mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-06-30 19:12:48 -05:00
Divide seat_set_trust_status into query and update.
This complicates the API in one sense (more separate functions), but in another sense, simplifies it (each function does something simpler). When I start putting one Seat in front of another during SSH proxying, the latter will be more important - in particular, it means you can find out _whether_ a seat can support changing trust status without having to actually attempt a destructive modification.
This commit is contained in:
25
sshproxy.c
25
sshproxy.c
@ -405,20 +405,24 @@ static int sshproxy_confirm_weak_cached_hostkey(
|
||||
return 0;
|
||||
}
|
||||
|
||||
static bool sshproxy_set_trust_status(Seat *seat, bool trusted)
|
||||
static void sshproxy_set_trust_status(Seat *seat, bool trusted)
|
||||
{
|
||||
/*
|
||||
* This is called by the proxy SSH connection, to set our Seat
|
||||
* into a given trust status. We can safely do nothing here and
|
||||
* return true to claim we did something (effectively eliminating
|
||||
* the spoofing defences completely, by suppressing the 'press
|
||||
* Return to begin session' prompt and not providing anything in
|
||||
* place of it), on the basis that session I/O from the proxy SSH
|
||||
* connection is never passed directly on to the end user, so a
|
||||
* malicious proxy SSH server wouldn't be able to spoof our human
|
||||
* in any case.
|
||||
* into a given trust status. We can safely do nothing here, and
|
||||
* have can_set_trust_status return true to claim we did something
|
||||
* (effectively eliminating the spoofing defences completely, by
|
||||
* suppressing the 'press Return to begin session' prompt and not
|
||||
* providing anything in place of it), on the basis that session
|
||||
* I/O from the proxy SSH connection is never passed directly on
|
||||
* to the end user, so a malicious proxy SSH server wouldn't be
|
||||
* able to spoof our human in any case.
|
||||
*/
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool sshproxy_can_set_trust_status(Seat *seat)
|
||||
{
|
||||
return true; /* see comment above */
|
||||
}
|
||||
|
||||
static const SeatVtable SshProxy_seat_vt = {
|
||||
@ -442,6 +446,7 @@ static const SeatVtable SshProxy_seat_vt = {
|
||||
.get_window_pixel_size = nullseat_get_window_pixel_size,
|
||||
.stripctrl_new = nullseat_stripctrl_new,
|
||||
.set_trust_status = sshproxy_set_trust_status,
|
||||
.can_set_trust_status = sshproxy_can_set_trust_status,
|
||||
.verbose = nullseat_verbose_no,
|
||||
.interactive = nullseat_interactive_no,
|
||||
.get_cursor_position = nullseat_get_cursor_position,
|
||||
|
Reference in New Issue
Block a user