From adb6167a29d4056ecf93843d46f87e4160298b0e Mon Sep 17 00:00:00 2001
From: jacob <jacob@cda61777-01e9-0310-a592-d414129be87e>
Date: Mon, 27 Dec 2010 01:19:13 +0000
Subject: [PATCH] Add an option to disable SSH-2 banners.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9055 cda61777-01e9-0310-a592-d414129be87e
---
 config.c          |  4 ++++
 doc/config.but    | 15 +++++++++++++++
 putty.h           |  1 +
 settings.c        |  2 ++
 ssh.c             |  6 ++++--
 windows/winhelp.h |  1 +
 6 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/config.c b/config.c
index 8b14c073..d492579c 100644
--- a/config.c
+++ b/config.c
@@ -2088,6 +2088,10 @@ void setup_config_box(struct controlbox *b, int midsession,
 			  HELPCTX(ssh_auth_bypass),
 			  dlg_stdcheckbox_handler,
 			  I(offsetof(Config,ssh_no_userauth)));
+	    ctrl_checkbox(s, "Display pre-authentication banner (SSH-2 only)",
+			  'd', HELPCTX(ssh_auth_banner),
+			  dlg_stdcheckbox_handler,
+			  I(offsetof(Config,ssh_show_banner)));
 
 	    s = ctrl_getset(b, "Connection/SSH/Auth", "methods",
 			    "Authentication methods");
diff --git a/doc/config.but b/doc/config.but
index e05b516b..daa20ede 100644
--- a/doc/config.but
+++ b/doc/config.but
@@ -2469,6 +2469,21 @@ unwanted username prompts, you could try checking this option.
 This option only affects SSH-2 connections. SSH-1 connections always
 require an authentication step.
 
+\S{config-ssh-banner} \q{Display pre-authentication banner}
+
+\cfg{winhelp-topic}{ssh.auth.banner}
+
+SSH-2 servers can provide a message for clients to display to the
+prospective user before the user logs in; this is sometimes known as a
+pre-authentication \q{\i{banner}}. Typically this is used to provide
+information about the server and legal notices.
+
+By default, PuTTY displays this message before prompting for a
+password or similar credentials (although, unfortunately, not before
+prompting for a login name, due to the nature of the protocol design).
+By unchecking this option, display of the banner can be suppressed
+entirely.
+
 \S{config-ssh-tryagent} \q{Attempt authentication using Pageant}
 
 \cfg{winhelp-topic}{ssh.auth.pageant}
diff --git a/putty.h b/putty.h
index e80afadd..0d14c502 100644
--- a/putty.h
+++ b/putty.h
@@ -470,6 +470,7 @@ struct config_tag {
     int sshprot;		       /* use v1 or v2 when both available */
     int ssh2_des_cbc;		       /* "des-cbc" unrecommended SSH-2 cipher */
     int ssh_no_userauth;	       /* bypass "ssh-userauth" (SSH-2 only) */
+    int ssh_show_banner;	       /* show USERAUTH_BANNERs (SSH-2 only) */
     int try_tis_auth;
     int try_ki_auth;
     int try_gssapi_auth;               /* attempt gssapi auth */
diff --git a/settings.c b/settings.c
index 2afb9f57..5ba034d0 100644
--- a/settings.c
+++ b/settings.c
@@ -348,6 +348,7 @@ void save_open_settings(void *sesskey, Config *cfg)
     write_setting_i(sesskey, "RekeyTime", cfg->ssh_rekey_time);
     write_setting_s(sesskey, "RekeyBytes", cfg->ssh_rekey_data);
     write_setting_i(sesskey, "SshNoAuth", cfg->ssh_no_userauth);
+    write_setting_i(sesskey, "SshBanner", cfg->ssh_show_banner);
     write_setting_i(sesskey, "AuthTIS", cfg->try_tis_auth);
     write_setting_i(sesskey, "AuthKI", cfg->try_ki_auth);
     write_setting_i(sesskey, "AuthGSSAPI", cfg->try_gssapi_auth);
@@ -645,6 +646,7 @@ void load_open_settings(void *sesskey, Config *cfg)
     gpps(sesskey, "LogHost", "", cfg->loghost, sizeof(cfg->loghost));
     gppi(sesskey, "SSH2DES", 0, &cfg->ssh2_des_cbc);
     gppi(sesskey, "SshNoAuth", 0, &cfg->ssh_no_userauth);
+    gppi(sesskey, "SshBanner", 1, &cfg->ssh_show_banner);
     gppi(sesskey, "AuthTIS", 0, &cfg->try_tis_auth);
     gppi(sesskey, "AuthKI", 1, &cfg->try_ki_auth);
     gppi(sesskey, "AuthGSSAPI", 1, &cfg->try_gssapi_auth);
diff --git a/ssh.c b/ssh.c
index 27a4fab6..0a485da2 100644
--- a/ssh.c
+++ b/ssh.c
@@ -7194,12 +7194,14 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
 }
 
 /*
- * Buffer banner messages for later display at some convenient point.
+ * Buffer banner messages for later display at some convenient point,
+ * if we're going to display them.
  */
 static void ssh2_msg_userauth_banner(Ssh ssh, struct Packet *pktin)
 {
     /* Arbitrary limit to prevent unbounded inflation of buffer */
-    if (bufchain_size(&ssh->banner) <= 131072) {
+    if (ssh->cfg.ssh_show_banner &&
+	bufchain_size(&ssh->banner) <= 131072) {
 	char *banner = NULL;
 	int size = 0;
 	ssh_pkt_getstring(pktin, &banner, &size);
diff --git a/windows/winhelp.h b/windows/winhelp.h
index 7b6e0c5b..fbc03f3d 100644
--- a/windows/winhelp.h
+++ b/windows/winhelp.h
@@ -102,6 +102,7 @@
 #define WINHELP_CTX_ssh_kexlist "ssh.kex.order:config-ssh-kex-order"
 #define WINHELP_CTX_ssh_kex_repeat "ssh.kex.repeat:config-ssh-kex-rekey"
 #define WINHELP_CTX_ssh_auth_bypass "ssh.auth.bypass:config-ssh-noauth"
+#define WINHELP_CTX_ssh_auth_banner "ssh.auth.banner:config-ssh-banner"
 #define WINHELP_CTX_ssh_auth_privkey "ssh.auth.privkey:config-ssh-privkey"
 #define WINHELP_CTX_ssh_auth_agentfwd "ssh.auth.agentfwd:config-ssh-agentfwd"
 #define WINHELP_CTX_ssh_auth_changeuser "ssh.auth.changeuser:config-ssh-changeuser"
-- 
2.11.0