1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 09:12:24 +00:00
Commit Graph

31 Commits

Author SHA1 Message Date
Jacob Nevins
40be9eeedd Stop attempting to make session logs private on Unix. This was introduced in
r7084 at the same time as sensible permissions when writing private key files;
however, it causes an assertion failure whenever an attempt is made to append
to an existing log file on Unix, and it's not clear what "is_private" *should*
do for append, so revert to log file security being the user's responsibility.
(Fixes Ubuntu LP#212711.)

[originally from svn r8461]
[r7084 == 4fa9564c90]
2009-02-23 22:40:09 +00:00
Ben Harris
36f502fa93 Arguments to ctype functions are required to be either EOF or representable
as unsigned char.  This means that passing in a bare char is incorrect on
systems where char is signed.  Sprinkle some appropriate casts to prevent
this.

[originally from svn r8406]
2009-01-11 14:26:27 +00:00
Simon Tatham
3a3abd211b In SSH packet logging mode, log SSH-2 packet sequence numbers, in
both directions. We had a bug report yesterday about a Cisco router
sending SSH2_MSG_UNIMPLEMENTED and it wasn't clear for which packet;
logging the sequence numbers should make such problems much easier
to diagnose.

(In fact this logging fix wouldn't have helped in yesterday's case,
because the router also didn't bother to fill in the sequence number
field in the SSH2_MSG_UNIMPLEMENTED packet! This is a precautionary
measure against the next one of these problems.)

[originally from svn r8295]
2008-11-11 07:47:27 +00:00
Simon Tatham
4fa9564c90 Fix `puttygen-unix-perms': f_open(), PuTTY's wrapper on fopen, now
takes a third argument which is TRUE if the file is being opened for
writing and wants to be created in such a way that it's readable
only to the owner. This is used when saving private keys.

While I'm here, I also use this option when writing session logs, on
the general principle that they probably contain _something_
sensitive.

The new argument is only supported on Unix, for the moment. (I think
writing owner-accessible-only files is the default on Windows.)

[originally from svn r7084]
2007-01-09 18:14:30 +00:00
Simon Tatham
d86e01e836 After discussion with Jeroen Massar, here's a patch (mostly his)
which we think fixes the vista-ipv6 problem.

[originally from svn r7007]
2006-12-23 09:04:27 +00:00
Jacob Nevins
06c7e29607 Tiny comment fix.
[originally from svn r6885]
2006-10-31 16:59:56 +00:00
Simon Tatham
8b11c26c57 New logging mode, which records the exact bytes sent over the wire
in an SSH connection _in addition_ to the decrypted packets. This
will hopefully come in useful for debugging wire data corruption
issues: you can strace the server, enable this mode in the client,
and compare the sent and received data.

I'd _like_ to have this mode also log Diffie-Hellman private
exponents, session IDs, encryption and MAC keys, so that the
resulting log file could be used to independently verify the
correctness of all cryptographic operations performed by PuTTY.
However, I haven't been able to convince myself that the security
implications are acceptable. (It doesn't matter that this
information would permit an attacker to decrypt the session, because
the _already_ decrypted session is stored alongside it in the log
file. And I'm not planning, under any circumstances, to log users'
private keys. But gaining access to the log file while the session
was still running would permit an attacker to _hijack_ the session,
and that's the iffy bit.)

[originally from svn r6835]
2006-08-29 19:07:11 +00:00
Jacob Nevins
7958a63147 Sprinkle some header comments in various files in an attempt to explain what
they're for.

[originally from svn r6639]
2006-04-23 18:26:03 +00:00
Jacob Nevins
5b15dca2da Log file open mode lost a "b" in r5344. Windows at least needs log files to
be written in binary mode with the current code.

[originally from svn r5353]
[r5344 == f73fcb0424]
2005-02-19 01:20:16 +00:00
Jacob Nevins
53d4c434e7 New enum constant ERROR clashed with a macro in MinGW's wingdi.h.
Use uglier names.

[originally from svn r5352]
2005-02-18 22:03:15 +00:00
Simon Tatham
f73fcb0424 Add asynchronous callback capability to the askappend() alert box.
This was harder than verify_ssh_host_key() and askalg() put
together, because:
 (a) askappend() can be called at any time, since it's a side effect
     of data-logging functions. Therefore there can be an unfinished
     askappend() alert at any time, and hence the OS X front end has
     to be prepared to _queue_ other alerts which occur during that
     time.
 (b) logging.c has to do something with data that comes in while
     it's waiting for an answer to askappend(). It buffers it until
     it knows what the user wants done with it. This involved
     something of a reorganisation of logging.c.

[originally from svn r5344]
2005-02-18 18:33:31 +00:00
Owen Dunn
06434ffc71 New function ltime() returns a struct tm of the current local time.
Fixes crashes when time() returns (time_t)-1 on Windows by using the
Win32 GetLocalTime() function.  (The Unix implementation still just 
uses time() and localtime().)

[originally from svn r5086]
2005-01-09 14:27:48 +00:00
Jacob Nevins
e375ba107d `ssh-log-pw-blank': known password fields are now omitted from SSH packet logs
by default (although they can be included). There's also an option to remove
session data, which is good both for privacy and for reducing the size of
logfiles.

[originally from svn r4593]
2004-10-02 00:33:27 +00:00
Jacob Nevins
088a1d37e9 Flush the logfile reasonably frequently in `printable output only' and
`all session data' modes, without completely mauling the performance, by
fflush()ing once per term_out(). If anyone complains I suppose we can
make this optional.

[originally from svn r4445]
2004-08-12 01:02:01 +00:00
Simon Tatham
6bb121ecb9 Colin's const-fixing Patch Of Death. Seems to build fine on Windows
as well as Unix, so it can go in.

[originally from svn r3162]
2003-05-04 14:18:18 +00:00
Simon Tatham
d36a4c3685 Introduced wrapper macros snew(), snewn() and sresize() for the
malloc functions, which automatically cast to the same type they're
allocating the size of. Should prevent any future errors involving
mallocing the size of the wrong structure type, and will also make
life easier if we ever need to turn the PuTTY core code from real C
into C++-friendly C. I haven't touched the Mac frontend in this
checkin because I couldn't compile or test it.

[originally from svn r3014]
2003-03-29 16:14:26 +00:00
Ben Harris
4f76d033d5 In xlatlognam(), use the start of the destination buffer as the destination
filename, not the end.

[originally from svn r2770]
2003-02-01 21:39:59 +00:00
Simon Tatham
bd16b29a7a Oops, Ben is quite right about the rather appalling design of
filename_from_str. Here's a better fix, with some const
repercussions too.

[originally from svn r2768]
2003-02-01 17:24:27 +00:00
Simon Tatham
f26b7aa0d3 Created new data types Filename' and FontSpec', intended to be
opaque to all platform-independent modules and only handled within
per-platform code. `Filename' is there because the Mac has a magic
way to store filenames (though currently this checkin doesn't
support it!); `FontSpec' is there so that all the auxiliary stuff
such as font height and charset and so on which is needed under
Windows but not Unix can be kept where it belongs, and so that I can
have a hope in hell of dealing with a font chooser in the forthcoming
cross-platform config box code, and best of all it gets the horrid
font height wart out of settings.c and into the Windows code where
it should be.
The Mac part of this checkin is a bunch of random guesses which will
probably not quite compile, but which look roughly right to me.
Sorry if I screwed it up, Ben :-)

[originally from svn r2765]
2003-02-01 12:54:40 +00:00
Ben Harris
694aafa071 Add the ability to close sessions. This adds *_free() functions to most
areas of the code.  Not all back-ends have been tested, but Telnet and SSH
behave reasonably.

Incidentally, almost all of this patch was written through Mac PuTTY,
admittedly over a Telnet connection.

[originally from svn r2615]
2003-01-15 23:30:21 +00:00
Ben Harris
282aee7545 Make this compile again.
[originally from svn r2570]
2003-01-12 15:42:24 +00:00
Simon Tatham
2d469ba497 The logging module now contains a local copy of cfg too.
[originally from svn r2566]
2003-01-12 15:10:27 +00:00
Simon Tatham
1b5cb7adf6 Each platform's implementation of askappend() is no longer required
to consult cfg.logxfovr, because it gets done once in logging.c.
askappend() is now called only when a question _really_ needs to be
asked of the user. Also in this checkin, cleanup_exit() in console.c
no longer consults cfg.protocol to decide whether to save the random
seed, because random_save_seed() can make that decision for itself
and do it better.

[originally from svn r2552]
2003-01-12 13:44:35 +00:00
Simon Tatham
6c34f06a71 Move the stderr output of event log messages in verbose mode to the
general logging module rather than localising it in ssh.c. This
means it should work in other protocols as well (notably Telnet,
where it might actually be useful for debugging negotiations).

[originally from svn r2360]
2002-12-19 14:24:28 +00:00
Jacob Nevins
242a4872b9 Doofus Award: logfopen is shared between SSH-packet and session-logging modes,
so of _course_ it has to be mode "wb". Restored, and added \r to all of the
SSH packet logging stuff.

[originally from svn r2289]
2002-12-08 12:10:58 +00:00
Jacob Nevins
9ee5d85169 For some reason Roman Pompejus' original logging patch opened the log in
"wb" mode. Since we were mostly writing "\n" rather than "\r\n", I've
changed it to just "w" and refunded the difference.

[originally from svn r2286]
2002-12-07 21:35:05 +00:00
Simon Tatham
4756c15fc9 Yet more global-removal. The static variables in logging.c are now
absent, and also (I think) all the frontend request functions (such
as request_resize) take a context pointer, so that multiple windows
can be handled sensibly. I wouldn't swear to this, but I _think_
that only leaves the Unicode stuff as the last stubborn holdout.

[originally from svn r2147]
2002-10-26 12:58:13 +00:00
Simon Tatham
6d0e9b205d First phase of porting. pterm now compiles and runs under Linux+gtk.
The current pty.c backend is temporarily a loopback device for
terminal emulator testing, the display handling is only just enough
to show that terminal.c is functioning, the keyboard handling is
laughable, and most features are absent. Next step: bring output and
input up to a plausibly working state, and put a real pty on the
back to create a vaguely usable prototype. Oh, and a scrollbar would
be nice too.
In _theory_ the Windows builds should still work fine after this...

[originally from svn r2010]
2002-10-09 18:09:42 +00:00
Simon Tatham
994aee285f Log file tinkering: copy Event Log entries into the SSH packet log,
so that when people send us a packet log they never forget to send
the Event Log alongside it :-)

[originally from svn r1960]
2002-09-15 13:21:32 +00:00
Simon Tatham
3e7e1eb9e8 Flush the log file after logging each packet (so that if we're going
to crash, we get an up-to-the-minute log of what happened just
before then).

[originally from svn r1543]
2002-01-10 19:50:07 +00:00
Simon Tatham
3ed0d44f16 Retired the #ifdef DUMP_PACKETS stuff in ssh.c because I'm utterly
sick of recompiling to enable packet dumps. SSH packet dumping is
now provided as a logging option, and dumps to putty.log like all
the other logging options. While I'm at it I cleaned up the format
so that packet types are translated into strings for easy browsing.
POSSIBLE SIDE EFFECT: in the course of this work I had to re-enable
the SSH1 packet length checks which it turns out hadn't actually
been active for some time, so it's possible things might break as a
result. If need be I can always disable those checks for the 0.52
release and think about it more carefully later.

[originally from svn r1493]
2001-12-14 14:57:50 +00:00