simon-git: putty (master): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Thu Dec 6 18:49:33 GMT 2018 

TL;DR:
  6002b272 Retain permitted methods list in userauth layer state.
  c99d37a7 Avoid hanging on GSSAPI acquire_cred failure.
  2cdff46d Remove the old in_commasep_string system.
  50b94484 Makefile.clangcl: move $(CCTARGET) out of $(CC).

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: master
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2018-12-06 18:49:33

commit 6002b272f4c89db7f0d10678d6ba6d84bd9a8f40
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=6002b272f4c89db7f0d10678d6ba6d84bd9a8f40;hp=66b776ae6e177049486676b404b7ffdae3756768
Author: Simon Tatham <anakin at pobox.com>
Date:   Thu Dec 6 18:06:15 2018 +0000

    Retain permitted methods list in userauth layer state.
    
    There are situations - or _should_ be, at any rate - in which we
    terminate a userauth attempt without having received a
    USERAUTH_FAILURE from the server, which means that we can't depend on
    always starting a userauth loop iteration by extracting the server's
    list of permitted methods from the current failure message. If there
    isn't a current failure message, the best we can do is remember the
    state from last time.
    
    That's already what we do for actually deciding which methods to
    attempt (we set s->can_foo from the methods string). But we should
    also keep the full original version of the string, for use in error
    message.

 ssh2userauth.c | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

commit c99d37a7febb1bf6fc3785edfa4a386df0f2c0b2
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=c99d37a7febb1bf6fc3785edfa4a386df0f2c0b2;hp=6002b272f4c89db7f0d10678d6ba6d84bd9a8f40
Author: Simon Tatham <anakin at pobox.com>
Date:   Thu Dec 6 18:08:56 2018 +0000

    Avoid hanging on GSSAPI acquire_cred failure.
    
    If GSSAPI authentication fails because we call the GSS acquire_cred
    function on the client side and find it doesn't give us anything
    useful, then that authentication attempt has to terminate - but since
    _we_ decided to terminate it, on the client side, the server will be
    sending us neither a formal USERAUTH_FAILURE nor any other kind of
    packet.
    
    So when we go back round to the top of the auth loop, we have to avoid
    _either_ assuming we're sitting on a USERAUTH_FAILURE we can parse for
    its method list, _or_ waiting to receive one. Instead we just have to
    push on and try the next auth method in the list from the last
    USERAUTH_FAILURE we did see.
    
    Hence, a new flag lets us suppress the usual behaviour of waiting
    until we have a response packet on the queue, and then all references
    to pktin after that are tested for NULL.

 ssh2userauth.c | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

commit 2cdff46d9803ee7186607562567f177375e66c31
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=2cdff46d9803ee7186607562567f177375e66c31;hp=c99d37a7febb1bf6fc3785edfa4a386df0f2c0b2
Author: Simon Tatham <anakin at pobox.com>
Date:   Thu Dec 6 18:35:27 2018 +0000

    Remove the old in_commasep_string system.
    
    It's just silly to have _two_ systems for traversing a string of
    comma-separated protocol ids. I think the new get_commasep_word
    technique for looping over the elements of a string is simpler and
    more general than the old membership-testing approach, and also it's
    necessary for the modern KEX untangling system (which has to be able
    to loop over one string, even if it used a membership test to check
    things in the other). So this commit rewrites the two remaining uses
    of in_commasep_string to use get_commasep_word instead, and deletes
    the former.

 ssh.h           |  3 ---
 ssh2transport.c | 13 ++++++++-----
 ssh2userauth.c  | 46 ++++++++++++++++++++++++++++------------------
 sshcommon.c     | 39 ---------------------------------------
 4 files changed, 36 insertions(+), 65 deletions(-)

commit 50b9448450b924d71b6637daa5de3351d283effb
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=50b9448450b924d71b6637daa5de3351d283effb;hp=2cdff46d9803ee7186607562567f177375e66c31
Author: Simon Tatham <anakin at pobox.com>
Date:   Thu Dec 6 18:41:30 2018 +0000

    Makefile.clangcl: move $(CCTARGET) out of $(CC).
    
    Now $(CC) is defined to be nothing but the name of the clang-cl binary
    itself, which makes it easier to drop in a different one for a special
    purpose.
    
    (I tried to use this for static analysis recently - unsuccessfully, as
    yet, but I think this change will make anything else along the same
    lines easier as well.)

 mkfiles.pl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

More information about the tartarus-commits mailing list