svnno****@sourc*****
svnno****@sourc*****
2015年 5月 8日 (金) 01:38:05 JST
Revision: 5853 http://sourceforge.jp/projects/ttssh2/scm/svn/commits/5853 Author: yutakapon Date: 2015-05-08 01:38:03 +0900 (Fri, 08 May 2015) Log Message: ----------- チケット #35047 SSH サーバホスト公開鍵の自動更新 known_hosts ファイルを更新する際の問い合わせダイアログにおいて、 ・デフォルトボタンを"NO"にした。 ・英文メッセージを変更した。 ※I18N対応は未。 Ticket Links: ------------ http://sourceforge.jp/projects/ttssh2/tracker/detail/35047 Modified Paths: -------------- trunk/ttssh2/ttxssh/key.c trunk/ttssh2/ttxssh/ssh.c -------------- next part -------------- Modified: trunk/ttssh2/ttxssh/key.c =================================================================== --- trunk/ttssh2/ttxssh/key.c 2015-05-06 17:11:28 UTC (rev 5852) +++ trunk/ttssh2/ttxssh/key.c 2015-05-07 16:38:03 UTC (rev 5853) @@ -1915,8 +1915,9 @@ static void update_known_hosts(PTInstVar pvar, struct hostkeys_update_ctx *ctx) { size_t i; - char msg[128]; int dlgresult; + char msg[1024]; + char *fp; // "/nosecuritywarning"\x82\xAA\x8Ew\x92肳\x82\xEA\x82Ă\xA2\x82\xE9\x8Fꍇ\x81A\x8DX\x90V\x82͈\xEA\x90؍s\x82\xED\x82Ȃ\xA2\x81B if (pvar->nocheck_known_hosts) { @@ -1927,8 +1928,25 @@ // known_hosts\x83t\x83@\x83C\x83\x8B\x82̍X\x90V\x82\xF0\x8Ds\x82\xA4\x82\xBD\x82߁A\x83\x86\x81[\x83U\x82ɖ₢\x8D\x87\x82킹\x82\xF0\x8Ds\x82\xA4\x81B if (pvar->settings.UpdateHostkeys == SSH_UPDATE_HOSTKEYS_ASK) { - _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Accept updated hostkeys? (yes/no)"); - dlgresult = MessageBox(NULL, msg, "TTSSH: confirm", MB_YESNO | MB_ICONWARNING); + _snprintf_s(msg, sizeof(msg), _TRUNCATE, + "Are you sure you want to accept updated hostkeys?\n\n" + "A user has been received complete hostkeys from a remote server.\n" + "Your known_hosts file can be updated to the latest public hostkeys \n" + "because the file does not contain in the following keys:\n\n" + ); + + for (i = 0; i < ctx->nkeys; i++) { + if (ctx->keys_seen[i]) + continue; + fp = key_fingerprint(ctx->keys[i], SSH_FP_HEX); + strcat_s(msg, sizeof(msg), get_sshname_from_key(ctx->keys[i])); + strcat_s(msg, sizeof(msg), " "); + strcat_s(msg, sizeof(msg), fp); + strcat_s(msg, sizeof(msg), "\n"); + free(fp); + } + + dlgresult = MessageBox(NULL, msg, "TTSSH: confirm", MB_YESNO | MB_ICONWARNING | MB_DEFBUTTON2); if (dlgresult != IDYES) { _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Hostkey was not updated because a user cancelled."); notify_verbose_message(pvar, msg, LOG_LEVEL_VERBOSE); @@ -1950,9 +1968,9 @@ return; } -static void client_global_hostkeys_private_confirm(PTInstVar pvar, int type, u_int32_t seq, void *_ctx) +static void client_global_hostkeys_private_confirm(PTInstVar pvar, int type, u_int32_t seq, void *_ctx) { - struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; + struct hostkeys_update_ctx *ctx = (struct hostkeys_update_ctx *)_ctx; char msg[128]; char *data; int len; @@ -1961,8 +1979,8 @@ buffer_t *b = NULL; buffer_t *bsig = NULL; char *cp, *sig; - size_t i, ndone, siglen; - int ret; + size_t i, ndone, siglen; + int ret; // SSH2 packet format: // [size(4) + padding size(1) + type(1)] + [payload(N) + padding(X)] @@ -1975,74 +1993,74 @@ data = pvar->ssh_state.payload; // len = size - (padding size + 1): \x83p\x83f\x83B\x83\x93\x83O\x82\xF0\x8F\x9C\x82\xAD\x83{\x83f\x83B\x81Btype\x82\xAA\x90擪\x82Ɋ܂܂\xEA\x82\xE9\x81B len = pvar->ssh_state.payloadlen; - len--; // type \x95\xAA\x82\xF0\x8F\x9C\x82\xAD - + len--; // type \x95\xAA\x82\xF0\x8F\x9C\x82\xAD + bsig = buffer_init(); if (bsig == NULL) goto error; cp = buffer_append_space(bsig, len); memcpy(cp, data, len); - - if (ctx->nnew == 0) { + + if (ctx->nnew == 0) { _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Hostkey can not be updated because ctx->nnew %d(program bug).", ctx->nnew); notify_verbose_message(pvar, msg, LOG_LEVEL_FATAL); - goto error; - } - if (type != SSH2_MSG_REQUEST_SUCCESS) { + goto error; + } + if (type != SSH2_MSG_REQUEST_SUCCESS) { _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Server failed to confirm ownership of private host keys(type %d)", type); notify_verbose_message(pvar, msg, LOG_LEVEL_ERROR); - goto error; - } - if (pvar->session_id_len == 0) { + goto error; + } + if (pvar->session_id_len == 0) { _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Hostkey can not be updated because pvar->session_id_len %d(program bug).", pvar->session_id_len); notify_verbose_message(pvar, msg, LOG_LEVEL_FATAL); - goto error; - } - + goto error; + } + b = buffer_init(); if (b == NULL) goto error; ndone = 0; - for (i = 0; i < ctx->nkeys; i++) { - if (ctx->keys_seen[i]) - continue; - - buffer_clear(b); + for (i = 0; i < ctx->nkeys; i++) { + if (ctx->keys_seen[i]) + continue; + + buffer_clear(b); buffer_put_cstring(b, "hostk****@opens*****"); buffer_put_string(b, pvar->session_id, pvar->session_id_len); - key_to_blob(ctx->keys[i], &blob, &bloblen); - buffer_put_string(b, blob, bloblen); - free(blob); - blob = NULL; - + key_to_blob(ctx->keys[i], &blob, &bloblen); + buffer_put_string(b, blob, bloblen); + free(blob); + blob = NULL; + sig = buffer_get_string_msg(bsig, &siglen); // Verify signature ret = key_verify(ctx->keys[i], sig, siglen, buffer_ptr(b), buffer_len(b)); - free(sig); - sig = NULL; + free(sig); + sig = NULL; if (ret != 1) { _snprintf_s(msg, sizeof(msg), _TRUNCATE, "server gave bad signature for %s key %u", get_sshname_from_key(ctx->keys[i]), i); notify_verbose_message(pvar, msg, LOG_LEVEL_ERROR); - goto error; + goto error; } ndone++; } - if (ndone != ctx->nnew) { + if (ndone != ctx->nnew) { _snprintf_s(msg, sizeof(msg), _TRUNCATE, "Hostkey can not be updated because ndone != ctx->nnew (%u / %u)(program bug).", ndone, ctx->nnew); notify_verbose_message(pvar, msg, LOG_LEVEL_FATAL); - goto error; - } + goto error; + } update_known_hosts(pvar, ctx); error: buffer_free(b); buffer_free(bsig); - hostkeys_update_ctx_free(ctx); + hostkeys_update_ctx_free(ctx); } // @@ -2172,15 +2190,15 @@ buffer_put_cstring(b, "hostk****@opens*****"); buffer_put_char(b, 1); /* bool: want reply */ - for (i = 0; i < ctx->nkeys; i++) { - if (ctx->keys_seen[i]) - continue; - key_to_blob(ctx->keys[i], &blob, &len); - buffer_put_string(b, blob, len); - free(blob); - blob = NULL; - } - + for (i = 0; i < ctx->nkeys; i++) { + if (ctx->keys_seen[i]) + continue; + key_to_blob(ctx->keys[i], &blob, &len); + buffer_put_string(b, blob, len); + free(blob); + blob = NULL; + } + len = buffer_len(b); outmsg = begin_send_packet(pvar, SSH2_MSG_GLOBAL_REQUEST, len); memcpy(outmsg, buffer_ptr(b), len); Modified: trunk/ttssh2/ttxssh/ssh.c =================================================================== --- trunk/ttssh2/ttxssh/ssh.c 2015-05-06 17:11:28 UTC (rev 5852) +++ trunk/ttssh2/ttxssh/ssh.c 2015-05-07 16:38:03 UTC (rev 5853) @@ -132,7 +132,7 @@ global_confirms.ref_count = 0; } -void client_register_global_confirm(global_confirm_cb *cb, void *ctx) +void client_register_global_confirm(global_confirm_cb *cb, void *ctx) { struct global_confirm *gc = &global_confirms; @@ -143,8 +143,8 @@ } } -static int client_global_request_reply(PTInstVar pvar, int type, unsigned int seq, void *ctxt) -{ +static int client_global_request_reply(PTInstVar pvar, int type, unsigned int seq, void *ctxt) +{ struct global_confirm *gc = &global_confirms; if (gc->ref_count >= 1) { @@ -154,7 +154,7 @@ } return 0; -} +} // // channel function