[openssh-commits] [openssh] 01/06: upstream: Add %-token and environment variable expansion to SetEnv.

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Mar 3 18:18:02 AEDT 2025 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch master
in repository openssh.

commit b49875428cda9c16c5bd52552100da2b419cda5f
Author: dtucker at openbsd.org <dtucker at openbsd.org>
AuthorDate: Mon Mar 3 06:53:09 2025 +0000

    upstream: Add %-token and environment variable expansion to SetEnv.
    
    feedback deraadt@ jmc@, nits and ok djm@
    
    OpenBSD-Commit-ID: 2f6e5070481cb73e6f35fd1c6608c1eeff88a5c1
---
 ssh.c        | 24 +++++++++++++++++++++++-
 ssh_config.5 | 15 ++++++++++++---
 2 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/ssh.c b/ssh.c
index 71eb897f..6d3d111a 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.608 2025/03/02 11:03:13 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.609 2025/03/03 06:53:09 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -1563,6 +1563,28 @@ main(int ac, char **av)
 		options.user_hostfiles[j] = p;
 	}
 
+	for (j = 0; j < options.num_setenv; j++) {
+		char *name = options.setenv[j], *value;
+
+		if (name == NULL)
+			continue;
+		/* Expand only the value portion, not the variable name. */
+		if ((value = strchr(name, '=')) == NULL) {
+			/* shouldn't happen; vars are checked in readconf.c */
+			fatal("Invalid config SetEnv: %s", name);
+		}
+		*value++ = '\0';
+		cp = default_client_percent_dollar_expand(value, cinfo);
+		xasprintf(&p, "%s=%s", name, cp);
+		if (strcmp(value, p) != 0) {
+			debug3("expanded SetEnv '%s' '%s' -> '%s'",
+			    name, value, cp);
+		}
+		free(options.setenv[j]);
+		free(cp);
+		options.setenv[j] = p;
+	}
+
 	for (i = 0; i < options.num_local_forwards; i++) {
 		if (options.local_forwards[i].listen_path != NULL) {
 			cp = options.local_forwards[i].listen_path;
diff --git a/ssh_config.5 b/ssh_config.5
index 1c49ec7b..894d7383 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.412 2025/03/01 06:11:26 dtucker Exp $
-.Dd $Mdocdate: March 1 2025 $
+.\" $OpenBSD: ssh_config.5,v 1.413 2025/03/03 06:53:09 dtucker Exp $
+.Dd $Mdocdate: March 3 2025 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1943,12 +1943,21 @@ option) or
 (shell or command execution).
 .It Cm SetEnv
 Directly specify one or more environment variables and their contents to
-be sent to the server.
+be sent to the server in the form
+.Dq NAME=VALUE .
 Similarly to
 .Cm SendEnv ,
 with the exception of the
 .Ev TERM
 variable, the server must be prepared to accept the environment variable.
+.Pp
+The
+.Dq VALUE
+may use the tokens described in the
+.Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
+section.
 .It Cm StdinNull
 Redirects stdin from
 .Pa /dev/null

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list