This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 98fc34df837f3a3b79d2a111b96fe8a39adcab55
Author: djm@openbsd.org <djm@openbsd.org>
Date: Thu Oct 12 02:18:18 2023 +0000
upstream: add %j token that expands to the configured ProxyJump
hostname (or the empty string if this option is not being used). bz3610, ok
dtucker
OpenBSD-Commit-ID: ce9983f7efe6a178db90dc5c1698df025df5e339
---
readconf.c | 12 ++++++++----
readconf.h | 4 ++--
ssh.c | 7 +++++--
ssh_config.5 | 11 +++++++----
sshconnect.h | 6 ++++--
5 files changed, 26 insertions(+), 14 deletions(-)
diff --git a/readconf.c b/readconf.c
index 23fb604d..a2282b56 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.382 2023/10/11 22:42:26 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.383 2023/10/12 02:18:18 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -352,7 +352,7 @@ kex_default_pk_alg(void)
char *
ssh_connection_hash(const char *thishost, const char *host, const char *portstr,
- const char *user)
+ const char *user, const char *jumphost)
{
struct ssh_digest_ctx *md;
u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
@@ -362,6 +362,7 @@ ssh_connection_hash(const char *thishost, const char *host, const char *portstr,
ssh_digest_update(md, host, strlen(host)) < 0 ||
ssh_digest_update(md, portstr, strlen(portstr)) < 0 ||
ssh_digest_update(md, user, strlen(user)) < 0 ||
+ ssh_digest_update(md, jumphost, strlen(jumphost)) < 0 ||
ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0)
fatal_f("mux digest failed");
ssh_digest_free(md);
@@ -764,17 +765,19 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "exec") == 0) {
- char *conn_hash_hex, *keyalias;
+ char *conn_hash_hex, *keyalias, *jmphost;
if (gethostname(thishost, sizeof(thishost)) == -1)
fatal("gethostname: %s", strerror(errno));
+ jmphost = option_clear_or_none(options->jump_host) ?
+ "" : options->jump_host;
strlcpy(shorthost, thishost, sizeof(shorthost));
shorthost[strcspn(thishost, ".")] = '\0';
snprintf(portstr, sizeof(portstr), "%d", port);
snprintf(uidstr, sizeof(uidstr), "%llu",
(unsigned long long)pw->pw_uid);
conn_hash_hex = ssh_connection_hash(thishost, host,
- portstr, ruser);
+ portstr, ruser, jmphost);
keyalias = options->host_key_alias ?
options->host_key_alias : host;
@@ -790,6 +793,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
"r", ruser,
"u", pw->pw_name,
"i", uidstr,
+ "j", jmphost,
(char *)NULL);
free(conn_hash_hex);
if (result != 1) {
diff --git a/readconf.h b/readconf.h
index 702b027d..ff7180cd 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.153 2023/10/11 22:42:26 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.154 2023/10/12 02:18:18 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -233,7 +233,7 @@ typedef struct {
const char *kex_default_pk_alg(void);
char *ssh_connection_hash(const char *thishost, const char *host,
- const char *portstr, const char *user);
+ const char *portstr, const char *user, const char *jump_host);
void initialize_options(Options *);
int fill_default_options(Options *);
void fill_default_options_for_canonicalization(Options *);
diff --git a/ssh.c b/ssh.c
index 68eae0f7..17a26c5f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.596 2023/10/11 23:23:58 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.597 2023/10/12 02:18:18 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -622,6 +622,7 @@ ssh_conn_info_free(struct ssh_conn_info *cinfo)
free(cinfo->remuser);
free(cinfo->homedir);
free(cinfo->locuser);
+ free(cinfo->jmphost);
free(cinfo);
}
@@ -1389,12 +1390,14 @@ main(int ac, char **av)
cinfo->keyalias = xstrdup(options.host_key_alias ?
options.host_key_alias : options.host_arg);
cinfo->conn_hash_hex = ssh_connection_hash(cinfo->thishost, host,
- cinfo->portstr, options.user);
+ cinfo->portstr, options.user, options.jump_host);
cinfo->host_arg = xstrdup(options.host_arg);
cinfo->remhost = xstrdup(host);
cinfo->remuser = xstrdup(options.user);
cinfo->homedir = xstrdup(pw->pw_dir);
cinfo->locuser = xstrdup(pw->pw_name);
+ cinfo->jmphost = xstrdup(options.jump_host == NULL ?
+ "" : options.jump_host);
/*
* Expand tokens in arguments. NB. LocalCommand is expanded later,
diff --git a/ssh_config.5 b/ssh_config.5
index d1c7037d..4bbdfefd 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.390 2023/10/11 22:42:26 djm Exp $
-.Dd $Mdocdate: October 11 2023 $
+.\" $OpenBSD: ssh_config.5,v 1.391 2023/10/12 02:18:18 djm Exp $
+.Dd $Mdocdate: October 12 2023 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -2192,7 +2192,7 @@ which are expanded at runtime:
A literal
.Sq % .
.It \&%C
-Hash of %l%h%p%r.
+Hash of %l%h%p%r%j.
.It %d
Local user's home directory.
.It %f
@@ -2218,6 +2218,9 @@ when preparing the host key algorithm preference list to use for the
destination host.
.It %i
The local user ID.
+.It %j
+The contents of the ProxyJump option, or the empty string if this
+option is unset.
.It %K
The base64 encoded host key.
.It %k
@@ -2261,7 +2264,7 @@ The local username.
.Cm RevokedHostKeys ,
and
.Cm UserKnownHostsFile
-accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u.
+accept the tokens %%, %C, %d, %h, %i, %j, %k, %L, %l, %n, %p, %r, and %u.
.Pp
.Cm KnownHostsCommand
additionally accepts the tokens %f, %H, %I, %K and %t.
diff --git a/sshconnect.h b/sshconnect.h
index f518a9a1..79d35cc1 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.46 2020/12/22 00:15:23 djm Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.47 2023/10/12 02:18:18 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -42,6 +42,7 @@ struct ssh_conn_info {
char *remuser;
char *homedir;
char *locuser;
+ char *jmphost;
};
struct addrinfo;
@@ -61,7 +62,8 @@ struct ssh_conn_info;
"d", conn_info->homedir, \
"h", conn_info->remhost, \
"r", conn_info->remuser, \
- "u", conn_info->locuser
+ "u", conn_info->locuser, \
+ "j", conn_info->jmphost
int ssh_connect(struct ssh *, const char *, const char *,
struct addrinfo *, struct sockaddr_storage *, u_short,
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits
djm pushed a commit to branch master
in repository openssh.
commit 98fc34df837f3a3b79d2a111b96fe8a39adcab55
Author: djm@openbsd.org <djm@openbsd.org>
Date: Thu Oct 12 02:18:18 2023 +0000
upstream: add %j token that expands to the configured ProxyJump
hostname (or the empty string if this option is not being used). bz3610, ok
dtucker
OpenBSD-Commit-ID: ce9983f7efe6a178db90dc5c1698df025df5e339
---
readconf.c | 12 ++++++++----
readconf.h | 4 ++--
ssh.c | 7 +++++--
ssh_config.5 | 11 +++++++----
sshconnect.h | 6 ++++--
5 files changed, 26 insertions(+), 14 deletions(-)
diff --git a/readconf.c b/readconf.c
index 23fb604d..a2282b56 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.382 2023/10/11 22:42:26 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.383 2023/10/12 02:18:18 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -352,7 +352,7 @@ kex_default_pk_alg(void)
char *
ssh_connection_hash(const char *thishost, const char *host, const char *portstr,
- const char *user)
+ const char *user, const char *jumphost)
{
struct ssh_digest_ctx *md;
u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
@@ -362,6 +362,7 @@ ssh_connection_hash(const char *thishost, const char *host, const char *portstr,
ssh_digest_update(md, host, strlen(host)) < 0 ||
ssh_digest_update(md, portstr, strlen(portstr)) < 0 ||
ssh_digest_update(md, user, strlen(user)) < 0 ||
+ ssh_digest_update(md, jumphost, strlen(jumphost)) < 0 ||
ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0)
fatal_f("mux digest failed");
ssh_digest_free(md);
@@ -764,17 +765,19 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
if (r == (negate ? 1 : 0))
this_result = result = 0;
} else if (strcasecmp(attrib, "exec") == 0) {
- char *conn_hash_hex, *keyalias;
+ char *conn_hash_hex, *keyalias, *jmphost;
if (gethostname(thishost, sizeof(thishost)) == -1)
fatal("gethostname: %s", strerror(errno));
+ jmphost = option_clear_or_none(options->jump_host) ?
+ "" : options->jump_host;
strlcpy(shorthost, thishost, sizeof(shorthost));
shorthost[strcspn(thishost, ".")] = '\0';
snprintf(portstr, sizeof(portstr), "%d", port);
snprintf(uidstr, sizeof(uidstr), "%llu",
(unsigned long long)pw->pw_uid);
conn_hash_hex = ssh_connection_hash(thishost, host,
- portstr, ruser);
+ portstr, ruser, jmphost);
keyalias = options->host_key_alias ?
options->host_key_alias : host;
@@ -790,6 +793,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
"r", ruser,
"u", pw->pw_name,
"i", uidstr,
+ "j", jmphost,
(char *)NULL);
free(conn_hash_hex);
if (result != 1) {
diff --git a/readconf.h b/readconf.h
index 702b027d..ff7180cd 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.153 2023/10/11 22:42:26 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.154 2023/10/12 02:18:18 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -233,7 +233,7 @@ typedef struct {
const char *kex_default_pk_alg(void);
char *ssh_connection_hash(const char *thishost, const char *host,
- const char *portstr, const char *user);
+ const char *portstr, const char *user, const char *jump_host);
void initialize_options(Options *);
int fill_default_options(Options *);
void fill_default_options_for_canonicalization(Options *);
diff --git a/ssh.c b/ssh.c
index 68eae0f7..17a26c5f 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.596 2023/10/11 23:23:58 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.597 2023/10/12 02:18:18 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -622,6 +622,7 @@ ssh_conn_info_free(struct ssh_conn_info *cinfo)
free(cinfo->remuser);
free(cinfo->homedir);
free(cinfo->locuser);
+ free(cinfo->jmphost);
free(cinfo);
}
@@ -1389,12 +1390,14 @@ main(int ac, char **av)
cinfo->keyalias = xstrdup(options.host_key_alias ?
options.host_key_alias : options.host_arg);
cinfo->conn_hash_hex = ssh_connection_hash(cinfo->thishost, host,
- cinfo->portstr, options.user);
+ cinfo->portstr, options.user, options.jump_host);
cinfo->host_arg = xstrdup(options.host_arg);
cinfo->remhost = xstrdup(host);
cinfo->remuser = xstrdup(options.user);
cinfo->homedir = xstrdup(pw->pw_dir);
cinfo->locuser = xstrdup(pw->pw_name);
+ cinfo->jmphost = xstrdup(options.jump_host == NULL ?
+ "" : options.jump_host);
/*
* Expand tokens in arguments. NB. LocalCommand is expanded later,
diff --git a/ssh_config.5 b/ssh_config.5
index d1c7037d..4bbdfefd 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.390 2023/10/11 22:42:26 djm Exp $
-.Dd $Mdocdate: October 11 2023 $
+.\" $OpenBSD: ssh_config.5,v 1.391 2023/10/12 02:18:18 djm Exp $
+.Dd $Mdocdate: October 12 2023 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -2192,7 +2192,7 @@ which are expanded at runtime:
A literal
.Sq % .
.It \&%C
-Hash of %l%h%p%r.
+Hash of %l%h%p%r%j.
.It %d
Local user's home directory.
.It %f
@@ -2218,6 +2218,9 @@ when preparing the host key algorithm preference list to use for the
destination host.
.It %i
The local user ID.
+.It %j
+The contents of the ProxyJump option, or the empty string if this
+option is unset.
.It %K
The base64 encoded host key.
.It %k
@@ -2261,7 +2264,7 @@ The local username.
.Cm RevokedHostKeys ,
and
.Cm UserKnownHostsFile
-accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u.
+accept the tokens %%, %C, %d, %h, %i, %j, %k, %L, %l, %n, %p, %r, and %u.
.Pp
.Cm KnownHostsCommand
additionally accepts the tokens %f, %H, %I, %K and %t.
diff --git a/sshconnect.h b/sshconnect.h
index f518a9a1..79d35cc1 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.46 2020/12/22 00:15:23 djm Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.47 2023/10/12 02:18:18 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -42,6 +42,7 @@ struct ssh_conn_info {
char *remuser;
char *homedir;
char *locuser;
+ char *jmphost;
};
struct addrinfo;
@@ -61,7 +62,8 @@ struct ssh_conn_info;
"d", conn_info->homedir, \
"h", conn_info->remhost, \
"r", conn_info->remuser, \
- "u", conn_info->locuser
+ "u", conn_info->locuser, \
+ "j", conn_info->jmphost
int ssh_connect(struct ssh *, const char *, const char *,
struct addrinfo *, struct sockaddr_storage *, u_short,
--
To stop receiving notification emails like this one, please contact
djm@mindrot.org.
_______________________________________________
openssh-commits mailing list
openssh-commits@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-commits