character set configuration to UTF-8, on both Windows and Unix, and
reorganise the dropdown lists in the Translation menu so that UTF-8
appears at the top (and Unix's odd "use font encoding" is relegated to
the bottom of the list like the special-purpose oddity it is).
[originally from svn r9843]
use 32-bit scrollbar position data instead of being limited to the
16-bit version that comes in scrollbar messages' wParam.
[originally from svn r9720]
capture the error code if listen() returned an error, and instead pass
0 (saved from the previous successful bind) to winsock_error_string.
[originally from svn r9708]
FormatMessage to get the OS's text for any error not in our own
translation table. Should eliminate the frustrating 'unknown error'.
(I haven't chosen to use FormatMessage unconditionally, because it
comes out with enormous messages along the lines of "No connection
could be made because the target machine actively refused it" in place
of "Connection refused" and I'm Unixy enough to prefer the latter.
Also, on older Windowses, Winsock error codes are in a separate API
segment and don't work with FormatMessage anyway.)
[originally from svn r9704]
IPv6 addresses, because I'd mistakenly cast an ai_addr to the low-
level 'struct in6_addr' instead of the correct 'struct sockaddr_in6'.
[originally from svn r9690]
localhost connections, and also enable X forwarding in such a way that
it will attempt to connect to a Unix-domain X server socket, an
assertion will fail when proxy_for_destination() tries to call
sk_getaddr(). Fix by ensuring that Unix-domain sockets are _never_
proxied, since they fundamentally can't be.
[originally from svn r9688]
mistakenly rearranged the logic in an if statement in window.c, with
the effect that scroll-wheel events are no longer sent via xterm mouse
tracking. Put it back to the way it was.
[originally from svn r9679]
[r9214 == a1f3b7a358]
Well, at least across all command-line tools on both Windows and Unix,
and the GTK apps on Unix too. The Windows GUI apps fundamentally can't
write to standard output and it doesn't seem sensible to use message
boxes for these purposes :-)
[originally from svn r9673]
First, make absolute times unsigned. This means that it's safe to
depend on their overflow behaviour (which is undefined for signed
integers). This requires a little extra care in handling comparisons,
but I think I've correctly adjusted them all.
Second, functions registered with schedule_timer() are guaranteed to be
called with precisely the time that was returned by schedule_timer().
Thus, it's only necessary to check these values for equality rather than
doing risky range checks, so do that.
The timing code still does lots that's undefined, unnecessary, or just
wrong, but this is a good start.
[originally from svn r9667]
winadj@putty.projects.tartarus.org request. Not currently enabled
automatically, but should be usable as a manual workaround.
[originally from svn r9592]
zero but does it in such a way that over-clever compilers hopefully
won't helpfully optimise the call away if you do it just before
freeing something or letting it go out of scope. Use this for
(hopefully) every memset whose job is to destroy sensitive data that
might otherwise be left lying around in the process's memory.
[originally from svn r9586]
The previous platform-dependent ifdefs, switching between a system
which tried to cope with spurious callbacks (which I'd observed on
Windows) and one which tried to cope with system clock jumps (which
can happen on Unix, if you use gettimeofday) have been completely
removed, and replaced with a much simpler approach which just copes
with system clock jumps by triggering any timers immediately.
None of the resulting effects should be catastrophic (the worst thing
might be the waste of CPU in a spurious rekey, but as long as the
system clock isn't jumping around _all_ the time that's hardly
critical) and in any case the Unix port has had a long-standing oddity
involving occasional lockups if pterm or PuTTY runs for too long,
which hopefully this should replace with a much less bad failure mode.
And the code is much simpler, which is not to be sneezed at.
[originally from svn r9528]
sequence: since init_fonts sets up ucsdata based on the available
Windows fonts, we should call it before passing ucsdata to term_init.
[originally from svn r9527]
the offset horizontal line characters in the VT100 line-drawing set
(o,p,r,s), so that no trace of it - and hence no pointless performance
hit - is compiled into the cross-platform modules on non-Windows
platforms.
[originally from svn r9467]
UTF-16 support. High Unicode characters in the terminal are now
converted back into surrogates during copy and draw operations, and
the Windows drawing code takes account of that when splitting up the
UTF-16 string for display. Meanwhile, accidental uses of wchar_t have
been replaced with 32-bit integers in parts of the cross-platform code
which were expecting not to have to deal with UTF-16.
[originally from svn r9409]
so we should ensure we treat it the same way as other WM_SIZEs that
show up during that time: set the width and height in conf, and set
the flag to have that width and height enacted on WM_EXITSIZEMOVE.
Fixes a bug in which dragging a PuTTY window directly from the Win7
snapped-to-half-screen position to the snapped-to-maximised state
would leave the terminal in the pre-snapped size.
[originally from svn r9404]
Pageant's IPC mechanism. It's incomplete (he sent a much more
comprehensive set of fixes that I haven't reviewed), but should be
adequate to mitigate a particular issue for Bazaar users.
[originally from svn r9355]
GUIs of Pageant and PuTTYgen. With that and the prompts_t redesign,
there should no longer be any limit on passphrase length other than
the patience of the user.
[originally from svn r9320]
allocated type.
The main reason for this is to stop it from taking up a fixed large
amount of space in every 'struct value' subunion in conf.c, although
that makes little difference so far because Filename is still doing
the same thing (and is therefore next on my list). However, the
removal of its arbitrary length limit is not to be sneezed at.
[originally from svn r9314]
data channels. Should comprehensively fix 'half-closed', in principle,
though it's a big and complicated change and so there's a good chance
I've made at least one mistake somewhere.
All connections should now be rigorous about propagating end-of-file
(or end-of-data-stream, or socket shutdown, or whatever) independently
in both directions, except in frontends with no mechanism for sending
explicit EOF (e.g. interactive terminal windows) or backends which are
basically always used for interactive sessions so it's unlikely that
an application would be depending on independent EOF (telnet, rlogin).
EOF should now never accidentally be sent while there's still buffered
data to go out before it. (May help fix 'portfwd-corrupt', and also I
noticed recently that the ssh main session channel can accidentally
have MSG_EOF sent before the output bufchain is clear, leading to
embarrassment when it subsequently does send the output).
[originally from svn r9279]
policies before and after r9178, and hence able to talk to both
0.60-like and 0.61-like clients.
I had failed to consider that many pieces of code derived from PuTTY
would have imported the Pageant client code, so we shouldn't randomly
stop supporting things just because _we_ aren't using them any more.
[originally from svn r9264]
[r9178 == af78191a9c]
I think I have to consider this to be a separate but related change to
the wishlist item 'pscp-filemodes'; that was written before the Unix
port existed, and referred to the ability to configure the permissions
used for files copied from Windows to Unix - which is still not done.
[originally from svn r9260]
(In an embarrassingly silly way, too. No end of difficult stuff about
Conf serialisation done with great care and working just fine, and
then a trivial goof in using sscanf lets the whole lot down.)
[originally from svn r9237]
'Config' in putty.h, which stores all PuTTY's settings and includes an
arbitrary length limit on every single one of those settings which is
stored in string form. In place of it is 'Conf', an opaque data type
everywhere outside the new file conf.c, which stores a list of (key,
value) pairs in which every key contains an integer identifying a
configuration setting, and for some of those integers the key also
contains extra parts (so that, for instance, CONF_environmt is a
string-to-string mapping). Everywhere that a Config was previously
used, a Conf is now; everywhere there was a Config structure copy,
conf_copy() is called; every lookup, adjustment, load and save
operation on a Config has been rewritten; and there's a mechanism for
serialising a Conf into a binary blob and back for use with Duplicate
Session.
User-visible effects of this change _should_ be minimal, though I
don't doubt I've introduced one or two bugs here and there which will
eventually be found. The _intended_ visible effects of this change are
that all arbitrary limits on configuration strings and lists (e.g.
limit on number of port forwardings) should now disappear; that list
boxes in the configuration will now be displayed in a sorted order
rather than the arbitrary order in which they were added to the list
(since the underlying data structure is now a sorted tree234 rather
than an ad-hoc comma-separated string); and one more specific change,
which is that local and dynamic port forwardings on the same port
number are now mutually exclusive in the configuration (putting 'D' in
the key rather than the value was a mistake in the first place).
One other reorganisation as a result of this is that I've moved all
the dialog.c standard handlers (dlg_stdeditbox_handler and friends)
out into config.c, because I can't really justify calling them generic
any more. When they took a pointer to an arbitrary structure type and
the offset of a field within that structure, they were independent of
whether that structure was a Config or something completely different,
but now they really do expect to talk to a Conf, which can _only_ be
used for PuTTY configuration, so I've renamed them all things like
conf_editbox_handler and moved them out of the nominally independent
dialog-box management module into the PuTTY-specific config.c.
[originally from svn r9214]
information about where to put items that aren't mentioned in the
saved configuration. So far the only nontrivial use I've made of this
facility is to default to placing KEX_RSA just above KEX_WARN in the
absence of any other information, which should fix
'ssh2-rsa-kex-pref'.
While I'm here I've rewritten wprefs() on general principles to remove
the needless length limit, since I was touching it anyway. The length
limit is still in gprefs (but I've lengthened it just in case).
[originally from svn r9181]
code (as introduced in r9043), so that it uses the user SID rather
than the default SID.
This does change the access-control model, in that a Pageant running
with administrator privilege will now serve keys to an unprivileged
PuTTY running as the same user who started Pageant. Owen and I think
this isn't a problem (in particular, it will still not serve keys to a
_different_ user).
More importantly, making the Pageant client and server code work the
same way means that PuTTY and Pageant can still talk to each other
when UAC is turned off, which we've had several reports of r9043
having broken.
[originally from svn r9178]
[r9043 == 05f22632eb]
that we won't keep calling close_session() again the next time we go
round the message loop. Should fix unclean-close-hang. Thanks to Simon
Coleman for debugging.
[originally from svn r9115]
rectangle into smaller ones: it doesn't work any more, since the new
variable-pitch code can now call general_textout() with a larger
clipping rectangle than the text it's meant to be displaying. Instead,
general_textout() now uses the same semantics as the next loop up in
do_text_internal(): the first piece of text it displays uses the
opacity setting passed in, which blanks the entire clipping rectangle
if necessary, and then subsequent overlays are non-opaque. And the
same clipping rectangle is used throughout.
[originally from svn r9067]
array to ExtTextOut:
- move it inside the new big loop (this should fix a potential bug
whereby the DBCS handling altered some elements of it but the loop
did not actually step along it)
- initialise it more sensibly
- rename it to lpDx rather than IpDx, since as far as I can tell the
latter name was derived from a misreading of the former in the
Windows API docs.
[originally from svn r9066]
pass null lpDx, because general_textout depends on it being filled in.
Instead we null it out in the calls to subroutines _from_
general_textout.
[originally from svn r9064]
Done in much the same way as it is in the GTK front end: the character
cell width is determined using the font's digits (which seems to give
generally not-too-offensive spacing in most cases, at the expense of
Ms and Ws typically overhanging a bit into adjacent cells) and each
character is centred in its cell. Overhangs never leave permanent
droppings on the window, because the existing work done in r5003
handles them just fine even in this stressful scenario.
There's a hacky new checkbox in the Appearance panel to make
variable-pitch fonts appear in the font selector (they still don't by
default, because I still think it's _usually_ not What You Want); the
checkbox state is not actually stored as part of a saved session, but
it should be automatically ticked when reloading a session that's got
a variable pitch font selected.
(I'm half-expecting a potential flurry of requests for this feature in
the wake of http://xkcd.com/840/ , so I thought I'd pre-empt them :-)
[originally from svn r9063]
[r5003 == ba470dec5e]
I'm not sure whether I broke this in the recent revamp or whether it
was always broken, but: transitions in and out of full-screen mode
work by first maximising or restoring the window, which triggers a
WM_SIZE, whose handler then fiddles with the window style to disable
or re-enable all the furniture, which in turn triggers a recursive
WM_SIZE. The trouble is, after returning from the handler for the
inner WM_SIZE, the rest of the outer handler runs, and its client area
size is now out of date.
So I've added a flag which is set when a resize is handled 'properly',
so that after returning from the inner WM_SIZE handler the outer one
knows not to try to redo badly work that's already been done well.
[originally from svn r9056]
MinGW after r9046, and munge the COMPTR() macro to remove a couple of warnings
with my MinGW GCC (3.4.5).
[originally from svn r9049]
[r9046 == 1a03fa9292]
icon, even if the program isn't running at the time, to be presented
with an application-defined collection of helpful links). The current
jump list is updated every time a saved session is loaded, and shows
the last few launchable saved sessions (i.e. not those like Default
Settings) that were loaded. Also, if Pageant or PuTTYgen or both is in
the same directory as the PuTTY binary, the jump list will present
links to launch those too.
Based on a patch sent last year by Daniel B. Roy, though it's barely
recognisable any more...
[originally from svn r9046]
maximised state, we must be sure to disable the window offset used to
centre the terminal in cases where the window is non-negotiably the
wrong size (e.g. maximised). Hence we must call reset_window after our
terminal resize.
[originally from svn r9044]
should solve some of the SID-mismatch issues we've occasionally had
reported. Because it's a modification on the client side, it doesn't
affect the security of Pageant itself.
[originally from svn r9043]
restoring a maximised window.
Failure to do this was noticeable in the following scenario (again
using Aero UI enhancements):
1. resize window using topmost resize handle, and move pointer to top
of screen which 'maximises' the window vertically
2. now maximise the window properly using the maximise button in top
right
3. now restore. Notepad restores to its position before step 1,
because Aero remembers that position for the purpose, but PuTTY
thinks it knows better. Only now it doesn't any more.
[originally from svn r9041]
Firstly, maximise and restore events were expected never to occur
during an interactive resize process (i.e. between WM_ENTERSIZEMOVE
and WM_EXITSIZEMOVE), but in fact Aero now allows this to happen if
you move the pointer to the top of the screen while dragging the
window.
Secondly, plain old WM_SIZE events were expected never to occur
_outside_ interactive resizes, but Aero permits that too (e.g.
Windows-left and Windows-right), and also third-party window
repositioning tools will send these.
[originally from svn r9040]
are now loaded from standard locations (system32 for SSPI, the
registry-stored MIT KfW install location for KfW) rather than using
the risky default DLL search path; I've therefore also added an
option to manually specify a GSS DLL we haven't heard of (which
should in principle Just Work provided it supports proper GSS-API as
specified in the RFC). The same option exists on Unix too, because
it seemed like too useful an idea to reserve to Windows. In
addition, GSSAPI is now documented, and also (unfortunately) its GUI
configuration has been moved out into a sub-subpanel on the grounds
that it was too big to fit in Auth.
[originally from svn r9003]
called load_system32_dll() which constructs a full pathname for the
DLL using GetSystemDirectory.
The only DLL load not covered by this change is the one for
gssapi32.dll, because that one's not in the system32 directory.
[originally from svn r8993]
reorganises the GSSAPI support so that it handles alternative
implementations of the GSS-API. In particular, this means PuTTY can
now talk to MIT Kerberos for Windows instead of being limited to
SSPI. I don't know for sure whether further tweaking will be needed
(to the UI, most likely, or to automatic selection of credentials),
but testing reports suggest it's now at least worth committing to
trunk to get it more widely tested.
[originally from svn r8952]
today reported an SSH2_MSG_UNIMPLEMENTED from a Cisco router which
looks as if it was triggered by SSH2_MSG_IGNORE, so I'm
experimentally putting this flag in. Currently must be manually
enabled, though if it turns out to solve the user's problem then
I'll probably add at least one version string...
[Edited commit message: actually, I also committed in error a piece
of experimental code as part of this checkin. Serve me right for not
running 'svn diff' first.]
[originally from svn r8926]
NameUserPrincipal, use that; this avoids an issue with SSPI/GSSAPI where
the user logged in to the local machine with a different case of username
to the (case-sensitive) Kerberos username. Falls back to GetUserName as
before if that doesn't work (for machines not on a domain, and Win9x).
Based on a patch by SebastianUnger.
[originally from svn r8909]
WspiapiGetAddrInfo wrapper for getaddrinfo() in MSVC. Split GET_WINDOWS_FUNCTION
into two variants, one with the old behaviour (bypassing the preprocessor) and
another with the new behaviour (for ANSI/Unicode, although it's not actually
used anywhere currently).
[originally from svn r8898]
[r8738 == 24b6168c1d]
function in terminal.c, and replace the cloned-and-hacked handling
code in all our front ends with calls to that.
This was intended for code cleanliness, but a side effect is to make
the GTK arrow-key handling support disabling of application cursor
key mode in the Features panel. Previously that checkbox was
accidentally ignored, and nobody seems to have noticed before!
[originally from svn r8896]
linking on Windows into a single global one, which can cope with function
renaming. Intended to enable eventual removal of ANSI-specific DoSomethingA
references (although I've not removed any).
[originally from svn r8738]
uninitialised storage into WSAAddressToString()'s length function (and
presumably getting away with it by luck).
Also improve error handling (exposed by my Wine installation, which returns
an error from WSAAddressToString() for connections to localhost for some
reason).
[originally from svn r8737]
not fazed by being displayed at other than 96DPI; testing on Vista at a range
of DPIs indicates that we cope (with the minor and inevitable exception of the
drag-list control).
This stops pixel scaling and hence fuzzy display on high-resolution displays.
(Hope this is last disastrous than my last set of manifest tweaks! --
<http://support.fogcreek.com/default.asp?copilot.6.26840.1> suggests that this
is an OK thing to do.)
[originally from svn r8661]
plink did not cope gracefully with this -- it was not possible to override that
hostname on the command line (attempts at doing so would be treated as part of
the remote command).
Fix this by applying the principle of r7265: if the user didn't explicitly
specify that they wanted to launch the hostname in the default (for instance
with '-load "Default Settings"', we assume they don't want to, and such a
hostname doesn't count when deciding whether to treat a non-option argument as
hostname or command.
[originally from svn r8651]
[r7265 == 5d76e00dac]
[r7266 == 856ed4ae73]
sessions submenu of the terminal window context menu (as Pageant does), rather
than an empty menu (which often renders poorly).
[originally from svn r8648]
use the explicitly-narrow type LPSTR, not the switchable type LPTSTR. (Since
we currently build without UNICODE this makes no practical difference to us
now.)
[originally from svn r8627]
