add %j token that expands to the configured ProxyJump hostname (or

the empty string if this option is not being used).
bz3610, ok dtucker

diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index 12d1446..f6dd725 100644 (file)
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.382 2023/10/11 22:42:26 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.383 2023/10/12 02:18:18 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -336,7 +336,7 @@ kex_default_pk_alg(void)
 
 char *
 ssh_connection_hash(const char *thishost, const char *host, const char *portstr,
-    const char *user)
+    const char *user, const char *jumphost)
 {
        struct ssh_digest_ctx *md;
        u_char conn_hash[SSH_DIGEST_MAX_LENGTH];
@@ -346,6 +346,7 @@ ssh_connection_hash(const char *thishost, const char *host, const char *portstr,
            ssh_digest_update(md, host, strlen(host)) < 0 ||
            ssh_digest_update(md, portstr, strlen(portstr)) < 0 ||
            ssh_digest_update(md, user, strlen(user)) < 0 ||
+           ssh_digest_update(md, jumphost, strlen(jumphost)) < 0 ||
            ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0)
                fatal_f("mux digest failed");
        ssh_digest_free(md);
@@ -741,17 +742,19 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
                        if (r == (negate ? 1 : 0))
                                this_result = result = 0;
                } else if (strcasecmp(attrib, "exec") == 0) {
-                       char *conn_hash_hex, *keyalias;
+                       char *conn_hash_hex, *keyalias, *jmphost;
 
                        if (gethostname(thishost, sizeof(thishost)) == -1)
                                fatal("gethostname: %s", strerror(errno));
+                       jmphost = option_clear_or_none(options->jump_host) ?
+                           "" : options->jump_host;
                        strlcpy(shorthost, thishost, sizeof(shorthost));
                        shorthost[strcspn(thishost, ".")] = '\0';
                        snprintf(portstr, sizeof(portstr), "%d", port);
                        snprintf(uidstr, sizeof(uidstr), "%llu",
                            (unsigned long long)pw->pw_uid);
                        conn_hash_hex = ssh_connection_hash(thishost, host,
-                           portstr, ruser);
+                           portstr, ruser, jmphost);
                        keyalias = options->host_key_alias ?
                            options->host_key_alias : host;
 
@@ -767,6 +770,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
                            "r", ruser,
                            "u", pw->pw_name,
                            "i", uidstr,
+                           "j", jmphost,
                            (char *)NULL);
                        free(conn_hash_hex);
                        if (result != 1) {

diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h
index 702b027..ff7180c 100644 (file)
--- a/usr.bin/ssh/readconf.h
+++ b/usr.bin/ssh/readconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.h,v 1.153 2023/10/11 22:42:26 djm Exp $ */
+/* $OpenBSD: readconf.h,v 1.154 2023/10/12 02:18:18 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -233,7 +233,7 @@ typedef struct {
 
 const char *kex_default_pk_alg(void);
 char   *ssh_connection_hash(const char *thishost, const char *host,
-    const char *portstr, const char *user);
+    const char *portstr, const char *user, const char *jump_host);
 void     initialize_options(Options *);
 int      fill_default_options(Options *);
 void    fill_default_options_for_canonicalization(Options *);

diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 96fa5c4..af21536 100644 (file)
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.596 2023/10/11 23:23:58 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.597 2023/10/12 02:18:18 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -606,6 +606,7 @@ ssh_conn_info_free(struct ssh_conn_info *cinfo)
        free(cinfo->remuser);
        free(cinfo->homedir);
        free(cinfo->locuser);
+       free(cinfo->jmphost);
        free(cinfo);
 }
 
@@ -1368,12 +1369,14 @@ main(int ac, char **av)
        cinfo->keyalias = xstrdup(options.host_key_alias ?
            options.host_key_alias : options.host_arg);
        cinfo->conn_hash_hex = ssh_connection_hash(cinfo->thishost, host,
-           cinfo->portstr, options.user);
+           cinfo->portstr, options.user, options.jump_host);
        cinfo->host_arg = xstrdup(options.host_arg);
        cinfo->remhost = xstrdup(host);
        cinfo->remuser = xstrdup(options.user);
        cinfo->homedir = xstrdup(pw->pw_dir);
        cinfo->locuser = xstrdup(pw->pw_name);
+       cinfo->jmphost = xstrdup(options.jump_host == NULL ?
+           "" : options.jump_host);
 
        /*
         * Expand tokens in arguments. NB. LocalCommand is expanded later,

diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index 65f5345..f137d30 100644 (file)
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.390 2023/10/11 22:42:26 djm Exp $
-.Dd $Mdocdate: October 11 2023 $
+.\" $OpenBSD: ssh_config.5,v 1.391 2023/10/12 02:18:18 djm Exp $
+.Dd $Mdocdate: October 12 2023 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -2193,7 +2193,7 @@ which are expanded at runtime:
 A literal
 .Sq % .
 .It \&%C
-Hash of %l%h%p%r.
+Hash of %l%h%p%r%j.
 .It %d
 Local user's home directory.
 .It %f
@@ -2219,6 +2219,9 @@ when preparing the host key algorithm preference list to use for the
 destination host.
 .It %i
 The local user ID.
+.It %j
+The contents of the ProxyJump option, or the empty string if this
+option is unset.
 .It %K
 The base64 encoded host key.
 .It %k
@@ -2262,7 +2265,7 @@ The local username.
 .Cm RevokedHostKeys ,
 and
 .Cm UserKnownHostsFile
-accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u.
+accept the tokens %%, %C, %d, %h, %i, %j, %k, %L, %l, %n, %p, %r, and %u.
 .Pp
 .Cm KnownHostsCommand
 additionally accepts the tokens %f, %H, %I, %K and %t.

diff --git a/usr.bin/ssh/sshconnect.h b/usr.bin/ssh/sshconnect.h
index f518a9a..79d35cc 100644 (file)
--- a/usr.bin/ssh/sshconnect.h
+++ b/usr.bin/ssh/sshconnect.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.46 2020/12/22 00:15:23 djm Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.47 2023/10/12 02:18:18 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -42,6 +42,7 @@ struct ssh_conn_info {
        char *remuser;
        char *homedir;
        char *locuser;
+       char *jmphost;
 };
 
 struct addrinfo;
@@ -61,7 +62,8 @@ struct ssh_conn_info;
        "d", conn_info->homedir, \
        "h", conn_info->remhost, \
        "r", conn_info->remuser, \
-       "u", conn_info->locuser
+       "u", conn_info->locuser, \
+       "j", conn_info->jmphost
 
 int     ssh_connect(struct ssh *, const char *, const char *,
            struct addrinfo *, struct sockaddr_storage *, u_short,