nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-01 19:42:48 -05:00
Code Issues Projects Releases Wiki Activity

Rewrite local-proxy system to allow interactive prompts.

Browse Source 
This fills in the remaining gap in the interactive prompt rework of
the proxy system in general. If you used the Telnet proxy with a
command containing %user or %pass, and hadn't filled in those
variables in the PuTTY config, then proxy/telnet.c would prompt you at
run time to enter the proxy auth details. But the local proxy command,
which uses the same format_telnet_command function, would not do that.
Now it does!

I've implemented this by moving the formatting of the proxy command
into a new module proxy/local.c, shared between both the Unix and
Windows local-proxy implementations. That module implements a
DeferredSocketOpener, which constructs the proxy command (prompting
first if necessary), and once it's constructed, hands it to a
per-platform function platform_setup_local_proxy().

So each platform-specific proxy function, instead of starting a
subprocess there and then and passing its details to make_fd_socket or
make_handle_socket, now returns a _deferred_ version of one of those
sockets, with the DeferredSocketOpener being the thing in
proxy/local.c. When that calls back to platform_setup_local_proxy(),
we actually start the subprocess and pass the resulting fds/handles to
the deferred socket to un-defer it.

A side effect of the rewrite is that when proxy commands are logged in
the Event Log, they now get the same amenities as in the Telnet proxy
type: the proxy password is sanitised out, and any difficult
characters are escaped.
This commit is contained in:
Simon Tatham
2021-12-22 12:03:28 +00:00
parent ca70b1285d
commit c1ddacf78f
5 changed files with 363 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

266
proxy/local.c Normal file
View File

@ -0,0 +1,266 @@
/*
* Implement LocalProxyOpener, a centralised system for setting up the
* command string to be run by platform-specific local-subprocess
* proxy types.
*
* The platform-specific local proxy code is expected to use this
* system by calling local_proxy_opener() from
* platform_new_connection(); then using the resulting
* DeferredSocketOpener to make a deferred version of whatever local
* socket type is used for talking to subcommands (Unix FdSocket,
* Windows HandleSocket); then passing the 'Socket *' back to us via
* local_proxy_opener_set_socket().
*
* The LocalProxyOpener object implemented by this code will set
* itself up as an Interactor if possible, so that it can prompt for
* the proxy username and/or password if they're referred to in the
* command string but not given in the config (exactly as the Telnet
* proxy does). Once it knows the exact command it wants to run -
* whether that was done immediately or after user interaction - it
* calls back to platform_setup_local_proxy() with the full command,
* which is expected to actually start the subprocess and fill in the
* missing details in the deferred socket, freeing the
* LocalProxyOpener as a side effect.
*/
#include "tree234.h"
#include "putty.h"
#include "network.h"
#include "sshcr.h"
#include "proxy/proxy.h"
typedef struct LocalProxyOpener {
int crLine;
Socket *socket;
char *formatted_cmd;
Plug *plug;
SockAddr *addr;
int port;
Conf *conf;
Interactor *clientitr;
LogPolicy *clientlp;
Seat *clientseat;
prompts_t *prompts;
int username_prompt_index, password_prompt_index;
Interactor interactor;
DeferredSocketOpener opener;
} LocalProxyOpener;
static void local_proxy_opener_free(DeferredSocketOpener *opener)
{
LocalProxyOpener *lp = container_of(opener, LocalProxyOpener, opener);
burnstr(lp->formatted_cmd);
if (lp->prompts)
free_prompts(lp->prompts);
sk_addr_free(lp->addr);
conf_free(lp->conf);
sfree(lp);
}
static const DeferredSocketOpenerVtable LocalProxyOpener_openervt = {
.free = local_proxy_opener_free,
};
static char *local_proxy_opener_description(Interactor *itr)
{
return dupstr("connection via local command");
}
static LogPolicy *local_proxy_opener_logpolicy(Interactor *itr)
{
LocalProxyOpener *lp = container_of(itr, LocalProxyOpener, interactor);
return lp->clientlp;
}
static Seat *local_proxy_opener_get_seat(Interactor *itr)
{
LocalProxyOpener *lp = container_of(itr, LocalProxyOpener, interactor);
return lp->clientseat;
}
static void local_proxy_opener_set_seat(Interactor *itr, Seat *seat)
{
LocalProxyOpener *lp = container_of(itr, LocalProxyOpener, interactor);
lp->clientseat = seat;
}
static const InteractorVtable LocalProxyOpener_interactorvt = {
.description = local_proxy_opener_description,
.logpolicy = local_proxy_opener_logpolicy,
.get_seat = local_proxy_opener_get_seat,
.set_seat = local_proxy_opener_set_seat,
};
static void local_proxy_opener_cleanup_interactor(LocalProxyOpener *lp)
{
if (lp->clientseat) {
interactor_return_seat(lp->clientitr);
lp->clientitr = NULL;
lp->clientseat = NULL;
}
}
static void local_proxy_opener_coroutine(void *vctx)
{
LocalProxyOpener *lp = (LocalProxyOpener *)vctx;
crBegin(lp->crLine);
/*
* Make an initial attempt to figure out the command we want, and
* see if it tried to include a username or password that we don't
* have.
*/
{
unsigned flags;
lp->formatted_cmd = format_telnet_command(
lp->addr, lp->port, lp->conf, &flags);
if (lp->clientseat && (flags & (TELNET_CMD_MISSING_USERNAME |
TELNET_CMD_MISSING_PASSWORD))) {
burnstr(lp->formatted_cmd);
lp->formatted_cmd = NULL;
/*
* We're missing at least one of the two parts, and we
* have an Interactor we can use to prompt for them, so
* try it.
*/
lp->prompts = new_prompts();
lp->prompts->callback = local_proxy_opener_coroutine;
lp->prompts->callback_ctx = lp;
lp->prompts->to_server = true;
lp->prompts->from_server = false;
lp->prompts->name = dupstr("Local proxy authentication");
if (flags & TELNET_CMD_MISSING_USERNAME) {
lp->username_prompt_index = lp->prompts->n_prompts;
add_prompt(lp->prompts, dupstr("Proxy username: "), true);
} else {
lp->username_prompt_index = -1;
}
if (flags & TELNET_CMD_MISSING_PASSWORD) {
lp->password_prompt_index = lp->prompts->n_prompts;
add_prompt(lp->prompts, dupstr("Proxy password: "), false);
} else {
lp->password_prompt_index = -1;
}
while (true) {
int prompt_result = seat_get_userpass_input(
interactor_announce(&lp->interactor), lp->prompts);
if (prompt_result > 0) {
break;
} else if (prompt_result == 0) {
local_proxy_opener_cleanup_interactor(lp);
plug_closing_user_abort(lp->plug);
/* That will have freed us, so we must just return
* without calling any crStop */
return;
}
crReturnV;
}
if (lp->username_prompt_index != -1) {
conf_set_str(
lp->conf, CONF_proxy_username,
prompt_get_result_ref(
lp->prompts->prompts[lp->username_prompt_index]));
}
if (lp->password_prompt_index != -1) {
conf_set_str(
lp->conf, CONF_proxy_password,
prompt_get_result_ref(
lp->prompts->prompts[lp->password_prompt_index]));
}
free_prompts(lp->prompts);
lp->prompts = NULL;
}
/*
* Now format the command a second time, with the results of
* those prompts written into lp->conf.
*/
lp->formatted_cmd = format_telnet_command(
lp->addr, lp->port, lp->conf, NULL);
}
/*
* Log the command, with some changes. Firstly, we regenerate it
* with the password masked; secondly, we escape control
* characters so that the log message is printable.
*/
conf_set_str(lp->conf, CONF_proxy_password, "*password*");
{
char *censored_cmd = format_telnet_command(
lp->addr, lp->port, lp->conf, NULL);
strbuf *logmsg = strbuf_new();
put_datapl(logmsg, PTRLEN_LITERAL("Starting local proxy command: "));
put_c_string_literal(logmsg, ptrlen_from_asciz(censored_cmd));
plug_log(lp->plug, PLUGLOG_PROXY_MSG, NULL, 0, logmsg->s, 0);
strbuf_free(logmsg);
sfree(censored_cmd);
}
/*
* Now we're ready to actually do the platform-specific socket
* setup.
*/
char *cmd = lp->formatted_cmd;
lp->formatted_cmd = NULL;
local_proxy_opener_cleanup_interactor(lp);
char *error_msg = platform_setup_local_proxy(lp->socket, cmd);
burnstr(cmd);
if (error_msg) {
plug_closing_error(lp->plug, error_msg);
sfree(error_msg);
} else {
/* If error_msg was NULL, there was no error in setup,
* which means that platform_setup_local_proxy will have
* called back to free us. So return without calling any
* crStop. */
return;
}
crFinishV;
}
DeferredSocketOpener *local_proxy_opener(
SockAddr *addr, int port, Plug *plug, Conf *conf, Interactor *itr)
{
LocalProxyOpener *lp = snew(LocalProxyOpener);
memset(lp, 0, sizeof(*lp));
lp->plug = plug;
lp->opener.vt = &LocalProxyOpener_openervt;
lp->interactor.vt = &LocalProxyOpener_interactorvt;
lp->addr = sk_addr_dup(addr);
lp->port = port;
lp->conf = conf_copy(conf);
if (itr) {
lp->clientitr = itr;
interactor_set_child(lp->clientitr, &lp->interactor);
lp->clientlp = interactor_logpolicy(lp->clientitr);
lp->clientseat = interactor_borrow_seat(lp->clientitr);
}
return &lp->opener;
}
void local_proxy_opener_set_socket(DeferredSocketOpener *opener,
Socket *socket)
{
assert(opener->vt == &LocalProxyOpener_openervt);
LocalProxyOpener *lp = container_of(opener, LocalProxyOpener, opener);
lp->socket = socket;
queue_toplevel_callback(local_proxy_opener_coroutine, lp);
}