Merge recent misc fixes from 'pre-0.77'.

README

@@ -8,6 +8,20 @@ the source directory:
   cmake .
   cmake --build .
 
+Then, to install in the simplest way on Linux or Mac:
+
+  cmake --build . --target install
+
+On Unix, pterm would like to be setuid or setgid, as appropriate, to
+permit it to write records of user logins to /var/run/utmp and
+/var/log/wtmp. (Of course it will not use this privilege for
+anything else, and in particular it will drop all privileges before
+starting up complex subsystems like GTK.) The cmake install step
+doesn't attempt to add these privileges, so if you want user login
+recording to work, you should manually ch{own,grp} and chmod the
+pterm binary yourself after installation. If you don't do this,
+pterm will still work, but not update the user login databases.
+
 Documentation (in various formats including Windows Help and Unix
 `man' pages) is built from the Halibut (`.but') files in the `doc'
 subdirectory using `doc/Makefile'. If you aren't using one of our

cmake/cmake.h.in

@@ -17,6 +17,7 @@
 #cmakedefine01 HAVE_DWMAPI_H
 
 #cmakedefine NOT_X_WINDOWS
+#cmakedefine OMIT_UTMP
 
 #cmakedefine01 HAVE_ASM_HWCAP_H
 #cmakedefine01 HAVE_SYS_AUXV_H
@@ -29,6 +30,7 @@
 #cmakedefine01 HAVE_POSIX_OPENPT
 #cmakedefine01 HAVE_PTSNAME
 #cmakedefine01 HAVE_SETRESUID
+#cmakedefine01 HAVE_SETRESGID
 #cmakedefine01 HAVE_STRSIGNAL
 #cmakedefine01 HAVE_UPDWTMPX
 #cmakedefine01 HAVE_FSTATAT

cmake/platforms/unix.cmake

@@ -19,6 +19,7 @@ check_include_file(sys/sysctl.h HAVE_SYS_SYSCTL_H)
 check_include_file(sys/types.h HAVE_SYS_TYPES_H)
 check_include_file(glob.h HAVE_GLOB_H)
 check_include_file(utmp.h HAVE_UTMP_H)
+check_include_file(utmpx.h HAVE_UTMPX_H)
 
 check_symbol_exists(futimes "sys/time.h" HAVE_FUTIMES)
 check_symbol_exists(getaddrinfo "sys/types.h;sys/socket.h;netdb.h"
@@ -56,6 +57,12 @@ else()
   set(NO_IPV6 ON)
 endif()
 
+if(HAVE_UTMPX_H)
+  set(OMIT_UTMP OFF)
+else()
+  set(OMIT_UTMP ON)
+endif()
+
 include(cmake/gtk.cmake)
 
 # See if we have X11 available. This requires libX11 itself, and also

cmake/setup.cmake

@@ -4,6 +4,8 @@
 # give a #error if this manoeuvre doesn't do what it needs to.
 string(REPLACE "/DNDEBUG" "" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}")
 string(REPLACE "-DNDEBUG" "" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}")
+string(REPLACE "/DNDEBUG" "" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELEASE}")
+string(REPLACE "-DNDEBUG" "" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELEASE}")
 
 set(PUTTY_IPV6 ON
   CACHE BOOL "Build PuTTY with IPv6 support if possible")

cmdline.c

@@ -81,10 +81,9 @@ void cmdline_cleanup(void)
  * -1 return means that we aren't capable of processing the prompt and
  * someone else should do it.
  */
-SeatPromptResult cmdline_get_passwd_input(prompts_t *p)
+SeatPromptResult cmdline_get_passwd_input(
+    prompts_t *p, cmdline_get_passwd_input_state *state, bool restartable)
 {
-    static bool tried_once = false;
-
     /*
      * We only handle prompts which don't echo (which we assume to be
      * passwords), and (currently) we only cope with a password prompt
@@ -98,23 +97,32 @@ SeatPromptResult cmdline_get_passwd_input(prompts_t *p)
      * If we've tried once, return utter failure (no more passwords left
      * to try).
      */
-    if (tried_once)
+    if (state->tried)
         return SPR_SW_ABORT("Configured password was not accepted");
 
     /*
      * If we never had a password available in the first place, we
      * can't do anything in any case. (But we delay this test until
-     * after tried_once, so that after we free cmdline_password below,
-     * we'll still remember that we _used_ to have one.)
+     * after trying once, so that even if we free cmdline_password
+     * below, we'll still remember that we _used_ to have one.)
      */
     if (!cmdline_password)
         return SPR_INCOMPLETE;
 
     prompt_set_result(p->prompts[0], cmdline_password);
-    smemclr(cmdline_password, strlen(cmdline_password));
-    sfree(cmdline_password);
-    cmdline_password = NULL;
-    tried_once = true;
+    state->tried = true;
+
+    if (!restartable) {
+        /*
+         * If there's no possibility of needing to do this again after
+         * a 'Restart Session' event, then wipe our copy of the
+         * password out of memory.
+         */
+        smemclr(cmdline_password, strlen(cmdline_password));
+        sfree(cmdline_password);
+        cmdline_password = NULL;
+    }
+
     return SPR_OK;
 }
 

defs.h

@@ -118,6 +118,8 @@ typedef struct Seat Seat;
 typedef struct SeatVtable SeatVtable;
 typedef struct SeatPromptResult SeatPromptResult;
 
+typedef struct cmdline_get_passwd_input_state cmdline_get_passwd_input_state;
+
 typedef struct TermWin TermWin;
 typedef struct TermWinVtable TermWinVtable;
 

proxy/proxy.c

@@ -232,6 +232,13 @@ static void proxy_negotiate(ProxySocket *ps)
                                 ps->proxy_nodelay, ps->proxy_keepalive,
                                 &ps->plugimpl);
         ps->pn->reconnect = false;
+        /* If the negotiator has asked us to reconnect, they are
+         * expecting that on the next call their input queue will
+         * consist entirely of data from the _new_ connection, without
+         * any remaining data buffered from the old one. (If they'd
+         * wanted the latter, they could have read it out of the input
+         * queue before asking us to close the connection.) */
+        bufchain_clear(&ps->pending_input_data);
     }
 
     while (bufchain_size(&ps->output_from_negotiator)) {

putty.h

@@ -2540,10 +2540,15 @@ void printer_finish_job(printer_job *);
  * zero out password arguments in the hope of not having them show up
  * avoidably in Unix 'ps'.
  */
+struct cmdline_get_passwd_input_state { bool tried; };
+#define CMDLINE_GET_PASSWD_INPUT_STATE_INIT { .tried = false }
+extern const cmdline_get_passwd_input_state cmdline_get_passwd_input_state_new;
+
 int cmdline_process_param(const char *, char *, int, Conf *);
 void cmdline_run_saved(Conf *);
 void cmdline_cleanup(void);
-SeatPromptResult cmdline_get_passwd_input(prompts_t *p);
+SeatPromptResult cmdline_get_passwd_input(
+    prompts_t *p, cmdline_get_passwd_input_state *state, bool restartable);
 bool cmdline_host_ok(Conf *);
 bool cmdline_verbose(void);
 bool cmdline_loaded_session(void);

stubs/nocmdline.c

@@ -15,7 +15,8 @@
  * handling, then there is no such option, so that function always
  * returns failure.
  */
-SeatPromptResult cmdline_get_passwd_input(prompts_t *p)
+SeatPromptResult cmdline_get_passwd_input(
+    prompts_t *p, cmdline_get_passwd_input_state *state, bool restartable)
 {
     return SPR_INCOMPLETE;
 }

unix/plink.c

@@ -373,8 +373,13 @@ static bool plink_eof(Seat *seat)
 
 static SeatPromptResult plink_get_userpass_input(Seat *seat, prompts_t *p)
 {
+    /* Plink doesn't support Restart Session, so we can just have a
+     * single static cmdline_get_passwd_input_state that's never reset */
+    static cmdline_get_passwd_input_state cmdline_state =
+        CMDLINE_GET_PASSWD_INPUT_STATE_INIT;
+
     SeatPromptResult spr;
-    spr = cmdline_get_passwd_input(p);
+    spr = cmdline_get_passwd_input(p, &cmdline_state, false);
     if (spr.kind == SPRK_INCOMPLETE)
         spr = console_get_userpass_input(p);
     return spr;

unix/pty.c

@@ -227,6 +227,8 @@ static void setup_utmp(char *ttyname, char *location)
     endutxent();
 
 #if HAVE_UPDWTMPX
+    /* Reportedly, AIX 5.1 has <utmpx.h> and pututxline(), but no
+     * updwtmpx(). */
     updwtmpx(WTMPX_FILE, &utmp_entry);
 #endif
 

unix/sftp.c

@@ -65,8 +65,14 @@ Filename *platform_default_filename(const char *name)
 
 SeatPromptResult filexfer_get_userpass_input(Seat *seat, prompts_t *p)
 {
+    /* The file transfer tools don't support Restart Session, so we
+     * can just have a single static cmdline_get_passwd_input_state
+     * that's never reset */
+    static cmdline_get_passwd_input_state cmdline_state =
+        CMDLINE_GET_PASSWD_INPUT_STATE_INIT;
+
     SeatPromptResult spr;
-    spr = cmdline_get_passwd_input(p);
+    spr = cmdline_get_passwd_input(p, &cmdline_state, false);
     if (spr.kind == SPRK_INCOMPLETE)
         spr = console_get_userpass_input(p);
     return spr;

unix/window.c

@@ -160,6 +160,7 @@ struct GtkFrontend {
     Ldisc *ldisc;
     Backend *backend;
     Terminal *term;
+    cmdline_get_passwd_input_state cmdline_get_passwd_state;
     LogContext *logctx;
     bool exited;
     struct unicode_data ucsdata;
@@ -361,7 +362,7 @@ static SeatPromptResult gtk_seat_get_userpass_input(Seat *seat, prompts_t *p)
 {
     GtkFrontend *inst = container_of(seat, GtkFrontend, seat);
     SeatPromptResult spr;
-    spr = cmdline_get_passwd_input(p);
+    spr = cmdline_get_passwd_input(p, &inst->cmdline_get_passwd_state, true);
     if (spr.kind == SPRK_INCOMPLETE)
         spr = term_get_userpass_input(inst->term, p);
     return spr;
@@ -4551,7 +4552,7 @@ void set_geom_hints(GtkFrontend *inst)
      * So instead, I simply avoid setting geometry hints at all on any
      * GDK backend other than X11, and hopefully that's a workaround.
      */
-#if GTK_CHECK_VERSION(3,0,0)
+#if GTK_CHECK_VERSION(3,0,0) && !defined NOT_X_WINDOWS
     if (!GDK_IS_X11_DISPLAY(gdk_display_get_default()))
         return;
 #endif
@@ -5150,6 +5151,8 @@ static void start_backend(GtkFrontend *inst)
     const struct BackendVtable *vt;
     char *error, *realhost;
 
+    inst->cmdline_get_passwd_state = cmdline_get_passwd_input_state_new;
+
     vt = select_backend(inst->conf);
 
     seat_set_trust_status(&inst->seat, true);

utils/CMakeLists.txt

@@ -10,6 +10,7 @@ add_sources_from_current_dir(utils
   buildinfo.c
   burnstr.c
   chomp.c
+  cmdline_get_passwd_input_state_new.c
   conf.c
   conf_dest.c
   conf_launchable.c

utils/cmdline_get_passwd_input_state_new.c

@@ -0,0 +1,9 @@
+/*
+ * A preinitialised cmdline_get_passwd_input_state which makes it easy
+ * to assign by structure copy.
+ */
+
+#include "putty.h"
+
+const cmdline_get_passwd_input_state cmdline_get_passwd_input_state_new =
+    CMDLINE_GET_PASSWD_INPUT_STATE_INIT;

windows/plink.c

@@ -67,8 +67,13 @@ static bool plink_eof(Seat *seat)
 
 static SeatPromptResult plink_get_userpass_input(Seat *seat, prompts_t *p)
 {
+    /* Plink doesn't support Restart Session, so we can just have a
+     * single static cmdline_get_passwd_input_state that's never reset */
+    static cmdline_get_passwd_input_state cmdline_state =
+        CMDLINE_GET_PASSWD_INPUT_STATE_INIT;
+
     SeatPromptResult spr;
-    spr = cmdline_get_passwd_input(p);
+    spr = cmdline_get_passwd_input(p, &cmdline_state, false);
     if (spr.kind == SPRK_INCOMPLETE)
         spr = console_get_userpass_input(p);
     return spr;

windows/sftp.c

@@ -14,8 +14,14 @@
 
 SeatPromptResult filexfer_get_userpass_input(Seat *seat, prompts_t *p)
 {
+    /* The file transfer tools don't support Restart Session, so we
+     * can just have a single static cmdline_get_passwd_input_state
+     * that's never reset */
+    static cmdline_get_passwd_input_state cmdline_state =
+        CMDLINE_GET_PASSWD_INPUT_STATE_INIT;
+
     SeatPromptResult spr;
-    spr = cmdline_get_passwd_input(p);
+    spr = cmdline_get_passwd_input(p, &cmdline_state, false);
     if (spr.kind == SPRK_INCOMPLETE)
         spr = console_get_userpass_input(p);
     return spr;

windows/window.c

@@ -131,6 +131,8 @@ static int kbd_codepage;
 static Ldisc *ldisc;
 static Backend *backend;
 
+static cmdline_get_passwd_input_state cmdline_get_passwd_state;
+
 static struct unicode_data ucsdata;
 static bool session_closed;
 static bool reconfiguring = false;
@@ -366,6 +368,8 @@ static void start_backend(void)
     char *error, *realhost;
     int i;
 
+    cmdline_get_passwd_state = cmdline_get_passwd_input_state_new;
+
     vt = backend_vt_from_conf(conf);
 
     seat_set_trust_status(&wgs.seat, true);
@@ -5860,7 +5864,7 @@ static bool win_seat_eof(Seat *seat)
 static SeatPromptResult win_seat_get_userpass_input(Seat *seat, prompts_t *p)
 {
     SeatPromptResult spr;
-    spr = cmdline_get_passwd_input(p);
+    spr = cmdline_get_passwd_input(p, &cmdline_get_passwd_state, true);
     if (spr.kind == SPRK_INCOMPLETE)
         spr = term_get_userpass_input(term, p);
     return spr;