Mercurial > dropbear
changeset 418:ab57ba0cb667
Add '-y' option to dbclient to accept the host key without checking
- patch from Luciano Miguel Ferreira Rocha.
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 11 Feb 2007 08:50:21 +0000 |
parents | fb02e3180d90 |
children | b2f81110c80b 7f010e3b1802 |
files | cli-kex.c cli-runopts.c runopts.h |
diffstat | 3 files changed, 33 insertions(+), 18 deletions(-) [+] |
line wrap: on
line diff
--- a/cli-kex.c Fri Feb 09 10:55:20 2007 +0000 +++ b/cli-kex.c Sun Feb 11 08:50:21 2007 +0000 @@ -119,6 +119,13 @@ char response = 'z'; fp = sign_key_fingerprint(keyblob, keybloblen); + if (cli_opts.always_accept_key) { + fprintf(stderr, "\nHost '%s' key accepted unconditionally.\n(fingerprint %s)\n", + cli_opts.remotehost, + fp); + m_free(fp); + return; + } fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n", cli_opts.remotehost, fp); @@ -268,24 +275,26 @@ goto out; } - /* put the new entry in the file */ - fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */ - buf_setpos(line, 0); - buf_setlen(line, 0); - buf_putbytes(line, ses.remotehost, hostlen); - buf_putbyte(line, ' '); - buf_putbytes(line, algoname, algolen); - buf_putbyte(line, ' '); - len = line->size - line->pos; - TRACE(("keybloblen %d, len %d", keybloblen, len)) - /* The only failure with base64 is buffer_overflow, but buf_getwriteptr - * will die horribly in the case anyway */ - base64_encode(keyblob, keybloblen, buf_getwriteptr(line, len), &len); - buf_incrwritepos(line, len); - buf_putbyte(line, '\n'); - buf_setpos(line, 0); - fwrite(buf_getptr(line, line->len), line->len, 1, hostsfile); - /* We ignore errors, since there's not much we can do about them */ + if (!cli_opts.always_accept_key) { + /* put the new entry in the file */ + fseek(hostsfile, 0, SEEK_END); /* In case it wasn't opened append */ + buf_setpos(line, 0); + buf_setlen(line, 0); + buf_putbytes(line, ses.remotehost, hostlen); + buf_putbyte(line, ' '); + buf_putbytes(line, algoname, algolen); + buf_putbyte(line, ' '); + len = line->size - line->pos; + TRACE(("keybloblen %d, len %d", keybloblen, len)) + /* The only failure with base64 is buffer_overflow, but buf_getwriteptr + * will die horribly in the case anyway */ + base64_encode(keyblob, keybloblen, buf_getwriteptr(line, len), &len); + buf_incrwritepos(line, len); + buf_putbyte(line, '\n'); + buf_setpos(line, 0); + fwrite(buf_getptr(line, line->len), line->len, 1, hostsfile); + /* We ignore errors, since there's not much we can do about them */ + } out: if (hostsfile != NULL) {
--- a/cli-runopts.c Fri Feb 09 10:55:20 2007 +0000 +++ b/cli-runopts.c Sun Feb 11 08:50:21 2007 +0000 @@ -52,6 +52,7 @@ "-T Don't allocate a pty\n" "-N Don't run a remote command\n" "-f Run in background after auth\n" + "-y Always accept remote host key if unknown\n" #ifdef ENABLE_CLI_PUBKEY_AUTH "-i <identityfile> (multiple allowed)\n" #endif @@ -93,6 +94,7 @@ cli_opts.no_cmd = 0; cli_opts.backgrounded = 0; cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */ + cli_opts.always_accept_key = 0; #ifdef ENABLE_CLI_PUBKEY_AUTH cli_opts.privkeys = NULL; #endif @@ -148,6 +150,9 @@ /* A flag *waves* */ switch (argv[i][1]) { + case 'y': /* always accept the remote hostkey */ + cli_opts.always_accept_key = 1; + break; case 'p': /* remoteport */ next = &cli_opts.remoteport; break;