Merge branch 'thirdparty'

Source commit: d9343ddb7cfc8f10fd01ed9d1c6f6dfdc8515ab2

source/putty/putty.h

@@ -1299,8 +1299,14 @@ struct TermWinVtable {
 
     /* Query the front end for any OS-local overrides to the default
      * colours stored in Conf. The front end should set any it cares
-     * about by calling term_palette_override. */
-    void (*palette_get_overrides)(TermWin *);
+     * about by calling term_palette_override.
+     *
+     * The Terminal object is passed in as a parameter, because this
+     * can be called as a callback from term_init(). So the TermWin
+     * itself won't yet have been told where to find its Terminal
+     * object, because that doesn't happen until term_init
+     * returns. */
+    void (*palette_get_overrides)(TermWin *, Terminal *);
 };
 
 static inline bool win_setup_draw_ctx(TermWin *win)
@@ -1354,8 +1360,8 @@ static inline void win_set_zorder(TermWin *win, bool top)
 static inline void win_palette_set(
     TermWin *win, unsigned start, unsigned ncolours, const rgb *colours)
 { win->vt->palette_set(win, start, ncolours, colours); }
-static inline void win_palette_get_overrides(TermWin *win)
-{ win->vt->palette_get_overrides(win); }
+static inline void win_palette_get_overrides(TermWin *win, Terminal *term)
+{ win->vt->palette_get_overrides(win, term); }
 
 /*
  * Global functions not specific to a connection instance.
@@ -1422,6 +1428,7 @@ NORETURN void cleanup_exit(int);
     X(INT, NONE, sshprot) \
     X(BOOL, NONE, ssh2_des_cbc) /* "des-cbc" unrecommended SSH-2 cipher */ \
     X(BOOL, NONE, ssh_no_userauth) /* bypass "ssh-userauth" (SSH-2 only) */ \
+    X(BOOL, NONE, ssh_no_trivial_userauth) /* disable trivial types of auth */ \
     X(BOOL, NONE, ssh_show_banner) /* show USERAUTH_BANNERs (SSH-2 only) */ \
     X(BOOL, NONE, try_tis_auth) \
     X(BOOL, NONE, try_ki_auth) \
@@ -1791,7 +1798,7 @@ void term_keyinputw(Terminal *, const wchar_t * widebuf, int len);
 void term_get_cursor_position(Terminal *term, int *x, int *y);
 void term_setup_window_titles(Terminal *term, const char *title_hostname);
 void term_notify_minimised(Terminal *term, bool minimised);
-void term_notify_palette_overrides_changed(Terminal *term);
+void term_notify_palette_changed(Terminal *term);
 void term_notify_window_pos(Terminal *term, int x, int y);
 void term_notify_window_size_pixels(Terminal *term, int x, int y);
 void term_palette_override(Terminal *term, unsigned osc4_index, rgb rgb);

source/putty/settings.c

@@ -609,6 +609,7 @@ void save_open_settings(settings_w *sesskey, Conf *conf)
 #endif
     write_setting_s(sesskey, "RekeyBytes", conf_get_str(conf, CONF_ssh_rekey_data));
     write_setting_b(sesskey, "SshNoAuth", conf_get_bool(conf, CONF_ssh_no_userauth));
+    write_setting_b(sesskey, "SshNoTrivialAuth", conf_get_bool(conf, CONF_ssh_no_trivial_userauth));
     write_setting_b(sesskey, "SshBanner", conf_get_bool(conf, CONF_ssh_show_banner));
     write_setting_b(sesskey, "AuthTIS", conf_get_bool(conf, CONF_try_tis_auth));
     write_setting_b(sesskey, "AuthKI", conf_get_bool(conf, CONF_try_ki_auth));
@@ -1027,6 +1028,7 @@ void load_open_settings(settings_r *sesskey, Conf *conf)
     gpps(sesskey, "LogHost", "", conf, CONF_loghost);
     gppb(sesskey, "SSH2DES", false, conf, CONF_ssh2_des_cbc);
     gppb(sesskey, "SshNoAuth", false, conf, CONF_ssh_no_userauth);
+    gppb(sesskey, "SshNoTrivialAuth", false, conf, CONF_ssh_no_trivial_userauth);
     gppb(sesskey, "SshBanner", true, conf, CONF_ssh_show_banner);
     gppb(sesskey, "AuthTIS", false, conf, CONF_try_tis_auth);
     gppb(sesskey, "AuthKI", true, conf, CONF_try_ki_auth);

source/putty/ssh.c

@@ -255,7 +255,9 @@ static void ssh_got_ssh_version(struct ssh_version_receiver *rcv,
                     connection_layer, ssh->savedhost, ssh->fullhostname,
                     conf_get_filename(ssh->conf, CONF_keyfile),
                     conf_get_bool(ssh->conf, CONF_ssh_show_banner),
-                    conf_get_bool(ssh->conf, CONF_tryagent), username,
+                    conf_get_bool(ssh->conf, CONF_tryagent),
+                    conf_get_bool(ssh->conf, CONF_ssh_no_trivial_userauth),
+                    username,
                     conf_get_bool(ssh->conf, CONF_change_username),
                     conf_get_bool(ssh->conf, CONF_try_ki_auth),
 #ifndef NO_GSSAPI

source/putty/ssh2userauth.c

@@ -28,7 +28,7 @@ struct ssh2_userauth_state {
 
     PacketProtocolLayer *transport_layer, *successor_layer;
     Filename *keyfile;
-    bool show_banner, tryagent, change_username;
+    bool show_banner, tryagent, notrivialauth, change_username;
     char *hostname, *fullhostname;
     char *default_username;
     bool try_ki_auth, try_gssapi_auth, try_gssapi_kex_auth, gssapi_fwd;
@@ -84,6 +84,7 @@ struct ssh2_userauth_state {
     int len;
     PktOut *pktout;
     bool want_user_input;
+    bool is_trivial_auth;
 
     agent_pending_query *auth_agent_query;
     bufchain banner;
@@ -140,7 +141,7 @@ static const PacketProtocolLayerVtable ssh2_userauth_vtable = {
 PacketProtocolLayer *ssh2_userauth_new(
     PacketProtocolLayer *successor_layer,
     const char *hostname, const char *fullhostname,
-    Filename *keyfile, bool show_banner, bool tryagent,
+    Filename *keyfile, bool show_banner, bool tryagent, bool notrivialauth,
     const char *default_username, bool change_username,
     bool try_ki_auth, bool try_gssapi_auth, bool try_gssapi_kex_auth,
     bool gssapi_fwd, struct ssh_connection_shared_gss_state *shgss,
@@ -157,6 +158,7 @@ PacketProtocolLayer *ssh2_userauth_new(
     s->keyfile = filename_copy(keyfile);
     s->show_banner = show_banner;
     s->tryagent = tryagent;
+    s->notrivialauth = notrivialauth;
     s->default_username = dupstr(default_username);
     s->change_username = change_username;
     s->try_ki_auth = try_ki_auth;
@@ -165,6 +167,7 @@ PacketProtocolLayer *ssh2_userauth_new(
     s->gssapi_fwd = gssapi_fwd;
     s->shgss = shgss;
     s->last_methods_string = strbuf_new();
+    s->is_trivial_auth = true;
     s->loghost = dupstr(loghost); // WINSCP
     s->change_password = change_password;
     bufchain_init(&s->banner);
@@ -847,6 +850,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
                                 sigblob);
                             pq_push(s->ppl.out_pq, s->pktout);
                             s->type = AUTH_TYPE_PUBLICKEY;
+                            s->is_trivial_auth = false;
                         } else {
                             ppl_logevent("Pageant refused signing request");
                             ppl_printf("Pageant failed to "
@@ -1067,6 +1071,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
                     ssh_key_free(key->key);
                     sfree(key->comment);
                     sfree(key);
+                    s->is_trivial_auth = false;
                 }
 
 #ifndef NO_GSSAPI
@@ -1205,6 +1210,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
                      * no longer says CONTINUE_NEEDED
                      */
                     if (s->gss_sndtok.length != 0) {
+                        s->is_trivial_auth = false;
                         s->pktout =
                             ssh_bpp_new_pktout(
                                 s->ppl.bpp, SSH2_MSG_USERAUTH_GSSAPI_TOKEN);
@@ -1324,7 +1330,6 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
                  * Loop while the server continues to send INFO_REQUESTs.
                  */
                 while (pktin->type == SSH2_MSG_USERAUTH_INFO_REQUEST) {
-
                     ptrlen name, inst;
                     strbuf *sb;
 
@@ -1346,6 +1351,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
                     { // WINSCP
                     uint32_t i;
                     for (i = 0; i < s->num_prompts; i++) {
+                        s->is_trivial_auth = false;
                         ptrlen prompt = get_string(pktin);
                         bool echo = get_bool(pktin);
 
@@ -1515,7 +1521,7 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
                 pq_push_front(s->ppl.in_pq, pktin);
 
             } else if (s->can_passwd) {
-
+                s->is_trivial_auth = false;
                 /*
                  * Plain old password authentication.
                  */
@@ -1789,6 +1795,12 @@ static void ssh2_userauth_process_queue(PacketProtocolLayer *ppl)
     }
 
   userauth_success:
+    if (s->notrivialauth && s->is_trivial_auth) {
+        ssh_proto_error(s->ppl.ssh, "Authentication was trivial! "
+                        "Abandoning session as specified in configuration.");
+        return;
+    }
+
     /*
      * We've just received USERAUTH_SUCCESS, and we haven't sent
      * any packets since. Signal the transport layer to consider

source/putty/sshaes.c

@@ -1635,6 +1635,7 @@ NI_ENC_DEC(256)
  */
 #define __ARM_NEON 1
 #define __ARM_FEATURE_CRYPTO 1
+#define __ARM_FEATURE_AES 1
 #define FUNC_ISA __attribute__ ((target("neon,crypto")))
 #endif /* USE_CLANG_ATTR_TARGET_AARCH64 */
 

source/putty/sshppl.h

@@ -120,7 +120,7 @@ PacketProtocolLayer *ssh2_transport_new(
 PacketProtocolLayer *ssh2_userauth_new(
     PacketProtocolLayer *successor_layer,
     const char *hostname, const char *fullhostname,
-    Filename *keyfile, bool show_banner, bool tryagent,
+    Filename *keyfile, bool show_banner, bool tryagent, bool notrivialauth,
     const char *default_username, bool change_username,
     bool try_ki_auth,
     bool try_gssapi_auth, bool try_gssapi_kex_auth,

source/putty/sshsh256.c

@@ -770,6 +770,7 @@ const ssh_hashalg ssh_sha256_hw = {
  */
 #define __ARM_NEON 1
 #define __ARM_FEATURE_CRYPTO 1
+#define __ARM_FEATURE_SHA2 1
 #define FUNC_ISA __attribute__ ((target("neon,crypto")))
 #endif /* USE_CLANG_ATTR_TARGET_AARCH64 */
 

source/putty/sshsha.c

@@ -708,6 +708,7 @@ const ssh_hashalg ssh_sha1_hw = {
  */
 #define __ARM_NEON 1
 #define __ARM_FEATURE_CRYPTO 1
+#define __ARM_FEATURE_SHA2 1
 #define FUNC_ISA __attribute__ ((target("neon,crypto")))
 #endif /* USE_CLANG_ATTR_TARGET_AARCH64 */
 

source/putty/version.h

@@ -1,6 +1,6 @@
 /* Generated by automated build script */
-#define RELEASE 0.75
-#define TEXTVER "Release 0.75"
-#define SSHVER "-Release-0.75"
-#define BINARY_VERSION 0,75,0,0
-#define SOURCE_COMMIT "c72200ff8851b0d95574b8a8a88a2780a243c66c"
+#define RELEASE 0.76
+#define TEXTVER "Release 0.76"
+#define SSHVER "-Release-0.76"
+#define BINARY_VERSION 0,76,0,0
+#define SOURCE_COMMIT "1fd7baa7344bb38d62a024e5dba3a720c67d05cf"

source/putty/windows/winpgntc.c

@@ -169,6 +169,7 @@ bool agent_exists(void)
 
 struct agent_pending_query {
     struct handle *handle;
+    HANDLE os_handle;
     strbuf *response;
     void (*callback)(void *, void *, int);
     void *callback_ctx;
@@ -274,7 +275,8 @@ static agent_pending_query *named_pipe_agent_query(
     pq = snew(agent_pending_query);
     pq->callback_set = callback_set; // WINSCP
     pq->handle = handle_input_new(callback_set->handles_by_evtomain, pipehandle, named_pipe_agent_gotdata, pq, 0); // WINSCP
-    pipehandle = NULL;  /* prevent it being closed below */
+    pq->os_handle = pipehandle;
+    pipehandle = INVALID_HANDLE_VALUE;  /* prevent it being closed below */
     pq->response = strbuf_new_nm();
     pq->callback = callback;
     pq->callback_ctx = callback_ctx;
@@ -299,6 +301,7 @@ static agent_pending_query *named_pipe_agent_query(
 void agent_cancel_query(agent_pending_query *pq)
 {
     handle_free(pq->callback_set->handles_by_evtomain, pq->handle);
+    CloseHandle(pq->os_handle);
     if (pq->response)
         strbuf_free(pq->response);
     sfree(pq);