size_t);
--- a/readconf.c
+++ b/readconf.c
@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.298 2018/09/20 03:30:44 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.299 2018/10/03 06:38:35 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1700,7 +1700,18 @@ parse_keytypes:
 	case oIdentityAgent:
 		charptr = &options->identity_agent;
-		goto parse_string;
+		arg = strdelim(&s);
 		if (!arg || *arg == '\0')
 			fatal("%.200s line %d: Missing argument.",
 			    filename, linenum);
 		/* Extra validation if the string represents an env var. */
 		if (arg[0] == '$' && !valid_env_name(arg + 1)) {
 			fatal("%.200s line %d: Invalid environment name %s.",
 			    filename, linenum, arg);
 		}
 		if (*activep && *charptr == NULL)
 			*charptr = xstrdup(arg);
 		break;
 	case oDeprecated:
 		debug("%s line %d: Deprecated option \"%s\"",
--- a/ssh.c
+++ b/ssh.c
@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.493 2018/09/21 03:11:36 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.494 2018/10/03 06:38:35 djm Exp $ */
 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1453,9 +1453,27 @@ main(int ac, char **av)
 			    "r", options.user,
 			    "u", pw->pw_name,
 			    (char *)NULL);
 			setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);
 			free(cp);
 			free(p);
 			/*
 			 * If identity_agent represents an environment variable
 			 * then recheck that it is valid (since processing with
 			 * percent_expand() may have changed it) and substitute
 			 * its value.
 			 */
 			if (cp[0] == '$') {
 				if (!valid_env_name(cp + 1)) {
 					fatal("Invalid IdentityAgent "
 					    "environment variable name %s", cp);
 				}
 				if ((p = getenv(cp + 1)) == NULL)
 					unsetenv(SSH_AUTHSOCKET_ENV_NAME);
 				else
 					setenv(SSH_AUTHSOCKET_ENV_NAME, p, 1);
 			} else {
 				/* identity_agent specifies a path directly */
 				setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);
 			}
 			free(cp);
 		}
 	}
--- a/ssh_config.5
+++ b/ssh_config.5
@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.285 2018/09/21 12:46:22 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.286 2018/10/03 06:38:35 djm Exp $
-.Dd $Mdocdate: September 21 2018 $
+.Dd $Mdocdate: October 3 2018 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@ -877,6 +877,10 @@ If the string
 is specified, the location of the socket will be read from the
 .Ev SSH_AUTH_SOCK
 environment variable.
 Otherwise if the specified value begins with a
 .Sq $
 character, then it will be treated as an environment variable containing
 the location of the socket.
 .Pp
 Arguments to
 .Cm IdentityAgent