[openssh-commits] [openssh] 01/02: upstream: Add tilde and environment variable expansion to

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Mar 27 15:04:56 AEDT 2023


This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit f1a17de150f8d309d0c52f9abfaebf11c51a8537
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date:   Mon Mar 27 03:56:11 2023 +0000

    upstream: Add tilde and environment variable expansion to
    
    RevokedHostKeys. bz#3552, ok djm@
    
    OpenBSD-Commit-ID: ce5d8e0219b63cded594c17d4c2958c06918ec0d
---
 ssh.c        | 10 +++++++++-
 ssh_config.5 | 13 +++++++++++--
 2 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/ssh.c b/ssh.c
index 918389bc..edf2f119 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.585 2023/02/10 04:40:28 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.586 2023/03/27 03:56:11 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1421,6 +1421,14 @@ main(int ac, char **av)
 		options.identity_agent = cp;
 	}
 
+	if (options.revoked_host_keys != NULL) {
+		p = tilde_expand_filename(options.revoked_host_keys, getuid());
+		cp = default_client_percent_dollar_expand(p, cinfo);
+		free(p);
+		free(options.revoked_host_keys);
+		options.revoked_host_keys = cp;
+	}
+
 	if (options.forward_agent_sock_path != NULL) {
 		p = tilde_expand_filename(options.forward_agent_sock_path,
 		    getuid());
diff --git a/ssh_config.5 b/ssh_config.5
index c56b9d7b..0b7d4d19 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.379 2023/03/10 02:32:04 djm Exp $
-.Dd $Mdocdate: March 10 2023 $
+.\" $OpenBSD: ssh_config.5,v 1.380 2023/03/27 03:56:11 dtucker Exp $
+.Dd $Mdocdate: March 27 2023 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1665,6 +1665,14 @@ an OpenSSH Key Revocation List (KRL) as generated by
 .Xr ssh-keygen 1 .
 For more information on KRLs, see the KEY REVOCATION LISTS section in
 .Xr ssh-keygen 1 .
+Arguments to
+.Cm RevokedHostKeys
+may use the tilde syntax to refer to a user's home directory,
+the tokens described in the
+.Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
+section.
 .It Cm SecurityKeyProvider
 Specifies a path to a library that will be used when loading any
 FIDO authenticator-hosted keys, overriding the default of using
@@ -2135,6 +2143,7 @@ The local username.
 .Cm Match exec ,
 .Cm RemoteCommand ,
 .Cm RemoteForward ,
+.Cm RevokedHostKeys ,
 and
 .Cm UserKnownHostsFile
 accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u.

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list