nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-06-30 19:12:48 -05:00
Code Issues Projects Releases Wiki Activity

Framework for announcing which Interactor is talking.

Browse Source 
All this Interactor business has been gradually working towards being
able to inform the user _which_ network connection is currently
presenting them with a password prompt (or whatever), in situations
where more than one of them might be, such as an SSH connection being
used as a proxy for another SSH connection when neither one has
one-touch login configured.

At some point, we have to arrange that any attempt to do a user
interaction during connection setup - be it a password prompt, a host
key confirmation dialog, or just displaying an SSH login banner -
makes it clear which host it's come from. That's going to mean calling
some kind of announcement function before doing any of those things.

But there are several of those functions in the Seat API, and calls to
them are scattered far and wide across the SSH backend. (And not even
just there - the Rlogin backend also uses seat_get_userpass_input).
How can we possibly make sure we don't forget a vital call site on
some obscure little-tested code path, and leave the user confused in
just that one case which nobody might notice for years?

Today I thought of a trick to solve that problem. We can use the C
type system to enforce it for us!

The plan is: we invent a new struct type which contains nothing but a
'Seat *'. Then, for every Seat method which does a thing that ought to
be clearly identified as relating to a particular Interactor, we
adjust the API for that function to take the new struct type where it
previously took a plain 'Seat *'. Or rather - doing less violence to
the existing code - we only need to adjust the API of the dispatch
functions inline in putty.h.

How does that help? Because the way you _get_ one of these
struct-wrapped Seat pointers is by calling interactor_announce() on
your Interactor, which will in turn call interactor_get_seat(), and
wrap the returned pointer into one of these structs.

The effect is that whenever the SSH (or Rlogin) code wants to call one
of those particular Seat methods, it _has_ to call
interactor_announce() just beforehand, which (once I finish all of
this) will make sure the user is aware of who is presenting the prompt
or banner or whatever. And you can't forget to call it, because if you
don't call it, then you just don't have a struct of the right type to
give to the Seat method you wanted to call!

(Of course, there's nothing stopping code from _deliberately_ taking a
Seat * it already has and wrapping it into the new struct. In fact
SshProxy has to do that, in order to forward these requests up the
chain of Seats. But the point is that you can't do it _by accident_,
just by forgetting to make a vital function call - when you do that,
you _know_ you're doing it on purpose.)

No functional change: the new interactor_announce() function exists,
and the type-system trick ensures it's called in all the right places,
but it doesn't actually _do_ anything yet.
This commit is contained in:
Simon Tatham
2021-10-30 18:05:36 +01:00
parent 89a390bdeb
commit f00c72cc2a
18 changed files with 125 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ssh/common.c
View File

@ -851,8 +851,8 @@ bool ssh2_bpp_check_unimplemented(BinaryPacketProtocol *bpp, PktIn *pktin)
*/
int verify_ssh_host_key(
Seat *seat, Conf *conf, const char *host, int port, ssh_key *key,
const char *keytype, char *keystr, const char *keydisp,
InteractionReadySeat iseat, Conf *conf, const char *host, int port,
ssh_key *key, const char *keytype, char *keystr, const char *keydisp,
char **fingerprints, void (*callback)(void *ctx, int result), void *ctx)
{
/*
@ -923,7 +923,7 @@ int verify_ssh_host_key(
*/
bool mismatch = (storage_status != 1);
return seat_confirm_ssh_host_key(
seat, host, port, keytype, keystr, keydisp, fingerprints, mismatch,
iseat, host, port, keytype, keystr, keydisp, fingerprints, mismatch,
callback, ctx);
}

4
ssh/connection1.c
View File

@ -380,11 +380,11 @@ static void ssh1_connection_process_queue(PacketProtocolLayer *ppl)
s->antispoof_prompt,
dupstr("Access granted. Press Return to begin session. "), false);
s->antispoof_ret = seat_get_userpass_input(
s->ppl.seat, s->antispoof_prompt);
ppl_get_iseat(&s->ppl), s->antispoof_prompt);
while (s->antispoof_ret < 0) {
crReturnV;
s->antispoof_ret = seat_get_userpass_input(
s->ppl.seat, s->antispoof_prompt);
ppl_get_iseat(&s->ppl), s->antispoof_prompt);
}
free_prompts(s->antispoof_prompt);
s->antispoof_prompt = NULL;

4
ssh/connection2.c
View File

@ -993,11 +993,11 @@ static void ssh2_connection_process_queue(PacketProtocolLayer *ppl)
s->antispoof_prompt,
dupstr("Access granted. Press Return to begin session. "), false);
s->antispoof_ret = seat_get_userpass_input(
s->ppl.seat, s->antispoof_prompt);
ppl_get_iseat(&s->ppl), s->antispoof_prompt);
while (s->antispoof_ret < 0) {
crReturnV;
s->antispoof_ret = seat_get_userpass_input(
s->ppl.seat, s->antispoof_prompt);
ppl_get_iseat(&s->ppl), s->antispoof_prompt);
}
free_prompts(s->antispoof_prompt);
s->antispoof_prompt = NULL;

4
ssh/kex2-client.c
View File

@ -854,8 +854,8 @@ void ssh2kex_coroutine(struct ssh2_transport_state *s, bool *aborted)
ppl_logevent("%s", fingerprints[fptype_default]);
s->dlgret = verify_ssh_host_key(
s->ppl.seat, s->conf, s->savedhost, s->savedport, s->hkey,
ssh_key_cache_id(s->hkey), s->keystr, keydisp,
ppl_get_iseat(&s->ppl), s->conf, s->savedhost, s->savedport,
s->hkey, ssh_key_cache_id(s->hkey), s->keystr, keydisp,
fingerprints, ssh2_transport_dialog_callback, s);
ssh2_free_all_fingerprints(fingerprints);

18
ssh/login1.c
View File

@ -243,7 +243,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
char **fingerprints = rsa_ssh1_fake_all_fingerprints(&s->hostkey);
s->dlgret = verify_ssh_host_key(
s->ppl.seat, s->conf, s->savedhost, s->savedport, NULL,
ppl_get_iseat(&s->ppl), s->conf, s->savedhost, s->savedport, NULL,
"rsa", keystr, keydisp, fingerprints,
ssh1_login_dialog_callback, s);
@ -325,7 +325,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
/* Warn about chosen cipher if necessary. */
if (warn) {
s->dlgret = seat_confirm_weak_crypto_primitive(
s->ppl.seat, "cipher", cipher_string,
ppl_get_iseat(&s->ppl), "cipher", cipher_string,
ssh1_login_dialog_callback, s);
crMaybeWaitUntilV(s->dlgret >= 0);
if (s->dlgret == 0) {
@ -391,11 +391,12 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
s->cur_prompt->from_server = false;
s->cur_prompt->name = dupstr("SSH login name");
add_prompt(s->cur_prompt, dupstr("login as: "), true);
s->userpass_ret = seat_get_userpass_input(s->ppl.seat, s->cur_prompt);
s->userpass_ret = seat_get_userpass_input(
ppl_get_iseat(&s->ppl), s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
}
if (!s->userpass_ret) {
/*
@ -688,11 +689,11 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
dupprintf("Passphrase for key \"%s\": ",
s->publickey_comment), false);
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
}
if (!s->userpass_ret) {
/* Failed to get a passphrase. Terminate. */
@ -942,11 +943,12 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
* or CryptoCard exchange if we're doing TIS or CryptoCard
* authentication.
*/
s->userpass_ret = seat_get_userpass_input(s->ppl.seat, s->cur_prompt);
s->userpass_ret = seat_get_userpass_input(
ppl_get_iseat(&s->ppl), s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
}
if (!s->userpass_ret) {
/*

4
ssh/ppl.h
View File

@ -49,6 +49,7 @@ struct PacketProtocolLayer {
/* Logging and error-reporting facilities. */
LogContext *logctx;
Seat *seat; /* for dialog boxes, session output etc */
Interactor *interactor; /* for ppl_get_iseat */
Ssh *ssh; /* for session termination + assorted connection-layer ops */
/* Known bugs in the remote implementation. */
@ -68,6 +69,9 @@ static inline void ssh_ppl_reconfigure(PacketProtocolLayer *ppl, Conf *conf)
static inline size_t ssh_ppl_queued_data_size(PacketProtocolLayer *ppl)
{ return ppl->vt->queued_data_size(ppl); }
static inline InteractionReadySeat ppl_get_iseat(PacketProtocolLayer *ppl)
{ return interactor_announce(ppl->interactor); }
/* ssh_ppl_free is more than just a macro wrapper on the vtable; it
* does centralised parts of the freeing too. */
void ssh_ppl_free(PacketProtocolLayer *ppl);

1
ssh/server.c
View File

@ -375,6 +375,7 @@ static void server_connect_ppl(server *srv, PacketProtocolLayer *ppl)
ppl->logctx = srv->logctx;
ppl->ssh = &srv->ssh;
ppl->seat = &srv->seat;
ppl->interactor = NULL;
ppl->remote_bugs = srv->remote_bugs;
}

1
ssh/ssh.c
View File

@ -168,6 +168,7 @@ static void ssh_connect_ppl(Ssh *ssh, PacketProtocolLayer *ppl)
{
ppl->bpp = ssh->bpp;
ppl->seat = ssh->seat;
ppl->interactor = &ssh->interactor;
ppl->ssh = ssh;
ppl->logctx = ssh->logctx;
ppl->remote_bugs = ssh->remote_bugs;

4
ssh/transport2.c
View File

@ -1313,7 +1313,7 @@ static void ssh2_transport_process_queue(PacketProtocolLayer *ppl)
/* Use the special warning prompt that lets us provide
* a list of better algorithms */
s->dlgret = seat_confirm_weak_cached_hostkey(
s->ppl.seat, s->hostkey_alg->ssh_id, betteralgs,
ppl_get_iseat(&s->ppl), s->hostkey_alg->ssh_id, betteralgs,
ssh2_transport_dialog_callback, s);
sfree(betteralgs);
} else {
@ -2148,7 +2148,7 @@ static int ssh2_transport_confirm_weak_crypto_primitive(
add234(s->weak_algorithms_consented_to, (void *)alg);
return seat_confirm_weak_crypto_primitive(
s->ppl.seat, type, name, ssh2_transport_dialog_callback, s);
ppl_get_iseat(&s->ppl), type, name, ssh2_transport_dialog_callback, s);
}
static size_t ssh2_transport_queued_data_size(PacketProtocolLayer *ppl)

35
ssh/userauth2-client.c
View File

@ -443,11 +443,11 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
s->cur_prompt->name = dupstr("SSH login name");
add_prompt(s->cur_prompt, dupstr("login as: "), true);
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
}
if (!s->userpass_ret) {
/*
@ -521,7 +521,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
(seat_verbose(s->ppl.seat) || seat_interactive(s->ppl.seat))) {
if (s->banner_scc) {
seat_antispoof_msg(
s->ppl.seat,
ppl_get_iseat(&s->ppl),
"Pre-authentication banner message from server:");
seat_set_trust_status(s->ppl.seat, false);
}
@ -529,7 +529,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
bool mid_line = false;
while (bufchain_size(&s->banner) > 0) {
ptrlen data = bufchain_prefix(&s->banner);
seat_banner_pl(s->ppl.seat, data);
seat_banner_pl(ppl_get_iseat(&s->ppl), data);
mid_line =
(((const char *)data.ptr)[data.len-1] != '\n');
bufchain_consume(&s->banner, data.len);
@ -537,11 +537,12 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
bufchain_clear(&s->banner);
if (mid_line)
seat_banner_pl(s->ppl.seat, PTRLEN_LITERAL("\r\n"));
seat_banner_pl(ppl_get_iseat(&s->ppl),
PTRLEN_LITERAL("\r\n"));
if (s->banner_scc) {
seat_set_trust_status(s->ppl.seat, true);
seat_antispoof_msg(s->ppl.seat,
seat_antispoof_msg(ppl_get_iseat(&s->ppl),
"End of banner message from server");
}
}
@ -912,11 +913,11 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
s->publickey_comment),
false);
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
}
if (!s->userpass_ret) {
/* Failed to get a passphrase. Terminate. */
@ -1343,8 +1344,8 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
if (!s->ki_printed_header && s->ki_scc &&
(s->num_prompts || name.len || inst.len)) {
seat_antispoof_msg(
s->ppl.seat, "Keyboard-interactive authentication "
"prompts from server:");
ppl_get_iseat(&s->ppl), "Keyboard-interactive "
"authentication prompts from server:");
s->ki_printed_header = true;
seat_set_trust_status(s->ppl.seat, false);
}
@ -1391,11 +1392,11 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
* user's response(s).
*/
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
}
if (!s->userpass_ret) {
/*
@ -1446,7 +1447,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
if (s->ki_printed_header) {
seat_set_trust_status(s->ppl.seat, true);
seat_antispoof_msg(
s->ppl.seat,
ppl_get_iseat(&s->ppl),
"End of keyboard-interactive prompts from server");
}
@ -1473,11 +1474,11 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
false);
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
}
if (!s->userpass_ret) {
/*
@ -1585,11 +1586,11 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
*/
while (!got_new) {
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
while (s->userpass_ret < 0) {
crReturnV;
s->userpass_ret = seat_get_userpass_input(
s->ppl.seat, s->cur_prompt);
ppl_get_iseat(&s->ppl), s->cur_prompt);
}
if (!s->userpass_ret) {
/*