putty-source/console.c

/*
 * Common pieces between the platform console frontend modules.
 */

#include <stdbool.h>
#include <stdarg.h>

#include "putty.h"
#include "misc.h"
#include "console.h"

char *hk_absentmsg_common(const char *host, int port,
                          const char *keytype, const char *fingerprint)
{
    return dupprintf(
        "The host key is not cached for this server:\n"
        "  %s (port %d)\n"
        "You have no guarantee that the server is the computer\n"
        "you think it is.\n"
        "The server's %s key fingerprint is:\n"
        "  %s\n", host, port, keytype, fingerprint);
}

const char hk_absentmsg_interactive_intro[] =
    "If you trust this host, enter \"y\" to add the key to\n"
    "PuTTY's cache and carry on connecting.\n"
    "If you want to carry on connecting just once, without\n"
    "adding the key to the cache, enter \"n\".\n"
    "If you do not trust this host, press Return to abandon the\n"
    "connection.\n";
const char hk_absentmsg_interactive_prompt[] =
    "Store key in cache? (y/n, Return cancels connection, "
    "i for more info) ";

char *hk_wrongmsg_common(const char *host, int port,
                         const char *keytype, const char *fingerprint)
{
    return dupprintf(
        "WARNING - POTENTIAL SECURITY BREACH!\n"
        "The host key does not match the one PuTTY has cached\n"
        "for this server:\n"
        "  %s (port %d)\n"
        "This means that either the server administrator has\n"
        "changed the host key, or you have actually connected\n"
        "to another computer pretending to be the server.\n"
        "The new %s key fingerprint is:\n"
        "  %s\n", host, port, keytype, fingerprint);
}

const char hk_wrongmsg_interactive_intro[] =
    "If you were expecting this change and trust the new key,\n"
    "enter \"y\" to update PuTTY's cache and continue connecting.\n"
    "If you want to carry on connecting but without updating\n"
    "the cache, enter \"n\".\n"
    "If you want to abandon the connection completely, press\n"
    "Return to cancel. Pressing Return is the ONLY guaranteed\n"
    "safe choice.\n";
const char hk_wrongmsg_interactive_prompt[] =
    "Update cached key? (y/n, Return cancels connection, "
    "i for more info) ";

const char weakcrypto_msg_common_fmt[] =
    "The first %s supported by the server is\n"
    "%s, which is below the configured warning threshold.\n";

const char weakhk_msg_common_fmt[] =
    "The first host key type we have stored for this server\n"
    "is %s, which is below the configured warning threshold.\n"
    "The server also provides the following types of host key\n"
    "above the threshold, which we do not have stored:\n"
    "%s\n";

const char console_continue_prompt[] = "Continue with connection? (y/n) ";
const char console_abandoned_msg[] = "Connection abandoned.\n";

bool console_batch_mode = false;

/*
 * Error message and/or fatal exit functions, all based on
 * console_print_error_msg which the platform front end provides.
 */
void console_print_error_msg_fmt_v(
    const char *prefix, const char *fmt, va_list ap)
{
    char *msg = dupvprintf(fmt, ap);
    console_print_error_msg(prefix, msg);
    sfree(msg);
}

void console_print_error_msg_fmt(const char *prefix, const char *fmt, ...)
{
    va_list ap;
    va_start(ap, fmt);
    console_print_error_msg_fmt_v(prefix, fmt, ap);
    va_end(ap);
}

void modalfatalbox(const char *fmt, ...)
{
    va_list ap;
    va_start(ap, fmt);
    console_print_error_msg_fmt_v("FATAL ERROR", fmt, ap);
    va_end(ap);
    cleanup_exit(1);
}

void nonfatal(const char *fmt, ...)
{
    va_list ap;
    va_start(ap, fmt);
    console_print_error_msg_fmt_v("ERROR", fmt, ap);
    va_end(ap);
}

void console_connection_fatal(Seat *seat, const char *msg)
{
    console_print_error_msg("FATAL ERROR", msg);
    cleanup_exit(1);
}

/*
 * Console front ends redo their select() or equivalent every time, so
 * they don't need separate timer handling.
 */
void timer_change_notify(unsigned long next)
{
}
Factor out some common code in {ux,win}cons.c. The assorted host-key and warning prompt messages have no reason to differ between the two platforms, so let's centralise them. Also, while I'm here, some basic support functions that are the same in both modules. 2021-03-13 09:24:17 +00:00			`/*`
			`* Common pieces between the platform console frontend modules.`
			`*/`

			`#include <stdbool.h>`
			`#include <stdarg.h>`

			`#include "putty.h"`
			`#include "misc.h"`
			`#include "console.h"`

Mention the host name in host-key prompts. Now that it's possible for a single invocation of PuTTY to connect to multiple SSH servers (jump host followed by ultimate destination host), it's rather unhelpful for host key prompts to just say "the server". To check an unknown host key, users will need to know _which_ host it's purporting to be the key for. Another possibility is to put a message in the terminal window indicating which server we're currently in the SSH setup phase for. That will certainly be what we have to end up doing for userpass prompts that appear _in_ the terminal window. But that by itself is still unhelpful for host key prompts in a separate dialog, because the user would have to check both windows to get all the information they need. Easier if the host key dialog itself tells you everything you need to know to answer the question: is _this_ key the one you expect for _that_ host? 2021-09-15 13:41:00 +00:00			`char hk_absentmsg_common(const char host, int port,`
			`const char keytype, const char fingerprint)`
Centralise host key message formatting. The format _strings_ were previously centralised into the platform- independent console.c, as const char arrays. Now the actual formatting operation is centralised as well, by means of console.c providing a function that takes all the necessary parameters and returns a formatted piece of text for the console. Mostly this is so that I can add extra parameters to the message with some confidence: changing a format string in one file and two fprintf statements in other files to match seems like the kind of situation you wish you hadn't got into in the first place :-) 2021-09-15 05:00:38 +00:00			`{`
			`return dupprintf(`
Mention the host name in host-key prompts. Now that it's possible for a single invocation of PuTTY to connect to multiple SSH servers (jump host followed by ultimate destination host), it's rather unhelpful for host key prompts to just say "the server". To check an unknown host key, users will need to know _which_ host it's purporting to be the key for. Another possibility is to put a message in the terminal window indicating which server we're currently in the SSH setup phase for. That will certainly be what we have to end up doing for userpass prompts that appear _in_ the terminal window. But that by itself is still unhelpful for host key prompts in a separate dialog, because the user would have to check both windows to get all the information they need. Easier if the host key dialog itself tells you everything you need to know to answer the question: is _this_ key the one you expect for _that_ host? 2021-09-15 13:41:00 +00:00			`"The host key is not cached for this server:\n"`
			`" %s (port %d)\n"`
			`"You have no guarantee that the server is the computer\n"`
			`"you think it is.\n"`
Centralise host key message formatting. The format _strings_ were previously centralised into the platform- independent console.c, as const char arrays. Now the actual formatting operation is centralised as well, by means of console.c providing a function that takes all the necessary parameters and returns a formatted piece of text for the console. Mostly this is so that I can add extra parameters to the message with some confidence: changing a format string in one file and two fprintf statements in other files to match seems like the kind of situation you wish you hadn't got into in the first place :-) 2021-09-15 05:00:38 +00:00			`"The server's %s key fingerprint is:\n"`
Mention the host name in host-key prompts. Now that it's possible for a single invocation of PuTTY to connect to multiple SSH servers (jump host followed by ultimate destination host), it's rather unhelpful for host key prompts to just say "the server". To check an unknown host key, users will need to know _which_ host it's purporting to be the key for. Another possibility is to put a message in the terminal window indicating which server we're currently in the SSH setup phase for. That will certainly be what we have to end up doing for userpass prompts that appear _in_ the terminal window. But that by itself is still unhelpful for host key prompts in a separate dialog, because the user would have to check both windows to get all the information they need. Easier if the host key dialog itself tells you everything you need to know to answer the question: is _this_ key the one you expect for _that_ host? 2021-09-15 13:41:00 +00:00			`" %s\n", host, port, keytype, fingerprint);`
Centralise host key message formatting. The format _strings_ were previously centralised into the platform- independent console.c, as const char arrays. Now the actual formatting operation is centralised as well, by means of console.c providing a function that takes all the necessary parameters and returns a formatted piece of text for the console. Mostly this is so that I can add extra parameters to the message with some confidence: changing a format string in one file and two fprintf statements in other files to match seems like the kind of situation you wish you hadn't got into in the first place :-) 2021-09-15 05:00:38 +00:00			`}`

Factor out some common code in {ux,win}cons.c. The assorted host-key and warning prompt messages have no reason to differ between the two platforms, so let's centralise them. Also, while I'm here, some basic support functions that are the same in both modules. 2021-03-13 09:24:17 +00:00			`const char hk_absentmsg_interactive_intro[] =`
			`"If you trust this host, enter \"y\" to add the key to\n"`
			`"PuTTY's cache and carry on connecting.\n"`
			`"If you want to carry on connecting just once, without\n"`
			`"adding the key to the cache, enter \"n\".\n"`
			`"If you do not trust this host, press Return to abandon the\n"`
			`"connection.\n";`
			`const char hk_absentmsg_interactive_prompt[] =`
Console host key prompts: add 'more info' action. Now you can press 'i' at the host key prompt, and it will print all the key fingerprints we know about, plus the full public key. So if you wanted to check against a fingerprint type that wasn't the one shown in the default prompt, you can see all the ones we've got. 2021-03-13 11:03:23 +00:00			`"Store key in cache? (y/n, Return cancels connection, "`
			`"i for more info) ";`
Factor out some common code in {ux,win}cons.c. The assorted host-key and warning prompt messages have no reason to differ between the two platforms, so let's centralise them. Also, while I'm here, some basic support functions that are the same in both modules. 2021-03-13 09:24:17 +00:00
Mention the host name in host-key prompts. Now that it's possible for a single invocation of PuTTY to connect to multiple SSH servers (jump host followed by ultimate destination host), it's rather unhelpful for host key prompts to just say "the server". To check an unknown host key, users will need to know _which_ host it's purporting to be the key for. Another possibility is to put a message in the terminal window indicating which server we're currently in the SSH setup phase for. That will certainly be what we have to end up doing for userpass prompts that appear _in_ the terminal window. But that by itself is still unhelpful for host key prompts in a separate dialog, because the user would have to check both windows to get all the information they need. Easier if the host key dialog itself tells you everything you need to know to answer the question: is _this_ key the one you expect for _that_ host? 2021-09-15 13:41:00 +00:00			`char hk_wrongmsg_common(const char host, int port,`
			`const char keytype, const char fingerprint)`
Centralise host key message formatting. The format _strings_ were previously centralised into the platform- independent console.c, as const char arrays. Now the actual formatting operation is centralised as well, by means of console.c providing a function that takes all the necessary parameters and returns a formatted piece of text for the console. Mostly this is so that I can add extra parameters to the message with some confidence: changing a format string in one file and two fprintf statements in other files to match seems like the kind of situation you wish you hadn't got into in the first place :-) 2021-09-15 05:00:38 +00:00			`{`
			`return dupprintf(`
			`"WARNING - POTENTIAL SECURITY BREACH!\n"`
Mention the host name in host-key prompts. Now that it's possible for a single invocation of PuTTY to connect to multiple SSH servers (jump host followed by ultimate destination host), it's rather unhelpful for host key prompts to just say "the server". To check an unknown host key, users will need to know _which_ host it's purporting to be the key for. Another possibility is to put a message in the terminal window indicating which server we're currently in the SSH setup phase for. That will certainly be what we have to end up doing for userpass prompts that appear _in_ the terminal window. But that by itself is still unhelpful for host key prompts in a separate dialog, because the user would have to check both windows to get all the information they need. Easier if the host key dialog itself tells you everything you need to know to answer the question: is _this_ key the one you expect for _that_ host? 2021-09-15 13:41:00 +00:00			`"The host key does not match the one PuTTY has cached\n"`
			`"for this server:\n"`
			`" %s (port %d)\n"`
			`"This means that either the server administrator has\n"`
			`"changed the host key, or you have actually connected\n"`
Centralise host key message formatting. The format _strings_ were previously centralised into the platform- independent console.c, as const char arrays. Now the actual formatting operation is centralised as well, by means of console.c providing a function that takes all the necessary parameters and returns a formatted piece of text for the console. Mostly this is so that I can add extra parameters to the message with some confidence: changing a format string in one file and two fprintf statements in other files to match seems like the kind of situation you wish you hadn't got into in the first place :-) 2021-09-15 05:00:38 +00:00			`"to another computer pretending to be the server.\n"`
			`"The new %s key fingerprint is:\n"`
Mention the host name in host-key prompts. Now that it's possible for a single invocation of PuTTY to connect to multiple SSH servers (jump host followed by ultimate destination host), it's rather unhelpful for host key prompts to just say "the server". To check an unknown host key, users will need to know _which_ host it's purporting to be the key for. Another possibility is to put a message in the terminal window indicating which server we're currently in the SSH setup phase for. That will certainly be what we have to end up doing for userpass prompts that appear _in_ the terminal window. But that by itself is still unhelpful for host key prompts in a separate dialog, because the user would have to check both windows to get all the information they need. Easier if the host key dialog itself tells you everything you need to know to answer the question: is _this_ key the one you expect for _that_ host? 2021-09-15 13:41:00 +00:00			`" %s\n", host, port, keytype, fingerprint);`
Centralise host key message formatting. The format _strings_ were previously centralised into the platform- independent console.c, as const char arrays. Now the actual formatting operation is centralised as well, by means of console.c providing a function that takes all the necessary parameters and returns a formatted piece of text for the console. Mostly this is so that I can add extra parameters to the message with some confidence: changing a format string in one file and two fprintf statements in other files to match seems like the kind of situation you wish you hadn't got into in the first place :-) 2021-09-15 05:00:38 +00:00			`}`

Factor out some common code in {ux,win}cons.c. The assorted host-key and warning prompt messages have no reason to differ between the two platforms, so let's centralise them. Also, while I'm here, some basic support functions that are the same in both modules. 2021-03-13 09:24:17 +00:00			`const char hk_wrongmsg_interactive_intro[] =`
			`"If you were expecting this change and trust the new key,\n"`
			`"enter \"y\" to update PuTTY's cache and continue connecting.\n"`
			`"If you want to carry on connecting but without updating\n"`
			`"the cache, enter \"n\".\n"`
			`"If you want to abandon the connection completely, press\n"`
			`"Return to cancel. Pressing Return is the ONLY guaranteed\n"`
			`"safe choice.\n";`
			`const char hk_wrongmsg_interactive_prompt[] =`
Console host key prompts: add 'more info' action. Now you can press 'i' at the host key prompt, and it will print all the key fingerprints we know about, plus the full public key. So if you wanted to check against a fingerprint type that wasn't the one shown in the default prompt, you can see all the ones we've got. 2021-03-13 11:03:23 +00:00			`"Update cached key? (y/n, Return cancels connection, "`
			`"i for more info) ";`
Factor out some common code in {ux,win}cons.c. The assorted host-key and warning prompt messages have no reason to differ between the two platforms, so let's centralise them. Also, while I'm here, some basic support functions that are the same in both modules. 2021-03-13 09:24:17 +00:00
			`const char weakcrypto_msg_common_fmt[] =`
			`"The first %s supported by the server is\n"`
			`"%s, which is below the configured warning threshold.\n";`

			`const char weakhk_msg_common_fmt[] =`
			`"The first host key type we have stored for this server\n"`
			`"is %s, which is below the configured warning threshold.\n"`
			`"The server also provides the following types of host key\n"`
			`"above the threshold, which we do not have stored:\n"`
			`"%s\n";`

			`const char console_continue_prompt[] = "Continue with connection? (y/n) ";`
			`const char console_abandoned_msg[] = "Connection abandoned.\n";`

			`bool console_batch_mode = false;`

			`/*`
			`* Error message and/or fatal exit functions, all based on`
			`* console_print_error_msg which the platform front end provides.`
			`*/`
			`void console_print_error_msg_fmt_v(`
			`const char prefix, const char fmt, va_list ap)`
			`{`
			`char *msg = dupvprintf(fmt, ap);`
			`console_print_error_msg(prefix, msg);`
			`sfree(msg);`
			`}`

			`void console_print_error_msg_fmt(const char prefix, const char fmt, ...)`
			`{`
			`va_list ap;`
			`va_start(ap, fmt);`
			`console_print_error_msg_fmt_v(prefix, fmt, ap);`
			`va_end(ap);`
			`}`

			`void modalfatalbox(const char *fmt, ...)`
			`{`
			`va_list ap;`
			`va_start(ap, fmt);`
			`console_print_error_msg_fmt_v("FATAL ERROR", fmt, ap);`
			`va_end(ap);`
			`cleanup_exit(1);`
			`}`

			`void nonfatal(const char *fmt, ...)`
			`{`
			`va_list ap;`
			`va_start(ap, fmt);`
			`console_print_error_msg_fmt_v("ERROR", fmt, ap);`
			`va_end(ap);`
			`}`

			`void console_connection_fatal(Seat seat, const char msg)`
			`{`
			`console_print_error_msg("FATAL ERROR", msg);`
			`cleanup_exit(1);`
			`}`

			`/*`
			`* Console front ends redo their select() or equivalent every time, so`
			`* they don't need separate timer handling.`
			`*/`
			`void timer_change_notify(unsigned long next)`
			`{`
			`}`