From cc10b68d313ec9e10e3186c4c953d2699f7de079 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Thu, 12 May 2022 18:01:42 +0100 Subject: [PATCH 1/9] Allow BEL to terminate OSC sequences during setup. This is a partial cherry-pick of commit de66b0313a23d04 from main, which allows all the forms of OSC sequence termination to apply in the preliminary states as well as OSC_STRING. The reporting user only mentioned the case of OSC 112 BEL, and not the various forms of ST. So the former is actually known to be occurring in the wild, and is also the least complicated part of the full patch on main. Therefore I think this part is worthwhile and reasonably safe to cherry-pick to 0.77 just before a release, whereas I'd be uncomfortable making the rest of the changes at this late stage. --- terminal/terminal.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/terminal/terminal.c b/terminal/terminal.c index ae5e4144..59a3a96a 100644 --- a/terminal/terminal.c +++ b/terminal/terminal.c @@ -3822,6 +3822,19 @@ static void term_out(Terminal *term, bool called_from_term_data) } break; case '\007': { /* BEL: Bell */ + if (term->termstate == SEEN_OSC || + term->termstate == SEEN_OSC_W) { + /* + * In an OSC context, BEL is one of the ways to terminate + * the whole sequence. We process it as such even if we + * haven't got into the final OSC_STRING state yet, so that + * OSC sequences without a string will be handled cleanly. + */ + do_osc(term); + term->termstate = TOPLEVEL; + break; + } + struct beeptime *newbeep; unsigned long ticks; From 0a877e9df5def14da30ab00046b501da20c9112a Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Sat, 14 May 2022 13:48:35 +0100 Subject: [PATCH 2/9] Fix build failure with -DNOT_X_WINDOWS. The recent window resize fixes introduced an unchecked use of GDK_IS_X11_DISPLAY. --- unix/window.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unix/window.c b/unix/window.c index d9d007b4..c2e79bf0 100644 --- a/unix/window.c +++ b/unix/window.c @@ -4506,7 +4506,7 @@ void set_geom_hints(GtkFrontend *inst) * So instead, I simply avoid setting geometry hints at all on any * GDK backend other than X11, and hopefully that's a workaround. */ -#if GTK_CHECK_VERSION(3,0,0) +#if GTK_CHECK_VERSION(3,0,0) && !defined NOT_X_WINDOWS if (!GDK_IS_X11_DISPLAY(gdk_display_get_default())) return; #endif From 81dcbd6267db063367056cb0cf94eca4eb161991 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Wed, 18 May 2022 12:41:44 +0100 Subject: [PATCH 3/9] Proxy: discard buffered input data on reconnection. When talking to a web proxy which requires a password, our HTTP proxy code sends an initial attempt to connect without authentication, receives the 407 status indicating that authentication was required (and which kind), and then closes and reopens the connection (if given "Connection: close"). Then, on the next attempt, we try again with authentication, and expect the first thing in the input bufchain to be the HTTP status response to the revised request. But what happened about the error document that followed those HTTP headers? It - or at least some of it - would already have been in the input bufchain. With an HTTP/1.1 proxy, we already read it and discarded it (either via a Content-length header or chunked transfer encoding), before we set the 'reconnect' flag. So, assuming the proxy HTTP server is behaving sensibly, our input bufchain ought to be empty at the point when we start the fresh connection. But if the proxy only speaks HTTP/1.0 (which does still happen - 'tinyproxy' is a still-current example), then we didn't get a Content-length header either, so we didn't run any of the code that skips over the error document. (And HTTP/1.0 implicitly has "Connection: close" semantics, which is why that doesn't matter.) As a result, some of it would still be in the input bufchain, and never got cleared out, and we'd try to parse _that_ as if it was the HTTP response from the second network connection. The simple solution is that when we close and reopen the proxy network connection, we also clear the input bufchain, so that the fresh connection starts from a clean slate. --- proxy/proxy.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/proxy/proxy.c b/proxy/proxy.c index 6bedcf9b..801c28f9 100644 --- a/proxy/proxy.c +++ b/proxy/proxy.c @@ -232,6 +232,13 @@ static void proxy_negotiate(ProxySocket *ps) ps->proxy_nodelay, ps->proxy_keepalive, &ps->plugimpl); ps->pn->reconnect = false; + /* If the negotiator has asked us to reconnect, they are + * expecting that on the next call their input queue will + * consist entirely of data from the _new_ connection, without + * any remaining data buffered from the old one. (If they'd + * wanted the latter, they could have read it out of the input + * queue before asking us to close the connection.) */ + bufchain_clear(&ps->pending_input_data); } while (bufchain_size(&ps->output_from_negotiator)) { From 787c358d373bbef8383b385770747b1a6a4ab3ca Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Wed, 18 May 2022 13:04:56 +0100 Subject: [PATCH 4/9] Fix command-line password handling in Restart Session. When the user provides a password on the PuTTY command line, via -pw or -pwfile, the flag 'tried_once' inside cmdline_get_passwd_input() is intended to arrange that we only try sending that password once, and after we've sent it, we don't try again. But this plays badly with the 'Restart Session' operation. If the connection is lost and then restarted at user request, we _do_ want to send that password again! So this commit moves that static variable out into a small state structure held by the client of cmdline_get_passwd_input. Each client can decide how to manage that state itself. Clients that support 'Restart Session' - i.e. just GUI PuTTY itself - will initialise the state at the same time as instantiating the backend, so that every time the session is restarted, we return to (correctly) believing that we _haven't_ yet tried the password provided on the command line. But clients that don't support 'Restart Session' - i.e. Plink and file transfer tools - can do the same thing that cmdline.c was doing before: just keep the state in a static variable. This also means that the GUI login tools will now retain the command-line password in memory, whereas previously they'd have wiped it out once it was used. But the other tools will still wipe and free the password, because I've also added a 'bool restartable' flag to cmdline_get_passwd_input to let it know when it _is_ allowed to do that. In the GUI tools, I don't see any way to get round that, because if the session is restarted you _have_ to still have the password to use again. (And you can't infer that that will never happen from the CONF_close_on_exit setting, because that too could be changed in mid-session.) On the other hand, I think it's not all that worrying, because the use of either -pw or -pwfile means that a persistent copy of your password is *already* stored somewhere, so another one isn't too big a stretch. (Due to the change of -pw policy in 0.77, the effect of this bug was that an attempt to reconnect in a session set up this way would lead to "Configured password was not accepted". In 0.76, the failure mode was different: PuTTY would interactively prompt for the password, having wiped it out of memory after it was used the first time round.) --- cmdline.c | 28 ++++++++++++++-------- defs.h | 2 ++ putty.h | 7 +++++- stubs/nocmdline.c | 3 ++- unix/plink.c | 7 +++++- unix/sftp.c | 8 ++++++- unix/window.c | 5 +++- utils/CMakeLists.txt | 1 + utils/cmdline_get_passwd_input_state_new.c | 9 +++++++ windows/plink.c | 7 +++++- windows/sftp.c | 8 ++++++- windows/window.c | 6 ++++- 12 files changed, 73 insertions(+), 18 deletions(-) create mode 100644 utils/cmdline_get_passwd_input_state_new.c diff --git a/cmdline.c b/cmdline.c index 9f37f2a0..8e48b358 100644 --- a/cmdline.c +++ b/cmdline.c @@ -81,10 +81,9 @@ void cmdline_cleanup(void) * -1 return means that we aren't capable of processing the prompt and * someone else should do it. */ -SeatPromptResult cmdline_get_passwd_input(prompts_t *p) +SeatPromptResult cmdline_get_passwd_input( + prompts_t *p, cmdline_get_passwd_input_state *state, bool restartable) { - static bool tried_once = false; - /* * We only handle prompts which don't echo (which we assume to be * passwords), and (currently) we only cope with a password prompt @@ -98,23 +97,32 @@ SeatPromptResult cmdline_get_passwd_input(prompts_t *p) * If we've tried once, return utter failure (no more passwords left * to try). */ - if (tried_once) + if (state->tried) return SPR_SW_ABORT("Configured password was not accepted"); /* * If we never had a password available in the first place, we * can't do anything in any case. (But we delay this test until - * after tried_once, so that after we free cmdline_password below, - * we'll still remember that we _used_ to have one.) + * after trying once, so that even if we free cmdline_password + * below, we'll still remember that we _used_ to have one.) */ if (!cmdline_password) return SPR_INCOMPLETE; prompt_set_result(p->prompts[0], cmdline_password); - smemclr(cmdline_password, strlen(cmdline_password)); - sfree(cmdline_password); - cmdline_password = NULL; - tried_once = true; + state->tried = true; + + if (!restartable) { + /* + * If there's no possibility of needing to do this again after + * a 'Restart Session' event, then wipe our copy of the + * password out of memory. + */ + smemclr(cmdline_password, strlen(cmdline_password)); + sfree(cmdline_password); + cmdline_password = NULL; + } + return SPR_OK; } diff --git a/defs.h b/defs.h index 354c208f..f1bbf51a 100644 --- a/defs.h +++ b/defs.h @@ -118,6 +118,8 @@ typedef struct Seat Seat; typedef struct SeatVtable SeatVtable; typedef struct SeatPromptResult SeatPromptResult; +typedef struct cmdline_get_passwd_input_state cmdline_get_passwd_input_state; + typedef struct TermWin TermWin; typedef struct TermWinVtable TermWinVtable; diff --git a/putty.h b/putty.h index fc5c2941..9a8c4a1f 100644 --- a/putty.h +++ b/putty.h @@ -2525,10 +2525,15 @@ void printer_finish_job(printer_job *); * zero out password arguments in the hope of not having them show up * avoidably in Unix 'ps'. */ +struct cmdline_get_passwd_input_state { bool tried; }; +#define CMDLINE_GET_PASSWD_INPUT_STATE_INIT { .tried = false } +extern const cmdline_get_passwd_input_state cmdline_get_passwd_input_state_new; + int cmdline_process_param(const char *, char *, int, Conf *); void cmdline_run_saved(Conf *); void cmdline_cleanup(void); -SeatPromptResult cmdline_get_passwd_input(prompts_t *p); +SeatPromptResult cmdline_get_passwd_input( + prompts_t *p, cmdline_get_passwd_input_state *state, bool restartable); bool cmdline_host_ok(Conf *); bool cmdline_verbose(void); bool cmdline_loaded_session(void); diff --git a/stubs/nocmdline.c b/stubs/nocmdline.c index de3cfd0d..60e2cb6b 100644 --- a/stubs/nocmdline.c +++ b/stubs/nocmdline.c @@ -15,7 +15,8 @@ * handling, then there is no such option, so that function always * returns failure. */ -SeatPromptResult cmdline_get_passwd_input(prompts_t *p) +SeatPromptResult cmdline_get_passwd_input( + prompts_t *p, cmdline_get_passwd_input_state *state, bool restartable) { return SPR_INCOMPLETE; } diff --git a/unix/plink.c b/unix/plink.c index 8f53ceda..9e109f01 100644 --- a/unix/plink.c +++ b/unix/plink.c @@ -373,8 +373,13 @@ static bool plink_eof(Seat *seat) static SeatPromptResult plink_get_userpass_input(Seat *seat, prompts_t *p) { + /* Plink doesn't support Restart Session, so we can just have a + * single static cmdline_get_passwd_input_state that's never reset */ + static cmdline_get_passwd_input_state cmdline_state = + CMDLINE_GET_PASSWD_INPUT_STATE_INIT; + SeatPromptResult spr; - spr = cmdline_get_passwd_input(p); + spr = cmdline_get_passwd_input(p, &cmdline_state, false); if (spr.kind == SPRK_INCOMPLETE) spr = console_get_userpass_input(p); return spr; diff --git a/unix/sftp.c b/unix/sftp.c index 17a83a89..9d099f55 100644 --- a/unix/sftp.c +++ b/unix/sftp.c @@ -65,8 +65,14 @@ Filename *platform_default_filename(const char *name) SeatPromptResult filexfer_get_userpass_input(Seat *seat, prompts_t *p) { + /* The file transfer tools don't support Restart Session, so we + * can just have a single static cmdline_get_passwd_input_state + * that's never reset */ + static cmdline_get_passwd_input_state cmdline_state = + CMDLINE_GET_PASSWD_INPUT_STATE_INIT; + SeatPromptResult spr; - spr = cmdline_get_passwd_input(p); + spr = cmdline_get_passwd_input(p, &cmdline_state, false); if (spr.kind == SPRK_INCOMPLETE) spr = console_get_userpass_input(p); return spr; diff --git a/unix/window.c b/unix/window.c index c2e79bf0..173943cb 100644 --- a/unix/window.c +++ b/unix/window.c @@ -160,6 +160,7 @@ struct GtkFrontend { Ldisc *ldisc; Backend *backend; Terminal *term; + cmdline_get_passwd_input_state cmdline_get_passwd_state; LogContext *logctx; bool exited; struct unicode_data ucsdata; @@ -343,7 +344,7 @@ static SeatPromptResult gtk_seat_get_userpass_input(Seat *seat, prompts_t *p) { GtkFrontend *inst = container_of(seat, GtkFrontend, seat); SeatPromptResult spr; - spr = cmdline_get_passwd_input(p); + spr = cmdline_get_passwd_input(p, &inst->cmdline_get_passwd_state, true); if (spr.kind == SPRK_INCOMPLETE) spr = term_get_userpass_input(inst->term, p); return spr; @@ -5105,6 +5106,8 @@ static void start_backend(GtkFrontend *inst) const struct BackendVtable *vt; char *error, *realhost; + inst->cmdline_get_passwd_state = cmdline_get_passwd_input_state_new; + vt = select_backend(inst->conf); seat_set_trust_status(&inst->seat, true); diff --git a/utils/CMakeLists.txt b/utils/CMakeLists.txt index 80fc20b8..2e1296eb 100644 --- a/utils/CMakeLists.txt +++ b/utils/CMakeLists.txt @@ -7,6 +7,7 @@ add_sources_from_current_dir(utils buildinfo.c burnstr.c chomp.c + cmdline_get_passwd_input_state_new.c conf.c conf_dest.c conf_launchable.c diff --git a/utils/cmdline_get_passwd_input_state_new.c b/utils/cmdline_get_passwd_input_state_new.c new file mode 100644 index 00000000..cd39bfa1 --- /dev/null +++ b/utils/cmdline_get_passwd_input_state_new.c @@ -0,0 +1,9 @@ +/* + * A preinitialised cmdline_get_passwd_input_state which makes it easy + * to assign by structure copy. + */ + +#include "putty.h" + +const cmdline_get_passwd_input_state cmdline_get_passwd_input_state_new = + CMDLINE_GET_PASSWD_INPUT_STATE_INIT; diff --git a/windows/plink.c b/windows/plink.c index af95c2b9..94bf4f0c 100644 --- a/windows/plink.c +++ b/windows/plink.c @@ -67,8 +67,13 @@ static bool plink_eof(Seat *seat) static SeatPromptResult plink_get_userpass_input(Seat *seat, prompts_t *p) { + /* Plink doesn't support Restart Session, so we can just have a + * single static cmdline_get_passwd_input_state that's never reset */ + static cmdline_get_passwd_input_state cmdline_state = + CMDLINE_GET_PASSWD_INPUT_STATE_INIT; + SeatPromptResult spr; - spr = cmdline_get_passwd_input(p); + spr = cmdline_get_passwd_input(p, &cmdline_state, false); if (spr.kind == SPRK_INCOMPLETE) spr = console_get_userpass_input(p); return spr; diff --git a/windows/sftp.c b/windows/sftp.c index ad2df4fb..fc8e711b 100644 --- a/windows/sftp.c +++ b/windows/sftp.c @@ -14,8 +14,14 @@ SeatPromptResult filexfer_get_userpass_input(Seat *seat, prompts_t *p) { + /* The file transfer tools don't support Restart Session, so we + * can just have a single static cmdline_get_passwd_input_state + * that's never reset */ + static cmdline_get_passwd_input_state cmdline_state = + CMDLINE_GET_PASSWD_INPUT_STATE_INIT; + SeatPromptResult spr; - spr = cmdline_get_passwd_input(p); + spr = cmdline_get_passwd_input(p, &cmdline_state, false); if (spr.kind == SPRK_INCOMPLETE) spr = console_get_userpass_input(p); return spr; diff --git a/windows/window.c b/windows/window.c index 399829b6..5a70098c 100644 --- a/windows/window.c +++ b/windows/window.c @@ -130,6 +130,8 @@ static int kbd_codepage; static Ldisc *ldisc; static Backend *backend; +static cmdline_get_passwd_input_state cmdline_get_passwd_state; + static struct unicode_data ucsdata; static bool session_closed; static bool reconfiguring = false; @@ -371,6 +373,8 @@ static void start_backend(void) char *error, *realhost; int i; + cmdline_get_passwd_state = cmdline_get_passwd_input_state_new; + vt = backend_vt_from_conf(conf); seat_set_trust_status(&wgs.seat, true); @@ -5909,7 +5913,7 @@ static bool win_seat_eof(Seat *seat) static SeatPromptResult win_seat_get_userpass_input(Seat *seat, prompts_t *p) { SeatPromptResult spr; - spr = cmdline_get_passwd_input(p); + spr = cmdline_get_passwd_input(p, &cmdline_get_passwd_state, true); if (spr.kind == SPRK_INCOMPLETE) spr = term_get_userpass_input(term, p); return spr; From 868d309779df118001e8c173f367aa1dba957014 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Wed, 18 May 2022 18:46:40 +0100 Subject: [PATCH 5/9] Minimally document how to install. --- README | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README b/README index 252fc6be..85b645d1 100644 --- a/README +++ b/README @@ -8,6 +8,10 @@ the source directory: cmake . cmake --build . +Then, to install in the simplest way on Linux or Mac: + + cmake --build . --target install + Documentation (in various formats including Windows Help and Unix `man' pages) is built from the Halibut (`.but') files in the `doc' subdirectory using `doc/Makefile'. If you aren't using one of our From 97b3db34b2fb94c68ed723fa363a16d4e41d77f6 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Wed, 18 May 2022 18:47:01 +0100 Subject: [PATCH 6/9] Add missing HAVE_SETRESGID to cmake.h. Without this, we were always falling back to the setuid()/setgid() privilege-dropping code in the utmp helper. --- cmake/cmake.h.in | 1 + 1 file changed, 1 insertion(+) diff --git a/cmake/cmake.h.in b/cmake/cmake.h.in index 06f26176..ed44b2ca 100644 --- a/cmake/cmake.h.in +++ b/cmake/cmake.h.in @@ -28,6 +28,7 @@ #cmakedefine01 HAVE_POSIX_OPENPT #cmakedefine01 HAVE_PTSNAME #cmakedefine01 HAVE_SETRESUID +#cmakedefine01 HAVE_SETRESGID #cmakedefine01 HAVE_STRSIGNAL #cmakedefine01 HAVE_UPDWTMPX #cmakedefine01 HAVE_FSTATAT From 92881f2066c03175f91e1ccc2ad687a10f867293 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Wed, 18 May 2022 18:48:28 +0100 Subject: [PATCH 7/9] Define OMIT_UTMP if there's no utmpx.h. Without this, the build of e.g. psusan would fail on systems without that header (such as Termux on Android). This is similar to how things were pre-cmake, but not identical. We used to treat lack of updwtmpx() as a reason to OMIT_UTMP (as of f0dfa73982), but usage of that function got conditionalised in c19e7215dd, so I haven't restored that exclusion. --- cmake/cmake.h.in | 1 + cmake/platforms/unix.cmake | 7 +++++++ unix/pty.c | 2 ++ 3 files changed, 10 insertions(+) diff --git a/cmake/cmake.h.in b/cmake/cmake.h.in index ed44b2ca..2041f096 100644 --- a/cmake/cmake.h.in +++ b/cmake/cmake.h.in @@ -16,6 +16,7 @@ #cmakedefine01 HAVE_DWMAPI_H #cmakedefine NOT_X_WINDOWS +#cmakedefine OMIT_UTMP #cmakedefine01 HAVE_ASM_HWCAP_H #cmakedefine01 HAVE_SYS_AUXV_H diff --git a/cmake/platforms/unix.cmake b/cmake/platforms/unix.cmake index cb47caf9..6a788cb4 100644 --- a/cmake/platforms/unix.cmake +++ b/cmake/platforms/unix.cmake @@ -19,6 +19,7 @@ check_include_file(sys/sysctl.h HAVE_SYS_SYSCTL_H) check_include_file(sys/types.h HAVE_SYS_TYPES_H) check_include_file(glob.h HAVE_GLOB_H) check_include_file(utmp.h HAVE_UTMP_H) +check_include_file(utmpx.h HAVE_UTMPX_H) check_symbol_exists(futimes "sys/time.h" HAVE_FUTIMES) check_symbol_exists(getaddrinfo "sys/types.h;sys/socket.h;netdb.h" @@ -56,6 +57,12 @@ else() set(NO_IPV6 ON) endif() +if(HAVE_UTMPX_H) + set(OMIT_UTMP OFF) +else() + set(OMIT_UTMP ON) +endif() + include(cmake/gtk.cmake) # See if we have X11 available. This requires libX11 itself, and also diff --git a/unix/pty.c b/unix/pty.c index 0747b584..625f1bb1 100644 --- a/unix/pty.c +++ b/unix/pty.c @@ -227,6 +227,8 @@ static void setup_utmp(char *ttyname, char *location) endutxent(); #if HAVE_UPDWTMPX + /* Reportedly, AIX 5.1 has and pututxline(), but no + * updwtmpx(). */ updwtmpx(WTMPX_FILE, &utmp_entry); #endif From d163b37cafc46ab24412e4cf92d14f54e2aa97a6 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Wed, 18 May 2022 18:57:45 +0100 Subject: [PATCH 8/9] Squash NDEBUG for RelWithDebInfo build type too. --- cmake/setup.cmake | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cmake/setup.cmake b/cmake/setup.cmake index 26079f31..0ad84df9 100644 --- a/cmake/setup.cmake +++ b/cmake/setup.cmake @@ -4,6 +4,8 @@ # give a #error if this manoeuvre doesn't do what it needs to. string(REPLACE "/DNDEBUG" "" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}") string(REPLACE "-DNDEBUG" "" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}") +string(REPLACE "/DNDEBUG" "" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELEASE}") +string(REPLACE "-DNDEBUG" "" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELEASE}") set(PUTTY_IPV6 ON CACHE BOOL "Build PuTTY with IPv6 support if possible") From e45c6b76dad062e1e2c492524f2c05e27913b382 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Thu, 19 May 2022 10:52:56 +0100 Subject: [PATCH 9/9] Restore advice about making pterm set[ug]id. cmake doesn't have convincing facilities for doing this in its install step, so the new advice is to do it manually (we've provided no equivalent to the autotools --enable-setuid or --enable-setgid options, nor UTMP_USER/GROUP). --- README | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README b/README index 85b645d1..c996c3a8 100644 --- a/README +++ b/README @@ -12,6 +12,16 @@ Then, to install in the simplest way on Linux or Mac: cmake --build . --target install +On Unix, pterm would like to be setuid or setgid, as appropriate, to +permit it to write records of user logins to /var/run/utmp and +/var/log/wtmp. (Of course it will not use this privilege for +anything else, and in particular it will drop all privileges before +starting up complex subsystems like GTK.) The cmake install step +doesn't attempt to add these privileges, so if you want user login +recording to work, you should manually ch{own,grp} and chmod the +pterm binary yourself after installation. If you don't do this, +pterm will still work, but not update the user login databases. + Documentation (in various formats including Windows Help and Unix `man' pages) is built from the Halibut (`.but') files in the `doc' subdirectory using `doc/Makefile'. If you aren't using one of our