Simon Tatham [Fri, 28 Nov 2008 18:28:23 +0000 (18:28 +0000)]
Move the code that reads the Windows clipboard into a trivial
subthread, so that it won't deadlock if fetching the content of the
clipboard turns out to depend on a network connection forwarded
through PuTTY.
Ben Harris [Wed, 26 Nov 2008 14:30:58 +0000 (14:30 +0000)]
Jacob correctly points out that I accidentally lost a clearing of
s->gss_sndtok in r8326. I'm not sure it was strictly necessary, since
even if there's no send token, gss_init_sec_context() is meant to explicitly
make it empty, but it wasn't an intentional change.
Ben Harris [Wed, 26 Nov 2008 12:49:25 +0000 (12:49 +0000)]
Mitigation for VU#958563: When using a CBC-mode server-to-client cipher
under SSH-2, don't risk looking at the length field of an incoming packet
until we've successfully MAC'ed the packet.
This requires a change to the MAC mechanics so that we can calculate MACs
incrementally, and output a MAC for the packet so far while still being
able to add more data to the packet later.
Ben Harris [Tue, 25 Nov 2008 22:11:17 +0000 (22:11 +0000)]
Now that we use real gss_buffer_ts, there's no need to muck about with
casts when passing them to GSS-API functions. Removing them makes the code
more readable and allows better type-checking.
Simon Tatham [Tue, 25 Nov 2008 18:54:05 +0000 (18:54 +0000)]
Have wingss.c include <windows.h> by way of putty.h rather than
directly. Fixes a build failure involving name clashes between
winsock2.h and winsock.h, which had somehow managed to get included
in succession.
Jacob Nevins [Tue, 25 Nov 2008 18:43:52 +0000 (18:43 +0000)]
Fixed a PuTTYtel startup assertion failure introduced in r8305.
While I'm here, a cosmetic PuTTYtel change: remove a reference to SSH from the
"logical host name" label in PuTTYtel only.
Ben Harris [Mon, 24 Nov 2008 23:44:55 +0000 (23:44 +0000)]
Change how we handle the Ssh_gss_buf type. Previously, we defined it
ourselves, but on Unix then assumed it was compatible with the system's
gss_buffer_desc, which wasn't the case on LP64 systems. Now, on Unix
we make Ssh_gss_buf into an alias for gss_buffer_desc, though we keep
something similar to the existing behaviour on Windows. This requires
renaming a couple of the fields in Ssh_gss_buf, and hence fixing all
the references.
Tested on Linux (MIT Kerberos) and Solaris. Compiled on NetBSD (Heimdal).
Not tested on Windows because neither mingw32 nor winegcc worked out of the
box for me. I think the Windows changes are all syntactic, though, so
if this compiles it should work no worse than before.
Jacob Nevins [Mon, 24 Nov 2008 17:51:42 +0000 (17:51 +0000)]
New option to allow use of the local OS username for login to the remote side
if we have no better ideas, with UI shamelessly stolen from Quest PuTTY.
Off by default, which effectively reverts the change to using the local
username by default that came in with GSSAPI support in r8138. Anyone wanting
seamless single sign-on will need to set the new option. (The previous
default behaviour was getting in the way in ad-hoc scenarios.)
Note that the PSCP and Unix-Plink behaviour of using the local username by
default have remained unchanged throughout; they are not affected by the new
option. Not sure if that's the Right Thing.
Ben Harris [Sat, 22 Nov 2008 22:06:42 +0000 (22:06 +0000)]
Changes to make this compile on Solaris 9: use <gssapi/gssapi.h> rather
than <gssapi/gssapi_krb5.h> and provide the OID for Kerberos 5 ourselves
(since it's a known constant). I'm not sure this actually works on Solaris
yet, mind.
Simon Tatham [Mon, 17 Nov 2008 18:38:09 +0000 (18:38 +0000)]
Revamp of the local X11 connection code. We now parse X display
strings more rigorously, and then we look up the local X authority
data in .Xauthority _ourself_ rather than delegating to an external
xauth program. This is (negligibly) more efficient on Unix, assuming
I haven't got it wrong in some subtle way, but its major benefit is
that we can now support X authority lookups on Windows as well
provided the user points us at an appropriate X authority file in
the standard format. A new Windows-specific config option has been
added for this purpose.
Simon Tatham [Mon, 17 Nov 2008 18:36:27 +0000 (18:36 +0000)]
Avoid freeing the backend in notify_remote_exit(), since that's
called from within a backend function which will expect its own
backend pointer to still be valid on return. Instead, move all the
real functionality of notify_remote_exit() out into a GTK idle
function.
Simon Tatham [Tue, 11 Nov 2008 07:47:27 +0000 (07:47 +0000)]
In SSH packet logging mode, log SSH-2 packet sequence numbers, in
both directions. We had a bug report yesterday about a Cisco router
sending SSH2_MSG_UNIMPLEMENTED and it wasn't clear for which packet;
logging the sequence numbers should make such problems much easier
to diagnose.
(In fact this logging fix wouldn't have helped in yesterday's case,
because the router also didn't bother to fill in the sequence number
field in the SSH2_MSG_UNIMPLEMENTED packet! This is a precautionary
measure against the next one of these problems.)
Simon Tatham [Sat, 8 Nov 2008 16:45:45 +0000 (16:45 +0000)]
Move out of the SockAddr structure the mutable fields "ai" and
"curraddr", and turn "family" into a macro-derived property of the
other fields. The idea is that this renders SockAddrs immutable once
created, which should open up the possibility of duplicating and
reusing one without having to redo the actual DNS lookup.
I _hope_ I haven't broken anything. The new code architecture
contains several rather dubious-looking operations (namely the
arbitrary choice of the first returned address in functions like
sk_getaddr and sk_address_is_local - what if, for instance, a DNS
lookup returned a local and a non-local address?), but I think they
were functionally just as dubious beforehand and all this change has
done is to make them more obviously so to a reader.
Jacob Nevins [Fri, 17 Oct 2008 20:55:08 +0000 (20:55 +0000)]
Patch from Iain Patterson: fix crash on Windows when GSSAPI auth is attempted
but fails for some reason (such as not having a tgt for the server's realm).
Jacob Nevins [Mon, 13 Oct 2008 22:34:57 +0000 (22:34 +0000)]
Rejig the Translation panel controls and documentation to remove the emphasis
on received data. Experiment and suggestion suggest that the character set
configuration applies equally to keystrokes sent to the server, or at least
that that's close enough to being true that we should document it as a first
approximation.
Simon Tatham [Tue, 7 Oct 2008 17:48:59 +0000 (17:48 +0000)]
sshrsa.c now obeys the RFC793 Robustness Principle when it comes to
the ordering of the primes in a fully specified RSA private key:
when the key format typically has p > q, it will always output p > q
but be willing to tolerate p < q on input. (Inspired by seeing an
OpenSSH-format key file in the wild which had p < q, which I've
never seen before; I suspect a third-party application incautiously
generating the format.)
Simon Tatham [Tue, 16 Sep 2008 22:56:08 +0000 (22:56 +0000)]
Further correction: on reflection, after examining all the call
sites for uint64_make(), we _shouldn't_ attempt to preserve high
bits in the low-order argument; it turns out not to be what the call
sites want.
Simon Tatham [Tue, 16 Sep 2008 18:21:33 +0000 (18:21 +0000)]
64-bit cleanliness in int64.c. This is all hideous; really I ought
to be trying harder to find a 32-bit type rather than making a
uint64 structure out of two potentially 64-bit unsigned longs. And
really I ought to be using the C99 64-bit integers anyway if they're
available. But this should do for the moment.
Simon Tatham [Sun, 14 Sep 2008 15:11:42 +0000 (15:11 +0000)]
Some Windows keymaps, it turns out, don't translate the key
combination Ctrl + \ as the Ctrl-\ character. All of mine have, but
at least one laptop turns out not to. Do so explicitly.
Jacob Nevins [Tue, 9 Sep 2008 20:36:40 +0000 (20:36 +0000)]
If we got a keyboard-interactive INFO_REQUEST with an "instruction" string but
no actual prompts, we weren't displaying the former, which was wrong. We
should now (although I haven't found a server to test it against).
Simon Tatham [Mon, 1 Sep 2008 17:56:20 +0000 (17:56 +0000)]
Fix punctuation in the large print statements. In particular, one
semicolon which crept in in r8138 was causing a lot of the "make
install" implementation to be missing from Makefile.gtk.
Simon Tatham [Sun, 31 Aug 2008 21:45:39 +0000 (21:45 +0000)]
Good grief. When I originally wrote the local proxy code two years
ago, I apparently caused all data received from local proxies to be
unconditionally tagged as TCP Urgent. Most network backends ignore
this, but it's critical to the Telnet backend, which will ignore all
Urgent-marked data in the assumption that there's a SYNCH on its way
that it should wait for. Nobody has noticed in two years, presumably
meaning that nobody has ever tried to do Telnet over a local proxy
in that time.
Simon Tatham [Sun, 31 Aug 2008 19:18:17 +0000 (19:18 +0000)]
Colin Watson points out an apparently erroneous cast: Ssh_gss_name
and gss_name_t are supposed to be congruent types, so a pointer to
one should never be cast to a non-indirect instance of the other.
Simon Tatham [Sun, 31 Aug 2008 17:12:37 +0000 (17:12 +0000)]
Minor code cleanup: I just happened to be looking at this file for
other reasons and I noticed that the list of TELOPTs is given twice
and hence needs to be kept in sync. Replace with my now-standard
second-order-macro approach which allows the list to be maintained
in only one place.
Jacob Nevins [Wed, 20 Aug 2008 22:21:04 +0000 (22:21 +0000)]
Fix for portfwd-addr-family: on Unix, when a tunnel is specified as "Auto"
(rather than IPv4 or IPv6-only; this is the default), try to open up listening
sockets on both address families, rather than (unhelpfully) just IPv6. (And
don't open one if the other can't be bound, in a nod to CVE-2008-1483.)
Based on a patch from Ben A L Jemmett.
[originally from svn r8150]
[this svn revision also touched putty-wishlist]
Simon Tatham [Thu, 17 Jul 2008 17:01:27 +0000 (17:01 +0000)]
At least one version of gcc won't figure out that "clear" is never
read uninitialised (because the only circumstance under which it
isn't initialised is when "update" is FALSE, in which case it isn't
read either). Placate it.
Simon Tatham [Sun, 6 Jul 2008 12:24:56 +0000 (12:24 +0000)]
Patch from Tim Kosse: check back->exitcode() in both loops on
ssh_sftp_loop_iteration(), not just one. Fixes exiting on a negative
response to the host key confirmation prompt on Windows (because
winsftp.c doesn't have the equivalent of uxsftp.c's no_fds_ok); on
Unix it worked already but gave a suboptimal error message, which is
fixed too by this patch.
Jacob Nevins [Sun, 15 Jun 2008 12:39:09 +0000 (12:39 +0000)]
Exorcise beeps from the Colours pane in Gtk.
The colour list box beeped at the user whenever it found that
something other than exactly one colour was selected. This seems to
happen implicitly in Gtk when the pane is changed. In Gtk1, this gave
you a beep whenever you left the Colours dialog after having selected
a colour from the list; in Gtk2, you additionally got a beep _every_
time you subsequently re-entered the Colours dialog (for reasons I
haven't investigated). Windows was unaffected.
Also, in Gtk (unlike Windows), it's possible for the user to go back
to the state where no items in the list box are selected at all.
For these reasons, stop beeping at the user, and instead blank the RGB
edit boxes as a hint that edits to them would be futile. (Really we
should be disabling them entirely, but the cross-platform edit
controls aren't up to that yet.)
Simon Tatham [Wed, 11 Jun 2008 18:03:35 +0000 (18:03 +0000)]
Work around a bug in early versions of GTK (which I'm still forced
to use, gah) in which the "model" argument to
gtk_tree_selection_get_selected_rows() couldn't be NULL.
Simon Tatham [Tue, 10 Jun 2008 20:18:23 +0000 (20:18 +0000)]
Manfred Schwarb points out that scroll wheel support stopped working
with the switch to GTK2. This turns out to be because, where GTK1
represented the scroll wheel as mouse buttons 4 and 5 and generated
GdkEventButton when it was moved, GTK2 has moved wheel actions out
into a new event type GdkEventScroll which we were not handling. Now
we do, so scroll wheel support should be back in place.
Simon Tatham [Sat, 7 Jun 2008 16:30:45 +0000 (16:30 +0000)]
Manfred Schwarb also mentions that Alt+drag is captured by at least
one well known window manager (KDE's); document that Shift+Alt+drag
is worth trying as a workaround.
Simon Tatham [Thu, 5 Jun 2008 17:06:39 +0000 (17:06 +0000)]
Add an include statement to Makefile.gtk that imports if present a
file called Makefile.local. This means that if you're compiling on a
platform that needs COMPAT definitions, you can put them in a local
file and not have to type them on the command line every time.
Simon Tatham [Sun, 1 Jun 2008 11:16:32 +0000 (11:16 +0000)]
Been meaning to do this for years: introduce a configuration option
to manually tweak the host name and port number under which the SSH
host key is read and written.
I've put it in the cross-platform Connection panel. Partly under the
flimsy pretext that other backends _can_ use it if they so wish (and
in fact it overrides the host name for title-bar purposes in all
network backends, though it has no other effect in anything but
SSH); but mostly because the SSH panel was too full already :-)
Simon Tatham [Sat, 31 May 2008 19:23:45 +0000 (19:23 +0000)]
Re-jig the combo box handling ifdefs so that we can compile with GTK
versions >= 2.0 (when the new list boxes came in) but < 2.4 (when
the new combo boxes came in). Since some combo boxes are handled
using the old list-box code, this means that the two lots of code
can both be compiled in at once in some situations!
Jacob Nevins [Sat, 31 May 2008 17:22:29 +0000 (17:22 +0000)]
Apparently Vista's printf-like functions don't support %n by default.
We could explicitly re-enable %n, but we only use it in one place, so take
the path of least resistance and remove that single instance. This stops
dupvprintf() getting stuck in a loop (a behaviour that's caused by a workaround
for a broken libc).
Simon Tatham [Sat, 31 May 2008 13:29:32 +0000 (13:29 +0000)]
On some systems, strncpy is a macro, and putting preprocessor
directives in the middle of a macro invocation appears to be frowned
on. Irritating, but there we go.
Simon Tatham [Wed, 28 May 2008 19:23:57 +0000 (19:23 +0000)]
OS X Leopard, it turns out, has a new and exciting strategy for
addressing X displays. Update PuTTY's display-name-to-Unix-socket-
path translation code to cope with it, thus causing X forwarding to
start working again on Leopard.
Simon Tatham [Mon, 14 Apr 2008 17:57:45 +0000 (17:57 +0000)]
Prevent assertion failure in the case where the user manipulates the
filter checkboxes to filter the currently selected font out of the
family list and then does something in one of the other list boxes
or the size edit box.
Simon Tatham [Sun, 13 Apr 2008 07:48:10 +0000 (07:48 +0000)]
Just noticed that selecting "client:Bitstream Vera Sans Mono 10" in
the font config box and then invoking the unifontsel causes the box
to come up empty rather than populated with that font. Turns out
that I completely forgot to have pangofont_canonify_fontname()
return the flags word, ahem.
Simon Tatham [Fri, 11 Apr 2008 13:28:38 +0000 (13:28 +0000)]
Utterly hideous new approach to extracting install-sh from the
autoconf/automake edifice, since my previous approach of guessing
its pathname turns out not to work on at least one kind of system.
Simon Tatham [Sat, 5 Apr 2008 13:37:20 +0000 (13:37 +0000)]
In the new unified font handling, my strategy so far for combining
client- and server-side fonts into a single namespace was mainly to
hope there would naturally be no collisions, and to provide
disambiguating "client:" and "server:" prefixes for manual use in
emergencies.
Jacob points out, however, that his system not only has a namespace
clash but worse still the clash is at the name "fixed", which is our
default font! So, modify my namespace policy to use the
disambiguating prefixes everywhere by default, and use _unprefixed_
names only if the user types one in by hand.
In particular, I've changed the keys used to store font names in
Unix saved session files. Font names read from the new keys will be
passed straight to the new unifont framework; font names read from
the old keys will have "server:" prepended. So any existing
configuration file for GTK1 PuTTY should now work reliably in GTK2
PuTTY and select the same font, even if that font is one on which
your system (rather, your client+server combination) has a font
namespace clash.
Simon Tatham [Fri, 4 Apr 2008 10:56:26 +0000 (10:56 +0000)]
Reinstate all the GTK1-specific code under ifdefs, and verify that
we can now build and run successfully using both GTK1 and GTK2 by
giving appropriate options to make. (Specifically, to override the
default of GTK2 in favour of GTK1, "make GTK_CONFIG=gtk-config".)
Simon Tatham [Fri, 4 Apr 2008 10:16:24 +0000 (10:16 +0000)]
Rename a structure field to avoid clashing with one of the old GTK1
ones. (I'm going to merge the GTK1 list code back in under ifdefs,
and I want none of the disputed structure fields to have the same
names, so that I'll reliably be told by the compiler if I keep the
wrong piece of code outside the ifdef.)
Simon Tatham [Wed, 2 Apr 2008 17:32:17 +0000 (17:32 +0000)]
Update autoconf for GTK 2. We now check for both GTK2 and GTK1, and
in the presence of GTK 2 we also check to see whether we have a
prehistoric Pango (since Pango itself helpfully doesn't provide that
functionality, bah).
Simon Tatham [Wed, 2 Apr 2008 17:04:21 +0000 (17:04 +0000)]
Another tedious chore off the to-do list. I've just checked over my
custom Columns layout class to see what fiddly details of
GTK2isation were yet to be done. It turns out that all the basic
object management got moved out of GTK into a separate library, so
that all the gtk_object_* calls are deprecated and g_object_* should
be used instead; having done that, though, it all looks perfectly
fine.
Simon Tatham [Wed, 2 Apr 2008 16:26:01 +0000 (16:26 +0000)]
TODO update: I don't think it's worth switching to GTK2's native
shortcut mechanism. The existing code doesn't use any deprecated
calls, and translating shortcut text _into_ Pango markup just sounds
too unpleasant to do if I don't actually have to. Not to mention
that the documentation for the Pango markup language doesn't tell me
how to distinguish a mnemonic underscore prefix from a literal
underscore in label text, but I know my current code can get that
right (the current config box talks about TCP_NODELAY and
SO_KEEPALIVE in widget labels that also have functioning shortcuts).
Simon Tatham [Wed, 2 Apr 2008 14:50:47 +0000 (14:50 +0000)]
Enable the display of server-side font aliases by default in my font
selector. I had previously been worried that the default of not
showing aliases interacted badly with the default actual font
_being_ specified as an alias. One of those defaults had to change,
and I've decided which: `fixed' is staying as Unix PuTTY's default
font in defiance of GTK2's vigorous encouragement of Pango.
Simon Tatham [Wed, 2 Apr 2008 14:48:06 +0000 (14:48 +0000)]
Update all the list box code in gtkdlg.c to use the new-style GTK2
GtkTreeView, GtkComboBox and GtkComboBoxEntry instead of the various
old deprecated stuff. Immediate benefit: GTK2 natively supports real
drag lists, hooray!
Simon Tatham [Sat, 29 Mar 2008 20:02:12 +0000 (20:02 +0000)]
I give up. I can't work out what the purpose of the call to
gtk_container_dequeue_resize_handler in request_resize() was;
everything seems to work fine without it. So I'm removing the
nonportable GTK 2 instance of it, and if anything ever goes wrong as
a result then I'll at least find out what the problem was.
Simon Tatham [Sat, 29 Mar 2008 15:44:32 +0000 (15:44 +0000)]
Be more picky than Pango when validating a Pango font description
string. Without this, Richard B reports that Pango 1.18 will treat
_anything_ as valid, which means PuTTY can never fall back to X
fonts.
Simon Tatham [Sat, 29 Mar 2008 14:54:55 +0000 (14:54 +0000)]
Aha, _that's_ why there was some unexplained space on the RHS of the
font selector: I had got the row and column counts in
gtk_table_new() back to front, so the space on the right was the
padding around five empty table columns! (And apparently a GtkTable
silently expands if you try to use rows that don't exist, which is
why I hadn't already noticed.)
Fixed that, and added some padding around the entire table. I think
my font selector is now finished, except for any bug fixes that come
up in testing.
Simon Tatham [Sat, 29 Mar 2008 14:21:25 +0000 (14:21 +0000)]
Deal with the possibility of no valid font being selected at all
during an entire run of unifontsel (because unifontsel_set_name was
either not called at all, or called with a name that didn't
correspond to any known font). In this situation we grey out the OK
button until a valid font is selected, and we have
unifontsel_get_name return NULL rather than failing an assertion if
it should be called in that state. The current client code in
gtkdlg.c should never encounter a NULL return, since it only calls
it after the OK button is clicked, but I've stuck an assertion in
there too on general principles.
Simon Tatham [Sat, 29 Mar 2008 10:48:16 +0000 (10:48 +0000)]
Detect non-monospaced X fonts, and respond by drawing text one
character at a time centred in its character cell, as we do for
Pango. Gives much better results for those non-monospaced fonts
which are usable as terminal fonts, and shows up the problems with
the others more readily. (In particular, this means the preview pane
in the font selector now warns you there will be trouble if you
select such a font.)
Simon Tatham [Sat, 29 Mar 2008 10:16:48 +0000 (10:16 +0000)]
When the user switches between fonts using the font family or style
selectors, preserve their most recent size selection as faithfully
as possible. We do this by having a secondary size variable
indicating what they _intend_, so we can come back to their intended
size even after going through a font which doesn't include it.
Simon Tatham [Thu, 27 Mar 2008 19:53:28 +0000 (19:53 +0000)]
Move the font-preview updating code out into a separate function so
we can call it both when the drawing area changes size and when the
selected font changes. As a result, the preview pane doesn't start
off blank any more.
Simon Tatham [Thu, 27 Mar 2008 19:41:08 +0000 (19:41 +0000)]
More consistent handling of X11 font aliases: we now don't resolve
them automatically. If the user selects an alias in the font
selector, they get that alias copied literally into the output font
name string; when they return to the font selector, the alias is
still selected. We still _can_ resolve aliases, but we only do it on
demand: double-clicking one in the list box will do the job.
Simon Tatham [Wed, 26 Mar 2008 20:20:25 +0000 (20:20 +0000)]
Sort the styles of Pango font families into a sensible order,
instead of alphabetical order. This is more than cosmetic: it's
important because the first one in the list is selected by default.