[PATCH RESEND 1/2] Permit %L and %l percent escapes in Include

rsbecker at nexbridge.com rsbecker at nexbridge.com
Tue Jul 2 07:47:16 AEST 2024 

On Monday, July 1, 2024 4:50 PM, Ronan Pigott wrote:
>This allows the localhost percent-style escapes in arguments to the Include
>directive. These are useful for including host-specific ssh configuration.
>---
> readconf.c | 16 +++++++++++++---
> 1 file changed, 13 insertions(+), 3 deletions(-)
>
>diff --git a/readconf.c b/readconf.c
>index 4e3791cb7cc6..6d99d2efae92 100644
>--- a/readconf.c
>+++ b/readconf.c
>@@ -1044,7 +1044,8 @@ process_config_line_depth(Options *options, struct
>passwd *pw, const char *host,
>     const char *original_host, char *line, const char *filename,
>     int linenum, int *activep, int flags, int *want_final_pass, int depth)
{
>-	char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p;
>+	char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *arg_pre,
*p;
>+	char thishost[NI_MAXHOST], shorthost[NI_MAXHOST];
> 	char **cpptr, ***cppptr, fwdarg[256];
> 	u_int i, *uintptr, max_entries = 0;
> 	int r, oactive, negated, opcode, *intptr, value, value2, cmdline =
0; @@ -
>1983,6 +1984,12 @@ parse_pubkey_algos:
> 			    "command-line option");
> 			goto out;
> 		}
>+
>+		if (gethostname(thishost, sizeof(thishost)) == -1)
>+			fatal("gethostname: %s", strerror(errno));
>+		strlcpy(shorthost, thishost, sizeof(shorthost));
>+		shorthost[strcspn(thishost, ".")] = '\0';
>+
> 		value = 0;	g> 		while ((arg = argv_next(&ac,
&av)) != NULL) {
> 			if (*arg == '\0') {
>@@ -2003,11 +2010,14 @@ parse_pubkey_algos:
> 				goto out;
> 			}
> 			if (!path_absolute(arg) && *arg != '~') {
>-				xasprintf(&arg2, "%s/%s",
>+				xasprintf(&arg_pre, "%s/%s",
> 				    (flags & SSHCONF_USERCONF) ?
> 				    "~/" _PATH_SSH_USER_DIR : SSHDIR, arg);
> 			} else
>-				arg2 = xstrdup(arg);
>+				arg_pre = xstrdup(arg);
>+			arg2 = percent_expand(arg_pre,
>+					"l", thishost, "L", shorthost, (char
*) NULL);
>+			free(arg_pre);
> 			memset(&gl, 0, sizeof(gl));
> 			r = glob(arg2, GLOB_TILDE, NULL, &gl);
> 			if (r == GLOB_NOMATCH) {
>--
>2.45.2

Would you be able to document that "thisHost" may be ambiguous, depending on
the DNS and host resolver configuration? gethostname() is not entirely
predictable if the localhost has multiple values.

More information about the openssh-unix-dev mailing list