upstream: Allow ssh_config IdentityAgent directive to accept
environment variable names as well as explicit paths. ok dtucker@ OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b
This commit is contained in:
parent
a46ac4d86b
commit
5eff5b858e
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: auth-options.c,v 1.83 2018/06/19 02:59:41 djm Exp $ */
|
/* $OpenBSD: auth-options.c,v 1.84 2018/10/03 06:38:35 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2018 Damien Miller <djm@mindrot.org>
|
* Copyright (c) 2018 Damien Miller <djm@mindrot.org>
|
||||||
*
|
*
|
||||||
|
@ -469,13 +469,16 @@ sshauthopt_parse(const char *opts, const char **errstrp)
|
||||||
errstr = "invalid environment string";
|
errstr = "invalid environment string";
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
for (cp = opt; cp < tmp; cp++) {
|
if ((cp = strdup(opt)) == NULL)
|
||||||
if (!isalnum((u_char)*cp) && *cp != '_') {
|
goto alloc_fail;
|
||||||
free(opt);
|
cp[tmp - opt] = '\0'; /* truncate at '=' */
|
||||||
errstr = "invalid environment string";
|
if (!valid_env_name(cp)) {
|
||||||
goto fail;
|
free(cp);
|
||||||
}
|
free(opt);
|
||||||
|
errstr = "invalid environment string";
|
||||||
|
goto fail;
|
||||||
}
|
}
|
||||||
|
free(cp);
|
||||||
/* Append it. */
|
/* Append it. */
|
||||||
oarray = ret->env;
|
oarray = ret->env;
|
||||||
if ((ret->env = recallocarray(ret->env, ret->nenv,
|
if ((ret->env = recallocarray(ret->env, ret->nenv,
|
||||||
|
|
21
misc.c
21
misc.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: misc.c,v 1.131 2018/07/27 05:13:02 dtucker Exp $ */
|
/* $OpenBSD: misc.c,v 1.132 2018/10/03 06:38:35 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
* Copyright (c) 2000 Markus Friedl. All rights reserved.
|
||||||
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
|
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
|
||||||
|
@ -1948,6 +1948,25 @@ bad:
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Verify that a environment variable name (not including initial '$') is
|
||||||
|
* valid; consisting of one or more alphanumeric or underscore characters only.
|
||||||
|
* Returns 1 on valid, 0 otherwise.
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
valid_env_name(const char *name)
|
||||||
|
{
|
||||||
|
const char *cp;
|
||||||
|
|
||||||
|
if (name[0] == '\0')
|
||||||
|
return 0;
|
||||||
|
for (cp = name; *cp != '\0'; cp++) {
|
||||||
|
if (!isalnum((u_char)*cp) && *cp != '_')
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
const char *
|
const char *
|
||||||
atoi_err(const char *nptr, int *val)
|
atoi_err(const char *nptr, int *val)
|
||||||
{
|
{
|
||||||
|
|
3
misc.h
3
misc.h
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: misc.h,v 1.74 2018/07/27 05:13:02 dtucker Exp $ */
|
/* $OpenBSD: misc.h,v 1.75 2018/10/03 06:38:35 djm Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
|
@ -74,6 +74,7 @@ double monotime_double(void);
|
||||||
void lowercase(char *s);
|
void lowercase(char *s);
|
||||||
int unix_listener(const char *, int, int);
|
int unix_listener(const char *, int, int);
|
||||||
int valid_domain(char *, int, const char **);
|
int valid_domain(char *, int, const char **);
|
||||||
|
int valid_env_name(const char *);
|
||||||
const char *atoi_err(const char *, int *);
|
const char *atoi_err(const char *, int *);
|
||||||
int parse_absolute_time(const char *, uint64_t *);
|
int parse_absolute_time(const char *, uint64_t *);
|
||||||
void format_absolute_time(uint64_t, char *, size_t);
|
void format_absolute_time(uint64_t, char *, size_t);
|
||||||
|
|
15
readconf.c
15
readconf.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: readconf.c,v 1.298 2018/09/20 03:30:44 djm Exp $ */
|
/* $OpenBSD: readconf.c,v 1.299 2018/10/03 06:38:35 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -1700,7 +1700,18 @@ parse_keytypes:
|
||||||
|
|
||||||
case oIdentityAgent:
|
case oIdentityAgent:
|
||||||
charptr = &options->identity_agent;
|
charptr = &options->identity_agent;
|
||||||
goto parse_string;
|
arg = strdelim(&s);
|
||||||
|
if (!arg || *arg == '\0')
|
||||||
|
fatal("%.200s line %d: Missing argument.",
|
||||||
|
filename, linenum);
|
||||||
|
/* Extra validation if the string represents an env var. */
|
||||||
|
if (arg[0] == '$' && !valid_env_name(arg + 1)) {
|
||||||
|
fatal("%.200s line %d: Invalid environment name %s.",
|
||||||
|
filename, linenum, arg);
|
||||||
|
}
|
||||||
|
if (*activep && *charptr == NULL)
|
||||||
|
*charptr = xstrdup(arg);
|
||||||
|
break;
|
||||||
|
|
||||||
case oDeprecated:
|
case oDeprecated:
|
||||||
debug("%s line %d: Deprecated option \"%s\"",
|
debug("%s line %d: Deprecated option \"%s\"",
|
||||||
|
|
24
ssh.c
24
ssh.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh.c,v 1.493 2018/09/21 03:11:36 djm Exp $ */
|
/* $OpenBSD: ssh.c,v 1.494 2018/10/03 06:38:35 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -1453,9 +1453,27 @@ main(int ac, char **av)
|
||||||
"r", options.user,
|
"r", options.user,
|
||||||
"u", pw->pw_name,
|
"u", pw->pw_name,
|
||||||
(char *)NULL);
|
(char *)NULL);
|
||||||
setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);
|
|
||||||
free(cp);
|
|
||||||
free(p);
|
free(p);
|
||||||
|
/*
|
||||||
|
* If identity_agent represents an environment variable
|
||||||
|
* then recheck that it is valid (since processing with
|
||||||
|
* percent_expand() may have changed it) and substitute
|
||||||
|
* its value.
|
||||||
|
*/
|
||||||
|
if (cp[0] == '$') {
|
||||||
|
if (!valid_env_name(cp + 1)) {
|
||||||
|
fatal("Invalid IdentityAgent "
|
||||||
|
"environment variable name %s", cp);
|
||||||
|
}
|
||||||
|
if ((p = getenv(cp + 1)) == NULL)
|
||||||
|
unsetenv(SSH_AUTHSOCKET_ENV_NAME);
|
||||||
|
else
|
||||||
|
setenv(SSH_AUTHSOCKET_ENV_NAME, p, 1);
|
||||||
|
} else {
|
||||||
|
/* identity_agent specifies a path directly */
|
||||||
|
setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);
|
||||||
|
}
|
||||||
|
free(cp);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -33,8 +33,8 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: ssh_config.5,v 1.285 2018/09/21 12:46:22 djm Exp $
|
.\" $OpenBSD: ssh_config.5,v 1.286 2018/10/03 06:38:35 djm Exp $
|
||||||
.Dd $Mdocdate: September 21 2018 $
|
.Dd $Mdocdate: October 3 2018 $
|
||||||
.Dt SSH_CONFIG 5
|
.Dt SSH_CONFIG 5
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -877,6 +877,10 @@ If the string
|
||||||
is specified, the location of the socket will be read from the
|
is specified, the location of the socket will be read from the
|
||||||
.Ev SSH_AUTH_SOCK
|
.Ev SSH_AUTH_SOCK
|
||||||
environment variable.
|
environment variable.
|
||||||
|
Otherwise if the specified value begins with a
|
||||||
|
.Sq $
|
||||||
|
character, then it will be treated as an environment variable containing
|
||||||
|
the location of the socket.
|
||||||
.Pp
|
.Pp
|
||||||
Arguments to
|
Arguments to
|
||||||
.Cm IdentityAgent
|
.Cm IdentityAgent
|
||||||
|
|
Loading…
Reference in New Issue