version 1.326, 2020/02/06 22:46:31 |
version 1.327, 2020/04/03 02:27:12 |
|
|
return kex_default_pk_alg_filtered; |
return kex_default_pk_alg_filtered; |
} |
} |
|
|
|
char * |
|
ssh_connection_hash(const char *thishost, const char *host, const char *portstr, |
|
const char *user) |
|
{ |
|
struct ssh_digest_ctx *md; |
|
u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; |
|
|
|
if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL || |
|
ssh_digest_update(md, thishost, strlen(thishost)) < 0 || |
|
ssh_digest_update(md, host, strlen(host)) < 0 || |
|
ssh_digest_update(md, portstr, strlen(portstr)) < 0 || |
|
ssh_digest_update(md, user, strlen(user)) < 0 || |
|
ssh_digest_final(md, conn_hash, sizeof(conn_hash)) < 0) |
|
fatal("%s: mux digest failed", __func__); |
|
ssh_digest_free(md); |
|
return tohex(conn_hash, ssh_digest_bytes(SSH_DIGEST_SHA1)); |
|
} |
|
|
/* |
/* |
* Adds a local TCP/IP port forward to options. Never returns if there is an |
* Adds a local TCP/IP port forward to options. Never returns if there is an |
* error. |
* error. |
|
|
if (r == (negate ? 1 : 0)) |
if (r == (negate ? 1 : 0)) |
this_result = result = 0; |
this_result = result = 0; |
} else if (strcasecmp(attrib, "exec") == 0) { |
} else if (strcasecmp(attrib, "exec") == 0) { |
|
char *conn_hash_hex; |
|
|
if (gethostname(thishost, sizeof(thishost)) == -1) |
if (gethostname(thishost, sizeof(thishost)) == -1) |
fatal("gethostname: %s", strerror(errno)); |
fatal("gethostname: %s", strerror(errno)); |
strlcpy(shorthost, thishost, sizeof(shorthost)); |
strlcpy(shorthost, thishost, sizeof(shorthost)); |
|
|
snprintf(portstr, sizeof(portstr), "%d", port); |
snprintf(portstr, sizeof(portstr), "%d", port); |
snprintf(uidstr, sizeof(uidstr), "%llu", |
snprintf(uidstr, sizeof(uidstr), "%llu", |
(unsigned long long)pw->pw_uid); |
(unsigned long long)pw->pw_uid); |
|
conn_hash_hex = ssh_connection_hash(thishost, host, |
|
portstr, pw->pw_name); |
|
|
cmd = percent_expand(arg, |
cmd = percent_expand(arg, |
|
"C", conn_hash_hex, |
"L", shorthost, |
"L", shorthost, |
"d", pw->pw_dir, |
"d", pw->pw_dir, |
"h", host, |
"h", host, |
|
|
"u", pw->pw_name, |
"u", pw->pw_name, |
"i", uidstr, |
"i", uidstr, |
(char *)NULL); |
(char *)NULL); |
|
free(conn_hash_hex); |
if (result != 1) { |
if (result != 1) { |
/* skip execution if prior predicate failed */ |
/* skip execution if prior predicate failed */ |
debug3("%.200s line %d: skipped exec " |
debug3("%.200s line %d: skipped exec " |