simon-git: putty (master): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Sat Feb 22 18:48:03 GMT 2020
TL;DR:
37d91aab uxpty.c: add a missing include.
ee456a48 Unix: allow connecting to Unix sockets by absolute path.
37f26089 Uppity: ability to listen on a Unix-domain socket.
9482f337 Give BackendVtable separate id and displayname fields.
bd16a0e1 cmdline.c: loop over backends list for '-protocol' options.
1f399bec config.c: loop over backends list for protocol selector.
91c2e6b4 Permit protocol selection in file transfer tools.
0a09c12e Pass the BackendVtable pointer to backend_init.
22b492c4 New protocol: PROT_SSHCONN, bare ssh-connection.
96f1fb94 New application: 'psusan', the PROT_SSHCONN server end.
c18e5dc8 cmdgen: add a --dump option.
Repository: https://git.tartarus.org/simon/putty.git
On the web: https://git.tartarus.org/?p=simon/putty.git
Branch updated: master
Committer: Simon Tatham <anakin at pobox.com>
Date: 2020-02-22 18:48:03
commit 37d91aabffc07c00b194623cb44010f4a95e9290
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=37d91aabffc07c00b194623cb44010f4a95e9290;hp=8d186c3c93e4bfc96012a6433253834654dc9b9a
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Feb 16 11:49:44 2020 +0000
uxpty.c: add a missing include.
This file exports several functions defined in sshserver.h, and the
declarations weren't being type-checked against the definitions.
unix/uxpty.c | 1 +
1 file changed, 1 insertion(+)
commit ee456a48ad127ddc54aa2f1d9a5cfda1a3088f5d
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=ee456a48ad127ddc54aa2f1d9a5cfda1a3088f5d;hp=37d91aabffc07c00b194623cb44010f4a95e9290
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Feb 16 16:22:17 2020 +0000
Unix: allow connecting to Unix sockets by absolute path.
Now you can type an absolute pathname (starting with '/') into the
hostname box in Unix GUI PuTTY, or into the hostname slot on the Unix
Plink command line, and the effect will be that PuTTY makes an AF_UNIX
connection to the specified Unix-domain socket in place of a TCP/IP
connection.
I don't _yet_ know of anyone running SSH on a Unix-domain socket, but
at the very least it'll be useful to me for debugging and testing, and
I'm pretty sure there will be other specialist uses sooner or later.
unix/uxnet.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
commit 37f26089faa55f2e3cff3b309b16bde684928959
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=37f26089faa55f2e3cff3b309b16bde684928959;hp=ee456a48ad127ddc54aa2f1d9a5cfda1a3088f5d
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Feb 22 15:50:44 2020 +0000
Uppity: ability to listen on a Unix-domain socket.
This will fit nicely with Unix PuTTY's ability to connect to one.
unix/uxserver.c | 33 +++++++++++++++++++++++++--------
1 file changed, 25 insertions(+), 8 deletions(-)
commit 9482f337395bad2ebec88c590f23fa536d918069
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=9482f337395bad2ebec88c590f23fa536d918069;hp=37f26089faa55f2e3cff3b309b16bde684928959
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Feb 16 11:34:40 2020 +0000
Give BackendVtable separate id and displayname fields.
The previous 'name' field was awkwardly serving both purposes: it was
a machine-readable identifier for the backend used in the saved
session format, and it was also used in error messages when Plink
wanted to complain that it didn't support a particular backend. Now
there are two separate name fields for those purposes.
putty.h | 6 +++++-
raw.c | 2 +-
rlogin.c | 2 +-
settings.c | 4 ++--
ssh.c | 2 +-
telnet.c | 2 +-
testback.c | 4 ++--
unix/uxplink.c | 4 ++--
unix/uxpty.c | 2 +-
unix/uxser.c | 2 +-
windows/winplink.c | 4 ++--
windows/winser.c | 2 +-
12 files changed, 20 insertions(+), 16 deletions(-)
commit bd16a0e1de04c79afb9c409cbacabe19825e6aaf
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=bd16a0e1de04c79afb9c409cbacabe19825e6aaf;hp=9482f337395bad2ebec88c590f23fa536d918069
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Feb 22 11:52:30 2020 +0000
cmdline.c: loop over backends list for '-protocol' options.
I'm reusing the 'id' string from each BackendVtable as the name of its
command-line option, which means I don't need to manually implement an
option for each new protocol.
cmdline.c | 56 +++++++++++++++++---------------------------------------
1 file changed, 17 insertions(+), 39 deletions(-)
commit 1f399bec58da773413e3f1c6078c330942f61831
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=1f399bec58da773413e3f1c6078c330942f61831;hp=bd16a0e1de04c79afb9c409cbacabe19825e6aaf
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Feb 22 14:00:23 2020 +0000
config.c: loop over backends list for protocol selector.
Similarly to the previous commit, this is one fewer place where I need
to make a handwritten change with each new protocol.
be_none.c | 2 ++
config.c | 43 +++++++++++++++++++++++++++----------------
putty.h | 3 ++-
sercfg.c | 33 ---------------------------------
4 files changed, 31 insertions(+), 50 deletions(-)
commit 91c2e6b4d54c2a3655bc5cde43ca2e3a8f3fc410
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=91c2e6b4d54c2a3655bc5cde43ca2e3a8f3fc410;hp=1f399bec58da773413e3f1c6078c330942f61831
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Feb 22 15:29:45 2020 +0000
Permit protocol selection in file transfer tools.
PSCP and PSFTP can only work over a protocol enough like SSH to be
able to run subsystems (or at the very least a remote command, for
old-style PSCP). Historically we've implemented this restriction by
having them not support any protocol-selection command-line options at
all, and hardwiring them to instantiating ssh_backend.
This commit regularises them to be more like the rest of the tools.
You can select a protocol using the appropriate command-line option,
provided it's a protocol in those tools' backends[] array. And the
setup code will find the BackendVtable to instantiate by the usual
method of calling backend_vt_from_proto.
Currently, this makes essentially no difference: those tools link in
be_ssh.c, which means the only supported backend is SSH. So the effect
is that now -ssh is an accepted option with no effect, instead of
being rejected. But it opens the way to add other protocols that are
SSH-like enough to run file transfer over.
be_ssh.c | 8 ++++----
cmdline.c | 2 +-
pscp.c | 12 ++++++++----
psftp.c | 12 ++++++++----
4 files changed, 21 insertions(+), 13 deletions(-)
commit 0a09c12edc8efc8cf88338fc40e89f0ac1f616b8
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=0a09c12edc8efc8cf88338fc40e89f0ac1f616b8;hp=91c2e6b4d54c2a3655bc5cde43ca2e3a8f3fc410
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Feb 16 11:43:20 2020 +0000
Pass the BackendVtable pointer to backend_init.
Now I can have multiple BackendVtable structures sharing all their
function pointers, and still tell which is which when init is setting
things up.
putty.h | 6 +++---
raw.c | 10 +++++-----
rlogin.c | 10 +++++-----
ssh.c | 10 +++++-----
telnet.c | 8 ++++----
testback.c | 26 ++++++++++++++------------
unix/uxpty.c | 9 +++++----
unix/uxser.c | 10 +++++-----
windows/winser.c | 8 ++++----
9 files changed, 50 insertions(+), 47 deletions(-)
commit 22b492c4f63473d8b56fbded39cc640178ea495b
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=22b492c4f63473d8b56fbded39cc640178ea495b;hp=0a09c12edc8efc8cf88338fc40e89f0ac1f616b8
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Feb 16 12:07:43 2020 +0000
New protocol: PROT_SSHCONN, bare ssh-connection.
This is the same protocol that PuTTY's connection sharing has been
using for years, to communicate between the downstream and upstream
PuTTYs. I'm now promoting it to be a first-class member of the
protocols list: if you have a server for it, you can select it in the
GUI or on the command line, and write out a saved session that
specifies it.
This would be completely insecure if you used it as an ordinary
network protocol, of course. Not only is it non-cryptographic and wide
open to eavesdropping and hijacking, but it's not even _authenticated_
- it begins after the userauth phase of SSH. So there isn't even the
mild security theatre of entering an easy-to-eavesdrop password, as
there is with, say, Telnet.
However, that's not what I want to use it for. My aim is to use it for
various specialist and niche purposes, all of which involve speaking
it over an 8-bit-clean data channel that is already set up, secured
and authenticated by other methods. There are lots of examples of such
channels:
- a userv(1) invocation
- the console of a UML kernel
- the stdio channels into other kinds of container, such as Docker
- the 'adb shell' channel (although it seems quite hard to run a
custom binary at the far end of that)
- a pair of pipes between PuTTY and a Cygwin helper process
- and so on.
So this protocol is intended as a convenient way to get a client at
one end of any those to run a shell session at the other end. Unlike
other approaches, it will give you all the SSH-flavoured amenities
you're already used to, like forwarding your SSH agent into the
container, or forwarding selected network ports in or out of it, or
letting it open a window on your X server, or doing SCP/SFTP style
file transfer.
Of course another way to get all those amenities would be to run an
ordinary SSH server over the same channel - but this approach avoids
having to manage a phony password or authentication key, or taking up
your CPU time with pointless crypto.
be_all.c | 1 +
be_all_s.c | 1 +
doc/config.but | 27 ++++++++++++++++++++-------
putty.h | 3 ++-
ssh.c | 33 +++++++++++++++++++++++++++++++--
ssh.h | 1 +
ssh1connection.h | 2 --
ssh2connection-client.c | 3 ++-
ssh2connection.h | 2 --
sshshare.c | 7 ++++++-
10 files changed, 64 insertions(+), 16 deletions(-)
commit 96f1fb9456255c5ce982a168b6b35ae448dfbbf4
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=96f1fb9456255c5ce982a168b6b35ae448dfbbf4;hp=22b492c4f63473d8b56fbded39cc640178ea495b
Author: Simon Tatham <anakin at pobox.com>
Date: Sun Feb 16 12:27:14 2020 +0000
New application: 'psusan', the PROT_SSHCONN server end.
In the previous commit I introduced the ability for PuTTY to talk to a
server speaking the bare ssh-connection protocol, and listed several
applications for that ability. But none of those applications is any
use without a server that speaks the same protocol. Until now, the
only such server has been the Unix-domain socket presented by an
upstream connection-sharing PuTTY - and we already had a way to
connect to that.
So here's the missing piece: by reusing code that already existed for
the testing SSH server Uppity, I've created a program that will speak
the bare ssh-connection protocol on its standard I/O channels. If you
want to get a shell session over any of the transports I mentioned in
the last commit, this is the program you need to run at the far end of
it.
I have yet to write the documentation, but just in case I forget, the
name stands for 'Pseudo Ssh for Untappable, Separately Authenticated
Networks'.
.gitignore | 1 +
Recipe | 6 +-
sshserver.c | 20 +++-
sshserver.h | 1 +
unix/uxpsusan.c | 305 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 328 insertions(+), 5 deletions(-)
commit c18e5dc8fbfd33d3544fee8977fc590339416b7e
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=c18e5dc8fbfd33d3544fee8977fc590339416b7e;hp=96f1fb9456255c5ce982a168b6b35ae448dfbbf4
Author: Simon Tatham <anakin at pobox.com>
Date: Mon Feb 17 19:53:19 2020 +0000
cmdgen: add a --dump option.
Also spelled '-O text', this takes a public or private key as input,
and produces on standard output a dump of all the actual numbers
involved in the key: the exponent and modulus for RSA, the p,q,g,y
parameters for DSA, the affine x and y coordinates of the public
elliptic curve point for ECC keys, and all the extra bits and pieces
in the private keys too.
Partly I expect this to be useful to me for debugging: I've had to
paste key files a few too many times through base64 decoders and hex
dump tools, then manually decode SSH marshalling and paste the result
into the Python REPL to get an integer object. Now I should be able to
get _straight_ to text I can paste into Python.
But also, it's a way that other applications can use the key
generator: if you need to generate, say, an RSA key in some format I
don't support (I've recently heard of an XML-based one, for example),
then you can run 'puttygen -t rsa --dump' and have it print the
elements of a freshly generated keypair on standard output, and then
all you have to do is understand the output format.
Recipe | 2 +-
cmdgen.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++---
misc.h | 3 +++
ssh.h | 22 ++++++++++++++++
sshdss.c | 18 +++++++++++++
sshecc.c | 46 +++++++++++++++++++++++++++++++++
sshpubk.c | 44 +++++++++++++++++++++++++++++++
sshrsa.c | 22 ++++++++++++++++
test/testcrypt.py | 32 ++++++++++++++++++++---
testcrypt.c | 22 ++++++++++++++++
testcrypt.h | 9 +++++++
testsc.c | 4 +++
utils.c | 24 +++++++++++++++++
13 files changed, 317 insertions(+), 8 deletions(-)
More information about the tartarus-commits
mailing list