Add some host key dialogue boxes. These still look a little rough around

the edges and need to have all their controls properly aligned and spaced according to the HI guidelines. Also, fix store_host_key() so that it replaces a host key correctly when the host key has changed and the user opts to update the cached one. [originally from svn r5280]
2005-02-09 21:18:44 +00:00 · 2005-02-09 21:18:44 +00:00 · 3311f89129
--- a/mac/mac.c
+++ b/mac/mac.c
@ -694,9 +694,15 @@ int agent_query(void *in, int inlen, void **out, int *outlen,
 void verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
 			 char *keystr, char *fingerprint)
 {
-    Str255 stuff;
+    Str255 pappname;
+    Str255 pfingerprint;
+    Str255 pkeytype;
    Session *s = frontend;
-    int ret;
+    int ret, alertret;
+    
+    c2pstrcpy(pappname, appname);
+    c2pstrcpy(pkeytype, keytype);
+    c2pstrcpy(pfingerprint, fingerprint);

    /*
     * This function is horribly wrong.  For one thing, the alert
@ -716,29 +722,42 @@ void verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
    if (ret == 0)		       /* success - key matched OK */
 	return;
    if (ret == 2) {		       /* key was different */
-	stuff[0] = sprintf((char *)(&stuff[1]),
-			   "WARNING - POTENTIAL SECURITY BREACH\n",
-			   "The key fingerprint is: %s\n"
-			   "Continue connecting?", fingerprint);
-	ParamText(stuff, NULL, NULL, NULL);
+	ParamText(pappname, pkeytype, pfingerprint, NULL);
+	alertret=CautionAlert(wWrong, NULL);
+	if (alertret == 9) {
+	    /* Cancel */
+	    goto cancel;
+	} else if (alertret == 8) {
+	    /* Connect Just Once */
+	} else {
+	    /* Update Key */
+	    store_host_key(host, port, keytype, keystr);
+	}
    }
    if (ret == 1) {                     /* key was absent */
-	stuff[0] = sprintf((char *)(&stuff[1]),
-			   "The server's key fingerprint is: %s\n"
-			   "Continue connecting?", fingerprint);
-	ParamText(stuff, NULL, NULL, NULL);
+	ParamText(pkeytype, pfingerprint, pappname, NULL);
+	alertret=CautionAlert(wAbsent, NULL);
+	if (alertret == 8) {
+	    /* Cancel */
+	    goto cancel;
+	} else if (alertret == 7) {
+	    /* Connect Just Once */
+	} else {
+	    /* Update Key */
+	    store_host_key(host, port, keytype, keystr);
+	}
    }

-    if (CautionAlert(wQuestion, NULL) == 2) {
-	/*
-	 * User chose "Cancel".  Unfortunately, if I tear the
-	 * connection down here, Bad Things happen when I return.  I
-	 * think this function should actually return something
-	 * telling the SSH code to abandon the connection.
-	 */	
-    } else {
-	store_host_key(host, port, keytype, keystr);
-    }
+    return;
+
+  cancel:
+    /*
+     * User chose "Cancel".  Unfortunately, if I tear the
+     * connection down here, Bad Things happen when I return.  I
+     * think this function should actually return something
+     * telling the SSH code to abandon the connection.
+     */	
+    return;
 }

 void askalg(void *frontend, const char *algtype, const char *algname)
--- a/mac/mac_res.r
+++ b/mac/mac_res.r
@ -1005,6 +1005,154 @@ resource 'DITL' (wQuestion, "fatalbox", purgeable) {
 	}
 };

+/* Absent host key */
+
+resource 'ALRT' (wAbsent, "absent", purgeable) {
+	{32, 67, 332, 435},
+	wAbsent,
+	beepStages,
+	alertPositionMainScreen
+};
+
+resource 'DITL' (wAbsent, "absent", purgeable) {
+	{	/* array DITLarray: 8 elements */
+		/* [1] */
+		{11, 72, 60, 357},
+		StaticText {
+			disabled,
+			"The server's host key is not cached.  You "
+			"have no guarantee that the server is the "
+			"computer you think it is."
+		},
+		/* [2] */
+		{65, 71, 113, 355},
+		StaticText {
+			disabled,
+			"The server's ^0 key fingerprint is:\n^1"
+		},
+		/* [3] */
+		{121, 70, 172, 354},
+		StaticText {
+			disabled,
+			"If you trust this host, hit Add Key to add "
+			"the key to ^2's cache and carry on "
+			"connecting."
+		},
+		/* [4] */
+		{178, 70, 226, 354},
+		StaticText {
+			disabled,
+			"If you want to carry on connecting just "
+			"once, without adding the key to the cache, "
+			"select Just Once."
+		},
+		/* [5] */
+		{233, 69, 281, 353},
+		StaticText {
+			disabled,
+			"If you do not trust this host, hit Cancel "
+			"to abandon the connection."
+		},
+		/* [6] */
+		{285, 70, 303, 139},
+		Button {
+			enabled,
+			"Add Key"
+		},
+		/* [7] */
+		{285, 214, 305, 288},
+		Button {
+			enabled,
+			"Just Once"
+		},
+		/* [8] */
+		{284, 295, 304, 354},
+		Button {
+			enabled,
+			"Cancel"
+		}
+	}
+};
+
+/* Wrong host key */
+
+resource 'ALRT' (wWrong, "wrong", purgeable) {
+	{32, 67, 422, 435},
+	wWrong,
+	beepStages,
+	alertPositionMainScreen
+};
+
+resource 'DITL' (wWrong, "wrong", purgeable) {
+	{	/* array DITLarray: 9 elements */
+		/* [1] */
+		{7, 74, 23, 358},
+		StaticText {
+			disabled,
+			"WARNING - POTENTIAL SECURITY BREACH!"
+		},
+		/* [2] */
+		{32, 72, 131, 357},
+		StaticText {
+			disabled,
+			"The server's host key does not match the "
+			"one ^0 has cached.  This means that either "
+			"the server administrator has changed "
+			"the host key, or you have actually connected "
+			"to another computer pretending to be the "
+			"server."
+		},
+		/* [3] */
+		{142, 72, 190, 356},
+		StaticText {
+			disabled,
+			"The new ^1 key fingerprint is:\n^2"
+		},
+		/* [4] */
+		{190, 73, 238, 357},
+		StaticText {
+			disabled,
+			"If you were expecting this change and "
+			"trust the new key, hit Update Key to update "
+			"^0's cache and continue connecting."
+		},
+		/* [5] */
+		{246, 74, 294, 358},
+		StaticText {
+			disabled,
+			"If you want to carry on connecting just "
+			"once, without adding the key to the cache, "
+			"select Just Once."
+		},
+		/* [6] */
+		{301, 74, 349, 358},
+		StaticText {
+			disabled,
+			"If you do not trust this host, hit Cancel "
+			"to abandon the connection.  This is the "
+			"ONLY guaranteed safe choice."
+		},
+		/* [7] */
+		{361, 76, 379, 163},
+		Button {
+			enabled,
+			"Update Key"
+		},
+		/* [8] */
+		{360, 215, 380, 289},
+		Button {
+			enabled,
+			"Just Once"
+		},
+		/* [9] */
+		{360, 298, 380, 357},
+		Button {
+			enabled,
+			"Cancel"
+		}
+	}
+};
+
 /* Terminal window */

 resource 'WIND' (wTerminal, "terminal", purgeable) {
--- a/mac/macresid.h
+++ b/mac/macresid.h
@ -56,6 +56,8 @@
 #define wiSettingsOpen		1
 #define wEventLog	133
 #define wQuestion	134
+#define wAbsent         135
+#define wWrong          136

 /* Controls */
 #define cVScroll	128
--- a/mac/macstore.c
+++ b/mac/macstore.c
@ -683,6 +683,7 @@ void store_host_key(const char *hostname, int port,
    char *resname;
    Str255 presname;
    Handle resvalue;
+    Handle reshandle;
    int id;

    /* Open the host key file */
@ -708,7 +709,12 @@ void store_host_key(const char *hostname, int port,
    UseResFile(keyrefnum);
    resname = dupprintf("%s@%d:%s", keytype, port, hostname);
    c2pstrcpy(presname, resname);
-    
+
+    reshandle = Get1NamedResource(FOUR_CHAR_CODE('TEXT'), presname);
+    if (reshandle != NULL) {
+	/* The resource exists, we're replacing a host key */
+	RemoveResource(reshandle);
+    }
    error = PtrToHand(key, &resvalue, strlen(key));
    if (error != noErr) goto out;