SSH: Make it configurable whether to check server data pedantically.

While we want to conform to the specs, there are systems out there today whose SSH servers send non-conforming identifications strings. We now enable API clients to switch the respecive checks off, and we do so ourselves in the RemoteLinux plugin, since the only known problems are with OpenSSH servers. Change-Id: I9e6f9076f2dc7435a0bde7016f99cfb2fcb30a9c Reviewed-by: Tobias Hunger <[email protected]>
author: Christian Kandeler <[email protected]> 2012-10-11 15:34:33 +0200
committer: Christian Kandeler <[email protected]> 2012-10-11 18:01:35 +0200
commit: c7f1aeac11806214b448b251e8c76185cdcac855 (patch)
tree: e40fe0bc9e31a06a097b59be19762d0f2d3484b5 /src/libs/ssh/sshconnection.cpp
parent: f0d4199dfa824f5f5c39ce69dd6c410df60a3939 (diff)
1 files changed, 15 insertions, 12 deletions
diff --git a/src/libs/ssh/sshconnection.cpp b/src/libs/ssh/sshconnection.cpp
index 8c4abf2347c..5b7db878d6a 100644
--- a/src/libs/ssh/sshconnection.cpp
+++ b/src/libs/ssh/sshconnection.cpp
@@ -81,8 +81,10 @@ namespace {
 
 
 SshConnectionParameters::SshConnectionParameters() :
-    timeout(0),  authenticationType(AuthenticationByKey), port(0), options(SshIgnoreDefaultProxy)
+    timeout(0),  authenticationType(AuthenticationByKey), port(0)
 {
+    options |= SshIgnoreDefaultProxy;
+    options |= SshEnableStrictConformanceChecks;
 }
 
 static inline bool equals(const SshConnectionParameters &p1, const SshConnectionParameters &p2)
@@ -398,18 +400,19 @@ void SshConnectionPrivate::handleServerId()
                     .arg(serverProtoVersion));
     }
 
-    // Disable this check to accept older OpenSSH servers that do this wrong.
-    if (serverProtoVersion == QLatin1String("2.0") && !hasCarriageReturn) {
-        throw SshServerException(SSH_DISCONNECT_PROTOCOL_ERROR,
-            "Identification string is invalid.",
-            tr("Server identification string is invalid (missing carriage return)."));
-    }
+    if (m_connParams.options & SshEnableStrictConformanceChecks) {
+        if (serverProtoVersion == QLatin1String("2.0") && !hasCarriageReturn) {
+            throw SshServerException(SSH_DISCONNECT_PROTOCOL_ERROR,
+                    "Identification string is invalid.",
+                    tr("Server identification string is invalid (missing carriage return)."));
+        }
 
-    if (serverProtoVersion == QLatin1String("1.99") && m_serverHasSentDataBeforeId) {
-        throw SshServerException(SSH_DISCONNECT_PROTOCOL_ERROR,
-            "No extra data preceding identification string allowed for 1.99.",
-            tr("Server reports protocol version 1.99, but sends data "
-               "before the identification string, which is not allowed."));
+        if (serverProtoVersion == QLatin1String("1.99") && m_serverHasSentDataBeforeId) {
+            throw SshServerException(SSH_DISCONNECT_PROTOCOL_ERROR,
+                    "No extra data preceding identification string allowed for 1.99.",
+                    tr("Server reports protocol version 1.99, but sends data "
+                       "before the identification string, which is not allowed."));
+        }
     }
 
     m_keyExchange.reset(new SshKeyExchange(m_sendFacility));
author	Christian Kandeler <[email protected]>	2012-10-11 15:34:33 +0200
committer	Christian Kandeler <[email protected]>	2012-10-11 18:01:35 +0200
commit	c7f1aeac11806214b448b251e8c76185cdcac855 (patch)
tree	e40fe0bc9e31a06a097b59be19762d0f2d3484b5 /src/libs/ssh/sshconnection.cpp
parent	f0d4199dfa824f5f5c39ce69dd6c410df60a3939 (diff)