1999-08-31 09:20:48 +00:00
|
|
|
/*
|
2022-01-22 15:38:53 +00:00
|
|
|
* pscp.c - Scp (Secure Copy) client for PuTTY.
|
2001-09-10 08:39:37 +00:00
|
|
|
* Joris van Rantwijk, Simon Tatham
|
1999-08-31 09:20:48 +00:00
|
|
|
*
|
2001-09-10 08:39:37 +00:00
|
|
|
* This is mainly based on ssh-1.2.26/scp.c by Timo Rinne & Tatu Ylonen.
|
|
|
|
* They, in turn, used stuff from BSD rcp.
|
2019-09-08 19:29:00 +00:00
|
|
|
*
|
2001-09-10 08:39:37 +00:00
|
|
|
* (SGT, 2001-09-10: Joris van Rantwijk assures me that although
|
|
|
|
* this file as originally submitted was inspired by, and
|
|
|
|
* _structurally_ based on, ssh-1.2.26's scp.c, there wasn't any
|
|
|
|
* actual code duplicated, so the above comment shouldn't give rise
|
|
|
|
* to licensing issues.)
|
1999-08-31 09:20:48 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
2001-08-26 18:32:28 +00:00
|
|
|
#include <limits.h>
|
1999-08-31 09:20:48 +00:00
|
|
|
#include <time.h>
|
2001-01-26 09:33:12 +00:00
|
|
|
#include <assert.h>
|
1999-08-31 09:20:48 +00:00
|
|
|
|
|
|
|
#include "putty.h"
|
2003-08-25 13:53:41 +00:00
|
|
|
#include "psftp.h"
|
2001-08-26 18:32:28 +00:00
|
|
|
#include "ssh.h"
|
2021-04-22 16:58:40 +00:00
|
|
|
#include "ssh/sftp.h"
|
2000-10-06 13:21:36 +00:00
|
|
|
#include "storage.h"
|
1999-08-31 09:20:48 +00:00
|
|
|
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
static bool list = false;
|
|
|
|
static bool verbose = false;
|
|
|
|
static bool recursive = false;
|
|
|
|
static bool preserve = false;
|
|
|
|
static bool targetshouldbedirectory = false;
|
|
|
|
static bool statistics = true;
|
2001-05-19 13:41:18 +00:00
|
|
|
static int prev_stats_len = 0;
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
static bool scp_unsafe_mode = false;
|
1999-08-31 09:20:48 +00:00
|
|
|
static int errs = 0;
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
static bool try_scp = true;
|
|
|
|
static bool try_sftp = true;
|
|
|
|
static bool main_cmd_is_sftp = false;
|
|
|
|
static bool fallback_cmd_is_sftp = false;
|
|
|
|
static bool using_sftp = false;
|
|
|
|
static bool uploading = false;
|
1999-08-31 09:20:48 +00:00
|
|
|
|
2018-09-11 15:23:38 +00:00
|
|
|
static Backend *backend;
|
2020-02-02 10:00:42 +00:00
|
|
|
static Conf *conf;
|
2020-02-02 10:00:43 +00:00
|
|
|
static bool sent_eof = false;
|
2002-10-26 10:33:59 +00:00
|
|
|
|
2015-05-15 10:15:42 +00:00
|
|
|
static void source(const char *src);
|
|
|
|
static void rsource(const char *src);
|
|
|
|
static void sink(const char *targ, const char *src);
|
1999-08-31 09:20:48 +00:00
|
|
|
|
2001-08-25 17:09:23 +00:00
|
|
|
/*
|
|
|
|
* The maximum amount of queued data we accept before we stop and
|
|
|
|
* wait for the server to process some.
|
|
|
|
*/
|
|
|
|
#define MAX_SCP_BUFSIZE 16384
|
|
|
|
|
2018-09-11 14:02:59 +00:00
|
|
|
void ldisc_echoedit_update(Ldisc *ldisc) { }
|
2021-09-14 09:13:28 +00:00
|
|
|
void ldisc_check_sendok(Ldisc *ldisc) { }
|
2001-01-26 09:33:12 +00:00
|
|
|
|
2021-09-16 13:46:49 +00:00
|
|
|
static size_t pscp_output(Seat *, SeatOutputType type, const void *, size_t);
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
static bool pscp_eof(Seat *);
|
New abstraction 'Seat', to pass to backends.
This is a new vtable-based abstraction which is passed to a backend in
place of Frontend, and it implements only the subset of the Frontend
functions needed by a backend. (Many other Frontend functions still
exist, notably the wide range of things called by terminal.c providing
platform-independent operations on the GUI terminal window.)
The purpose of making it a vtable is that this opens up the
possibility of creating a backend as an internal implementation detail
of some other activity, by providing just that one backend with a
custom Seat that implements the methods differently.
For example, this refactoring should make it feasible to directly
implement an SSH proxy type, aka the 'jump host' feature supported by
OpenSSH, aka 'open a secondary SSH session in MAINCHAN_DIRECT_TCP
mode, and then expose the main channel of that as the Socket for the
primary connection'. (Which of course you can already do by spawning
'plink -nc' as a separate proxy process, but this would permit it in
the _same_ process without anything getting confused.)
I've centralised a full set of stub methods in misc.c for the new
abstraction, which allows me to get rid of several annoying stubs in
the previous code. Also, while I'm here, I've moved a lot of
duplicated modalfatalbox() type functions from application main
program files into wincons.c / uxcons.c, which I think saves
duplication overall. (A minor visible effect is that the prefixes on
those console-based fatal error messages will now be more consistent
between applications.)
2018-10-11 18:58:42 +00:00
|
|
|
|
|
|
|
static const SeatVtable pscp_seat_vt = {
|
Change vtable defs to use C99 designated initialisers.
This is a sweeping change applied across the whole code base by a spot
of Emacs Lisp. Now, everywhere I declare a vtable filled with function
pointers (and the occasional const data member), all the members of
the vtable structure are initialised by name using the '.fieldname =
value' syntax introduced in C99.
We were already using this syntax for a handful of things in the new
key-generation progress report system, so it's not new to the code
base as a whole.
The advantage is that now, when a vtable only declares a subset of the
available fields, I can initialise the rest to NULL or zero just by
leaving them out. This is most dramatic in a couple of the outlying
vtables in things like psocks (which has a ConnectionLayerVtable
containing only one non-NULL method), but less dramatically, it means
that the new 'flags' field in BackendVtable can be completely left out
of every backend definition except for the SUPDUP one which defines it
to a nonzero value. Similarly, the test_for_upstream method only used
by SSH doesn't have to be mentioned in the rest of the backends;
network Plugs for listening sockets don't have to explicitly null out
'receive' and 'sent', and vice versa for 'accepting', and so on.
While I'm at it, I've normalised the declarations so they don't use
the unnecessarily verbose 'struct' keyword. Also a handful of them
weren't const; now they are.
2020-03-10 21:06:29 +00:00
|
|
|
.output = pscp_output,
|
|
|
|
.eof = pscp_eof,
|
New Seat callback, seat_sent().
This is used to notify the Seat that some data has been cleared from
the backend's outgoing data buffer. In other words, it notifies the
Seat that it might be worth calling backend_sendbuffer() again.
We've never needed this before, because until now, Seats have always
been the 'main program' part of the application, meaning they were
also in control of the event loop. So they've been able to call
backend_sendbuffer() proactively, every time they go round the event
loop, instead of having to wait for a callback.
But now, the SSH proxy is the first example of a Seat without
privileged access to the event loop, so it has no way to find out that
the backend's sendbuffer has got smaller. And without that, it can't
pass that notification on to plug_sent, to unblock in turn whatever
the proxied connection might have been waiting to send.
In fact, before this commit, sshproxy.c never called plug_sent at all.
As a result, large data uploads over an SSH jump host would hang
forever as soon as the outgoing buffer filled up for the first time:
the main backend (to which sshproxy.c was acting as a Socket) would
carefully stop filling up the buffer, and then never receive the call
to plug_sent that would cause it to start again.
The new callback is ignored everywhere except in sshproxy.c. It might
be a good idea to remove backend_sendbuffer() entirely and convert all
previous uses of it into non-empty implementations of this callback,
so that we've only got one system; but for the moment, I haven't done
that.
2021-06-27 12:52:48 +00:00
|
|
|
.sent = nullseat_sent,
|
2021-10-30 16:06:00 +00:00
|
|
|
.banner = nullseat_banner_to_stderr,
|
Change vtable defs to use C99 designated initialisers.
This is a sweeping change applied across the whole code base by a spot
of Emacs Lisp. Now, everywhere I declare a vtable filled with function
pointers (and the occasional const data member), all the members of
the vtable structure are initialised by name using the '.fieldname =
value' syntax introduced in C99.
We were already using this syntax for a handful of things in the new
key-generation progress report system, so it's not new to the code
base as a whole.
The advantage is that now, when a vtable only declares a subset of the
available fields, I can initialise the rest to NULL or zero just by
leaving them out. This is most dramatic in a couple of the outlying
vtables in things like psocks (which has a ConnectionLayerVtable
containing only one non-NULL method), but less dramatically, it means
that the new 'flags' field in BackendVtable can be completely left out
of every backend definition except for the SUPDUP one which defines it
to a nonzero value. Similarly, the test_for_upstream method only used
by SSH doesn't have to be mentioned in the rest of the backends;
network Plugs for listening sockets don't have to explicitly null out
'receive' and 'sent', and vice versa for 'accepting', and so on.
While I'm at it, I've normalised the declarations so they don't use
the unnecessarily verbose 'struct' keyword. Also a handful of them
weren't const; now they are.
2020-03-10 21:06:29 +00:00
|
|
|
.get_userpass_input = filexfer_get_userpass_input,
|
2021-09-12 10:48:42 +00:00
|
|
|
.notify_session_started = nullseat_notify_session_started,
|
Change vtable defs to use C99 designated initialisers.
This is a sweeping change applied across the whole code base by a spot
of Emacs Lisp. Now, everywhere I declare a vtable filled with function
pointers (and the occasional const data member), all the members of
the vtable structure are initialised by name using the '.fieldname =
value' syntax introduced in C99.
We were already using this syntax for a handful of things in the new
key-generation progress report system, so it's not new to the code
base as a whole.
The advantage is that now, when a vtable only declares a subset of the
available fields, I can initialise the rest to NULL or zero just by
leaving them out. This is most dramatic in a couple of the outlying
vtables in things like psocks (which has a ConnectionLayerVtable
containing only one non-NULL method), but less dramatically, it means
that the new 'flags' field in BackendVtable can be completely left out
of every backend definition except for the SUPDUP one which defines it
to a nonzero value. Similarly, the test_for_upstream method only used
by SSH doesn't have to be mentioned in the rest of the backends;
network Plugs for listening sockets don't have to explicitly null out
'receive' and 'sent', and vice versa for 'accepting', and so on.
While I'm at it, I've normalised the declarations so they don't use
the unnecessarily verbose 'struct' keyword. Also a handful of them
weren't const; now they are.
2020-03-10 21:06:29 +00:00
|
|
|
.notify_remote_exit = nullseat_notify_remote_exit,
|
2021-05-22 11:47:51 +00:00
|
|
|
.notify_remote_disconnect = nullseat_notify_remote_disconnect,
|
Change vtable defs to use C99 designated initialisers.
This is a sweeping change applied across the whole code base by a spot
of Emacs Lisp. Now, everywhere I declare a vtable filled with function
pointers (and the occasional const data member), all the members of
the vtable structure are initialised by name using the '.fieldname =
value' syntax introduced in C99.
We were already using this syntax for a handful of things in the new
key-generation progress report system, so it's not new to the code
base as a whole.
The advantage is that now, when a vtable only declares a subset of the
available fields, I can initialise the rest to NULL or zero just by
leaving them out. This is most dramatic in a couple of the outlying
vtables in things like psocks (which has a ConnectionLayerVtable
containing only one non-NULL method), but less dramatically, it means
that the new 'flags' field in BackendVtable can be completely left out
of every backend definition except for the SUPDUP one which defines it
to a nonzero value. Similarly, the test_for_upstream method only used
by SSH doesn't have to be mentioned in the rest of the backends;
network Plugs for listening sockets don't have to explicitly null out
'receive' and 'sent', and vice versa for 'accepting', and so on.
While I'm at it, I've normalised the declarations so they don't use
the unnecessarily verbose 'struct' keyword. Also a handful of them
weren't const; now they are.
2020-03-10 21:06:29 +00:00
|
|
|
.connection_fatal = console_connection_fatal,
|
2022-09-13 07:49:38 +00:00
|
|
|
.nonfatal = console_nonfatal,
|
Change vtable defs to use C99 designated initialisers.
This is a sweeping change applied across the whole code base by a spot
of Emacs Lisp. Now, everywhere I declare a vtable filled with function
pointers (and the occasional const data member), all the members of
the vtable structure are initialised by name using the '.fieldname =
value' syntax introduced in C99.
We were already using this syntax for a handful of things in the new
key-generation progress report system, so it's not new to the code
base as a whole.
The advantage is that now, when a vtable only declares a subset of the
available fields, I can initialise the rest to NULL or zero just by
leaving them out. This is most dramatic in a couple of the outlying
vtables in things like psocks (which has a ConnectionLayerVtable
containing only one non-NULL method), but less dramatically, it means
that the new 'flags' field in BackendVtable can be completely left out
of every backend definition except for the SUPDUP one which defines it
to a nonzero value. Similarly, the test_for_upstream method only used
by SSH doesn't have to be mentioned in the rest of the backends;
network Plugs for listening sockets don't have to explicitly null out
'receive' and 'sent', and vice versa for 'accepting', and so on.
While I'm at it, I've normalised the declarations so they don't use
the unnecessarily verbose 'struct' keyword. Also a handful of them
weren't const; now they are.
2020-03-10 21:06:29 +00:00
|
|
|
.update_specials_menu = nullseat_update_specials_menu,
|
|
|
|
.get_ttymode = nullseat_get_ttymode,
|
|
|
|
.set_busy_status = nullseat_set_busy_status,
|
Reorganise host key checking and confirmation.
Previously, checking the host key against the persistent cache managed
by the storage.h API was done as part of the seat_verify_ssh_host_key
method, i.e. separately by each Seat.
Now that check is done by verify_ssh_host_key(), which is a new
function in ssh/common.c that centralises all the parts of host key
checking that don't need an interactive prompt. It subsumes the
previous verify_ssh_manual_host_key() that checked against the Conf,
and it does the check against the storage API that each Seat was
previously doing separately. If it can't confirm or definitively
reject the host key by itself, _then_ it calls out to the Seat, once
an interactive prompt is definitely needed.
The main point of doing this is so that when SshProxy forwards a Seat
call from the proxy SSH connection to the primary Seat, it won't print
an announcement of which connection is involved unless it's actually
going to do something interactive. (Not that we're printing those
announcements _yet_ anyway, but this is a piece of groundwork that
works towards doing so.)
But while I'm at it, I've also taken the opportunity to clean things
up a bit by renaming functions sensibly. Previously we had three very
similarly named functions verify_ssh_manual_host_key(), SeatVtable's
'verify_ssh_host_key' method, and verify_host_key() in storage.h. Now
the Seat method is called 'confirm' rather than 'verify' (since its
job is now always to print an interactive prompt, so it looks more
like the other confirm_foo methods), and the storage.h function is
called check_stored_host_key(), which goes better with store_host_key
and avoids having too many functions with similar names. And the
'manual' function is subsumed into the new centralised code, so
there's now just *one* host key function with 'verify' in the name.
Several functions are reindented in this commit. Best viewed with
whitespace changes ignored.
2021-10-25 17:12:17 +00:00
|
|
|
.confirm_ssh_host_key = console_confirm_ssh_host_key,
|
Change vtable defs to use C99 designated initialisers.
This is a sweeping change applied across the whole code base by a spot
of Emacs Lisp. Now, everywhere I declare a vtable filled with function
pointers (and the occasional const data member), all the members of
the vtable structure are initialised by name using the '.fieldname =
value' syntax introduced in C99.
We were already using this syntax for a handful of things in the new
key-generation progress report system, so it's not new to the code
base as a whole.
The advantage is that now, when a vtable only declares a subset of the
available fields, I can initialise the rest to NULL or zero just by
leaving them out. This is most dramatic in a couple of the outlying
vtables in things like psocks (which has a ConnectionLayerVtable
containing only one non-NULL method), but less dramatically, it means
that the new 'flags' field in BackendVtable can be completely left out
of every backend definition except for the SUPDUP one which defines it
to a nonzero value. Similarly, the test_for_upstream method only used
by SSH doesn't have to be mentioned in the rest of the backends;
network Plugs for listening sockets don't have to explicitly null out
'receive' and 'sent', and vice versa for 'accepting', and so on.
While I'm at it, I've normalised the declarations so they don't use
the unnecessarily verbose 'struct' keyword. Also a handful of them
weren't const; now they are.
2020-03-10 21:06:29 +00:00
|
|
|
.confirm_weak_crypto_primitive = console_confirm_weak_crypto_primitive,
|
|
|
|
.confirm_weak_cached_hostkey = console_confirm_weak_cached_hostkey,
|
Centralise most details of host-key prompting.
The text of the host key warnings was replicated in three places: the
Windows rc file, the GTK dialog setup function, and the console.c
shared between both platforms' CLI tools. Now it lives in just one
place, namely ssh/common.c where the rest of the centralised host-key
checking is done, so it'll be easier to adjust the wording in future.
This comes with some extra automation. Paragraph wrapping is no longer
done by hand in any version of these prompts. (Previously we let GTK
do the wrapping on GTK, but on Windows the resource file contained a
bunch of pre-wrapped LTEXT lines, and console.c had pre-wrapped
terminal messages.) And the dialog heights in Windows are determined
automatically based on the amount of stuff in the window.
The main idea of all this is that it'll be easier to set up more
elaborate kinds of host key prompt that deal with certificates (if,
e.g., a server sends us a certified host key which we don't trust the
CA for). But there are side benefits of this refactoring too: each
tool now reliably inserts its own appname in the prompts, and also, on
Windows the entire prompt text is copy-pastable.
Details of implementation: there's a new type SeatDialogText which
holds a set of (type, string) pairs describing the contents of a
prompt. Type codes distinguish ordinary text paragraphs, paragraphs to
be displayed prominently (like key fingerprints), the extra-bold scary
title at the top of the 'host key changed' version of the dialog, and
the various information that lives in the subsidiary 'more info' box.
ssh/common.c constructs this, and passes it to the Seat to present the
actual prompt.
In order to deal with the different UI for answering the prompt, I've
added an extra Seat method 'prompt_descriptions' which returns some
snippets of text to interpolate into the messages. ssh/common.c calls
that while it's still constructing the text, and incorporates the
resulting snippets into the SeatDialogText.
For the moment, this refactoring only affects the host key prompts.
The warnings about outmoded crypto are still done the old-fashioned
way; they probably ought to be similarly refactored to use this new
SeatDialogText system, but it's not immediately critical for the
purpose I have right now.
2022-07-07 16:25:15 +00:00
|
|
|
.prompt_descriptions = console_prompt_descriptions,
|
Change vtable defs to use C99 designated initialisers.
This is a sweeping change applied across the whole code base by a spot
of Emacs Lisp. Now, everywhere I declare a vtable filled with function
pointers (and the occasional const data member), all the members of
the vtable structure are initialised by name using the '.fieldname =
value' syntax introduced in C99.
We were already using this syntax for a handful of things in the new
key-generation progress report system, so it's not new to the code
base as a whole.
The advantage is that now, when a vtable only declares a subset of the
available fields, I can initialise the rest to NULL or zero just by
leaving them out. This is most dramatic in a couple of the outlying
vtables in things like psocks (which has a ConnectionLayerVtable
containing only one non-NULL method), but less dramatically, it means
that the new 'flags' field in BackendVtable can be completely left out
of every backend definition except for the SUPDUP one which defines it
to a nonzero value. Similarly, the test_for_upstream method only used
by SSH doesn't have to be mentioned in the rest of the backends;
network Plugs for listening sockets don't have to explicitly null out
'receive' and 'sent', and vice versa for 'accepting', and so on.
While I'm at it, I've normalised the declarations so they don't use
the unnecessarily verbose 'struct' keyword. Also a handful of them
weren't const; now they are.
2020-03-10 21:06:29 +00:00
|
|
|
.is_utf8 = nullseat_is_never_utf8,
|
|
|
|
.echoedit_update = nullseat_echoedit_update,
|
|
|
|
.get_x_display = nullseat_get_x_display,
|
|
|
|
.get_windowid = nullseat_get_windowid,
|
|
|
|
.get_window_pixel_size = nullseat_get_window_pixel_size,
|
|
|
|
.stripctrl_new = console_stripctrl_new,
|
2021-09-12 08:52:46 +00:00
|
|
|
.set_trust_status = nullseat_set_trust_status,
|
|
|
|
.can_set_trust_status = nullseat_can_set_trust_status_yes,
|
New Seat query, has_mixed_input_stream().
(TL;DR: to suppress redundant 'Press Return to begin session' prompts
in between hops of a jump-host configuration, in Plink.)
This new query method directly asks the Seat the question: is the same
stream of input used to provide responses to interactive login
prompts, and the session input provided after login concludes?
It's used to suppress the last-ditch anti-spoofing defence in Plink of
interactively asking 'Access granted. Press Return to begin session',
on the basis that any such spoofing attack works by confusing the user
about what's a legit login prompt before the session begins and what's
sent by the server after the main session begins - so if those two
things take input from different places, the user can't be confused.
This doesn't change the existing behaviour of Plink, which was already
suppressing the antispoof prompt in cases where its standard input was
redirected from something other than a terminal. But previously it was
doing it within the can_set_trust_status() seat query, and I've now
moved it out into a separate query function.
The reason why these need to be separate is for SshProxy, which needs
to give an unusual combination of answers when run inside Plink. For
can_set_trust_status(), it needs to return whatever the parent Seat
returns, so that all the login prompts for a string of proxy
connections in session will be antispoofed the same way. But you only
want that final 'Access granted' prompt to happen _once_, after all
the proxy connection setup phases are done, because up until then
you're still in the safe hands of PuTTY itself presenting an unbroken
sequence of legit login prompts (even if they come from a succession
of different servers). Hence, SshProxy unconditionally returns 'no' to
the query of whether it has a single mixed input stream, because
indeed, it never does - for purposes of session input it behaves like
an always-redirected Plink, no matter what kind of real Seat it ends
up sending its pre-session login prompts to.
2021-11-06 14:33:03 +00:00
|
|
|
.has_mixed_input_stream = nullseat_has_mixed_input_stream_no,
|
Change vtable defs to use C99 designated initialisers.
This is a sweeping change applied across the whole code base by a spot
of Emacs Lisp. Now, everywhere I declare a vtable filled with function
pointers (and the occasional const data member), all the members of
the vtable structure are initialised by name using the '.fieldname =
value' syntax introduced in C99.
We were already using this syntax for a handful of things in the new
key-generation progress report system, so it's not new to the code
base as a whole.
The advantage is that now, when a vtable only declares a subset of the
available fields, I can initialise the rest to NULL or zero just by
leaving them out. This is most dramatic in a couple of the outlying
vtables in things like psocks (which has a ConnectionLayerVtable
containing only one non-NULL method), but less dramatically, it means
that the new 'flags' field in BackendVtable can be completely left out
of every backend definition except for the SUPDUP one which defines it
to a nonzero value. Similarly, the test_for_upstream method only used
by SSH doesn't have to be mentioned in the rest of the backends;
network Plugs for listening sockets don't have to explicitly null out
'receive' and 'sent', and vice versa for 'accepting', and so on.
While I'm at it, I've normalised the declarations so they don't use
the unnecessarily verbose 'struct' keyword. Also a handful of them
weren't const; now they are.
2020-03-10 21:06:29 +00:00
|
|
|
.verbose = cmdline_seat_verbose,
|
|
|
|
.interactive = nullseat_interactive_no,
|
|
|
|
.get_cursor_position = nullseat_get_cursor_position,
|
New abstraction 'Seat', to pass to backends.
This is a new vtable-based abstraction which is passed to a backend in
place of Frontend, and it implements only the subset of the Frontend
functions needed by a backend. (Many other Frontend functions still
exist, notably the wide range of things called by terminal.c providing
platform-independent operations on the GUI terminal window.)
The purpose of making it a vtable is that this opens up the
possibility of creating a backend as an internal implementation detail
of some other activity, by providing just that one backend with a
custom Seat that implements the methods differently.
For example, this refactoring should make it feasible to directly
implement an SSH proxy type, aka the 'jump host' feature supported by
OpenSSH, aka 'open a secondary SSH session in MAINCHAN_DIRECT_TCP
mode, and then expose the main channel of that as the Socket for the
primary connection'. (Which of course you can already do by spawning
'plink -nc' as a separate proxy process, but this would permit it in
the _same_ process without anything getting confused.)
I've centralised a full set of stub methods in misc.c for the new
abstraction, which allows me to get rid of several annoying stubs in
the previous code. Also, while I'm here, I've moved a lot of
duplicated modalfatalbox() type functions from application main
program files into wincons.c / uxcons.c, which I think saves
duplication overall. (A minor visible effect is that the prefixes on
those console-based fatal error messages will now be more consistent
between applications.)
2018-10-11 18:58:42 +00:00
|
|
|
};
|
|
|
|
static Seat pscp_seat[1] = {{ &pscp_seat_vt }};
|
|
|
|
|
2015-05-15 10:15:42 +00:00
|
|
|
static void tell_char(FILE *stream, char c)
|
2000-09-15 15:54:04 +00:00
|
|
|
{
|
2006-08-12 15:20:19 +00:00
|
|
|
fputc(c, stream);
|
2000-09-15 15:54:04 +00:00
|
|
|
}
|
|
|
|
|
2015-05-15 10:15:42 +00:00
|
|
|
static void tell_str(FILE *stream, const char *str)
|
2000-09-15 15:54:04 +00:00
|
|
|
{
|
|
|
|
unsigned int i;
|
|
|
|
|
2001-05-06 14:35:20 +00:00
|
|
|
for (i = 0; i < strlen(str); ++i)
|
2019-09-08 19:29:00 +00:00
|
|
|
tell_char(stream, str[i]);
|
2000-09-15 15:54:04 +00:00
|
|
|
}
|
|
|
|
|
2018-10-02 17:32:08 +00:00
|
|
|
static void abandon_stats(void)
|
2018-09-24 13:59:22 +00:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Output a \n to stdout (which is where we've been sending
|
2018-10-02 17:32:08 +00:00
|
|
|
* transfer statistics) so that the cursor will move to the next
|
|
|
|
* line. We should do this before displaying any other kind of
|
|
|
|
* output like an error message.
|
2018-09-24 13:59:22 +00:00
|
|
|
*/
|
2018-10-02 17:32:08 +00:00
|
|
|
if (prev_stats_len) {
|
2018-09-24 13:59:22 +00:00
|
|
|
putchar('\n');
|
|
|
|
fflush(stdout);
|
2018-10-02 17:32:08 +00:00
|
|
|
prev_stats_len = 0;
|
2018-09-24 13:59:22 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-01-26 14:49:31 +00:00
|
|
|
static PRINTF_LIKE(2, 3) void tell_user(FILE *stream, const char *fmt, ...)
|
2000-09-15 15:54:04 +00:00
|
|
|
{
|
2002-11-07 19:49:03 +00:00
|
|
|
char *str, *str2;
|
2000-09-15 15:54:04 +00:00
|
|
|
va_list ap;
|
|
|
|
va_start(ap, fmt);
|
2002-11-07 19:49:03 +00:00
|
|
|
str = dupvprintf(fmt, ap);
|
2000-09-15 15:54:04 +00:00
|
|
|
va_end(ap);
|
Make dupcat() into a variadic macro.
Up until now, it's been a variadic _function_, whose argument list
consists of 'const char *' ASCIZ strings to concatenate, terminated by
one containing a null pointer. Now, that function is dupcat_fn(), and
it's wrapped by a C99 variadic _macro_ called dupcat(), which
automatically suffixes the null-pointer terminating argument.
This has three benefits. Firstly, it's just less effort at every call
site. Secondly, it protects against the risk of accidentally leaving
off the NULL, causing arbitrary words of stack memory to be
dereferenced as char pointers. And thirdly, it protects against the
more subtle risk of writing a bare 'NULL' as the terminating argument,
instead of casting it explicitly to a pointer. That last one is
necessary because C permits the macro NULL to expand to an integer
constant such as 0, so NULL by itself may not have pointer type, and
worse, it may not be marshalled in a variadic argument list in the
same way as a pointer. (For example, on a 64-bit machine it might only
occupy 32 bits. And yet, on another 64-bit platform, it might work
just fine, so that you don't notice the mistake!)
I was inspired to do this by happening to notice one of those bare
NULL terminators, and thinking I'd better check if there were any
more. Turned out there were quite a few. Now there are none.
2019-10-14 18:42:37 +00:00
|
|
|
str2 = dupcat(str, "\n");
|
2002-11-07 19:49:03 +00:00
|
|
|
sfree(str);
|
2018-10-02 17:32:08 +00:00
|
|
|
abandon_stats();
|
2002-11-07 19:49:03 +00:00
|
|
|
tell_str(stream, str2);
|
|
|
|
sfree(str2);
|
2000-09-15 15:54:04 +00:00
|
|
|
}
|
|
|
|
|
2000-09-27 09:36:39 +00:00
|
|
|
/*
|
|
|
|
* Receive a block of data from the SSH link. Block until all data
|
|
|
|
* is available.
|
|
|
|
*
|
|
|
|
* To do this, we repeatedly call the SSH protocol module, with our
|
New abstraction 'Seat', to pass to backends.
This is a new vtable-based abstraction which is passed to a backend in
place of Frontend, and it implements only the subset of the Frontend
functions needed by a backend. (Many other Frontend functions still
exist, notably the wide range of things called by terminal.c providing
platform-independent operations on the GUI terminal window.)
The purpose of making it a vtable is that this opens up the
possibility of creating a backend as an internal implementation detail
of some other activity, by providing just that one backend with a
custom Seat that implements the methods differently.
For example, this refactoring should make it feasible to directly
implement an SSH proxy type, aka the 'jump host' feature supported by
OpenSSH, aka 'open a secondary SSH session in MAINCHAN_DIRECT_TCP
mode, and then expose the main channel of that as the Socket for the
primary connection'. (Which of course you can already do by spawning
'plink -nc' as a separate proxy process, but this would permit it in
the _same_ process without anything getting confused.)
I've centralised a full set of stub methods in misc.c for the new
abstraction, which allows me to get rid of several annoying stubs in
the previous code. Also, while I'm here, I've moved a lot of
duplicated modalfatalbox() type functions from application main
program files into wincons.c / uxcons.c, which I think saves
duplication overall. (A minor visible effect is that the prefixes on
those console-based fatal error messages will now be more consistent
between applications.)
2018-10-11 18:58:42 +00:00
|
|
|
* own pscp_output() function to catch the data that comes back. We do
|
|
|
|
* this until we have enough data.
|
2000-09-27 09:36:39 +00:00
|
|
|
*/
|
2000-10-23 10:32:37 +00:00
|
|
|
|
2018-12-01 09:56:32 +00:00
|
|
|
static bufchain received_data;
|
2019-02-20 07:09:10 +00:00
|
|
|
static BinarySink *stderr_bs;
|
2019-02-06 20:42:44 +00:00
|
|
|
static size_t pscp_output(
|
2021-09-16 13:46:49 +00:00
|
|
|
Seat *seat, SeatOutputType type, const void *data, size_t len)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2000-09-27 09:36:39 +00:00
|
|
|
/*
|
2021-09-16 13:46:49 +00:00
|
|
|
* Non-stdout data (both stderr and SSH auth banners) is just
|
|
|
|
* spouted to local stderr (optionally via a sanitiser) and
|
|
|
|
* otherwise ignored.
|
2000-09-27 09:36:39 +00:00
|
|
|
*/
|
2021-09-16 13:46:49 +00:00
|
|
|
if (type != SEAT_OUTPUT_STDOUT) {
|
2019-02-20 07:09:10 +00:00
|
|
|
put_data(stderr_bs, data, len);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 0;
|
2000-10-20 13:51:46 +00:00
|
|
|
}
|
2000-09-27 09:36:39 +00:00
|
|
|
|
2018-12-01 09:56:32 +00:00
|
|
|
bufchain_add(&received_data, data, len);
|
2001-08-25 17:09:23 +00:00
|
|
|
return 0;
|
|
|
|
}
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
static bool pscp_eof(Seat *seat)
|
2011-09-13 11:44:03 +00:00
|
|
|
{
|
|
|
|
/*
|
2013-08-13 06:46:51 +00:00
|
|
|
* We usually expect to be the party deciding when to close the
|
2011-09-13 11:44:03 +00:00
|
|
|
* connection, so if we see EOF before we sent it ourselves, we
|
2013-08-13 06:46:51 +00:00
|
|
|
* should panic. The exception is if we're using old-style scp and
|
|
|
|
* downloading rather than uploading.
|
2011-09-13 11:44:03 +00:00
|
|
|
*/
|
2013-08-13 06:46:51 +00:00
|
|
|
if ((using_sftp || uploading) && !sent_eof) {
|
New abstraction 'Seat', to pass to backends.
This is a new vtable-based abstraction which is passed to a backend in
place of Frontend, and it implements only the subset of the Frontend
functions needed by a backend. (Many other Frontend functions still
exist, notably the wide range of things called by terminal.c providing
platform-independent operations on the GUI terminal window.)
The purpose of making it a vtable is that this opens up the
possibility of creating a backend as an internal implementation detail
of some other activity, by providing just that one backend with a
custom Seat that implements the methods differently.
For example, this refactoring should make it feasible to directly
implement an SSH proxy type, aka the 'jump host' feature supported by
OpenSSH, aka 'open a secondary SSH session in MAINCHAN_DIRECT_TCP
mode, and then expose the main channel of that as the Socket for the
primary connection'. (Which of course you can already do by spawning
'plink -nc' as a separate proxy process, but this would permit it in
the _same_ process without anything getting confused.)
I've centralised a full set of stub methods in misc.c for the new
abstraction, which allows me to get rid of several annoying stubs in
the previous code. Also, while I'm here, I've moved a lot of
duplicated modalfatalbox() type functions from application main
program files into wincons.c / uxcons.c, which I think saves
duplication overall. (A minor visible effect is that the prefixes on
those console-based fatal error messages will now be more consistent
between applications.)
2018-10-11 18:58:42 +00:00
|
|
|
seat_connection_fatal(
|
|
|
|
pscp_seat, "Received unexpected end-of-file from server");
|
2011-09-13 11:44:03 +00:00
|
|
|
}
|
2018-10-29 19:50:29 +00:00
|
|
|
return false;
|
2011-09-13 11:44:03 +00:00
|
|
|
}
|
2019-02-06 20:42:44 +00:00
|
|
|
static bool ssh_scp_recv(void *vbuf, size_t len)
|
2001-05-06 14:35:20 +00:00
|
|
|
{
|
2018-12-01 09:56:32 +00:00
|
|
|
char *buf = (char *)vbuf;
|
|
|
|
while (len > 0) {
|
|
|
|
while (bufchain_size(&received_data) == 0) {
|
|
|
|
if (backend_exitcode(backend) >= 0 ||
|
|
|
|
ssh_sftp_loop_iteration() < 0)
|
|
|
|
return false; /* doom */
|
|
|
|
}
|
2000-09-27 09:36:39 +00:00
|
|
|
|
2019-02-06 20:42:44 +00:00
|
|
|
size_t got = bufchain_fetch_consume_up_to(&received_data, buf, len);
|
2018-12-01 09:56:32 +00:00
|
|
|
buf += got;
|
|
|
|
len -= got;
|
2000-09-27 09:36:39 +00:00
|
|
|
}
|
|
|
|
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
return true;
|
2000-09-27 09:36:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Loop through the ssh connection and authentication process.
|
|
|
|
*/
|
2001-05-06 14:35:20 +00:00
|
|
|
static void ssh_scp_init(void)
|
|
|
|
{
|
2018-09-11 15:23:38 +00:00
|
|
|
while (!backend_sendok(backend)) {
|
|
|
|
if (backend_exitcode(backend) >= 0) {
|
2008-07-11 19:24:56 +00:00
|
|
|
errs++;
|
|
|
|
return;
|
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
if (ssh_sftp_loop_iteration() < 0) {
|
2008-07-11 19:24:56 +00:00
|
|
|
errs++;
|
2019-09-08 19:29:00 +00:00
|
|
|
return; /* doom */
|
2008-07-11 19:24:56 +00:00
|
|
|
}
|
2000-09-27 09:36:39 +00:00
|
|
|
}
|
2004-04-25 22:18:19 +00:00
|
|
|
|
|
|
|
/* Work out which backend we ended up using. */
|
2018-09-11 15:23:38 +00:00
|
|
|
if (!ssh_fallback_cmd(backend))
|
2019-09-08 19:29:00 +00:00
|
|
|
using_sftp = main_cmd_is_sftp;
|
2004-04-25 22:18:19 +00:00
|
|
|
else
|
2019-09-08 19:29:00 +00:00
|
|
|
using_sftp = fallback_cmd_is_sftp;
|
2004-04-25 22:18:19 +00:00
|
|
|
|
2003-06-26 15:08:05 +00:00
|
|
|
if (verbose) {
|
2019-09-08 19:29:00 +00:00
|
|
|
if (using_sftp)
|
|
|
|
tell_user(stderr, "Using SFTP");
|
|
|
|
else
|
|
|
|
tell_user(stderr, "Using SCP1");
|
2003-06-26 15:08:05 +00:00
|
|
|
}
|
2000-09-27 09:36:39 +00:00
|
|
|
}
|
|
|
|
|
1999-08-31 09:20:48 +00:00
|
|
|
/*
|
|
|
|
* Print an error message and exit after closing the SSH link.
|
|
|
|
*/
|
2020-01-26 14:49:31 +00:00
|
|
|
static NORETURN PRINTF_LIKE(1, 2) void bump(const char *fmt, ...)
|
1999-08-31 09:20:48 +00:00
|
|
|
{
|
2002-11-07 19:49:03 +00:00
|
|
|
char *str, *str2;
|
1999-11-08 11:22:45 +00:00
|
|
|
va_list ap;
|
|
|
|
va_start(ap, fmt);
|
2002-11-07 19:49:03 +00:00
|
|
|
str = dupvprintf(fmt, ap);
|
1999-11-08 11:22:45 +00:00
|
|
|
va_end(ap);
|
Make dupcat() into a variadic macro.
Up until now, it's been a variadic _function_, whose argument list
consists of 'const char *' ASCIZ strings to concatenate, terminated by
one containing a null pointer. Now, that function is dupcat_fn(), and
it's wrapped by a C99 variadic _macro_ called dupcat(), which
automatically suffixes the null-pointer terminating argument.
This has three benefits. Firstly, it's just less effort at every call
site. Secondly, it protects against the risk of accidentally leaving
off the NULL, causing arbitrary words of stack memory to be
dereferenced as char pointers. And thirdly, it protects against the
more subtle risk of writing a bare 'NULL' as the terminating argument,
instead of casting it explicitly to a pointer. That last one is
necessary because C permits the macro NULL to expand to an integer
constant such as 0, so NULL by itself may not have pointer type, and
worse, it may not be marshalled in a variadic argument list in the
same way as a pointer. (For example, on a 64-bit machine it might only
occupy 32 bits. And yet, on another 64-bit platform, it might work
just fine, so that you don't notice the mistake!)
I was inspired to do this by happening to notice one of those bare
NULL terminators, and thinking I'd better check if there were any
more. Turned out there were quite a few. Now there are none.
2019-10-14 18:42:37 +00:00
|
|
|
str2 = dupcat(str, "\n");
|
2002-11-07 19:49:03 +00:00
|
|
|
sfree(str);
|
2018-10-02 17:32:08 +00:00
|
|
|
abandon_stats();
|
2002-11-07 19:49:03 +00:00
|
|
|
tell_str(stderr, str2);
|
|
|
|
sfree(str2);
|
2001-05-13 11:15:16 +00:00
|
|
|
errs++;
|
2000-09-15 15:54:04 +00:00
|
|
|
|
2018-09-11 15:23:38 +00:00
|
|
|
if (backend && backend_connected(backend)) {
|
2019-09-08 19:29:00 +00:00
|
|
|
char ch;
|
Rework special-commands system to add an integer argument.
In order to list cross-certifiable host keys in the GUI specials menu,
the SSH backend has been inventing new values on the end of the
Telnet_Special enumeration, starting from the value TS_LOCALSTART.
This is inelegant, and also makes it awkward to break up special
handlers (e.g. to dispatch different specials to different SSH
layers), since if all you know about a special is that it's somewhere
in the TS_LOCALSTART+n space, you can't tell what _general kind_ of
thing it is. Also, if I ever need another open-ended set of specials
in future, I'll have to remember which TS_LOCALSTART+n codes are in
which set.
So here's a revamp that causes every special to take an extra integer
argument. For all previously numbered specials, this argument is
passed as zero and ignored, but there's a new main special code for
SSH host key cross-certification, in which the integer argument is an
index into the backend's list of available keys. TS_LOCALSTART is now
a thing of the past: if I need any other open-ended sets of specials
in future, I can add a new top-level code with a nicely separated
space of arguments.
While I'm at it, I've removed the legacy misnomer 'Telnet_Special'
from the code completely; the enum is now SessionSpecialCode, the
struct containing full details of a menu entry is SessionSpecial, and
the enum values now start SS_ rather than TS_.
2018-09-24 08:35:52 +00:00
|
|
|
backend_special(backend, SS_EOF, 0);
|
2018-10-29 19:50:29 +00:00
|
|
|
sent_eof = true;
|
2019-09-08 19:29:00 +00:00
|
|
|
ssh_scp_recv(&ch, 1);
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
2001-05-13 11:15:16 +00:00
|
|
|
|
2002-03-06 20:13:22 +00:00
|
|
|
cleanup_exit(1);
|
1999-08-31 09:20:48 +00:00
|
|
|
}
|
|
|
|
|
2019-02-20 07:09:10 +00:00
|
|
|
/*
|
|
|
|
* A nasty loop macro that lets me get an escape-sequence sanitised
|
|
|
|
* version of a string for display, and free it automatically
|
|
|
|
* afterwards.
|
|
|
|
*/
|
2019-03-09 16:03:40 +00:00
|
|
|
static StripCtrlChars *string_scc;
|
|
|
|
#define with_stripctrl(varname, input) \
|
|
|
|
for (char *varname = stripctrl_string(string_scc, input); varname; \
|
2019-02-20 07:09:10 +00:00
|
|
|
sfree(varname), varname = NULL)
|
|
|
|
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
/*
|
|
|
|
* Wait for the reply to a single SFTP request. Parallels the same
|
|
|
|
* function in psftp.c (but isn't centralised into sftp.c because the
|
|
|
|
* latter module handles SFTP only and shouldn't assume that SFTP is
|
New abstraction 'Seat', to pass to backends.
This is a new vtable-based abstraction which is passed to a backend in
place of Frontend, and it implements only the subset of the Frontend
functions needed by a backend. (Many other Frontend functions still
exist, notably the wide range of things called by terminal.c providing
platform-independent operations on the GUI terminal window.)
The purpose of making it a vtable is that this opens up the
possibility of creating a backend as an internal implementation detail
of some other activity, by providing just that one backend with a
custom Seat that implements the methods differently.
For example, this refactoring should make it feasible to directly
implement an SSH proxy type, aka the 'jump host' feature supported by
OpenSSH, aka 'open a secondary SSH session in MAINCHAN_DIRECT_TCP
mode, and then expose the main channel of that as the Socket for the
primary connection'. (Which of course you can already do by spawning
'plink -nc' as a separate proxy process, but this would permit it in
the _same_ process without anything getting confused.)
I've centralised a full set of stub methods in misc.c for the new
abstraction, which allows me to get rid of several annoying stubs in
the previous code. Also, while I'm here, I've moved a lot of
duplicated modalfatalbox() type functions from application main
program files into wincons.c / uxcons.c, which I think saves
duplication overall. (A minor visible effect is that the prefixes on
those console-based fatal error messages will now be more consistent
between applications.)
2018-10-11 18:58:42 +00:00
|
|
|
* the only thing going on by calling seat_connection_fatal).
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
*/
|
|
|
|
struct sftp_packet *sftp_wait_for_reply(struct sftp_request *req)
|
|
|
|
{
|
|
|
|
struct sftp_packet *pktin;
|
|
|
|
struct sftp_request *rreq;
|
|
|
|
|
|
|
|
sftp_register(req);
|
|
|
|
pktin = sftp_recv();
|
New abstraction 'Seat', to pass to backends.
This is a new vtable-based abstraction which is passed to a backend in
place of Frontend, and it implements only the subset of the Frontend
functions needed by a backend. (Many other Frontend functions still
exist, notably the wide range of things called by terminal.c providing
platform-independent operations on the GUI terminal window.)
The purpose of making it a vtable is that this opens up the
possibility of creating a backend as an internal implementation detail
of some other activity, by providing just that one backend with a
custom Seat that implements the methods differently.
For example, this refactoring should make it feasible to directly
implement an SSH proxy type, aka the 'jump host' feature supported by
OpenSSH, aka 'open a secondary SSH session in MAINCHAN_DIRECT_TCP
mode, and then expose the main channel of that as the Socket for the
primary connection'. (Which of course you can already do by spawning
'plink -nc' as a separate proxy process, but this would permit it in
the _same_ process without anything getting confused.)
I've centralised a full set of stub methods in misc.c for the new
abstraction, which allows me to get rid of several annoying stubs in
the previous code. Also, while I'm here, I've moved a lot of
duplicated modalfatalbox() type functions from application main
program files into wincons.c / uxcons.c, which I think saves
duplication overall. (A minor visible effect is that the prefixes on
those console-based fatal error messages will now be more consistent
between applications.)
2018-10-11 18:58:42 +00:00
|
|
|
if (pktin == NULL) {
|
|
|
|
seat_connection_fatal(
|
|
|
|
pscp_seat, "did not receive SFTP response packet from server");
|
|
|
|
}
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
rreq = sftp_find_request(pktin);
|
New abstraction 'Seat', to pass to backends.
This is a new vtable-based abstraction which is passed to a backend in
place of Frontend, and it implements only the subset of the Frontend
functions needed by a backend. (Many other Frontend functions still
exist, notably the wide range of things called by terminal.c providing
platform-independent operations on the GUI terminal window.)
The purpose of making it a vtable is that this opens up the
possibility of creating a backend as an internal implementation detail
of some other activity, by providing just that one backend with a
custom Seat that implements the methods differently.
For example, this refactoring should make it feasible to directly
implement an SSH proxy type, aka the 'jump host' feature supported by
OpenSSH, aka 'open a secondary SSH session in MAINCHAN_DIRECT_TCP
mode, and then expose the main channel of that as the Socket for the
primary connection'. (Which of course you can already do by spawning
'plink -nc' as a separate proxy process, but this would permit it in
the _same_ process without anything getting confused.)
I've centralised a full set of stub methods in misc.c for the new
abstraction, which allows me to get rid of several annoying stubs in
the previous code. Also, while I'm here, I've moved a lot of
duplicated modalfatalbox() type functions from application main
program files into wincons.c / uxcons.c, which I think saves
duplication overall. (A minor visible effect is that the prefixes on
those console-based fatal error messages will now be more consistent
between applications.)
2018-10-11 18:58:42 +00:00
|
|
|
if (rreq != req) {
|
|
|
|
seat_connection_fatal(
|
|
|
|
pscp_seat,
|
|
|
|
"unable to understand SFTP response packet from server: %s",
|
|
|
|
fxp_error());
|
|
|
|
}
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
return pktin;
|
|
|
|
}
|
|
|
|
|
1999-08-31 09:20:48 +00:00
|
|
|
/*
|
|
|
|
* Open an SSH connection to user@host and execute cmd.
|
|
|
|
*/
|
|
|
|
static void do_cmd(char *host, char *user, char *cmd)
|
|
|
|
{
|
2003-05-04 14:18:18 +00:00
|
|
|
const char *err;
|
|
|
|
char *realhost;
|
2018-09-11 14:17:16 +00:00
|
|
|
LogContext *logctx;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
|
|
|
if (host == NULL || host[0] == '\0')
|
2019-09-08 19:29:00 +00:00
|
|
|
bump("Empty host name");
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2004-12-30 16:45:11 +00:00
|
|
|
/*
|
2014-01-25 15:58:54 +00:00
|
|
|
* Remove a colon suffix.
|
2004-12-30 16:45:11 +00:00
|
|
|
*/
|
2014-01-25 15:58:54 +00:00
|
|
|
host[host_strcspn(host, ":")] = '\0';
|
2004-12-30 16:45:11 +00:00
|
|
|
|
2004-07-25 14:00:26 +00:00
|
|
|
/*
|
|
|
|
* If we haven't loaded session details already (e.g., from -load),
|
|
|
|
* try looking for a session called "host".
|
|
|
|
*/
|
2020-01-30 06:40:22 +00:00
|
|
|
if (!cmdline_loaded_session()) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* Try to load settings for `host' into a temporary config */
|
|
|
|
Conf *conf2 = conf_new();
|
|
|
|
conf_set_str(conf2, CONF_host, "");
|
|
|
|
do_defaults(host, conf2);
|
|
|
|
if (conf_get_str(conf2, CONF_host)[0] != '\0') {
|
|
|
|
/* Settings present and include hostname */
|
|
|
|
/* Re-load data into the real config. */
|
|
|
|
do_defaults(host, conf);
|
|
|
|
} else {
|
|
|
|
/* Session doesn't exist or mention a hostname. */
|
|
|
|
/* Use `host' as a bare hostname. */
|
|
|
|
conf_set_str(conf, CONF_host, host);
|
|
|
|
}
|
2017-02-14 20:42:26 +00:00
|
|
|
conf_free(conf2);
|
2004-07-25 14:00:26 +00:00
|
|
|
} else {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* Patch in hostname `host' to session details. */
|
|
|
|
conf_set_str(conf, CONF_host, host);
|
2002-10-07 16:52:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2020-02-22 15:29:45 +00:00
|
|
|
* Force protocol to SSH if the user has somehow contrived to
|
|
|
|
* select one we don't support (e.g. by loading an inappropriate
|
|
|
|
* saved session). In that situation we assume the port number is
|
|
|
|
* useless too.)
|
2002-10-07 16:52:55 +00:00
|
|
|
*/
|
2020-02-22 15:29:45 +00:00
|
|
|
if (!backend_vt_from_proto(conf_get_int(conf, CONF_protocol))) {
|
Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
2011-07-14 18:52:21 +00:00
|
|
|
conf_set_int(conf, CONF_protocol, PROT_SSH);
|
|
|
|
conf_set_int(conf, CONF_port, 22);
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
|
|
|
|
2002-08-04 21:18:56 +00:00
|
|
|
/*
|
|
|
|
* Enact command-line overrides.
|
|
|
|
*/
|
Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
2011-07-14 18:52:21 +00:00
|
|
|
cmdline_run_saved(conf);
|
2002-08-04 21:18:56 +00:00
|
|
|
|
2001-10-30 21:45:27 +00:00
|
|
|
/*
|
Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
2011-07-14 18:52:21 +00:00
|
|
|
* Muck about with the hostname in various ways.
|
2001-10-30 21:45:27 +00:00
|
|
|
*/
|
|
|
|
{
|
2019-09-08 19:29:00 +00:00
|
|
|
char *hostbuf = dupstr(conf_get_str(conf, CONF_host));
|
|
|
|
char *host = hostbuf;
|
|
|
|
char *p, *q;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Trim leading whitespace.
|
|
|
|
*/
|
|
|
|
host += strspn(host, " \t");
|
|
|
|
|
|
|
|
/*
|
|
|
|
* See if host is of the form user@host, and separate out
|
|
|
|
* the username if so.
|
|
|
|
*/
|
|
|
|
if (host[0] != '\0') {
|
|
|
|
char *atsign = strrchr(host, '@');
|
|
|
|
if (atsign) {
|
|
|
|
*atsign = '\0';
|
|
|
|
conf_set_str(conf, CONF_username, host);
|
|
|
|
host = atsign + 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Remove any remaining whitespace.
|
|
|
|
*/
|
|
|
|
p = hostbuf;
|
|
|
|
q = host;
|
|
|
|
while (*q) {
|
|
|
|
if (*q != ' ' && *q != '\t')
|
|
|
|
*p++ = *q;
|
|
|
|
q++;
|
|
|
|
}
|
|
|
|
*p = '\0';
|
|
|
|
|
|
|
|
conf_set_str(conf, CONF_host, hostbuf);
|
|
|
|
sfree(hostbuf);
|
2002-10-16 11:35:13 +00:00
|
|
|
}
|
|
|
|
|
1999-11-08 11:22:45 +00:00
|
|
|
/* Set username */
|
|
|
|
if (user != NULL && user[0] != '\0') {
|
2019-09-08 19:29:00 +00:00
|
|
|
conf_set_str(conf, CONF_username, user);
|
2024-09-23 15:59:11 +00:00
|
|
|
} else if (conf_get_str_ambi(conf, CONF_username, NULL)[0] == '\0') {
|
2019-09-08 19:29:00 +00:00
|
|
|
user = get_username();
|
|
|
|
if (!user)
|
|
|
|
bump("Empty user name");
|
|
|
|
else {
|
|
|
|
if (verbose)
|
|
|
|
tell_user(stderr, "Guessing user name: %s", user);
|
|
|
|
conf_set_str(conf, CONF_username, user);
|
|
|
|
sfree(user);
|
|
|
|
}
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
|
|
|
|
2020-04-19 13:40:30 +00:00
|
|
|
/*
|
|
|
|
* Force protocol to SSH if the user has somehow contrived to
|
|
|
|
* select one we don't support (e.g. by loading an inappropriate
|
|
|
|
* saved session). In that situation we assume the port number is
|
|
|
|
* useless too.)
|
|
|
|
*/
|
|
|
|
if (!backend_vt_from_proto(conf_get_int(conf, CONF_protocol))) {
|
|
|
|
conf_set_int(conf, CONF_protocol, PROT_SSH);
|
|
|
|
conf_set_int(conf, CONF_port, 22);
|
|
|
|
}
|
|
|
|
|
2001-09-12 20:11:48 +00:00
|
|
|
/*
|
|
|
|
* Disable scary things which shouldn't be enabled for simple
|
|
|
|
* things like SCP and SFTP: agent forwarding, port forwarding,
|
|
|
|
* X forwarding.
|
|
|
|
*/
|
2018-10-29 19:57:31 +00:00
|
|
|
conf_set_bool(conf, CONF_x11_forward, false);
|
|
|
|
conf_set_bool(conf, CONF_agentfwd, false);
|
|
|
|
conf_set_bool(conf, CONF_ssh_simple, true);
|
Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
2011-07-14 18:52:21 +00:00
|
|
|
{
|
2019-09-08 19:29:00 +00:00
|
|
|
char *key;
|
|
|
|
while ((key = conf_get_str_nthstrkey(conf, CONF_portfwd, 0)) != NULL)
|
|
|
|
conf_del_str_str(conf, CONF_portfwd, key);
|
Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
2011-07-14 18:52:21 +00:00
|
|
|
}
|
2001-09-12 20:11:48 +00:00
|
|
|
|
2001-08-26 18:32:28 +00:00
|
|
|
/*
|
2004-04-25 22:18:19 +00:00
|
|
|
* Set up main and possibly fallback command depending on
|
|
|
|
* options specified by user.
|
2001-08-26 18:32:28 +00:00
|
|
|
* Attempt to start the SFTP subsystem as a first choice,
|
|
|
|
* falling back to the provided scp command if that fails.
|
|
|
|
*/
|
Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
2011-07-14 18:52:21 +00:00
|
|
|
conf_set_str(conf, CONF_remote_cmd2, "");
|
2004-04-25 22:18:19 +00:00
|
|
|
if (try_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* First choice is SFTP subsystem. */
|
|
|
|
main_cmd_is_sftp = true;
|
|
|
|
conf_set_str(conf, CONF_remote_cmd, "sftp");
|
|
|
|
conf_set_bool(conf, CONF_ssh_subsys, true);
|
|
|
|
if (try_scp) {
|
|
|
|
/* Fallback is to use the provided scp command. */
|
|
|
|
fallback_cmd_is_sftp = false;
|
|
|
|
conf_set_str(conf, CONF_remote_cmd2, cmd);
|
|
|
|
conf_set_bool(conf, CONF_ssh_subsys2, false);
|
|
|
|
} else {
|
|
|
|
/* Since we're not going to try SCP, we may as well try
|
|
|
|
* harder to find an SFTP server, since in the current
|
|
|
|
* implementation we have a spare slot. */
|
|
|
|
fallback_cmd_is_sftp = true;
|
|
|
|
/* see psftp.c for full explanation of this kludge */
|
|
|
|
conf_set_str(conf, CONF_remote_cmd2,
|
|
|
|
"test -x /usr/lib/sftp-server &&"
|
|
|
|
" exec /usr/lib/sftp-server\n"
|
|
|
|
"test -x /usr/local/lib/sftp-server &&"
|
|
|
|
" exec /usr/local/lib/sftp-server\n"
|
|
|
|
"exec sftp-server");
|
|
|
|
conf_set_bool(conf, CONF_ssh_subsys2, false);
|
|
|
|
}
|
2004-04-25 22:18:19 +00:00
|
|
|
} else {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* Don't try SFTP at all; just try the scp command. */
|
|
|
|
main_cmd_is_sftp = false;
|
|
|
|
conf_set_str(conf, CONF_remote_cmd, cmd);
|
|
|
|
conf_set_bool(conf, CONF_ssh_subsys, false);
|
2004-04-25 22:18:19 +00:00
|
|
|
}
|
2018-10-29 19:57:31 +00:00
|
|
|
conf_set_bool(conf, CONF_nopty, true);
|
2000-09-27 09:36:39 +00:00
|
|
|
|
Remove FLAG_VERBOSE.
The global 'int flags' has always been an ugly feature of this code
base, and I suddenly thought that perhaps it's time to start throwing
it out, one flag at a time, until it's totally unused.
My first target is FLAG_VERBOSE. This was usually set by cmdline.c
when it saw a -v option on the program's command line, except that GUI
PuTTY itself sets it unconditionally on startup. And then various bits
of the code would check it in order to decide whether to print a given
message.
In the current system of front-end abstraction traits, there's no
_one_ place that I can move it to. But there are two: every place that
checked FLAG_VERBOSE has access to either a Seat or a LogPolicy. So
now each of those traits has a query method for 'do I want verbose
messages?'.
A good effect of this is that subsidiary Seats, like the ones used in
Uppity for the main SSH server module itself and the server end of
shell channels, now get to have their own verbosity setting instead of
inheriting the one global one. In fact I don't expect any code using
those Seats to be generating any messages at all, but if that changes
later, we'll have a way to control it. (Who knows, perhaps logging in
Uppity might become a thing.)
As part of this cleanup, I've added a new flag to cmdline_tooltype,
called TOOLTYPE_NO_VERBOSE_OPTION. The unconditionally-verbose tools
now set that, and it has the effect of making cmdline.c disallow -v
completely. So where 'putty -v' would previously have been silently
ignored ("I was already verbose"), it's now an error, reminding you
that that option doesn't actually do anything.
Finally, the 'default_logpolicy' provided by uxcons.c and wincons.c
(with identical definitions) has had to move into a new file of its
own, because now it has to ask cmdline.c for the verbosity setting as
well as asking console.c for the rest of its methods. So there's a new
file clicons.c which can only be included by programs that link
against both cmdline.c _and_ one of the *cons.c, and I've renamed the
logpolicy to reflect that.
2020-01-30 06:40:21 +00:00
|
|
|
logctx = log_init(console_cli_logpolicy, conf);
|
2017-02-11 00:23:36 +00:00
|
|
|
|
Remove FLAG_VERBOSE.
The global 'int flags' has always been an ugly feature of this code
base, and I suddenly thought that perhaps it's time to start throwing
it out, one flag at a time, until it's totally unused.
My first target is FLAG_VERBOSE. This was usually set by cmdline.c
when it saw a -v option on the program's command line, except that GUI
PuTTY itself sets it unconditionally on startup. And then various bits
of the code would check it in order to decide whether to print a given
message.
In the current system of front-end abstraction traits, there's no
_one_ place that I can move it to. But there are two: every place that
checked FLAG_VERBOSE has access to either a Seat or a LogPolicy. So
now each of those traits has a query method for 'do I want verbose
messages?'.
A good effect of this is that subsidiary Seats, like the ones used in
Uppity for the main SSH server module itself and the server end of
shell channels, now get to have their own verbosity setting instead of
inheriting the one global one. In fact I don't expect any code using
those Seats to be generating any messages at all, but if that changes
later, we'll have a way to control it. (Who knows, perhaps logging in
Uppity might become a thing.)
As part of this cleanup, I've added a new flag to cmdline_tooltype,
called TOOLTYPE_NO_VERBOSE_OPTION. The unconditionally-verbose tools
now set that, and it has the effect of making cmdline.c disallow -v
completely. So where 'putty -v' would previously have been silently
ignored ("I was already verbose"), it's now an error, reminding you
that that option doesn't actually do anything.
Finally, the 'default_logpolicy' provided by uxcons.c and wincons.c
(with identical definitions) has had to move into a new file of its
own, because now it has to ask cmdline.c for the verbosity setting as
well as asking console.c for the rest of its methods. So there's a new
file clicons.c which can only be included by programs that link
against both cmdline.c _and_ one of the *cons.c, and I've renamed the
logpolicy to reflect that.
2020-01-30 06:40:21 +00:00
|
|
|
platform_psftp_pre_conn_setup(console_cli_logpolicy);
|
2017-02-11 00:44:00 +00:00
|
|
|
|
2020-02-22 15:29:45 +00:00
|
|
|
err = backend_init(backend_vt_from_proto(
|
|
|
|
conf_get_int(conf, CONF_protocol)),
|
|
|
|
pscp_seat, &backend, logctx, conf,
|
2018-09-11 15:23:38 +00:00
|
|
|
conf_get_str(conf, CONF_host),
|
|
|
|
conf_get_int(conf, CONF_port),
|
|
|
|
&realhost, 0,
|
2018-10-29 19:57:31 +00:00
|
|
|
conf_get_bool(conf, CONF_tcp_keepalives));
|
1999-11-08 11:22:45 +00:00
|
|
|
if (err != NULL)
|
2019-09-08 19:29:00 +00:00
|
|
|
bump("ssh_init: %s", err);
|
2000-09-27 09:36:39 +00:00
|
|
|
ssh_scp_init();
|
2008-07-11 19:24:56 +00:00
|
|
|
if (verbose && realhost != NULL && errs == 0)
|
2019-09-08 19:29:00 +00:00
|
|
|
tell_user(stderr, "Connected to %s", realhost);
|
2001-05-09 14:01:15 +00:00
|
|
|
sfree(realhost);
|
1999-08-31 09:20:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Update statistic information about current file.
|
|
|
|
*/
|
2018-10-26 22:08:58 +00:00
|
|
|
static void print_stats(const char *name, uint64_t size, uint64_t done,
|
2019-09-08 19:29:00 +00:00
|
|
|
time_t start, time_t now)
|
1999-08-31 09:20:48 +00:00
|
|
|
{
|
1999-11-08 11:22:45 +00:00
|
|
|
float ratebs;
|
|
|
|
unsigned long eta;
|
2004-04-27 18:23:48 +00:00
|
|
|
char *etastr;
|
1999-11-08 11:22:45 +00:00
|
|
|
int pct;
|
2001-05-19 13:41:18 +00:00
|
|
|
int len;
|
2001-11-21 22:58:01 +00:00
|
|
|
int elap;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2001-11-21 22:58:01 +00:00
|
|
|
elap = (unsigned long) difftime(now, start);
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2001-11-21 22:58:01 +00:00
|
|
|
if (now > start)
|
2019-09-08 19:29:00 +00:00
|
|
|
ratebs = (float)done / elap;
|
2001-11-21 22:58:01 +00:00
|
|
|
else
|
2019-09-08 19:29:00 +00:00
|
|
|
ratebs = (float)done;
|
2001-11-21 22:58:01 +00:00
|
|
|
|
|
|
|
if (ratebs < 1.0)
|
2019-09-08 19:29:00 +00:00
|
|
|
eta = size - done;
|
2018-10-26 22:08:58 +00:00
|
|
|
else
|
|
|
|
eta = (unsigned long)((size - done) / ratebs);
|
2006-08-12 15:20:19 +00:00
|
|
|
|
2004-04-27 18:23:48 +00:00
|
|
|
etastr = dupprintf("%02ld:%02ld:%02ld",
|
2019-09-08 19:29:00 +00:00
|
|
|
eta / 3600, (eta % 3600) / 60, eta % 60);
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2018-10-26 22:08:58 +00:00
|
|
|
pct = (int) (100.0 * done / size);
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2006-08-12 15:20:19 +00:00
|
|
|
{
|
2019-09-08 19:29:00 +00:00
|
|
|
/* divide by 1024 to provide kB */
|
|
|
|
len = printf("\r%-25.25s | %"PRIu64" kB | %5.1f kB/s | "
|
2018-10-26 22:08:58 +00:00
|
|
|
"ETA: %8s | %3d%%", name, done >> 10,
|
|
|
|
ratebs / 1024.0, etastr, pct);
|
2019-09-08 19:29:00 +00:00
|
|
|
if (len < prev_stats_len)
|
|
|
|
printf("%*s", prev_stats_len - len, "");
|
|
|
|
prev_stats_len = len;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (done == size)
|
2018-10-02 17:32:08 +00:00
|
|
|
abandon_stats();
|
2018-09-24 13:59:22 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
fflush(stdout);
|
2000-09-15 15:54:04 +00:00
|
|
|
}
|
2004-04-27 18:23:48 +00:00
|
|
|
|
|
|
|
free(etastr);
|
1999-08-31 09:20:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
* Find a colon in str and return a pointer to the colon.
|
|
|
|
* This is used to separate hostname from filename.
|
|
|
|
*
|
|
|
|
* Colons in bracketed IPv6 address literals are ignored, because
|
|
|
|
* they're logically part of the hostname.
|
|
|
|
*
|
|
|
|
* Like strchr in the C standard library, we accept a const char * as
|
|
|
|
* input, and produce a mutable char * as output. The intention is
|
|
|
|
* that you EITHER pass a mutable char * input and use the mutability
|
|
|
|
* of the output, OR pass a const char * as input and don't use the
|
|
|
|
* mutability, but don't use this to silently launder consts off
|
|
|
|
* things.
|
1999-08-31 09:20:48 +00:00
|
|
|
*/
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
static char *colon(const char *str)
|
1999-08-31 09:20:48 +00:00
|
|
|
{
|
1999-11-08 11:22:45 +00:00
|
|
|
/* We ignore a leading colon, since the hostname cannot be
|
2001-05-06 14:35:20 +00:00
|
|
|
empty. We also ignore a colon as second character because
|
|
|
|
of filenames like f:myfile.txt. */
|
2006-02-11 19:10:01 +00:00
|
|
|
if (str[0] == '\0' || str[0] == ':' ||
|
|
|
|
(str[0] != '[' && str[1] == ':'))
|
2019-09-08 19:29:00 +00:00
|
|
|
return (NULL);
|
2014-01-25 15:58:54 +00:00
|
|
|
str += host_strcspn(str, ":/\\");
|
1999-11-08 11:22:45 +00:00
|
|
|
if (*str == ':')
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
return (char *)str;
|
1999-11-08 11:22:45 +00:00
|
|
|
else
|
2019-09-08 19:29:00 +00:00
|
|
|
return (NULL);
|
1999-08-31 09:20:48 +00:00
|
|
|
}
|
|
|
|
|
2001-08-26 18:32:28 +00:00
|
|
|
/*
|
|
|
|
* Determine whether a string is entirely composed of dots.
|
|
|
|
*/
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
static bool is_dots(char *str)
|
2001-08-26 18:32:28 +00:00
|
|
|
{
|
|
|
|
return str[strspn(str, ".")] == '\0';
|
|
|
|
}
|
|
|
|
|
1999-08-31 09:20:48 +00:00
|
|
|
/*
|
|
|
|
* Wait for a response from the other side.
|
|
|
|
* Return 0 if ok, -1 if error.
|
|
|
|
*/
|
|
|
|
static int response(void)
|
|
|
|
{
|
1999-11-08 11:22:45 +00:00
|
|
|
char ch, resp, rbuf[2048];
|
|
|
|
int p;
|
|
|
|
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
if (!ssh_scp_recv(&resp, 1))
|
2019-09-08 19:29:00 +00:00
|
|
|
bump("Lost connection");
|
1999-11-08 11:22:45 +00:00
|
|
|
|
|
|
|
p = 0;
|
|
|
|
switch (resp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
case 0: /* ok */
|
|
|
|
return (0);
|
1999-11-08 11:22:45 +00:00
|
|
|
default:
|
2019-09-08 19:29:00 +00:00
|
|
|
rbuf[p++] = resp;
|
|
|
|
/* fallthrough */
|
|
|
|
case 1: /* error */
|
|
|
|
case 2: /* fatal error */
|
|
|
|
do {
|
|
|
|
if (!ssh_scp_recv(&ch, 1))
|
|
|
|
bump("Protocol error: Lost connection");
|
|
|
|
rbuf[p++] = ch;
|
|
|
|
} while (p < sizeof(rbuf) && ch != '\n');
|
|
|
|
rbuf[p - 1] = '\0';
|
|
|
|
if (resp == 1)
|
|
|
|
tell_user(stderr, "%s", rbuf);
|
|
|
|
else
|
|
|
|
bump("%s", rbuf);
|
|
|
|
errs++;
|
|
|
|
return (-1);
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
1999-08-31 09:20:48 +00:00
|
|
|
}
|
|
|
|
|
2019-02-06 20:42:44 +00:00
|
|
|
bool sftp_recvdata(char *buf, size_t len)
|
2001-08-26 18:32:28 +00:00
|
|
|
{
|
2018-05-26 07:31:34 +00:00
|
|
|
return ssh_scp_recv(buf, len);
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2019-02-06 20:42:44 +00:00
|
|
|
bool sftp_senddata(const char *buf, size_t len)
|
2001-08-26 18:32:28 +00:00
|
|
|
{
|
2018-09-11 15:23:38 +00:00
|
|
|
backend_send(backend, buf, len);
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
return true;
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2019-02-06 20:42:44 +00:00
|
|
|
size_t sftp_sendbuffer(void)
|
2016-04-08 23:24:12 +00:00
|
|
|
{
|
2018-09-11 15:23:38 +00:00
|
|
|
return backend_sendbuffer(backend);
|
2016-04-08 23:24:12 +00:00
|
|
|
}
|
2001-08-26 18:32:28 +00:00
|
|
|
|
|
|
|
/* ----------------------------------------------------------------------
|
|
|
|
* sftp-based replacement for the hacky `pscp -ls'.
|
|
|
|
*/
|
2019-05-15 13:57:06 +00:00
|
|
|
void list_directory_from_sftp_warn_unsorted(void)
|
2001-08-26 18:32:28 +00:00
|
|
|
{
|
2019-05-15 13:57:06 +00:00
|
|
|
fprintf(stderr,
|
|
|
|
"Directory is too large to sort; writing file names unsorted\n");
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2019-05-15 13:57:06 +00:00
|
|
|
|
|
|
|
void list_directory_from_sftp_print(struct fxp_name *name)
|
|
|
|
{
|
|
|
|
with_stripctrl(san, name->longname)
|
|
|
|
printf("%s\n", san);
|
|
|
|
}
|
|
|
|
|
2015-05-15 10:15:42 +00:00
|
|
|
void scp_sftp_listdir(const char *dirname)
|
2001-08-26 18:32:28 +00:00
|
|
|
{
|
|
|
|
struct fxp_handle *dirh;
|
|
|
|
struct fxp_names *names;
|
2003-06-29 14:26:09 +00:00
|
|
|
struct sftp_packet *pktin;
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
struct sftp_request *req;
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2002-06-25 18:51:06 +00:00
|
|
|
if (!fxp_init()) {
|
2019-09-08 19:29:00 +00:00
|
|
|
tell_user(stderr, "unable to initialise SFTP: %s", fxp_error());
|
|
|
|
errs++;
|
|
|
|
return;
|
2002-06-25 18:51:06 +00:00
|
|
|
}
|
|
|
|
|
2001-08-26 18:32:28 +00:00
|
|
|
printf("Listing directory %s\n", dirname);
|
|
|
|
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
req = fxp_opendir_send(dirname);
|
|
|
|
pktin = sftp_wait_for_reply(req);
|
|
|
|
dirh = fxp_opendir_recv(pktin, req);
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2001-08-26 18:32:28 +00:00
|
|
|
if (dirh == NULL) {
|
2022-08-03 19:48:46 +00:00
|
|
|
tell_user(stderr, "Unable to open %s: %s\n", dirname, fxp_error());
|
|
|
|
errs++;
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2019-05-15 13:57:06 +00:00
|
|
|
struct list_directory_from_sftp_ctx *ctx =
|
|
|
|
list_directory_from_sftp_new();
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
while (1) {
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
req = fxp_readdir_send(dirh);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
names = fxp_readdir_recv(pktin, req);
|
|
|
|
|
|
|
|
if (names == NULL) {
|
|
|
|
if (fxp_error_type() == SSH_FX_EOF)
|
|
|
|
break;
|
|
|
|
printf("Reading directory %s: %s\n", dirname, fxp_error());
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (names->nnames == 0) {
|
|
|
|
fxp_free_names(names);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (size_t i = 0; i < names->nnames; i++)
|
2019-05-15 13:57:06 +00:00
|
|
|
list_directory_from_sftp_feed(ctx, &names->names[i]);
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
fxp_free_names(names);
|
|
|
|
}
|
|
|
|
req = fxp_close_send(dirh);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
fxp_close_recv(pktin, req);
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2019-05-15 13:57:06 +00:00
|
|
|
list_directory_from_sftp_finish(ctx);
|
|
|
|
list_directory_from_sftp_free(ctx);
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2001-08-26 14:53:51 +00:00
|
|
|
/* ----------------------------------------------------------------------
|
|
|
|
* Helper routines that contain the actual SCP protocol elements,
|
2001-08-26 18:32:28 +00:00
|
|
|
* implemented both as SCP1 and SFTP.
|
2001-08-26 14:53:51 +00:00
|
|
|
*/
|
|
|
|
|
2001-08-26 18:32:28 +00:00
|
|
|
static struct scp_sftp_dirstack {
|
|
|
|
struct scp_sftp_dirstack *next;
|
|
|
|
struct fxp_name *names;
|
|
|
|
int namepos, namelen;
|
|
|
|
char *dirpath;
|
2001-08-27 10:17:41 +00:00
|
|
|
char *wildcard;
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
bool matched_something; /* wildcard match set was non-empty */
|
2001-08-26 18:32:28 +00:00
|
|
|
} *scp_sftp_dirstack_head;
|
|
|
|
static char *scp_sftp_remotepath, *scp_sftp_currentname;
|
2001-08-27 10:17:41 +00:00
|
|
|
static char *scp_sftp_wildcard;
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
static bool scp_sftp_targetisdir, scp_sftp_donethistarget;
|
|
|
|
static bool scp_sftp_preserve, scp_sftp_recursive;
|
2001-08-26 18:32:28 +00:00
|
|
|
static unsigned long scp_sftp_mtime, scp_sftp_atime;
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
static bool scp_has_times;
|
2001-08-26 18:32:28 +00:00
|
|
|
static struct fxp_handle *scp_sftp_filehandle;
|
2003-09-29 15:39:56 +00:00
|
|
|
static struct fxp_xfer *scp_sftp_xfer;
|
2018-10-26 22:08:58 +00:00
|
|
|
static uint64_t scp_sftp_fileoffset;
|
2001-08-26 18:32:28 +00:00
|
|
|
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
int scp_source_setup(const char *target, bool shouldbedir)
|
2001-08-26 18:32:28 +00:00
|
|
|
{
|
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/*
|
|
|
|
* Find out whether the target filespec is in fact a
|
|
|
|
* directory.
|
|
|
|
*/
|
|
|
|
struct sftp_packet *pktin;
|
|
|
|
struct sftp_request *req;
|
|
|
|
struct fxp_attrs attrs;
|
|
|
|
bool ret;
|
|
|
|
|
|
|
|
if (!fxp_init()) {
|
|
|
|
tell_user(stderr, "unable to initialise SFTP: %s", fxp_error());
|
|
|
|
errs++;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
req = fxp_stat_send(target);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
ret = fxp_stat_recv(pktin, req, &attrs);
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (!ret || !(attrs.flags & SSH_FILEXFER_ATTR_PERMISSIONS))
|
|
|
|
scp_sftp_targetisdir = false;
|
|
|
|
else
|
|
|
|
scp_sftp_targetisdir = (attrs.permissions & 0040000) != 0;
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (shouldbedir && !scp_sftp_targetisdir) {
|
|
|
|
bump("pscp: remote filespec %s: not a directory\n", target);
|
|
|
|
}
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
scp_sftp_remotepath = dupstr(target);
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
scp_has_times = false;
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2019-09-08 19:29:00 +00:00
|
|
|
(void) response();
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2005-06-25 21:43:09 +00:00
|
|
|
return 0;
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
|
|
|
|
2001-08-26 14:53:51 +00:00
|
|
|
int scp_send_errmsg(char *str)
|
|
|
|
{
|
2001-08-26 18:32:28 +00:00
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
/* do nothing; we never need to send our errors to the server */
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2018-09-11 15:23:38 +00:00
|
|
|
backend_send(backend, "\001", 1);/* scp protocol error prefix */
|
|
|
|
backend_send(backend, str, strlen(str));
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
return 0; /* can't fail */
|
2001-08-26 14:53:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int scp_send_filetimes(unsigned long mtime, unsigned long atime)
|
|
|
|
{
|
2001-08-26 18:32:28 +00:00
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
scp_sftp_mtime = mtime;
|
|
|
|
scp_sftp_atime = atime;
|
|
|
|
scp_has_times = true;
|
|
|
|
return 0;
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2019-09-08 19:29:00 +00:00
|
|
|
char buf[80];
|
|
|
|
sprintf(buf, "T%lu 0 %lu 0\n", mtime, atime);
|
2018-09-11 15:23:38 +00:00
|
|
|
backend_send(backend, buf, strlen(buf));
|
2019-09-08 19:29:00 +00:00
|
|
|
return response();
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2001-08-26 14:53:51 +00:00
|
|
|
}
|
|
|
|
|
2018-10-26 22:08:58 +00:00
|
|
|
int scp_send_filename(const char *name, uint64_t size, int permissions)
|
2001-08-26 14:53:51 +00:00
|
|
|
{
|
2001-08-26 18:32:28 +00:00
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
char *fullname;
|
|
|
|
struct sftp_packet *pktin;
|
|
|
|
struct sftp_request *req;
|
2011-08-11 17:59:30 +00:00
|
|
|
struct fxp_attrs attrs;
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (scp_sftp_targetisdir) {
|
Make dupcat() into a variadic macro.
Up until now, it's been a variadic _function_, whose argument list
consists of 'const char *' ASCIZ strings to concatenate, terminated by
one containing a null pointer. Now, that function is dupcat_fn(), and
it's wrapped by a C99 variadic _macro_ called dupcat(), which
automatically suffixes the null-pointer terminating argument.
This has three benefits. Firstly, it's just less effort at every call
site. Secondly, it protects against the risk of accidentally leaving
off the NULL, causing arbitrary words of stack memory to be
dereferenced as char pointers. And thirdly, it protects against the
more subtle risk of writing a bare 'NULL' as the terminating argument,
instead of casting it explicitly to a pointer. That last one is
necessary because C permits the macro NULL to expand to an integer
constant such as 0, so NULL by itself may not have pointer type, and
worse, it may not be marshalled in a variadic argument list in the
same way as a pointer. (For example, on a 64-bit machine it might only
occupy 32 bits. And yet, on another 64-bit platform, it might work
just fine, so that you don't notice the mistake!)
I was inspired to do this by happening to notice one of those bare
NULL terminators, and thinking I'd better check if there were any
more. Turned out there were quite a few. Now there are none.
2019-10-14 18:42:37 +00:00
|
|
|
fullname = dupcat(scp_sftp_remotepath, "/", name);
|
2019-09-08 19:29:00 +00:00
|
|
|
} else {
|
|
|
|
fullname = dupstr(scp_sftp_remotepath);
|
|
|
|
}
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2011-08-11 17:59:30 +00:00
|
|
|
attrs.flags = 0;
|
|
|
|
PUT_PERMISSIONS(attrs, permissions);
|
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
req = fxp_open_send(fullname,
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
SSH_FXF_WRITE | SSH_FXF_CREAT | SSH_FXF_TRUNC,
|
|
|
|
&attrs);
|
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
scp_sftp_filehandle = fxp_open_recv(pktin, req);
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (!scp_sftp_filehandle) {
|
|
|
|
tell_user(stderr, "pscp: unable to open %s: %s",
|
|
|
|
fullname, fxp_error());
|
2013-07-11 17:43:41 +00:00
|
|
|
sfree(fullname);
|
2019-09-08 19:29:00 +00:00
|
|
|
errs++;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
scp_sftp_fileoffset = 0;
|
|
|
|
scp_sftp_xfer = xfer_upload_init(scp_sftp_filehandle,
|
|
|
|
scp_sftp_fileoffset);
|
|
|
|
sfree(fullname);
|
|
|
|
return 0;
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2019-09-08 19:29:00 +00:00
|
|
|
char *buf;
|
2011-08-11 17:59:30 +00:00
|
|
|
if (permissions < 0)
|
|
|
|
permissions = 0644;
|
2019-09-08 19:29:00 +00:00
|
|
|
buf = dupprintf("C%04o %"PRIu64" ", (int)(permissions & 07777), size);
|
2018-09-11 15:23:38 +00:00
|
|
|
backend_send(backend, buf, strlen(buf));
|
2018-09-22 11:22:07 +00:00
|
|
|
sfree(buf);
|
2018-09-11 15:23:38 +00:00
|
|
|
backend_send(backend, name, strlen(name));
|
|
|
|
backend_send(backend, "\n", 1);
|
2019-09-08 19:29:00 +00:00
|
|
|
return response();
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2001-08-26 14:53:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int scp_send_filedata(char *data, int len)
|
|
|
|
{
|
2001-08-26 18:32:28 +00:00
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
int ret;
|
|
|
|
struct sftp_packet *pktin;
|
|
|
|
|
|
|
|
if (!scp_sftp_filehandle) {
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
while (!xfer_upload_ready(scp_sftp_xfer)) {
|
Fix a deadlock in SFTP upload.
I tried to do an SFTP upload through connection sharing the other day
and found that pscp sent some data and then hung. Now I debug it, what
seems to have happened was that we were looping in sftp_recv() waiting
for an SFTP packet from the remote, but we didn't have any outstanding
SFTP requests that the remote was going to reply to. Checking further,
xfer_upload_ready() reported true, so we _could_ have sent something -
but the logic in the upload loop had a hole through which we managed
to get into 'waiting for a packet' state.
I think what must have happened is that xfer_upload_ready() reported
false so that we entered sftp_recv(), but then the event loop inside
sftp_recv() ran a toplevel callback that made xfer_upload_ready()
return true. So, the fix: sftp_recv() is our last-ditch fallback, and
we always try emptying our callback queue and rechecking upload_ready
before we resort to waiting for a remote packet.
This not only fixes the hang I observed: it also hugely improves the
upload speed. My guess is that the bug must have been preventing us
from filling our outgoing request pipeline a _lot_ - but I didn't
notice it until the one time the queue accidentally ended up empty,
rather than just sparse enough to make transfers slow.
Annoyingly, I actually considered this fix back when I was trying to
fix the proftpd issue mentioned in commit cd97b7e7e. I decided fixing
ssh_sendbuffer() was a better idea. In fact it would have been an even
better idea to do both! Oh well, better late than never.
2020-02-25 21:27:34 +00:00
|
|
|
if (toplevel_callback_pending()) {
|
|
|
|
/* If we have pending callbacks, they might make
|
|
|
|
* xfer_upload_ready start to return true. So we should
|
|
|
|
* run them and then re-check xfer_upload_ready, before
|
|
|
|
* we go as far as waiting for an entire packet to
|
|
|
|
* arrive. */
|
|
|
|
run_toplevel_callbacks();
|
|
|
|
continue;
|
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
pktin = sftp_recv();
|
|
|
|
ret = xfer_upload_gotpkt(scp_sftp_xfer, pktin);
|
|
|
|
if (ret <= 0) {
|
|
|
|
tell_user(stderr, "error while writing: %s", fxp_error());
|
2013-07-11 17:24:53 +00:00
|
|
|
if (ret == INT_MIN) /* pktin not even freed */
|
|
|
|
sfree(pktin);
|
2019-09-08 19:29:00 +00:00
|
|
|
errs++;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
2003-09-29 15:39:56 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
xfer_upload_data(scp_sftp_xfer, data, len);
|
2003-09-29 15:39:56 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
scp_sftp_fileoffset += len;
|
|
|
|
return 0;
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2021-09-12 08:52:46 +00:00
|
|
|
backend_send(backend, data, len);
|
|
|
|
int bufsize = backend_sendbuffer(backend);
|
2001-08-26 14:53:51 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
/*
|
|
|
|
* If the network transfer is backing up - that is, the
|
|
|
|
* remote site is not accepting data as fast as we can
|
|
|
|
* produce it - then we must loop on network events until
|
|
|
|
* we have space in the buffer again.
|
|
|
|
*/
|
|
|
|
while (bufsize > MAX_SCP_BUFSIZE) {
|
|
|
|
if (ssh_sftp_loop_iteration() < 0)
|
|
|
|
return 1;
|
2018-09-11 15:23:38 +00:00
|
|
|
bufsize = backend_sendbuffer(backend);
|
2019-09-08 19:29:00 +00:00
|
|
|
}
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
return 0;
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int scp_send_finish(void)
|
|
|
|
{
|
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
struct fxp_attrs attrs;
|
|
|
|
struct sftp_packet *pktin;
|
|
|
|
struct sftp_request *req;
|
|
|
|
|
|
|
|
while (!xfer_done(scp_sftp_xfer)) {
|
|
|
|
pktin = sftp_recv();
|
|
|
|
int ret = xfer_upload_gotpkt(scp_sftp_xfer, pktin);
|
|
|
|
if (ret <= 0) {
|
|
|
|
tell_user(stderr, "error while writing: %s", fxp_error());
|
2013-07-11 17:24:53 +00:00
|
|
|
if (ret == INT_MIN) /* pktin not even freed */
|
|
|
|
sfree(pktin);
|
2019-09-08 19:29:00 +00:00
|
|
|
errs++;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
xfer_cleanup(scp_sftp_xfer);
|
|
|
|
|
|
|
|
if (!scp_sftp_filehandle) {
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
if (scp_has_times) {
|
|
|
|
attrs.flags = SSH_FILEXFER_ATTR_ACMODTIME;
|
|
|
|
attrs.atime = scp_sftp_atime;
|
|
|
|
attrs.mtime = scp_sftp_mtime;
|
|
|
|
req = fxp_fsetstat_send(scp_sftp_filehandle, attrs);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
bool ret = fxp_fsetstat_recv(pktin, req);
|
|
|
|
if (!ret) {
|
|
|
|
tell_user(stderr, "unable to set file times: %s", fxp_error());
|
|
|
|
errs++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
req = fxp_close_send(scp_sftp_filehandle);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
fxp_close_recv(pktin, req);
|
|
|
|
scp_has_times = false;
|
|
|
|
return 0;
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2018-09-11 15:23:38 +00:00
|
|
|
backend_send(backend, "", 1);
|
2019-09-08 19:29:00 +00:00
|
|
|
return response();
|
2001-08-26 14:53:51 +00:00
|
|
|
}
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2001-08-26 14:53:51 +00:00
|
|
|
|
2001-08-26 18:32:28 +00:00
|
|
|
char *scp_save_remotepath(void)
|
|
|
|
{
|
|
|
|
if (using_sftp)
|
2019-09-08 19:29:00 +00:00
|
|
|
return scp_sftp_remotepath;
|
2001-08-26 18:32:28 +00:00
|
|
|
else
|
2019-09-08 19:29:00 +00:00
|
|
|
return NULL;
|
2001-08-26 14:53:51 +00:00
|
|
|
}
|
|
|
|
|
2001-08-26 18:32:28 +00:00
|
|
|
void scp_restore_remotepath(char *data)
|
2001-08-26 14:53:51 +00:00
|
|
|
{
|
2001-08-26 18:32:28 +00:00
|
|
|
if (using_sftp)
|
2019-09-08 19:29:00 +00:00
|
|
|
scp_sftp_remotepath = data;
|
2001-08-26 14:53:51 +00:00
|
|
|
}
|
|
|
|
|
2015-05-15 10:15:42 +00:00
|
|
|
int scp_send_dirname(const char *name, int modes)
|
2001-08-26 14:53:51 +00:00
|
|
|
{
|
2001-08-26 18:32:28 +00:00
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
char *fullname;
|
|
|
|
char const *err;
|
|
|
|
struct fxp_attrs attrs;
|
|
|
|
struct sftp_packet *pktin;
|
|
|
|
struct sftp_request *req;
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
bool ret;
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (scp_sftp_targetisdir) {
|
Make dupcat() into a variadic macro.
Up until now, it's been a variadic _function_, whose argument list
consists of 'const char *' ASCIZ strings to concatenate, terminated by
one containing a null pointer. Now, that function is dupcat_fn(), and
it's wrapped by a C99 variadic _macro_ called dupcat(), which
automatically suffixes the null-pointer terminating argument.
This has three benefits. Firstly, it's just less effort at every call
site. Secondly, it protects against the risk of accidentally leaving
off the NULL, causing arbitrary words of stack memory to be
dereferenced as char pointers. And thirdly, it protects against the
more subtle risk of writing a bare 'NULL' as the terminating argument,
instead of casting it explicitly to a pointer. That last one is
necessary because C permits the macro NULL to expand to an integer
constant such as 0, so NULL by itself may not have pointer type, and
worse, it may not be marshalled in a variadic argument list in the
same way as a pointer. (For example, on a 64-bit machine it might only
occupy 32 bits. And yet, on another 64-bit platform, it might work
just fine, so that you don't notice the mistake!)
I was inspired to do this by happening to notice one of those bare
NULL terminators, and thinking I'd better check if there were any
more. Turned out there were quite a few. Now there are none.
2019-10-14 18:42:37 +00:00
|
|
|
fullname = dupcat(scp_sftp_remotepath, "/", name);
|
2019-09-08 19:29:00 +00:00
|
|
|
} else {
|
|
|
|
fullname = dupstr(scp_sftp_remotepath);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We don't worry about whether we managed to create the
|
|
|
|
* directory, because if it exists already it's OK just to
|
|
|
|
* use it. Instead, we will stat it afterwards, and if it
|
|
|
|
* exists and is a directory we will assume we were either
|
|
|
|
* successful or it didn't matter.
|
|
|
|
*/
|
|
|
|
req = fxp_mkdir_send(fullname, NULL);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
ret = fxp_mkdir_recv(pktin, req);
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (!ret)
|
|
|
|
err = fxp_error();
|
|
|
|
else
|
|
|
|
err = "server reported no error";
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
req = fxp_stat_send(fullname);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
ret = fxp_stat_recv(pktin, req, &attrs);
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (!ret || !(attrs.flags & SSH_FILEXFER_ATTR_PERMISSIONS) ||
|
|
|
|
!(attrs.permissions & 0040000)) {
|
|
|
|
tell_user(stderr, "unable to create directory %s: %s",
|
|
|
|
fullname, err);
|
2013-07-11 17:43:41 +00:00
|
|
|
sfree(fullname);
|
2019-09-08 19:29:00 +00:00
|
|
|
errs++;
|
|
|
|
return 1;
|
|
|
|
}
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
scp_sftp_remotepath = fullname;
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
return 0;
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2019-09-08 19:29:00 +00:00
|
|
|
char buf[40];
|
|
|
|
sprintf(buf, "D%04o 0 ", modes);
|
2018-09-11 15:23:38 +00:00
|
|
|
backend_send(backend, buf, strlen(buf));
|
|
|
|
backend_send(backend, name, strlen(name));
|
|
|
|
backend_send(backend, "\n", 1);
|
2019-09-08 19:29:00 +00:00
|
|
|
return response();
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2001-08-26 14:53:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int scp_send_enddir(void)
|
|
|
|
{
|
2001-08-26 18:32:28 +00:00
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
sfree(scp_sftp_remotepath);
|
|
|
|
return 0;
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2018-09-11 15:23:38 +00:00
|
|
|
backend_send(backend, "E\n", 2);
|
2019-09-08 19:29:00 +00:00
|
|
|
return response();
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Yes, I know; I have an scp_sink_setup _and_ an scp_sink_init.
|
|
|
|
* That's bad. The difference is that scp_sink_setup is called once
|
|
|
|
* right at the start, whereas scp_sink_init is called to
|
|
|
|
* initialise every level of recursion in the protocol.
|
|
|
|
*/
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
int scp_sink_setup(const char *source, bool preserve, bool recursive)
|
2001-08-26 18:32:28 +00:00
|
|
|
{
|
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
char *newsource;
|
|
|
|
|
|
|
|
if (!fxp_init()) {
|
|
|
|
tell_user(stderr, "unable to initialise SFTP: %s", fxp_error());
|
|
|
|
errs++;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* It's possible that the source string we've been given
|
|
|
|
* contains a wildcard. If so, we must split the directory
|
|
|
|
* away from the wildcard itself (throwing an error if any
|
|
|
|
* wildcardness comes before the final slash) and arrange
|
|
|
|
* things so that a dirstack entry will be set up.
|
|
|
|
*/
|
|
|
|
newsource = snewn(1+strlen(source), char);
|
|
|
|
if (!wc_unescape(newsource, source)) {
|
|
|
|
/* Yes, here we go; it's a wildcard. Bah. */
|
|
|
|
char *dupsource, *lastpart, *dirpart, *wildcard;
|
|
|
|
|
|
|
|
sfree(newsource);
|
|
|
|
|
|
|
|
dupsource = dupstr(source);
|
|
|
|
lastpart = stripslashes(dupsource, false);
|
|
|
|
wildcard = dupstr(lastpart);
|
|
|
|
*lastpart = '\0';
|
|
|
|
if (*dupsource && dupsource[1]) {
|
|
|
|
/*
|
|
|
|
* The remains of dupsource are at least two
|
|
|
|
* characters long, meaning the pathname wasn't
|
|
|
|
* empty or just `/'. Hence, we remove the trailing
|
|
|
|
* slash.
|
|
|
|
*/
|
|
|
|
lastpart[-1] = '\0';
|
|
|
|
} else if (!*dupsource) {
|
|
|
|
/*
|
|
|
|
* The remains of dupsource are _empty_ - the whole
|
|
|
|
* pathname was a wildcard. Hence we need to
|
|
|
|
* replace it with ".".
|
|
|
|
*/
|
|
|
|
sfree(dupsource);
|
|
|
|
dupsource = dupstr(".");
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now we have separated our string into dupsource (the
|
|
|
|
* directory part) and wildcard. Both of these will
|
|
|
|
* need freeing at some point. Next step is to remove
|
|
|
|
* wildcard escapes from the directory part, throwing
|
|
|
|
* an error if it contains a real wildcard.
|
|
|
|
*/
|
|
|
|
dirpart = snewn(1+strlen(dupsource), char);
|
|
|
|
if (!wc_unescape(dirpart, dupsource)) {
|
|
|
|
tell_user(stderr, "%s: multiple-level wildcards unsupported",
|
|
|
|
source);
|
|
|
|
errs++;
|
|
|
|
sfree(dirpart);
|
|
|
|
sfree(wildcard);
|
|
|
|
sfree(dupsource);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now we have dirpart (unescaped, ie a valid remote
|
|
|
|
* path), and wildcard (a wildcard). This will be
|
|
|
|
* sufficient to arrange a dirstack entry.
|
|
|
|
*/
|
|
|
|
scp_sftp_remotepath = dirpart;
|
|
|
|
scp_sftp_wildcard = wildcard;
|
|
|
|
sfree(dupsource);
|
|
|
|
} else {
|
|
|
|
scp_sftp_remotepath = newsource;
|
|
|
|
scp_sftp_wildcard = NULL;
|
|
|
|
}
|
|
|
|
scp_sftp_preserve = preserve;
|
|
|
|
scp_sftp_recursive = recursive;
|
|
|
|
scp_sftp_donethistarget = false;
|
|
|
|
scp_sftp_dirstack_head = NULL;
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2001-08-27 10:17:41 +00:00
|
|
|
return 0;
|
2001-08-26 14:53:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int scp_sink_init(void)
|
|
|
|
{
|
2001-08-26 18:32:28 +00:00
|
|
|
if (!using_sftp) {
|
2018-09-11 15:23:38 +00:00
|
|
|
backend_send(backend, "", 1);
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2001-08-26 14:53:51 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
#define SCP_SINK_FILE 1
|
|
|
|
#define SCP_SINK_DIR 2
|
|
|
|
#define SCP_SINK_ENDDIR 3
|
2019-09-08 19:29:00 +00:00
|
|
|
#define SCP_SINK_RETRY 4 /* not an action; just try again */
|
2001-08-26 14:53:51 +00:00
|
|
|
struct scp_sink_action {
|
2019-09-08 19:29:00 +00:00
|
|
|
int action; /* FILE, DIR, ENDDIR */
|
2019-02-11 06:58:07 +00:00
|
|
|
strbuf *buf; /* will need freeing after use */
|
2019-09-08 19:29:00 +00:00
|
|
|
char *name; /* filename or dirname (not ENDDIR) */
|
|
|
|
long permissions; /* access permissions (not ENDDIR) */
|
2018-10-26 22:08:58 +00:00
|
|
|
uint64_t size; /* file size (not ENDDIR) */
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
bool settime; /* true if atime and mtime are filled */
|
2019-09-08 19:29:00 +00:00
|
|
|
unsigned long atime, mtime; /* access times for the file */
|
2001-08-26 14:53:51 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
int scp_get_sink_action(struct scp_sink_action *act)
|
|
|
|
{
|
2001-08-26 18:32:28 +00:00
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
char *fname;
|
|
|
|
bool must_free_fname;
|
|
|
|
struct fxp_attrs attrs;
|
|
|
|
struct sftp_packet *pktin;
|
|
|
|
struct sftp_request *req;
|
|
|
|
bool ret;
|
|
|
|
|
|
|
|
if (!scp_sftp_dirstack_head) {
|
|
|
|
if (!scp_sftp_donethistarget) {
|
|
|
|
/*
|
|
|
|
* Simple case: we are only dealing with one file.
|
|
|
|
*/
|
|
|
|
fname = scp_sftp_remotepath;
|
|
|
|
must_free_fname = false;
|
|
|
|
scp_sftp_donethistarget = true;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Even simpler case: one file _which we've done_.
|
|
|
|
* Return 1 (finished).
|
|
|
|
*/
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* We're now in the middle of stepping through a list
|
|
|
|
* of names returned from fxp_readdir(); so let's carry
|
|
|
|
* on.
|
|
|
|
*/
|
|
|
|
struct scp_sftp_dirstack *head = scp_sftp_dirstack_head;
|
|
|
|
while (head->namepos < head->namelen &&
|
|
|
|
(is_dots(head->names[head->namepos].filename) ||
|
|
|
|
(head->wildcard &&
|
|
|
|
!wc_match(head->wildcard,
|
|
|
|
head->names[head->namepos].filename))))
|
|
|
|
head->namepos++; /* skip . and .. */
|
|
|
|
if (head->namepos < head->namelen) {
|
|
|
|
head->matched_something = true;
|
|
|
|
fname = dupcat(head->dirpath, "/",
|
Make dupcat() into a variadic macro.
Up until now, it's been a variadic _function_, whose argument list
consists of 'const char *' ASCIZ strings to concatenate, terminated by
one containing a null pointer. Now, that function is dupcat_fn(), and
it's wrapped by a C99 variadic _macro_ called dupcat(), which
automatically suffixes the null-pointer terminating argument.
This has three benefits. Firstly, it's just less effort at every call
site. Secondly, it protects against the risk of accidentally leaving
off the NULL, causing arbitrary words of stack memory to be
dereferenced as char pointers. And thirdly, it protects against the
more subtle risk of writing a bare 'NULL' as the terminating argument,
instead of casting it explicitly to a pointer. That last one is
necessary because C permits the macro NULL to expand to an integer
constant such as 0, so NULL by itself may not have pointer type, and
worse, it may not be marshalled in a variadic argument list in the
same way as a pointer. (For example, on a 64-bit machine it might only
occupy 32 bits. And yet, on another 64-bit platform, it might work
just fine, so that you don't notice the mistake!)
I was inspired to do this by happening to notice one of those bare
NULL terminators, and thinking I'd better check if there were any
more. Turned out there were quite a few. Now there are none.
2019-10-14 18:42:37 +00:00
|
|
|
head->names[head->namepos++].filename);
|
2019-09-08 19:29:00 +00:00
|
|
|
must_free_fname = true;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* We've come to the end of the list; pop it off
|
|
|
|
* the stack and return an ENDDIR action (or RETRY
|
|
|
|
* if this was a wildcard match).
|
|
|
|
*/
|
|
|
|
if (head->wildcard) {
|
|
|
|
act->action = SCP_SINK_RETRY;
|
|
|
|
if (!head->matched_something) {
|
|
|
|
tell_user(stderr, "pscp: wildcard '%s' matched "
|
|
|
|
"no files", head->wildcard);
|
|
|
|
errs++;
|
|
|
|
}
|
|
|
|
sfree(head->wildcard);
|
|
|
|
|
|
|
|
} else {
|
|
|
|
act->action = SCP_SINK_ENDDIR;
|
|
|
|
}
|
|
|
|
|
|
|
|
sfree(head->dirpath);
|
|
|
|
sfree(head->names);
|
|
|
|
scp_sftp_dirstack_head = head->next;
|
|
|
|
sfree(head);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Now we have a filename. Stat it, and see if it's a file
|
|
|
|
* or a directory.
|
|
|
|
*/
|
|
|
|
req = fxp_stat_send(fname);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
ret = fxp_stat_recv(pktin, req, &attrs);
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (!ret || !(attrs.flags & SSH_FILEXFER_ATTR_PERMISSIONS)) {
|
2019-02-20 07:09:10 +00:00
|
|
|
with_stripctrl(san, fname)
|
|
|
|
tell_user(stderr, "unable to identify %s: %s", san,
|
|
|
|
ret ? "file type not supplied" : fxp_error());
|
2013-07-11 17:43:41 +00:00
|
|
|
if (must_free_fname) sfree(fname);
|
2019-09-08 19:29:00 +00:00
|
|
|
errs++;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (attrs.permissions & 0040000) {
|
|
|
|
struct scp_sftp_dirstack *newitem;
|
|
|
|
struct fxp_handle *dirhandle;
|
|
|
|
size_t nnames, namesize;
|
|
|
|
struct fxp_name *ournames;
|
|
|
|
struct fxp_names *names;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* It's a directory. If we're not in recursive mode,
|
|
|
|
* this merits a complaint (which is fatal if the name
|
|
|
|
* was specified directly, but not if it was matched by
|
|
|
|
* a wildcard).
|
|
|
|
*
|
|
|
|
* We skip this complaint completely if
|
|
|
|
* scp_sftp_wildcard is set, because that's an
|
|
|
|
* indication that we're not actually supposed to
|
|
|
|
* _recursively_ transfer the dir, just scan it for
|
|
|
|
* things matching the wildcard.
|
|
|
|
*/
|
|
|
|
if (!scp_sftp_recursive && !scp_sftp_wildcard) {
|
2019-02-20 07:09:10 +00:00
|
|
|
with_stripctrl(san, fname)
|
|
|
|
tell_user(stderr, "pscp: %s: is a directory", san);
|
2019-09-08 19:29:00 +00:00
|
|
|
errs++;
|
|
|
|
if (must_free_fname) sfree(fname);
|
|
|
|
if (scp_sftp_dirstack_head) {
|
|
|
|
act->action = SCP_SINK_RETRY;
|
|
|
|
return 0;
|
|
|
|
} else {
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Otherwise, the fun begins. We must fxp_opendir() the
|
|
|
|
* directory, slurp the filenames into memory, return
|
|
|
|
* SCP_SINK_DIR (unless this is a wildcard match), and
|
|
|
|
* set targetisdir. The next time we're called, we will
|
|
|
|
* run through the list of filenames one by one,
|
|
|
|
* matching them against a wildcard if present.
|
|
|
|
*
|
|
|
|
* If targetisdir is _already_ set (meaning we're
|
|
|
|
* already in the middle of going through another such
|
|
|
|
* list), we must push the other (target,namelist) pair
|
|
|
|
* on a stack.
|
|
|
|
*/
|
|
|
|
req = fxp_opendir_send(fname);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
dirhandle = fxp_opendir_recv(pktin, req);
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (!dirhandle) {
|
2019-02-20 07:09:10 +00:00
|
|
|
with_stripctrl(san, fname)
|
|
|
|
tell_user(stderr, "pscp: unable to open directory %s: %s",
|
|
|
|
san, fxp_error());
|
2019-09-08 19:29:00 +00:00
|
|
|
if (must_free_fname) sfree(fname);
|
|
|
|
errs++;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
nnames = namesize = 0;
|
|
|
|
ournames = NULL;
|
|
|
|
while (1) {
|
|
|
|
int i;
|
|
|
|
|
|
|
|
req = fxp_readdir_send(dirhandle);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
names = fxp_readdir_recv(pktin, req);
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (names == NULL) {
|
|
|
|
if (fxp_error_type() == SSH_FX_EOF)
|
|
|
|
break;
|
2019-02-20 07:09:10 +00:00
|
|
|
with_stripctrl(san, fname)
|
|
|
|
tell_user(stderr, "pscp: reading directory %s: %s",
|
|
|
|
san, fxp_error());
|
2013-07-11 17:24:44 +00:00
|
|
|
|
|
|
|
req = fxp_close_send(dirhandle);
|
|
|
|
pktin = sftp_wait_for_reply(req);
|
|
|
|
fxp_close_recv(pktin, req);
|
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (must_free_fname) sfree(fname);
|
|
|
|
sfree(ournames);
|
|
|
|
errs++;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
if (names->nnames == 0) {
|
|
|
|
fxp_free_names(names);
|
|
|
|
break;
|
|
|
|
}
|
New array-growing macros: sgrowarray and sgrowarrayn.
The idea of these is that they centralise the common idiom along the
lines of
if (logical_array_len >= physical_array_size) {
physical_array_size = logical_array_len * 5 / 4 + 256;
array = sresize(array, physical_array_size, ElementType);
}
which happens at a zillion call sites throughout this code base, with
different random choices of the geometric factor and additive
constant, sometimes forgetting them completely, and generally doing a
lot of repeated work.
The new macro sgrowarray(array,size,n) has the semantics: here are the
array pointer and its physical size for you to modify, now please
ensure that the nth element exists, so I can write into it. And
sgrowarrayn(array,size,n,m) is the same except that it ensures that
the array has size at least n+m (so sgrowarray is just the special
case where m=1).
Now that this is a single centralised implementation that will be used
everywhere, I've also gone to more effort in the implementation, with
careful overflow checks that would have been painful to put at all the
previous call sites.
This commit also switches over every use of sresize(), apart from a
few where I really didn't think it would gain anything. A consequence
of that is that a lot of array-size variables have to have their types
changed to size_t, because the macros require that (they address-take
the size to pass to the underlying function).
2019-02-28 20:07:30 +00:00
|
|
|
sgrowarrayn(ournames, namesize, nnames, names->nnames);
|
2019-09-08 19:29:00 +00:00
|
|
|
for (i = 0; i < names->nnames; i++) {
|
|
|
|
if (!strcmp(names->names[i].filename, ".") ||
|
|
|
|
!strcmp(names->names[i].filename, "..")) {
|
|
|
|
/*
|
|
|
|
* . and .. are normal consequences of
|
|
|
|
* reading a directory, and aren't worth
|
|
|
|
* complaining about.
|
|
|
|
*/
|
|
|
|
} else if (!vet_filename(names->names[i].filename)) {
|
2019-02-20 07:09:10 +00:00
|
|
|
with_stripctrl(san, names->names[i].filename)
|
|
|
|
tell_user(stderr, "ignoring potentially dangerous "
|
|
|
|
"server-supplied filename '%s'", san);
|
2019-09-08 19:29:00 +00:00
|
|
|
} else
|
|
|
|
ournames[nnames++] = names->names[i];
|
|
|
|
}
|
|
|
|
names->nnames = 0; /* prevent free_names */
|
|
|
|
fxp_free_names(names);
|
|
|
|
}
|
|
|
|
req = fxp_close_send(dirhandle);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
fxp_close_recv(pktin, req);
|
|
|
|
|
|
|
|
newitem = snew(struct scp_sftp_dirstack);
|
|
|
|
newitem->next = scp_sftp_dirstack_head;
|
|
|
|
newitem->names = ournames;
|
|
|
|
newitem->namepos = 0;
|
|
|
|
newitem->namelen = nnames;
|
|
|
|
if (must_free_fname)
|
|
|
|
newitem->dirpath = fname;
|
|
|
|
else
|
|
|
|
newitem->dirpath = dupstr(fname);
|
|
|
|
if (scp_sftp_wildcard) {
|
|
|
|
newitem->wildcard = scp_sftp_wildcard;
|
|
|
|
newitem->matched_something = false;
|
|
|
|
scp_sftp_wildcard = NULL;
|
|
|
|
} else {
|
|
|
|
newitem->wildcard = NULL;
|
|
|
|
}
|
|
|
|
scp_sftp_dirstack_head = newitem;
|
|
|
|
|
|
|
|
if (newitem->wildcard) {
|
|
|
|
act->action = SCP_SINK_RETRY;
|
|
|
|
} else {
|
|
|
|
act->action = SCP_SINK_DIR;
|
2020-01-21 20:16:28 +00:00
|
|
|
strbuf_clear(act->buf);
|
2019-02-11 06:58:07 +00:00
|
|
|
put_asciz(act->buf, stripslashes(fname, false));
|
2019-09-08 19:29:00 +00:00
|
|
|
act->name = act->buf->s;
|
|
|
|
act->size = 0; /* duhh, it's a directory */
|
|
|
|
act->permissions = 07777 & attrs.permissions;
|
|
|
|
if (scp_sftp_preserve &&
|
|
|
|
(attrs.flags & SSH_FILEXFER_ATTR_ACMODTIME)) {
|
|
|
|
act->atime = attrs.atime;
|
|
|
|
act->mtime = attrs.mtime;
|
|
|
|
act->settime = true;
|
|
|
|
} else
|
|
|
|
act->settime = false;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* It's a file. Return SCP_SINK_FILE.
|
|
|
|
*/
|
|
|
|
act->action = SCP_SINK_FILE;
|
2020-01-21 20:16:28 +00:00
|
|
|
strbuf_clear(act->buf);
|
2019-02-11 06:58:07 +00:00
|
|
|
put_asciz(act->buf, stripslashes(fname, false));
|
2019-09-08 19:29:00 +00:00
|
|
|
act->name = act->buf->s;
|
|
|
|
if (attrs.flags & SSH_FILEXFER_ATTR_SIZE) {
|
|
|
|
act->size = attrs.size;
|
|
|
|
} else
|
|
|
|
act->size = UINT64_MAX; /* no idea */
|
|
|
|
act->permissions = 07777 & attrs.permissions;
|
|
|
|
if (scp_sftp_preserve &&
|
|
|
|
(attrs.flags & SSH_FILEXFER_ATTR_ACMODTIME)) {
|
|
|
|
act->atime = attrs.atime;
|
|
|
|
act->mtime = attrs.mtime;
|
|
|
|
act->settime = true;
|
|
|
|
} else
|
|
|
|
act->settime = false;
|
|
|
|
if (must_free_fname)
|
|
|
|
scp_sftp_currentname = fname;
|
|
|
|
else
|
|
|
|
scp_sftp_currentname = dupstr(fname);
|
|
|
|
return 0;
|
|
|
|
}
|
2001-08-26 18:32:28 +00:00
|
|
|
|
|
|
|
} else {
|
2019-09-08 19:29:00 +00:00
|
|
|
bool done = false;
|
|
|
|
int action;
|
|
|
|
char ch;
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
act->settime = false;
|
2020-01-21 20:16:28 +00:00
|
|
|
strbuf_clear(act->buf);
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
while (!done) {
|
|
|
|
if (!ssh_scp_recv(&ch, 1))
|
|
|
|
return 1;
|
|
|
|
if (ch == '\n')
|
|
|
|
bump("Protocol error: Unexpected newline");
|
|
|
|
action = ch;
|
2019-03-21 15:23:51 +00:00
|
|
|
while (1) {
|
2019-09-08 19:29:00 +00:00
|
|
|
if (!ssh_scp_recv(&ch, 1))
|
|
|
|
bump("Lost connection");
|
2019-03-21 15:23:51 +00:00
|
|
|
if (ch == '\n')
|
|
|
|
break;
|
2019-02-11 06:58:07 +00:00
|
|
|
put_byte(act->buf, ch);
|
2019-03-21 15:23:51 +00:00
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
switch (action) {
|
|
|
|
case '\01': /* error */
|
2019-02-11 06:58:07 +00:00
|
|
|
with_stripctrl(san, act->buf->s)
|
2019-02-20 07:09:10 +00:00
|
|
|
tell_user(stderr, "%s", san);
|
2019-09-08 19:29:00 +00:00
|
|
|
errs++;
|
|
|
|
continue; /* go round again */
|
|
|
|
case '\02': /* fatal error */
|
2019-02-11 06:58:07 +00:00
|
|
|
with_stripctrl(san, act->buf->s)
|
2019-02-20 07:09:10 +00:00
|
|
|
bump("%s", san);
|
2019-09-08 19:29:00 +00:00
|
|
|
case 'E':
|
2018-09-11 15:23:38 +00:00
|
|
|
backend_send(backend, "", 1);
|
2019-09-08 19:29:00 +00:00
|
|
|
act->action = SCP_SINK_ENDDIR;
|
|
|
|
return 0;
|
|
|
|
case 'T':
|
|
|
|
if (sscanf(act->buf->s, "%lu %*d %lu %*d",
|
|
|
|
&act->mtime, &act->atime) == 2) {
|
|
|
|
act->settime = true;
|
2018-09-11 15:23:38 +00:00
|
|
|
backend_send(backend, "", 1);
|
2020-01-21 20:16:28 +00:00
|
|
|
strbuf_clear(act->buf);
|
2019-09-08 19:29:00 +00:00
|
|
|
continue; /* go round again */
|
|
|
|
}
|
|
|
|
bump("Protocol error: Illegal time format");
|
|
|
|
case 'C':
|
|
|
|
case 'D':
|
|
|
|
act->action = (action == 'C' ? SCP_SINK_FILE : SCP_SINK_DIR);
|
2018-10-23 17:05:58 +00:00
|
|
|
if (act->action == SCP_SINK_DIR && !recursive) {
|
|
|
|
bump("security violation: remote host attempted to create "
|
|
|
|
"a subdirectory in a non-recursive copy!");
|
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
bump("Protocol error: Expected control record");
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* We will go round this loop only once, unless we hit
|
|
|
|
* `continue' above.
|
|
|
|
*/
|
|
|
|
done = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we get here, we must have seen SCP_SINK_FILE or
|
|
|
|
* SCP_SINK_DIR.
|
|
|
|
*/
|
|
|
|
{
|
2019-02-11 06:58:07 +00:00
|
|
|
int i;
|
|
|
|
if (sscanf(act->buf->s, "%lo %"SCNu64" %n", &act->permissions,
|
2018-10-26 22:08:58 +00:00
|
|
|
&act->size, &i) != 2)
|
2019-09-08 19:29:00 +00:00
|
|
|
bump("Protocol error: Illegal file descriptor format");
|
|
|
|
act->name = act->buf->s + i;
|
|
|
|
return 0;
|
|
|
|
}
|
2001-08-26 14:53:51 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
int scp_accept_filexfer(void)
|
|
|
|
{
|
2001-08-26 18:32:28 +00:00
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
struct sftp_packet *pktin;
|
|
|
|
struct sftp_request *req;
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
req = fxp_open_send(scp_sftp_currentname, SSH_FXF_READ, NULL);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
scp_sftp_filehandle = fxp_open_recv(pktin, req);
|
2003-06-29 14:26:09 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (!scp_sftp_filehandle) {
|
2019-02-20 07:09:10 +00:00
|
|
|
with_stripctrl(san, scp_sftp_currentname)
|
|
|
|
tell_user(stderr, "pscp: unable to open %s: %s",
|
|
|
|
san, fxp_error());
|
2019-09-08 19:29:00 +00:00
|
|
|
errs++;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
scp_sftp_fileoffset = 0;
|
|
|
|
scp_sftp_xfer = xfer_download_init(scp_sftp_filehandle,
|
|
|
|
scp_sftp_fileoffset);
|
|
|
|
sfree(scp_sftp_currentname);
|
|
|
|
return 0;
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2018-09-11 15:23:38 +00:00
|
|
|
backend_send(backend, "", 1);
|
2019-09-08 19:29:00 +00:00
|
|
|
return 0; /* can't fail */
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2001-08-26 14:53:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int scp_recv_filedata(char *data, int len)
|
|
|
|
{
|
2001-08-26 18:32:28 +00:00
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
struct sftp_packet *pktin;
|
|
|
|
int ret, actuallen;
|
|
|
|
void *vbuf;
|
|
|
|
|
|
|
|
xfer_download_queue(scp_sftp_xfer);
|
|
|
|
pktin = sftp_recv();
|
|
|
|
ret = xfer_download_gotpkt(scp_sftp_xfer, pktin);
|
|
|
|
if (ret <= 0) {
|
|
|
|
tell_user(stderr, "pscp: error while reading: %s", fxp_error());
|
2013-07-11 17:24:53 +00:00
|
|
|
if (ret == INT_MIN) /* pktin not even freed */
|
|
|
|
sfree(pktin);
|
2019-09-08 19:29:00 +00:00
|
|
|
errs++;
|
|
|
|
return -1;
|
|
|
|
}
|
2003-09-29 15:39:56 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (xfer_download_data(scp_sftp_xfer, &vbuf, &actuallen)) {
|
2017-02-15 21:39:23 +00:00
|
|
|
if (actuallen <= 0) {
|
2017-02-15 21:41:28 +00:00
|
|
|
tell_user(stderr, "pscp: end of file while reading");
|
2017-02-15 21:39:23 +00:00
|
|
|
errs++;
|
|
|
|
sfree(vbuf);
|
|
|
|
return -1;
|
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
/*
|
|
|
|
* This assertion relies on the fact that the natural
|
|
|
|
* block size used in the xfer manager is at most that
|
|
|
|
* used in this module. I don't like crossing layers in
|
|
|
|
* this way, but it'll do for now.
|
|
|
|
*/
|
|
|
|
assert(actuallen <= len);
|
|
|
|
memcpy(data, vbuf, actuallen);
|
|
|
|
sfree(vbuf);
|
|
|
|
} else
|
|
|
|
actuallen = 0;
|
|
|
|
|
|
|
|
scp_sftp_fileoffset += actuallen;
|
|
|
|
|
|
|
|
return actuallen;
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2019-09-08 19:29:00 +00:00
|
|
|
return ssh_scp_recv(data, len) ? len : 0;
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2001-08-26 14:53:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
int scp_finish_filerecv(void)
|
|
|
|
{
|
2001-08-26 18:32:28 +00:00
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
struct sftp_packet *pktin;
|
|
|
|
struct sftp_request *req;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Ensure that xfer_done() will work correctly, so we can
|
|
|
|
* clean up any outstanding requests from the file
|
|
|
|
* transfer.
|
|
|
|
*/
|
|
|
|
xfer_set_error(scp_sftp_xfer);
|
|
|
|
while (!xfer_done(scp_sftp_xfer)) {
|
|
|
|
void *vbuf;
|
|
|
|
int ret, len;
|
|
|
|
|
|
|
|
pktin = sftp_recv();
|
|
|
|
ret = xfer_download_gotpkt(scp_sftp_xfer, pktin);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
if (ret <= 0) {
|
|
|
|
tell_user(stderr, "pscp: error while reading: %s", fxp_error());
|
2013-07-11 17:24:53 +00:00
|
|
|
if (ret == INT_MIN) /* pktin not even freed */
|
|
|
|
sfree(pktin);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
errs++;
|
|
|
|
return -1;
|
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
if (xfer_download_data(scp_sftp_xfer, &vbuf, &len))
|
|
|
|
sfree(vbuf);
|
|
|
|
}
|
|
|
|
xfer_cleanup(scp_sftp_xfer);
|
2003-09-29 15:39:56 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
req = fxp_close_send(scp_sftp_filehandle);
|
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
[originally from svn r9894]
2013-07-06 20:43:21 +00:00
|
|
|
pktin = sftp_wait_for_reply(req);
|
2019-09-08 19:29:00 +00:00
|
|
|
fxp_close_recv(pktin, req);
|
|
|
|
return 0;
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2018-09-11 15:23:38 +00:00
|
|
|
backend_send(backend, "", 1);
|
2019-09-08 19:29:00 +00:00
|
|
|
return response();
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
2001-08-26 14:53:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* ----------------------------------------------------------------------
|
1999-08-31 09:20:48 +00:00
|
|
|
* Send an error message to the other side and to the screen.
|
|
|
|
* Increment error counter.
|
|
|
|
*/
|
2020-01-26 14:49:31 +00:00
|
|
|
static PRINTF_LIKE(1, 2) void run_err(const char *fmt, ...)
|
1999-08-31 09:20:48 +00:00
|
|
|
{
|
2002-11-07 19:49:03 +00:00
|
|
|
char *str, *str2;
|
1999-11-08 11:22:45 +00:00
|
|
|
va_list ap;
|
|
|
|
va_start(ap, fmt);
|
|
|
|
errs++;
|
2002-11-07 19:49:03 +00:00
|
|
|
str = dupvprintf(fmt, ap);
|
Make dupcat() into a variadic macro.
Up until now, it's been a variadic _function_, whose argument list
consists of 'const char *' ASCIZ strings to concatenate, terminated by
one containing a null pointer. Now, that function is dupcat_fn(), and
it's wrapped by a C99 variadic _macro_ called dupcat(), which
automatically suffixes the null-pointer terminating argument.
This has three benefits. Firstly, it's just less effort at every call
site. Secondly, it protects against the risk of accidentally leaving
off the NULL, causing arbitrary words of stack memory to be
dereferenced as char pointers. And thirdly, it protects against the
more subtle risk of writing a bare 'NULL' as the terminating argument,
instead of casting it explicitly to a pointer. That last one is
necessary because C permits the macro NULL to expand to an integer
constant such as 0, so NULL by itself may not have pointer type, and
worse, it may not be marshalled in a variadic argument list in the
same way as a pointer. (For example, on a 64-bit machine it might only
occupy 32 bits. And yet, on another 64-bit platform, it might work
just fine, so that you don't notice the mistake!)
I was inspired to do this by happening to notice one of those bare
NULL terminators, and thinking I'd better check if there were any
more. Turned out there were quite a few. Now there are none.
2019-10-14 18:42:37 +00:00
|
|
|
str2 = dupcat("pscp: ", str, "\n");
|
2002-11-07 19:49:03 +00:00
|
|
|
sfree(str);
|
|
|
|
scp_send_errmsg(str2);
|
2018-10-02 17:32:08 +00:00
|
|
|
abandon_stats();
|
2002-11-07 19:49:03 +00:00
|
|
|
tell_user(stderr, "%s", str2);
|
1999-11-08 11:22:45 +00:00
|
|
|
va_end(ap);
|
2002-11-07 19:49:03 +00:00
|
|
|
sfree(str2);
|
1999-08-31 09:20:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Execute the source part of the SCP protocol.
|
|
|
|
*/
|
2015-05-15 10:15:42 +00:00
|
|
|
static void source(const char *src)
|
1999-08-31 09:20:48 +00:00
|
|
|
{
|
2018-10-26 22:08:58 +00:00
|
|
|
uint64_t size;
|
2003-08-25 13:53:41 +00:00
|
|
|
unsigned long mtime, atime;
|
2011-08-11 17:59:30 +00:00
|
|
|
long permissions;
|
2015-05-15 10:15:42 +00:00
|
|
|
const char *last;
|
2003-08-25 13:53:41 +00:00
|
|
|
RFile *f;
|
|
|
|
int attr;
|
2018-10-26 22:08:58 +00:00
|
|
|
uint64_t i;
|
|
|
|
uint64_t stat_bytes;
|
1999-11-08 11:22:45 +00:00
|
|
|
time_t stat_starttime, stat_lasttime;
|
|
|
|
|
2003-08-25 13:53:41 +00:00
|
|
|
attr = file_type(src);
|
|
|
|
if (attr == FILE_TYPE_NONEXISTENT ||
|
2019-09-08 19:29:00 +00:00
|
|
|
attr == FILE_TYPE_WEIRD) {
|
|
|
|
run_err("%s: %s file or directory", src,
|
|
|
|
(attr == FILE_TYPE_WEIRD ? "Not a" : "No such"));
|
|
|
|
return;
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
|
|
|
|
2003-08-25 13:53:41 +00:00
|
|
|
if (attr == FILE_TYPE_DIRECTORY) {
|
2019-09-08 19:29:00 +00:00
|
|
|
if (recursive) {
|
|
|
|
/*
|
|
|
|
* Avoid . and .. directories.
|
|
|
|
*/
|
|
|
|
const char *p;
|
|
|
|
p = strrchr(src, '/');
|
|
|
|
if (!p)
|
|
|
|
p = strrchr(src, '\\');
|
|
|
|
if (!p)
|
|
|
|
p = src;
|
|
|
|
else
|
|
|
|
p++;
|
|
|
|
if (!strcmp(p, ".") || !strcmp(p, ".."))
|
|
|
|
/* skip . and .. */ ;
|
|
|
|
else
|
|
|
|
rsource(src);
|
|
|
|
} else {
|
|
|
|
run_err("%s: not a regular file", src);
|
|
|
|
}
|
|
|
|
return;
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if ((last = strrchr(src, '/')) == NULL)
|
2019-09-08 19:29:00 +00:00
|
|
|
last = src;
|
1999-11-08 11:22:45 +00:00
|
|
|
else
|
2019-09-08 19:29:00 +00:00
|
|
|
last++;
|
1999-11-08 11:22:45 +00:00
|
|
|
if (strrchr(last, '\\') != NULL)
|
2019-09-08 19:29:00 +00:00
|
|
|
last = strrchr(last, '\\') + 1;
|
1999-11-08 11:22:45 +00:00
|
|
|
if (last == src && strchr(src, ':') != NULL)
|
2019-09-08 19:29:00 +00:00
|
|
|
last = strchr(src, ':') + 1;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2011-08-11 17:59:30 +00:00
|
|
|
f = open_existing_file(src, &size, &mtime, &atime, &permissions);
|
2003-08-25 13:53:41 +00:00
|
|
|
if (f == NULL) {
|
2019-09-08 19:29:00 +00:00
|
|
|
run_err("%s: Cannot open file", src);
|
|
|
|
return;
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
|
|
|
if (preserve) {
|
2019-09-08 19:29:00 +00:00
|
|
|
if (scp_send_filetimes(mtime, atime)) {
|
2013-07-14 10:46:07 +00:00
|
|
|
close_rfile(f);
|
2019-09-08 19:29:00 +00:00
|
|
|
return;
|
2013-07-14 10:46:07 +00:00
|
|
|
}
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
|
|
|
|
2006-08-12 15:20:19 +00:00
|
|
|
if (verbose) {
|
2019-09-08 19:29:00 +00:00
|
|
|
tell_user(stderr, "Sending file %s, size=%"PRIu64, last, size);
|
2006-08-12 15:20:19 +00:00
|
|
|
}
|
2013-07-14 10:46:07 +00:00
|
|
|
if (scp_send_filename(last, size, permissions)) {
|
|
|
|
close_rfile(f);
|
2019-09-08 19:29:00 +00:00
|
|
|
return;
|
2013-07-14 10:46:07 +00:00
|
|
|
}
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2018-10-26 22:08:58 +00:00
|
|
|
stat_bytes = 0;
|
2001-05-13 14:02:28 +00:00
|
|
|
stat_starttime = time(NULL);
|
|
|
|
stat_lasttime = 0;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2016-04-08 23:01:13 +00:00
|
|
|
#define PSCP_SEND_BLOCK 4096
|
2018-10-26 22:08:58 +00:00
|
|
|
for (i = 0; i < size; i += PSCP_SEND_BLOCK) {
|
2019-09-08 19:29:00 +00:00
|
|
|
char transbuf[PSCP_SEND_BLOCK];
|
|
|
|
int j, k = PSCP_SEND_BLOCK;
|
|
|
|
|
|
|
|
if (i + k > size)
|
|
|
|
k = size - i;
|
|
|
|
if ((j = read_from_file(f, transbuf, k)) != k) {
|
|
|
|
bump("%s: Read error", src);
|
|
|
|
}
|
|
|
|
if (scp_send_filedata(transbuf, k))
|
|
|
|
bump("%s: Network error occurred", src);
|
|
|
|
|
|
|
|
if (statistics) {
|
|
|
|
stat_bytes += k;
|
|
|
|
if (time(NULL) != stat_lasttime || i + k == size) {
|
|
|
|
stat_lasttime = time(NULL);
|
|
|
|
print_stats(last, size, stat_bytes,
|
|
|
|
stat_starttime, stat_lasttime);
|
|
|
|
}
|
|
|
|
}
|
2001-08-25 17:09:23 +00:00
|
|
|
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
2003-08-25 13:53:41 +00:00
|
|
|
close_rfile(f);
|
1999-08-31 09:20:48 +00:00
|
|
|
|
2001-08-26 14:53:51 +00:00
|
|
|
(void) scp_send_finish();
|
1999-08-31 09:20:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Recursively send the contents of a directory.
|
|
|
|
*/
|
2015-05-15 10:15:42 +00:00
|
|
|
static void rsource(const char *src)
|
1999-08-31 09:20:48 +00:00
|
|
|
{
|
2015-05-15 10:15:42 +00:00
|
|
|
const char *last;
|
2001-08-26 18:32:28 +00:00
|
|
|
char *save_target;
|
2003-08-25 13:53:41 +00:00
|
|
|
DirHandle *dir;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
|
|
|
if ((last = strrchr(src, '/')) == NULL)
|
2019-09-08 19:29:00 +00:00
|
|
|
last = src;
|
1999-11-08 11:22:45 +00:00
|
|
|
else
|
2019-09-08 19:29:00 +00:00
|
|
|
last++;
|
1999-11-08 11:22:45 +00:00
|
|
|
if (strrchr(last, '\\') != NULL)
|
2019-09-08 19:29:00 +00:00
|
|
|
last = strrchr(last, '\\') + 1;
|
1999-11-08 11:22:45 +00:00
|
|
|
if (last == src && strchr(src, ':') != NULL)
|
2019-09-08 19:29:00 +00:00
|
|
|
last = strchr(src, ':') + 1;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
|
|
|
/* maybe send filetime */
|
|
|
|
|
2001-08-26 18:32:28 +00:00
|
|
|
save_target = scp_save_remotepath();
|
|
|
|
|
1999-11-08 11:22:45 +00:00
|
|
|
if (verbose)
|
2019-09-08 19:29:00 +00:00
|
|
|
tell_user(stderr, "Entering directory: %s", last);
|
2001-08-26 14:53:51 +00:00
|
|
|
if (scp_send_dirname(last, 0755))
|
2019-09-08 19:29:00 +00:00
|
|
|
return;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2018-12-27 16:52:23 +00:00
|
|
|
const char *opendir_err;
|
|
|
|
dir = open_directory(src, &opendir_err);
|
2003-08-25 13:53:41 +00:00
|
|
|
if (dir != NULL) {
|
2019-09-08 19:29:00 +00:00
|
|
|
char *filename;
|
|
|
|
while ((filename = read_filename(dir)) != NULL) {
|
Make dupcat() into a variadic macro.
Up until now, it's been a variadic _function_, whose argument list
consists of 'const char *' ASCIZ strings to concatenate, terminated by
one containing a null pointer. Now, that function is dupcat_fn(), and
it's wrapped by a C99 variadic _macro_ called dupcat(), which
automatically suffixes the null-pointer terminating argument.
This has three benefits. Firstly, it's just less effort at every call
site. Secondly, it protects against the risk of accidentally leaving
off the NULL, causing arbitrary words of stack memory to be
dereferenced as char pointers. And thirdly, it protects against the
more subtle risk of writing a bare 'NULL' as the terminating argument,
instead of casting it explicitly to a pointer. That last one is
necessary because C permits the macro NULL to expand to an integer
constant such as 0, so NULL by itself may not have pointer type, and
worse, it may not be marshalled in a variadic argument list in the
same way as a pointer. (For example, on a 64-bit machine it might only
occupy 32 bits. And yet, on another 64-bit platform, it might work
just fine, so that you don't notice the mistake!)
I was inspired to do this by happening to notice one of those bare
NULL terminators, and thinking I'd better check if there were any
more. Turned out there were quite a few. Now there are none.
2019-10-14 18:42:37 +00:00
|
|
|
char *foundfile = dupcat(src, "/", filename);
|
2019-09-08 19:29:00 +00:00
|
|
|
source(foundfile);
|
|
|
|
sfree(foundfile);
|
|
|
|
sfree(filename);
|
|
|
|
}
|
2018-12-27 16:52:23 +00:00
|
|
|
close_directory(dir);
|
|
|
|
} else {
|
|
|
|
tell_user(stderr, "Error opening directory %s: %s", src, opendir_err);
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
1999-08-31 09:20:48 +00:00
|
|
|
|
2001-08-26 14:53:51 +00:00
|
|
|
(void) scp_send_enddir();
|
2001-08-26 18:32:28 +00:00
|
|
|
|
|
|
|
scp_restore_remotepath(save_target);
|
1999-08-31 09:20:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2001-08-26 15:31:29 +00:00
|
|
|
* Execute the sink part of the SCP protocol.
|
1999-08-31 09:20:48 +00:00
|
|
|
*/
|
2015-05-15 10:15:42 +00:00
|
|
|
static void sink(const char *targ, const char *src)
|
1999-08-31 09:20:48 +00:00
|
|
|
{
|
2001-08-26 15:31:29 +00:00
|
|
|
char *destfname;
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
bool targisdir = false;
|
|
|
|
bool exists;
|
2003-08-25 13:53:41 +00:00
|
|
|
int attr;
|
|
|
|
WFile *f;
|
2018-10-26 22:08:58 +00:00
|
|
|
uint64_t received;
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
bool wrerror = false;
|
2018-10-26 22:08:58 +00:00
|
|
|
uint64_t stat_bytes;
|
1999-11-08 11:22:45 +00:00
|
|
|
time_t stat_starttime, stat_lasttime;
|
|
|
|
char *stat_name;
|
|
|
|
|
2003-08-25 13:53:41 +00:00
|
|
|
attr = file_type(targ);
|
|
|
|
if (attr == FILE_TYPE_DIRECTORY)
|
2019-09-08 19:29:00 +00:00
|
|
|
targisdir = true;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
|
|
|
if (targetshouldbedirectory && !targisdir)
|
2019-09-08 19:29:00 +00:00
|
|
|
bump("%s: Not a directory", targ);
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2001-08-26 14:53:51 +00:00
|
|
|
scp_sink_init();
|
2019-02-11 06:58:07 +00:00
|
|
|
|
|
|
|
struct scp_sink_action act;
|
|
|
|
act.buf = strbuf_new();
|
|
|
|
|
1999-11-08 11:22:45 +00:00
|
|
|
while (1) {
|
2019-02-11 06:58:07 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (scp_get_sink_action(&act))
|
2019-02-11 06:58:07 +00:00
|
|
|
goto out;
|
1999-08-31 09:20:48 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (act.action == SCP_SINK_ENDDIR)
|
2019-02-11 06:58:07 +00:00
|
|
|
goto out;
|
2001-08-26 15:31:29 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (act.action == SCP_SINK_RETRY)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (targisdir) {
|
|
|
|
/*
|
|
|
|
* Prevent the remote side from maliciously writing to
|
|
|
|
* files outside the target area by sending a filename
|
|
|
|
* containing `../'. In fact, it shouldn't be sending
|
|
|
|
* filenames with any slashes or colons in at all; so
|
|
|
|
* we'll find the last slash, backslash or colon in the
|
|
|
|
* filename and use only the part after that. (And
|
|
|
|
* warn!)
|
|
|
|
*
|
|
|
|
* In addition, we also ensure here that if we're
|
|
|
|
* copying a single file and the target is a directory
|
|
|
|
* (common usage: `pscp host:filename .') the remote
|
|
|
|
* can't send us a _different_ file name. We can
|
|
|
|
* distinguish this case because `src' will be non-NULL
|
|
|
|
* and the last component of that will fail to match
|
|
|
|
* (the last component of) the name sent.
|
|
|
|
*
|
|
|
|
* Well, not always; if `src' is a wildcard, we do
|
|
|
|
* expect to get back filenames that don't correspond
|
|
|
|
* exactly to it. Ideally in this case, we would like
|
|
|
|
* to ensure that the returned filename actually
|
|
|
|
* matches the wildcard pattern - but one of SCP's
|
|
|
|
* protocol infelicities is that wildcard matching is
|
|
|
|
* done at the server end _by the server's rules_ and
|
|
|
|
* so in general this is infeasible. Hence, we only
|
|
|
|
* accept filenames that don't correspond to `src' if
|
|
|
|
* unsafe mode is enabled or we are using SFTP (which
|
|
|
|
* resolves remote wildcards on the client side and can
|
|
|
|
* be trusted).
|
|
|
|
*/
|
|
|
|
char *striptarget, *stripsrc;
|
|
|
|
|
|
|
|
striptarget = stripslashes(act.name, true);
|
|
|
|
if (striptarget != act.name) {
|
2019-02-20 07:09:10 +00:00
|
|
|
with_stripctrl(sanname, act.name) {
|
2021-12-12 10:49:31 +00:00
|
|
|
with_stripctrl(santarg, striptarget) {
|
2019-02-20 07:09:10 +00:00
|
|
|
tell_user(stderr, "warning: remote host sent a"
|
|
|
|
" compound pathname '%s'", sanname);
|
2020-01-26 15:00:13 +00:00
|
|
|
tell_user(stderr, " renaming local"
|
2019-02-20 07:09:10 +00:00
|
|
|
" file to '%s'", santarg);
|
|
|
|
}
|
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Also check to see if the target filename is '.' or
|
|
|
|
* '..', or indeed '...' and so on because Windows
|
|
|
|
* appears to interpret those like '..'.
|
|
|
|
*/
|
|
|
|
if (is_dots(striptarget)) {
|
|
|
|
bump("security violation: remote host attempted to write to"
|
|
|
|
" a '.' or '..' path!");
|
|
|
|
}
|
|
|
|
|
|
|
|
if (src) {
|
|
|
|
stripsrc = stripslashes(src, true);
|
|
|
|
if (strcmp(striptarget, stripsrc) &&
|
|
|
|
!using_sftp && !scp_unsafe_mode) {
|
2019-02-20 07:09:10 +00:00
|
|
|
with_stripctrl(san, striptarget)
|
|
|
|
tell_user(stderr, "warning: remote host tried to "
|
2019-03-23 08:32:13 +00:00
|
|
|
"write to a file called '%s'", san);
|
2019-09-08 19:29:00 +00:00
|
|
|
tell_user(stderr, " when we requested a file "
|
|
|
|
"called '%s'.", stripsrc);
|
|
|
|
tell_user(stderr, " If this is a wildcard, "
|
|
|
|
"consider upgrading to SSH-2 or using");
|
|
|
|
tell_user(stderr, " the '-unsafe' option. Renaming"
|
|
|
|
" of this file has been disallowed.");
|
|
|
|
/* Override the name the server provided with our own. */
|
|
|
|
striptarget = stripsrc;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (targ[0] != '\0')
|
|
|
|
destfname = dir_file_cat(targ, striptarget);
|
|
|
|
else
|
|
|
|
destfname = dupstr(striptarget);
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* In this branch of the if, the target area is a
|
|
|
|
* single file with an explicitly specified name in any
|
|
|
|
* case, so there's no danger.
|
|
|
|
*/
|
|
|
|
destfname = dupstr(targ);
|
|
|
|
}
|
|
|
|
attr = file_type(destfname);
|
|
|
|
exists = (attr != FILE_TYPE_NONEXISTENT);
|
|
|
|
|
|
|
|
if (act.action == SCP_SINK_DIR) {
|
|
|
|
if (exists && attr != FILE_TYPE_DIRECTORY) {
|
2019-02-20 07:09:10 +00:00
|
|
|
with_stripctrl(san, destfname)
|
|
|
|
run_err("%s: Not a directory", san);
|
2013-07-11 17:43:41 +00:00
|
|
|
sfree(destfname);
|
2019-09-08 19:29:00 +00:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (!exists) {
|
|
|
|
if (!create_directory(destfname)) {
|
2019-02-20 07:09:10 +00:00
|
|
|
with_stripctrl(san, destfname)
|
|
|
|
run_err("%s: Cannot create directory", san);
|
2013-07-11 17:43:41 +00:00
|
|
|
sfree(destfname);
|
2019-09-08 19:29:00 +00:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
sink(destfname, NULL);
|
|
|
|
/* can we set the timestamp for directories ? */
|
2013-07-11 17:43:41 +00:00
|
|
|
sfree(destfname);
|
2019-09-08 19:29:00 +00:00
|
|
|
continue;
|
|
|
|
}
|
1999-08-31 09:20:48 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
f = open_new_file(destfname, act.permissions);
|
|
|
|
if (f == NULL) {
|
2019-02-20 07:09:10 +00:00
|
|
|
with_stripctrl(san, destfname)
|
|
|
|
run_err("%s: Cannot create file", san);
|
2013-07-11 17:43:41 +00:00
|
|
|
sfree(destfname);
|
2019-09-08 19:29:00 +00:00
|
|
|
continue;
|
|
|
|
}
|
1999-08-31 09:20:48 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
if (scp_accept_filexfer()) {
|
2013-07-11 17:43:41 +00:00
|
|
|
sfree(destfname);
|
|
|
|
close_wfile(f);
|
2019-09-08 19:29:00 +00:00
|
|
|
goto out;
|
2013-07-11 17:43:41 +00:00
|
|
|
}
|
1999-08-31 09:20:48 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
stat_bytes = 0;
|
|
|
|
stat_starttime = time(NULL);
|
|
|
|
stat_lasttime = 0;
|
2019-03-09 16:03:40 +00:00
|
|
|
stat_name = stripctrl_string(
|
|
|
|
string_scc, stripslashes(destfname, true));
|
1999-08-31 09:20:48 +00:00
|
|
|
|
2019-09-08 19:29:00 +00:00
|
|
|
received = 0;
|
|
|
|
while (received < act.size) {
|
|
|
|
char transbuf[32768];
|
|
|
|
uint64_t blksize;
|
|
|
|
int read;
|
|
|
|
blksize = 32768;
|
|
|
|
if (blksize > act.size - received)
|
2018-10-26 22:08:58 +00:00
|
|
|
blksize = act.size - received;
|
2019-09-08 19:29:00 +00:00
|
|
|
read = scp_recv_filedata(transbuf, (int)blksize);
|
|
|
|
if (read <= 0)
|
|
|
|
bump("Lost connection");
|
|
|
|
if (wrerror) {
|
2018-10-26 22:08:58 +00:00
|
|
|
received += read;
|
2019-09-08 19:29:00 +00:00
|
|
|
continue;
|
2017-02-15 21:41:28 +00:00
|
|
|
}
|
2019-09-08 19:29:00 +00:00
|
|
|
if (write_to_file(f, transbuf, read) != (int)read) {
|
|
|
|
wrerror = true;
|
|
|
|
/* FIXME: in sftp we can actually abort the transfer */
|
|
|
|
if (statistics)
|
|
|
|
printf("\r%-25.25s | %50s\n",
|
|
|
|
stat_name,
|
|
|
|
"Write error.. waiting for end of file");
|
2018-10-26 22:08:58 +00:00
|
|
|
received += read;
|
2019-09-08 19:29:00 +00:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
if (statistics) {
|
|
|
|
stat_bytes += read;
|
|
|
|
if (time(NULL) > stat_lasttime ||
|
2018-10-26 22:08:58 +00:00
|
|
|
received + read == act.size) {
|
2019-09-08 19:29:00 +00:00
|
|
|
stat_lasttime = time(NULL);
|
|
|
|
print_stats(stat_name, act.size, stat_bytes,
|
|
|
|
stat_starttime, stat_lasttime);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
received += read;
|
|
|
|
}
|
|
|
|
if (act.settime) {
|
|
|
|
set_file_times(f, act.mtime, act.atime);
|
|
|
|
}
|
|
|
|
|
|
|
|
close_wfile(f);
|
|
|
|
if (wrerror) {
|
2019-02-20 07:09:10 +00:00
|
|
|
with_stripctrl(san, destfname)
|
|
|
|
run_err("%s: Write error", san);
|
2013-07-11 17:43:41 +00:00
|
|
|
sfree(destfname);
|
2019-09-08 19:29:00 +00:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
(void) scp_finish_filerecv();
|
|
|
|
sfree(stat_name);
|
|
|
|
sfree(destfname);
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
2019-02-11 06:58:07 +00:00
|
|
|
out:
|
|
|
|
strbuf_free(act.buf);
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
1999-08-31 09:20:48 +00:00
|
|
|
|
|
|
|
/*
|
2001-08-26 14:53:51 +00:00
|
|
|
* We will copy local files to a remote server.
|
1999-08-31 09:20:48 +00:00
|
|
|
*/
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
static void toremote(CmdlineArg **args, size_t nargs)
|
1999-08-31 09:20:48 +00:00
|
|
|
{
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
char *wtarg, *host, *user;
|
|
|
|
const char *src, *targ;
|
1999-11-08 11:22:45 +00:00
|
|
|
char *cmd;
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
int wc_type;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
uploading = true;
|
2013-08-13 06:46:51 +00:00
|
|
|
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
wtarg = dupstr(cmdline_arg_to_str(args[nargs - 1]));
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2000-04-03 19:54:31 +00:00
|
|
|
/* Separate host from filename */
|
2015-05-15 10:15:42 +00:00
|
|
|
host = wtarg;
|
|
|
|
wtarg = colon(wtarg);
|
|
|
|
if (wtarg == NULL)
|
2019-09-08 19:29:00 +00:00
|
|
|
bump("wtarg == NULL in toremote()");
|
2015-05-15 10:15:42 +00:00
|
|
|
*wtarg++ = '\0';
|
2004-12-30 16:45:11 +00:00
|
|
|
/* Substitute "." for empty target */
|
2015-05-15 10:15:42 +00:00
|
|
|
if (*wtarg == '\0')
|
2019-09-08 19:29:00 +00:00
|
|
|
targ = ".";
|
2015-05-15 10:15:42 +00:00
|
|
|
else
|
|
|
|
targ = wtarg;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2000-04-03 19:54:31 +00:00
|
|
|
/* Separate host and username */
|
1999-11-08 11:22:45 +00:00
|
|
|
user = host;
|
|
|
|
host = strrchr(host, '@');
|
|
|
|
if (host == NULL) {
|
2019-09-08 19:29:00 +00:00
|
|
|
host = user;
|
|
|
|
user = NULL;
|
1999-11-08 11:22:45 +00:00
|
|
|
} else {
|
2019-09-08 19:29:00 +00:00
|
|
|
*host++ = '\0';
|
|
|
|
if (*user == '\0')
|
|
|
|
user = NULL;
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
|
|
|
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
if (nargs == 2) {
|
|
|
|
const char *arg0 = cmdline_arg_to_str(args[0]);
|
|
|
|
if (colon(arg0) != NULL)
|
|
|
|
bump("%s: Remote to remote not supported", arg0);
|
2019-09-08 19:29:00 +00:00
|
|
|
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
wc_type = test_wildcard(arg0, true);
|
2019-09-08 19:29:00 +00:00
|
|
|
if (wc_type == WCTYPE_NONEXISTENT)
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
bump("%s: No such file or directory\n", arg0);
|
2019-09-08 19:29:00 +00:00
|
|
|
else if (wc_type == WCTYPE_WILDCARD)
|
|
|
|
targetshouldbedirectory = true;
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
|
|
|
|
2002-11-07 19:49:03 +00:00
|
|
|
cmd = dupprintf("scp%s%s%s%s -t %s",
|
2019-09-08 19:29:00 +00:00
|
|
|
verbose ? " -v" : "",
|
|
|
|
recursive ? " -r" : "",
|
|
|
|
preserve ? " -p" : "",
|
|
|
|
targetshouldbedirectory ? " -d" : "", targ);
|
1999-11-08 11:22:45 +00:00
|
|
|
do_cmd(host, user, cmd);
|
|
|
|
sfree(cmd);
|
|
|
|
|
2005-06-25 21:43:09 +00:00
|
|
|
if (scp_source_setup(targ, targetshouldbedirectory))
|
2019-09-08 19:29:00 +00:00
|
|
|
return;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
for (size_t i = 0; i < nargs - 1; i++) {
|
|
|
|
src = cmdline_arg_to_str(args[i]);
|
2019-09-08 19:29:00 +00:00
|
|
|
if (colon(src) != NULL) {
|
|
|
|
tell_user(stderr, "%s: Remote to remote not supported\n", src);
|
|
|
|
errs++;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
wc_type = test_wildcard(src, true);
|
|
|
|
if (wc_type == WCTYPE_NONEXISTENT) {
|
|
|
|
run_err("%s: No such file or directory", src);
|
|
|
|
continue;
|
|
|
|
} else if (wc_type == WCTYPE_FILENAME) {
|
|
|
|
source(src);
|
|
|
|
continue;
|
|
|
|
} else {
|
|
|
|
WildcardMatcher *wc;
|
|
|
|
char *filename;
|
|
|
|
|
|
|
|
wc = begin_wildcard_matching(src);
|
|
|
|
if (wc == NULL) {
|
|
|
|
run_err("%s: No such file or directory", src);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
while ((filename = wildcard_get_filename(wc)) != NULL) {
|
|
|
|
source(filename);
|
|
|
|
sfree(filename);
|
|
|
|
}
|
|
|
|
|
|
|
|
finish_wildcard_matching(wc);
|
|
|
|
}
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
1999-08-31 09:20:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We will copy files from a remote server to the local machine.
|
|
|
|
*/
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
static void tolocal(CmdlineArg **args, size_t nargs)
|
1999-08-31 09:20:48 +00:00
|
|
|
{
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
char *wsrc_orig, *wsrc, *host, *user;
|
2015-05-15 10:15:42 +00:00
|
|
|
const char *src, *targ;
|
1999-11-08 11:22:45 +00:00
|
|
|
char *cmd;
|
|
|
|
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
uploading = false;
|
2013-08-13 06:46:51 +00:00
|
|
|
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
if (nargs != 2)
|
2019-09-08 19:29:00 +00:00
|
|
|
bump("More than one remote source not supported");
|
1999-11-08 11:22:45 +00:00
|
|
|
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
wsrc = wsrc_orig = dupstr(cmdline_arg_to_str(args[0]));
|
|
|
|
targ = cmdline_arg_to_str(args[1]);
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2000-04-03 19:54:31 +00:00
|
|
|
/* Separate host from filename */
|
2015-05-15 10:15:42 +00:00
|
|
|
host = wsrc;
|
|
|
|
wsrc = colon(wsrc);
|
|
|
|
if (wsrc == NULL)
|
2019-09-08 19:29:00 +00:00
|
|
|
bump("Local to local copy not supported");
|
2015-05-15 10:15:42 +00:00
|
|
|
*wsrc++ = '\0';
|
1999-11-08 11:22:45 +00:00
|
|
|
/* Substitute "." for empty filename */
|
2015-05-15 10:15:42 +00:00
|
|
|
if (*wsrc == '\0')
|
2019-09-08 19:29:00 +00:00
|
|
|
src = ".";
|
2015-05-15 10:15:42 +00:00
|
|
|
else
|
|
|
|
src = wsrc;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2000-04-03 19:54:31 +00:00
|
|
|
/* Separate username and hostname */
|
1999-11-08 11:22:45 +00:00
|
|
|
user = host;
|
|
|
|
host = strrchr(host, '@');
|
|
|
|
if (host == NULL) {
|
2019-09-08 19:29:00 +00:00
|
|
|
host = user;
|
|
|
|
user = NULL;
|
1999-11-08 11:22:45 +00:00
|
|
|
} else {
|
2019-09-08 19:29:00 +00:00
|
|
|
*host++ = '\0';
|
|
|
|
if (*user == '\0')
|
|
|
|
user = NULL;
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
|
|
|
|
2002-11-07 19:49:03 +00:00
|
|
|
cmd = dupprintf("scp%s%s%s%s -f %s",
|
2019-09-08 19:29:00 +00:00
|
|
|
verbose ? " -v" : "",
|
|
|
|
recursive ? " -r" : "",
|
|
|
|
preserve ? " -p" : "",
|
|
|
|
targetshouldbedirectory ? " -d" : "", src);
|
1999-11-08 11:22:45 +00:00
|
|
|
do_cmd(host, user, cmd);
|
|
|
|
sfree(cmd);
|
|
|
|
|
2001-08-27 10:17:41 +00:00
|
|
|
if (scp_sink_setup(src, preserve, recursive))
|
2019-09-08 19:29:00 +00:00
|
|
|
return;
|
2001-08-26 18:32:28 +00:00
|
|
|
|
2000-10-21 17:52:54 +00:00
|
|
|
sink(targ, src);
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
sfree(wsrc_orig);
|
1999-08-31 09:20:48 +00:00
|
|
|
}
|
|
|
|
|
2000-04-03 19:54:31 +00:00
|
|
|
/*
|
|
|
|
* We will issue a list command to get a remote directory.
|
|
|
|
*/
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
static void get_dir_list(CmdlineArg **args, size_t nargs)
|
2000-04-03 19:54:31 +00:00
|
|
|
{
|
2015-05-15 10:15:42 +00:00
|
|
|
char *wsrc, *host, *user;
|
|
|
|
const char *src;
|
|
|
|
const char *q;
|
2000-04-03 19:54:31 +00:00
|
|
|
char c;
|
|
|
|
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
wsrc = dupstr(cmdline_arg_to_str(args[0]));
|
2000-04-03 19:54:31 +00:00
|
|
|
|
|
|
|
/* Separate host from filename */
|
2015-05-15 10:15:42 +00:00
|
|
|
host = wsrc;
|
|
|
|
wsrc = colon(wsrc);
|
|
|
|
if (wsrc == NULL)
|
2019-09-08 19:29:00 +00:00
|
|
|
bump("Local file listing not supported");
|
2015-05-15 10:15:42 +00:00
|
|
|
*wsrc++ = '\0';
|
2000-04-03 19:54:31 +00:00
|
|
|
/* Substitute "." for empty filename */
|
2015-05-15 10:15:42 +00:00
|
|
|
if (*wsrc == '\0')
|
2019-09-08 19:29:00 +00:00
|
|
|
src = ".";
|
2015-05-15 10:15:42 +00:00
|
|
|
else
|
|
|
|
src = wsrc;
|
2000-04-03 19:54:31 +00:00
|
|
|
|
|
|
|
/* Separate username and hostname */
|
|
|
|
user = host;
|
|
|
|
host = strrchr(host, '@');
|
|
|
|
if (host == NULL) {
|
2019-09-08 19:29:00 +00:00
|
|
|
host = user;
|
|
|
|
user = NULL;
|
2000-04-03 19:54:31 +00:00
|
|
|
} else {
|
2019-09-08 19:29:00 +00:00
|
|
|
*host++ = '\0';
|
|
|
|
if (*user == '\0')
|
|
|
|
user = NULL;
|
2000-04-03 19:54:31 +00:00
|
|
|
}
|
|
|
|
|
2022-09-13 14:00:26 +00:00
|
|
|
strbuf *cmd = strbuf_new();
|
|
|
|
put_datalit(cmd, "ls -la '");
|
2000-04-03 19:54:31 +00:00
|
|
|
for (q = src; *q; q++) {
|
2022-09-13 14:00:26 +00:00
|
|
|
if (*q == '\'')
|
|
|
|
put_datalit(cmd, "'\\''");
|
|
|
|
else
|
|
|
|
put_byte(cmd, *q);
|
2000-04-03 19:54:31 +00:00
|
|
|
}
|
2022-09-13 14:00:26 +00:00
|
|
|
put_datalit(cmd, "'");
|
2000-09-15 15:54:04 +00:00
|
|
|
|
2022-09-13 14:00:26 +00:00
|
|
|
do_cmd(host, user, cmd->s);
|
|
|
|
strbuf_free(cmd);
|
2000-04-03 19:54:31 +00:00
|
|
|
|
2001-08-26 18:32:28 +00:00
|
|
|
if (using_sftp) {
|
2019-09-08 19:29:00 +00:00
|
|
|
scp_sftp_listdir(src);
|
2001-08-26 18:32:28 +00:00
|
|
|
} else {
|
2019-02-20 07:09:10 +00:00
|
|
|
stdio_sink ss;
|
|
|
|
stdio_sink_init(&ss, stdout);
|
|
|
|
StripCtrlChars *scc = stripctrl_new(
|
|
|
|
BinarySink_UPCAST(&ss), false, L'\0');
|
|
|
|
while (ssh_scp_recv(&c, 1))
|
|
|
|
put_byte(scc, c);
|
|
|
|
stripctrl_free(scc);
|
2001-08-26 18:32:28 +00:00
|
|
|
}
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
|
|
|
|
sfree(wsrc);
|
2000-04-03 19:54:31 +00:00
|
|
|
}
|
|
|
|
|
1999-08-31 09:20:48 +00:00
|
|
|
/*
|
|
|
|
* Short description of parameters.
|
|
|
|
*/
|
2000-03-08 10:21:13 +00:00
|
|
|
static void usage(void)
|
1999-08-31 09:20:48 +00:00
|
|
|
{
|
1999-11-08 11:22:45 +00:00
|
|
|
printf("PuTTY Secure Copy client\n");
|
|
|
|
printf("%s\n", ver);
|
2000-06-06 09:51:27 +00:00
|
|
|
printf("Usage: pscp [options] [user@]host:source target\n");
|
2022-08-03 19:48:46 +00:00
|
|
|
printf(" pscp [options] source [source...] [user@]host:target\n");
|
2004-02-22 14:48:48 +00:00
|
|
|
printf(" pscp [options] -ls [user@]host:filespec\n");
|
1999-11-16 09:26:19 +00:00
|
|
|
printf("Options:\n");
|
2005-03-19 02:26:58 +00:00
|
|
|
printf(" -V print version information and exit\n");
|
|
|
|
printf(" -pgpfp print PGP key fingerprints and exit\n");
|
1999-11-16 09:26:19 +00:00
|
|
|
printf(" -p preserve file attributes\n");
|
|
|
|
printf(" -q quiet, don't show statistics\n");
|
|
|
|
printf(" -r copy directories recursively\n");
|
|
|
|
printf(" -v show verbose messages\n");
|
2002-09-11 17:30:36 +00:00
|
|
|
printf(" -load sessname Load settings from saved session\n");
|
1999-11-16 09:26:19 +00:00
|
|
|
printf(" -P port connect to specified port\n");
|
2002-09-11 17:30:36 +00:00
|
|
|
printf(" -l user connect with specified username\n");
|
2021-09-28 17:04:15 +00:00
|
|
|
printf(" -pwfile file login with password read from specified file\n");
|
2002-09-11 17:30:36 +00:00
|
|
|
printf(" -1 -2 force use of particular SSH protocol version\n");
|
2021-04-19 14:57:13 +00:00
|
|
|
printf(" -ssh -ssh-connection\n");
|
|
|
|
printf(" force use of particular SSH protocol variant\n");
|
2004-12-30 16:45:11 +00:00
|
|
|
printf(" -4 -6 force use of IPv4 or IPv6\n");
|
2002-09-11 17:30:36 +00:00
|
|
|
printf(" -C enable compression\n");
|
2014-09-20 22:49:47 +00:00
|
|
|
printf(" -i key private key file for user authentication\n");
|
2006-02-19 12:52:28 +00:00
|
|
|
printf(" -noagent disable use of Pageant\n");
|
|
|
|
printf(" -agent enable use of Pageant\n");
|
New option to reject 'trivial' success of userauth.
Suggested by Manfred Kaiser, who also wrote most of this patch
(although outlying parts, like documentation and SSH-1 support, are by
me).
This is a second line of defence against the kind of spoofing attacks
in which a malicious or compromised SSH server rushes the client
through the userauth phase of SSH without actually requiring any auth
inputs (passwords or signatures or whatever), and then at the start of
the connection phase it presents something like a spoof prompt,
intended to be taken for part of userauth by the user but in fact with
some more sinister purpose.
Our existing line of defence against this is the trust sigil system,
and as far as I know, that's still working. This option allows a bit of
extra defence in depth: if you don't expect your SSH server to
trivially accept authentication in the first place, then enabling this
option will cause PuTTY to disconnect if it unexpectedly does so,
without the user having to spot the presence or absence of a fiddly
little sigil anywhere.
Several types of authentication count as 'trivial'. The obvious one is
the SSH-2 "none" method, which clients always try first so that the
failure message will tell them what else they can try, and which a
server can instead accept in order to authenticate you unconditionally.
But there are two other ways to do it that we know of: one is to run
keyboard-interactive authentication and send an empty INFO_REQUEST
packet containing no actual prompts for the user, and another even
weirder one is to send USERAUTH_SUCCESS in response to the user's
preliminary *offer* of a public key (instead of sending the usual PK_OK
to request an actual signature from the key).
This new option detects all of those, by clearing the 'is_trivial_auth'
flag only when we send some kind of substantive authentication response
(be it a password, a k-i prompt response, a signature, or a GSSAPI
token). So even if there's a further path through the userauth maze we
haven't spotted, that somehow avoids sending anything substantive, this
strategy should still pick it up.
2021-06-19 14:39:15 +00:00
|
|
|
printf(" -no-trivial-auth\n");
|
|
|
|
printf(" disconnect if SSH authentication succeeds trivially\n");
|
2021-03-27 17:33:54 +00:00
|
|
|
printf(" -hostkey keyid\n");
|
2014-09-20 22:49:47 +00:00
|
|
|
printf(" manually specify a host key (may be repeated)\n");
|
2002-09-11 17:30:36 +00:00
|
|
|
printf(" -batch disable all interactive prompts\n");
|
2019-02-20 07:09:10 +00:00
|
|
|
printf(" -no-sanitise-stderr don't strip control chars from"
|
|
|
|
" standard error\n");
|
2017-02-11 23:03:46 +00:00
|
|
|
printf(" -proxycmd command\n");
|
|
|
|
printf(" use 'command' as local proxy\n");
|
2001-08-27 15:02:52 +00:00
|
|
|
printf(" -unsafe allow server-side wildcards (DANGEROUS)\n");
|
2004-04-25 22:18:19 +00:00
|
|
|
printf(" -sftp force use of SFTP protocol\n");
|
|
|
|
printf(" -scp force use of SCP protocol\n");
|
2015-11-08 11:57:39 +00:00
|
|
|
printf(" -sshlog file\n");
|
|
|
|
printf(" -sshrawlog file\n");
|
|
|
|
printf(" log protocol details to a file\n");
|
2020-11-25 15:12:56 +00:00
|
|
|
printf(" -logoverwrite\n");
|
|
|
|
printf(" -logappend\n");
|
|
|
|
printf(" control what happens when a log file already exists\n");
|
1999-08-31 09:20:48 +00:00
|
|
|
}
|
|
|
|
|
2004-04-17 20:25:09 +00:00
|
|
|
void version(void)
|
|
|
|
{
|
2017-01-21 14:55:53 +00:00
|
|
|
char *buildinfo_text = buildinfo("\n");
|
|
|
|
printf("pscp: %s\n%s\n", ver, buildinfo_text);
|
|
|
|
sfree(buildinfo_text);
|
2017-02-15 19:50:14 +00:00
|
|
|
exit(0);
|
2004-04-17 20:25:09 +00:00
|
|
|
}
|
|
|
|
|
2015-05-15 10:15:42 +00:00
|
|
|
void cmdline_error(const char *p, ...)
|
2002-08-04 21:18:56 +00:00
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
fprintf(stderr, "pscp: ");
|
|
|
|
va_start(ap, p);
|
|
|
|
vfprintf(stderr, p, ap);
|
|
|
|
va_end(ap);
|
2024-11-17 14:22:26 +00:00
|
|
|
fprintf(stderr, "\n try typing \"pscp -h\" for help\n");
|
2002-08-04 21:18:56 +00:00
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
Convert a lot of 'int' variables to 'bool'.
My normal habit these days, in new code, is to treat int and bool as
_almost_ completely separate types. I'm still willing to use C's
implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine,
no need to spell it out as blob.len != 0), but generally, if a
variable is going to be conceptually a boolean, I like to declare it
bool and assign to it using 'true' or 'false' rather than 0 or 1.
PuTTY is an exception, because it predates the C99 bool, and I've
stuck to its existing coding style even when adding new code to it.
But it's been annoying me more and more, so now that I've decided C99
bool is an acceptable thing to require from our toolchain in the first
place, here's a quite thorough trawl through the source doing
'boolification'. Many variables and function parameters are now typed
as bool rather than int; many assignments of 0 or 1 to those variables
are now spelled 'true' or 'false'.
I managed this thorough conversion with the help of a custom clang
plugin that I wrote to trawl the AST and apply heuristics to point out
where things might want changing. So I've even managed to do a decent
job on parts of the code I haven't looked at in years!
To make the plugin's work easier, I pushed platform front ends
generally in the direction of using standard 'bool' in preference to
platform-specific boolean types like Windows BOOL or GTK's gboolean;
I've left the platform booleans in places they _have_ to be for the
platform APIs to work right, but variables only used by my own code
have been converted wherever I found them.
In a few places there are int values that look very like booleans in
_most_ of the places they're used, but have a rarely-used third value,
or a distinction between different nonzero values that most users
don't care about. In these cases, I've _removed_ uses of 'true' and
'false' for the return values, to emphasise that there's something
more subtle going on than a simple boolean answer:
- the 'multisel' field in dialog.h's list box structure, for which
the GTK front end in particular recognises a difference between 1
and 2 but nearly everything else treats as boolean
- the 'urgent' parameter to plug_receive, where 1 vs 2 tells you
something about the specific location of the urgent pointer, but
most clients only care about 0 vs 'something nonzero'
- the return value of wc_match, where -1 indicates a syntax error in
the wildcard.
- the return values from SSH-1 RSA-key loading functions, which use
-1 for 'wrong passphrase' and 0 for all other failures (so any
caller which already knows it's not loading an _encrypted private_
key can treat them as boolean)
- term->esc_query, and the 'query' parameter in toggle_mode in
terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h,
but can also hold -1 for some other intervening character that we
don't support.
In a few places there's an integer that I haven't turned into a bool
even though it really _can_ only take values 0 or 1 (and, as above,
tried to make the call sites consistent in not calling those values
true and false), on the grounds that I thought it would make it more
confusing to imply that the 0 value was in some sense 'negative' or
bad and the 1 positive or good:
- the return value of plug_accepting uses the POSIXish convention of
0=success and nonzero=error; I think if I made it bool then I'd
also want to reverse its sense, and that's a job for a separate
piece of work.
- the 'screen' parameter to lineptr() in terminal.c, where 0 and 1
represent the default and alternate screens. There's no obvious
reason why one of those should be considered 'true' or 'positive'
or 'success' - they're just indices - so I've left it as int.
ssh_scp_recv had particularly confusing semantics for its previous int
return value: its call sites used '<= 0' to check for error, but it
never actually returned a negative number, just 0 or 1. Now the
function and its call sites agree that it's a bool.
In a couple of places I've renamed variables called 'ret', because I
don't like that name any more - it's unclear whether it means the
return value (in preparation) for the _containing_ function or the
return value received from a subroutine call, and occasionally I've
accidentally used the same variable for both and introduced a bug. So
where one of those got in my way, I've renamed it to 'toret' or 'retd'
(the latter short for 'returned') in line with my usual modern
practice, but I haven't done a thorough job of finding all of them.
Finally, one amusing side effect of doing this is that I've had to
separate quite a few chained assignments. It used to be perfectly fine
to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a
the 'true' defined by stdbool.h, that idiom provokes a warning from
gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
|
|
|
const bool share_can_be_downstream = true;
|
|
|
|
const bool share_can_be_upstream = false;
|
2013-11-17 14:05:41 +00:00
|
|
|
|
2019-02-20 07:09:10 +00:00
|
|
|
static stdio_sink stderr_ss;
|
|
|
|
static StripCtrlChars *stderr_scc;
|
|
|
|
|
2020-01-30 06:40:22 +00:00
|
|
|
const unsigned cmdline_tooltype = TOOLTYPE_FILETRANSFER;
|
|
|
|
|
1999-08-31 09:20:48 +00:00
|
|
|
/*
|
2003-08-25 13:53:41 +00:00
|
|
|
* Main program. (Called `psftp_main' because it gets called from
|
|
|
|
* *sftp.c; bit silly, I know, but it had to be called _something_.)
|
1999-08-31 09:20:48 +00:00
|
|
|
*/
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
int psftp_main(CmdlineArgList *arglist)
|
1999-08-31 09:20:48 +00:00
|
|
|
{
|
2019-02-20 07:09:10 +00:00
|
|
|
bool sanitise_stderr = true;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2000-10-23 10:32:37 +00:00
|
|
|
sk_init();
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2004-07-25 14:00:26 +00:00
|
|
|
/* Load Default Settings before doing anything else. */
|
Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
2011-07-14 18:52:21 +00:00
|
|
|
conf = conf_new();
|
|
|
|
do_defaults(NULL, conf);
|
2004-07-25 14:00:26 +00:00
|
|
|
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
size_t arglistpos = 0;
|
|
|
|
while (arglist->args[arglistpos]) {
|
|
|
|
CmdlineArg *arg = arglist->args[arglistpos++];
|
|
|
|
CmdlineArg *nextarg = arglist->args[arglistpos];
|
|
|
|
const char *argstr = cmdline_arg_to_str(arg);
|
|
|
|
if (argstr[0] != '-') {
|
|
|
|
arglistpos--; /* logically push that argument back on the list */
|
2019-09-08 19:29:00 +00:00
|
|
|
break;
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
}
|
|
|
|
int ret = cmdline_process_param(arg, nextarg, 1, conf);
|
2019-09-08 19:29:00 +00:00
|
|
|
if (ret == -2) {
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
cmdline_error("option \"%s\" requires an argument", argstr);
|
2019-09-08 19:29:00 +00:00
|
|
|
} else if (ret == 2) {
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
arglistpos++; /* skip next argument */
|
2019-09-08 19:29:00 +00:00
|
|
|
} else if (ret == 1) {
|
|
|
|
/* We have our own verbosity in addition to `flags'. */
|
Remove FLAG_VERBOSE.
The global 'int flags' has always been an ugly feature of this code
base, and I suddenly thought that perhaps it's time to start throwing
it out, one flag at a time, until it's totally unused.
My first target is FLAG_VERBOSE. This was usually set by cmdline.c
when it saw a -v option on the program's command line, except that GUI
PuTTY itself sets it unconditionally on startup. And then various bits
of the code would check it in order to decide whether to print a given
message.
In the current system of front-end abstraction traits, there's no
_one_ place that I can move it to. But there are two: every place that
checked FLAG_VERBOSE has access to either a Seat or a LogPolicy. So
now each of those traits has a query method for 'do I want verbose
messages?'.
A good effect of this is that subsidiary Seats, like the ones used in
Uppity for the main SSH server module itself and the server end of
shell channels, now get to have their own verbosity setting instead of
inheriting the one global one. In fact I don't expect any code using
those Seats to be generating any messages at all, but if that changes
later, we'll have a way to control it. (Who knows, perhaps logging in
Uppity might become a thing.)
As part of this cleanup, I've added a new flag to cmdline_tooltype,
called TOOLTYPE_NO_VERBOSE_OPTION. The unconditionally-verbose tools
now set that, and it has the effect of making cmdline.c disallow -v
completely. So where 'putty -v' would previously have been silently
ignored ("I was already verbose"), it's now an error, reminding you
that that option doesn't actually do anything.
Finally, the 'default_logpolicy' provided by uxcons.c and wincons.c
(with identical definitions) has had to move into a new file of its
own, because now it has to ask cmdline.c for the verbosity setting as
well as asking console.c for the rest of its methods. So there's a new
file clicons.c which can only be included by programs that link
against both cmdline.c _and_ one of the *cons.c, and I've renamed the
logpolicy to reflect that.
2020-01-30 06:40:21 +00:00
|
|
|
if (cmdline_verbose())
|
2019-09-08 19:29:00 +00:00
|
|
|
verbose = true;
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
} else if (strcmp(argstr, "-pgpfp") == 0) {
|
2005-03-19 02:26:58 +00:00
|
|
|
pgp_fingerprints();
|
2024-09-25 15:26:17 +00:00
|
|
|
return 0;
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
} else if (strcmp(argstr, "-r") == 0) {
|
2019-09-08 19:29:00 +00:00
|
|
|
recursive = true;
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
} else if (strcmp(argstr, "-p") == 0) {
|
2019-09-08 19:29:00 +00:00
|
|
|
preserve = true;
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
} else if (strcmp(argstr, "-q") == 0) {
|
2019-09-08 19:29:00 +00:00
|
|
|
statistics = false;
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
} else if (strcmp(argstr, "-h") == 0 ||
|
|
|
|
strcmp(argstr, "-?") == 0 ||
|
|
|
|
strcmp(argstr, "--help") == 0) {
|
2019-09-08 19:29:00 +00:00
|
|
|
usage();
|
Don't print long usage messages on a command-line error.
In the course of debugging the command-line argument refactoring in
previous commits, I found I wasn't quite sure whether PSCP thought I'd
given it too many arguments, or too few, because it didn't print an
error message saying which: it just printed its giant usage message.
Over the last few years I've come to the belief that this is Just
Wrong anyway. Printing the whole of a giant help message should only
be done when the user asked for it: otherwise, print a short and
to-the-point error, and maybe _suggest_ how to get help, but scrolling
everything else off the user's screen is not a good response to a
typo. I wrote this thought up more fully last year:
https://www.chiark.greenend.org.uk/~sgtatham/quasiblog/stop-helping/
So, time to practise what I preach! The PuTTY tools now follow the
'Stop helping!' principle. You can get full help by saying --help.
Also, when we do print the help, we now exit(0) rather than exit(1),
because there's no reason to report failure: we successfully did what
the user asked us for.
2024-09-25 15:17:07 +00:00
|
|
|
cleanup_exit(0);
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
} else if (strcmp(argstr, "-V") == 0 ||
|
|
|
|
strcmp(argstr, "--version") == 0) {
|
2004-04-17 20:25:09 +00:00
|
|
|
version();
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
} else if (strcmp(argstr, "-ls") == 0) {
|
2019-09-08 19:29:00 +00:00
|
|
|
list = true;
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
} else if (strcmp(argstr, "-unsafe") == 0) {
|
2019-09-08 19:29:00 +00:00
|
|
|
scp_unsafe_mode = true;
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
} else if (strcmp(argstr, "-sftp") == 0) {
|
2019-09-08 19:29:00 +00:00
|
|
|
try_scp = false; try_sftp = true;
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
} else if (strcmp(argstr, "-scp") == 0) {
|
2019-09-08 19:29:00 +00:00
|
|
|
try_scp = true; try_sftp = false;
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
} else if (strcmp(argstr, "-sanitise-stderr") == 0) {
|
2019-02-20 07:09:10 +00:00
|
|
|
sanitise_stderr = true;
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
} else if (strcmp(argstr, "-no-sanitise-stderr") == 0) {
|
2019-02-20 07:09:10 +00:00
|
|
|
sanitise_stderr = false;
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
} else if (strcmp(argstr, "--") == 0) {
|
|
|
|
arglistpos++;
|
2019-09-08 19:29:00 +00:00
|
|
|
break;
|
|
|
|
} else {
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
cmdline_error("unknown option \"%s\"", argstr);
|
2019-09-08 19:29:00 +00:00
|
|
|
}
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
2018-09-11 15:23:38 +00:00
|
|
|
backend = NULL;
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2019-02-20 07:09:10 +00:00
|
|
|
stdio_sink_init(&stderr_ss, stderr);
|
|
|
|
stderr_bs = BinarySink_UPCAST(&stderr_ss);
|
|
|
|
if (sanitise_stderr) {
|
|
|
|
stderr_scc = stripctrl_new(stderr_bs, false, L'\0');
|
|
|
|
stderr_bs = BinarySink_UPCAST(stderr_scc);
|
|
|
|
}
|
|
|
|
|
2019-03-09 16:03:40 +00:00
|
|
|
string_scc = stripctrl_new(NULL, false, L'\0');
|
|
|
|
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
CmdlineArg **scpargs = arglist->args + arglistpos;
|
|
|
|
size_t nscpargs = 0;
|
|
|
|
while (scpargs[nscpargs])
|
|
|
|
nscpargs++;
|
|
|
|
|
2000-04-03 19:54:31 +00:00
|
|
|
if (list) {
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
if (nscpargs != 1)
|
Don't print long usage messages on a command-line error.
In the course of debugging the command-line argument refactoring in
previous commits, I found I wasn't quite sure whether PSCP thought I'd
given it too many arguments, or too few, because it didn't print an
error message saying which: it just printed its giant usage message.
Over the last few years I've come to the belief that this is Just
Wrong anyway. Printing the whole of a giant help message should only
be done when the user asked for it: otherwise, print a short and
to-the-point error, and maybe _suggest_ how to get help, but scrolling
everything else off the user's screen is not a good response to a
typo. I wrote this thought up more fully last year:
https://www.chiark.greenend.org.uk/~sgtatham/quasiblog/stop-helping/
So, time to practise what I preach! The PuTTY tools now follow the
'Stop helping!' principle. You can get full help by saying --help.
Also, when we do print the help, we now exit(0) rather than exit(1),
because there's no reason to report failure: we successfully did what
the user asked us for.
2024-09-25 15:17:07 +00:00
|
|
|
cmdline_error("expected a single argument with -ls");
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
get_dir_list(scpargs, nscpargs);
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2000-04-03 19:54:31 +00:00
|
|
|
} else {
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
if (nscpargs < 2)
|
Don't print long usage messages on a command-line error.
In the course of debugging the command-line argument refactoring in
previous commits, I found I wasn't quite sure whether PSCP thought I'd
given it too many arguments, or too few, because it didn't print an
error message saying which: it just printed its giant usage message.
Over the last few years I've come to the belief that this is Just
Wrong anyway. Printing the whole of a giant help message should only
be done when the user asked for it: otherwise, print a short and
to-the-point error, and maybe _suggest_ how to get help, but scrolling
everything else off the user's screen is not a good response to a
typo. I wrote this thought up more fully last year:
https://www.chiark.greenend.org.uk/~sgtatham/quasiblog/stop-helping/
So, time to practise what I preach! The PuTTY tools now follow the
'Stop helping!' principle. You can get full help by saying --help.
Also, when we do print the help, we now exit(0) rather than exit(1),
because there's no reason to report failure: we successfully did what
the user asked us for.
2024-09-25 15:17:07 +00:00
|
|
|
cmdline_error("expected at least two arguments");
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
if (nscpargs > 2)
|
2019-09-08 19:29:00 +00:00
|
|
|
targetshouldbedirectory = true;
|
2000-04-03 19:54:31 +00:00
|
|
|
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
if (colon(cmdline_arg_to_str(scpargs[nscpargs - 1])) != NULL)
|
|
|
|
toremote(scpargs, nscpargs);
|
2019-09-08 19:29:00 +00:00
|
|
|
else
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
tolocal(scpargs, nscpargs);
|
2000-04-03 19:54:31 +00:00
|
|
|
}
|
1999-11-08 11:22:45 +00:00
|
|
|
|
2018-09-11 15:23:38 +00:00
|
|
|
if (backend && backend_connected(backend)) {
|
2019-09-08 19:29:00 +00:00
|
|
|
char ch;
|
Rework special-commands system to add an integer argument.
In order to list cross-certifiable host keys in the GUI specials menu,
the SSH backend has been inventing new values on the end of the
Telnet_Special enumeration, starting from the value TS_LOCALSTART.
This is inelegant, and also makes it awkward to break up special
handlers (e.g. to dispatch different specials to different SSH
layers), since if all you know about a special is that it's somewhere
in the TS_LOCALSTART+n space, you can't tell what _general kind_ of
thing it is. Also, if I ever need another open-ended set of specials
in future, I'll have to remember which TS_LOCALSTART+n codes are in
which set.
So here's a revamp that causes every special to take an extra integer
argument. For all previously numbered specials, this argument is
passed as zero and ignored, but there's a new main special code for
SSH host key cross-certification, in which the integer argument is an
index into the backend's list of available keys. TS_LOCALSTART is now
a thing of the past: if I need any other open-ended sets of specials
in future, I can add a new top-level code with a nicely separated
space of arguments.
While I'm at it, I've removed the legacy misnomer 'Telnet_Special'
from the code completely; the enum is now SessionSpecialCode, the
struct containing full details of a menu entry is SessionSpecial, and
the enum values now start SS_ rather than TS_.
2018-09-24 08:35:52 +00:00
|
|
|
backend_special(backend, SS_EOF, 0);
|
2018-10-29 19:50:29 +00:00
|
|
|
sent_eof = true;
|
2019-09-08 19:29:00 +00:00
|
|
|
ssh_scp_recv(&ch, 1);
|
1999-11-08 11:22:45 +00:00
|
|
|
}
|
|
|
|
random_save_seed();
|
1999-08-31 09:20:48 +00:00
|
|
|
|
2003-12-19 12:44:46 +00:00
|
|
|
cmdline_cleanup();
|
New abstraction for command-line arguments.
This begins the process of enabling our Windows applications to handle
Unicode characters on their command lines which don't fit in the
system code page.
Instead of passing plain strings to cmdline_process_param, we now pass
a partially opaque and platform-specific thing called a CmdlineArg.
This has a method that extracts the argument word as a default-encoded
string, and another one that tries to extract it as UTF-8 (though it
may fail if the UTF-8 isn't available).
On Windows, the command line is now constructed by calling
split_into_argv_w on the Unicode command line returned by
GetCommandLineW(), and the UTF-8 method returns text converted
directly from that wide-character form, not going via the system code
page. So it _can_ include UTF-8 characters that wouldn't have
round-tripped via CP_ACP.
This commit introduces the abstraction and switches over the
cross-platform and Windows argv-handling code to use it, with minimal
functional change. Nothing yet tries to call cmdline_arg_get_utf8().
I say 'cross-platform and Windows' because on the Unix side there's
still a lot of use of plain old argv which I haven't converted. That
would be a much larger project, and isn't currently needed: the
_current_ aim of this abstraction is to get the right things to happen
relating to Unicode on Windows, so for code that doesn't run on
Windows anyway, it's not adding value. (Also there's a tension with
GTK, which wants to talk to standard argv and extract arguments _it_
knows about, so at the very least we'd have to let it munge argv
before importing it into this new system.)
2024-09-25 09:18:38 +00:00
|
|
|
cmdline_arg_list_free(arglist);
|
2019-05-05 07:30:33 +00:00
|
|
|
if (backend) {
|
|
|
|
backend_free(backend);
|
|
|
|
backend = NULL;
|
|
|
|
}
|
2003-12-19 12:44:46 +00:00
|
|
|
sk_cleanup();
|
1999-11-08 11:22:45 +00:00
|
|
|
return (errs == 0 ? 0 : 1);
|
1999-08-31 09:20:48 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* end */
|