projects / u / mdw / putty / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Justin Bradford's proxy support patch. Currently supports only HTTP
[u/mdw/putty] / ssh.c
diff --git a/ssh.c b/ssh.c
index 01c5caa..6cc79bf 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -168,6 +168,7 @@ static const char *const ssh2_disconnect_reasons[] = {
 #define BUG_CHOKES_ON_SSH1_IGNORE                 1
 #define BUG_SSH2_HMAC                             2
 #define BUG_NEEDS_SSH1_PLAIN_PASSWORD            4
+#define BUG_CHOKES_ON_RSA                        8
 
 static int ssh_pkt_ctx = 0;
 
@@ -1590,6 +1591,16 @@ static void ssh_detect_bugs(char *vstring)
        logevent("We believe remote version needs a plain SSH1 password");
     }
 
+    if (!strcmp(imp, "Cisco-1.25")) {
+       /*
+        * These versions apparently have no clue whatever about
+        * RSA authentication and will panic and die if they see
+        * an AUTH_RSA message.
+        */
+       ssh_remote_bugs |= BUG_CHOKES_ON_RSA;
+       logevent("We believe remote version can't handle RSA authentication");
+    }
+
     if (!strncmp(imp, "2.1.0", 5) || !strncmp(imp, "2.0.", 4) ||
        !strncmp(imp, "2.2.0", 5) || !strncmp(imp, "2.3.0", 5) ||
        !strncmp(imp, "2.1 ", 4)) {
@@ -1861,9 +1872,11 @@ static char *connect_to_host(char *host, int port, char **realhost, int nodelay)
        sprintf(buf, "Connecting to %.100s port %d", addrbuf, port);
        logevent(buf);
     }
-    s = sk_new(addr, port, 0, 1, nodelay, &fn_table_ptr);
-    if ((err = sk_socket_error(s)))
+    s = new_connection(addr, *realhost, port, 0, 1, nodelay, &fn_table_ptr);
+    if ((err = sk_socket_error(s))) {
+       s = NULL;
        return err;
+    }
 
 #ifdef FWHACK
     sk_write(s, "connect ", 8);
@@ -2155,8 +2168,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
                            break;
                          case 3:
                          case 4:
-                           random_save_seed();
-                           exit(0);
+                           cleanup_exit(0);
                            break;
                          default:
                            if (((c >= ' ' && c <= '~') ||
@@ -2191,7 +2203,12 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 
     crWaitUntil(ispkt);
 
-    tried_publickey = tried_agent = 0;
+    if ((ssh_remote_bugs & BUG_CHOKES_ON_RSA)) {
+       /* We must not attempt PK auth. Pretend we've already tried it. */
+       tried_publickey = tried_agent = 1;
+    } else {
+       tried_publickey = tried_agent = 0;
+    }
     tis_auth_refused = ccard_auth_refused = 0;
     /* Load the public half of cfg.keyfile so we notice if it's in Pageant */
     if (*cfg.keyfile) {
@@ -2456,8 +2473,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
                        break;
                      case 3:
                      case 4:
-                       random_save_seed();
-                       exit(0);
+                       cleanup_exit(0);
                        break;
                      default:
                        if (pos < sizeof(password)-1)
@@ -3857,6 +3873,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
     static int we_are_in;
     static int num_prompts, echo;
     static char username[100];
+    static int got_username;
     static char pwprompt[200];
     static char password[100];
     static void *publickey_blob;
@@ -3901,6 +3918,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
      *    retype it!
      */
     username[0] = '\0';
+    got_username = FALSE;
     do {
        static int pos;
        static char c;
@@ -3909,7 +3927,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
         * Get a username.
         */
        pos = 0;
-       if (*username && !cfg.change_username) {
+       if (got_username && !cfg.change_username) {
            /*
             * We got a username last time round this loop, and
             * with change_username turned off we don't try to get
@@ -3955,8 +3973,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
                            break;
                          case 3:
                          case 4:
-                           random_save_seed();
-                           exit(0);
+                           cleanup_exit(0);
                            break;
                          default:
                            if (((c >= ' ' && c <= '~') ||
@@ -3980,6 +3997,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
                c_write_str(stuff);
            }
        }
+       got_username = TRUE;
 
        /*
         * Send an authentication request using method "none": (a)
@@ -4434,8 +4452,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
                                break;
                              case 3:
                              case 4:
-                               random_save_seed();
-                               exit(0);
+                               cleanup_exit(0);
                                break;
                              default:
                                if (pos < sizeof(password)-1)
Local modifications for Simon Tatham's `PuTTY' SSH client and terminal emulator