diff --git a/ChangeLog b/ChangeLog index 827719c9c..792d4fd68 100644 --- a/ChangeLog +++ b/ChangeLog @@ -30,6 +30,10 @@ silencing a heap of lint warnings. also allows them to use __bounded__ checking which can't be applied to macros; requested by and feedback from deraadt@ + - djm@cvs.openbsd.org 2006/03/30 10:41:25 + [ssh.c ssh_config.5] + add percent escape chars to the IdentityFile option, bz #1159 based + on a patch by imaging AT math.ualberta.ca; feedback and ok dtucker@ 20060326 - OpenBSD CVS Sync @@ -4479,4 +4483,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4295 2006/03/31 12:13:02 djm Exp $ +$Id: ChangeLog,v 1.4296 2006/03/31 12:13:21 djm Exp $ diff --git a/ssh.c b/ssh.c index 7e0a8ba4b..5eddd41d5 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.274 2006/03/28 00:12:31 deraadt Exp $ */ +/* $OpenBSD: ssh.c,v 1.275 2006/03/30 10:41:25 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -647,15 +647,15 @@ main(int ac, char **av) options.control_path = NULL; if (options.control_path != NULL) { - char me[NI_MAXHOST]; + char thishost[NI_MAXHOST]; - if (gethostname(me, sizeof(me)) == -1) + if (gethostname(thishost, sizeof(thishost)) == -1) fatal("gethostname: %s", strerror(errno)); snprintf(buf, sizeof(buf), "%d", options.port); cp = tilde_expand_filename(options.control_path, original_real_uid); options.control_path = percent_expand(cp, "p", buf, "h", host, - "r", options.user, "l", me, (char *)NULL); + "r", options.user, "l", thishost, (char *)NULL); xfree(cp); } if (mux_command != 0 && options.control_path == NULL) @@ -1194,9 +1194,10 @@ ssh_session2(void) static void load_public_identity_files(void) { - char *filename; + char *filename, *cp, thishost[NI_MAXHOST]; int i = 0; Key *public; + struct passwd *pw; #ifdef SMARTCARD Key **keys; @@ -1220,9 +1221,18 @@ load_public_identity_files(void) xfree(keys); } #endif /* SMARTCARD */ + if ((pw = getpwuid(original_real_uid)) == NULL) + fatal("load_public_identity_files: getpwuid failed"); + if (gethostname(thishost, sizeof(thishost)) == -1) + fatal("load_public_identity_files: gethostname: %s", + strerror(errno)); for (; i < options.num_identity_files; i++) { - filename = tilde_expand_filename(options.identity_files[i], + cp = tilde_expand_filename(options.identity_files[i], original_real_uid); + filename = percent_expand(cp, "d", pw->pw_dir, + "u", pw->pw_name, "l", thishost, "h", host, + "r", options.user, (char *)NULL); + xfree(cp); public = key_load_public(filename, NULL); debug("identity file %s type %d", filename, public ? public->type : -1); diff --git a/ssh_config.5 b/ssh_config.5 index 5b02ef821..9c621336e 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.89 2006/03/14 16:32:48 markus Exp $ +.\" $OpenBSD: ssh_config.5,v 1.90 2006/03/30 10:41:25 djm Exp $ .Dd September 25, 1999 .Dt SSH_CONFIG 5 .Os @@ -548,8 +548,21 @@ and for protocol version 2. Additionally, any identities represented by the authentication agent will be used for authentication. +.Pp The file name may use the tilde -syntax to refer to a user's home directory. +syntax to refer to a user's home directory or one of the following +escape characters: +.Ql %d +(local user's home directory), +.Ql %u +(local user name), +.Ql %l +(local host name), +.Ql %h +(remote host name) or +.Ql %h +(remote user name). +.Pp It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence.