commit f6e3201f2edd51a1b667deb2a70a3432e0b9f96d
author roman <xjanot04@fit.vutbr.cz> Mon Apr 24 15:51:26 2023 +0200
committer Michal Vasko <mvasko@cesnet.cz> Fri Nov 03 15:03:11 2023 +0100
tree 2835f9e98510114e595c4de9bc16420e4918fc65
parent 0e8dedbbd7de6ad06a929f3bbdf51460ee2263c1

client UPDATE set known_hosts file/mode

Added two new API calls, one of them sets the path to the known_hosts
file and the other sets the behaviour of host key checking. Now the
client's host key checking functionality is similar to the one described
in man ssh_config under StrictHostKeyChecking.

src/session_p.h

diff --git a/src/session_p.h b/src/session_p.h
index 1995d05..4ac237e 100644
--- a/src/session_p.h
+++ b/src/session_p.h
@@ -70,37 +70,6 @@
     NC_SSH_PUBKEY_X509 /**< begins with BEGIN PUBLICKEY, see RFC 5280 sec. 4.1.2.7 */
 } NC_SSH_PUBKEY_TYPE;
 
-/* ACCESS unlocked */
-struct nc_client_ssh_opts {
-    /* SSH authentication method preferences */
-    struct {
-        NC_SSH_AUTH_TYPE type;
-        int16_t value;
-    } auth_pref[NC_SSH_AUTH_COUNT];
-
-    /* SSH key pairs */
-    struct {
-        char *pubkey_path;
-        char *privkey_path;
-        int8_t privkey_crypt;
-    } *keys;
-    uint16_t key_count;
-
-    /* SSH authentication callbacks */
-    int (*auth_hostkey_check)(const char *, ssh_session, void *);
-    char *(*auth_password)(const char *, const char *, void *);
-    char *(*auth_interactive)(const char *, const char *, const char *, int, void *);
-    char *(*auth_privkey_passphrase)(const char *, void *);
-
-    /* private data for the callbacks */
-    void *auth_hostkey_check_priv;
-    void *auth_password_priv;
-    void *auth_interactive_priv;
-    void *auth_privkey_passphrase_priv;
-
-    char *username;
-};
-
 /**
  * @brief A basic certificate.
  */
@@ -306,6 +275,38 @@
 };
 
 /* ACCESS unlocked */
+struct nc_client_ssh_opts {
+    char *knownhosts_path;  /**< path to known_hosts file */
+    NC_KNOWNHOSTS_MODE knownhosts_mode; /**< implies whether to check known_hosts or not */
+
+    /* SSH authentication method preferences */
+    struct {
+        NC_SSH_AUTH_TYPE type;
+        int16_t value;
+    } auth_pref[NC_SSH_AUTH_COUNT];
+
+    /* SSH key pairs */
+    struct {
+        char *pubkey_path;
+        char *privkey_path;
+        int8_t privkey_crypt;
+    } *keys;
+    uint16_t key_count;
+
+    /* SSH authentication callbacks */
+    char *(*auth_password)(const char *, const char *, void *);
+    char *(*auth_interactive)(const char *, const char *, const char *, int, void *);
+    char *(*auth_privkey_passphrase)(const char *, void *);
+
+    /* private data for the callbacks */
+    void *auth_password_priv;
+    void *auth_interactive_priv;
+    void *auth_privkey_passphrase_priv;
+
+    char *username;
+};
+
+/* ACCESS unlocked */
 struct nc_client_opts {
     char *schema_searchpath;
     int auto_context_fill_disabled;
@@ -671,7 +672,7 @@
 
 void *nc_realloc(void *ptr, size_t size);
 
-struct passwd *nc_getpwuid(uid_t uid, struct passwd *pwd_buf, char **buf, size_t *buf_size);
+struct passwd *nc_getpw(uid_t uid, const char *username, struct passwd *pwd_buf, char **buf, size_t *buf_size);
 
 NC_MSG_TYPE nc_send_msg_io(struct nc_session *session, int io_timeout, struct lyd_node *op);