Introduce a new checkbox and command-line option to inhibit use of

Pageant for local authentication. (This is a `don't use Pageant for
authentication at session startup' button rather than a `pretend
Pageant doesn't exist' button: that is, agent forwarding is
independent of this option.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@6572 cda61777-01e9-0310-a592-d414129be87e

diff --git a/cmdline.c b/cmdline.c
index 112463c..39f57bb 100644 (file)
--- a/cmdline.c
+++ b/cmdline.c
@@ -291,6 +291,19 @@ int cmdline_process_param(char *p, char *value, int need_save, Config *cfg)
        cmdline_password = value;
     }
 
        cmdline_password = value;
     }
 

+    if (!strcmp(p, "-agent") || !strcmp(p, "-pagent") ||
+       !strcmp(p, "-pageant")) {
+       RETURN(1);
+       UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
+       cfg->tryagent = TRUE;
+    }
+    if (!strcmp(p, "-noagent") || !strcmp(p, "-nopagent") ||
+       !strcmp(p, "-nopageant")) {
+       RETURN(1);
+       UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
+       cfg->tryagent = FALSE;
+    }
+

     if (!strcmp(p, "-A")) {
        RETURN(1);
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
     if (!strcmp(p, "-A")) {
        RETURN(1);
        UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);

diff --git a/config.c b/config.c
index 39da6c2..c844e05 100644 (file)
--- a/config.c
+++ b/config.c
@@ -1841,6 +1841,10 @@ void setup_config_box(struct controlbox *b, int midsession,
 
            s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
                            "Authentication methods");
 
            s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
                            "Authentication methods");

+           ctrl_checkbox(s, "Attempt authentication using Pageant", 'p',
+                         HELPCTX(ssh_auth_pageant),
+                         dlg_stdcheckbox_handler,
+                         I(offsetof(Config,tryagent)));

            ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH-1)", 'm',
                          HELPCTX(ssh_auth_tis),
                          dlg_stdcheckbox_handler,
            ctrl_checkbox(s, "Attempt TIS or CryptoCard auth (SSH-1)", 'm',
                          HELPCTX(ssh_auth_tis),
                          dlg_stdcheckbox_handler,

diff --git a/doc/config.but b/doc/config.but
index 4281f6c..d0ec32e 100644 (file)
--- a/doc/config.but
+++ b/doc/config.but
@@ -2310,6 +2310,24 @@ unwanted username prompts, you could try checking this option.
 This option only affects SSH-2 connections. SSH-1 connections always
 require an authentication step.
 
 This option only affects SSH-2 connections. SSH-1 connections always
 require an authentication step.
 

+\S{config-ssh-tryagent} \q{Attempt authentication using Pageant}
+
+\cfg{winhelp-topic}{ssh.auth.pageant}
+
+If this option is enabled, then PuTTY will look for Pageant (the SSH
+private-key storage agent) and attempt to authenticate with any
+suitable public keys Pageant currently holds.
+
+This behaviour is almost always desirable, and is therefore enabled
+by default. In rare cases you might need to turn it off in order to
+force authentication by some non-public-key method such as
+passwords.
+
+This option can also be controlled using the \c{-noagent}
+command-line option. See \k{using-cmdline-agentauth}.
+
+See \k{pageant} for more information about Pageant in general.
+

 \S{config-ssh-tis} \q{Attempt \I{TIS authentication}TIS or
 \i{CryptoCard authentication}}
 
 \S{config-ssh-tis} \q{Attempt \I{TIS authentication}TIS or
 \i{CryptoCard authentication}}
 

diff --git a/doc/pageant.but b/doc/pageant.but
index 548aa8b..f84fb64 100644 (file)
--- a/doc/pageant.but
+++ b/doc/pageant.but
@@ -42,6 +42,10 @@ automatically from Pageant, and use it to authenticate. You can now
 open as many PuTTY sessions as you like without having to type your
 passphrase again.
 
 open as many PuTTY sessions as you like without having to type your
 passphrase again.
 

+(PuTTY can be configured not to try to use Pageant, but it will try
+by default. See \k{config-ssh-tryagent} and
+\k{using-cmdline-agentauth} for more information.)
+

 When you want to shut down Pageant, click the right button on the
 Pageant icon in the System tray, and select \q{Exit} from the menu.
 Closing the Pageant main window does \e{not} shut down Pageant.
 When you want to shut down Pageant, click the right button on the
 Pageant icon in the System tray, and select \q{Exit} from the menu.
 Closing the Pageant main window does \e{not} shut down Pageant.

diff --git a/doc/using.but b/doc/using.but
index 663aa05..1aa2211 100644 (file)
--- a/doc/using.but
+++ b/doc/using.but
@@ -685,6 +685,22 @@ Note that the \c{-pw} option only works when you are using the SSH
 protocol. Due to fundamental limitations of Telnet and Rlogin, these
 protocols do not support automated password authentication.
 
 protocol. Due to fundamental limitations of Telnet and Rlogin, these
 protocols do not support automated password authentication.
 

+\S2{using-cmdline-agentauth} \i\c{-agent} and \i\c{-noagent}:
+control use of Pageant for authentication
+
+The \c{-agent} option turns on SSH authentication using Pageant, and
+\c{-noagent} turns it off. These options are only meaningful if you
+are using SSH.
+
+See \k{pageant} for general information on \i{Pageant}
+
+These options are equivalent to the agent authentication checkbox in
+the Auth panel of the PuTTY configuration box (see
+\k{config-ssh-tryagent}).
+
+These options are not available in the file transfer tools PSCP and
+PSFTP.
+

 \S2{using-cmdline-agent} \I{-A-upper}\c{-A} and \i\c{-a}: control \i{agent
 forwarding}
 
 \S2{using-cmdline-agent} \I{-A-upper}\c{-A} and \i\c{-a}: control \i{agent
 forwarding}
 

diff --git a/putty.h b/putty.h
index f173340..ae41739 100644 (file)
--- a/putty.h
+++ b/putty.h
@@ -432,6 +432,7 @@ struct config_tag {
     int ssh_kexlist[KEX_MAX];
     int ssh_rekey_time;                       /* in minutes */
     char ssh_rekey_data[16];
     int ssh_kexlist[KEX_MAX];
     int ssh_rekey_time;                       /* in minutes */
     char ssh_rekey_data[16];

+    int tryagent;

     int agentfwd;
     int change_username;              /* allow username switching in SSH-2 */
     int ssh_cipherlist[CIPHER_MAX];
     int agentfwd;
     int change_username;              /* allow username switching in SSH-2 */
     int ssh_cipherlist[CIPHER_MAX];

diff --git a/settings.c b/settings.c
index 98eefce..76d02c0 100644 (file)
--- a/settings.c
+++ b/settings.c
@@ -297,6 +297,7 @@ void save_open_settings(void *sesskey, int do_host, Config *cfg)
     write_setting_s(sesskey, "LocalUserName", cfg->localusername);
     write_setting_i(sesskey, "NoPTY", cfg->nopty);
     write_setting_i(sesskey, "Compression", cfg->compression);
     write_setting_s(sesskey, "LocalUserName", cfg->localusername);
     write_setting_i(sesskey, "NoPTY", cfg->nopty);
     write_setting_i(sesskey, "Compression", cfg->compression);

+    write_setting_i(sesskey, "TryAgent", cfg->tryagent);

     write_setting_i(sesskey, "AgentFwd", cfg->agentfwd);
     write_setting_i(sesskey, "ChangeUsername", cfg->change_username);
     wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX,
     write_setting_i(sesskey, "AgentFwd", cfg->agentfwd);
     write_setting_i(sesskey, "ChangeUsername", cfg->change_username);
     wprefs(sesskey, "Cipher", ciphernames, CIPHER_MAX,


@@ -556,6 +557,7 @@ void load_open_settings(void *sesskey, int do_host, Config *cfg)
         sizeof(cfg->localusername));
     gppi(sesskey, "NoPTY", 0, &cfg->nopty);
     gppi(sesskey, "Compression", 0, &cfg->compression);
         sizeof(cfg->localusername));
     gppi(sesskey, "NoPTY", 0, &cfg->nopty);
     gppi(sesskey, "Compression", 0, &cfg->compression);

+    gppi(sesskey, "TryAgent", 1, &cfg->tryagent);

     gppi(sesskey, "AgentFwd", 0, &cfg->agentfwd);
     gppi(sesskey, "ChangeUsername", 0, &cfg->change_username);
     gprefs(sesskey, "Cipher", "\0",
     gppi(sesskey, "AgentFwd", 0, &cfg->agentfwd);
     gppi(sesskey, "ChangeUsername", 0, &cfg->change_username);
     gprefs(sesskey, "Cipher", "\0",

diff --git a/ssh.c b/ssh.c
index 7e18388..aa619e3 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -3222,7 +3222,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen,
     while (pktin->type == SSH1_SMSG_FAILURE) {
        s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
 
     while (pktin->type == SSH1_SMSG_FAILURE) {
        s->pwpkt_type = SSH1_CMSG_AUTH_PASSWORD;
 

-       if (agent_exists() && !s->tried_agent) {
+       if (ssh->cfg.tryagent && agent_exists() && !s->tried_agent) {

            /*
             * Attempt RSA authentication using Pageant.
             */
            /*
             * Attempt RSA authentication using Pageant.
             */


@@ -6613,7 +6613,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
        s->nkeys = 0;
        s->agent_response = NULL;
        s->pkblob_in_agent = NULL;
        s->nkeys = 0;
        s->agent_response = NULL;
        s->pkblob_in_agent = NULL;

-       if (agent_exists()) {
+       if (ssh->cfg.tryagent && agent_exists() && ssh->cfg.tryagent) {

 
            void *r;
 
 
            void *r;
 

diff --git a/unix/uxplink.c b/unix/uxplink.c
index 90b151f..0e27366 100644 (file)
--- a/unix/uxplink.c
+++ b/unix/uxplink.c
@@ -628,8 +628,6 @@ int main(int argc, char **argv)
            if (!*cfg.host) {
                char *q = p;
 
            if (!*cfg.host) {
                char *q = p;
 

-                do_defaults(NULL, &cfg);
-

                /*
                 * If the hostname starts with "telnet:", set the
                 * protocol to Telnet and process the string as a
                /*
                 * If the hostname starts with "telnet:", set the
                 * protocol to Telnet and process the string as a

diff --git a/windows/winhelp.h b/windows/winhelp.h
index 750d379..40fcf72 100644 (file)
--- a/windows/winhelp.h
+++ b/windows/winhelp.h
@@ -99,6 +99,7 @@
 #define WINHELP_CTX_ssh_auth_privkey "ssh.auth.privkey"
 #define WINHELP_CTX_ssh_auth_agentfwd "ssh.auth.agentfwd"
 #define WINHELP_CTX_ssh_auth_changeuser "ssh.auth.changeuser"
 #define WINHELP_CTX_ssh_auth_privkey "ssh.auth.privkey"
 #define WINHELP_CTX_ssh_auth_agentfwd "ssh.auth.agentfwd"
 #define WINHELP_CTX_ssh_auth_changeuser "ssh.auth.changeuser"

+#define WINHELP_CTX_ssh_auth_pageant "ssh.auth.pageant"

 #define WINHELP_CTX_ssh_auth_tis "ssh.auth.tis"
 #define WINHELP_CTX_ssh_auth_ki "ssh.auth.ki"
 #define WINHELP_CTX_selection_buttons "selection.buttons"
 #define WINHELP_CTX_ssh_auth_tis "ssh.auth.tis"
 #define WINHELP_CTX_ssh_auth_ki "ssh.auth.ki"
 #define WINHELP_CTX_selection_buttons "selection.buttons"