knownhosts: Take StrictHostKeyChecking option into account

Signed-off-by: Sanne Raymaekers <sraymaek@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
2018-11-08 13:28:03 +01:00 · 2018-11-08 13:28:03 +01:00 · 67f418218b
--- a/src/knownhosts.c
+++ b/src/knownhosts.c
@ -883,6 +883,9 @@ ssh_session_get_known_hosts_entry(ssh_session session,

    /* If we did not find any match at all:  we report the previous result */
    if (rv == SSH_KNOWN_HOSTS_UNKNOWN) {
+        if (session->opts.StrictHostKeyChecking == 0) {
+            return SSH_KNOWN_HOSTS_OK;
+        }
        return old_rv;
    }

--- a/tests/client/torture_knownhosts.c
+++ b/tests/client/torture_knownhosts.c
@ -328,6 +328,41 @@ static void torture_knownhosts_conflict(void **state) {
    /* session will be freed by session_teardown() */
 }

+static void torture_knownhosts_no_hostkeychecking(void **state)
+{
+
+    struct torture_state *s = *state;
+    ssh_session session = s->ssh.session;
+    char known_hosts_file[1024] = {0};
+    enum ssh_known_hosts_e found;
+    int strict_host_key_checking = 0;
+    int rc;
+
+    snprintf(known_hosts_file,
+             sizeof(known_hosts_file),
+             "%s/%s",
+             s->socket_dir,
+             TORTURE_KNOWN_HOSTS_FILE);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, known_hosts_file);
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_HOSTKEYS, "ssh-ed25519");
+    assert_ssh_return_code(session, rc);
+
+    rc = ssh_connect(session);
+    assert_ssh_return_code(session, rc);
+
+    found = ssh_session_is_known_server(session);
+    assert_int_equal(found, SSH_KNOWN_HOSTS_UNKNOWN);
+
+    rc = ssh_options_set(session, SSH_OPTIONS_STRICTHOSTKEYCHECK, &strict_host_key_checking);
+    assert_ssh_return_code(session, rc);
+
+    found = ssh_session_is_known_server(session);
+    assert_int_equal(found, SSH_KNOWN_HOSTS_OK);
+}
+
 int torture_run_tests(void) {
    int rc;
    struct CMUnitTest tests[] = {
@ -346,6 +381,9 @@ int torture_run_tests(void) {
        cmocka_unit_test_setup_teardown(torture_knownhosts_conflict,
                                        session_setup,
                                        session_teardown),
+        cmocka_unit_test_setup_teardown(torture_knownhosts_no_hostkeychecking,
+                                        session_setup,
+                                        session_teardown),
    };

    ssh_init();