}
}
+/*
+ * Ask whether the selected cipher is acceptable (since it was
+ * below the configured 'warn' threshold).
+ * cs: 0 = both ways, 1 = client->server, 2 = server->client
+ */
+void askcipher(char *ciphername, int cs)
+{
+ HANDLE hin;
+ DWORD savemode, i;
+
+ static const char msg[] =
+ "The first %scipher supported by the server is\n"
+ "%s, which is below the configured warning threshold.\n"
+ "Continue with connection? (y/n) ";
+ static const char abandoned[] = "Connection abandoned.\n";
+
+ char line[32];
+
+ fprintf(stderr, msg,
+ (cs == 0) ? "" :
+ (cs == 1) ? "client-to-server " :
+ "server-to-client ",
+ ciphername);
+ fflush(stderr);
+
+ hin = GetStdHandle(STD_INPUT_HANDLE);
+ GetConsoleMode(hin, &savemode);
+ SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
+ ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
+ ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
+ SetConsoleMode(hin, savemode);
+
+ if (line[0] == 'y' || line[0] == 'Y') {
+ return;
+ } else {
+ fprintf(stderr, abandoned);
+ exit(0);
+ }
+}
+
HANDLE inhandle, outhandle, errhandle;
DWORD orig_console_mode;
}
}
+/*
+ * Ask whether the selected cipher is acceptable (since it was
+ * below the configured 'warn' threshold).
+ * cs: 0 = both ways, 1 = client->server, 2 = server->client
+ */
+void askcipher(char *ciphername, int cs)
+{
+ HANDLE hin;
+ DWORD savemode, i;
+
+ static const char msg[] =
+ "The first %scipher supported by the server is\n"
+ "%s, which is below the configured warning threshold.\n"
+ "Continue with connection? (y/n) ";
+ static const char abandoned[] = "Connection abandoned.\n";
+
+ char line[32];
+
+ fprintf(stderr, msg,
+ (cs == 0) ? "" :
+ (cs == 1) ? "client-to-server " :
+ "server-to-client ",
+ ciphername);
+ fflush(stderr);
+
+ hin = GetStdHandle(STD_INPUT_HANDLE);
+ GetConsoleMode(hin, &savemode);
+ SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
+ ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
+ ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
+ SetConsoleMode(hin, savemode);
+
+ if (line[0] == 'y' || line[0] == 'Y') {
+ return;
+ } else {
+ fprintf(stderr, abandoned);
+ exit(0);
+ }
+}
+
/*
* Print an error message and perform a fatal exit.
*/
#ifndef PUTTY_PUTTY_H
#define PUTTY_PUTTY_H
+#include <stdio.h> /* for FILENAME_MAX */
+
#include "network.h"
#define PUTTY_REG_POS "Software\\SimonTatham\\PuTTY"
VT_XWINDOWS, VT_OEMANSI, VT_OEMONLY, VT_POORMAN, VT_UNICODE
} VT_Mode;
+enum {
+ /*
+ * SSH ciphers (both SSH1 and SSH2)
+ */
+ CIPHER_WARN, /* pseudo 'cipher' */
+ CIPHER_3DES,
+ CIPHER_BLOWFISH,
+ CIPHER_AES, /* (SSH 2 only) */
+ CIPHER_DES, /* (SSH 1 only) */
+ CIPHER_MAX /* no. ciphers (inc warn) */
+};
+
enum {
/*
* Line discipline option states: off, on, up to the backend.
int nopty;
int compression;
int agentfwd;
- enum { CIPHER_3DES, CIPHER_BLOWFISH, CIPHER_DES, CIPHER_AES } cipher;
+ int ssh_cipherlist[CIPHER_MAX];
char keyfile[FILENAME_MAX];
int sshprot; /* use v1 or v2 when both available */
int buggymac; /* MAC bug commmercial <=v2.3.x SSH2 */
void showabout(HWND);
void verify_ssh_host_key(char *host, int port, char *keytype,
char *keystr, char *fingerprint);
+void askcipher(char *ciphername, int cs);
int askappend(char *filename);
void registry_cleanup(void);
void force_normal(HWND hwnd);
}
}
+/*
+ * Ask whether the selected cipher is acceptable (since it was
+ * below the configured 'warn' threshold).
+ * cs: 0 = both ways, 1 = client->server, 2 = server->client
+ */
+void askcipher(char *ciphername, int cs)
+{
+ HANDLE hin;
+ DWORD savemode, i;
+
+ static const char msg[] =
+ "The first %scipher supported by the server is\n"
+ "%s, which is below the configured warning threshold.\n"
+ "Continue with connection? (y/n) ";
+ static const char abandoned[] = "Connection abandoned.\n";
+
+ char line[32];
+
+ fprintf(stderr, msg,
+ (cs == 0) ? "" :
+ (cs == 1) ? "client-to-server " :
+ "server-to-client ",
+ ciphername);
+ fflush(stderr);
+
+ hin = GetStdHandle(STD_INPUT_HANDLE);
+ GetConsoleMode(hin, &savemode);
+ SetConsoleMode(hin, (savemode | ENABLE_ECHO_INPUT |
+ ENABLE_PROCESSED_INPUT | ENABLE_LINE_INPUT));
+ ReadFile(hin, line, sizeof(line) - 1, &i, NULL);
+ SetConsoleMode(hin, savemode);
+
+ if (line[0] == 'y' || line[0] == 'Y') {
+ return;
+ } else {
+ fprintf(stderr, abandoned);
+ exit(0);
+ }
+}
+
/* GUI Adaptation - Sept 2000 */
static void send_msg(HWND h, UINT message, WPARAM wParam)
{
#include "putty.h"
#include "storage.h"
+/*
+ * Tables of string <-> enum value mappings
+ */
+struct keyval { char *s; int v; };
+
+static const struct keyval ciphernames[] = {
+ { "WARN", CIPHER_WARN },
+ { "3des", CIPHER_3DES },
+ { "blowfish", CIPHER_BLOWFISH },
+ { "aes", CIPHER_AES },
+ { "des", CIPHER_DES }
+};
+
static void gpps(void *handle, char *name, char *def, char *val, int len)
{
if (!read_setting_s(handle, name, val, len)) {
*i = read_setting_i(handle, name, def);
}
+static int key2val(const struct keyval *mapping, int nmaps, char *key)
+{
+ int i;
+ for (i = 0; i < nmaps; i++)
+ if (!strcmp(mapping[i].s, key)) return mapping[i].v;
+ return -1;
+}
+
+static const char *val2key(const struct keyval *mapping, int nmaps, int val)
+{
+ int i;
+ for (i = 0; i < nmaps; i++)
+ if (mapping[i].v == val) return mapping[i].s;
+ return NULL;
+}
+
+/*
+ * Helper function to parse a comma-separated list of strings into
+ * a preference list array of values. Any missing values are added
+ * to the end and duplicates are weeded.
+ * XXX: assumes vals in 'mapping' are small +ve integers
+ */
+static void gprefs(void *sesskey, char *name, char *def,
+ const struct keyval *mapping, int nvals,
+ int *array)
+{
+ char commalist[80];
+ int n;
+ unsigned long seen = 0; /* bitmap for weeding dups etc */
+ gpps(sesskey, name, def, commalist, sizeof(commalist));
+
+ /* Grotty parsing of commalist. */
+ n = 0;
+ do {
+ int v;
+ char *key;
+ key = strtok(n==0 ? commalist : NULL, ","); /* sorry */
+ if (!key) break;
+ if (((v = key2val(mapping, nvals, key)) != -1) &&
+ !(seen & 1<<v)) {
+ array[n] = v;
+ n++;
+ seen |= 1<<v;
+ }
+ } while (n < nvals);
+ /* Add any missing values (backward compatibility ect). */
+ {
+ int i, j;
+ for (i = 0; i < nvals; i++) {
+ if (!(seen & 1<<mapping[i].v)) {
+ array[n] = mapping[i].v;
+ n++;
+ }
+ }
+ }
+}
+
+/*
+ * Write out a preference list.
+ */
+static void wprefs(void *sesskey, char *name,
+ const struct keyval *mapping, int nvals,
+ int *array)
+{
+ char buf[80] = ""; /* XXX assumed big enough */
+ int l = sizeof(buf)-1, i;
+ buf[l] = '\0';
+ for (i = 0; l > 0 && i < nvals; i++) {
+ const char *s = val2key(mapping, nvals, array[i]);
+ if (s) {
+ int sl = strlen(s);
+ if (i > 0) {
+ strncat(buf, ",", l);
+ l--;
+ }
+ strncat(buf, s, l);
+ l -= sl;
+ }
+ }
+ write_setting_s(sesskey, name, buf);
+}
+
void save_settings(char *section, int do_host, Config * cfg)
{
int i;
write_setting_i(sesskey, "NoPTY", cfg->nopty);
write_setting_i(sesskey, "Compression", cfg->compression);
write_setting_i(sesskey, "AgentFwd", cfg->agentfwd);
- write_setting_s(sesskey, "Cipher",
- cfg->cipher == CIPHER_BLOWFISH ? "blowfish" :
- cfg->cipher == CIPHER_DES ? "des" :
- cfg->cipher == CIPHER_AES ? "aes" : "3des");
+ wprefs(sesskey, "SSHCipherList", ciphernames, CIPHER_MAX,
+ cfg->ssh_cipherlist);
write_setting_i(sesskey, "AuthTIS", cfg->try_tis_auth);
write_setting_i(sesskey, "SshProt", cfg->sshprot);
write_setting_i(sesskey, "BuggyMAC", cfg->buggymac);
gppi(sesskey, "Compression", 0, &cfg->compression);
gppi(sesskey, "AgentFwd", 0, &cfg->agentfwd);
{
- char cipher[10];
- gpps(sesskey, "Cipher", "3des", cipher, 10);
- if (!strcmp(cipher, "blowfish"))
- cfg->cipher = CIPHER_BLOWFISH;
- else if (!strcmp(cipher, "des"))
- cfg->cipher = CIPHER_DES;
- else if (!strcmp(cipher, "aes"))
- cfg->cipher = CIPHER_AES;
- else
- cfg->cipher = CIPHER_3DES;
+ /* Backwards compatibility: recreate old cipher policy. */
+ char defcipherlist[80];
+ gpps(sesskey, "Cipher", "3des", defcipherlist, 80);
+ if (strcmp(defcipherlist, "3des") != 0) {
+ int l = strlen(defcipherlist);
+ strncpy(defcipherlist + l, ",3des", 80 - l);
+ defcipherlist[79] = '\0';
+ }
+ /* Use it as default if no new-style policy. */
+ gprefs(sesskey, "SSHCipherList", defcipherlist,
+ ciphernames, CIPHER_MAX, cfg->ssh_cipherlist);
}
gppi(sesskey, "SshProt", 1, &cfg->sshprot);
gppi(sesskey, "BuggyMAC", 0, &cfg->buggymac);
logevent("Encrypted session key");
- switch (cfg.cipher) {
- case CIPHER_BLOWFISH:
- cipher_type = SSH_CIPHER_BLOWFISH;
- break;
- case CIPHER_DES:
- cipher_type = SSH_CIPHER_DES;
- break;
- case CIPHER_3DES:
- cipher_type = SSH_CIPHER_3DES;
- break;
- case CIPHER_AES:
- c_write_str("AES not supported in SSH1, falling back to 3DES\r\n");
- cipher_type = SSH_CIPHER_3DES;
- break;
- }
- if ((supported_ciphers_mask & (1 << cipher_type)) == 0) {
- c_write_str
- ("Selected cipher not supported, falling back to 3DES\r\n");
- cipher_type = SSH_CIPHER_3DES;
- if ((supported_ciphers_mask & (1 << cipher_type)) == 0) {
- bombout(("Server violates SSH 1 protocol by "
- "not supporting 3DES encryption"));
+ {
+ int cipher_chosen = 0, warn = 0;
+ char *cipher_string = NULL;
+ for (i = 0; !cipher_chosen && i < CIPHER_MAX; i++) {
+ int next_cipher = cfg.ssh_cipherlist[i];
+ if (next_cipher == CIPHER_WARN) {
+ /* If/when we choose a cipher, warn about it */
+ warn = 1;
+ } else if (next_cipher == CIPHER_AES) {
+ /* XXX Probably don't need to mention this. */
+ logevent("AES not supported in SSH1, skipping");
+ } else {
+ switch (next_cipher) {
+ case CIPHER_3DES: cipher_type = SSH_CIPHER_3DES;
+ cipher_string = "3DES"; break;
+ case CIPHER_BLOWFISH: cipher_type = SSH_CIPHER_BLOWFISH;
+ cipher_string = "Blowfish"; break;
+ case CIPHER_DES: cipher_type = SSH_CIPHER_DES;
+ cipher_string = "single-DES"; break;
+ }
+ if (supported_ciphers_mask & (1 << cipher_type))
+ cipher_chosen = 1;
+ }
+ }
+ if (!cipher_chosen) {
+ if ((supported_ciphers_mask & (1 << SSH_CIPHER_3DES)) == 0)
+ bombout(("Server violates SSH 1 protocol by not "
+ "supporting 3DES encryption"));
+ else
+ /* shouldn't happen */
+ bombout(("No supported ciphers found"));
crReturn(0);
}
+
+ /* Warn about chosen cipher if necessary. */
+ if (warn)
+ askcipher(cipher_string, 0);
}
+
switch (cipher_type) {
case SSH_CIPHER_3DES:
logevent("Using 3DES encryption");
*/
static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
{
- static int i, j, len, nbits, pbits;
+ static int i, j, len, nbits, pbits, warn;
static char *str;
static Bignum p, g, e, f, K;
static int kex_init_value, kex_reply_value;
static void *hkey; /* actual host key */
static unsigned char exchange_hash[20];
static unsigned char keyspace[40];
- static const struct ssh2_ciphers *preferred_cipher;
+ static int n_preferred_ciphers;
+ static const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX];
static const struct ssh_compress *preferred_comp;
static int first_kex;
first_kex = 1;
/*
- * Set up the preferred cipher and compression.
+ * Set up the preferred ciphers. (NULL => warn below here)
*/
- if (cfg.cipher == CIPHER_BLOWFISH) {
- preferred_cipher = &ssh2_blowfish;
- } else if (cfg.cipher == CIPHER_DES) {
- logevent("Single DES not supported in SSH2; using 3DES");
- preferred_cipher = &ssh2_3des;
- } else if (cfg.cipher == CIPHER_3DES) {
- preferred_cipher = &ssh2_3des;
- } else if (cfg.cipher == CIPHER_AES) {
- preferred_cipher = &ssh2_aes;
- } else {
- /* Shouldn't happen, but we do want to initialise to _something_. */
- preferred_cipher = &ssh2_3des;
+ n_preferred_ciphers = 0;
+ for (i = 0; i < CIPHER_MAX; i++) {
+ switch (cfg.ssh_cipherlist[i]) {
+ case CIPHER_BLOWFISH:
+ preferred_ciphers[n_preferred_ciphers] = &ssh2_blowfish;
+ n_preferred_ciphers++;
+ break;
+ case CIPHER_DES:
+ /* Not supported in SSH2; silently drop */
+ break;
+ case CIPHER_3DES:
+ preferred_ciphers[n_preferred_ciphers] = &ssh2_3des;
+ n_preferred_ciphers++;
+ break;
+ case CIPHER_AES:
+ preferred_ciphers[n_preferred_ciphers] = &ssh2_aes;
+ n_preferred_ciphers++;
+ break;
+ case CIPHER_WARN:
+ /* Flag for later. Don't bother if it's the last in
+ * the list. */
+ if (i < CIPHER_MAX - 1) {
+ preferred_ciphers[n_preferred_ciphers] = NULL;
+ n_preferred_ciphers++;
+ }
+ break;
+ }
}
+
+ /*
+ * Set up preferred compression.
+ */
if (cfg.compression)
preferred_comp = &ssh_zlib;
else
}
/* List client->server encryption algorithms. */
ssh2_pkt_addstring_start();
- for (i = 0; i < lenof(ciphers) + 1; i++) {
- const struct ssh2_ciphers *c =
- i == 0 ? preferred_cipher : ciphers[i - 1];
+ for (i = 0; i < n_preferred_ciphers; i++) {
+ const struct ssh2_ciphers *c = preferred_ciphers[i];
+ if (!c) continue; /* warning flag */
for (j = 0; j < c->nciphers; j++) {
ssh2_pkt_addstring_str(c->list[j]->name);
- if (i < lenof(ciphers) || j < c->nciphers - 1)
+ if (i < n_preferred_ciphers || j < c->nciphers - 1)
ssh2_pkt_addstring_str(",");
}
}
/* List server->client encryption algorithms. */
ssh2_pkt_addstring_start();
- for (i = 0; i < lenof(ciphers) + 1; i++) {
- const struct ssh2_ciphers *c =
- i == 0 ? preferred_cipher : ciphers[i - 1];
+ for (i = 0; i < n_preferred_ciphers; i++) {
+ const struct ssh2_ciphers *c = preferred_ciphers[i];
+ if (!c) continue; /* warning flag */
for (j = 0; j < c->nciphers; j++) {
ssh2_pkt_addstring_str(c->list[j]->name);
- if (i < lenof(ciphers) || j < c->nciphers - 1)
+ if (i < n_preferred_ciphers || j < c->nciphers - 1)
ssh2_pkt_addstring_str(",");
}
}
}
}
ssh2_pkt_getstring(&str, &len); /* client->server cipher */
- for (i = 0; i < lenof(ciphers) + 1; i++) {
- const struct ssh2_ciphers *c =
- i == 0 ? preferred_cipher : ciphers[i - 1];
- for (j = 0; j < c->nciphers; j++) {
- if (in_commasep_string(c->list[j]->name, str, len)) {
- cscipher_tobe = c->list[j];
- break;
+ warn = 0;
+ for (i = 0; i < n_preferred_ciphers; i++) {
+ const struct ssh2_ciphers *c = preferred_ciphers[i];
+ if (!c) {
+ warn = 1;
+ } else {
+ for (j = 0; j < c->nciphers; j++) {
+ if (in_commasep_string(c->list[j]->name, str, len)) {
+ cscipher_tobe = c->list[j];
+ break;
+ }
}
}
- if (cscipher_tobe)
+ if (cscipher_tobe) {
+ if (warn)
+ askcipher(cscipher_tobe->name, 1);
break;
+ }
}
ssh2_pkt_getstring(&str, &len); /* server->client cipher */
- for (i = 0; i < lenof(ciphers) + 1; i++) {
- const struct ssh2_ciphers *c =
- i == 0 ? preferred_cipher : ciphers[i - 1];
- for (j = 0; j < c->nciphers; j++) {
- if (in_commasep_string(c->list[j]->name, str, len)) {
- sccipher_tobe = c->list[j];
- break;
+ warn = 0;
+ for (i = 0; i < n_preferred_ciphers; i++) {
+ const struct ssh2_ciphers *c = preferred_ciphers[i];
+ if (!c) {
+ warn = 1;
+ } else {
+ for (j = 0; j < c->nciphers; j++) {
+ if (in_commasep_string(c->list[j]->name, str, len)) {
+ sccipher_tobe = c->list[j];
+ break;
+ }
}
}
- if (sccipher_tobe)
+ if (sccipher_tobe) {
+ if (warn)
+ askcipher(sccipher_tobe->name, 2);
break;
+ }
}
ssh2_pkt_getstring(&str, &len); /* client->server mac */
for (i = 0; i < nmacs; i++) {
#include <commctrl.h>
#include "winstuff.h"
+#include "puttymem.h"
+
+#include "putty.h"
#define GAPBETWEEN 3
#define GAPWITHIN 1
cp->width -= leftborder + rightborder;
}
-void doctl(struct ctlpos *cp, RECT r,
+HWND doctl(struct ctlpos *cp, RECT r,
char *wclass, int wstyle, int exstyle, char *wtext, int wid)
{
HWND ctl;
r.left, r.top, r.right, r.bottom,
cp->hwnd, (HMENU) wid, hinst, NULL);
SendMessage(ctl, WM_SETFONT, cp->font, MAKELPARAM(TRUE, 0));
+ return ctl;
}
/*
cp->ypos += LISTHEIGHT + GAPBETWEEN;
}
+/*
+ * A special control for manipulating an ordered preference list
+ * (eg. for cipher selection).
+ * XXX: this is a rough hack and could be improved.
+ */
+void prefslist(struct prefslist *hdl, struct ctlpos *cp, char *stext,
+ int sid, int listid, int upbid, int dnbid)
+{
+ const static int percents[] = { 5, 75, 20 };
+ RECT r;
+ int xpos, percent = 0, i;
+ const int DEFLISTHEIGHT = 52; /* XXX configurable? */
+ const int BTNSHEIGHT = 2*PUSHBTNHEIGHT + GAPBETWEEN;
+ int totalheight;
+
+ /* Squirrel away IDs. */
+ hdl->listid = listid;
+ hdl->upbid = upbid;
+ hdl->dnbid = dnbid;
+
+ /* The static label. */
+ r.left = GAPBETWEEN;
+ r.top = cp->ypos;
+ r.right = cp->width;
+ r.bottom = STATICHEIGHT;
+ cp->ypos += r.bottom + GAPWITHIN;
+ doctl(cp, r, "STATIC", WS_CHILD | WS_VISIBLE, 0, stext, sid);
+
+ /* XXX it'd be nice to centre the buttons wrt the listbox
+ * but we'd have to find out how high the latter actually is. */
+ if (DEFLISTHEIGHT > BTNSHEIGHT) {
+ totalheight = DEFLISTHEIGHT;
+ } else {
+ totalheight = BTNSHEIGHT;
+ }
+
+ for (i=0; i<3; i++) {
+ int left, wid;
+ xpos = (cp->width + GAPBETWEEN) * percent / 100;
+ left = xpos + GAPBETWEEN;
+ percent += percents[i];
+ xpos = (cp->width + GAPBETWEEN) * percent / 100;
+ wid = xpos - left;
+
+ switch (i) {
+ case 1:
+ /* The drag list box. */
+ r.left = left; r.right = wid;
+ r.top = cp->ypos; r.bottom = totalheight;
+ {
+ HWND ctl;
+ ctl = doctl(cp, r, "LISTBOX",
+ WS_CHILD | WS_VISIBLE | WS_TABSTOP |
+ WS_VSCROLL | LBS_HASSTRINGS,
+ WS_EX_CLIENTEDGE,
+ "", listid);
+ MakeDragList(ctl);
+ }
+ break;
+
+ case 2:
+ /* The "Up" and "Down" buttons. */
+ /* XXX worry about accelerators if we have more than one
+ * prefslist on a panel */
+ r.left = left; r.right = wid;
+ r.top = cp->ypos; r.bottom = PUSHBTNHEIGHT;
+ doctl(cp, r, "BUTTON",
+ WS_CHILD | WS_VISIBLE | WS_TABSTOP | BS_PUSHBUTTON,
+ 0, "&Up", upbid);
+
+ r.left = left; r.right = wid;
+ r.top = cp->ypos + PUSHBTNHEIGHT + GAPBETWEEN;
+ r.bottom = PUSHBTNHEIGHT;
+ doctl(cp, r, "BUTTON",
+ WS_CHILD | WS_VISIBLE | WS_TABSTOP | BS_PUSHBUTTON,
+ 0, "&Down", dnbid);
+
+ break;
+
+ }
+ }
+
+ cp->ypos += totalheight + GAPBETWEEN;
+
+}
+
+/*
+ * Helper function for prefslist: move item in list box.
+ */
+static void pl_moveitem(HWND hwnd, int listid, int src, int dst)
+{
+ int tlen, val;
+ char *txt;
+ /* Get the item's data. */
+ tlen = SendDlgItemMessage (hwnd, listid, LB_GETTEXTLEN, src, 0);
+ txt = smalloc(tlen+1);
+ SendDlgItemMessage (hwnd, listid, LB_GETTEXT, src, (LPARAM) txt);
+ val = SendDlgItemMessage (hwnd, listid, LB_GETITEMDATA, src, 0);
+ /* Deselect old location. */
+ SendDlgItemMessage (hwnd, listid, LB_SETSEL, FALSE, src);
+ /* Delete it at the old location. */
+ SendDlgItemMessage (hwnd, listid, LB_DELETESTRING, src, 0);
+ /* Insert it at new location. */
+ SendDlgItemMessage (hwnd, listid, LB_INSERTSTRING, dst,
+ (LPARAM) txt);
+ SendDlgItemMessage (hwnd, listid, LB_SETITEMDATA, dst,
+ (LPARAM) val);
+ /* Set selection. */
+ SendDlgItemMessage (hwnd, listid, LB_SETCURSEL, dst, 0);
+ sfree (txt);
+}
+
+int pl_itemfrompt(HWND hwnd, POINT cursor, BOOL scroll)
+{
+ int ret;
+ POINT uppoint, downpoint;
+ int updist, downdist, upitem, downitem, i;
+
+ /*
+ * Ghastly hackery to try to figure out not which
+ * _item_, but which _gap between items_, the user
+ * is pointing at. We do this by first working out
+ * which list item is under the cursor, and then
+ * working out how far the cursor would have to
+ * move up or down before the answer was different.
+ * Then we put the insertion point _above_ the
+ * current item if the upper edge is closer than
+ * the lower edge, or _below_ it if vice versa.
+ */
+ ret = LBItemFromPt(hwnd, cursor, scroll);
+ debug(("pl_itemfrompt: initial is %d\n", ret));
+ if (ret == -1)
+ return ret;
+ ret = LBItemFromPt(hwnd, cursor, FALSE);
+ debug(("pl_itemfrompt: secondary is %d\n", ret));
+ updist = downdist = 0;
+ for (i = 1; i < 4096 && (!updist || !downdist); i++) {
+ uppoint = downpoint = cursor;
+ uppoint.y -= i;
+ downpoint.y += i;
+ upitem = LBItemFromPt(hwnd, uppoint, FALSE);
+ downitem = LBItemFromPt(hwnd, downpoint, FALSE);
+ if (!updist && upitem != ret)
+ updist = i;
+ if (!downdist && downitem != ret)
+ downdist = i;
+ }
+ if (downdist < updist)
+ ret++;
+ return ret;
+}
+
+/*
+ * Handler for prefslist above.
+ */
+int handle_prefslist(struct prefslist *hdl,
+ int *array, int maxmemb,
+ int is_dlmsg, HWND hwnd,
+ WPARAM wParam, LPARAM lParam)
+{
+ int i;
+ int ret;
+
+ if (is_dlmsg) {
+
+ if (wParam == hdl->listid) {
+ DRAGLISTINFO *dlm = (DRAGLISTINFO *)lParam;
+ int dest;
+ switch (dlm->uNotification) {
+ case DL_BEGINDRAG:
+ hdl->dummyitem =
+ SendDlgItemMessage(hwnd, hdl->listid,
+ LB_ADDSTRING, 0, (LPARAM) "");
+
+ hdl->srcitem = LBItemFromPt(dlm->hWnd, dlm->ptCursor, TRUE);
+ hdl->dragging = 0;
+ /* XXX hack Q183115 */
+ SetWindowLong(hwnd, DWL_MSGRESULT, TRUE);
+ ret = 1; break;
+ case DL_CANCELDRAG:
+ DrawInsert(hwnd, dlm->hWnd, -1); /* Clear arrow */
+ SendDlgItemMessage(hwnd, hdl->listid,
+ LB_DELETESTRING, hdl->dummyitem, 0);
+ hdl->dragging = 0;
+ ret = 1; break;
+ case DL_DRAGGING:
+ hdl->dragging = 1;
+ dest = pl_itemfrompt(dlm->hWnd, dlm->ptCursor, TRUE);
+ if (dest > hdl->dummyitem) dest = hdl->dummyitem;
+ DrawInsert (hwnd, dlm->hWnd, dest);
+ if (dest >= 0)
+ SetWindowLong(hwnd, DWL_MSGRESULT, DL_MOVECURSOR);
+ else
+ SetWindowLong(hwnd, DWL_MSGRESULT, DL_STOPCURSOR);
+ ret = 1; break;
+ case DL_DROPPED:
+ ret = 1;
+ if (!hdl->dragging) break;
+ dest = pl_itemfrompt(dlm->hWnd, dlm->ptCursor, TRUE);
+ if (dest > hdl->dummyitem) dest = hdl->dummyitem;
+ DrawInsert (hwnd, dlm->hWnd, -1);
+ SendDlgItemMessage(hwnd, hdl->listid,
+ LB_DELETESTRING, hdl->dummyitem, 0);
+ hdl->dragging = 0;
+ if (dest >= 0) {
+ /* Correct for "missing" item. This means you can't drag
+ * an item to the end, but that seems to be the way this
+ * control is used. */
+ if (dest > hdl->srcitem) dest--;
+ pl_moveitem(hwnd, hdl->listid, hdl->srcitem, dest);
+ }
+ ret = 1; break;
+ }
+ }
+
+ } else {
+
+ ret = 0;
+ if (((LOWORD(wParam) == hdl->upbid) ||
+ (LOWORD(wParam) == hdl->dnbid)) &&
+ ((HIWORD(wParam) == BN_CLICKED) ||
+ (HIWORD(wParam) == BN_DOUBLECLICKED))) {
+ /* Move an item up or down the list. */
+ /* Get the current selection, if any. */
+ int selection = SendDlgItemMessage (hwnd, hdl->listid, LB_GETCURSEL, 0, 0);
+ if (selection == LB_ERR) {
+ MessageBeep(0);
+ } else {
+ int nitems;
+ /* Get the total number of items. */
+ nitems = SendDlgItemMessage (hwnd, hdl->listid, LB_GETCOUNT, 0, 0);
+ /* Should we do anything? */
+ if (LOWORD(wParam) == hdl->upbid && (selection > 0))
+ pl_moveitem(hwnd, hdl->listid, selection, selection - 1);
+ else if (LOWORD(wParam) == hdl->dnbid && (selection < nitems - 1))
+ pl_moveitem(hwnd, hdl->listid, selection, selection + 1);
+ }
+
+ }
+
+ }
+
+ /* Update array to match the list box. */
+ for (i=0; i < maxmemb; i++)
+ array[i] = SendDlgItemMessage (hwnd, hdl->listid, LB_GETITEMDATA,
+ i, 0);
+
+ return ret;
+
+}
+
/*
* A progress bar (from Common Controls). We like our progress bars
* to be smooth and unbroken, without those ugly divisions; some
static int readytogo;
static int sesslist_has_focus;
+static struct prefslist cipherlist;
+
void force_normal(HWND hwnd)
{
static int recurse = 0;
IDC_BOX_SSH2,
IDC_BOX_SSH3,
IDC_NOPTY,
- IDC_CIPHERSTATIC,
- IDC_CIPHER3DES,
- IDC_CIPHERBLOWF,
- IDC_CIPHERDES,
- IDC_CIPHERAES,
+ IDC_BOX_SSHCIPHER,
+ IDC_CIPHERSTATIC2,
+ IDC_CIPHERLIST,
+ IDC_CIPHERUP,
+ IDC_CIPHERDN,
IDC_BUGGYMAC,
- IDC_AUTHTIS,
- IDC_PKSTATIC,
- IDC_PKEDIT,
- IDC_PKBUTTON,
IDC_SSHPROTSTATIC,
IDC_SSHPROT1,
IDC_SSHPROT2,
- IDC_AGENTFWD,
IDC_CMDSTATIC,
IDC_CMDEDIT,
IDC_COMPRESS,
sshpanelend,
+ sshauthpanelstart,
+ IDC_TITLE_SSHAUTH,
+ IDC_BOX_SSHAUTH1,
+ IDC_BOX_SSHAUTH2,
+ IDC_PKSTATIC,
+ IDC_PKEDIT,
+ IDC_PKBUTTON,
+ IDC_AGENTFWD,
+ IDC_AUTHTIS,
+ sshauthpanelend,
+
selectionpanelstart,
IDC_TITLE_SELECTION,
IDC_BOX_SELECTION1,
CheckDlgButton(hwnd, IDC_COMPRESS, cfg.compression);
CheckDlgButton(hwnd, IDC_BUGGYMAC, cfg.buggymac);
CheckDlgButton(hwnd, IDC_AGENTFWD, cfg.agentfwd);
- CheckRadioButton(hwnd, IDC_CIPHER3DES, IDC_CIPHERAES,
- cfg.cipher == CIPHER_BLOWFISH ? IDC_CIPHERBLOWF :
- cfg.cipher == CIPHER_DES ? IDC_CIPHERDES :
- cfg.cipher == CIPHER_AES ? IDC_CIPHERAES :
- IDC_CIPHER3DES);
CheckRadioButton(hwnd, IDC_SSHPROT1, IDC_SSHPROT2,
cfg.sshprot == 1 ? IDC_SSHPROT1 : IDC_SSHPROT2);
CheckDlgButton(hwnd, IDC_AUTHTIS, cfg.try_tis_auth);
SetDlgItemText(hwnd, IDC_PKEDIT, cfg.keyfile);
SetDlgItemText(hwnd, IDC_CMDEDIT, cfg.remote_cmd);
+ {
+ int i;
+ static const struct { char *s; int c; } ciphers[] = {
+ { "3DES", CIPHER_3DES },
+ { "Blowfish", CIPHER_BLOWFISH },
+ { "DES (SSH 1 only)", CIPHER_DES },
+ { "AES (SSH 2 only)", CIPHER_AES },
+ { "-- warn below here --", CIPHER_WARN }
+ };
+
+ /* Set up the "selected ciphers" box. */
+ /* (cipherlist assumed to contain all ciphers) */
+ SendDlgItemMessage(hwnd, IDC_CIPHERLIST, LB_RESETCONTENT, 0, 0);
+ for (i = 0; i < CIPHER_MAX; i++) {
+ int c = cfg.ssh_cipherlist[i];
+ int j, pos;
+ char *cstr = NULL;
+ for (j = 0; j < (sizeof ciphers) / (sizeof ciphers[0]); j++) {
+ if (ciphers[j].c == c) {
+ cstr = ciphers[j].s;
+ break;
+ }
+ }
+ pos = SendDlgItemMessage(hwnd, IDC_CIPHERLIST, LB_ADDSTRING,
+ 0, (LPARAM) cstr);
+ SendDlgItemMessage(hwnd, IDC_CIPHERLIST, LB_SETITEMDATA,
+ pos, (LPARAM) c);
+ }
+ SendDlgItemMessage(hwnd, IDC_CIPHERLIST, LB_ADDSTRING,
+ 0, (LPARAM) "FIXME1");
+ SendDlgItemMessage(hwnd, IDC_CIPHERLIST, LB_ADDSTRING,
+ 0, (LPARAM) "FIXME2");
+
+ }
+
+
CheckRadioButton(hwnd, IDC_MBWINDOWS, IDC_MBXTERM,
cfg.mouse_is_xterm ? IDC_MBXTERM : IDC_MBWINDOWS);
CheckDlgButton(hwnd, IDC_RAWCNP, cfg.rawcnp);
}
if (panel == sshpanelstart) {
- /* The SSH panel. Accelerators used: [acgo] rmfkw pe123bds i */
+ /* The SSH panel. Accelerators used: [acgo] r pe12i sud */
struct ctlpos cp;
ctlposinit(&cp, hwnd, 80, 3, 13);
if (dlgtype == 0) {
"&Remote command:", IDC_CMDSTATIC, IDC_CMDEDIT, 100,
NULL);
endbox(&cp);
- beginbox(&cp, "Authentication options", IDC_BOX_SSH2);
- checkbox(&cp, "Atte&mpt TIS or CryptoCard authentication",
- IDC_AUTHTIS);
- checkbox(&cp, "Allow agent &forwarding", IDC_AGENTFWD);
- editbutton(&cp, "Private &key file for authentication:",
- IDC_PKSTATIC, IDC_PKEDIT, "Bro&wse...",
- IDC_PKBUTTON);
- endbox(&cp);
- beginbox(&cp, "Protocol options", IDC_BOX_SSH3);
+ beginbox(&cp, "Protocol options", IDC_BOX_SSH2);
checkbox(&cp, "Don't allocate a &pseudo-terminal", IDC_NOPTY);
checkbox(&cp, "Enable compr&ession", IDC_COMPRESS);
radioline(&cp, "Preferred SSH protocol version:",
IDC_SSHPROTSTATIC, 2,
"&1", IDC_SSHPROT1, "&2", IDC_SSHPROT2, NULL);
- radioline(&cp, "Preferred encryption algorithm:",
- IDC_CIPHERSTATIC, 4, "&3DES", IDC_CIPHER3DES,
- "&Blowfish", IDC_CIPHERBLOWF, "&DES", IDC_CIPHERDES,
- "AE&S", IDC_CIPHERAES, NULL);
checkbox(&cp, "&Imitate SSH 2 MAC bug in commercial <= v2.3.x",
IDC_BUGGYMAC);
endbox(&cp);
+ beginbox(&cp, "Encryption options", IDC_BOX_SSH3);
+ prefslist(&cipherlist, &cp, "Encryption cipher &selection policy:",
+ IDC_CIPHERSTATIC2, IDC_CIPHERLIST, IDC_CIPHERUP,
+ IDC_CIPHERDN);
+ endbox(&cp);
+ }
+ }
+
+ if (panel == sshauthpanelstart) {
+ /* The SSH authentication panel. Accelerators used: [acgo] m fkw */
+ struct ctlpos cp;
+ ctlposinit(&cp, hwnd, 80, 3, 13);
+ if (dlgtype == 0) {
+ bartitle(&cp, "Options controlling SSH authentication",
+ IDC_TITLE_SSHAUTH);
+ beginbox(&cp, "Authentication methods",
+ IDC_BOX_SSHAUTH1);
+ checkbox(&cp, "Atte&mpt TIS or CryptoCard authentication",
+ IDC_AUTHTIS);
+ endbox(&cp);
+ beginbox(&cp, "Authentication parameters",
+ IDC_BOX_SSHAUTH2);
+ checkbox(&cp, "Allow agent &forwarding", IDC_AGENTFWD);
+ editbutton(&cp, "Private &key file for authentication:",
+ IDC_PKSTATIC, IDC_PKEDIT, "Bro&wse...",
+ IDC_PKBUTTON);
+ endbox(&cp);
}
}
char portname[32];
struct servent *service;
int i;
+ static UINT draglistmsg = WM_NULL;
switch (msg) {
case WM_INITDIALOG:
treeview_insert(&tvfaff, 1, "Rlogin");
if (backends[3].backend != NULL) {
treeview_insert(&tvfaff, 1, "SSH");
+ /* XXX long name is ugly */
+ /* XXX make it closed by default? */
+ treeview_insert(&tvfaff, 2, "Auth");
treeview_insert(&tvfaff, 2, "Tunnels");
}
}
create_controls(hwnd, dlgtype, rloginpanelstart);
if (!strcmp(buffer, "SSH"))
create_controls(hwnd, dlgtype, sshpanelstart);
+ if (!strcmp(buffer, "Auth"))
+ create_controls(hwnd, dlgtype, sshauthpanelstart);
if (!strcmp(buffer, "Selection"))
create_controls(hwnd, dlgtype, selectionpanelstart);
if (!strcmp(buffer, "Colours"))
cfg.agentfwd =
IsDlgButtonChecked(hwnd, IDC_AGENTFWD);
break;
- case IDC_CIPHER3DES:
- case IDC_CIPHERBLOWF:
- case IDC_CIPHERDES:
- case IDC_CIPHERAES:
- if (HIWORD(wParam) == BN_CLICKED ||
- HIWORD(wParam) == BN_DOUBLECLICKED) {
- if (IsDlgButtonChecked(hwnd, IDC_CIPHER3DES))
- cfg.cipher = CIPHER_3DES;
- else if (IsDlgButtonChecked(hwnd, IDC_CIPHERBLOWF))
- cfg.cipher = CIPHER_BLOWFISH;
- else if (IsDlgButtonChecked(hwnd, IDC_CIPHERDES))
- cfg.cipher = CIPHER_DES;
- else if (IsDlgButtonChecked(hwnd, IDC_CIPHERAES))
- cfg.cipher = CIPHER_AES;
- }
+ case IDC_CIPHERLIST:
+ case IDC_CIPHERUP:
+ case IDC_CIPHERDN:
+ handle_prefslist(&cipherlist,
+ cfg.ssh_cipherlist, CIPHER_MAX,
+ 0, hwnd, wParam, lParam);
break;
case IDC_SSHPROT1:
case IDC_SSHPROT2:
if (wParam == SIZE_MAXIMIZED)
force_normal(hwnd);
return 0;
+
+ default:
+ /*
+ * Handle application-defined messages eg. DragListBox
+ */
+ /* First find out what the number is (once). */
+ if (draglistmsg == WM_NULL)
+ draglistmsg = RegisterWindowMessage (DRAGLISTMSGSTRING);
+
+ if (msg == draglistmsg) {
+ /* Only process once dialog is fully formed. */
+ if (GetWindowLong(hwnd, GWL_USERDATA) == 1) switch (LOWORD(wParam)) {
+ case IDC_CIPHERLIST:
+ return handle_prefslist(&cipherlist,
+ cfg.ssh_cipherlist, CIPHER_MAX,
+ 1, hwnd, wParam, lParam);
+ }
+ }
+ return 0;
+
}
return 0;
}
}
}
+/*
+ * Ask whether the selected cipher is acceptable (since it was
+ * below the configured 'warn' threshold).
+ * cs: 0 = both ways, 1 = client->server, 2 = server->client
+ */
+void askcipher(char *ciphername, int cs)
+{
+ static const char mbtitle[] = "PuTTY Security Alert";
+ static const char msg[] =
+ "The first %.35scipher supported by the server\n"
+ "is %.64s, which is below the configured\n"
+ "warning threshold.\n"
+ "Do you want to continue with this connection?\n";
+ /* guessed cipher name + type max length */
+ char message[100 + sizeof(msg)];
+ int mbret;
+
+ sprintf(message, msg,
+ (cs == 0) ? "" :
+ (cs == 1) ? "client-to-server " :
+ "server-to-client ",
+ ciphername);
+ mbret = MessageBox(NULL, message, mbtitle,
+ MB_ICONWARNING | MB_YESNO);
+ if (mbret == IDYES)
+ return;
+ else
+ exit(0);
+}
+
/*
* Ask whether to wipe a session log file before writing to it.
* Returns 2 for wipe, 1 for append, 0 for cancel (don't log).
char *boxtext;
};
+/*
+ * Private structure for prefslist state. Only in the header file
+ * so that we can delegate allocation to callers.
+ */
+struct prefslist {
+ int listid, upbid, dnbid;
+ int srcitem;
+ int dummyitem;
+ int dragging;
+};
+
void ctlposinit(struct ctlpos *cp, HWND hwnd,
int leftborder, int rightborder, int topborder);
-void doctl(struct ctlpos *cp, RECT r,
+HWND doctl(struct ctlpos *cp, RECT r,
char *wclass, int wstyle, int exstyle, char *wtext, int wid);
void bartitle(struct ctlpos *cp, char *name, int id);
void beginbox(struct ctlpos *cp, char *name, int idbox);
char *btext, int bid, int eid, char *s2text, int s2id);
void colouredit(struct ctlpos *cp, char *stext, int sid, int listid,
char *btext, int bid, ...);
+void prefslist(struct prefslist *hdl, struct ctlpos *cp, char *stext,
+ int sid, int listid, int upbid, int dnbid);
+int handle_prefslist(struct prefslist *hdl,
+ int *array, int maxmemb,
+ int is_dlmsg, HWND hwnd,
+ WPARAM wParam, LPARAM lParam);
void progressbar(struct ctlpos *cp, int id);
void fwdsetter(struct ctlpos *cp, int listid, char *stext, int sid,
char *e1stext, int e1sid, int e1id,