mode ever failed to do this, and only Plink actually had a problem
with it, so this didn't become obvious for a while. rlogin mode is
fixed, and all implementations of from_backend() now contain an
assertion so that we should spot errors of this type more quickly in
future.
[originally from svn r1571]
of scp.c, psftp.c and plink.c into it. Additionally, add `batch
mode', in which all the interactive prompts (bad host key, log file
exists, insecure cipher, password prompt) are disabled and safe
responses are assumed. (The idea being that if you run PSCP, for
example, in a cron job then you'd probably rather it failed and
exited instead of leaving the cron job wedged while it waits for
user input that will never arrive.)
[originally from svn r1525]
sick of recompiling to enable packet dumps. SSH packet dumping is
now provided as a logging option, and dumps to putty.log like all
the other logging options. While I'm at it I cleaned up the format
so that packet types are translated into strings for easy browsing.
POSSIBLE SIDE EFFECT: in the course of this work I had to re-enable
the SSH1 packet length checks which it turns out hadn't actually
been active for some time, so it's possible things might break as a
result. If need be I can always disable those checks for the 0.52
release and think about it more carefully later.
[originally from svn r1493]
to report command failures is now gone; instead each sftp_cmd_*
routine returns 0 or 1 depending on success, like they should have
done right from the start. This fixes problems with `ls' prematurely
terminating PSFTP batch files.
[originally from svn r1481]
command-line state but all commands are disallowed except `open
host.name'. The idea is to provide marginal extra niceness for
people who double-click the icon without realising it's a cmdline app.
[originally from svn r1480]
now a passphrase-keyed MAC covering _all_ important data in the
file, including the public blob and the key comment. Should
conclusively scupper any attacks based on nobbling the key file in
an attempt to sucker the machine that decrypts it. MACing the
comment field also protects against a key-substitution attack (if
someone's worked out a way past our DSA protections and can extract
the private key from a signature, swapping key files and
substituting comments might just enable them to get the signature
they need to do this. Paranoid, but might as well).
[originally from svn r1413]
`put', it makes more sense to pick the _basename_ of the source
rather than use the whole path - particularly when the latter might
cause us to try to use a DOS pathname like `f:\stuff' in a Unix (or
worse, such as VMS!) file system.
[originally from svn r1265]
Partly because that's a good idea _anyway_, and partly because it
seems to be causing trouble. (Specifically, their pathetic attempt
to emulate plink's proper select handling seems to get confused when
the back end tries to open a local listening socket.)
[originally from svn r1264]
can't start the sftp subsystem. This should enable convenient sftp
access to SSH1-only systems: all the admin needs is to install
sftp-server in the right place.
[originally from svn r1228]
malicious SCP server could have written to areas other than the ones
the user requested; cleared up buffer overruns everywhere. Hopefully
we now do not use arbitrary buffer limits _anywhere_.
[originally from svn r1205]
by me to make the drag list behaviour slightly more intuitive.
WARNING: DO NOT LOOK AT pl_itemfrompt() IF YOU ARE SQUEAMISH.
[originally from svn r1199]
by ceasing to listen on input channels if the corresponding output
channel isn't accepting data. Has had basic check-I-didn't-actually-
break-anything-too-badly testing, but hasn't been genuinely tested
in stress conditions (because concocting stress conditions is non-
trivial).
[originally from svn r1198]
host-key-changed prompt: update-cache-and-connect, connect-without-
updating-cache, and abandon-connection. (Previously the middle one
was missing.)
[originally from svn r1122]
behaviour of FXP_REALPATH. (Specifically, BSD and GNU realpath(3)
disagree over whether to return success when computing the realpath
for a putative new file to be created in a valid directory. There's
no way we can tell from (say) the OpenSSH version string because
OpenSSH might have been compiled to use the local realpath _or_ its
own nonbroken one.)
[originally from svn r953]
Simon Tatham