4 files changed, 57 insertions, 53 deletions

diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 82638a5b6d0..3ad1cd9123b 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.545 2020/12/20 23:38:00 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.546 2020/12/20 23:40:19 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -211,15 +211,6 @@ tilde_expand_paths(char **paths, u_int num_paths)
 	}
 }
 
-#define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS \
-    "C", cinfo->conn_hash_hex, \
-    "L", cinfo->shorthost, \
-    "i", cinfo->uidstr, \
-    "k", cinfo->keyalias, \
-    "l", cinfo->thishost, \
-    "n", cinfo->host_arg, \
-    "p", cinfo->portstr
-
 /*
  * Expands the set of percent_expand options used by the majority of keywords
  * in the client that support percent expansion.
@@ -230,13 +221,7 @@ default_client_percent_expand(const char *str,
     const struct ssh_conn_info *cinfo)
 {
 	return percent_expand(str,
-	    /* values from statics above */
-	    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
-	    /* values from arguments */
-	    "d", cinfo->homedir,
-	    "h", cinfo->remhost,
-	    "r", cinfo->remuser,
-	    "u", cinfo->locuser,
+	    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo),
 	    (char *)NULL);
 }
 
@@ -252,13 +237,7 @@ default_client_percent_dollar_expand(const char *str,
 	char *ret;
 
 	ret = percent_dollar_expand(str,
-	    /* values from statics above */
-	    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
-	    /* values from arguments */
-	    "d", cinfo->homedir,
-	    "h", cinfo->remhost,
-	    "r", cinfo->remuser,
-	    "u", cinfo->locuser,
+	    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo),
 	    (char *)NULL);
 	if (ret == NULL)
 		fatal("invalid environment variable expansion");
@@ -1649,7 +1628,7 @@ main(int ac, char **av)
 
 	/* Log into the remote system.  Never returns if the login fails. */
 	ssh_login(ssh, &sensitive_data, host, (struct sockaddr *)&hostaddr,
-	    options.port, pw, timeout_ms);
+	    options.port, pw, timeout_ms, cinfo);
 
 	if (ssh_packet_connection_is_on_socket(ssh)) {
 		verbose("Authenticated to %s ([%s]:%d).", host,
@@ -2067,11 +2046,7 @@ ssh_session2(struct ssh *ssh, const struct ssh_conn_info *cinfo)
 		debug3("expanding LocalCommand: %s", options.local_command);
 		cp = options.local_command;
 		options.local_command = percent_expand(cp,
-		    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS,
-		    "d", cinfo->homedir,
-		    "h", cinfo->remhost,
-		    "r", cinfo->remuser,
-		    "u", cinfo->locuser,
+		    DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(cinfo),
 		    "T", tun_fwd_ifname == NULL ? "NONE" : tun_fwd_ifname,
 		    (char *)NULL);
 		debug3("expanded LocalCommand: %s", options.local_command);
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index 424f148d619..934fff2c5a9 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.347 2020/12/20 23:38:00 djm Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.348 2020/12/20 23:40:19 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -835,8 +835,9 @@ other_hostkeys_message(const char *host, const char *ip,
 #define RDONLY	1
 #define ROQUIET	2
 static int
-check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
-    struct sshkey *host_key, int readonly,
+check_host_key(char *hostname, const struct ssh_conn_info *cinfo,
+    struct sockaddr *hostaddr, u_short port,
+    struct sshkey *host_key, int readonly, int clobber_port,
     char **user_hostfiles, u_int num_user_hostfiles,
     char **system_hostfiles, u_int num_system_hostfiles)
 {
@@ -874,7 +875,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 	 * Prepare the hostname and address strings used for hostkey lookup.
 	 * In some cases, these will have a port number appended.
 	 */
-	get_hostfile_hostname_ipaddr(hostname, hostaddr, port, &host, &ip);
+	get_hostfile_hostname_ipaddr(hostname, hostaddr,
+	    clobber_port ? 0 : port, &host, &ip);
 
 	/*
 	 * Turn off check_host_ip if the connection is to localhost, via proxy
@@ -983,10 +985,11 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
 		break;
 	case HOST_NEW:
 		if (options.host_key_alias == NULL && port != 0 &&
-		    port != SSH_DEFAULT_PORT) {
+		    port != SSH_DEFAULT_PORT && !clobber_port) {
 			debug("checking without port identifier");
-			if (check_host_key(hostname, hostaddr, 0, host_key,
-			    ROQUIET, user_hostfiles, num_user_hostfiles,
+			if (check_host_key(hostname, cinfo, hostaddr, 0,
+			    host_key, ROQUIET, 1,
+			    user_hostfiles, num_user_hostfiles,
 			    system_hostfiles, num_system_hostfiles) == 0) {
 				debug("found matching key w/out port");
 				break;
@@ -1300,7 +1303,8 @@ fail:
 
 /* returns 0 if key verifies or -1 if key does NOT verify */
 int
-verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
+verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key,
+    const struct ssh_conn_info *cinfo)
 {
 	u_int i;
 	int r = -1, flags = 0;
@@ -1394,8 +1398,8 @@ verify_host_key(char *host, struct sockaddr *hostaddr, struct sshkey *host_key)
 			}
 		}
 	}
-	r = check_host_key(host, hostaddr, options.port, host_key, RDRW,
-	    options.user_hostfiles, options.num_user_hostfiles,
+	r = check_host_key(host, cinfo, hostaddr, options.port, host_key,
+	    RDRW, 0, options.user_hostfiles, options.num_user_hostfiles,
 	    options.system_hostfiles, options.num_system_hostfiles);
 
 out:
@@ -1419,7 +1423,8 @@ out:
  */
 void
 ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
-    struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms)
+    struct sockaddr *hostaddr, u_short port, struct passwd *pw, int timeout_ms,
+    const struct ssh_conn_info *cinfo)
 {
 	char *host;
 	char *server_user, *local_user;
@@ -1442,7 +1447,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost,
 	/* key exchange */
 	/* authenticate user */
 	debug("Authenticating to %s:%d as '%s'", host, port, server_user);
-	ssh_kex2(ssh, host, hostaddr, port);
+	ssh_kex2(ssh, host, hostaddr, port, cinfo);
 	ssh_userauth2(ssh, local_user, server_user, host, sensitive);
 	free(local_user);
 	free(host);
diff --git a/usr.bin/ssh/sshconnect.h b/usr.bin/ssh/sshconnect.h
index 556b2537c75..161056b4d9e 100644
--- a/usr.bin/ssh/sshconnect.h
+++ b/usr.bin/ssh/sshconnect.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.44 2020/12/17 23:26:11 djm Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.45 2020/12/20 23:40:19 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -46,6 +46,22 @@ struct ssh_conn_info {
 
 struct addrinfo;
 struct ssh;
+struct hostkeys;
+struct ssh_conn_info;
+
+/* default argument for client percent expansions */
+#define DEFAULT_CLIENT_PERCENT_EXPAND_ARGS(conn_info) \
+	"C", conn_info->conn_hash_hex, \
+	"L", conn_info->shorthost, \
+	"i", conn_info->uidstr, \
+	"k", conn_info->keyalias, \
+	"l", conn_info->thishost, \
+	"n", conn_info->host_arg, \
+	"p", conn_info->portstr, \
+	"d", conn_info->homedir, \
+	"h", conn_info->remhost, \
+	"r", conn_info->remuser, \
+	"u", conn_info->locuser
 
 int	 ssh_connect(struct ssh *, const char *, const char *,
 	    struct addrinfo *, struct sockaddr_storage *, u_short,
@@ -53,14 +69,17 @@ int	 ssh_connect(struct ssh *, const char *, const char *,
 void	 ssh_kill_proxy_command(void);
 
 void	 ssh_login(struct ssh *, Sensitive *, const char *,
-    struct sockaddr *, u_short, struct passwd *, int);
+    struct sockaddr *, u_short, struct passwd *, int,
+    const struct ssh_conn_info *);
 
-int	 verify_host_key(char *, struct sockaddr *, struct sshkey *);
+int	 verify_host_key(char *, struct sockaddr *, struct sshkey *,
+    const struct ssh_conn_info *);
 
 void	 get_hostfile_hostname_ipaddr(char *, struct sockaddr *, u_short,
     char **, char **);
 
-void	 ssh_kex2(struct ssh *ssh, char *, struct sockaddr *, u_short);
+void	 ssh_kex2(struct ssh *ssh, char *, struct sockaddr *, u_short,
+    const struct ssh_conn_info *);
 
 void	 ssh_userauth2(struct ssh *ssh, const char *, const char *,
     char *, Sensitive *);
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 0a3e29ee343..27adacc6d4d 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.337 2020/12/20 23:36:51 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.338 2020/12/20 23:40:19 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -87,13 +87,15 @@ extern Options options;
 u_char *session_id2 = NULL;
 u_int session_id2_len = 0;
 
-char *xxx_host;
-struct sockaddr *xxx_hostaddr;
+static char *xxx_host;
+static struct sockaddr *xxx_hostaddr;
+static const struct ssh_conn_info *xxx_conn_info;
 
 static int
 verify_host_key_callback(struct sshkey *hostkey, struct ssh *ssh)
 {
-	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey) == -1)
+	if (verify_host_key(xxx_host, xxx_hostaddr, hostkey,
+	    xxx_conn_info) == -1)
 		fatal("Host key verification failed.");
 	return 0;
 }
@@ -111,7 +113,8 @@ first_alg(const char *algs)
 }
 
 static char *
-order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
+order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port,
+    const struct ssh_conn_info *cinfo)
 {
 	char *oavail = NULL, *avail = NULL, *first = NULL, *last = NULL;
 	char *alg = NULL, *hostname = NULL, *ret = NULL, *best = NULL;
@@ -203,7 +206,8 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port)
 }
 
 void
-ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
+ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port,
+    const struct ssh_conn_info *cinfo)
 {
 	char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT };
 	char *s, *all_key;
@@ -211,6 +215,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
 
 	xxx_host = host;
 	xxx_hostaddr = hostaddr;
+	xxx_conn_info = cinfo;
 
 	/*
 	 * If the user has not specified HostkeyAlgorithms, or has only
@@ -245,7 +250,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port)
 		/* Query known_hosts and prefer algorithms that appear there */
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
 		    compat_pkalg_proposal(
-		    order_hostkeyalgs(host, hostaddr, port));
+		    order_hostkeyalgs(host, hostaddr, port, cinfo));
 	} else {
 		/* Use specified HostkeyAlgorithms exactly */
 		myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =