[u/mdw/putty] / unix / uxcons.c

/*
 * uxcons.c: various interactive-prompt routines shared between the
 * Unix console PuTTY tools
 */

#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <assert.h>
#include <termios.h>
#include <unistd.h>

#include "putty.h"
#include "storage.h"
#include "ssh.h"

int console_batch_mode = FALSE;

/*
 * Clean up and exit.
 */
void cleanup_exit(int code)
{
    /*
     * Clean up.
     */
    sk_cleanup();
    random_save_seed();
    exit(code);
}

void verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
			 char *keystr, char *fingerprint)
{
    int ret;

    static const char absentmsg_batch[] =
	"The server's host key is not cached. You have no guarantee\n"
	"that the server is the computer you think it is.\n"
	"The server's key fingerprint is:\n"
	"%s\n"
	"Connection abandoned.\n";
    static const char absentmsg[] =
	"The server's host key is not cached. You have no guarantee\n"
	"that the server is the computer you think it is.\n"
	"The server's key fingerprint is:\n"
	"%s\n"
	"If you trust this host, enter \"y\" to add the key to\n"
	"PuTTY's cache and carry on connecting.\n"
	"If you want to carry on connecting just once, without\n"
	"adding the key to the cache, enter \"n\".\n"
	"If you do not trust this host, press Return to abandon the\n"
	"connection.\n"
	"Store key in cache? (y/n) ";

    static const char wrongmsg_batch[] =
	"WARNING - POTENTIAL SECURITY BREACH!\n"
	"The server's host key does not match the one PuTTY has\n"
	"cached. This means that either the server administrator\n"
	"has changed the host key, or you have actually connected\n"
	"to another computer pretending to be the server.\n"
	"The new key fingerprint is:\n"
	"%s\n"
	"Connection abandoned.\n";
    static const char wrongmsg[] =
	"WARNING - POTENTIAL SECURITY BREACH!\n"
	"The server's host key does not match the one PuTTY has\n"
	"cached. This means that either the server administrator\n"
	"has changed the host key, or you have actually connected\n"
	"to another computer pretending to be the server.\n"
	"The new key fingerprint is:\n"
	"%s\n"
	"If you were expecting this change and trust the new key,\n"
	"enter \"y\" to update PuTTY's cache and continue connecting.\n"
	"If you want to carry on connecting but without updating\n"
	"the cache, enter \"n\".\n"
	"If you want to abandon the connection completely, press\n"
	"Return to cancel. Pressing Return is the ONLY guaranteed\n"
	"safe choice.\n"
	"Update cached key? (y/n, Return cancels connection) ";

    static const char abandoned[] = "Connection abandoned.\n";

    char line[32];

    /*
     * Verify the key.
     */
    ret = verify_host_key(host, port, keytype, keystr);

    if (ret == 0)		       /* success - key matched OK */
	return;

    if (ret == 2) {		       /* key was different */
	if (console_batch_mode) {
	    fprintf(stderr, wrongmsg_batch, fingerprint);
	    cleanup_exit(1);
	}
	fprintf(stderr, wrongmsg, fingerprint);
	fflush(stderr);
    }
    if (ret == 1) {		       /* key was absent */
	if (console_batch_mode) {
	    fprintf(stderr, absentmsg_batch, fingerprint);
	    cleanup_exit(1);
	}
	fprintf(stderr, absentmsg, fingerprint);
	fflush(stderr);
    }

    {
	struct termios oldmode, newmode;
	tcgetattr(0, &oldmode);
	newmode = oldmode;
	newmode.c_lflag |= ECHO | ISIG | ICANON;
	tcsetattr(0, TCSANOW, &newmode);
	line[0] = '\0';
	read(0, line, sizeof(line) - 1);
	tcsetattr(0, TCSANOW, &oldmode);
    }

    if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
	if (line[0] == 'y' || line[0] == 'Y')
	    store_host_key(host, port, keytype, keystr);
    } else {
	fprintf(stderr, abandoned);
	cleanup_exit(0);
    }
}

/*
 * Ask whether the selected cipher is acceptable (since it was
 * below the configured 'warn' threshold).
 * cs: 0 = both ways, 1 = client->server, 2 = server->client
 */
void askcipher(void *frontend, char *ciphername, int cs)
{
    static const char msg[] =
	"The first %scipher supported by the server is\n"
	"%s, which is below the configured warning threshold.\n"
	"Continue with connection? (y/n) ";
    static const char msg_batch[] =
	"The first %scipher supported by the server is\n"
	"%s, which is below the configured warning threshold.\n"
	"Connection abandoned.\n";
    static const char abandoned[] = "Connection abandoned.\n";

    char line[32];

    if (console_batch_mode) {
	fprintf(stderr, msg_batch,
		(cs == 0) ? "" :
		(cs == 1) ? "client-to-server " : "server-to-client ",
		ciphername);
	cleanup_exit(1);
    }

    fprintf(stderr, msg,
	    (cs == 0) ? "" :
	    (cs == 1) ? "client-to-server " : "server-to-client ",
	    ciphername);
    fflush(stderr);

    {
	struct termios oldmode, newmode;
	tcgetattr(0, &oldmode);
	newmode = oldmode;
	newmode.c_lflag |= ECHO | ISIG | ICANON;
	tcsetattr(0, TCSANOW, &newmode);
	line[0] = '\0';
	read(0, line, sizeof(line) - 1);
	tcsetattr(0, TCSANOW, &oldmode);
    }

    if (line[0] == 'y' || line[0] == 'Y') {
	return;
    } else {
	fprintf(stderr, abandoned);
	cleanup_exit(0);
    }
}

/*
 * Ask whether to wipe a session log file before writing to it.
 * Returns 2 for wipe, 1 for append, 0 for cancel (don't log).
 */
int askappend(void *frontend, Filename filename)
{
    static const char msgtemplate[] =
	"The session log file \"%.*s\" already exists.\n"
	"You can overwrite it with a new session log,\n"
	"append your session log to the end of it,\n"
	"or disable session logging for this session.\n"
	"Enter \"y\" to wipe the file, \"n\" to append to it,\n"
	"or just press Return to disable logging.\n"
	"Wipe the log file? (y/n, Return cancels logging) ";

    static const char msgtemplate_batch[] =
	"The session log file \"%.*s\" already exists.\n"
	"Logging will not be enabled.\n";

    char line[32];

    if (console_batch_mode) {
	fprintf(stderr, msgtemplate_batch, FILENAME_MAX, filename.path);
	fflush(stderr);
	return 0;
    }
    fprintf(stderr, msgtemplate, FILENAME_MAX, filename.path);
    fflush(stderr);

    {
	struct termios oldmode, newmode;
	tcgetattr(0, &oldmode);
	newmode = oldmode;
	newmode.c_lflag |= ECHO | ISIG | ICANON;
	tcsetattr(0, TCSANOW, &newmode);
	line[0] = '\0';
	read(0, line, sizeof(line) - 1);
	tcsetattr(0, TCSANOW, &oldmode);
    }

    if (line[0] == 'y' || line[0] == 'Y')
	return 2;
    else if (line[0] == 'n' || line[0] == 'N')
	return 1;
    else
	return 0;
}

/*
 * Warn about the obsolescent key file format.
 * 
 * Uniquely among these functions, this one does _not_ expect a
 * frontend handle. This means that if PuTTY is ported to a
 * platform which requires frontend handles, this function will be
 * an anomaly. Fortunately, the problem it addresses will not have
 * been present on that platform, so it can plausibly be
 * implemented as an empty function.
 */
void old_keyfile_warning(void)
{
    static const char message[] =
	"You are loading an SSH 2 private key which has an\n"
	"old version of the file format. This means your key\n"
	"file is not fully tamperproof. Future versions of\n"
	"PuTTY may stop supporting this private key format,\n"
	"so we recommend you convert your key to the new\n"
	"format.\n"
	"\n"
	"Once the key is loaded into PuTTYgen, you can perform\n"
	"this conversion simply by saving it again.\n";

    fputs(message, stderr);
}

void logevent(void *frontend, char *string)
{
    log_eventlog(logctx, string);
}

int console_get_line(const char *prompt, char *str,
		     int maxlen, int is_pw)
{
    struct termios oldmode, newmode;
    int i;

    if (console_batch_mode) {
	if (maxlen > 0)
	    str[0] = '\0';
    } else {
	tcgetattr(0, &oldmode);
	newmode = oldmode;
	newmode.c_lflag |= ISIG | ICANON;
	if (is_pw)
	    newmode.c_lflag &= ~ECHO;
	else
	    newmode.c_lflag |= ECHO;
	tcsetattr(0, TCSANOW, &newmode);

	fputs(prompt, stdout);
	fflush(stdout);
	i = read(0, str, maxlen - 1);

	tcsetattr(0, TCSANOW, &oldmode);

	if (i > 0 && str[i-1] == '\n')
	    i--;
	str[i] = '\0';

	if (is_pw)
	    fputs("\n", stdout);
    }
    return 1;
}

void frontend_keypress(void *handle)
{
    /*
     * This is nothing but a stub, in console code.
     */
    return;
}
Commit	Line	Data
c5e438ec	1	/*
	2	* uxcons.c: various interactive-prompt routines shared between the
	3	* Unix console PuTTY tools
	4	*/
	5
	6	#include <stdio.h>
	7	#include <stdlib.h>
	8	#include <stdarg.h>
	9	#include <assert.h>
	10	#include <termios.h>
	11	#include <unistd.h>
	12
	13	#include "putty.h"
	14	#include "storage.h"
	15	#include "ssh.h"
	16
	17	int console_batch_mode = FALSE;
	18
	19	/*
	20	* Clean up and exit.
	21	*/
	22	void cleanup_exit(int code)
	23	{
	24	/*
	25	* Clean up.
	26	*/
	27	sk_cleanup();
e85da6a5	28	random_save_seed();
c5e438ec	29	exit(code);
	30	}
	31
	32	void verify_ssh_host_key(void frontend, char host, int port, char *keytype,
	33	char keystr, char fingerprint)
	34	{
	35	int ret;
	36
	37	static const char absentmsg_batch[] =
	38	"The server's host key is not cached. You have no guarantee\n"
	39	"that the server is the computer you think it is.\n"
	40	"The server's key fingerprint is:\n"
	41	"%s\n"
	42	"Connection abandoned.\n";
	43	static const char absentmsg[] =
	44	"The server's host key is not cached. You have no guarantee\n"
	45	"that the server is the computer you think it is.\n"
	46	"The server's key fingerprint is:\n"
	47	"%s\n"
	48	"If you trust this host, enter \"y\" to add the key to\n"
	49	"PuTTY's cache and carry on connecting.\n"
	50	"If you want to carry on connecting just once, without\n"
	51	"adding the key to the cache, enter \"n\".\n"
	52	"If you do not trust this host, press Return to abandon the\n"
	53	"connection.\n"
	54	"Store key in cache? (y/n) ";
	55
	56	static const char wrongmsg_batch[] =
	57	"WARNING - POTENTIAL SECURITY BREACH!\n"
	58	"The server's host key does not match the one PuTTY has\n"
	59	"cached. This means that either the server administrator\n"
	60	"has changed the host key, or you have actually connected\n"
	61	"to another computer pretending to be the server.\n"
	62	"The new key fingerprint is:\n"
	63	"%s\n"
	64	"Connection abandoned.\n";
	65	static const char wrongmsg[] =
	66	"WARNING - POTENTIAL SECURITY BREACH!\n"
	67	"The server's host key does not match the one PuTTY has\n"
	68	"cached. This means that either the server administrator\n"
	69	"has changed the host key, or you have actually connected\n"
	70	"to another computer pretending to be the server.\n"
	71	"The new key fingerprint is:\n"
	72	"%s\n"
	73	"If you were expecting this change and trust the new key,\n"
	74	"enter \"y\" to update PuTTY's cache and continue connecting.\n"
	75	"If you want to carry on connecting but without updating\n"
	76	"the cache, enter \"n\".\n"
	77	"If you want to abandon the connection completely, press\n"
	78	"Return to cancel. Pressing Return is the ONLY guaranteed\n"
	79	"safe choice.\n"
	80	"Update cached key? (y/n, Return cancels connection) ";
	81
	82	static const char abandoned[] = "Connection abandoned.\n";
	83
	84	char line[32];
	85
	86	/*
	87	* Verify the key.
	88	*/
	89	ret = verify_host_key(host, port, keytype, keystr);
	90
	91	if (ret == 0) /* success - key matched OK */
	92	return;
93
94	if (ret == 2) { /* key was different */
95	if (console_batch_mode) {
96	fprintf(stderr, wrongmsg_batch, fingerprint);
97	cleanup_exit(1);
98	}
99	fprintf(stderr, wrongmsg, fingerprint);
100	fflush(stderr);
101	}
102	if (ret == 1) { /* key was absent */
103	if (console_batch_mode) {
104	fprintf(stderr, absentmsg_batch, fingerprint);
105	cleanup_exit(1);
106	}
107	fprintf(stderr, absentmsg, fingerprint);
108	fflush(stderr);
109	}
110
111	{
112	struct termios oldmode, newmode;
113	tcgetattr(0, &oldmode);
114	newmode = oldmode;
115	newmode.c_lflag \|= ECHO \| ISIG \| ICANON;
116	tcsetattr(0, TCSANOW, &newmode);
117	line[0] = '\0';
118	read(0, line, sizeof(line) - 1);
119	tcsetattr(0, TCSANOW, &oldmode);
120	}
121
122	if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
123	if (line[0] == 'y' \|\| line[0] == 'Y')
124	store_host_key(host, port, keytype, keystr);
125	} else {
126	fprintf(stderr, abandoned);
127	cleanup_exit(0);
128	}
129	}
130
131	/*
132	* Ask whether the selected cipher is acceptable (since it was
133	* below the configured 'warn' threshold).
134	* cs: 0 = both ways, 1 = client->server, 2 = server->client
135	*/
136	void askcipher(void frontend, char ciphername, int cs)
137	{
138	static const char msg[] =
139	"The first %scipher supported by the server is\n"
140	"%s, which is below the configured warning threshold.\n"
141	"Continue with connection? (y/n) ";
142	static const char msg_batch[] =
143	"The first %scipher supported by the server is\n"
144	"%s, which is below the configured warning threshold.\n"
145	"Connection abandoned.\n";
146	static const char abandoned[] = "Connection abandoned.\n";
147
148	char line[32];
149
150	if (console_batch_mode) {
151	fprintf(stderr, msg_batch,
152	(cs == 0) ? "" :
153	(cs == 1) ? "client-to-server " : "server-to-client ",
154	ciphername);
155	cleanup_exit(1);
156	}
157
158	fprintf(stderr, msg,
159	(cs == 0) ? "" :
160	(cs == 1) ? "client-to-server " : "server-to-client ",
161	ciphername);
162	fflush(stderr);
163
164	{
165	struct termios oldmode, newmode;
166	tcgetattr(0, &oldmode);
167	newmode = oldmode;
168	newmode.c_lflag \|= ECHO \| ISIG \| ICANON;
169	tcsetattr(0, TCSANOW, &newmode);
170	line[0] = '\0';
171	read(0, line, sizeof(line) - 1);
172	tcsetattr(0, TCSANOW, &oldmode);
173	}
174
175	if (line[0] == 'y' \|\| line[0] == 'Y') {
176	return;
177	} else {
178	fprintf(stderr, abandoned);
179	cleanup_exit(0);
180	}
181	}
182
183	/*
184	* Ask whether to wipe a session log file before writing to it.
185	* Returns 2 for wipe, 1 for append, 0 for cancel (don't log).
186	*/
9a30e26b	187	int askappend(void *frontend, Filename filename)
c5e438ec	188	{
	189	static const char msgtemplate[] =
	190	"The session log file \"%.*s\" already exists.\n"
	191	"You can overwrite it with a new session log,\n"
	192	"append your session log to the end of it,\n"
	193	"or disable session logging for this session.\n"
	194	"Enter \"y\" to wipe the file, \"n\" to append to it,\n"
	195	"or just press Return to disable logging.\n"
	196	"Wipe the log file? (y/n, Return cancels logging) ";
	197
	198	static const char msgtemplate_batch[] =
	199	"The session log file \"%.*s\" already exists.\n"
	200	"Logging will not be enabled.\n";
	201
	202	char line[32];
	203
c5e438ec	204	if (console_batch_mode) {
9a30e26b	205	fprintf(stderr, msgtemplate_batch, FILENAME_MAX, filename.path);
c5e438ec	206	fflush(stderr);
	207	return 0;
	208	}
9a30e26b	209	fprintf(stderr, msgtemplate, FILENAME_MAX, filename.path);
c5e438ec	210	fflush(stderr);
	211
	212	{
	213	struct termios oldmode, newmode;
	214	tcgetattr(0, &oldmode);
	215	newmode = oldmode;
	216	newmode.c_lflag \|= ECHO \| ISIG \| ICANON;
	217	tcsetattr(0, TCSANOW, &newmode);
	218	line[0] = '\0';
	219	read(0, line, sizeof(line) - 1);
	220	tcsetattr(0, TCSANOW, &oldmode);
	221	}
	222
	223	if (line[0] == 'y' \|\| line[0] == 'Y')
	224	return 2;
	225	else if (line[0] == 'n' \|\| line[0] == 'N')
	226	return 1;
	227	else
	228	return 0;
	229	}
	230
	231	/*
	232	* Warn about the obsolescent key file format.
	233	*
	234	* Uniquely among these functions, this one does _not_ expect a
	235	* frontend handle. This means that if PuTTY is ported to a
	236	* platform which requires frontend handles, this function will be
	237	* an anomaly. Fortunately, the problem it addresses will not have
	238	* been present on that platform, so it can plausibly be
	239	* implemented as an empty function.
	240	*/
	241	void old_keyfile_warning(void)
	242	{
	243	static const char message[] =
	244	"You are loading an SSH 2 private key which has an\n"
	245	"old version of the file format. This means your key\n"
	246	"file is not fully tamperproof. Future versions of\n"
	247	"PuTTY may stop supporting this private key format,\n"
	248	"so we recommend you convert your key to the new\n"
	249	"format.\n"
	250	"\n"
	251	"Once the key is loaded into PuTTYgen, you can perform\n"
	252	"this conversion simply by saving it again.\n";
	253
	254	fputs(message, stderr);
	255	}
	256
	257	void logevent(void frontend, char string)
	258	{
a0e5ed33	259	log_eventlog(logctx, string);
c5e438ec	260	}
	261
	262	int console_get_line(const char prompt, char str,
	263	int maxlen, int is_pw)
	264	{
	265	struct termios oldmode, newmode;
	266	int i;
	267
	268	if (console_batch_mode) {
	269	if (maxlen > 0)
	270	str[0] = '\0';
	271	} else {
	272	tcgetattr(0, &oldmode);
	273	newmode = oldmode;
	274	newmode.c_lflag \|= ISIG \| ICANON;
	275	if (is_pw)
	276	newmode.c_lflag &= ~ECHO;
	277	else
	278	newmode.c_lflag \|= ECHO;
	279	tcsetattr(0, TCSANOW, &newmode);
	280
	281	fputs(prompt, stdout);
	282	fflush(stdout);
	283	i = read(0, str, maxlen - 1);
	284
	285	tcsetattr(0, TCSANOW, &oldmode);
	286
	287	if (i > 0 && str[i-1] == '\n')
	288	i--;
	289	str[i] = '\0';
	290
	291	if (is_pw)
8d69b472	292	fputs("\n", stdout);
c5e438ec	293	}
	294	return 1;
	295	}
	296
	297	void frontend_keypress(void *handle)
	298	{
	299	/*
	300	* This is nothing but a stub, in console code.
	301	*/
	302	return;
	303	}