| 53 |
|
|
| 54 |
#include <windns.h> |
#include <windns.h> |
| 55 |
|
|
| 56 |
|
#define DNS_TYPE_SSHFP 44 |
| 57 |
|
typedef struct { |
| 58 |
|
BYTE Algorithm; |
| 59 |
|
BYTE DigestType; |
| 60 |
|
BYTE Digest[1]; |
| 61 |
|
} DNS_SSHFP_DATA, *PDNS_SSHFP_DATA; |
| 62 |
|
enum verifydns_result { |
| 63 |
|
DNS_VERIFY_NONE, |
| 64 |
|
DNS_VERIFY_NOTFOUND, |
| 65 |
|
DNS_VERIFY_MATCH, |
| 66 |
|
DNS_VERIFY_MISMATCH, |
| 67 |
|
DNS_VERIFY_DIFFERENTTYPE, |
| 68 |
|
DNS_VERIFY_AUTH_MATCH, |
| 69 |
|
DNS_VERIFY_AUTH_MISMATCH, |
| 70 |
|
DNS_VERIFY_AUTH_DIFFERENTTYPE |
| 71 |
|
}; |
| 72 |
|
|
| 73 |
static HFONT DlgHostsAddFont; |
static HFONT DlgHostsAddFont; |
| 74 |
static HFONT DlgHostsReplaceFont; |
static HFONT DlgHostsReplaceFont; |
| 75 |
|
|
| 1326 |
UTIL_get_lang_msg("BTN_DISCONNECT", pvar, uimsg); |
UTIL_get_lang_msg("BTN_DISCONNECT", pvar, uimsg); |
| 1327 |
SetDlgItemText(dlg, IDCANCEL, pvar->ts->UIMsg); |
SetDlgItemText(dlg, IDCANCEL, pvar->ts->UIMsg); |
| 1328 |
|
|
| 1329 |
|
switch (pvar->dns_key_check) { |
| 1330 |
|
case DNS_VERIFY_NOTFOUND: |
| 1331 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_NOTFOUND", pvar, "SSHFP RR not found."); |
| 1332 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg); |
| 1333 |
|
break; |
| 1334 |
|
case DNS_VERIFY_MATCH: |
| 1335 |
|
case DNS_VERIFY_AUTH_MATCH: |
| 1336 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_MATCH", pvar, "SSHFP RR found and match."); |
| 1337 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg); |
| 1338 |
|
break; |
| 1339 |
|
case DNS_VERIFY_MISMATCH: |
| 1340 |
|
case DNS_VERIFY_AUTH_MISMATCH: |
| 1341 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_MISMATCH", pvar, "SSHFP RR found but not match."); |
| 1342 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg); |
| 1343 |
|
break; |
| 1344 |
|
case DNS_VERIFY_DIFFERENTTYPE: |
| 1345 |
|
case DNS_VERIFY_AUTH_DIFFERENTTYPE: |
| 1346 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_DIFFTYPE", pvar, "SSHFP RR found but different type."); |
| 1347 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg); |
| 1348 |
|
break; |
| 1349 |
|
} |
| 1350 |
|
|
| 1351 |
|
switch (pvar->dns_key_check) { |
| 1352 |
|
case DNS_VERIFY_MATCH: |
| 1353 |
|
case DNS_VERIFY_MISMATCH: |
| 1354 |
|
case DNS_VERIFY_DIFFERENTTYPE: |
| 1355 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_DNSSEC_NG", pvar, "SSHFP RR is *not* authenticated by DNSSEC."); |
| 1356 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPDNSSEC, pvar->ts->UIMsg); |
| 1357 |
|
break; |
| 1358 |
|
case DNS_VERIFY_AUTH_MATCH: |
| 1359 |
|
case DNS_VERIFY_AUTH_MISMATCH: |
| 1360 |
|
case DNS_VERIFY_AUTH_DIFFERENTTYPE: |
| 1361 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_DNSSEC_OK", pvar, "SSHFP RR is authenticated by DNSSEC."); |
| 1362 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPDNSSEC, pvar->ts->UIMsg); |
| 1363 |
|
break; |
| 1364 |
|
} |
| 1365 |
|
|
| 1366 |
init_hosts_dlg(pvar, dlg); |
init_hosts_dlg(pvar, dlg); |
| 1367 |
|
|
| 1368 |
font = (HFONT)SendMessage(dlg, WM_GETFONT, 0, 0); |
font = (HFONT)SendMessage(dlg, WM_GETFONT, 0, 0); |
| 1470 |
UTIL_get_lang_msg("BTN_DISCONNECT", pvar, uimsg); |
UTIL_get_lang_msg("BTN_DISCONNECT", pvar, uimsg); |
| 1471 |
SetDlgItemText(dlg, IDCANCEL, pvar->ts->UIMsg); |
SetDlgItemText(dlg, IDCANCEL, pvar->ts->UIMsg); |
| 1472 |
|
|
| 1473 |
|
switch (pvar->dns_key_check) { |
| 1474 |
|
case DNS_VERIFY_NOTFOUND: |
| 1475 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_NOTFOUND", pvar, "SSHFP RR not found."); |
| 1476 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg); |
| 1477 |
|
break; |
| 1478 |
|
case DNS_VERIFY_MATCH: |
| 1479 |
|
case DNS_VERIFY_AUTH_MATCH: |
| 1480 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_MATCH", pvar, "SSHFP RR found and match."); |
| 1481 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg); |
| 1482 |
|
break; |
| 1483 |
|
case DNS_VERIFY_MISMATCH: |
| 1484 |
|
case DNS_VERIFY_AUTH_MISMATCH: |
| 1485 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_MISMATCH", pvar, "SSHFP RR found but not match."); |
| 1486 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg); |
| 1487 |
|
break; |
| 1488 |
|
case DNS_VERIFY_DIFFERENTTYPE: |
| 1489 |
|
case DNS_VERIFY_AUTH_DIFFERENTTYPE: |
| 1490 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_DIFFTYPE", pvar, "SSHFP RR found but different type."); |
| 1491 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg); |
| 1492 |
|
break; |
| 1493 |
|
} |
| 1494 |
|
|
| 1495 |
|
switch (pvar->dns_key_check) { |
| 1496 |
|
case DNS_VERIFY_MATCH: |
| 1497 |
|
case DNS_VERIFY_MISMATCH: |
| 1498 |
|
case DNS_VERIFY_DIFFERENTTYPE: |
| 1499 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_DNSSEC_NG", pvar, "SSHFP RR is *not* authenticated by DNSSEC."); |
| 1500 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPDNSSEC, pvar->ts->UIMsg); |
| 1501 |
|
break; |
| 1502 |
|
case DNS_VERIFY_AUTH_MATCH: |
| 1503 |
|
case DNS_VERIFY_AUTH_MISMATCH: |
| 1504 |
|
case DNS_VERIFY_AUTH_DIFFERENTTYPE: |
| 1505 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_DNSSEC_OK", pvar, "SSHFP RR is authenticated by DNSSEC."); |
| 1506 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPDNSSEC, pvar->ts->UIMsg); |
| 1507 |
|
break; |
| 1508 |
|
} |
| 1509 |
|
|
| 1510 |
init_hosts_dlg(pvar, dlg); |
init_hosts_dlg(pvar, dlg); |
| 1511 |
|
|
| 1512 |
font = (HFONT)SendMessage(dlg, WM_GETFONT, 0, 0); |
font = (HFONT)SendMessage(dlg, WM_GETFONT, 0, 0); |
| 1612 |
UTIL_get_lang_msg("BTN_DISCONNECT", pvar, uimsg); |
UTIL_get_lang_msg("BTN_DISCONNECT", pvar, uimsg); |
| 1613 |
SetDlgItemText(dlg, IDCANCEL, pvar->ts->UIMsg); |
SetDlgItemText(dlg, IDCANCEL, pvar->ts->UIMsg); |
| 1614 |
|
|
| 1615 |
|
switch (pvar->dns_key_check) { |
| 1616 |
|
case DNS_VERIFY_NOTFOUND: |
| 1617 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_NOTFOUND", pvar, "SSHFP RR not found."); |
| 1618 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg); |
| 1619 |
|
break; |
| 1620 |
|
case DNS_VERIFY_MATCH: |
| 1621 |
|
case DNS_VERIFY_AUTH_MATCH: |
| 1622 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_MATCH", pvar, "SSHFP RR found and match."); |
| 1623 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg); |
| 1624 |
|
break; |
| 1625 |
|
case DNS_VERIFY_MISMATCH: |
| 1626 |
|
case DNS_VERIFY_AUTH_MISMATCH: |
| 1627 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_MISMATCH", pvar, "SSHFP RR found but not match."); |
| 1628 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg); |
| 1629 |
|
break; |
| 1630 |
|
case DNS_VERIFY_DIFFERENTTYPE: |
| 1631 |
|
case DNS_VERIFY_AUTH_DIFFERENTTYPE: |
| 1632 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_SSHFP_DIFFTYPE", pvar, "SSHFP RR found but different type."); |
| 1633 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPCHECK, pvar->ts->UIMsg); |
| 1634 |
|
break; |
| 1635 |
|
} |
| 1636 |
|
|
| 1637 |
|
switch (pvar->dns_key_check) { |
| 1638 |
|
case DNS_VERIFY_MATCH: |
| 1639 |
|
case DNS_VERIFY_MISMATCH: |
| 1640 |
|
case DNS_VERIFY_DIFFERENTTYPE: |
| 1641 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_DNSSEC_NG", pvar, "SSHFP RR is *not* authenticated by DNSSEC."); |
| 1642 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPDNSSEC, pvar->ts->UIMsg); |
| 1643 |
|
break; |
| 1644 |
|
case DNS_VERIFY_AUTH_MATCH: |
| 1645 |
|
case DNS_VERIFY_AUTH_MISMATCH: |
| 1646 |
|
case DNS_VERIFY_AUTH_DIFFERENTTYPE: |
| 1647 |
|
UTIL_get_lang_msg("DLG_HOSTKEY_DNSSEC_OK", pvar, "SSHFP RR is authenticated by DNSSEC."); |
| 1648 |
|
SetDlgItemText(dlg, IDC_HOSTSSHFPDNSSEC, pvar->ts->UIMsg); |
| 1649 |
|
break; |
| 1650 |
|
} |
| 1651 |
|
|
| 1652 |
init_hosts_dlg(pvar, dlg); |
init_hosts_dlg(pvar, dlg); |
| 1653 |
|
|
| 1654 |
font = (HFONT)SendMessage(dlg, WM_GETFONT, 0, 0); |
font = (HFONT)SendMessage(dlg, WM_GETFONT, 0, 0); |
| 1769 |
return 0; |
return 0; |
| 1770 |
} |
} |
| 1771 |
|
|
|
#define DNS_TYPE_SSHFP 44 |
|
|
typedef struct { |
|
|
BYTE Algorithm; |
|
|
BYTE DigestType; |
|
|
BYTE Digest[1]; |
|
|
} DNS_SSHFP_DATA, *PDNS_SSHFP_DATA; |
|
|
enum verifydns_result { |
|
|
DNS_VERIFY_NONE, |
|
|
DNS_VERIFY_MATCH, |
|
|
DNS_VERIFY_MISMATCH, |
|
|
DNS_VERIFY_DIFFERENTTYPE, |
|
|
DNS_VERIFY_AUTH_MATCH, |
|
|
DNS_VERIFY_AUTH_MISMATCH, |
|
|
DNS_VERIFY_AUTH_DIFFERENTTYPE |
|
|
}; |
|
|
|
|
| 1772 |
int verify_hostkey_dns(char FAR *hostname, Key *key) |
int verify_hostkey_dns(char FAR *hostname, Key *key) |
| 1773 |
{ |
{ |
| 1774 |
DNS_STATUS status; |
DNS_STATUS status; |
| 1776 |
PDNS_SSHFP_DATA t; |
PDNS_SSHFP_DATA t; |
| 1777 |
int hostkey_alg, hostkey_dtype, hostkey_dlen; |
int hostkey_alg, hostkey_dtype, hostkey_dlen; |
| 1778 |
BYTE *hostkey_digest; |
BYTE *hostkey_digest; |
| 1779 |
int found = DNS_VERIFY_NONE; |
int found = DNS_VERIFY_NOTFOUND; |
| 1780 |
|
|
| 1781 |
switch (key->type) { |
switch (key->type) { |
| 1782 |
case KEY_RSA: |
case KEY_RSA: |
| 1840 |
// |
// |
| 1841 |
BOOL HOSTS_check_host_key(PTInstVar pvar, char FAR * hostname, unsigned short tcpport, Key *key) |
BOOL HOSTS_check_host_key(PTInstVar pvar, char FAR * hostname, unsigned short tcpport, Key *key) |
| 1842 |
{ |
{ |
| 1843 |
int found_different_key = 0, found_different_type_key = 0, dns_sshfp_check = 0; |
int found_different_key = 0, found_different_type_key = 0; |
| 1844 |
|
|
| 1845 |
|
pvar->dns_key_check = DNS_VERIFY_NONE; |
| 1846 |
|
|
| 1847 |
// すでに known_hosts ファイルからホスト公開鍵を読み込んでいるなら、それと比較する。 |
// すでに known_hosts ファイルからホスト公開鍵を読み込んでいるなら、それと比較する。 |
| 1848 |
if (pvar->hosts_state.prefetched_hostname != NULL |
if (pvar->hosts_state.prefetched_hostname != NULL |
| 1920 |
} |
} |
| 1921 |
|
|
| 1922 |
if (pvar->settings.VerifyHostKeyDNS && !is_numeric_hostname(hostname)) { |
if (pvar->settings.VerifyHostKeyDNS && !is_numeric_hostname(hostname)) { |
| 1923 |
dns_sshfp_check = verify_hostkey_dns(hostname, key); |
pvar->dns_key_check = verify_hostkey_dns(hostname, key); |
| 1924 |
} |
} |
| 1925 |
|
|
| 1926 |
// known_hostsダイアログは同期的に表示させ、この時点においてユーザに確認 |
// known_hostsダイアログは同期的に表示させ、この時点においてユーザに確認 |
Tera Term
Parent Directory
Revision Log
Patch