* Fingerprints of the PGP master keys that can be used to establish a trust
* path between an executable and other files.
*/
+#define PGP_MASTER_KEY_FP \
+ "440D E3B5 B7A1 CA85 B3CC 1718 AB58 5DC6 0467 6F7C"
#define PGP_RSA_MASTER_KEY_FP \
"8F 15 97 DA 25 30 AB 0D 88 D1 92 54 11 CF 0C 4C"
#define PGP_DSA_MASTER_KEY_FP \
/* Pseudo-specials used for constructing the specials menu. */
TS_SEP, /* Separator */
TS_SUBMENU, /* Start a new submenu with specified name */
- TS_EXITMENU /* Exit current submenu or end of specials */
+ TS_EXITMENU, /* Exit current submenu or end of specials */
+ /* Starting point for protocols to invent special-action codes
+ * that can't live in this enum at all, e.g. because they change
+ * with every session.
+ *
+ * Of course, this must remain the last value in this
+ * enumeration. */
+ TS_LOCALSTART
} Telnet_Special;
struct telnet_special {
KEX_MAX
};
+enum {
+ /*
+ * SSH-2 host key algorithms
+ */
+ HK_WARN,
+ HK_RSA,
+ HK_DSA,
+ HK_ECDSA,
+ HK_ED25519,
+ HK_MAX
+};
+
enum {
/*
* SSH ciphers (both SSH-1 and SSH-2)
* three-way settings whose values are `always yes', `always
* no', and `decide by some more complex automated means'. This
* is true of line discipline options (local echo and line
- * editing), proxy DNS, Close On Exit, and SSH server bug
- * workarounds. Accordingly I supply a single enum here to deal
- * with them all.
+ * editing), proxy DNS, proxy terminal logging, Close On Exit, and
+ * SSH server bug workarounds. Accordingly I supply a single enum
+ * here to deal with them all.
*/
FORCE_ON, FORCE_OFF, AUTO
};
* Proxy types.
*/
PROXY_NONE, PROXY_SOCKS4, PROXY_SOCKS5,
- PROXY_HTTP, PROXY_TELNET, PROXY_CMD
+ PROXY_HTTP, PROXY_TELNET, PROXY_CMD, PROXY_FUZZ
};
enum {
*/
void (*unthrottle) (void *handle, int);
int (*cfg_info) (void *handle);
+ /* Only implemented in the SSH protocol: check whether a
+ * connection-sharing upstream exists for a given configuration. */
+ int (*test_for_upstream)(const char *host, int port, Conf *conf);
const char *name;
int protocol;
int default_port;
BUSY_CPU /* Locally busy (e.g. crypto); user interaction suspended */
};
void set_busy_status(void *frontend, int status);
+int frontend_is_utf8(void *frontend);
void cleanup_exit(int);
X(STR, NONE, proxy_username) \
X(STR, NONE, proxy_password) \
X(STR, NONE, proxy_telnet_command) \
+ X(INT, NONE, proxy_log_to_term) \
/* SSH options */ \
X(STR, NONE, remote_cmd) \
X(STR, NONE, remote_cmd2) /* fallback if remote_cmd fails; never loaded or saved */ \
X(INT, NONE, nopty) \
X(INT, NONE, compression) \
X(INT, INT, ssh_kexlist) \
+ X(INT, INT, ssh_hklist) \
X(INT, NONE, ssh_rekey_time) /* in minutes */ \
X(STR, NONE, ssh_rekey_data) /* string encoding e.g. "100K", "2M", "1G" */ \
X(INT, NONE, tryagent) \
X(INT, NONE, change_username) /* allow username switching in SSH-2 */ \
X(INT, INT, ssh_cipherlist) \
X(FILENAME, NONE, keyfile) \
- X(INT, NONE, sshprot) /* use v1 or v2 when both available */ \
+ /* \
+ * Which SSH protocol to use. \
+ * For historical reasons, the current legal values for CONF_sshprot \
+ * are: \
+ * 0 = SSH-1 only \
+ * 3 = SSH-2 only \
+ * We used to also support \
+ * 1 = SSH-1 with fallback to SSH-2 \
+ * 2 = SSH-2 with fallback to SSH-1 \
+ * and we continue to use 0/3 in storage formats rather than the more \
+ * obvious 1/2 to avoid surprises if someone saves a session and later \
+ * downgrades PuTTY. So it's easier to use these numbers internally too. \
+ */ \
+ X(INT, NONE, sshprot) \
X(INT, NONE, ssh2_des_cbc) /* "des-cbc" unrecommended SSH-2 cipher */ \
X(INT, NONE, ssh_no_userauth) /* bypass "ssh-userauth" (SSH-2 only) */ \
X(INT, NONE, ssh_show_banner) /* show USERAUTH_BANNERs (SSH-2 only) */ \
X(INT, NONE, no_remote_resize) /* disable remote resizing */ \
X(INT, NONE, no_alt_screen) /* disable alternate screen */ \
X(INT, NONE, no_remote_wintitle) /* disable remote retitling */ \
+ X(INT, NONE, no_remote_clearscroll) /* disable ESC[3J */ \
X(INT, NONE, no_dbackspace) /* disable destructive backspace */ \
X(INT, NONE, no_remote_charset) /* disable remote charset config */ \
X(INT, NONE, remote_qtitle_action) /* remote win title query action */ \
X(INT, NONE, erase_to_scrollback) \
X(INT, NONE, compose_key) \
X(INT, NONE, ctrlaltkeys) \
+ X(INT, NONE, osx_option_meta) \
+ X(INT, NONE, osx_command_meta) \
X(STR, NONE, wintitle) /* initial window title */ \
/* Terminal options */ \
X(INT, NONE, savelines) \
/*
* Exports from version.c.
*/
-extern char ver[];
+extern const char ver[];
/*
* Exports from unicode.c.
/*
* Exports from pageantc.c.
*
- * agent_query returns 1 for here's-a-response, and 0 for query-in-
- * progress. In the latter case there will be a call to `callback'
- * at some future point, passing callback_ctx as the first
+ * agent_query returns NULL for here's-a-response, and non-NULL for
+ * query-in- progress. In the latter case there will be a call to
+ * `callback' at some future point, passing callback_ctx as the first
* parameter and the actual reply data as the second and third.
*
* The response may be a NULL pointer (in either of the synchronous
* or asynchronous cases), which indicates failure to receive a
* response.
+ *
+ * When the return from agent_query is not NULL, it identifies the
+ * in-progress query in case it needs to be cancelled. If
+ * agent_cancel_query is called, then the pending query is destroyed
+ * and the callback will not be called. (E.g. if you're going to throw
+ * away the thing you were using as callback_ctx.)
+ *
+ * Passing a null pointer as callback forces agent_query to behave
+ * synchronously, i.e. it will block if necessary, and guarantee to
+ * return NULL. The wrapper function agent_query_synchronous() makes
+ * this easier.
*/
-int agent_query(void *in, int inlen, void **out, int *outlen,
- void (*callback)(void *, void *, int), void *callback_ctx);
+typedef struct agent_pending_query agent_pending_query;
+agent_pending_query *agent_query(
+ void *in, int inlen, void **out, int *outlen,
+ void (*callback)(void *, void *, int), void *callback_ctx);
+void agent_cancel_query(agent_pending_query *);
+void agent_query_synchronous(void *in, int inlen, void **out, int *outlen);
int agent_exists(void);
/*
void (*callback)(void *ctx, int result), void *ctx);
/*
* have_ssh_host_key() just returns true if a key of that type is
- * already chached and false otherwise.
+ * already cached and false otherwise.
*/
int have_ssh_host_key(const char *host, int port, const char *keytype);
/*
- * askalg has the same set of return values as verify_ssh_host_key.
+ * askalg and askhk have the same set of return values as
+ * verify_ssh_host_key.
+ *
+ * (askhk is used in the case where we're using a host key below the
+ * warning threshold because that's all we have cached, but at least
+ * one acceptable algorithm is available that we don't have cached.)
*/
int askalg(void *frontend, const char *algtype, const char *algname,
void (*callback)(void *ctx, int result), void *ctx);
+int askhk(void *frontend, const char *algname, const char *betteralgs,
+ void (*callback)(void *ctx, int result), void *ctx);
/*
* askappend can return four values:
*
int filename_serialise(const Filename *f, void *data);
Filename *filename_deserialise(void *data, int maxsize, int *used);
char *get_username(void); /* return value needs freeing */
-char *get_random_data(int bytes); /* used in cmdgen.c */
+char *get_random_data(int bytes, const char *device); /* used in cmdgen.c */
+char filename_char_sanitise(char c); /* rewrite special pathname chars */
/*
* Exports and imports from timing.c.
void expire_timer_context(void *ctx);
int run_timers(unsigned long now, unsigned long *next);
void timer_change_notify(unsigned long next);
+unsigned long timing_last_clock(void);
/*
* Exports from callback.c.