mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-08 08:58:00 +00:00
d1dc1e927c
Now that it's possible for a single invocation of PuTTY to connect to multiple SSH servers (jump host followed by ultimate destination host), it's rather unhelpful for host key prompts to just say "the server". To check an unknown host key, users will need to know _which_ host it's purporting to be the key for. Another possibility is to put a message in the terminal window indicating which server we're currently in the SSH setup phase for. That will certainly be what we have to end up doing for userpass prompts that appear _in_ the terminal window. But that by itself is still unhelpful for host key prompts in a separate dialog, because the user would have to check both windows to get all the information they need. Easier if the host key dialog itself tells you everything you need to know to answer the question: is _this_ key the one you expect for _that_ host?
128 lines
3.9 KiB
C
128 lines
3.9 KiB
C
/*
|
|
* Common pieces between the platform console frontend modules.
|
|
*/
|
|
|
|
#include <stdbool.h>
|
|
#include <stdarg.h>
|
|
|
|
#include "putty.h"
|
|
#include "misc.h"
|
|
#include "console.h"
|
|
|
|
char *hk_absentmsg_common(const char *host, int port,
|
|
const char *keytype, const char *fingerprint)
|
|
{
|
|
return dupprintf(
|
|
"The host key is not cached for this server:\n"
|
|
" %s (port %d)\n"
|
|
"You have no guarantee that the server is the computer\n"
|
|
"you think it is.\n"
|
|
"The server's %s key fingerprint is:\n"
|
|
" %s\n", host, port, keytype, fingerprint);
|
|
}
|
|
|
|
const char hk_absentmsg_interactive_intro[] =
|
|
"If you trust this host, enter \"y\" to add the key to\n"
|
|
"PuTTY's cache and carry on connecting.\n"
|
|
"If you want to carry on connecting just once, without\n"
|
|
"adding the key to the cache, enter \"n\".\n"
|
|
"If you do not trust this host, press Return to abandon the\n"
|
|
"connection.\n";
|
|
const char hk_absentmsg_interactive_prompt[] =
|
|
"Store key in cache? (y/n, Return cancels connection, "
|
|
"i for more info) ";
|
|
|
|
char *hk_wrongmsg_common(const char *host, int port,
|
|
const char *keytype, const char *fingerprint)
|
|
{
|
|
return dupprintf(
|
|
"WARNING - POTENTIAL SECURITY BREACH!\n"
|
|
"The host key does not match the one PuTTY has cached\n"
|
|
"for this server:\n"
|
|
" %s (port %d)\n"
|
|
"This means that either the server administrator has\n"
|
|
"changed the host key, or you have actually connected\n"
|
|
"to another computer pretending to be the server.\n"
|
|
"The new %s key fingerprint is:\n"
|
|
" %s\n", host, port, keytype, fingerprint);
|
|
}
|
|
|
|
const char hk_wrongmsg_interactive_intro[] =
|
|
"If you were expecting this change and trust the new key,\n"
|
|
"enter \"y\" to update PuTTY's cache and continue connecting.\n"
|
|
"If you want to carry on connecting but without updating\n"
|
|
"the cache, enter \"n\".\n"
|
|
"If you want to abandon the connection completely, press\n"
|
|
"Return to cancel. Pressing Return is the ONLY guaranteed\n"
|
|
"safe choice.\n";
|
|
const char hk_wrongmsg_interactive_prompt[] =
|
|
"Update cached key? (y/n, Return cancels connection, "
|
|
"i for more info) ";
|
|
|
|
const char weakcrypto_msg_common_fmt[] =
|
|
"The first %s supported by the server is\n"
|
|
"%s, which is below the configured warning threshold.\n";
|
|
|
|
const char weakhk_msg_common_fmt[] =
|
|
"The first host key type we have stored for this server\n"
|
|
"is %s, which is below the configured warning threshold.\n"
|
|
"The server also provides the following types of host key\n"
|
|
"above the threshold, which we do not have stored:\n"
|
|
"%s\n";
|
|
|
|
const char console_continue_prompt[] = "Continue with connection? (y/n) ";
|
|
const char console_abandoned_msg[] = "Connection abandoned.\n";
|
|
|
|
bool console_batch_mode = false;
|
|
|
|
/*
|
|
* Error message and/or fatal exit functions, all based on
|
|
* console_print_error_msg which the platform front end provides.
|
|
*/
|
|
void console_print_error_msg_fmt_v(
|
|
const char *prefix, const char *fmt, va_list ap)
|
|
{
|
|
char *msg = dupvprintf(fmt, ap);
|
|
console_print_error_msg(prefix, msg);
|
|
sfree(msg);
|
|
}
|
|
|
|
void console_print_error_msg_fmt(const char *prefix, const char *fmt, ...)
|
|
{
|
|
va_list ap;
|
|
va_start(ap, fmt);
|
|
console_print_error_msg_fmt_v(prefix, fmt, ap);
|
|
va_end(ap);
|
|
}
|
|
|
|
void modalfatalbox(const char *fmt, ...)
|
|
{
|
|
va_list ap;
|
|
va_start(ap, fmt);
|
|
console_print_error_msg_fmt_v("FATAL ERROR", fmt, ap);
|
|
va_end(ap);
|
|
cleanup_exit(1);
|
|
}
|
|
|
|
void nonfatal(const char *fmt, ...)
|
|
{
|
|
va_list ap;
|
|
va_start(ap, fmt);
|
|
console_print_error_msg_fmt_v("ERROR", fmt, ap);
|
|
va_end(ap);
|
|
}
|
|
|
|
void console_connection_fatal(Seat *seat, const char *msg)
|
|
{
|
|
console_print_error_msg("FATAL ERROR", msg);
|
|
cleanup_exit(1);
|
|
}
|
|
|
|
/*
|
|
* Console front ends redo their select() or equivalent every time, so
|
|
* they don't need separate timer handling.
|
|
*/
|
|
void timer_change_notify(unsigned long next)
|
|
{
|
|
}
|