From: Claudio-Daniel Freire <claudio-daniel.freire@inria.fr>
Date: Mon, 2 May 2011 09:29:57 +0000 (+0200)
Subject: Add NEPI_STRICT_AUTH_MODE, when not enabled, it takes user-configured host SSH keys.
X-Git-Tag: nepi_v2~91
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=9f7a5aa4e8308b21091b43b2d58b35f41f370623;p=nepi.git

Add NEPI_STRICT_AUTH_MODE, when not enabled, it takes user-configured host SSH keys.
When enabled, it will only use PLC-supplied host keys (more secure)
---

diff --git a/src/nepi/util/server.py b/src/nepi/util/server.py
index 199a0095..a8aee5f2 100644
--- a/src/nepi/util/server.py
+++ b/src/nepi/util/server.py
@@ -353,8 +353,20 @@ def _make_server_key_args(server_key, host, port, args):
         host = '%s:%s' % (host,port)
     # Create a temporary server key file
     tmp_known_hosts = tempfile.NamedTemporaryFile()
+    
+    # Add the intended host key
     tmp_known_hosts.write('%s,%s %s\n' % (host, socket.gethostbyname(host), server_key))
+    
+    # If we're not in strict mode, add user-configured keys
+    if os.environ.get('NEPI_STRICT_AUTH_MODE',"").lower() not in ('1','true','on'):
+        user_hosts_path = '%s/.ssh/known_hosts' % (os.environ.get('HOME',""),)
+        if os.access(user_hosts_path, os.R_OK):
+            f = open(user_hosts_path, "r")
+            tmp_known_hosts.write(f.read())
+            f.close()
+        
     tmp_known_hosts.flush()
+    
     args.extend(['-o', 'UserKnownHostsFile=%s' % (tmp_known_hosts.name,)])
     return tmp_known_hosts