upstream: make UID available as a %-expansion everywhere that the

username is available currently. In the client this is via %i, in the server
%U (since %i was already used in the client in some places for this, but used
for something different in the server); bz#2870, ok dtucker@

OpenBSD-Commit-ID: c7e912b0213713316cb55db194b3a6415b3d4b95

8 files changed, 67 insertions, 35 deletions

diff --git a/auth.c b/auth.c
index 0b7a335f..573cd03b 100644
--- a/auth.c
+++ b/auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.c,v 1.128 2018/05/25 07:11:01 djm Exp $ */
+/* $OpenBSD: auth.c,v 1.129 2018/06/01 03:33:53 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -422,11 +422,13 @@ auth_root_allowed(struct ssh *ssh, const char *method)
 char *
 expand_authorized_keys(const char *filename, struct passwd *pw)
 {
-	char *file, ret[PATH_MAX];
+	char *file, uidstr[32], ret[PATH_MAX];
 	int i;
 
+	snprintf(uidstr, sizeof(uidstr), "%llu",
+	    (unsigned long long)pw->pw_uid);
 	file = percent_expand(filename, "h", pw->pw_dir,
-	    "u", pw->pw_name, (char *)NULL);
+	    "u", pw->pw_name, "U", uidstr, (char *)NULL);
 
 	/*
 	 * Ensure that filename starts anchored. If not, be backward
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 8024b1d6..5603f5ef 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.77 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.78 2018/06/01 03:33:53 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -387,7 +387,7 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
 	pid_t pid;
 	char *tmp, *username = NULL, *command = NULL, **av = NULL;
 	char *ca_fp = NULL, *key_fp = NULL, *catext = NULL, *keytext = NULL;
-	char serial_s[16];
+	char serial_s[16], uidstr[32];
 	void (*osigchld)(int);
 
 	if (authoptsp != NULL)
@@ -447,8 +447,11 @@ match_principals_command(struct ssh *ssh, struct passwd *user_pw,
 	}
 	snprintf(serial_s, sizeof(serial_s), "%llu",
 	    (unsigned long long)cert->serial);
+	snprintf(uidstr, sizeof(uidstr), "%llu",
+	    (unsigned long long)user_pw->pw_uid);
 	for (i = 1; i < ac; i++) {
 		tmp = percent_expand(av[i],
+		    "U", uidstr,
 		    "u", user_pw->pw_name,
 		    "h", user_pw->pw_dir,
 		    "t", sshkey_ssh_name(key),
@@ -852,7 +855,7 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
 	int i, uid_swapped = 0, ac = 0;
 	pid_t pid;
 	char *username = NULL, *key_fp = NULL, *keytext = NULL;
-	char *tmp, *command = NULL, **av = NULL;
+	char uidstr[32], *tmp, *command = NULL, **av = NULL;
 	void (*osigchld)(int);
 
 	if (authoptsp != NULL)
@@ -902,8 +905,11 @@ user_key_command_allowed2(struct ssh *ssh, struct passwd *user_pw,
 		    command);
 		goto out;
 	}
+	snprintf(uidstr, sizeof(uidstr), "%llu",
+	    (unsigned long long)user_pw->pw_uid);
 	for (i = 1; i < ac; i++) {
 		tmp = percent_expand(av[i],
+		    "U", uidstr,
 		    "u", user_pw->pw_name,
 		    "h", user_pw->pw_dir,
 		    "t", sshkey_ssh_name(key),
diff --git a/readconf.c b/readconf.c
index 7b7a0d7e..9c4a234b 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.287 2018/05/22 00:13:26 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.288 2018/06/01 03:33:53 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -551,6 +551,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
 	const char *ruser;
 	int r, port, this_result, result = 1, attributes = 0, negate;
 	char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
+	char uidstr[32];
 
 	/*
 	 * Configuration is likely to be incomplete at this point so we
@@ -631,6 +632,8 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
 			strlcpy(shorthost, thishost, sizeof(shorthost));
 			shorthost[strcspn(thishost, ".")] = '\0';
 			snprintf(portstr, sizeof(portstr), "%d", port);
+			snprintf(uidstr, sizeof(uidstr), "%llu",
+			    (unsigned long long)pw->pw_uid);
 
 			cmd = percent_expand(arg,
 			    "L", shorthost,
@@ -641,6 +644,7 @@ match_cfg_line(Options *options, char **condition, struct passwd *pw,
 			    "p", portstr,
 			    "r", ruser,
 			    "u", pw->pw_name,
+			    "i", uidstr,
 			    (char *)NULL);
 			if (result != 1) {
 				/* skip execution if prior predicate failed */
diff --git a/session.c b/session.c
index 58826db1..5ceebff5 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.294 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: session.c,v 1.295 2018/06/01 03:33:53 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1324,7 +1324,7 @@ safely_chroot(const char *path, uid_t uid)
 void
 do_setusercontext(struct passwd *pw)
 {
-	char *chroot_path, *tmp;
+	char uidstr[32], *chroot_path, *tmp;
 
 	platform_setusercontext(pw);
 
@@ -1356,8 +1356,10 @@ do_setusercontext(struct passwd *pw)
 		    strcasecmp(options.chroot_directory, "none") != 0) {
                         tmp = tilde_expand_filename(options.chroot_directory,
 			    pw->pw_uid);
+			snprintf(uidstr, sizeof(uidstr), "%llu",
+			    (unsigned long long)pw->pw_uid);
 			chroot_path = percent_expand(tmp, "h", pw->pw_dir,
-			    "u", pw->pw_name, (char *)NULL);
+			    "u", pw->pw_name, "U", uidstr, (char *)NULL);
 			safely_chroot(chroot_path, pw->pw_uid);
 			free(tmp);
 			free(chroot_path);
diff --git a/sftp-server.c b/sftp-server.c
index df0fb506..ab1b063f 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.111 2017/04/04 00:24:56 djm Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.112 2018/06/01 03:33:53 djm Exp $ */
 /*
  * Copyright (c) 2000-2004 Markus Friedl.  All rights reserved.
  *
@@ -1503,7 +1503,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
 	int i, r, in, out, max, ch, skipargs = 0, log_stderr = 0;
 	ssize_t len, olen, set_size;
 	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
-	char *cp, *homedir = NULL, buf[4*4096];
+	char *cp, *homedir = NULL, uidstr[32], buf[4*4096];
 	long mask;
 
 	extern char *optarg;
@@ -1554,8 +1554,10 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw)
 			break;
 		case 'd':
 			cp = tilde_expand_filename(optarg, user_pw->pw_uid);
+			snprintf(uidstr, sizeof(uidstr), "%llu",
+			    (unsigned long long)pw->pw_uid);
 			homedir = percent_expand(cp, "d", user_pw->pw_dir,
-			    "u", user_pw->pw_name, (char *)NULL);
+			    "u", user_pw->pw_name, "U", uidstr, (char *)NULL);
 			free(cp);
 			break;
 		case 'p':
diff --git a/ssh.c b/ssh.c
index 40e63c32..d25960bc 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.478 2018/06/01 03:11:49 djm Exp $ */
+/* $OpenBSD: ssh.c,v 1.479 2018/06/01 03:33:53 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1278,7 +1278,8 @@ main(int ac, char **av)
 	strlcpy(shorthost, thishost, sizeof(shorthost));
 	shorthost[strcspn(thishost, ".")] = '\0';
 	snprintf(portstr, sizeof(portstr), "%d", options.port);
-	snprintf(uidstr, sizeof(uidstr), "%d", pw->pw_uid);
+	snprintf(uidstr, sizeof(uidstr), "%llu",
+	    (unsigned long long)pw->pw_uid);
 
 	if ((md = ssh_digest_start(SSH_DIGEST_SHA1)) == NULL ||
 	    ssh_digest_update(md, thishost, strlen(thishost)) < 0 ||
@@ -1303,6 +1304,7 @@ main(int ac, char **av)
 		    "L", shorthost,
 		    "d", pw->pw_dir,
 		    "h", host,
+		    "i", uidstr,
 		    "l", thishost,
 		    "n", host_arg,
 		    "p", portstr,
@@ -1323,6 +1325,7 @@ main(int ac, char **av)
 		    "C", conn_hash_hex,
 		    "L", shorthost,
 		    "h", host,
+		    "i", uidstr,
 		    "l", thishost,
 		    "n", host_arg,
 		    "p", portstr,
@@ -1501,9 +1504,14 @@ main(int ac, char **av)
 		} else {
 			p = tilde_expand_filename(options.identity_agent,
 			    original_real_uid);
-			cp = percent_expand(p, "d", pw->pw_dir,
-			    "u", pw->pw_name, "l", thishost, "h", host,
-			    "r", options.user, (char *)NULL);
+			cp = percent_expand(p,
+			    "d", pw->pw_dir,
+			    "h", host,
+			    "i", uidstr,
+			    "l", thishost,
+			    "r", options.user,
+			    "u", pw->pw_name,
+			    (char *)NULL);
 			setenv(SSH_AUTHSOCKET_ENV_NAME, cp, 1);
 			free(cp);
 			free(p);
@@ -1908,6 +1916,7 @@ ssh_session2(struct ssh *ssh, struct passwd *pw)
 		    "L", shorthost,
 		    "d", pw->pw_dir,
 		    "h", host,
+		    "i", uidstr,
 		    "l", thishost,
 		    "n", host_arg,
 		    "p", portstr,
@@ -2106,9 +2115,14 @@ load_public_identity_files(struct passwd *pw)
 	for (i = 0; i < options.num_certificate_files; i++) {
 		cp = tilde_expand_filename(options.certificate_files[i],
 		    original_real_uid);
-		filename = percent_expand(cp, "d", pw->pw_dir,
-		    "u", pw->pw_name, "l", thishost, "h", host,
-		    "r", options.user, (char *)NULL);
+		filename = percent_expand(cp,
+		    "d", pw->pw_dir,
+		    "h", host,
+		    "i", host,
+		    "l", thishost,
+		    "r", options.user,
+		    "u", pw->pw_name,
+		    (char *)NULL);
 		free(cp);
 
 		public = key_load_public(filename, NULL);
diff --git a/ssh_config.5 b/ssh_config.5
index bcd18a87..94c12bdd 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.273 2018/04/10 00:10:49 djm Exp $
-.Dd $Mdocdate: April 10 2018 $
+.\" $OpenBSD: ssh_config.5,v 1.274 2018/06/01 03:33:53 djm Exp $
+.Dd $Mdocdate: June 1 2018 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1743,10 +1743,10 @@ The local username.
 .El
 .Pp
 .Cm Match exec
-accepts the tokens %%, %h, %L, %l, %n, %p, %r, and %u.
+accepts the tokens %%, %h, %i, %L, %l, %n, %p, %r, and %u.
 .Pp
 .Cm CertificateFile
-accepts the tokens %%, %d, %h, %l, %r, and %u.
+accepts the tokens %%, %d, %h, %i %l, %r, and %u.
 .Pp
 .Cm ControlPath
 accepts the tokens %%, %C, %h, %i, %L, %l, %n, %p, %r, and %u.
@@ -1757,16 +1757,16 @@ accepts the tokens %% and %h.
 .Cm IdentityAgent
 and
 .Cm IdentityFile
-accept the tokens %%, %d, %h, %l, %r, and %u.
+accept the tokens %%, %d, %h, %i %l, %r, and %u.
 .Pp
 .Cm LocalCommand
-accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, %T, and %u.
+accepts the tokens %%, %C, %d, %h, %i %l, %n, %p, %r, %T, and %u.
 .Pp
 .Cm ProxyCommand
 accepts the tokens %%, %h, %p, and %r.
 .Pp
 .Cm RemoteCommand
-accepts the tokens %%, %C, %d, %h, %l, %n, %p, %r, and %u.
+accepts the tokens %%, %C, %d, %h, %i, %l, %n, %p, %r, and %u.
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa ~/.ssh/config
diff --git a/sshd_config.5 b/sshd_config.5
index 95dbc1d1..1d6e0d1e 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.266 2018/05/15 05:40:11 jmc Exp $
-.Dd $Mdocdate: May 15 2018 $
+.\" $OpenBSD: sshd_config.5,v 1.267 2018/06/01 03:33:53 djm Exp $
+.Dd $Mdocdate: June 1 2018 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1689,24 +1689,26 @@ The serial number of the certificate.
 The type of the CA key.
 .It %t
 The key or certificate type.
+.It %U
+The numeric user-id id of the target user.
 .It %u
 The username.
 .El
 .Pp
 .Cm AuthorizedKeysCommand
-accepts the tokens %%, %f, %h, %k, %t, and %u.
+accepts the tokens %%, %f, %h, %k, %t, %U and %u.
 .Pp
 .Cm AuthorizedKeysFile
-accepts the tokens %%, %h, and %u.
+accepts the tokens %%, %h, %U and %u.
 .Pp
 .Cm AuthorizedPrincipalsCommand
-accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, and %u.
+accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, %U and %u.
 .Pp
 .Cm AuthorizedPrincipalsFile
-accepts the tokens %%, %h, and %u.
+accepts the tokens %%, %h, and %U %u.
 .Pp
 .Cm ChrootDirectory
-accepts the tokens %%, %h, and %u.
+accepts the tokens %%, %h, and %U %u.
 .Pp
 .Cm RoutingDomain
 accepts the token %D.