diff --git a/cmdgen.c b/cmdgen.c index 3f112755..3318e4ec 100644 --- a/cmdgen.c +++ b/cmdgen.c @@ -753,6 +753,7 @@ int main(int argc, char **argv) prompts_t *p = new_prompts(); int ret; p->to_server = false; + p->from_server = false; p->name = dupstr("SSH key passphrase"); add_prompt(p, dupstr("Enter passphrase to load key: "), false); ret = console_get_userpass_input(p); @@ -889,6 +890,7 @@ int main(int argc, char **argv) int ret; p->to_server = false; + p->from_server = false; p->name = dupstr("New SSH key passphrase"); add_prompt(p, dupstr("Enter passphrase to save key: "), false); add_prompt(p, dupstr("Re-enter passphrase to verify: "), false); diff --git a/putty.h b/putty.h index 54206ccb..71d8da76 100644 --- a/putty.h +++ b/putty.h @@ -659,6 +659,15 @@ typedef struct { * sufficient). */ bool to_server; + + /* + * Indicates whether the prompts originated _at_ the server, so + * that the front end can display some kind of trust sigil that + * distinguishes (say) a legit private-key passphrase prompt from + * a fake one sent by a malicious server. + */ + bool from_server; + char *name; /* Short description, perhaps for dialog box title */ bool name_reqd; /* Display of `name' required or optional? */ char *instruction; /* Long description, maybe with embedded newlines */ diff --git a/rlogin.c b/rlogin.c index 48f1ccb6..1702f153 100644 --- a/rlogin.c +++ b/rlogin.c @@ -228,6 +228,7 @@ static const char *rlogin_init(Seat *seat, Backend **backend_handle, rlogin->prompt = new_prompts(); rlogin->prompt->to_server = true; + rlogin->prompt->from_server = false; rlogin->prompt->name = dupstr("Rlogin login name"); add_prompt(rlogin->prompt, dupstr("rlogin username: "), true); ret = seat_get_userpass_input(rlogin->seat, rlogin->prompt, NULL); diff --git a/ssh1login.c b/ssh1login.c index de220bd7..a3197e6a 100644 --- a/ssh1login.c +++ b/ssh1login.c @@ -383,6 +383,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) if ((s->username = get_remote_username(s->conf)) == NULL) { s->cur_prompt = new_prompts(); s->cur_prompt->to_server = true; + s->cur_prompt->from_server = false; s->cur_prompt->name = dupstr("SSH login name"); add_prompt(s->cur_prompt, dupstr("login as: "), true); s->userpass_ret = seat_get_userpass_input( @@ -641,6 +642,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) } else { s->cur_prompt = new_prompts(s->ppl.seat); s->cur_prompt->to_server = false; + s->cur_prompt->from_server = false; s->cur_prompt->name = dupstr("SSH key passphrase"); add_prompt(s->cur_prompt, dupprintf("Passphrase for key \"%s\": ", @@ -805,6 +807,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) } ppl_logevent("Received TIS challenge"); s->cur_prompt->to_server = true; + s->cur_prompt->from_server = true; s->cur_prompt->name = dupstr("SSH TIS authentication"); /* Prompt heuristic comes from OpenSSH */ if (!memchr(challenge.ptr, '\n', challenge.len)) { @@ -853,6 +856,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) } ppl_logevent("Received CryptoCard challenge"); s->cur_prompt->to_server = true; + s->cur_prompt->from_server = true; s->cur_prompt->name = dupstr("SSH CryptoCard authentication"); s->cur_prompt->name_reqd = false; /* Prompt heuristic comes from OpenSSH */ @@ -885,6 +889,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl) return; } s->cur_prompt->to_server = true; + s->cur_prompt->from_server = false; s->cur_prompt->name = dupstr("SSH password"); add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ", s->username, s->savedhost), diff --git a/ssh2userauth.c b/ssh2userauth.c index 5633f199..a153caa4 100644 --- a/ssh2userauth.c +++ b/ssh2userauth.c @@ -385,6 +385,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl) } else if ((s->username = s->default_username) == NULL) { s->cur_prompt = new_prompts(); s->cur_prompt->to_server = true; + s->cur_prompt->from_server = false; s->cur_prompt->name = dupstr("SSH login name"); add_prompt(s->cur_prompt, dupstr("login as: "), true); s->userpass_ret = seat_get_userpass_input( @@ -822,6 +823,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl) */ s->cur_prompt = new_prompts(); s->cur_prompt->to_server = false; + s->cur_prompt->from_server = false; s->cur_prompt->name = dupstr("SSH key passphrase"); add_prompt(s->cur_prompt, dupprintf("Passphrase for key \"%s\": ", @@ -1201,6 +1203,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl) get_string(pktin); /* skip language tag */ s->cur_prompt = new_prompts(); s->cur_prompt->to_server = true; + s->cur_prompt->from_server = true; /* * Get any prompt(s) from the packet. @@ -1326,6 +1329,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl) s->cur_prompt = new_prompts(); s->cur_prompt->to_server = true; + s->cur_prompt->from_server = false; s->cur_prompt->name = dupstr("SSH password"); add_prompt(s->cur_prompt, dupprintf("%s@%s's password: ", s->username, s->hostname), @@ -1420,6 +1424,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl) s->cur_prompt = new_prompts(); s->cur_prompt->to_server = true; + s->cur_prompt->from_server = false; s->cur_prompt->name = dupstr("New SSH password"); s->cur_prompt->instruction = mkstr(prompt); s->cur_prompt->instr_reqd = true; diff --git a/unix/uxpgnt.c b/unix/uxpgnt.c index e5f14c97..389853f8 100644 --- a/unix/uxpgnt.c +++ b/unix/uxpgnt.c @@ -328,6 +328,7 @@ static char *askpass_tty(const char *prompt) int ret; prompts_t *p = new_prompts(); p->to_server = false; + p->from_server = false; p->name = dupstr("Pageant passphrase prompt"); add_prompt(p, dupcat(prompt, ": ", (const char *)NULL), false); ret = console_get_userpass_input(p);