From 9f7a5aa4e8308b21091b43b2d58b35f41f370623 Mon Sep 17 00:00:00 2001
From: Claudio-Daniel Freire <claudio-daniel.freire@inria.fr>
Date: Mon, 2 May 2011 11:29:57 +0200
Subject: [PATCH] Add NEPI_STRICT_AUTH_MODE, when not enabled, it takes
 user-configured host SSH keys. When enabled, it will only use PLC-supplied
 host keys (more secure)

---
 src/nepi/util/server.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/nepi/util/server.py b/src/nepi/util/server.py
index 199a0095..a8aee5f2 100644
--- a/src/nepi/util/server.py
+++ b/src/nepi/util/server.py
@@ -353,8 +353,20 @@ def _make_server_key_args(server_key, host, port, args):
         host = '%s:%s' % (host,port)
     # Create a temporary server key file
     tmp_known_hosts = tempfile.NamedTemporaryFile()
+    
+    # Add the intended host key
     tmp_known_hosts.write('%s,%s %s\n' % (host, socket.gethostbyname(host), server_key))
+    
+    # If we're not in strict mode, add user-configured keys
+    if os.environ.get('NEPI_STRICT_AUTH_MODE',"").lower() not in ('1','true','on'):
+        user_hosts_path = '%s/.ssh/known_hosts' % (os.environ.get('HOME',""),)
+        if os.access(user_hosts_path, os.R_OK):
+            f = open(user_hosts_path, "r")
+            tmp_known_hosts.write(f.read())
+            f.close()
+        
     tmp_known_hosts.flush()
+    
     args.extend(['-o', 'UserKnownHostsFile=%s' % (tmp_known_hosts.name,)])
     return tmp_known_hosts
 
-- 
2.47.0