mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-07-01 03:22:48 -05:00
Revamp SSH authentication code so that user interaction is more
abstracted out; replace loops structured around a single interaction per loop with less tortuous code (fixes: `ki-multiprompt-crash', `ssh1-bad-passphrase-crash'; makes `ssh2-password-expiry' and `proxy-password-prompt' easier). The new interaction abstraction has a lot of fields that are unused in the current code (things like window captions); this is groundwork for `gui-auth'. However, ssh.c still writes directly to stderr; that may want to be fixed. In the GUI apps, user interaction is moved to terminal.c. This should make it easier to fix things like UTF-8 username entry, although I haven't attempted to do so. Also, control character filtering can be tailored to be appropriate for individual front-ends; so far I don't promise anything other than not having made it any worse. I've tried to test this fairly exhaustively (although Mac stuff is untested, as usual). It all seems to basically work, but I bet there are new bugs. (One I know about is that you can no longer make the PuTTY window go away with a ^D at the password prompt; this should be fixed.) [originally from svn r6437] [this svn revision also touched putty-wishlist]
This commit is contained in:
Jacob Nevins
72
putty.h
72
putty.h
@ -611,6 +611,52 @@ GLOBAL int loaded_session;
|
||||
|
||||
struct RSAKey; /* be a little careful of scope */
|
||||
|
||||
/*
|
||||
* Mechanism for getting text strings such as usernames and passwords
|
||||
* from the front-end.
|
||||
* The fields are mostly modelled after SSH's keyboard-interactive auth.
|
||||
* FIXME We should probably mandate a character set/encoding (probably UTF-8).
|
||||
*
|
||||
* Since many of the pieces of text involved may be chosen by the server,
|
||||
* the caller must take care to ensure that the server can't spoof locally-
|
||||
* generated prompts such as key passphrase prompts. Some ground rules:
|
||||
* - If the front-end needs to truncate a string, it should lop off the
|
||||
* end.
|
||||
* - The front-end should filter out any dangerous characters and
|
||||
* generally not trust the strings. (But \n is required to behave
|
||||
* vaguely sensibly, at least in `instruction', and ideally in
|
||||
* `prompt[]' too.)
|
||||
*/
|
||||
typedef struct {
|
||||
char *prompt;
|
||||
int echo;
|
||||
char *result; /* allocated/freed by caller */
|
||||
size_t result_len;
|
||||
} prompt_t;
|
||||
typedef struct {
|
||||
/*
|
||||
* Indicates whether the information entered is to be used locally
|
||||
* (for instance a key passphrase prompt), or is destined for the wire.
|
||||
* This is a hint only; the front-end is at liberty not to use this
|
||||
* information (so the caller should ensure that the supplied text is
|
||||
* sufficient).
|
||||
*/
|
||||
int to_server;
|
||||
char *name; /* Short description, perhaps for dialog box title */
|
||||
int name_reqd; /* Display of `name' required or optional? */
|
||||
char *instruction; /* Long description, maybe with embedded newlines */
|
||||
int instr_reqd; /* Display of `instruction' required or optional? */
|
||||
size_t n_prompts;
|
||||
prompt_t **prompts;
|
||||
void *frontend;
|
||||
void *data; /* slot for housekeeping data, managed by
|
||||
* get_userpass_input(); initially NULL */
|
||||
} prompts_t;
|
||||
prompts_t *new_prompts(void *frontend);
|
||||
void add_prompt(prompts_t *p, char *promptstr, int echo, size_t len);
|
||||
/* Burn the evidence. (Assumes _all_ strings want free()ing.) */
|
||||
void free_prompts(prompts_t *p);
|
||||
|
||||
/*
|
||||
* Exports from the front end.
|
||||
*/
|
||||
@ -652,10 +698,17 @@ void ldisc_update(void *frontend, int echo, int edit);
|
||||
* shutdown. */
|
||||
void update_specials_menu(void *frontend);
|
||||
int from_backend(void *frontend, int is_stderr, const char *data, int len);
|
||||
int from_backend_untrusted(void *frontend, const char *data, int len);
|
||||
void notify_remote_exit(void *frontend);
|
||||
/* Get a sensible value for a tty mode. NULL return = don't set.
|
||||
* Otherwise, returned value should be freed by caller. */
|
||||
char *get_ttymode(void *frontend, const char *mode);
|
||||
/*
|
||||
* >0 = `got all results, carry on'
|
||||
* 0 = `user cancelled' (FIXME distinguish "give up entirely" and "next auth"?)
|
||||
* <0 = `please call back later with more in/inlen'
|
||||
*/
|
||||
int get_userpass_input(prompts_t *p, unsigned char *in, int inlen);
|
||||
#define OPTIMISE_IS_SCROLL 1
|
||||
|
||||
void set_iconic(void *frontend, int iconic);
|
||||
@ -745,12 +798,15 @@ void term_copyall(Terminal *);
|
||||
void term_reconfig(Terminal *, Config *);
|
||||
void term_seen_key_event(Terminal *);
|
||||
int term_data(Terminal *, int is_stderr, const char *data, int len);
|
||||
int term_data_untrusted(Terminal *, const char *data, int len);
|
||||
void term_provide_resize_fn(Terminal *term,
|
||||
void (*resize_fn)(void *, int, int),
|
||||
void *resize_ctx);
|
||||
void term_provide_logctx(Terminal *term, void *logctx);
|
||||
void term_set_focus(Terminal *term, int has_focus);
|
||||
char *term_get_ttymode(Terminal *term, const char *mode);
|
||||
int term_get_userpass_input(Terminal *term, prompts_t *p,
|
||||
unsigned char *in, int inlen);
|
||||
|
||||
/*
|
||||
* Exports from logging.c.
|
||||
@ -800,14 +856,8 @@ extern Backend rlogin_backend;
|
||||
extern Backend telnet_backend;
|
||||
|
||||
/*
|
||||
* Exports from ssh.c. (NB the getline variables have to be GLOBAL
|
||||
* so that PuTTYtel will still compile - otherwise it would depend
|
||||
* on ssh.c.)
|
||||
* Exports from ssh.c.
|
||||
*/
|
||||
|
||||
GLOBAL int (*ssh_get_line) (const char *prompt, char *str, int maxlen,
|
||||
int is_pw);
|
||||
GLOBAL int ssh_getline_pw_only;
|
||||
extern Backend ssh_backend;
|
||||
|
||||
/*
|
||||
@ -952,11 +1002,11 @@ int askappend(void *frontend, Filename filename,
|
||||
void (*callback)(void *ctx, int result), void *ctx);
|
||||
|
||||
/*
|
||||
* Exports from console.c (that aren't equivalents to things in
|
||||
* windlg.c).
|
||||
* Exports from console frontends (wincons.c, uxcons.c)
|
||||
* that aren't equivalents to things in windlg.c et al.
|
||||
*/
|
||||
extern int console_batch_mode;
|
||||
int console_get_line(const char *prompt, char *str, int maxlen, int is_pw);
|
||||
int console_get_userpass_input(prompts_t *p, unsigned char *in, int inlen);
|
||||
void console_provide_logctx(void *logctx);
|
||||
int is_interactive(void);
|
||||
|
||||
@ -980,7 +1030,7 @@ void printer_finish_job(printer_job *);
|
||||
int cmdline_process_param(char *, char *, int, Config *);
|
||||
void cmdline_run_saved(Config *);
|
||||
void cmdline_cleanup(void);
|
||||
extern char *cmdline_password;
|
||||
int cmdline_get_passwd_input(prompts_t *p, unsigned char *in, int inlen);
|
||||
#define TOOLTYPE_FILETRANSFER 1
|
||||
#define TOOLTYPE_NONNETWORK 2
|
||||
extern int cmdline_tooltype;
|
||||
|
||||
Reference in New Issue
Block a user