simon-git: putty (main): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Mon Sep 13 17:36:08 BST 2021 

TL;DR:
  a08f953b sshproxy: share the caller's LogPolicy.
  6d272ee0 Allow new_connection to take an optional Seat. (NFC)
  b1d01cd3 sshproxy: borrow a Seat for host key and crypto dialogs.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2021-09-13 17:36:08

commit a08f953bd6c1a3d19e125c7958243b64a0136823
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=a08f953bd6c1a3d19e125c7958243b64a0136823;hp=a4b8ff911b4abfa1c2247c91d1507687459bab68
Author: Simon Tatham <anakin at pobox.com>
Date:   Mon Sep 13 17:17:20 2021 +0100

    sshproxy: share the caller's LogPolicy.
    
    Now new_connection() takes an optional LogPolicy * argument, and
    passes it on to the SshProxy setup. This means that SshProxy's
    implementation of the LogPolicy trait can answer queries like
    askappend() and logging_error() by passing them on to the same
    LogPolicy used by the main backend.
    
    Not all callers of new_connection have a LogPolicy, so we still have
    to fall back to the previous conservative default behaviour if
    SshProxy doesn't have a LogPolicy it can ask.
    
    The main backend implementations didn't _quite_ have access to a
    LogPolicy already, but they do have a LogContext, which has a
    LogPolicy vtable pointer inside it; so I've added a query function
    log_get_policy() which allows them to extract that pointer to pass to
    new_connection.
    
    This is the first step of fixing the non-interactivity limitations of
    SshProxy. But it's also the easiest step: the next ones will be more
    involved.

 logging.c              |  5 ++++
 network.h              | 20 +++++++++----
 noproxy.c              |  2 +-
 nosshproxy.c           |  3 +-
 otherbackends/raw.c    |  3 +-
 otherbackends/rlogin.c |  3 +-
 otherbackends/supdup.c |  3 +-
 otherbackends/telnet.c |  3 +-
 proxy.c                |  4 +--
 putty.h                |  1 +
 ssh/portfwd.c          |  3 +-
 ssh/ssh.c              |  3 +-
 ssh/x11fwd.c           |  2 +-
 sshproxy.c             | 81 ++++++++++++++++++++++++++++++--------------------
 unix/pageant.c         |  3 +-
 unix/sharing.c         |  2 +-
 16 files changed, 90 insertions(+), 51 deletions(-)

commit 6d272ee007aab95f5bedc690371ecfcdda4fd079
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=6d272ee007aab95f5bedc690371ecfcdda4fd079;hp=a08f953bd6c1a3d19e125c7958243b64a0136823
Author: Simon Tatham <anakin at pobox.com>
Date:   Mon Sep 13 17:17:20 2021 +0100

    Allow new_connection to take an optional Seat. (NFC)
    
    This is working towards allowing the subsidiary SSH connection in an
    SshProxy to share the main user-facing Seat, so as to be able to pass
    through interactive prompts.
    
    This is more difficult than the similar change with LogPolicy, because
    Seats are stateful. In particular, the trust-sigil status will need to
    be controlled by the SshProxy until it's ready to pass over control to
    the main SSH (or whatever) connection.
    
    To make this work, I've introduced a thing called a TempSeat, which is
    (yet) another Seat implementation. When a backend hands its Seat to
    new_connection(), it does it in a way that allows new_connection() to
    borrow it completely, and replace it in the main backend structure
    with a TempSeat, which acts as a temporary placeholder. If the main
    backend tries to do things like changing trust status or sending
    output, the TempSeat will buffer them; later on, when the connection
    is established, TempSeat will replay the changes into the real Seat.
    
    So, in each backend, I've made the following changes:
     - pass &foo->seat to new_connection, which may overwrite it with a
       TempSeat.
     - if it has done so (which we can tell via the is_tempseat() query
       function), then we have to free the TempSeat and reinstate our main
       Seat. The signal that we can do so is the PLUGLOG_CONNECT_SUCCESS
       notification, which indicates that SshProxy has finished all its
       connection setup work.
     - we also have to remember to free the TempSeat if our backend is
       disposed of without that having happened (e.g. because the
       connection _doesn't_ succeed).
     - in backends which have no local auth phase to worry about, ensure
       we don't call seat_set_trust_status on the main Seat _before_ it
       gets potentially replaced with a TempSeat. Moved some calls of
       seat_set_trust_status to just after new_connection(), so that now
       the initial trust status setup will go into the TempSeat (if
       appropriate) and be buffered until that seat is relinquished.
    
    In all other uses of new_connection, where we don't have a Seat
    available at all, we just pass NULL.
    
    This is NFC, because neither new_connection() nor any of its delegates
    will _actually_ do this replacement yet. We're just setting up the
    framework to enable it to do so in the next commit.

 network.h              |  19 ++-
 noproxy.c              |   2 +-
 otherbackends/raw.c    |  19 ++-
 otherbackends/rlogin.c |  13 +-
 otherbackends/supdup.c |  13 +-
 otherbackends/telnet.c |  19 ++-
 putty.h                |  25 ++++
 ssh/portfwd.c          |   2 +-
 ssh/ssh.c              |  14 +-
 ssh/x11fwd.c           |   2 +-
 unix/pageant.c         |   2 +-
 unix/sharing.c         |   2 +-
 utils/CMakeLists.txt   |   1 +
 utils/tempseat.c       | 353 +++++++++++++++++++++++++++++++++++++++++++++++++
 14 files changed, 465 insertions(+), 21 deletions(-)

commit b1d01cd3c7a499aee2e50e3b7991ff67fb998851
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=b1d01cd3c7a499aee2e50e3b7991ff67fb998851;hp=6d272ee007aab95f5bedc690371ecfcdda4fd079
Author: Simon Tatham <anakin at pobox.com>
Date:   Mon Sep 13 16:30:59 2021 +0100

    sshproxy: borrow a Seat for host key and crypto dialogs.
    
    This puts the previous commit's framework to practical use. Now the
    main new_connection() passes its Seat ** through to the SshProxy setup
    function, which (if the stars align) will actually use it: stash it,
    return a TempSeat wrapper on it for the main backend to use in the
    interim, and pass through the GUI dialog prompts for host key
    confirmation and weak-crypto warnings.
    
    This is unfinished at the UI end: those dialog prompts will now need
    to be much clearer about which SSH server they're talking to (since
    now there could be two involved), and I haven't made that change yet.
    
    I haven't attempted to deal with get_userpass_input yet, though.
    That's much harder, and I'm still working on it.

 network.h    |   2 +-
 nosshproxy.c |   2 +-
 proxy.c      |   4 +-
 sshproxy.c   | 117 ++++++++++++++++++++++++++++++++++-------------------------
 4 files changed, 71 insertions(+), 54 deletions(-)

More information about the tartarus-commits mailing list