Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rsa cert2 #1

Open
wants to merge 610 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
Show all changes
610 commits
Select commit Hold shift + click to select a range
452114c
New memory management macro 'snew_plus'.
sgtatham Jun 6, 2018
61a972c
Make share_got_pkt_from_server take a const pointer.
sgtatham Jun 6, 2018
ce6c65a
Separate Packet into two structures.
sgtatham Jun 5, 2018
bf3c9df
Remove body and length fields from PktIn.
sgtatham Jun 6, 2018
ea04bf3
Remove data and maxlen fields from PktIn.
sgtatham Jun 5, 2018
8c4680a
Replace PktOut body pointer with a prefix length.
sgtatham Jun 6, 2018
eb5bc31
Make PktIn contain its own PacketQueueNode.
sgtatham Jun 5, 2018
0df6303
Fix a valgrind error.
sgtatham Jun 6, 2018
be6fed1
Further void * / const fixes.
sgtatham Jun 8, 2018
734ada9
gdb.py: add a 'memdump' command.
sgtatham Jun 9, 2018
72c2b70
Make logblank_t a typedef.
sgtatham Jun 9, 2018
8b98fea
New BinarySink function 'put_padding'.
sgtatham Jun 9, 2018
ba75712
Move some ssh.c declarations into header files.
sgtatham Jun 9, 2018
9e3522a
Use a bufchain for outgoing SSH wire data.
sgtatham Jun 9, 2018
679fa90
Move binary packet protocols and censoring out of ssh.c.
sgtatham Jun 9, 2018
93afcf0
Remove the SSH-1 variadic send_packet() system.
sgtatham Jun 9, 2018
281d317
Make put_padding() have a consistent argument order.
sgtatham Jun 13, 2018
ba5e56c
Add a missing check of outgoing_data.
sgtatham Jun 13, 2018
d4304f1
Fix cut and paste goof in SSH-2 compression support.
sgtatham Jun 15, 2018
20e8fde
Stop saying we'll try compression later, if it is later.
sgtatham Jun 16, 2018
fecd428
winpgnt.c: put all file-mapping code in one function.
sgtatham Jul 8, 2018
ac51a71
winpgnt.c: handle arbitrarily large file mappings.
sgtatham Jul 8, 2018
98528db
Raise AGENT_MAX_MSGLEN to 256Kb.
sgtatham Jul 8, 2018
daa086f
winpgnt.c: fix an outdated error message.
sgtatham Jul 9, 2018
d4abff5
Reinstate calls to ssh_free_pktout!
sgtatham Jul 9, 2018
445fa12
Fix duplicate packets in CBC mode.
sgtatham Jul 10, 2018
bcb94f9
Make compression functions return void.
sgtatham Jul 10, 2018
20a9bd5
Move password-packet padding into the BPP module.
sgtatham Jul 9, 2018
9f6b59f
Fix platform field in Windows on Arm installers.
sgtatham Aug 16, 2018
6c924ba
GPG key rollover.
sgtatham Aug 25, 2018
566d482
testback.c: add some missing 'const'.
sgtatham Sep 12, 2018
e72e8eb
Expose the Ldisc structure tag throughout the code.
sgtatham Sep 11, 2018
3814a5c
Make 'LogContext' a typedef visible throughout the code.
sgtatham Sep 11, 2018
c51fe7c
Pass the Ssh structure to portfwd.c with a tag.
sgtatham Sep 11, 2018
eefebaa
Turn Backend into a sensible classoid.
sgtatham Sep 11, 2018
8dfb2a1
Introduce a typedef for frontend handles.
sgtatham Sep 12, 2018
6a8b9d3
Replace enum+union of local channel types with a vtable.
sgtatham Sep 12, 2018
08b43c0
Expose structure tags for the connection-sharing data types.
sgtatham Sep 13, 2018
fc375c0
Remove some redundant utility macros.
sgtatham Sep 13, 2018
3aae1f9
Expose the structure tag 'dlgparam'.
sgtatham Sep 13, 2018
65b65bb
Expose the structure tag 'crcda_ctx'.
sgtatham Sep 13, 2018
6c5cc49
Turn SSH-1 ciphers into a classoid.
sgtatham Sep 13, 2018
229af2b
Turn SSH-2 ciphers into a classoid.
sgtatham Sep 13, 2018
853bd8b
Turn SSH-2 MACs into a classoid.
sgtatham Sep 13, 2018
4f9a90f
Turn SSH hashes into a classoid.
sgtatham Sep 13, 2018
9738e04
Clean up a couple of consts and char pointers.
sgtatham Sep 13, 2018
7efa4a5
Clean up a 'void *' in a unix.h typedef.
sgtatham Sep 14, 2018
733fcca
Invent structure tags for the storage.h abstractions.
sgtatham Sep 14, 2018
03fb442
Expose the 'dh_ctx' struct tag used for Diffie-Hellman.
sgtatham Sep 14, 2018
d437e54
Make ssh_compress into a pair of linked classoids.
sgtatham Sep 14, 2018
aa08e6c
Put a layer of abstraction in front of struct ssh_channel.
sgtatham Sep 14, 2018
895b09a
Move port-forwarding setup out of ssh.c.
sgtatham Sep 14, 2018
8001dd4
New abstraction 'ConnectionLayer'.
sgtatham Sep 17, 2018
ff7418a
tree234.c: minor fixes to the test suite.
sgtatham Sep 19, 2018
b2d0bd0
tree234.c: new search234() system.
sgtatham Sep 19, 2018
61f18ac
Reimplement alloc_channel_id using search234.
sgtatham Sep 19, 2018
a313048
New utility function logevent_and_free.
sgtatham Sep 19, 2018
ce0b672
Macro to make a ptrlen out of a string literal.
sgtatham Sep 19, 2018
370ff15
Move bug flag definitions out into ssh.h.
sgtatham Sep 19, 2018
af8e526
Move version string exchange out into a BPP.
sgtatham Sep 19, 2018
63a14f2
Rework handling of untrusted terminal data.
sgtatham Sep 19, 2018
6e24b7d
Extend PacketQueue to take PktOut as well.
sgtatham Sep 19, 2018
242c074
Move low-level functions out into sshcommon.c.
sgtatham Sep 19, 2018
0422669
Get rid of ssh_set_frozen.
sgtatham Sep 19, 2018
6a5d4d0
Make pq_empty_on_to_front_of more general.
sgtatham Sep 19, 2018
64f95e6
Move the zombiechan implementation into sshcommon.c.
sgtatham Sep 19, 2018
783f03d
Move the default Channel methods into sshcommon.c.
sgtatham Sep 19, 2018
12abb95
Move the ttymode formatter into sshcommon.c.
sgtatham Sep 19, 2018
968252b
Move alloc_channel_id into sshcommon.c.
sgtatham Sep 19, 2018
26364bb
Move comma-separated string functions into sshcommon.c.
sgtatham Sep 19, 2018
3ad919f
Move ssh{1,2}_pkt_type into sshcommon.c.
sgtatham Sep 19, 2018
93f2df9
New system for tracking data-limit-based rekeys.
sgtatham Sep 19, 2018
91a624f
sshaes.c: add some missing clang target attributes.
sgtatham Sep 20, 2018
e71798a
Fix copy-paste error in sshdes.c.
sgtatham Sep 20, 2018
e1b52ae
Remove duplicate typedef of AESContext.
sgtatham Sep 20, 2018
361efee
Reinstate setting of ssh->session_started.
sgtatham Sep 21, 2018
e230751
Remove FLAG_STDERR completely.
sgtatham Sep 21, 2018
a19faa4
Minor header-file cleanups.
sgtatham Sep 21, 2018
562cdd4
Fix mishandling of refusal to compress in SSH-1.
sgtatham Sep 21, 2018
f7821f5
Fix paste error in the new pq_concatenate.
sgtatham Sep 22, 2018
5eb4efc
Remove a fixed-size buffer in pscp.c.
sgtatham Sep 22, 2018
ed70e60
Remove a fixed-size buffer in cmdgen.c.
pavelkryukov Sep 22, 2018
26f7a2a
Add missing 'static' to BPP vtable definitions.
sgtatham Sep 23, 2018
f4fbaa1
Rework special-commands system to add an integer argument.
sgtatham Sep 24, 2018
8cb6839
Move SSH packet type codes into list macros.
sgtatham Sep 24, 2018
09c3439
Move SSH_MSG_UNEXPECTED generation into the BPP.
sgtatham Sep 24, 2018
f6f8219
Replace PktIn reference count with a 'free queue'.
sgtatham Sep 23, 2018
43767ff
Add a missing include to putty.h.
sgtatham Sep 24, 2018
96622d1
Move verify_ssh_manual_host_key into sshcommon.c
sgtatham Sep 24, 2018
d77b95c
Macroise the cumbersome read idioms in the BPPs.
sgtatham Sep 24, 2018
56bf65e
Fix spurious EOF in agent forwarding!
sgtatham Sep 24, 2018
54b300f
pscp: try not to print error message on statistics line.
sgtatham Sep 24, 2018
a703f86
Defer passing a ConnectionLayer to sshshare.c.
sgtatham Sep 21, 2018
623c7b7
Put an optional IdempotentCallback in packet queues.
sgtatham Sep 21, 2018
06b721c
Put an optional IdempotentCallback in bufchains.
sgtatham Sep 22, 2018
60d95b6
Tweak crWaitUntil macros for greater robustness.
sgtatham Sep 24, 2018
6bb8477
Give the BPP an input and output packet queue.
sgtatham Sep 24, 2018
3074440
Move SSH_MSG_DISCONNECT construction into the BPP.
sgtatham Sep 24, 2018
344ec3a
Restructure SSH-1 compression again.
sgtatham Sep 22, 2018
2ca0070
Move most of ssh.c out into separate source files.
sgtatham Sep 24, 2018
cb6fa5f
Fix minor mishandling of session typeahead.
sgtatham Sep 25, 2018
f22d442
Fix mishandling of user abort during SSH-1 auth.
sgtatham Sep 25, 2018
e4ee11d
Fix accidental termination of wait-for-rekey loop.
sgtatham Sep 25, 2018
da1e560
Fix failure to display the specials menu.
sgtatham Sep 25, 2018
0bdda64
Fix paste error in packet-type list macro.
sgtatham Sep 25, 2018
686e78e
Fix log-censoring of incoming SSH-2 session data.
sgtatham Sep 26, 2018
822d2fd
Add option whether to include header when logging.
net147 Sep 26, 2018
b5c8404
Suppress strncpy truncation warnings with GCC 8 and later.
net147 Sep 26, 2018
07313e9
Fix shortcut clash in Windows builds.
jtn20 Sep 26, 2018
c912d09
Handle error messages even before session startup.
sgtatham Sep 27, 2018
ed0104c
ssh_closing: distinguish socket errors from EOF.
sgtatham Sep 27, 2018
e857e43
Fix use-after-free on a network error.
sgtatham Sep 28, 2018
32a0de9
Defer error callback from localproxy_try_send.
sgtatham Sep 28, 2018
3085e74
GTK uxsel handling: lump G_IO_HUP into G_IO_IN.
sgtatham Sep 28, 2018
7cd425a
uxproxy: close input pipes that have seen EOF on read.
sgtatham Sep 28, 2018
5a6608b
Unix GUI: honour 'no close on exit' for connection_fatal.
sgtatham Sep 28, 2018
57553bd
sshshare: notify cl when last downstream goes away.
sgtatham Sep 28, 2018
fb07fcc
Fix failure to handle SSH_MSG_EXTENDED_DATA.
sgtatham Sep 29, 2018
1d162fa
Stop sending outgoing-only EOF on SSH sockets.
sgtatham Oct 1, 2018
db18804
Fix failure to close the outgoing socket.
sgtatham Oct 1, 2018
5d6d052
Flush log file after asynchronous askappend.
sgtatham Oct 1, 2018
dcb93d6
pscp: fix another newline problem in output.
sgtatham Oct 2, 2018
ad487da
pscp: remove redundant progress bar indicator.
sgtatham Oct 2, 2018
78e280a
pscp: remove a relic of GUI feedback mode.
sgtatham Oct 2, 2018
72a8c8c
ssh2 conn: don't accept user input until mainchan is ready.
sgtatham Oct 2, 2018
bf61af1
ssh2 conn: don't set mainchan_eof_sent when we didn't.
sgtatham Oct 3, 2018
96ec2c2
Get rid of lots of implicit pointer types.
sgtatham Oct 4, 2018
e0130a4
Switch the unifont system over to using FROMFIELD.
sgtatham Oct 5, 2018
b798230
Name vtable structure types more consistently.
sgtatham Oct 5, 2018
884a7df
Make Socket and Plug into structs.
sgtatham Oct 5, 2018
ed652a7
Get rid of #ifdef DEFINE_PLUG_METHOD_MACROS.
sgtatham Oct 5, 2018
9396fcc
Rename FROMFIELD to 'container_of'.
sgtatham Oct 5, 2018
461ade4
Return an error message from x11_setup_display.
sgtatham Oct 6, 2018
07f99e6
Remove 'defused' parameter from wc_to_mb.
sgtatham Oct 6, 2018
e655053
Add a couple of missing 'static' qualifiers.
sgtatham Oct 6, 2018
d9369d4
Give PuTTYtel its own Windows manifest file.
sgtatham Oct 6, 2018
6c0f22b
Give fxp_mkdir_send an attrs parameter.
sgtatham Oct 6, 2018
62f630d
cygtermd: remove all uses of 'FIXME' as program name.
sgtatham Oct 6, 2018
0bbe87f
Rewrite some comments with FIXMEs in them.
sgtatham Oct 6, 2018
36caf03
Utility routines for iterating over a packet queue.
sgtatham Oct 6, 2018
2e7ced6
Give BPPs a Frontend, so they can do their own logging.
sgtatham Oct 7, 2018
4c8c41b
Support OpenSSH delayed compression without a rekey.
sgtatham Oct 7, 2018
34df999
Try to decouple directions of delayed compression.
sgtatham Oct 7, 2018
9072bab
Unix: fix segfault if ~/.putty/sessions doesn't exist.
sgtatham Oct 7, 2018
55860ca
log_proxy_stderr: cope with CRLF on proxy stderr lines.
sgtatham Oct 7, 2018
cea1329
Make new_error_socket() into a printf-style function.
sgtatham Oct 7, 2018
2ea356c
Fix crash on early connection of a sharing downstream.
sgtatham Oct 7, 2018
e3e4345
Fix crash when disconnecting in verstring phase.
sgtatham Oct 7, 2018
d624ae2
Fix double-free bug in (non-EC) Diffie-Hellman.
sgtatham Oct 8, 2018
a3a8b28
Tidy up 'eventlog_stuff' structure and fix leak.
sgtatham Oct 8, 2018
78d0022
settings.c: replace some 'void *' with proper types.
sgtatham Oct 8, 2018
3f0f6d2
Missing error message when loading a private key file.
sgtatham Oct 9, 2018
5ea3a24
ssh2userauth: remove an unused variable.
sgtatham Oct 9, 2018
1b67ec2
ssh2userauth: stop hardcoding the successor layer name.
sgtatham Oct 9, 2018
ad0c502
Refactor the LogContext type.
sgtatham Oct 10, 2018
e053ea9
Remove two useless declarations.
sgtatham Oct 10, 2018
109df9f
Remove frontend_keypress().
sgtatham Oct 11, 2018
b4c8fd9
New abstraction 'Seat', to pass to backends.
sgtatham Oct 11, 2018
dff3cd5
Fix assertion failure if server won't start a shell.
sgtatham Oct 12, 2018
554e8f3
Restore missing Event Log entries from SSH layers.
sgtatham Oct 12, 2018
1986ee2
Add missing pq_pop when handling SSH_MSG_DISCONNECT.
sgtatham Oct 13, 2018
e966df0
Avoid Event Log entries with newlines in.
sgtatham Oct 13, 2018
35a4283
Loosen the validity check in get_mp_ssh1.
sgtatham Oct 15, 2018
b9bfc81
cmdgen: fix segfault on failing to open the output file.
sgtatham Oct 15, 2018
56096ba
New utility functions to make ptrlens.
sgtatham Oct 13, 2018
8d7150b
Fix segfault in SSH-1 X forwarding.
sgtatham Oct 13, 2018
3229d46
Remove an obsolete declaration.
sgtatham Oct 17, 2018
14f7973
A few new minor utility functions.
sgtatham Oct 13, 2018
dfb8d5d
Add some missing 'const' in pfl_listen.
sgtatham Oct 20, 2018
1b2f39c
settings.c: allow load_open_settings(NULL).
sgtatham Oct 8, 2018
2339efc
Devolve channel-request handling to Channel vtable.
sgtatham Sep 26, 2018
d1cd8b2
Move channel-opening logic out into subroutines.
sgtatham Sep 26, 2018
8db76dc
Give SshChannel a pointer to its owning ConnectionLayer.
sgtatham Oct 14, 2018
431f92a
Move mainchan into its own file, like agentf.
sgtatham Sep 30, 2018
dead35d
New system for handling SSH terminal modes.
sgtatham Oct 12, 2018
72eca76
New system for handling SSH signals.
sgtatham Oct 14, 2018
79c4d3f
Rewrite the SSH-1 main shell session using mainchan.
sgtatham Sep 30, 2018
fe26ddb
Move transient host key cache into its own file.
sgtatham Oct 6, 2018
3df80af
Factor KEXINIT construction out into its own function.
sgtatham Oct 6, 2018
7de8801
Factor KEXINIT analysis out into its own function.
sgtatham Oct 7, 2018
c95b277
Unix: turn LocalProxySocket into a general FdSocket.
sgtatham Oct 7, 2018
99c215e
Change Seat's get_char_cell_size to get_window_pixel_size.
sgtatham Oct 13, 2018
1bde686
Rename sshfwd_unclean_close to sshfwd_initiate_close.
sgtatham Oct 13, 2018
82c83c1
Improve sk_peer_info.
sgtatham Oct 18, 2018
d3a9142
Allow channels not to close immediately after two EOFs.
sgtatham Oct 18, 2018
b94c6a7
Move client-specific SSH code into new files.
sgtatham Oct 20, 2018
f4db919
Factor out Unix Pageant's socket creation.
sgtatham Oct 14, 2018
61976b4
Server prep: routine to create a local X display.
sgtatham Oct 20, 2018
445030b
Server prep: support stderr output on channels.
sgtatham Oct 20, 2018
9fe719f
Server prep: parse a lot of new channel requests.
sgtatham Oct 20, 2018
21a7ce7
Server prep: reword messages to be client/server agnostic.
sgtatham Oct 20, 2018
82661b7
Server prep: extra RSA crypto primitives.
sgtatham Oct 20, 2018
8343961
Server prep: factor out portfwd_raw_new().
sgtatham Oct 20, 2018
650404f
Server prep: pass "implementation name" to ssh_verstring_new.
sgtatham Oct 21, 2018
c970d2b
uxpty: send seat_eof when the pty master gives EIO.
sgtatham Oct 13, 2018
0ee204f
uxpty: propagate exit code more reliably on pty EIO.
sgtatham Oct 13, 2018
105672e
uxpty: new specialist backend-creation API.
sgtatham Oct 13, 2018
f2edea1
uxpty: give pty_backend_create a struct ssh_ttymodes.
sgtatham Oct 18, 2018
63d08fc
uxpty: support SS_SIG* and SS_BRK specials.
sgtatham Oct 18, 2018
6b7a1cd
uxpty: option to make three pipes instead of a pty.
sgtatham Oct 18, 2018
a48e897
uxpty: support SS_EOF, when in pipe mode.
sgtatham Oct 18, 2018
1d323d5
Add an actual SSH server program.
sgtatham Oct 20, 2018
a081dd0
Add an SFTP server to the SSH server code.
sgtatham Oct 20, 2018
aa162bb
Close standard handles in watchdog subprocesses.
sgtatham Oct 21, 2018
aaa1bfb
Makefile.vc: permit building for Windows on Arm.
pavelkryukov Jul 11, 2018
a7c7ba0
Add missing #ifndef OMIT_UTMP over pty_utmp_helper_pipe closing
pavelkryukov Oct 21, 2018
fafb898
uxserver.c: exit with 0 explicitly to make GCC 4 happy
pavelkryukov Oct 21, 2018
1806b71
uxsftpserver.c: do not let Clang think we append integer to string
pavelkryukov Oct 21, 2018
5f03613
Improve Uppity's online help and command-line errors.
sgtatham Oct 22, 2018
c9e6118
Uppity: add challenge-response auth methods.
sgtatham Oct 22, 2018
76a32c5
Fix two bugs in SSH-1 TIS and CryptoCard auth.
sgtatham Oct 22, 2018
cf8a421
Add a missing const in uint64_from_decimal.
sgtatham Oct 21, 2018
d1eb409
wildcard.c: allow the matched string to be a ptrlen.
sgtatham Oct 23, 2018
c31e3cd
Fix a couple of uninitialised variables.
sgtatham Oct 24, 2018
18d7998
pscp: extra security check in SCP mode.
sgtatham Oct 23, 2018
8a60fda
Provide Uppity with a built-in old-style scp server.
sgtatham Oct 20, 2018
f789251
Fix a couple of benign compile warnings.
sgtatham Oct 25, 2018
6714fcd
Fix a newly introduced segfault in callback.c.
sgtatham Oct 25, 2018
291c1b0
Remove unused and bit-rotted scroll optimisation.
sgtatham Oct 25, 2018
64f8f68
Remove the 'Frontend' type and replace it with a vtable.
sgtatham Oct 25, 2018
6750eb7
Fix build failure on GTK 2.
sgtatham Oct 26, 2018
ab89fd7
scpserver.c: add missing brackets around mask checks
pavelkryukov Oct 26, 2018
730af28
Stop using deprecated gtk_container_set_focus_chain().
sgtatham Oct 28, 2018
23e98b0
Uppity: support SSH-2 password change request.
sgtatham Oct 29, 2018
1d459fc
Fix misuse of FALSE for null pointer return values.
sgtatham Oct 29, 2018
3a2afbc
Remove duplicate typedef for mainchan.
sgtatham Nov 1, 2018
5cb5638
Remove three uses of bitwise ops on boolean values.
sgtatham Oct 30, 2018
a647f2b
Adopt C99 <stdint.h> integer types.
sgtatham Oct 26, 2018
a6f1709
Adopt C99 <stdbool.h>'s true/false.
sgtatham Oct 29, 2018
5691805
Introduce a conf value type of bool.
sgtatham Oct 29, 2018
1378bb0
Switch some Conf settings over to being bool.
sgtatham Oct 29, 2018
3214563
Convert a lot of 'int' variables to 'bool'.
sgtatham Nov 2, 2018
f9cb4eb
Make a few small helper functions inline.
sgtatham Oct 26, 2018
3933a27
Make send_raw_mouse a field of GtkFrontend.
sgtatham Nov 3, 2018
650bfbb
Nitpick: fix missing 'void' in one declaration.
sgtatham Nov 3, 2018
9248f5c
winnet.c: remove duplicated errstring system.
sgtatham Nov 3, 2018
c089827
Rework mungestr() and unmungestr().
sgtatham Nov 3, 2018
91d1688
Add missing 'static' on file-internal declarations.
sgtatham Nov 3, 2018
c5895ec
Move all extern declarations into header files.
sgtatham Nov 3, 2018
80db674
uxnet.c: initialize atmark variable
pavelkryukov Nov 3, 2018
506a0b1
misc.c: use bool in debug_memdump signature
pavelkryukov Nov 3, 2018
a4b5f66
Remove 'static' qualifier from Conf pointer
pavelkryukov Nov 3, 2018
1a569fc
Adding RSA Cert support
will-lauer Apr 19, 2017
00afd29
Adding DSS Cert support
will-lauer Dec 4, 2018
050e35d
RSA Cert cleanup
will-lauer Dec 5, 2018
31b7887
DSS cert cleanup
will-lauer Dec 5, 2018
22ffd0b
Load certs in pageant
will-lauer Dec 5, 2018
430824c
Adding ecdsa certificate support and general cleanup
will-lauer Dec 7, 2018
11a2292
Initial ED25519 support (not enabled)
will-lauer Dec 9, 2018
25d1009
Makind ed25519 work
will-lauer Dec 11, 2018
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
winpgnt.c: put all file-mapping code in one function.
Previously, the code to recover and memory-map the file-mapping object
Pageant uses for its IPC, and the code to convey its contents to and
from the cross-platform agent code, were widely separated, with the
former living in the WM_COPYDATA handler in the window procedure, and
the latter in answer_msg.

Now all of that code lives in answer_filemapping_message; WndProc only
handles the _window message_ contents - i.e. ensures the WM_COPYDATA
message has the right dwData id and that its lpData contains an ASCIZ
string - and answer_filemapping_message goes all the way from that
file-mapping object name to calling pageant_handle_msg.

While I'm here, I've also tidied up the code so that it uses the 'goto
cleanup' idiom rather than nesting everything inconveniently deeply,
and arranged that if anything goes wrong then we at least _construct_
an error message (although as yet we don't use that for anything
unless we're compiled with DEBUG_IPC enabled).
  • Loading branch information
sgtatham committed Jul 8, 2018
commit fecd42858c3fb4abd5b9c9dae1d456141820d244
315 changes: 170 additions & 145 deletions windows/winpgnt.c
Original file line number Diff line number Diff line change
Expand Up @@ -380,59 +380,6 @@ void keylist_update(void)
}
}

struct PageantReply {
char buf[AGENT_MAX_MSGLEN - 4];
int len, overflowed;
BinarySink_IMPLEMENTATION;
};

static void pageant_reply_BinarySink_write(
BinarySink *bs, const void *data, size_t len)
{
struct PageantReply *rep = BinarySink_DOWNCAST(bs, struct PageantReply);
if (!rep->overflowed && len <= sizeof(rep->buf) - rep->len) {
memcpy(rep->buf + rep->len, data, len);
rep->len += len;
} else {
rep->overflowed = TRUE;
}
}

static void answer_msg(void *msgv)
{
unsigned char *msg = (unsigned char *)msgv;
unsigned msglen;
struct PageantReply reply;

reply.len = 0;
reply.overflowed = FALSE;
BinarySink_INIT(&reply, pageant_reply_BinarySink_write);

msglen = GET_32BIT(msg);
if (msglen > AGENT_MAX_MSGLEN) {
pageant_failure_msg(BinarySink_UPCAST(&reply),
"incoming length field too large", NULL, NULL);
} else {
pageant_handle_msg(BinarySink_UPCAST(&reply),
msg + 4, msglen, NULL, NULL);
if (reply.len > AGENT_MAX_MSGLEN) {
reply.len = 0;
reply.overflowed = FALSE;
pageant_failure_msg(BinarySink_UPCAST(&reply),
"output would exceed max msglen", NULL, NULL);
}
}

/*
* Windows Pageant answers messages in place, by overwriting the
* input message buffer.
*/
assert(4 + reply.len <= AGENT_MAX_MSGLEN);
PUT_32BIT(msg, reply.len);
memcpy(msg + 4, reply.buf, reply.len);
smemclr(reply.buf, sizeof(reply.buf));
}

static void win_add_keyfile(Filename *filename)
{
char *err;
Expand Down Expand Up @@ -829,6 +776,168 @@ PSID get_default_sid(void)
}
#endif

struct PageantReply {
char buf[AGENT_MAX_MSGLEN - 4];
int len, overflowed;
BinarySink_IMPLEMENTATION;
};

static void pageant_reply_BinarySink_write(
BinarySink *bs, const void *data, size_t len)
{
struct PageantReply *rep = BinarySink_DOWNCAST(bs, struct PageantReply);
if (!rep->overflowed && len <= sizeof(rep->buf) - rep->len) {
memcpy(rep->buf + rep->len, data, len);
rep->len += len;
} else {
rep->overflowed = TRUE;
}
}

static char *answer_filemapping_message(const char *mapname)
{
HANDLE maphandle = INVALID_HANDLE_VALUE;
void *mapaddr = NULL;
char *err = NULL;
unsigned char *msg;
unsigned msglen;
struct PageantReply reply;

#ifndef NO_SECURITY
PSID mapsid = NULL;
PSID expectedsid = NULL;
PSID expectedsid_bc = NULL;
PSECURITY_DESCRIPTOR psd = NULL;
#endif

#ifdef DEBUG_IPC
debug(("mapname = \"%s\"\n", mapname));
#endif

maphandle = OpenFileMapping(FILE_MAP_ALL_ACCESS, FALSE, mapname);
if (maphandle == NULL || maphandle == INVALID_HANDLE_VALUE) {
err = dupprintf("OpenFileMapping(\"%s\"): %s",
mapname, win_strerror(GetLastError()));
goto cleanup;
}

#ifdef DEBUG_IPC
debug(("maphandle = %p\n", maphandle));
#endif

#ifndef NO_SECURITY
if (has_security) {
DWORD retd;

if ((expectedsid = get_user_sid()) == NULL) {
err = dupstr("unable to get user SID");
goto cleanup;
}

if ((expectedsid_bc = get_default_sid()) == NULL) {
err = dupstr("unable to get default SID");
goto cleanup;
}

if ((retd = p_GetSecurityInfo(
maphandle, SE_KERNEL_OBJECT, OWNER_SECURITY_INFORMATION,
&mapsid, NULL, NULL, NULL, &psd) != ERROR_SUCCESS)) {
err = dupprintf("unable to get owner of file mapping: "
"GetSecurityInfo returned: %s",
win_strerror(retd));
goto cleanup;
}

#ifdef DEBUG_IPC
{
LPTSTR ours, ours2, theirs;
ConvertSidToStringSid(mapsid, &theirs);
ConvertSidToStringSid(expectedsid, &ours);
ConvertSidToStringSid(expectedsid_bc, &ours2);
debug(("got sids:\n oursnew=%s\n oursold=%s\n"
" theirs=%s\n", ours, ours2, theirs));
LocalFree(ours);
LocalFree(ours2);
LocalFree(theirs);
}
#endif

if (!EqualSid(mapsid, expectedsid) &&
!EqualSid(mapsid, expectedsid_bc)) {
err = dupstr("wrong owning SID of file mapping");
goto cleanup;
}
} else
#endif /* NO_SECURITY */
{
#ifdef DEBUG_IPC
debug(("security APIs not present\n"));
#endif
}

mapaddr = MapViewOfFile(maphandle, FILE_MAP_WRITE, 0, 0, 0);
if (!mapaddr) {
err = dupprintf("unable to obtain view of file mapping: %s",
win_strerror(GetLastError()));
goto cleanup;
}

#ifdef DEBUG_IPC
debug(("mapped address = %p\n", mapaddr));
#endif

msglen = GET_32BIT((unsigned char *)mapaddr);

#ifdef DEBUG_IPC
debug(("msg length=%08x, msg type=%02x\n",
msglen, (unsigned)((unsigned char *) mapaddr)[4]));
#endif

reply.len = 0;
reply.overflowed = FALSE;
BinarySink_INIT(&reply, pageant_reply_BinarySink_write);

if (msglen > AGENT_MAX_MSGLEN - 4) {
pageant_failure_msg(BinarySink_UPCAST(&reply),
"incoming length field too large", NULL, NULL);
} else {
pageant_handle_msg(BinarySink_UPCAST(&reply),
msg + 4, msglen, NULL, NULL);
if (reply.overflowed || reply.len > AGENT_MAX_MSGLEN - 4) {
reply.len = 0;
reply.overflowed = FALSE;
pageant_failure_msg(BinarySink_UPCAST(&reply),
"output would overflow message buffer",
NULL, NULL);
}
}

if (reply.len > AGENT_MAX_MSGLEN - 4) {
err = dupstr("even error-message output overflows buffer");
goto cleanup;
}

/*
* Windows Pageant answers messages in place, by overwriting the
* input message buffer.
*/
assert(4 + reply.len <= AGENT_MAX_MSGLEN);
PUT_32BIT(msg, reply.len);
memcpy(msg + 4, reply.buf, reply.len);
smemclr(reply.buf, sizeof(reply.buf));

cleanup:
/* expectedsid has the lifetime of the program, so we don't free it */
sfree(expectedsid_bc);
if (psd)
LocalFree(psd);
if (mapaddr)
UnmapViewOfFile(mapaddr);
if (maphandle != NULL && maphandle != INVALID_HANDLE_VALUE)
CloseHandle(maphandle);
return err;
}

static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
WPARAM wParam, LPARAM lParam)
{
Expand Down Expand Up @@ -971,107 +1080,23 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
case WM_COPYDATA:
{
COPYDATASTRUCT *cds;
char *mapname;
void *p;
HANDLE filemap;
#ifndef NO_SECURITY
PSID mapowner, ourself, ourself2;
#endif
PSECURITY_DESCRIPTOR psd = NULL;
int ret = 0;
char *mapname, *err;

cds = (COPYDATASTRUCT *) lParam;
if (cds->dwData != AGENT_COPYDATA_ID)
return 0; /* not our message, mate */
mapname = (char *) cds->lpData;
if (mapname[cds->cbData - 1] != '\0')
return 0; /* failure to be ASCIZ! */
err = answer_filemapping_message(mapname);
if (err) {
#ifdef DEBUG_IPC
debug(("mapname is :%s:\n", mapname));
#endif
filemap = OpenFileMapping(FILE_MAP_ALL_ACCESS, FALSE, mapname);
#ifdef DEBUG_IPC
debug(("filemap is %p\n", filemap));
#endif
if (filemap != NULL && filemap != INVALID_HANDLE_VALUE) {
#ifndef NO_SECURITY
int rc;
if (has_security) {
if ((ourself = get_user_sid()) == NULL) {
#ifdef DEBUG_IPC
debug(("couldn't get user SID\n"));
#endif
CloseHandle(filemap);
return 0;
}

if ((ourself2 = get_default_sid()) == NULL) {
#ifdef DEBUG_IPC
debug(("couldn't get default SID\n"));
debug(("IPC failed: %s\n", err));
#endif
CloseHandle(filemap);
return 0;
}

if ((rc = p_GetSecurityInfo(filemap, SE_KERNEL_OBJECT,
OWNER_SECURITY_INFORMATION,
&mapowner, NULL, NULL, NULL,
&psd) != ERROR_SUCCESS)) {
#ifdef DEBUG_IPC
debug(("couldn't get owner info for filemap: %d\n",
rc));
#endif
CloseHandle(filemap);
sfree(ourself2);
return 0;
}
#ifdef DEBUG_IPC
{
LPTSTR ours, ours2, theirs;
ConvertSidToStringSid(mapowner, &theirs);
ConvertSidToStringSid(ourself, &ours);
ConvertSidToStringSid(ourself2, &ours2);
debug(("got sids:\n oursnew=%s\n oursold=%s\n"
" theirs=%s\n", ours, ours2, theirs));
LocalFree(ours);
LocalFree(ours2);
LocalFree(theirs);
}
#endif
if (!EqualSid(mapowner, ourself) &&
!EqualSid(mapowner, ourself2)) {
CloseHandle(filemap);
LocalFree(psd);
sfree(ourself2);
return 0; /* security ID mismatch! */
}
#ifdef DEBUG_IPC
debug(("security stuff matched\n"));
#endif
LocalFree(psd);
sfree(ourself2);
} else {
#ifdef DEBUG_IPC
debug(("security APIs not present\n"));
#endif
}
#endif
p = MapViewOfFile(filemap, FILE_MAP_WRITE, 0, 0, 0);
#ifdef DEBUG_IPC
debug(("p is %p\n", p));
{
int i;
for (i = 0; i < 5; i++)
debug(("p[%d]=%02x\n", i,
((unsigned char *) p)[i]));
}
#endif
answer_msg(p);
ret = 1;
UnmapViewOfFile(p);
}
CloseHandle(filemap);
return ret;
sfree(err);
return 0;
}
return 1;
}
}

Expand Down