Jacob Nevins [Sun, 8 Nov 2009 18:47:41 +0000 (18:47 +0000)]
Move the two existing DECL/GET_foo_FUNCTION macro sets used for dynamic
linking on Windows into a single global one, which can cope with function
renaming. Intended to enable eventual removal of ANSI-specific DoSomethingA
references (although I've not removed any).
Jacob Nevins [Sun, 8 Nov 2009 18:25:29 +0000 (18:25 +0000)]
Improve buffer handling in Windows sk_getaddr() -- we were passing
uninitialised storage into WSAAddressToString()'s length function (and
presumably getting away with it by luck).
Also improve error handling (exposed by my Wine installation, which returns
an error from WSAAddressToString() for connections to localhost for some
reason).
Jacob Nevins [Sun, 1 Nov 2009 22:06:05 +0000 (22:06 +0000)]
Stop trying to enumerate all the kinds of Windows we support on the download
page. Define in more detail what we mean by "Windows" in the Ports section of
the FAQ.
Jacob Nevins [Fri, 25 Sep 2009 23:32:14 +0000 (23:32 +0000)]
Change manifest files to declare Windows GUI apps to be "DPI-aware", that is,
not fazed by being displayed at other than 96DPI; testing on Vista at a range
of DPIs indicates that we cope (with the minor and inevitable exception of the
drag-list control).
This stops pixel scaling and hence fuzzy display on high-resolution displays.
(Hope this is last disastrous than my last set of manifest tweaks! --
<http://support.fogcreek.com/default.asp?copilot.6.26840.1> suggests that this
is an OK thing to do.)
Jacob Nevins [Mon, 14 Sep 2009 21:26:48 +0000 (21:26 +0000)]
Since r7266, it's been possible to get a hostname into Default Settings; but
plink did not cope gracefully with this -- it was not possible to override that
hostname on the command line (attempts at doing so would be treated as part of
the remote command).
Fix this by applying the principle of r7265: if the user didn't explicitly
specify that they wanted to launch the hostname in the default (for instance
with '-load "Default Settings"', we assume they don't want to, and such a
hostname doesn't count when deciding whether to treat a non-option argument as
hostname or command.
Jacob Nevins [Sun, 13 Sep 2009 23:29:11 +0000 (23:29 +0000)]
If there are no saved sessions, put a grayed "(No sessions)" entry on the saved
sessions submenu of the terminal window context menu (as Pageant does), rather
than an empty menu (which often renders poorly).
Jacob Nevins [Sun, 30 Aug 2009 13:16:50 +0000 (13:16 +0000)]
Avoid compiling autoconf test programs with -Wall -Werror; doing so causes
trouble on Ubuntu, where the Gtk test programs don't check the return value
from system() and thus fall foul of the combination of our -Werror and
<https://wiki.ubuntu.com/CompilerFlags#-D_FORTIFY_SOURCE=2>.
Jacob Nevins [Fri, 21 Aug 2009 22:29:58 +0000 (22:29 +0000)]
From Corey Stup: when we're declaring stuff for WSAAddressToStringA, we should
use the explicitly-narrow type LPSTR, not the switchable type LPTSTR. (Since
we currently build without UNICODE this makes no practical difference to us
now.)
Jacob Nevins [Tue, 18 Aug 2009 23:38:48 +0000 (23:38 +0000)]
Fix handling of duplicate port forwardings; they were effectively cancelling
out, but are now just ignored.
(We should make more effort to prevent duplicates before they get as far as
ssh_setup_portfwd() -- it's currently trivially easy to enter them in the
GUI and on the command line, let alone both -- but there's bound to be someone
with a saved session containing dupes out there by now, and anyway there are
duplicates we can't detect before getting this far, for instance
"1234:localhost:22" vs "1234:localhost:ssh".)
Jacob Nevins [Sun, 16 Aug 2009 22:51:20 +0000 (22:51 +0000)]
Quell "config.status: WARNING: Makefile.in seems to ignore the --datarootdir
setting" warning when running ./configure, per
<http://www.gnu.org/software/autoconf/manual/html_node/Changed-Directory-Variables.html>
Simon Tatham [Mon, 10 Aug 2009 20:38:46 +0000 (20:38 +0000)]
Fixes for re-entrant calls in the serial configuration list boxes.
(I'm starting to think I made an egregious design error somewhere in
this mechanism.)
Jacob Nevins [Fri, 7 Aug 2009 00:19:04 +0000 (00:19 +0000)]
Workarounds for compiling with -D_FORTIFY_SOURCE=2 (as Ubuntu does), which
doesn't like you to ignore the return value from read()/write()/etc (and
apparently can't be shut up with a cast to void).
Jacob Nevins [Tue, 28 Jul 2009 23:45:48 +0000 (23:45 +0000)]
Alex Besogonov suggests that our Unix autoconf GSSAPI library search order is
sub-optimal -- apparently it prefers shishi above Heimdal, and apparently
that's bad.
Simon Tatham [Wed, 10 Jun 2009 17:42:15 +0000 (17:42 +0000)]
Clearing and refilling the code-pages list box can cause a
re-entrant call to its handler in config.c, which destroys the
previous value in cfg->line_codepage. Therefore, preserve the right
value in an automatic variable until all the re-entrant calls have
finished.
Simon Tatham [Mon, 11 May 2009 08:46:17 +0000 (08:46 +0000)]
Pango-based font handling: combine display of adjacent characters
into a single gdk_draw_layout() where conveniently feasible, after
some work with xtrace revealed this as a major source of pterm's
slow display updates when using client-side fonts.
Ideally we ought to be able to do better. I know exactly what
sequence of X protocol operations I want to see on the wire, but I
don't know how to persuade Pango to generate them.
Simon Tatham [Thu, 23 Apr 2009 17:39:36 +0000 (17:39 +0000)]
When giving authorisation errors from the proxy code in x11fwd.c,
name the proxy using the global 'appname' variable, instead of
statically calling it PuTTY.
(Knock-on effect is that PSCP and PSFTP have to declare that
variable, though of course they shouldn't ever actually _use_ the X
forwarding code. Probably I ought to replace it with a stub
nox11fwd.c for those applications.)
Simon Tatham [Thu, 23 Apr 2009 17:33:42 +0000 (17:33 +0000)]
When starting a SOCKS connection in dynamic forwarding, freeze the
local socket _before_ calling the SSH setup functions. This makes no
difference to ssh.c itself, but it makes portfwd.c easier to reuse
for other purposes (e.g. as a component of a standalone SOCKS
server), because now ssh_send_port_open() can itself call
pfd_confirm() without the freeze and unfreeze happening in the wrong
order.
Simon Tatham [Tue, 24 Mar 2009 22:24:31 +0000 (22:24 +0000)]
Support in the cross-platform code for translating to and from
UTF-16 when exchanging wchar_t strings with the front end. Enabled
by a #define in the platform's header file (one should not
promiscuously translate UTF-16 surrogate pairs on 32-bit wchar_t
platforms since that could give rise to redundant encoding attacks),
which is present on Windows.
Jacob Nevins [Tue, 3 Mar 2009 19:57:58 +0000 (19:57 +0000)]
Fix cosmetic keyboard-interactive issue: at the end of a normal k-i session,
some servers (Debian in particular seems prone to this) send a k-i packet with
no prompts and nothing to display. We were printing an extra "Using
keyboard-interactive authentication" message in this case. (Introduced by me
in r8172, I think.)
Simon Tatham [Tue, 3 Mar 2009 18:35:53 +0000 (18:35 +0000)]
Handle more gracefully the possibility of a keyboard-interactive
prompts packet containing no actual prompts (perhaps due to odd
server organisation, or perhaps so it can print a banner message and
do nothing else). Previously, the get_userpass_input functions
always returned failure when in '-batch' mode, even in this case
where no actual input would be required.
Simon Tatham [Sat, 28 Feb 2009 23:04:58 +0000 (23:04 +0000)]
Stop using physical tabs in Python. (I was goaded into doing this by
my editor, which has defaulted to showing them as explicit ^I for a
while now, but it seems like a generally prudent idea in any case.)
Simon Tatham [Sat, 28 Feb 2009 16:52:42 +0000 (16:52 +0000)]
Debian bug #517535: we were unconditionally interpreting the
'string' field in a GdkEventKey structure as ISO-8859-1, which was
correct for GTK 1.2 but in 2.0 that field is encoded according to
the current C library locale. Hence, we now process that field by
converting it to UTF-8 via trips through both libc and libcharset,
and then let lpage_send() convert from UTF-8 back to whatever it's
supposed to actually go down the line in.
Jacob Nevins [Tue, 24 Feb 2009 01:01:23 +0000 (01:01 +0000)]
Since r8305, Unix PuTTY has always "upgraded" an X11 display like "localhost:0"
to a Unix-domain socket. This typically works fine when PuTTY is run on the
same machine as the X server, but it's broken multi-hop X forwarding through
OpenSSH; when OpenSSH creates a proxy X server "localhost:10", it only listens
on TCP, not on a Unix-domain socket.
Instead, when deciding on the details of the display, we actively probe to see
if there's a Unix-domain socket we can use instead, and only use it if it's
there, falling back to the specified IP "localhost" if not.
Independently, when looking for local auth details in Xauthority for a
"localhost" TCP display, we prefer a matching Unix-domain entry, but will fall
back to an IP "localhost" entry (which would be unusual, but we don't trust a
Windows X server not to do it) -- this is a generalisation of the special case
added in r2538 (but removed in r8305, as the automatic upgrade masked the need
for it).
(This is now done in platform-independent code, so a side-effect is that
get_hostname() is now part of the networking abstraction on all platforms.)
Jacob Nevins [Mon, 23 Feb 2009 22:40:09 +0000 (22:40 +0000)]
Stop attempting to make session logs private on Unix. This was introduced in
r7084 at the same time as sensible permissions when writing private key files;
however, it causes an assertion failure whenever an attempt is made to append
to an existing log file on Unix, and it's not clear what "is_private" *should*
do for append, so revert to log file security being the user's responsibility.
(Fixes Ubuntu LP#212711.)
Simon Tatham [Tue, 3 Feb 2009 21:22:52 +0000 (21:22 +0000)]
The Windows config option to point at an X authority file is only
read at connection setup time, so don't offer it in the Change
Settings dialog box.
(In particular, this fixes an assertion failure when selecting
Change Settings on a non-SSH connection, since wincfg.c would have
added that control to Connection/SSH/X11 when the parent panel
Connection/SSH didn't exist. Making the control conditional on the
selected protocol would have been sufficient to fix that failure,
but I now realise that the setting should never have been presented
in mid-session in any case.)
Simon Tatham [Wed, 21 Jan 2009 18:47:03 +0000 (18:47 +0000)]
Don't call ReleaseCapture() on any mouse-button-up event. Instead,
only call it when the _last_ mouse button comes back up. Otherwise,
xterm mouse tracking will lose a button-up event if you press down
two buttons, move the mouse outside the window, then release them
one at a time.
Simon Tatham [Mon, 12 Jan 2009 20:41:28 +0000 (20:41 +0000)]
Patch from Gert-Jan Vons: create an event handle to go in the
OVERLAPPED structure in output threads, as we already do for input
threads. This apparently sorts out a hanging issue with serial ports
when trying to do simultaneous read and write, because (GJV says,
and it sounds plausible to me) in the absence of that event object
Windows signals the file handle itself to notify GetOverlappedResult
that it can return - and since the file handle might be being
signalled by a read operation instead, that leads to ambiguity.
Using an explicit event object in both directions means Windows
always knows which way the data is going.
Also a trivial fix in handle_output_new(), which was referencing the
wrong element of a union due to a copy and paste error. (Since the
result was address-taken and cast to void *, this wasn't a
functional error, but it was conceptually wrong.)
Ben Harris [Sun, 11 Jan 2009 14:26:27 +0000 (14:26 +0000)]
Arguments to ctype functions are required to be either EOF or representable
as unsigned char. This means that passing in a bare char is incorrect on
systems where char is signed. Sprinkle some appropriate casts to prevent
this.
Simon Tatham [Fri, 9 Jan 2009 18:55:45 +0000 (18:55 +0000)]
Weaken the assertion in general_textout(). It was failing in the
case of double-width text (ESC # 3, ESC # 4, ESC # 6), because the
string passed to it was not truncated to the same width as the
clipping rectangle. (In fact, it _can't_ reliably be, in the case
where the window width is odd.) So instead we just assert that we
managed to _at least_ fill the clipping rectangle, not that we
exactly filled it.
The problem is easily reproduced by sending ESC # 8 (fill the screen
with Es) followed by ESC # 3. It doesn't typically happen, though,
if you _manually_ fill the screen with Es, because in that case
PuTTY's terminal buffer ends up being filled with CSET_ACP | 'E' or
similar, which means that general_textout() never gets called
because one of the other branches of do_text_internal() does the
work instead. ESC # 8 will fill the terminal buffer with genuine
_Unicode_ 'E' characters, which exercises the failing code path.
Simon Tatham [Thu, 8 Jan 2009 18:19:52 +0000 (18:19 +0000)]
Colin also suggests that we can replace the backticks in the GTK
makefile with make's own $(shell ...) function, which means that
gtk-config and krb5-config and so on only get run once per make
invocation instead of once per gcc invocation.
Simon Tatham [Thu, 8 Jan 2009 18:18:14 +0000 (18:18 +0000)]
Colin Watson reports a strange problem whereby krb5-config
incorporates the environment variable CFLAGS into its output. Avoid
exporting our version of it from the Makefile (which actually causes
build failures, since quoting phase issues mean that the backticks
in our version end up unexpanded).
Jacob Nevins [Mon, 5 Jan 2009 23:36:14 +0000 (23:36 +0000)]
sk_address_is_local() failed to cope when presented with a Unix-domain socket.
This could cause Unix PuTTY to segfault when X forwarding over an SSH session
through a proxy.
(sk_getaddr() wouldn't cope either -- in that case, add an assertion to make it
more obvious; I don't think it should ever happen.)
Jacob Nevins [Mon, 5 Jan 2009 22:53:14 +0000 (22:53 +0000)]
Be prepared for x11_setup_display() to return NULL (for instance, if DISPLAY
has invalid contents). Simply refuse to try X forwarding in this circumstance.
Jacob Nevins [Mon, 5 Jan 2009 19:39:27 +0000 (19:39 +0000)]
r5080 didn't go far enough -- since 0.58, anyone on Unix who didn't previously
have default settings for "bell overload" mode will have inherited a twitchy
set of defaults where bells are disabled after 2ms and enabled after 5ms,
rather than 2s and 5s as intended. This error has probably propagated into some
people's saved sessions by now, but there's not much to be done.
Jacob Nevins [Mon, 5 Jan 2009 02:45:38 +0000 (02:45 +0000)]
Add some hard-coded textual literal-IP representations of localhost to
sk_hostname_is_local(), to catch the case where we're doing something like X11
forwarding over SSH through a proxy, and we've thus disabled local lookup of
hostnames.
(I think this is what's behind the report in
<e9a86996-5dc2-4428-9b0c-c65693ca6351@m32g2000hsf.googlegroups.com>
in comp.security.ssh, although I'd like to know more of the circumstances.)
Jacob Nevins [Mon, 5 Jan 2009 01:01:58 +0000 (01:01 +0000)]
Cope with a (non-standard) ENAMETOOLONG return from gethostname(); glibc will
do this if the supplied buffer isn't big enough, which shouldn't lead to
complete abandonment of X11 auth. (Would only have bitten with hostnames
>255 chars anyway.)
Jacob Nevins [Sun, 4 Jan 2009 23:28:25 +0000 (23:28 +0000)]
r8305 seems to have made Unix PuTTY rather over-keen on Unix-domain sockets;
unless a protocol is explicitly specified with "tcp/foovax:0", it assume a
Unix-domain socket, thus not allowing a remote display on a machine other than
the client.
Jacob Nevins [Sun, 4 Jan 2009 22:24:08 +0000 (22:24 +0000)]
Bah, I've bumped into this often enough. Change one unsatisfactory cast for
another to shut up "warning: cast from pointer to integer of different size"
(and hence a -Werror compile failure) when compiling for Unix with DEBUG
defined on atreus (x86_64). Minimally checked that it doesn't introduce upset
elsewhere (i386).
Jacob Nevins [Sat, 20 Dec 2008 19:43:20 +0000 (19:43 +0000)]
"Derek" reports that the DECSLPP report of window-size-in-pixels (CSI 14 t)
has width and height swapped. Since both a random xterm I have and
<http://invisible-island.net/xterm/ctlseqs/ctlseqs.txt> agree with him, I've
changed ours. (This stuff appears to originate in dtterm, but I can't check the
behaviour of that right now.)
While I'm here, the are-we-iconified report (CSI 11 t) looks to have the
wrong sense compared to the same sources, so swap that too.
(All this has been this way since it was originally implemented in r1414,
which doesn't cite a source. all-escapes is silent too.)
Simon Tatham [Mon, 1 Dec 2008 23:03:11 +0000 (23:03 +0000)]
Add missing call to gtk_selection_clear_targets(), without which the
list of selection targets offered by GTK PuTTY/pterm grows an extra
copy of each of the three supported text formats every time the user
makes a selection!
Ben Harris [Mon, 1 Dec 2008 21:18:29 +0000 (21:18 +0000)]
Change the Unix version of Ssh_gss_name to be a gss_name_t rather than
void *, and hence eliminate a few casts. The Windows definition is
unchanged, but I daresay I've managed to stop it compiling nonetheless.
Jacob Nevins [Sun, 30 Nov 2008 21:35:33 +0000 (21:35 +0000)]
As far as I can tell, "simple@putty.projects.tartarus.org" has always been
implemented as a channel request, not a global one. Change documentation to
match implementation.
Simon Tatham [Fri, 28 Nov 2008 18:28:23 +0000 (18:28 +0000)]
Move the code that reads the Windows clipboard into a trivial
subthread, so that it won't deadlock if fetching the content of the
clipboard turns out to depend on a network connection forwarded
through PuTTY.
Ben Harris [Wed, 26 Nov 2008 14:30:58 +0000 (14:30 +0000)]
Jacob correctly points out that I accidentally lost a clearing of
s->gss_sndtok in r8326. I'm not sure it was strictly necessary, since
even if there's no send token, gss_init_sec_context() is meant to explicitly
make it empty, but it wasn't an intentional change.
Ben Harris [Wed, 26 Nov 2008 12:49:25 +0000 (12:49 +0000)]
Mitigation for VU#958563: When using a CBC-mode server-to-client cipher
under SSH-2, don't risk looking at the length field of an incoming packet
until we've successfully MAC'ed the packet.
This requires a change to the MAC mechanics so that we can calculate MACs
incrementally, and output a MAC for the packet so far while still being
able to add more data to the packet later.
Ben Harris [Tue, 25 Nov 2008 22:11:17 +0000 (22:11 +0000)]
Now that we use real gss_buffer_ts, there's no need to muck about with
casts when passing them to GSS-API functions. Removing them makes the code
more readable and allows better type-checking.
Simon Tatham [Tue, 25 Nov 2008 18:54:05 +0000 (18:54 +0000)]
Have wingss.c include <windows.h> by way of putty.h rather than
directly. Fixes a build failure involving name clashes between
winsock2.h and winsock.h, which had somehow managed to get included
in succession.
Jacob Nevins [Tue, 25 Nov 2008 18:43:52 +0000 (18:43 +0000)]
Fixed a PuTTYtel startup assertion failure introduced in r8305.
While I'm here, a cosmetic PuTTYtel change: remove a reference to SSH from the
"logical host name" label in PuTTYtel only.
Ben Harris [Mon, 24 Nov 2008 23:44:55 +0000 (23:44 +0000)]
Change how we handle the Ssh_gss_buf type. Previously, we defined it
ourselves, but on Unix then assumed it was compatible with the system's
gss_buffer_desc, which wasn't the case on LP64 systems. Now, on Unix
we make Ssh_gss_buf into an alias for gss_buffer_desc, though we keep
something similar to the existing behaviour on Windows. This requires
renaming a couple of the fields in Ssh_gss_buf, and hence fixing all
the references.
Tested on Linux (MIT Kerberos) and Solaris. Compiled on NetBSD (Heimdal).
Not tested on Windows because neither mingw32 nor winegcc worked out of the
box for me. I think the Windows changes are all syntactic, though, so
if this compiles it should work no worse than before.
Jacob Nevins [Mon, 24 Nov 2008 17:51:42 +0000 (17:51 +0000)]
New option to allow use of the local OS username for login to the remote side
if we have no better ideas, with UI shamelessly stolen from Quest PuTTY.
Off by default, which effectively reverts the change to using the local
username by default that came in with GSSAPI support in r8138. Anyone wanting
seamless single sign-on will need to set the new option. (The previous
default behaviour was getting in the way in ad-hoc scenarios.)
Note that the PSCP and Unix-Plink behaviour of using the local username by
default have remained unchanged throughout; they are not affected by the new
option. Not sure if that's the Right Thing.
Ben Harris [Sat, 22 Nov 2008 22:06:42 +0000 (22:06 +0000)]
Changes to make this compile on Solaris 9: use <gssapi/gssapi.h> rather
than <gssapi/gssapi_krb5.h> and provide the OID for Kerberos 5 ourselves
(since it's a known constant). I'm not sure this actually works on Solaris
yet, mind.
Simon Tatham [Mon, 17 Nov 2008 18:38:09 +0000 (18:38 +0000)]
Revamp of the local X11 connection code. We now parse X display
strings more rigorously, and then we look up the local X authority
data in .Xauthority _ourself_ rather than delegating to an external
xauth program. This is (negligibly) more efficient on Unix, assuming
I haven't got it wrong in some subtle way, but its major benefit is
that we can now support X authority lookups on Windows as well
provided the user points us at an appropriate X authority file in
the standard format. A new Windows-specific config option has been
added for this purpose.