1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00
Commit Graph

7327 Commits

Author SHA1 Message Date
Simon Tatham
92594f3e41 test_conf: directly check consistency of conf_key_info.
This is why I wrote conf.h in the form of macros that expanded to
named structure field assignments, instead of just filling it with
named structure field assignments directly. This way, I can #include
the same file again with different macro definitions, and build up a
list of what fields were set in what config options.

This new code checks that if a config option has a default, then the
type of the default matches the declared type of the option value
itself. That's what caught the two goofs in the previous commit.

This is also the part of test_conf that I _won't_ want to delete once
I've finished with the refactoring: it can stay there forever, doing
type checking at test time that the compiler isn't doing for me at
build time.
2023-09-22 15:35:40 +01:00
Simon Tatham
30d3b609d3 Fix type mismatches in new conf_key_info.
I suspected there'd be one or two mistakes introduced by that
transcription in spite of the test suite, and there were!

CONF_mouseautocopy had its default labelled as int rather than bool,
because it didn't _look_ boolean to my conversion scripts or to my
eyeballs - but its default value is actually a macro that expands to
'true' or 'false' (depending on platform), so it is really.

And CONF_supdup_ascii_set, conversely, is an int which had its default
labelled as bool, which was due to my conversion scripts faithfully
transcribing the same confusion in the original code.
2023-09-22 15:31:02 +01:00
Simon Tatham
41b4f78b9b Make test_conf return failure status on failure!
Ahem. Of course I've been running it interactively until now, so I
never noticed that I'd forgotten to fill in that important point. But
now it's run as part of my build, it should make sure to fail if it
fails.
2023-09-22 15:15:11 +01:00
Simon Tatham
8e95208377 Begin moving saved-setting semantics into conf_key_info.
The new ConfKeyInfo structure now includes some fields indicating how
to load and save each config option: what keyword it's stored under in
the saved settings file, and what its default value should be set to
when loading a session that doesn't mention it. (Including, of course,
loading the null session at program startup.)

So far, this only applies to the saved settings that are sufficiently
simple: a single integer, string or boolean value whose internal
format matches its storage format, or an integer value consisting of a
finite enumeration with a fixed mapping between its internal and
storage formats. Anything more difficult than that - mappings,
variable defaults, config options tied together, options that still
support a legacy save format alongside the up-to-date one, things
under #ifdef - hasn't yet been tampered with.

This allows a large amount of repetitive code in settings.c to be
deleted, and replaced by simple loops over the conf_key_info array
doing all the easy work. The remaining manual load/save code per
option is all there because it's difficult in some way.

The transitional test_conf program still passes after this upheaval.
2023-09-22 15:03:35 +01:00
Simon Tatham
860bd0d5b7 Replace conf.c's type arrays with a new conf_key_info[].
This array is planned to be exposed more widely, and used for more
purposes than just checking the types of Conf options. In this commit
it just takes over from the two previous smaller arrays, and adds no
extra data.
2023-09-22 14:28:27 +01:00
Simon Tatham
72bbca9ddd Move the enum of Conf data types out into putty.h.
I'm about to start refactoring Conf in a way that will need it to be
more widely available.
2023-09-22 14:28:27 +01:00
Simon Tatham
b567c9b2b5 New test program 'test_conf', mostly transitional.
This aims to be a reasonably exhaustive test of what happens if you
set Conf values to various things, and then save your session, and
find out what ends up in the storage. Or vice versa.

Currently, the test program is written to match the existing
behaviour. The idea is that I can refactor the code that does the
loading and saving, and if this test still passes, I've probably done
it right.

However, in the long term, this test will be a liability: it's yet
another place you have to add every new config option. So my plan is
to get rid of it again once the refactorings I'm planning are
finished.

Or rather, I'll get rid of _that_ part of its functionality. I also
suspect I'll have added new kinds of consistency check by then, which
won't be a liability in the same way, and which I'll want to keep.
2023-09-22 14:28:27 +01:00
Simon Tatham
954db6f7fe Conditionalise FontSpec structure definition.
FontSpec is completely different per platform; not only is the
structure type different, not only are the behind-the-scenes
implementations of copy and free functions different, but even the API
of the constructor function is different. Cross-platform code can't
construct a FontSpec at all. This makes it hard to write a
cross-platform test program that works with them.

So, as a nasty bodge, I'll allow test programs to #define
SUPERSEDE_FONTSPEC_FOR_TESTING before including putty.h. Then they can
provide their own definition of FontSpec, and they also take
responsibility for superseding all the other functions that work with
one.
2023-09-22 14:00:02 +01:00
Simon Tatham
6371702145 Expose conf_clear(), for test purposes.
Normally you don't ever want to have a Conf structure that doesn't
have an entry for every primary key, because the code that uses Conf
to get real work done will fail assertions if lookups fail. But test
programs manipulating Conf in unusual ways are a special case.

(In particular, one thing you _can_ legally do with an empty Conf is
to call load_open_settings() to populate it. That has to be legal,
because it's how a Conf gets populated in the first place, after it's
initially created empty.)
2023-09-22 13:59:27 +01:00
Simon Tatham
cfdff822c4 settings.c: missing 'const' in gppfont(). 2023-09-22 13:48:37 +01:00
Simon Tatham
bdbd5f429c Rationalise the code that resets terminal scrollback.
Recently I encountered a CLI tool that took tens of seconds to run,
and produced no _visible_ output, but wrote ESC[0m to the terminal a
few times during its operation. (Probably by mistake. In other modes
it does print colourful messages, so I expect a 'reset colour' call
was accidentally outside the 'if' statement containing the rest of the
diagnostic it followed. Or something along those lines.)

I noticed this because every ESC[0m reset my pterm scrollback to the
bottom, which wasn't very helpful, and was unintentional on pterm's
part (as _well_ as on the part of the tool). But I can fix pterm!

At first glance the code _looked_ sensible: terminal.c contains calls
to seen_disp_event(term) whenever terminal output does something that
requires a redraw of the terminal window. Those are also the updates
that should count as 'reset scrollback on display activity'. And
ESC[0m, along with the rest of the SGR handler, correctly contained no
such call. So how did a display update happen at all?

The code was confusingly tangled up with the code that responds to
terminal activity by resetting the phase of the blinking cursor (if
any). term_reset_cblink() was calling seen_disp_event() (when surely
it should be the other way round!), and also, term_reset_cblink() was
called whenever _any_ terminal output data arrived. That combination
meant that any byte output to the terminal at all turned out to count
as display activity, whether or not it changed the screen contents.

Additionally, the other scrollback-reset flag, 'reset scrollback on
keypress', was handled by calling seen_disp_event() from the keyboard
handler. But display events and keyboard events are supposed to be
_independent_ potential causes of scrollback resets - it doesn't make
any sense to handle one by treating it as the other!

So I've reorganised the code completely:

 - the seen_disp_event *flag* is now gone. Instead, the
   seen_disp_event function tests the scroll_on_disp flag, and if set,
   resets the scroll position immediately and sets the general
   'scrollbar needs updating' flag.

 - keyboard input is handled by doing exactly the same thing except
   testing the scroll_on_key flag, so the two systems are properly
   independent. That code calls term_schedule_update so that the
   terminal will be redrawn as a result of the scroll, but doesn't
   also call seen_disp_event() for the rest of the full treatment.

 - the term_update code that does the scrollbar update is much
   simpler, since now it only needs to test that one flag.

 - I also had to set that flag explicitly in scroll() so that the
   scrollbar would still be updated as a result of the scrollback size
   changing. I think that must have been happening entirely by
   accident before.

 - term_reset_cblink is subsumed into seen_disp_event, so that only
   _substantive_ display updates cause the cursor blink phase to reset
   to the start of the solid period.

Result: if programs output no-op sequences like ESC[0m, or if you
press keys that don't echo, then the cursor will carry on blinking
normally, and (if you don't also have scroll_on_key set) the
scrollback won't be reset. And the code is slightly shorter than it
was before, and hopefully more sensible too.

(However, other classes of no-op activity _will_ still cause a cursor
blink phase change and a scrollback reset, such as sending a
cursor-positioning sequence that puts the cursor in the same place it
was already - even something as simple as ^M when already at the start
of the line. It might be nice to fix that, but it's much more
difficult: you'd have to either put a complicated and error-prone test
at every seen_disp_event call site, or else expensively diff the
entire visible terminal state against how it was before. And to avoid
a nondeterministic dependency on the terminal update cooldown, that
diff would have to be done at the granularity of individual control
sequences rather than a bounded number of times a second. I'd rather
not!)
2023-09-03 10:20:58 +01:00
Simon Tatham
bd27962cd9 CMakeLists.txt: explicitly ask for C99.
A user just reported that 0.79 doesn't build out of the box on Ubuntu
14.04 (trusty), because although its gcc (4.8.4) does _support_ C99,
it doesn't enable it without a non-default -std option. The user was
able to work around the problem by defining CMAKE_C_FLAGS=-std=gnu99,
but it would have been nicer if we'd done that automatically. Setting
CMAKE_C_STANDARD causes cmake to do so.

(This isn't a regression of 0.79 over 0.78 as far as I know; the user
in question said they had last built 0.76.)

I was surprised to find Ubuntu 14.04 still in use at all, but a quick
web search revealed that its support has been extended until next
year, so fair enough, I suppose. It's also running a cmake way older
than we support, but apparently that can be worked around via
Kitware's binary tarball downloads (which do still run on 14.04).

This is a bit unsatisfactory: I'd prefer to ask for C standards
support of _at least_ C99 level, and C11 if possible. Then I could
test for the presence of C11 features via check_c_source_compiles, and
use them opportunistically (e.g. in macro definitions). But as far as
I can see, cmake has no built-in support for asking for a standards
level of 'as new as you can get, but no older than 99'. Oh well.

(In any case, the thing I'd find most useful from C11 is _Generic, and
since that's in implementation namespace, compilers can - and do -
support it in C99 mode anyway. So it's probably fine, at least for now.)
2023-08-27 10:51:56 +01:00
Simon Tatham
3d34007889 Remove a couple of double-typedefs.
Experimenting with different compile flags pointed out two instances
of typedefing the same name twice (though benignly, with the same
definition as well). PsocksDataSink was typedefed a couple of lines
above its struct definition and then again _with_ its struct
definition; cliloop_continue_t was typedefed in unix/platform.h and
didn't need defining again in unix/psocks.c.
2023-08-27 10:45:54 +01:00
Simon Tatham
da550c3158 CHECKLST.txt: suggest writing Windows Store blurb ahead of time.
That's two releases running I've got most of the way through the
mechanical upload processes and suddenly realised I still have a piece
of creative writing to do. A small one, but even so, there's no reason
it couldn't have been prepared a week in advance like the rest of the
announcements and changelogs. The only reason I didn't is that the
checklist didn't remind me to. Now it does.
2023-08-26 13:48:22 +01:00
Simon Tatham
13e2dfd4dd Merge tag '0.79' 2023-08-26 13:16:58 +01:00
Simon Tatham
b10059fc92 Update version number for 0.79 release. 2023-08-26 08:39:42 +01:00
Simon Tatham
f9d09f41d1 Windows Pageant: switch path separator in OpenSSH config.
A user reports, _just_ in time to make the 0.79 release, that changes
in the Windows port of OpenSSH from 8.9.x have made it unhappy with
the use of \ as a path separator in the 'IdentityAgent' config
directive. Switch to /, which is also accepted by earlier versions, so
it should work everywhere.
2023-08-26 08:34:53 +01:00
Jacob Nevins
5ced517428 cryptsuite: gracefully handle unavailable HW accel.
Hardware-accelerated GCM and AES implementations which were compiled in,
but unavailable at runtime, would cause GCM tests to give errors.
2023-08-22 19:36:07 +01:00
Jacob Nevins
a1d80e41dd testcrypt: allow null return from ssh2_mac_new.
This can now happen if, for instance, the CLMUL implementation of
aesgcm is compiled in, but not available at runtime because we're on
an old Intel CPU.

In this situation, testcrypt would segfault when driven by
test/cryptsuite.py, and test/list-accel.py would erroneously claim the
CLMUL implementation was available when it wasn't.
2023-08-22 19:36:05 +01:00
Jacob Nevins
06d7c3916a Fix typo in comment. 2023-08-22 19:36:03 +01:00
Simon Tatham
29fef36f3e Merge share_receive fix from 'pre-0.79'. 2023-08-19 10:26:17 +01:00
Simon Tatham
27f0140e5c Fix use-after-free on error returns from share_receive.
Spotted by Coverity. If PuTTY is functioning as a sharing upstream,
and a new downstream mishandles the version string exchange in any way
that provokes an error message from share_receive() (such as failing
to start the greeting with the expected protocol-name string), we were
calling share_disconnect() and then going to crFinish. But
share_disconnect is capable of actually freeing the entire
ssh_sharing_connstate which contains the coroutine state - in which
case, crFinish's zeroing out of crLine is a use-after-free.

The usual pattern elsewhere in this code is to exit a coroutine with
an ordinary 'return' when you've destroyed its state structure. Switch
to doing that here.
2023-08-19 10:15:47 +01:00
Simon Tatham
0945fc5446 Fix breakage in winegcc build script.
Apparently when I started using _wfopen in commit 8bd75b85ed, the
winegcc build (which I mostly use for Coverity Scan) stopped working,
because _wfopen isn't included in any of the libraries I explicitly
had on my link line.

Rather than mess about with cmake, it's easier to just bodge it in the
winegcc wrapper script, since we had one of those already.
2023-08-19 08:58:36 +01:00
Simon Tatham
08d178ae9f Merge GPG key update from 'pre-0.79'. 2023-07-31 20:01:36 +01:00
Simon Tatham
74820e9408 GPG key rollover. 2023-07-31 20:01:24 +01:00
Simon Tatham
d5b2fd9d2f Unix: conditionalise test_lineedit and test_terminal.
If we don't have GTK enabled in the build, then lots of important
stuff never gets added to the 'guiterminal' build-time object library,
without which these terminal-using programs can't link successfully,
even though they don't actually use GTK.

I could add yet more stub functions, but I don't think that's really
necessary - it doesn't seem like a serious inconvenience that you can
only test the terminal on a platform where you can also build real
applications that include it. So I've just moved those two executable
file definitions inside the Big If that conditionalises PuTTY and
pterm themselves.
2023-07-26 08:11:29 +01:00
Simon Tatham
5acaf757cf Merge docs improvement from 'pre-0.79'. 2023-07-20 21:43:20 +01:00
Simon Tatham
0fffc62fc6 errors.but: add a note about firewalls.
An irate user complained today that they wished we'd documented
firewalls as a possible cause of WSAECONNREFUSED, because it took them
ages to think of checking that. Fair enough.
2023-07-20 20:49:36 +01:00
Jacob Nevins
64dbda7b31 Merge SSH cert UI tweak from 'pre-0.79'. 2023-07-19 17:18:26 +01:00
Jacob Nevins
2a6e2dfff4 Make it clearer that detached SSH cert is optional.
Someone just asked us a question which suggests they might have thought
they need to supply both files in the 'Public-key authentication' box in
the config dialog, to use public-key authentication at all. I can see
why someone might think that, anyway.
2023-07-19 17:15:23 +01:00
Jacob Nevins
ab8ae9a385 Merge log file name tweaks from 'pre-0.79'. 2023-07-16 16:38:56 +01:00
Jacob Nevins
c406d8efe5 logging: allow &H to expand to serial line.
For serial connections, &H generally expanded to the empty string.
This seems more useful.
(It so happens that &H _could_ expand to the serial line if it came from
the command-line, but that's accidental.)
2023-07-16 16:05:48 +01:00
Jacob Nevins
209cf8013b Add missing consts around xlatlognam(). 2023-07-16 16:05:48 +01:00
Jacob Nevins
d583ae698d docs: Tiny improvements to log file name docs.
Note that &H type substitutions are case-insensitive, and fix a typo.
2023-07-16 16:05:48 +01:00
Simon Tatham
fecb51b03b Merge Windows Pageant / OpenSSH fix from 'pre-0.79'. 2023-07-12 20:55:13 +01:00
Simon Tatham
60c9350010 Windows Pageant: quote the pipe path in OpenSSH config fragment.
The pathname of Pageant's named pipe includes the name of the user
running it. And Windows usernames are allowed to have spaces in! So
the pipe pathname may also have a space, in which case Windows OpenSSH
will interpret the spacey pathname as an invalid first half followed
by a trailing garbage word.

A user reports that quoting the filename makes this work. Since double
quotes are an illegal Windows filename character, I think it should
therefore do no harm to quote it unconditionally, which is the easiest
fix.
2023-07-12 20:55:01 +01:00
Jacob Nevins
2ae19053a8 Merge docs tweaks from 'pre-0.79'. 2023-07-12 18:36:24 +01:00
Jacob Nevins
9ce5bc401c Tweaks to OpenSSH key format docs.
Index the older format as 'PEM-style', since PEM is how it's referred to
in OpenSSH's own docs; and justify why you might want to use the newer
format.
2023-07-12 17:55:58 +01:00
Simon Tatham
b60e62b724 Merge PSFTP multiple-connections fixes from 'pre-0.79'. 2023-06-07 07:29:39 +01:00
Simon Tatham
05a6699939 PSFTP: fix memory leak opening two consecutive sessions.
Testing the script described in the previous commit message, Leak
Sanitiser pointed out that we didn't free the LogContext from the
first connection, and overwrote the pointer variable with the one from
the second.
2023-06-07 07:29:26 +01:00
Simon Tatham
6370782de7 PSFTP: make the 'close' subcommand return success.
A user points out that it always returned failure, even if it
succeeded. As a result, a 'psftp -b' script of the form

  open this.host
  do stuff
  close
  open that.host
  do stuff
  close

would terminate at the first 'close', believing it to have failed, and
PSFTP would exit with a failure status.

(Not only that, but there would be no error message indicating _why_
PSFTP had closed, because when a command returns failure it's expected
to have printed an error message already.)
2023-06-07 07:29:26 +01:00
Simon Tatham
68d89b0e69 Add lots more stub versions of standard code modules.
These are all going to be used by a test program I have in the works,
which will need to link against a lot more of the code base than any
so far. So we need a pile of new stubs.

The trickiest of these was stubs/no-network.c, which had to
conditionally define a couple of extra network functions, because
there are Windows-specific plug_closing_system_error and
plug_closing_winsock_error functions.
2023-05-29 15:54:34 +01:00
Simon Tatham
5e055a374f Cleanup: make an enum for the values of CONF_mouse_is_xterm.
Again, there's no sensible reason why these should be written at the
point of use as bare integers.
2023-05-29 15:52:32 +01:00
Simon Tatham
fd9bc8c86a Cleanup: make symbolic names for CONF_bold_style bits.
CONF_bold_style is a pair of bit flags rather than an enum, so its
values aren't just BOLD_STYLE_FONT and BOLD_STYLE_COLOUR but also the
bitwise OR of them. (Hopefully not neither.)
2023-05-29 15:51:56 +01:00
Simon Tatham
dfa91dfa8f Cleanup: make an enum for the values of CONF_cursor_type.
These have been magic numbers 0, 1 and 2 in the source for ages. I
think it's about time they had actual names, to make all the points of
use clearer.
2023-05-29 15:51:17 +01:00
Simon Tatham
8bd75b85ed Some support for wide-character filenames in Windows.
The Windows version of the Filename structure now contains three
versions of the pathname, in UTF-16, UTF-8 and the system code page.
Callers can use whichever is most convenient.

All uses of filenames for actually opening files now use the UTF-16
version, which means they can tolerate 'exotic' filenames, by which I
mean those including Unicode characters outside the host system's
CP_ACP default code page.

Other uses of Filename structures inside the 'windows' subdirectory do
something appropriate, e.g. when printing a filename inside a message
box or a console message, we use the UTF-8 version of the filename
with the UTF-8 version of the appropriate API.

There are three remaining pieces to full Unicode filename support:

One is that the cross-platform code has many calls to
filename_to_str(), embodying the assumption that a file name can be
reliably converted into the unspecified current character set; those
will all need changing in some way.

Another is that write_setting_filename(), in windows/storage.c, still
saves filenames to the Registry as an ordinary REG_SZ in the system
code page. So even if an exotic filename were stored in a Conf, that
Conf couldn't round-trip via the Registry and back without corrupting
that filename by coercing it back to a string that fits in CP_ACP and
therefore doesn't represent the same file. This can't be fixed without
a compatibility break in the storage format, and I don't want to make
a minimal change in that area: if we're going to break compatibility,
then we should break it good and hard (the Nanny Ogg principle), and
devise a completely fresh storage representation that fixes as many
other legacy problems as possible at the same time. So that's my plan,
not yet started.

The final point, much more obviously, is that we're still short of
methods to _construct_ any Filename structures using a Unicode input
string! It should now work to enter one in the GUI configurer (either
by manual text input or via the file selector), but it won't
round-trip through a save and load (as discussed above), and there's
still no way to specify one on the command line (the groundwork is
laid by commit 10e1ac7752 but not yet linked up).

But this is a start.
2023-05-29 15:41:50 +01:00
Simon Tatham
85680c77c0 Make x11_get_auth_from_authfile take a Filename.
I think the only reason it currently takes a plain string is because
its interesting caller (in unix/x11.c) has just constructed a string
out of an environment variable, and it seemed like the path of least
effort not to bother wrapping it into a proper Filename. But when
Filename on Windows becomes more interesting, we'll need it to take
the full version.
2023-05-29 15:41:50 +01:00
Simon Tatham
1adcb200f7 dialog.c: give ctrl->fileselect.filter an opaque type.
The values of that field in a Control structure are already
platform-dependent: you're only supposed to set them in cross-platform
code by using #defined names that each platform will define
differently.

Now I need the _type_ as well as the values to be opaque, because I'm
about to make a change on Windows that turns it into a wide character
string instead of a char string.
2023-05-29 15:41:50 +01:00
Simon Tatham
e1c6f61985 New Windows utility function: request_file_w.
Just like the existing request_file, but wide-character oriented.
2023-05-29 15:31:45 +01:00
Simon Tatham
059f42aa56 New Windows utility function: GetDlgItemTextW_alloc.
Just like the existing GetDlgItemText_alloc, but for wide strings.
2023-05-29 15:31:43 +01:00