svnno****@sourc*****
svnno****@sourc*****
2011年 8月 1日 (月) 16:21:58 JST
Tera TermRevision: 4559
http://sourceforge.jp/projects/ttssh2/svn/view?view=rev&revision=4559
Author: doda
Date: 2011-08-01 16:21:58 +0900 (Mon, 01 Aug 2011)
Log Message:
-----------
SSHFP 検証ã®çµæžœã‚’ Security Warning ダイアãƒã‚°ã«è¡¨ç¤ºã™ã‚‹ã‚ˆã†ã«ã—ãŸã€‚メッセージã¯æš«å®šã€‚
Modified Paths:
--------------
trunk/ttssh2/ttxssh/hosts.c
trunk/ttssh2/ttxssh/resource.h
trunk/ttssh2/ttxssh/ttxssh.h
trunk/ttssh2/ttxssh/ttxssh.rc
-------------- next part --------------
Modified: trunk/ttssh2/ttxssh/hosts.c
===================================================================
--- trunk/ttssh2/ttxssh/hosts.c 2011-07-31 15:20:40 UTC (rev 4558)
+++ trunk/ttssh2/ttxssh/hosts.c 2011-08-01 07:21:58 UTC (rev 4559)
@@ -53,6 +53,23 @@
#include <windns.h>
+#define DNS_TYPE_SSHFP 44
+typedef struct {
+ BYTE Algorithm;
+ BYTE DigestType;
+ BYTE Digest[1];
+} DNS_SSHFP_DATA, *PDNS_SSHFP_DATA;
+enum verifydns_result {
+ DNS_VERIFY_NONE,
+ DNS_VERIFY_NOTFOUND,
+ DNS_VERIFY_MATCH,
+ DNS_VERIFY_MISMATCH,
+ DNS_VERIFY_DIFFERENTTYPE,
+ DNS_VERIFY_AUTH_MATCH,
+ DNS_VERIFY_AUTH_MISMATCH,
+ DNS_VERIFY_AUTH_DIFFERENTTYPE
+};
+
static HFONT DlgHostsAddFont;
static HFONT DlgHostsReplaceFont;
@@ -1309,6 +1326,43 @@
UTIL_get_lang_msg("BTN_DISCONNECT", pvar, uimsg);
SetDlgItemText(dlg, IDCANCEL, pvar->ts->UIMsg);
+ switch (pvar->dns_key_check) {
+ case DNS_VERIFY_NOTFOUND:
+ UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_NOTFOUND", pvar, "SSHFP RR not found.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg);
+ break;
+ case DNS_VERIFY_MATCH:
+ case DNS_VERIFY_AUTH_MATCH:
+ UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_MATCH", pvar, "SSHFP RR found and match.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg);
+ break;
+ case DNS_VERIFY_MISMATCH:
+ case DNS_VERIFY_AUTH_MISMATCH:
+ UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_MISMATCH", pvar, "SSHFP RR found but not match.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg);
+ break;
+ case DNS_VERIFY_DIFFERENTTYPE:
+ case DNS_VERIFY_AUTH_DIFFERENTTYPE:
+ UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_DIFFTYPE", pvar, "SSHFP RR found but different type.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg);
+ break;
+ }
+
+ switch (pvar->dns_key_check) {
+ case DNS_VERIFY_MATCH:
+ case DNS_VERIFY_MISMATCH:
+ case DNS_VERIFY_DIFFERENTTYPE:
+ UTIL_get_lang_msg("DLG_HOSTKEY_DNSSEC_NG", pvar, "SSHFP RR is *not* authenticated by DNSSEC.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPDNSSEC, pvar->ts->UIMsg);
+ break;
+ case DNS_VERIFY_AUTH_MATCH:
+ case DNS_VERIFY_AUTH_MISMATCH:
+ case DNS_VERIFY_AUTH_DIFFERENTTYPE:
+ UTIL_get_lang_msg("DLG_HOSTKEY_DNSSEC_OK", pvar, "SSHFP RR is authenticated by DNSSEC.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPDNSSEC, pvar->ts->UIMsg);
+ break;
+ }
+
init_hosts_dlg(pvar, dlg);
font = (HFONT)SendMessage(dlg, WM_GETFONT, 0, 0);
@@ -1416,6 +1470,43 @@
UTIL_get_lang_msg("BTN_DISCONNECT", pvar, uimsg);
SetDlgItemText(dlg, IDCANCEL, pvar->ts->UIMsg);
+ switch (pvar->dns_key_check) {
+ case DNS_VERIFY_NOTFOUND:
+ UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_NOTFOUND", pvar, "SSHFP RR not found.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg);
+ break;
+ case DNS_VERIFY_MATCH:
+ case DNS_VERIFY_AUTH_MATCH:
+ UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_MATCH", pvar, "SSHFP RR found and match.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg);
+ break;
+ case DNS_VERIFY_MISMATCH:
+ case DNS_VERIFY_AUTH_MISMATCH:
+ UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_MISMATCH", pvar, "SSHFP RR found but not match.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg);
+ break;
+ case DNS_VERIFY_DIFFERENTTYPE:
+ case DNS_VERIFY_AUTH_DIFFERENTTYPE:
+ UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_DIFFTYPE", pvar, "SSHFP RR found but different type.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg);
+ break;
+ }
+
+ switch (pvar->dns_key_check) {
+ case DNS_VERIFY_MATCH:
+ case DNS_VERIFY_MISMATCH:
+ case DNS_VERIFY_DIFFERENTTYPE:
+ UTIL_get_lang_msg("DLG_HOSTKEY_DNSSEC_NG", pvar, "SSHFP RR is *not* authenticated by DNSSEC.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPDNSSEC, pvar->ts->UIMsg);
+ break;
+ case DNS_VERIFY_AUTH_MATCH:
+ case DNS_VERIFY_AUTH_MISMATCH:
+ case DNS_VERIFY_AUTH_DIFFERENTTYPE:
+ UTIL_get_lang_msg("DLG_HOSTKEY_DNSSEC_OK", pvar, "SSHFP RR is authenticated by DNSSEC.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPDNSSEC, pvar->ts->UIMsg);
+ break;
+ }
+
init_hosts_dlg(pvar, dlg);
font = (HFONT)SendMessage(dlg, WM_GETFONT, 0, 0);
@@ -1521,6 +1612,43 @@
UTIL_get_lang_msg("BTN_DISCONNECT", pvar, uimsg);
SetDlgItemText(dlg, IDCANCEL, pvar->ts->UIMsg);
+ switch (pvar->dns_key_check) {
+ case DNS_VERIFY_NOTFOUND:
+ UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_NOTFOUND", pvar, "SSHFP RR not found.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg);
+ break;
+ case DNS_VERIFY_MATCH:
+ case DNS_VERIFY_AUTH_MATCH:
+ UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_MATCH", pvar, "SSHFP RR found and match.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg);
+ break;
+ case DNS_VERIFY_MISMATCH:
+ case DNS_VERIFY_AUTH_MISMATCH:
+ UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_MISMATCH", pvar, "SSHFP RR found but not match.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg);
+ break;
+ case DNS_VERIFY_DIFFERENTTYPE:
+ case DNS_VERIFY_AUTH_DIFFERENTTYPE:
+ UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_DIFFTYPE", pvar, "SSHFP RR found but different type.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg);
+ break;
+ }
+
+ switch (pvar->dns_key_check) {
+ case DNS_VERIFY_MATCH:
+ case DNS_VERIFY_MISMATCH:
+ case DNS_VERIFY_DIFFERENTTYPE:
+ UTIL_get_lang_msg("DLG_HOSTKEY_DNSSEC_NG", pvar, "SSHFP RR is *not* authenticated by DNSSEC.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPDNSSEC, pvar->ts->UIMsg);
+ break;
+ case DNS_VERIFY_AUTH_MATCH:
+ case DNS_VERIFY_AUTH_MISMATCH:
+ case DNS_VERIFY_AUTH_DIFFERENTTYPE:
+ UTIL_get_lang_msg("DLG_HOSTKEY_DNSSEC_OK", pvar, "SSHFP RR is authenticated by DNSSEC.");
+ SetDlgItemText(dlg, IDC_HOSTSSHFPDNSSEC, pvar->ts->UIMsg);
+ break;
+ }
+
init_hosts_dlg(pvar, dlg);
font = (HFONT)SendMessage(dlg, WM_GETFONT, 0, 0);
@@ -1641,22 +1769,6 @@
return 0;
}
-#define DNS_TYPE_SSHFP 44
-typedef struct {
- BYTE Algorithm;
- BYTE DigestType;
- BYTE Digest[1];
-} DNS_SSHFP_DATA, *PDNS_SSHFP_DATA;
-enum verifydns_result {
- DNS_VERIFY_NONE,
- DNS_VERIFY_MATCH,
- DNS_VERIFY_MISMATCH,
- DNS_VERIFY_DIFFERENTTYPE,
- DNS_VERIFY_AUTH_MATCH,
- DNS_VERIFY_AUTH_MISMATCH,
- DNS_VERIFY_AUTH_DIFFERENTTYPE
-};
-
int verify_hostkey_dns(char FAR *hostname, Key *key)
{
DNS_STATUS status;
@@ -1664,7 +1776,7 @@
PDNS_SSHFP_DATA t;
int hostkey_alg, hostkey_dtype, hostkey_dlen;
BYTE *hostkey_digest;
- int found = DNS_VERIFY_NONE;
+ int found = DNS_VERIFY_NOTFOUND;
switch (key->type) {
case KEY_RSA:
@@ -1728,8 +1840,10 @@
//
BOOL HOSTS_check_host_key(PTInstVar pvar, char FAR * hostname, unsigned short tcpport, Key *key)
{
- int found_different_key = 0, found_different_type_key = 0, dns_sshfp_check = 0;
+ int found_different_key = 0, found_different_type_key = 0;
+ pvar->dns_key_check = DNS_VERIFY_NONE;
+
// ‚·‚Å‚É known_hosts ƒtƒ@ƒCƒ‹‚©‚çƒzƒXƒgŒöŠJŒ®‚ð“Ç‚Ýž‚ñ‚Å‚¢‚é‚È‚çA‚»‚ê‚Æ”äŠr‚·‚éB
if (pvar->hosts_state.prefetched_hostname != NULL
&& _stricmp(pvar->hosts_state.prefetched_hostname, hostname) == 0
@@ -1806,7 +1920,7 @@
}
if (pvar->settings.VerifyHostKeyDNS && !is_numeric_hostname(hostname)) {
- dns_sshfp_check = verify_hostkey_dns(hostname, key);
+ pvar->dns_key_check = verify_hostkey_dns(hostname, key);
}
// known_hostsƒ_ƒCƒAƒƒO‚Í“¯Šú“I‚É•\Ž¦‚³‚¹A‚±‚ÌŽž“_‚É‚¨‚¢‚ă†[ƒU‚ÉŠm”F
Modified: trunk/ttssh2/ttxssh/resource.h
===================================================================
--- trunk/ttssh2/ttxssh/resource.h 2011-07-31 15:20:40 UTC (rev 4558)
+++ trunk/ttssh2/ttxssh/resource.h 2011-08-01 07:21:58 UTC (rev 4559)
@@ -178,6 +178,8 @@
#define IDC_KEYGEN_PROGRESS_LABEL 1107
#define IDC_PROGBAR 1108
#define IDC_PROGTIME 1109
+#define IDC_HOSTSSHFPCHECK 1110
+#define IDC_HOSTSSHFPDNSSEC 1111
#define IDC_SSHUSEPASSWORD 1201
#define IDC_SSHUSERSA 1202
#define IDC_SSHFWDREMOTETOLOCAL 1202
Modified: trunk/ttssh2/ttxssh/ttxssh.h
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.h 2011-07-31 15:20:40 UTC (rev 4558)
+++ trunk/ttssh2/ttxssh/ttxssh.h 2011-08-01 07:21:58 UTC (rev 4559)
@@ -273,6 +273,8 @@
BOOL nocheck_known_hosts;
EC_KEY *ecdh_client_key;
+
+ int dns_key_check;
} TInstVar;
#define LOG_LEVEL_FATAL 5
Modified: trunk/ttssh2/ttxssh/ttxssh.rc
===================================================================
--- trunk/ttssh2/ttxssh/ttxssh.rc 2011-07-31 15:20:40 UTC (rev 4558)
+++ trunk/ttssh2/ttxssh/ttxssh.rc 2011-08-01 07:21:58 UTC (rev 4559)
@@ -184,36 +184,40 @@
PUSHBUTTON "Cancel",IDCANCEL,118,252,50,14
END
-IDD_SSHUNKNOWNHOST DIALOGEX 0, 0, 215, 242
+IDD_SSHUNKNOWNHOST DIALOGEX 0, 0, 215, 266
STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "SECURITY WARNING"
FONT 8, "Tahoma", 0, 0, 0x0
BEGIN
LTEXT "There is no entry for the server ""#####################################"" in your list of known hosts. The machine you have contacted may be a hostile machine pretending to be the server.",IDC_HOSTWARNING,15,7,184,41
LTEXT "If you choose to add this machine to the known hosts list and continue, then you will not receive this warning again.",IDC_HOSTWARNING2,15,48,184,26
- LTEXT "The server's host key fingerprint is:",IDC_HOSTFINGERPRINT,15,75,176,8
- EDITTEXT IDC_FINGER_PRINT,15,86,179,12,ES_AUTOHSCROLL | ES_READONLY
- EDITTEXT IDC_FP_RANDOMART,14,105,181,97,ES_MULTILINE | ES_AUTOHSCROLL | ES_READONLY | WS_VSCROLL
+ LTEXT "",IDC_HOSTSSHFPCHECK,15,72,184,16
+ LTEXT "",IDC_HOSTSSHFPDNSSEC,15,88,184,8
+ LTEXT "The server's host key fingerprint is:",IDC_HOSTFINGERPRINT,15,99,176,8
+ EDITTEXT IDC_FINGER_PRINT,15,110,179,12,ES_AUTOHSCROLL | ES_READONLY
+ EDITTEXT IDC_FP_RANDOMART,14,129,181,97,ES_MULTILINE | ES_AUTOHSCROLL | ES_READONLY | WS_VSCROLL
CONTROL "&Add this machine and its key to the known hosts list",IDC_ADDTOKNOWNHOSTS,
- "Button",BS_AUTOCHECKBOX | WS_GROUP | WS_TABSTOP,19,207,181,13
- DEFPUSHBUTTON "&Continue",IDC_CONTINUE,50,222,50,14,WS_GROUP
- PUSHBUTTON "&Disconnect",IDCANCEL,115,222,50,14,WS_GROUP
+ "Button",BS_AUTOCHECKBOX | WS_GROUP | WS_TABSTOP,19,231,181,13
+ DEFPUSHBUTTON "&Continue",IDC_CONTINUE,50,246,50,14,WS_GROUP
+ PUSHBUTTON "&Disconnect",IDCANCEL,115,246,50,14,WS_GROUP
END
-IDD_SSHDIFFERENTKEY DIALOGEX 0, 0, 215, 242
+IDD_SSHDIFFERENTKEY DIALOGEX 0, 0, 215, 266
STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "SECURITY WARNING"
FONT 8, "Tahoma", 0, 0, 0x0
BEGIN
LTEXT "Your known hosts list has an entry for the server ""####################################"", but the machine you have contacted has presented a DIFFERENT KEY to the one in your known hosts list. A hostile machine may be pretending to be the server.",IDC_HOSTWARNING,15,7,184,43
LTEXT "If you choose to add this new key to the known hosts list and continue, then you will not receive this warning again.",IDC_HOSTWARNING2,15,48,184,24
- LTEXT "The server's host key fingerprint is:",IDC_HOSTFINGERPRINT,15,75,176,8
- EDITTEXT IDC_FINGER_PRINT,15,86,179,12,ES_AUTOHSCROLL | ES_READONLY
- EDITTEXT IDC_FP_RANDOMART,14,105,181,97,ES_MULTILINE | ES_AUTOHSCROLL | ES_READONLY | WS_VSCROLL
+ LTEXT "",IDC_HOSTSSHFPCHECK,15,72,184,16
+ LTEXT "",IDC_HOSTSSHFPDNSSEC,15,88,184,8
+ LTEXT "The server's host key fingerprint is:",IDC_HOSTFINGERPRINT,15,99,176,8
+ EDITTEXT IDC_FINGER_PRINT,15,110,179,12,ES_AUTOHSCROLL | ES_READONLY
+ EDITTEXT IDC_FP_RANDOMART,14,129,181,97,ES_MULTILINE | ES_AUTOHSCROLL | ES_READONLY | WS_VSCROLL
CONTROL "&Replace the exist key with this new key",IDC_ADDTOKNOWNHOSTS,
- "Button",BS_AUTOCHECKBOX | WS_GROUP | WS_TABSTOP,34,207,153,13
- PUSHBUTTON "&Continue",IDC_CONTINUE,50,222,50,14,WS_GROUP
- DEFPUSHBUTTON "&Disconnect",IDCANCEL,115,222,50,14,WS_GROUP
+ "Button",BS_AUTOCHECKBOX | WS_GROUP | WS_TABSTOP,34,231,153,13
+ PUSHBUTTON "&Continue",IDC_CONTINUE,50,246,50,14,WS_GROUP
+ DEFPUSHBUTTON "&Disconnect",IDCANCEL,115,246,50,14,WS_GROUP
END
IDD_SSHAUTHSETUP DIALOGEX 0, 0, 309, 228
@@ -383,20 +387,22 @@
EDITTEXT IDC_CONFIRM_PASSWD,67,56,99,14,ES_PASSWORD | ES_AUTOHSCROLL
END
-IDD_SSHDIFFERENTTYPEKEY DIALOGEX 0, 0, 215, 242
+IDD_SSHDIFFERENTTYPEKEY DIALOGEX 0, 0, 215, 266
STYLE DS_SETFONT | DS_MODALFRAME | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "SECURITY WARNING"
FONT 8, "Tahoma", 0, 0, 0x0
BEGIN
LTEXT "Your known hosts list has an entry for the server ""####################################"", but the machine you have contacted has presented a DIFFERENT TYPE KEY to the one in your known hosts list. A hostile machine may be pretending to be the server.",IDC_HOSTWARNING,15,7,184,43
LTEXT "If you choose to add this new key to the known hosts list and continue, then you will not receive this warning again.",IDC_HOSTWARNING2,15,48,184,24
- LTEXT "The server's host key fingerprint is:",IDC_HOSTFINGERPRINT,15,75,176,8
- EDITTEXT IDC_FINGER_PRINT,15,86,179,12,ES_AUTOHSCROLL | ES_READONLY
- EDITTEXT IDC_FP_RANDOMART,14,105,181,97,ES_MULTILINE | ES_AUTOHSCROLL | ES_READONLY | WS_VSCROLL
+ LTEXT "",IDC_HOSTSSHFPCHECK,15,72,184,16
+ LTEXT "",IDC_HOSTSSHFPDNSSEC,15,88,184,8
+ LTEXT "The server's host key fingerprint is:",IDC_HOSTFINGERPRINT,15,99,176,8
+ EDITTEXT IDC_FINGER_PRINT,15,110,179,12,ES_AUTOHSCROLL | ES_READONLY
+ EDITTEXT IDC_FP_RANDOMART,14,129,181,97,ES_MULTILINE | ES_AUTOHSCROLL | ES_READONLY | WS_VSCROLL
CONTROL "&Add this machine and its key to the known hosts list",IDC_ADDTOKNOWNHOSTS,
- "Button",BS_AUTOCHECKBOX | WS_GROUP | WS_TABSTOP,19,207,181,13
- DEFPUSHBUTTON "&Continue",IDC_CONTINUE,50,222,50,14,WS_GROUP
- PUSHBUTTON "&Disconnect",IDCANCEL,115,222,50,14,WS_GROUP
+ "Button",BS_AUTOCHECKBOX | WS_GROUP | WS_TABSTOP,19,231,181,13
+ DEFPUSHBUTTON "&Continue",IDC_CONTINUE,50,246,50,14,WS_GROUP
+ PUSHBUTTON "&Disconnect",IDCANCEL,115,246,50,14,WS_GROUP
END