From: owen Date: Wed, 9 Feb 2005 21:18:44 +0000 (+0000) Subject: Add some host key dialogue boxes. These still look a little rough around X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/commitdiff_plain/71ed591e9e049cf1c64ec9ddc10e2158c2f76c89 Add some host key dialogue boxes. These still look a little rough around the edges and need to have all their controls properly aligned and spaced according to the HI guidelines. Also, fix store_host_key() so that it replaces a host key correctly when the host key has changed and the user opts to update the cached one. git-svn-id: svn://svn.tartarus.org/sgt/putty@5280 cda61777-01e9-0310-a592-d414129be87e --- diff --git a/mac/mac.c b/mac/mac.c index d621b914..a0bfa3ea 100644 --- a/mac/mac.c +++ b/mac/mac.c @@ -694,9 +694,15 @@ int agent_query(void *in, int inlen, void **out, int *outlen, void verify_ssh_host_key(void *frontend, char *host, int port, char *keytype, char *keystr, char *fingerprint) { - Str255 stuff; + Str255 pappname; + Str255 pfingerprint; + Str255 pkeytype; Session *s = frontend; - int ret; + int ret, alertret; + + c2pstrcpy(pappname, appname); + c2pstrcpy(pkeytype, keytype); + c2pstrcpy(pfingerprint, fingerprint); /* * This function is horribly wrong. For one thing, the alert @@ -716,29 +722,42 @@ void verify_ssh_host_key(void *frontend, char *host, int port, char *keytype, if (ret == 0) /* success - key matched OK */ return; if (ret == 2) { /* key was different */ - stuff[0] = sprintf((char *)(&stuff[1]), - "WARNING - POTENTIAL SECURITY BREACH\n", - "The key fingerprint is: %s\n" - "Continue connecting?", fingerprint); - ParamText(stuff, NULL, NULL, NULL); + ParamText(pappname, pkeytype, pfingerprint, NULL); + alertret=CautionAlert(wWrong, NULL); + if (alertret == 9) { + /* Cancel */ + goto cancel; + } else if (alertret == 8) { + /* Connect Just Once */ + } else { + /* Update Key */ + store_host_key(host, port, keytype, keystr); + } } if (ret == 1) { /* key was absent */ - stuff[0] = sprintf((char *)(&stuff[1]), - "The server's key fingerprint is: %s\n" - "Continue connecting?", fingerprint); - ParamText(stuff, NULL, NULL, NULL); + ParamText(pkeytype, pfingerprint, pappname, NULL); + alertret=CautionAlert(wAbsent, NULL); + if (alertret == 8) { + /* Cancel */ + goto cancel; + } else if (alertret == 7) { + /* Connect Just Once */ + } else { + /* Update Key */ + store_host_key(host, port, keytype, keystr); + } } - if (CautionAlert(wQuestion, NULL) == 2) { - /* - * User chose "Cancel". Unfortunately, if I tear the - * connection down here, Bad Things happen when I return. I - * think this function should actually return something - * telling the SSH code to abandon the connection. - */ - } else { - store_host_key(host, port, keytype, keystr); - } + return; + + cancel: + /* + * User chose "Cancel". Unfortunately, if I tear the + * connection down here, Bad Things happen when I return. I + * think this function should actually return something + * telling the SSH code to abandon the connection. + */ + return; } void askalg(void *frontend, const char *algtype, const char *algname) diff --git a/mac/mac_res.r b/mac/mac_res.r index 1733fe9e..40ab5994 100644 --- a/mac/mac_res.r +++ b/mac/mac_res.r @@ -1005,6 +1005,154 @@ resource 'DITL' (wQuestion, "fatalbox", purgeable) { } }; +/* Absent host key */ + +resource 'ALRT' (wAbsent, "absent", purgeable) { + {32, 67, 332, 435}, + wAbsent, + beepStages, + alertPositionMainScreen +}; + +resource 'DITL' (wAbsent, "absent", purgeable) { + { /* array DITLarray: 8 elements */ + /* [1] */ + {11, 72, 60, 357}, + StaticText { + disabled, + "The server's host key is not cached. You " + "have no guarantee that the server is the " + "computer you think it is." + }, + /* [2] */ + {65, 71, 113, 355}, + StaticText { + disabled, + "The server's ^0 key fingerprint is:\n^1" + }, + /* [3] */ + {121, 70, 172, 354}, + StaticText { + disabled, + "If you trust this host, hit Add Key to add " + "the key to ^2's cache and carry on " + "connecting." + }, + /* [4] */ + {178, 70, 226, 354}, + StaticText { + disabled, + "If you want to carry on connecting just " + "once, without adding the key to the cache, " + "select Just Once." + }, + /* [5] */ + {233, 69, 281, 353}, + StaticText { + disabled, + "If you do not trust this host, hit Cancel " + "to abandon the connection." + }, + /* [6] */ + {285, 70, 303, 139}, + Button { + enabled, + "Add Key" + }, + /* [7] */ + {285, 214, 305, 288}, + Button { + enabled, + "Just Once" + }, + /* [8] */ + {284, 295, 304, 354}, + Button { + enabled, + "Cancel" + } + } +}; + +/* Wrong host key */ + +resource 'ALRT' (wWrong, "wrong", purgeable) { + {32, 67, 422, 435}, + wWrong, + beepStages, + alertPositionMainScreen +}; + +resource 'DITL' (wWrong, "wrong", purgeable) { + { /* array DITLarray: 9 elements */ + /* [1] */ + {7, 74, 23, 358}, + StaticText { + disabled, + "WARNING - POTENTIAL SECURITY BREACH!" + }, + /* [2] */ + {32, 72, 131, 357}, + StaticText { + disabled, + "The server's host key does not match the " + "one ^0 has cached. This means that either " + "the server administrator has changed " + "the host key, or you have actually connected " + "to another computer pretending to be the " + "server." + }, + /* [3] */ + {142, 72, 190, 356}, + StaticText { + disabled, + "The new ^1 key fingerprint is:\n^2" + }, + /* [4] */ + {190, 73, 238, 357}, + StaticText { + disabled, + "If you were expecting this change and " + "trust the new key, hit Update Key to update " + "^0's cache and continue connecting." + }, + /* [5] */ + {246, 74, 294, 358}, + StaticText { + disabled, + "If you want to carry on connecting just " + "once, without adding the key to the cache, " + "select Just Once." + }, + /* [6] */ + {301, 74, 349, 358}, + StaticText { + disabled, + "If you do not trust this host, hit Cancel " + "to abandon the connection. This is the " + "ONLY guaranteed safe choice." + }, + /* [7] */ + {361, 76, 379, 163}, + Button { + enabled, + "Update Key" + }, + /* [8] */ + {360, 215, 380, 289}, + Button { + enabled, + "Just Once" + }, + /* [9] */ + {360, 298, 380, 357}, + Button { + enabled, + "Cancel" + } + } +}; + /* Terminal window */ resource 'WIND' (wTerminal, "terminal", purgeable) { diff --git a/mac/macresid.h b/mac/macresid.h index a25dcc78..5655b25a 100644 --- a/mac/macresid.h +++ b/mac/macresid.h @@ -56,6 +56,8 @@ #define wiSettingsOpen 1 #define wEventLog 133 #define wQuestion 134 +#define wAbsent 135 +#define wWrong 136 /* Controls */ #define cVScroll 128 diff --git a/mac/macstore.c b/mac/macstore.c index 74fa8d97..5b6afba2 100644 --- a/mac/macstore.c +++ b/mac/macstore.c @@ -683,6 +683,7 @@ void store_host_key(const char *hostname, int port, char *resname; Str255 presname; Handle resvalue; + Handle reshandle; int id; /* Open the host key file */ @@ -708,7 +709,12 @@ void store_host_key(const char *hostname, int port, UseResFile(keyrefnum); resname = dupprintf("%s@%d:%s", keytype, port, hostname); c2pstrcpy(presname, resname); - + + reshandle = Get1NamedResource(FOUR_CHAR_CODE('TEXT'), presname); + if (reshandle != NULL) { + /* The resource exists, we're replacing a host key */ + RemoveResource(reshandle); + } error = PtrToHand(key, &resvalue, strlen(key)); if (error != noErr) goto out;