# HG changeset patch # User Matt Johnston # Date 1171183821 0 # Node ID ab57ba0cb667fee738bf7c5b4b669474c180d8a3 # Parent fb02e3180d90f44d3ec4aa29d79111e135c25556 Add '-y' option to dbclient to accept the host key without checking - patch from Luciano Miguel Ferreira Rocha. diff -r fb02e3180d90 -r ab57ba0cb667 cli-kex.c --- a/cli-kex.c Fri Feb 09 10:55:20 2007 +0000 +++ b/cli-kex.c Sun Feb 11 08:50:21 2007 +0000 @@ -119,6 +119,13 @@ char response = 'z'; fp = sign_key_fingerprint(keyblob, keybloblen); + if (cli_opts.always_accept_key) { + fprintf(stderr, "\nHost '%s' key accepted unconditionally.\n(fingerprint %s)\n", + cli_opts.remotehost, + fp); + m_free(fp); + return; + } fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n", cli_opts.remotehost, fp); @@ -268,24 +275,26 @@ goto out; } - /* put the new entry in the file */ - fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */ - buf_setpos(line, 0); - buf_setlen(line, 0); - buf_putbytes(line, ses.remotehost, hostlen); - buf_putbyte(line, ' '); - buf_putbytes(line, algoname, algolen); - buf_putbyte(line, ' '); - len = line->size - line->pos; - TRACE(("keybloblen %d, len %d", keybloblen, len)) - /* The only failure with base64 is buffer_overflow, but buf_getwriteptr - * will die horribly in the case anyway */ - base64_encode(keyblob, keybloblen, buf_getwriteptr(line, len), &len); - buf_incrwritepos(line, len); - buf_putbyte(line, '\n'); - buf_setpos(line, 0); - fwrite(buf_getptr(line, line->len), line->len, 1, hostsfile); - /* We ignore errors, since there's not much we can do about them */ + if (!cli_opts.always_accept_key) { + /* put the new entry in the file */ + fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */ + buf_setpos(line, 0); + buf_setlen(line, 0); + buf_putbytes(line, ses.remotehost, hostlen); + buf_putbyte(line, ' '); + buf_putbytes(line, algoname, algolen); + buf_putbyte(line, ' '); + len = line->size - line->pos; + TRACE(("keybloblen %d, len %d", keybloblen, len)) + /* The only failure with base64 is buffer_overflow, but buf_getwriteptr + * will die horribly in the case anyway */ + base64_encode(keyblob, keybloblen, buf_getwriteptr(line, len), &len); + buf_incrwritepos(line, len); + buf_putbyte(line, '\n'); + buf_setpos(line, 0); + fwrite(buf_getptr(line, line->len), line->len, 1, hostsfile); + /* We ignore errors, since there's not much we can do about them */ + } out: if (hostsfile != NULL) { diff -r fb02e3180d90 -r ab57ba0cb667 cli-runopts.c --- a/cli-runopts.c Fri Feb 09 10:55:20 2007 +0000 +++ b/cli-runopts.c Sun Feb 11 08:50:21 2007 +0000 @@ -52,6 +52,7 @@ "-T Don't allocate a pty\n" "-N Don't run a remote command\n" "-f Run in background after auth\n" + "-y Always accept remote host key if unknown\n" #ifdef ENABLE_CLI_PUBKEY_AUTH "-i (multiple allowed)\n" #endif @@ -93,6 +94,7 @@ cli_opts.no_cmd = 0; cli_opts.backgrounded = 0; cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */ + cli_opts.always_accept_key = 0; #ifdef ENABLE_CLI_PUBKEY_AUTH cli_opts.privkeys = NULL; #endif @@ -148,6 +150,9 @@ /* A flag *waves* */ switch (argv[i][1]) { + case 'y': /* always accept the remote hostkey */ + cli_opts.always_accept_key = 1; + break; case 'p': /* remoteport */ next = &cli_opts.remoteport; break; diff -r fb02e3180d90 -r ab57ba0cb667 runopts.h --- a/runopts.h Fri Feb 09 10:55:20 2007 +0000 +++ b/runopts.h Sun Feb 11 08:50:21 2007 +0000 @@ -102,6 +102,7 @@ char *cmd; int wantpty; + int always_accept_key; int no_cmd; int backgrounded; #ifdef ENABLE_CLI_PUBKEY_AUTH