[u/mdw/putty] / unix / uxcons.c

/*
 * uxcons.c: various interactive-prompt routines shared between the
 * Unix console PuTTY tools
 */

#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <assert.h>
#include <termios.h>
#include <unistd.h>

#include "putty.h"
#include "storage.h"
#include "ssh.h"

int console_batch_mode = FALSE;

static void *console_logctx = NULL;

/*
 * Clean up and exit.
 */
void cleanup_exit(int code)
{
    /*
     * Clean up.
     */
    sk_cleanup();
    random_save_seed();
    exit(code);
}

void update_specials_menu(void *frontend)
{
}

void verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
			 char *keystr, char *fingerprint)
{
    int ret;

    static const char absentmsg_batch[] =
	"The server's host key is not cached. You have no guarantee\n"
	"that the server is the computer you think it is.\n"
	"The server's %s key fingerprint is:\n"
	"%s\n"
	"Connection abandoned.\n";
    static const char absentmsg[] =
	"The server's host key is not cached. You have no guarantee\n"
	"that the server is the computer you think it is.\n"
	"The server's %s key fingerprint is:\n"
	"%s\n"
	"If you trust this host, enter \"y\" to add the key to\n"
	"PuTTY's cache and carry on connecting.\n"
	"If you want to carry on connecting just once, without\n"
	"adding the key to the cache, enter \"n\".\n"
	"If you do not trust this host, press Return to abandon the\n"
	"connection.\n"
	"Store key in cache? (y/n) ";

    static const char wrongmsg_batch[] =
	"WARNING - POTENTIAL SECURITY BREACH!\n"
	"The server's host key does not match the one PuTTY has\n"
	"cached. This means that either the server administrator\n"
	"has changed the host key, or you have actually connected\n"
	"to another computer pretending to be the server.\n"
	"The new %s key fingerprint is:\n"
	"%s\n"
	"Connection abandoned.\n";
    static const char wrongmsg[] =
	"WARNING - POTENTIAL SECURITY BREACH!\n"
	"The server's host key does not match the one PuTTY has\n"
	"cached. This means that either the server administrator\n"
	"has changed the host key, or you have actually connected\n"
	"to another computer pretending to be the server.\n"
	"The new %s key fingerprint is:\n"
	"%s\n"
	"If you were expecting this change and trust the new key,\n"
	"enter \"y\" to update PuTTY's cache and continue connecting.\n"
	"If you want to carry on connecting but without updating\n"
	"the cache, enter \"n\".\n"
	"If you want to abandon the connection completely, press\n"
	"Return to cancel. Pressing Return is the ONLY guaranteed\n"
	"safe choice.\n"
	"Update cached key? (y/n, Return cancels connection) ";

    static const char abandoned[] = "Connection abandoned.\n";

    char line[32];

    /*
     * Verify the key.
     */
    ret = verify_host_key(host, port, keytype, keystr);

    if (ret == 0)		       /* success - key matched OK */
	return;

    if (ret == 2) {		       /* key was different */
	if (console_batch_mode) {
	    fprintf(stderr, wrongmsg_batch, keytype, fingerprint);
	    cleanup_exit(1);
	}
	fprintf(stderr, wrongmsg, keytype, fingerprint);
	fflush(stderr);
    }
    if (ret == 1) {		       /* key was absent */
	if (console_batch_mode) {
	    fprintf(stderr, absentmsg_batch, keytype, fingerprint);
	    cleanup_exit(1);
	}
	fprintf(stderr, absentmsg, keytype, fingerprint);
	fflush(stderr);
    }

    {
	struct termios oldmode, newmode;
	tcgetattr(0, &oldmode);
	newmode = oldmode;
	newmode.c_lflag |= ECHO | ISIG | ICANON;
	tcsetattr(0, TCSANOW, &newmode);
	line[0] = '\0';
	read(0, line, sizeof(line) - 1);
	tcsetattr(0, TCSANOW, &oldmode);
    }

    if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
	if (line[0] == 'y' || line[0] == 'Y')
	    store_host_key(host, port, keytype, keystr);
    } else {
	fprintf(stderr, abandoned);
	cleanup_exit(0);
    }
}

/*
 * Ask whether the selected cipher is acceptable (since it was
 * below the configured 'warn' threshold).
 * cs: 0 = both ways, 1 = client->server, 2 = server->client
 */
void askcipher(void *frontend, char *ciphername, int cs)
{
    static const char msg[] =
	"The first %scipher supported by the server is\n"
	"%s, which is below the configured warning threshold.\n"
	"Continue with connection? (y/n) ";
    static const char msg_batch[] =
	"The first %scipher supported by the server is\n"
	"%s, which is below the configured warning threshold.\n"
	"Connection abandoned.\n";
    static const char abandoned[] = "Connection abandoned.\n";

    char line[32];

    if (console_batch_mode) {
	fprintf(stderr, msg_batch,
		(cs == 0) ? "" :
		(cs == 1) ? "client-to-server " : "server-to-client ",
		ciphername);
	cleanup_exit(1);
    }

    fprintf(stderr, msg,
	    (cs == 0) ? "" :
	    (cs == 1) ? "client-to-server " : "server-to-client ",
	    ciphername);
    fflush(stderr);

    {
	struct termios oldmode, newmode;
	tcgetattr(0, &oldmode);
	newmode = oldmode;
	newmode.c_lflag |= ECHO | ISIG | ICANON;
	tcsetattr(0, TCSANOW, &newmode);
	line[0] = '\0';
	read(0, line, sizeof(line) - 1);
	tcsetattr(0, TCSANOW, &oldmode);
    }

    if (line[0] == 'y' || line[0] == 'Y') {
	return;
    } else {
	fprintf(stderr, abandoned);
	cleanup_exit(0);
    }
}

/*
 * Ask whether to wipe a session log file before writing to it.
 * Returns 2 for wipe, 1 for append, 0 for cancel (don't log).
 */
int askappend(void *frontend, Filename filename)
{
    static const char msgtemplate[] =
	"The session log file \"%.*s\" already exists.\n"
	"You can overwrite it with a new session log,\n"
	"append your session log to the end of it,\n"
	"or disable session logging for this session.\n"
	"Enter \"y\" to wipe the file, \"n\" to append to it,\n"
	"or just press Return to disable logging.\n"
	"Wipe the log file? (y/n, Return cancels logging) ";

    static const char msgtemplate_batch[] =
	"The session log file \"%.*s\" already exists.\n"
	"Logging will not be enabled.\n";

    char line[32];

    if (console_batch_mode) {
	fprintf(stderr, msgtemplate_batch, FILENAME_MAX, filename.path);
	fflush(stderr);
	return 0;
    }
    fprintf(stderr, msgtemplate, FILENAME_MAX, filename.path);
    fflush(stderr);

    {
	struct termios oldmode, newmode;
	tcgetattr(0, &oldmode);
	newmode = oldmode;
	newmode.c_lflag |= ECHO | ISIG | ICANON;
	tcsetattr(0, TCSANOW, &newmode);
	line[0] = '\0';
	read(0, line, sizeof(line) - 1);
	tcsetattr(0, TCSANOW, &oldmode);
    }

    if (line[0] == 'y' || line[0] == 'Y')
	return 2;
    else if (line[0] == 'n' || line[0] == 'N')
	return 1;
    else
	return 0;
}

/*
 * Warn about the obsolescent key file format.
 * 
 * Uniquely among these functions, this one does _not_ expect a
 * frontend handle. This means that if PuTTY is ported to a
 * platform which requires frontend handles, this function will be
 * an anomaly. Fortunately, the problem it addresses will not have
 * been present on that platform, so it can plausibly be
 * implemented as an empty function.
 */
void old_keyfile_warning(void)
{
    static const char message[] =
	"You are loading an SSH 2 private key which has an\n"
	"old version of the file format. This means your key\n"
	"file is not fully tamperproof. Future versions of\n"
	"PuTTY may stop supporting this private key format,\n"
	"so we recommend you convert your key to the new\n"
	"format.\n"
	"\n"
	"Once the key is loaded into PuTTYgen, you can perform\n"
	"this conversion simply by saving it again.\n";

    fputs(message, stderr);
}

void console_provide_logctx(void *logctx)
{
    console_logctx = logctx;
}

void logevent(void *frontend, const char *string)
{
    if (console_logctx)
	log_eventlog(console_logctx, string);
}

int console_get_line(const char *prompt, char *str,
		     int maxlen, int is_pw)
{
    struct termios oldmode, newmode;
    int i;

    if (console_batch_mode) {
	if (maxlen > 0)
	    str[0] = '\0';
    } else {
	tcgetattr(0, &oldmode);
	newmode = oldmode;
	newmode.c_lflag |= ISIG | ICANON;
	if (is_pw)
	    newmode.c_lflag &= ~ECHO;
	else
	    newmode.c_lflag |= ECHO;
	tcsetattr(0, TCSANOW, &newmode);

	fputs(prompt, stdout);
	fflush(stdout);
	i = read(0, str, maxlen - 1);

	tcsetattr(0, TCSANOW, &oldmode);

	if (i > 0 && str[i-1] == '\n')
	    i--;
	str[i] = '\0';

	if (is_pw)
	    fputs("\n", stdout);
    }
    return 1;
}

void frontend_keypress(void *handle)
{
    /*
     * This is nothing but a stub, in console code.
     */
    return;
}

int is_interactive(void)
{
    return isatty(0);
}
Commit	Line	Data
c5e438ec	1	/*
	2	* uxcons.c: various interactive-prompt routines shared between the
	3	* Unix console PuTTY tools
	4	*/
	5
	6	#include <stdio.h>
	7	#include <stdlib.h>
	8	#include <stdarg.h>
	9	#include <assert.h>
	10	#include <termios.h>
	11	#include <unistd.h>
	12
	13	#include "putty.h"
	14	#include "storage.h"
	15	#include "ssh.h"
	16
	17	int console_batch_mode = FALSE;
	18
b51259f6	19	static void *console_logctx = NULL;
b51259f6	20
c5e438ec	21	/*
	22	* Clean up and exit.
	23	*/
	24	void cleanup_exit(int code)
	25	{
	26	/*
	27	* Clean up.
	28	*/
	29	sk_cleanup();
e85da6a5	30	random_save_seed();
c5e438ec	31	exit(code);
	32	}
	33
125105d1	34	void update_specials_menu(void *frontend)
	35	{
	36	}
	37
c5e438ec	38	void verify_ssh_host_key(void frontend, char host, int port, char *keytype,
	39	char keystr, char fingerprint)
	40	{
	41	int ret;
	42
	43	static const char absentmsg_batch[] =
	44	"The server's host key is not cached. You have no guarantee\n"
	45	"that the server is the computer you think it is.\n"
65f66c88	46	"The server's %s key fingerprint is:\n"
c5e438ec	47	"%s\n"
	48	"Connection abandoned.\n";
	49	static const char absentmsg[] =
	50	"The server's host key is not cached. You have no guarantee\n"
	51	"that the server is the computer you think it is.\n"
65f66c88	52	"The server's %s key fingerprint is:\n"
c5e438ec	53	"%s\n"
	54	"If you trust this host, enter \"y\" to add the key to\n"
	55	"PuTTY's cache and carry on connecting.\n"
	56	"If you want to carry on connecting just once, without\n"
	57	"adding the key to the cache, enter \"n\".\n"
	58	"If you do not trust this host, press Return to abandon the\n"
	59	"connection.\n"
	60	"Store key in cache? (y/n) ";
	61
	62	static const char wrongmsg_batch[] =
	63	"WARNING - POTENTIAL SECURITY BREACH!\n"
	64	"The server's host key does not match the one PuTTY has\n"
	65	"cached. This means that either the server administrator\n"
	66	"has changed the host key, or you have actually connected\n"
	67	"to another computer pretending to be the server.\n"
65f66c88	68	"The new %s key fingerprint is:\n"
c5e438ec	69	"%s\n"
	70	"Connection abandoned.\n";
	71	static const char wrongmsg[] =
	72	"WARNING - POTENTIAL SECURITY BREACH!\n"
	73	"The server's host key does not match the one PuTTY has\n"
	74	"cached. This means that either the server administrator\n"
	75	"has changed the host key, or you have actually connected\n"
	76	"to another computer pretending to be the server.\n"
65f66c88	77	"The new %s key fingerprint is:\n"
c5e438ec	78	"%s\n"
	79	"If you were expecting this change and trust the new key,\n"
	80	"enter \"y\" to update PuTTY's cache and continue connecting.\n"
	81	"If you want to carry on connecting but without updating\n"
	82	"the cache, enter \"n\".\n"
	83	"If you want to abandon the connection completely, press\n"
	84	"Return to cancel. Pressing Return is the ONLY guaranteed\n"
	85	"safe choice.\n"
	86	"Update cached key? (y/n, Return cancels connection) ";
	87
	88	static const char abandoned[] = "Connection abandoned.\n";
	89
	90	char line[32];
	91
	92	/*
	93	* Verify the key.
	94	*/
	95	ret = verify_host_key(host, port, keytype, keystr);
	96
	97	if (ret == 0) /* success - key matched OK */
	98	return;
	99
	100	if (ret == 2) { /* key was different */
	101	if (console_batch_mode) {
65f66c88	102	fprintf(stderr, wrongmsg_batch, keytype, fingerprint);
c5e438ec	103	cleanup_exit(1);
c5e438ec	104	}
65f66c88	105	fprintf(stderr, wrongmsg, keytype, fingerprint);
c5e438ec	106	fflush(stderr);
	107	}
	108	if (ret == 1) { /* key was absent */
	109	if (console_batch_mode) {
65f66c88	110	fprintf(stderr, absentmsg_batch, keytype, fingerprint);
c5e438ec	111	cleanup_exit(1);
c5e438ec	112	}
65f66c88	113	fprintf(stderr, absentmsg, keytype, fingerprint);
c5e438ec	114	fflush(stderr);
	115	}
	116
	117	{
	118	struct termios oldmode, newmode;
	119	tcgetattr(0, &oldmode);
	120	newmode = oldmode;
	121	newmode.c_lflag \|= ECHO \| ISIG \| ICANON;
	122	tcsetattr(0, TCSANOW, &newmode);
	123	line[0] = '\0';
	124	read(0, line, sizeof(line) - 1);
	125	tcsetattr(0, TCSANOW, &oldmode);
	126	}
	127
	128	if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
	129	if (line[0] == 'y' \|\| line[0] == 'Y')
	130	store_host_key(host, port, keytype, keystr);
	131	} else {
	132	fprintf(stderr, abandoned);
	133	cleanup_exit(0);
	134	}
	135	}
	136
	137	/*
	138	* Ask whether the selected cipher is acceptable (since it was
	139	* below the configured 'warn' threshold).
	140	* cs: 0 = both ways, 1 = client->server, 2 = server->client
	141	*/
	142	void askcipher(void frontend, char ciphername, int cs)
	143	{
	144	static const char msg[] =
	145	"The first %scipher supported by the server is\n"
	146	"%s, which is below the configured warning threshold.\n"
	147	"Continue with connection? (y/n) ";
	148	static const char msg_batch[] =
	149	"The first %scipher supported by the server is\n"
	150	"%s, which is below the configured warning threshold.\n"
	151	"Connection abandoned.\n";
	152	static const char abandoned[] = "Connection abandoned.\n";
	153
	154	char line[32];
	155
	156	if (console_batch_mode) {
	157	fprintf(stderr, msg_batch,
	158	(cs == 0) ? "" :
	159	(cs == 1) ? "client-to-server " : "server-to-client ",
	160	ciphername);
	161	cleanup_exit(1);
	162	}
	163
	164	fprintf(stderr, msg,
	165	(cs == 0) ? "" :
	166	(cs == 1) ? "client-to-server " : "server-to-client ",
	167	ciphername);
	168	fflush(stderr);
	169
	170	{
	171	struct termios oldmode, newmode;
	172	tcgetattr(0, &oldmode);
	173	newmode = oldmode;
	174	newmode.c_lflag \|= ECHO \| ISIG \| ICANON;
	175	tcsetattr(0, TCSANOW, &newmode);
	176	line[0] = '\0';
	177	read(0, line, sizeof(line) - 1);
178	tcsetattr(0, TCSANOW, &oldmode);
179	}
180
181	if (line[0] == 'y' \|\| line[0] == 'Y') {
182	return;
183	} else {
184	fprintf(stderr, abandoned);
185	cleanup_exit(0);
186	}
187	}
188
189	/*
190	* Ask whether to wipe a session log file before writing to it.
191	* Returns 2 for wipe, 1 for append, 0 for cancel (don't log).
192	*/
9a30e26b	193	int askappend(void *frontend, Filename filename)
c5e438ec	194	{
	195	static const char msgtemplate[] =
	196	"The session log file \"%.*s\" already exists.\n"
	197	"You can overwrite it with a new session log,\n"
	198	"append your session log to the end of it,\n"
	199	"or disable session logging for this session.\n"
	200	"Enter \"y\" to wipe the file, \"n\" to append to it,\n"
	201	"or just press Return to disable logging.\n"
	202	"Wipe the log file? (y/n, Return cancels logging) ";
	203
	204	static const char msgtemplate_batch[] =
	205	"The session log file \"%.*s\" already exists.\n"
	206	"Logging will not be enabled.\n";
	207
	208	char line[32];
	209
c5e438ec	210	if (console_batch_mode) {
9a30e26b	211	fprintf(stderr, msgtemplate_batch, FILENAME_MAX, filename.path);
c5e438ec	212	fflush(stderr);
	213	return 0;
	214	}
9a30e26b	215	fprintf(stderr, msgtemplate, FILENAME_MAX, filename.path);
c5e438ec	216	fflush(stderr);
	217
	218	{
	219	struct termios oldmode, newmode;
	220	tcgetattr(0, &oldmode);
	221	newmode = oldmode;
	222	newmode.c_lflag \|= ECHO \| ISIG \| ICANON;
	223	tcsetattr(0, TCSANOW, &newmode);
	224	line[0] = '\0';
	225	read(0, line, sizeof(line) - 1);
	226	tcsetattr(0, TCSANOW, &oldmode);
	227	}
	228
	229	if (line[0] == 'y' \|\| line[0] == 'Y')
	230	return 2;
	231	else if (line[0] == 'n' \|\| line[0] == 'N')
	232	return 1;
	233	else
	234	return 0;
	235	}
	236
	237	/*
	238	* Warn about the obsolescent key file format.
	239	*
	240	* Uniquely among these functions, this one does _not_ expect a
	241	* frontend handle. This means that if PuTTY is ported to a
	242	* platform which requires frontend handles, this function will be
	243	* an anomaly. Fortunately, the problem it addresses will not have
	244	* been present on that platform, so it can plausibly be
	245	* implemented as an empty function.
	246	*/
	247	void old_keyfile_warning(void)
	248	{
	249	static const char message[] =
	250	"You are loading an SSH 2 private key which has an\n"
	251	"old version of the file format. This means your key\n"
	252	"file is not fully tamperproof. Future versions of\n"
	253	"PuTTY may stop supporting this private key format,\n"
	254	"so we recommend you convert your key to the new\n"
	255	"format.\n"
	256	"\n"
	257	"Once the key is loaded into PuTTYgen, you can perform\n"
	258	"this conversion simply by saving it again.\n";
	259
	260	fputs(message, stderr);
	261	}
	262
b51259f6	263	void console_provide_logctx(void *logctx)
	264	{
	265	console_logctx = logctx;
	266	}
	267
cbe2d68f	268	void logevent(void frontend, const char string)
c5e438ec	269	{
b51259f6	270	if (console_logctx)
b51259f6	271	log_eventlog(console_logctx, string);
c5e438ec	272	}
	273
	274	int console_get_line(const char prompt, char str,
	275	int maxlen, int is_pw)
	276	{
	277	struct termios oldmode, newmode;
	278	int i;
	279
	280	if (console_batch_mode) {
	281	if (maxlen > 0)
	282	str[0] = '\0';
	283	} else {
	284	tcgetattr(0, &oldmode);
	285	newmode = oldmode;
	286	newmode.c_lflag \|= ISIG \| ICANON;
	287	if (is_pw)
	288	newmode.c_lflag &= ~ECHO;
	289	else
	290	newmode.c_lflag \|= ECHO;
	291	tcsetattr(0, TCSANOW, &newmode);
	292
	293	fputs(prompt, stdout);
	294	fflush(stdout);
	295	i = read(0, str, maxlen - 1);
	296
	297	tcsetattr(0, TCSANOW, &oldmode);
	298
	299	if (i > 0 && str[i-1] == '\n')
	300	i--;
	301	str[i] = '\0';
	302
	303	if (is_pw)
8d69b472	304	fputs("\n", stdout);
c5e438ec	305	}
	306	return 1;
	307	}
	308
	309	void frontend_keypress(void *handle)
	310	{
	311	/*
	312	* This is nothing but a stub, in console code.
	313	*/
	314	return;
	315	}
47a6b94c	316
	317	int is_interactive(void)
	318	{
	319	return isatty(0);
	320	}