X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=modules%2Faccess%2Fsftp.c;h=573f689bb7fcffa0771094a2c24123e65101ae92;hb=153b4e11478b4d2ced068d7b21d6b985577748d3;hp=8957678bfc9dc6e253da60fbdcc625ee59c8a25f;hpb=f98a66cea0e6279975e5f5a6116bf3e9389ec5da;p=vlc

diff --git a/modules/access/sftp.c b/modules/access/sftp.c
index 8957678bfc..573f689bb7 100644
--- a/modules/access/sftp.c
+++ b/modules/access/sftp.c
@@ -108,6 +108,8 @@ static int Open( vlc_object_t* p_this )
     int i_port;
     int i_ret;
     vlc_url_t url;
+    size_t i_len;
+    int i_type;
 
     if( !p_access->psz_location )
         return VLC_EGENERIC;
@@ -151,7 +153,9 @@ static int Open( vlc_object_t* p_this )
     p_sys->i_socket = net_Connect( p_access, url.psz_host, i_port, SOCK_STREAM, 0 );
 
     /* Create the ssh connexion and wait until the server answer */
-    p_sys->ssh_session = libssh2_session_init();
+    if( ( p_sys->ssh_session = libssh2_session_init() ) == NULL )
+        goto error;
+
     while( ( i_ret = libssh2_session_startup( p_sys->ssh_session,
                                               p_sys->i_socket ) )
            == LIBSSH2_ERROR_EAGAIN );
@@ -162,15 +166,46 @@ static int Open( vlc_object_t* p_this )
         goto error;
     }
 
-    /* Ask for the fingerprint ... */
-    // TODO: check it
+    /* Set the socket in non-blocking mode */
     libssh2_session_set_blocking( p_sys->ssh_session, 1 );
-    const char* fingerprint = libssh2_hostkey_hash( p_sys->ssh_session, LIBSSH2_HOSTKEY_HASH_MD5 );
-    fprintf(stderr, "Fingerprint: ");
-    for( int i = 0; i < 16; i++) {
-        fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]);
+
+    /* List the know hosts */
+    LIBSSH2_KNOWNHOSTS *ssh_knownhosts = libssh2_knownhost_init( p_sys->ssh_session );
+    if( !ssh_knownhosts )
+        goto error;
+
+    char *psz_home = config_GetUserDir( VLC_HOME_DIR );
+    char *psz_knownhosts_file;
+    asprintf( &psz_knownhosts_file, "%s/.ssh/known_hosts", psz_home );
+    libssh2_knownhost_readfile( ssh_knownhosts, psz_knownhosts_file,
+                                LIBSSH2_KNOWNHOST_FILE_OPENSSH );
+    free( psz_knownhosts_file );
+    free( psz_home );
+
+    const char *fingerprint = libssh2_session_hostkey( p_sys->ssh_session, &i_len, &i_type );
+    struct libssh2_knownhost *host;
+    int check = libssh2_knownhost_check( ssh_knownhosts, url.psz_host,
+                                         fingerprint, i_len,
+                                         LIBSSH2_KNOWNHOST_TYPE_PLAIN |
+                                         LIBSSH2_KNOWNHOST_KEYENC_RAW,
+                                         &host );
+
+    libssh2_knownhost_free( ssh_knownhosts );
+
+    /* Check that it does match or at least that the host is unkown */
+    switch(check)
+    {
+    case LIBSSH2_KNOWNHOST_CHECK_FAILURE:
+    case LIBSSH2_KNOWNHOST_CHECK_NOTFOUND:
+        msg_Dbg( p_access, "Unable to check the remote host" );
+        break;
+    case LIBSSH2_KNOWNHOST_CHECK_MATCH:
+        msg_Dbg( p_access, "Succesfuly matched the host" );
+        break;
+    case LIBSSH2_KNOWNHOST_CHECK_MISMATCH:
+        msg_Err( p_access, "The host does not match !! The remote key changed !!" );
+        goto error;
     }
-    fprintf(stderr, "\n");
 
     //TODO: ask for the available auth methods
 
@@ -217,6 +252,8 @@ static int Open( vlc_object_t* p_this )
     return VLC_SUCCESS;
 
 error:
+    if( p_sys->ssh_session )
+        libssh2_session_free( p_sys->ssh_session );
     free( psz_password );
     free( psz_username );
     vlc_UrlClean( &url );