mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-04-11 08:08:06 -05:00
1d323d5c80
This server is NOT SECURE! If anyone is reading this commit message, DO NOT DEPLOY IT IN A HOSTILE-FACING ENVIRONMENT! Its purpose is to speak the server end of everything PuTTY speaks on the client side, so that I can test that I haven't broken PuTTY when I reorganise its code, even things like RSA key exchange or chained auth methods which it's hard to find a server that speaks at all. (For this reason, it's declared with [UT] in the Recipe file, so that it falls into the same category as programs like testbn, which won't be installed by 'make install'.) Working title is 'Uppity', partly for 'Universal PuTTY Protocol Interaction Test Yoke', but mostly because it looks quite like the word 'PuTTY' with part of it reversed. (Apparently 'test yoke' is a very rarely used term meaning something not altogether unlike 'test harness', which is a bit of a stretch, but it'll do.) It doesn't actually _support_ everything I want yet. At the moment, it's a proof of concept only. But it has most of the machinery present, and the parts it's missing - such as chained auth methods - should be easy enough to add because I've built in the required flexibility, in the form of an AuthPolicy object which can request them if it wants to. However, the current AuthPolicy object is entirely trivial, and will let in any user with the password "weasel". (Another way in which this is not a production-ready server is that it also has no interaction with the OS's authentication system. In particular, it will not only let in any user with the same password, but it won't even change uid - it will open shells and forwardings under whatever user id you started it up as.) Currently, the program can only speak the SSH protocol on its standard I/O channels (using the new FdSocket facility), so if you want it to listen on a network port, you'll have to run it from some kind of separate listening program similar to inetd. For my own tests, I'm not even doing that: I'm just having PuTTY spawn it as a local proxy process, which also conveniently eliminates the risk of anyone hostile connecting to it. The bulk of the actual code reorganisation is already done by previous commits, so this change is _mostly_ just dropping in a new set of server-specific source files alongside the client-specific ones I created recently. The remaining changes in the shared SSH code are numerous, but all minor: - a few extra parameters to BPP and PPL constructors (e.g. 'are you in server mode?'), and pass both sets of SSH-1 protocol flags from the login to the connection layer - in server mode, unconditionally send our version string _before_ waiting for the remote one - a new hook in the SSH-1 BPP to handle enabling compression in server mode, where the message exchange works the other way round - new code in the SSH-2 BPP to do _deferred_ compression the other way round (the non-deferred version is still nicely symmetric) - in the SSH-2 transport layer, some adjustments to do key derivation either way round (swapping round the identifying letters in the various hash preimages, and making sure to list the KEXINITs in the right order) - also in the SSH-2 transport layer, an if statement that controls whether we send SERVICE_REQUEST and wait for SERVICE_ACCEPT, or vice versa - new ConnectionLayer methods for opening outgoing channels for X and agent forwardings - new functions in portfwd.c to establish listening sockets suitable for remote-to-local port forwarding (i.e. not under the direction of a Conf the way it's done on the client side).
This is the README for the source archive of PuTTY, a free Windows
and Unix Telnet and SSH client.
If you want to rebuild PuTTY from source, we provide a variety of
Makefiles and equivalents. (If you have fetched the source from
Git, you'll have to generate the Makefiles yourself -- see
below.)
There are various compile-time directives that you can use to
disable or modify certain features; it may be necessary to do this
in some environments. They are documented in `Recipe', and in
comments in many of the generated Makefiles.
For building on Windows:
- windows/Makefile.vc is for command-line builds on MS Visual C++
systems. Change into the `windows' subdirectory and type `nmake
-f Makefile.vc' to build all the PuTTY binaries.
As of 2017, we successfully compile PuTTY with both Visual Studio
7 (2003) and Visual Studio 14 (2015), so our guess is that it will
probably build with versions in between those as well.
(The binaries from Visual Studio 14 are only compatible with
Windows XP and up. Binaries from Visual Studio 7 ought to work
with anything from Windows 95 onward.)
- Inside the windows/MSVC subdirectory are MS Visual Studio project
files for doing GUI-based builds of the various PuTTY utilities.
These have been tested on Visual Studio 7 and 10.
You should be able to build each PuTTY utility by loading the
corresponding .dsp file in Visual Studio. For example,
MSVC/putty/putty.dsp builds PuTTY itself, MSVC/plink/plink.dsp
builds Plink, and so on.
- windows/Makefile.mgw is for MinGW / Cygwin installations. Type
`make -f Makefile.mgw' while in the `windows' subdirectory to
build all the PuTTY binaries.
MinGW and friends can lag behind other toolchains in their support
for the Windows API. Compile-time levers are provided to exclude
some features; the defaults are set appropriately for the
'mingw-w64' cross-compiler provided with Ubuntu 14.04. If you are
using an older toolchain, you may need to exclude more features;
alternatively, you may find that upgrading to a recent version of
the 'w32api' package helps.
- windows/Makefile.lcc is for lcc-win32. Type `make -f
Makefile.lcc' while in the `windows' subdirectory. (You will
probably need to specify COMPAT=-DNO_MULTIMON.)
- Inside the windows/DEVCPP subdirectory are Dev-C++ project
files for doing GUI-based builds of the various PuTTY utilities.
The PuTTY team actively use Makefile.vc (with VC7/10) and Makefile.mgw
(with mingw32), so we'll probably notice problems with those
toolchains fairly quickly. Please report any problems with the other
toolchains mentioned above.
For building on Unix:
- unix/configure is for Unix and GTK. If you don't have GTK, you
should still be able to build the command-line utilities (PSCP,
PSFTP, Plink, PuTTYgen) using this script. To use it, change into
the `unix' subdirectory, run `./configure' and then `make'. Or you
can do the same in the top-level directory (we provide a little
wrapper that invokes configure one level down), which is more like
a normal Unix source archive but doesn't do so well at keeping the
per-platform stuff in each platform's subdirectory; it's up to you.
- unix/Makefile.gtk and unix/Makefile.ux are for non-autoconfigured
builds. These makefiles expect you to change into the `unix'
subdirectory, then run `make -f Makefile.gtk' or `make -f
Makefile.ux' respectively. Makefile.gtk builds all the programs but
relies on Gtk, whereas Makefile.ux builds only the command-line
utilities and has no Gtk dependence.
- For the graphical utilities, any of Gtk+-1.2, Gtk+-2.0, and Gtk+-3.0
should be supported. If you have more than one installed, you can
manually specify which one you want by giving the option
'--with-gtk=N' to the configure script where N is 1, 2, or 3.
(The default is the newest available, of course.) In the absence
of any Gtk version, the configure script will automatically
construct a Makefile which builds only the command-line utilities;
you can manually create this condition by giving configure the
option '--without-gtk'.
- pterm would like to be setuid or setgid, as appropriate, to permit
it to write records of user logins to /var/run/utmp and
/var/log/wtmp. (Of course it will not use this privilege for
anything else, and in particular it will drop all privileges before
starting up complex subsystems like GTK.) By default the makefile
will not attempt to add privileges to the pterm executable at 'make
install' time, but you can ask it to do so by running configure
with the option '--enable-setuid=USER' or '--enable-setgid=GROUP'.
- The Unix Makefiles have an `install' target. Note that by default
it tries to install `man' pages; if you have fetched the source via
Git then you will need to have built these using Halibut
first - see below.
- It's also possible to build the Windows version of PuTTY to run
on Unix by using Winelib. To do this, change to the `windows'
directory and run `make -f Makefile.mgw CC=winegcc RC=wrc'.
All of the Makefiles are generated automatically from the file
`Recipe' by the Perl script `mkfiles.pl' (except for the Unix one,
which is generated by the `configure' script; mkfiles.pl only
generates the input to automake). Additions and corrections to Recipe,
mkfiles.pl and/or configure.ac are much more useful than additions and
corrections to the actual Makefiles, Makefile.am or Makefile.in.
The Unix `configure' script and its various requirements are generated
by the shell script `mkauto.sh', which requires GNU Autoconf, GNU
Automake, and Gtk; if you've got the source from Git rather
than using one of our source snapshots, you'll need to run this
yourself. The input file to Automake is generated by mkfiles.pl along
with all the rest of the makefiles, so you will need to run mkfiles.pl
and then mkauto.sh.
Documentation (in various formats including Windows Help and Unix
`man' pages) is built from the Halibut (`.but') files in the `doc'
subdirectory using `doc/Makefile'. If you aren't using one of our
source snapshots, you'll need to do this yourself. Halibut can be
found at <https://www.chiark.greenend.org.uk/~sgtatham/halibut/>.
The PuTTY home web site is
https://www.chiark.greenend.org.uk/~sgtatham/putty/
If you want to send bug reports or feature requests, please read the
Feedback section of the web site before doing so. Sending one-line
reports saying `it doesn't work' will waste your time as much as
ours.
See the file LICENCE for the licence conditions.