1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-12 02:47:59 +00:00
Commit Graph

7136 Commits

Author SHA1 Message Date
Jacob Nevins
5aacd0d98e Docs: talk about SSH-2 before SSH-1.
Because SSH-1 is a very niche interest these days. Mostly this affects
the public key documentation.

Also, a couple of unrelated concessions to modernity.
2019-04-19 15:49:05 +01:00
Jacob Nevins
461844a5ec Docs: tweak other error messages for truth. 2019-04-19 15:49:05 +01:00
Jacob Nevins
c86a56f49c Docs: correct some error messages.
In some messages, "server" became "remote" in 21a7ce7a07.
2019-04-19 15:49:05 +01:00
Jacob Nevins
8e6b1fd694 Docs: reorder Bugs/More bugs docs to match code.
The panels were rearranged in ab433e8073.
No textual change other than the rearrangement.
2019-04-19 15:49:05 +01:00
Jacob Nevins
6c9b1ffb2b Make docs match code for a couple of settings. 2019-04-19 15:49:05 +01:00
Jacob Nevins
2cc75131e1 Cosmetic rearrangement of Terminal/Features panel.
Move "Response to remote title query" next to "Disable remote-controlled
window title changing"; that seems more logical, and matches the
documentation.
2019-04-19 15:49:05 +01:00
Jacob Nevins
03daa60277 Correct "Ed25519" orthography in Windows PuTTYgen. 2019-04-19 15:48:53 +01:00
Jacob Nevins
5fd89724d3 Rewrite "Getting started / Logging in".
- Mention public key authentication
 - Define and describe the "terminal window"
 - Mention trust sigils
 - Describe here the lack of feedback in password prompts, as well as in
   the FAQ
2019-04-19 12:08:31 +01:00
Jacob Nevins
69fb50c20c Remove outdated comment. 2019-04-18 17:04:07 +01:00
Simon Tatham
36525cc003 Fix RSA key gen at awkward sizes mod BIGNUM_INT_BITS.
If you try to generate (say) a 2049-bit RSA key, then primegen will
try to generate a 1025-bit prime. It will do it by making a random
1024-bit mp_int (that is, one strictly _less_ than 2^1024), and then
trying to set bit 1024. But that will fail an assertion in mp_set_bit,
because the number of random bits is a multiple of BIGNUM_INT_BITS, so
an mp_int of the minimum size that can hold the random bits is not
quite big enough to hold the extra bit at the top.

Fix: change the strategy in primegen so that we allocate the mp_int
large enough to hold even the top bit, and copy in the random numbers
via mp_or_into.

There's a second bug hiding behind that one. If the key has odd size,
then the two primes are generated with different bit lengths. If the
overall key size is congruent to 1 mod (2*BIGNUM_INT_BITS), then the
two primes will be allocated as mp_ints with different numbers of
words, leading to another assertion failure in the mp_cond_swap that
sorts the primes into a consistent order.

Fix for that one: if the primes are being generated different bit
lengths, then we arrange those lengths to be already in the right
order, and replace the mp_cond_swap with an assert() that checks the
ordering is already correct.

Combined effect: now you should be able to successfully generate a
2049-bit key without assertion failures.
2019-04-17 18:15:23 +01:00
Simon Tatham
ca6d278c10 Make NEON AES build in 32-bit VS.
I had another look just now at the mysterious AES intrinsics in
VS2017's arm_neon.h that have the wrong number of operands, and this
time I noticed that they're in one branch of an #ifdef whose other
branch looks a lot more sensible. Enabled the #define that switches to
the working branch.
2019-04-16 20:47:30 +01:00
Simon Tatham
97a1021202 Fix handling of Return and keypad Enter.
The recent rewriting in both the GTK and Windows keyboard handlers
left the keypad 'Enter' key in a bad state, when no override is
enabled that causes it to generate an escape sequence.

On Windows, a series of fallbacks was causing it to generate \r
regardless of configuration, whereas in Telnet mode it should default
to generating the special Telnet new-line sequence, and in response to
ESC[20h (enabling term->cr_lf_return) it should generate \r\n.

On GTK, it wasn't generating anything _at all_, and also, I can't see
any evidence that the GTK keyboard handler had ever remembered to
implement the cr_lf_return mode.

Now Keypad Enter in non-escape-sequence mode should behave just like
Return, on both platforms.
2019-04-15 20:43:10 +01:00
Simon Tatham
56198afb5c provide_xrm_string: report a more sensible program name.
It was always issuing an error message beginning "pterm:", even when
the application was GTK PuTTY or Unix Plink.
2019-04-13 19:13:45 +01:00
Simon Tatham
2692bfe8ee provide_xrm_string: make argument type const char *.
All call sites so far have happened to pass it a mutable string, but
it doesn't actually need one.
2019-04-13 19:09:56 +01:00
Simon Tatham
39c20d4819 Revert "settings.c: allow load_open_settings(NULL)."
This reverts commit 1b2f39c24b.

The intention of that commit was to support the development of Uppity,
by arranging that I could get a Conf populated with completely default
values by calling load_open_settings(NULL,conf), with no risk of
interference from the normal PuTTY saved sessions full of client-side
configuration (which would have been confusing to apply unexpectedly
in a server).

So I arranged that a NULL session handle was never passed to the
low-level read_setting_[type] functions, in case it caused a segfault.
But I overlooked two things.

Firstly, on Unix, read_setting_* is where we check the tree234 of data
derived from X resources and/or -xrm command-line options. So if you
don't call those functions at all (e.g. if you have no on-disk PuTTY
saved configuration at all, not even Default Settings), you also don't
get your X defaults honoured.

Secondly, those functions themselves already all checked their
argument for NULL before doing anything dangerous with it. So the
thing I wanted to make possible was already possible _anyway_, without
me having to do anything!

So I'm exactly reverting that commit, because the _only_ thing it did
was to introduce a bug in X resource handling.
2019-04-13 18:58:25 +01:00
Simon Tatham
b5597cc833 Fix indentation goof in CRC test suite.
In crypt.testCRC32(), I had intended to test every input byte with
each of several previous states, but I mis-indented what should have
been the inner loop (over bytes), with the effect that instead I
silently tested the input bytes with only the last of those states.
2019-04-12 23:41:28 +01:00
Simon Tatham
4cbb0bae65 sshsha.c: remove rogue 'got up to here' comment.
How silly :-) I use comments like that to record my progress when I'm
going over a whole source file making some mechanical change, but I
normally manage to avoid accidentally leaving them in the final
version of any commit. Remove this long-outdated one.
2019-04-11 18:21:24 +01:00
Jacob Nevins
cf91937bd6 Fix double "Network error" message on SSH/Windows.
On Windows, PuTTY using the SSH backend could emit messages like
"Network error: Network error: Software caused connection abort".

When ssh.c regained the ability to emit plug_closing error messages in
ed0104c2fe (after it disappeared in fe6caf563c), it came with an extra
"Network error:". But winnet.c already adds that prefix.

This changes it back the way it was, which is also consistent with the
other backends.
2019-04-08 23:42:37 +01:00
Simon Tatham
dfc215d0c0 Remove ASCII fallback in format_numeric_keypad_key().
TranslateKey() on Windows passed all numeric-keypad key events to this
function in terminal.c, and accepted whatever it gave back. That
included the handling for the trivial case of the numeric keypad, when
Num Lock is on and application keypad mode hasn't overridden it, so
that the keypad should be returning actual digits. In that case,
format_numeric_keypad_key() itself was returning the same ASCII
character I had passed in to it as a keypad identifier, and
TranslateKey was returning that in turn as the final translation.

Unfortunately, that means that with Num Lock on, the numeric keypad
translates into what _I_ used as the logical keypad codes inside the
source code, not what the local keyboard layout thinks are the right
codes. In particular, the key I identified as keypad '.' would render
as '.' even on a German keyboard where it ought to produce ','.

Fixed by removing the fallback case in format_numeric_keypad_key()
itself, so now it returns the empty string if it didn't produce an
escape sequence as its translation. Instead, the special case is in
window.c, which checks for a zero-length output string and handles it
by falling through to the keyboard-layout specific ToUnicode code
further down TranslateKey().

On the GTK side, no change is needed here: the GTK keyboard handler
does things in the opposite order, by trying the local input method
_first_ (unless it can see a reason up front to override it), and only
calling format_numeric_keypad_key() if that didn't provide a
translation. So the fallback ASCII translation in the latter was
already not used.
2019-04-06 10:49:26 +01:00
Simon Tatham
ce780c9b33 Add casts to silence VS warnings in GET_32BIT et al.
Visual Studio is quite aggressive about displaying warnings everywhere
that you implicitly narrow from one integer type to another, and I've
not generally felt it improves readability to add enough explicit casts
to silence the warnings. But the ones in the inline functions in misc.h
are literally two orders of magnitude more annoying than the rest,
because that file gets included in nearly every translation unit, so the
warnings come up over 100 times each. So I think these are worth fixing.
2019-04-06 10:25:27 +01:00
Simon Tatham
1bcf2a8397 Remove spurious 'return' in void method wrappers.
For some reason, only Visual Studio bothers to give a warning when you
write "return g()" inside a function f() when both f and g have void
return type.

(Of course it would be cleaner and more orthogonal if that was simply
legal C in the first place - but given that it's not, it would be nice
if more compilers let me know about it so I could fix it...)
2019-04-06 10:12:31 +01:00
Simon Tatham
77bdaa2436 Fix reentrancy bug around sshfwd_x11_sharing_handover.
When we get an incoming forwarded X11 channel over SSH, we keep it as
an upstream channel for long enough to decide from its auth data which
downstream (if any) it's destined for. Then we do a handover which
retags the channel as a sharing one, so all further SSH messages are
passed through trivially.

But the handover function is called from chan_send, which in turn is
called from the processing of the CHANNEL_DATA message that completed
the auth exchange. So after the handover finishes, we were coming back
to the standard CHANNEL_DATA processing and calling ssh2_set_window,
which tried to dereference c->chan, which has now become NULL.

Therefore, we should check for this case after calling chan_send, and
stop doing the post-send processing if we spot it, which avoids that
segfault.
2019-04-03 20:58:14 +01:00
Simon Tatham
f9e2c7b1fe Uppity: option to disallow SSH-1 compression.
With this and the ciphers, I think we've now got the full range of
SSH-1 config options (such as they are) that correspond to varying the
KEXINIT strings in SSH-2.
2019-04-01 20:17:44 +01:00
Simon Tatham
cbff2d1960 Uppity: configurable list of SSH-1 ciphers to allow. 2019-04-01 20:10:09 +01:00
Simon Tatham
bf661a7a2c Rename SSH-1 cipher constants to start "SSH1_".
They're called things like SSH_CIPHER_3DES in the SSH-1 spec, but I
don't normally let that stop me adding the disambiguating '1' in the
names I give constants inside this code base. These ones are long
overdue for some disambiguation.
2019-04-01 20:06:42 +01:00
Simon Tatham
3d8563ec9d uxpty.c: silence compiler warning about chdir().
I didn't check the error code, which for some reason didn't give me a
-Werror warning on Ubuntu 18.04, but does on 16.04.
2019-04-01 20:04:48 +01:00
Simon Tatham
2e3a1c6d69 Uppity: make a separate AuthPolicy per connection.
Despite the name, AuthPolicy in uxserver.c was also holding the state
of the current connection, including in particular how far through the
multi-step test keyboard-interactive interaction we are. But now that
Uppity can handle multiple connections in the same run, we need to
reset that state between connections. So the tree234s of acceptable
user keys now live in an AuthPolicyShared structure, and AuthPolicy
proper is a field of server_instance.
2019-04-01 09:06:12 +01:00
Simon Tatham
d5199e473f Uppity: configurable cwd for session.
All my instincts expect the shell subprocesses to start off in ~, so
it's confusing if they start off in some random PuTTY checkout
directory. So now we default to $HOME, and if I really do want the
latter, I can use the new config option to reselect '.'.
2019-04-01 09:06:12 +01:00
Simon Tatham
e93d9ff305 Uppity: clear some key environment vars in subprocesses.
My helper scripts for invoking Uppity have been manually unsetting
things like XAUTHORITY and SSH_AUTH_SOCK, to avoid accidentally
passing them through from my primary login session, so that I don't
get confused about whether agent forwarding is happening, or end up
with one DISPLAY going with a different XAUTHORITY.

Now I clear these within Uppity itself, so the wrapping script won't
have to.
2019-04-01 09:06:12 +01:00
Simon Tatham
4cd040bced uxpty.c: stop setting DISPLAY to "(null)".
In some contexts (namely pterm on a pure Wayland system, and Uppity),
seat_get_x_display() will return NULL. In that situation uxpty.c was
cheerfully passing it to dupprintf regardless, which in principle is
undefined behaviour and in practice was causing it to construct the
silly environment string "DISPLAY=(null)".

Now we handle that case by unsetenv("DISPLAY") instead.
2019-04-01 09:06:12 +01:00
Jacob Nevins
9366a1b4d8 Don't call DestroyIcon(INVALID_HANDLE_VALUE).
The Windows API documentation doesn't explicitly say this is safe, and
ea32967044 didn't take care over it.
2019-03-31 23:47:03 +01:00
Simon Tatham
efff6b874a Uppity: bring --help up to date.
I've been busily adding new options, and forgot to document them all,
which will annoy me the next time I haven't used it for a week or two
if I don't write them all up now.
2019-03-31 21:17:25 +01:00
Simon Tatham
6d7a6d47e6 Uppity: option to use a pregenerated key for RSA kex.
As and when I make this SSH server into a test suite, I'm not going to
want to wait for a gratuitous RSA key generation in every test run. So
now you can provide one in advance.

It has to be in SSH-1 format, because that's the format for which I
happen to already have internal API routines that return an RSAKey
instead of an opaque ssh_key. But since you also have to store it
without a passphrase, that doesn't really matter anyway.
2019-03-31 21:08:55 +01:00
Simon Tatham
7a49ff9ac1 sk_namelookup: fix memory leak on error exit path.
I remembered to strbuf_free(realhost) on the IPv4-only error exit path
if gethostbyname() returns failure, but not on the _default_ one if
getaddrinfo() does.
2019-03-31 11:14:13 +01:00
Simon Tatham
dd3f04ec40 Uppity: fix a really obvious use-after-free.
Oops! Fortunately, it's _only_ in Uppity. Must have written that code
in a hell of a hurry to make that goof.
2019-03-31 10:35:10 +01:00
Simon Tatham
b9db527102 Uppity: enable the des-cbc cipher.
There was no way to enable it for testing purposes at all until now.
Overriding the server KEX string to mention it doesn't help when it
was prevented from getting into the list that scan_kexinit_lists will
go through afterwards to find pointers to algorithm structures.
2019-03-31 10:35:10 +01:00
Simon Tatham
d990dfc395 Uppity: add a --listen-once option.
This modifies 'uppity --listen' so that it closes the listening socket
after the first connection comes in.
2019-03-31 10:35:10 +01:00
Simon Tatham
443ad75a81 Uppity: add a --listen mode, protected by /proc/net/tcp.
Uppity is not secure enough to listen on a TCP port as if it was a
normal SSH server. Until now, I've been using it by means of a local
proxy command, i.e. PuTTY invokes Uppity in the same way it might
invoke 'plink -nc'. This rigorously prevents any hostile user from
connecting to my utterly insecure test server, but it's a thundering
inconvenience as soon as you want to attach a debugger to the Uppity
process itself - you have to stick a gdbserver somewhere in the middle
of your already complicated shell pipeline, and then find a way to
connect back to it from a gdb in a terminal window.

So I've added an option to make Uppity listen on a TCP port in the
normal way - but it's protected using that /proc/net/tcp trick I just
added in the previous commit.
2019-03-31 10:35:10 +01:00
Simon Tatham
3b51644f2b Add a /proc/net magic authenticator.
This is a Linux-specific trick that I'm quite fond of: I've used it
before in 'agedu' and a lot of my unpublished personal scriptery.

Suppose you want to run a listening network server in such a way that
it can only accept connections from processes under your own control.
Often it's not convenient to do this by adding an authentication step
to the protocol itself (either because the password management gets
hairy or because the protocol is already well defined). The 'right'
answer is to switch from TCP to Unix-domain sockets, because then you
can use the file permissions on the path leading to the socket inode
to ensure that no other user id can connect to it - but that's often
inconvenient as well, because if any _client_ of the server is not
already prepared to speak AF_UNIX your control then you can only trick
it into connecting to an AF_UNIX socket instead of TCP by applying a
downstream patch or resorting to LD_PRELOAD shenanigans.

But on Linux, there's an alternative shenanigan available, in the form
of /proc/net/tcp (or tcp6), which lists every currently active TCP
endpoint known to the kernel, and for each one, lists an owning uid.
Listen on localhost only. Then, when a connection comes in, look up
the far end of it in that file and see if the owning uid is the right
one!

I've always vaguely wondered if there would be uses for this trick in
PuTTY. One potentially useful one might be to protect the listening
sockets created by local-to-remote port forwarding. But for the
moment, I'm only planning to use it for a less security-critical
purpose, which will appear in the next commit.
2019-03-31 10:35:10 +01:00
Simon Tatham
b5ccdebfb3 Uppity: get cipher directions the right way round!
The very first thing I tried to test with the new KEXINIT override was
to select a non-default cipher in only one of the two connection
directions. It failed because both client and server tried to send AES
and receive ChaCha20, which doesn't work very well!

The server-readiness tweaks in ssh2transport.c included a switching
system so that when we scan both KEXINITs to determine the chosen
cipher, we can change which one we think is client and which is
server. But I'd forgotten to put in a similar switch for the
structures into which we put the selected algorithms for
client->server and server->client directions. Ahem.
2019-03-31 10:35:10 +01:00
Simon Tatham
b494ecfcfc Uppity: allow CLI override of the KEXINIT strings.
This is an obviously useful test feature, since if nothing else it
will let me exercise every individual crypto primitive, even the ones
that the client-side configuration is too coarse-grained to describe
in detail (such as the difference between CBC and CTR mode versions of
the same cipher).
2019-03-31 10:35:10 +01:00
Simon Tatham
8d84272d80 uxserver: option to generate numeric "exit-signal".
This mimics a bug in some old SSH servers for which PuTTY contains
compensation code (parsing an incoming "exit-signal" two ways and
seeing which one worked). I completely rewrote that code in commit
7535f645a, as part of the BinarySource rework. Now I can finally test
it sensibly.
2019-03-31 10:35:10 +01:00
Simon Tatham
4bb1867788 uxserver.c: 'longoptnoarg' matching function.
Replaces a couple of existing strcmp, and does just slightly better
because as well as matching "--verbose" (say) it also matches
"--verbose=foo" and gives a comprehensible error message about it.
2019-03-31 10:35:10 +01:00
Simon Tatham
75fccc5d58 Pass SshServerConfig through to sesschan.c.
This will let me change the behaviour of the main session channel
based on command-line tweaks.
2019-03-31 10:35:10 +01:00
Jacob Nevins
ea32967044 Slightly nicer trust sigil on Windows.
Re-consider the icon in light of the font size, so that we pick the icon
whose size mostly closely matches the terminal font, rather than always
scaling the default icon.
2019-03-30 16:25:02 +00:00
Simon Tatham
e566972f00 Uppity: configurable SSH-2 authentication banner.
I've had to test banner handling several times recently, what with
trust sigils and the fix for CONF_ssh_show_banner. So it's the thing
I've most wanted to keep reconfiguring about Uppity so far.
2019-03-28 18:36:45 +00:00
Simon Tatham
8a884eaef9 Start of an SSH-server-specific config structure.
This is much simpler than Conf, because I don't expect to have to copy
it around, load or save it to disk (or the Windows registry), or
serialise it between processes. So it can be a straightforward struct.

As yet there's nothing actually _in_ it. I've just created the
structure and arranged to pass it through to all the SSH layers. But
now it's here, it will be a place I can add configuration items as I
find I need them.
2019-03-28 18:29:13 +00:00
Simon Tatham
4d69032d2c New utility function to read a whole disk file.
I'm going to want this in a moment for Uppity, and it seems like the
sort of thing I should put straight into utils.c now, rather than
having to move it over later when I inevitably find another use for
it.

Rather than insisting on allocating a string buffer the way fgetline
does, it reads a whole file and transfers the result into an arbitrary
BinarySink, which works out the same if you use a strbuf at the call
site, but can do other things too if that turns out useful.
2019-03-28 18:12:48 +00:00
Simon Tatham
fda1e6b71f Reinstate functionality of CONF_ssh_show_banner.
Apparently this option to not display the authentication banner got
completely lost during the breakup of the old monolithic ssh.c.
2019-03-27 22:33:45 +00:00
Simon Tatham
209dd65ead Rename term->bidi and term->arabicshaping.
Those two flags had the opposite sense to what you might expect: each
one is the value of the Conf entry corresponding to the checkbox that
_disables_ the corresponding terminal feature. So term->bidi is true
if and only if bidi is _off_.

I think that confusion of naming probably contributed to the control-
flow error fixed in the previous commit, just by increasing cognitive
load until I couldn't remember which flags were set where any more! So
now I've renamed the two fields of Terminal, and the corresponding
Conf keywords, to be called "no_bidi" and "no_arabicshaping", in line
with other 'disable this feature' flags, so that it's clear what the
sense should be.
2019-03-26 21:28:48 +00:00