# HG changeset patch # User Matt Johnston # Date 1171187700 0 # Node ID b2f81110c80b7c695b0cc3ee7bcfd534216e3e4c # Parent ab57ba0cb667fee738bf7c5b4b669474c180d8a3# Parent a01c0c8e543a297344b749c9469d7541fa83785f propagate from branch 'au.asn.ucc.matt.dropbear' (head 924b731b50d4147eed8e9382c98a2573259a6cad) to branch 'au.asn.ucc.matt.dropbear.channel-fix' (head e73ee8f7ae404a9355685c30828a0ad4524031bc) diff -r a01c0c8e543a -r b2f81110c80b cli-kex.c --- a/cli-kex.c Fri Feb 09 10:43:16 2007 +0000 +++ b/cli-kex.c Sun Feb 11 09:55:00 2007 +0000 @@ -119,6 +119,13 @@ char response = 'z'; fp = sign_key_fingerprint(keyblob, keybloblen); + if (cli_opts.always_accept_key) { + fprintf(stderr, "\nHost '%s' key accepted unconditionally.\n(fingerprint %s)\n", + cli_opts.remotehost, + fp); + m_free(fp); + return; + } fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n", cli_opts.remotehost, fp); @@ -268,24 +275,26 @@ goto out; } - /* put the new entry in the file */ - fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */ - buf_setpos(line, 0); - buf_setlen(line, 0); - buf_putbytes(line, ses.remotehost, hostlen); - buf_putbyte(line, ' '); - buf_putbytes(line, algoname, algolen); - buf_putbyte(line, ' '); - len = line->size - line->pos; - TRACE(("keybloblen %d, len %d", keybloblen, len)) - /* The only failure with base64 is buffer_overflow, but buf_getwriteptr - * will die horribly in the case anyway */ - base64_encode(keyblob, keybloblen, buf_getwriteptr(line, len), &len); - buf_incrwritepos(line, len); - buf_putbyte(line, '\n'); - buf_setpos(line, 0); - fwrite(buf_getptr(line, line->len), line->len, 1, hostsfile); - /* We ignore errors, since there's not much we can do about them */ + if (!cli_opts.always_accept_key) { + /* put the new entry in the file */ + fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */ + buf_setpos(line, 0); + buf_setlen(line, 0); + buf_putbytes(line, ses.remotehost, hostlen); + buf_putbyte(line, ' '); + buf_putbytes(line, algoname, algolen); + buf_putbyte(line, ' '); + len = line->size - line->pos; + TRACE(("keybloblen %d, len %d", keybloblen, len)) + /* The only failure with base64 is buffer_overflow, but buf_getwriteptr + * will die horribly in the case anyway */ + base64_encode(keyblob, keybloblen, buf_getwriteptr(line, len), &len); + buf_incrwritepos(line, len); + buf_putbyte(line, '\n'); + buf_setpos(line, 0); + fwrite(buf_getptr(line, line->len), line->len, 1, hostsfile); + /* We ignore errors, since there's not much we can do about them */ + } out: if (hostsfile != NULL) { diff -r a01c0c8e543a -r b2f81110c80b cli-runopts.c --- a/cli-runopts.c Fri Feb 09 10:43:16 2007 +0000 +++ b/cli-runopts.c Sun Feb 11 09:55:00 2007 +0000 @@ -52,6 +52,7 @@ "-T Don't allocate a pty\n" "-N Don't run a remote command\n" "-f Run in background after auth\n" + "-y Always accept remote host key if unknown\n" #ifdef ENABLE_CLI_PUBKEY_AUTH "-i (multiple allowed)\n" #endif @@ -93,6 +94,7 @@ cli_opts.no_cmd = 0; cli_opts.backgrounded = 0; cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */ + cli_opts.always_accept_key = 0; #ifdef ENABLE_CLI_PUBKEY_AUTH cli_opts.privkeys = NULL; #endif @@ -148,6 +150,9 @@ /* A flag *waves* */ switch (argv[i][1]) { + case 'y': /* always accept the remote hostkey */ + cli_opts.always_accept_key = 1; + break; case 'p': /* remoteport */ next = &cli_opts.remoteport; break; diff -r a01c0c8e543a -r b2f81110c80b configure.in --- a/configure.in Fri Feb 09 10:43:16 2007 +0000 +++ b/configure.in Sun Feb 11 09:55:00 2007 +0000 @@ -612,7 +612,7 @@ if test x"$cross_compiling" = x"no" ; then AC_CHECK_FILE("/dev/ptc", AC_DEFINE(HAVE_DEV_PTS_AND_PTC,,Use /dev/ptc & /dev/pts)) else - AC_MSG_NOTICE(Not checking for /dev/ptc & /dev/pts\, we're cross-compiling) + AC_MSG_NOTICE(Not checking for /dev/ptc & /dev/pts since we're cross-compiling) fi fi diff -r a01c0c8e543a -r b2f81110c80b runopts.h --- a/runopts.h Fri Feb 09 10:43:16 2007 +0000 +++ b/runopts.h Sun Feb 11 09:55:00 2007 +0000 @@ -102,6 +102,7 @@ char *cmd; int wantpty; + int always_accept_key; int no_cmd; int backgrounded; #ifdef ENABLE_CLI_PUBKEY_AUTH