[u/mdw/putty] / unix / uxcons.c

/*
 * uxcons.c: various interactive-prompt routines shared between the
 * Unix console PuTTY tools
 */

#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <assert.h>
#include <termios.h>
#include <unistd.h>

#include "putty.h"
#include "storage.h"
#include "ssh.h"

int console_batch_mode = FALSE;

/*
 * Clean up and exit.
 */
void cleanup_exit(int code)
{
    /*
     * Clean up.
     */
    sk_cleanup();

    if (cfg.protocol == PROT_SSH)
	random_save_seed();

    exit(code);
}

void verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
			 char *keystr, char *fingerprint)
{
    int ret;

    static const char absentmsg_batch[] =
	"The server's host key is not cached. You have no guarantee\n"
	"that the server is the computer you think it is.\n"
	"The server's key fingerprint is:\n"
	"%s\n"
	"Connection abandoned.\n";
    static const char absentmsg[] =
	"The server's host key is not cached. You have no guarantee\n"
	"that the server is the computer you think it is.\n"
	"The server's key fingerprint is:\n"
	"%s\n"
	"If you trust this host, enter \"y\" to add the key to\n"
	"PuTTY's cache and carry on connecting.\n"
	"If you want to carry on connecting just once, without\n"
	"adding the key to the cache, enter \"n\".\n"
	"If you do not trust this host, press Return to abandon the\n"
	"connection.\n"
	"Store key in cache? (y/n) ";

    static const char wrongmsg_batch[] =
	"WARNING - POTENTIAL SECURITY BREACH!\n"
	"The server's host key does not match the one PuTTY has\n"
	"cached. This means that either the server administrator\n"
	"has changed the host key, or you have actually connected\n"
	"to another computer pretending to be the server.\n"
	"The new key fingerprint is:\n"
	"%s\n"
	"Connection abandoned.\n";
    static const char wrongmsg[] =
	"WARNING - POTENTIAL SECURITY BREACH!\n"
	"The server's host key does not match the one PuTTY has\n"
	"cached. This means that either the server administrator\n"
	"has changed the host key, or you have actually connected\n"
	"to another computer pretending to be the server.\n"
	"The new key fingerprint is:\n"
	"%s\n"
	"If you were expecting this change and trust the new key,\n"
	"enter \"y\" to update PuTTY's cache and continue connecting.\n"
	"If you want to carry on connecting but without updating\n"
	"the cache, enter \"n\".\n"
	"If you want to abandon the connection completely, press\n"
	"Return to cancel. Pressing Return is the ONLY guaranteed\n"
	"safe choice.\n"
	"Update cached key? (y/n, Return cancels connection) ";

    static const char abandoned[] = "Connection abandoned.\n";

    char line[32];

    /*
     * Verify the key.
     */
    ret = verify_host_key(host, port, keytype, keystr);

    if (ret == 0)		       /* success - key matched OK */
	return;

    if (ret == 2) {		       /* key was different */
	if (console_batch_mode) {
	    fprintf(stderr, wrongmsg_batch, fingerprint);
	    cleanup_exit(1);
	}
	fprintf(stderr, wrongmsg, fingerprint);
	fflush(stderr);
    }
    if (ret == 1) {		       /* key was absent */
	if (console_batch_mode) {
	    fprintf(stderr, absentmsg_batch, fingerprint);
	    cleanup_exit(1);
	}
	fprintf(stderr, absentmsg, fingerprint);
	fflush(stderr);
    }

    {
	struct termios oldmode, newmode;
	tcgetattr(0, &oldmode);
	newmode = oldmode;
	newmode.c_lflag |= ECHO | ISIG | ICANON;
	tcsetattr(0, TCSANOW, &newmode);
	line[0] = '\0';
	read(0, line, sizeof(line) - 1);
	tcsetattr(0, TCSANOW, &oldmode);
    }

    if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
	if (line[0] == 'y' || line[0] == 'Y')
	    store_host_key(host, port, keytype, keystr);
    } else {
	fprintf(stderr, abandoned);
	cleanup_exit(0);
    }
}

/*
 * Ask whether the selected cipher is acceptable (since it was
 * below the configured 'warn' threshold).
 * cs: 0 = both ways, 1 = client->server, 2 = server->client
 */
void askcipher(void *frontend, char *ciphername, int cs)
{
    static const char msg[] =
	"The first %scipher supported by the server is\n"
	"%s, which is below the configured warning threshold.\n"
	"Continue with connection? (y/n) ";
    static const char msg_batch[] =
	"The first %scipher supported by the server is\n"
	"%s, which is below the configured warning threshold.\n"
	"Connection abandoned.\n";
    static const char abandoned[] = "Connection abandoned.\n";

    char line[32];

    if (console_batch_mode) {
	fprintf(stderr, msg_batch,
		(cs == 0) ? "" :
		(cs == 1) ? "client-to-server " : "server-to-client ",
		ciphername);
	cleanup_exit(1);
    }

    fprintf(stderr, msg,
	    (cs == 0) ? "" :
	    (cs == 1) ? "client-to-server " : "server-to-client ",
	    ciphername);
    fflush(stderr);

    {
	struct termios oldmode, newmode;
	tcgetattr(0, &oldmode);
	newmode = oldmode;
	newmode.c_lflag |= ECHO | ISIG | ICANON;
	tcsetattr(0, TCSANOW, &newmode);
	line[0] = '\0';
	read(0, line, sizeof(line) - 1);
	tcsetattr(0, TCSANOW, &oldmode);
    }

    if (line[0] == 'y' || line[0] == 'Y') {
	return;
    } else {
	fprintf(stderr, abandoned);
	cleanup_exit(0);
    }
}

/*
 * Ask whether to wipe a session log file before writing to it.
 * Returns 2 for wipe, 1 for append, 0 for cancel (don't log).
 */
int askappend(void *frontend, char *filename)
{
    static const char msgtemplate[] =
	"The session log file \"%.*s\" already exists.\n"
	"You can overwrite it with a new session log,\n"
	"append your session log to the end of it,\n"
	"or disable session logging for this session.\n"
	"Enter \"y\" to wipe the file, \"n\" to append to it,\n"
	"or just press Return to disable logging.\n"
	"Wipe the log file? (y/n, Return cancels logging) ";

    static const char msgtemplate_batch[] =
	"The session log file \"%.*s\" already exists.\n"
	"Logging will not be enabled.\n";

    char line[32];

    if (console_batch_mode) {
	fprintf(stderr, msgtemplate_batch, FILENAME_MAX, filename);
	fflush(stderr);
	return 0;
    }
    fprintf(stderr, msgtemplate, FILENAME_MAX, filename);
    fflush(stderr);

    {
	struct termios oldmode, newmode;
	tcgetattr(0, &oldmode);
	newmode = oldmode;
	newmode.c_lflag |= ECHO | ISIG | ICANON;
	tcsetattr(0, TCSANOW, &newmode);
	line[0] = '\0';
	read(0, line, sizeof(line) - 1);
	tcsetattr(0, TCSANOW, &oldmode);
    }

    if (line[0] == 'y' || line[0] == 'Y')
	return 2;
    else if (line[0] == 'n' || line[0] == 'N')
	return 1;
    else
	return 0;
}

/*
 * Warn about the obsolescent key file format.
 * 
 * Uniquely among these functions, this one does _not_ expect a
 * frontend handle. This means that if PuTTY is ported to a
 * platform which requires frontend handles, this function will be
 * an anomaly. Fortunately, the problem it addresses will not have
 * been present on that platform, so it can plausibly be
 * implemented as an empty function.
 */
void old_keyfile_warning(void)
{
    static const char message[] =
	"You are loading an SSH 2 private key which has an\n"
	"old version of the file format. This means your key\n"
	"file is not fully tamperproof. Future versions of\n"
	"PuTTY may stop supporting this private key format,\n"
	"so we recommend you convert your key to the new\n"
	"format.\n"
	"\n"
	"Once the key is loaded into PuTTYgen, you can perform\n"
	"this conversion simply by saving it again.\n";

    fputs(message, stderr);
}

void logevent(void *frontend, char *string)
{
    log_eventlog(logctx, string);
}

int console_get_line(const char *prompt, char *str,
		     int maxlen, int is_pw)
{
    struct termios oldmode, newmode;
    int i;

    if (console_batch_mode) {
	if (maxlen > 0)
	    str[0] = '\0';
    } else {
	tcgetattr(0, &oldmode);
	newmode = oldmode;
	newmode.c_lflag |= ISIG | ICANON;
	if (is_pw)
	    newmode.c_lflag &= ~ECHO;
	else
	    newmode.c_lflag |= ECHO;
	tcsetattr(0, TCSANOW, &newmode);

	fputs(prompt, stdout);
	fflush(stdout);
	i = read(0, str, maxlen - 1);

	tcsetattr(0, TCSANOW, &oldmode);

	if (i > 0 && str[i-1] == '\n')
	    i--;
	str[i] = '\0';

	if (is_pw)
	    fputs("\n", stdout);
    }
    return 1;
}

void frontend_keypress(void *handle)
{
    /*
     * This is nothing but a stub, in console code.
     */
    return;
}
Commit	Line	Data
c5e438ec	1	/*
	2	* uxcons.c: various interactive-prompt routines shared between the
	3	* Unix console PuTTY tools
	4	*/
	5
	6	#include <stdio.h>
	7	#include <stdlib.h>
	8	#include <stdarg.h>
	9	#include <assert.h>
	10	#include <termios.h>
	11	#include <unistd.h>
	12
	13	#include "putty.h"
	14	#include "storage.h"
	15	#include "ssh.h"
	16
	17	int console_batch_mode = FALSE;
	18
	19	/*
	20	* Clean up and exit.
	21	*/
	22	void cleanup_exit(int code)
	23	{
	24	/*
	25	* Clean up.
	26	*/
	27	sk_cleanup();
d9c40fd6	28
	29	if (cfg.protocol == PROT_SSH)
	30	random_save_seed();
	31
c5e438ec	32	exit(code);
	33	}
	34
	35	void verify_ssh_host_key(void frontend, char host, int port, char *keytype,
	36	char keystr, char fingerprint)
	37	{
	38	int ret;
	39
	40	static const char absentmsg_batch[] =
	41	"The server's host key is not cached. You have no guarantee\n"
	42	"that the server is the computer you think it is.\n"
	43	"The server's key fingerprint is:\n"
	44	"%s\n"
	45	"Connection abandoned.\n";
	46	static const char absentmsg[] =
	47	"The server's host key is not cached. You have no guarantee\n"
	48	"that the server is the computer you think it is.\n"
	49	"The server's key fingerprint is:\n"
	50	"%s\n"
	51	"If you trust this host, enter \"y\" to add the key to\n"
	52	"PuTTY's cache and carry on connecting.\n"
	53	"If you want to carry on connecting just once, without\n"
	54	"adding the key to the cache, enter \"n\".\n"
	55	"If you do not trust this host, press Return to abandon the\n"
	56	"connection.\n"
	57	"Store key in cache? (y/n) ";
	58
	59	static const char wrongmsg_batch[] =
	60	"WARNING - POTENTIAL SECURITY BREACH!\n"
	61	"The server's host key does not match the one PuTTY has\n"
	62	"cached. This means that either the server administrator\n"
	63	"has changed the host key, or you have actually connected\n"
	64	"to another computer pretending to be the server.\n"
	65	"The new key fingerprint is:\n"
	66	"%s\n"
	67	"Connection abandoned.\n";
	68	static const char wrongmsg[] =
	69	"WARNING - POTENTIAL SECURITY BREACH!\n"
	70	"The server's host key does not match the one PuTTY has\n"
	71	"cached. This means that either the server administrator\n"
	72	"has changed the host key, or you have actually connected\n"
	73	"to another computer pretending to be the server.\n"
	74	"The new key fingerprint is:\n"
	75	"%s\n"
	76	"If you were expecting this change and trust the new key,\n"
	77	"enter \"y\" to update PuTTY's cache and continue connecting.\n"
	78	"If you want to carry on connecting but without updating\n"
	79	"the cache, enter \"n\".\n"
	80	"If you want to abandon the connection completely, press\n"
	81	"Return to cancel. Pressing Return is the ONLY guaranteed\n"
	82	"safe choice.\n"
	83	"Update cached key? (y/n, Return cancels connection) ";
	84
	85	static const char abandoned[] = "Connection abandoned.\n";
	86
	87	char line[32];
	88
	89	/*
	90	* Verify the key.
	91	*/
	92	ret = verify_host_key(host, port, keytype, keystr);
	93
	94	if (ret == 0) /* success - key matched OK */
	95	return;
96
97	if (ret == 2) { /* key was different */
98	if (console_batch_mode) {
99	fprintf(stderr, wrongmsg_batch, fingerprint);
100	cleanup_exit(1);
101	}
102	fprintf(stderr, wrongmsg, fingerprint);
103	fflush(stderr);
104	}
105	if (ret == 1) { /* key was absent */
106	if (console_batch_mode) {
107	fprintf(stderr, absentmsg_batch, fingerprint);
108	cleanup_exit(1);
109	}
110	fprintf(stderr, absentmsg, fingerprint);
111	fflush(stderr);
112	}
113
114	{
115	struct termios oldmode, newmode;
116	tcgetattr(0, &oldmode);
117	newmode = oldmode;
118	newmode.c_lflag \|= ECHO \| ISIG \| ICANON;
119	tcsetattr(0, TCSANOW, &newmode);
120	line[0] = '\0';
121	read(0, line, sizeof(line) - 1);
122	tcsetattr(0, TCSANOW, &oldmode);
123	}
124
125	if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
126	if (line[0] == 'y' \|\| line[0] == 'Y')
127	store_host_key(host, port, keytype, keystr);
128	} else {
129	fprintf(stderr, abandoned);
130	cleanup_exit(0);
131	}
132	}
133
134	/*
135	* Ask whether the selected cipher is acceptable (since it was
136	* below the configured 'warn' threshold).
137	* cs: 0 = both ways, 1 = client->server, 2 = server->client
138	*/
139	void askcipher(void frontend, char ciphername, int cs)
140	{
141	static const char msg[] =
142	"The first %scipher supported by the server is\n"
143	"%s, which is below the configured warning threshold.\n"
144	"Continue with connection? (y/n) ";
145	static const char msg_batch[] =
146	"The first %scipher supported by the server is\n"
147	"%s, which is below the configured warning threshold.\n"
148	"Connection abandoned.\n";
149	static const char abandoned[] = "Connection abandoned.\n";
150
151	char line[32];
152
153	if (console_batch_mode) {
154	fprintf(stderr, msg_batch,
155	(cs == 0) ? "" :
156	(cs == 1) ? "client-to-server " : "server-to-client ",
157	ciphername);
158	cleanup_exit(1);
159	}
160
161	fprintf(stderr, msg,
162	(cs == 0) ? "" :
163	(cs == 1) ? "client-to-server " : "server-to-client ",
164	ciphername);
165	fflush(stderr);
166
167	{
168	struct termios oldmode, newmode;
169	tcgetattr(0, &oldmode);
170	newmode = oldmode;
171	newmode.c_lflag \|= ECHO \| ISIG \| ICANON;
172	tcsetattr(0, TCSANOW, &newmode);
173	line[0] = '\0';
174	read(0, line, sizeof(line) - 1);
175	tcsetattr(0, TCSANOW, &oldmode);
176	}
177
178	if (line[0] == 'y' \|\| line[0] == 'Y') {
179	return;
180	} else {
181	fprintf(stderr, abandoned);
182	cleanup_exit(0);
183	}
184	}
185
186	/*
187	* Ask whether to wipe a session log file before writing to it.
188	* Returns 2 for wipe, 1 for append, 0 for cancel (don't log).
189	*/
190	int askappend(void frontend, char filename)
191	{
192	static const char msgtemplate[] =
193	"The session log file \"%.*s\" already exists.\n"
194	"You can overwrite it with a new session log,\n"
195	"append your session log to the end of it,\n"
196	"or disable session logging for this session.\n"
197	"Enter \"y\" to wipe the file, \"n\" to append to it,\n"
198	"or just press Return to disable logging.\n"
199	"Wipe the log file? (y/n, Return cancels logging) ";
200
201	static const char msgtemplate_batch[] =
202	"The session log file \"%.*s\" already exists.\n"
203	"Logging will not be enabled.\n";
204
205	char line[32];
206
c5e438ec	207	if (console_batch_mode) {
	208	fprintf(stderr, msgtemplate_batch, FILENAME_MAX, filename);
	209	fflush(stderr);
	210	return 0;
	211	}
	212	fprintf(stderr, msgtemplate, FILENAME_MAX, filename);
	213	fflush(stderr);
	214
	215	{
	216	struct termios oldmode, newmode;
	217	tcgetattr(0, &oldmode);
	218	newmode = oldmode;
	219	newmode.c_lflag \|= ECHO \| ISIG \| ICANON;
	220	tcsetattr(0, TCSANOW, &newmode);
	221	line[0] = '\0';
	222	read(0, line, sizeof(line) - 1);
	223	tcsetattr(0, TCSANOW, &oldmode);
	224	}
	225
	226	if (line[0] == 'y' \|\| line[0] == 'Y')
	227	return 2;
	228	else if (line[0] == 'n' \|\| line[0] == 'N')
	229	return 1;
	230	else
	231	return 0;
	232	}
	233
	234	/*
	235	* Warn about the obsolescent key file format.
	236	*
	237	* Uniquely among these functions, this one does _not_ expect a
	238	* frontend handle. This means that if PuTTY is ported to a
	239	* platform which requires frontend handles, this function will be
	240	* an anomaly. Fortunately, the problem it addresses will not have
	241	* been present on that platform, so it can plausibly be
	242	* implemented as an empty function.
	243	*/
	244	void old_keyfile_warning(void)
	245	{
	246	static const char message[] =
	247	"You are loading an SSH 2 private key which has an\n"
	248	"old version of the file format. This means your key\n"
	249	"file is not fully tamperproof. Future versions of\n"
	250	"PuTTY may stop supporting this private key format,\n"
	251	"so we recommend you convert your key to the new\n"
	252	"format.\n"
	253	"\n"
	254	"Once the key is loaded into PuTTYgen, you can perform\n"
	255	"this conversion simply by saving it again.\n";
	256
	257	fputs(message, stderr);
	258	}
	259
	260	void logevent(void frontend, char string)
	261	{
a0e5ed33	262	log_eventlog(logctx, string);
c5e438ec	263	}
	264
	265	int console_get_line(const char prompt, char str,
	266	int maxlen, int is_pw)
	267	{
	268	struct termios oldmode, newmode;
	269	int i;
	270
	271	if (console_batch_mode) {
	272	if (maxlen > 0)
	273	str[0] = '\0';
	274	} else {
	275	tcgetattr(0, &oldmode);
	276	newmode = oldmode;
	277	newmode.c_lflag \|= ISIG \| ICANON;
	278	if (is_pw)
	279	newmode.c_lflag &= ~ECHO;
	280	else
	281	newmode.c_lflag \|= ECHO;
	282	tcsetattr(0, TCSANOW, &newmode);
	283
	284	fputs(prompt, stdout);
	285	fflush(stdout);
	286	i = read(0, str, maxlen - 1);
	287
	288	tcsetattr(0, TCSANOW, &oldmode);
	289
	290	if (i > 0 && str[i-1] == '\n')
	291	i--;
	292	str[i] = '\0';
	293
	294	if (is_pw)
8d69b472	295	fputs("\n", stdout);
c5e438ec	296	}
	297	return 1;
	298	}
	299
	300	void frontend_keypress(void *handle)
	301	{
	302	/*
	303	* This is nothing but a stub, in console code.
	304	*/
	305	return;
	306	}