-void verify_ssh_host_key(char *host, int port, char *keytype,
- char *keystr, char *fingerprint)
-{
- int ret;
- HANDLE hin;
- DWORD savemode, i;
-
- static const char absentmsg[] =
- "The server's host key is not cached in the registry. You\n"
- "have no guarantee that the server is the computer you\n"
- "think it is.\n"
- "The server's key fingerprint is:\n"
- "%s\n"
- "If you trust this host, enter \"y\" to add the key to\n"
- "PuTTY's cache and carry on connecting.\n"
- "If you want to carry on connecting just once, without\n"
- "adding the key to the cache, enter \"n\".\n"
- "If you do not trust this host, press Return to abandon the\n"
- "connection.\n"
- "Store key in cache? (y/n) ";
-
- static const char wrongmsg[] =
- "WARNING - POTENTIAL SECURITY BREACH!\n"
- "The server's host key does not match the one PuTTY has\n"
- "cached in the registry. This means that either the\n"
- "server administrator has changed the host key, or you\n"
- "have actually connected to another computer pretending\n"
- "to be the server.\n"
- "The new key fingerprint is:\n"
- "%s\n"
- "If you were expecting this change and trust the new key,\n"
- "enter \"y\" to update PuTTY's cache and continue connecting.\n"
- "If you want to carry on connecting but without updating\n"
- "the cache, enter \"n\".\n"
- "If you want to abandon the connection completely, press\n"
- "Return to cancel. Pressing Return is the ONLY guaranteed\n"
- "safe choice.\n"
- "Update cached key? (y/n, Return cancels connection) ";
-
- static const char abandoned[] = "Connection abandoned.\n";
-
- char line[32];
-
- /*
- * Verify the key against the registry.
- */
- ret = verify_host_key(host, port, keytype, keystr);
-
- if (ret == 0) /* success - key matched OK */
- return;
-
- if (ret == 2) { /* key was different */
- fprintf(stderr, wrongmsg, fingerprint);
- fflush(stderr);
- }
- if (ret == 1) { /* key was absent */
- fprintf(stderr, absentmsg, fingerprint);
- fflush(stderr);
- }
-
- hin = GetStdHandle(STD_INPUT_HANDLE);
- GetConsoleMode(hin, &savemode);
- SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
- ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
- ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
- SetConsoleMode(hin, savemode);
-
- if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
- if (line[0] == 'y' || line[0] == 'Y')
- store_host_key(host, port, keytype, keystr);
- } else {
- fprintf(stderr, abandoned);
- exit(0);
- }
-}
-
-/*
- * Ask whether the selected cipher is acceptable (since it was
- * below the configured 'warn' threshold).
- * cs: 0 = both ways, 1 = client->server, 2 = server->client
- */
-void askcipher(char *ciphername, int cs)
-{
- HANDLE hin;
- DWORD savemode, i;
-
- static const char msg[] =
- "The first %scipher supported by the server is\n"
- "%s, which is below the configured warning threshold.\n"
- "Continue with connection? (y/n) ";
- static const char abandoned[] = "Connection abandoned.\n";
-
- char line[32];
-
- fprintf(stderr, msg,
- (cs == 0) ? "" :
- (cs == 1) ? "client-to-server " :
- "server-to-client ",
- ciphername);
- fflush(stderr);
-
- hin = GetStdHandle(STD_INPUT_HANDLE);
- GetConsoleMode(hin, &savemode);
- SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
- ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
- ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
- SetConsoleMode(hin, savemode);
-
- if (line[0] == 'y' || line[0] == 'Y') {
- return;
- } else {
- fprintf(stderr, abandoned);
- exit(0);
- }
-}
-
-/*
- * Ask whether to wipe a session log file before writing to it.
- * Returns 2 for wipe, 1 for append, 0 for cancel (don't log).
- */
-int askappend(char *filename)
-{
- HANDLE hin;
- DWORD savemode, i;
-
- static const char msgtemplate[] =
- "The session log file \"%.*s\" already exists.\n"
- "You can overwrite it with a new session log,\n"
- "append your session log to the end of it,\n"
- "or disable session logging for this session.\n"
- "Enter \"y\" to wipe the file, \"n\" to append to it,\n"
- "or just press Return to disable logging.\n"
- "Wipe the log file? (y/n, Return cancels logging) ";
-
- char line[32];
-
- fprintf(stderr, msgtemplate, FILENAME_MAX, filename);
- fflush(stderr);
-
- hin = GetStdHandle(STD_INPUT_HANDLE);
- GetConsoleMode(hin, &savemode);
- SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
- ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
- ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
- SetConsoleMode(hin, savemode);
-
- if (line[0] == 'y' || line[0] == 'Y')
- return 2;
- else if (line[0] == 'n' || line[0] == 'N')
- return 1;
- else
- return 0;
-}
-
-/*
- * Warn about the obsolescent key file format.
- */
-void old_keyfile_warning(void)
-{
- static const char message[] =
- "You are loading an SSH 2 private key which has an\n"
- "old version of the file format. This means your key\n"
- "file is not fully tamperproof. Future versions of\n"
- "PuTTY may stop supporting this private key format,\n"
- "so we recommend you convert your key to the new\n"
- "format.\n"
- "\n"
- "Once the key is loaded into PuTTYgen, you can perform\n"
- "this conversion simply by saving it again.\n";
-
- fputs(message, stderr);
-}
-