Simon Tatham [Sat, 2 Dec 2000 12:48:15 +0000 (12:48 +0000)]
Improve SSH2 host key abstraction into a generic `signing key'
abstraction, so as to be able to re-use the same abstraction for
user authentication keys and probably in the SSH2 agent (when that
happens) as well.
Simon Tatham [Sat, 2 Dec 2000 11:43:25 +0000 (11:43 +0000)]
Fix bugtraq 1949: server could open an agent forwarding channel even
if agent forwarding had not been negotiated on, and more
particularly even if it had been deliberately disabled by the user.
Simon Tatham [Wed, 1 Nov 2000 19:54:46 +0000 (19:54 +0000)]
Move dprintf and the debug system out into misc.c, to centralise it.
Saves binary space and also allows redirection of debug statements
to a file `debug.log'.
Simon Tatham [Wed, 25 Oct 2000 14:29:28 +0000 (14:29 +0000)]
Impose a lower limit of 256 on key lengths. This is mostly because
the primegen() function doesn't work well with <100 bits, so RSA
keys need to be >=200 to be generated correctly, and I thought 256
was a nice round number beyond that just to be sure. Perhaps I
should also have a security warning on any key less than 768; or
perhaps I should let people shoot themselves in the feet if they
really want to.
Simon Tatham [Wed, 25 Oct 2000 14:20:47 +0000 (14:20 +0000)]
Gaaah, I might have known. Split combined app cursor / app keypad
disablement option into two options so the app cursor keys and app
keypad can be controlled separately. The Pedantic Software Award in
this case goes to the Midnight Commander for its egregious failure
to just use the terminal in Perfectly Normal mode.
Simon Tatham [Mon, 23 Oct 2000 15:18:37 +0000 (15:18 +0000)]
Fix a bug which was causing occasional failed-host-key-check
messages. Also left some diagnostics in, under #if 0, so that next
time this happens it'll be easier to debug.
Simon Tatham [Mon, 23 Oct 2000 12:20:53 +0000 (12:20 +0000)]
Plink and PSCP were failing to load the `Default Settings' options
when connecting to an arbitrary hostname. In particular, setting a
default user name didn't work. Now it does.
Simon Tatham [Mon, 23 Oct 2000 11:55:11 +0000 (11:55 +0000)]
Created a shiny new abstraction for the socket handling. Has many
advantages:
- protocol modules can call sk_write() without having to worry
about writes blocking, because blocking writes are handled in the
abstraction layer and retried later.
- `Lost connection while sending' is a thing of the past.
- <winsock.h> is no longer needed in most modules, because
"putty.h" doesn't have to declare `SOCKET' variables any more,
only the abstracted `Socket' type.
- select()-equivalent between multiple sockets will now be handled
sensibly, which opens the way for things like SSH port
forwarding.
Simon Tatham [Mon, 23 Oct 2000 10:32:37 +0000 (10:32 +0000)]
Created a shiny new abstraction for the socket handling. Has many
advantages:
- protocol modules can call sk_write() without having to worry
about writes blocking, because blocking writes are handled in the
abstraction layer and retried later.
- `Lost connection while sending' is a thing of the past.
- <winsock.h> is no longer needed in most modules, because
"putty.h" doesn't have to declare `SOCKET' variables any more,
only the abstracted `Socket' type.
- select()-equivalent between multiple sockets will now be handled
sensibly, which opens the way for things like SSH port
forwarding.
Simon Tatham [Sat, 21 Oct 2000 17:52:54 +0000 (17:52 +0000)]
Ooh. Actually, that vulnerability is further-reaching than I
thought. As well as the ".." attack in recursive copies, the name
sent by the client was also trusted in a single-file implicit-
destination copy such as "pscp host:foo .". (The result was ./foo,
where foo is what the server claimed the file was rather than what
the user asked for. I think it's not unreasonable that if the user
requests file `foo' from the host, he should get the result in a
file called `foo' no matter what the host thinks.)
Simon Tatham [Sat, 21 Oct 2000 17:36:44 +0000 (17:36 +0000)]
Fix a potential vulnerability in incoming `pscp -r'. The server
sends filenames of things in the directory being copied. A malicious
server could have sent, for example, "..\..\windows\system\foo.dll"
and overwritten something crucial. The filenames are now vetted to
ensure they don't contain slashes or backslashes.
Simon Tatham [Sat, 21 Oct 2000 16:30:58 +0000 (16:30 +0000)]
Three new configurable options:
- Robert de Bath's Compose key is now off by default and configurable on
- The ages-old controversy over whether ALT by itself should bring the
System menu up is now controllable by a config option
- You can now independently configure whether scrollback resets on a
keypress _and_ whether it resets on screen activity.
Simon Tatham [Fri, 20 Oct 2000 15:20:53 +0000 (15:20 +0000)]
Put back the code that ensures "Default Settings" is always in the
session list even if it isn't in the Registry. This got deleted
overenthusiastically because I didn't have a comment explaining what
it was doing there. Now there's a comment, so I probably won't
remove it again.
Simon Tatham [Fri, 20 Oct 2000 13:51:46 +0000 (13:51 +0000)]
Introduce a sane interface function, from_backend(), for backends to
use when they have data from the network. Replaces the utterly daft
inbuf / inbuf_head / term_out() interface, which only made sense
when feeding to terminal.c. (terminal.c now implements
from_backend() as a small function that gateways to the old
interface.)
As a side effect, from_backend() also has an `is_stderr' parameter,
so scp can once again separate the server's pronouncements on stderr
from the actual protocol progress on stdout.
Simon Tatham [Thu, 19 Oct 2000 15:43:08 +0000 (15:43 +0000)]
PuTTYgen initial version. Still to do are basic user-friendliness
features (prompt for passphrase twice, prompt before overwriting a
file, check the key file was actually saved OK), testing of the
generated keys to make sure I got the file format right, and support
for a variable key size. I think what's already here is basically
sound though.
Simon Tatham [Wed, 18 Oct 2000 15:36:32 +0000 (15:36 +0000)]
Miscellaneous cleanups and reorgs in preparation for building
PuTTYgen. In particular, moved self-managing controls stuff out of
windlg.c into the new and reusable winctrls.c.
Simon Tatham [Tue, 10 Oct 2000 12:43:24 +0000 (12:43 +0000)]
ISO8859-2 to CP852 output translation wants to have Win1250 to ISO8859-2
input translation as its counterpart, not CP852 to ISO8859-2. Because the
reason you want this translation is if your _font_ is coded CP852 - in which
case your keymap will not follow suit but will still be in Win1250.
Simon Tatham [Tue, 10 Oct 2000 09:03:20 +0000 (09:03 +0000)]
Now when a saved session is loaded, its name appears in the
IDC_SESSEDIT box, so that clicking Save will save over it. Useful
for people who want to load, modify, and re-save. Special case: this
doesn't apply to Default Settings, because I think people will be
more likely to load DS, modify it, and save under a _different_
name, so it's good not to allow a single mouse click to screw them
up.
Simon Tatham [Mon, 9 Oct 2000 12:53:32 +0000 (12:53 +0000)]
Robert de Bath's big patch:
- cope with strange WinSock wrappers not supporting SIOCATMARK
- define yet more terminal compatibility modes
- support UK-ASCII (just like US-ASCII but # is a sterling sign)
- support connection keepalives at a configurable interval
Simon Tatham [Mon, 9 Oct 2000 09:10:09 +0000 (09:10 +0000)]
Add a compile option so that anyone who really wants to can build a
Win95-only (securityless) version of Pageant. This will refuse to
run at all under NT, so as to avoid the risk of people accidentally
running an insecure binary on a security-requiring system.