Граф коммитов

4455 Коммитов

Автор SHA1 Сообщение Дата
Simon Tatham 1620aef7c6 MSI installer: offer to display the README file after install.
This is a thing that the Inno Setup installer did, and that I didn't
get round to replicating when I rushed out the initial MSI in a hurry.

I've checked that this doesn't prevent unattended installation by
administrators: running 'msiexec /q /i putty-whatever.msi' as
administrator still installs silently after this change, without
popping up the README unexpectedly on anyone's desktop as a side
effect.

(I _think_ - but I'm still a long way from an MSI expert - that that's
because /q turns off the whole UI part of the MSI system, and the
loading of README is actually triggered by the transition away from
the final UI dialog box, which we now never visit in the first place.)
2016-04-02 08:26:26 +01:00
Simon Tatham 8c0104ca0a MSI installer: turn the desktop icon off by default.
I rushed out the MSI in too much of a hurry to sort out this kind of
thing, but now we've got leisure to reconsider, I think it's better
behaviour not to clutter everyone's desktops unless specifically asked
to.
2016-04-02 08:26:22 +01:00
Simon Tatham 57477cb7ca Warn about short RSA/DSA keys in PuTTYgen.
It's only a warning; Windows PuTTYgen puts it up as a message box, and
will still generate the key if you click yes, and Unix PuTTYgen just
prints the warning and gets on with generation anyway. But it might
help encourage people to move away from 1024-bit keys, if they're
still using them.
2016-04-02 08:26:21 +01:00
Simon Tatham b0b5d5fbe6 Extend ACL-restriction to all Windows tools.
Protecting our processes from outside interference need not be limited
to just PuTTY: there's no reason why the other SSH-speaking tools
shouldn't have the same treatment (PSFTP, PSCP, Plink), and PuTTYgen
and Pageant which handle private key material.
2016-04-02 08:00:07 +01:00
Simon Tatham b4202c917a Fix a potential time-wraparound issue in pinger.c.
A compiler warning drew my attention to the fact that 'next' in
pinger_schedule() was an int, not the unsigned long it should have
been. And looking at the code that handles it, it was also taking no
care with integer wraparound when checking whether an existing
scheduled ping should be moved forward.

So now I do something a bit more robust, by remembering what time it
_was_ when we set pinger->next, and checking if the new time value
falls in the interval between those two times.
2016-04-02 07:51:24 +01:00
Simon Tatham 46051027fb Add a missing #include.
winshare.c uses make_private_security_descriptor(), but wasn't
including winsecur.h where it's declared.
2016-04-01 19:57:00 +01:00
Simon Tatham 7f3c956ed1 cmdgen: refuse to generate RSA/DSA keys under 256 bits.
This replicates the existing error message in Windows PuTTYgen, on the
basis that keys smaller than that will actually fail to work with our
signing code.
2016-03-30 11:41:43 +01:00
Simon Tatham 2a47ac3ac5 Cleanup: rename Windows PuTTYgen's key generation function.
It's been a generation function for keys in general for yonks, not
just RSA keys specifically.
2016-03-30 11:28:59 +01:00
Simon Tatham a22e43d3d8 Add a file of extra bignum tests.
I generated these as a by-product of using afl-fuzz on the testbn
executable. I'd hoped it would find interesting bugs in the bignum
code itself, but in fact it mostly found bugs in the parsing code in
the test main(). However, even so, it did produce a list of tests
which reach as much of the code as afl-fuzz was able to, and that
seems like a useful thing to save.

Also, of course, just having a place to put explicitly specified
bignum tests is a good thing anyway, because then we can put
regression tests on the end of it every time we fix bugs.
2016-03-30 08:45:21 +01:00
Simon Tatham 3e40566bb0 cmdgen: rescue test suite from bit rot.
cmdgen.c has contained code for ages to build a test main() if you
compile with -DTEST_CMDGEN. But it's painful to do so manually, since
you've still got to link in all the same supporting objects, and also
nobody can have actually done that for a while because the stub test
code hasn't been kept up to date with changes in the internal APIs
(specifically prompt_t).

Now we have the ability to include our test programs in Recipe as [UT]
or [XT] so as to leave them out of 'make install', that seems like a
useful thing to do with cmdgen's test suite. So here's a Recipe change
that builds it as 'cgtest', plus fixes for compiler warnings and bit
rot. Pleasantly, the test suite still _passes_ after those are fixed.
2016-03-30 08:34:14 +01:00
Simon Tatham 435b29da88 cmdgen: option to specify the random number device to use.
E.g. you might pass '--random-device=/dev/urandom'.

Mostly because I got sick of waiting for /dev/random to finish
blocking while I was trying to generate throwaway keys for testing bug
fixes in cmdgen itself. But it might also be useful on systems that
call their random device by a different name that we haven't
encountered.

(Since cmdgen also reads the saved PuTTY random seed file, setting
this option to /dev/zero will not render key generation deterministic.
It's tempting to provide _some_ way to do that, for testing purposes
and clearly marked as dangerous of course, but I think it would take
more faff than this.)
2016-03-30 08:30:40 +01:00
Simon Tatham ad87950539 Rework window geometry to avoid using geometry_widget.
Partly this is because the geometry_widget functionality is going away
in a later version of GTK3, so sooner or later we'll need not to be
using it anyway. But also, it turns out that GTK 3's geometry
calculations have the unfortunate effect of setting the window's base
and min heights to values that are not congruent mod height_increment
(because the former is the value we gave, but the latter is based on
the minimum height of the scrollbar), which confuses at least one
window manager (xfwm4) and causes the window to be created one row too
small.

So I've redone all the geometry computations my own way, based on the
knowledge that the only widgets visible in the top-level window are
the drawing area and the scrollbar and I know how both of those
behave, and taking care to keep base_height and min_height congruent
to avoid that xfwm4 bug.
2016-03-29 13:57:10 +01:00
Jacob Nevins df93419ae5 More modern examples of ports we don't have. 2016-03-28 19:18:46 +01:00
Jacob Nevins a1e622523e Remove call for help with a Windows 3 port.
I think that in fact we would not welcome this at this point in time.
2016-03-28 19:18:46 +01:00
Jacob Nevins 03cf73ac01 We will soon have Pageant for Unix. 2016-03-28 19:18:46 +01:00
Jacob Nevins 17377cfa82 Tweaks re Mac elsewhere in FAQ after bb6dd98. 2016-03-28 19:18:46 +01:00
Jacob Nevins f4713d37b8 Tweak Unix bits of FAQ after 776a31b. 2016-03-28 19:18:41 +01:00
Jacob Nevins c755999a95 Fix punctuation. 2016-03-28 17:24:23 +01:00
Simon Tatham 776a31b7da Remove the warning about Unix PuTTY being Linux-specific.
Since I've been building it on OS X recently, I think it's fair to say
it can now cope with reasonable variation in pty APIs and the like.
2016-03-27 20:25:59 +01:00
Simon Tatham 7fdcb804a8 Update Visual Studio versions in README.
VC6 is hopefully long gone, and I've recently been testing on more
up-to-date versions.
2016-03-27 20:25:09 +01:00
Simon Tatham caaaf686f5 Mention the Secure Contact Key on the Feedback page.
Both in a new section about reporting vulnerabilities, and in the
section about large attachments (since some large attachments will
surely contain confidential information from the sender).
2016-03-27 20:20:03 +01:00
Simon Tatham c5021a121b Update docs and FAQ for current DSA policy.
I think the deterministic DSA system we've been using for ages can now
be considered proven in use, not to mention the fact that RFC 6979 and
the Ed25519 spec both give variants on the same idea. So I've removed
the 'don't use DSA if you can avoid it' warning.
2016-03-27 20:10:56 +01:00
Simon Tatham 31d48da317 Decide on a position for ChaCha20-Poly1305.
Previously, due to confusion, it was placed either at the end of the
list or at the start, depending on whether the user had any saved
configuration at all. Now we get to choose a sensible place for it in
the list, and for the moment I think second place behind AES is
reasonable.
2016-03-27 20:07:53 +01:00
Simon Tatham ddb1fc15a1 Fix relative positioning between two new elements in gprefs().
It was only prepared to position a new element relative to an existing
one if the latter was specified in the saved configuration, not if the
latter was another element new to this run of gprefs(). This wasn't
deliberate at all: it was just due to me failing to update the 'seen'
bitmap in the loop adding new elements.
2016-03-27 20:06:33 +01:00
Simon Tatham 940a82fd37 Special host key warning when a better key exists.
If you're connecting to a new server and it _only_ provides host key
types you've configured to be below the warning threshold, it's OK to
give the standard askalg() message. But if you've newly demoted a host
key type and now reconnect to some server for which that type was the
best key you had cached, the askalg() wording isn't really appropriate
(it's not that the key we've settled on is the first type _supported
by the server_, it's that it's the first type _cached by us_), and
also it's potentially helpful to list the better algorithms so that
the user can pick one to cross-certify.
2016-03-27 18:20:37 +01:00
Simon Tatham 909a7af07c Fix assertion failure in host keys log message.
When Jacob introduced this message in d0d3c47a0, he was right to
assume that hostkey_algs[] and ssh->uncert_hostkeys[] were sorted in
the same order. Unfortunately, he became wrong less than an hour later
when I committed d06098622. Now we avoid making any such assumption.
2016-03-27 14:59:18 +01:00
Simon Tatham a8d466c0ea Omit the conf_launchable check in pterm Duplicate Session.
It won't return true, because pterm's use of conf is a bit nonstandard
(it doesn't really bother about the protocol field, and has no use for
either host names _or_ serial port filenames). Was affecting both
gtkapp and gtkmain based builds.
2016-03-27 14:47:51 +01:00
Jacob Nevins 031a65e44d Examples in man pages for '-fn' option.
I was confused by '-fn Monospace' not working (it needs a font size).
2016-03-27 11:33:21 +01:00
Jacob Nevins 97245ec23b Missed a host key doc cross-reference.
Also, fix a mangled sentence.
2016-03-27 10:57:25 +01:00
Jacob Nevins 6b401c7166 Fix log message about alternate host keys.
Since we got a dynamic preference order, it's been bailing out at a
random point, and listing keys we wouldn't use.
(It would still be nice to only mention keys that we'd actually use, but
that's now quite fiddly.)
2016-03-26 18:47:54 +00:00
Jacob Nevins 15386cbe92 Cross-reference all the host key docs.
And tweak some of the words a bit.
2016-03-26 17:38:49 +00:00
Simon Tatham fc77fa0b8b Support sh/csh syntax switching for Unix Pageant. 2016-03-25 16:43:59 +00:00
Simon Tatham 52746ae793 Add some missing 'const' in ssh.c arrays.
I noticed this in passing while tinkering with the hostkey_algs array:
these arrays are full of pointers-to-const, but are not also
themselves declared const, which they should have been all along.
2016-03-25 16:32:18 +00:00
Simon Tatham d06098622c Configurable preference list for SSH host key types.
Now we actually have enough of them to worry about, and especially
since some of the types we support are approved by organisations that
people might make their own decisions about whether to trust, it seems
worth having a config list for host keys the same way we have one for
kex types and ciphers.

To make room for this, I've created an SSH > Host Keys config panel,
and moved the existing host-key related configuration (manually
specified fingerprints) into there from the Kex panel.
2016-03-25 16:32:17 +00:00
Jacob Nevins 28f67586f5 Document host key cross-certification. 2016-03-25 15:43:28 +00:00
Jacob Nevins d0d3c47a08 Log when we avoid using an unknown host key.
Intended as a hint that users may want to use the "Cache new host key type"
special command.
2016-03-25 15:43:28 +00:00
Jacob Nevins de24c12e46 Logical host name: minor rewording. 2016-03-25 15:43:28 +00:00
Jacob Nevins 98e5eeedd1 Demote SSH bypass-auth option; downplay in docs.
It's too esoteric to be the first thing on the Auth panel; I've never
heard of any SSH server that supports it in the decade since I
implemented it. The only Google hits are lost souls mistakenly believing
they need it for passwordless public-key login and the like.
2016-03-25 15:43:28 +00:00
Jacob Nevins e74f19cb6f Emphasise that agent forwarding exposes all keys.
(A bit.)
2016-03-25 13:15:57 +00:00
Jacob Nevins 8b4c43d6d2 Docs: character sets are awful. 2016-03-25 13:15:51 +00:00
Jacob Nevins 4782d0db91 Cross-reference Event Log and logfile docs. 2016-03-25 13:15:43 +00:00
Simon Tatham c722b2f07f Support Ed25519 in kh2reg.py. 2016-03-25 09:58:40 +00:00
Simon Tatham 5e884cfc27 Make Makefile.gtk default to GTK 3. 2016-03-25 09:11:01 +00:00
Simon Tatham 68b1933326 Fix Makefile.gtk in the wake of the new [XT] program type.
It's not the recommended makefile any more, but it's not too hard
to keep it working for the moment.
2016-03-25 09:10:50 +00:00
Simon Tatham e30e6b0f1d Delete the old 'macosx' directory completely.
The current state of the OS X GTK port is looking more or less
plausible - it's not finished, of course, but then neither was the old
native Cocoa port. So I'm inclined to advertise it as *the* unfinished
OS X port: it's the one I intend to keep working on, and it's the one
I'd prefer people offered us help with if they're going to offer.

Hence, leaving the old macosx directory around is just confusing; that
directory is long-unmaintained, probably doesn't even compile, and its
only effect will be to mislead people into thinking it's still
relevant. I'm unilaterally deleting it; of course we can always
recover it from source control history if it's ever necessary to do
so.
2016-03-25 09:06:03 +00:00
Simon Tatham bb6dd987ee Rewrite the FAQ entry about the MacOS port. 2016-03-25 08:46:34 +00:00
Simon Tatham 906ceef0fc Fix display of ECC keys in the Windows Pageant list box.
This is an absolutely horrible piece of code, relying not only on font
metrics but also on an observed correlation between the length of a
key algorithm name and whether or not it needs a separate key size
displayed. But it'll do for the moment, and it's less effort than
writing a custom piece of Windows API code to display the list box
entries in a properly robust way :-(
2016-03-25 08:36:29 +00:00
Simon Tatham 0b42fed9bd Polish up the PuTTYgen user interface for ECC key types.
Jacob pointed out that a free-text field for entering a key size in
bits is all very well for key types where we actually _can_ generate a
key to a size of your choice, but less useful for key types where
there are only three (or one) legal values for the field, especially
if we don't _say_ what they are.

So I've revamped the UI a bit: now, in ECDSA mode, you get a dropdown
list selector showing the available elliptic curves (and they're even
named, rather than just given by bit count), and in ED25519 mode even
that disappears. The curve selector for ECDSA and the bits selector
for RSA/DSA are independent controls, so each one remembers its last
known value even while temporarily hidden in favour of the other.

The actual generation function still expects a bit count rather than
an actual curve or algorithm ID, so the easiest way to actually
arrange to populate the drop-down list was to have an array of bit
counts exposed by sshecc.c. That's a bit ugly, but there we go.

One small functional change: if you enter an absurdly low value into
the RSA/DSA bit count box (under 256), PuTTYgen used to give a warning
and reset it to 256. Now it resets it to the default key length of
2048, basically because I was touching that code anyway to change a
variable name and just couldn't bring myself to leave it in a state
where it intentionally chose such an utterly useless key size. Of
course this doesn't prevent generation of 256-bit keys if someone
still really wants one - it just means they don't get one selected as
the result of a typo.
2016-03-25 08:22:13 +00:00
Jacob Nevins cd0495bc18 Note in vt100.txt when it can be expected to work. 2016-03-24 23:46:10 +00:00
Simon Tatham 1f9df706b5 GTK 3 fake dialog action area: fix margins and spacing.
The About box is where it showed up most obviously that I'd hastily
bunged a GtkBox inside another GtkBox without considering their
margins: the 'action area' had twice the margin it should have had and
the rightmost button didn't align with the right edge of the rest of
the window contents.

Easily fixed by giving the inner hbox margin 0 (fixing the right align
and the excessive space around all the buttons), and using the
'spacing' property of GtkBox to ensure multiple buttons in it are
nicely separated without having to take care over that in the client
code that adds them.
2016-03-24 07:19:09 +00:00