Skip to content

Commit

Permalink
cli-runopts.c: add BatchMode option
Browse files Browse the repository at this point in the history
The BatchMode same as PasswordAuthentication=no but it has more priority.
So you can't re-enable the PasswordAuthentication like in:

    dbclient -v -o BatchMode=yes -o PasswordAuthentication=yes example.com

It also disables the interactive confirmation when a host key changed.

Close #224
  • Loading branch information
stokito committed Dec 24, 2023
1 parent 437c727 commit 1896443
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 3 deletions.
4 changes: 2 additions & 2 deletions src/cli-auth.c
Original file line number Diff line number Diff line change
Expand Up @@ -245,7 +245,7 @@ void recv_msg_userauth_failure() {
}
#endif
#if DROPBEAR_CLI_PASSWORD_AUTH
if (cli_opts.password_authentication && strncmp(AUTH_METHOD_PASSWORD, tok,
if (!cli_opts.batch_mode && cli_opts.password_authentication && strncmp(AUTH_METHOD_PASSWORD, tok,
AUTH_METHOD_PASSWORD_LEN) == 0) {
ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
}
Expand Down Expand Up @@ -311,7 +311,7 @@ int cli_auth_try() {
#endif

#if DROPBEAR_CLI_PASSWORD_AUTH
if (!finished && cli_opts.password_authentication && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
if (!finished && !cli_opts.batch_mode && cli_opts.password_authentication && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
} else {
Expand Down
7 changes: 6 additions & 1 deletion src/cli-kex.c
Original file line number Diff line number Diff line change
Expand Up @@ -217,11 +217,16 @@ static void ask_to_confirm(const unsigned char* keyblob, unsigned int keybloblen
m_free(fp);
return;
}
fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(%s fingerprint %s)\nDo you want to continue connecting? (y/n) ",

fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(%s fingerprint %s)\n",
cli_opts.remotehost,
algoname,
fp);
m_free(fp);
if (cli_opts.batch_mode) {
dropbear_exit("Didn't validate host key");
}
fprintf(stderr, "Do you want to continue connecting? (y/n) ");

tty = fopen(_PATH_TTY, "r");
if (tty) {
Expand Down
7 changes: 7 additions & 0 deletions src/cli-runopts.c
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,7 @@ void cli_getopts(int argc, char ** argv) {
#endif
cli_opts.disable_trivial_auth = 0;
cli_opts.password_authentication = 1;
cli_opts.batch_mode = 0;
#if DROPBEAR_CLI_LOCALTCPFWD
cli_opts.localfwds = list_new();
opts.listen_fwd_all = 0;
Expand Down Expand Up @@ -889,6 +890,7 @@ static void add_extendedopt(const char* origstr) {

if (strcmp(origstr, "help") == 0) {
dropbear_log(LOG_INFO, "Available options:\n"
"\tBatchMode\n"
"\tBindAddress\n"
"\tDisableTrivialAuth\n"
#if DROPBEAR_CLI_ANYTCPFWD
Expand All @@ -914,6 +916,11 @@ static void add_extendedopt(const char* origstr) {
exit(EXIT_SUCCESS);
}

if (match_extendedopt(&optstr, "BatchMode") == DROPBEAR_SUCCESS) {
cli_opts.batch_mode = parse_flag_value(optstr);
return;
}

if (match_extendedopt(&optstr, "BindAddress") == DROPBEAR_SUCCESS) {
cli_opts.bind_arg = optstr;
return;
Expand Down
3 changes: 3 additions & 0 deletions src/runopts.h
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,10 @@ typedef struct cli_runopts {
int exit_on_fwd_failure;
#endif
int disable_trivial_auth;
/** Use a password authentication or a key auth only.
For a BatchMode it's always -o PasswordAuthentication=no */
int password_authentication;
int batch_mode;
#if DROPBEAR_CLI_REMOTETCPFWD
m_list * remotefwds;
#endif
Expand Down

0 comments on commit 1896443

Please sign in to comment.