are now loaded from standard locations (system32 for SSPI, the
registry-stored MIT KfW install location for KfW) rather than using
the risky default DLL search path; I've therefore also added an
option to manually specify a GSS DLL we haven't heard of (which
should in principle Just Work provided it supports proper GSS-API as
specified in the RFC). The same option exists on Unix too, because
it seemed like too useful an idea to reserve to Windows. In
addition, GSSAPI is now documented, and also (unfortunately) its GUI
configuration has been moved out into a sub-subpanel on the grounds
that it was too big to fit in Auth.
[originally from svn r9003]
reorganises the GSSAPI support so that it handles alternative
implementations of the GSS-API. In particular, this means PuTTY can
now talk to MIT Kerberos for Windows instead of being limited to
SSPI. I don't know for sure whether further tweaking will be needed
(to the UI, most likely, or to automatic selection of credentials),
but testing reports suggest it's now at least worth committing to
trunk to get it more widely tested.
[originally from svn r8952]
today reported an SSH2_MSG_UNIMPLEMENTED from a Cisco router which
looks as if it was triggered by SSH2_MSG_IGNORE, so I'm
experimentally putting this flag in. Currently must be manually
enabled, though if it turns out to solve the user's problem then
I'll probably add at least one version string...
[Edited commit message: actually, I also committed in error a piece
of experimental code as part of this checkin. Serve me right for not
running 'svn diff' first.]
[originally from svn r8926]
NameUserPrincipal, use that; this avoids an issue with SSPI/GSSAPI where
the user logged in to the local machine with a different case of username
to the (case-sensitive) Kerberos username. Falls back to GetUserName as
before if that doesn't work (for machines not on a domain, and Win9x).
Based on a patch by SebastianUnger.
[originally from svn r8909]
have default settings for "bell overload" mode will have inherited a twitchy
set of defaults where bells are disabled after 2ms and enabled after 5ms,
rather than 2s and 5s as intended. This error has probably propagated into some
people's saved sessions by now, but there's not much to be done.
[originally from svn r8389]
[r5080 == 7647f57dc4]
if we have no better ideas, with UI shamelessly stolen from Quest PuTTY.
Off by default, which effectively reverts the change to using the local
username by default that came in with GSSAPI support in r8138. Anyone wanting
seamless single sign-on will need to set the new option. (The previous
default behaviour was getting in the way in ad-hoc scenarios.)
Note that the PSCP and Unix-Plink behaviour of using the local username by
default have remained unchanged throughout; they are not affected by the new
option. Not sure if that's the Right Thing.
[originally from svn r8324]
[r8138 == de5dd9d65c]
strings more rigorously, and then we look up the local X authority
data in .Xauthority _ourself_ rather than delegating to an external
xauth program. This is (negligibly) more efficient on Unix, assuming
I haven't got it wrong in some subtle way, but its major benefit is
that we can now support X authority lookups on Windows as well
provided the user points us at an appropriate X authority file in
the standard format. A new Windows-specific config option has been
added for this purpose.
[originally from svn r8305]
to manually tweak the host name and port number under which the SSH
host key is read and written.
I've put it in the cross-platform Connection panel. Partly under the
flimsy pretext that other backends _can_ use it if they so wish (and
in fact it overrides the host name for title-bar purposes in all
network backends, though it has no other effect in anything but
SSH); but mostly because the SSH panel was too full already :-)
[originally from svn r8033]
advertise so that the server can't exceed our maximum packet size.
Enable it for "1.36_sshlib GlobalSCAPE" which apparently sends oversize
packets otherwise.
[originally from svn r7804]
Should be no significant change in behaviour.
(Well, entering usernames containing commas on Plink's command line will be
a little harder now.)
[originally from svn r7628]
launchable session without getting confused by it, we can relax the
restriction on storing a host name in DS, which has attracted a
steady stream of complaints over the past six or seven years.
[originally from svn r7266]
We now have an option where a remote window title query returns a well-formed
response containing the empty string. This should keep stop any server-side
application that was expecting a response from hanging, while not permitting
the response to be influenced by an attacker.
We also retain the ability to stay schtum. The existing checkbox has thus
grown into a set of radio buttons.
I've changed the default to the "empty string" response, even in the backward-
compatibility mode of loading old settings, which is a change in behaviour;
any users who want the old behaviour back will have to explicitly select it. I
think this is probably the Right Thing. (The only drawback I can think of is
that an attacker could still potentially use the relevant fixed strings for
mischief, but we already have other, similar reports.)
[originally from svn r7043]
was not always initialised, which could lead to spurious attempts to open
a bogus channel (typically refused: "FATAL ERROR: Server refused to open
a direct-tcpip channel"). Fixed.
[originally from svn r6907]
[r6823 == 631b494807]
(presumably Windows's serial buffer is actually _filling up_,
causing an XOFF to be sent, now that my dodgy I/O code isn't causing
it to leak). So I think I'll switch the default flow control to
XON/XOFF, since it actually seems to do something now.
[originally from svn r6829]
in place of making a network connection. This has involved a couple
of minor infrastructure changes:
- New dlg_label_change() function in the dialog.h interface, which
alters the label on a control. Only used, at present, to switch
the Host Name and Port boxes into Serial Line and Speed, which
means that any platform not implementing serial connections (i.e.
currently all but Windows) does not need to actually do anything
in this function. Yet.
- New small piece of infrastructure: cfg_launchable() determines
whether a Config structure describes a session ready to be
launched. This was previously determined by seeing if it had a
non-empty host name, but it has to check the serial line as well
so there's a centralised function for it. I haven't gone through
all front ends and arranged for this function to be used
everywhere it needs to be; so far I've only checked Windows.
- Similarly, cfg_dest() returns the destination of a connection
(host name or serial line) in a text format suitable for putting
into messages such as `Unable to connect to %s'.
[originally from svn r6815]
Pageant for local authentication. (This is a `don't use Pageant for
authentication at session startup' button rather than a `pretend
Pageant doesn't exist' button: that is, agent forwarding is
independent of this option.)
[originally from svn r6572]
hang when reading it because strtok() kept getting the full list passed in.
Fix this, and add an assert() for an assumption documented in a comment while
I'm in the area.
[originally from svn r6294]
there are servers which could in principle operate in this mode, although I
don't know if any do in practice. (Hence, I haven't been able to test it.)
[originally from svn r5748]
[this svn revision also touched putty-wishlist]
Unix Plink sends everything sensible it can find, and it's fully configurable
from the GUI.
I'm not entirely sure about the precise set of modes that Unix Plink should
look at; informed tweaks are welcome.
Also the Mac bits are guesses (but trivial).
[originally from svn r5653]
[this svn revision also touched putty-wishlist]
cfg.remote_cmd is to be used, rather than actually pointing at
cfg.remote_cmd. This change restores the ability to structure-copy
Configs without breaking them. (Though of course this is only a
temporary solution: really what wants doing is to fix
`config-struct'.)
[originally from svn r5335]
deal with rekeys at all: they totally ignore mid-session KEXINIT
sent by the client. Hence, a new bug entry so we don't try it.
[originally from svn r5092]
meaning of BellOverload{T,S} in Unix saved sessions. Add a Unix-
specific backwards compatibility wart to settings.c to compensate.
Of course when I do the serious config format revamp, I will ensure
that no config item depends on internal #defines (these time
intervals will be specified as a floating-point number of seconds)
and this horror will be relegated to the old-config-compatibility
code.
[originally from svn r5080]
of polishing to bring them to what I think should in principle be
release quality. Unlike the unfix.org patches themselves, this
checkin enables IPv6 by default; if you want to leave it out, you
have to build with COMPAT=-DNO_IPV6.
I have tested that this compiles on Visual C 7 (so the nightlies
_should_ acquire IPv6 support without missing a beat), but since I
don't have IPv6 set up myself I haven't actually tested that it
_works_. It still seems to make correct IPv4 connections, but that's
all I've been able to verify for myself. Further testing is needed.
[originally from svn r5047]
[this svn revision also touched putty-wishlist]
(which will gain more content anon).
Retire BUG_SSH2_DH_GEX and add a backwards-compatibility wart, since we never
did find a way of automatically detecting this alleged server bug, and in any
case there was only ever one report (<3D91F3B5.7030309@inwind.it>, FWIW).
Also generalise askcipher() to a new askalg() (thus touching all the
front-ends).
I've made some attempt to document what SSH key exchange is and why you care,
but it could use some review for clarity (and outright lies).
[originally from svn r5022]
results in unacceptable performance for him on Win2000. Add a checkbox to
revert to the old behaviour.
[originally from svn r4988]
[this svn revision also touched putty-wishlist]
http://www.cl.cam.ac.uk/~mgk25/unicode.html#activate
feels strongly that it should be easy to make _all_ your
applications work in UTF-8 mode, without having to remember a switch
for each one. Every application should simply note a UTF-8 locale
setting and switch into UTF-8 mode automatically.
Therefore, for the Unix port only, there's now a checkbox, enabled
by default, which causes the drop-down Translation box to be
overridden if the locale indicates UTF-8. Anyone who doesn't like
this, or doesn't like MGK, is welcome to turn it straight back off.
I'm not _completely_ convinced by MGK's argument myself; for
xterm/pterm to do _useful_ UTF-8 you also need to specify a decently
Unicode-capable font, and there's no way _that_ can be automagically
done on noticing a locale setting. But it's a de facto standard
(i.e. xterm does it :-) so I might as well at least be _able_ to
support it.
[originally from svn r4648]
PuTTY / Plink not to run a remote shell/command at all. Supported in
the GUI configuration and via the (OpenSSH-like) -N command-line
option.
No effort is currently made to arrange `nice' UI properties. If you
do this in GUI PuTTY, a full-size terminal window will still be
created, and will sit there with almost nothing in it throughout
your session. If you do it in Plink, Plink will not accept any kind
of request to terminate gracefully; you'll have to ^C or kill it.
Nonetheless, even this little will be useful to some people...
[originally from svn r4614]
by default (although they can be included). There's also an option to remove
session data, which is good both for privacy and for reducing the size of
logfiles.
[originally from svn r4593]
No very good reason, but I've occasionally wanted to frob it to see if it
makes any difference to problems I'm having, and it was easy.
Tested that it does actually cause keepalives on Windows (with tcpdump);
should also work on Unix. Not implemented on Mac (does nothing), but then
neither is TCP_NODELAY.
Quite a big checkin, much of which is adding `keepalive' alongside `nodelay'
in network function calls.
[originally from svn r4309]
platform-independent source file. Haven't yet added the extra
abstraction routines to uxsftp.c to create a Unix PSCP port, but it
shouldn't take long.
Also in this checkin, a change of semantics in platform_default_s():
now strings returned from it are expected to be dynamically allocated.
[originally from svn r3420]
by disabling bold-font-name guessing (if their bold fonts are ugly).
I've turned the UI inside out, but the meat is pretty much the same.
[originally from svn r3410]
box, in that it started to expand under the weight of proxy options.
Now fixed, by folding the SOCKS version selector into the general
proxy type selector so there's one single 5- or 6-way radio button
set split over two lines. settings.c has of course grown a backwards
compatibility wart to deal with legacy config data.
[originally from svn r3168]
hazard. I considered removing it completely, but I can't rule out
the possibility of an OS that actually takes security of its
terminal devices seriously, and which might be able to make sensible
and safe use of this feature.
[originally from svn r3103]
malloc functions, which automatically cast to the same type they're
allocating the size of. Should prevent any future errors involving
mallocing the size of the wrong structure type, and will also make
life easier if we ever need to turn the PuTTY core code from real C
into C++-friendly C. I haven't touched the Mac frontend in this
checkin because I couldn't compile or test it.
[originally from svn r3014]
time! The load code in settings.c was translating an empty string
into "Default Settings" to pass to {win,ux}store, whereas the save
code was passing the empty string straight down and expecting it to
be dealt with. So, a policy decision: the precise name of the
"Default Settings" special session _at the storage level_ is up to
the individual platform storage code to decide, and all platforms
MUST assume Default Settings is meant if they receive NULL or the
empty string as a session name.
[originally from svn r2974]
of these days I'll have to separate the platform-specific settings
out into winsett and uxsett modules, but for now it's not too urgent.
[originally from svn r2936]
clears, and also to temporarily push the primary screen contents
into the scrollback while the alternate screen is active and bring
it back afterwards.
[originally from svn r2910]
which have a strange idea of what data should be signed in a PK auth
request. This actually got in my way while doing serious things at
work! :-)
[originally from svn r2800]
opaque to all platform-independent modules and only handled within
per-platform code. `Filename' is there because the Mac has a magic
way to store filenames (though currently this checkin doesn't
support it!); `FontSpec' is there so that all the auxiliary stuff
such as font height and charset and so on which is needed under
Windows but not Unix can be kept where it belongs, and so that I can
have a hope in hell of dealing with a font chooser in the forthcoming
cross-platform config box code, and best of all it gets the horrid
font height wart out of settings.c and into the Windows code where
it should be.
The Mac part of this checkin is a bunch of random guesses which will
probably not quite compile, but which look roughly right to me.
Sorry if I screwed it up, Ben :-)
[originally from svn r2765]
the various `yes/no/maybe' enums into one common one missed a vital
point: all those enums mapped on to integers in different ways,
which affected the format of stored settings. Arrgh. So now
settings.c contains yet more painful warts and I'm _really_ starting
to think it's about time we designed a new set of human-usable
config keywords and retired this lot to the status of Unpleasant
Backwards-Compatibility Relic.
[originally from svn r2735]
Everything in there which is integral is now an actual int, which
means my forthcoming revamp of the config box will be able to work
with `int *' pointers without fear of doom.
[originally from svn r2733]
holdout static I hadn't noticed; unicode.c had one too; and a large
number of statics that were perfectly OK due to being constants have
been made `const', with assorted `const' repercussions all over the
place. I now declare `remove-statics' to be fixed.
[originally from svn r2594]
the remote IP/port data provided by the server for forwarded
connections. Disabled by default, since it's incompatible with SSH2,
probably incompatible with some X clients, and tickles a bug in
at least one version of OpenSSH.
[originally from svn r2554]
and pterm need at least one default setting to be _different_ (pterm
needs the default term type to be `xterm', while plink needs it to
be taken from $TERM). So here's a completely new alternative
mechanism for platform- and app-specific default settings. Ben will
probably want to check the integrity of the Mac port, since I've
fiddled with it without testing that it still compiles.
[originally from svn r2513]
the default X display should be whatever comes out of $DISPLAY,
rather than Windows's hardwired `localhost:0'. Secondly, this may
give rise to a display name without a hostname (`:0' or similar),
which we now need to be able to deal with. Of course, we still don't
_properly_ support X forwarding in Unix Plink, since we still can't
authenticate with the local display.
[originally from svn r2420]
open an existing saved session. This has entailed adding an extra hook to
settings.c to allow for loading settings other than by name.
[originally from svn r2387]
SockAddr, which just contains an unresolved hostname and is created
by a stub function in *net.c. It's an error to pass this to most of
the real-meat functions in *net.c; these fake addresses should have
been dealt with by the time they get down that far. proxy.c now
contains name_lookup(), a wrapper on sk_namelookup() which decides
whether or not to do real DNS, and the individual proxy
implementations each deal sensibly with being handed an unresolved
address and avoid ever passing one down to *net.c.
[originally from svn r2353]
This doesn't include any mkfiles.pl glue, and is missing one or two other
fixes. The terminal emulator is kind of working, though, as, I believe, is
the store module. Everything else is yet to be done.
[originally from svn r2226]
not -1 (it turns out _most_ X fonts prefer the former, though
irritatingly my favourite real X font used to prefer the latter
which was why I made the X version of my Font Of Choice do so too),
and also clip to the boundaries of the rectangle we should be
drawing text in. This still doesn't completely prevent display
corruption in the case where text drawn in one sweep is partially
overwritten in a future one, but gnome-terminal has this problem
too, and now we've got the right default SB offset _and_ offer the
opportunity to reconfigure it I think this is pretty good for now.
[originally from svn r2184]
into line with most other xtermalikes. On Unix, the exit code of a
shell is the last exit code of one of its child processes, even if
it's an interactive shell - so some pterms will close and some will
not for no particularly good reason. Power-detaching a screen
session is especially bad for this.
COE_NORMAL is still useful for specialist purposes (running a single
command in its own pterm), but I don't think it's a sane default,
unfortunately.
[originally from svn r2154]
login shell or not. Also moved these new pieces of configuration
into the Config structure, though they won't stay there forever
since they will need to be moved out into platform-dependent config.
[originally from svn r2060]
pick up the font's real width and height. This means I now _can't_
use my font of choice until I implement some command-line options; I
wonder what feature will appear next :-)
[originally from svn r2027]
The current pty.c backend is temporarily a loopback device for
terminal emulator testing, the display handling is only just enough
to show that terminal.c is functioning, the keyboard handling is
laughable, and most features are absent. Next step: bring output and
input up to a plausibly working state, and put a real pty on the
back to create a vaguely usable prototype. Oh, and a scrollbar would
be nice too.
In _theory_ the Windows builds should still work fine after this...
[originally from svn r2010]
CONNECT, but contains an extensible framework to allow other
proxies. Apparently SOCKS and ad-hoc-telnet-proxy are already
planned (the GUI mentions them already even though they don't work
yet). GUI includes full configurability and allows definition of
exclusion zones. Rock and roll.
[originally from svn r1598]
^M instead of the Telnet New Line code. Unix-type telnetds don't
care one way or the other; RDB claims some telnetds prefer Telnet
NL; and now someone has found one that can't deal with Telnet NL and
prefers ^M. Sigh.
[originally from svn r1520]
were using RegCreateKey instead of RegOpenKey by mistake. This also
required a fix in settings.c to deal gracefully with a NULL return
from enum_settings_start() - since the use of RCK had caused this
never to happen, the code path had never been tested.
[originally from svn r1516]
connections from outside localhost' switch. Interestingly OpenSSH
3.0 appears to ignore this (though I know it works because ssh.com
3.0 gets it right, and the SSH packet dump agrees that I'm doing the
right thing).
[originally from svn r1496]
configurable option so users can re-enable the feature _if_ they
know they have an SSH2 server that isn't going to get shirty about
it. Inspired by a spectacular increase in OpenSSH's shirtiness.
[originally from svn r1474]
you enable it text will paste into Word et al in the same font as
PuTTY itself is displaying in. In particular, this will be a fixed-
pitch font, so tables and `ls' and the like will naturally line up.
[originally from svn r1373]
multi-monitor aware and make the scrollbar separately configurable
in and out of full-screen mode. Also (not Wez's patch, this bit) fix
the case where the user reconfigures _while_ the window is
full-screen, and disables full-screening. (In this case the window
should return gracefully to normal, rather than losing all its title
bars and getting confused.)
[originally from svn r1310]
rather than four. Should fix all sorts of bugs, since the fourth
(and default!) state was behaving weirdly and nobody liked it.
[originally from svn r1307]
kicked out by the Unicode patch. It's not very good - only works
sanely on US keyboards - but it's no worse than it was in 0.51.
After 0.52 maybe I should fix it properly.
[originally from svn r1273]
fiddle with the widths of characters in DBCS screen fonts, and (the
big one) one to enable a mode in which resizing the window locks the
terminal size and lets the font change, instead of vice versa. That
should shut up a few feature requests!
[originally from svn r1269]
settings file is unrecognised (i.e. PuTTYtel reading PuTTY's
registry), fall back to the default _port_ as well as the default
protocol.
[originally from svn r1242]
mouse tracking is enabled. (This can be turned off if your app
really wants Shift+mouse, but it defaults to on for general
usefulness.)
[originally from svn r1235]
numeric code page, and also reinstate the direct-to-font zero
translation mode (but now under an actual _name_ rather than blank).
Also add CP437 to the list since at least one expatriate DOS user
wanted it; also select a sensible ISO or KOI codepage based on the
system locale.
[originally from svn r1230]
scp1 if it can't. Currently not very tested - I checked it in as
soon as it completed a successful recursive copy in both directions.
Also, one known bug: you can't specify a remote wildcard, because by
the nature of SFTP we'll need to implement the wildcard engine on
the client side. I do intend to do this (and use the same wildcard
engine in PSFTP as well) but I haven't got round to it yet.
[originally from svn r1208]
by me to make the drag list behaviour slightly more intuitive.
WARNING: DO NOT LOOK AT pl_itemfrompt() IF YOU ARE SQUEAMISH.
[originally from svn r1199]
box. Also default to ISO8859-1 so that CSI works in the default
mode; this is ridiculously Western-centric but I can't honestly
think of a better option.
[originally from svn r1183]
Only currently works on SSH1; SSH2 should be doable but it's late
and I have other things to do tonight. The Cool Guy award for this
one goes to Nicolas Barry, for doing most of the work and actually
understanding the code he was adding to.
[originally from svn r1176]
possible and we have a single unified means of trying to display any
Unicode code point. Instead of the various ad-hoc translation modes
we had before, we now have a single `codepage' option which allows
us to treat the incoming (and outgoing) text as any given character
set, and locally we map that to Unicode and back.
[originally from svn r1110]
send Telnet special sequences (Interrupt Process, Suspend, Erase
Char, End Of Line) instead of their ASCII equivalents. In particular
Return -> Telnet End Of Line is _always_ enabled irrespective of the
configuration, while the others are optional. Also in this patch, an
entertainingly ghastly use of `switch' to allow literal ^M^J to do
the same thing as magic-^M (the Return key) when in Raw protocol.
[originally from svn r1109]
configurable bell overload handling. Thanks to Robert de Bath for
galvanising me into doing this, but I've had to rip most of his code
out and redo it myself...
[originally from svn r1039]
always Compose (we have no better use for it), and Ctrl-Alt can be
made to act like AltGr (but it's never Compose even when AltGr is).
[originally from svn r1033]
now to translate them into poor man's characters (+--+ and |). We also
have an option to disable this (and map line drawing characters to the
corresponding ASCII code as before). Thanks to Robert de Bath.
[originally from svn r1029]
remote command from a local file. Advantage: you can have more than
one line in it, so you can remotely run what's effectively a small
script.
[originally from svn r1010]
Roman Surma for pointing me at the relevant bits of documentation. All
font sizes should now be measured in points, and everything should be
consistent, and (with any luck) old Registry settings should adapt
gracefully too.
[originally from svn r992]
introduce another layer of abstraction in SSH2 ciphers, such that a
single `logical cipher' (as desired by a user) can equate to more
than one `physical cipher'. This is because AES comes in several key
lengths (PuTTY will pick the highest supported by the remote end)
and several different SSH2-protocol-level names (aes*-cbc,
rijndael*-cbc, and an unofficial one rijndael-cbc@lysator.liu.se).
[originally from svn r967]
multiple switchable line disciplines, we now have a single unified
one which changes its behaviour based on option settings. Each
option setting can be suggested by the back end and/or the terminal
handler, and can be forcibly overridden by the configuration. Local
echo and local line editing are separate, independently switchable,
options.
[originally from svn r895]
disablement option into two options so the app cursor keys and app
keypad can be controlled separately. The Pedantic Software Award in
this case goes to the Midnight Commander for its egregious failure
to just use the terminal in Perfectly Normal mode.
[originally from svn r766]
