X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/00db133f300dd6aa08111d2b42c749a940ecede9..396778f10a65608358a828c44efc14449f61ba71:/ssh.c

diff --git a/ssh.c b/ssh.c
index bc7f5bf6..6ff530f4 100644
--- a/ssh.c
+++ b/ssh.c
@@ -499,6 +499,7 @@ static int ssh_echoing, ssh_editing;
 
 static tree234 *ssh_channels;	       /* indexed by local id */
 static struct ssh_channel *mainchan;   /* primary session channel */
+static int ssh_exitcode = -1;
 
 static tree234 *ssh_rportfwds;
 
@@ -1858,6 +1859,8 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
     static unsigned char session_id[16];
     static int cipher_type;
     static char username[100];
+    static void *publickey_blob;
+    int publickey_bloblen;
 
     crBegin;
 
@@ -2104,6 +2107,12 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 
     tried_publickey = 0;
     tis_auth_refused = ccard_auth_refused = 0;
+    /* Load the public half of cfg.keyfile so we notice if it's in Pageant */
+    if (*cfg.keyfile) {
+	if (!rsakey_pubblob(cfg.keyfile, &publickey_blob, &publickey_bloblen))
+	    publickey_blob = NULL;
+    } else
+	publickey_blob = NULL;
 
     while (pktin.type == SSH1_SMSG_FAILURE) {
 	static char password[100];
@@ -2151,6 +2160,11 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 			sprintf(buf, "Trying Pageant key #%d", i);
 			logevent(buf);
 		    }
+		    if (publickey_blob &&
+			!memcmp(p, publickey_blob, publickey_bloblen)) {
+			logevent("This key matches configured key file");
+			tried_publickey = 1;
+		    }
 		    p += 4;
 		    p += ssh1_read_bignum(p, &key.exponent);
 		    p += ssh1_read_bignum(p, &key.modulus);
@@ -3110,6 +3124,11 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt)
 		/* may be from EXEC_SHELL on some servers
 		 * if no pty is available or in other odd cases. Ignore */
 	    } else if (pktin.type == SSH1_SMSG_EXIT_STATUS) {
+		char buf[100];
+		ssh_exitcode = GET_32BIT(pktin.body);
+		sprintf(buf, "Server sent command exit status %d",
+			ssh_exitcode);
+		logevent(buf);
 		send_packet(SSH1_CMSG_EXIT_CONFIRMATION, PKT_END);
                 /*
                  * In case `helpful' firewalls or proxies tack
@@ -3745,6 +3764,8 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
     static char username[100];
     static char pwprompt[200];
     static char password[100];
+    static void *publickey_blob;
+    static int publickey_bloblen;
 
     crBegin;
 
@@ -3885,6 +3906,12 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 	tried_agent = FALSE;
 	tried_keyb_inter = FALSE;
 	kbd_inter_running = FALSE;
+	/* Load the pub half of cfg.keyfile so we notice if it's in Pageant */
+	if (*cfg.keyfile) {
+	    publickey_blob = ssh2_userkey_loadpub(cfg.keyfile, NULL,
+						  &publickey_bloblen);
+	} else
+	    publickey_blob = NULL;
 
 	while (1) {
 	    /*
@@ -4040,6 +4067,12 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 			}
 			pklen = GET_32BIT(p);
 			p += 4;
+			if (publickey_blob &&
+			    pklen == publickey_bloblen &&
+			    !memcmp(p, publickey_blob, publickey_bloblen)) {
+			    logevent("This key matches configured key file");
+			    tried_pubkey_config = 1;
+			}
 			pkblob = p;
 			p += pklen;
 			alglen = GET_32BIT(pkblob);
@@ -4607,7 +4640,10 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 			ssh2_pkt_init(SSH2_MSG_GLOBAL_REQUEST);
 			ssh2_pkt_addstring("tcpip-forward");
 			ssh2_pkt_addbool(1);/* want reply */
-			ssh2_pkt_addstring("127.0.0.1");
+			if (cfg.rport_acceptall)
+			    ssh2_pkt_addstring("0.0.0.0");
+			else
+			    ssh2_pkt_addstring("127.0.0.1");
 			ssh2_pkt_adduint32(sport);
 			ssh2_pkt_send();
 
@@ -5058,14 +5094,35 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 		}
 
 		/*
-		 * We don't recognise any form of channel request,
-		 * so we now either ignore the request or respond
-		 * with CHANNEL_FAILURE, depending on want_reply.
+		 * Having got the channel number, we now look at
+		 * the request type string to see if it's something
+		 * we recognise.
 		 */
-		if (want_reply) {
-		    ssh2_pkt_init(SSH2_MSG_CHANNEL_FAILURE);
-		    ssh2_pkt_adduint32(c->remoteid);
-		    ssh2_pkt_send();
+		if (typelen == 11 && !memcmp(type, "exit-status", 11) &&
+		    c == mainchan) {
+		    /* We recognise "exit-status" on the primary channel. */
+		    char buf[100];
+		    ssh_exitcode = ssh2_pkt_getuint32();
+		    sprintf(buf, "Server sent command exit status %d",
+			    ssh_exitcode);
+		    logevent(buf);
+		    if (want_reply) {
+			ssh2_pkt_init(SSH2_MSG_CHANNEL_SUCCESS);
+			ssh2_pkt_adduint32(c->remoteid);
+			ssh2_pkt_send();
+		    }
+		} else {
+		    /*
+		     * This is a channel request we don't know
+		     * about, so we now either ignore the request
+		     * or respond with CHANNEL_FAILURE, depending
+		     * on want_reply.
+		     */
+		    if (want_reply) {
+			ssh2_pkt_init(SSH2_MSG_CHANNEL_FAILURE);
+			ssh2_pkt_adduint32(c->remoteid);
+			ssh2_pkt_send();
+		    }
 		}
 	    } else if (pktin.type == SSH2_MSG_CHANNEL_OPEN) {
 		char *type;
@@ -5440,6 +5497,11 @@ static int ssh_ldisc(int option)
     return FALSE;
 }
 
+static int ssh_return_exitcode(void)
+{
+    return ssh_exitcode;
+}
+
 Backend ssh_backend = {
     ssh_init,
     ssh_send,
@@ -5447,6 +5509,7 @@ Backend ssh_backend = {
     ssh_size,
     ssh_special,
     ssh_socket,
+    ssh_return_exitcode,
     ssh_sendok,
     ssh_ldisc,
     ssh_unthrottle,