diff options
| author |   djm <djm@openbsd.org> | 2014-07-03 06:39:19 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2014-07-03 06:39:19 +0000 |
| commit | 68249229bd0c4964921913fb6e627857ed39f32f (patch) | |
| tree | a59e1c9f14f7b8542d31ababc1bb70b5ddaa5767 /usr.bin/ssh/ssh.c | |
| parent | rework some fflush text, as requested (diff) | |
| download | wireguard-openbsd-68249229bd0c4964921913fb6e627857ed39f32f.tar.xz wireguard-openbsd-68249229bd0c4964921913fb6e627857ed39f32f.zip | |
Add a %C escape sequence for LocalCommand and ControlPath that expands
to a unique identifer based on a has of the tuple of (local host,
remote user, hostname, port).
Helps avoid exceeding sockaddr_un's miserly pathname limits for mux
control paths.
bz#2220, based on patch from mancha1 AT zoho.com; ok markus@
Diffstat (limited to 'usr.bin/ssh/ssh.c')
| -rw-r--r-- | usr.bin/ssh/ssh.c | 44 |
1 files changed, 36 insertions, 8 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 17f6363a236..950d62350fd 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.404 2014/06/27 16:41:56 markus Exp $ */ +/* $OpenBSD: ssh.c,v 1.405 2014/07/03 06:39:19 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -76,6 +76,7 @@ #include "canohost.h" #include "compat.h" #include "cipher.h" +#include "digest.h" #include "packet.h" #include "buffer.h" #include "channels.h" @@ -178,7 +179,6 @@ static int remote_forward_confirms_received = 0; extern int muxserver_sock; extern u_int muxclient_command; - /* Prints a help message to the user. This function never returns. */ static void @@ -411,6 +411,9 @@ main(int ac, char **av) extern char *optarg; Forward fwd; struct addrinfo *addrs = NULL; + struct ssh_digest_ctx *md; + u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; + char *conn_hash_hex; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -970,12 +973,29 @@ main(int ac, char **av) shorthost[strcspn(thishost, ".")] = '\0'; snprintf(portstr, sizeof(portstr), "%d", options.port); + if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || + ssh_digest_update(md, thishost, strlen(thishost)) < 0 || + ssh_digest_update(md, host, strlen(host)) < 0 || + ssh_digest_update(md, portstr, strlen(portstr)) < 0 || + ssh_digest_update(md, options.user, strlen(options.user)) < 0 || + ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0) + fatal("%s: mux digest failed", __func__); + ssh_digest_free(md); + conn_hash_hex = tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); + if (options.local_command != NULL) { debug3("expanding LocalCommand: %s", options.local_command); cp = options.local_command; - options.local_command = percent_expand(cp, "d", pw->pw_dir, - "h", host, "l", thishost, "n", host_arg, "r", options.user, - "p", portstr, "u", pw->pw_name, "L", shorthost, + options.local_command = percent_expand(cp, + "C", conn_hash_hex, + "L", shorthost, + "d", pw->pw_dir, + "h", host, + "l", thishost, + "n", host_arg, + "p", portstr, + "r", options.user, + "u", pw->pw_name, (char *)NULL); debug3("expanded LocalCommand: %s", options.local_command); free(cp); @@ -985,12 +1005,20 @@ main(int ac, char **av) cp = tilde_expand_filename(options.control_path, original_real_uid); free(options.control_path); - options.control_path = percent_expand(cp, "h", host, - "l", thishost, "n", host_arg, "r", options.user, - "p", portstr, "u", pw->pw_name, "L", shorthost, + options.control_path = percent_expand(cp, + "C", conn_hash_hex, + "L", shorthost, + "h", host, + "l", thishost, + "n", host_arg, + "p", portstr, + "r", options.user, + "u", pw->pw_name, (char *)NULL); free(cp); } + free(conn_hash_hex); + if (muxclient_command != 0 && options.control_path == NULL) fatal("No ControlPath specified for \"-O\" command"); if (options.control_path != NULL) |