diff --git a/console.c b/console.c index ce70c104..465fdfa7 100644 --- a/console.c +++ b/console.c @@ -9,13 +9,16 @@ #include "misc.h" #include "console.h" -char *hk_absentmsg_common(const char *keytype, const char *fingerprint) +char *hk_absentmsg_common(const char *host, int port, + const char *keytype, const char *fingerprint) { return dupprintf( - "The server's host key is not cached. You have no guarantee\n" - "that the server is the computer you think it is.\n" + "The host key is not cached for this server:\n" + " %s (port %d)\n" + "You have no guarantee that the server is the computer\n" + "you think it is.\n" "The server's %s key fingerprint is:\n" - "%s\n", keytype, fingerprint); + " %s\n", host, port, keytype, fingerprint); } const char hk_absentmsg_interactive_intro[] = @@ -29,16 +32,19 @@ const char hk_absentmsg_interactive_prompt[] = "Store key in cache? (y/n, Return cancels connection, " "i for more info) "; -char *hk_wrongmsg_common(const char *keytype, const char *fingerprint) +char *hk_wrongmsg_common(const char *host, int port, + const char *keytype, const char *fingerprint) { return dupprintf( "WARNING - POTENTIAL SECURITY BREACH!\n" - "The server's host key does not match the one PuTTY has\n" - "cached. This means that either the server administrator\n" - "has changed the host key, or you have actually connected\n" + "The host key does not match the one PuTTY has cached\n" + "for this server:\n" + " %s (port %d)\n" + "This means that either the server administrator has\n" + "changed the host key, or you have actually connected\n" "to another computer pretending to be the server.\n" "The new %s key fingerprint is:\n" - "%s\n", keytype, fingerprint); + " %s\n", host, port, keytype, fingerprint); } const char hk_wrongmsg_interactive_intro[] = diff --git a/console.h b/console.h index d28acbdc..f6222e6a 100644 --- a/console.h +++ b/console.h @@ -2,11 +2,13 @@ * Common pieces between the platform console frontend modules. */ -char *hk_absentmsg_common(const char *keytype, const char *fingerprint); +char *hk_absentmsg_common(const char *host, int port, + const char *keytype, const char *fingerprint); extern const char hk_absentmsg_interactive_intro[]; extern const char hk_absentmsg_interactive_prompt[]; -char *hk_wrongmsg_common(const char *keytype, const char *fingerprint); +char *hk_wrongmsg_common(const char *host, int port, + const char *keytype, const char *fingerprint); extern const char hk_wrongmsg_interactive_intro[]; extern const char hk_wrongmsg_interactive_prompt[]; diff --git a/unix/console.c b/unix/console.c index 6b6379ed..8a7cd8f9 100644 --- a/unix/console.c +++ b/unix/console.c @@ -126,11 +126,13 @@ int console_verify_ssh_host_key( ssh2_pick_default_fingerprint(fingerprints); if (ret == 2) { /* key was different */ - common = hk_wrongmsg_common(keytype, fingerprints[fptype_default]); + common = hk_wrongmsg_common(host, port, keytype, + fingerprints[fptype_default]); intro = hk_wrongmsg_interactive_intro; prompt = hk_wrongmsg_interactive_prompt; } else { /* key was absent */ - common = hk_absentmsg_common(keytype, fingerprints[fptype_default]); + common = hk_absentmsg_common(host, port, keytype, + fingerprints[fptype_default]); intro = hk_absentmsg_interactive_intro; prompt = hk_absentmsg_interactive_prompt; } diff --git a/unix/dialog.c b/unix/dialog.c index f6a98a55..42cff97f 100644 --- a/unix/dialog.c +++ b/unix/dialog.c @@ -3545,10 +3545,12 @@ int gtk_seat_verify_ssh_host_key( void (*callback)(void *ctx, int result), void *ctx) { static const char absenttxt[] = - "The server's host key is not cached. You have no guarantee " - "that the server is the computer you think it is.\n" - "The server's %s key fingerprint is:\n" - "%s\n" + "The host key is not cached for this server:\n\n" + "%s (port %d)\n\n" + "You have no guarantee that the server is the computer " + "you think it is.\n" + "The server's %s key fingerprint is:\n\n" + "%s\n\n" "If you trust this host, press \"Accept\" to add the key to " "PuTTY's cache and carry on connecting.\n" "If you want to carry on connecting just once, without " @@ -3557,12 +3559,14 @@ int gtk_seat_verify_ssh_host_key( "connection."; static const char wrongtxt[] = "WARNING - POTENTIAL SECURITY BREACH!\n" - "The server's host key does not match the one PuTTY has " - "cached. This means that either the server administrator " - "has changed the host key, or you have actually connected " + "The host key does not match the one PuTTY has cached " + "for this server:\n\n" + "%s (port %d)\n\n" + "This means that either the server administrator has " + "changed the host key, or you have actually connected " "to another computer pretending to be the server.\n" - "The new %s key fingerprint is:\n" - "%s\n" + "The new %s key fingerprint is:\n\n" + "%s\n\n" "If you were expecting this change and trust the new key, " "press \"Accept\" to update PuTTY's cache and continue connecting.\n" "If you want to carry on connecting but without updating " @@ -3595,8 +3599,8 @@ int gtk_seat_verify_ssh_host_key( FingerprintType fptype_default = ssh2_pick_default_fingerprint(fingerprints); - text = dupprintf((ret == 2 ? wrongtxt : absenttxt), keytype, - fingerprints[fptype_default]); + text = dupprintf((ret == 2 ? wrongtxt : absenttxt), host, port, + keytype, fingerprints[fptype_default]); result_ctx = snew(struct verify_ssh_host_key_dialog_ctx); result_ctx->callback = callback; diff --git a/windows/console.c b/windows/console.c index 21d33cd2..75d55916 100644 --- a/windows/console.c +++ b/windows/console.c @@ -57,11 +57,13 @@ int console_verify_ssh_host_key( ssh2_pick_default_fingerprint(fingerprints); if (ret == 2) { /* key was different */ - common = hk_wrongmsg_common(keytype, fingerprints[fptype_default]); + common = hk_wrongmsg_common(host, port, keytype, + fingerprints[fptype_default]); intro = hk_wrongmsg_interactive_intro; prompt = hk_wrongmsg_interactive_prompt; } else { /* key was absent */ - common = hk_absentmsg_common(keytype, fingerprints[fptype_default]); + common = hk_absentmsg_common(host, port, keytype, + fingerprints[fptype_default]); intro = hk_absentmsg_interactive_intro; prompt = hk_absentmsg_interactive_prompt; } diff --git a/windows/dialog.c b/windows/dialog.c index c1ac0599..4778528b 100644 --- a/windows/dialog.c +++ b/windows/dialog.c @@ -825,6 +825,8 @@ void showabout(HWND hwnd) struct hostkey_dialog_ctx { const char *const *keywords; const char *const *values; + const char *host; + int port; FingerprintType fptype_default; char **fingerprints; const char *keydisp; @@ -901,6 +903,11 @@ static INT_PTR CALLBACK HostKeyDialogProc(HWND hwnd, UINT msg, } strbuf_free(sb); + char *hostport = dupprintf("%s (port %d)", ctx->host, ctx->port); + SetDlgItemText(hwnd, IDC_HK_HOST, hostport); + sfree(hostport); + MakeDlgItemBorderless(hwnd, IDC_HK_HOST); + SetDlgItemText(hwnd, IDC_HK_FINGERPRINT, ctx->fingerprints[ctx->fptype_default]); MakeDlgItemBorderless(hwnd, IDC_HK_FINGERPRINT); @@ -1002,6 +1009,8 @@ int win_seat_verify_ssh_host_key( ctx->iconid = (ret == 2 ? IDI_WARNING : IDI_QUESTION); ctx->helpctx = (ret == 2 ? WINHELP_CTX_errors_hostkey_changed : WINHELP_CTX_errors_hostkey_absent); + ctx->host = host; + ctx->port = port; int dlgid = (ret == 2 ? IDD_HK_WRONG : IDD_HK_ABSENT); int mbret = DialogBoxParam( hinst, MAKEINTRESOURCE(dlgid), wgs->term_hwnd, diff --git a/windows/putty-common.rc2 b/windows/putty-common.rc2 index 056a2837..f8df971f 100644 --- a/windows/putty-common.rc2 +++ b/windows/putty-common.rc2 @@ -57,60 +57,62 @@ BEGIN END /* No accelerators used */ -IDD_HK_ABSENT DIALOG DISCARDABLE 50, 50, 340, 148 +IDD_HK_ABSENT DIALOG DISCARDABLE 50, 50, 340, 160 STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "PuTTY Security Alert" FONT 8, "MS Shell Dlg" BEGIN - LTEXT "The server's host key is not cached in the registry. You have no", 100, 40, 20, 300, 8 - LTEXT "guarantee that the server is the computer you think it is.", 101, 40, 28, 300, 8 - LTEXT "The server's {KEYTYPE} key fingerprint is:", 102, 40, 40, 300, 8 - LTEXT "If you trust this host, press ""Accept"" to add the key to {APPNAME}'s", 103, 40, 60, 300, 8 - LTEXT "cache and carry on connecting.", 104, 40, 68, 300, 8 - LTEXT "If you want to carry on connecting just once, without adding the key", 105, 40, 80, 300, 8 - LTEXT "to the cache, press ""Connect Once"".", 106, 40, 88, 300, 8 - LTEXT "If you do not trust this host, press ""Cancel"" to abandon the connection.", 107, 40, 100, 300, 8 + LTEXT "The host key is not cached for this server:", 100, 40, 20, 300, 8 + LTEXT "You have no guarantee that the server is the computer you think it is.", 101, 40, 40, 300, 8 + LTEXT "The server's {KEYTYPE} key fingerprint is:", 102, 40, 52, 300, 8 + LTEXT "If you trust this host, press ""Accept"" to add the key to {APPNAME}'s", 103, 40, 72, 300, 8 + LTEXT "cache and carry on connecting.", 104, 40, 80, 300, 8 + LTEXT "If you want to carry on connecting just once, without adding the key", 105, 40, 92, 300, 8 + LTEXT "to the cache, press ""Connect Once"".", 106, 40, 100, 300, 8 + LTEXT "If you do not trust this host, press ""Cancel"" to abandon the connection.", 107, 40, 112, 300, 8 ICON "", IDC_HK_ICON, 10, 18, 0, 0 - PUSHBUTTON "Cancel", IDCANCEL, 288, 128, 40, 14 - PUSHBUTTON "Accept", IDC_HK_ACCEPT, 168, 128, 40, 14 - PUSHBUTTON "Connect Once", IDC_HK_ONCE, 216, 128, 64, 14 - PUSHBUTTON "More info...", IDC_HK_MOREINFO, 60, 128, 64, 14 - PUSHBUTTON "Help", IDHELP, 12, 128, 40, 14 + PUSHBUTTON "Cancel", IDCANCEL, 288, 140, 40, 14 + PUSHBUTTON "Accept", IDC_HK_ACCEPT, 168, 140, 40, 14 + PUSHBUTTON "Connect Once", IDC_HK_ONCE, 216, 140, 64, 14 + PUSHBUTTON "More info...", IDC_HK_MOREINFO, 60, 140, 64, 14 + PUSHBUTTON "Help", IDHELP, 12, 140, 40, 14 - EDITTEXT IDC_HK_FINGERPRINT, 40, 48, 300, 12, ES_READONLY | ES_LEFT, 0 + EDITTEXT IDC_HK_HOST, 40, 28, 300, 12, ES_READONLY | ES_LEFT, 0 + EDITTEXT IDC_HK_FINGERPRINT, 40, 60, 300, 12, ES_READONLY | ES_LEFT, 0 END /* No accelerators used */ -IDD_HK_WRONG DIALOG DISCARDABLE 50, 50, 340, 188 +IDD_HK_WRONG DIALOG DISCARDABLE 50, 50, 340, 200 STYLE DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU CAPTION "PuTTY Security Alert" FONT 8, "MS Shell Dlg" BEGIN LTEXT "WARNING - POTENTIAL SECURITY BREACH!", IDC_HK_TITLE, 40, 20, 300, 12 - LTEXT "The server's host key does not match the one {APPNAME} has cached in", 100, 40, 36, 300, 8 - LTEXT "the registry. This means that either the server administrator has", 101, 40, 44, 300, 8 - LTEXT "changed the host key, or you have actually connected to another", 102, 40, 52, 300, 8 - LTEXT "computer pretending to be the server.", 103, 40, 60, 300, 8 - LTEXT "The new {KEYTYPE} key fingerprint is:", 104, 40, 72, 300, 8 - LTEXT "If you were expecting this change and trust the new key, press", 105, 40, 92, 300, 8 - LTEXT """Accept"" to update {APPNAME}'s cache and continue connecting.", 106, 40, 100, 300, 8 - LTEXT "If you want to carry on connecting but without updating the cache,", 107, 40, 112, 300, 8 - LTEXT "press ""Connect Once"".", 108, 40, 120, 300, 8 - LTEXT "If you want to abandon the connection completely, press ""Cancel"".", 109, 40, 132, 300, 8 - LTEXT "Pressing ""Cancel"" is the ONLY guaranteed safe choice.", 110, 40, 140, 300, 8 + LTEXT "The host key does not match the one {APPNAME} has cached for this server:", 100, 40, 36, 300, 8 + LTEXT "This means that either the server administrator has changed the", 101, 40, 56, 300, 8 + LTEXT "host key, or you have actually connected to another computer", 102, 40, 64, 300, 8 + LTEXT "pretending to be the server.", 103, 40, 72, 300, 8 + LTEXT "The new {KEYTYPE} key fingerprint is:", 104, 40, 84, 300, 8 + LTEXT "If you were expecting this change and trust the new key, press", 105, 40, 104, 300, 8 + LTEXT """Accept"" to update {APPNAME}'s cache and continue connecting.", 106, 40, 112, 300, 8 + LTEXT "If you want to carry on connecting but without updating the cache,", 107, 40, 124, 300, 8 + LTEXT "press ""Connect Once"".", 108, 40, 132, 300, 8 + LTEXT "If you want to abandon the connection completely, press ""Cancel"".", 109, 40, 144, 300, 8 + LTEXT "Pressing ""Cancel"" is the ONLY guaranteed safe choice.", 110, 40, 152, 300, 8 ICON "", IDC_HK_ICON, 10, 16, 0, 0 - PUSHBUTTON "Cancel", IDCANCEL, 288, 168, 40, 14 - PUSHBUTTON "Accept", IDC_HK_ACCEPT, 168, 168, 40, 14 - PUSHBUTTON "Connect Once", IDC_HK_ONCE, 216, 168, 64, 14 - PUSHBUTTON "More info...", IDC_HK_MOREINFO, 60, 168, 64, 14 - PUSHBUTTON "Help", IDHELP, 12, 168, 40, 14 + PUSHBUTTON "Cancel", IDCANCEL, 288, 180, 40, 14 + PUSHBUTTON "Accept", IDC_HK_ACCEPT, 168, 180, 40, 14 + PUSHBUTTON "Connect Once", IDC_HK_ONCE, 216, 180, 64, 14 + PUSHBUTTON "More info...", IDC_HK_MOREINFO, 60, 180, 64, 14 + PUSHBUTTON "Help", IDHELP, 12, 180, 40, 14 - EDITTEXT IDC_HK_FINGERPRINT, 40, 80, 300, 12, ES_READONLY | ES_LEFT, 0 + EDITTEXT IDC_HK_HOST, 40, 44, 300, 12, ES_READONLY | ES_LEFT, 0 + EDITTEXT IDC_HK_FINGERPRINT, 40, 92, 300, 12, ES_READONLY | ES_LEFT, 0 END /* Accelerators used: clw */ diff --git a/windows/putty-rc.h b/windows/putty-rc.h index cdfae94a..003609fd 100644 --- a/windows/putty-rc.h +++ b/windows/putty-rc.h @@ -36,8 +36,9 @@ #define IDC_HK_TITLE 99 #define IDC_HK_ACCEPT 1001 #define IDC_HK_ONCE 1000 -#define IDC_HK_FINGERPRINT 1002 -#define IDC_HK_MOREINFO 1003 +#define IDC_HK_HOST 1002 +#define IDC_HK_FINGERPRINT 1003 +#define IDC_HK_MOREINFO 1004 #define IDC_HKI_SHA256 1000 #define IDC_HKI_MD5 1001