RE: [PATCH RESEND 1/2] Permit %L and %l percent escapes in Include

<rsbecker@xxxxxxxxxxxxx> · Mon, 1 Jul 2024 17:47:16 -0400

On Monday, July 1, 2024 4:50 PM, Ronan Pigott wrote:
>This allows the localhost percent-style escapes in arguments to the Include
>directive. These are useful for including host-specific ssh configuration.
>---
> readconf.c | 16 +++++++++++++---
> 1 file changed, 13 insertions(+), 3 deletions(-)
>
>diff --git a/readconf.c b/readconf.c
>index 4e3791cb7cc6..6d99d2efae92 100644
>--- a/readconf.c
>+++ b/readconf.c
>@@ -1044,7 +1044,8 @@ process_config_line_depth(Options *options, struct
>passwd *pw, const char *host,
>     const char *original_host, char *line, const char *filename,
>     int linenum, int *activep, int flags, int *want_final_pass, int depth)
{
>-	char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *p;
>+	char *str, **charptr, *endofnumber, *keyword, *arg, *arg2, *arg_pre,
*p;
>+	char thishost[NI_MAXHOST], shorthost[NI_MAXHOST];
> 	char **cpptr, ***cppptr, fwdarg[256];
> 	u_int i, *uintptr, max_entries = 0;
> 	int r, oactive, negated, opcode, *intptr, value, value2, cmdline =
0; @@ -
>1983,6 +1984,12 @@ parse_pubkey_algos:
> 			    "command-line option");
> 			goto out;
> 		}
>+
>+		if (gethostname(thishost, sizeof(thishost)) == -1)
>+			fatal("gethostname: %s", strerror(errno));
>+		strlcpy(shorthost, thishost, sizeof(shorthost));
>+		shorthost[strcspn(thishost, ".")] = '\0';
>+
> 		value = 0;	g> 		while ((arg = argv_next(&ac,
&av)) != NULL) {
> 			if (*arg == '\0') {
>@@ -2003,11 +2010,14 @@ parse_pubkey_algos:
> 				goto out;
> 			}
> 			if (!path_absolute(arg) && *arg != '~') {
>-				xasprintf(&arg2, "%s/%s",
>+				xasprintf(&arg_pre, "%s/%s",
> 				    (flags & SSHCONF_USERCONF) ?
> 				    "~/" _PATH_SSH_USER_DIR : SSHDIR, arg);
> 			} else
>-				arg2 = xstrdup(arg);
>+				arg_pre = xstrdup(arg);
>+			arg2 = percent_expand(arg_pre,
>+					"l", thishost, "L", shorthost, (char
*) NULL);
>+			free(arg_pre);
> 			memset(&gl, 0, sizeof(gl));
> 			r = glob(arg2, GLOB_TILDE, NULL, &gl);
> 			if (r == GLOB_NOMATCH) {
>--
>2.45.2

Would you be able to document that "thisHost" may be ambiguous, depending on
the DNS and host resolver configuration? gethostname() is not entirely
predictable if the localhost has multiple values.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev