1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00
Commit Graph

893 Commits

Author SHA1 Message Date
Simon Tatham
c9326c240e stripslashes() should have been dealing with colons as well. I don't
_think_ there was an exploit (even if the server sends "c:foobar",
the client will not attempt to create "c:foobar"; instead it will
try to create ".\c:foobar" which will fail), but it's as well to be
sure.

[originally from svn r1223]
2001-08-28 12:26:16 +00:00
Simon Tatham
f143fff0db Semantic fix in the X11 `authentication failed' error packet
construction. Doesn't actually affect anything right now, since the
bug was a failure to round a length up to the next multiple of 4 and
it so happens that our current message was exactly 40 bytes anyway
:-) But if we start giving a wider variety of messages one day then
it might be handy to be able to do them without gratuitous crashes.

[originally from svn r1222]
2001-08-28 12:24:50 +00:00
Simon Tatham
bbc7f197bc Add documentation of the new PSCP `-unsafe' option and the
associated warning message.

[originally from svn r1221]
2001-08-28 09:53:51 +00:00
Simon Tatham
d1d2fd7a13 D'oh! Putting keyboard-interactive authentication _before_ publickey
causes password login to occur on a server that supports password-
through-k-i. Of course when we use the new preference list mechanism
for selecting the order of authentications this will all become much
more sane, but for the moment I've put publickey back up to the top
and things seem to be happier.

[originally from svn r1220]
2001-08-28 08:43:33 +00:00
Simon Tatham
5c72d5adc5 Fix externally added SSH1 keys in Pageant. I have no idea how this
code _ever_ worked before! But it's been like this for four months
and nobody has noticed, including me. That's quite spooky.

[originally from svn r1219]
2001-08-28 08:36:27 +00:00
Simon Tatham
ea27f048f9 Fix various small compiler warnings, mostly unused local variables
[originally from svn r1218]
2001-08-28 08:08:43 +00:00
Simon Tatham
493d34c655 PuTTYgen: add an extra button to save a public key into a file
(as well as showing it for cut and paste). For SSH1, this feature is
largely cosmetic and added for orthogonality; it comes into its own
in SSH2, where it saves the Official One True Public Key Format as
specified in the draft spec, and more particularly as used by
ssh.com's product for authentication. Now that ssh-3.0.1 supports
RSA user keys, this is suddenly actually useful.

[originally from svn r1217]
2001-08-27 17:40:03 +00:00
Simon Tatham
5c646f3270 Fix handling of SSH2_MSG_CHANNEL_CLOSE, which was breaking in port
forwarding talking to ssh.com's ssh-3.0.1.

[originally from svn r1216]
2001-08-27 16:58:47 +00:00
Simon Tatham
4692974d7d Port forwarding update: local-host-only listening sockets are now
done properly (by binding to INADDR_LOOPBACK) instead of hackishly
(by binding to INADDR_ANY, looking at the peer address when a
connection is accepted, and slamming the connection shut at that
point).

[originally from svn r1215]
2001-08-27 15:59:37 +00:00
Simon Tatham
ac97a0cb1d Add a couple of missing return values
[originally from svn r1214]
2001-08-27 15:55:44 +00:00
Simon Tatham
254f50974e Port forwarding bug fix: we were unable to handle receiving
CHANNEL_OPEN_FAILURE messages, which occur when the remote side is
unable to open a forwarded network connection we have requested. (It
seems they _don't_ show up if you get something mundane like
Connection Refused - the channel is cheerfully opened and
immediately slammed shut - but they do if you try to connect to a
host that doesn't even exist. Try forwarding a port to
frogwibbler:4800 and see what you get.)

[originally from svn r1213]
2001-08-27 15:13:14 +00:00
Simon Tatham
448c1a085a Finally tighten up the server-side wildcard security hole, the
_right_ way. (SSWs are disabled by default and can be re-enabled
using `-unsafe', meaning that pscp will _never_ do anything
unexpected to your local file system unless you explicitly give
consent. The sftp-based variant will work fine because the
corresponding mechanism is _not_ unsafe.)

[originally from svn r1212]
2001-08-27 15:02:52 +00:00
Simon Tatham
a8e0abbf28 Fix tiny bug in new sftp-mode wildcards: when there wasn't a leading
path component (just `host:*' rather than `host:directory/*') there
was trouble.

[originally from svn r1211]
2001-08-27 14:51:31 +00:00
Simon Tatham
e6c8913093 Minor modification: in remote->local non-recursive mode matching a
wildcard, we don't abandon ship completely if the wildcard matches a
directory; we just warn and carry on with the rest.

[originally from svn r1210]
2001-08-27 10:24:55 +00:00
Simon Tatham
0da98d052d Implemented a simple wildcard matching engine, and used it to
restore remote wildcard capability in sftp-style PSCP.

[originally from svn r1209]
2001-08-27 10:17:41 +00:00
Simon Tatham
ff9a038cdd PSCP now uses the modern SFTP protocol if it can, and falls back to
scp1 if it can't. Currently not very tested - I checked it in as
soon as it completed a successful recursive copy in both directions.
Also, one known bug: you can't specify a remote wildcard, because by
the nature of SFTP we'll need to implement the wildcard engine on
the client side. I do intend to do this (and use the same wildcard
engine in PSFTP as well) but I haven't got round to it yet.

[originally from svn r1208]
2001-08-26 18:32:28 +00:00
Simon Tatham
605fa91201 Arrgh; yet again I make my security checking too draconian to
actually get things done. I'm sure this is the second time I've
checked in this mistake :-/ Still, this time I've got right to the
bottom of the cause, and commented it clearly. Phew.

[originally from svn r1207]
2001-08-26 15:45:55 +00:00
Simon Tatham
ebde798f13 Oops. ^X^S comes _before_ `cvs commit'. Two more diagnostics gone :-)
[originally from svn r1206]
2001-08-26 15:32:51 +00:00
Simon Tatham
306a13c025 Further tightening up in PSCP. Fixed a couple more holes whereby a
malicious SCP server could have written to areas other than the ones
the user requested; cleared up buffer overruns everywhere. Hopefully
we now do not use arbitrary buffer limits _anywhere_.

[originally from svn r1205]
2001-08-26 15:31:29 +00:00
Simon Tatham
f7f96066f7 Preparatory work for allowing PSCP to work over SFTP as well as old-
style scp1. I've built a layer of abstraction covering all the gory
details of the old scp network protocol.

[originally from svn r1204]
2001-08-26 14:53:51 +00:00
Simon Tatham
9c5951ed35 More upgrades to psftp: it now supports mv, chmod, reget and reput.
[originally from svn r1203]
2001-08-26 11:35:11 +00:00
Simon Tatham
116fb80175 D'oh, remove two rogue diagnostics
[originally from svn r1202]
2001-08-26 10:01:45 +00:00
Simon Tatham
a723494288 Remove gratuitous FIXME entries in cipher list. Oops, didn't mean to
check those in :-)

[originally from svn r1201]
2001-08-25 20:02:02 +00:00
Simon Tatham
195db0c8c9 Fiddle with the registry format so that backwards compatibility is
natural and defaults are sensible.

[originally from svn r1200]
2001-08-25 20:01:36 +00:00
Simon Tatham
44c4ee79e6 Jacob's patch for a drag-list to select SSH ciphers. Heavily hacked
by me to make the drag list behaviour slightly more intuitive.
WARNING: DO NOT LOOK AT pl_itemfrompt() IF YOU ARE SQUEAMISH.

[originally from svn r1199]
2001-08-25 19:33:33 +00:00
Simon Tatham
c87fa98d09 Extensive changes that _should_ fix the socket buffering problems,
by ceasing to listen on input channels if the corresponding output
channel isn't accepting data. Has had basic check-I-didn't-actually-
break-anything-too-badly testing, but hasn't been genuinely tested
in stress conditions (because concocting stress conditions is non-
trivial).

[originally from svn r1198]
2001-08-25 17:09:23 +00:00
Simon Tatham
7ff3999e49 Oops - fix that fix :-/
[originally from svn r1197]
2001-08-22 20:23:49 +00:00
Simon Tatham
a4d81b170e Wording change: make it explicit that you can enter an IP address as
well as a hostname.

[originally from svn r1196]
2001-08-22 19:56:41 +00:00
Simon Tatham
96fd4be809 Fix to allow more than one challenge/response pair during
keyboard-interactive authentication. UNTESTED except that I checked
it compiles. Will ask for testing from the user who complained.

[originally from svn r1195]
2001-08-22 19:47:05 +00:00
Simon Tatham
31a6d909bf Add a comment about Dragon NaturallySpeaking: it apparently requires
Alt+Space to work the Windows way.

[originally from svn r1188]
2001-08-16 11:09:25 +00:00
Jacob Nevins
fb46f1b77d Document /DNO_SECURITY compile option.
[originally from svn r1187]
2001-08-15 19:47:00 +00:00
Jacob Nevins
913b9deeec Updated Makefile.cyg for Glenn Maynard's IME patch.
[originally from svn r1186]
2001-08-15 19:41:14 +00:00
Simon Tatham
24e97a365d Trivial port forwarding fixes from Jacob
[originally from svn r1185]
2001-08-15 18:23:50 +00:00
Simon Tatham
f0d968ce49 Fix potential segfault in port forwarding code
[originally from svn r1184]
2001-08-13 12:43:29 +00:00
Simon Tatham
686740c2fb First phase of Unicode polishing: replace the edit box with a combo
box. Also default to ISO8859-1 so that CSI works in the default
mode; this is ridiculously Western-centric but I can't honestly
think of a better option.

[originally from svn r1183]
2001-08-12 19:25:21 +00:00
Simon Tatham
9cbaacd673 Stop yelling about Access Denied if the server refuses even to
attempt keyboard-interactive authentication. We can yell about it if
we make a creditable attempt and are rejected, but if the server
just refuses to even consider it then the user won't really want to
know (and if they do there's the Event Log).

[originally from svn r1180]
2001-08-09 21:22:38 +00:00
Simon Tatham
54bcab760f Port forwarding now works in SSH 2 as well as SSH 1.
[originally from svn r1179]
2001-08-09 21:17:05 +00:00
Simon Tatham
fa6b9c1896 Keyboard-interactive authentication, thanks to Paul Sokolovsky.
[originally from svn r1178]
2001-08-09 20:13:17 +00:00
Simon Tatham
ae8db3fa92 Oops - actually check in portfwd.c itself! (Makefile also modified
because it's been renamed to fit in 8.3, just in case.)

[originally from svn r1177]
2001-08-08 20:53:27 +00:00
Simon Tatham
50766ce729 SSH port forwarding! How cool is that?
Only currently works on SSH1; SSH2 should be doable but it's late
and I have other things to do tonight. The Cool Guy award for this
one goes to Nicolas Barry, for doing most of the work and actually
understanding the code he was adding to.

[originally from svn r1176]
2001-08-08 20:44:35 +00:00
Simon Tatham
4d3aad22f5 Remove the OSVERSIONINFOEX code because there's no obvious way to
determine whether it'll compile before receiving the compile error.
Gah.

[originally from svn r1175]
2001-08-07 08:42:17 +00:00
Simon Tatham
94d35cead5 Glenn Maynard's patch completely disabled PuTTY{,tel} on any system
that didn't support OSVERSIONINFOEX. For example, such wildly out of
date things as NT4. Now fixed.

[originally from svn r1174]
2001-08-04 15:45:25 +00:00
Simon Tatham
02c3d0694c Oops - IDC not IDV. Typo.
[originally from svn r1173]
2001-08-04 15:22:52 +00:00
Simon Tatham
de987f33fe Glenn Maynard's IME patch
[originally from svn r1172]
2001-08-04 15:15:07 +00:00
Simon Tatham
3b81448ae4 Rainer Loritz noticed that the Telnet environment box is not cleared
when loading a new session. Oops!

[originally from svn r1171]
2001-08-04 15:04:10 +00:00
Simon Tatham
3bc9118bc4 Prevent recursive weirdnesses happening when the user selects a
system-tray menu option while a passphrase prompt is active.

[originally from svn r1170]
2001-08-04 14:59:56 +00:00
Simon Tatham
dbe881a163 SCO function key mode now affects the small keypad (Ins, Del, etc)
in accordance with the keymap dump sent by Len Christiansen.

[originally from svn r1169]
2001-08-04 14:35:58 +00:00
Simon Tatham
4a0fb28883 Patch to PSFTP: implement mkdir, rmdir, rm and scripting. Still to
do: wildcards, chmod, mv, probably other things.

[originally from svn r1168]
2001-08-04 14:19:51 +00:00
Simon Tatham
15cf1e664b Mention PLINK_PROTOCOL in the Plink chapter.
[originally from svn r1167]
2001-08-04 13:06:08 +00:00
Simon Tatham
5138551608 Add description of the keepalives option
[originally from svn r1166]
2001-08-04 13:05:54 +00:00