upstream: Allow ssh_config IdentityAgent directive to accept

environment variable names as well as explicit paths. ok dtucker@

OpenBSD-Commit-ID: 2f0996e103876c53d8c9dd51dcce9889d700767b

diff --git a/auth-options.c b/auth-options.c
index 27c0eb05e41faee0a30843f40f386ba4c0ec03e3..b05d6d6f3c8a8c26dd27e282614343f1c8a82113 100644 (file)
--- a/auth-options.c
+++ b/auth-options.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.83 2018/06/19 02:59:41 djm Exp $ */
+/* $OpenBSD: auth-options.c,v 1.84 2018/10/03 06:38:35 djm Exp $ */
 /*
  * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
  *
@@ -469,13 +469,16 @@ sshauthopt_parse(const char *opts, const char **errstrp)
                                errstr = "invalid environment string";
                                goto fail;
                        }
-                       for (cp = opt; cp < tmp; cp++) {
-                               if (!isalnum((u_char)*cp) && *cp != '_') {
-                                       free(opt);
-                                       errstr = "invalid environment string";
-                                       goto fail;
-                               }
+                       if ((cp = strdup(opt)) == NULL)
+                               goto alloc_fail;
+                       cp[tmp - opt] = '\0'; /* truncate at '=' */
+                       if (!valid_env_name(cp)) {
+                               free(cp);
+                               free(opt);
+                               errstr = "invalid environment string";
+                               goto fail;
                        }
+                       free(cp);
                        /* Append it. */
                        oarray = ret->env;
                        if ((ret->env = recallocarray(ret->env, ret->nenv,

diff --git a/misc.c b/misc.c
index ae4d29b84c2edf6596aabae155e89cd259a6fdbb..c4ca12560c153df7eabb5cd0d2e43d39825f1a9a 100644 (file)
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.131 2018/07/27 05:13:02 dtucker Exp $ */
+/* $OpenBSD: misc.c,v 1.132 2018/10/03 06:38:35 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005,2006 Damien Miller.  All rights reserved.
@@ -1948,6 +1948,25 @@ bad:
        return 0;
 }
 
+/*
+ * Verify that a environment variable name (not including initial '$') is
+ * valid; consisting of one or more alphanumeric or underscore characters only.
+ * Returns 1 on valid, 0 otherwise.
+ */
+int
+valid_env_name(const char *name)
+{
+       const char *cp;
+
+       if (name[0] == '\0')
+               return 0;
+       for (cp = name; *cp != '\0'; cp++) {
+               if (!isalnum((u_char)*cp) && *cp != '_')
+                       return 0;
+       }
+       return 1;
+}
+
 const char *
 atoi_err(const char *nptr, int *val)
 {

diff --git a/misc.h b/misc.h
index 6be289fd2755e5f6cec4ac22799cb205e8f8417f..31b207a8d9d957590269bfeb801d8921bc7c4cfa 100644 (file)
--- a/misc.h
+++ b/misc.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.h,v 1.74 2018/07/27 05:13:02 dtucker Exp $ */
+/* $OpenBSD: misc.h,v 1.75 2018/10/03 06:38:35 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -74,6 +74,7 @@ double         monotime_double(void);
 void    lowercase(char *s);
 int     unix_listener(const char *, int, int);
 int     valid_domain(char *, int, const char **);
+int     valid_env_name(const char *);
 const char *atoi_err(const char *, int *);
 int     parse_absolute_time(const char *, uint64_t *);
 void    format_absolute_time(uint64_t, char *, size_t);

diff --git a/readconf.c b/readconf.c
index 057726d0e018046b19a6e2a1ad3c9794c3e7f575..d39cfa3c5bc9bd7f3648372a5acca2ef704ea9a9 100644 (file)
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.298 2018/09/20 03:30:44 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.299 2018/10/03 06:38:35 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1700,7 +1700,18 @@ parse_keytypes:
 
        case oIdentityAgent:
                charptr = &options->identity_agent;
-               goto parse_string;
+               arg = strdelim(&s);
+               if (!arg || *arg == '\0')
+                       fatal("%.200s line %d: Missing argument.",
+                           filename, linenum);
+               /* Extra validation if the string represents an env var. */
+               if (arg[0] == '$' && !valid_env_name(arg + 1)) {
+                       fatal("%.200s line %d: Invalid environment name %s.",
+                           filename, linenum, arg);
+               }
+               if (*activep && *charptr == NULL)
+                       *charptr = xstrdup(arg);
+               break;
 
        case oDeprecated:
                debug("%s line %d: Deprecated option \"%s\"",

diff --git a/ssh.c b/ssh.c
index 849fae355fd33e8e47c248cf265ce5394eb7a177..0777c31e42b7a520bc4144a79bc4c9458c4dd700 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.493 2018/09/21 03:11:36 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.494 2018/10/03 06:38:35 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1453,9 +1453,27 @@ main(int ac, char **av)
                            "r", options.user,
                            "u", pw->pw_name,
                            (char *)NULL);
-                       setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);
-                       free(cp);
                        free(p);
+                       /*
+                        * If identity_agent represents an environment variable
+                        * then recheck that it is valid (since processing with
+                        * percent_expand() may have changed it) and substitute
+                        * its value.
+                        */
+                       if (cp[0] == '$') {
+                               if (!valid_env_name(cp + 1)) {
+                                       fatal("Invalid IdentityAgent "
+                                           "environment variable name %s", cp);
+                               }
+                               if ((p = getenv(cp + 1)) == NULL)
+                                       unsetenv(SSH_AUTHSOCKET_ENV_NAME);
+                               else
+                                       setenv(SSH_AUTHSOCKET_ENV_NAME, p, 1);
+                       } else {
+                               /* identity_agent specifies a path directly */
+                               setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);
+                       }
+                       free(cp);
                }
        }
 

diff --git a/ssh_config.5 b/ssh_config.5
index 27136dbd610cfc57fc94703ea1cdc2107d94ba62..4d5b01d3eaceea637d478cc6dfbe09f52bd162a5 100644 (file)
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.285 2018/09/21 12:46:22 djm Exp $
-.Dd $Mdocdate: September 21 2018 $
+.\" $OpenBSD: ssh_config.5,v 1.286 2018/10/03 06:38:35 djm Exp $
+.Dd $Mdocdate: October 3 2018 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -877,6 +877,10 @@ If the string
 is specified, the location of the socket will be read from the
 .Ev SSH_AUTH_SOCK
 environment variable.
+Otherwise if the specified value begins with a
+.Sq $
+character, then it will be treated as an environment variable containing
+the location of the socket.
 .Pp
 Arguments to
 .Cm IdentityAgent