Attachment 2653 Details for Bug 2413 – Accept UserKnownHostsFile=none

[patch] Accept UserKnownHostsFile=none

knownhostsnone.diff (text/plain), 3.32 KB, created by Damien Miller on 2015-06-24 10:30:13 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Damien Miller

Created: 2015-06-24 10:30:13 AEST

Size: 3.32 KB

patch

obsolete

>diff --git a/ssh.c b/ssh.c
>index 3fd5a94..bf6b33f 100644
>--- a/ssh.c
>+++ b/ssh.c
>@@ -221,20 +221,37 @@ static void main_sigchld_handler(int);
> void muxclient(const char *);
> void muxserver_listen(void);
> 
>-/* ~/ expand a list of paths. NB. assumes path[n] is heap-allocated. */
>+/*
>+ * ~ expand hostfiles lists, checking for magic "none" option that causes
>+ * the list to be treated as empty.
>+ */
> static void
>-tilde_expand_paths(char **paths, u_int num_paths)
>+expand_hostfiles(char **paths, u_int *num_pathsp)
> {
>-	u_int i;
>+	u_int i, has_none = 0;
> 	char *cp;
> 
>-	for (i = 0; i < num_paths; i++) {
>+	for (i = 0; i < *num_pathsp; i++) {
>+		if (strcasecmp(paths[i], "none") == 0) {
>+			has_none = 1;
>+			break;
>+		}
> 		cp = tilde_expand_filename(paths[i], original_real_uid);
> 		free(paths[i]);
> 		paths[i] = cp;
> 	}
>+
>+	if (has_none) {
>+		for (i = 0; i < *num_pathsp; i++) {
>+			free(paths[i]);
>+			paths[i] = NULL;
>+		}
>+		*num_pathsp = 0;
>+		return;
>+	}
> }
> 
>+
> /*
>  * Attempt to resolve a host name / port to a set of addresses and
>  * optionally return any CNAMEs encountered along the way.
>@@ -1313,10 +1330,11 @@ main(int ac, char **av)
> 	/* load options.identity_files */
> 	load_public_identity_files();
> 
>-	/* Expand ~ in known host file names. */
>-	tilde_expand_paths(options.system_hostfiles,
>-	    options.num_system_hostfiles);
>-	tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);
>+	/* Expand ~ in known host file names and check for "none" */
>+	expand_hostfiles(options.system_hostfiles,
>+	    &options.num_system_hostfiles);
>+	expand_hostfiles(options.user_hostfiles,
>+	    &options.num_user_hostfiles);
> 
> 	signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
> 	signal(SIGCHLD, main_sigchld_handler);
>diff --git a/sshconnect.c b/sshconnect.c
>index f41960c..188f605 100644
>--- a/sshconnect.c
>+++ b/sshconnect.c
>@@ -904,7 +904,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
> 		if (want_cert && !check_host_cert(hostname, host_key))
> 			goto fail;
> 		if (options.check_host_ip && ip_status == HOST_NEW) {
>-			if (readonly || want_cert)
>+			if (readonly || want_cert || num_user_hostfiles == 0)
> 				logit("%s host key for IP address "
> 				    "'%.128s' not in list of known hosts.",
> 				    type, ip);
>@@ -1004,6 +1004,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
> 		if (options.check_host_ip && ip_status == HOST_NEW) {
> 			snprintf(hostline, sizeof(hostline), "%s,%s", host, ip);
> 			hostp = hostline;
>+			if (num_user_hostfiles == 0)
>+				break;
> 			if (options.hash_known_hosts) {
> 				/* Add hash of host and IP separately */
> 				r = add_host_to_hostfile(user_hostfiles[0],
>@@ -1017,9 +1019,11 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
> 				    options.hash_known_hosts);
> 			}
> 		} else {
>+			hostp = host;
>+			if (num_user_hostfiles == 0)
>+				break;
> 			r = add_host_to_hostfile(user_hostfiles[0], host,
> 			    host_key, options.hash_known_hosts);
>-			hostp = host;
> 		}
> 
> 		if (!r)
>@@ -1084,6 +1088,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
> 		}
> 		/* The host key has changed. */
> 		warn_changed_key(host_key);
>+		if (num_user_hostfiles == 0)
>+			goto fail;
> 		error("Add correct host key in %.100s to get rid of this message.",
> 		    user_hostfiles[0]);
> 		error("Offending %s key in %s:%lu", key_type(host_found->key),

Actions: View | Diff

Attachments on bug 2413: 2653