+
+ s1 = ctrl_getset(ctrlbox, "x", "", "");
+ ctrl_text(s1, msg, HELPCTX(no_help));
+
+ window = gtk_dialog_new();
+ gtk_window_set_title(GTK_WINDOW(window), title);
+ w0 = layout_ctrls(&dp, &scs, s0, 0, GTK_WINDOW(window));
+ gtk_box_pack_start(GTK_BOX(GTK_DIALOG(window)->action_area),
+ w0, TRUE, TRUE, 0);
+ gtk_widget_show(w0);
+ w1 = layout_ctrls(&dp, &scs, s1, 0, GTK_WINDOW(window));
+ gtk_container_set_border_width(GTK_CONTAINER(w1), 10);
+ gtk_widget_set_usize(w1, minwid+20, -1);
+ gtk_box_pack_start(GTK_BOX(GTK_DIALOG(window)->vbox),
+ w1, TRUE, TRUE, 0);
+ gtk_widget_show(w1);
+
+ dp.shortcuts = &scs;
+ dp.lastfocus = NULL;
+ dp.retval = 0;
+ dp.window = window;
+
+ gtk_window_set_modal(GTK_WINDOW(window), TRUE);
+ if (parentwin) {
+ set_transient_window_pos(parentwin, window);
+ gtk_window_set_transient_for(GTK_WINDOW(window),
+ GTK_WINDOW(parentwin));
+ } else
+ gtk_window_set_position(GTK_WINDOW(window), GTK_WIN_POS_CENTER);
+ gtk_widget_show(window);
+
+ gtk_signal_connect(GTK_OBJECT(window), "destroy",
+ GTK_SIGNAL_FUNC(window_destroy), NULL);
+ gtk_signal_connect(GTK_OBJECT(window), "key_press_event",
+ GTK_SIGNAL_FUNC(win_key_press), &dp);
+
+ gtk_main();
+
+ dlg_cleanup(&dp);
+ ctrl_free_box(ctrlbox);
+
+ return dp.retval;
+}
+
+static int string_width(char *text)
+{
+ GtkWidget *label = gtk_label_new(text);
+ GtkRequisition req;
+ gtk_widget_size_request(label, &req);
+ gtk_widget_unref(label);
+ return req.width;
+}
+
+void verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
+ char *keystr, char *fingerprint)
+{
+ static const char absenttxt[] =
+ "The server's host key is not cached. You have no guarantee "
+ "that the server is the computer you think it is.\n"
+ "The server's key fingerprint is:\n"
+ "%s\n"
+ "If you trust this host, press \"Accept\" to add the key to "
+ "PuTTY's cache and carry on connecting.\n"
+ "If you want to carry on connecting just once, without "
+ "adding the key to the cache, press \"Connect Once\".\n"
+ "If you do not trust this host, press \"Cancel\" to abandon the "
+ "connection.";
+ static const char wrongtxt[] =
+ "WARNING - POTENTIAL SECURITY BREACH!\n"
+ "The server's host key does not match the one PuTTY has "
+ "cached. This means that either the server administrator "
+ "has changed the host key, or you have actually connected "
+ "to another computer pretending to be the server.\n"
+ "The new key fingerprint is:\n"
+ "%s\n"
+ "If you were expecting this change and trust the new key, "
+ "press \"Accept\" to update PuTTY's cache and continue connecting.\n"
+ "If you want to carry on connecting but without updating "
+ "the cache, press \"Connect Once\".\n"
+ "If you want to abandon the connection completely, press "
+ "\"Cancel\" to cancel. Pressing \"Cancel\" is the ONLY guaranteed "
+ "safe choice.";
+ char *text;
+ int ret;
+
+ /*
+ * Verify the key.
+ */
+ ret = verify_host_key(host, port, keytype, keystr);
+
+ if (ret == 0) /* success - key matched OK */
+ return;
+
+ text = dupprintf((ret == 2 ? wrongtxt : absenttxt), fingerprint);
+
+ ret = messagebox(GTK_WIDGET(get_window(frontend)),
+ "PuTTY Security Alert", text,
+ string_width(fingerprint),
+ "Accept", 'a', 0, 2,
+ "Connect Once", 'o', 0, 1,
+ "Cancel", 'c', -1, 0,
+ NULL);
+
+ sfree(text);
+
+ if (ret == 0)
+ cleanup_exit(0);
+ else if (ret == 2)
+ store_host_key(host, port, keytype, keystr);
+}
+
+/*
+ * Ask whether the selected cipher is acceptable (since it was
+ * below the configured 'warn' threshold).
+ * cs: 0 = both ways, 1 = client->server, 2 = server->client
+ */
+void askcipher(void *frontend, char *ciphername, int cs)
+{
+ static const char msg[] =
+ "The first %scipher supported by the server is "
+ "%s, which is below the configured warning threshold.\n"
+ "Continue with connection?";
+ char *text;
+ int ret;
+
+ text = dupprintf(msg, (cs == 0) ? "" :
+ (cs == 1) ? "client-to-server " : "server-to-client ",
+ ciphername);
+ ret = messagebox(GTK_WIDGET(get_window(frontend)),
+ "PuTTY Security Alert", text,
+ string_width("Continue with connection?"),
+ "Yes", 'y', 0, 1,
+ "No", 'n', 0, 0,
+ NULL);
+ sfree(text);
+
+ if (ret) {
+ return;
+ } else {
+ cleanup_exit(0);
+ }