New application: a Windows version of 'pterm'!
This fulfills our long-standing Mayhem-difficulty wishlist item
'win-command-prompt': this is a Windows pterm in the sense that when
you run it you get a local cmd.exe running inside a PuTTY-style window.
Advantages of this: you get the same free choice of fonts as PuTTY has
(no restriction to a strange subset of the system's available fonts);
you get the same copy-paste gestures as PuTTY (no mental gear-shifting
when you have command prompts and SSH sessions open on the same
desktop); you get scrollback with the PuTTY semantics (scrolling to
the bottom gets you to where the action is, as opposed to the way you
could accidentally find yourself 500 lines past the end of the action
in a real console).
'win-command-prompt' was at Mayhem difficulty ('Probably impossible')
basically on the grounds that with Windows's old APIs for accessing
the contents of consoles, there was no way I could find to get this to
work sensibly. What was needed to make it feasible was a major piece
of re-engineering work inside Windows itself.
But, of course, that's exactly what happened! In 2019, the new ConPTY
API arrived, which lets you create an object that behaves like a
Windows console at one end, and round the back, emits a stream of
VT-style escape sequences as the screen contents evolve, and accepts a
VT-style input stream in return which it will parse function and arrow
keys out of in the usual way.
So now it's actually _easy_ to get this to basically work. The new
backend, in conpty.c, has to do a handful of magic Windows API calls
to set up the pseudo-console and its feeder pipes and start a
subprocess running in it, a further magic call every time the PuTTY
window is resized, and detect the end of the session by watching for
the subprocess terminating. But apart from that, all it has to do is
pass data back and forth unmodified between those pipes and the
backend's associated Seat!
That said, this is new and experimental, and there will undoubtedly be
issues. One that I already know about is that you can't copy and paste
a word that has wrapped between lines without getting an annoying
newline in the middle of it. As far as I can see this is a fundamental
limitation: the ConPTY system sends the _same_ escape sequence stream
for a line that wrapped as it would send for a line that had a logical
\n at what would have been the wrap point. Probably the best we can do
to mitigate this is to adopt a different heuristic for newline elision
that's right more often than it's wrong.
For the moment, that experimental-ness is indicated by the fact that
Buildscr will build, sign and deliver a copy of pterm.exe for each
flavour of Windows, but won't include it in the .zip file or in the
installer. (In fact, that puts it in exactly the same ad-hoc category
as PuTTYtel, although for completely different reasons.)
2021-05-08 16:24:13 +00:00
|
|
|
/*
|
|
|
|
|
* Backend to run a Windows console session using ConPTY.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <limits.h>
|
|
|
|
|
|
|
|
|
|
#include "putty.h"
|
|
|
|
|
|
|
|
|
|
#include <windows.h>
|
|
|
|
|
#include <consoleapi.h>
|
|
|
|
|
|
|
|
|
|
typedef struct ConPTY ConPTY;
|
|
|
|
|
struct ConPTY {
|
|
|
|
|
HPCON pseudoconsole;
|
|
|
|
|
HANDLE outpipe, inpipe, hprocess;
|
Reorganise Windows HANDLE management.
Before commit 6e69223dc262755, Pageant would stop working after a
certain number of PuTTYs were active at the same time. (At most about
60, but maybe fewer - see below.)
This was because of two separate bugs. The easy one, fixed in
6e69223dc262755 itself, was that PuTTY left each named-pipe connection
to Pageant open for the rest of its lifetime. So the real problem was
that Pageant had too many active connections at once. (And since a
given PuTTY might make multiple connections during userauth - one to
list keys, and maybe another to actually make a signature - that was
why the number of _PuTTYs_ might vary.)
It was clearly a bug that PuTTY was leaving connections to Pageant
needlessly open. But it was _also_ a bug that Pageant couldn't handle
more than about 60 at once. In this commit, I fix that secondary bug.
The cause of the bug is that the WaitForMultipleObjects function
family in the Windows API have a limit on the number of HANDLE objects
they can select between. The limit is MAXIMUM_WAIT_OBJECTS, defined to
be 64. And handle-io.c was using a separate event object for each I/O
subthread to communicate back to the main thread, so as soon as all
those event objects (plus a handful of other HANDLEs) added up to more
than 64, we'd start passing an overlarge handle array to
WaitForMultipleObjects, and it would start not doing what we wanted.
To fix this, I've reorganised handle-io.c so that all its subthreads
share just _one_ event object to signal readiness back to the main
thread. There's now a linked list of 'struct handle' objects that are
ready to be processed, protected by a CRITICAL_SECTION. Each subthread
signals readiness by adding itself to the linked list, and setting the
event object to indicate that the list is now non-empty. When the main
thread receives the event, it iterates over the whole list processing
all the ready handles.
(Each 'struct handle' still has a separate event object for the main
thread to use to communicate _to_ the subthread. That's OK, because no
thread is ever waiting on all those events at once: each subthread
only waits on its own.)
The previous HT_FOREIGN system didn't really fit into this framework.
So I've moved it out into its own system. There's now a handle-wait.c
which deals with the relatively simple job of managing a list of
handles that need to be waited for, each with a callback function;
that's what communicates a list of HANDLEs to event loops, and
receives the notification when the event loop notices that one of them
has done something. And handle-io.c is now just one client of
handle-wait.c, providing a single HANDLE to the event loop, and
dealing internally with everything that needs to be done when that
handle fires.
The new top-level handle-wait.c system *still* can't deal with more
than MAXIMUM_WAIT_OBJECTS. At the moment, I'm reasonably convinced it
doesn't need to: the only kind of HANDLE that any of our tools could
previously have needed to wait on more than one of was the one in
handle-io.c that I've just removed. But I've left some assertions and
a TODO comment in there just in case we need to change that in future.
2021-05-24 12:06:10 +00:00
|
|
|
struct handle *out, *in;
|
|
|
|
|
HandleWait *subprocess;
|
New application: a Windows version of 'pterm'!
This fulfills our long-standing Mayhem-difficulty wishlist item
'win-command-prompt': this is a Windows pterm in the sense that when
you run it you get a local cmd.exe running inside a PuTTY-style window.
Advantages of this: you get the same free choice of fonts as PuTTY has
(no restriction to a strange subset of the system's available fonts);
you get the same copy-paste gestures as PuTTY (no mental gear-shifting
when you have command prompts and SSH sessions open on the same
desktop); you get scrollback with the PuTTY semantics (scrolling to
the bottom gets you to where the action is, as opposed to the way you
could accidentally find yourself 500 lines past the end of the action
in a real console).
'win-command-prompt' was at Mayhem difficulty ('Probably impossible')
basically on the grounds that with Windows's old APIs for accessing
the contents of consoles, there was no way I could find to get this to
work sensibly. What was needed to make it feasible was a major piece
of re-engineering work inside Windows itself.
But, of course, that's exactly what happened! In 2019, the new ConPTY
API arrived, which lets you create an object that behaves like a
Windows console at one end, and round the back, emits a stream of
VT-style escape sequences as the screen contents evolve, and accepts a
VT-style input stream in return which it will parse function and arrow
keys out of in the usual way.
So now it's actually _easy_ to get this to basically work. The new
backend, in conpty.c, has to do a handful of magic Windows API calls
to set up the pseudo-console and its feeder pipes and start a
subprocess running in it, a further magic call every time the PuTTY
window is resized, and detect the end of the session by watching for
the subprocess terminating. But apart from that, all it has to do is
pass data back and forth unmodified between those pipes and the
backend's associated Seat!
That said, this is new and experimental, and there will undoubtedly be
issues. One that I already know about is that you can't copy and paste
a word that has wrapped between lines without getting an annoying
newline in the middle of it. As far as I can see this is a fundamental
limitation: the ConPTY system sends the _same_ escape sequence stream
for a line that wrapped as it would send for a line that had a logical
\n at what would have been the wrap point. Probably the best we can do
to mitigate this is to adopt a different heuristic for newline elision
that's right more often than it's wrong.
For the moment, that experimental-ness is indicated by the fact that
Buildscr will build, sign and deliver a copy of pterm.exe for each
flavour of Windows, but won't include it in the .zip file or in the
installer. (In fact, that puts it in exactly the same ad-hoc category
as PuTTYtel, although for completely different reasons.)
2021-05-08 16:24:13 +00:00
|
|
|
bool exited;
|
|
|
|
|
DWORD exitstatus;
|
|
|
|
|
Seat *seat;
|
|
|
|
|
LogContext *logctx;
|
|
|
|
|
int bufsize;
|
|
|
|
|
Backend backend;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static void conpty_terminate(ConPTY *conpty)
|
|
|
|
|
{
|
|
|
|
|
if (conpty->out) {
|
|
|
|
|
handle_free(conpty->out);
|
|
|
|
|
conpty->out = NULL;
|
|
|
|
|
}
|
|
|
|
|
if (conpty->outpipe != INVALID_HANDLE_VALUE) {
|
|
|
|
|
CloseHandle(conpty->outpipe);
|
|
|
|
|
conpty->outpipe = INVALID_HANDLE_VALUE;
|
|
|
|
|
}
|
|
|
|
|
if (conpty->in) {
|
|
|
|
|
handle_free(conpty->in);
|
|
|
|
|
conpty->in = NULL;
|
|
|
|
|
}
|
|
|
|
|
if (conpty->inpipe != INVALID_HANDLE_VALUE) {
|
|
|
|
|
CloseHandle(conpty->inpipe);
|
|
|
|
|
conpty->inpipe = INVALID_HANDLE_VALUE;
|
|
|
|
|
}
|
|
|
|
|
if (conpty->subprocess) {
|
Reorganise Windows HANDLE management.
Before commit 6e69223dc262755, Pageant would stop working after a
certain number of PuTTYs were active at the same time. (At most about
60, but maybe fewer - see below.)
This was because of two separate bugs. The easy one, fixed in
6e69223dc262755 itself, was that PuTTY left each named-pipe connection
to Pageant open for the rest of its lifetime. So the real problem was
that Pageant had too many active connections at once. (And since a
given PuTTY might make multiple connections during userauth - one to
list keys, and maybe another to actually make a signature - that was
why the number of _PuTTYs_ might vary.)
It was clearly a bug that PuTTY was leaving connections to Pageant
needlessly open. But it was _also_ a bug that Pageant couldn't handle
more than about 60 at once. In this commit, I fix that secondary bug.
The cause of the bug is that the WaitForMultipleObjects function
family in the Windows API have a limit on the number of HANDLE objects
they can select between. The limit is MAXIMUM_WAIT_OBJECTS, defined to
be 64. And handle-io.c was using a separate event object for each I/O
subthread to communicate back to the main thread, so as soon as all
those event objects (plus a handful of other HANDLEs) added up to more
than 64, we'd start passing an overlarge handle array to
WaitForMultipleObjects, and it would start not doing what we wanted.
To fix this, I've reorganised handle-io.c so that all its subthreads
share just _one_ event object to signal readiness back to the main
thread. There's now a linked list of 'struct handle' objects that are
ready to be processed, protected by a CRITICAL_SECTION. Each subthread
signals readiness by adding itself to the linked list, and setting the
event object to indicate that the list is now non-empty. When the main
thread receives the event, it iterates over the whole list processing
all the ready handles.
(Each 'struct handle' still has a separate event object for the main
thread to use to communicate _to_ the subthread. That's OK, because no
thread is ever waiting on all those events at once: each subthread
only waits on its own.)
The previous HT_FOREIGN system didn't really fit into this framework.
So I've moved it out into its own system. There's now a handle-wait.c
which deals with the relatively simple job of managing a list of
handles that need to be waited for, each with a callback function;
that's what communicates a list of HANDLEs to event loops, and
receives the notification when the event loop notices that one of them
has done something. And handle-io.c is now just one client of
handle-wait.c, providing a single HANDLE to the event loop, and
dealing internally with everything that needs to be done when that
handle fires.
The new top-level handle-wait.c system *still* can't deal with more
than MAXIMUM_WAIT_OBJECTS. At the moment, I'm reasonably convinced it
doesn't need to: the only kind of HANDLE that any of our tools could
previously have needed to wait on more than one of was the one in
handle-io.c that I've just removed. But I've left some assertions and
a TODO comment in there just in case we need to change that in future.
2021-05-24 12:06:10 +00:00
|
|
|
delete_handle_wait(conpty->subprocess);
|
New application: a Windows version of 'pterm'!
This fulfills our long-standing Mayhem-difficulty wishlist item
'win-command-prompt': this is a Windows pterm in the sense that when
you run it you get a local cmd.exe running inside a PuTTY-style window.
Advantages of this: you get the same free choice of fonts as PuTTY has
(no restriction to a strange subset of the system's available fonts);
you get the same copy-paste gestures as PuTTY (no mental gear-shifting
when you have command prompts and SSH sessions open on the same
desktop); you get scrollback with the PuTTY semantics (scrolling to
the bottom gets you to where the action is, as opposed to the way you
could accidentally find yourself 500 lines past the end of the action
in a real console).
'win-command-prompt' was at Mayhem difficulty ('Probably impossible')
basically on the grounds that with Windows's old APIs for accessing
the contents of consoles, there was no way I could find to get this to
work sensibly. What was needed to make it feasible was a major piece
of re-engineering work inside Windows itself.
But, of course, that's exactly what happened! In 2019, the new ConPTY
API arrived, which lets you create an object that behaves like a
Windows console at one end, and round the back, emits a stream of
VT-style escape sequences as the screen contents evolve, and accepts a
VT-style input stream in return which it will parse function and arrow
keys out of in the usual way.
So now it's actually _easy_ to get this to basically work. The new
backend, in conpty.c, has to do a handful of magic Windows API calls
to set up the pseudo-console and its feeder pipes and start a
subprocess running in it, a further magic call every time the PuTTY
window is resized, and detect the end of the session by watching for
the subprocess terminating. But apart from that, all it has to do is
pass data back and forth unmodified between those pipes and the
backend's associated Seat!
That said, this is new and experimental, and there will undoubtedly be
issues. One that I already know about is that you can't copy and paste
a word that has wrapped between lines without getting an annoying
newline in the middle of it. As far as I can see this is a fundamental
limitation: the ConPTY system sends the _same_ escape sequence stream
for a line that wrapped as it would send for a line that had a logical
\n at what would have been the wrap point. Probably the best we can do
to mitigate this is to adopt a different heuristic for newline elision
that's right more often than it's wrong.
For the moment, that experimental-ness is indicated by the fact that
Buildscr will build, sign and deliver a copy of pterm.exe for each
flavour of Windows, but won't include it in the .zip file or in the
installer. (In fact, that puts it in exactly the same ad-hoc category
as PuTTYtel, although for completely different reasons.)
2021-05-08 16:24:13 +00:00
|
|
|
conpty->subprocess = NULL;
|
|
|
|
|
conpty->hprocess = INVALID_HANDLE_VALUE;
|
|
|
|
|
}
|
|
|
|
|
if (conpty->pseudoconsole != INVALID_HANDLE_VALUE) {
|
|
|
|
|
ClosePseudoConsole(conpty->pseudoconsole);
|
|
|
|
|
conpty->pseudoconsole = INVALID_HANDLE_VALUE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void conpty_process_wait_callback(void *vctx)
|
|
|
|
|
{
|
|
|
|
|
ConPTY *conpty = (ConPTY *)vctx;
|
|
|
|
|
|
|
|
|
|
if (!GetExitCodeProcess(conpty->hprocess, &conpty->exitstatus))
|
|
|
|
|
return;
|
|
|
|
|
conpty->exited = true;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We can stop waiting for the process now.
|
|
|
|
|
*/
|
|
|
|
|
if (conpty->subprocess) {
|
Reorganise Windows HANDLE management.
Before commit 6e69223dc262755, Pageant would stop working after a
certain number of PuTTYs were active at the same time. (At most about
60, but maybe fewer - see below.)
This was because of two separate bugs. The easy one, fixed in
6e69223dc262755 itself, was that PuTTY left each named-pipe connection
to Pageant open for the rest of its lifetime. So the real problem was
that Pageant had too many active connections at once. (And since a
given PuTTY might make multiple connections during userauth - one to
list keys, and maybe another to actually make a signature - that was
why the number of _PuTTYs_ might vary.)
It was clearly a bug that PuTTY was leaving connections to Pageant
needlessly open. But it was _also_ a bug that Pageant couldn't handle
more than about 60 at once. In this commit, I fix that secondary bug.
The cause of the bug is that the WaitForMultipleObjects function
family in the Windows API have a limit on the number of HANDLE objects
they can select between. The limit is MAXIMUM_WAIT_OBJECTS, defined to
be 64. And handle-io.c was using a separate event object for each I/O
subthread to communicate back to the main thread, so as soon as all
those event objects (plus a handful of other HANDLEs) added up to more
than 64, we'd start passing an overlarge handle array to
WaitForMultipleObjects, and it would start not doing what we wanted.
To fix this, I've reorganised handle-io.c so that all its subthreads
share just _one_ event object to signal readiness back to the main
thread. There's now a linked list of 'struct handle' objects that are
ready to be processed, protected by a CRITICAL_SECTION. Each subthread
signals readiness by adding itself to the linked list, and setting the
event object to indicate that the list is now non-empty. When the main
thread receives the event, it iterates over the whole list processing
all the ready handles.
(Each 'struct handle' still has a separate event object for the main
thread to use to communicate _to_ the subthread. That's OK, because no
thread is ever waiting on all those events at once: each subthread
only waits on its own.)
The previous HT_FOREIGN system didn't really fit into this framework.
So I've moved it out into its own system. There's now a handle-wait.c
which deals with the relatively simple job of managing a list of
handles that need to be waited for, each with a callback function;
that's what communicates a list of HANDLEs to event loops, and
receives the notification when the event loop notices that one of them
has done something. And handle-io.c is now just one client of
handle-wait.c, providing a single HANDLE to the event loop, and
dealing internally with everything that needs to be done when that
handle fires.
The new top-level handle-wait.c system *still* can't deal with more
than MAXIMUM_WAIT_OBJECTS. At the moment, I'm reasonably convinced it
doesn't need to: the only kind of HANDLE that any of our tools could
previously have needed to wait on more than one of was the one in
handle-io.c that I've just removed. But I've left some assertions and
a TODO comment in there just in case we need to change that in future.
2021-05-24 12:06:10 +00:00
|
|
|
delete_handle_wait(conpty->subprocess);
|
New application: a Windows version of 'pterm'!
This fulfills our long-standing Mayhem-difficulty wishlist item
'win-command-prompt': this is a Windows pterm in the sense that when
you run it you get a local cmd.exe running inside a PuTTY-style window.
Advantages of this: you get the same free choice of fonts as PuTTY has
(no restriction to a strange subset of the system's available fonts);
you get the same copy-paste gestures as PuTTY (no mental gear-shifting
when you have command prompts and SSH sessions open on the same
desktop); you get scrollback with the PuTTY semantics (scrolling to
the bottom gets you to where the action is, as opposed to the way you
could accidentally find yourself 500 lines past the end of the action
in a real console).
'win-command-prompt' was at Mayhem difficulty ('Probably impossible')
basically on the grounds that with Windows's old APIs for accessing
the contents of consoles, there was no way I could find to get this to
work sensibly. What was needed to make it feasible was a major piece
of re-engineering work inside Windows itself.
But, of course, that's exactly what happened! In 2019, the new ConPTY
API arrived, which lets you create an object that behaves like a
Windows console at one end, and round the back, emits a stream of
VT-style escape sequences as the screen contents evolve, and accepts a
VT-style input stream in return which it will parse function and arrow
keys out of in the usual way.
So now it's actually _easy_ to get this to basically work. The new
backend, in conpty.c, has to do a handful of magic Windows API calls
to set up the pseudo-console and its feeder pipes and start a
subprocess running in it, a further magic call every time the PuTTY
window is resized, and detect the end of the session by watching for
the subprocess terminating. But apart from that, all it has to do is
pass data back and forth unmodified between those pipes and the
backend's associated Seat!
That said, this is new and experimental, and there will undoubtedly be
issues. One that I already know about is that you can't copy and paste
a word that has wrapped between lines without getting an annoying
newline in the middle of it. As far as I can see this is a fundamental
limitation: the ConPTY system sends the _same_ escape sequence stream
for a line that wrapped as it would send for a line that had a logical
\n at what would have been the wrap point. Probably the best we can do
to mitigate this is to adopt a different heuristic for newline elision
that's right more often than it's wrong.
For the moment, that experimental-ness is indicated by the fact that
Buildscr will build, sign and deliver a copy of pterm.exe for each
flavour of Windows, but won't include it in the .zip file or in the
installer. (In fact, that puts it in exactly the same ad-hoc category
as PuTTYtel, although for completely different reasons.)
2021-05-08 16:24:13 +00:00
|
|
|
conpty->subprocess = NULL;
|
|
|
|
|
conpty->hprocess = INVALID_HANDLE_VALUE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Once the contained process exits, close the pseudo-console as
|
|
|
|
|
* well. But don't close the pipes yet, since apparently
|
|
|
|
|
* ClosePseudoConsole can trigger a final bout of terminal output
|
|
|
|
|
* as things clean themselves up.
|
|
|
|
|
*/
|
|
|
|
|
if (conpty->pseudoconsole != INVALID_HANDLE_VALUE) {
|
|
|
|
|
ClosePseudoConsole(conpty->pseudoconsole);
|
|
|
|
|
conpty->pseudoconsole = INVALID_HANDLE_VALUE;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static size_t conpty_gotdata(
|
|
|
|
|
struct handle *h, const void *data, size_t len, int err)
|
|
|
|
|
{
|
|
|
|
|
ConPTY *conpty = (ConPTY *)handle_get_privdata(h);
|
|
|
|
|
if (err || len == 0) {
|
|
|
|
|
char *error_msg;
|
|
|
|
|
|
|
|
|
|
conpty_terminate(conpty);
|
|
|
|
|
|
|
|
|
|
seat_notify_remote_exit(conpty->seat);
|
|
|
|
|
|
|
|
|
|
if (!err && conpty->exited) {
|
|
|
|
|
/*
|
|
|
|
|
* The clean-exit case: our subprocess terminated, we
|
|
|
|
|
* deleted the PseudoConsole ourself, and now we got the
|
|
|
|
|
* expected EOF on the pipe.
|
|
|
|
|
*/
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (err)
|
|
|
|
|
error_msg = dupprintf("Error reading from console pty: %s",
|
|
|
|
|
win_strerror(err));
|
|
|
|
|
else
|
|
|
|
|
error_msg = dupprintf(
|
|
|
|
|
"Unexpected end of file reading from console pty");
|
|
|
|
|
|
|
|
|
|
logevent(conpty->logctx, error_msg);
|
|
|
|
|
seat_connection_fatal(conpty->seat, "%s", error_msg);
|
|
|
|
|
sfree(error_msg);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
} else {
|
|
|
|
|
return seat_stdout(conpty->seat, data, len);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void conpty_sentdata(struct handle *h, size_t new_backlog, int err)
|
|
|
|
|
{
|
|
|
|
|
ConPTY *conpty = (ConPTY *)handle_get_privdata(h);
|
|
|
|
|
if (err) {
|
|
|
|
|
const char *error_msg = "Error writing to conpty device";
|
|
|
|
|
|
|
|
|
|
conpty_terminate(conpty);
|
|
|
|
|
|
|
|
|
|
seat_notify_remote_exit(conpty->seat);
|
|
|
|
|
|
|
|
|
|
logevent(conpty->logctx, error_msg);
|
|
|
|
|
|
|
|
|
|
seat_connection_fatal(conpty->seat, "%s", error_msg);
|
|
|
|
|
} else {
|
|
|
|
|
conpty->bufsize = new_backlog;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static char *conpty_init(const BackendVtable *vt, Seat *seat,
|
|
|
|
|
Backend **backend_handle, LogContext *logctx,
|
|
|
|
|
Conf *conf, const char *host, int port,
|
|
|
|
|
char **realhost, bool nodelay, bool keepalive)
|
|
|
|
|
{
|
|
|
|
|
ConPTY *conpty;
|
|
|
|
|
char *err = NULL;
|
|
|
|
|
|
|
|
|
|
HANDLE in_r = INVALID_HANDLE_VALUE;
|
|
|
|
|
HANDLE in_w = INVALID_HANDLE_VALUE;
|
|
|
|
|
HANDLE out_r = INVALID_HANDLE_VALUE;
|
|
|
|
|
HANDLE out_w = INVALID_HANDLE_VALUE;
|
|
|
|
|
|
|
|
|
|
HPCON pcon;
|
|
|
|
|
bool pcon_needs_cleanup = false;
|
|
|
|
|
|
|
|
|
|
STARTUPINFOEX si;
|
|
|
|
|
memset(&si, 0, sizeof(si));
|
|
|
|
|
|
|
|
|
|
if (!CreatePipe(&in_r, &in_w, NULL, 0)) {
|
|
|
|
|
err = dupprintf("CreatePipe: %s", win_strerror(GetLastError()));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if (!CreatePipe(&out_r, &out_w, NULL, 0)) {
|
|
|
|
|
err = dupprintf("CreatePipe: %s", win_strerror(GetLastError()));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
COORD size;
|
|
|
|
|
size.X = conf_get_int(conf, CONF_width);
|
|
|
|
|
size.Y = conf_get_int(conf, CONF_height);
|
|
|
|
|
|
|
|
|
|
HRESULT result = CreatePseudoConsole(size, in_r, out_w, 0, &pcon);
|
|
|
|
|
if (FAILED(result)) {
|
|
|
|
|
if (HRESULT_FACILITY(result) == FACILITY_WIN32)
|
|
|
|
|
err = dupprintf("CreatePseudoConsole: %s",
|
|
|
|
|
win_strerror(HRESULT_CODE(result)));
|
|
|
|
|
else
|
|
|
|
|
err = dupprintf("CreatePseudoConsole failed: HRESULT=0x%08x",
|
|
|
|
|
(unsigned)result);
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
pcon_needs_cleanup = true;
|
|
|
|
|
|
|
|
|
|
CloseHandle(in_r);
|
|
|
|
|
in_r = INVALID_HANDLE_VALUE;
|
|
|
|
|
CloseHandle(out_w);
|
|
|
|
|
out_w = INVALID_HANDLE_VALUE;
|
|
|
|
|
|
|
|
|
|
si.StartupInfo.cb = sizeof(si);
|
|
|
|
|
|
|
|
|
|
size_t attrsize = 0;
|
|
|
|
|
InitializeProcThreadAttributeList(NULL, 1, 0, &attrsize);
|
|
|
|
|
si.lpAttributeList = smalloc(attrsize);
|
|
|
|
|
if (!InitializeProcThreadAttributeList(
|
|
|
|
|
si.lpAttributeList, 1, 0, &attrsize)) {
|
|
|
|
|
err = dupprintf("InitializeProcThreadAttributeList: %s",
|
|
|
|
|
win_strerror(GetLastError()));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
if (!UpdateProcThreadAttribute(
|
|
|
|
|
si.lpAttributeList,
|
|
|
|
|
0, PROC_THREAD_ATTRIBUTE_PSEUDOCONSOLE,
|
|
|
|
|
pcon, sizeof(pcon), NULL, NULL)) {
|
|
|
|
|
err = dupprintf("UpdateProcThreadAttribute: %s",
|
|
|
|
|
win_strerror(GetLastError()));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
PROCESS_INFORMATION pi;
|
|
|
|
|
memset(&pi, 0, sizeof(pi));
|
|
|
|
|
|
|
|
|
|
char *command;
|
|
|
|
|
const char *conf_cmd = conf_get_str(conf, CONF_remote_cmd);
|
|
|
|
|
if (*conf_cmd) {
|
|
|
|
|
command = dupstr(conf_cmd);
|
|
|
|
|
} else {
|
|
|
|
|
command = dupcat(get_system_dir(), "\\cmd.exe");
|
|
|
|
|
}
|
|
|
|
|
bool created_ok = CreateProcess(NULL, command, NULL, NULL,
|
|
|
|
|
false, EXTENDED_STARTUPINFO_PRESENT,
|
|
|
|
|
NULL, NULL, &si.StartupInfo, &pi);
|
|
|
|
|
sfree(command);
|
|
|
|
|
if (!created_ok) {
|
|
|
|
|
err = dupprintf("CreateProcess: %s",
|
|
|
|
|
win_strerror(GetLastError()));
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* No local authentication phase in this protocol */
|
|
|
|
|
seat_set_trust_status(seat, false);
|
|
|
|
|
|
|
|
|
|
conpty = snew(ConPTY);
|
|
|
|
|
conpty->pseudoconsole = pcon;
|
|
|
|
|
pcon_needs_cleanup = false;
|
|
|
|
|
conpty->outpipe = in_w;
|
|
|
|
|
conpty->out = handle_output_new(in_w, conpty_sentdata, conpty, 0);
|
|
|
|
|
in_w = INVALID_HANDLE_VALUE;
|
|
|
|
|
conpty->inpipe = out_r;
|
|
|
|
|
conpty->in = handle_input_new(out_r, conpty_gotdata, conpty, 0);
|
|
|
|
|
out_r = INVALID_HANDLE_VALUE;
|
Reorganise Windows HANDLE management.
Before commit 6e69223dc262755, Pageant would stop working after a
certain number of PuTTYs were active at the same time. (At most about
60, but maybe fewer - see below.)
This was because of two separate bugs. The easy one, fixed in
6e69223dc262755 itself, was that PuTTY left each named-pipe connection
to Pageant open for the rest of its lifetime. So the real problem was
that Pageant had too many active connections at once. (And since a
given PuTTY might make multiple connections during userauth - one to
list keys, and maybe another to actually make a signature - that was
why the number of _PuTTYs_ might vary.)
It was clearly a bug that PuTTY was leaving connections to Pageant
needlessly open. But it was _also_ a bug that Pageant couldn't handle
more than about 60 at once. In this commit, I fix that secondary bug.
The cause of the bug is that the WaitForMultipleObjects function
family in the Windows API have a limit on the number of HANDLE objects
they can select between. The limit is MAXIMUM_WAIT_OBJECTS, defined to
be 64. And handle-io.c was using a separate event object for each I/O
subthread to communicate back to the main thread, so as soon as all
those event objects (plus a handful of other HANDLEs) added up to more
than 64, we'd start passing an overlarge handle array to
WaitForMultipleObjects, and it would start not doing what we wanted.
To fix this, I've reorganised handle-io.c so that all its subthreads
share just _one_ event object to signal readiness back to the main
thread. There's now a linked list of 'struct handle' objects that are
ready to be processed, protected by a CRITICAL_SECTION. Each subthread
signals readiness by adding itself to the linked list, and setting the
event object to indicate that the list is now non-empty. When the main
thread receives the event, it iterates over the whole list processing
all the ready handles.
(Each 'struct handle' still has a separate event object for the main
thread to use to communicate _to_ the subthread. That's OK, because no
thread is ever waiting on all those events at once: each subthread
only waits on its own.)
The previous HT_FOREIGN system didn't really fit into this framework.
So I've moved it out into its own system. There's now a handle-wait.c
which deals with the relatively simple job of managing a list of
handles that need to be waited for, each with a callback function;
that's what communicates a list of HANDLEs to event loops, and
receives the notification when the event loop notices that one of them
has done something. And handle-io.c is now just one client of
handle-wait.c, providing a single HANDLE to the event loop, and
dealing internally with everything that needs to be done when that
handle fires.
The new top-level handle-wait.c system *still* can't deal with more
than MAXIMUM_WAIT_OBJECTS. At the moment, I'm reasonably convinced it
doesn't need to: the only kind of HANDLE that any of our tools could
previously have needed to wait on more than one of was the one in
handle-io.c that I've just removed. But I've left some assertions and
a TODO comment in there just in case we need to change that in future.
2021-05-24 12:06:10 +00:00
|
|
|
conpty->subprocess = add_handle_wait(
|
New application: a Windows version of 'pterm'!
This fulfills our long-standing Mayhem-difficulty wishlist item
'win-command-prompt': this is a Windows pterm in the sense that when
you run it you get a local cmd.exe running inside a PuTTY-style window.
Advantages of this: you get the same free choice of fonts as PuTTY has
(no restriction to a strange subset of the system's available fonts);
you get the same copy-paste gestures as PuTTY (no mental gear-shifting
when you have command prompts and SSH sessions open on the same
desktop); you get scrollback with the PuTTY semantics (scrolling to
the bottom gets you to where the action is, as opposed to the way you
could accidentally find yourself 500 lines past the end of the action
in a real console).
'win-command-prompt' was at Mayhem difficulty ('Probably impossible')
basically on the grounds that with Windows's old APIs for accessing
the contents of consoles, there was no way I could find to get this to
work sensibly. What was needed to make it feasible was a major piece
of re-engineering work inside Windows itself.
But, of course, that's exactly what happened! In 2019, the new ConPTY
API arrived, which lets you create an object that behaves like a
Windows console at one end, and round the back, emits a stream of
VT-style escape sequences as the screen contents evolve, and accepts a
VT-style input stream in return which it will parse function and arrow
keys out of in the usual way.
So now it's actually _easy_ to get this to basically work. The new
backend, in conpty.c, has to do a handful of magic Windows API calls
to set up the pseudo-console and its feeder pipes and start a
subprocess running in it, a further magic call every time the PuTTY
window is resized, and detect the end of the session by watching for
the subprocess terminating. But apart from that, all it has to do is
pass data back and forth unmodified between those pipes and the
backend's associated Seat!
That said, this is new and experimental, and there will undoubtedly be
issues. One that I already know about is that you can't copy and paste
a word that has wrapped between lines without getting an annoying
newline in the middle of it. As far as I can see this is a fundamental
limitation: the ConPTY system sends the _same_ escape sequence stream
for a line that wrapped as it would send for a line that had a logical
\n at what would have been the wrap point. Probably the best we can do
to mitigate this is to adopt a different heuristic for newline elision
that's right more often than it's wrong.
For the moment, that experimental-ness is indicated by the fact that
Buildscr will build, sign and deliver a copy of pterm.exe for each
flavour of Windows, but won't include it in the .zip file or in the
installer. (In fact, that puts it in exactly the same ad-hoc category
as PuTTYtel, although for completely different reasons.)
2021-05-08 16:24:13 +00:00
|
|
|
pi.hProcess, conpty_process_wait_callback, conpty);
|
|
|
|
|
conpty->hprocess = pi.hProcess;
|
|
|
|
|
CloseHandle(pi.hThread);
|
|
|
|
|
conpty->exited = false;
|
|
|
|
|
conpty->exitstatus = 0;
|
|
|
|
|
conpty->bufsize = 0;
|
|
|
|
|
conpty->backend.vt = vt;
|
|
|
|
|
*backend_handle = &conpty->backend;
|
|
|
|
|
|
|
|
|
|
conpty->seat = seat;
|
|
|
|
|
conpty->logctx = logctx;
|
|
|
|
|
|
|
|
|
|
*realhost = dupstr("");
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Specials are always available.
|
|
|
|
|
*/
|
|
|
|
|
seat_update_specials_menu(conpty->seat);
|
|
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
if (in_r != INVALID_HANDLE_VALUE)
|
|
|
|
|
CloseHandle(in_r);
|
|
|
|
|
if (in_w != INVALID_HANDLE_VALUE)
|
|
|
|
|
CloseHandle(in_w);
|
|
|
|
|
if (out_r != INVALID_HANDLE_VALUE)
|
|
|
|
|
CloseHandle(out_r);
|
|
|
|
|
if (out_w != INVALID_HANDLE_VALUE)
|
|
|
|
|
CloseHandle(out_w);
|
|
|
|
|
if (pcon_needs_cleanup)
|
|
|
|
|
ClosePseudoConsole(pcon);
|
|
|
|
|
sfree(si.lpAttributeList);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void conpty_free(Backend *be)
|
|
|
|
|
{
|
|
|
|
|
ConPTY *conpty = container_of(be, ConPTY, backend);
|
|
|
|
|
|
|
|
|
|
conpty_terminate(conpty);
|
|
|
|
|
expire_timer_context(conpty);
|
|
|
|
|
sfree(conpty);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void conpty_reconfig(Backend *be, Conf *conf)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
2021-09-12 08:52:46 +00:00
|
|
|
static void conpty_send(Backend *be, const char *buf, size_t len)
|
New application: a Windows version of 'pterm'!
This fulfills our long-standing Mayhem-difficulty wishlist item
'win-command-prompt': this is a Windows pterm in the sense that when
you run it you get a local cmd.exe running inside a PuTTY-style window.
Advantages of this: you get the same free choice of fonts as PuTTY has
(no restriction to a strange subset of the system's available fonts);
you get the same copy-paste gestures as PuTTY (no mental gear-shifting
when you have command prompts and SSH sessions open on the same
desktop); you get scrollback with the PuTTY semantics (scrolling to
the bottom gets you to where the action is, as opposed to the way you
could accidentally find yourself 500 lines past the end of the action
in a real console).
'win-command-prompt' was at Mayhem difficulty ('Probably impossible')
basically on the grounds that with Windows's old APIs for accessing
the contents of consoles, there was no way I could find to get this to
work sensibly. What was needed to make it feasible was a major piece
of re-engineering work inside Windows itself.
But, of course, that's exactly what happened! In 2019, the new ConPTY
API arrived, which lets you create an object that behaves like a
Windows console at one end, and round the back, emits a stream of
VT-style escape sequences as the screen contents evolve, and accepts a
VT-style input stream in return which it will parse function and arrow
keys out of in the usual way.
So now it's actually _easy_ to get this to basically work. The new
backend, in conpty.c, has to do a handful of magic Windows API calls
to set up the pseudo-console and its feeder pipes and start a
subprocess running in it, a further magic call every time the PuTTY
window is resized, and detect the end of the session by watching for
the subprocess terminating. But apart from that, all it has to do is
pass data back and forth unmodified between those pipes and the
backend's associated Seat!
That said, this is new and experimental, and there will undoubtedly be
issues. One that I already know about is that you can't copy and paste
a word that has wrapped between lines without getting an annoying
newline in the middle of it. As far as I can see this is a fundamental
limitation: the ConPTY system sends the _same_ escape sequence stream
for a line that wrapped as it would send for a line that had a logical
\n at what would have been the wrap point. Probably the best we can do
to mitigate this is to adopt a different heuristic for newline elision
that's right more often than it's wrong.
For the moment, that experimental-ness is indicated by the fact that
Buildscr will build, sign and deliver a copy of pterm.exe for each
flavour of Windows, but won't include it in the .zip file or in the
installer. (In fact, that puts it in exactly the same ad-hoc category
as PuTTYtel, although for completely different reasons.)
2021-05-08 16:24:13 +00:00
|
|
|
{
|
|
|
|
|
ConPTY *conpty = container_of(be, ConPTY, backend);
|
|
|
|
|
|
|
|
|
|
if (conpty->out == NULL)
|
2021-09-12 08:52:46 +00:00
|
|
|
return;
|
New application: a Windows version of 'pterm'!
This fulfills our long-standing Mayhem-difficulty wishlist item
'win-command-prompt': this is a Windows pterm in the sense that when
you run it you get a local cmd.exe running inside a PuTTY-style window.
Advantages of this: you get the same free choice of fonts as PuTTY has
(no restriction to a strange subset of the system's available fonts);
you get the same copy-paste gestures as PuTTY (no mental gear-shifting
when you have command prompts and SSH sessions open on the same
desktop); you get scrollback with the PuTTY semantics (scrolling to
the bottom gets you to where the action is, as opposed to the way you
could accidentally find yourself 500 lines past the end of the action
in a real console).
'win-command-prompt' was at Mayhem difficulty ('Probably impossible')
basically on the grounds that with Windows's old APIs for accessing
the contents of consoles, there was no way I could find to get this to
work sensibly. What was needed to make it feasible was a major piece
of re-engineering work inside Windows itself.
But, of course, that's exactly what happened! In 2019, the new ConPTY
API arrived, which lets you create an object that behaves like a
Windows console at one end, and round the back, emits a stream of
VT-style escape sequences as the screen contents evolve, and accepts a
VT-style input stream in return which it will parse function and arrow
keys out of in the usual way.
So now it's actually _easy_ to get this to basically work. The new
backend, in conpty.c, has to do a handful of magic Windows API calls
to set up the pseudo-console and its feeder pipes and start a
subprocess running in it, a further magic call every time the PuTTY
window is resized, and detect the end of the session by watching for
the subprocess terminating. But apart from that, all it has to do is
pass data back and forth unmodified between those pipes and the
backend's associated Seat!
That said, this is new and experimental, and there will undoubtedly be
issues. One that I already know about is that you can't copy and paste
a word that has wrapped between lines without getting an annoying
newline in the middle of it. As far as I can see this is a fundamental
limitation: the ConPTY system sends the _same_ escape sequence stream
for a line that wrapped as it would send for a line that had a logical
\n at what would have been the wrap point. Probably the best we can do
to mitigate this is to adopt a different heuristic for newline elision
that's right more often than it's wrong.
For the moment, that experimental-ness is indicated by the fact that
Buildscr will build, sign and deliver a copy of pterm.exe for each
flavour of Windows, but won't include it in the .zip file or in the
installer. (In fact, that puts it in exactly the same ad-hoc category
as PuTTYtel, although for completely different reasons.)
2021-05-08 16:24:13 +00:00
|
|
|
|
|
|
|
|
conpty->bufsize = handle_write(conpty->out, buf, len);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static size_t conpty_sendbuffer(Backend *be)
|
|
|
|
|
{
|
|
|
|
|
ConPTY *conpty = container_of(be, ConPTY, backend);
|
|
|
|
|
return conpty->bufsize;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void conpty_size(Backend *be, int width, int height)
|
|
|
|
|
{
|
|
|
|
|
ConPTY *conpty = container_of(be, ConPTY, backend);
|
|
|
|
|
COORD size;
|
|
|
|
|
size.X = width;
|
|
|
|
|
size.Y = height;
|
|
|
|
|
ResizePseudoConsole(conpty->pseudoconsole, size);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void conpty_special(Backend *be, SessionSpecialCode code, int arg)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static const SessionSpecial *conpty_get_specials(Backend *be)
|
|
|
|
|
{
|
|
|
|
|
static const SessionSpecial specials[] = {
|
|
|
|
|
{NULL, SS_EXITMENU}
|
|
|
|
|
};
|
|
|
|
|
return specials;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool conpty_connected(Backend *be)
|
|
|
|
|
{
|
|
|
|
|
return true; /* always connected */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool conpty_sendok(Backend *be)
|
|
|
|
|
{
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void conpty_unthrottle(Backend *be, size_t backlog)
|
|
|
|
|
{
|
|
|
|
|
ConPTY *conpty = container_of(be, ConPTY, backend);
|
|
|
|
|
if (conpty->in)
|
|
|
|
|
handle_unthrottle(conpty->in, backlog);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static bool conpty_ldisc(Backend *be, int option)
|
|
|
|
|
{
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void conpty_provide_ldisc(Backend *be, Ldisc *ldisc)
|
|
|
|
|
{
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int conpty_exitcode(Backend *be)
|
|
|
|
|
{
|
|
|
|
|
ConPTY *conpty = container_of(be, ConPTY, backend);
|
|
|
|
|
|
|
|
|
|
if (conpty->exited &&
|
|
|
|
|
0 <= conpty->exitstatus &&
|
|
|
|
|
conpty->exitstatus <= INT_MAX)
|
|
|
|
|
return conpty->exitstatus;
|
|
|
|
|
else
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int conpty_cfg_info(Backend *be)
|
|
|
|
|
{
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const BackendVtable conpty_backend = {
|
|
|
|
|
.init = conpty_init,
|
|
|
|
|
.free = conpty_free,
|
|
|
|
|
.reconfig = conpty_reconfig,
|
|
|
|
|
.send = conpty_send,
|
|
|
|
|
.sendbuffer = conpty_sendbuffer,
|
|
|
|
|
.size = conpty_size,
|
|
|
|
|
.special = conpty_special,
|
|
|
|
|
.get_specials = conpty_get_specials,
|
|
|
|
|
.connected = conpty_connected,
|
|
|
|
|
.exitcode = conpty_exitcode,
|
|
|
|
|
.sendok = conpty_sendok,
|
|
|
|
|
.ldisc_option_state = conpty_ldisc,
|
|
|
|
|
.provide_ldisc = conpty_provide_ldisc,
|
|
|
|
|
.unthrottle = conpty_unthrottle,
|
|
|
|
|
.cfg_info = conpty_cfg_info,
|
|
|
|
|
.id = "conpty",
|
|
|
|
|
.displayname = "ConPTY",
|
|
|
|
|
.protocol = -1,
|
|
|
|
|
};
|