From a8e6a8a7e864377d858435dbf33077ef9a4b60e8 Mon Sep 17 00:00:00 2001 From: djm Date: Thu, 12 Oct 2023 02:18:18 +0000 Subject: [PATCH] add %j token that expands to the configured ProxyJump hostname (or the empty string if this option is not being used). bz3610, ok dtucker --- usr.bin/ssh/readconf.c | 12 ++++++++---- usr.bin/ssh/readconf.h | 4 ++-- usr.bin/ssh/ssh.c | 7 +++++-- usr.bin/ssh/ssh_config.5 | 11 +++++++---- usr.bin/ssh/sshconnect.h | 6 ++++-- 5 files changed, 26 insertions(+), 14 deletions(-) diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 12d1446828a..f6dd72511ca 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.382 2023/10/11 22:42:26 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.383 2023/10/12 02:18:18 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -336,7 +336,7 @@ kex_default_pk_alg(void) char * ssh_connection_hash(const char *thishost, const char *host, const char *portstr, - const char *user) + const char *user, const char *jumphost) { struct ssh_digest_ctx *md; u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; @@ -346,6 +346,7 @@ ssh_connection_hash(const char *thishost, const char *host, const char *portstr, ssh_digest_update(md, host, strlen(host)) < 0 || ssh_digest_update(md, portstr, strlen(portstr)) < 0 || ssh_digest_update(md, user, strlen(user)) < 0 || + ssh_digest_update(md, jumphost, strlen(jumphost)) < 0 || ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0) fatal_f("mux digest failed"); ssh_digest_free(md); @@ -741,17 +742,19 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, if (r == (negate ? 1 : 0)) this_result = result = 0; } else if (strcasecmp(attrib, "exec") == 0) { - char *conn_hash_hex, *keyalias; + char *conn_hash_hex, *keyalias, *jmphost; if (gethostname(thishost, sizeof(thishost)) == -1) fatal("gethostname: %s", strerror(errno)); + jmphost = option_clear_or_none(options->jump_host) ? + "" : options->jump_host; strlcpy(shorthost, thishost, sizeof(shorthost)); shorthost[strcspn(thishost, ".")] = '\0'; snprintf(portstr, sizeof(portstr), "%d", port); snprintf(uidstr, sizeof(uidstr), "%llu", (unsigned long long)pw->pw_uid); conn_hash_hex = ssh_connection_hash(thishost, host, - portstr, ruser); + portstr, ruser, jmphost); keyalias = options->host_key_alias ? options->host_key_alias : host; @@ -767,6 +770,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw, "r", ruser, "u", pw->pw_name, "i", uidstr, + "j", jmphost, (char *)NULL); free(conn_hash_hex); if (result != 1) { diff --git a/usr.bin/ssh/readconf.h b/usr.bin/ssh/readconf.h index 702b027de89..ff7180cd0c6 100644 --- a/usr.bin/ssh/readconf.h +++ b/usr.bin/ssh/readconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.h,v 1.153 2023/10/11 22:42:26 djm Exp $ */ +/* $OpenBSD: readconf.h,v 1.154 2023/10/12 02:18:18 djm Exp $ */ /* * Author: Tatu Ylonen @@ -233,7 +233,7 @@ typedef struct { const char *kex_default_pk_alg(void); char *ssh_connection_hash(const char *thishost, const char *host, - const char *portstr, const char *user); + const char *portstr, const char *user, const char *jump_host); void initialize_options(Options *); int fill_default_options(Options *); void fill_default_options_for_canonicalization(Options *); diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 96fa5c463eb..af215364d6c 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.596 2023/10/11 23:23:58 djm Exp $ */ +/* $OpenBSD: ssh.c,v 1.597 2023/10/12 02:18:18 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -606,6 +606,7 @@ ssh_conn_info_free(struct ssh_conn_info *cinfo) free(cinfo->remuser); free(cinfo->homedir); free(cinfo->locuser); + free(cinfo->jmphost); free(cinfo); } @@ -1368,12 +1369,14 @@ main(int ac, char **av) cinfo->keyalias = xstrdup(options.host_key_alias ? options.host_key_alias : options.host_arg); cinfo->conn_hash_hex = ssh_connection_hash(cinfo->thishost, host, - cinfo->portstr, options.user); + cinfo->portstr, options.user, options.jump_host); cinfo->host_arg = xstrdup(options.host_arg); cinfo->remhost = xstrdup(host); cinfo->remuser = xstrdup(options.user); cinfo->homedir = xstrdup(pw->pw_dir); cinfo->locuser = xstrdup(pw->pw_name); + cinfo->jmphost = xstrdup(options.jump_host == NULL ? + "" : options.jump_host); /* * Expand tokens in arguments. NB. LocalCommand is expanded later, diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 65f5345f7c7..f137d304e97 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.390 2023/10/11 22:42:26 djm Exp $ -.Dd $Mdocdate: October 11 2023 $ +.\" $OpenBSD: ssh_config.5,v 1.391 2023/10/12 02:18:18 djm Exp $ +.Dd $Mdocdate: October 12 2023 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -2193,7 +2193,7 @@ which are expanded at runtime: A literal .Sq % . .It \&%C -Hash of %l%h%p%r. +Hash of %l%h%p%r%j. .It %d Local user's home directory. .It %f @@ -2219,6 +2219,9 @@ when preparing the host key algorithm preference list to use for the destination host. .It %i The local user ID. +.It %j +The contents of the ProxyJump option, or the empty string if this +option is unset. .It %K The base64 encoded host key. .It %k @@ -2262,7 +2265,7 @@ The local username. .Cm RevokedHostKeys , and .Cm UserKnownHostsFile -accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p, %r, and %u. +accept the tokens %%, %C, %d, %h, %i, %j, %k, %L, %l, %n, %p, %r, and %u. .Pp .Cm KnownHostsCommand additionally accepts the tokens %f, %H, %I, %K and %t. diff --git a/usr.bin/ssh/sshconnect.h b/usr.bin/ssh/sshconnect.h index f518a9a1302..79d35cc195d 100644 --- a/usr.bin/ssh/sshconnect.h +++ b/usr.bin/ssh/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.46 2020/12/22 00:15:23 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.47 2023/10/12 02:18:18 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -42,6 +42,7 @@ struct ssh_conn_info { char *remuser; char *homedir; char *locuser; + char *jmphost; }; struct addrinfo; @@ -61,7 +62,8 @@ struct ssh_conn_info; "d", conn_info->homedir, \ "h", conn_info->remhost, \ "r", conn_info->remuser, \ - "u", conn_info->locuser + "u", conn_info->locuser, \ + "j", conn_info->jmphost int ssh_connect(struct ssh *, const char *, const char *, struct addrinfo *, struct sockaddr_storage *, u_short, -- 2.20.1