X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/2c2f4dba28ea405dd544aecfd752cd9c99760828..babac7bd70fda1ec0c9810c8f4ccf08cfa1e31fb:/ssh.c diff --git a/ssh.c b/ssh.c index baa811fb..9f27e3a9 100644 --- a/ssh.c +++ b/ssh.c @@ -235,16 +235,6 @@ extern void pfd_override_throttle(Socket s, int enable); #define SSH_MAX_BACKLOG 32768 #define OUR_V2_WINSIZE 16384 -/* - * Ciphers for SSH2. - */ -const static struct ssh2_ciphers *ciphers[] = { - &ssh2_aes, - &ssh2_blowfish, - &ssh2_3des, - &ssh2_des, -}; - const static struct ssh_kex *kex_algs[] = { &ssh_diffiehellman_gex, &ssh_diffiehellman @@ -1657,7 +1647,7 @@ static void ssh_sent(Plug plug, int bufsize) * Also places the canonical host name into `realhost'. It must be * freed by the caller. */ -static char *connect_to_host(char *host, int port, char **realhost) +static char *connect_to_host(char *host, int port, char **realhost, int nodelay) { static struct plug_function_table fn_table = { ssh_closing, @@ -1714,7 +1704,7 @@ static char *connect_to_host(char *host, int port, char **realhost) sprintf(buf, "Connecting to %.100s port %d", addrbuf, port); logevent(buf); } - s = sk_new(addr, port, 0, 1, &fn_table_ptr); + s = sk_new(addr, port, 0, 1, nodelay, &fn_table_ptr); if ((err = sk_socket_error(s))) return err; @@ -3153,6 +3143,7 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) static int n_preferred_ciphers; static const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX]; static const struct ssh_compress *preferred_comp; + static int cipherstr_started; static int first_kex; crBegin; @@ -3170,8 +3161,10 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) n_preferred_ciphers++; break; case CIPHER_DES: - preferred_ciphers[n_preferred_ciphers] = &ssh2_des; - n_preferred_ciphers++; + if (cfg.ssh2_des_cbc) { + preferred_ciphers[n_preferred_ciphers] = &ssh2_des; + n_preferred_ciphers++; + } break; case CIPHER_3DES: preferred_ciphers[n_preferred_ciphers] = &ssh2_3des; @@ -3231,24 +3224,28 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt) } /* List client->server encryption algorithms. */ ssh2_pkt_addstring_start(); + cipherstr_started = 0; for (i = 0; i < n_preferred_ciphers; i++) { const struct ssh2_ciphers *c = preferred_ciphers[i]; if (!c) continue; /* warning flag */ for (j = 0; j < c->nciphers; j++) { - ssh2_pkt_addstring_str(c->list[j]->name); - if (i < n_preferred_ciphers || j < c->nciphers - 1) + if (cipherstr_started) ssh2_pkt_addstring_str(","); + ssh2_pkt_addstring_str(c->list[j]->name); + cipherstr_started = 1; } } /* List server->client encryption algorithms. */ ssh2_pkt_addstring_start(); + cipherstr_started = 0; for (i = 0; i < n_preferred_ciphers; i++) { const struct ssh2_ciphers *c = preferred_ciphers[i]; if (!c) continue; /* warning flag */ for (j = 0; j < c->nciphers; j++) { - ssh2_pkt_addstring_str(c->list[j]->name); - if (i < n_preferred_ciphers || j < c->nciphers - 1) + if (cipherstr_started) ssh2_pkt_addstring_str(","); + ssh2_pkt_addstring_str(c->list[j]->name); + cipherstr_started = 1; } } /* List client->server MAC algorithms. */ @@ -3715,6 +3712,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) * the username they will want to be able to get back and * retype it! */ + username[0] = '\0'; do { static int pos; static char c; @@ -3723,7 +3721,13 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) * Get a username. */ pos = 0; - if ((flags & FLAG_INTERACTIVE) && !*cfg.username) { + if (*username && !cfg.change_username) { + /* + * We got a username last time round this loop, and + * with change_username turned off we don't try to get + * it again. + */ + } else if ((flags & FLAG_INTERACTIVE) && !*cfg.username) { if (ssh_get_line) { if (!ssh_get_line("login as: ", username, sizeof(username), FALSE)) { @@ -3910,7 +3914,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) in_commasep_string("publickey", methods, methlen); can_passwd = in_commasep_string("password", methods, methlen); - can_keyb_inter = + can_keyb_inter = cfg.try_ki_auth && in_commasep_string("keyboard-interactive", methods, methlen); } @@ -4867,12 +4871,25 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt) * See if that was the last channel left open. */ if (count234(ssh_channels) == 0) { +#if 0 + /* + * We used to send SSH_MSG_DISCONNECT here, + * because I'd believed that _every_ conforming + * SSH2 connection had to end with a disconnect + * being sent by at least one side; apparently + * I was wrong and it's perfectly OK to + * unceremoniously slam the connection shut + * when you're done, and indeed OpenSSH feels + * this is more polite than sending a + * DISCONNECT. So now we don't. + */ logevent("All channels closed. Disconnecting"); ssh2_pkt_init(SSH2_MSG_DISCONNECT); ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION); ssh2_pkt_addstring("All open channels closed"); ssh2_pkt_addstring("en"); /* language tag */ ssh2_pkt_send(); +#endif ssh_state = SSH_STATE_CLOSED; crReturnV; } @@ -5109,7 +5126,7 @@ static void ssh2_protocol(unsigned char *in, int inlen, int ispkt) * * Returns an error message, or NULL on success. */ -static char *ssh_init(char *host, int port, char **realhost) +static char *ssh_init(char *host, int port, char **realhost, int nodelay) { char *p; @@ -5125,7 +5142,7 @@ static char *ssh_init(char *host, int port, char **realhost) ssh_overall_bufsize = 0; ssh_fallback_cmd = 0; - p = connect_to_host(host, port, realhost); + p = connect_to_host(host, port, realhost, nodelay); if (p != NULL) return p;