1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 18:07:59 +00:00
Commit Graph

3201 Commits

Author SHA1 Message Date
Simon Tatham
98c4b69b08 Colin Watson reports a strange problem whereby krb5-config
incorporates the environment variable CFLAGS into its output. Avoid
exporting our version of it from the Makefile (which actually causes
build failures, since quoting phase issues mean that the backticks
in our version end up unexpanded).

[originally from svn r8399]
2009-01-08 18:18:14 +00:00
Jacob Nevins
fbbec4c23a Rejig windlg.c:verify_ssh_host_key() to silence a warning.
[originally from svn r8394]
2009-01-06 00:25:07 +00:00
Jacob Nevins
2550cd617c Remove a couple of unused variables.
[originally from svn r8393]
2009-01-06 00:16:35 +00:00
Jacob Nevins
e4027368fd It's a new year (and there have even been checkins).
[originally from svn r8392]
[this svn revision also touched putty-website]
2009-01-05 23:49:19 +00:00
Jacob Nevins
e0deac8960 sk_address_is_local() failed to cope when presented with a Unix-domain socket.
This could cause Unix PuTTY to segfault when X forwarding over an SSH session
through a proxy.
(sk_getaddr() wouldn't cope either -- in that case, add an assertion to make it
more obvious; I don't think it should ever happen.)

[originally from svn r8391]
2009-01-05 23:36:14 +00:00
Jacob Nevins
7843fb79d1 Be prepared for x11_setup_display() to return NULL (for instance, if DISPLAY
has invalid contents). Simply refuse to try X forwarding in this circumstance.

[originally from svn r8390]
2009-01-05 22:53:14 +00:00
Jacob Nevins
3e6111243c r5080 didn't go far enough -- since 0.58, anyone on Unix who didn't previously
have default settings for "bell overload" mode will have inherited a twitchy
set of defaults where bells are disabled after 2ms and enabled after 5ms,
rather than 2s and 5s as intended. This error has probably propagated into some
people's saved sessions by now, but there's not much to be done.

[originally from svn r8389]
[r5080 == 7647f57dc4]
2009-01-05 19:39:27 +00:00
Jacob Nevins
bd5cec280a Add some hard-coded textual literal-IP representations of localhost to
sk_hostname_is_local(), to catch the case where we're doing something like X11
forwarding over SSH through a proxy, and we've thus disabled local lookup of
hostnames.
(I think this is what's behind the report in
<e9a86996-5dc2-4428-9b0c-c65693ca6351@m32g2000hsf.googlegroups.com>
in comp.security.ssh, although I'd like to know more of the circumstances.)

[originally from svn r8385]
2009-01-05 02:45:38 +00:00
Jacob Nevins
51bceb0c9a ...and fix an unlikely memory leak.
[originally from svn r8384]
2009-01-05 01:15:06 +00:00
Jacob Nevins
030046a2a8 Cope with a (non-standard) ENAMETOOLONG return from gethostname(); glibc will
do this if the supplied buffer isn't big enough, which shouldn't lead to
complete abandonment of X11 auth. (Would only have bitten with hostnames
>255 chars anyway.)

[originally from svn r8383]
2009-01-05 01:01:58 +00:00
Jacob Nevins
07a876ce1e r8305 made platform_x11_best_transport[] obsolete, but there still seem to be a
few instances around; expunge them.

[originally from svn r8382]
[r8305 == ca6fc3a4da]
2009-01-04 23:36:24 +00:00
Jacob Nevins
db6ad48673 r8305 seems to have made Unix PuTTY rather over-keen on Unix-domain sockets;
unless a protocol is explicitly specified with "tcp/foovax:0", it assume a
Unix-domain socket, thus not allowing a remote display on a machine other than
the client.

[originally from svn r8381]
[r8305 == ca6fc3a4da]
2009-01-04 23:28:25 +00:00
Jacob Nevins
81287fb7ad Bah, I've bumped into this often enough. Change one unsatisfactory cast for
another to shut up "warning: cast from pointer to integer of different size"
(and hence a -Werror compile failure) when compiling for Unix with DEBUG
defined on atreus (x86_64). Minimally checked that it doesn't introduce upset
elsewhere (i386).

[originally from svn r8380]
2009-01-04 22:24:08 +00:00
Jacob Nevins
6b5f874552 Log reason for failure to create a connection to a local X display.
[originally from svn r8379]
2009-01-04 21:43:20 +00:00
Jacob Nevins
5611259468 r8338 broke pasting with Shift-Ins and from the context menu on Windows.
Divert these to use the request_paste() interface.

[originally from svn r8377]
[r8338 == 54835a9838]
2008-12-29 20:04:42 +00:00
Jacob Nevins
cf3b45392d "Derek" reports that the DECSLPP report of window-size-in-pixels (CSI 14 t)
has width and height swapped. Since both a random xterm I have and
<http://invisible-island.net/xterm/ctlseqs/ctlseqs.txt> agree with him, I've
changed ours. (This stuff appears to originate in dtterm, but I can't check the
behaviour of that right now.)

While I'm here, the are-we-iconified report (CSI 11 t) looks to have the
wrong sense compared to the same sources, so swap that too.

(All this has been this way since it was originally implemented in r1414,
which doesn't cite a source. all-escapes is silent too.)

[originally from svn r8376]
[r1414 == bb1f5cec31]
2008-12-20 19:43:20 +00:00
Jacob Nevins
8d19864dc9 "Derek" points out that reporting of wheel event coordinates to the host on
Windows was relative to the screen origin, not the window origin. 

[originally from svn r8375]
2008-12-20 19:02:09 +00:00
Jacob Nevins
0e202b3dcc Cosmetic: clarify that term->xterm_mouse is not boolean, etc.
[originally from svn r8374]
2008-12-20 18:52:09 +00:00
Simon Tatham
742e65d66b gtk_selection_clear_targets() does not exist on GTK 1, so ifdef it.
[originally from svn r8371]
2008-12-03 00:06:38 +00:00
Simon Tatham
e6fee2636d At some point recently, Unix PuTTY started suffering build errors
using -DNO_GSSAPI. Move some ifdefs around so it stops.

[originally from svn r8370]
2008-12-02 18:18:32 +00:00
Simon Tatham
5fec8bd897 Add missing call to gtk_selection_clear_targets(), without which the
list of selection targets offered by GTK PuTTY/pterm grows an extra
copy of each of the three supported text formats every time the user
makes a selection!

[originally from svn r8364]
2008-12-01 23:03:11 +00:00
Ben Harris
5d0d5e0466 Change the Unix version of Ssh_gss_name to be a gss_name_t rather than
void *, and hence eliminate a few casts.  The Windows definition is
unchanged, but I daresay I've managed to stop it compiling nonetheless.

[originally from svn r8359]
2008-12-01 21:18:29 +00:00
Jacob Nevins
70df860c8d As far as I can tell, "simple@putty.projects.tartarus.org" has always been
implemented as a channel request, not a global one. Change documentation to
match implementation.

[originally from svn r8355]
2008-11-30 21:35:33 +00:00
Simon Tatham
54835a9838 Move the code that reads the Windows clipboard into a trivial
subthread, so that it won't deadlock if fetching the content of the
clipboard turns out to depend on a network connection forwarded
through PuTTY.

[originally from svn r8338]
2008-11-28 18:28:23 +00:00
Ben Harris
b892d451ee Jacob correctly points out that I accidentally lost a clearing of
s->gss_sndtok in r8326.  I'm not sure it was strictly necessary, since
even if there's no send token, gss_init_sec_context() is meant to explicitly
make it empty, but it wasn't an intentional change.

[originally from svn r8337]
[r8326 == 81dafd906e]
2008-11-26 14:30:58 +00:00
Jacob Nevins
62cad154f4 Fix a Windows-specific GSS crash introduced in r8326, which (again) apparently
triggers in failure cases. Patch by Iain Patterson.

[originally from svn r8336]
[r8326 == 81dafd906e]
2008-11-26 14:11:49 +00:00
Ben Harris
86c183f8e8 Mitigation for VU#958563: When using a CBC-mode server-to-client cipher
under SSH-2, don't risk looking at the length field of an incoming packet
until we've successfully MAC'ed the packet.

This requires a change to the MAC mechanics so that we can calculate MACs
incrementally, and output a MAC for the packet so far while still being
able to add more data to the packet later.

[originally from svn r8334]
2008-11-26 12:49:25 +00:00
Ben Harris
e5eabee3c0 Now that we use real gss_buffer_ts, there's no need to muck about with
casts when passing them to GSS-API functions.  Removing them makes the code
more readable and allows better type-checking.

[originally from svn r8333]
2008-11-25 22:11:17 +00:00
Simon Tatham
8b45210f63 Have wingss.c include <windows.h> by way of putty.h rather than
directly. Fixes a build failure involving name clashes between
winsock2.h and winsock.h, which had somehow managed to get included
in succession.

[originally from svn r8332]
2008-11-25 18:54:05 +00:00
Jacob Nevins
01a7673ae9 Fixed a PuTTYtel startup assertion failure introduced in r8305.
While I'm here, a cosmetic PuTTYtel change: remove a reference to SSH from the
"logical host name" label in PuTTYtel only.

[originally from svn r8331]
[r8305 == ca6fc3a4da]
2008-11-25 18:43:52 +00:00
Jacob Nevins
caf4100ff3 I think sshgss.h needs puttyps.h for Ssh_gss_buf. Makes it compile for Windows,
anyway.

[originally from svn r8327]
2008-11-24 23:56:55 +00:00
Ben Harris
81dafd906e Change how we handle the Ssh_gss_buf type. Previously, we defined it
ourselves, but on Unix then assumed it was compatible with the system's
gss_buffer_desc, which wasn't the case on LP64 systems.  Now, on Unix
we make Ssh_gss_buf into an alias for gss_buffer_desc, though we keep
something similar to the existing behaviour on Windows.  This requires
renaming a couple of the fields in Ssh_gss_buf, and hence fixing all
the references.

Tested on Linux (MIT Kerberos) and Solaris.  Compiled on NetBSD (Heimdal).
Not tested on Windows because neither mingw32 nor winegcc worked out of the
box for me.  I think the Windows changes are all syntactic, though, so
if this compiles it should work no worse than before.

[originally from svn r8326]
2008-11-24 23:44:55 +00:00
Jacob Nevins
a6cbfd974d Treat lines starting with '#' as comments in PSFTP.
[originally from svn r8325]
2008-11-24 18:19:55 +00:00
Jacob Nevins
dc896b79af New option to allow use of the local OS username for login to the remote side
if we have no better ideas, with UI shamelessly stolen from Quest PuTTY.

Off by default, which effectively reverts the change to using the local
username by default that came in with GSSAPI support in r8138. Anyone wanting
seamless single sign-on will need to set the new option. (The previous
default behaviour was getting in the way in ad-hoc scenarios.)

Note that the PSCP and Unix-Plink behaviour of using the local username by
default have remained unchanged throughout; they are not affected by the new
option. Not sure if that's the Right Thing.

[originally from svn r8324]
[r8138 == de5dd9d65c]
2008-11-24 17:51:42 +00:00
Jacob Nevins
c9326ad81b Make key file import robust against a PPK file that has somehow lost its
final newline. From Debian bug #414784, based on a patch by Justin Pryzby.

[originally from svn r8323]
2008-11-23 20:11:12 +00:00
Ben Harris
7da40ece76 Autoconfiscate GSS-API support, including support for manually disabling it.
[originally from svn r8318]
2008-11-22 22:49:27 +00:00
Ben Harris
f45bfdbf1f Changes to make this compile on Solaris 9: use <gssapi/gssapi.h> rather
than <gssapi/gssapi_krb5.h> and provide the OID for Kerberos 5 ourselves
(since it's a known constant).  I'm not sure this actually works on Solaris
yet, mind.

[originally from svn r8317]
2008-11-22 22:06:42 +00:00
Simon Tatham
ca6fc3a4da Revamp of the local X11 connection code. We now parse X display
strings more rigorously, and then we look up the local X authority
data in .Xauthority _ourself_ rather than delegating to an external
xauth program. This is (negligibly) more efficient on Unix, assuming
I haven't got it wrong in some subtle way, but its major benefit is
that we can now support X authority lookups on Windows as well
provided the user points us at an appropriate X authority file in
the standard format. A new Windows-specific config option has been
added for this purpose.

[originally from svn r8305]
2008-11-17 18:38:09 +00:00
Simon Tatham
0cef8a897d Avoid freeing the backend in notify_remote_exit(), since that's
called from within a backend function which will expect its own
backend pointer to still be valid on return. Instead, move all the
real functionality of notify_remote_exit() out into a GTK idle
function.

[originally from svn r8304]
2008-11-17 18:36:27 +00:00
Simon Tatham
3a3abd211b In SSH packet logging mode, log SSH-2 packet sequence numbers, in
both directions. We had a bug report yesterday about a Cisco router
sending SSH2_MSG_UNIMPLEMENTED and it wasn't clear for which packet;
logging the sequence numbers should make such problems much easier
to diagnose.

(In fact this logging fix wouldn't have helped in yesterday's case,
because the router also didn't bother to fill in the sequence number
field in the SSH2_MSG_UNIMPLEMENTED packet! This is a precautionary
measure against the next one of these problems.)

[originally from svn r8295]
2008-11-11 07:47:27 +00:00
Simon Tatham
59691d28a3 Implement sk_addr_dup().
[originally from svn r8294]
2008-11-08 16:58:55 +00:00
Simon Tatham
6e2501be77 Move out of the SockAddr structure the mutable fields "ai" and
"curraddr", and turn "family" into a macro-derived property of the
other fields. The idea is that this renders SockAddrs immutable once
created, which should open up the possibility of duplicating and
reusing one without having to redo the actual DNS lookup.

I _hope_ I haven't broken anything. The new code architecture
contains several rather dubious-looking operations (namely the
arbitrary choice of the first returned address in functions like
sk_getaddr and sk_address_is_local - what if, for instance, a DNS
lookup returned a local and a non-local address?), but I think they
were functionally just as dubious beforehand and all this change has
done is to make them more obviously so to a reader.

[originally from svn r8293]
2008-11-08 16:45:45 +00:00
Jacob Nevins
50abe3567b Patch from Iain Patterson: fix crash on Windows when GSSAPI auth is attempted
but fails for some reason (such as not having a tgt for the server's realm).

[originally from svn r8210]
2008-10-17 20:55:08 +00:00
Jacob Nevins
02f7ccbb96 Rejig the Translation panel controls and documentation to remove the emphasis
on received data. Experiment and suggestion suggest that the character set
configuration applies equally to keystrokes sent to the server, or at least
that that's close enough to being true that we should document it as a first
approximation.

[originally from svn r8209]
2008-10-13 22:34:57 +00:00
Jacob Nevins
df63143752 Erroneously invisible index term.
[originally from svn r8208]
2008-10-13 22:16:25 +00:00
Jacob Nevins
e415865e58 Fix inability to save session on Unix when ~/.putty doesn't exist introduced
in r7934.

[originally from svn r8204]
[r7934 == 087adb167e]
2008-10-12 11:32:23 +00:00
Simon Tatham
ff294f4ffd Ahem. Make sure I NULL out any unused pointer field that I later
plan to free if it isn't NULL.

[originally from svn r8202]
2008-10-08 18:09:56 +00:00
Simon Tatham
a59c4e9486 sshrsa.c now obeys the RFC793 Robustness Principle when it comes to
the ordering of the primes in a fully specified RSA private key:
when the key format typically has p > q, it will always output p > q
but be willing to tolerate p < q on input. (Inspired by seeing an
OpenSSH-format key file in the wild which had p < q, which I've
never seen before; I suspect a third-party application incautiously
generating the format.)

[originally from svn r8201]
2008-10-07 17:48:59 +00:00
Jacob Nevins
c26dbd0337 The "server refused our key" bit didn't link to the public-key auth chapter,
which has some hints on server-side setup. Now it does.

[originally from svn r8194]
2008-09-25 19:00:42 +00:00
Jacob Nevins
b74920fe82 Document that PSFTP's "open" command allows an optional port number.
[originally from svn r8193]
2008-09-21 20:39:21 +00:00