X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/3d63ca2ea3f917bf24a6c0a6e4dae5357bcf5dd6..8eebd22198133e95ce25af1dd15dead0a5389371:/ssh.c diff --git a/ssh.c b/ssh.c index 01c5caa1..6cc79bff 100644 --- a/ssh.c +++ b/ssh.c @@ -168,6 +168,7 @@ static const char *const ssh2_disconnect_reasons[] = { #define BUG_CHOKES_ON_SSH1_IGNORE 1 #define BUG_SSH2_HMAC 2 #define BUG_NEEDS_SSH1_PLAIN_PASSWORD 4 +#define BUG_CHOKES_ON_RSA 8 static int ssh_pkt_ctx = 0; @@ -1590,6 +1591,16 @@ static void ssh_detect_bugs(char *vstring) logevent("We believe remote version needs a plain SSH1 password"); } + if (!strcmp(imp, "Cisco-1.25")) { + /* + * These versions apparently have no clue whatever about + * RSA authentication and will panic and die if they see + * an AUTH_RSA message. + */ + ssh_remote_bugs |= BUG_CHOKES_ON_RSA; + logevent("We believe remote version can't handle RSA authentication"); + } + if (!strncmp(imp, "2.1.0", 5) || !strncmp(imp, "2.0.", 4) || !strncmp(imp, "2.2.0", 5) || !strncmp(imp, "2.3.0", 5) || !strncmp(imp, "2.1 ", 4)) { @@ -1861,9 +1872,11 @@ static char *connect_to_host(char *host, int port, char **realhost, int nodelay) sprintf(buf, "Connecting to %.100s port %d", addrbuf, port); logevent(buf); } - s = sk_new(addr, port, 0, 1, nodelay, &fn_table_ptr); - if ((err = sk_socket_error(s))) + s = new_connection(addr, *realhost, port, 0, 1, nodelay, &fn_table_ptr); + if ((err = sk_socket_error(s))) { + s = NULL; return err; + } #ifdef FWHACK sk_write(s, "connect ", 8); @@ -2155,8 +2168,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) break; case 3: case 4: - random_save_seed(); - exit(0); + cleanup_exit(0); break; default: if (((c >= ' ' && c <= '~') || @@ -2191,7 +2203,12 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) crWaitUntil(ispkt); - tried_publickey = tried_agent = 0; + if ((ssh_remote_bugs & BUG_CHOKES_ON_RSA)) { + /* We must not attempt PK auth. Pretend we've already tried it. */ + tried_publickey = tried_agent = 1; + } else { + tried_publickey = tried_agent = 0; + } tis_auth_refused = ccard_auth_refused = 0; /* Load the public half of cfg.keyfile so we notice if it's in Pageant */ if (*cfg.keyfile) { @@ -2456,8 +2473,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt) break; case 3: case 4: - random_save_seed(); - exit(0); + cleanup_exit(0); break; default: if (pos < sizeof(password)-1) @@ -3857,6 +3873,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) static int we_are_in; static int num_prompts, echo; static char username[100]; + static int got_username; static char pwprompt[200]; static char password[100]; static void *publickey_blob; @@ -3901,6 +3918,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) * retype it! */ username[0] = '\0'; + got_username = FALSE; do { static int pos; static char c; @@ -3909,7 +3927,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) * Get a username. */ pos = 0; - if (*username && !cfg.change_username) { + if (got_username && !cfg.change_username) { /* * We got a username last time round this loop, and * with change_username turned off we don't try to get @@ -3955,8 +3973,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) break; case 3: case 4: - random_save_seed(); - exit(0); + cleanup_exit(0); break; default: if (((c >= ' ' && c <= '~') || @@ -3980,6 +3997,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) c_write_str(stuff); } } + got_username = TRUE; /* * Send an authentication request using method "none": (a) @@ -4434,8 +4452,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) break; case 3: case 4: - random_save_seed(); - exit(0); + cleanup_exit(0); break; default: if (pos < sizeof(password)-1)