changeset 772:7fc0aeada79c

-y -y to disable hostkey checking fix missing trailing space when passing arguments for multihop mode From Hans Harder
author Matt Johnston <matt@ucc.asn.au>
date Sun, 14 Apr 2013 22:49:10 +0800
parents 1b8b2b9d6e94
children a9f2a6ae4eb5
files cli-kex.c cli-runopts.c dbclient.1 runopts.h
diffstat 4 files changed, 35 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/cli-kex.c	Thu Mar 21 23:29:04 2013 +0800
+++ b/cli-kex.c	Sun Apr 14 22:49:10 2013 +0800
@@ -217,6 +217,11 @@
 	buffer * line = NULL;
 	int ret;
 
+	if (cli_opts.no_hostkey_check) {
+		fprintf(stderr, "Caution, skipping hostkey check for %s\n", cli_opts.remotehost);
+		return;
+	}
+
 	hostsfile = open_known_hosts_file(&readonly);
 	if (!hostsfile)	{
 		ask_to_confirm(keyblob, keybloblen);
--- a/cli-runopts.c	Thu Mar 21 23:29:04 2013 +0800
+++ b/cli-runopts.c	Sun Apr 14 22:49:10 2013 +0800
@@ -62,6 +62,7 @@
 					"-N    Don't run a remote command\n"
 					"-f    Run in background after auth\n"
 					"-y    Always accept remote host key if unknown\n"
+					"-y -y Don't perform any remote host key checking (caution)\n"
 					"-s    Request a subsystem (use by external sftp)\n"
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 					"-i <identityfile>   (multiple allowed)\n"
@@ -130,6 +131,7 @@
 	cli_opts.backgrounded = 0;
 	cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */
 	cli_opts.always_accept_key = 0;
+	cli_opts.no_hostkey_check = 0;
 	cli_opts.is_subsystem = 0;
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 	cli_opts.privkeys = list_new();
@@ -213,6 +215,10 @@
 
 			switch (argv[i][1]) {
 				case 'y': /* always accept the remote hostkey */
+					if (cli_opts.always_accept_key) {
+						// twice means no checking at all
+						cli_opts.no_hostkey_check = 1;
+					}
 					cli_opts.always_accept_key = 1;
 					break;
 				case 'p': /* remoteport */
@@ -461,20 +467,31 @@
 	int total;
 	unsigned int len = 0;
 	m_list_elem *iter;
-	/* Fill out -i and -W options that make sense for all
+	/* Fill out -i, -y, -W options that make sense for all
 	 * the intermediate processes */
 	for (iter = cli_opts.privkeys->first; iter; iter = iter->next)
 	{
 		sign_key * key = (sign_key*)iter->item;
 		len += 3 + strlen(key->filename);
 	}
-	len += 20; // space for -W <size>, terminator.
+	len += 30; // space for -W <size>, terminator.
 	ret = m_malloc(len);
 	total = 0;
 
+	if (cli_opts.no_hostkey_check)
+	{
+		int written = snprintf(ret+total, len-total, "-y -y ");
+		total += written;
+	}
+	else if (cli_opts.always_accept_key)
+	{
+		int written = snprintf(ret+total, len-total, "-y ");
+		total += written;
+	}
+
 	if (opts.recv_window != DEFAULT_RECV_WINDOW)
 	{
-		int written = snprintf(ret+total, len-total, "-W %d", opts.recv_window);
+		int written = snprintf(ret+total, len-total, "-W %d ", opts.recv_window);
 		total += written;
 	}
 
@@ -482,11 +499,17 @@
 	{
 		sign_key * key = (sign_key*)iter->item;
 		const size_t size = len - total;
-		int written = snprintf(ret+total, size, "-i %s", key->filename);
+		int written = snprintf(ret+total, size, "-i %s ", key->filename);
 		dropbear_assert((unsigned int)written < size);
 		total += written;
 	}
 
+	/* if args where passed, total will be not zero, and it will have a space at the end, so remove that */
+	if (total > 0) 
+	{
+		total--;
+	}
+
 	return ret;
 }
 
--- a/dbclient.1	Thu Mar 21 23:29:04 2013 +0800
+++ b/dbclient.1	Sun Apr 14 22:49:10 2013 +0800
@@ -80,7 +80,8 @@
 .TP
 .B \-y
 Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the
-connection will abort as normal.
+connection will abort as normal. If specified a second time no host key checking
+is performed at all, this is usually undesirable.
 .TP
 .B \-A
 Forward agent connections to the remote host. dbclient will use any
--- a/runopts.h	Thu Mar 21 23:29:04 2013 +0800
+++ b/runopts.h	Sun Apr 14 22:49:10 2013 +0800
@@ -121,6 +121,7 @@
 	char *cmd;
 	int wantpty;
 	int always_accept_key;
+	int no_hostkey_check;
 	int no_cmd;
 	int backgrounded;
 	int is_subsystem;