[u/mdw/putty] / console.c

/*
 * console.c: various interactive-prompt routines shared between
 * the console PuTTY tools
 */

#include <windows.h>

#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>

#include "putty.h"
#include "storage.h"
#include "ssh.h"

int console_batch_mode = FALSE;

/*
 * Clean up and exit.
 */
void cleanup_exit(int code)
{
    /*
     * Clean up.
     */
    sk_cleanup();
    WSACleanup();

    random_save_seed();
#ifdef MSCRYPTOAPI
    crypto_wrapup();
#endif

    exit(code);
}

void verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
			 char *keystr, char *fingerprint)
{
    int ret;
    HANDLE hin;
    DWORD savemode, i;

    static const char absentmsg_batch[] =
	"The server's host key is not cached in the registry. You\n"
	"have no guarantee that the server is the computer you\n"
	"think it is.\n"
	"The server's key fingerprint is:\n"
	"%s\n"
	"Connection abandoned.\n";
    static const char absentmsg[] =
	"The server's host key is not cached in the registry. You\n"
	"have no guarantee that the server is the computer you\n"
	"think it is.\n"
	"The server's key fingerprint is:\n"
	"%s\n"
	"If you trust this host, enter \"y\" to add the key to\n"
	"PuTTY's cache and carry on connecting.\n"
	"If you want to carry on connecting just once, without\n"
	"adding the key to the cache, enter \"n\".\n"
	"If you do not trust this host, press Return to abandon the\n"
	"connection.\n"
	"Store key in cache? (y/n) ";

    static const char wrongmsg_batch[] =
	"WARNING - POTENTIAL SECURITY BREACH!\n"
	"The server's host key does not match the one PuTTY has\n"
	"cached in the registry. This means that either the\n"
	"server administrator has changed the host key, or you\n"
	"have actually connected to another computer pretending\n"
	"to be the server.\n"
	"The new key fingerprint is:\n"
	"%s\n"
	"Connection abandoned.\n";
    static const char wrongmsg[] =
	"WARNING - POTENTIAL SECURITY BREACH!\n"
	"The server's host key does not match the one PuTTY has\n"
	"cached in the registry. This means that either the\n"
	"server administrator has changed the host key, or you\n"
	"have actually connected to another computer pretending\n"
	"to be the server.\n"
	"The new key fingerprint is:\n"
	"%s\n"
	"If you were expecting this change and trust the new key,\n"
	"enter \"y\" to update PuTTY's cache and continue connecting.\n"
	"If you want to carry on connecting but without updating\n"
	"the cache, enter \"n\".\n"
	"If you want to abandon the connection completely, press\n"
	"Return to cancel. Pressing Return is the ONLY guaranteed\n"
	"safe choice.\n"
	"Update cached key? (y/n, Return cancels connection) ";

    static const char abandoned[] = "Connection abandoned.\n";

    char line[32];

    /*
     * Verify the key against the registry.
     */
    ret = verify_host_key(host, port, keytype, keystr);

    if (ret == 0)		       /* success - key matched OK */
	return;

    if (ret == 2) {		       /* key was different */
	if (console_batch_mode) {
	    fprintf(stderr, wrongmsg_batch, fingerprint);
	    cleanup_exit(1);
	}
	fprintf(stderr, wrongmsg, fingerprint);
	fflush(stderr);
    }
    if (ret == 1) {		       /* key was absent */
	if (console_batch_mode) {
	    fprintf(stderr, absentmsg_batch, fingerprint);
	    cleanup_exit(1);
	}
	fprintf(stderr, absentmsg, fingerprint);
	fflush(stderr);
    }

    hin = GetStdHandle(STD_INPUT_HANDLE);
    GetConsoleMode(hin, &savemode);
    SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
			 ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
    ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
    SetConsoleMode(hin, savemode);

    if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
	if (line[0] == 'y' || line[0] == 'Y')
	    store_host_key(host, port, keytype, keystr);
    } else {
	fprintf(stderr, abandoned);
	cleanup_exit(0);
    }
}

/*
 * Ask whether the selected cipher is acceptable (since it was
 * below the configured 'warn' threshold).
 * cs: 0 = both ways, 1 = client->server, 2 = server->client
 */
void askcipher(void *frontend, char *ciphername, int cs)
{
    HANDLE hin;
    DWORD savemode, i;

    static const char msg[] =
	"The first %scipher supported by the server is\n"
	"%s, which is below the configured warning threshold.\n"
	"Continue with connection? (y/n) ";
    static const char msg_batch[] =
	"The first %scipher supported by the server is\n"
	"%s, which is below the configured warning threshold.\n"
	"Connection abandoned.\n";
    static const char abandoned[] = "Connection abandoned.\n";

    char line[32];

    if (console_batch_mode) {
	fprintf(stderr, msg_batch,
		(cs == 0) ? "" :
		(cs == 1) ? "client-to-server " : "server-to-client ",
		ciphername);
	cleanup_exit(1);
    }

    fprintf(stderr, msg,
	    (cs == 0) ? "" :
	    (cs == 1) ? "client-to-server " : "server-to-client ",
	    ciphername);
    fflush(stderr);

    hin = GetStdHandle(STD_INPUT_HANDLE);
    GetConsoleMode(hin, &savemode);
    SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
			 ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
    ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
    SetConsoleMode(hin, savemode);

    if (line[0] == 'y' || line[0] == 'Y') {
	return;
    } else {
	fprintf(stderr, abandoned);
	cleanup_exit(0);
    }
}

/*
 * Ask whether to wipe a session log file before writing to it.
 * Returns 2 for wipe, 1 for append, 0 for cancel (don't log).
 */
int askappend(void *frontend, char *filename)
{
    HANDLE hin;
    DWORD savemode, i;

    static const char msgtemplate[] =
	"The session log file \"%.*s\" already exists.\n"
	"You can overwrite it with a new session log,\n"
	"append your session log to the end of it,\n"
	"or disable session logging for this session.\n"
	"Enter \"y\" to wipe the file, \"n\" to append to it,\n"
	"or just press Return to disable logging.\n"
	"Wipe the log file? (y/n, Return cancels logging) ";

    static const char msgtemplate_batch[] =
	"The session log file \"%.*s\" already exists.\n"
	"Logging will not be enabled.\n";

    char line[32];

    if (console_batch_mode) {
	fprintf(stderr, msgtemplate_batch, FILENAME_MAX, filename);
	fflush(stderr);
	return 0;
    }
    fprintf(stderr, msgtemplate, FILENAME_MAX, filename);
    fflush(stderr);

    hin = GetStdHandle(STD_INPUT_HANDLE);
    GetConsoleMode(hin, &savemode);
    SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
			 ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
    ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
    SetConsoleMode(hin, savemode);

    if (line[0] == 'y' || line[0] == 'Y')
	return 2;
    else if (line[0] == 'n' || line[0] == 'N')
	return 1;
    else
	return 0;
}

/*
 * Warn about the obsolescent key file format.
 * 
 * Uniquely among these functions, this one does _not_ expect a
 * frontend handle. This means that if PuTTY is ported to a
 * platform which requires frontend handles, this function will be
 * an anomaly. Fortunately, the problem it addresses will not have
 * been present on that platform, so it can plausibly be
 * implemented as an empty function.
 */
void old_keyfile_warning(void)
{
    static const char message[] =
	"You are loading an SSH 2 private key which has an\n"
	"old version of the file format. This means your key\n"
	"file is not fully tamperproof. Future versions of\n"
	"PuTTY may stop supporting this private key format,\n"
	"so we recommend you convert your key to the new\n"
	"format.\n"
	"\n"
	"Once the key is loaded into PuTTYgen, you can perform\n"
	"this conversion simply by saving it again.\n";

    fputs(message, stderr);
}

void logevent(void *frontend, char *string)
{
}

int console_get_line(const char *prompt, char *str,
			    int maxlen, int is_pw)
{
    HANDLE hin, hout;
    DWORD savemode, newmode, i;

    if (console_batch_mode) {
	if (maxlen > 0)
	    str[0] = '\0';
    } else {
	hin = GetStdHandle(STD_INPUT_HANDLE);
	hout = GetStdHandle(STD_OUTPUT_HANDLE);
	if (hin == INVALID_HANDLE_VALUE || hout == INVALID_HANDLE_VALUE) {
	    fprintf(stderr, "Cannot get standard input/output handles\n");
	    cleanup_exit(1);
	}

	GetConsoleMode(hin, &savemode);
	newmode = savemode | ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT;
	if (is_pw)
	    newmode &= ~ENABLE_ECHO_INPUT;
	else
	    newmode |= ENABLE_ECHO_INPUT;
	SetConsoleMode(hin, newmode);

	WriteFile(hout, prompt, strlen(prompt), &i, NULL);
	ReadFile(hin, str, maxlen - 1, &i, NULL);

	SetConsoleMode(hin, savemode);

	if ((int) i > maxlen)
	    i = maxlen - 1;
	else
	    i = i - 2;
	str[i] = '\0';

	if (is_pw)
	    WriteFile(hout, "\r\n", 2, &i, NULL);

    }
    return 1;
}

void frontend_keypress(void *handle)
{
    /*
     * This is nothing but a stub, in console code.
     */
    return;
}
Commit	Line	Data
ff2ae367	1	/*
	2	* console.c: various interactive-prompt routines shared between
	3	* the console PuTTY tools
	4	*/
	5
	6	#include <windows.h>
	7
	8	#include <stdio.h>
	9	#include <stdlib.h>
	10	#include <stdarg.h>
	11
	12	#include "putty.h"
	13	#include "storage.h"
	14	#include "ssh.h"
	15
	16	int console_batch_mode = FALSE;
	17
93b581bd	18	/*
	19	* Clean up and exit.
	20	*/
	21	void cleanup_exit(int code)
	22	{
	23	/*
	24	* Clean up.
	25	*/
	26	sk_cleanup();
	27	WSACleanup();
	28
bf61b566	29	random_save_seed();
93b581bd	30	#ifdef MSCRYPTOAPI
bf61b566	31	crypto_wrapup();
93b581bd	32	#endif
93b581bd	33
	34	exit(code);
	35	}
	36
a8327734	37	void verify_ssh_host_key(void frontend, char host, int port, char *keytype,
ff2ae367	38	char keystr, char fingerprint)
	39	{
	40	int ret;
	41	HANDLE hin;
	42	DWORD savemode, i;
	43
	44	static const char absentmsg_batch[] =
	45	"The server's host key is not cached in the registry. You\n"
	46	"have no guarantee that the server is the computer you\n"
	47	"think it is.\n"
	48	"The server's key fingerprint is:\n"
	49	"%s\n"
	50	"Connection abandoned.\n";
	51	static const char absentmsg[] =
	52	"The server's host key is not cached in the registry. You\n"
	53	"have no guarantee that the server is the computer you\n"
	54	"think it is.\n"
	55	"The server's key fingerprint is:\n"
	56	"%s\n"
	57	"If you trust this host, enter \"y\" to add the key to\n"
	58	"PuTTY's cache and carry on connecting.\n"
	59	"If you want to carry on connecting just once, without\n"
	60	"adding the key to the cache, enter \"n\".\n"
	61	"If you do not trust this host, press Return to abandon the\n"
	62	"connection.\n"
	63	"Store key in cache? (y/n) ";
	64
	65	static const char wrongmsg_batch[] =
	66	"WARNING - POTENTIAL SECURITY BREACH!\n"
	67	"The server's host key does not match the one PuTTY has\n"
	68	"cached in the registry. This means that either the\n"
	69	"server administrator has changed the host key, or you\n"
	70	"have actually connected to another computer pretending\n"
	71	"to be the server.\n"
	72	"The new key fingerprint is:\n"
	73	"%s\n"
	74	"Connection abandoned.\n";
	75	static const char wrongmsg[] =
	76	"WARNING - POTENTIAL SECURITY BREACH!\n"
	77	"The server's host key does not match the one PuTTY has\n"
	78	"cached in the registry. This means that either the\n"
	79	"server administrator has changed the host key, or you\n"
	80	"have actually connected to another computer pretending\n"
	81	"to be the server.\n"
	82	"The new key fingerprint is:\n"
	83	"%s\n"
	84	"If you were expecting this change and trust the new key,\n"
	85	"enter \"y\" to update PuTTY's cache and continue connecting.\n"
	86	"If you want to carry on connecting but without updating\n"
	87	"the cache, enter \"n\".\n"
	88	"If you want to abandon the connection completely, press\n"
	89	"Return to cancel. Pressing Return is the ONLY guaranteed\n"
	90	"safe choice.\n"
	91	"Update cached key? (y/n, Return cancels connection) ";
	92
	93	static const char abandoned[] = "Connection abandoned.\n";
	94
	95	char line[32];
	96
	97	/*
	98	* Verify the key against the registry.
	99	*/
	100	ret = verify_host_key(host, port, keytype, keystr);
	101
102	if (ret == 0) /* success - key matched OK */
103	return;
104
105	if (ret == 2) { /* key was different */
106	if (console_batch_mode) {
107	fprintf(stderr, wrongmsg_batch, fingerprint);
93b581bd	108	cleanup_exit(1);
ff2ae367	109	}
	110	fprintf(stderr, wrongmsg, fingerprint);
	111	fflush(stderr);
	112	}
	113	if (ret == 1) { /* key was absent */
	114	if (console_batch_mode) {
	115	fprintf(stderr, absentmsg_batch, fingerprint);
93b581bd	116	cleanup_exit(1);
ff2ae367	117	}
	118	fprintf(stderr, absentmsg, fingerprint);
	119	fflush(stderr);
	120	}
	121
	122	hin = GetStdHandle(STD_INPUT_HANDLE);
	123	GetConsoleMode(hin, &savemode);
	124	SetConsoleMode(hin, (savemode \| ENABLE_ECHO_INPUT \|
	125	ENABLE_PROCESSED_INPUT \| ENABLE_LINE_INPUT));
	126	ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
	127	SetConsoleMode(hin, savemode);
	128
	129	if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
	130	if (line[0] == 'y' \|\| line[0] == 'Y')
	131	store_host_key(host, port, keytype, keystr);
	132	} else {
	133	fprintf(stderr, abandoned);
93b581bd	134	cleanup_exit(0);
ff2ae367	135	}
	136	}
	137
	138	/*
	139	* Ask whether the selected cipher is acceptable (since it was
	140	* below the configured 'warn' threshold).
	141	* cs: 0 = both ways, 1 = client->server, 2 = server->client
	142	*/
a8327734	143	void askcipher(void frontend, char ciphername, int cs)
ff2ae367	144	{
	145	HANDLE hin;
	146	DWORD savemode, i;
	147
	148	static const char msg[] =
	149	"The first %scipher supported by the server is\n"
	150	"%s, which is below the configured warning threshold.\n"
	151	"Continue with connection? (y/n) ";
	152	static const char msg_batch[] =
	153	"The first %scipher supported by the server is\n"
	154	"%s, which is below the configured warning threshold.\n"
	155	"Connection abandoned.\n";
	156	static const char abandoned[] = "Connection abandoned.\n";
	157
	158	char line[32];
	159
	160	if (console_batch_mode) {
	161	fprintf(stderr, msg_batch,
	162	(cs == 0) ? "" :
	163	(cs == 1) ? "client-to-server " : "server-to-client ",
	164	ciphername);
93b581bd	165	cleanup_exit(1);
ff2ae367	166	}
	167
	168	fprintf(stderr, msg,
	169	(cs == 0) ? "" :
	170	(cs == 1) ? "client-to-server " : "server-to-client ",
	171	ciphername);
	172	fflush(stderr);
	173
	174	hin = GetStdHandle(STD_INPUT_HANDLE);
	175	GetConsoleMode(hin, &savemode);
	176	SetConsoleMode(hin, (savemode \| ENABLE_ECHO_INPUT \|
	177	ENABLE_PROCESSED_INPUT \| ENABLE_LINE_INPUT));
	178	ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
	179	SetConsoleMode(hin, savemode);
	180
	181	if (line[0] == 'y' \|\| line[0] == 'Y') {
	182	return;
	183	} else {
	184	fprintf(stderr, abandoned);
93b581bd	185	cleanup_exit(0);
ff2ae367	186	}
	187	}
	188
	189	/*
	190	* Ask whether to wipe a session log file before writing to it.
	191	* Returns 2 for wipe, 1 for append, 0 for cancel (don't log).
	192	*/
a8327734	193	int askappend(void frontend, char filename)
ff2ae367	194	{
	195	HANDLE hin;
	196	DWORD savemode, i;
	197
	198	static const char msgtemplate[] =
	199	"The session log file \"%.*s\" already exists.\n"
	200	"You can overwrite it with a new session log,\n"
	201	"append your session log to the end of it,\n"
	202	"or disable session logging for this session.\n"
	203	"Enter \"y\" to wipe the file, \"n\" to append to it,\n"
	204	"or just press Return to disable logging.\n"
	205	"Wipe the log file? (y/n, Return cancels logging) ";
	206
	207	static const char msgtemplate_batch[] =
	208	"The session log file \"%.*s\" already exists.\n"
	209	"Logging will not be enabled.\n";
	210
	211	char line[32];
	212
	213	if (console_batch_mode) {
	214	fprintf(stderr, msgtemplate_batch, FILENAME_MAX, filename);
	215	fflush(stderr);
	216	return 0;
	217	}
	218	fprintf(stderr, msgtemplate, FILENAME_MAX, filename);
	219	fflush(stderr);
	220
	221	hin = GetStdHandle(STD_INPUT_HANDLE);
	222	GetConsoleMode(hin, &savemode);
	223	SetConsoleMode(hin, (savemode \| ENABLE_ECHO_INPUT \|
	224	ENABLE_PROCESSED_INPUT \| ENABLE_LINE_INPUT));
	225	ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
	226	SetConsoleMode(hin, savemode);
	227
	228	if (line[0] == 'y' \|\| line[0] == 'Y')
	229	return 2;
	230	else if (line[0] == 'n' \|\| line[0] == 'N')
	231	return 1;
	232	else
	233	return 0;
	234	}
	235
	236	/*
	237	* Warn about the obsolescent key file format.
a8327734	238	*
	239	* Uniquely among these functions, this one does _not_ expect a
	240	* frontend handle. This means that if PuTTY is ported to a
	241	* platform which requires frontend handles, this function will be
	242	* an anomaly. Fortunately, the problem it addresses will not have
	243	* been present on that platform, so it can plausibly be
	244	* implemented as an empty function.
ff2ae367	245	*/
	246	void old_keyfile_warning(void)
	247	{
	248	static const char message[] =
	249	"You are loading an SSH 2 private key which has an\n"
	250	"old version of the file format. This means your key\n"
	251	"file is not fully tamperproof. Future versions of\n"
	252	"PuTTY may stop supporting this private key format,\n"
	253	"so we recommend you convert your key to the new\n"
	254	"format.\n"
	255	"\n"
	256	"Once the key is loaded into PuTTYgen, you can perform\n"
	257	"this conversion simply by saving it again.\n";
	258
	259	fputs(message, stderr);
	260	}
	261
a8327734	262	void logevent(void frontend, char string)
ff2ae367	263	{
	264	}
	265
ff2ae367	266	int console_get_line(const char prompt, char str,
	267	int maxlen, int is_pw)
	268	{
	269	HANDLE hin, hout;
	270	DWORD savemode, newmode, i;
	271
ff2ae367	272	if (console_batch_mode) {
	273	if (maxlen > 0)
	274	str[0] = '\0';
	275	} else {
	276	hin = GetStdHandle(STD_INPUT_HANDLE);
	277	hout = GetStdHandle(STD_OUTPUT_HANDLE);
	278	if (hin == INVALID_HANDLE_VALUE \|\| hout == INVALID_HANDLE_VALUE) {
	279	fprintf(stderr, "Cannot get standard input/output handles\n");
93b581bd	280	cleanup_exit(1);
ff2ae367	281	}
	282
	283	GetConsoleMode(hin, &savemode);
	284	newmode = savemode \| ENABLE_PROCESSED_INPUT \| ENABLE_LINE_INPUT;
	285	if (is_pw)
	286	newmode &= ~ENABLE_ECHO_INPUT;
	287	else
	288	newmode \|= ENABLE_ECHO_INPUT;
	289	SetConsoleMode(hin, newmode);
	290
	291	WriteFile(hout, prompt, strlen(prompt), &i, NULL);
	292	ReadFile(hin, str, maxlen - 1, &i, NULL);
	293
	294	SetConsoleMode(hin, savemode);
	295
	296	if ((int) i > maxlen)
	297	i = maxlen - 1;
	298	else
	299	i = i - 2;
	300	str[i] = '\0';
	301
	302	if (is_pw)
	303	WriteFile(hout, "\r\n", 2, &i, NULL);
	304
	305	}
	306	return 1;
	307	}
f8255dce	308
b9d7bcad	309	void frontend_keypress(void *handle)
f8255dce	310	{
	311	/*
	312	* This is nothing but a stub, in console code.
	313	*/
	314	return;
	315	}