upstream: add %j token that expands to the configured ProxyJump

hostname (or the empty string if this option is not being used). bz3610, ok
dtucker

OpenBSD-Commit-ID: ce9983f7efe6a178db90dc5c1698df025df5e339

readconf.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.382 2023/10/11 22:42:26 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.383 2023/10/12 02:18:18 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -352,7 +352,7 @@ kex_default_pk_alg(void)
 
 char *
 ssh_connection_hash(const char *thishost, const char *host, const char *portstr,
-    const char *user)
+    const char *user, const char *jumphost)
 {
 	struct ssh_digest_ctx *md;
 	u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
@@ -362,6 +362,7 @@ ssh_connection_hash(const char *thishost, const char *host, const char *portstr,
 	    ssh_digest_update(md, host, strlen(host)) < 0 ||
 	    ssh_digest_update(md, portstr, strlen(portstr)) < 0 ||
 	    ssh_digest_update(md, user, strlen(user)) < 0 ||
+	    ssh_digest_update(md, jumphost, strlen(jumphost)) < 0 ||
 	    ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0)
 		fatal_f("mux digest failed");
 	ssh_digest_free(md);
@@ -764,17 +765,19 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
 			if (r == (negate ? 1 : 0))
 				this_result = result = 0;
 		} else if (strcasecmp(attrib, "exec") == 0) {
-			char *conn_hash_hex, *keyalias;
+			char *conn_hash_hex, *keyalias, *jmphost;
 
 			if (gethostname(thishost, sizeof(thishost)) == -1)
 				fatal("gethostname: %s", strerror(errno));
+			jmphost = option_clear_or_none(options->jump_host) ?
+			    "" : options->jump_host;
 			strlcpy(shorthost, thishost, sizeof(shorthost));
 			shorthost[strcspn(thishost, ".")] = '\0';
 			snprintf(portstr, sizeof(portstr), "%d", port);
 			snprintf(uidstr, sizeof(uidstr), "%llu",
 			    (unsigned long long)pw->pw_uid);
 			conn_hash_hex = ssh_connection_hash(thishost, host,
-			    portstr, ruser);
+			    portstr, ruser, jmphost);
 			keyalias = options->host_key_alias ?
 			    options->host_key_alias : host;
 
@@ -790,6 +793,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
 			    "r", ruser,
 			    "u", pw->pw_name,
 			    "i", uidstr,
+			    "j", jmphost,
 			    (char *)NULL);
 			free(conn_hash_hex);
 			if (result != 1) {

readconf.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.153 2023/10/11 22:42:26 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.154 2023/10/12 02:18:18 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -233,7 +233,7 @@ typedef struct {
 
 const char *kex_default_pk_alg(void);
 char	*ssh_connection_hash(const char *thishost, const char *host,
-    const char *portstr, const char *user);
+    const char *portstr, const char *user, const char *jump_host);
 void     initialize_options(Options *);
 int      fill_default_options(Options *);
 void	 fill_default_options_for_canonicalization(Options *);

ssh.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.596 2023/10/11 23:23:58 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.597 2023/10/12 02:18:18 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -622,6 +622,7 @@ ssh_conn_info_free(struct ssh_conn_info *cinfo)
 	free(cinfo->remuser);
 	free(cinfo->homedir);
 	free(cinfo->locuser);
+	free(cinfo->jmphost);
 	free(cinfo);
 }
 
@@ -1389,12 +1390,14 @@ main(int ac, char **av)
 	cinfo->keyalias = xstrdup(options.host_key_alias ?
 	    options.host_key_alias : options.host_arg);
 	cinfo->conn_hash_hex = ssh_connection_hash(cinfo->thishost, host,
-	    cinfo->portstr, options.user);
+	    cinfo->portstr, options.user, options.jump_host);
 	cinfo->host_arg = xstrdup(options.host_arg);
 	cinfo->remhost = xstrdup(host);
 	cinfo->remuser = xstrdup(options.user);
 	cinfo->homedir = xstrdup(pw->pw_dir);
 	cinfo->locuser = xstrdup(pw->pw_name);
+	cinfo->jmphost = xstrdup(options.jump_host == NULL ?
+	    "" : options.jump_host);
 
 	/*
 	 * Expand tokens in arguments. NB. LocalCommand is expanded later,

ssh_config.5

@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.390 2023/10/11 22:42:26 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.391 2023/10/12 02:18:18 djm Exp $
-.Dd $Mdocdate: October 11 2023 $
+.Dd $Mdocdate: October 12 2023 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -2192,7 +2192,7 @@ which are expanded at runtime:
 A literal
 .Sq % .
 .It \&%C
-Hash of %l%h%p%r.
+Hash of %l%h%p%r%j.
 .It %d
 Local user's home directory.
 .It %f
@@ -2218,6 +2218,9 @@ when preparing the host key algorithm preference list to use for the
 destination host.
 .It %i
 The local user ID.
+.It %j
+The contents of the ProxyJump option, or the empty string if this
+option is unset.
 .It %K
 The base64 encoded host key.
 .It %k
@@ -2261,7 +2264,7 @@ The local username.
 .Cm RevokedHostKeys ,
 and
 .Cm UserKnownHostsFile
-accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u.
+accept the tokens %%, %C, %d, %h, %i, %j, %k, %L, %l, %n, %p, %r, and %u.
 .Pp
 .Cm KnownHostsCommand
 additionally accepts the tokens %f, %H, %I, %K and %t.

sshconnect.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.46 2020/12/22 00:15:23 djm Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.47 2023/10/12 02:18:18 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -42,6 +42,7 @@ struct ssh_conn_info {
 	char *remuser;
 	char *homedir;
 	char *locuser;
+	char *jmphost;
 };
 
 struct addrinfo;
@@ -61,7 +62,8 @@ struct ssh_conn_info;
 	"d", conn_info->homedir, \
 	"h", conn_info->remhost, \
 	"r", conn_info->remuser, \
-	"u", conn_info->locuser
+	"u", conn_info->locuser, \
+	"j", conn_info->jmphost
 
 int	 ssh_connect(struct ssh *, const char *, const char *,
 	    struct addrinfo *, struct sockaddr_storage *, u_short,