X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/063f6c96e6073223636913c494b43847b9f7da86..2ff340bdd3941537211af374feaa6023a20529be:/config.c

diff --git a/config.c b/config.c
index f44b7603..f6c1640a 100644
--- a/config.c
+++ b/config.c
@@ -236,6 +236,33 @@ static void cipherlist_handler(union control *ctrl, void *dlg,
     }
 }
 
+#ifndef NO_GSSAPI
+static void gsslist_handler(union control *ctrl, void *dlg,
+			    void *data, int event)
+{
+    Config *cfg = (Config *)data;
+    if (event == EVENT_REFRESH) {
+	int i;
+
+	dlg_update_start(ctrl, dlg);
+	dlg_listbox_clear(ctrl, dlg);
+	for (i = 0; i < ngsslibs; i++) {
+	    int id = cfg->ssh_gsslist[i];
+	    assert(id >= 0 && id < ngsslibs);
+	    dlg_listbox_addwithid(ctrl, dlg, gsslibnames[id], id);
+	}
+	dlg_update_done(ctrl, dlg);
+
+    } else if (event == EVENT_VALCHANGE) {
+	int i;
+
+	/* Update array to match the list box. */
+	for (i=0; i < ngsslibs; i++)
+	    cfg->ssh_gsslist[i] = dlg_listbox_getid(ctrl, dlg, i);
+    }
+}
+#endif
+
 static void kexlist_handler(union control *ctrl, void *dlg,
 			    void *data, int event)
 {
@@ -1765,7 +1792,8 @@ void setup_config_box(struct controlbox *b, int midsession,
 		/* We assume the local username is sufficiently stable
 		 * to include on the dialog box. */
 		char *user = get_username();
-		char *userlabel = dupprintf("Use system username (%s)", user);
+		char *userlabel = dupprintf("Use system username (%s)",
+					    user ? user : "");
 		sfree(user);
 		ctrl_radiobuttons(s, "When username is not specified:", 'n', 4,
 				  HELPCTX(connection_username_from_env),
@@ -2076,32 +2104,74 @@ void setup_config_box(struct controlbox *b, int midsession,
 			  dlg_stdcheckbox_handler,
 			  I(offsetof(Config,try_ki_auth)));
 
-#ifndef NO_GSSAPI
-	    ctrl_checkbox(s, "Attempt GSSAPI auth (SSH-2)",
-			  NO_SHORTCUT, HELPCTX(no_help),
-			  dlg_stdcheckbox_handler,
-			  I(offsetof(Config,try_gssapi_auth)));
-#endif
-
 	    s = ctrl_getset(b, "Connection/SSH/Auth", "params",
 			    "Authentication parameters");
 	    ctrl_checkbox(s, "Allow agent forwarding", 'f',
 			  HELPCTX(ssh_auth_agentfwd),
 			  dlg_stdcheckbox_handler, I(offsetof(Config,agentfwd)));
-	    ctrl_checkbox(s, "Allow attempted changes of username in SSH-2", 'u',
+	    ctrl_checkbox(s, "Allow attempted changes of username in SSH-2", NO_SHORTCUT,
 			  HELPCTX(ssh_auth_changeuser),
 			  dlg_stdcheckbox_handler,
 			  I(offsetof(Config,change_username)));
-#ifndef NO_GSSAPI
-	    ctrl_checkbox(s, "Allow GSSAPI credential delegation in SSH-2", NO_SHORTCUT,
-			  HELPCTX(no_help),
-			  dlg_stdcheckbox_handler,
-			  I(offsetof(Config,gssapifwd)));
-#endif
 	    ctrl_filesel(s, "Private key file for authentication:", 'k',
 			 FILTER_KEY_FILES, FALSE, "Select private key file",
 			 HELPCTX(ssh_auth_privkey),
 			 dlg_stdfilesel_handler, I(offsetof(Config, keyfile)));
+
+#ifndef NO_GSSAPI
+	    /*
+	     * Connection/SSH/Auth/GSSAPI, which sadly won't fit on
+	     * the main Auth panel.
+	     */
+	    ctrl_settitle(b, "Connection/SSH/Auth/GSSAPI",
+			  "Options controlling GSSAPI authentication");
+	    s = ctrl_getset(b, "Connection/SSH/Auth/GSSAPI", "gssapi", NULL);
+
+	    ctrl_checkbox(s, "Attempt GSSAPI authentication (SSH-2 only)",
+			  NO_SHORTCUT, HELPCTX(ssh_gssapi),
+			  dlg_stdcheckbox_handler,
+			  I(offsetof(Config,try_gssapi_auth)));
+
+	    ctrl_checkbox(s, "Allow GSSAPI credential delegation", NO_SHORTCUT,
+			  HELPCTX(ssh_gssapi_delegation),
+			  dlg_stdcheckbox_handler,
+			  I(offsetof(Config,gssapifwd)));
+
+	    /*
+	     * GSSAPI library selection.
+	     */
+	    if (ngsslibs > 1) {
+		c = ctrl_draglist(s, "Preference order for GSSAPI libraries:", NO_SHORTCUT,
+				  HELPCTX(ssh_gssapi_libraries),
+				  gsslist_handler, P(NULL));
+		c->listbox.height = ngsslibs;
+
+		/*
+		 * I currently assume that if more than one GSS
+		 * library option is available, then one of them is
+		 * 'user-supplied' and so we should present the
+		 * following file selector. This is at least half-
+		 * reasonable, because if we're using statically
+		 * linked GSSAPI then there will only be one option
+		 * and no way to load from a user-supplied library,
+		 * whereas if we're using dynamic libraries then
+		 * there will almost certainly be some default
+		 * option in addition to a user-supplied path. If
+		 * anyone ever ports PuTTY to a system on which
+		 * dynamic-library GSSAPI is available but there is
+		 * absolutely no consensus on where to keep the
+		 * libraries, there'll need to be a flag alongside
+		 * ngsslibs to control whether the file selector is
+		 * displayed. 
+		 */
+
+		ctrl_filesel(s, "User-supplied GSSAPI library path:", 'l',
+			     FILTER_DYNLIB_FILES, FALSE, "Select library file",
+			     HELPCTX(ssh_gssapi_libraries),
+			     dlg_stdfilesel_handler,
+			     I(offsetof(Config, ssh_gss_custom)));
+	    }
+#endif
 	}
 
 	if (!midsession) {
@@ -2283,6 +2353,9 @@ void setup_config_box(struct controlbox *b, int midsession,
 	    ctrl_droplist(s, "Chokes on SSH-1 RSA authentication", 'r', 20,
 			  HELPCTX(ssh_bugs_rsa1),
 			  sshbug_handler, I(offsetof(Config,sshbug_rsa1)));
+	    ctrl_droplist(s, "Chokes on SSH-2 ignore messages", '2', 20,
+			  HELPCTX(ssh_bugs_ignore2),
+			  sshbug_handler, I(offsetof(Config,sshbug_ignore2)));
 	    ctrl_droplist(s, "Miscomputes SSH-2 HMAC keys", 'm', 20,
 			  HELPCTX(ssh_bugs_hmac2),
 			  sshbug_handler, I(offsetof(Config,sshbug_hmac2)));