mirror of
https://github.com/moparisthebest/curl
synced 2024-12-23 08:38:49 -05:00
sftp: add the option CURLKHSTAT_FINE_REPLACE
Replace the old fingerprint of the host with a new. Closes #5685
This commit is contained in:
parent
ddf47bbc0a
commit
ebc6c54c74
@ -5,7 +5,7 @@
|
|||||||
.\" * | (__| |_| | _ <| |___
|
.\" * | (__| |_| | _ <| |___
|
||||||
.\" * \___|\___/|_| \_\_____|
|
.\" * \___|\___/|_| \_\_____|
|
||||||
.\" *
|
.\" *
|
||||||
.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
|
.\" * Copyright (C) 1998 - 2020, Daniel Stenberg, <daniel@haxx.se>, et al.
|
||||||
.\" *
|
.\" *
|
||||||
.\" * This software is licensed as described in the file COPYING, which
|
.\" * This software is licensed as described in the file COPYING, which
|
||||||
.\" * you should have received as part of this distribution. The terms
|
.\" * you should have received as part of this distribution. The terms
|
||||||
@ -35,6 +35,7 @@ enum curl_khstat {
|
|||||||
now so this causes a CURLE_DEFER error but
|
now so this causes a CURLE_DEFER error but
|
||||||
otherwise the connection will be left intact
|
otherwise the connection will be left intact
|
||||||
etc */
|
etc */
|
||||||
|
CURLKHSTAT_FINE_REPLACE
|
||||||
};
|
};
|
||||||
|
|
||||||
enum curl_khmatch {
|
enum curl_khmatch {
|
||||||
@ -72,7 +73,13 @@ known_hosts file \fIknownkey\fP, the key from the remote site \fIfoundkey\fP,
|
|||||||
info from libcurl on the matching status and a custom pointer (set with
|
info from libcurl on the matching status and a custom pointer (set with
|
||||||
\fICURLOPT_SSH_KEYDATA(3)\fP). It MUST return one of the following return
|
\fICURLOPT_SSH_KEYDATA(3)\fP). It MUST return one of the following return
|
||||||
codes to tell libcurl how to act:
|
codes to tell libcurl how to act:
|
||||||
|
.IP CURLKHSTAT_FINE_REPLACE
|
||||||
|
The new host+key is accepted and libcurl will replace the old host+key into
|
||||||
|
the known_hosts file before continuing with the connection. This will also
|
||||||
|
add the new host+key combo to the known_host pool kept in memory if it wasn't
|
||||||
|
already present there. The adding of data to the file is done by completely
|
||||||
|
replacing the file with a new copy, so the permissions of the file must allow
|
||||||
|
this. (Added in 7.73.0)
|
||||||
.IP CURLKHSTAT_FINE_ADD_TO_FILE
|
.IP CURLKHSTAT_FINE_ADD_TO_FILE
|
||||||
The host+key is accepted and libcurl will append it to the known_hosts file
|
The host+key is accepted and libcurl will append it to the known_hosts file
|
||||||
before continuing with the connection. This will also add the host+key combo
|
before continuing with the connection. This will also add the host+key combo
|
||||||
|
@ -311,6 +311,7 @@ CURLKHMATCH_OK 7.19.6
|
|||||||
CURLKHSTAT_DEFER 7.19.6
|
CURLKHSTAT_DEFER 7.19.6
|
||||||
CURLKHSTAT_FINE 7.19.6
|
CURLKHSTAT_FINE 7.19.6
|
||||||
CURLKHSTAT_FINE_ADD_TO_FILE 7.19.6
|
CURLKHSTAT_FINE_ADD_TO_FILE 7.19.6
|
||||||
|
CURLKHSTAT_FINE_REPLACE 7.73.0
|
||||||
CURLKHSTAT_REJECT 7.19.6
|
CURLKHSTAT_REJECT 7.19.6
|
||||||
CURLKHTYPE_DSS 7.19.6
|
CURLKHTYPE_DSS 7.19.6
|
||||||
CURLKHTYPE_ECDSA 7.58.0
|
CURLKHTYPE_ECDSA 7.58.0
|
||||||
|
@ -832,6 +832,7 @@ enum curl_khstat {
|
|||||||
CURLKHSTAT_DEFER, /* do not accept it, but we can't answer right now so
|
CURLKHSTAT_DEFER, /* do not accept it, but we can't answer right now so
|
||||||
this causes a CURLE_DEFER error but otherwise the
|
this causes a CURLE_DEFER error but otherwise the
|
||||||
connection will be left intact etc */
|
connection will be left intact etc */
|
||||||
|
CURLKHSTAT_FINE_REPLACE, /* accept and replace the wrong key*/
|
||||||
CURLKHSTAT_LAST /* not for use, only a marker for last-in-list */
|
CURLKHSTAT_LAST /* not for use, only a marker for last-in-list */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -442,6 +442,7 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
|
|||||||
if(data->set.str[STRING_SSH_KNOWNHOSTS]) {
|
if(data->set.str[STRING_SSH_KNOWNHOSTS]) {
|
||||||
/* we're asked to verify the host against a file */
|
/* we're asked to verify the host against a file */
|
||||||
struct ssh_conn *sshc = &conn->proto.sshc;
|
struct ssh_conn *sshc = &conn->proto.sshc;
|
||||||
|
struct libssh2_knownhost *host = NULL;
|
||||||
int rc;
|
int rc;
|
||||||
int keytype;
|
int keytype;
|
||||||
size_t keylen;
|
size_t keylen;
|
||||||
@ -456,7 +457,6 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
|
|||||||
* What host name does OpenSSH store in its file if an IDN name is
|
* What host name does OpenSSH store in its file if an IDN name is
|
||||||
* used?
|
* used?
|
||||||
*/
|
*/
|
||||||
struct libssh2_knownhost *host;
|
|
||||||
enum curl_khmatch keymatch;
|
enum curl_khmatch keymatch;
|
||||||
curl_sshkeycallback func =
|
curl_sshkeycallback func =
|
||||||
data->set.ssh_keyfunc?data->set.ssh_keyfunc:sshkeycallback;
|
data->set.ssh_keyfunc?data->set.ssh_keyfunc:sshkeycallback;
|
||||||
@ -568,7 +568,13 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
|
|||||||
/* DEFER means bail out but keep the SSH_HOSTKEY state */
|
/* DEFER means bail out but keep the SSH_HOSTKEY state */
|
||||||
result = sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
|
result = sshc->actualcode = CURLE_PEER_FAILED_VERIFICATION;
|
||||||
break;
|
break;
|
||||||
|
case CURLKHSTAT_FINE_REPLACE:
|
||||||
|
/* remove old host+key that doesn't match */
|
||||||
|
if(host)
|
||||||
|
libssh2_knownhost_del(sshc->kh, host);
|
||||||
|
/*FALLTHROUGH*/
|
||||||
case CURLKHSTAT_FINE:
|
case CURLKHSTAT_FINE:
|
||||||
|
/*FALLTHROUGH*/
|
||||||
case CURLKHSTAT_FINE_ADD_TO_FILE:
|
case CURLKHSTAT_FINE_ADD_TO_FILE:
|
||||||
/* proceed */
|
/* proceed */
|
||||||
if(keycheck != LIBSSH2_KNOWNHOST_CHECK_MATCH) {
|
if(keycheck != LIBSSH2_KNOWNHOST_CHECK_MATCH) {
|
||||||
@ -583,7 +589,8 @@ static CURLcode ssh_knownhost(struct connectdata *conn)
|
|||||||
if(addrc)
|
if(addrc)
|
||||||
infof(data, "Warning adding the known host %s failed!\n",
|
infof(data, "Warning adding the known host %s failed!\n",
|
||||||
conn->host.name);
|
conn->host.name);
|
||||||
else if(rc == CURLKHSTAT_FINE_ADD_TO_FILE) {
|
else if(rc == CURLKHSTAT_FINE_ADD_TO_FILE ||
|
||||||
|
rc == CURLKHSTAT_FINE_REPLACE) {
|
||||||
/* now we write the entire in-memory list of known hosts to the
|
/* now we write the entire in-memory list of known hosts to the
|
||||||
known_hosts file */
|
known_hosts file */
|
||||||
int wrc =
|
int wrc =
|
||||||
|
Loading…
Reference in New Issue
Block a user