diff --git a/auth.c b/auth.c index 0b7a335fc..573cd03b0 100644 --- a/auth.c +++ b/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.128 2018/05/25 07:11:01 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.129 2018/06/01 03:33:53 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -422,11 +422,13 @@ auth_root_allowed(struct ssh *ssh, const char *method) char * expand_authorized_keys(const char *filename, struct passwd *pw) { - char *file, ret[PATH_MAX]; + char *file, uidstr[32], ret[PATH_MAX]; int i; + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)pw->pw_uid); file = percent_expand(filename, "h", pw->pw_dir, - "u", pw->pw_name, (char *)NULL); + "u", pw->pw_name, "U", uidstr, (char *)NULL); /* * Ensure that filename starts anchored. If not, be backward diff --git a/auth2-pubkey.c b/auth2-pubkey.c index 8024b1d6a..5603f5ef3 100644 --- a/auth2-pubkey.c +++ b/auth2-pubkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.77 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.78 2018/06/01 03:33:53 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -387,7 +387,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, pid_t pid; char *tmp, *username = NULL, *command = NULL, **av = NULL; char *ca_fp = NULL, *key_fp = NULL, *catext = NULL, *keytext = NULL; - char serial_s[16]; + char serial_s[16], uidstr[32]; void (*osigchld)(int); if (authoptsp != NULL) @@ -447,8 +447,11 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw, } snprintf(serial_s, sizeof(serial_s), "%llu", (unsigned long long)cert->serial); + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)user_pw->pw_uid); for (i = 1; i < ac; i++) { tmp = percent_expand(av[i], + "U", uidstr, "u", user_pw->pw_name, "h", user_pw->pw_dir, "t", sshkey_ssh_name(key), @@ -852,7 +855,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, int i, uid_swapped = 0, ac = 0; pid_t pid; char *username = NULL, *key_fp = NULL, *keytext = NULL; - char *tmp, *command = NULL, **av = NULL; + char uidstr[32], *tmp, *command = NULL, **av = NULL; void (*osigchld)(int); if (authoptsp != NULL) @@ -902,8 +905,11 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw, command); goto out; } + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)user_pw->pw_uid); for (i = 1; i < ac; i++) { tmp = percent_expand(av[i], + "U", uidstr, "u", user_pw->pw_name, "h", user_pw->pw_dir, "t", sshkey_ssh_name(key), diff --git a/readconf.c b/readconf.c index 7b7a0d7e0..9c4a234b5 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.287 2018/05/22 00:13:26 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.288 2018/06/01 03:33:53 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -551,6 +551,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, const char *ruser; int r, port, this_result, result = 1, attributes = 0, negate; char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV]; + char uidstr[32]; /* * Configuration is likely to be incomplete at this point so we @@ -631,6 +632,8 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, strlcpy(shorthost, thishost, sizeof(shorthost)); shorthost[strcspn(thishost, ".")] = '\0'; snprintf(portstr, sizeof(portstr), "%d", port); + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)pw->pw_uid); cmd = percent_expand(arg, "L", shorthost, @@ -641,6 +644,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, "p", portstr, "r", ruser, "u", pw->pw_name, + "i", uidstr, (char *)NULL); if (result != 1) { /* skip execution if prior predicate failed */ diff --git a/session.c b/session.c index 58826db16..5ceebff51 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.294 2018/03/03 03:15:51 djm Exp $ */ +/* $OpenBSD: session.c,v 1.295 2018/06/01 03:33:53 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1324,7 +1324,7 @@ safely_chroot(const char *path, uid_t uid) void do_setusercontext(struct passwd *pw) { - char *chroot_path, *tmp; + char uidstr[32], *chroot_path, *tmp; platform_setusercontext(pw); @@ -1356,8 +1356,10 @@ do_setusercontext(struct passwd *pw) strcasecmp(options.chroot_directory, "none") != 0) { tmp = tilde_expand_filename(options.chroot_directory, pw->pw_uid); + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)pw->pw_uid); chroot_path = percent_expand(tmp, "h", pw->pw_dir, - "u", pw->pw_name, (char *)NULL); + "u", pw->pw_name, "U", uidstr, (char *)NULL); safely_chroot(chroot_path, pw->pw_uid); free(tmp); free(chroot_path); diff --git a/sftp-server.c b/sftp-server.c index df0fb5068..ab1b063f2 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp-server.c,v 1.111 2017/04/04 00:24:56 djm Exp $ */ +/* $OpenBSD: sftp-server.c,v 1.112 2018/06/01 03:33:53 djm Exp $ */ /* * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. * @@ -1503,7 +1503,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0; ssize_t len, olen, set_size; SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; - char *cp, *homedir = NULL, buf[4*4096]; + char *cp, *homedir = NULL, uidstr[32], buf[4*4096]; long mask; extern char *optarg; @@ -1554,8 +1554,10 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) break; case 'd': cp = tilde_expand_filename(optarg, user_pw->pw_uid); + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)pw->pw_uid); homedir = percent_expand(cp, "d", user_pw->pw_dir, - "u", user_pw->pw_name, (char *)NULL); + "u", user_pw->pw_name, "U", uidstr, (char *)NULL); free(cp); break; case 'p': diff --git a/ssh.c b/ssh.c index 40e63c325..d25960bce 100644 --- a/ssh.c +++ b/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.478 2018/06/01 03:11:49 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.479 2018/06/01 03:33:53 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1278,7 +1278,8 @@ main(int ac, char **av) strlcpy(shorthost, thishost, sizeof(shorthost)); shorthost[strcspn(thishost, ".")] = '\0'; snprintf(portstr, sizeof(portstr), "%d", options.port); - snprintf(uidstr, sizeof(uidstr), "%d", pw->pw_uid); + snprintf(uidstr, sizeof(uidstr), "%llu", + (unsigned long long)pw->pw_uid); if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || ssh_digest_update(md, thishost, strlen(thishost)) < 0 || @@ -1303,6 +1304,7 @@ main(int ac, char **av) "L", shorthost, "d", pw->pw_dir, "h", host, + "i", uidstr, "l", thishost, "n", host_arg, "p", portstr, @@ -1323,6 +1325,7 @@ main(int ac, char **av) "C", conn_hash_hex, "L", shorthost, "h", host, + "i", uidstr, "l", thishost, "n", host_arg, "p", portstr, @@ -1501,9 +1504,14 @@ main(int ac, char **av) } else { p = tilde_expand_filename(options.identity_agent, original_real_uid); - cp = percent_expand(p, "d", pw->pw_dir, - "u", pw->pw_name, "l", thishost, "h", host, - "r", options.user, (char *)NULL); + cp = percent_expand(p, + "d", pw->pw_dir, + "h", host, + "i", uidstr, + "l", thishost, + "r", options.user, + "u", pw->pw_name, + (char *)NULL); setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1); free(cp); free(p); @@ -1908,6 +1916,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw) "L", shorthost, "d", pw->pw_dir, "h", host, + "i", uidstr, "l", thishost, "n", host_arg, "p", portstr, @@ -2106,9 +2115,14 @@ load_public_identity_files(struct passwd *pw) for (i = 0; i < options.num_certificate_files; i++) { cp = tilde_expand_filename(options.certificate_files[i], original_real_uid); - filename = percent_expand(cp, "d", pw->pw_dir, - "u", pw->pw_name, "l", thishost, "h", host, - "r", options.user, (char *)NULL); + filename = percent_expand(cp, + "d", pw->pw_dir, + "h", host, + "i", host, + "l", thishost, + "r", options.user, + "u", pw->pw_name, + (char *)NULL); free(cp); public = key_load_public(filename, NULL); diff --git a/ssh_config.5 b/ssh_config.5 index bcd18a872..94c12bdda 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.273 2018/04/10 00:10:49 djm Exp $ -.Dd $Mdocdate: April 10 2018 $ +.\" $OpenBSD: ssh_config.5,v 1.274 2018/06/01 03:33:53 djm Exp $ +.Dd $Mdocdate: June 1 2018 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1743,10 +1743,10 @@ The local username. .El .Pp .Cm Match exec -accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u. +accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u. .Pp .Cm CertificateFile -accepts the tokens %%, %d, %h, %l, %r, and %u. +accepts the tokens %%, %d, %h, %i %l, %r, and %u. .Pp .Cm ControlPath accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u. @@ -1757,16 +1757,16 @@ accepts the tokens %% and %h. .Cm IdentityAgent and .Cm IdentityFile -accept the tokens %%, %d, %h, %l, %r, and %u. +accept the tokens %%, %d, %h, %i %l, %r, and %u. .Pp .Cm LocalCommand -accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, %T, and %u. +accepts the tokens %%, %C, %d, %h, %i %l, %n, %p, %r, %T, and %u. .Pp .Cm ProxyCommand accepts the tokens %%, %h, %p, and %r. .Pp .Cm RemoteCommand -accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u. +accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u. .Sh FILES .Bl -tag -width Ds .It Pa ~/.ssh/config diff --git a/sshd_config.5 b/sshd_config.5 index 95dbc1d12..1d6e0d1e4 100644 --- a/sshd_config.5 +++ b/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.266 2018/05/15 05:40:11 jmc Exp $ -.Dd $Mdocdate: May 15 2018 $ +.\" $OpenBSD: sshd_config.5,v 1.267 2018/06/01 03:33:53 djm Exp $ +.Dd $Mdocdate: June 1 2018 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1689,24 +1689,26 @@ The serial number of the certificate. The type of the CA key. .It %t The key or certificate type. +.It %U +The numeric user-id id of the target user. .It %u The username. .El .Pp .Cm AuthorizedKeysCommand -accepts the tokens %%, %f, %h, %k, %t, and %u. +accepts the tokens %%, %f, %h, %k, %t, %U and %u. .Pp .Cm AuthorizedKeysFile -accepts the tokens %%, %h, and %u. +accepts the tokens %%, %h, %U and %u. .Pp .Cm AuthorizedPrincipalsCommand -accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, and %u. +accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, %U and %u. .Pp .Cm AuthorizedPrincipalsFile -accepts the tokens %%, %h, and %u. +accepts the tokens %%, %h, and %U %u. .Pp .Cm ChrootDirectory -accepts the tokens %%, %h, and %u. +accepts the tokens %%, %h, and %U %u. .Pp .Cm RoutingDomain accepts the token %D.