Simon Tatham [Sat, 8 Nov 2008 16:45:45 +0000 (16:45 +0000)]
Move out of the SockAddr structure the mutable fields "ai" and
"curraddr", and turn "family" into a macro-derived property of the
other fields. The idea is that this renders SockAddrs immutable once
created, which should open up the possibility of duplicating and
reusing one without having to redo the actual DNS lookup.
I _hope_ I haven't broken anything. The new code architecture
contains several rather dubious-looking operations (namely the
arbitrary choice of the first returned address in functions like
sk_getaddr and sk_address_is_local - what if, for instance, a DNS
lookup returned a local and a non-local address?), but I think they
were functionally just as dubious beforehand and all this change has
done is to make them more obviously so to a reader.
Jacob Nevins [Fri, 17 Oct 2008 20:55:08 +0000 (20:55 +0000)]
Patch from Iain Patterson: fix crash on Windows when GSSAPI auth is attempted
but fails for some reason (such as not having a tgt for the server's realm).
Jacob Nevins [Mon, 13 Oct 2008 22:34:57 +0000 (22:34 +0000)]
Rejig the Translation panel controls and documentation to remove the emphasis
on received data. Experiment and suggestion suggest that the character set
configuration applies equally to keystrokes sent to the server, or at least
that that's close enough to being true that we should document it as a first
approximation.
Simon Tatham [Tue, 7 Oct 2008 17:48:59 +0000 (17:48 +0000)]
sshrsa.c now obeys the RFC793 Robustness Principle when it comes to
the ordering of the primes in a fully specified RSA private key:
when the key format typically has p > q, it will always output p > q
but be willing to tolerate p < q on input. (Inspired by seeing an
OpenSSH-format key file in the wild which had p < q, which I've
never seen before; I suspect a third-party application incautiously
generating the format.)
Simon Tatham [Tue, 16 Sep 2008 22:56:08 +0000 (22:56 +0000)]
Further correction: on reflection, after examining all the call
sites for uint64_make(), we _shouldn't_ attempt to preserve high
bits in the low-order argument; it turns out not to be what the call
sites want.
Simon Tatham [Tue, 16 Sep 2008 18:21:33 +0000 (18:21 +0000)]
64-bit cleanliness in int64.c. This is all hideous; really I ought
to be trying harder to find a 32-bit type rather than making a
uint64 structure out of two potentially 64-bit unsigned longs. And
really I ought to be using the C99 64-bit integers anyway if they're
available. But this should do for the moment.
Simon Tatham [Sun, 14 Sep 2008 15:11:42 +0000 (15:11 +0000)]
Some Windows keymaps, it turns out, don't translate the key
combination Ctrl + \ as the Ctrl-\ character. All of mine have, but
at least one laptop turns out not to. Do so explicitly.
Jacob Nevins [Tue, 9 Sep 2008 20:36:40 +0000 (20:36 +0000)]
If we got a keyboard-interactive INFO_REQUEST with an "instruction" string but
no actual prompts, we weren't displaying the former, which was wrong. We
should now (although I haven't found a server to test it against).
Simon Tatham [Mon, 1 Sep 2008 17:56:20 +0000 (17:56 +0000)]
Fix punctuation in the large print statements. In particular, one
semicolon which crept in in r8138 was causing a lot of the "make
install" implementation to be missing from Makefile.gtk.
Simon Tatham [Sun, 31 Aug 2008 21:45:39 +0000 (21:45 +0000)]
Good grief. When I originally wrote the local proxy code two years
ago, I apparently caused all data received from local proxies to be
unconditionally tagged as TCP Urgent. Most network backends ignore
this, but it's critical to the Telnet backend, which will ignore all
Urgent-marked data in the assumption that there's a SYNCH on its way
that it should wait for. Nobody has noticed in two years, presumably
meaning that nobody has ever tried to do Telnet over a local proxy
in that time.
Simon Tatham [Sun, 31 Aug 2008 19:18:17 +0000 (19:18 +0000)]
Colin Watson points out an apparently erroneous cast: Ssh_gss_name
and gss_name_t are supposed to be congruent types, so a pointer to
one should never be cast to a non-indirect instance of the other.
Simon Tatham [Sun, 31 Aug 2008 17:12:37 +0000 (17:12 +0000)]
Minor code cleanup: I just happened to be looking at this file for
other reasons and I noticed that the list of TELOPTs is given twice
and hence needs to be kept in sync. Replace with my now-standard
second-order-macro approach which allows the list to be maintained
in only one place.
Jacob Nevins [Wed, 20 Aug 2008 22:21:04 +0000 (22:21 +0000)]
Fix for portfwd-addr-family: on Unix, when a tunnel is specified as "Auto"
(rather than IPv4 or IPv6-only; this is the default), try to open up listening
sockets on both address families, rather than (unhelpfully) just IPv6. (And
don't open one if the other can't be bound, in a nod to CVE-2008-1483.)
Based on a patch from Ben A L Jemmett.
Simon Tatham [Thu, 17 Jul 2008 17:01:27 +0000 (17:01 +0000)]
At least one version of gcc won't figure out that "clear" is never
read uninitialised (because the only circumstance under which it
isn't initialised is when "update" is FALSE, in which case it isn't
read either). Placate it.
Simon Tatham [Sun, 6 Jul 2008 12:24:56 +0000 (12:24 +0000)]
Patch from Tim Kosse: check back->exitcode() in both loops on
ssh_sftp_loop_iteration(), not just one. Fixes exiting on a negative
response to the host key confirmation prompt on Windows (because
winsftp.c doesn't have the equivalent of uxsftp.c's no_fds_ok); on
Unix it worked already but gave a suboptimal error message, which is
fixed too by this patch.
Jacob Nevins [Sun, 15 Jun 2008 12:39:09 +0000 (12:39 +0000)]
Exorcise beeps from the Colours pane in Gtk.
The colour list box beeped at the user whenever it found that
something other than exactly one colour was selected. This seems to
happen implicitly in Gtk when the pane is changed. In Gtk1, this gave
you a beep whenever you left the Colours dialog after having selected
a colour from the list; in Gtk2, you additionally got a beep _every_
time you subsequently re-entered the Colours dialog (for reasons I
haven't investigated). Windows was unaffected.
Also, in Gtk (unlike Windows), it's possible for the user to go back
to the state where no items in the list box are selected at all.
For these reasons, stop beeping at the user, and instead blank the RGB
edit boxes as a hint that edits to them would be futile. (Really we
should be disabling them entirely, but the cross-platform edit
controls aren't up to that yet.)
Simon Tatham [Wed, 11 Jun 2008 18:03:35 +0000 (18:03 +0000)]
Work around a bug in early versions of GTK (which I'm still forced
to use, gah) in which the "model" argument to
gtk_tree_selection_get_selected_rows() couldn't be NULL.
Simon Tatham [Tue, 10 Jun 2008 20:18:23 +0000 (20:18 +0000)]
Manfred Schwarb points out that scroll wheel support stopped working
with the switch to GTK2. This turns out to be because, where GTK1
represented the scroll wheel as mouse buttons 4 and 5 and generated
GdkEventButton when it was moved, GTK2 has moved wheel actions out
into a new event type GdkEventScroll which we were not handling. Now
we do, so scroll wheel support should be back in place.
Simon Tatham [Sat, 7 Jun 2008 16:30:45 +0000 (16:30 +0000)]
Manfred Schwarb also mentions that Alt+drag is captured by at least
one well known window manager (KDE's); document that Shift+Alt+drag
is worth trying as a workaround.
Simon Tatham [Thu, 5 Jun 2008 17:06:39 +0000 (17:06 +0000)]
Add an include statement to Makefile.gtk that imports if present a
file called Makefile.local. This means that if you're compiling on a
platform that needs COMPAT definitions, you can put them in a local
file and not have to type them on the command line every time.
Simon Tatham [Sun, 1 Jun 2008 11:16:32 +0000 (11:16 +0000)]
Been meaning to do this for years: introduce a configuration option
to manually tweak the host name and port number under which the SSH
host key is read and written.
I've put it in the cross-platform Connection panel. Partly under the
flimsy pretext that other backends _can_ use it if they so wish (and
in fact it overrides the host name for title-bar purposes in all
network backends, though it has no other effect in anything but
SSH); but mostly because the SSH panel was too full already :-)
Jacob Nevins [Sat, 31 May 2008 17:22:29 +0000 (17:22 +0000)]
Apparently Vista's printf-like functions don't support %n by default.
We could explicitly re-enable %n, but we only use it in one place, so take
the path of least resistance and remove that single instance. This stops
dupvprintf() getting stuck in a loop (a behaviour that's caused by a workaround
for a broken libc).
Simon Tatham [Wed, 28 May 2008 19:23:57 +0000 (19:23 +0000)]
OS X Leopard, it turns out, has a new and exciting strategy for
addressing X displays. Update PuTTY's display-name-to-Unix-socket-
path translation code to cope with it, thus causing X forwarding to
start working again on Leopard.
Simon Tatham [Fri, 11 Apr 2008 13:28:38 +0000 (13:28 +0000)]
Utterly hideous new approach to extracting install-sh from the
autoconf/automake edifice, since my previous approach of guessing
its pathname turns out not to work on at least one kind of system.
Simon Tatham [Sat, 22 Mar 2008 12:01:16 +0000 (12:01 +0000)]
For convenience of debugging, and perhaps some real convenience at
some point too: introduce a bunch of environment variables which can
override Unix PuTTY's usual idea of where to find its dotfiles.
Setting PUTTYDIR moves the entire ~/.putty directory; setting
PUTTYSESSIONS, PUTTYSSHHOSTKEYS or PUTTYRANDOMSEED move specific
things within that directory.
While I'm here, also be prepared to fall back to password file
lookups if $HOME is undefined (though we still use $HOME in
preference when it is defined, because that's polite and useful).
Also, on general principles, tweak the make_filename() function
prototype so it doesn't rely on fixed-size buffers.
Simon Tatham [Fri, 7 Mar 2008 18:30:37 +0000 (18:30 +0000)]
Fix a cursor positioning infelicity.
The scenario: I start a small, say 80x24, pterm. I do some work in
it, generating plenty of scrollback, and eventually I `less' a file.
`less' switches to the alt screen. Then I want more vertical space
to look at the file, so I enlarge the window to more like 80x60.
When I quit `less' and switch back to the primary screen, some
scrollback has been pulled down into the screen, as expected - but
the saved _cursor position_ is still at line 24, not at the bottom
of the new terminal where the prompt it goes with has moved to.
Solution: term_size() should adjust the alt-screen saved cursor
positions as well as the normal cursor position.
(Curiously, the problem doesn't happen on my home Debian box, even
without this fix. It happens on my RH9 box at work, though.)
Simon Tatham [Thu, 21 Feb 2008 09:18:24 +0000 (09:18 +0000)]
Aha, _that's_ why I've been periodically getting blocking-write
problems using Unix PuTTY port forwarding. Sockets we create by
connect() are immediately set into nonblocking mode by fcntl, but
sockets we create by accept() were not. This trivial fix should help.
Ben Harris [Wed, 5 Dec 2007 00:02:06 +0000 (00:02 +0000)]
Add a new bug-compatibility mode that limits the window size we'll
advertise so that the server can't exceed our maximum packet size.
Enable it for "1.36_sshlib GlobalSCAPE" which apparently sends oversize
packets otherwise.
Simon Tatham [Mon, 26 Nov 2007 21:09:54 +0000 (21:09 +0000)]
sktree is indexed on the numeric value of the socket structure's
underlying WinSock SOCKET. Therefore, if we plan to modify the
SOCKET in a socket, we must remove it from the tree before doing so,
and put it back again afterwards. Otherwise it'll violate the tree's
sorting order, and sooner or later someone will try to find it and
get back NULL.
Jacob Nevins [Fri, 19 Oct 2007 21:47:47 +0000 (21:47 +0000)]
Marc TERRIER pointed out a couple of places that claim there is an X11
forwarding checkbox on the Tunnels panel, which hasn't been the case for
a while.
Ben Harris [Wed, 3 Oct 2007 20:29:27 +0000 (20:29 +0000)]
Take the code that does flow control in SSH-1, and make it work in SSH-2
as well. This won't be triggered in the usual case, but it's useful
if the remote end ignores our window, or if we're in "simple" mode and
setting the window far larger than is necessary.
Ben Harris [Tue, 2 Oct 2007 21:43:53 +0000 (21:43 +0000)]
More fixes to stdout and stderr. When the backlog on either clears, call
the backend's unthrottle function. If we don't, we'll deadlock. While
we're here, also pump as much data as possible out during each call to
try_output(), rather than restricting ourselves to a single call to
write().
Ben Harris [Tue, 2 Oct 2007 21:07:52 +0000 (21:07 +0000)]
As far as I can see (at least in NetBSD) O_NONBLOCK and FIONBIO are equivalent,
except that O_NONBLOCK is standardised and FIONBIO isn't. In consequence,
replace our only use of FIONBIO with O_NONBLOCK.
Inspired by Jonathan H N Chin, who had problems with this on Solaris.
Ben Harris [Mon, 1 Oct 2007 21:11:11 +0000 (21:11 +0000)]
Rather than rejecting spurious SSH_MSG_CHANNEL_SUCCESSes, and ignoring
spurious SSH_MSG_CHANNEL_FAILUREs, treat them as the protocol errors
they are and forcibly disconnect. Inspired by recent traffic on
comp.security.ssh.
Ben Harris [Sun, 30 Sep 2007 19:42:31 +0000 (19:42 +0000)]
Merge the looking up of channel numbers for SSH-2 channel messages into
a single function which also handles checking that channels exist and
are properly open. This should make PuTTY a little less tolerant of
servers that send bogus messages.
Ben Harris [Sun, 30 Sep 2007 12:45:49 +0000 (12:45 +0000)]
When writing session data to stdout or stderr, switch the relevant file
descriptor into non-blocking mode temporarily, and correctly handle returns
of EAGAIN from write(). This should fix unix-plink-stdout-nonblock, while
avoiding EAGAIN turning up where we aren't expecting it.
Ben Harris [Sat, 29 Sep 2007 12:27:45 +0000 (12:27 +0000)]
Add support for resetting the terminal modes on stderr to something sensible
before printing error messages to it. This should fix the stair-stepping
in Plink's progress messages.
Ben Harris [Mon, 24 Sep 2007 21:43:48 +0000 (21:43 +0000)]
My changes in r7738 (O_NONBLOCK for Unix Plink) were half-arsed, and
completely broke interactive logins. The problem, or at least one of the
problems, was that in interactive use stdin, stdout, and stderr tend to be
the same file, so setting O_NONBLOCK on the latter two also sets it on the
former. Thus, we need to cope with all of them being non-blocking.
Ben Harris [Mon, 24 Sep 2007 15:18:11 +0000 (15:18 +0000)]
Add support for automatically tuning the SSH-2 window size for decent
performance. The theory behind this is fairly simple, though the
implementation turns out to be a little trickier than it looks.
The basic idea is that when the connection isn't being limited by our ability
to process data, we want to ensure that the window size _as seen by the server_
never drops to zero. Measuring the server's view of the window size is done
by arranging for it to acknowledge every SSH_MSG_CHANNEL_WINDOW_ADJUST, or
rather an SSH_MSG_CHANNEL_REQUEST sent just before it. That way we can tell
when it its outgoing data stream it received the window adjustment, and
thus how small the server's view of the window got.
At present, we only ever increase the window size. In theory, we could
arrange to reduce it again if the server's view of it seemed to be persistently
too large, but my experiments suggest that getting this right will be tricky.
Ben Harris [Thu, 20 Sep 2007 21:33:21 +0000 (21:33 +0000)]
Don't try SSH-1 RSA authentication unless the server has advertised support
for it. It's possible that this obsoletes BUG_CHOKES_ON_RSA. Certainly
the one SSH-1.5-Cisco-1.25 server I found was correctly not advertising RSA
auth. For now, leave it in, because I'm not feeling entirely confident.
Ben Harris [Thu, 20 Sep 2007 21:07:24 +0000 (21:07 +0000)]
In SSH-1, don't attempt password authentication unless the server has
announced support for it. Instead exit with a fatal error (since password
auth is our last resort).
Ben Harris [Tue, 7 Aug 2007 22:02:03 +0000 (22:02 +0000)]
Correctly terminate nc target hostname when copying it.
While we're here, use memcpy rather than strncpy when we've already worked
out how much we're going to copy.
Ben Harris [Mon, 6 Aug 2007 20:56:52 +0000 (20:56 +0000)]
Use "int" rather than "unsigned" as the argument to ssh2_set_window, not
because it can ever be negative, but because we'll be comparing it with
another int. This way, C's promotion rules don't bite us and we should
stand slightly more chance of coping with broken servers that overrun our
window.
Ben Harris [Sun, 5 Aug 2007 14:18:43 +0000 (14:18 +0000)]
Small window-handling tweaks. Set the default big window to 0x7fffffff bytes,
and tweak ssh2_set_window() so it can cope with that. Also arrange to send
a private channel message in simple mode to tell the server that it can safely
use a large window too.
Ben Harris [Sat, 4 Aug 2007 22:14:19 +0000 (22:14 +0000)]
In the file-transfer applications, which only ever use the main
channel, arrange to set the SSH-2 window size to something very
large. This prevents the connection stalling when the window fills
up, and means that PSCP receives data _much_ faster.
Ben Harris [Sat, 4 Aug 2007 16:04:08 +0000 (16:04 +0000)]
Tweak window handling so that we send a window adjust if the window is half
used up, rather than over half. That this increases the throughput of PSCP
by 50% indicates just how broken our window handling is.
Ben Harris [Sat, 4 Aug 2007 15:48:52 +0000 (15:48 +0000)]
When omitting session data from logs, don't omit the length of the session
data string. This isn't strictly necessary, but it makes the logs easier to
use.
Ben Harris [Sat, 4 Aug 2007 14:32:06 +0000 (14:32 +0000)]
Tweak to window handling: Keep the local window in a signed integer, and
arrange to handle usefully the case where the server sends us more data
than it's allowed to. There's no danger of overflow, since the maximum is
OUR_V2_WINSIZE and the minimum is -OUR_V2_MAXPKT (at least if the server is
nice).
Ben Harris [Sun, 29 Jul 2007 14:02:00 +0000 (14:02 +0000)]
Don't throw away data that we receive before we're ready for it. Just save
it up for later. This should prevent hangs when talking to particularly
enthusiastic servers.
Ben Harris [Sat, 21 Jul 2007 21:39:36 +0000 (21:39 +0000)]
Split pkt_ctx into a separate enumeration for each of kex and userauth
instead of a bitfield for both. This doesn't gain much here, but it should
make it easier to make things other than logging use the context.
Ben Harris [Sat, 21 Jul 2007 13:43:57 +0000 (13:43 +0000)]
Arrange that log_packet() isn't called for raw data logging if logctx is null.
This allows us to send data in ssh_init(), albeit at the expense of its not
being properly logged, so arrange to send the version string then if that's
sensible, which should reduce the number of round-trips required to bring
up an SSH-2 connection.