X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/055817455466c8eb60392f30bb7c689763962e17..edd0cb8aef57080ae884e06731a7892ca8cdba44:/putty.h diff --git a/putty.h b/putty.h index 6f62afef..1a2d7ecd 100644 --- a/putty.h +++ b/putty.h @@ -27,6 +27,15 @@ typedef struct terminal_tag Terminal; #include "network.h" #include "misc.h" +/* + * Fingerprints of the PGP master keys that can be used to establish a trust + * path between an executable and other files. + */ +#define PGP_RSA_MASTER_KEY_FP \ + "8F 15 97 DA 25 30 AB 0D 88 D1 92 54 11 CF 0C 4C" +#define PGP_DSA_MASTER_KEY_FP \ + "313C 3E76 4B74 C2C5 F2AE 83A8 4F5E 6DF5 6A93 B34E" + /* Three attribute types: * The ATTRs (normal attributes) are stored with the characters in * the main display arrays @@ -245,13 +254,14 @@ enum { enum { /* - * SSH ciphers (both SSH1 and SSH2) + * SSH ciphers (both SSH-1 and SSH-2) */ CIPHER_WARN, /* pseudo 'cipher' */ CIPHER_3DES, CIPHER_BLOWFISH, - CIPHER_AES, /* (SSH 2 only) */ + CIPHER_AES, /* (SSH-2 only) */ CIPHER_DES, + CIPHER_ARCFOUR, CIPHER_MAX /* no. ciphers (inc warn) */ }; @@ -314,6 +324,8 @@ enum { FUNKY_SCO }; +extern const char *const ttymodes[]; + enum { /* * Network address types. Used for specifying choice of IPv4/v6 @@ -341,6 +353,8 @@ struct backend_tag { const struct telnet_special *(*get_specials) (void *handle); Socket(*socket) (void *handle); int (*exitcode) (void *handle); + /* If back->sendok() returns FALSE, data sent to it from the frontend + * may be lost. */ int (*sendok) (void *handle); int (*ldisc) (void *handle, int); void (*provide_ldisc) (void *handle, void *ldisc); @@ -415,11 +429,12 @@ struct config_tag { int ssh_rekey_time; /* in minutes */ char ssh_rekey_data[16]; int agentfwd; - int change_username; /* allow username switching in SSH2 */ + int change_username; /* allow username switching in SSH-2 */ int ssh_cipherlist[CIPHER_MAX]; Filename keyfile; int sshprot; /* use v1 or v2 when both available */ - int ssh2_des_cbc; /* "des-cbc" nonstandard SSH2 cipher */ + int ssh2_des_cbc; /* "des-cbc" unrecommended SSH-2 cipher */ + int ssh_no_userauth; /* bypass "ssh-userauth" (SSH-2 only) */ int try_tis_auth; int try_ki_auth; int ssh_subsys; /* run a subsystem rather than a command */ @@ -428,6 +443,7 @@ struct config_tag { /* Telnet options */ char termtype[32]; char termspeed[32]; + char ttymodes[768]; /* MODE\tVvalue\0MODE\tA\0\0 */ char environmt[1024]; /* VAR\tvalue\0VAR\tvalue\0\0 */ char username[100]; char localusername[100]; @@ -516,6 +532,7 @@ struct config_tag { /* translations */ int vtmode; char line_codepage[128]; + int cjk_ambig_wide; int utf8_override; int xlat_capslockcyr; /* X11 forwarding */ @@ -524,7 +541,7 @@ struct config_tag { int x11_auth; /* port forwarding */ int lport_acceptall; /* accept conns from hosts other than localhost */ - int rport_acceptall; /* same for remote forwarded ports (SSH2 only) */ + int rport_acceptall; /* same for remote forwarded ports (SSH-2 only) */ /* * The port forwarding string contains a number of * NUL-terminated substrings, terminated in turn by an empty @@ -540,7 +557,7 @@ struct config_tag { /* SSH bug compatibility modes */ int sshbug_ignore1, sshbug_plainpw1, sshbug_rsa1, sshbug_hmac2, sshbug_derivekey2, sshbug_rsapad2, - sshbug_pksessid2; + sshbug_pksessid2, sshbug_rekey2; /* Options for pterm. Should split out into platform-dependent part. */ int stamp_utmp; int login_shell; @@ -595,7 +612,53 @@ GLOBAL int loaded_session; struct RSAKey; /* be a little careful of scope */ /* - * Exports from window.c. + * Mechanism for getting text strings such as usernames and passwords + * from the front-end. + * The fields are mostly modelled after SSH's keyboard-interactive auth. + * FIXME We should probably mandate a character set/encoding (probably UTF-8). + * + * Since many of the pieces of text involved may be chosen by the server, + * the caller must take care to ensure that the server can't spoof locally- + * generated prompts such as key passphrase prompts. Some ground rules: + * - If the front-end needs to truncate a string, it should lop off the + * end. + * - The front-end should filter out any dangerous characters and + * generally not trust the strings. (But \n is required to behave + * vaguely sensibly, at least in `instruction', and ideally in + * `prompt[]' too.) + */ +typedef struct { + char *prompt; + int echo; + char *result; /* allocated/freed by caller */ + size_t result_len; +} prompt_t; +typedef struct { + /* + * Indicates whether the information entered is to be used locally + * (for instance a key passphrase prompt), or is destined for the wire. + * This is a hint only; the front-end is at liberty not to use this + * information (so the caller should ensure that the supplied text is + * sufficient). + */ + int to_server; + char *name; /* Short description, perhaps for dialog box title */ + int name_reqd; /* Display of `name' required or optional? */ + char *instruction; /* Long description, maybe with embedded newlines */ + int instr_reqd; /* Display of `instruction' required or optional? */ + size_t n_prompts; + prompt_t **prompts; + void *frontend; + void *data; /* slot for housekeeping data, managed by + * get_userpass_input(); initially NULL */ +} prompts_t; +prompts_t *new_prompts(void *frontend); +void add_prompt(prompts_t *p, char *promptstr, int echo, size_t len); +/* Burn the evidence. (Assumes _all_ strings want free()ing.) */ +void free_prompts(prompts_t *p); + +/* + * Exports from the front end. */ void request_resize(void *frontend, int, int); void do_text(Context, int, int, wchar_t *, int, unsigned long, int); @@ -635,7 +698,17 @@ void ldisc_update(void *frontend, int echo, int edit); * shutdown. */ void update_specials_menu(void *frontend); int from_backend(void *frontend, int is_stderr, const char *data, int len); +int from_backend_untrusted(void *frontend, const char *data, int len); void notify_remote_exit(void *frontend); +/* Get a sensible value for a tty mode. NULL return = don't set. + * Otherwise, returned value should be freed by caller. */ +char *get_ttymode(void *frontend, const char *mode); +/* + * >0 = `got all results, carry on' + * 0 = `user cancelled' (FIXME distinguish "give up entirely" and "next auth"?) + * <0 = `please call back later with more in/inlen' + */ +int get_userpass_input(prompts_t *p, unsigned char *in, int inlen); #define OPTIMISE_IS_SCROLL 1 void set_iconic(void *frontend, int iconic); @@ -647,6 +720,16 @@ int is_iconic(void *frontend); void get_window_pos(void *frontend, int *x, int *y); void get_window_pixels(void *frontend, int *x, int *y); char *get_window_title(void *frontend, int icon); +/* Hint from backend to frontend about time-consuming operations. + * Initial state is assumed to be BUSY_NOT. */ +enum { + BUSY_NOT, /* Not busy, all user interaction OK */ + BUSY_WAITING, /* Waiting for something; local event loops still running + so some local interaction (e.g. menus) OK, but network + stuff is suspended */ + BUSY_CPU /* Locally busy (e.g. crypto); user interaction suspended */ +}; +void set_busy_status(void *frontend, int status); void cleanup_exit(int); @@ -715,11 +798,15 @@ void term_copyall(Terminal *); void term_reconfig(Terminal *, Config *); void term_seen_key_event(Terminal *); int term_data(Terminal *, int is_stderr, const char *data, int len); +int term_data_untrusted(Terminal *, const char *data, int len); void term_provide_resize_fn(Terminal *term, void (*resize_fn)(void *, int, int), void *resize_ctx); void term_provide_logctx(Terminal *term, void *logctx); void term_set_focus(Terminal *term, int has_focus); +char *term_get_ttymode(Terminal *term, const char *mode); +int term_get_userpass_input(Terminal *term, prompts_t *p, + unsigned char *in, int inlen); /* * Exports from logging.c. @@ -769,14 +856,8 @@ extern Backend rlogin_backend; extern Backend telnet_backend; /* - * Exports from ssh.c. (NB the getline variables have to be GLOBAL - * so that PuTTYtel will still compile - otherwise it would depend - * on ssh.c.) + * Exports from ssh.c. */ - -GLOBAL int (*ssh_get_line) (const char *prompt, char *str, int maxlen, - int is_pw); -GLOBAL int ssh_getline_pw_only; extern Backend ssh_backend; /* @@ -848,8 +929,10 @@ void get_unitab(int codepage, wchar_t * unitab, int ftype); /* * Exports from wcwidth.c */ -int wcwidth(wchar_t ucs); -int wcswidth(const wchar_t *pwcs, size_t n); +int mk_wcwidth(wchar_t ucs); +int mk_wcswidth(const wchar_t *pwcs, size_t n); +int mk_wcwidth_cjk(wchar_t ucs); +int mk_wcswidth_cjk(const wchar_t *pwcs, size_t n); /* * Exports from mscrypto.c @@ -883,20 +966,47 @@ int wc_match(const char *wildcard, const char *target); int wc_unescape(char *output, const char *wildcard); /* - * Exports from windlg.c + * Exports from frontend (windlg.c etc) */ void logevent(void *frontend, const char *); -void verify_ssh_host_key(void *frontend, char *host, int port, char *keytype, - char *keystr, char *fingerprint); -void askalg(void *frontend, const char *algtype, const char *algname); -int askappend(void *frontend, Filename filename); +void pgp_fingerprints(void); +/* + * verify_ssh_host_key() can return one of three values: + * + * - +1 means `key was OK' (either already known or the user just + * approved it) `so continue with the connection' + * + * - 0 means `key was not OK, abandon the connection' + * + * - -1 means `I've initiated enquiries, please wait to be called + * back via the provided function with a result that's either 0 + * or +1'. + */ +int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype, + char *keystr, char *fingerprint, + void (*callback)(void *ctx, int result), void *ctx); +/* + * askalg has the same set of return values as verify_ssh_host_key. + */ +int askalg(void *frontend, const char *algtype, const char *algname, + void (*callback)(void *ctx, int result), void *ctx); +/* + * askappend can return four values: + * + * - 2 means overwrite the log file + * - 1 means append to the log file + * - 0 means cancel logging for this session + * - -1 means please wait. + */ +int askappend(void *frontend, Filename filename, + void (*callback)(void *ctx, int result), void *ctx); /* - * Exports from console.c (that aren't equivalents to things in - * windlg.c). + * Exports from console frontends (wincons.c, uxcons.c) + * that aren't equivalents to things in windlg.c et al. */ extern int console_batch_mode; -int console_get_line(const char *prompt, char *str, int maxlen, int is_pw); +int console_get_userpass_input(prompts_t *p, unsigned char *in, int inlen); void console_provide_logctx(void *logctx); int is_interactive(void); @@ -920,7 +1030,7 @@ void printer_finish_job(printer_job *); int cmdline_process_param(char *, char *, int, Config *); void cmdline_run_saved(Config *); void cmdline_cleanup(void); -extern char *cmdline_password; +int cmdline_get_passwd_input(prompts_t *p, unsigned char *in, int inlen); #define TOOLTYPE_FILETRANSFER 1 #define TOOLTYPE_NONNETWORK 2 extern int cmdline_tooltype; @@ -931,8 +1041,8 @@ void cmdline_error(char *, ...); * Exports from config.c. */ struct controlbox; -void setup_config_box(struct controlbox *b, struct sesslist *sesslist, - int midsession, int protocol, int protcfginfo); +void setup_config_box(struct controlbox *b, int midsession, + int protocol, int protcfginfo); /* * Exports from minibidi.c. @@ -993,6 +1103,67 @@ char *get_random_data(int bytes); /* used in cmdgen.c */ * notifies the front end that a new timer has been added to the * list which is sooner than any existing ones. It provides the * time when that timer needs to go off. + * + * *** FRONT END IMPLEMENTORS NOTE: + * + * There's an important subtlety in the front-end implementation of + * the timer interface. When a front end is given a `next' value, + * either returned from run_timers() or via timer_change_notify(), + * it should ensure that it really passes _that value_ as the `now' + * parameter to its next run_timers call. It should _not_ simply + * call GETTICKCOUNT() to get the `now' parameter when invoking + * run_timers(). + * + * The reason for this is that an OS's system clock might not agree + * exactly with the timing mechanisms it supplies to wait for a + * given interval. I'll illustrate this by the simple example of + * Unix Plink, which uses timeouts to select() in a way which for + * these purposes can simply be considered to be a wait() function. + * Suppose, for the sake of argument, that this wait() function + * tends to return early by 1%. Then a possible sequence of actions + * is: + * + * - run_timers() tells the front end that the next timer firing + * is 10000ms from now. + * - Front end calls wait(10000ms), but according to + * GETTICKCOUNT() it has only waited for 9900ms. + * - Front end calls run_timers() again, passing time T-100ms as + * `now'. + * - run_timers() does nothing, and says the next timer firing is + * still 100ms from now. + * - Front end calls wait(100ms), which only waits for 99ms. + * - Front end calls run_timers() yet again, passing time T-1ms. + * - run_timers() says there's still 1ms to wait. + * - Front end calls wait(1ms). + * + * If you're _lucky_ at this point, wait(1ms) will actually wait + * for 1ms and you'll only have woken the program up three times. + * If you're unlucky, wait(1ms) might do nothing at all due to + * being below some minimum threshold, and you might find your + * program spends the whole of the last millisecond tight-looping + * between wait() and run_timers(). + * + * Instead, what you should do is to _save_ the precise `next' + * value provided by run_timers() or via timer_change_notify(), and + * use that precise value as the input to the next run_timers() + * call. So: + * + * - run_timers() tells the front end that the next timer firing + * is at time T, 10000ms from now. + * - Front end calls wait(10000ms). + * - Front end then immediately calls run_timers() and passes it + * time T, without stopping to check GETTICKCOUNT() at all. + * + * This guarantees that the program wakes up only as many times as + * there are actual timer actions to be taken, and that the timing + * mechanism will never send it into a tight loop. + * + * (It does also mean that the timer action in the above example + * will occur 100ms early, but this is not generally critical. And + * the hypothetical 1% error in wait() will be partially corrected + * for anyway when, _after_ run_timers() returns, you call + * GETTICKCOUNT() and compare the result with the returned `next' + * value to find out how long you have to make your next wait().) */ typedef void (*timer_fn_t)(void *ctx, long now); long schedule_timer(int ticks, timer_fn_t fn, void *ctx);