X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/9916cc1e8d26f1caef36fc1ee525819e6ca62f42..e436e0602b66c82acf0741ced8f9a19bd2060e70:/ssh.c

diff --git a/ssh.c b/ssh.c
index 6a882b79..23afa6aa 100644
--- a/ssh.c
+++ b/ssh.c
@@ -12,7 +12,9 @@
 #include "putty.h"
 #include "tree234.h"
 #include "ssh.h"
+#ifndef NO_GSSAPI
 #include "sshgss.h"
+#endif
 
 #ifndef FALSE
 #define FALSE 0
@@ -4425,12 +4427,19 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
 
 	    epfrec = add234(ssh->portfwds, pfrec);
 	    if (epfrec != pfrec) {
+		if (epfrec->status == DESTROY) {
+		    /*
+		     * We already have a port forwarding up and running
+		     * with precisely these parameters. Hence, no need
+		     * to do anything; simply re-tag the existing one
+		     * as KEEP.
+		     */
+		    epfrec->status = KEEP;
+		}
 		/*
-		 * We already have a port forwarding with precisely
-		 * these parameters. Hence, no need to do anything;
-		 * simply tag the existing one as KEEP.
+		 * Anything else indicates that there was a duplicate
+		 * in our input, which we'll silently ignore.
 		 */
-		epfrec->status = KEEP;
 		free_portfwd(pfrec);
 	    } else {
 		pfrec->status = CREATE;
@@ -4994,10 +5003,10 @@ static void do_ssh1_connection(Ssh ssh, unsigned char *in, int inlen,
 	}
     }
 
-    if (ssh->cfg.x11_forward) {
+    if (ssh->cfg.x11_forward &&
+	(ssh->x11disp = x11_setup_display(ssh->cfg.x11_display,
+					  ssh->cfg.x11_auth, &ssh->cfg))) {
 	logevent("Requesting X11 forwarding");
-	ssh->x11disp = x11_setup_display(ssh->cfg.x11_display,
-					 ssh->cfg.x11_auth, &ssh->cfg);
 	/*
 	 * Note that while we blank the X authentication data here, we don't
 	 * take any special action to blank the start of an X11 channel,
@@ -7011,6 +7020,7 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
 
     if (typelen == 3 && !memcmp(type, "x11", 3)) {
 	char *addrstr;
+	const char *x11err;
 
 	ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
 	addrstr = snewn(peeraddrlen+1, char);
@@ -7023,8 +7033,9 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
 
 	if (!ssh->X11_fwd_enabled)
 	    error = "X11 forwarding is not enabled";
-	else if (x11_init(&c->u.x11.s, ssh->x11disp, c,
-			  addrstr, peerport, &ssh->cfg) != NULL) {
+	else if ((x11err = x11_init(&c->u.x11.s, ssh->x11disp, c,
+				    addrstr, peerport, &ssh->cfg)) != NULL) {
+	    logeventf(ssh, "Local X11 connection failed: %s", x11err);
 	    error = "Unable to open an X11 connection";
 	} else {
 	    logevent("Opening X11 forward connection succeeded");
@@ -7154,8 +7165,10 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 	int done_service_req;
 	int gotit, need_pw, can_pubkey, can_passwd, can_keyb_inter;
 	int tried_pubkey_config, done_agent;
+#ifndef NO_GSSAPI
 	int can_gssapi;
 	int tried_gssapi;
+#endif
 	int kbd_inter_refused;
 	int we_are_in;
 	prompts_t *cur_prompt;
@@ -7179,11 +7192,13 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 	int try_send;
 	int num_env, env_left, env_ok;
 	struct Packet *pktout;
+#ifndef NO_GSSAPI
 	Ssh_gss_ctx gss_ctx;
 	Ssh_gss_buf gss_buf;
 	Ssh_gss_buf gss_rcvtok, gss_sndtok;
 	Ssh_gss_name gss_srv_name;
 	Ssh_gss_stat gss_stat;
+#endif
     };
     crState(do_ssh2_authconn_state);
 
@@ -7191,7 +7206,9 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 
     s->done_service_req = FALSE;
     s->we_are_in = FALSE;
+#ifndef NO_GSSAPI
     s->tried_gssapi = FALSE;
+#endif
 
     if (!ssh->cfg.ssh_no_userauth) {
 	/*
@@ -7960,6 +7977,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 
 		/* initial tokens are empty */
 		SSH_GSS_CLEAR_BUF(&s->gss_rcvtok);
+		SSH_GSS_CLEAR_BUF(&s->gss_sndtok);
 
 		/* now enter the loop */
 		do {
@@ -8092,23 +8110,6 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		    ssh_pkt_getstring(pktin, &lang, &lang_len);
 		    s->cur_prompt = new_prompts(ssh->frontend);
 		    s->cur_prompt->to_server = TRUE;
-		    if (name_len) {
-			/* FIXME: better prefix to distinguish from
-			 * local prompts? */
-			s->cur_prompt->name =
-			    dupprintf("SSH server: %.*s", name_len, name);
-			s->cur_prompt->name_reqd = TRUE;
-		    } else {
-			s->cur_prompt->name =
-			    dupstr("SSH server authentication");
-			s->cur_prompt->name_reqd = FALSE;
-		    }
-		    /* FIXME: ugly to print "Using..." in prompt _every_
-		     * time round. Can this be done more subtly? */
-		    s->cur_prompt->instruction =
-			dupprintf("Using keyboard-interactive authentication.%s%.*s",
-				  inst_len ? "\n" : "", inst_len, inst);
-		    s->cur_prompt->instr_reqd = TRUE;
 
 		    /*
 		     * Get any prompt(s) from the packet.
@@ -8132,6 +8133,33 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 				   echo, SSH_MAX_PASSWORD_LEN);
 		    }
 
+		    if (name_len) {
+			/* FIXME: better prefix to distinguish from
+			 * local prompts? */
+			s->cur_prompt->name =
+			    dupprintf("SSH server: %.*s", name_len, name);
+			s->cur_prompt->name_reqd = TRUE;
+		    } else {
+			s->cur_prompt->name =
+			    dupstr("SSH server authentication");
+			s->cur_prompt->name_reqd = FALSE;
+		    }
+		    /* We add a prefix to try to make it clear that a prompt
+		     * has come from the server.
+		     * FIXME: ugly to print "Using..." in prompt _every_
+		     * time round. Can this be done more subtly? */
+		    /* Special case: for reasons best known to themselves,
+		     * some servers send k-i requests with no prompts and
+		     * nothing to display. Keep quiet in this case. */
+		    if (s->num_prompts || name_len || inst_len) {
+			s->cur_prompt->instruction =
+			    dupprintf("Using keyboard-interactive authentication.%s%.*s",
+				      inst_len ? "\n" : "", inst_len, inst);
+			s->cur_prompt->instr_reqd = TRUE;
+		    } else {
+			s->cur_prompt->instr_reqd = FALSE;
+		    }
+
 		    /*
                      * Display any instructions, and get the user's
                      * response(s).
@@ -8549,7 +8577,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
     ssh->packet_dispatch[SSH2_MSG_CHANNEL_OPEN] =
 	ssh2_msg_channel_open;
 
-    if (ssh->cfg.ssh_simple) {
+    if (ssh->mainchan && ssh->cfg.ssh_simple) {
 	/*
 	 * This message indicates to the server that we promise
 	 * not to try to run any other channel in parallel with
@@ -8566,10 +8594,10 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
     /*
      * Potentially enable X11 forwarding.
      */
-    if (ssh->mainchan && !ssh->ncmode && ssh->cfg.x11_forward) {
+    if (ssh->mainchan && !ssh->ncmode && ssh->cfg.x11_forward &&
+	(ssh->x11disp = x11_setup_display(ssh->cfg.x11_display,
+					  ssh->cfg.x11_auth, &ssh->cfg))) {
 	logevent("Requesting X11 forwarding");
-	ssh->x11disp = x11_setup_display(ssh->cfg.x11_display,
-					 ssh->cfg.x11_auth, &ssh->cfg);
 	s->pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST);
 	ssh2_pkt_adduint32(s->pktout, ssh->mainchan->remoteid);
 	ssh2_pkt_addstring(s->pktout, "x11-req");