From 2c7803bd0c4415349df82c37a70c9dbe4edea59c Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@cvs.openbsd.org>
Date: Fri, 17 Jul 2020 03:23:11 +0000
Subject: Add %-TOKEN, environment variable and tilde expansion to
 UserKnownHostsFile, allowing the file to be automagically split up in the
 configuration (eg bz#1654).  ok djm@, man page parts jmc@

---
 usr.bin/ssh/ssh.c        | 18 +++++++++++++++++-
 usr.bin/ssh/ssh_config.5 | 18 +++++++++++++-----
 2 files changed, 30 insertions(+), 6 deletions(-)

(limited to 'usr.bin/ssh')

diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index e7efcc628f0..34def8473d8 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.531 2020/07/05 23:59:45 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.532 2020/07/17 03:23:10 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -638,6 +638,7 @@ main(int ac, char **av)
 	struct Forward fwd;
 	struct addrinfo *addrs = NULL;
 	size_t n, len;
+	u_int j;
 
 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
 	sanitise_stdfd();
@@ -1406,6 +1407,21 @@ main(int ac, char **av)
 		options.forward_agent_sock_path = cp;
 	}
 
+	for (j = 0; j < options.num_user_hostfiles; j++) {
+		if (options.user_hostfiles[j] != NULL) {
+			cp = tilde_expand_filename(options.user_hostfiles[j],
+			    getuid());
+			p = default_client_percent_dollar_expand(cp,
+			    pw->pw_dir, host, options.user, pw->pw_name);
+			if (strcmp(options.user_hostfiles[j], p) != 0)
+				debug3("expanded UserKnownHostsFile '%s' -> "
+				    "'%s'", options.user_hostfiles[j], p);
+			free(options.user_hostfiles[j]);
+			free(cp);
+			options.user_hostfiles[j] = p;
+		}
+	}
+
 	for (i = 0; i < options.num_local_forwards; i++) {
 		if (options.local_forwards[i].listen_path != NULL) {
 			cp = options.local_forwards[i].listen_path;
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index bd0a4589380..13ac08166db 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.328 2020/05/29 05:48:39 jmc Exp $
-.Dd $Mdocdate: May 29 2020 $
+.\" $OpenBSD: ssh_config.5,v 1.329 2020/07/17 03:23:10 dtucker Exp $
+.Dd $Mdocdate: July 17 2020 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1739,6 +1739,12 @@ having to remember to give the user name on the command line.
 .It Cm UserKnownHostsFile
 Specifies one or more files to use for the user
 host key database, separated by whitespace.
+Each filename may use tilde notation to refer to the user's home directory,
+the tokens described in the
+.Sx TOKENS
+section and environment variables as described in the
+.Sx ENVIRONMENT VARIABLES
+section.
 The default is
 .Pa ~/.ssh/known_hosts ,
 .Pa ~/.ssh/known_hosts2 .
@@ -1875,8 +1881,9 @@ The local username.
 .Cm LocalForward ,
 .Cm Match exec ,
 .Cm RemoteCommand ,
+.Cm RemoteForward ,
 and
-.Cm RemoteForward
+.Com UserKnownHostsFile
 accept the tokens %%, %C, %d, %h, %i, %L, %l, %n, %p, %r, and %u.
 .Pp
 .Cm Hostname
@@ -1900,9 +1907,10 @@ returned and the setting for that keyword will be ignored.
 The keywords
 .Cm CertificateFile ,
 .Cm ControlPath ,
-.Cm IdentityAgent
-and
+.Cm IdentityAgent ,
 .Cm IdentityFile
+and
+.Cm UserKnownHostsFile
 support environment variables.
 The keywords
 .Cm LocalForward
-- 
cgit v1.2.3