Simon Tatham [Sat, 8 Sep 2001 15:16:30 +0000 (15:16 +0000)]
Fix potential float screwup in scp percentage indicator. (Don't
compute (100*a)/b. Instead compute 100*(a/b), because that way
there's no chance that 100*a will become inexact enough to fail to
yield 100 when a==b.)
Simon Tatham [Fri, 7 Sep 2001 22:58:00 +0000 (22:58 +0000)]
Another patch from RDB: prevent luni_send from sending a particular
range of Unicode characters. Not entirely sure I understand this one
but I trust that RDB knows what he's talking about with Unicode.
Simon Tatham [Fri, 7 Sep 2001 22:52:51 +0000 (22:52 +0000)]
RDB points out that when you memset a newly allocated structure to
zero, covering the size of the _structure_ rather than the size of
the pointer to it might help :-)
Simon Tatham [Fri, 7 Sep 2001 22:51:52 +0000 (22:51 +0000)]
RDB's session logging patch: due to some ghastly special case, UTF-8
characters that failed the UTF-8 canonicality rules were being sent
to the session log twice. Sounds trivial, but I bet it'd have
confused anyone who turned on session logging precisely to track
down a canonicality bug :-)
Simon Tatham [Fri, 7 Sep 2001 22:45:05 +0000 (22:45 +0000)]
Patch from RDB: in the case where the protocol read from the
settings file is unrecognised (i.e. PuTTYtel reading PuTTY's
registry), fall back to the default _port_ as well as the default
protocol.
Simon Tatham [Fri, 7 Sep 2001 22:39:01 +0000 (22:39 +0000)]
Robert de Bath's asynchronous-connect patch. Helps a lot in port
forwarding; improves Event Log; and causes the PuTTY window to
appear earlier in the setup process.
Simon Tatham [Fri, 7 Sep 2001 21:39:03 +0000 (21:39 +0000)]
Robert de Bath's `Patch.a_alt_key': clean up the handling of
Alt-Space, Alt-only and the System menu. It lets Windows do more of
the work, and also saves a static variable, so it must be good :-)
Simon Tatham [Fri, 7 Sep 2001 20:35:38 +0000 (20:35 +0000)]
Jacob's patch to cause Shift to return to copy-and-paste when xterm
mouse tracking is enabled. (This can be turned off if your app
really wants Shift+mouse, but it defaults to on for general
usefulness.)
Simon Tatham [Wed, 5 Sep 2001 22:04:19 +0000 (22:04 +0000)]
Fix the intermittent fault in the socket layer that was occasionally
bombing out X forwarding. It turns out to be a workaround for YET
ANOTHER useless WinSock implementation. Arrgh!
Simon Tatham [Wed, 5 Sep 2001 21:01:04 +0000 (21:01 +0000)]
Unicode cleanup phase 2: we now reintroduce the ability to enter a
numeric code page, and also reinstate the direct-to-font zero
translation mode (but now under an actual _name_ rather than blank).
Also add CP437 to the list since at least one expatriate DOS user
wanted it; also select a sensible ISO or KOI codepage based on the
system locale.
Simon Tatham [Wed, 5 Sep 2001 19:58:25 +0000 (19:58 +0000)]
Better yet, look for sftp-server on the user's PATH as well, which
allows individual users with shell access to install it without
reference to the admin.
Simon Tatham [Wed, 5 Sep 2001 19:48:52 +0000 (19:48 +0000)]
PSFTP will now attempt to find /usr/[local]/lib/sftp-server if it
can't start the sftp subsystem. This should enable convenient sftp
access to SSH1-only systems: all the admin needs is to install
sftp-server in the right place.
Simon Tatham [Wed, 5 Sep 2001 19:33:12 +0000 (19:33 +0000)]
When pscp in SFTP mode does client-side matching of a server-side
wildcard, it's polite to let the user know if the wildcard didn't
match any file names.
Simon Tatham [Tue, 28 Aug 2001 12:26:16 +0000 (12:26 +0000)]
stripslashes() should have been dealing with colons as well. I don't
_think_ there was an exploit (even if the server sends "c:foobar",
the client will not attempt to create "c:foobar"; instead it will
try to create ".\c:foobar" which will fail), but it's as well to be
sure.
Simon Tatham [Tue, 28 Aug 2001 12:24:50 +0000 (12:24 +0000)]
Semantic fix in the X11 `authentication failed' error packet
construction. Doesn't actually affect anything right now, since the
bug was a failure to round a length up to the next multiple of 4 and
it so happens that our current message was exactly 40 bytes anyway
:-) But if we start giving a wider variety of messages one day then
it might be handy to be able to do them without gratuitous crashes.
Simon Tatham [Tue, 28 Aug 2001 08:43:33 +0000 (08:43 +0000)]
D'oh! Putting keyboard-interactive authentication _before_ publickey
causes password login to occur on a server that supports password-
through-k-i. Of course when we use the new preference list mechanism
for selecting the order of authentications this will all become much
more sane, but for the moment I've put publickey back up to the top
and things seem to be happier.
Simon Tatham [Tue, 28 Aug 2001 08:36:27 +0000 (08:36 +0000)]
Fix externally added SSH1 keys in Pageant. I have no idea how this
code _ever_ worked before! But it's been like this for four months
and nobody has noticed, including me. That's quite spooky.
Simon Tatham [Mon, 27 Aug 2001 17:40:03 +0000 (17:40 +0000)]
PuTTYgen: add an extra button to save a public key into a file
(as well as showing it for cut and paste). For SSH1, this feature is
largely cosmetic and added for orthogonality; it comes into its own
in SSH2, where it saves the Official One True Public Key Format as
specified in the draft spec, and more particularly as used by
ssh.com's product for authentication. Now that ssh-3.0.1 supports
RSA user keys, this is suddenly actually useful.
Simon Tatham [Mon, 27 Aug 2001 15:59:37 +0000 (15:59 +0000)]
Port forwarding update: local-host-only listening sockets are now
done properly (by binding to INADDR_LOOPBACK) instead of hackishly
(by binding to INADDR_ANY, looking at the peer address when a
connection is accepted, and slamming the connection shut at that
point).
Simon Tatham [Mon, 27 Aug 2001 15:13:14 +0000 (15:13 +0000)]
Port forwarding bug fix: we were unable to handle receiving
CHANNEL_OPEN_FAILURE messages, which occur when the remote side is
unable to open a forwarded network connection we have requested. (It
seems they _don't_ show up if you get something mundane like
Connection Refused - the channel is cheerfully opened and
immediately slammed shut - but they do if you try to connect to a
host that doesn't even exist. Try forwarding a port to
frogwibbler:4800 and see what you get.)
Simon Tatham [Mon, 27 Aug 2001 15:02:52 +0000 (15:02 +0000)]
Finally tighten up the server-side wildcard security hole, the
_right_ way. (SSWs are disabled by default and can be re-enabled
using `-unsafe', meaning that pscp will _never_ do anything
unexpected to your local file system unless you explicitly give
consent. The sftp-based variant will work fine because the
corresponding mechanism is _not_ unsafe.)
Simon Tatham [Mon, 27 Aug 2001 10:24:55 +0000 (10:24 +0000)]
Minor modification: in remote->local non-recursive mode matching a
wildcard, we don't abandon ship completely if the wildcard matches a
directory; we just warn and carry on with the rest.
Simon Tatham [Sun, 26 Aug 2001 18:32:28 +0000 (18:32 +0000)]
PSCP now uses the modern SFTP protocol if it can, and falls back to
scp1 if it can't. Currently not very tested - I checked it in as
soon as it completed a successful recursive copy in both directions.
Also, one known bug: you can't specify a remote wildcard, because by
the nature of SFTP we'll need to implement the wildcard engine on
the client side. I do intend to do this (and use the same wildcard
engine in PSFTP as well) but I haven't got round to it yet.
Simon Tatham [Sun, 26 Aug 2001 15:45:55 +0000 (15:45 +0000)]
Arrgh; yet again I make my security checking too draconian to
actually get things done. I'm sure this is the second time I've
checked in this mistake :-/ Still, this time I've got right to the
bottom of the cause, and commented it clearly. Phew.
Simon Tatham [Sun, 26 Aug 2001 15:31:29 +0000 (15:31 +0000)]
Further tightening up in PSCP. Fixed a couple more holes whereby a
malicious SCP server could have written to areas other than the ones
the user requested; cleared up buffer overruns everywhere. Hopefully
we now do not use arbitrary buffer limits _anywhere_.
Simon Tatham [Sun, 26 Aug 2001 14:53:51 +0000 (14:53 +0000)]
Preparatory work for allowing PSCP to work over SFTP as well as old-
style scp1. I've built a layer of abstraction covering all the gory
details of the old scp network protocol.
Simon Tatham [Sat, 25 Aug 2001 19:33:33 +0000 (19:33 +0000)]
Jacob's patch for a drag-list to select SSH ciphers. Heavily hacked
by me to make the drag list behaviour slightly more intuitive.
WARNING: DO NOT LOOK AT pl_itemfrompt() IF YOU ARE SQUEAMISH.
Simon Tatham [Sat, 25 Aug 2001 17:09:23 +0000 (17:09 +0000)]
Extensive changes that _should_ fix the socket buffering problems,
by ceasing to listen on input channels if the corresponding output
channel isn't accepting data. Has had basic check-I-didn't-actually-
break-anything-too-badly testing, but hasn't been genuinely tested
in stress conditions (because concocting stress conditions is non-
trivial).
Simon Tatham [Wed, 22 Aug 2001 19:47:05 +0000 (19:47 +0000)]
Fix to allow more than one challenge/response pair during
keyboard-interactive authentication. UNTESTED except that I checked
it compiles. Will ask for testing from the user who complained.
Simon Tatham [Sun, 12 Aug 2001 19:25:21 +0000 (19:25 +0000)]
First phase of Unicode polishing: replace the edit box with a combo
box. Also default to ISO8859-1 so that CSI works in the default
mode; this is ridiculously Western-centric but I can't honestly
think of a better option.
Simon Tatham [Thu, 9 Aug 2001 21:22:38 +0000 (21:22 +0000)]
Stop yelling about Access Denied if the server refuses even to
attempt keyboard-interactive authentication. We can yell about it if
we make a creditable attempt and are rejected, but if the server
just refuses to even consider it then the user won't really want to
know (and if they do there's the Event Log).
Simon Tatham [Wed, 8 Aug 2001 20:44:35 +0000 (20:44 +0000)]
SSH port forwarding! How cool is that?
Only currently works on SSH1; SSH2 should be doable but it's late
and I have other things to do tonight. The Cool Guy award for this
one goes to Nicolas Barry, for doing most of the work and actually
understanding the code he was adding to.
Simon Tatham [Sat, 4 Aug 2001 15:45:25 +0000 (15:45 +0000)]
Glenn Maynard's patch completely disabled PuTTY{,tel} on any system
that didn't support OSVERSIONINFOEX. For example, such wildly out of
date things as NT4. Now fixed.
Simon Tatham [Tue, 31 Jul 2001 14:23:21 +0000 (14:23 +0000)]
Yet another possible segfault path in the backends fixed. I don't
_believe_ I'm still finding these. I have no idea what I was
thinking when I wrote this stuff.
Simon Tatham [Fri, 15 Jun 2001 19:31:10 +0000 (19:31 +0000)]
Add some extra documentation: filled in the Getting Started chapter,
added an introduction to public key authentication, and made a
couple of changes in intro.but. Transatlantic flights have some uses
after all.
Simon Tatham [Mon, 21 May 2001 13:33:12 +0000 (13:33 +0000)]
Oops - fixing the line-resizing segfault introduced a new
line-resizing segfault! Remind me to test under Minefield next time.
Should now be fine, as I've just done so.
Simon Tatham [Sat, 19 May 2001 15:23:12 +0000 (15:23 +0000)]
Add some spare SetForegroundWindow and SetActiveWindow calls to try
to improve window behaviour. Also make the About box a subdialog of
the config box instead of a separate child of the root.