simon-git: putty (main): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Fri Nov 19 19:18:05 GMT 2021 

TL;DR:
  445bcd70 Send ProxyNegotiator output even when pn->done is set.
  a864f7bb Support interactive password prompts in Telnet proxy.
  dbaaa9d1 Telnet proxy: censor the password in the log file.
  9a0b1fa3 Support interactive password prompts in HTTP proxy.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2021-11-19 19:18:05

commit 445bcd7030c1c8a90528aaf3e269e8e7e8e1b8a3
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=445bcd7030c1c8a90528aaf3e269e8e7e8e1b8a3;hp=d8ecba71b7b4186ab68bd1b5a9622a03d94a3d7b
Author: Simon Tatham <anakin at pobox.com>
Date:   Fri Nov 19 16:36:29 2021 +0000

    Send ProxyNegotiator output even when pn->done is set.
    
    This fixes the Telnet proxy, which was the only one of the proxy types
    I forgot to test when I pushed the previous patch series, and
    therefore, naturally, the one I left a bug in: if a ProxyNegotiator
    returns both some output to be transmitted _and_ the 'done' flag, we
    were forgetting to do anything with the former. So the proxy command
    was being carefully constructed by TelnetProxyNegotiator, and then
    promptly dropped on the floor by the owning ProxySocket.

 proxy/proxy.c | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

commit a864f7bb57c18b80646ac95791e960c2810f5212
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=a864f7bb57c18b80646ac95791e960c2810f5212;hp=445bcd7030c1c8a90528aaf3e269e8e7e8e1b8a3
Author: Simon Tatham <anakin at pobox.com>
Date:   Fri Nov 19 16:03:22 2021 +0000

    Support interactive password prompts in Telnet proxy.
    
    The Telnet proxy system is not a proper network protocol - we have no
    reliable way to receive communication from the proxy telling us
    whether a password is even required. However, we _do_ know (a) whether
    the keywords '%user' or '%pass' appeared in the format string stored
    in the Conf, and (b) whether we actually had a username or a password
    to substitute into them. So that's how we know whether to ask for a
    username or a password: if the format string asks for them and the
    Conf doesn't provide them, we prompt for them at startup.
    
    This involved turning TelnetProxyNegotiator into a coroutine (matching
    all the other proxy types, but previously, it was the only one simple
    enough not to need to be one), so that it can wait until a response
    arrives to that prompt. (And also, as it turned out, so that it can
    wait until setup is finished before even presenting the prompt!)
    
    It also involves having format_telnet_command grow an extra output
    parameter, in the form of 'unsigned *flags', with which it can
    communicate back to the caller that a username or password was wanted
    but not found. The other clients of that function (the local proxy
    implementations) don't use those flags, but if necessary, they could.

 proxy/proxy.h         |   5 +-
 proxy/telnet.c        | 188 ++++++++++++++++++++++++++++++++++++++++++--------
 unix/local-proxy.c    |   4 +-
 windows/local-proxy.c |   2 +-
 4 files changed, 167 insertions(+), 32 deletions(-)

commit dbaaa9d1dd0c1c24bfd138572812cfdd8218f078
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=dbaaa9d1dd0c1c24bfd138572812cfdd8218f078;hp=a864f7bb57c18b80646ac95791e960c2810f5212
Author: Simon Tatham <anakin at pobox.com>
Date:   Fri Nov 19 15:59:27 2021 +0000

    Telnet proxy: censor the password in the log file.
    
    Probably should have done this a long time ago: when we write the
    formatted command into the log file, we now base it on a version in
    which CONF_proxy_password has been reset to "*password*", to avoid
    writing the actual password (if any) into log files.

 proxy/telnet.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

commit 9a0b1fa3f6b8d850b7a603dca081ded31de2ad2f
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=9a0b1fa3f6b8d850b7a603dca081ded31de2ad2f;hp=dbaaa9d1dd0c1c24bfd138572812cfdd8218f078
Author: Simon Tatham <anakin at pobox.com>
Date:   Fri Nov 19 18:25:04 2021 +0000

    Support interactive password prompts in HTTP proxy.
    
    In HTTP proxying, we can (and do) send the username and password
    immediately in the form of HTTP Basic, if we have them in the Conf.
    But if they get rejected, or if we never sent them in the first place
    and the server won't let us in without auth, then we get back an HTTP
    407 response with a full set of headers and an error-document.
    
    Assuming the HTTP connection doesn't close after that (which in
    sensible HTTP/1.1 proxies it won't), this gives us the opportunity to
    respond by sending a second CONNECT request, containing a fresh
    username and password we just requested interactively from the user.

 proxy/http.c | 352 ++++++++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 288 insertions(+), 64 deletions(-)

More information about the tartarus-commits mailing list