mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-07-01 03:22:48 -05:00
Reorganise host key checking and confirmation.
Previously, checking the host key against the persistent cache managed by the storage.h API was done as part of the seat_verify_ssh_host_key method, i.e. separately by each Seat. Now that check is done by verify_ssh_host_key(), which is a new function in ssh/common.c that centralises all the parts of host key checking that don't need an interactive prompt. It subsumes the previous verify_ssh_manual_host_key() that checked against the Conf, and it does the check against the storage API that each Seat was previously doing separately. If it can't confirm or definitively reject the host key by itself, _then_ it calls out to the Seat, once an interactive prompt is definitely needed. The main point of doing this is so that when SshProxy forwards a Seat call from the proxy SSH connection to the primary Seat, it won't print an announcement of which connection is involved unless it's actually going to do something interactive. (Not that we're printing those announcements _yet_ anyway, but this is a piece of groundwork that works towards doing so.) But while I'm at it, I've also taken the opportunity to clean things up a bit by renaming functions sensibly. Previously we had three very similarly named functions verify_ssh_manual_host_key(), SeatVtable's 'verify_ssh_host_key' method, and verify_host_key() in storage.h. Now the Seat method is called 'confirm' rather than 'verify' (since its job is now always to print an interactive prompt, so it looks more like the other confirm_foo methods), and the storage.h function is called check_stored_host_key(), which goes better with store_host_key and avoids having too many functions with similar names. And the 'manual' function is subsumed into the new centralised code, so there's now just *one* host key function with 'verify' in the name. Several functions are reindented in this commit. Best viewed with whitespace changes ignored.
This commit is contained in:
Simon Tatham
47
putty.h
47
putty.h
@ -1081,31 +1081,43 @@ struct SeatVtable {
|
||||
|
||||
/*
|
||||
* Ask the seat whether a given SSH host key should be accepted.
|
||||
* This may return immediately after checking saved configuration
|
||||
* or command-line options, or it may have to present a prompt to
|
||||
* the user and return asynchronously later.
|
||||
* This is called after we've already checked it by any means we
|
||||
* can do ourselves, such as checking against host key
|
||||
* fingerprints in the Conf or the host key cache on disk: once we
|
||||
* call this function, we've already decided there's nothing for
|
||||
* it but to prompt the user.
|
||||
*
|
||||
* 'mismatch' reports the result of checking the host key cache:
|
||||
* it is true if the server has presented a host key different
|
||||
* from the one we expected, and false if we had no expectation in
|
||||
* the first place.
|
||||
*
|
||||
* This call may prompt the user synchronously and not return
|
||||
* until the answer is available, or it may present the prompt and
|
||||
* return immediately, giving the answer later via the provided
|
||||
* callback.
|
||||
*
|
||||
* Return values:
|
||||
*
|
||||
* - +1 means `key was OK' (either already known or the user just
|
||||
* approved it) `so continue with the connection'
|
||||
* - +1 means `user approved the key, so continue with the
|
||||
* connection'
|
||||
*
|
||||
* - 0 means `key was not OK, abandon the connection'
|
||||
* - 0 means `user rejected the key, abandon the connection'
|
||||
*
|
||||
* - -1 means `I've initiated enquiries, please wait to be called
|
||||
* back via the provided function with a result that's either 0
|
||||
* or +1'.
|
||||
*/
|
||||
int (*verify_ssh_host_key)(
|
||||
int (*confirm_ssh_host_key)(
|
||||
Seat *seat, const char *host, int port, const char *keytype,
|
||||
char *keystr, const char *keydisp, char **key_fingerprints,
|
||||
void (*callback)(void *ctx, int result), void *ctx);
|
||||
bool mismatch, void (*callback)(void *ctx, int result), void *ctx);
|
||||
|
||||
/*
|
||||
* Check with the seat whether it's OK to use a cryptographic
|
||||
* primitive from below the 'warn below this line' threshold in
|
||||
* the input Conf. Return values are the same as
|
||||
* verify_ssh_host_key above.
|
||||
* confirm_ssh_host_key above.
|
||||
*/
|
||||
int (*confirm_weak_crypto_primitive)(
|
||||
Seat *seat, const char *algtype, const char *algname,
|
||||
@ -1229,11 +1241,12 @@ static inline char *seat_get_ttymode(Seat *seat, const char *mode)
|
||||
{ return seat->vt->get_ttymode(seat, mode); }
|
||||
static inline void seat_set_busy_status(Seat *seat, BusyStatus status)
|
||||
{ seat->vt->set_busy_status(seat, status); }
|
||||
static inline int seat_verify_ssh_host_key(
|
||||
static inline int seat_confirm_ssh_host_key(
|
||||
Seat *seat, const char *h, int p, const char *ktyp, char *kstr,
|
||||
const char *kdsp, char **fps, void (*cb)(void *ctx, int result), void *ctx)
|
||||
{ return seat->vt->verify_ssh_host_key(seat, h, p, ktyp, kstr, kdsp, fps,
|
||||
cb, ctx); }
|
||||
const char *kdsp, char **fps, bool mis,
|
||||
void (*cb)(void *ctx, int result), void *ctx)
|
||||
{ return seat->vt->confirm_ssh_host_key(seat, h, p, ktyp, kstr, kdsp, fps,
|
||||
mis, cb, ctx); }
|
||||
static inline int seat_confirm_weak_crypto_primitive(
|
||||
Seat *seat, const char *atyp, const char *aname,
|
||||
void (*cb)(void *ctx, int result), void *ctx)
|
||||
@ -1308,9 +1321,9 @@ void nullseat_connection_fatal(Seat *seat, const char *message);
|
||||
void nullseat_update_specials_menu(Seat *seat);
|
||||
char *nullseat_get_ttymode(Seat *seat, const char *mode);
|
||||
void nullseat_set_busy_status(Seat *seat, BusyStatus status);
|
||||
int nullseat_verify_ssh_host_key(
|
||||
int nullseat_confirm_ssh_host_key(
|
||||
Seat *seat, const char *host, int port, const char *keytype,
|
||||
char *keystr, const char *keydisp, char **key_fingerprints,
|
||||
char *keystr, const char *keydisp, char **key_fingerprints, bool mismatch,
|
||||
void (*callback)(void *ctx, int result), void *ctx);
|
||||
int nullseat_confirm_weak_crypto_primitive(
|
||||
Seat *seat, const char *algtype, const char *algname,
|
||||
@ -1341,9 +1354,9 @@ bool nullseat_get_cursor_position(Seat *seat, int *x, int *y);
|
||||
*/
|
||||
|
||||
void console_connection_fatal(Seat *seat, const char *message);
|
||||
int console_verify_ssh_host_key(
|
||||
int console_confirm_ssh_host_key(
|
||||
Seat *seat, const char *host, int port, const char *keytype,
|
||||
char *keystr, const char *keydisp, char **key_fingerprints,
|
||||
char *keystr, const char *keydisp, char **key_fingerprints, bool mismatch,
|
||||
void (*callback)(void *ctx, int result), void *ctx);
|
||||
int console_confirm_weak_crypto_primitive(
|
||||
Seat *seat, const char *algtype, const char *algname,
|
||||
|
||||
Reference in New Issue
Block a user