It tries to use the local username as the remote username if it has no
better ideas, but the presence of Default Settings would defeat this,
even if it had no username set. Reported by Jonathan Amery.
If we use getaddrinfo to translate the source IP address into a
sockaddr, then we need to freeaddrinfo the returned data later. Patch
due to Tim Kosse.
I don't think anyone has ever actually called it that, colloquially
_or_ formally, and if anyone ever did (in a bug report, say) I'd
probably have to stop and think to work out what they meant. It's
universally called Plink, and should be officially so as well :-)
I'm not actually sure why we've always had back ends notify ldisc of
changes to echo/edit settings by giving ldisc_send(ldisc,NULL,0,0) a
special meaning, instead of by having a separate dedicated notify
function with its own prototype and parameter set. Coverity's recent
observation that the two kinds of call don't even have the same
requirements on the ldisc (particularly, whether ldisc->term can be
NULL) makes me realise that it's really high time I separated the two
conceptually different operations into actually different functions.
While I'm here, I've renamed the confusing ldisc_update() function
which that special operation ends up feeding to, because it's not
actually a function applying to an ldisc - it applies to a front end.
So ldisc_send(ldisc,NULL,0,0) is now ldisc_echoedit_update(ldisc), and
that in turn figures out the current echo/edit settings before passing
them on to frontend_echoedit_update(). I think that should be clearer.
I had initially assumed that, since all of a user's per-connection
subdirectories live inside a top-level putty-connshare.$USER directory
that's not accessible to anyone else, there would be no need to
obfuscate the names of the internal directories for privacy, because
nobody would be able to look at them anyway.
Unfortunately, that's not true: 'netstat -ax' run by any user will
show up the full pathnames of Unix-domain sockets, including pathname
components that you wouldn't have had the access to go and look at
directly. So the Unix connection sharing socket names do need to be
obfuscated after all.
Since Unix doesn't have Windows's CryptProtectMemory, we have to do
this manually, by creating a file of random salt data inside the
top-level putty-connshare directory (if there isn't one there already)
and then hashing that salt with the "user@host" connection identifier
to get the socket directory name. What a pain.
[originally from svn r10222]
I'm about to add a list box which expects to contain some very long
but uninformative strings, and which is also quite vertically squashed
so there's not much room for a horizontal scroll bar to appear in it.
So here's an option in the list box specification structure which
causes the constructed GTKTreeView to use the 'ellipsize' option for
all its cell renderers, i.e. too-long strings are truncated with an
ellipsis.
Windows needs no change, because its list boxes already work this way.
[originally from svn r10219]
Robert de Bath points out that failure to remove the timer whose
callback returned FALSE may not have been the cause of runaway timer
explosion; another possibility is that a function called from
timer_trigger()'s call to run_timers() has already set a timer up by
the time run_timers() returns, and then we set another one up on top
of it. Fix that too.
[originally from svn r10206]
Mihkel Ader reports that on that system, timers apparently aren't
getting auto-destroyed when timer_trigger returns FALSE, so the change
in r10181 has caused GTK PuTTY to gradually allocate more and more
timers and consume more and more CPU as they all keep firing.
As far as I can see, this must surely be a bug in GTK 2 (the docs say
that timers _are_ auto-destroyed when their callback returns false),
and it doesn't seem to happen for me with GTK 2.4.23 on Ubuntu 14.04.
However, I'll try to work around it by _explicitly_ destroying each
old timer before we zero out the variable containing its id.
[originally from svn r10202]
[r10181 == e4c4bd2092]
Timer objects evaporate when our timer_trigger callback is called, and
therefore we should not remember their ids beyond that time and
attempt to cancel them later. Previous versions of GTK silently
ignored us doing that, but upgrading to Ubuntu Trusty has given me a
version of GTK that complains about it, so let's stop doing it.
[originally from svn r10181]
Previously, 'configure' and its assorted machinery lived in the 'unix'
subdir, because that seemed like a clean place to keep it given that
all the other per-platform Makefiles live in their platform
directories. However, this never sat all that happily with autotools,
and even less so now that it likes to have object file pathnames
parallel source file pathnames: if you have Makefile.am refer to
source files outside its subdir as "../terminal.c" and enable
subdir-objects then any out-of-tree build calls the corresponding
object file "../terminal.o" and so your build products mostly end up
at the directory above your build dir! And as of autotools 1.14 my
previous compensatory bodge of prefixing every source file path in
Makefile.am with "$(srcdir)" has stopped working too.
So I'm giving in to necessity, and changing policy by moving the
configure machinery up to the top level of the source tree where
autotools will be less confused by it. This should not be taken as any
indication of the primacy of the Unix port, only of the recalcitrance
of autotools.
Whereas before we had a trivial script called 'configure' at the top
level that invoked unix/configure to effectively do an 'out-of-tree
build' (for make purposes) at the top level of the source tree, we now
have a similar script in unix/configure. So this _should_ make very
little difference: people who were previously running configure from
the top level should still be able to, and likewise people who were
running it from the unix subdir.
[originally from svn r10141]
I had somehow missed this completely out of the GTK mouse-button
handling and never noticed until now!
Of course, like any other mouse action, if you want it to be handled
locally rather than passed through then you can hold down Shift.
[originally from svn r10139]
One of my changes in uxnet.c was outside the NO_IPV6 ifdef, and broke
compilation in the normal mode. Revert all changes in that file and
replace with a reference to the 'step' parameter in the no-IPv6
version of the SOCKADDR_FAMILY macro, so that those warnings are
squelched anyway.
[originally from svn r10136]
[r10135 == e00a004e64]
A user pointed out that 'family' was uninitialised in config.c, and
when I tried test-building with -DNO_IPV6 (and the usual -Werror, of
course) some unused variables showed up in uxnet.c too.
[originally from svn r10135]
Both GUI PuTTY front ends have a piece of logic whereby a string is
interpreted as host:port if there's _one_ colon in it, but if there's
more than one colon then it's assumed to be an IPv6 literal with no
trailing port number. This permits the PuTTY command line to take
strings such as 'host', 'host:22' or '[::1]:22', but also cope with a
bare v6 literal such as '::1'.
This logic is also required in the two Plink front ends and in the
processing of CONF_loghost for host key indexing in ssh.c, but was
missing in all those places. Add it.
[originally from svn r10121]
I've gone through everywhere we handle host names / addresses (on
command lines, in PuTTY config, in port forwarding, in X display
names, in host key storage...) and tried to make them handle IPv6
literals sensibly, by using the host_str* functions I introduced in my
previous commit. Generally it's now OK to use a bracketed IPv6 literal
anywhere a hostname might have been valid; in a few cases where no
ambiguity exists (e.g. no :port suffix is permitted anyway)
unbracketed IPv6 literals are also acceptable.
[originally from svn r10120]
I found last week that when a local proxy process terminated
unexpectedly, Unix PuTTY went into a tight loop calling quit
functions, because if idle_toplevel_callback_func is called from
inside a subsidiary gtk_main then it will schedule a quit function and
_not_ disable itself, so that that quit function keeps being
rescheduled on subsequent calls.
To fix, I've tried to make the whole handling of idle and quit
functions more sensibly robust: we keep our own boolean flag
indicating whether each of our functions has already been scheduled
with GTK, and if so, we don't schedule the same one again. Also, when
idle_toplevel_callback_func schedules a quit function, it should
unschedule itself since it's now done everything it can until a
gtk_main instance quits.
[originally from svn r10100]
The one in Ubuntu 10.04 doesn't know what AM_PROG_AR means, so
configure.ac was broken in r10053 when fixing compatibility with later
versions; you can't win...
[originally from svn r10086]
[r10053 == 2d9cc79d53]
I've enabled gcc's format-string checking on dupprintf, by declaring
it in misc.h to have the appropriate GNU-specific attribute. This
pointed out a selection of warnings, which I've fixed.
[originally from svn r10084]
The basic strategy is described at the top of the new source file
sshshare.c. In very brief: an 'upstream' PuTTY opens a Unix-domain
socket or Windows named pipe, and listens for connections from other
PuTTYs wanting to run sessions on the same server. The protocol spoken
down that socket/pipe is essentially the bare ssh-connection protocol,
using a trivial binary packet protocol with no encryption, and the
upstream has to do some fiddly transformations that I've been
referring to as 'channel-number NAT' to avoid resource clashes between
the sessions it's managing.
This is quite different from OpenSSH's approach of using the Unix-
domain socket as a means of passing file descriptors around; the main
reason for that is that fd-passing is Unix-specific but this system
has to work on Windows too. However, there are additional advantages,
such as making it easy for each downstream PuTTY to run its own
independent set of port and X11 forwardings (though the method for
making the latter work is quite painful).
Sharing is off by default, but configuration is intended to be very
easy in the normal case - just tick one box in the SSH config panel
and everything else happens automatically.
[originally from svn r10083]
It was only actually used in X11 and port forwarding, to find internal
state structures given only the Socket that ssh.c held. So now that
that lookup has been reworked to be the sensible way round,
private_ptr is no longer used for anything and can be removed.
[originally from svn r10075]
This prevents embarrassing mess-ups involving getting back a Socket
which has mostly been memset to 0 but contains an error message,
sk_close()ing it to free the memory, and finding that standard input
has been closed as a side effect.
[originally from svn r10073]
There are two new functions: one to construct a SockAddr wrapping a
Unix socket pathname (which can also be used as the destination for
new_connection), and one to establish a new listening Unix-domain
socket.
[originally from svn r10072]
The mechanism for constructing a new connection-type Socket when a
listening one receives an incoming connection previously worked by
passing a platform-specific 'OSSocket' type to the plug_accepting
function, which would then call sk_register to wrap it with a proper
Socket instance. This is less flexible than ideal, because it presumes
that only one kind of OS object might ever need to be turned into a
Socket. So I've replaced OSSocket throughout the code base with a pair
of parameters consisting of a function pointer and a context such that
passing the latter to the former returns the appropriate Socket; this
will permit different classes of listening Socket to pass different
function pointers.
In deference to the reality that OSSockets tend to be small integers
or pointer-sized OS handles, I've made the context parameter an
int/pointer union that can hold either of those directly, rather than
the usual approach of making it a plain 'void *' and requiring a
context structure to be dynamically allocated every time.
[originally from svn r10068]
Automake now insists that we run AM_PROG_AR if we're going to build a
library, and AM_PROG_CC_C_O if we're going to build anything with
extra compile options. Those extra macros seem harmless in previous
versions of automake.
[originally from svn r10053]
Unix GUI programs should not say 'Fatal Error' in the message box
title, and Plink should not destroy its logging context as a side
effect of printing a non-fatal error. Both appear to have been due to
inattentive cut and paste from the pre-existing fatal error functions.
[originally from svn r10044]
This change attempts to reinstate as a universal property something
which was sporadically true of the ad-hockery that came before
toplevel callbacks: that if there's a _very long_ queue of things to
be done through the callback mechanism, the doing of them will be
interleaved with re-checks of other event sources, which might (e.g.)
cause a flag to be set which makes the next callback decide not to do
anything after all.
[originally from svn r10040]
Again, I've removed the special-purpose ad-hockery from the assorted
front end message loops that dealt with deferred handling of socket
errors, and instead uxnet.c and winnet.c arrange that for themselves
by calling the new general top-level callback mechanism.
[originally from svn r10023]
Instead of having a special GTK idle function for dealing with session
closing, I now use the new top-level callback mechanism which is
slightly simpler for calling a one-off function.
Also in this commit, I've arranged for connection_fatal to queue a
call to the same session close function after displaying the message
box, with the effect that now all the same processing takes place no
matter whether the session closes cleanly or uncleanly - e.g. the SSH
specials submenu is cleaned out, as it should be.
[originally from svn r10022]
I've removed the ad-hoc front-end bodgery in the Windows and GTK ports
to arrange for term_paste to be called at the right moments, and
instead, terminal.c itself deals with knowing when to send the next
chunk of pasted data using a combination of timers and the new
top-level callback mechanism.
As a happy side effect, it's now all in one place so I can actually
understand what it's doing! It turns out that what all that confusing
code was up to is: send a line of pasted data, and delay sending the
next line until either a CR or LF is returned from the server
(typically indicating that the pasted text has been received and
echoed) or 450ms elapse, whichever comes first.
[originally from svn r10020]
This is a little like schedule_timer, in that the callback you provide
will be run from the top-level message loop of whatever application
you're in; but unlike the timer mechanism, it will happen
_immediately_.
The aim is to provide a general way to avoid re-entrance of code, in
cases where just _doing_ the thing you want done is liable to trigger
a confusing recursive call to the function in which you came to the
decision to do it; instead, you just request a top-level callback at
the message loop's earliest convenience, and do it then.
[originally from svn r10019]
parallels a similar mechanism in winnet.c and came over by copy and
paste, but is pointless in the Unix networking API.
On Windows, if you're using a mechanism such as WSAAsyncSelect which
delivers readability notifications as messages rather than return
values from a system call, you only get notified that a socket is
readable once - it remembers that it's told you, and doesn't tell you
again until after you've done a read. So in the case where we
intentionally stop reading from a socket because our local buffer is
full, and later want to start reading again, we do a read from the
socket with MSG_PEEK set, and that clears Windows's flag and tells it
to start sending us readability notifications again.
On Unix, select() and friends didn't do anything so strange in the
first place, so the whole mechanism is unnecessary.
[originally from svn r9951]
immediately after conf_deserialise in the Duplicate Session receiver,
whereas I should have put it after the subsequent loop that extracts
the pty argv if any.
[originally from svn r9943]
[r9919 == ea301bdd9b]
that the user really ought to know but that are not actually fatal to
continued operation of PuTTY or a single network connection.
[originally from svn r9932]
of the GET_32BIT macros and then used as length fields. Missing bounds
checks against zero have been added, and also I've introduced a helper
function toint() which casts from unsigned to int in such a way as to
avoid C undefined behaviour, since I'm not sure I trust compilers any
more to do the obviously sensible thing.
[originally from svn r9918]
code, which would have coped badly if ever asked to select the first
font in the list at a size smaller than it supported. Luckily the
first font tended to be one of the X numeric aliases (e.g. 10x20)
which was stored with size zero, so this probably didn't actually come
up for anyone, but better safe than sorry.
[originally from svn r9910]
segfaults if a PuTTY or pterm did not close on exit and then you
either typed something via input_method_commit_event or changed the
line editing or echo settings.
[originally from svn r9908]
where the GTK1 detection function AM_PATH_GTK hasn't been provided by
/usr/share/aclocal/gtk.m4 or equivalent.
(Systems without gtk.m4 are becoming more common, but on the other
hand I know at least one person is still using GTK 1 PuTTY since the
0.62 release.)
[originally from svn r9868]
character set configuration to UTF-8, on both Windows and Unix, and
reorganise the dropdown lists in the Translation menu so that UTF-8
appears at the top (and Unix's odd "use font encoding" is relegated to
the bottom of the list like the special-purpose oddity it is).
[originally from svn r9843]
privileges just before dying of a fatal signal. I'm not sure what I
intended it for in the first place; it certainly isn't doing its job
properly (no setgid), it's causing compiler warnings due to not
checking the setuid return code, and we can't think of any useful
purpose for it.
[originally from svn r9766]
and returns its error message as a string, instead of actually
printing it on standard error and exiting. Now we can preserve the
previous error behaviour when we get a nonexistent font name at
startup time, but no longer rudely terminate in mid-session if the
user configures a bogus font name in Change Settings.
[originally from svn r9745]
pty_utmp_helper_pipe _and_ the close of it if we're not going to write
should be conditionalised on the pipe existing, rather than just the
former!
[originally from svn r9729]
open("/dev/ptmx"), where the former is available. Improves
portability, since at least one OS (OpenBSD) supports the POSIX pty
functions but does it via an underlying mechanism which doesn't
involving having a /dev/ptmx.
[originally from svn r9728]
OS doesn't automatically assume it.
(It would seem faintly weird to me - surely opening the master end of
a given pty is a fairly good indication that you're _not_ a process
running inside it which wants to have it available as /dev/tty! But
you never know...)
[originally from svn r9727]
localhost connections, and also enable X forwarding in such a way that
it will attempt to connect to a Unix-domain X server socket, an
assertion will fail when proxy_for_destination() tries to call
sk_getaddr(). Fix by ensuring that Unix-domain sockets are _never_
proxied, since they fundamentally can't be.
[originally from svn r9688]
Well, at least across all command-line tools on both Windows and Unix,
and the GTK apps on Unix too. The Windows GUI apps fundamentally can't
write to standard output and it doesn't seem sensible to use message
boxes for these purposes :-)
[originally from svn r9673]
First, make absolute times unsigned. This means that it's safe to
depend on their overflow behaviour (which is undefined for signed
integers). This requires a little extra care in handling comparisons,
but I think I've correctly adjusted them all.
Second, functions registered with schedule_timer() are guaranteed to be
called with precisely the time that was returned by schedule_timer().
Thus, it's only necessary to check these values for equality rather than
doing risky range checks, so do that.
The timing code still does lots that's undefined, unnecessary, or just
wrong, but this is a good start.
[originally from svn r9667]
Unconditionally override the configured terminal size with the one
from stdin if it's available. This avoids the silliness whereby if
Default Settings had a terminal size set, Plink used this and thus
caused the server to use the wrong size.
[originally from svn r9624]
zero but does it in such a way that over-clever compilers hopefully
won't helpfully optimise the call away if you do it just before
freeing something or letting it go out of scope. Use this for
(hopefully) every memset whose job is to destroy sensitive data that
might otherwise be left lying around in the process's memory.
[originally from svn r9586]
having just noticed that Makefile.gtk had it and this one doesn't. (Of
course, this being autoconf, we can easily enough make it conditional
on the compiler actually being gcc.)
[originally from svn r9583]
and the argument list contains only one string, try again by passing
that single string to "$SHELL -c" to be parsed as a shell command.
This matches xterm's behaviour (as of xterm 261, at least), and means
in practice that users can do _either_ of 'pterm -e some command' and
'pterm -e "some command"'.
(A quick survey suggests that the majority of X terminal programs agree
with pterm's old behaviour of only supporting '-e some command',
except that gnome-terminal only supports the other behaviour and xterm
supports both. With that disagreement, I think supporting both is
probably the sensible thing.)
[originally from svn r9575]
piece of keyboard handling: if Num Lock is on, numeric keypad keys are
eaten by the IM, so we must avoid passing them to the IM in the first
place if we're in any non-default numeric keypad mode (application or
Nethack).
This is a grubby way to do it, but the more obvious approach of just
moving the Nethack and app-keypad if statements up to above the IM
call doesn't work because those statements depend on the generic
Alt-prefix handling that happens just _below_ the IM call. So instead
I just repeat the list of keystrokes and modes in an if statement
conditionalising the IM call.
[originally from svn r9573]
[r9567 == 7fc8db15b2]
a GtkIMMulticontext and having that filter most keypresses. I think
I've got this right so that it doesn't break any previous deliberate
keyboard-handling behaviour that's now _after_ the 'if (filter
keypress) return' statement.
[originally from svn r9567]
The previous platform-dependent ifdefs, switching between a system
which tried to cope with spurious callbacks (which I'd observed on
Windows) and one which tried to cope with system clock jumps (which
can happen on Unix, if you use gettimeofday) have been completely
removed, and replaced with a much simpler approach which just copes
with system clock jumps by triggering any timers immediately.
None of the resulting effects should be catastrophic (the worst thing
might be the waste of CPU in a spurious rekey, but as long as the
system clock isn't jumping around _all_ the time that's hardly
critical) and in any case the Unix port has had a long-standing oddity
involving occasional lockups if pterm or PuTTY runs for too long,
which hopefully this should replace with a much less bad failure mode.
And the code is much simpler, which is not to be sneezed at.
[originally from svn r9528]
will not even initialise sbstring[0], so we shouldn't even look at it
let alone depend on it to tell us the desired character was absent.
[originally from svn r9465]
logevent(), which temporarily turn off the raw mode we've put stderr
into, so that they don't get called if the log_eventlog() call between
them is not _actually_ going to write to stderr.
Fixes a bug in which, if you define a Unix PuTTY saved session which
uses 'plink -nc' as a local proxy command and then run PuTTY
backgrounded from the shell with that session loaded, the subprocess
Plink would get SIGTTOU when it tried to muck about with stderr and
the whole thing would grind to a halt. I'm prepared to consider that
acceptable if Plink _really_ wants to write on standard error, but if
it doesn't, it should just carry on working in the background!
[originally from svn r9462]
duplicate the strings they pass to gtk_entry_set_text. I was already
doing that in dlg_editbox_set, but forgot to add the same code when I
revamped FontSpec and Filename to contain dynamically allocated
strings (r9314 and r9316 respectively). This fixes a bug where, on
some versions of GTK (but apparently not up-to-date versions), loading
a saved session causes gibberish to appear in file-selector edit boxes
accompanied by a valgrind error.
[originally from svn r9456]
[r9314 == 9c75fe9a3f]
[r9316 == 62cbc7dc0b]
deprecated g_strcasecmp (since all the strings being compared are
parts of XLFDs and won't be in interesting character sets anyway).
[originally from svn r9376]
remembered to do before! Also some related fixes, such as that after
we do so we should immediately stop selecting on the socket in
question.
[originally from svn r9363]
of local sockets and pipes all open at once, and if one of them is
uncleanly closed from the remote end we don't want the whole
application to die - we want to close that socket's SSH channel and
continue with the rest of the run.
[originally from svn r9359]
allocated type.
The main reason for this is to stop it from taking up a fixed large
amount of space in every 'struct value' subunion in conf.c, although
that makes little difference so far because Filename is still doing
the same thing (and is therefore next on my list). However, the
removal of its arbitrary length limit is not to be sneezed at.
[originally from svn r9314]
because (a) under that circumstance we won't be writing to utmp
anyway, and (b) if we aren't setuid, then we won't have created the
pty at the point we fork, so even if our subprocess _could_ have
written to utmp it wouldn't have done it right!
Spotted by valgrind (triggering on the access beyond the end of the
ttyname string in setup_utmp, clueing me in to it having been empty).
[originally from svn r9309]
hadn't previously noticed, but Pango was helpfully re-reversing text
that PuTTY's own bidi module had already reversed, leading to Arabic
text being wrongly displayed and also total chaos when you move the
cursor over it or try to cut and paste it.
[originally from svn r9294]
by introducing a wrapper around an individual unifont which falls back
to Pango (which already has built-in fallback) in the case where the
selected font doesn't support the glyph in question.
The wrapper itself is a (vestigial) subclass of unifont, to minimise
disturbance at the call sites.
[originally from svn r9293]
individual font implementation as wchar_t, rather than having to be
converted by the client into the appropriate MBCS/SBCS.
This also means I can remove 'real_charset' from the public-facing
contents of the unifont structure.
[originally from svn r9292]
font operations are now done directly using Xlib calls, and the only
interaction with GDK within the x11font mechanism is to get the X ids
for drawables, GCs and the X display itself.
This should remove an obstacle to porting to GTK3, and also makes the
XFontStruct for loaded fonts more readily available, which I hope will
come in handy for another plan I have in mind.
[originally from svn r9289]
data channels. Should comprehensively fix 'half-closed', in principle,
though it's a big and complicated change and so there's a good chance
I've made at least one mistake somewhere.
All connections should now be rigorous about propagating end-of-file
(or end-of-data-stream, or socket shutdown, or whatever) independently
in both directions, except in frontends with no mechanism for sending
explicit EOF (e.g. interactive terminal windows) or backends which are
basically always used for interactive sessions so it's unlikely that
an application would be depending on independent EOF (telnet, rlogin).
EOF should now never accidentally be sent while there's still buffered
data to go out before it. (May help fix 'portfwd-corrupt', and also I
noticed recently that the ssh main session channel can accidentally
have MSG_EOF sent before the output bufchain is clear, leading to
embarrassment when it subsequently does send the output).
[originally from svn r9279]
of preference so that the later ones overwrite the configured stuff
from the older ones, test in decreasing order of preference and stop
as soon as one is successful. Fixes a problem in which
autoconfiguration on a system containing only GTK 1 would go wrong
because the _failed_ test for GTK 2 would overwrite some but not all
of the variables set by the successful test for v1.
[originally from svn r9270]
error, we should also read the corresponding password inputs from
/dev/tty. That way, redirection of Plink's standard input will play
nicely with SSH sessions that need interactive login.
(This is what we get for disdaining getpass(3) and going it alone, of
course. But we had no choice, due to the extra output part way through
keyboard-interactive.)
[originally from svn r9262]
I think I have to consider this to be a separate but related change to
the wishlist item 'pscp-filemodes'; that was written before the Unix
port existed, and referred to the ability to configure the permissions
used for files copied from Windows to Unix - which is still not done.
[originally from svn r9260]
--without-gtk as a means of manually overriding the makefile into one
building the command-line tools only (as it would if GTK were not
found at all at configure time).
[originally from svn r9240]
mkfiles.pl no longer generates a Makefile.in, but instead generates a
Makefile.am on which mkauto.sh runs automake. This means that the
autoconfigured makefile now does build-time dependency tracking (a
standard feature of automake-generated makefiles), and is generally
more like what Unix people will expect.
Some of the old-style make command-line settings (VER=-DRELEASE=foo,
XFLAGS=-DDEBUG) will still work; the COMPAT settings are better done
by autoconfiguration, and my habitual 'XFLAGS="-g -O0"' for an easily
debuggable build will actually not work any more because CFLAGS is
specified _after_ XFLAGS, so I should instead write 'make CFLAGS=-O0'
(-g is the default in automake, removed at 'make install' time).
The new makefile will automatically degrade into one that builds the
command-line tools only, in the case where GTK could not be found. In
principle, therefore, it should be an adequate replacement for _both_
the static Unix makefiles, Makefile.gtk and Makefile.ux. I haven't
actually retired those in this commit, but I'm pretty tempted.
[originally from svn r9239]
on success rather than to $LIBS, because it's only used in the GUI
tools and we don't want the command-line tools linked against it.
[originally from svn r9238]
which GTK version you want to build with if both are installed. Based
on a patch by Malcolm Smith, though somewhat modified.
[originally from svn r9228]
files which provide auto-detection of GTK 1 and GTK 2. This makes it
easier for casual PuTTY developers to rerun autoconf for their own
purposes without having to install obscure extra packages. Obviously
the resulting configure script will not know how to detect whichever
version of GTK they didn't have support for, so it won't be product-
quality by my standards, but it should be good enough that they can
prepare unrelated patches to send to us.
[originally from svn r9227]
SSH_AUTH_SOCK is defined to the empty string. (Because a common way to
'unset' it is to run commands like 'SSH_AUTH_SOCK= putty -load thing'.)
[originally from svn r9225]
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
information about where to put items that aren't mentioned in the
saved configuration. So far the only nontrivial use I've made of this
facility is to default to placing KEX_RSA just above KEX_WARN in the
absence of any other information, which should fix
'ssh2-rsa-kex-pref'.
While I'm here I've rewritten wprefs() on general principles to remove
the needless length limit, since I was touching it anyway. The length
limit is still in gprefs (but I've lengthened it just in case).
[originally from svn r9181]
SIGPIPE ignored in its child processes, leading to unexpected
behaviour inside pterms. (The gnome-session I'm sitting in front of
doesn't seem to do this as far as I can tell, but I don't doubt there
are some that do.) Add SIGPIPE to the list of signals we reset to
default behaviour before launching pterm's child process.
[originally from svn r9117]
in saved sessions, so that a programmable window manager can
distinguish different PuTTYs/pterms on startup and assign them
different window management properties.
[originally from svn r9078]
union of rates found in the termios.h of Linux 2.6.24 and "SunOS 5.6
Generic_105181-29 sun4u sparc SUNW,Ultra-4" machines. After a patch by
Thomas Bechtold.
[originally from svn r9028]
attempt to block, and hence return EAGAIN/EWOULDBLOCK, in spite of
the port having been reported readable by select(2). Don't treat
those errors as fatal.
[originally from svn r9020]
are now loaded from standard locations (system32 for SSPI, the
registry-stored MIT KfW install location for KfW) rather than using
the risky default DLL search path; I've therefore also added an
option to manually specify a GSS DLL we haven't heard of (which
should in principle Just Work provided it supports proper GSS-API as
specified in the RFC). The same option exists on Unix too, because
it seemed like too useful an idea to reserve to Windows. In
addition, GSSAPI is now documented, and also (unfortunately) its GUI
configuration has been moved out into a sub-subpanel on the grounds
that it was too big to fit in Auth.
[originally from svn r9003]
insist on finding a bit of spare screen to put it in. Still pondering whether
it's sensible to do this with the "change settings" box as well.
[originally from svn r8970]
as part of r8952 (the patch submitter had done it as a temporary
measure and I forgot to undo it before checkin).
[originally from svn r8956]
[r8952 == 99fffd6ed3]
reorganises the GSSAPI support so that it handles alternative
implementations of the GSS-API. In particular, this means PuTTY can
now talk to MIT Kerberos for Windows instead of being limited to
SSPI. I don't know for sure whether further tweaking will be needed
(to the UI, most likely, or to automatic selection of credentials),
but testing reports suggest it's now at least worth committing to
trunk to get it more widely tested.
[originally from svn r8952]
function in terminal.c, and replace the cloned-and-hacked handling
code in all our front ends with calls to that.
This was intended for code cleanliness, but a side effect is to make
the GTK arrow-key handling support disabling of application cursor
key mode in the Features panel. Previously that checkbox was
accidentally ignored, and nobody seems to have noticed before!
[originally from svn r8896]
PuTTY makes explicit use of libX11 without including -lX11 on the
link line. (GNU ld appears to pull in libX11 automatically because
it's needed for the dependencies of GTK, but gold expects that
dependency to be satisfied at run time via DT_NEEDED and hence
doesn't bother.) Hence, add explicit -lX11 to both Makefile.gtk and
the autoconf world.
[originally from svn r8876]
plink did not cope gracefully with this -- it was not possible to override that
hostname on the command line (attempts at doing so would be treated as part of
the remote command).
Fix this by applying the principle of r7265: if the user didn't explicitly
specify that they wanted to launch the hostname in the default (for instance
with '-load "Default Settings"', we assume they don't want to, and such a
hostname doesn't count when deciding whether to treat a non-option argument as
hostname or command.
[originally from svn r8651]
[r7265 == 5d76e00dac]
[r7266 == 856ed4ae73]
sessions submenu of the terminal window context menu (as Pageant does), rather
than an empty menu (which often renders poorly).
[originally from svn r8648]
trouble on Ubuntu, where the Gtk test programs don't check the return value
from system() and thus fall foul of the combination of our -Werror and
<https://wiki.ubuntu.com/CompilerFlags#-D_FORTIFY_SOURCE=2>.
[originally from svn r8638]
into a single gdk_draw_layout() where conveniently feasible, after
some work with xtrace revealed this as a major source of pterm's
slow display updates when using client-side fonts.
Ideally we ought to be able to do better. I know exactly what
sequence of X protocol operations I want to see on the wire, but I
don't know how to persuade Pango to generate them.
[originally from svn r8558]
prompts packet containing no actual prompts (perhaps due to odd
server organisation, or perhaps so it can print a banner message and
do nothing else). Previously, the get_userpass_input functions
always returned failure when in '-batch' mode, even in this case
where no actual input would be required.
[originally from svn r8490]
'string' field in a GdkEventKey structure as ISO-8859-1, which was
correct for GTK 1.2 but in 2.0 that field is encoded according to
the current C library locale. Hence, we now process that field by
converting it to UTF-8 via trips through both libc and libcharset,
and then let lpage_send() convert from UTF-8 back to whatever it's
supposed to actually go down the line in.
[originally from svn r8470]
to a Unix-domain socket. This typically works fine when PuTTY is run on the
same machine as the X server, but it's broken multi-hop X forwarding through
OpenSSH; when OpenSSH creates a proxy X server "localhost:10", it only listens
on TCP, not on a Unix-domain socket.
Instead, when deciding on the details of the display, we actively probe to see
if there's a Unix-domain socket we can use instead, and only use it if it's
there, falling back to the specified IP "localhost" if not.
Independently, when looking for local auth details in Xauthority for a
"localhost" TCP display, we prefer a matching Unix-domain entry, but will fall
back to an IP "localhost" entry (which would be unusual, but we don't trust a
Windows X server not to do it) -- this is a generalisation of the special case
added in r2538 (but removed in r8305, as the automatic upgrade masked the need
for it).
(This is now done in platform-independent code, so a side-effect is that
get_hostname() is now part of the networking abstraction on all platforms.)
[originally from svn r8462]
[r2538 == fda9983243]
[r8305 == ca6fc3a4da]
r7084 at the same time as sensible permissions when writing private key files;
however, it causes an assertion failure whenever an attempt is made to append
to an existing log file on Unix, and it's not clear what "is_private" *should*
do for append, so revert to log file security being the user's responsibility.
(Fixes Ubuntu LP#212711.)
[originally from svn r8461]
[r7084 == 4fa9564c90]
This could cause Unix PuTTY to segfault when X forwarding over an SSH session
through a proxy.
(sk_getaddr() wouldn't cope either -- in that case, add an assertion to make it
more obvious; I don't think it should ever happen.)
[originally from svn r8391]
sk_hostname_is_local(), to catch the case where we're doing something like X11
forwarding over SSH through a proxy, and we've thus disabled local lookup of
hostnames.
(I think this is what's behind the report in
<e9a86996-5dc2-4428-9b0c-c65693ca6351@m32g2000hsf.googlegroups.com>
in comp.security.ssh, although I'd like to know more of the circumstances.)
[originally from svn r8385]
do this if the supplied buffer isn't big enough, which shouldn't lead to
complete abandonment of X11 auth. (Would only have bitten with hostnames
>255 chars anyway.)
[originally from svn r8383]
list of selection targets offered by GTK PuTTY/pterm grows an extra
copy of each of the three supported text formats every time the user
makes a selection!
[originally from svn r8364]
void *, and hence eliminate a few casts. The Windows definition is
unchanged, but I daresay I've managed to stop it compiling nonetheless.
[originally from svn r8359]
ourselves, but on Unix then assumed it was compatible with the system's
gss_buffer_desc, which wasn't the case on LP64 systems. Now, on Unix
we make Ssh_gss_buf into an alias for gss_buffer_desc, though we keep
something similar to the existing behaviour on Windows. This requires
renaming a couple of the fields in Ssh_gss_buf, and hence fixing all
the references.
Tested on Linux (MIT Kerberos) and Solaris. Compiled on NetBSD (Heimdal).
Not tested on Windows because neither mingw32 nor winegcc worked out of the
box for me. I think the Windows changes are all syntactic, though, so
if this compiles it should work no worse than before.
[originally from svn r8326]
than <gssapi/gssapi_krb5.h> and provide the OID for Kerberos 5 ourselves
(since it's a known constant). I'm not sure this actually works on Solaris
yet, mind.
[originally from svn r8317]
strings more rigorously, and then we look up the local X authority
data in .Xauthority _ourself_ rather than delegating to an external
xauth program. This is (negligibly) more efficient on Unix, assuming
I haven't got it wrong in some subtle way, but its major benefit is
that we can now support X authority lookups on Windows as well
provided the user points us at an appropriate X authority file in
the standard format. A new Windows-specific config option has been
added for this purpose.
[originally from svn r8305]
called from within a backend function which will expect its own
backend pointer to still be valid on return. Instead, move all the
real functionality of notify_remote_exit() out into a GTK idle
function.
[originally from svn r8304]
"curraddr", and turn "family" into a macro-derived property of the
other fields. The idea is that this renders SockAddrs immutable once
created, which should open up the possibility of duplicating and
reusing one without having to redo the actual DNS lookup.
I _hope_ I haven't broken anything. The new code architecture
contains several rather dubious-looking operations (namely the
arbitrary choice of the first returned address in functions like
sk_getaddr and sk_address_is_local - what if, for instance, a DNS
lookup returned a local and a non-local address?), but I think they
were functionally just as dubious beforehand and all this change has
done is to make them more obviously so to a reader.
[originally from svn r8293]
ago, I apparently caused all data received from local proxies to be
unconditionally tagged as TCP Urgent. Most network backends ignore
this, but it's critical to the Telnet backend, which will ignore all
Urgent-marked data in the assumption that there's a SYNCH on its way
that it should wait for. Nobody has noticed in two years, presumably
meaning that nobody has ever tried to do Telnet over a local proxy
in that time.
[originally from svn r8158]
and gss_name_t are supposed to be congruent types, so a pointer to
one should never be cast to a non-indirect instance of the other.
[originally from svn r8157]
(rather than IPv4 or IPv6-only; this is the default), try to open up listening
sockets on both address families, rather than (unhelpfully) just IPv6. (And
don't open one if the other can't be bound, in a nod to CVE-2008-1483.)
Based on a patch from Ben A L Jemmett.
[originally from svn r8150]
[this svn revision also touched putty-wishlist]
with the switch to GTK2. This turns out to be because, where GTK1
represented the scroll wheel as mouse buttons 4 and 5 and generated
GdkEventButton when it was moved, GTK2 has moved wheel actions out
into a new event type GdkEventScroll which we were not handling. Now
we do, so scroll wheel support should be back in place.
[originally from svn r8063]
versions >= 2.0 (when the new list boxes came in) but < 2.4 (when
the new combo boxes came in). Since some combo boxes are handled
using the old list-box code, this means that the two lots of code
can both be compiled in at once in some situations!
[originally from svn r8031]
addressing X displays. Update PuTTY's display-name-to-Unix-socket-
path translation code to cope with it, thus causing X forwarding to
start working again on Leopard.
[originally from svn r8020]
filter checkboxes to filter the currently selected font out of the
family list and then does something in one of the other list boxes
or the size edit box.
[originally from svn r7990]
the font config box and then invoking the unifontsel causes the box
to come up empty rather than populated with that font. Turns out
that I completely forgot to have pangofont_canonify_fontname()
return the flags word, ahem.
[originally from svn r7988]
client- and server-side fonts into a single namespace was mainly to
hope there would naturally be no collisions, and to provide
disambiguating "client:" and "server:" prefixes for manual use in
emergencies.
Jacob points out, however, that his system not only has a namespace
clash but worse still the clash is at the name "fixed", which is our
default font! So, modify my namespace policy to use the
disambiguating prefixes everywhere by default, and use _unprefixed_
names only if the user types one in by hand.
In particular, I've changed the keys used to store font names in
Unix saved session files. Font names read from the new keys will be
passed straight to the new unifont framework; font names read from
the old keys will have "server:" prepended. So any existing
configuration file for GTK1 PuTTY should now work reliably in GTK2
PuTTY and select the same font, even if that font is one on which
your system (rather, your client+server combination) has a font
namespace clash.
[originally from svn r7973]
box: shortcut activations for list boxes are missing.
That's the last thing on the to-do list. We're now ready to merge
back to the trunk, given only some final testing!
[originally from svn r7967]
we can now build and run successfully using both GTK1 and GTK2 by
giving appropriate options to make. (Specifically, to override the
default of GTK2 in favour of GTK1, "make GTK_CONFIG=gtk-config".)
[originally from svn r7966]
ones. (I'm going to merge the GTK1 list code back in under ifdefs,
and I want none of the disputed structure fields to have the same
names, so that I'll reliably be told by the compiler if I keep the
wrong piece of code outside the ifdef.)
[originally from svn r7965]
in the presence of GTK 2 we also check to see whether we have a
prehistoric Pango (since Pango itself helpfully doesn't provide that
functionality, bah).
[originally from svn r7964]
custom Columns layout class to see what fiddly details of
GTK2isation were yet to be done. It turns out that all the basic
object management got moved out of GTK into a separate library, so
that all the gtk_object_* calls are deprecated and g_object_* should
be used instead; having done that, though, it all looks perfectly
fine.
[originally from svn r7962]
shortcut mechanism. The existing code doesn't use any deprecated
calls, and translating shortcut text _into_ Pango markup just sounds
too unpleasant to do if I don't actually have to. Not to mention
that the documentation for the Pango markup language doesn't tell me
how to distinguish a mnemonic underscore prefix from a literal
underscore in label text, but I know my current code can get that
right (the current config box talks about TCP_NODELAY and
SO_KEEPALIVE in widget labels that also have functioning shortcuts).
[originally from svn r7961]
selector. I had previously been worried that the default of not
showing aliases interacted badly with the default actual font
_being_ specified as an alias. One of those defaults had to change,
and I've decided which: `fixed' is staying as Unix PuTTY's default
font in defiance of GTK2's vigorous encouragement of Pango.
[originally from svn r7960]
GtkTreeView, GtkComboBox and GtkComboBoxEntry instead of the various
old deprecated stuff. Immediate benefit: GTK2 natively supports real
drag lists, hooray!
[originally from svn r7959]
gtk_container_dequeue_resize_handler in request_resize() was;
everything seems to work fine without it. So I'm removing the
nonportable GTK 2 instance of it, and if anything ever goes wrong as
a result then I'll at least find out what the problem was.
[originally from svn r7957]
string. Without this, Richard B reports that Pango 1.18 will treat
_anything_ as valid, which means PuTTY can never fall back to X
fonts.
[originally from svn r7956]
font selector: I had got the row and column counts in
gtk_table_new() back to front, so the space on the right was the
padding around five empty table columns! (And apparently a GtkTable
silently expands if you try to use rows that don't exist, which is
why I hadn't already noticed.)
Fixed that, and added some padding around the entire table. I think
my font selector is now finished, except for any bug fixes that come
up in testing.
[originally from svn r7954]
during an entire run of unifontsel (because unifontsel_set_name was
either not called at all, or called with a name that didn't
correspond to any known font). In this situation we grey out the OK
button until a valid font is selected, and we have
unifontsel_get_name return NULL rather than failing an assertion if
it should be called in that state. The current client code in
gtkdlg.c should never encounter a NULL return, since it only calls
it after the OK button is clicked, but I've stuck an assertion in
there too on general principles.
[originally from svn r7953]
character at a time centred in its character cell, as we do for
Pango. Gives much better results for those non-monospaced fonts
which are usable as terminal fonts, and shows up the problems with
the others more readily. (In particular, this means the preview pane
in the font selector now warns you there will be trouble if you
select such a font.)
[originally from svn r7949]
selectors, preserve their most recent size selection as faithfully
as possible. We do this by having a secondary size variable
indicating what they _intend_, so we can come back to their intended
size even after going through a font which doesn't include it.
[originally from svn r7947]
we can call it both when the drawing area changes size and when the
selected font changes. As a result, the preview pane doesn't start
off blank any more.
[originally from svn r7945]
them automatically. If the user selects an alias in the font
selector, they get that alias copied literally into the output font
name string; when they return to the font selector, the alias is
still selected. We still _can_ resolve aliases, but we only do it on
demand: double-clicking one in the list box will do the job.
[originally from svn r7944]
instead of alphabetical order. This is more than cosmetic: it's
important because the first one in the list is selected by default.
[originally from svn r7941]
latter require manual input to the Makefile, since the Pango
developers in their unbounded wisdom (that is, unbounded below)
didn't bother to start providing the PANGO_VERSION macros until
release 1.16 - ten releases _after_ everything I'm trying to check!
[originally from svn r7940]
sizable TODO at the top of gtkfont.c - but it's basically functional
enough to select fonts of both types, so I'm checking it in now
before I accidentally break it.
[originally from svn r7938]
some point too: introduce a bunch of environment variables which can
override Unix PuTTY's usual idea of where to find its dotfiles.
Setting PUTTYDIR moves the entire ~/.putty directory; setting
PUTTYSESSIONS, PUTTYSSHHOSTKEYS or PUTTYRANDOMSEED move specific
things within that directory.
While I'm here, also be prepared to fall back to password file
lookups if $HOME is undefined (though we still use $HOME in
preference when it is defined, because that's polite and useful).
Also, on general principles, tweak the make_filename() function
prototype so it doesn't rely on fixed-size buffers.
[originally from svn r7934]
explicitly deals with GdkFont out into a new module, behind a
polymorphic interface (done by ad-hoc explicit vtable management in
C). This should allow me to drop in a Pango font handling module in
parallel with the existing one, meaning that GTK2 PuTTY will be able
to seamlessly switch between X11 server-side fonts and Pango client-
side ones as the user chooses, or even use a mixture of the two
(e.g. an X11 font for narrow characters and a Pango one for wide
characters, or vice versa).
In the process, incidentally, I got to the bottom of the `weird bug'
mentioned in the old do_text_internal(). It's not a bug in
gdk_draw_text_wc() as I had thought: it's simply that GdkWChar is a
32-bit type rather than a 16-bit one, so no wonder you have to
specify twice the length to find all the characters in the string!
However, there _is_ a bug in GTK2's gdk_draw_text_wc(), which causes
it to strip off everything above the low byte of each GdkWChar,
sigh. Solution to both problems is to use an array of the underlying
Xlib type XChar2b instead, and pass it to gdk_draw_text() cast to
gchar *. Grotty, but it works. (And it'll become significantly less
grotty if and when we have to stop using the GDK font handling
wrappers in favour of going direct to Xlib.)
[originally from svn r7933]
problems using Unix PuTTY port forwarding. Sockets we create by
connect() are immediately set into nonblocking mode by fcntl, but
sockets we create by accept() were not. This trivial fix should help.
[originally from svn r7864]
the backend's unthrottle function. If we don't, we'll deadlock. While
we're here, also pump as much data as possible out during each call to
try_output(), rather than restricting ourselves to a single call to
write().
[originally from svn r7755]
except that O_NONBLOCK is standardised and FIONBIO isn't. In consequence,
replace our only use of FIONBIO with O_NONBLOCK.
Inspired by Jonathan H N Chin, who had problems with this on Solaris.
[originally from svn r7753]
descriptor into non-blocking mode temporarily, and correctly handle returns
of EAGAIN from write(). This should fix unix-plink-stdout-nonblock, while
avoiding EAGAIN turning up where we aren't expecting it.
[originally from svn r7748]
completely broke interactive logins. The problem, or at least one of the
problems, was that in interactive use stdin, stdout, and stderr tend to be
the same file, so setting O_NONBLOCK on the latter two also sets it on the
former. Thus, we need to cope with all of them being non-blocking.
[originally from svn r7742]
[r7738 == d0db31a1ca]
the entire process because stdout is busy.
Arguably, this shouldn't apply to stderr when we're printing our own error
messages to it, but I'll leave that fix for another time.
[originally from svn r7738]
port number in the GUI when the connection type is changed if the current
port number is the standard one for the current protocol.
It's not perfect, but it should make the common case of tabbing through the
Session panel easier when starting non-SSH connections on odd ports.
[originally from svn r7635]
Should be no significant change in behaviour.
(Well, entering usernames containing commas on Plink's command line will be
a little harder now.)
[originally from svn r7628]
box on button-up rather than button-down. The effect of this is that
if a saved session is already selected in the list box and then you
double-click it, it will open rather than beeping annoyingly.
[originally from svn r7414]
simply specifying a hostname on the command line -- this would bring up the
config dialog. Use a slightly more sophisticated notion of whether the user
meant to launch a session.
[originally from svn r7321]
[r7265 == 5d76e00dac]
represent a launchable session, unless the user can be construed to
have really meant it. This means:
- starting up PuTTY when the Default Settings are launchable still
brings up the config box, and you have to hit Open to actually
launch that session
- double-clicking on Default Settings from the config box will load
them but not launch them.
On the other hand:
- explicitly loading the Default Settings on the command line using
`-load' _does_ still launch them.
[originally from svn r7265]
appears to merely fix the background colour (arranging for it to
have transparency rather than being on some kind of default grey
background), but it turns out to also fix the strange blurry
behaviour I see in the GNOME Taskbar, for no very obvious reason.
[originally from svn r7186]
inside one single uxsel front end, better to do it centrally and
avoid passing zero flags on to the front end in the first place. I'm
sure other similarly structured front ends could get confused by it
too.
[originally from svn r7171]
[r7164 == 65f9735b95]
want to know about any input events on a socket, it's simpler not to
call gdk_input_add() on it at all.
I hesitate to say `fixes', but ... this change _causes to go away_
the weird problem I had with blank host key dialogs. I have no
understanding of the chain of cause and effect between gdk_input_add
with zero flags and missing redraw events, but it seems like a
change I should make anyway, so I'm going to do so and hope the
problem doesn't come back :-/
[originally from svn r7164]
on 1st January except that I've had to fiddle with it a bit to take
account of r7117 having happened since then.
[originally from svn r7157]
[r7117 == 174bb7f1fd]
term_provide_resize_fn() was not being broken when the back end was
destroyed on session termination, causing resizing an inactive PuTTY
to be a segfault hazard.
[originally from svn r7143]
quite big and tends to hide the existence of the `Serial' config
panel.
This is implemented by folding up every branch of depth 2 or more,
which with any luck might turn out to be general enough to carry
over unchanged if other branches start expanding. Then again, we may
have to fiddle with it again when that time comes; who knows?
[originally from svn r7117]
subprocess. They were intended to make sure the child process didn't
inherit anything embarrassing or inconvenient from us, such as the
master end of its own pty, but now we instead do this by making sure
to set all our own fds to not-FD_CLOEXEC on creation. This should
fix Debian bug #357520.
(This doesn't seem to work _quite_ right in uxproxy.c's invocation
of a local proxy command: both ends of a GTK internal pipe end up in
the child process's fd space. This appears to be another GTK 1 bug,
inasmuch as it goes away when I build with Colin's preliminary GTK 2
patch; for the moment I think leaving that pipe lying around is
probably less harmful than hampering the proxy process's ability to
use extra fds by prior arrangement with PuTTY's parent process.)
[originally from svn r7107]
takes a third argument which is TRUE if the file is being opened for
writing and wants to be created in such a way that it's readable
only to the owner. This is used when saving private keys.
While I'm here, I also use this option when writing session logs, on
the general principle that they probably contain _something_
sensitive.
The new argument is only supported on Unix, for the moment. (I think
writing owner-accessible-only files is the default on Windows.)
[originally from svn r7084]
match the original icons. (Apparently I managed to introduce errors
while transcribing the originals for detailed analysis.)
While I'm at it, add the obviously useful `make install' target in
icons/Makefile, and fix the svn:ignore property on the icons
directory.
[originally from svn r7068]
(Since we choose to compile with -Werror, this is particularly important.)
I haven't yet checked that the resulting source actually compiles cleanly with
GCC 4, hence not marking `gcc4-warnings' as fixed just yet.
[originally from svn r7041]
custom Panels container widget for the PuTTY config box, since the
perfectly standard GtkNotebook does the same job. Hence, let's
remove Panels completely in favour of doing it the proper way.
[originally from svn r7034]
PuTTY causes the child process to inherit a lot of socket fds from
its parent, which is a pain if one of them then ends up holding open
a listening socket which the parent was using for port forwarding
after the parent itself is dead.
Therefore, this checkin sprinkles FD_CLOEXEC throughout the Unix
platform directory wherever there looks like being a long-lived fd.
[originally from svn r6917]
is liable to have been set on serial ports previously used as
terminal devices, and definitely wants not to be set on serial ports
being used for callout.
[originally from svn r6865]
under X: instead of having two separate fixed-width fonts one of
which is twice the width of the other, you can instead have a single
font in which some characters are twice as wide as others.
This is implemented very simply: if you specify a wide font, it will
be used for wide characters, and if you don't then the normal font
will be used for wide characters (so they'd better _be_ wide in that
font, or there'll be trouble).
I got this idea from Jed, whose latest version supports UTF-8 and
requires a font of this type. If there are going to be X fonts like
that kicking around, there will doubtless be people who want to use
them.
[originally from svn r6844]
there): `plink host -nc host2:port' causes the SSH connection's main
channel to be replaced with a direct-tcpip connection to the
specified destination. This feature is mainly designed for use as a
local proxy: setting your local proxy command to `plink %proxyhost
-nc %host:%port' lets you tunnel SSH over SSH with a minimum of
fuss. Works on all platforms.
[originally from svn r6823]
I own has both an X display and a working serial port) I have been
unable to give this the full testing it deserves; I've managed to
demonstrate the basic functionality of Unix Plink talking to a
serial port, but I haven't been able to test the GTK front end. I
have no reason to think it will fail, but I'll be more comfortable
once somebody has actually tested it.
[originally from svn r6822]
in place of making a network connection. This has involved a couple
of minor infrastructure changes:
- New dlg_label_change() function in the dialog.h interface, which
alters the label on a control. Only used, at present, to switch
the Host Name and Port boxes into Serial Line and Speed, which
means that any platform not implementing serial connections (i.e.
currently all but Windows) does not need to actually do anything
in this function. Yet.
- New small piece of infrastructure: cfg_launchable() determines
whether a Config structure describes a session ready to be
launched. This was previously determined by seeing if it had a
non-empty host name, but it has to check the serial line as well
so there's a centralised function for it. I haven't gone through
all front ends and arranged for this function to be used
everywhere it needs to be; so far I've only checked Windows.
- Similarly, cfg_dest() returns the destination of a connection
(host name or serial line) in a text format suitable for putting
into messages such as `Unable to connect to %s'.
[originally from svn r6815]
it's NULL. Since we already have one back end (uxpty) which doesn't
in fact talk to a network socket, and may well have more soon, I'm
replacing this TCP/IP-centric function with a nice neutral
`connected' function returning a boolean. Nothing else about its
semantics has currently changed.
[originally from svn r6810]
-Werror, of course) about shifting by more than the range of a data
type. They only appeared in `if' statements testing sizeof(off_t),
but gcc warns even when the code is unreachable. I've removed the
conditional code (the general case should still work even on 32-bit
machines), and hacked each shift by 32 into a pair of shifts by 16.
Note that the gcc warning is not just a helpful indication that you
may be using the wrong data type; it's actually pointing out ANSI-
undefined behaviour in shifting a signed integer beyond the size of
its type.
[originally from svn r6789]
we set _FILE_OFFSET_BITS to 64 on the compiler command line (via mkfiles.pl),
and on Windows we use SetFilePointer and GetFileSize to cope with 64-bit sizes
where possible. Not tested on Win9x.
[originally from svn r6783]
Shift-hjklyubn for batch movement in NetHack, because they have
subtly different behaviour within the game and the Ctrl-moves are
more useful. Unfortunately, PuTTY's NetHack keypad mode doesn't
support Ctrl-moves. Therefore, it does now :-)
[originally from svn r6593]
sufficiently large string into pterm in any circumstances in which
it's echoed back to the terminal will cause a deadlock once the
pty's write buffer fills up.
[originally from svn r6582]
Pageant for local authentication. (This is a `don't use Pageant for
authentication at session startup' button rather than a `pretend
Pageant doesn't exist' button: that is, agent forwarding is
independent of this option.)
[originally from svn r6572]
basis for other terminal-involving applications: a stub
implementation of the printing interface, an additional function in
notiming.c, and also I've renamed the front-end function beep() to
do_beep() so as not to clash with beep() in lib[n]curses.
[originally from svn r6479]
abstracted out; replace loops structured around a single interaction
per loop with less tortuous code (fixes: `ki-multiprompt-crash',
`ssh1-bad-passphrase-crash'; makes `ssh2-password-expiry' and
`proxy-password-prompt' easier).
The new interaction abstraction has a lot of fields that are unused in
the current code (things like window captions); this is groundwork for
`gui-auth'. However, ssh.c still writes directly to stderr; that may
want to be fixed.
In the GUI apps, user interaction is moved to terminal.c. This should
make it easier to fix things like UTF-8 username entry, although I
haven't attempted to do so. Also, control character filtering can be
tailored to be appropriate for individual front-ends; so far I don't
promise anything other than not having made it any worse.
I've tried to test this fairly exhaustively (although Mac stuff is
untested, as usual). It all seems to basically work, but I bet there
are new bugs. (One I know about is that you can no longer make the
PuTTY window go away with a ^D at the password prompt; this should be
fixed.)
[originally from svn r6437]
[this svn revision also touched putty-wishlist]
<sys/time.h>. Cope with this. Where <sys/select.h> _is_ available, though,
use it (since it's where POSIX puts select()). Problem reported by Mike
Protts.
[originally from svn r6310]
Use the POSIX PATH_MAX if it exists, and fall back to 1024 otherwise.
We should really allocate filenames dynamically if PATH_MAX isn't defined.
[originally from svn r6307]
TS_BRK on output. This is tested to the extent that other data survive the
escaping performed by PARMRK, at least on my system. Actual passing on
of BREAK is as-yet untested.
[originally from svn r5779]
there, though (e.g.) switching to using reverse video for the cursor would
probably also help. Displays with other silly depths (e.g. 2bpp) aren't
catered for, but I suspect they're rare in the X world.
[originally from svn r5696]
the other output flags with SSH. This means that when I log into a remote
system using Plink and then run "stty -onlcr" I get the expected
stair-stepping.
[originally from svn r5679]
X/Open and actually seems to be more common (NetBSD has it). Also use
updwtmpx() rather than directly writing to the wtmpx file, though more for
reasons of aesthetics than anything practical.
[originally from svn r5678]
colours we asked it for. This means that I can run pterm on an 8-bit
PseudoColor display even if I have another program running.
[originally from svn r5677]
necessary on Solaris if we want to use SIOCATMARK. Using sockatmark() might
be preferable, but despite being notionally standard it's missing on
Solaris 9 and Mac OS X 10.3.9, whereas everyone seems to have SIOCATMARK
somewhere.
[originally from svn r5676]
_XOPEN_SOURCE. We do still need _GNU_SOURCE in order to get grantpt()
on GNU systems. This allows uxpty.c to compile on NetBSD.
[originally from svn r5675]
rather than relying on the user to edit the Makefile. Makefile.gtk
still works as well as it ever did, but now we get a Makefile.in alongside
it. mkunxarc.sh now relies on autoconf and friends to build the configure
script for the Unix source distribution.
[originally from svn r5673]
the semantics of assert(0) and believes it can return. Add a gratuitous
exit(1) to convince it that this won't happen, and hence quell a couple of
warnings about variables' being used uninitialised.
[originally from svn r5669]
Unix Plink sends everything sensible it can find, and it's fully configurable
from the GUI.
I'm not entirely sure about the precise set of modes that Unix Plink should
look at; informed tweaks are welcome.
Also the Mac bits are guesses (but trivial).
[originally from svn r5653]
[this svn revision also touched putty-wishlist]
that the global `sesslist' got out of sync with the saved-sessions submenu,
causing the latter to launch the wrong sessions.
Also, Change Settings wasn't getting a fresh session list, so if the set of
sessions had changed since session startup it wouldn't reflect that (at least
until a session was saved). Fixed (on all platforms).
Therefore, since the global sesslist didn't seem to be useful, I've got rid
of it; config.c creates one as needed, as do the frontends. (Not tried
compiling Mac changes.)
Also, we now build the saved-sessions submenu on demand on Windows and Unix.
(This should probably also be done on the Mac.)
[originally from svn r5609]
in question vary per OS: on Windows the problem is that WM_TIMER
sometimes goes off too early, so that GetTickCount() is right and
the callback time is wrong, whereas on Unix the problem is that my
GETTICKCOUNT implementation comes from the system clock which means
it can change suddenly and non-monotonically if the sysadmin is
messing about (meaning that the timing of callbacks from GTK or
select timeouts is _more_ likely to be right than GETTICKCOUNT).
This checkin provides band-aid workarounds for both problems, which
aren't pretty but ought to at least prevent catastrophic assertion
failure.
[originally from svn r5556]
glibc-2.3.3-118 and Debian libc6 2.3.2.ds1-20) have clock_gettime() and
CLOCK_MONOTONIC in their headers, but not in libc itself, which we can't
detect easily.
[originally from svn r5529]
* All the PuTTY tools for Windows and Unix now contain the fingerprints of
the Master Keys. The method for accessing them is crude but universal:
a new "-pgpfp" command-line option. (Except Unix PuTTYgen, which takes
"--pgpfp" just to be awkward.)
* Move the key policy discussion from putty-website/keys.html to
putty/doc/pgpkeys.but, and autogenerate the former from the latter.
Also tweak the text somewhat and include the fingerprints of the
Master Keys themselves.
(I've merged the existing autogeneration scripts into a single new
one; I've left the old scripts and keys.html around until such time
as the webmonster reviews the changes and plumbs in the new script;
he should remove the old files then.)
[originally from svn r5524]
[this svn revision also touched putty-website]
discussed. Use Barrett and Silverman's convention of "SSH-1" for SSH protocol
version 1 and "SSH-2" for protocol 2 ("SSH1"/"SSH2" refer to ssh.com
implementations in this scheme). <http://www.snailbook.com/terms.html>
[originally from svn r5480]
connection_fatal(), since the latter is entitled to destroy the
backend so `ssh' may no longer be valid once it returns.
For the Unix port, switch exit(0) to gtk_main_quit() in
notify_remote_exit(), so that we don't exit before the subsequent
connection_fatal()!
[originally from svn r5445]