1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 09:12:24 +00:00
Commit Graph

909 Commits

Author SHA1 Message Date
Simon Tatham
d155f698b7 Make unifontsel_deselect() clear the preview pane.
In the case where we deselect the previously selected font (e.g.
because we've just changed the filter settings to remove it from the
list), we were leaving the preview pane in its previous state, which
is fine in GTK2 when it just carries on displaying the last thing
drawn to the backing pixmap but goes wrong in GTK3 where we still have
to actually respond to draw events.

But it makes more conceptual sense anyway to actually empty the
preview pane when no font is selected, so now we do that. So now
unifontsel_draw_preview_text() is called from unifontsel_deselect(),
and also the preview-drawing code will still draw the background
rectangle regardless of whether font != NULL.
2015-08-22 13:41:15 +01:00
Simon Tatham
81682fbf70 Fix crash in GTK3 when unifontsel filter settings change.
The call to gtk_list_store_clear() in unifontsel_setup_familylist()
was causing a call to family_changed() via the GTK signal system,
which didn't happen in GTK2. family_changed() in turn was calling
unifontsel_select_font(), which got confused when the tree model
didn't match reality, and tried to access a bogus tree iterator.

This is easily fixed by using the existing fs->inhibit_response flag,
which prevents us responding to GTK events when we know they were
generated by our own fiddling about with the data; it's just that we
never needed to set it in unifontsel_setup_familylist() before.

Also, added a check of the return value from the key get_iter call in
unifontsel_select_font(), so that it'll at least fail an assertion
rather than actually trying to access bogus memory. But that operation
_should_ still always succeed, and if it doesn't, it's probably a sign
that we need another use of fs->inhibit_response.
2015-08-22 13:41:11 +01:00
Simon Tatham
03e21b7cad Fix GTK3 size calculations in unifontsel_new.
It turns out that in GTK3, if you instantiate a GtkLabel and
immediately try to find out its preferred size, you get back zero for
both dimensions. Presumably none of that gets figured out properly
until the widget is displayed, or some such.

However, you can retrieve the PangoLayout from the label immediately
and ask Pango for the dimensions of that. That seems like a bit of a
bodge, but it works! The GTK3 unifont selector now comes out with all
the interface elements in sensible sizes - in particular, the preview
drawing area now has non-zero height.
2015-08-22 11:55:30 +01:00
Simon Tatham
37ec0b463f In GTK3, don't use the "has-separator" GtkDialog property.
It doesn't exist any more, so the attempt to set it was generating an
annoying runtime warning message.
2015-08-22 11:55:30 +01:00
Simon Tatham
5e738877be Use GTK3's method of setting GtkEntry min width.
The config box setup code wants a lot of very narrow edit boxes, so it
decreases their minimum width from the GTK default of 150 pixels. In
GTK 3, we have to do this using gtk_entry_set_width_chars() rather
than gtk_widget_set_size_request() as we were previously using, or it
won't work.

This change by itself seems to restore the GTK3 config box to a
sensible layout, in spite of the fact that my Columns layout class is
still doing all its size allocation the GTK2 way, with no attention
paid to the shiny new GTK3 height-for-width system.
2015-08-22 11:55:30 +01:00
Simon Tatham
ccd7097330 GTK3 port: condition out all uses of GdkColormap.
The entire concept has gone away in GTK3, which assumes that everyone
is now using modern true-colour video modes and so there's no longer
any reason you shouldn't just casually make up any RGB triple you like
without bothering to ask the display system's permission.
2015-08-16 14:50:48 +01:00
Simon Tatham
0ffc564351 GTK3 port: respell GDK_WINDOW_XWINDOW / GDK_DRAWABLE_XID.
GDK3 now spells both of those as GDK_WINDOW_XID. (Of course 'drawable'
is no longer a relevant concept in GDK3, since pixmaps are no longer
supported and so all drawables are just windows.) We keep backwards
compatibility, of course.
2015-08-16 14:50:48 +01:00
Simon Tatham
aac9d5fcf7 GTK3 port: replace size_request in the Columns layout class.
It's been replaced by a new pair of methods get_preferred_width and
get_preferred_height. For the moment, I've followed the porting
guide's suggestion of keeping the old size_request function as an
underlying implementation and having each of those methods just return
one of its outputs. The results are ugly, but it'll compile and run,
which is a start.
2015-08-16 14:50:48 +01:00
Simon Tatham
59a232c161 GTK3 port: use gdk_device_grab() in gtkask.c.
This replaces the old gdk_keyboard_grab(), and is what a GTK3 app has
to use for grabbing the keyboard away from all other X clients.
2015-08-16 14:50:37 +01:00
Simon Tatham
afae35eb90 GTK3 port: support the new "draw" signal.
This replaces GTK 1/2's "expose_event", and provides a ready-made
cairo_t to do the drawing with. My previous work has already separated
all constructions of a cairo_t from the subsequent drawing with it, so
the new draw event handlers just have to call the latter without the
former.
2015-08-16 14:50:28 +01:00
Simon Tatham
280b14f129 Reimplement GTK uxsel_input_add using GIOChannel.
This is the new recommended approach since gdk_input_{add,remove} were
deprecated (and, honestly, seems a lot more sensible - why on earth
would those functions have lived in *GDK* of all places?). The old
implementation is preserved under ifdef for GTK1.

This was the last of the GDK deprecated functions to go! So GTK PuTTY
now compiles cleanly with -DGDK_DISABLE_DEPRECATED in addition to all
the other precautionary flags (though if you do that, you disable GDK
rendering, which greatly slows down server-side font handling). This
completes the GTK2-compatible preparation phase of the GTK 3 migration
guide.
2015-08-16 13:11:51 +01:00
Simon Tatham
b5423b51d4 Change uxsel_input_add's return type from int to pointer.
In case a front end needs to store more than an integer id to be
returned to uxsel_input_remove, we now return a pointer to a
frontend-defined structure.
2015-08-16 13:11:51 +01:00
Simon Tatham
0413cc856c Use gtk_window_set_icon() where available.
GTK is deprecating the use of gdk_window_set_icon(), in favour of a
method that doesn't have to drop down to the GDK level at all (and
also doesn't use a pixmap). No reason not to use that instead.
2015-08-16 13:11:51 +01:00
Simon Tatham
f853b695de Remove an outdated comment.
I've just noticed the comment in gtkfont.c that said wouldn't it be
nice to find a way to avoid the GDK pixmap-stretching code when using
Pango fonts. We now do support this, but we support it in gtkwin.c
rather than gtkfont.c - because we do it using a Cairo transformation
matrix, so it still takes place at the level above Pango rather than
in Pango proper. (I never did find out whether Pango itself included
facilities to arbitrarily stretch a font.)

Hence, this comment is useless now. Discard.
2015-08-16 13:11:51 +01:00
Simon Tatham
1b3b993467 Replace deprecated GDK_DISPLAY() with modern facilities.
We still don't actually support more than one X display active at
once, so it's sufficient to replace every call to that macro with
GDK_DISPLAY_XDISPLAY(gdk_display_get_default()).
2015-08-16 13:11:51 +01:00
Simon Tatham
5319c659ad Make the use of server-side backing pixmaps in GTK optional.
We won't be able to use them in GTK3, or when compiling with GTK2 and
-DGDK_DISABLE_DEPRECATED.

This applies to the one we use for the main terminal window, and also
the small one we use for the preview pane in the unified font selector.
2015-08-16 13:11:06 +01:00
Simon Tatham
066bce3d19 Saw unifontsel_draw_preview_text() in half.
Now it's got an inner half that does actual drawing given a draw
context, and an outer half that sets up and tears down the draw
context. Sooner or later the inner half will need calling
independently of the outer, because GTK3's draw event will provide a
ready-made cairo_t.
2015-08-16 13:10:42 +01:00
Simon Tatham
828ad5d6d4 Call draw_stretch_before *after* setting up the clip region.
A small bug in yesterday's work: since in Cairo mode
draw_stretch_before changes the transformation matrix, if we do it
before calling draw_clip then the clip region will be interpreted in
the transformed coordinates.

This caused a subtle display bug in yesterday's commit: drawing one
half of double-height text would have drawn _both_ halves of it on to
the window's backing pixmap, but only copied the correct half on to
the window proper - but the overdrawing on the pixmap would have shown
up if the window was hidden and re-exposed.
2015-08-16 09:08:19 +01:00
Simon Tatham
3c912e7994 Withdraw the horrible bodge in make_mouse_ptr().
We were previously building our own mouse pointers out of pixmaps,
having first drawn characters from the X server standard font 'cursor'
on to those pixmaps, giving an effect almost exactly the same as just
calling gdk_cursor_new(some constant) except that we got to choose the
foreground and background colours of the resulting pointers.

But it's not clear why we needed to do that! In both GTK1 and GTK2 as
of my current testing, the standard colours appear to be just what I
wanted anyway (white pointer with black outline). The previous
implementation (and commit comment) was written in 2002, so perhaps it
was working around a GTK1 bug of the time.

So I've removed it completely, and replaced it with simple calls to
gdk_cursor_new  (plus a workaround for GTK1's lack of GDK_BLANK_CURSOR,
but that's still much simpler than the previous code). If anyone does
report a colour problem, I may have to go back to doing something
clever, but if I can possibly arrange it, I'll want to do it by some
other technique, probably (as suggested in a comment in the previous
implementation) getting the underlying X cursor id and calling
XRecolorCursor.
2015-08-15 21:07:35 +01:00
Simon Tatham
f750a18587 Refactor the GTK drawing system to do both GDK and Cairo.
We're going to have to use Cairo in the GTK3 port, because that's all
GTK3 supports; but we still need old-style GDK for GTK1 support, and
also for performance reasons in GTK2 (see below). Hence, this change
completely restructures GTK PuTTY's drawing code so that there's a
central 'drawing context' structure which contains a type code
indicating GDK or Cairo, and then either some GDK gubbins or some
Cairo gubbins as appropriate; all actual drawing is abstracted through
a set of routines which test the type code in that structure and do
one thing or another. And because the type code is tested at run time,
both sets of drawing primitives can be compiled in at once, and where
possible, they will be.

X server-side bitmap fonts are still supported in the Cairo world, but
because Cairo drawing is entirely client-side, they have to work by
cheekily downloading each glyph bitmap from the server when it's first
needed, and building up a client-side cache of 'cairo_surface_t's
containing the bitmaps with which we then draw on the window. This
technique works, but it's rather slow; hence, even in GTK2, we keep
the GDK drawing back end compiled in, and switch over to it when the
main selected font is a bitmap one.

One visible effect of the new Cairo routines is in the double-width
and double-height text you can get by sending ESC # 3, ESC # 4 and
ESC # 6 escape sequences. In GDK, that's always been done by a really
horrible process of manually scaling the bitmap, server-side, column
by column and row by row, causing each pixel to be exactly doubled or
quadrupled. But in Cairo, we can just set a transformation matrix, and
then that takes effect _before_ the scalable fonts are rendered - so
the results are visibly nicer, and use all the available resolution.

(Sadly, if you're using a server-side bitmap font as your primary one,
then the GDK backend will be selected for all drawing in the terminal
as a whole - so in that situation, even fallback characters absent
from the primary font and rendered by Pango will get the old GDK
scaling treatment. It's only if your main font is scalable, so that
the Cairo backend is selected, that DW/DH characters will come out
looking nice.)
2015-08-15 21:05:56 +01:00
Simon Tatham
0f60287f66 Stop multifont fallback from crashing in GTK1.
I was tacitly assuming that mfont->fallback would always be non-NULL,
which is true in a world containing Pango, but untrue in GTK1 when
Pango isn't there. In that situation we fall back to just omitting the
characters that would be displayed in the fallback font, on the
grounds that that's better than dereferencing through a NULL vtable.
2015-08-15 20:51:44 +01:00
Tim Kosse
6a70f944f6 Fix format string vulnerabilities.
Reported by Jong-Gwon Kim. Also fixes a few memory leaks in the
process.
2015-08-10 20:03:41 +01:00
Simon Tatham
6eca89aebc Fix compile failure.
I'm sure I removed that 'return 0' at some point! But I must have made
a git error which excluded it from the commit I actually pushed, ahem.
2015-08-09 11:56:38 +01:00
Simon Tatham
7a80ab14e0 GTK 3 prep: write a replacement for gtk_quit_add().
GTK 2 has deprecated it and provided no replacement; a bug tracker
entry I found on the subject suggested that it was functionality that
didn't really belong in GTK, and glib ought to provide a replacement
instead, which would be a perfectly fine thing to suggest if they had
waited for glib to get round to doing so *before* throwing out a
function people were actually using. Sigh.

Anyway, it turns out that subsidiary invocations of gtk_main() don't
happen inside GTK as far as I can see, so all I need to do is to make
sure my own invocations of gtk_main() are followed by a cleanup
function which runs any quit functions that I've registered.

That was the last deprecated GTK function, so we now build cleanly
with -DGTK_DISABLE_DEPRECATED. (But, as mentioned a couple of commits
ago, we still don't build with -DGDK_DISABLE_DEPRECATED, because that
has migrating to Cairo drawing as a prerequisite.)
2015-08-09 11:39:40 +01:00
Simon Tatham
78592116a5 Use gtkcompat.h to slim down a few ifdefs.
Now that I've got a general place to centralise handling of at least
the simple differences between GTK 1 and 2, I should use it wherever
possible. So this commit removes just a small number of ifdefs which
are either obsoleted by definitions already in gtkcompat.h (like
set_size_request vs set_usize), or can easily be replaced by adding
another (e.g. gtk_color_selection_set_has_opacity_control).
2015-08-09 09:59:25 +01:00
Simon Tatham
5fa22495c7 GTK 3 prep: stop using *nearly* all GTK deprecated functions.
Building with -DGTK_DISABLE_DEPRECATED, we now suffer only one compile
failure, for the use of gtk_quit_add() in idle_toplevel_callback_func.
That function is apparently removed with no replacement in GTK 3, so
I'll need to find a completely different approach to getting toplevel
callbacks to run only in the outermost instance of gtk_main().

Also, this change doesn't do anything about the use of *GDK*
deprecated functions, because those include the entire family of
old-style drawing functions - i.e. the only way to build cleanly with
-DGDK_DISABLE_DEPRECATED will be to switch to Cairo drawing.
2015-08-08 18:30:55 +01:00
Simon Tatham
5e55b7a978 Switch to using gtk_window_parse_geometry in GTK 2.
On GTK versions where it's available, this is a much nicer way of
handling the -geometry command-line option, since not only do we get
all the faffing about with gravity for free, it also automatically
sets the user-position WM hints.
2015-08-08 18:23:38 +01:00
Simon Tatham
fbb7c8c481 GTK 3 prep: replace GtkFileSelection with GtkFileChooserDialog.
I've put in a special #define to control this selection, in case I
decide that for reasons of taste I'd prefer to switch back to
GtkFileSelection in GTK2 which supports both!
2015-08-08 17:56:30 +01:00
Simon Tatham
961fd07d08 GTK 3 prep: use gtk_color_selection_get_current_color().
Replaces the deprecated gtk_color_selection_set_color() which took an
array of four doubles (RGBA), and instead takes a 'GdkColor' struct
containing four 16-bit integers.

For GTK1, we still have to retain the original version.
2015-08-08 17:56:28 +01:00
Simon Tatham
1e4273a929 GTK 3 prep: use the glib names for base object types.
All the things like GtkType, GtkObject, gtk_signal_connect and so on
should now consistently have the new-style glib names like GType,
GObject, g_signal_connect, etc.
2015-08-08 17:55:10 +01:00
Simon Tatham
2ac190c06d Allow direct use of X11 to be conditionally compiled out.
A major aim of introducing GTK 3 support is to permit compiling for
non-X11 platforms that GTK 3 supports, so I'm going to need to be able
to build as a pure GTK application with no use of X11 internals.
Naturally, I don't intend to stop supporting the hybrid GTK+X11 mode
in which X server-side bitmap fonts are available.

Use of X11 can be removed by compiling with -DNOT_X_WINDOWS. That's
the same compatibility flag that was already used by the unfinished OS
X port to disable the X-specific parts of uxpty.c; now it just applies
to more source files.

(There's no 'configure' option to set this flag at present. I haven't
worked out whether we'll need one yet.)
2015-08-08 17:54:27 +01:00
Simon Tatham
a6ccb8e720 GTK 3 prep: use GDK_KEY_<keyname> constants, not GDK_<keyname>.
GTK 2 doesn't _documentedly_ provide a helpful compile option to let
us check this one in advance of GTK 3, but you can fake one anyway by
compiling with -D__GDK_KEYSYMS_COMPAT_H__, so that gdkkeysyms-compat.h
will believe that it's already been included :-) We now build cleanly
under GTK 2 with that predefine.
2015-08-08 17:54:27 +01:00
Simon Tatham
0a3e593959 GTK 3 prep: use accessor functions for object data fields.
We now build cleanly in GTK2 with -DGSEAL_ENABLE.
2015-08-08 17:54:19 +01:00
Simon Tatham
8ee12773d8 GTK 3 prep: do not include individual GTK/GDK headers.
This is the first of several cleanup steps recommended by the GTK 2->3
migration guide.

I intend to begin work towards compatibility with GTK 3, but without
breaking GTK 2 and even GTK 1 compatibility in the process; GTK 2 is
still useful to _me_ (not least because it permits much easier support
of old-style server-side X11 fonts), and I recall hearing a rumour
that at least one kind of strange system can only run GTK 1, so for
the moment I don't intend to stop supporting either.

Including gdkkeysyms.h is not optional in GTK 2, because gdk.h does
not include it. In GTK 3 it does, so we don't explicitly reinclude it
ourselves.

We now build cleanly in GTK2 with -DGTK_DISABLE_SINGLE_INCLUDES. (But
that doesn't say much, because we did already! Apparently gdkkeysyms.h
was a special case which that #define didn't forbid.)
2015-08-08 15:10:43 +01:00
Simon Tatham
824ad9430c Make gtkask.c compile under GTK 1.
This is less than ideal - passphrase input now happens in ISO 8859-1,
and the passphrase prompt window is neither centred nor always-on-top.
But it basically works, and restores bare-minimum GTK 1 support to the
codebase as a whole.
2015-08-08 15:10:43 +01:00
Simon Tatham
4eddcb4c56 Fix braino in gtkask.c loop conditions.
If you're counting up to ms_limit in steps of ms_step, it's silly to
add ms_step at the end of the loop body _and_ increment the loop
variable by 1 in the loop header. I must have been half asleep.
2015-07-28 18:49:23 +01:00
Ben Harris
d21041f7f8 Add have_ssh_host_key() and use it to influence algorithm selection.
The general plan is that if PuTTY knows a host key for a server, it
should preferentially ask for the same type of key so that there's some
chance of actually getting the same key again.  This should mean that
when a server (or PuTTY) adds a new host key type, PuTTY doesn't
gratuitously switch to that key type and then warn the user about an
unrecognised key.
2015-05-30 01:01:36 +01:00
Simon Tatham
5ea2f3065e Unix Pageant: man page and online help.
I think Unix Pageant is now more or less usable, though of course I
wouldn't blame anyone for sticking with other SSH agent solutions.
2015-05-19 18:24:04 +01:00
Simon Tatham
35fde00fd1 Fix a compile warning with -DDEBUG.
An unguarded write() in the dputs function caused gcc -Werror to fail
to compile. I'm confused that this hasn't bitten me before, though -
obviously normal builds of PuTTY condition out the faulty code, but
_surely_ this can't be the first time I've enabled the developer
diagnostics since gcc started complaining about unchecked syscall
returns!
2015-05-18 21:17:21 +01:00
Simon Tatham
c8f83979a3 Log identifying information for the other end of connections.
When anyone connects to a PuTTY tool's listening socket - whether it's
a user of a local->remote port forwarding, a connection-sharing
downstream or a client of Pageant - we'd like to log as much
information as we can find out about where the connection came from.

To that end, I've implemented a function sk_peer_info() in the socket
abstraction, which returns a freeform text string as best it can (or
NULL, if it can't get anything at all) describing the thing at the
other end of the connection. For TCP connections, this is done using
getpeername() to get an IP address and port in the obvious way; for
Unix-domain sockets, we attempt SO_PEERCRED (conditionalised on some
moderately hairy autoconfery) to get the pid and owner of the peer. I
haven't implemented anything for Windows named pipes, but I will if I
hear of anything useful.
2015-05-18 14:03:10 +01:00
Simon Tatham
454fe4fdf7 askpass: don't treat releases of Ret or Esc as presses.
Caused an embarrassing failure just now trying to run the test program
from a command prompt - I had Return still held down by the time it
started up, and my release of it immediately terminated input :-)
2015-05-17 16:40:36 +01:00
Simon Tatham
89da2ddf56 Giant const-correctness patch of doom!
Having found a lot of unfixed constness issues in recent development,
I thought perhaps it was time to get proactive, so I compiled the
whole codebase with -Wwrite-strings. That turned up a huge load of
const problems, which I've fixed in this commit: the Unix build now
goes cleanly through with -Wwrite-strings, and the Windows build is as
close as I could get it (there are some lingering issues due to
occasional Windows API functions like AcquireCredentialsHandle not
having the right constness).

Notable fallout beyond the purely mechanical changing of types:
 - the stuff saved by cmdline_save_param() is now explicitly
   dupstr()ed, and freed in cmdline_run_saved.
 - I couldn't make both string arguments to cmdline_process_param()
   const, because it intentionally writes to one of them in the case
   where it's the argument to -pw (in the vain hope of being at least
   slightly friendly to 'ps'), so elsewhere I had to temporarily
   dupstr() something for the sake of passing it to that function
 - I had to invent a silly parallel version of const_cmp() so I could
   pass const string literals in to lookup functions.
 - stripslashes() in pscp.c and psftp.c has the annoying strchr nature
2015-05-15 12:47:44 +01:00
Simon Tatham
b5fd5969f4 Unix Pageant: fix further double-frees.
No need to sfree(err) before going to the cleanup code, because the
whole point of shared cleanup code is that that will do it for us.
2015-05-15 11:02:51 +01:00
Simon Tatham
a5fc95b715 Const-correctness of name fields in struct ssh_*.
All the name strings in ssh_cipher, ssh_mac, ssh_hash, ssh_signkey
point to compile-time string literals, hence should obviously be const
char *.

Most of these const-correctness patches are just a mechanical job of
adding a 'const' in the one place you need it right now, and then
chasing the implications through the code adding further consts until
it compiles. But this one has actually shown up a bug: the 'algorithm'
output parameter in ssh2_userkey_loadpub was sometimes returning a
pointer to a string literal, and sometimes a pointer to dynamically
allocated memory, so callers were forced to either sometimes leak
memory or sometimes free a bad thing. Now it's consistently
dynamically allocated, and should be freed everywhere too.
2015-05-15 10:12:06 +01:00
Simon Tatham
75b7ba26d3 Unix Pageant: implement GUI passphrase prompting.
I've written my own analogue of OpenSSH's ssh-askpass. At the moment,
it's contained inside Pageant proper, though it could easily be
compiled into a standalone binary as well or instead.

Unlike OpenSSH's version, I don't use a GTK edit box; instead I just
process key events myself and append them to a buffer. The big
advantage of doing this is that I can arrange for ^W and ^U to
function as they do in terminal line editing, i.e. delete a word or
delete the whole line.

^W in particular is really valuable when typing a multiple-word
passphrase unseen. If you feel yourself making the kind of typo in
which you're not sure if you pressed six keys or just five, you can
hit ^W and restart just that word, without either having to go right
back to the beginning or carry on and see if you feel lucky.

A delete-word function would of course be an information leak in even
an obscured edit box (displaying a blob per character), so instead I
give a visual acknowledgment of keypresses by a more ad-hoc means: I
display three lights in the box, and every meaningful keypress turns
off the currently active one and instead turns on a randomly selected
one of the others. (So the lit light doesn't even indicate _mod 3_ how
many keys have been pressed.)
2015-05-13 15:34:03 +01:00
Simon Tatham
460c45dd23 Unix Pageant: factor out have_controlling_tty().
I'm going to want to reuse it when deciding on a passphrase-prompting
strategy.
2015-05-13 14:00:29 +01:00
Simon Tatham
a181639521 Unix Pageant: fix a double-free when adding keys.
I had freed the comment string coming back from pageant_add_keyfile,
but not NULLed out the pointer, so that the cleanup code at the end of
the function would have freed it again.
2015-05-13 14:00:26 +01:00
Simon Tatham
c6c23ed84b Unix Pageant: support -D, to delete all keys. 2015-05-12 14:56:39 +01:00
Simon Tatham
e533097e15 Unix Pageant: provide public-key extraction options.
I've decided against implementing an option exactly analogous to
'ssh-add -L' (printing the full public key of everything in the
agent). Instead, you can identify a specific key to display in full,
by any of the same means -d lets you use, and then print it in either
of the public key formats we support.
2015-05-12 14:56:39 +01:00
Simon Tatham
4d88fe3dde Unix Pageant: support -d, to delete a key from the agent.
Unlike ssh-add, we can identify the key by its comment or by a prefix
of its fingerprint as well as using a public key file on disk. The
string given as an argument to -d is interpreted as whichever of those
things matches; disambiguating prefixes are available if needed.
2015-05-12 14:56:25 +01:00
Simon Tatham
511d967d25 Unix Pageant: first draft of -l key list option.
It doesn't look very pretty at the moment, but it lists the keys and
gets the fingerprints right.
2015-05-11 18:45:34 +01:00
Simon Tatham
af20ed5799 Unix Pageant: support loading keys.
You can now load keys at Pageant init time, by putting the key file
names as bare arguments on the command line, e.g. 'pageant -T key.ppk'
or 'pageant key.ppk --exec some command'; also, 'pageant -a key.ppk'
behaves more or less like ssh-add, contacting an existing agent to add
the key.

The askpass() function currently supports terminal-based prompting
only. X11 askpass is yet to be implemented.
2015-05-11 18:07:14 +01:00
Simon Tatham
cd528f3e76 Unix Pageant: link in uxagentc.c and uxcons.c.
This brings in the code we'll need to request passphrases from the
terminal, and to talk to an existing SSH agent as a client.

Adding uxcons.c required adjusting the set of stub functions in
uxpgnt.c: uxcons.c removed the need for several, but added one of its
own (log_eventlog). A net win, though.
2015-05-11 18:06:13 +01:00
Simon Tatham
da944972d8 Unix Pageant: prepare to add client-side modes.
I've moved the setup and running of the actual agent server into
run_agent(), so that main() is now only command-line parsing and
validation. We recognise a collection of new command-line options for
talking to an existing agent as a client (analogous to ssh-add), which
go to a new run_client() function, but I haven't filled in that
function itself yet.
2015-05-11 17:56:37 +01:00
Simon Tatham
b4f17f26e3 Support synchronous agent requests on Unix.
This is only intended for use in Unix Pageant; for any application
that's actually trying to get something else useful done at the same
time as the agent request is pending, it's much more sensible to use
the more rigorous existing approach of requesting a callback once the
agent request is answered.

Adding this mode is the easiest way to allow Unix Pageant's
command-line key loading to work, but it doesn't solve the underlying
problem that the supposedly cross-platform pageant_add_keyfile will
not work on a platform where we really _are_ constrained to do agent
requests asynchronously (perhaps because we're a GUI app in some
system that doesn't let us control our own top-level event loop).

If and when that situation arises, I'll have no choice but to turn
pageant_add_keyfile and friends (specifically, any function in
pageant.c that calls agent_query) into coroutine-structured functions,
and have clients call them repeatedly until they return 'finished'.

But for now, this is a lot easier!
2015-05-11 17:52:19 +01:00
Simon Tatham
8228085c54 Unix Pageant: move handling of --exec arguments.
Now --exec instantly terminates option processing, by treating
everything after it as the command. This means it doesn't matter if
the --exec command word looks like another option, and it also means
we can simplify the handling of real non-option argument words, when I
get round to adding some for loading keys.
2015-05-11 15:49:09 +01:00
Simon Tatham
c59c6a8db9 Unix Pageant: -T option, tying lifetime to controlling tty.
This is intended to be a useful mode when you want to run an ssh agent
in a terminal session with no X11 available. You just execute a
command along the lines of eval $(pageant -T), and then Pageant will
run in the background for the rest of that terminal session - and when
the terminal session ends, so that Pageant loses its controlling tty,
it will take that as the signal to shut down. So, no need to manually
kill it, and unlike 'pageant --exec $SHELL', you can also do this half
way through a session if you don't realise until later that you need
an SSH agent, without losing any shell command history or other shell
context that you've accumulated so far in the session.

Unfortunately, I haven't been able to find any reliable way to
actually implement this -T mode, short of having Pageant wake up at
regular intervals and try to open /dev/tty to see if it's still there.
I had hoped that I could arrange to reliably get SIGHUP, or select on
/dev/tty for exceptional conditions, or some such, but nothing I've
tried along those lines seems to work.
2015-05-11 13:12:47 +01:00
Simon Tatham
42c592c4ef Completely remove the privdata mechanism in dialog.h.
The last use of it, to store the contents of the saved session name
edit box, was removed nearly two years ago in svn r9923 and replaced
by ctrl_alloc_with_free. The mechanism has been unused ever since
then, and I suspect any further uses of it would be a bad idea for the
same reasons, so let's get rid of it.
2015-05-08 19:04:16 +01:00
Simon Tatham
f4956a1f9d Fix two small memory leaks in config mechanism.
The memory dangling off ssd->sesslist should be freed when ssd itself
goes away, and the font settings ctrlset we delete in gtkcfg.c should
be freed as well once it's been removed from its containing array.

Thanks to Ranjini Aravind for pointing these out.
2015-05-08 18:57:18 +01:00
Simon Tatham
47c9a6ef0b Clean up Unix Pageant's setup and teardown.
I've moved the listening socket setup back to before the lifetime
preparations, so in particular we find out that we couldn't bind to
the socket _before_ we fork. The only part that really needed to come
after lifetime setup was the logging setup, so that's now a separate
function called later.

Also, the random exit(0)s in silly places like x11_closing have turned
into setting a time_to_die flag, so that all clean exits funnel back
to the end of main() which at least tries to tidy up a bit afterwards.

(Finally, fixed a small bug in testing the return value of waitpid(),
which only showed up once we didn't exit(0) after the first wait.
Ahem.)
2015-05-07 19:06:12 +01:00
Simon Tatham
bc4066e454 Put proper logging into Pageant.
Now it actually logs all its requests and responses, the fingerprints
of keys mentioned in all messages, and so on.

I've also added the -v option, which causes Pageant in any mode to
direct that logging information to standard error. In --debug mode,
however, the logging output goes to standard output instead (because
when debugging, that information changes from a side effect to the
thing you actually wanted in the first place :-).

An internal tweak: the logging functions now take a va_list rather
than an actual variadic argument list, so that I can pass it through
several functions.
2015-05-06 19:45:04 +01:00
Simon Tatham
340143cea7 Remove some FIXMEs left in from initial work.
LIFE_EXEC is already dealt with, and I forgot to take out the comment
reminding me to do it, ahem.

The LIFE_PARENT mentioned in the same comment was an idea I had but
couldn't think of a way to make it work: if you have a terminal-only
shell session in which you want to eval $(ssh-agent), then it's
annoying and fragile to have to remember to kill the agent when you
log out, so you'd like it to automatically tie its lifetime to that of
the shell from which you invoked it. Unfortunately, I don't know of
any way to do that without race conditions. (E.g. if only pageant
didn't fork, then it could poll its own ppid until it became 1 - but
the child process would find it was 1 already.)
2015-05-06 18:08:05 +01:00
Simon Tatham
c52108234b Provide a Unix port of Pageant.
This is much more like ssh-agent than the Windows version is - it sets
SSH_AUTH_SOCK and SSH_AGENT_PID as its means of being found by other
processes, rather than Windows Pageant's approach of establishing
itself in a well-known location. But the actual agent code is the same
as Windows Pageant.

For the moment, this is an experimental utility and I don't expect it
to be useful to many people; its immediate use to me is that it
provides a way to test and debug the agent code on Unix, and also to
use the agent interface as a convenient way to exercise public key
functions I want to debug. And of course it means I can be constantly
using and testing my own code, on whatever platform I happen to be
using. In the further future, I have a list of possible features I
might add to it, but I don't know which ones I'll decide are
worthwhile.

One feature I've already put in is a wider range of lifetime
management options than ssh-agent: the -X mode causes Pageant to make
a connection to your X display, and automatically terminate when that
connection closes, so that it has the same lifetime as your X session
without having to do the cumbersome trick of exec()ing the subsequent
session-management process.
2015-05-05 20:16:23 +01:00
Simon Tatham
76e2ffe49d Move make_dir_and_check_ours() out into uxmisc.c.
I'm going to want to use it for a second purpose in a minute.
2015-05-05 20:16:22 +01:00
Jacob Nevins
954df095f4 Merge branch 'pre-0.64' 2015-01-08 23:50:34 +00:00
Jacob Nevins
3a9ce5074d Use local username consistently in Unix Plink.
It tries to use the local username as the remote username if it has no
better ideas, but the presence of Default Settings would defeat this,
even if it had no username set. Reported by Jonathan Amery.
2015-01-05 23:51:12 +00:00
Jacob Nevins
5904545cc1 Merge branch 'pre-0.64' 2015-01-05 23:49:25 +00:00
Jacob Nevins
f3685eb948 Fix a copy-and-pasted comment. 2015-01-05 23:48:11 +00:00
Jacob Nevins
bff08a95e7 It's a new year. 2015-01-05 23:48:11 +00:00
Simon Tatham
23208779e7 Merge branch 'pre-0.64' 2014-12-20 18:52:40 +00:00
Simon Tatham
fe24f4dfba Add a missing freeaddrinfo() in Unix sk_newlistener.
If we use getaddrinfo to translate the source IP address into a
sockaddr, then we need to freeaddrinfo the returned data later. Patch
due to Tim Kosse.
2014-12-20 17:00:01 +00:00
Simon Tatham
d23c0972cd Merge branch 'pre-0.64' 2014-11-22 16:42:01 +00:00
Simon Tatham
8c09f85a64 Stop referring to Plink as "PuTTY Link".
I don't think anyone has ever actually called it that, colloquially
_or_ formally, and if anyone ever did (in a bug report, say) I'd
probably have to stop and think to work out what they meant. It's
universally called Plink, and should be officially so as well :-)
2014-11-22 16:39:25 +00:00
Simon Tatham
c269dd0135 Move echo/edit state change functionality out of ldisc_send.
I'm not actually sure why we've always had back ends notify ldisc of
changes to echo/edit settings by giving ldisc_send(ldisc,NULL,0,0) a
special meaning, instead of by having a separate dedicated notify
function with its own prototype and parameter set. Coverity's recent
observation that the two kinds of call don't even have the same
requirements on the ldisc (particularly, whether ldisc->term can be
NULL) makes me realise that it's really high time I separated the two
conceptually different operations into actually different functions.

While I'm here, I've renamed the confusing ldisc_update() function
which that special operation ends up feeding to, because it's not
actually a function applying to an ldisc - it applies to a front end.
So ldisc_send(ldisc,NULL,0,0) is now ldisc_echoedit_update(ldisc), and
that in turn figures out the current echo/edit settings before passing
them on to frontend_echoedit_update(). I think that should be clearer.
2014-11-22 16:18:00 +00:00
Jacob Nevins
38ec5cbb6b Merge Gtk event log fix from 'pre-0.64'. 2014-11-08 22:22:49 +00:00
Jacob Nevins
a45f4c2955 Fix a double-free in the Gtk event log.
It could occur some time after a line was selected in the event log
window.
2014-11-08 22:22:34 +00:00
Simon Tatham
880421a9af Add Christopher Staite to the list of copyright holders. 2014-11-02 18:16:54 +00:00
Jacob Nevins
a44a6c3c54 Move -sercfg out of the "SSH only" section of command-line help.
[originally from svn r10230]
2014-09-20 22:51:27 +00:00
Jacob Nevins
addf6219bd Update command-line help and man pages for -hostkey.
[originally from svn r10229]
2014-09-20 22:49:47 +00:00
Simon Tatham
24cd95b6f9 Change the naming policy for connection-sharing Unix sockets.
I had initially assumed that, since all of a user's per-connection
subdirectories live inside a top-level putty-connshare.$USER directory
that's not accessible to anyone else, there would be no need to
obfuscate the names of the internal directories for privacy, because
nobody would be able to look at them anyway.

Unfortunately, that's not true: 'netstat -ax' run by any user will
show up the full pathnames of Unix-domain sockets, including pathname
components that you wouldn't have had the access to go and look at
directly. So the Unix connection sharing socket names do need to be
obfuscated after all.

Since Unix doesn't have Windows's CryptProtectMemory, we have to do
this manually, by creating a file of random salt data inside the
top-level putty-connshare directory (if there isn't one there already)
and then hashing that salt with the "user@host" connection identifier
to get the socket directory name. What a pain.

[originally from svn r10222]
2014-09-09 12:47:39 +00:00
Simon Tatham
f3860ec95e Add an option to suppress horizontal scroll bars in list boxes.
I'm about to add a list box which expects to contain some very long
but uninformative strings, and which is also quite vertically squashed
so there's not much room for a horizontal scroll bar to appear in it.
So here's an option in the list box specification structure which
causes the constructed GTKTreeView to use the 'ellipsize' option for
all its cell renderers, i.e. too-long strings are truncated with an
ellipsis.

Windows needs no change, because its list boxes already work this way.

[originally from svn r10219]
2014-09-09 11:46:14 +00:00
Simon Tatham
bc8de8a331 Another fix to timer handling.
Robert de Bath points out that failure to remove the timer whose
callback returned FALSE may not have been the cause of runaway timer
explosion; another possibility is that a function called from
timer_trigger()'s call to run_timers() has already set a timer up by
the time run_timers() returns, and then we set another one up on top
of it. Fix that too.

[originally from svn r10206]
2014-07-13 07:49:29 +00:00
Simon Tatham
4647eded7c Work around a timer leak with GTK 2.4.22 on openSUSE 13.1.
Mihkel Ader reports that on that system, timers apparently aren't
getting auto-destroyed when timer_trigger returns FALSE, so the change
in r10181 has caused GTK PuTTY to gradually allocate more and more
timers and consume more and more CPU as they all keep firing.

As far as I can see, this must surely be a bug in GTK 2 (the docs say
that timers _are_ auto-destroyed when their callback returns false),
and it doesn't seem to happen for me with GTK 2.4.23 on Ubuntu 14.04.
However, I'll try to work around it by _explicitly_ destroying each
old timer before we zero out the variable containing its id.

[originally from svn r10202]
[r10181 == e4c4bd2092]
2014-07-08 22:22:12 +00:00
Simon Tatham
e4c4bd2092 Fix an annoying warning from GTK on Ubuntu 14.04.
Timer objects evaporate when our timer_trigger callback is called, and
therefore we should not remember their ids beyond that time and
attempt to cancel them later. Previous versions of GTK silently
ignored us doing that, but upgrading to Ubuntu Trusty has given me a
version of GTK that complains about it, so let's stop doing it.

[originally from svn r10181]
2014-04-20 16:48:18 +00:00
Simon Tatham
a947c49bec Move the Unix configure script up to the top level.
Previously, 'configure' and its assorted machinery lived in the 'unix'
subdir, because that seemed like a clean place to keep it given that
all the other per-platform Makefiles live in their platform
directories. However, this never sat all that happily with autotools,
and even less so now that it likes to have object file pathnames
parallel source file pathnames: if you have Makefile.am refer to
source files outside its subdir as "../terminal.c" and enable
subdir-objects then any out-of-tree build calls the corresponding
object file "../terminal.o" and so your build products mostly end up
at the directory above your build dir! And as of autotools 1.14 my
previous compensatory bodge of prefixing every source file path in
Makefile.am with "$(srcdir)" has stopped working too.

So I'm giving in to necessity, and changing policy by moving the
configure machinery up to the top level of the source tree where
autotools will be less confused by it. This should not be taken as any
indication of the primacy of the Unix port, only of the recalcitrance
of autotools.

Whereas before we had a trivial script called 'configure' at the top
level that invoked unix/configure to effectively do an 'out-of-tree
build' (for make purposes) at the top level of the source tree, we now
have a similar script in unix/configure. So this _should_ make very
little difference: people who were previously running configure from
the top level should still be able to, and likewise people who were
running it from the unix subdir.

[originally from svn r10141]
2014-02-22 18:01:32 +00:00
Simon Tatham
f272ea88db Enable xterm mouse reporting of wheel actions in GTK.
I had somehow missed this completely out of the GTK mouse-button
handling and never noticed until now!

Of course, like any other mouse action, if you want it to be handled
locally rather than passed through then you can hold down Shift.

[originally from svn r10139]
2014-02-16 16:40:46 +00:00
Simon Tatham
0f04cab151 Revert half of r10135, and re-fix properly.
One of my changes in uxnet.c was outside the NO_IPV6 ifdef, and broke
compilation in the normal mode. Revert all changes in that file and
replace with a reference to the 'step' parameter in the no-IPv6
version of the SOCKADDR_FAMILY macro, so that those warnings are
squelched anyway.

[originally from svn r10136]
[r10135 == e00a004e64]
2014-02-05 21:51:25 +00:00
Simon Tatham
e00a004e64 Fix warnings when compiling with -DNO_IPV6.
A user pointed out that 'family' was uninitialised in config.c, and
when I tried test-building with -DNO_IPV6 (and the usual -Werror, of
course) some unused variables showed up in uxnet.c too.

[originally from svn r10135]
2014-02-04 22:37:53 +00:00
Simon Tatham
2b70f39061 Avoid misidentifying unbracketed IPv6 literals as host:port.
Both GUI PuTTY front ends have a piece of logic whereby a string is
interpreted as host:port if there's _one_ colon in it, but if there's
more than one colon then it's assumed to be an IPv6 literal with no
trailing port number. This permits the PuTTY command line to take
strings such as 'host', 'host:22' or '[::1]:22', but also cope with a
bare v6 literal such as '::1'.

This logic is also required in the two Plink front ends and in the
processing of CONF_loghost for host key indexing in ssh.c, but was
missing in all those places. Add it.

[originally from svn r10121]
2014-01-25 15:58:57 +00:00
Simon Tatham
8da4fa5063 Use the new host_str* functions to improve IPv6 literal support.
I've gone through everywhere we handle host names / addresses (on
command lines, in PuTTY config, in port forwarding, in X display
names, in host key storage...) and tried to make them handle IPv6
literals sensibly, by using the host_str* functions I introduced in my
previous commit. Generally it's now OK to use a bracketed IPv6 literal
anywhere a hostname might have been valid; in a few cases where no
ambiguity exists (e.g. no :port suffix is permitted anyway)
unbracketed IPv6 literals are also acceptable.

[originally from svn r10120]
2014-01-25 15:58:54 +00:00
Jacob Nevins
bd119b1fba It's a new year.
[originally from svn r10114]
2014-01-15 23:57:54 +00:00
Simon Tatham
df1eee6027 Make GTK idle and quit function setup idempotent.
I found last week that when a local proxy process terminated
unexpectedly, Unix PuTTY went into a tight loop calling quit
functions, because if idle_toplevel_callback_func is called from
inside a subsidiary gtk_main then it will schedule a quit function and
_not_ disable itself, so that that quit function keeps being
rescheduled on subsequent calls.

To fix, I've tried to make the whole handling of idle and quit
functions more sensibly robust: we keep our own boolean flag
indicating whether each of our functions has already been scheduled
with GTK, and if so, we don't schedule the same one again. Also, when
idle_toplevel_callback_func schedules a quit function, it should
unschedule itself since it's now done everything it can until a
gtk_main instance quits.

[originally from svn r10100]
2013-11-30 18:04:57 +00:00
Simon Tatham
b12fbeffd6 Restore compatibility with older autoconfs.
The one in Ubuntu 10.04 doesn't know what AM_PROG_AR means, so
configure.ac was broken in r10053 when fixing compatibility with later
versions; you can't win...

[originally from svn r10086]
[r10053 == 2d9cc79d53]
2013-11-18 19:07:11 +00:00
Simon Tatham
85d1e7608e Fix an assortment of dupprintf() format string bugs.
I've enabled gcc's format-string checking on dupprintf, by declaring
it in misc.h to have the appropriate GNU-specific attribute. This
pointed out a selection of warnings, which I've fixed.

[originally from svn r10084]
2013-11-17 14:05:44 +00:00
Simon Tatham
bb78583ad2 Implement connection sharing between instances of PuTTY.
The basic strategy is described at the top of the new source file
sshshare.c. In very brief: an 'upstream' PuTTY opens a Unix-domain
socket or Windows named pipe, and listens for connections from other
PuTTYs wanting to run sessions on the same server. The protocol spoken
down that socket/pipe is essentially the bare ssh-connection protocol,
using a trivial binary packet protocol with no encryption, and the
upstream has to do some fiddly transformations that I've been
referring to as 'channel-number NAT' to avoid resource clashes between
the sessions it's managing.

This is quite different from OpenSSH's approach of using the Unix-
domain socket as a means of passing file descriptors around; the main
reason for that is that fd-passing is Unix-specific but this system
has to work on Windows too. However, there are additional advantages,
such as making it easy for each downstream PuTTY to run its own
independent set of port and X11 forwardings (though the method for
making the latter work is quite painful).

Sharing is off by default, but configuration is intended to be very
easy in the normal case - just tick one box in the SSH config panel
and everything else happens automatically.

[originally from svn r10083]
2013-11-17 14:05:41 +00:00
Simon Tatham
8be6fbaa09 Remove sk_{get,set}_private_ptr completely!
It was only actually used in X11 and port forwarding, to find internal
state structures given only the Socket that ssh.c held. So now that
that lookup has been reworked to be the sensible way round,
private_ptr is no longer used for anything and can be removed.

[originally from svn r10075]
2013-11-17 14:04:48 +00:00
Simon Tatham
489590cbd4 Reliably initialise uxnet's socket fd fields to -1.
This prevents embarrassing mess-ups involving getting back a Socket
which has mostly been memset to 0 but contains an error message,
sk_close()ing it to free the memory, and finding that standard input
has been closed as a side effect.

[originally from svn r10073]
2013-11-17 14:04:33 +00:00
Simon Tatham
6f6e9db932 Add support in uxnet.c for Unix-domain listening sockets.
There are two new functions: one to construct a SockAddr wrapping a
Unix socket pathname (which can also be used as the destination for
new_connection), and one to establish a new listening Unix-domain
socket.

[originally from svn r10072]
2013-11-17 14:04:29 +00:00
Simon Tatham
19fba3fe55 Replace the hacky 'OSSocket' type with a closure.
The mechanism for constructing a new connection-type Socket when a
listening one receives an incoming connection previously worked by
passing a platform-specific 'OSSocket' type to the plug_accepting
function, which would then call sk_register to wrap it with a proper
Socket instance. This is less flexible than ideal, because it presumes
that only one kind of OS object might ever need to be turned into a
Socket. So I've replaced OSSocket throughout the code base with a pair
of parameters consisting of a function pointer and a context such that
passing the latter to the former returns the appropriate Socket; this
will permit different classes of listening Socket to pass different
function pointers.

In deference to the reality that OSSockets tend to be small integers
or pointer-sized OS handles, I've made the context parameter an
int/pointer union that can hold either of those directly, rather than
the usual approach of making it a plain 'void *' and requiring a
context structure to be dynamically allocated every time.

[originally from svn r10068]
2013-11-17 14:03:55 +00:00
Simon Tatham
2d9cc79d53 Fix build failures on Ubuntu 13.10.
Automake now insists that we run AM_PROG_AR if we're going to build a
library, and AM_PROG_CC_C_O if we're going to build anything with
extra compile options. Those extra macros seem harmless in previous
versions of automake.

[originally from svn r10053]
2013-10-26 14:00:10 +00:00
Simon Tatham
7223973988 Fix cut-and-paste errors in nonfatal() implementations.
Unix GUI programs should not say 'Fatal Error' in the message box
title, and Plink should not destroy its logging context as a side
effect of printing a non-fatal error. Both appear to have been due to
inattentive cut and paste from the pre-existing fatal error functions.

[originally from svn r10044]
2013-09-23 14:35:08 +00:00
Simon Tatham
5c4ce2fadf Only run one toplevel callback per event loop iteration.
This change attempts to reinstate as a universal property something
which was sporadically true of the ad-hockery that came before
toplevel callbacks: that if there's a _very long_ queue of things to
be done through the callback mechanism, the doing of them will be
interleaved with re-checks of other event sources, which might (e.g.)
cause a flag to be set which makes the next callback decide not to do
anything after all.

[originally from svn r10040]
2013-09-15 14:05:31 +00:00
Simon Tatham
6805bdcd6a Don't run toplevel callbacks in modal dialogs.
Because some of them can call gtk_main_quit(), which completely
confuses the dialog box system.

[originally from svn r10029]
2013-08-18 10:56:20 +00:00
Simon Tatham
d35a41f6ba Revamp net_pending_errors using toplevel callbacks.
Again, I've removed the special-purpose ad-hockery from the assorted
front end message loops that dealt with deferred handling of socket
errors, and instead uxnet.c and winnet.c arrange that for themselves
by calling the new general top-level callback mechanism.

[originally from svn r10023]
2013-08-17 16:06:27 +00:00
Simon Tatham
a44366585f Revamp GTK's session close handling using toplevel callbacks.
Instead of having a special GTK idle function for dealing with session
closing, I now use the new top-level callback mechanism which is
slightly simpler for calling a one-off function.

Also in this commit, I've arranged for connection_fatal to queue a
call to the same session close function after displaying the message
box, with the effect that now all the same processing takes place no
matter whether the session closes cleanly or uncleanly - e.g. the SSH
specials submenu is cleaned out, as it should be.

[originally from svn r10022]
2013-08-17 16:06:22 +00:00
Simon Tatham
7be9af74ec Revamp the terminal paste mechanism using toplevel callbacks.
I've removed the ad-hoc front-end bodgery in the Windows and GTK ports
to arrange for term_paste to be called at the right moments, and
instead, terminal.c itself deals with knowing when to send the next
chunk of pasted data using a combination of timers and the new
top-level callback mechanism.

As a happy side effect, it's now all in one place so I can actually
understand what it's doing! It turns out that what all that confusing
code was up to is: send a line of pasted data, and delay sending the
next line until either a CR or LF is returned from the server
(typically indicating that the pasted text has been received and
echoed) or 450ms elapse, whichever comes first.

[originally from svn r10020]
2013-08-17 16:06:12 +00:00
Simon Tatham
75c79e318f Add a general way to request an immediate top-level callback.
This is a little like schedule_timer, in that the callback you provide
will be run from the top-level message loop of whatever application
you're in; but unlike the timer mechanism, it will happen
_immediately_.

The aim is to provide a general way to avoid re-entrance of code, in
cases where just _doing_ the thing you want done is liable to trigger
a confusing recursive call to the function in which you came to the
decision to do it; instead, you just request a top-level callback at
the message loop's earliest convenience, and do it then.

[originally from svn r10019]
2013-08-17 16:06:08 +00:00
Jacob Nevins
0cc6fb8bfe Belatedly update the copyright year to 2013.
[originally from svn r9993]
[this svn revision also touched putty-website]
2013-08-05 15:15:17 +00:00
Simon Tatham
808df44e54 Add an assortment of missing consts I've just noticed.
[originally from svn r9972]
2013-07-27 18:35:48 +00:00
Simon Tatham
61e555ec79 Rationalise null pointer checks in both decode_codepage functions, so
that decode_codepage(NULL) and decode_codepage("") both return the
default character set.

[originally from svn r9961]
2013-07-22 07:12:05 +00:00
Simon Tatham
7426b8f215 Completely remove the 'frozen_readable' mechanism from uxnet.c. It
parallels a similar mechanism in winnet.c and came over by copy and
paste, but is pointless in the Unix networking API.

On Windows, if you're using a mechanism such as WSAAsyncSelect which
delivers readability notifications as messages rather than return
values from a system call, you only get notified that a socket is
readable once - it remembers that it's told you, and doesn't tell you
again until after you've done a read. So in the case where we
intentionally stop reading from a socket because our local buffer is
full, and later want to start reading again, we do a read from the
socket with MSG_PEEK set, and that clears Windows's flag and tells it
to start sending us readability notifications again.

On Unix, select() and friends didn't do anything so strange in the
first place, so the whole mechanism is unnecessary.

[originally from svn r9951]
2013-07-21 07:40:36 +00:00
Simon Tatham
77791de4e1 Fix error checking in uxstore.c: add a missing check, and fix a
mis-cut-and-pasted one.

[originally from svn r9950]
2013-07-21 07:40:30 +00:00
Simon Tatham
f1d6fa4712 When I turned fcntls into noncloexecs in r9940, I missed one.
[originally from svn r9949]
[r9940 == b426872219]
2013-07-21 07:40:28 +00:00
Simon Tatham
08d46fca51 Two more memory leak fixes, on error paths I didn't spot in r9919.
[originally from svn r9948]
[r9919 == ea301bdd9b]
2013-07-21 07:40:26 +00:00
Simon Tatham
adf8b3222f Fix leak of 'fname' introduced by the rewrite of write_random_seed in
r9933.

[originally from svn r9945]
[r9933 == 2854ae1f33]
2013-07-20 13:15:16 +00:00
Simon Tatham
3af26af19e Redo a mis-fix of a memory leak in r9919: I added sfree(data)
immediately after conf_deserialise in the Duplicate Session receiver,
whereas I should have put it after the subsequent loop that extracts
the pty argv if any.

[originally from svn r9943]
[r9919 == ea301bdd9b]
2013-07-20 13:15:10 +00:00
Simon Tatham
b426872219 Centralise calls to fcntl into functions that carefully check the
error returns.

[originally from svn r9940]
2013-07-19 18:10:02 +00:00
Simon Tatham
96f3589e16 Add an error check to every setsockopt call in uxnet.c.
[originally from svn r9939]
2013-07-19 17:45:01 +00:00
Simon Tatham
407fd7b9ab Better error reporting when failing to save a session.
[originally from svn r9937]
2013-07-19 17:44:53 +00:00
Simon Tatham
13bac5ed69 Add some missing calls to cleanup_exit.
[originally from svn r9936]
2013-07-19 17:44:47 +00:00
Simon Tatham
b4adf61bc7 Report errors in store_host_key too.
[originally from svn r9934]
2013-07-19 17:44:38 +00:00
Simon Tatham
2854ae1f33 Add proper error reports in write_random_seed, via the new 'nonfatal'
error reporting function.

[originally from svn r9933]
2013-07-19 17:44:33 +00:00
Simon Tatham
acf38797eb Add a nonfatal() function everywhere, to be used for reporting things
that the user really ought to know but that are not actually fatal to
continued operation of PuTTY or a single network connection.

[originally from svn r9932]
2013-07-19 17:44:28 +00:00
Simon Tatham
1d21346d4c Add a missing error check in pterm's child-process setup. Shouldn't
really fail, but might as well be careful.

[originally from svn r9931]
2013-07-19 17:44:22 +00:00
Simon Tatham
ea301bdd9b Fix another giant batch of resource leaks. (Mostly memory, but there's
one missing fclose too.)

[originally from svn r9919]
2013-07-14 10:46:07 +00:00
Simon Tatham
896bb7c74d Tighten up a lot of casts from unsigned to int which are read by one
of the GET_32BIT macros and then used as length fields. Missing bounds
checks against zero have been added, and also I've introduced a helper
function toint() which casts from unsigned to int in such a way as to
avoid C undefined behaviour, since I'm not sure I trust compilers any
more to do the obviously sensible thing.

[originally from svn r9918]
2013-07-14 10:45:54 +00:00
Simon Tatham
1662a2f6cf Fix an always-false if statement which was causing the window border
not to be redrawn when the user reconfigured the background colour.

[originally from svn r9917]
2013-07-14 10:45:48 +00:00
Simon Tatham
3d69dd2071 Add missing checks in update_for_intended_size() in the font selector
code, which would have coped badly if ever asked to select the first
font in the list at a size smaller than it supported. Luckily the
first font tended to be one of the X numeric aliases (e.g. 10x20)
which was stored with size zero, so this probably didn't actually come
up for anyone, but better safe than sorry.

[originally from svn r9910]
2013-07-11 17:24:28 +00:00
Simon Tatham
5a04ae3420 Fix a pty-freeing error which caused a segfault if you attempted to
use Restart Session in a post-not-close-on-exit pterm.

[originally from svn r9909]
2013-07-11 17:24:23 +00:00
Simon Tatham
1f3901a3a2 Add some missing null checks for inst->ldisc, which were causing
segfaults if a PuTTY or pterm did not close on exit and then you
either typed something via input_method_commit_event or changed the
line editing or echo settings.

[originally from svn r9908]
2013-07-11 17:24:20 +00:00
Simon Tatham
916cd3f0cd Remove another pointless null check, this time of inst->back in the
function which has just dereferenced it to get the exit code.

[originally from svn r9907]
2013-07-11 17:24:14 +00:00
Simon Tatham
bbc9709b48 A collection of small bug fixes from Chris West, apparently spotted by
Coverity: assorted language-use goofs like freeing the wrong thing or
forgetting to initialise a string on all code paths.

[originally from svn r9889]
2013-07-01 17:56:33 +00:00
Simon Tatham
c5876a8ba2 Fallback for manual setup of GTK 1, if autoconf is run on a system
where the GTK1 detection function AM_PATH_GTK hasn't been provided by
/usr/share/aclocal/gtk.m4 or equivalent.

(Systems without gtk.m4 are becoming more common, but on the other
hand I know at least one person is still using GTK 1 PuTTY since the
0.62 release.)

[originally from svn r9868]
2013-06-15 19:58:10 +00:00
Simon Tatham
15f1bc7cdb It's probably well past time for this: change PuTTY's default
character set configuration to UTF-8, on both Windows and Unix, and
reorganise the dropdown lists in the Translation menu so that UTF-8
appears at the top (and Unix's odd "use font encoding" is relegated to
the bottom of the list like the special-purpose oddity it is).

[originally from svn r9843]
2013-05-25 14:03:19 +00:00
Simon Tatham
a9eb51b7d4 Remove the half-hearted attempt to make the utmp helper process drop
privileges just before dying of a fatal signal. I'm not sure what I
intended it for in the first place; it certainly isn't doing its job
properly (no setgid), it's causing compiler warnings due to not
checking the setuid return code, and we can't think of any useful
purpose for it.

[originally from svn r9766]
2013-02-24 19:28:13 +00:00
Simon Tatham
74bc2635ad Don't forget to check the return values of setuid and friends.
[originally from svn r9764]
2013-02-23 21:00:29 +00:00
Simon Tatham
896f9f2256 Reorganise setup_fonts_ucs so that in case of error it does nothing
and returns its error message as a string, instead of actually
printing it on standard error and exiting. Now we can preserve the
previous error behaviour when we get a nonexistent font name at
startup time, but no longer rudely terminate in mid-session if the
user configures a bogus font name in Change Settings.

[originally from svn r9745]
2013-01-13 21:59:10 +00:00
Simon Tatham
9a7dd918da Switch round a bogus if statement I've just noticed. Both the write to
pty_utmp_helper_pipe _and_ the close of it if we're not going to write
should be conditionalised on the pipe existing, rather than just the
former!

[originally from svn r9729]
2012-12-18 09:19:04 +00:00
Simon Tatham
7c22b1d755 Patch from Brad Smith to use posix_openpt() instead of
open("/dev/ptmx"), where the former is available. Improves
portability, since at least one OS (OpenBSD) supports the POSIX pty
functions but does it via an underlying mechanism which doesn't
involving having a /dev/ptmx.

[originally from svn r9728]
2012-12-18 09:02:38 +00:00
Simon Tatham
25c45bf043 Use O_NOCTTY (if available) when opening /dev/ptmx, just in case any
OS doesn't automatically assume it.

(It would seem faintly weird to me - surely opening the master end of
a given pty is a fairly good indication that you're _not_ a process
running inside it which wants to have it available as /dev/tty! But
you never know...)

[originally from svn r9727]
2012-12-18 09:02:38 +00:00
Simon Tatham
58870f60e4 If you configure Unix PuTTY to use a proxy, tell it to even proxy
localhost connections, and also enable X forwarding in such a way that
it will attempt to connect to a Unix-domain X server socket, an
assertion will fail when proxy_for_destination() tries to call
sk_getaddr(). Fix by ensuring that Unix-domain sockets are _never_
proxied, since they fundamentally can't be.

[originally from svn r9688]
2012-10-16 20:15:51 +00:00
Simon Tatham
5db48dcddb Make --help and --version work consistently across all tools.
Well, at least across all command-line tools on both Windows and Unix,
and the GTK apps on Unix too. The Windows GUI apps fundamentally can't
write to standard output and it doesn't seem sensible to use message
boxes for these purposes :-)

[originally from svn r9673]
2012-09-19 17:08:15 +00:00
Ben Harris
d5836982e2 Two related changes to timing code:
First, make absolute times unsigned.  This means that it's safe to 
depend on their overflow behaviour (which is undefined for signed 
integers).  This requires a little extra care in handling comparisons, 
but I think I've correctly adjusted them all.

Second, functions registered with schedule_timer() are guaranteed to be 
called with precisely the time that was returned by schedule_timer().  
Thus, it's only necessary to check these values for equality rather than 
doing risky range checks, so do that.

The timing code still does lots that's undefined, unnecessary, or just
wrong, but this is a good start.

[originally from svn r9667]
2012-09-18 21:42:48 +00:00
Ben Harris
3fad1f402b Improve window-size handling in Unix Plink.
Unconditionally override the configured terminal size with the one
from stdin if it's available.  This avoids the silliness whereby if
Default Settings had a terminal size set, Plink used this and thus
caused the server to use the wrong size.

[originally from svn r9624]
2012-08-25 22:57:39 +00:00
Simon Tatham
aa5bae8916 Introduce a new utility function smemclr(), which memsets things to
zero but does it in such a way that over-clever compilers hopefully
won't helpfully optimise the call away if you do it just before
freeing something or letting it go out of scope. Use this for
(hopefully) every memset whose job is to destroy sensitive data that
might otherwise be left lying around in the process's memory.

[originally from svn r9586]
2012-07-22 19:51:50 +00:00
Simon Tatham
3d3052f680 Add '-Wall -Werror' to the compile options in the autotools makefile,
having just noticed that Makefile.gtk had it and this one doesn't. (Of
course, this being autoconf, we can easily enough make it conditional
on the compiler actually being gcc.)

[originally from svn r9583]
2012-07-19 04:42:34 +00:00
Simon Tatham
75239b955b If pterm's execvp fails when given the whole argument list after -e,
and the argument list contains only one string, try again by passing
that single string to "$SHELL -c" to be parsed as a shell command.
This matches xterm's behaviour (as of xterm 261, at least), and means
in practice that users can do _either_ of 'pterm -e some command' and
'pterm -e "some command"'.

(A quick survey suggests that the majority of X terminal programs agree
with pterm's old behaviour of only supporting '-e some command',
except that gnome-terminal only supports the other behaviour and xterm
supports both. With that disagreement, I think supporting both is
probably the sensible thing.)

[originally from svn r9575]
2012-07-11 18:12:17 +00:00
Simon Tatham
a3f74661c8 Turns out that the compose-keys fix in r9567 did in fact break one
piece of keyboard handling: if Num Lock is on, numeric keypad keys are
eaten by the IM, so we must avoid passing them to the IM in the first
place if we're in any non-default numeric keypad mode (application or
Nethack).

This is a grubby way to do it, but the more obvious approach of just
moving the Nethack and app-keypad if statements up to above the IM
call doesn't work because those statements depend on the generic
Alt-prefix handling that happens just _below_ the IM call. So instead
I just repeat the list of keystrokes and modes in an if statement
conditionalising the IM call.

[originally from svn r9573]
[r9567 == 7fc8db15b2]
2012-07-05 23:45:20 +00:00
Simon Tatham
d0ac277f78 Stop including <gtk/gtkcontainer.h> directly, since a user points out
that it'll be absent in GTK 3.

[originally from svn r9571]
2012-07-01 16:55:36 +00:00
Simon Tatham
72640ff615 Add the missing code to treat data coming from the input method as
keypresses for purposes of hiding the mouse pointer and resetting the
scrollback.

[originally from svn r9568]
2012-06-18 18:10:59 +00:00
Simon Tatham
7fc8db15b2 Support for dead keys and compose sequences on Unix, by instantiating
a GtkIMMulticontext and having that filter most keypresses. I think
I've got this right so that it doesn't break any previous deliberate
keyboard-handling behaviour that's now _after_ the 'if (filter
keypress) return' statement.

[originally from svn r9567]
2012-06-17 07:26:23 +00:00
Simon Tatham
bc6e0952ef Introduce a third setting for the 'bold as colour' mode, which lets
you both brighten the colour _and_ bold the font at the same time.
(Fixes 'bold-font-colour' and Debian #193352.)

[originally from svn r9559]
2012-06-09 15:09:22 +00:00
Simon Tatham
29184e3702 Fix bug in the new CLOCK_MONOTONIC implementation. I was treating the
nanoseconds field as a microseconds field, with hilarious consequences.

[originally from svn r9535]
2012-05-15 22:19:21 +00:00
Simon Tatham
0395e52bb8 Use clock_gettime(CLOCK_MONOTONIC) as the Unix getticks(), if it's
available.

[originally from svn r9529]
2012-05-13 15:59:27 +00:00
Simon Tatham
aba05b7180 Patch from Robert de Bath to substantially simplify timing.c.
The previous platform-dependent ifdefs, switching between a system
which tried to cope with spurious callbacks (which I'd observed on
Windows) and one which tried to cope with system clock jumps (which
can happen on Unix, if you use gettimeofday) have been completely
removed, and replaced with a much simpler approach which just copes
with system clock jumps by triggering any timers immediately.

None of the resulting effects should be catastrophic (the worst thing
might be the waste of CPU in a spurious rekey, but as long as the
system clock isn't jumping around _all_ the time that's hardly
critical) and in any case the Unix port has had a long-standing oddity
involving occasional lockups if pterm or PuTTY runs for too long,
which hopefully this should replace with a much less bad failure mode.
And the code is much simpler, which is not to be sneezed at.

[originally from svn r9528]
2012-05-13 15:59:26 +00:00
Simon Tatham
bb1d656dd4 Bug fix from Robert de Bath: if the utf8_override setting is changed
in mid-session, it affects translation and hence display, so it should
be listed among the settings that require a redraw.

[originally from svn r9466]
2012-04-22 14:22:08 +00:00
Simon Tatham
b81b04f9b2 Bug fix from Robert de Bath: if wc_to_mb returns a length of zero, it
will not even initialise sbstring[0], so we shouldn't even look at it
let alone depend on it to tell us the desired character was absent.

[originally from svn r9465]
2012-04-22 14:22:08 +00:00
Simon Tatham
f030975da7 Conditionalise the calls to premsg and postmsg in uxcons.c's
logevent(), which temporarily turn off the raw mode we've put stderr
into, so that they don't get called if the log_eventlog() call between
them is not _actually_ going to write to stderr.

Fixes a bug in which, if you define a Unix PuTTY saved session which
uses 'plink -nc' as a local proxy command and then run PuTTY
backgrounded from the shell with that session loaded, the subprocess
Plink would get SIGTTOU when it tried to muck about with stderr and
the whole thing would grind to a halt. I'm prepared to consider that
acceptable if Plink _really_ wants to write on standard error, but if
it doesn't, it should just carry on working in the background!

[originally from svn r9462]
2012-04-18 06:36:46 +00:00
Simon Tatham
047dc326b4 Add code in dlg_filesel_set and dlg_fontsel_set which makes them
duplicate the strings they pass to gtk_entry_set_text. I was already
doing that in dlg_editbox_set, but forgot to add the same code when I
revamped FontSpec and Filename to contain dynamically allocated
strings (r9314 and r9316 respectively). This fixes a bug where, on
some versions of GTK (but apparently not up-to-date versions), loading
a saved session causes gibberish to appear in file-selector edit boxes
accompanied by a valgrind error.

[originally from svn r9456]
[r9314 == 9c75fe9a3f]
[r9316 == 62cbc7dc0b]
2012-04-13 18:02:30 +00:00
Jacob Nevins
0e6f6ff4eb It's a new year.
[originally from svn r9390]
[this svn revision also touched putty-website]
2012-01-26 18:53:53 +00:00
Simon Tatham
736c5f86eb Patch from Colin Watson to use g_ascii_strcasecmp in place of the
deprecated g_strcasecmp (since all the strings being compared are
parts of XLFDs and won't be in interesting character sets anyway).

[originally from svn r9376]
2012-01-03 19:43:19 +00:00
Simon Tatham
f892af999e Arrange to call net_pending_errors on Unix, which we've never actually
remembered to do before! Also some related fixes, such as that after
we do so we should immediately stop selecting on the socket in
question.

[originally from svn r9363]
2011-12-08 19:15:57 +00:00
Simon Tatham
66ea8dc1b9 Block SIGPIPE in Unix plink. In a port-forwarding run we may have lots
of local sockets and pipes all open at once, and if one of them is
uncleanly closed from the remote end we don't want the whole
application to die - we want to close that socket's SSH channel and
continue with the rest of the run.

[originally from svn r9359]
2011-12-08 19:15:52 +00:00
Simon Tatham
6cfe48cde4 Private files saved on Unix should have mode 0600, not 0700. They're
generally private-key files, which have no need to be executable.

[originally from svn r9321]
2011-10-02 14:16:08 +00:00
Simon Tatham
da66c0656a While I'm crusading against arbitrary limits, here's a redesign of
prompt_t to arrange that the buffer in which each prompt is stored can
be reallocated larger during the input process.

[originally from svn r9317]
2011-10-02 11:50:45 +00:00
Simon Tatham
62cbc7dc0b Turn 'Filename' into a dynamically allocated type with no arbitrary
length limit, just as I did to FontSpec yesterday.

[originally from svn r9316]
2011-10-02 11:01:57 +00:00
Jacob Nevins
342690f7cb Fix copy-and-paste error in command-line font selection in r9314.
[originally from svn r9315]
[r9314 == 9c75fe9a3f]
2011-10-01 18:00:49 +00:00
Simon Tatham
9c75fe9a3f Change the semantics of 'FontSpec' so that it's a dynamically
allocated type.

The main reason for this is to stop it from taking up a fixed large
amount of space in every 'struct value' subunion in conf.c, although
that makes little difference so far because Filename is still doing
the same thing (and is therefore next on my list). However, the
removal of its arbitrary length limit is not to be sneezed at.

[originally from svn r9314]
2011-10-01 17:38:59 +00:00
Simon Tatham
f69591412c We shouldn't fork off a utmp helper subprocess when we aren't setuid,
because (a) under that circumstance we won't be writing to utmp
anyway, and (b) if we aren't setuid, then we won't have created the
pty at the point we fork, so even if our subprocess _could_ have
written to utmp it wouldn't have done it right!

Spotted by valgrind (triggering on the access beyond the end of the
ttyname string in setup_utmp, clueing me in to it having been empty).

[originally from svn r9309]
2011-09-19 16:38:23 +00:00
Simon Tatham
73444adc50 Add a missing initialisation to NULL.
[originally from svn r9308]
2011-09-19 16:21:25 +00:00
Simon Tatham
0c4a041f9b Cope with XFontStructs having a NULL per_char array, which happened to
me this morning under strange circumstances.

[originally from svn r9303]
2011-09-17 14:50:18 +00:00
Simon Tatham
f5b9da6f31 Fix x11font_has_glyph so it doesn't get caught out by signed chars.
[originally from svn r9295]
2011-09-17 08:11:11 +00:00
Simon Tatham
218f3ffded Suppress Pango's bidi, by displaying RTL characters one at a time. I
hadn't previously noticed, but Pango was helpfully re-reversing text
that PuTTY's own bidi module had already reversed, leading to Arabic
text being wrongly displayed and also total chaos when you move the
cursor over it or try to cut and paste it.

[originally from svn r9294]
2011-09-16 19:18:58 +00:00
Simon Tatham
92688ff47b Support font fallback even when an X11 server-side font is selected,
by introducing a wrapper around an individual unifont which falls back
to Pango (which already has built-in fallback) in the case where the
selected font doesn't support the glyph in question.

The wrapper itself is a (vestigial) subclass of unifont, to minimise
disturbance at the call sites.

[originally from svn r9293]
2011-09-16 19:18:54 +00:00
Simon Tatham
24bad48f00 Change the unifont API so that text is passed right down to the
individual font implementation as wchar_t, rather than having to be
converted by the client into the appropriate MBCS/SBCS.

This also means I can remove 'real_charset' from the public-facing
contents of the unifont structure.

[originally from svn r9292]
2011-09-16 19:18:53 +00:00
Simon Tatham
c8d943ed9d Add some missing consts in character set handling.
[originally from svn r9291]
2011-09-16 19:18:52 +00:00
Simon Tatham
78466a6b68 Stop using GDK's wrapper on the X11 font functions (GdkFont). All X11
font operations are now done directly using Xlib calls, and the only
interaction with GDK within the x11font mechanism is to get the X ids
for drawables, GCs and the X display itself.

This should remove an obstacle to porting to GTK3, and also makes the
XFontStruct for loaded fonts more readily available, which I hope will
come in handy for another plan I have in mind.

[originally from svn r9289]
2011-09-16 08:49:08 +00:00
Simon Tatham
947962e0b9 Revamp of EOF handling in all network connections, pipes and other
data channels. Should comprehensively fix 'half-closed', in principle,
though it's a big and complicated change and so there's a good chance
I've made at least one mistake somewhere.

All connections should now be rigorous about propagating end-of-file
(or end-of-data-stream, or socket shutdown, or whatever) independently
in both directions, except in frontends with no mechanism for sending
explicit EOF (e.g. interactive terminal windows) or backends which are
basically always used for interactive sessions so it's unlikely that
an application would be depending on independent EOF (telnet, rlogin).

EOF should now never accidentally be sent while there's still buffered
data to go out before it. (May help fix 'portfwd-corrupt', and also I
noticed recently that the ssh main session channel can accidentally
have MSG_EOF sent before the output bufchain is clear, leading to
embarrassment when it subsequently does send the output).

[originally from svn r9279]
2011-09-13 11:44:03 +00:00
Simon Tatham
8e4df14ee7 Instead of testing for different versions of GTK in increasing order
of preference so that the later ones overwrite the configured stuff
from the older ones, test in decreasing order of preference and stop
as soon as one is successful. Fixes a problem in which
autoconfiguration on a system containing only GTK 1 would go wrong
because the _failed_ test for GTK 2 would overwrite some but not all
of the variables set by the successful test for v1.

[originally from svn r9270]
2011-08-20 08:18:56 +00:00
Jacob Nevins
e35feee639 Fix bug with setting window title on Unix that came in with r9214.
[originally from svn r9268]
[r9214 == a1f3b7a358]
2011-08-19 14:55:24 +00:00
Simon Tatham
9fce238b00 If we're printing password prompts to /dev/tty rather than standard
error, we should also read the corresponding password inputs from
/dev/tty. That way, redirection of Plink's standard input will play
nicely with SSH sessions that need interactive login.

(This is what we get for disdaining getpass(3) and going it alone, of
course. But we had no choice, due to the extra output part way through
keyboard-interactive.)

[originally from svn r9262]
2011-08-11 18:13:34 +00:00
Simon Tatham
5c00b581c8 Propagate file permissions in both directions in Unix pscp and psftp.
I think I have to consider this to be a separate but related change to
the wishlist item 'pscp-filemodes'; that was written before the Unix
port existed, and referred to the ability to configure the permissions
used for files copied from Windows to Unix - which is still not done.

[originally from svn r9260]
2011-08-11 17:59:30 +00:00
Simon Tatham
7af708a603 Rename --with-gtk-version to --with-gtk, and support its negation
--without-gtk as a means of manually overriding the makefile into one
building the command-line tools only (as it would if GTK were not
found at all at configure time).

[originally from svn r9240]
2011-07-23 11:36:25 +00:00
Simon Tatham
64150a5ef2 Switch to using automake for the Unix autoconfigured build.
mkfiles.pl no longer generates a Makefile.in, but instead generates a
Makefile.am on which mkauto.sh runs automake. This means that the
autoconfigured makefile now does build-time dependency tracking (a
standard feature of automake-generated makefiles), and is generally
more like what Unix people will expect.

Some of the old-style make command-line settings (VER=-DRELEASE=foo,
XFLAGS=-DDEBUG) will still work; the COMPAT settings are better done
by autoconfiguration, and my habitual 'XFLAGS="-g -O0"' for an easily
debuggable build will actually not work any more because CFLAGS is
specified _after_ XFLAGS, so I should instead write 'make CFLAGS=-O0'
(-g is the default in automake, removed at 'make install' time).

The new makefile will automatically degrade into one that builds the
command-line tools only, in the case where GTK could not be found. In
principle, therefore, it should be an adequate replacement for _both_
the static Unix makefiles, Makefile.gtk and Makefile.ux. I haven't
actually retired those in this commit, but I'm pretty tempted.

[originally from svn r9239]
2011-07-23 11:33:29 +00:00
Simon Tatham
860cd79efd When we check for libX11 in the autoconf script, add it to $GTK_LIBS
on success rather than to $LIBS, because it's only used in the GUI
tools and we don't want the command-line tools linked against it.

[originally from svn r9238]
2011-07-20 17:50:02 +00:00
Simon Tatham
5cb0fb2927 --with-gtk-version option to configure, so you can explicitly tell it
which GTK version you want to build with if both are installed. Based
on a patch by Malcolm Smith, though somewhat modified.

[originally from svn r9228]
2011-07-17 22:17:40 +00:00
Simon Tatham
8aea84e894 Support for re-running autoconf in the absence of the autoconf macro
files which provide auto-detection of GTK 1 and GTK 2. This makes it
easier for casual PuTTY developers to rerun autoconf for their own
purposes without having to install obscure extra packages. Obviously
the resulting configure script will not know how to detect whichever
version of GTK they didn't have support for, so it won't be product-
quality by my standards, but it should be good enough that they can
prepare unrelated patches to send to us.

[originally from svn r9227]
2011-07-17 22:17:30 +00:00
Simon Tatham
8cd720d608 Mostly cosmetic change: don't claim to have found an SSH agent if
SSH_AUTH_SOCK is defined to the empty string. (Because a common way to
'unset' it is to run commands like 'SSH_AUTH_SOCK= putty -load thing'.)

[originally from svn r9225]
2011-07-16 12:03:14 +00:00
Simon Tatham
a1f3b7a358 Post-release destabilisation! Completely remove the struct type
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.

User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).

One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.

[originally from svn r9214]
2011-07-14 18:52:21 +00:00
Simon Tatham
d764872e9e Rewrite gprefs() in settings.c so that its input mapping includes
information about where to put items that aren't mentioned in the
saved configuration. So far the only nontrivial use I've made of this
facility is to default to placing KEX_RSA just above KEX_WARN in the
absence of any other information, which should fix
'ssh2-rsa-kex-pref'.

While I'm here I've rewritten wprefs() on general principles to remove
the needless length limit, since I was touching it anyway. The length
limit is still in gprefs (but I've lengthened it just in case).

[originally from svn r9181]
2011-06-25 17:37:31 +00:00
Simon Tatham
934a5ad6b2 Fixes (mostly from Colin Watson, a couple redone by me) to make Unix
PuTTY compile cleanly under gcc 4.6.0 without triggering any of its
new warnings.

[originally from svn r9169]
2011-05-07 10:57:19 +00:00
Simon Tatham
d0b99ccee3 Colin Watson reports that gnome-session has been known to leave
SIGPIPE ignored in its child processes, leading to unexpected
behaviour inside pterms. (The gnome-session I'm sitting in front of
doesn't seem to do this as far as I can tell, but I don't doubt there
are some that do.) Add SIGPIPE to the list of signals we reset to
default behaviour before launching pterm's child process.

[originally from svn r9117]
2011-03-02 19:12:42 +00:00
Jacob Nevins
1c28be2056 Use pid_t more consistently. Should shut up a warning from GCC 4.6, and may
conceivably help on platforms where int and pid_t aren't sufficiently similar.

[originally from svn r9110]
2011-03-01 23:00:32 +00:00
Simon Tatham
7c61c07eb8 Allow setting the WM_CLASS X window property as a configuration option
in saved sessions, so that a programmable window manager can
distinguish different PuTTYs/pterms on startup and assign them
different window management properties.

[originally from svn r9078]
2011-01-15 11:39:44 +00:00
Jacob Nevins
c5228adce3 It's a new year.
[originally from svn r9072]
[this svn revision also touched putty-website]
2011-01-05 12:01:00 +00:00
Jacob Nevins
3e8287839a Add more possible baud rates to the Unix serial backend. These are the
union of rates found in the termios.h of Linux 2.6.24 and "SunOS 5.6
Generic_105181-29 sun4u sparc SUNW,Ultra-4" machines. After a patch by
Thomas Bechtold.

[originally from svn r9028]
2010-12-08 14:21:35 +00:00
Simon Tatham
0fc1f78677 David Laight reports that sometimes reads on a serial port will
attempt to block, and hence return EAGAIN/EWOULDBLOCK, in spite of
the port having been reported readable by select(2). Don't treat
those errors as fatal.

[originally from svn r9020]
2010-11-06 17:22:38 +00:00
Simon Tatham
406e62f77b Cleanups of the GSSAPI support. On Windows, standard GSS libraries
are now loaded from standard locations (system32 for SSPI, the
registry-stored MIT KfW install location for KfW) rather than using
the risky default DLL search path; I've therefore also added an
option to manually specify a GSS DLL we haven't heard of (which
should in principle Just Work provided it supports proper GSS-API as
specified in the RFC). The same option exists on Unix too, because
it seemed like too useful an idea to reserve to Windows. In
addition, GSSAPI is now documented, and also (unfortunately) its GUI
configuration has been moved out into a sub-subpanel on the grounds
that it was too big to fit in Auth.

[originally from svn r9003]
2010-09-25 07:16:56 +00:00
Simon Tatham
75f1d3ed94 Missing close() causing resource leak when reading from /dev/random.
[originally from svn r8991]
2010-09-09 14:36:46 +00:00
Ben Harris
edfc6a05ec Set WM_TRANSIENT_FOR appropriately on the "about" box so that fvwm doesn't
insist on finding a bit of spare screen to put it in.  Still pondering whether
it's sensible to do this with the "change settings" box as well.

[originally from svn r8970]
2010-06-29 22:00:43 +00:00