[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnurl] 17/411: sftp: add the option CURLKHSTAT_FINE_REPLACE
From: |
gnunet |
Subject: |
[gnurl] 17/411: sftp: add the option CURLKHSTAT_FINE_REPLACE |
Date: |
Wed, 13 Jan 2021 01:17:12 +0100 |
This is an automated email from the git hooks/post-receive script.
nikita pushed a commit to branch master
in repository gnurl.
commit ebc6c54c74fc65abf1385f7206caf766847f4302
Author: Michael Musset <mickamusset@gmail.com>
AuthorDate: Wed Jul 15 16:39:40 2020 +0200
sftp: add the option CURLKHSTAT_FINE_REPLACE
Replace the old fingerprint of the host with a new.
Closes #5685
---
docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3 | 11 +++++++++--
docs/libcurl/symbols-in-versions | 1 +
include/curl/curl.h | 1 +
lib/vssh/libssh2.c | 11 +++++++++--
4 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3
b/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3
index 895bc3687..233221f79 100644
--- a/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3
+++ b/docs/libcurl/opts/CURLOPT_SSH_KEYFUNCTION.3
@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
-.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+.\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -35,6 +35,7 @@ enum curl_khstat {
now so this causes a CURLE_DEFER error but
otherwise the connection will be left intact
etc */
+ CURLKHSTAT_FINE_REPLACE
};
enum curl_khmatch {
@@ -72,7 +73,13 @@ known_hosts file \fIknownkey\fP, the key from the remote
site \fIfoundkey\fP,
info from libcurl on the matching status and a custom pointer (set with
\fICURLOPT_SSH_KEYDATA(3)\fP). It MUST return one of the following return
codes to tell libcurl how to act:
-
+.IP CURLKHSTAT_FINE_REPLACE
+The new host+key is accepted and libcurl will replace the old host+key into
+the known_hosts file before continuing with the connection. This will also
+add the new host+key combo to the known_host pool kept in memory if it wasn't
+already present there. The adding of data to the file is done by completely
+replacing the file with a new copy, so the permissions of the file must allow
+this. (Added in 7.73.0)
.IP CURLKHSTAT_FINE_ADD_TO_FILE
The host+key is accepted and libcurl will append it to the known_hosts file
before continuing with the connection. This will also add the host+key combo
diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions
index 797e8ab33..0e2faacec 100644
--- a/docs/libcurl/symbols-in-versions
+++ b/docs/libcurl/symbols-in-versions
@@ -311,6 +311,7 @@ CURLKHMATCH_OK 7.19.6
CURLKHSTAT_DEFER 7.19.6
CURLKHSTAT_FINE 7.19.6
CURLKHSTAT_FINE_ADD_TO_FILE 7.19.6
+CURLKHSTAT_FINE_REPLACE 7.73.0
CURLKHSTAT_REJECT 7.19.6
CURLKHTYPE_DSS 7.19.6
CURLKHTYPE_ECDSA 7.58.0
diff --git a/include/curl/curl.h b/include/curl/curl.h
index f4d5bf645..2366ef3c7 100644
--- a/include/curl/curl.h
+++ b/include/curl/curl.h
@@ -832,6 +832,7 @@ enum curl_khstat {
CURLKHSTAT_DEFER, /* do not accept it, but we can't answer right now so
this causes a CURLE_DEFER error but otherwise the
connection will be left intact etc */
+ CURLKHSTAT_FINE_REPLACE, /* accept and replace the wrong key*/
CURLKHSTAT_LAST /* not for use, only a marker for last-in-list */
};
diff --git a/lib/vssh/libssh2.c b/lib/vssh/libssh2.c
index dc4db6f2e..968bc1e20 100644
--- a/lib/vssh/libssh2.c
+++ b/lib/vssh/libssh2.c
@@ -442,6 +442,7 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
if(data->set.str[STRING_SSH_KNOWNHOSTS]) {
/* we're asked to verify the host against a file */
struct ssh_conn *sshc = &conn->proto.sshc;
+ struct libssh2_knownhost *host = NULL;
int rc;
int keytype;
size_t keylen;
@@ -456,7 +457,6 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
* What host name does OpenSSH store in its file if an IDN name is
* used?
*/
- struct libssh2_knownhost *host;
enum curl_khmatch keymatch;
curl_sshkeycallback func =
data->set.ssh_keyfunc?data->set.ssh_keyfunc:sshkeycallback;
@@ -568,7 +568,13 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
/* DEFER means bail out but keep the SSH_HOSTKEY state */
result = sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
break;
+ case CURLKHSTAT_FINE_REPLACE:
+ /* remove old host+key that doesn't match */
+ if(host)
+ libssh2_knownhost_del(sshc->kh, host);
+ /*FALLTHROUGH*/
case CURLKHSTAT_FINE:
+ /*FALLTHROUGH*/
case CURLKHSTAT_FINE_ADD_TO_FILE:
/* proceed */
if(keycheck != LIBSSH2_KNOWNHOST_CHECK_MATCH) {
@@ -583,7 +589,8 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
if(addrc)
infof(data, "Warning adding the known host %s failed!\n",
conn->host.name);
- else if(rc == CURLKHSTAT_FINE_ADD_TO_FILE) {
+ else if(rc == CURLKHSTAT_FINE_ADD_TO_FILE ||
+ rc == CURLKHSTAT_FINE_REPLACE) {
/* now we write the entire in-memory list of known hosts to the
known_hosts file */
int wrc =
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [gnurl] 25/411: multi: expand pre-check for socket readiness, (continued)
- [gnurl] 25/411: multi: expand pre-check for socket readiness, gnunet, 2021/01/12
- [gnurl] 14/411: curl: support XDG_CONFIG_HOME to find .curlrc, gnunet, 2021/01/12
- [gnurl] 20/411: docs: --output-dir is added in 7.73.0, nothing else, gnunet, 2021/01/12
- [gnurl] 34/411: socketpair: allow CURL_DISABLE_SOCKETPAIR, gnunet, 2021/01/12
- [gnurl] 22/411: select: fix poll-based check not detecting connect failure, gnunet, 2021/01/12
- [gnurl] 21/411: select.h: make socket validation macros test for INVALID_SOCKET, gnunet, 2021/01/12
- [gnurl] 23/411: select: reduce duplication of Curl_poll in Curl_socket_check, gnunet, 2021/01/12
- [gnurl] 28/411: winbuild/README.md: make <options> visible, gnunet, 2021/01/12
- [gnurl] 31/411: git: ignore libtests in 3XXX area, gnunet, 2021/01/12
- [gnurl] 26/411: lib1560: verify "redirect" to double-slash leading URL, gnunet, 2021/01/12
- [gnurl] 17/411: sftp: add the option CURLKHSTAT_FINE_REPLACE,
gnunet <=
- [gnurl] 19/411: curl: add --output-dir, gnunet, 2021/01/12
- [gnurl] 30/411: doh: add error message for DOH_DNS_NAME_TOO_LONG, gnunet, 2021/01/12
- [gnurl] 29/411: ngtcp2: adapt to the new pkt_info arguments, gnunet, 2021/01/12
- [gnurl] 16/411: RELEASE-NOTES: synced, gnunet, 2021/01/12
- [gnurl] 24/411: multi: implement wait using winsock events, gnunet, 2021/01/12
- [gnurl] 12/411: setopt: if the buffer exists, refuse the new BUFFERSIZE, gnunet, 2021/01/12
- [gnurl] 13/411: etag: save and use the full received contents, gnunet, 2021/01/12
- [gnurl] 27/411: winbuild: convert the instruction text to README.md, gnunet, 2021/01/12
- [gnurl] 15/411: checksrc: verify do-while and spaces between the braces, gnunet, 2021/01/12
- [gnurl] 59/411: docs: add description about CI platforms to CONTRIBUTE.md, gnunet, 2021/01/12