Mercurial > dropbear
changeset 772:7fc0aeada79c
-y -y to disable hostkey checking
fix missing trailing space when passing arguments for multihop mode
From Hans Harder
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 14 Apr 2013 22:49:10 +0800 |
| parents | 1b8b2b9d6e94 |
| children | a9f2a6ae4eb5 |
| files | cli-kex.c cli-runopts.c dbclient.1 runopts.h |
| diffstat | 4 files changed, 35 insertions(+), 5 deletions(-) [+] |
line wrap: on
line diff
--- a/cli-kex.c Thu Mar 21 23:29:04 2013 +0800 +++ b/cli-kex.c Sun Apr 14 22:49:10 2013 +0800 @@ -217,6 +217,11 @@ buffer * line = NULL; int ret; + if (cli_opts.no_hostkey_check) { + fprintf(stderr, "Caution, skipping hostkey check for %s\n", cli_opts.remotehost); + return; + } + hostsfile = open_known_hosts_file(&readonly); if (!hostsfile) { ask_to_confirm(keyblob, keybloblen);
--- a/cli-runopts.c Thu Mar 21 23:29:04 2013 +0800 +++ b/cli-runopts.c Sun Apr 14 22:49:10 2013 +0800 @@ -62,6 +62,7 @@ "-N Don't run a remote command\n" "-f Run in background after auth\n" "-y Always accept remote host key if unknown\n" + "-y -y Don't perform any remote host key checking (caution)\n" "-s Request a subsystem (use by external sftp)\n" #ifdef ENABLE_CLI_PUBKEY_AUTH "-i <identityfile> (multiple allowed)\n" @@ -130,6 +131,7 @@ cli_opts.backgrounded = 0; cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */ cli_opts.always_accept_key = 0; + cli_opts.no_hostkey_check = 0; cli_opts.is_subsystem = 0; #ifdef ENABLE_CLI_PUBKEY_AUTH cli_opts.privkeys = list_new(); @@ -213,6 +215,10 @@ switch (argv[i][1]) { case 'y': /* always accept the remote hostkey */ + if (cli_opts.always_accept_key) { + // twice means no checking at all + cli_opts.no_hostkey_check = 1; + } cli_opts.always_accept_key = 1; break; case 'p': /* remoteport */ @@ -461,20 +467,31 @@ int total; unsigned int len = 0; m_list_elem *iter; - /* Fill out -i and -W options that make sense for all + /* Fill out -i, -y, -W options that make sense for all * the intermediate processes */ for (iter = cli_opts.privkeys->first; iter; iter = iter->next) { sign_key * key = (sign_key*)iter->item; len += 3 + strlen(key->filename); } - len += 20; // space for -W <size>, terminator. + len += 30; // space for -W <size>, terminator. ret = m_malloc(len); total = 0; + if (cli_opts.no_hostkey_check) + { + int written = snprintf(ret+total, len-total, "-y -y "); + total += written; + } + else if (cli_opts.always_accept_key) + { + int written = snprintf(ret+total, len-total, "-y "); + total += written; + } + if (opts.recv_window != DEFAULT_RECV_WINDOW) { - int written = snprintf(ret+total, len-total, "-W %d", opts.recv_window); + int written = snprintf(ret+total, len-total, "-W %d ", opts.recv_window); total += written; } @@ -482,11 +499,17 @@ { sign_key * key = (sign_key*)iter->item; const size_t size = len - total; - int written = snprintf(ret+total, size, "-i %s", key->filename); + int written = snprintf(ret+total, size, "-i %s ", key->filename); dropbear_assert((unsigned int)written < size); total += written; } + /* if args where passed, total will be not zero, and it will have a space at the end, so remove that */ + if (total > 0) + { + total--; + } + return ret; }
--- a/dbclient.1 Thu Mar 21 23:29:04 2013 +0800 +++ b/dbclient.1 Sun Apr 14 22:49:10 2013 +0800 @@ -80,7 +80,8 @@ .TP .B \-y Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the -connection will abort as normal. +connection will abort as normal. If specified a second time no host key checking +is performed at all, this is usually undesirable. .TP .B \-A Forward agent connections to the remote host. dbclient will use any