Simon Tatham [Mon, 1 Dec 2008 23:03:11 +0000 (23:03 +0000)]
Add missing call to gtk_selection_clear_targets(), without which the
list of selection targets offered by GTK PuTTY/pterm grows an extra
copy of each of the three supported text formats every time the user
makes a selection!
Ben Harris [Mon, 1 Dec 2008 21:18:29 +0000 (21:18 +0000)]
Change the Unix version of Ssh_gss_name to be a gss_name_t rather than
void *, and hence eliminate a few casts. The Windows definition is
unchanged, but I daresay I've managed to stop it compiling nonetheless.
Jacob Nevins [Sun, 30 Nov 2008 21:35:33 +0000 (21:35 +0000)]
As far as I can tell, "simple@putty.projects.tartarus.org" has always been
implemented as a channel request, not a global one. Change documentation to
match implementation.
Simon Tatham [Fri, 28 Nov 2008 18:28:23 +0000 (18:28 +0000)]
Move the code that reads the Windows clipboard into a trivial
subthread, so that it won't deadlock if fetching the content of the
clipboard turns out to depend on a network connection forwarded
through PuTTY.
Ben Harris [Wed, 26 Nov 2008 14:30:58 +0000 (14:30 +0000)]
Jacob correctly points out that I accidentally lost a clearing of
s->gss_sndtok in r8326. I'm not sure it was strictly necessary, since
even if there's no send token, gss_init_sec_context() is meant to explicitly
make it empty, but it wasn't an intentional change.
Ben Harris [Wed, 26 Nov 2008 12:49:25 +0000 (12:49 +0000)]
Mitigation for VU#958563: When using a CBC-mode server-to-client cipher
under SSH-2, don't risk looking at the length field of an incoming packet
until we've successfully MAC'ed the packet.
This requires a change to the MAC mechanics so that we can calculate MACs
incrementally, and output a MAC for the packet so far while still being
able to add more data to the packet later.
Ben Harris [Tue, 25 Nov 2008 22:11:17 +0000 (22:11 +0000)]
Now that we use real gss_buffer_ts, there's no need to muck about with
casts when passing them to GSS-API functions. Removing them makes the code
more readable and allows better type-checking.
Simon Tatham [Tue, 25 Nov 2008 18:54:05 +0000 (18:54 +0000)]
Have wingss.c include <windows.h> by way of putty.h rather than
directly. Fixes a build failure involving name clashes between
winsock2.h and winsock.h, which had somehow managed to get included
in succession.
Jacob Nevins [Tue, 25 Nov 2008 18:43:52 +0000 (18:43 +0000)]
Fixed a PuTTYtel startup assertion failure introduced in r8305.
While I'm here, a cosmetic PuTTYtel change: remove a reference to SSH from the
"logical host name" label in PuTTYtel only.
Ben Harris [Mon, 24 Nov 2008 23:44:55 +0000 (23:44 +0000)]
Change how we handle the Ssh_gss_buf type. Previously, we defined it
ourselves, but on Unix then assumed it was compatible with the system's
gss_buffer_desc, which wasn't the case on LP64 systems. Now, on Unix
we make Ssh_gss_buf into an alias for gss_buffer_desc, though we keep
something similar to the existing behaviour on Windows. This requires
renaming a couple of the fields in Ssh_gss_buf, and hence fixing all
the references.
Tested on Linux (MIT Kerberos) and Solaris. Compiled on NetBSD (Heimdal).
Not tested on Windows because neither mingw32 nor winegcc worked out of the
box for me. I think the Windows changes are all syntactic, though, so
if this compiles it should work no worse than before.
Jacob Nevins [Mon, 24 Nov 2008 17:51:42 +0000 (17:51 +0000)]
New option to allow use of the local OS username for login to the remote side
if we have no better ideas, with UI shamelessly stolen from Quest PuTTY.
Off by default, which effectively reverts the change to using the local
username by default that came in with GSSAPI support in r8138. Anyone wanting
seamless single sign-on will need to set the new option. (The previous
default behaviour was getting in the way in ad-hoc scenarios.)
Note that the PSCP and Unix-Plink behaviour of using the local username by
default have remained unchanged throughout; they are not affected by the new
option. Not sure if that's the Right Thing.
Ben Harris [Sat, 22 Nov 2008 22:06:42 +0000 (22:06 +0000)]
Changes to make this compile on Solaris 9: use <gssapi/gssapi.h> rather
than <gssapi/gssapi_krb5.h> and provide the OID for Kerberos 5 ourselves
(since it's a known constant). I'm not sure this actually works on Solaris
yet, mind.
Simon Tatham [Mon, 17 Nov 2008 18:38:09 +0000 (18:38 +0000)]
Revamp of the local X11 connection code. We now parse X display
strings more rigorously, and then we look up the local X authority
data in .Xauthority _ourself_ rather than delegating to an external
xauth program. This is (negligibly) more efficient on Unix, assuming
I haven't got it wrong in some subtle way, but its major benefit is
that we can now support X authority lookups on Windows as well
provided the user points us at an appropriate X authority file in
the standard format. A new Windows-specific config option has been
added for this purpose.
Simon Tatham [Mon, 17 Nov 2008 18:36:27 +0000 (18:36 +0000)]
Avoid freeing the backend in notify_remote_exit(), since that's
called from within a backend function which will expect its own
backend pointer to still be valid on return. Instead, move all the
real functionality of notify_remote_exit() out into a GTK idle
function.
Simon Tatham [Tue, 11 Nov 2008 07:47:27 +0000 (07:47 +0000)]
In SSH packet logging mode, log SSH-2 packet sequence numbers, in
both directions. We had a bug report yesterday about a Cisco router
sending SSH2_MSG_UNIMPLEMENTED and it wasn't clear for which packet;
logging the sequence numbers should make such problems much easier
to diagnose.
(In fact this logging fix wouldn't have helped in yesterday's case,
because the router also didn't bother to fill in the sequence number
field in the SSH2_MSG_UNIMPLEMENTED packet! This is a precautionary
measure against the next one of these problems.)
Simon Tatham [Sat, 8 Nov 2008 16:45:45 +0000 (16:45 +0000)]
Move out of the SockAddr structure the mutable fields "ai" and
"curraddr", and turn "family" into a macro-derived property of the
other fields. The idea is that this renders SockAddrs immutable once
created, which should open up the possibility of duplicating and
reusing one without having to redo the actual DNS lookup.
I _hope_ I haven't broken anything. The new code architecture
contains several rather dubious-looking operations (namely the
arbitrary choice of the first returned address in functions like
sk_getaddr and sk_address_is_local - what if, for instance, a DNS
lookup returned a local and a non-local address?), but I think they
were functionally just as dubious beforehand and all this change has
done is to make them more obviously so to a reader.
Jacob Nevins [Fri, 17 Oct 2008 20:55:08 +0000 (20:55 +0000)]
Patch from Iain Patterson: fix crash on Windows when GSSAPI auth is attempted
but fails for some reason (such as not having a tgt for the server's realm).
Jacob Nevins [Mon, 13 Oct 2008 22:34:57 +0000 (22:34 +0000)]
Rejig the Translation panel controls and documentation to remove the emphasis
on received data. Experiment and suggestion suggest that the character set
configuration applies equally to keystrokes sent to the server, or at least
that that's close enough to being true that we should document it as a first
approximation.
Simon Tatham [Tue, 7 Oct 2008 17:48:59 +0000 (17:48 +0000)]
sshrsa.c now obeys the RFC793 Robustness Principle when it comes to
the ordering of the primes in a fully specified RSA private key:
when the key format typically has p > q, it will always output p > q
but be willing to tolerate p < q on input. (Inspired by seeing an
OpenSSH-format key file in the wild which had p < q, which I've
never seen before; I suspect a third-party application incautiously
generating the format.)
Simon Tatham [Tue, 16 Sep 2008 22:56:08 +0000 (22:56 +0000)]
Further correction: on reflection, after examining all the call
sites for uint64_make(), we _shouldn't_ attempt to preserve high
bits in the low-order argument; it turns out not to be what the call
sites want.
Simon Tatham [Tue, 16 Sep 2008 18:21:33 +0000 (18:21 +0000)]
64-bit cleanliness in int64.c. This is all hideous; really I ought
to be trying harder to find a 32-bit type rather than making a
uint64 structure out of two potentially 64-bit unsigned longs. And
really I ought to be using the C99 64-bit integers anyway if they're
available. But this should do for the moment.
Simon Tatham [Sun, 14 Sep 2008 15:11:42 +0000 (15:11 +0000)]
Some Windows keymaps, it turns out, don't translate the key
combination Ctrl + \ as the Ctrl-\ character. All of mine have, but
at least one laptop turns out not to. Do so explicitly.
Jacob Nevins [Tue, 9 Sep 2008 20:36:40 +0000 (20:36 +0000)]
If we got a keyboard-interactive INFO_REQUEST with an "instruction" string but
no actual prompts, we weren't displaying the former, which was wrong. We
should now (although I haven't found a server to test it against).
Simon Tatham [Mon, 1 Sep 2008 17:56:20 +0000 (17:56 +0000)]
Fix punctuation in the large print statements. In particular, one
semicolon which crept in in r8138 was causing a lot of the "make
install" implementation to be missing from Makefile.gtk.
Simon Tatham [Sun, 31 Aug 2008 21:45:39 +0000 (21:45 +0000)]
Good grief. When I originally wrote the local proxy code two years
ago, I apparently caused all data received from local proxies to be
unconditionally tagged as TCP Urgent. Most network backends ignore
this, but it's critical to the Telnet backend, which will ignore all
Urgent-marked data in the assumption that there's a SYNCH on its way
that it should wait for. Nobody has noticed in two years, presumably
meaning that nobody has ever tried to do Telnet over a local proxy
in that time.
Simon Tatham [Sun, 31 Aug 2008 19:18:17 +0000 (19:18 +0000)]
Colin Watson points out an apparently erroneous cast: Ssh_gss_name
and gss_name_t are supposed to be congruent types, so a pointer to
one should never be cast to a non-indirect instance of the other.
Simon Tatham [Sun, 31 Aug 2008 17:12:37 +0000 (17:12 +0000)]
Minor code cleanup: I just happened to be looking at this file for
other reasons and I noticed that the list of TELOPTs is given twice
and hence needs to be kept in sync. Replace with my now-standard
second-order-macro approach which allows the list to be maintained
in only one place.
Jacob Nevins [Wed, 20 Aug 2008 22:21:04 +0000 (22:21 +0000)]
Fix for portfwd-addr-family: on Unix, when a tunnel is specified as "Auto"
(rather than IPv4 or IPv6-only; this is the default), try to open up listening
sockets on both address families, rather than (unhelpfully) just IPv6. (And
don't open one if the other can't be bound, in a nod to CVE-2008-1483.)
Based on a patch from Ben A L Jemmett.
Simon Tatham [Thu, 17 Jul 2008 17:01:27 +0000 (17:01 +0000)]
At least one version of gcc won't figure out that "clear" is never
read uninitialised (because the only circumstance under which it
isn't initialised is when "update" is FALSE, in which case it isn't
read either). Placate it.
Simon Tatham [Sun, 6 Jul 2008 12:24:56 +0000 (12:24 +0000)]
Patch from Tim Kosse: check back->exitcode() in both loops on
ssh_sftp_loop_iteration(), not just one. Fixes exiting on a negative
response to the host key confirmation prompt on Windows (because
winsftp.c doesn't have the equivalent of uxsftp.c's no_fds_ok); on
Unix it worked already but gave a suboptimal error message, which is
fixed too by this patch.
Jacob Nevins [Sun, 15 Jun 2008 12:39:09 +0000 (12:39 +0000)]
Exorcise beeps from the Colours pane in Gtk.
The colour list box beeped at the user whenever it found that
something other than exactly one colour was selected. This seems to
happen implicitly in Gtk when the pane is changed. In Gtk1, this gave
you a beep whenever you left the Colours dialog after having selected
a colour from the list; in Gtk2, you additionally got a beep _every_
time you subsequently re-entered the Colours dialog (for reasons I
haven't investigated). Windows was unaffected.
Also, in Gtk (unlike Windows), it's possible for the user to go back
to the state where no items in the list box are selected at all.
For these reasons, stop beeping at the user, and instead blank the RGB
edit boxes as a hint that edits to them would be futile. (Really we
should be disabling them entirely, but the cross-platform edit
controls aren't up to that yet.)
Simon Tatham [Wed, 11 Jun 2008 18:03:35 +0000 (18:03 +0000)]
Work around a bug in early versions of GTK (which I'm still forced
to use, gah) in which the "model" argument to
gtk_tree_selection_get_selected_rows() couldn't be NULL.
Simon Tatham [Tue, 10 Jun 2008 20:18:23 +0000 (20:18 +0000)]
Manfred Schwarb points out that scroll wheel support stopped working
with the switch to GTK2. This turns out to be because, where GTK1
represented the scroll wheel as mouse buttons 4 and 5 and generated
GdkEventButton when it was moved, GTK2 has moved wheel actions out
into a new event type GdkEventScroll which we were not handling. Now
we do, so scroll wheel support should be back in place.
Simon Tatham [Sat, 7 Jun 2008 16:30:45 +0000 (16:30 +0000)]
Manfred Schwarb also mentions that Alt+drag is captured by at least
one well known window manager (KDE's); document that Shift+Alt+drag
is worth trying as a workaround.
Simon Tatham [Thu, 5 Jun 2008 17:06:39 +0000 (17:06 +0000)]
Add an include statement to Makefile.gtk that imports if present a
file called Makefile.local. This means that if you're compiling on a
platform that needs COMPAT definitions, you can put them in a local
file and not have to type them on the command line every time.
Simon Tatham [Sun, 1 Jun 2008 11:16:32 +0000 (11:16 +0000)]
Been meaning to do this for years: introduce a configuration option
to manually tweak the host name and port number under which the SSH
host key is read and written.
I've put it in the cross-platform Connection panel. Partly under the
flimsy pretext that other backends _can_ use it if they so wish (and
in fact it overrides the host name for title-bar purposes in all
network backends, though it has no other effect in anything but
SSH); but mostly because the SSH panel was too full already :-)
Jacob Nevins [Sat, 31 May 2008 17:22:29 +0000 (17:22 +0000)]
Apparently Vista's printf-like functions don't support %n by default.
We could explicitly re-enable %n, but we only use it in one place, so take
the path of least resistance and remove that single instance. This stops
dupvprintf() getting stuck in a loop (a behaviour that's caused by a workaround
for a broken libc).
Simon Tatham [Wed, 28 May 2008 19:23:57 +0000 (19:23 +0000)]
OS X Leopard, it turns out, has a new and exciting strategy for
addressing X displays. Update PuTTY's display-name-to-Unix-socket-
path translation code to cope with it, thus causing X forwarding to
start working again on Leopard.
Simon Tatham [Fri, 11 Apr 2008 13:28:38 +0000 (13:28 +0000)]
Utterly hideous new approach to extracting install-sh from the
autoconf/automake edifice, since my previous approach of guessing
its pathname turns out not to work on at least one kind of system.
Simon Tatham [Sat, 22 Mar 2008 12:01:16 +0000 (12:01 +0000)]
For convenience of debugging, and perhaps some real convenience at
some point too: introduce a bunch of environment variables which can
override Unix PuTTY's usual idea of where to find its dotfiles.
Setting PUTTYDIR moves the entire ~/.putty directory; setting
PUTTYSESSIONS, PUTTYSSHHOSTKEYS or PUTTYRANDOMSEED move specific
things within that directory.
While I'm here, also be prepared to fall back to password file
lookups if $HOME is undefined (though we still use $HOME in
preference when it is defined, because that's polite and useful).
Also, on general principles, tweak the make_filename() function
prototype so it doesn't rely on fixed-size buffers.
Simon Tatham [Fri, 7 Mar 2008 18:30:37 +0000 (18:30 +0000)]
Fix a cursor positioning infelicity.
The scenario: I start a small, say 80x24, pterm. I do some work in
it, generating plenty of scrollback, and eventually I `less' a file.
`less' switches to the alt screen. Then I want more vertical space
to look at the file, so I enlarge the window to more like 80x60.
When I quit `less' and switch back to the primary screen, some
scrollback has been pulled down into the screen, as expected - but
the saved _cursor position_ is still at line 24, not at the bottom
of the new terminal where the prompt it goes with has moved to.
Solution: term_size() should adjust the alt-screen saved cursor
positions as well as the normal cursor position.
(Curiously, the problem doesn't happen on my home Debian box, even
without this fix. It happens on my RH9 box at work, though.)
Simon Tatham [Thu, 21 Feb 2008 09:18:24 +0000 (09:18 +0000)]
Aha, _that's_ why I've been periodically getting blocking-write
problems using Unix PuTTY port forwarding. Sockets we create by
connect() are immediately set into nonblocking mode by fcntl, but
sockets we create by accept() were not. This trivial fix should help.
Ben Harris [Wed, 5 Dec 2007 00:02:06 +0000 (00:02 +0000)]
Add a new bug-compatibility mode that limits the window size we'll
advertise so that the server can't exceed our maximum packet size.
Enable it for "1.36_sshlib GlobalSCAPE" which apparently sends oversize
packets otherwise.
Simon Tatham [Mon, 26 Nov 2007 21:09:54 +0000 (21:09 +0000)]
sktree is indexed on the numeric value of the socket structure's
underlying WinSock SOCKET. Therefore, if we plan to modify the
SOCKET in a socket, we must remove it from the tree before doing so,
and put it back again afterwards. Otherwise it'll violate the tree's
sorting order, and sooner or later someone will try to find it and
get back NULL.
Jacob Nevins [Fri, 19 Oct 2007 21:47:47 +0000 (21:47 +0000)]
Marc TERRIER pointed out a couple of places that claim there is an X11
forwarding checkbox on the Tunnels panel, which hasn't been the case for
a while.
Ben Harris [Wed, 3 Oct 2007 20:29:27 +0000 (20:29 +0000)]
Take the code that does flow control in SSH-1, and make it work in SSH-2
as well. This won't be triggered in the usual case, but it's useful
if the remote end ignores our window, or if we're in "simple" mode and
setting the window far larger than is necessary.
Ben Harris [Tue, 2 Oct 2007 21:43:53 +0000 (21:43 +0000)]
More fixes to stdout and stderr. When the backlog on either clears, call
the backend's unthrottle function. If we don't, we'll deadlock. While
we're here, also pump as much data as possible out during each call to
try_output(), rather than restricting ourselves to a single call to
write().
Ben Harris [Tue, 2 Oct 2007 21:07:52 +0000 (21:07 +0000)]
As far as I can see (at least in NetBSD) O_NONBLOCK and FIONBIO are equivalent,
except that O_NONBLOCK is standardised and FIONBIO isn't. In consequence,
replace our only use of FIONBIO with O_NONBLOCK.
Inspired by Jonathan H N Chin, who had problems with this on Solaris.
Ben Harris [Mon, 1 Oct 2007 21:11:11 +0000 (21:11 +0000)]
Rather than rejecting spurious SSH_MSG_CHANNEL_SUCCESSes, and ignoring
spurious SSH_MSG_CHANNEL_FAILUREs, treat them as the protocol errors
they are and forcibly disconnect. Inspired by recent traffic on
comp.security.ssh.
Ben Harris [Sun, 30 Sep 2007 19:42:31 +0000 (19:42 +0000)]
Merge the looking up of channel numbers for SSH-2 channel messages into
a single function which also handles checking that channels exist and
are properly open. This should make PuTTY a little less tolerant of
servers that send bogus messages.
Ben Harris [Sun, 30 Sep 2007 12:45:49 +0000 (12:45 +0000)]
When writing session data to stdout or stderr, switch the relevant file
descriptor into non-blocking mode temporarily, and correctly handle returns
of EAGAIN from write(). This should fix unix-plink-stdout-nonblock, while
avoiding EAGAIN turning up where we aren't expecting it.
Ben Harris [Sat, 29 Sep 2007 12:27:45 +0000 (12:27 +0000)]
Add support for resetting the terminal modes on stderr to something sensible
before printing error messages to it. This should fix the stair-stepping
in Plink's progress messages.
Ben Harris [Mon, 24 Sep 2007 21:43:48 +0000 (21:43 +0000)]
My changes in r7738 (O_NONBLOCK for Unix Plink) were half-arsed, and
completely broke interactive logins. The problem, or at least one of the
problems, was that in interactive use stdin, stdout, and stderr tend to be
the same file, so setting O_NONBLOCK on the latter two also sets it on the
former. Thus, we need to cope with all of them being non-blocking.
Ben Harris [Mon, 24 Sep 2007 15:18:11 +0000 (15:18 +0000)]
Add support for automatically tuning the SSH-2 window size for decent
performance. The theory behind this is fairly simple, though the
implementation turns out to be a little trickier than it looks.
The basic idea is that when the connection isn't being limited by our ability
to process data, we want to ensure that the window size _as seen by the server_
never drops to zero. Measuring the server's view of the window size is done
by arranging for it to acknowledge every SSH_MSG_CHANNEL_WINDOW_ADJUST, or
rather an SSH_MSG_CHANNEL_REQUEST sent just before it. That way we can tell
when it its outgoing data stream it received the window adjustment, and
thus how small the server's view of the window got.
At present, we only ever increase the window size. In theory, we could
arrange to reduce it again if the server's view of it seemed to be persistently
too large, but my experiments suggest that getting this right will be tricky.