putty-source

nhyatt/putty-source

Fork 0

mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Jacob Nevins	fe11c1e498	authplugin-example.py: Flush stderr. Python 3's stderr was fully-buffered when non-interactive, unlike Python 2 and more or less everything else, until 3.9 in 2020(!): https://bugs.python.org/issue13601 (It would be less faff to sys.stderr.reconfigure(line_buffering=True) at the start, but that was only added in 3.7, whereas the 'flush' argument to print() dates back to 3.3, so I chose that to minimise the risk of version dependencies getting in the way of using this as a working example.) (cherry picked from commit `329a4cdd79`)	2023-04-19 14:18:58 +01:00
Jacob Nevins	5a50288718	authplugin-example.py: Mention documentation. (Just in case anyone's entry point is this example, and concludes they have to reverse-engineer the protocol from the script.) (cherry picked from commit `538c8fd29c`)	2023-04-19 14:18:58 +01:00
Simon Tatham	15f097f399	New feature: k-i authentication helper plugins. In recent months I've had two requests from different people to build support into PuTTY for automatically handling complicated third-party auth protocols layered on top of keyboard-interactive - the kind of thing where you're asked to enter some auth response, and you have to refer to some external source like a web server to find out what the right response _is_, which is a pain to do by hand, so you'd prefer it to be automated in the SSH client. That seems like a reasonable thing for an end user to want, but I didn't think it was a good idea to build support for specific protocols of that kind directly into PuTTY, where there would no doubt be an ever-lengthening list, and maintenance needed on all of them. So instead, in collaboration with one of my correspondents, I've designed and implemented a protocol to be spoken between PuTTY and a plugin running as a subprocess. The plugin can opt to handle the keyboard-interactive authentication loop on behalf of the user, in which case PuTTY passes on all the INFO_REQUEST packets to it, and lets it make up responses. It can also ask questions of the user if necessary. The protocol spec is provided in a documentation appendix. The entire configuration for the end user consists of providing a full command line to use as the subprocess. In the contrib directory I've provided an example plugin written in Python. It gives a set of fixed responses suitable for getting through Uppity's made-up k-i system, because that was a reasonable thing I already had lying around to test against. But it also provides example code that someone else could pick up and insert their own live response-provider into the middle of, assuming they were happy with it being in Python.	2022-09-01 20:43:23 +01:00

Jacob Nevins

fe11c1e498

authplugin-example.py: Flush stderr.

Python 3's stderr was fully-buffered when non-interactive, unlike
Python 2 and more or less everything else, until 3.9 in 2020(!):
https://bugs.python.org/issue13601

(It would be less faff to sys.stderr.reconfigure(line_buffering=True)
at the start, but that was only added in 3.7, whereas the 'flush'
argument to print() dates back to 3.3, so I chose that to minimise
the risk of version dependencies getting in the way of using this as
a working example.)

(cherry picked from commit 329a4cdd79)

2023-04-19 14:18:58 +01:00

Jacob Nevins

5a50288718

authplugin-example.py: Mention documentation.

(Just in case anyone's entry point is this example, and concludes they
have to reverse-engineer the protocol from the script.)

(cherry picked from commit 538c8fd29c)

2023-04-19 14:18:58 +01:00

Simon Tatham

15f097f399

New feature: k-i authentication helper plugins.

In recent months I've had two requests from different people to build
support into PuTTY for automatically handling complicated third-party
auth protocols layered on top of keyboard-interactive - the kind of
thing where you're asked to enter some auth response, and you have to
refer to some external source like a web server to find out what the
right response _is_, which is a pain to do by hand, so you'd prefer it
to be automated in the SSH client.

That seems like a reasonable thing for an end user to want, but I
didn't think it was a good idea to build support for specific
protocols of that kind directly into PuTTY, where there would no doubt
be an ever-lengthening list, and maintenance needed on all of them.

So instead, in collaboration with one of my correspondents, I've
designed and implemented a protocol to be spoken between PuTTY and a
plugin running as a subprocess. The plugin can opt to handle the
keyboard-interactive authentication loop on behalf of the user, in
which case PuTTY passes on all the INFO_REQUEST packets to it, and
lets it make up responses. It can also ask questions of the user if
necessary.

The protocol spec is provided in a documentation appendix. The entire
configuration for the end user consists of providing a full command
line to use as the subprocess.

In the contrib directory I've provided an example plugin written in
Python. It gives a set of fixed responses suitable for getting through
Uppity's made-up k-i system, because that was a reasonable thing I
already had lying around to test against. But it also provides example
code that someone else could pick up and insert their own live
response-provider into the middle of, assuming they were happy with it
being in Python.

2022-09-01 20:43:23 +01:00

3 Commits