[PATCH v3 2/2] Permit %L and %l percent escapes in sshd Include
Ronan Pigott
ronan at rjp.ie
Tue Nov 14 17:58:19 AEDT 2023
This allows the localhost percent-style escapes in arguments to the
Include directive. These are useful for including host-specific sshd
configuration.
---
servconf.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/servconf.c b/servconf.c
index 86c2979360c5..daf8f2df15a2 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1297,7 +1297,8 @@ process_server_config_line_depth(ServerOptions *options, char *line,
struct connection_info *connectinfo, int *inc_flags, int depth,
struct include_list *includes)
{
- char *str, ***chararrayptr, **charptr, *arg, *arg2, *p, *keyword;
+ char *str, ***chararrayptr, **charptr, *arg, *arg2, *arg_pre, *p, *keyword;
+ char thishost[NI_MAXHOST], shorthost[NI_MAXHOST];
int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found;
int ca_only = 0;
SyslogFacility *log_facility_ptr;
@@ -2130,6 +2131,12 @@ process_server_config_line_depth(ServerOptions *options, char *line,
fatal("Include directive not supported as a "
"command-line option");
}
+
+ if (gethostname(thishost, sizeof(thishost)) == -1)
+ fatal("gethostname: %s", strerror(errno));
+ strlcpy(shorthost, thishost, sizeof(shorthost));
+ shorthost[strcspn(thishost, ".")] = '\0';
+
value = 0;
while ((arg2 = argv_next(&ac, &av)) != NULL) {
if (*arg2 == '\0') {
@@ -2140,9 +2147,13 @@ process_server_config_line_depth(ServerOptions *options, char *line,
value++;
found = 0;
if (*arg2 != '/' && *arg2 != '~') {
- xasprintf(&arg, "%s/%s", SSHDIR, arg2);
+ xasprintf(&arg_pre, "%s/%s", SSHDIR, arg2);
} else
- arg = xstrdup(arg2);
+ arg_pre = xstrdup(arg2);
+
+ arg = percent_expand(arg_pre,
+ "l", thishost, "L", shorthost, (char *) NULL);
+ free(arg_pre);
/*
* Don't let included files clobber the containing
--
2.42.1
More information about the openssh-unix-dev
mailing list