nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-03-22 14:39:24 -05:00
Code Issues Projects Releases Wiki Activity

Pass more information to interactive host key check.

Browse Source 
Now we pass the whole set of fingerprints, and also a displayable
format for the full host public key.

NFC: this commit doesn't modify any of the host key prompts to _use_
any of the new information. That's coming next.
This commit is contained in:
Simon Tatham 2021-03-13 10:59:47 +00:00
parent 04758cb3ec
commit 3461196197
10 changed files with 51 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
misc.c
View File

@ -378,8 +378,8 @@ void nullseat_update_specials_menu(Seat *seat) {}
char *nullseat_get_ttymode(Seat *seat, const char *mode) { return NULL; } char *nullseat_get_ttymode(Seat *seat, const char *mode) { return NULL; }
void nullseat_set_busy_status(Seat *seat, BusyStatus status) {} void nullseat_set_busy_status(Seat *seat, BusyStatus status) {}
int nullseat_verify_ssh_host_key( int nullseat_verify_ssh_host_key(
Seat *seat, const char *host, int port, Seat *seat, const char *host, int port, const char *keytype,
const char *keytype, char *keystr, char *key_fingerprint, char *keystr, const char *keydisp, char **key_fingerprints,
void (*callback)(void *ctx, int result), void *ctx) { return 0; } void (*callback)(void *ctx, int result), void *ctx) { return 0; }
int nullseat_confirm_weak_crypto_primitive( int nullseat_confirm_weak_crypto_primitive(
Seat *seat, const char *algtype, const char *algname, Seat *seat, const char *algtype, const char *algname,

17
putty.h
View File

@ -972,8 +972,8 @@ struct SeatVtable {
* or +1'. * or +1'.
*/ */
int (*verify_ssh_host_key)( int (*verify_ssh_host_key)(
Seat *seat, const char *host, int port, Seat *seat, const char *host, int port, const char *keytype,
const char *keytype, char *keystr, char *key_fingerprint, char *keystr, const char *keydisp, char **key_fingerprints,
void (*callback)(void *ctx, int result), void *ctx); void (*callback)(void *ctx, int result), void *ctx);
/* /*
@ -1095,8 +1095,9 @@ static inline void seat_set_busy_status(Seat *seat, BusyStatus status)
{ seat->vt->set_busy_status(seat, status); } { seat->vt->set_busy_status(seat, status); }
static inline int seat_verify_ssh_host_key( static inline int seat_verify_ssh_host_key(
Seat *seat, const char *h, int p, const char *ktyp, char *kstr, Seat *seat, const char *h, int p, const char *ktyp, char *kstr,
char *fp, void (*cb)(void *ctx, int result), void *ctx) const char *kdsp, char **fps, void (*cb)(void *ctx, int result), void *ctx)
{ return seat->vt->verify_ssh_host_key(seat, h, p, ktyp, kstr, fp, cb, ctx); } { return seat->vt->verify_ssh_host_key(seat, h, p, ktyp, kstr, kdsp, fps,
cb, ctx); }
static inline int seat_confirm_weak_crypto_primitive( static inline int seat_confirm_weak_crypto_primitive(
Seat *seat, const char *atyp, const char *aname, Seat *seat, const char *atyp, const char *aname,
void (*cb)(void *ctx, int result), void *ctx) void (*cb)(void *ctx, int result), void *ctx)
@ -1159,8 +1160,8 @@ void nullseat_update_specials_menu(Seat *seat);
char *nullseat_get_ttymode(Seat *seat, const char *mode); char *nullseat_get_ttymode(Seat *seat, const char *mode);
void nullseat_set_busy_status(Seat *seat, BusyStatus status); void nullseat_set_busy_status(Seat *seat, BusyStatus status);
int nullseat_verify_ssh_host_key( int nullseat_verify_ssh_host_key(
Seat *seat, const char *host, int port, Seat *seat, const char *host, int port, const char *keytype,
const char *keytype, char *keystr, char *key_fingerprint, char *keystr, const char *keydisp, char **key_fingerprints,
void (*callback)(void *ctx, int result), void *ctx); void (*callback)(void *ctx, int result), void *ctx);
int nullseat_confirm_weak_crypto_primitive( int nullseat_confirm_weak_crypto_primitive(
Seat *seat, const char *algtype, const char *algname, Seat *seat, const char *algtype, const char *algname,
@ -1191,8 +1192,8 @@ bool nullseat_get_cursor_position(Seat *seat, int *x, int *y);
void console_connection_fatal(Seat *seat, const char *message); void console_connection_fatal(Seat *seat, const char *message);
int console_verify_ssh_host_key( int console_verify_ssh_host_key(
Seat *seat, const char *host, int port, Seat *seat, const char *host, int port, const char *keytype,
const char *keytype, char *keystr, char *key_fingerprint, char *keystr, const char *keydisp, char **key_fingerprints,
void (*callback)(void *ctx, int result), void *ctx); void (*callback)(void *ctx, int result), void *ctx);
int console_confirm_weak_crypto_primitive( int console_confirm_weak_crypto_primitive(
Seat *seat, const char *algtype, const char *algname, Seat *seat, const char *algtype, const char *algname,

7
ssh1login.c
View File

@ -256,10 +256,11 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
"configured list"); "configured list");
return; return;
} else if (s->dlgret < 0) { /* none configured; use standard handling */ } else if (s->dlgret < 0) { /* none configured; use standard handling */
char *keydisp = ssh1_pubkey_str(&s->hostkey);
s->dlgret = seat_verify_ssh_host_key( s->dlgret = seat_verify_ssh_host_key(
s->ppl.seat, s->savedhost, s->savedport, s->ppl.seat, s->savedhost, s->savedport, "rsa", keystr,
"rsa", keystr, fingerprints[SSH_FPTYPE_DEFAULT], keydisp, fingerprints, ssh1_login_dialog_callback, s);
ssh1_login_dialog_callback, s); sfree(keydisp);
ssh2_free_all_fingerprints(fingerprints); ssh2_free_all_fingerprints(fingerprints);
sfree(keystr); sfree(keystr);
#ifdef FUZZING #ifdef FUZZING

9
ssh2kex-client.c
View File

@ -858,11 +858,13 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
*aborted = true; *aborted = true;
return; return;
} else if (s->dlgret < 0) { /* none configured; use standard handling */ } else if (s->dlgret < 0) { /* none configured; use standard handling */
ssh2_userkey uk = { .key = s->hkey, .comment = NULL };
char *keydisp = ssh2_pubkey_openssh_str(&uk);
s->dlgret = seat_verify_ssh_host_key( s->dlgret = seat_verify_ssh_host_key(
s->ppl.seat, s->savedhost, s->savedport, s->ppl.seat, s->savedhost, s->savedport,
ssh_key_cache_id(s->hkey), s->keystr, ssh_key_cache_id(s->hkey), s->keystr, keydisp,
fingerprints[SSH_FPTYPE_DEFAULT], fingerprints, ssh2_transport_dialog_callback, s);
ssh2_transport_dialog_callback, s); sfree(keydisp);
ssh2_free_all_fingerprints(fingerprints); ssh2_free_all_fingerprints(fingerprints);
#ifdef FUZZING #ifdef FUZZING
s->dlgret = 1; s->dlgret = 1;
@ -875,6 +877,7 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
return; return;
} }
} }
/* /*
* Save this host key, to check against the one presented in * Save this host key, to check against the one presented in
* subsequent rekeys. * subsequent rekeys.

14
unix/gtkdlg.c
View File

@ -31,6 +31,7 @@
#include "dialog.h" #include "dialog.h"
#include "tree234.h" #include "tree234.h"
#include "licence.h" #include "licence.h"
#include "ssh.h"
#if GTK_CHECK_VERSION(2,0,0) #if GTK_CHECK_VERSION(2,0,0)
/* Decide which of GtkFileChooserDialog and GtkFileSelection to use */ /* Decide which of GtkFileChooserDialog and GtkFileSelection to use */
@ -3461,8 +3462,8 @@ static void verify_ssh_host_key_result_callback(void *vctx, int result)
} }
int gtk_seat_verify_ssh_host_key( int gtk_seat_verify_ssh_host_key(
Seat *seat, const char *host, int port, Seat *seat, const char *host, int port, const char *keytype,
const char *keytype, char *keystr, char *fingerprint, char *keystr, const char *keydisp, char **fingerprints,
void (*callback)(void *ctx, int result), void *ctx) void (*callback)(void *ctx, int result), void *ctx)
{ {
static const char absenttxt[] = static const char absenttxt[] =
@ -3513,7 +3514,11 @@ int gtk_seat_verify_ssh_host_key(
if (ret == 0) /* success - key matched OK */ if (ret == 0) /* success - key matched OK */
return 1; return 1;
text = dupprintf((ret == 2 ? wrongtxt : absenttxt), keytype, fingerprint); FingerprintType fptype_default =
ssh2_pick_default_fingerprint(fingerprints);
text = dupprintf((ret == 2 ? wrongtxt : absenttxt), keytype,
fingerprints[fptype_default]);
result_ctx = snew(struct verify_ssh_host_key_result_ctx); result_ctx = snew(struct verify_ssh_host_key_result_ctx);
result_ctx->callback = callback; result_ctx->callback = callback;
@ -3526,7 +3531,8 @@ int gtk_seat_verify_ssh_host_key(
mainwin = GTK_WIDGET(gtk_seat_get_window(seat)); mainwin = GTK_WIDGET(gtk_seat_get_window(seat));
msgbox = create_message_box( msgbox = create_message_box(
mainwin, "PuTTY Security Alert", text, string_width(fingerprint), true, mainwin, "PuTTY Security Alert", text,
string_width(fingerprints[fptype_default]), true,
&buttons_hostkey, verify_ssh_host_key_result_callback, result_ctx); &buttons_hostkey, verify_ssh_host_key_result_callback, result_ctx);
register_dialog(seat, DIALOG_SLOT_NETWORK_PROMPT, msgbox); register_dialog(seat, DIALOG_SLOT_NETWORK_PROMPT, msgbox);

4
unix/unix.h
View File

@ -218,8 +218,8 @@ void logevent_dlg(eventlog_stuff *estuff, const char *string);
int gtkdlg_askappend(Seat *seat, Filename *filename, int gtkdlg_askappend(Seat *seat, Filename *filename,
void (*callback)(void *ctx, int result), void *ctx); void (*callback)(void *ctx, int result), void *ctx);
int gtk_seat_verify_ssh_host_key( int gtk_seat_verify_ssh_host_key(
Seat *seat, const char *host, int port, Seat *seat, const char *host, int port, const char *keytype,
const char *keytype, char *keystr, char *fingerprint, char *keystr, const char *keydisp, char **fingerprints,
void (*callback)(void *ctx, int result), void *ctx); void (*callback)(void *ctx, int result), void *ctx);
int gtk_seat_confirm_weak_crypto_primitive( int gtk_seat_confirm_weak_crypto_primitive(
Seat *seat, const char *algtype, const char *algname, Seat *seat, const char *algtype, const char *algname,

9
unix/uxcons.c
View File

@ -103,8 +103,8 @@ static int block_and_read(int fd, void *buf, size_t len)
} }
int console_verify_ssh_host_key( int console_verify_ssh_host_key(
Seat *seat, const char *host, int port, Seat *seat, const char *host, int port, const char *keytype,
const char *keytype, char *keystr, char *fingerprint, char *keystr, const char *keydisp, char **fingerprints,
void (*callback)(void *ctx, int result), void *ctx) void (*callback)(void *ctx, int result), void *ctx)
{ {
int ret; int ret;
@ -132,7 +132,10 @@ int console_verify_ssh_host_key(
prompt = hk_absentmsg_interactive_prompt; prompt = hk_absentmsg_interactive_prompt;
} }
fprintf(stderr, common_fmt, keytype, fingerprint); FingerprintType fptype_default =
ssh2_pick_default_fingerprint(fingerprints);
fprintf(stderr, common_fmt, keytype, fingerprints[fptype_default]);
if (console_batch_mode) { if (console_batch_mode) {
fputs(console_abandoned_msg, stderr); fputs(console_abandoned_msg, stderr);
return 0; return 0;

9
windows/wincons.c
View File

@ -33,8 +33,8 @@ void console_print_error_msg(const char *prefix, const char *msg)
} }
int console_verify_ssh_host_key( int console_verify_ssh_host_key(
Seat *seat, const char *host, int port, Seat *seat, const char *host, int port, const char *keytype,
const char *keytype, char *keystr, char *fingerprint, char *keystr, const char *keydisp, char **fingerprints,
void (*callback)(void *ctx, int result), void *ctx) void (*callback)(void *ctx, int result), void *ctx)
{ {
int ret; int ret;
@ -62,7 +62,10 @@ int console_verify_ssh_host_key(
prompt = hk_absentmsg_interactive_prompt; prompt = hk_absentmsg_interactive_prompt;
} }
fprintf(stderr, common_fmt, keytype, fingerprint); FingerprintType fptype_default =
ssh2_pick_default_fingerprint(fingerprints);
fprintf(stderr, common_fmt, keytype, fingerprints[fptype_default]);
if (console_batch_mode) { if (console_batch_mode) {
fputs(console_abandoned_msg, stderr); fputs(console_abandoned_msg, stderr);
return 0; return 0;

7
windows/windlg.c
View File

@ -939,8 +939,8 @@ static INT_PTR CALLBACK HostKeyDialogProc(HWND hwnd, UINT msg,
} }
int win_seat_verify_ssh_host_key( int win_seat_verify_ssh_host_key(
Seat *seat, const char *host, int port, Seat *seat, const char *host, int port, const char *keytype,
const char *keytype, char *keystr, char *fingerprint, char *keystr, const char *keydisp, char **fingerprints,
void (*callback)(void *ctx, int result), void *ctx) void (*callback)(void *ctx, int result), void *ctx)
{ {
int ret; int ret;
@ -965,7 +965,8 @@ int win_seat_verify_ssh_host_key(
struct hostkey_dialog_ctx ctx[1]; struct hostkey_dialog_ctx ctx[1];
ctx->keywords = keywords; ctx->keywords = keywords;
ctx->values = values; ctx->values = values;
ctx->fingerprint = fingerprint; ctx->fingerprint = fingerprints[
ssh2_pick_default_fingerprint(fingerprints)];
ctx->iconid = (ret == 2 ? IDI_WARNING : IDI_QUESTION); ctx->iconid = (ret == 2 ? IDI_WARNING : IDI_QUESTION);
ctx->helpctx = (ret == 2 ? WINHELP_CTX_errors_hostkey_changed : ctx->helpctx = (ret == 2 ? WINHELP_CTX_errors_hostkey_changed :
WINHELP_CTX_errors_hostkey_absent); WINHELP_CTX_errors_hostkey_absent);

4
windows/winstuff.h
View File

@ -218,8 +218,8 @@ int has_embedded_chm(void); /* 1 = yes, 0 = no, -1 = N/A */
* window.c can refer to them. * window.c can refer to them.
*/ */
int win_seat_verify_ssh_host_key( int win_seat_verify_ssh_host_key(
Seat *seat, const char *host, int port, Seat *seat, const char *host, int port, const char *keytype,
const char *keytype, char *keystr, char *key_fingerprint, char *keystr, const char *keydisp, char **key_fingerprints,
void (*callback)(void *ctx, int result), void *ctx); void (*callback)(void *ctx, int result), void *ctx);
int win_seat_confirm_weak_crypto_primitive( int win_seat_confirm_weak_crypto_primitive(
Seat *seat, const char *algtype, const char *algname, Seat *seat, const char *algtype, const char *algname,