HCoop / jackhill / guix / guix.git / blame
| Commit | Line | Data |
|---|---|---|
| 87d79282 MW |
1 | Fixes "saves unknown host's fingerprint in known_hosts without any prompt". |
| 2 | See: | |
| 3 | ||
| 4 | https://github.com/lavv17/lftp/issues/116 | |
| 5 | https://bugs.debian.org/774769 | |
| 6 | ||
| 7 | From bc7b476e782d77839765f56bbdb4cee9f36b54ec Mon Sep 17 00:00:00 2001 | |
| 8 | From: "Alexander V. Lukyanov" <lavv17f@gmail.com> | |
| 9 | Date: Tue, 13 Jan 2015 15:33:54 +0300 | |
| 10 | Subject: [PATCH] add settings fish:auto-confirm and sftp:auto-confirm | |
| 11 | ||
| 12 | New host keys are now not confirmed by default, this should improve security. | |
| 13 | Suggested by Marcin Szewczyk <Marcin.Szewczyk@wodny.org> | |
| 14 | --- | |
| 15 | doc/lftp.1 | 8 ++++++++ | |
| 16 | src/SSH_Access.cc | 5 +++-- | |
| 17 | src/resource.cc | 2 ++ | |
| 18 | 3 files changed, 13 insertions(+), 2 deletions(-) | |
| 19 | ||
| 20 | diff --git a/doc/lftp.1 b/doc/lftp.1 | |
| 21 | index cabc1be..ed6c388 100644 | |
| 22 | --- a/doc/lftp.1 | |
| 23 | +++ b/doc/lftp.1 | |
| 24 | @@ -1384,6 +1384,10 @@ address family in dns:order. | |
| 25 | .BR file:charset \ (string) | |
| 26 | local character set. It is set from current locale initially. | |
| 27 | .TP | |
| 28 | +.BR fish:auto-confirm \ (boolean) | |
| 29 | +when true, lftp answers ``yes'' to all ssh questions, in particular to the | |
| 30 | +question about a new host key. Otherwise it answers ``no''. | |
| 31 | +.TP | |
| 32 | .BR fish:charset \ (string) | |
| 33 | the character set used by fish server in requests, replies and file listings. | |
| 34 | Default is empty which means the same as local. | |
| 35 | @@ -1952,6 +1956,10 @@ minimal chunk size to split the file to. | |
| 36 | save pget transfer status this often. Set to `never' to disable saving of the status file. | |
| 37 | The status is saved to a file with suffix \fI.lftp-pget-status\fP. | |
| 38 | .TP | |
| 39 | +.BR sftp:auto-confirm \ (boolean) | |
| 40 | +when true, lftp answers ``yes'' to all ssh questions, in particular to the | |
| 41 | +question about a new host key. Otherwise it answers ``no''. | |
| 42 | +.TP | |
| 43 | .BR sftp:charset \ (string) | |
| 44 | the character set used by SFTP server in file names and file listings. | |
| 45 | Default is empty which means the same as local. This setting is only used | |
| 46 | diff --git a/src/SSH_Access.cc b/src/SSH_Access.cc | |
| 47 | index 706fc6a..17c716d 100644 | |
| 48 | --- a/src/SSH_Access.cc | |
| 49 | +++ b/src/SSH_Access.cc | |
| 50 | @@ -72,8 +72,9 @@ int SSH_Access::HandleSSHMessage() | |
| 51 | } | |
| 52 | if(s>=y_len && !strncasecmp(b+s-y_len,y,y_len)) | |
| 53 | { | |
| 54 | - pty_recv_buf->Put("yes\n"); | |
| 55 | - pty_send_buf->Put("yes\n"); | |
| 56 | + const char *answer=QueryBool("auto-confirm",hostname)?"yes\n":"no\n"; | |
| 57 | + pty_recv_buf->Put(answer); | |
| 58 | + pty_send_buf->Put(answer); | |
| 59 | return m; | |
| 60 | } | |
| 61 | if(!received_greeting && recv_buf->Size()>0) | |
| 62 | diff --git a/src/resource.cc b/src/resource.cc | |
| 63 | index 91b2e60..3a5e8b9 100644 | |
| 64 | --- a/src/resource.cc | |
| 65 | +++ b/src/resource.cc | |
| 66 | @@ -339,6 +339,7 @@ static ResType lftp_vars[] = { | |
| 67 | {"mirror:no-empty-dirs", "no", ResMgr::BoolValidate,ResMgr::NoClosure}, | |
| 68 | {"mirror:require-source", "no", ResMgr::BoolValidate,ResMgr::NoClosure}, | |
| 69 | ||
| 70 | + {"sftp:auto-confirm", "no", ResMgr::BoolValidate,0}, | |
| 71 | {"sftp:max-packets-in-flight","16", ResMgr::UNumberValidate,0}, | |
| 72 | {"sftp:protocol-version", "6", ResMgr::UNumberValidate,0}, | |
| 73 | {"sftp:size-read", "32k", ResMgr::UNumberValidate,0}, | |
| 74 | @@ -367,6 +368,7 @@ static ResType lftp_vars[] = { | |
| 75 | {"dns:strict-dnssec", "no", ResMgr::BoolValidate,0}, | |
| 76 | #endif | |
| 77 | ||
| 78 | + {"fish:auto-confirm", "no", ResMgr::BoolValidate,0}, | |
| 79 | {"fish:shell", "/bin/sh",0,0}, | |
| 80 | {"fish:connect-program", "ssh -a -x",0,0}, | |
| 81 | {"fish:charset", "", ResMgr::CharsetValidate,0}, |