static unsigned char session_key[32];
static int ssh1_compressing;
+static int ssh_agentfwd_enabled;
static const struct ssh_cipher *cipher = NULL;
static const struct ssh_cipher *cscipher = NULL;
static const struct ssh_cipher *sccipher = NULL;
break;
}
+ ssh_agentfwd_enabled = FALSE;
rdpkt2_state.incoming_sequence = 0;
*vsp = 0;
crReturnV;
} else if (pktin.type == SSH1_SMSG_FAILURE) {
logevent("Agent forwarding refused");
- } else
+ } else {
logevent("Agent forwarding enabled");
+ ssh_agentfwd_enabled = TRUE;
+ }
}
if (!cfg.nopty) {
} else if (pktin.type == SSH1_SMSG_AGENT_OPEN) {
/* Remote side is trying to open a channel to talk to our
* agent. Give them back a local channel number. */
- unsigned i = 1;
+ unsigned i;
struct ssh_channel *c;
enum234 e;
- for (c = first234(ssh_channels, &e); c; c = next234(&e)) {
- if (c->localid > i)
- break; /* found a free number */
- i = c->localid + 1;
- }
- c = malloc(sizeof(struct ssh_channel));
- c->remoteid = GET_32BIT(pktin.body);
- c->localid = i;
- c->closes = 0;
- c->type = SSH1_SMSG_AGENT_OPEN; /* identify channel type */
- c->u.a.lensofar = 0;
- add234(ssh_channels, c);
- send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
- PKT_INT, c->remoteid, PKT_INT, c->localid,
- PKT_END);
- } else if (pktin.type == SSH1_MSG_CHANNEL_CLOSE ||
- pktin.type == SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION) {
+
+ /* Refuse if agent forwarding is disabled. */
+ if (!ssh_agentfwd_enabled) {
+ send_packet(SSH1_MSG_CHANNEL_OPEN_FAILURE,
+ PKT_INT, GET_32BIT(pktin.body),
+ PKT_END);
+ } else {
+ i = 1;
+ for (c = first234(ssh_channels, &e); c; c = next234(&e)) {
+ if (c->localid > i)
+ break; /* found a free number */
+ i = c->localid + 1;
+ }
+ c = malloc(sizeof(struct ssh_channel));
+ c->remoteid = GET_32BIT(pktin.body);
+ c->localid = i;
+ c->closes = 0;
+ c->type = SSH1_SMSG_AGENT_OPEN;/* identify channel type */
+ c->u.a.lensofar = 0;
+ add234(ssh_channels, c);
+ send_packet(SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
+ PKT_INT, c->remoteid, PKT_INT, c->localid,
+ PKT_END);
+ }
+ } else if (pktin.type == SSH1_MSG_CHANNEL_CLOSE ||
+ pktin.type == SSH1_MSG_CHANNEL_CLOSE_CONFIRMATION) {
/* Remote side closes a channel. */
unsigned i = GET_32BIT(pktin.body);
struct ssh_channel *c;