/*
* Ask whether the selected algorithm is acceptable (since it was
* below the configured 'warn' threshold).
*/
int askalg(void *frontend, const char *algtype, const char *algname,
void (* /*callback*/)(void *ctx, int result), void * /*ctx*/)
{
assert(frontend);
GuiTerminalWindow *f = static_cast<GuiTerminalWindow*>(frontend);
QString msg = QString("The first " + QString(algtype) + " supported by the server\n"
"is "+ QString(algname) +", which is below the configured\n"
"warning threshold.\n"
"Do you want to continue with this connection?\n");
switch (QMessageBox::warning(f->getMainWindow(), QString(APPNAME " Security Alert"),
msg,
QMessageBox::Yes | QMessageBox::No,
QMessageBox::No)) {
case QMessageBox::Yes: return 2;
case QMessageBox::No: return 1;
default: return 0;
}
}
int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
char *keystr, char *fingerprint,
void (* /*callback*/)(void *ctx, int result), void * /*ctx*/)
{
assert(frontend);
GuiTerminalWindow *f = static_cast<GuiTerminalWindow*>(frontend);
int ret = 1;
QString absentmsg =
QString("The server's host key is not cached in the registry. You\n"
"have no guarantee that the server is the computer you\n"
"think it is.\n"
"The server's " + QString(keytype) + " key fingerprint is:\n")
+ QString(fingerprint) + QString("\n"
"If you trust this host, hit Yes to add the key to\n"
APPNAME "'s cache and carry on connecting.\n"
"If you want to carry on connecting just once, without\n"
"adding the key to the cache, hit No.\n"
"If you do not trust this host, hit Cancel to abandon the\n"
"connection.\n");
QString wrongmsg =
QString("WARNING - POTENTIAL SECURITY BREACH!\n"
"\n"
"The server's host key does not match the one " APPNAME " has\n"
"cached in the registry. This means that either the\n"
"server administrator has changed the host key, or you\n"
"have actually connected to another computer pretending\n"
"to be the server.\n"
"The new " + QString(keytype) + " key fingerprint is:\n"
+ QString(fingerprint) + "\n"
"If you were expecting this change and trust the new key,\n"
"hit Yes to update " APPNAME "'s cache and continue connecting.\n"
"If you want to carry on connecting but without updating\n"
"the cache, hit No.\n"
"If you want to abandon the connection completely, hit\n"
"Cancel. Hitting Cancel is the ONLY guaranteed safe\n" "choice.\n");
/*
* Verify the key against the registry.
*/
ret = verify_host_key(host, port, keytype, keystr);
if (ret == 0) /* success - key matched OK */
return 1;
else if (ret == 2) { /* key was different */
switch (QMessageBox::critical(f->getMainWindow(), QString(APPNAME " Security Alert"),
wrongmsg,
QMessageBox::Yes | QMessageBox::No | QMessageBox::Cancel,
QMessageBox::Cancel)) {
case QMessageBox::Yes:
store_host_key(host, port, keytype, keystr);
return 2;
case QMessageBox::No: return 1;
default: return 0;
}
} else if (ret == 1) { /* key was absent */
switch (QMessageBox::warning(f->getMainWindow(), QString(APPNAME " Security Alert"),
absentmsg,
QMessageBox::Yes | QMessageBox::No | QMessageBox::Cancel,
QMessageBox::Cancel)) {
case QMessageBox::Yes:
store_host_key(host, port, keytype, keystr);
return 2;
case QMessageBox::No: return 1;
default: return 0;
}
}
return 0; /* abandon the connection */
}
