+/* $OpenBSD: ssh.c,v 1.279 2006/07/06 16:03:53 stevesk Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
+#include <pwd.h>
#include <signal.h>
#include <openssl/evp.h>
#include "msg.h"
#include "monitor_fdpass.h"
#include "uidswap.h"
+#include "version.h"
#ifdef SMARTCARD
#include "scard.h"
" [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
" [-R [bind_address:]port:host:hostport] [-S ctl_path]\n"
-" [-w tunnel:tunnel] [user@]hostname [command]\n"
+" [-w local_tun[:remote_tun]] [user@]hostname [command]\n"
);
exit(255);
}
options.control_path = NULL;
if (options.control_path != NULL) {
- char me[NI_MAXHOST];
+ char thishost[NI_MAXHOST];
- if (gethostname(me, sizeof(me)) == -1)
+ if (gethostname(thishost, sizeof(thishost)) == -1)
fatal("gethostname: %s", strerror(errno));
snprintf(buf, sizeof(buf), "%d", options.port);
cp = tilde_expand_filename(options.control_path,
original_real_uid);
options.control_path = percent_expand(cp, "p", buf, "h", host,
- "r", options.user, "l", me, (char *)NULL);
+ "r", options.user, "l", thishost, (char *)NULL);
xfree(cp);
}
if (mux_command != 0 && options.control_path == NULL)
if (options.rhosts_rsa_authentication ||
options.hostbased_authentication) {
sensitive_data.nkeys = 3;
- sensitive_data.keys = xmalloc(sensitive_data.nkeys *
+ sensitive_data.keys = xcalloc(sensitive_data.nkeys,
sizeof(Key));
PRIV_START;
sensitive_data.keys[0] = key_load_private_type(KEY_RSA1,
- _PATH_HOST_KEY_FILE, "", NULL);
+ _PATH_HOST_KEY_FILE, "", NULL, NULL);
sensitive_data.keys[1] = key_load_private_type(KEY_DSA,
- _PATH_HOST_DSA_KEY_FILE, "", NULL);
+ _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
sensitive_data.keys[2] = key_load_private_type(KEY_RSA,
- _PATH_HOST_RSA_KEY_FILE, "", NULL);
+ _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
PRIV_END;
if (options.hostbased_authentication == 1 &&
static void
load_public_identity_files(void)
{
- char *filename;
+ char *filename, *cp, thishost[NI_MAXHOST];
int i = 0;
Key *public;
+ struct passwd *pw;
#ifdef SMARTCARD
Key **keys;
xfree(keys);
}
#endif /* SMARTCARD */
+ if ((pw = getpwuid(original_real_uid)) == NULL)
+ fatal("load_public_identity_files: getpwuid failed");
+ if (gethostname(thishost, sizeof(thishost)) == -1)
+ fatal("load_public_identity_files: gethostname: %s",
+ strerror(errno));
for (; i < options.num_identity_files; i++) {
- filename = tilde_expand_filename(options.identity_files[i],
+ cp = tilde_expand_filename(options.identity_files[i],
original_real_uid);
+ filename = percent_expand(cp, "d", pw->pw_dir,
+ "u", pw->pw_name, "l", thishost, "h", host,
+ "r", options.user, (char *)NULL);
+ xfree(cp);
public = key_load_public(filename, NULL);
debug("identity file %s type %d", filename,
public ? public->type : -1);
int i;
char name[1024], *cp;
- strlcpy(name, env, sizeof(name));
+ if (strlcpy(name, env, sizeof(name)) >= sizeof(name))
+ fatal("env_permitted: name too long");
if ((cp = strchr(name, '=')) == NULL)
return (0);