| 1 | /* |
| 2 | * wincons.c - various interactive-prompt routines shared between |
| 3 | * the Windows console PuTTY tools |
| 4 | */ |
| 5 | |
| 6 | #include <stdio.h> |
| 7 | #include <stdlib.h> |
| 8 | #include <stdarg.h> |
| 9 | |
| 10 | #include "putty.h" |
| 11 | #include "storage.h" |
| 12 | #include "ssh.h" |
| 13 | |
| 14 | int console_batch_mode = FALSE; |
| 15 | |
| 16 | static void *console_logctx = NULL; |
| 17 | |
| 18 | /* |
| 19 | * Clean up and exit. |
| 20 | */ |
| 21 | void cleanup_exit(int code) |
| 22 | { |
| 23 | /* |
| 24 | * Clean up. |
| 25 | */ |
| 26 | sk_cleanup(); |
| 27 | |
| 28 | random_save_seed(); |
| 29 | #ifdef MSCRYPTOAPI |
| 30 | crypto_wrapup(); |
| 31 | #endif |
| 32 | |
| 33 | exit(code); |
| 34 | } |
| 35 | |
| 36 | void set_busy_status(void *frontend, int status) |
| 37 | { |
| 38 | } |
| 39 | |
| 40 | void notify_remote_exit(void *frontend) |
| 41 | { |
| 42 | } |
| 43 | |
| 44 | void timer_change_notify(long next) |
| 45 | { |
| 46 | } |
| 47 | |
| 48 | int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype, |
| 49 | char *keystr, char *fingerprint, |
| 50 | void (*callback)(void *ctx, int result), void *ctx) |
| 51 | { |
| 52 | int ret; |
| 53 | HANDLE hin; |
| 54 | DWORD savemode, i; |
| 55 | |
| 56 | static const char absentmsg_batch[] = |
| 57 | "The server's host key is not cached in the registry. You\n" |
| 58 | "have no guarantee that the server is the computer you\n" |
| 59 | "think it is.\n" |
| 60 | "The server's %s key fingerprint is:\n" |
| 61 | "%s\n" |
| 62 | "Connection abandoned.\n"; |
| 63 | static const char absentmsg[] = |
| 64 | "The server's host key is not cached in the registry. You\n" |
| 65 | "have no guarantee that the server is the computer you\n" |
| 66 | "think it is.\n" |
| 67 | "The server's %s key fingerprint is:\n" |
| 68 | "%s\n" |
| 69 | "If you trust this host, enter \"y\" to add the key to\n" |
| 70 | "PuTTY's cache and carry on connecting.\n" |
| 71 | "If you want to carry on connecting just once, without\n" |
| 72 | "adding the key to the cache, enter \"n\".\n" |
| 73 | "If you do not trust this host, press Return to abandon the\n" |
| 74 | "connection.\n" |
| 75 | "Store key in cache? (y/n) "; |
| 76 | |
| 77 | static const char wrongmsg_batch[] = |
| 78 | "WARNING - POTENTIAL SECURITY BREACH!\n" |
| 79 | "The server's host key does not match the one PuTTY has\n" |
| 80 | "cached in the registry. This means that either the\n" |
| 81 | "server administrator has changed the host key, or you\n" |
| 82 | "have actually connected to another computer pretending\n" |
| 83 | "to be the server.\n" |
| 84 | "The new %s key fingerprint is:\n" |
| 85 | "%s\n" |
| 86 | "Connection abandoned.\n"; |
| 87 | static const char wrongmsg[] = |
| 88 | "WARNING - POTENTIAL SECURITY BREACH!\n" |
| 89 | "The server's host key does not match the one PuTTY has\n" |
| 90 | "cached in the registry. This means that either the\n" |
| 91 | "server administrator has changed the host key, or you\n" |
| 92 | "have actually connected to another computer pretending\n" |
| 93 | "to be the server.\n" |
| 94 | "The new %s key fingerprint is:\n" |
| 95 | "%s\n" |
| 96 | "If you were expecting this change and trust the new key,\n" |
| 97 | "enter \"y\" to update PuTTY's cache and continue connecting.\n" |
| 98 | "If you want to carry on connecting but without updating\n" |
| 99 | "the cache, enter \"n\".\n" |
| 100 | "If you want to abandon the connection completely, press\n" |
| 101 | "Return to cancel. Pressing Return is the ONLY guaranteed\n" |
| 102 | "safe choice.\n" |
| 103 | "Update cached key? (y/n, Return cancels connection) "; |
| 104 | |
| 105 | static const char abandoned[] = "Connection abandoned.\n"; |
| 106 | |
| 107 | char line[32]; |
| 108 | |
| 109 | /* |
| 110 | * Verify the key against the registry. |
| 111 | */ |
| 112 | ret = verify_host_key(host, port, keytype, keystr); |
| 113 | |
| 114 | if (ret == 0) /* success - key matched OK */ |
| 115 | return 1; |
| 116 | |
| 117 | if (ret == 2) { /* key was different */ |
| 118 | if (console_batch_mode) { |
| 119 | fprintf(stderr, wrongmsg_batch, keytype, fingerprint); |
| 120 | return 0; |
| 121 | } |
| 122 | fprintf(stderr, wrongmsg, keytype, fingerprint); |
| 123 | fflush(stderr); |
| 124 | } |
| 125 | if (ret == 1) { /* key was absent */ |
| 126 | if (console_batch_mode) { |
| 127 | fprintf(stderr, absentmsg_batch, keytype, fingerprint); |
| 128 | return 0; |
| 129 | } |
| 130 | fprintf(stderr, absentmsg, keytype, fingerprint); |
| 131 | fflush(stderr); |
| 132 | } |
| 133 | |
| 134 | hin = GetStdHandle(STD_INPUT_HANDLE); |
| 135 | GetConsoleMode(hin, &savemode); |
| 136 | SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT | |
| 137 | ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT)); |
| 138 | ReadFile(hin, line, sizeof(line) - 1, &i, NULL); |
| 139 | SetConsoleMode(hin, savemode); |
| 140 | |
| 141 | if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') { |
| 142 | if (line[0] == 'y' || line[0] == 'Y') |
| 143 | store_host_key(host, port, keytype, keystr); |
| 144 | return 1; |
| 145 | } else { |
| 146 | fprintf(stderr, abandoned); |
| 147 | return 0; |
| 148 | } |
| 149 | } |
| 150 | |
| 151 | void update_specials_menu(void *frontend) |
| 152 | { |
| 153 | } |
| 154 | |
| 155 | /* |
| 156 | * Ask whether the selected algorithm is acceptable (since it was |
| 157 | * below the configured 'warn' threshold). |
| 158 | */ |
| 159 | int askalg(void *frontend, const char *algtype, const char *algname, |
| 160 | void (*callback)(void *ctx, int result), void *ctx) |
| 161 | { |
| 162 | HANDLE hin; |
| 163 | DWORD savemode, i; |
| 164 | |
| 165 | static const char msg[] = |
| 166 | "The first %s supported by the server is\n" |
| 167 | "%s, which is below the configured warning threshold.\n" |
| 168 | "Continue with connection? (y/n) "; |
| 169 | static const char msg_batch[] = |
| 170 | "The first %s supported by the server is\n" |
| 171 | "%s, which is below the configured warning threshold.\n" |
| 172 | "Connection abandoned.\n"; |
| 173 | static const char abandoned[] = "Connection abandoned.\n"; |
| 174 | |
| 175 | char line[32]; |
| 176 | |
| 177 | if (console_batch_mode) { |
| 178 | fprintf(stderr, msg_batch, algtype, algname); |
| 179 | return 0; |
| 180 | } |
| 181 | |
| 182 | fprintf(stderr, msg, algtype, algname); |
| 183 | fflush(stderr); |
| 184 | |
| 185 | hin = GetStdHandle(STD_INPUT_HANDLE); |
| 186 | GetConsoleMode(hin, &savemode); |
| 187 | SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT | |
| 188 | ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT)); |
| 189 | ReadFile(hin, line, sizeof(line) - 1, &i, NULL); |
| 190 | SetConsoleMode(hin, savemode); |
| 191 | |
| 192 | if (line[0] == 'y' || line[0] == 'Y') { |
| 193 | return 1; |
| 194 | } else { |
| 195 | fprintf(stderr, abandoned); |
| 196 | return 0; |
| 197 | } |
| 198 | } |
| 199 | |
| 200 | /* |
| 201 | * Ask whether to wipe a session log file before writing to it. |
| 202 | * Returns 2 for wipe, 1 for append, 0 for cancel (don't log). |
| 203 | */ |
| 204 | int askappend(void *frontend, Filename *filename, |
| 205 | void (*callback)(void *ctx, int result), void *ctx) |
| 206 | { |
| 207 | HANDLE hin; |
| 208 | DWORD savemode, i; |
| 209 | |
| 210 | static const char msgtemplate[] = |
| 211 | "The session log file \"%.*s\" already exists.\n" |
| 212 | "You can overwrite it with a new session log,\n" |
| 213 | "append your session log to the end of it,\n" |
| 214 | "or disable session logging for this session.\n" |
| 215 | "Enter \"y\" to wipe the file, \"n\" to append to it,\n" |
| 216 | "or just press Return to disable logging.\n" |
| 217 | "Wipe the log file? (y/n, Return cancels logging) "; |
| 218 | |
| 219 | static const char msgtemplate_batch[] = |
| 220 | "The session log file \"%.*s\" already exists.\n" |
| 221 | "Logging will not be enabled.\n"; |
| 222 | |
| 223 | char line[32]; |
| 224 | |
| 225 | if (console_batch_mode) { |
| 226 | fprintf(stderr, msgtemplate_batch, FILENAME_MAX, filename->path); |
| 227 | fflush(stderr); |
| 228 | return 0; |
| 229 | } |
| 230 | fprintf(stderr, msgtemplate, FILENAME_MAX, filename->path); |
| 231 | fflush(stderr); |
| 232 | |
| 233 | hin = GetStdHandle(STD_INPUT_HANDLE); |
| 234 | GetConsoleMode(hin, &savemode); |
| 235 | SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT | |
| 236 | ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT)); |
| 237 | ReadFile(hin, line, sizeof(line) - 1, &i, NULL); |
| 238 | SetConsoleMode(hin, savemode); |
| 239 | |
| 240 | if (line[0] == 'y' || line[0] == 'Y') |
| 241 | return 2; |
| 242 | else if (line[0] == 'n' || line[0] == 'N') |
| 243 | return 1; |
| 244 | else |
| 245 | return 0; |
| 246 | } |
| 247 | |
| 248 | /* |
| 249 | * Warn about the obsolescent key file format. |
| 250 | * |
| 251 | * Uniquely among these functions, this one does _not_ expect a |
| 252 | * frontend handle. This means that if PuTTY is ported to a |
| 253 | * platform which requires frontend handles, this function will be |
| 254 | * an anomaly. Fortunately, the problem it addresses will not have |
| 255 | * been present on that platform, so it can plausibly be |
| 256 | * implemented as an empty function. |
| 257 | */ |
| 258 | void old_keyfile_warning(void) |
| 259 | { |
| 260 | static const char message[] = |
| 261 | "You are loading an SSH-2 private key which has an\n" |
| 262 | "old version of the file format. This means your key\n" |
| 263 | "file is not fully tamperproof. Future versions of\n" |
| 264 | "PuTTY may stop supporting this private key format,\n" |
| 265 | "so we recommend you convert your key to the new\n" |
| 266 | "format.\n" |
| 267 | "\n" |
| 268 | "Once the key is loaded into PuTTYgen, you can perform\n" |
| 269 | "this conversion simply by saving it again.\n"; |
| 270 | |
| 271 | fputs(message, stderr); |
| 272 | } |
| 273 | |
| 274 | /* |
| 275 | * Display the fingerprints of the PGP Master Keys to the user. |
| 276 | */ |
| 277 | void pgp_fingerprints(void) |
| 278 | { |
| 279 | fputs("These are the fingerprints of the PuTTY PGP Master Keys. They can\n" |
| 280 | "be used to establish a trust path from this executable to another\n" |
| 281 | "one. See the manual for more information.\n" |
| 282 | "(Note: these fingerprints have nothing to do with SSH!)\n" |
| 283 | "\n" |
| 284 | "PuTTY Master Key (RSA), 1024-bit:\n" |
| 285 | " " PGP_RSA_MASTER_KEY_FP "\n" |
| 286 | "PuTTY Master Key (DSA), 1024-bit:\n" |
| 287 | " " PGP_DSA_MASTER_KEY_FP "\n", stdout); |
| 288 | } |
| 289 | |
| 290 | void console_provide_logctx(void *logctx) |
| 291 | { |
| 292 | console_logctx = logctx; |
| 293 | } |
| 294 | |
| 295 | void logevent(void *frontend, const char *string) |
| 296 | { |
| 297 | log_eventlog(console_logctx, string); |
| 298 | } |
| 299 | |
| 300 | static void console_data_untrusted(HANDLE hout, const char *data, int len) |
| 301 | { |
| 302 | DWORD dummy; |
| 303 | /* FIXME: control-character filtering */ |
| 304 | WriteFile(hout, data, len, &dummy, NULL); |
| 305 | } |
| 306 | |
| 307 | int console_get_userpass_input(prompts_t *p, unsigned char *in, int inlen) |
| 308 | { |
| 309 | HANDLE hin, hout; |
| 310 | size_t curr_prompt; |
| 311 | |
| 312 | /* |
| 313 | * Zero all the results, in case we abort half-way through. |
| 314 | */ |
| 315 | { |
| 316 | int i; |
| 317 | for (i = 0; i < (int)p->n_prompts; i++) |
| 318 | prompt_set_result(p->prompts[i], ""); |
| 319 | } |
| 320 | |
| 321 | /* |
| 322 | * The prompts_t might contain a message to be displayed but no |
| 323 | * actual prompt. More usually, though, it will contain |
| 324 | * questions that the user needs to answer, in which case we |
| 325 | * need to ensure that we're able to get the answers. |
| 326 | */ |
| 327 | if (p->n_prompts) { |
| 328 | if (console_batch_mode) |
| 329 | return 0; |
| 330 | hin = GetStdHandle(STD_INPUT_HANDLE); |
| 331 | if (hin == INVALID_HANDLE_VALUE) { |
| 332 | fprintf(stderr, "Cannot get standard input handle\n"); |
| 333 | cleanup_exit(1); |
| 334 | } |
| 335 | } |
| 336 | |
| 337 | /* |
| 338 | * And if we have anything to print, we need standard output. |
| 339 | */ |
| 340 | if ((p->name_reqd && p->name) || p->instruction || p->n_prompts) { |
| 341 | hout = GetStdHandle(STD_OUTPUT_HANDLE); |
| 342 | if (hout == INVALID_HANDLE_VALUE) { |
| 343 | fprintf(stderr, "Cannot get standard output handle\n"); |
| 344 | cleanup_exit(1); |
| 345 | } |
| 346 | } |
| 347 | |
| 348 | /* |
| 349 | * Preamble. |
| 350 | */ |
| 351 | /* We only print the `name' caption if we have to... */ |
| 352 | if (p->name_reqd && p->name) { |
| 353 | size_t l = strlen(p->name); |
| 354 | console_data_untrusted(hout, p->name, l); |
| 355 | if (p->name[l-1] != '\n') |
| 356 | console_data_untrusted(hout, "\n", 1); |
| 357 | } |
| 358 | /* ...but we always print any `instruction'. */ |
| 359 | if (p->instruction) { |
| 360 | size_t l = strlen(p->instruction); |
| 361 | console_data_untrusted(hout, p->instruction, l); |
| 362 | if (p->instruction[l-1] != '\n') |
| 363 | console_data_untrusted(hout, "\n", 1); |
| 364 | } |
| 365 | |
| 366 | for (curr_prompt = 0; curr_prompt < p->n_prompts; curr_prompt++) { |
| 367 | |
| 368 | DWORD savemode, newmode; |
| 369 | int len; |
| 370 | prompt_t *pr = p->prompts[curr_prompt]; |
| 371 | |
| 372 | GetConsoleMode(hin, &savemode); |
| 373 | newmode = savemode | ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT; |
| 374 | if (!pr->echo) |
| 375 | newmode &= ~ENABLE_ECHO_INPUT; |
| 376 | else |
| 377 | newmode |= ENABLE_ECHO_INPUT; |
| 378 | SetConsoleMode(hin, newmode); |
| 379 | |
| 380 | console_data_untrusted(hout, pr->prompt, strlen(pr->prompt)); |
| 381 | |
| 382 | len = 0; |
| 383 | while (1) { |
| 384 | DWORD ret = 0; |
| 385 | BOOL r; |
| 386 | |
| 387 | prompt_ensure_result_size(pr, len * 5 / 4 + 512); |
| 388 | |
| 389 | r = ReadFile(hin, pr->result + len, pr->resultsize - len - 1, |
| 390 | &ret, NULL); |
| 391 | |
| 392 | if (!r || ret == 0) { |
| 393 | len = -1; |
| 394 | break; |
| 395 | } |
| 396 | len += ret; |
| 397 | if (pr->result[len - 1] == '\n') { |
| 398 | len--; |
| 399 | if (pr->result[len - 1] == '\r') |
| 400 | len--; |
| 401 | break; |
| 402 | } |
| 403 | } |
| 404 | |
| 405 | SetConsoleMode(hin, savemode); |
| 406 | |
| 407 | if (!pr->echo) { |
| 408 | DWORD dummy; |
| 409 | WriteFile(hout, "\r\n", 2, &dummy, NULL); |
| 410 | } |
| 411 | |
| 412 | if (len < 0) { |
| 413 | return 0; /* failure due to read error */ |
| 414 | } |
| 415 | |
| 416 | pr->result[len] = '\0'; |
| 417 | } |
| 418 | |
| 419 | return 1; /* success */ |
| 420 | } |
| 421 | |
| 422 | void frontend_keypress(void *handle) |
| 423 | { |
| 424 | /* |
| 425 | * This is nothing but a stub, in console code. |
| 426 | */ |
| 427 | return; |
| 428 | } |