simon-git: putty (main): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Mon Sep 13 17:36:08 BST 2021
TL;DR:
a08f953b sshproxy: share the caller's LogPolicy.
6d272ee0 Allow new_connection to take an optional Seat. (NFC)
b1d01cd3 sshproxy: borrow a Seat for host key and crypto dialogs.
Repository: https://git.tartarus.org/simon/putty.git
On the web: https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer: Simon Tatham <anakin at pobox.com>
Date: 2021-09-13 17:36:08
commit a08f953bd6c1a3d19e125c7958243b64a0136823
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=a08f953bd6c1a3d19e125c7958243b64a0136823;hp=a4b8ff911b4abfa1c2247c91d1507687459bab68
Author: Simon Tatham <anakin at pobox.com>
Date: Mon Sep 13 17:17:20 2021 +0100
sshproxy: share the caller's LogPolicy.
Now new_connection() takes an optional LogPolicy * argument, and
passes it on to the SshProxy setup. This means that SshProxy's
implementation of the LogPolicy trait can answer queries like
askappend() and logging_error() by passing them on to the same
LogPolicy used by the main backend.
Not all callers of new_connection have a LogPolicy, so we still have
to fall back to the previous conservative default behaviour if
SshProxy doesn't have a LogPolicy it can ask.
The main backend implementations didn't _quite_ have access to a
LogPolicy already, but they do have a LogContext, which has a
LogPolicy vtable pointer inside it; so I've added a query function
log_get_policy() which allows them to extract that pointer to pass to
new_connection.
This is the first step of fixing the non-interactivity limitations of
SshProxy. But it's also the easiest step: the next ones will be more
involved.
logging.c | 5 ++++
network.h | 20 +++++++++----
noproxy.c | 2 +-
nosshproxy.c | 3 +-
otherbackends/raw.c | 3 +-
otherbackends/rlogin.c | 3 +-
otherbackends/supdup.c | 3 +-
otherbackends/telnet.c | 3 +-
proxy.c | 4 +--
putty.h | 1 +
ssh/portfwd.c | 3 +-
ssh/ssh.c | 3 +-
ssh/x11fwd.c | 2 +-
sshproxy.c | 81 ++++++++++++++++++++++++++++++--------------------
unix/pageant.c | 3 +-
unix/sharing.c | 2 +-
16 files changed, 90 insertions(+), 51 deletions(-)
commit 6d272ee007aab95f5bedc690371ecfcdda4fd079
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=6d272ee007aab95f5bedc690371ecfcdda4fd079;hp=a08f953bd6c1a3d19e125c7958243b64a0136823
Author: Simon Tatham <anakin at pobox.com>
Date: Mon Sep 13 17:17:20 2021 +0100
Allow new_connection to take an optional Seat. (NFC)
This is working towards allowing the subsidiary SSH connection in an
SshProxy to share the main user-facing Seat, so as to be able to pass
through interactive prompts.
This is more difficult than the similar change with LogPolicy, because
Seats are stateful. In particular, the trust-sigil status will need to
be controlled by the SshProxy until it's ready to pass over control to
the main SSH (or whatever) connection.
To make this work, I've introduced a thing called a TempSeat, which is
(yet) another Seat implementation. When a backend hands its Seat to
new_connection(), it does it in a way that allows new_connection() to
borrow it completely, and replace it in the main backend structure
with a TempSeat, which acts as a temporary placeholder. If the main
backend tries to do things like changing trust status or sending
output, the TempSeat will buffer them; later on, when the connection
is established, TempSeat will replay the changes into the real Seat.
So, in each backend, I've made the following changes:
- pass &foo->seat to new_connection, which may overwrite it with a
TempSeat.
- if it has done so (which we can tell via the is_tempseat() query
function), then we have to free the TempSeat and reinstate our main
Seat. The signal that we can do so is the PLUGLOG_CONNECT_SUCCESS
notification, which indicates that SshProxy has finished all its
connection setup work.
- we also have to remember to free the TempSeat if our backend is
disposed of without that having happened (e.g. because the
connection _doesn't_ succeed).
- in backends which have no local auth phase to worry about, ensure
we don't call seat_set_trust_status on the main Seat _before_ it
gets potentially replaced with a TempSeat. Moved some calls of
seat_set_trust_status to just after new_connection(), so that now
the initial trust status setup will go into the TempSeat (if
appropriate) and be buffered until that seat is relinquished.
In all other uses of new_connection, where we don't have a Seat
available at all, we just pass NULL.
This is NFC, because neither new_connection() nor any of its delegates
will _actually_ do this replacement yet. We're just setting up the
framework to enable it to do so in the next commit.
network.h | 19 ++-
noproxy.c | 2 +-
otherbackends/raw.c | 19 ++-
otherbackends/rlogin.c | 13 +-
otherbackends/supdup.c | 13 +-
otherbackends/telnet.c | 19 ++-
putty.h | 25 ++++
ssh/portfwd.c | 2 +-
ssh/ssh.c | 14 +-
ssh/x11fwd.c | 2 +-
unix/pageant.c | 2 +-
unix/sharing.c | 2 +-
utils/CMakeLists.txt | 1 +
utils/tempseat.c | 353 +++++++++++++++++++++++++++++++++++++++++++++++++
14 files changed, 465 insertions(+), 21 deletions(-)
commit b1d01cd3c7a499aee2e50e3b7991ff67fb998851
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=b1d01cd3c7a499aee2e50e3b7991ff67fb998851;hp=6d272ee007aab95f5bedc690371ecfcdda4fd079
Author: Simon Tatham <anakin at pobox.com>
Date: Mon Sep 13 16:30:59 2021 +0100
sshproxy: borrow a Seat for host key and crypto dialogs.
This puts the previous commit's framework to practical use. Now the
main new_connection() passes its Seat ** through to the SshProxy setup
function, which (if the stars align) will actually use it: stash it,
return a TempSeat wrapper on it for the main backend to use in the
interim, and pass through the GUI dialog prompts for host key
confirmation and weak-crypto warnings.
This is unfinished at the UI end: those dialog prompts will now need
to be much clearer about which SSH server they're talking to (since
now there could be two involved), and I haven't made that change yet.
I haven't attempted to deal with get_userpass_input yet, though.
That's much harder, and I'm still working on it.
network.h | 2 +-
nosshproxy.c | 2 +-
proxy.c | 4 +-
sshproxy.c | 117 ++++++++++++++++++++++++++++++++++-------------------------
4 files changed, 71 insertions(+), 54 deletions(-)
More information about the tartarus-commits
mailing list