proxy-indirection network functions (name_lookup, new_connection,
new_listener) takes a `const Config *' as an argument, and extracts
enough information from it before returning to handle that
particular network operation in accordance with the proxy settings
it specifies. This involved {win,ux}net.c due to a `const'
repercussion.
[originally from svn r2567]
and have a function to pass in a new one. (Well, actually several
back ends don't actually bother to do this because they need nothing
out of Config after the initial setup phase, but they could if they
wanted to.)
[originally from svn r2561]
the remote IP/port data provided by the server for forwarded
connections. Disabled by default, since it's incompatible with SSH2,
probably incompatible with some X clients, and tickles a bug in
at least one version of OpenSSH.
[originally from svn r2554]
it was because we received WINDOW_ADJUST on a channel we'd already
sent CLOSE on, and reflexively attempted to continue sending the
buffered data in response. Should now be fixed.
[originally from svn r2539]
Windows and Mac backends have acquired auth-finding functions which
do nothing; Unix backend has acquired one which actually works, so
Plink can now do X forwarding believably.
(This checkin stretches into some unlikely parts of the code because
there have been one or two knock-on effects involving `const'. Bah.)
[originally from svn r2536]
gone for replacing the implicit casts with explicit ones. Where there was
something obviously better that I could do, I've done it, though.
[originally from svn r2460]
general logging module rather than localising it in ssh.c. This
means it should work in other protocols as well (notably Telnet,
where it might actually be useful for debugging negotiations).
[originally from svn r2360]
SockAddr, which just contains an unresolved hostname and is created
by a stub function in *net.c. It's an error to pass this to most of
the real-meat functions in *net.c; these fake addresses should have
been dealt with by the time they get down that far. proxy.c now
contains name_lookup(), a wrapper on sk_namelookup() which decides
whether or not to do real DNS, and the individual proxy
implementations each deal sensibly with being handed an unresolved
address and avoid ever passing one down to *net.c.
[originally from svn r2353]
well, though it's a lot less useful since you still can't bind to
low-numbered ports of odd loopback IPs. Should work in principle for
SSH2 remote forwardings as well as local ones, but OpenSSH seems
unwilling to cooperate.
[originally from svn r2344]
same behaviour as before (tested a little bit), but should be easier to
expand.
(This is the easy bit -- work still needs to be done to fix
ssh2-keyderive-nonbug, vshell-no-bug-compat, etc -- but should be easier
now.)
[originally from svn r2293]
source files in which it's no longer required (it was previously
required in anything that included <putty.h>, but not any more).
Also moved a couple of stray bits of exposed WinSock back into
winnet.c (getservbyname from ssh.c and AF_INET from proxy.c).
[originally from svn r2160]
That'd have been embarrassing. Mind you I'd like to remove this
particular #include for good anyway, but the time is not now...
[originally from svn r2158]
absent, and also (I think) all the frontend request functions (such
as request_resize) take a context pointer, so that multiple windows
can be handled sensibly. I wouldn't swear to this, but I _think_
that only leaves the Unicode stuff as the last stubborn holdout.
[originally from svn r2147]
lpage_send out into the line discipline, making them _clients_ of
the Unicode layer rather than part of it. This means they can access
ldisc->term, which in turn means I've been able to remove the
temporary global variable `term'. We're slowly getting there.
[originally from svn r2143]
As a result I've now been able to turn the global variables `back'
and `backhandle' into module-level statics in the individual front
ends. Now _that's_ progress!
[originally from svn r2142]
each backend now stores all its internal variables in a big struct,
and each backend function gets a pointer to this struct passed to
it. This still isn't the end of the work - lots of subsidiary things
still use globals, notably all the cipher and compressor modules and
the X11 forwarding authentication stuff. But ssh.c itself has now
been transformed, and that was the really painful bit, so from here
on it all ought to be a sequence of much smaller and simpler pieces
of work.
[originally from svn r2127]
terminal.c was apparently relying on implicit initialisation to
zero, and also I've removed the backends' dependency on terminal.h
by having terminal sizes explicitly passed in to back->size().
[originally from svn r2117]
all the global and function-static variables out of terminal.c into
a dynamically allocated data structure. Note that this does not yet
confer the ability to run more than one of them in the same process,
because other things (the line discipline, the back end) are still
global, and also in particular the address of the dynamically
allocated terminal-data structure is held in a global variable
`term'. But what I've got here represents a reasonable stopping
point at which to check things in. In _theory_ this should all still
work happily, on both Unix and Windows. In practice, who knows?
[originally from svn r2115]
longer just sit there like a lemon if we can't find the channel in
question, we bomb out and complain. With any luck, remaining
problems of this type should be easier to catch under this policy.
[originally from svn r1962]
receiving of CLOSE and CLOSE_CONFIRMATION separately rather than
taking short cuts. I believe ssh-1.2.33 sending CLOSE_CONFIRMATION
before CLOSE was causing the remaining incidences of bug
`nonexistent-channel'. (ssh-1.2.33 appears to have unilaterally
decreed that CLOSE and CLOSE_CONFIRMATION are respectively renamed
INPUT_EOF and OUTPUT_CLOSING, hence there is no longer an ordering
constraint on them. Bah.)
[originally from svn r1961]
Bump username storage from 32 to 100 chars. Also replaced a couple of magic
numbers with sizeof in ssh.c.
I don't believe this is going to startle any of the protocols PuTTY talks.
[originally from svn r1952]
versions 2.0.*, and causing the shared secret not to be included in
key derivation hashes. (This doesn't quite cause a blatant security
hole because the session ID - _derived_ from the shared secret - is
still included.)
[originally from svn r1853]
subsequent packet-receiver code would fail to notice anything was
wrong and segfault. Since this is clearly a silly packet length
anyway, we now explicitly reject it as a daft encryption error.
[originally from svn r1852]
containing more than one prompt instead of less than one, and also
correctly enables echo on prompts that the server requests it for.
In the process I've moved the whole username/password input routine
out into its own function, where it's called independently of which
SSH protocol we're using, so this should even have _saved_ code
size. Rock!
[originally from svn r1830]
now be processed in cmdline.c, which is called from all utilities
(well, not Pageant or PuTTYgen). This should mean we get to
standardise almost all options across almost all tools. Also one
major change: `-load' is now the preferred option for loading a
saved session in PuTTY proper. `@session' still works but is
deprecated.
[originally from svn r1799]
authentication: a k-i request packet can contain any number of auth
prompts (including zero!) and we must ask the user all of them and
send back a packet containing the same number of responses. FreeBSD
systems were sending a zero-prompts packet which was crashing us;
this now appears fixed (we correctly return a zero-responses packet)
but I haven't tested a multiple-prompts packet because I can't
immediately think of a server that generates them.
[originally from svn r1797]
which suggested bufchain_prefix() was finding an improperly
initialised bufchain structure. Looking at the code, this may indeed
have been able to happen, since the bufchain in a SOCKDATA_DORMANT
channel was not initialised until CHANNEL_OPEN_CONFIRMATION was
received. This seems utterly daft, so I now call bufchain_init()
when the channel structure is actually created. With any luck the
crash will mystically disappear now (I wasn't able to reproduce it
myself).
[originally from svn r1735]
inclusive. Padding is accomplished by rewriting the signature blob
rather than at the point of generation, in order to avoid having to
move part of the workaround into Pageant (and having to corrupt the
agent wire protocol to allow PuTTY to specify whether it wants its
signatures padded!).
[originally from svn r1708]
now be told that the key is the wrong type, _and_ what type it is,
rather than being given a blanket `unable to read key file' message.
[originally from svn r1662]
forwardings in SSH1. Was causing several MSG_SUCCESS to be queued up
unread, which was wrong-but-benign in most cases but caused a hard
crash with compression enabled (one of those uncompressed
MSG_SUCCESSes was fed to the zlib decompressor with spectacular
results).
[originally from svn r1609]
CONNECT, but contains an extensible framework to allow other
proxies. Apparently SOCKS and ad-hoc-telnet-proxy are already
planned (the GUI mentions them already even though they don't work
yet). GUI includes full configurability and allows definition of
exclusion zones. Rock and roll.
[originally from svn r1598]
Specifically, we explicitly closesocket() all open sockets, which
appears to be necessary since otherwise Windows sends RST rather
than FIN. I'm _sure_ that's a Windows bug, but there we go.
[originally from svn r1574]
keys before _every_ other authentication; so if you tried a local
pubkey _and_ a password, for example, you'd also try Pageant twice.
Now fixed.
[originally from svn r1524]
the private key file given in the config; if it spots this then it
avoids trying it again (and in particular avoids needing to ask for
the passphrase when it knows perfectly well it won't work).
[originally from svn r1523]
process. This is functional in SSH, and vestigial (just returns 0)
in the other three protocols. Plink's Windows exit code is now
determined by the remote process exit code, which should make it
more usable in scripting applications. Tested in both SSH1 and SSH2.
[originally from svn r1518]
connections from outside localhost' switch. Interestingly OpenSSH
3.0 appears to ignore this (though I know it works because ssh.com
3.0 gets it right, and the SSH packet dump agrees that I'm doing the
right thing).
[originally from svn r1496]
sick of recompiling to enable packet dumps. SSH packet dumping is
now provided as a logging option, and dumps to putty.log like all
the other logging options. While I'm at it I cleaned up the format
so that packet types are translated into strings for easy browsing.
POSSIBLE SIDE EFFECT: in the course of this work I had to re-enable
the SSH1 packet length checks which it turns out hadn't actually
been active for some time, so it's possible things might break as a
result. If need be I can always disable those checks for the 0.52
release and think about it more carefully later.
[originally from svn r1493]
configurable option so users can re-enable the feature _if_ they
know they have an SSH2 server that isn't going to get shirty about
it. Inspired by a spectacular increase in OpenSSH's shirtiness.
[originally from svn r1474]
after. Shouldn't make a difference for any server that previously
worked, but we should now interoperate sensibly with servers that
wait to receive our NEWKEYS before sending their own. Apparently
Unisphere produce one such.
[originally from svn r1390]
causes password login to occur on a server that supports password-
through-k-i. Of course when we use the new preference list mechanism
for selecting the order of authentications this will all become much
more sane, but for the moment I've put publickey back up to the top
and things seem to be happier.
[originally from svn r1220]
CHANNEL_OPEN_FAILURE messages, which occur when the remote side is
unable to open a forwarded network connection we have requested. (It
seems they _don't_ show up if you get something mundane like
Connection Refused - the channel is cheerfully opened and
immediately slammed shut - but they do if you try to connect to a
host that doesn't even exist. Try forwarding a port to
frogwibbler:4800 and see what you get.)
[originally from svn r1213]
scp1 if it can't. Currently not very tested - I checked it in as
soon as it completed a successful recursive copy in both directions.
Also, one known bug: you can't specify a remote wildcard, because by
the nature of SFTP we'll need to implement the wildcard engine on
the client side. I do intend to do this (and use the same wildcard
engine in PSFTP as well) but I haven't got round to it yet.
[originally from svn r1208]
by me to make the drag list behaviour slightly more intuitive.
WARNING: DO NOT LOOK AT pl_itemfrompt() IF YOU ARE SQUEAMISH.
[originally from svn r1199]
by ceasing to listen on input channels if the corresponding output
channel isn't accepting data. Has had basic check-I-didn't-actually-
break-anything-too-badly testing, but hasn't been genuinely tested
in stress conditions (because concocting stress conditions is non-
trivial).
[originally from svn r1198]
keyboard-interactive authentication. UNTESTED except that I checked
it compiles. Will ask for testing from the user who complained.
[originally from svn r1195]
attempt keyboard-interactive authentication. We can yell about it if
we make a creditable attempt and are rejected, but if the server
just refuses to even consider it then the user won't really want to
know (and if they do there's the Event Log).
[originally from svn r1180]
Only currently works on SSH1; SSH2 should be doable but it's late
and I have other things to do tonight. The Cool Guy award for this
one goes to Nicolas Barry, for doing most of the work and actually
understanding the code he was adding to.
[originally from svn r1176]
function (woohoo!), improved that function so it provides an ASCII
dump as well as hex (whee!), removed all remaining spurious \r in
debug statements (ooh!), and made enabling of packet debugging in
SSH a matter of one ifdef rather than lots (phew!).
[originally from svn r1091]
spawn another command after starting Pageant. Also, if Pageant is
already running, `pageant keyfile' and `pageant -c command' will do
the Right Thing, that is, add the key to the _first_ Pageant and/or
run a command and then exit. The only time you now get the `Pageant
is already running' error is if you try to start the second copy
with no arguments.
NB the affected files in this checkin are rather wide-ranging
because I renamed the not really SSH1-specific
`ssh1_bignum_bitcount' function to just `bignum_bitcount'.
[originally from svn r1044]
could have got away with upping it to 256, but I didn't want a repeat
of the chaos when some server accidentally breaks that limit too...)
[originally from svn r1019]
with public key' message in SSH2 (it already doesn't in SSH1). It
shouldn't show the login banner either, since its output is probably
redirected to something which will choke on it.
[originally from svn r1011]
remote command from a local file. Advantage: you can have more than
one line in it, so you can remotely run what's effectively a small
script.
[originally from svn r1010]
primary (shell session) channel, rather than the one they were aimed
at. This _despite_ me having deliberately gone and looked the channel
ID up in the B-tree - I was ignoring the result by accident :-/
X forwarding should now work in SSH2 even on non-trivial clients (ie
things other than xdpyinfo).
[originally from svn r1007]
PROTOFLAG_SCREEN_NUMBER, without which OpenSSH 2.5.1 was objecting to
my gratuitous inclusion of a screen number in the SSH1 X forwarding
request. Ahem.
[originally from svn r1006]
printing them _before_ the username prompt. This apparently isn't very
serious because OpenSSH doesn't _send_ it before the username prompt,
but only in response to USERAUTH_REQUEST "none". Good job we do that!
[originally from svn r1005]
sensibly, as a release or a snapshot or a local build. With any luck
this should make bug reporting easier to handle, because anyone who
sends their Event Log should automatically include the version :-)
[originally from svn r1003]
contains a reference to a paper on the subject). Reduces time taken
for DH group exchange to the point where it's viable to enable it
all the time, so I have. :-)
[originally from svn r991]
compression. This involves introducing an option to disable Zlib
compression (that is, continue to work within the Zlib format but
output an uncompressed block) for the duration of a single packet.
[originally from svn r982]
Additionally, the ability to switch usernames if you mistype the
first one has been restored (although it didn't actually work
because OpenSSH didn't feel like playing; patch submitted :-).
[originally from svn r975]
error messages are currently wrong, and Pageant doesn't yet support
the new key type, and I haven't thoroughly tested that falling back
to password authentication and trying invalid keys etc all work. But
what I have here has successfully performed a public key
authentication, so it's working to at least some extent.
[originally from svn r973]
introduce another layer of abstraction in SSH2 ciphers, such that a
single `logical cipher' (as desired by a user) can equate to more
than one `physical cipher'. This is because AES comes in several key
lengths (PuTTY will pick the highest supported by the remote end)
and several different SSH2-protocol-level names (aes*-cbc,
rijndael*-cbc, and an unofficial one rijndael-cbc@lysator.liu.se).
[originally from svn r967]
(change the sense of #ifdef DO_DIFFIE_HELLMAN_GEX in ssh.c) because
it's _far_ too slow. Will be re-enabled once the bignum routines
work a bit faster (or rather a _lot_ faster).
[originally from svn r962]
version allows you to specify, per socket, which sockets receive OOB
data in-line (so that you know what was before the mark and what was
after) and which receive it out of line (so it's really a one-byte
out-of-band facility rather than discard-to-mark). This reflects the
fact that rlogin appears to make more sense in the latter mode, and
telnet in the former. This patch makes rlogin work right for me.
[originally from svn r921]
it's already NULL. The `Incorrect MAC' problem was causing
ssh2_rdpkt to bombout(), setting s to NULL, and then a secondary
bombout() was happening at the next level up, causing a segfault.
[originally from svn r909]
because the session id is the exchange hash from the _first_ key
exchange, so in subsequent key exchanges they're different.
[originally from svn r901]
multiple switchable line disciplines, we now have a single unified
one which changes its behaviour based on option settings. Each
option setting can be suggested by the back end and/or the terminal
handler, and can be forcibly overridden by the configuration. Local
echo and local line editing are separate, independently switchable,
options.
[originally from svn r895]
automatic fatalbox(). Instead, the error is passed to the receiver
routine, which can decide just how fatal the problem really is.
[originally from svn r894]
states where they're meaningful. In case Plink misses an EOF by
attempting to send it before reaching SSH_STATE_SESSION, it is
buffered and sent later. PINGs can be sent during any part of the
initialisation phase _except_ before deciding whether to use
protocol 1 or 2.
[originally from svn r850]
smalloc() macros and thence to the safemalloc() functions in misc.c.
This should allow me to plug in a debugging allocator and track
memory leaks and segfaults and things.
[originally from svn r818]
abstraction, so as to be able to re-use the same abstraction for
user authentication keys and probably in the SSH2 agent (when that
happens) as well.
[originally from svn r815]
if agent forwarding had not been negotiated on, and more
particularly even if it had been deliberately disabled by the user.
[originally from svn r814]
advantages:
- protocol modules can call sk_write() without having to worry
about writes blocking, because blocking writes are handled in the
abstraction layer and retried later.
- `Lost connection while sending' is a thing of the past.
- <winsock.h> is no longer needed in most modules, because
"putty.h" doesn't have to declare `SOCKET' variables any more,
only the abstracted `Socket' type.
- select()-equivalent between multiple sockets will now be handled
sensibly, which opens the way for things like SSH port
forwarding.
[originally from svn r744]
use when they have data from the network. Replaces the utterly daft
inbuf / inbuf_head / term_out() interface, which only made sense
when feeding to terminal.c. (terminal.c now implements
from_backend() as a small function that gateways to the old
interface.)
As a side effect, from_backend() also has an `is_stderr' parameter,
so scp can once again separate the server's pronouncements on stderr
from the actual protocol progress on stdout.
[originally from svn r729]
features (prompt for passphrase twice, prompt before overwriting a
file, check the key file was actually saved OK), testing of the
generated keys to make sure I got the file format right, and support
for a variable key size. I think what's already here is basically
sound though.
[originally from svn r715]
- cope with strange WinSock wrappers not supporting SIOCATMARK
- define yet more terminal compatibility modes
- support UK-ASCII (just like US-ASCII but # is a sterling sign)
- support connection keepalives at a configurable interval
[originally from svn r692]
functions as calls to the MS Crypto API. Not integrated into the
Makefile yet, but should eventually allow building of an SSH-enabled
PuTTY which contains no native crypto code, so it can be used
everywhere (and anyone who can get the MS encryption pack can still
use the SSH parts).
[originally from svn r425]
variant which is patent-safe in the US and legal in France and
Russia. This is a horrible hack in some ways: it's shown up serious
deficiencies in the module boundaries. Needs further work, probably
once the SSH implementations are recombined.
[originally from svn r410]
- ^E answerback is now `PuTTY'.
- The framework is now in place for the scrollback to reset to
bottom on display _or_ keyboard events _or_ both. An actual
configurable option isn't yet present, but most of the code is in
place.
- Try to deal with the problems where incoming data gets dropped
after decoding but before display.
- Scrollback behaviour has changed: instead of keying it off
`scroll' versus `delete top line', things now go into the
scrollback from _either_ of those but only if the primary screen
is selected. Should fix problems with `less' and talkers.
- must_update variable has gone because rdb correctly observed that
it didn't seem to be doing a great deal :-)
[originally from svn r328]
- NetHack keypad mode (Shift only works with NumLock off)
- Alt-Space handling (best I could manage; not too bad considering)
- Event Log rather than Telnet Negotiation Log
[originally from svn r284]
- Stop using the identifier `environ' as some platforms make it a macro
- Fix silly error box at end of connection in FWHACK mode
- Fix GPF on maximise-then-restore
- Use SetCapture to allow drag-selecting outside the window
- Correctly update window title when iconic and in win_name_always mode
[originally from svn r12]
