Simon Tatham [Sun, 17 Dec 2006 11:16:07 +0000 (11:16 +0000)]
Initial support for HTML Help. All the ad-hoc help-file finding code
and various calls to WinHelp() have been centralised into a new file
winhelp.c, which in turn has been modified to detect a .CHM file as
well as .HLP and select between them as appropriate. It explicitly
tries to load HHCTRL.OCX and use GetProcAddress, meaning that it
_should_ still work correctly on pre-HTML-Help platforms, falling
gracefully back to WinHelp, but although I tested this by
temporarily renaming my own HHCTRL.OCX I haven't yet been able to
test it on a real HTML-Help-free platform.
Also in this checkin: a new .but file and docs makefile changes to
make it convenient to build the sources for a .CHM. As yet, owing to
limitations of Halibut's CHM support, I'm not able to write a .CHM
directly, more's the pity.
Simon Tatham [Thu, 23 Nov 2006 14:32:11 +0000 (14:32 +0000)]
I've just discovered that using the saved sessions menu from Unix
PuTTY causes the child process to inherit a lot of socket fds from
its parent, which is a pain if one of them then ends up holding open
a listening socket which the parent was using for port forwarding
after the parent itself is dead.
Therefore, this checkin sprinkles FD_CLOEXEC throughout the Unix
platform directory wherever there looks like being a long-lived fd.
Simon Tatham [Sat, 18 Nov 2006 15:10:48 +0000 (15:10 +0000)]
Reinstate as much of the Windows font-linking behaviour as I can
easily manage, by adopting a hybrid approach to Unicode text
display. The old approach of simply calling ExtTextOutW provided
font linking without us having to lift a finger, but didn't do the
right thing when it came to bidirectional or Arabic-shaped text.
Arabeyes' replacement exact_textout() supported the latter, but
turned out to break the former (with no warning from the Windows API
documentation, so it's not their fault).
So now I've got a second wrapper layer called general_textout(),
which splits the input string into substrings based on bidi
character class. Any character liable to cause bidi or shaping
behaviour if fed straight to ExtTextOutW is instead fed through
Arabeyes' exact_textout(), but the rest is fed straight to
ExtTextOutW as it used to be.
The effect appears to be that font linking is restored for all
characters _except_ Arabic and other bidi scripts, which means in
particular that we are no longer in a state of regression over 0.57.
(0.57 would have done font linking on Arabic as well, but would also
have misbidied it, so we've merely exchanged one failure mode for
another slightly less harmful one in that situation.)
Jacob Nevins [Wed, 15 Nov 2006 23:42:22 +0000 (23:42 +0000)]
Chris Boucher spotted that after "-nc" was added (r6823), cfg->ssh_nc_host
was not always initialised, which could lead to spurious attempts to open
a bogus channel (typically refused: "FATAL ERROR: Server refused to open
a direct-tcpip channel"). Fixed.
Jacob Nevins [Wed, 8 Nov 2006 21:15:30 +0000 (21:15 +0000)]
There's been an increase in people posting non-SSH PuTTY-related questions
to comp.security.ssh, posting queries that are clearly about PuTTY to
newsgroups without actually mentioning PuTTY, and so on. They may have been
directed there by this document :( Add a futile attempt to instil a sense of
etiquette.
Jacob Nevins [Sun, 22 Oct 2006 19:51:28 +0000 (19:51 +0000)]
Minor semantic tweak to bug-compatibility modes: make
BUG_NEEDS_SSH1_PLAIN_PASSWORD do exactly what it says on the tin, independent
of whether BUG_CHOKES_ON_SSH1_IGNORE is set.
This is invisible in the default configuration, as all servers marked as having
the second bug have the first one too, but it would allow one to manually
configure PuTTY to cope with a SSH-1 server that got upset by ignore messages
during authentication, but was fine with their use as keepalives.
Simon Tatham [Tue, 3 Oct 2006 17:16:26 +0000 (17:16 +0000)]
Disable a bunch of undesirable termios flags. ICRNL, in particular,
is liable to have been set on serial ports previously used as
terminal devices, and definitely wants not to be set on serial ports
being used for callout.
Simon Tatham [Thu, 21 Sep 2006 11:48:32 +0000 (11:48 +0000)]
Fix breakage of `Restart Session' in r6802. When restarting the
session, we were clearing the new session_closed flag, but failing
to clear must_close_session; with that set, the session was being
opened but immediately re-closed.
Simon Tatham [Sun, 3 Sep 2006 14:31:34 +0000 (14:31 +0000)]
Support for an alternative mechanism for displaying wide characters
under X: instead of having two separate fixed-width fonts one of
which is twice the width of the other, you can instead have a single
font in which some characters are twice as wide as others.
This is implemented very simply: if you specify a wide font, it will
be used for wide characters, and if you don't then the normal font
will be used for wide characters (so they'd better _be_ wide in that
font, or there'll be trouble).
I got this idea from Jed, whose latest version supports UTF-8 and
requires a font of this type. If there are going to be X fonts like
that kicking around, there will doubtless be people who want to use
them.
Simon Tatham [Sun, 3 Sep 2006 12:55:16 +0000 (12:55 +0000)]
Add a mini-rant to the top comment explaining why threads are
required. (I just tried getting rid of them; it worked fine for
serial ports, but not for anything else. The Windows I/O API sucks.)
Jacob Nevins [Tue, 29 Aug 2006 21:46:56 +0000 (21:46 +0000)]
Updates for today's changes:
- changes to Logging panel
- breaks in serial backend
(Plus, completely unrelated, an index term entry related to port forwarding
which seems to have been sitting around for ages, possibly waiting for me to
think about `see also' index terms in Halibut.)
Simon Tatham [Tue, 29 Aug 2006 19:07:11 +0000 (19:07 +0000)]
New logging mode, which records the exact bytes sent over the wire
in an SSH connection _in addition_ to the decrypted packets. This
will hopefully come in useful for debugging wire data corruption
issues: you can strace the server, enable this mode in the client,
and compare the sent and received data.
I'd _like_ to have this mode also log Diffie-Hellman private
exponents, session IDs, encryption and MAC keys, so that the
resulting log file could be used to independently verify the
correctness of all cryptographic operations performed by PuTTY.
However, I haven't been able to convince myself that the security
implications are acceptable. (It doesn't matter that this
information would permit an attacker to decrypt the session, because
the _already_ decrypted session is stored alongside it in the log
file. And I'm not planning, under any circumstances, to log users'
private keys. But gaining access to the log file while the session
was still running would permit an attacker to _hijack_ the session,
and that's the iffy bit.)
Simon Tatham [Tue, 29 Aug 2006 18:50:07 +0000 (18:50 +0000)]
Explicitly closing logctx on various kinds of error exit means that
the log file gets fclosed properly and the critical last few
messages might be recoverable from the log file more often...
Simon Tatham [Tue, 29 Aug 2006 18:32:44 +0000 (18:32 +0000)]
The Windows HANDLE type, despite being a `void *', does not actually
behave like a pointer. In particular, the right thing to set a
HANDLE to to indicate that it's invalid is INVALID_HANDLE_VALUE, not
NULL. Crack down on sloppy use of NULL HANDLEs across all Windows
code.
(There is one oddity, which is that {Create,Open}FileMapping are
documented to return a NULL HANDLE instead of INVALID_HANDLE_VALUE
on failure. Shrug. If MS want to be inconsistent, I suppose I have
to live with it.)
Simon Tatham [Tue, 29 Aug 2006 09:18:09 +0000 (09:18 +0000)]
Inhibit the Serial configuration panel in mid-session if the session
isn't a serial one. In particular, this causes pterm not to fail an
assertion if you select `Change Settings'. Ahem.
Simon Tatham [Mon, 28 Aug 2006 19:09:28 +0000 (19:09 +0000)]
Apparently MsgWaitForMultipleObjects doesn't always return the
values one might expect, which means that GetMessage() was
occasionally blocking the process. That appears to be the last of
the annoying data loss issues, so I think the Windows serial back
end actually looks vaguely reliable now. Phew.
Simon Tatham [Mon, 28 Aug 2006 18:36:11 +0000 (18:36 +0000)]
That OVERLAPPED fix seems to have made flow control useful as well
(presumably Windows's serial buffer is actually _filling up_,
causing an XOFF to be sent, now that my dodgy I/O code isn't causing
it to leak). So I think I'll switch the default flow control to
XON/XOFF, since it actually seems to do something now.
Simon Tatham [Mon, 28 Aug 2006 18:27:54 +0000 (18:27 +0000)]
Eep! Next bit flag after 1 and 2 is _4_, not 3. Perhaps it's time I
stopped coding and went and sat down quietly and tried not to touch
anything for a while.
Simon Tatham [Mon, 28 Aug 2006 18:26:50 +0000 (18:26 +0000)]
Reading 4K at a time from a serial port turns out to be a bit
unfriendly in an interactive session, because at 19200 baud it takes
nearly two seconds to receive that much data, and as long as the
data is flowing continuously Windows waits until it has a full
buffer. So here's another annoying flag in the winhandl API, which
restricts reads to length 1 so that serial output shows up as it
appears.
(I tried this yesterday, but without the OVERLAPPED fix in r6826 it
behaved very erratically. It now seems solid.)
Simon Tatham [Mon, 28 Aug 2006 18:16:49 +0000 (18:16 +0000)]
Apparently it helps for an OVERLAPPED structure to contain a valid
event handle. This seems to have fixed _some_, but not all, of the
curious data loss issues in the Windows serial backend.
Simon Tatham [Mon, 28 Aug 2006 15:12:37 +0000 (15:12 +0000)]
New command-line option in Plink (and PuTTY, though it's less useful
there): `plink host -nc host2:port' causes the SSH connection's main
channel to be replaced with a direct-tcpip connection to the
specified destination. This feature is mainly designed for use as a
local proxy: setting your local proxy command to `plink %proxyhost
-nc %host:%port' lets you tunnel SSH over SSH with a minimum of
fuss. Works on all platforms.
Simon Tatham [Mon, 28 Aug 2006 14:29:02 +0000 (14:29 +0000)]
Serial back end for Unix. Due to hardware limitations (no Linux box
I own has both an X display and a working serial port) I have been
unable to give this the full testing it deserves; I've managed to
demonstrate the basic functionality of Unix Plink talking to a
serial port, but I haven't been able to test the GTK front end. I
have no reason to think it will fail, but I'll be more comfortable
once somebody has actually tested it.
Simon Tatham [Mon, 28 Aug 2006 13:08:15 +0000 (13:08 +0000)]
Because not all OSes will support the same set of serial port
options, here's a slight change to the API of ser_setup_config_box()
to make it filter its parity and flow control options using
platform-supplied bit masks.
Simon Tatham [Mon, 28 Aug 2006 10:35:12 +0000 (10:35 +0000)]
Support for Windows PuTTY connecting straight to a local serial port
in place of making a network connection. This has involved a couple
of minor infrastructure changes:
- New dlg_label_change() function in the dialog.h interface, which
alters the label on a control. Only used, at present, to switch
the Host Name and Port boxes into Serial Line and Speed, which
means that any platform not implementing serial connections (i.e.
currently all but Windows) does not need to actually do anything
in this function. Yet.
- New small piece of infrastructure: cfg_launchable() determines
whether a Config structure describes a session ready to be
launched. This was previously determined by seeing if it had a
non-empty host name, but it has to check the serial line as well
so there's a centralised function for it. I haven't gone through
all front ends and arranged for this function to be used
everywhere it needs to be; so far I've only checked Windows.
- Similarly, cfg_dest() returns the destination of a connection
(host name or serial line) in a text format suitable for putting
into messages such as `Unable to connect to %s'.
Simon Tatham [Sun, 27 Aug 2006 10:00:36 +0000 (10:00 +0000)]
Grow some nasty warts on the side of winhandl.c, in preparation for
a serial port backend:
- In order to do simultaneous reading and writing on the same
HANDLE, you must enable overlapped access and pass an OVERLAPPED
structure to each ReadFile and WriteFile call. This would make
sense if it were an optional thing I could do if I wanted to do
the reading and writing in the same thread, but making it
mandatory even if I'm doing them in _different_ threads is just
annoying and arbitrary.
- Serial ports occasionally return length 0 from ReadFile, for no
particularly good reason. Fortunately serial ports also don't
have a real EOF condition to speak of, so ignoring EOFs is
actually a viable response in spite of sounding utterly gross.
Hence, handle_{input,output}_new() now accept a flags parameter,
which includes a flag to enable the OVERLAPPED bureaucracy and a
flag to cause EOFs to be ignored on input handles. The current
clients of winhandl.c do not use either of these.
Simon Tatham [Sun, 27 Aug 2006 08:34:04 +0000 (08:34 +0000)]
Call console_provide_logctx _before_ initialising the back end, so
that logevent() will go to stderr in -v mode even during the back
end init function.
Simon Tatham [Sun, 27 Aug 2006 08:03:19 +0000 (08:03 +0000)]
The `socket' function in the backends is only ever checked to see if
it's NULL. Since we already have one back end (uxpty) which doesn't
in fact talk to a network socket, and may well have more soon, I'm
replacing this TCP/IP-centric function with a nice neutral
`connected' function returning a boolean. Nothing else about its
semantics has currently changed.
Simon Tatham [Sat, 26 Aug 2006 10:59:09 +0000 (10:59 +0000)]
It's critically important that the local proxy process should not
inherit _our_ ends of its I/O pipes! Otherwise, closing our copy of
those handles does not cause it to see EOF on its stdin, because
it's holding the pipe open itself.
Simon Tatham [Sat, 26 Aug 2006 10:20:16 +0000 (10:20 +0000)]
ProxyCommand support for Windows, using the new winhandl.c API.
Seems a bit clunky when I actually try to use it - not sure why -
but I think all the actual functionality is there.
Simon Tatham [Sat, 26 Aug 2006 10:19:23 +0000 (10:19 +0000)]
Another bug fix: always set the busy flag when telling a subthread
to do something, otherwise handle_get_events will forget to tell the
front end to check for that subthread finishing. This applies even
when we're only setting `busy' to tell the subthread to terminate!
Simon Tatham [Sat, 26 Aug 2006 10:17:39 +0000 (10:17 +0000)]
On cleanup, PSCP and PSFTP should explicitly check that the back end
is still running rather than relying on ssh_sftp_loop_iteration() to
return a bogus value.
Simon Tatham [Sat, 26 Aug 2006 10:04:46 +0000 (10:04 +0000)]
Start using notify_remote_exit() in the Windows front end, in place
of the previous ad-hockery which depended on the return value from
select_result() and hence which will not adapt sensibly to a world
in which the primary session is something local rather than a
network connection.
Simon Tatham [Sat, 26 Aug 2006 09:21:52 +0000 (09:21 +0000)]
Return a non-zero exit code in the event of a fatal-error SSH
session termination. `Close window only on clean exit' was not
working properly on Unix in the absence of this:
notify_remote_exit() was being called and ssh_return_exitcode was
returning zero, causing gtk_main_quit() to be called, _before_
connection_fatal() happened.
Simon Tatham [Sat, 26 Aug 2006 08:37:42 +0000 (08:37 +0000)]
Always initialise the `addresses' field of a SockAddr to NULL,
because it gets unconditionally sfree()d in sk_addr_free(). This
just bit me when running under the MSVC debugger; not sure how it
hasn't bitten anyone until now!
Simon Tatham [Sat, 26 Aug 2006 08:15:53 +0000 (08:15 +0000)]
Bug fix: since the input thread does not wait for the event object
until _after_ its first read, we should not start by signalling that
object in order to trigger the first read. Ahem.
Simon Tatham [Fri, 25 Aug 2006 22:10:16 +0000 (22:10 +0000)]
New piece of Windows infrastructure: winhandl.c takes Plink's
thread-based approach to stdin and stdout, wraps it in a halfway
sensible API, and makes it a globally available service across all
network tools.
There is no direct functionality enhancement from this checkin:
winplink.c now talks to the new API instead of doing it all
internally, but does nothing different as a result.
However, this should lay the groundwork for several diverse pieces
of work in future: pipe-based ProxyCommand on Windows, a serial port
back end, and (hopefully) a pipe-based means of communicating with
Pageant, which should have sensible blocking behaviour and hence
permit asynchronous agent requests and decrypt-on-demand.
Simon Tatham [Tue, 15 Aug 2006 20:29:02 +0000 (20:29 +0000)]
Shifts left and right by 32 were tripping a gcc warning (fatal with
-Werror, of course) about shifting by more than the range of a data
type. They only appeared in `if' statements testing sizeof(off_t),
but gcc warns even when the code is unreachable. I've removed the
conditional code (the general case should still work even on 32-bit
machines), and hacked each shift by 32 into a pair of shifts by 16.
Note that the gcc warning is not just a helpful indication that you
may be using the wrong data type; it's actually pointing out ANSI-
undefined behaviour in shifting a signed integer beyond the size of
its type.
Simon Tatham [Tue, 15 Aug 2006 12:45:21 +0000 (12:45 +0000)]
Aha! At long last I've managed to reproduce the intermittent problem
I've been having with the cursor sometimes restoring to the wrong
place when screen(1) terminates. The offending sequence of escape
sequences goes ESC 7 (save cursor), ESC [?47h (switch to alternate
screen), ESC 7 (save cursor _again_), do some stuff, ESC 8 (restore
cursor), run screen session for a bit, ESC [?47l (return to main
screen), ESC 8 (restore cursor). The final ESC 8 is expected to
restore the cursor to where it was saved by the initial ESC 7.
Translation: the ESC 7 saved cursor state is part of the state we
must swap out when switching to the alternate screen. In other
words, we need to track _four_ cursor positions: active and saved,
on each of main and alternate screen. Previously we were tracking
only three.
Owen Dunn [Sat, 12 Aug 2006 15:20:19 +0000 (15:20 +0000)]
Large file support for psftp and pscp on both Windows and Unix. On Unix
we set _FILE_OFFSET_BITS to 64 on the compiler command line (via mkfiles.pl),
and on Windows we use SetFilePointer and GetFileSize to cope with 64-bit sizes
where possible. Not tested on Win9x.
Jacob Nevins [Fri, 7 Jul 2006 14:18:47 +0000 (14:18 +0000)]
Random Unix puttygen improvements highlighted by a post to comp.security.ssh:
- fix diagnostic if keyfile and '-t' both specified
- add diagnostic for generating a key but discarding the private part
- document '-q' option
Jacob Nevins [Sat, 17 Jun 2006 12:02:03 +0000 (12:02 +0000)]
Robert Evans spotted that bignum_decimal() failed to cope with being given
a zero input.
This shouldn't matter for PuTTY, as these routines are only used in PuTTYgen,
to output SSH-1 format public key exponents/moduli, which should be nonzero.
Jacob Nevins [Sun, 11 Jun 2006 12:56:52 +0000 (12:56 +0000)]
Do not send raw mouse events in the middle of a selection operation, even if
we otherwise would (for instance, if Shift is released before the mouse button
being used for selection).
[originally from svn r6727]
[this svn revision also touched putty-wishlist]
Simon Tatham [Fri, 2 Jun 2006 08:46:34 +0000 (08:46 +0000)]
Lionel Fourquaux offers this very simple patch to speed up SFTP,
simply by upping the packet sizes and maximum in-flight packet
count. Got to be worth a try, I think!
Jacob Nevins [Sun, 21 May 2006 12:20:42 +0000 (12:20 +0000)]
Port r6710 from puzzles:
Patch from Ben Hutchings to prevent an ugly special case in
&splitline in which a line is `split' into a line ending in a
backslash followed by a completely blank line.
Jacob Nevins [Wed, 26 Apr 2006 23:01:06 +0000 (23:01 +0000)]
sbcsgen.pl was giving different results on different machines in the case
where two SBCS code points mapped to a single Unicode point.
Changed so that by default it favours the lower SBCS code point.
On ixion, this highlighted ambiguities in CS_MAC_THAI, CS_MAC_SYMBOL, and
CS_VISCII. Guessed at a preference for the first two and added "sortpriority"
directives. (No idea about VISCII.)
[originally from svn r6641]
[this svn revision also touched charset,filter,halibut,timber]
Jacob Nevins [Thu, 13 Apr 2006 21:18:09 +0000 (21:18 +0000)]
Everywhere we print an fxp_error(), try to make it clear what we were trying
to do at the time.
(A lot of these say just "canonify:". This isn't a nice thing to show to a
user, but I don't believe canonify() will ever return failure due to a server
error, so users shouldn't actually see it, and it means we have a chance of
tracing it if reported.)
Jacob Nevins [Fri, 7 Apr 2006 21:42:30 +0000 (21:42 +0000)]
Remove login name prompt from PSFTP.
ssh.c will prompt for a login name as required, and doing so in psftp.c
before we've even made a connection is incorrect wrt `bypass-ssh2-userauth'.
Simon Tatham [Wed, 8 Mar 2006 18:10:12 +0000 (18:10 +0000)]
David Damerell tells me I should be using Ctrl-hjklyubn rather than
Shift-hjklyubn for batch movement in NetHack, because they have
subtly different behaviour within the game and the Ctrl-moves are
more useful. Unfortunately, PuTTY's NetHack keypad mode doesn't
support Ctrl-moves. Therefore, it does now :-)
Jacob Nevins [Mon, 27 Feb 2006 22:27:49 +0000 (22:27 +0000)]
Batch of miscellaneous tweaks to the Windows installer:
- Now we've fixed `win-versioninfo', choose some sensible outcomes from
the installer's comparisons of binary version numbers. Also, give the
installer _itself_ a matching binary version.
In particular, without this change, it would not have been possible
to downgrade PuTTY -- it would have silently left the "newer" files in
place. Now it will make some fuss, but permit it.
- Also remove descriptions from shortcuts, on the grounds that the
binaries have embedded descriptions now. (Although I've not checked
whether those are actually visible in the Start Menu.)
- At the request of various people (e.g., PJB), add flags so that if
files are in use at the time the (un)installer is run, replacement is
deferred to the next restart. (The user may be prompted to restart,
which isn't ideal; see comments).
This is supposed to make centrally-pushed silent upgrades more robust.
- Note some limitations of the installer.
Jacob Nevins [Sat, 25 Feb 2006 14:13:46 +0000 (14:13 +0000)]
Alain Guibert points out that palette changes weren't causing the space
between the text area and the window border to be refreshed.
Fixed on Windows. Gtk still has a similar problem.
Simon Tatham [Thu, 23 Feb 2006 13:38:44 +0000 (13:38 +0000)]
Do proper select-for-write on ptys. Currently, pasting a
sufficiently large string into pterm in any circumstances in which
it's echoed back to the terminal will cause a deadlock once the
pty's write buffer fills up.