Reorganise host key checking and confirmation.

Previously, checking the host key against the persistent cache managed
by the storage.h API was done as part of the seat_verify_ssh_host_key
method, i.e. separately by each Seat.

Now that check is done by verify_ssh_host_key(), which is a new
function in ssh/common.c that centralises all the parts of host key
checking that don't need an interactive prompt. It subsumes the
previous verify_ssh_manual_host_key() that checked against the Conf,
and it does the check against the storage API that each Seat was
previously doing separately. If it can't confirm or definitively
reject the host key by itself, _then_ it calls out to the Seat, once
an interactive prompt is definitely needed.

The main point of doing this is so that when SshProxy forwards a Seat
call from the proxy SSH connection to the primary Seat, it won't print
an announcement of which connection is involved unless it's actually
going to do something interactive. (Not that we're printing those
announcements _yet_ anyway, but this is a piece of groundwork that
works towards doing so.)

But while I'm at it, I've also taken the opportunity to clean things
up a bit by renaming functions sensibly. Previously we had three very
similarly named functions verify_ssh_manual_host_key(), SeatVtable's
'verify_ssh_host_key' method, and verify_host_key() in storage.h. Now
the Seat method is called 'confirm' rather than 'verify' (since its
job is now always to print an interactive prompt, so it looks more
like the other confirm_foo methods), and the storage.h function is
called check_stored_host_key(), which goes better with store_host_key
and avoids having too many functions with similar names. And the
'manual' function is subsumed into the new centralised code, so
there's now just *one* host key function with 'verify' in the name.

Several functions are reindented in this commit. Best viewed with
whitespace changes ignored.

unix/console.c

@@ -102,30 +102,20 @@ static int block_and_read(int fd, void *buf, size_t len)
     return ret;
 }
 
-int console_verify_ssh_host_key(
+int console_confirm_ssh_host_key(
     Seat *seat, const char *host, int port, const char *keytype,
-    char *keystr, const char *keydisp, char **fingerprints,
+    char *keystr, const char *keydisp, char **fingerprints, bool mismatch,
     void (*callback)(void *ctx, int result), void *ctx)
 {
-    int ret;
-
     char line[32];
     struct termios cf;
     char *common;
     const char *intro, *prompt;
 
-    /*
-     * Verify the key.
-     */
-    ret = verify_host_key(host, port, keytype, keystr);
-
-    if (ret == 0)                      /* success - key matched OK */
-        return 1;
-
     FingerprintType fptype_default =
         ssh2_pick_default_fingerprint(fingerprints);
 
-    if (ret == 2) {                    /* key was different */
+    if (mismatch) {                    /* key was different */
         common = hk_wrongmsg_common(host, port, keytype,
                                     fingerprints[fptype_default]);
         intro = hk_wrongmsg_interactive_intro;

unix/dialog.c

@@ -3448,7 +3448,7 @@ GtkWidget *create_message_box(
         NULL /* action_postproc */, NULL /* postproc_ctx */);
 }
 
-struct verify_ssh_host_key_dialog_ctx {
+struct confirm_ssh_host_key_dialog_ctx {
     char *host;
     int port;
     char *keytype;
@@ -3462,10 +3462,10 @@ struct verify_ssh_host_key_dialog_ctx {
     GtkWidget *more_info_dialog;
 };
 
-static void verify_ssh_host_key_result_callback(void *vctx, int result)
+static void confirm_ssh_host_key_result_callback(void *vctx, int result)
 {
-    struct verify_ssh_host_key_dialog_ctx *ctx =
-        (struct verify_ssh_host_key_dialog_ctx *)vctx;
+    struct confirm_ssh_host_key_dialog_ctx *ctx =
+        (struct confirm_ssh_host_key_dialog_ctx *)vctx;
 
     if (result >= 0) {
         int logical_result;
@@ -3518,16 +3518,16 @@ static GtkWidget *add_more_info_button(GtkWidget *w, void *vctx)
 
 static void more_info_closed(void *vctx, int result)
 {
-    struct verify_ssh_host_key_dialog_ctx *ctx =
-        (struct verify_ssh_host_key_dialog_ctx *)vctx;
+    struct confirm_ssh_host_key_dialog_ctx *ctx =
+        (struct confirm_ssh_host_key_dialog_ctx *)vctx;
 
     ctx->more_info_dialog = NULL;
 }
 
 static void more_info_button_clicked(GtkButton *button, gpointer vctx)
 {
-    struct verify_ssh_host_key_dialog_ctx *ctx =
-        (struct verify_ssh_host_key_dialog_ctx *)vctx;
+    struct confirm_ssh_host_key_dialog_ctx *ctx =
+        (struct confirm_ssh_host_key_dialog_ctx *)vctx;
 
     if (ctx->more_info_dialog)
         return;
@@ -3539,9 +3539,9 @@ static void more_info_button_clicked(GtkButton *button, gpointer vctx)
         &buttons_ok, more_info_closed, ctx);
 }
 
-int gtk_seat_verify_ssh_host_key(
+int gtk_seat_confirm_ssh_host_key(
     Seat *seat, const char *host, int port, const char *keytype,
-    char *keystr, const char *keydisp, char **fingerprints,
+    char *keystr, const char *keydisp, char **fingerprints, bool mismatch,
     void (*callback)(void *ctx, int result), void *ctx)
 {
     static const char absenttxt[] =
@@ -3584,25 +3584,16 @@ int gtk_seat_verify_ssh_host_key(
     };
 
     char *text;
-    int ret;
-    struct verify_ssh_host_key_dialog_ctx *result_ctx;
+    struct confirm_ssh_host_key_dialog_ctx *result_ctx;
     GtkWidget *mainwin, *msgbox;
 
-    /*
-     * Verify the key.
-     */
-    ret = verify_host_key(host, port, keytype, keystr);
-
-    if (ret == 0)                      /* success - key matched OK */
-        return 1;
-
     FingerprintType fptype_default =
         ssh2_pick_default_fingerprint(fingerprints);
 
-    text = dupprintf((ret == 2 ? wrongtxt : absenttxt), host, port,
+    text = dupprintf((mismatch ? wrongtxt : absenttxt), host, port,
                      keytype, fingerprints[fptype_default]);
 
-    result_ctx = snew(struct verify_ssh_host_key_dialog_ctx);
+    result_ctx = snew(struct confirm_ssh_host_key_dialog_ctx);
     result_ctx->callback = callback;
     result_ctx->callback_ctx = ctx;
     result_ctx->host = dupstr(host);
@@ -3616,7 +3607,7 @@ int gtk_seat_verify_ssh_host_key(
     msgbox = create_message_box_general(
         mainwin, "PuTTY Security Alert", text,
         string_width(fingerprints[fptype_default]), true,
-        &buttons_hostkey, verify_ssh_host_key_result_callback, result_ctx,
+        &buttons_hostkey, confirm_ssh_host_key_result_callback, result_ctx,
         add_more_info_button, &more_info_button);
 
     result_ctx->main_dialog = msgbox;

unix/platform.h

@@ -217,9 +217,9 @@ void showeventlog(eventlog_stuff *estuff, void *parentwin);
 void logevent_dlg(eventlog_stuff *estuff, const char *string);
 int gtkdlg_askappend(Seat *seat, Filename *filename,
                      void (*callback)(void *ctx, int result), void *ctx);
-int gtk_seat_verify_ssh_host_key(
+int gtk_seat_confirm_ssh_host_key(
     Seat *seat, const char *host, int port, const char *keytype,
-    char *keystr, const char *keydisp, char **fingerprints,
+    char *keystr, const char *keydisp, char **fingerprints, bool mismatch,
     void (*callback)(void *ctx, int result), void *ctx);
 int gtk_seat_confirm_weak_crypto_primitive(
     Seat *seat, const char *algtype, const char *algname,

unix/plink.c

@@ -399,7 +399,7 @@ static const SeatVtable plink_seat_vt = {
     .update_specials_menu = nullseat_update_specials_menu,
     .get_ttymode = plink_get_ttymode,
     .set_busy_status = nullseat_set_busy_status,
-    .verify_ssh_host_key = console_verify_ssh_host_key,
+    .confirm_ssh_host_key = console_confirm_ssh_host_key,
     .confirm_weak_crypto_primitive = console_confirm_weak_crypto_primitive,
     .confirm_weak_cached_hostkey = console_confirm_weak_cached_hostkey,
     .is_utf8 = nullseat_is_never_utf8,

unix/storage.c

@@ -595,8 +595,8 @@ void enum_settings_finish(settings_e *handle)
  *
  *   rsa@22:foovax.example.org 0x23,0x293487364395345345....2343
  */
-int verify_host_key(const char *hostname, int port,
-                    const char *keytype, const char *key)
+int check_stored_host_key(const char *hostname, int port,
+                          const char *keytype, const char *key)
 {
     FILE *fp;
     char *filename;
@@ -668,10 +668,10 @@ bool have_ssh_host_key(const char *hostname, int port,
                        const char *keytype)
 {
     /*
-     * If we have a host key, verify_host_key will return 0 or 2.
+     * If we have a host key, check_stored_host_key will return 0 or 2.
      * If we don't have one, it'll return 1.
      */
-    return verify_host_key(hostname, port, keytype, "") != 1;
+    return check_stored_host_key(hostname, port, keytype, "") != 1;
 }
 
 void store_host_key(const char *hostname, int port,

unix/window.c

@@ -398,7 +398,7 @@ static const SeatVtable gtk_seat_vt = {
     .update_specials_menu = gtk_seat_update_specials_menu,
     .get_ttymode = gtk_seat_get_ttymode,
     .set_busy_status = gtk_seat_set_busy_status,
-    .verify_ssh_host_key = gtk_seat_verify_ssh_host_key,
+    .confirm_ssh_host_key = gtk_seat_confirm_ssh_host_key,
     .confirm_weak_crypto_primitive = gtk_seat_confirm_weak_crypto_primitive,
     .confirm_weak_cached_hostkey = gtk_seat_confirm_weak_cached_hostkey,
     .is_utf8 = gtk_seat_is_utf8,