mirror of
https://github.com/MidnightCommander/mc
synced 2024-12-23 04:46:55 +03:00
Merge branch '4506_sftpfs_hashed_hostname'
* 4506_sftpfs_hashed_hostname: sftpfs: don't set preferred hostkey methods too restrictively.
This commit is contained in:
commit
cf7846cd62
@ -74,6 +74,37 @@ static const char *const hostkey_method_ssh_ecdsa_256 = "ecdsa-sha2-nistp256";
|
||||
static const char *const hostkey_method_ssh_rsa = "ssh-rsa";
|
||||
static const char *const hostkey_method_ssh_dss = "ssh-dss";
|
||||
|
||||
/* *INDENT-OFF* */
|
||||
static const char *default_hostkey_methods =
|
||||
#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256
|
||||
"ecdsa-sha2-nistp256,"
|
||||
#endif
|
||||
#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_384
|
||||
"ecdsa-sha2-nistp384,"
|
||||
#endif
|
||||
#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_521
|
||||
"ecdsa-sha2-nistp521,"
|
||||
#endif
|
||||
#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_256
|
||||
"ecdsa-sha2-nistp256-cert-v01@openssh.com,"
|
||||
#endif
|
||||
#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_384
|
||||
"ecdsa-sha2-nistp384-cert-v01@openssh.com,"
|
||||
#endif
|
||||
#ifdef LIBSSH2_KNOWNHOST_KEY_ECDSA_521
|
||||
"ecdsa-sha2-nistp521-cert-v01@openssh.com,"
|
||||
#endif
|
||||
#ifdef LIBSSH2_KNOWNHOST_KEY_ED25519
|
||||
"ssh-ed25519,"
|
||||
"ssh-ed25519-cert-v01@openssh.com,"
|
||||
#endif
|
||||
"rsa-sha2-256,"
|
||||
"rsa-sha2-512,"
|
||||
"ssh-rsa,"
|
||||
"ssh-rsa-cert-v01@openssh.com,"
|
||||
"ssh-dss";
|
||||
/* *INDENT-ON* */
|
||||
|
||||
/**
|
||||
*
|
||||
* The current implementation of know host key checking has following limitations:
|
||||
@ -257,8 +288,10 @@ sftpfs_read_known_hosts (struct vfs_s_super *super, GError ** mcerror)
|
||||
continue;
|
||||
|
||||
if (store->name == NULL)
|
||||
found = TRUE;
|
||||
else if (store->name[0] != '[')
|
||||
/* Ignore hashed hostnames. Currently, libssh2 offers no way for us to match it */
|
||||
continue;
|
||||
|
||||
if (store->name[0] != '[')
|
||||
found = strcmp (store->name, super->path_element->host) == 0;
|
||||
else
|
||||
{
|
||||
@ -285,6 +318,7 @@ sftpfs_read_known_hosts (struct vfs_s_super *super, GError ** mcerror)
|
||||
{
|
||||
int mask;
|
||||
const char *hostkey_method = NULL;
|
||||
char *hostkey_methods;
|
||||
|
||||
mask = store->typemask & LIBSSH2_KNOWNHOST_KEY_MASK;
|
||||
|
||||
@ -326,8 +360,15 @@ sftpfs_read_known_hosts (struct vfs_s_super *super, GError ** mcerror)
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
/* Append the default hostkey methods (with lower priority).
|
||||
* Since we ignored hashed hostnames, the actual matching host
|
||||
* key might have different type than the one found in
|
||||
* known_hosts for non-hashed hostname. Methods not supported
|
||||
* by libssh2 it are ignored. */
|
||||
hostkey_methods = g_strdup_printf ("%s,%s", hostkey_method, default_hostkey_methods);
|
||||
rc = libssh2_session_method_pref (sftpfs_super->session, LIBSSH2_METHOD_HOSTKEY,
|
||||
hostkey_method);
|
||||
hostkey_methods);
|
||||
g_free (hostkey_methods);
|
||||
if (rc < 0)
|
||||
goto err;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user