X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/8406eaf9d5803bf5d5896220134de398aec6fb56..babac7bd70fda1ec0c9810c8f4ccf08cfa1e31fb:/ssh.c

diff --git a/ssh.c b/ssh.c
index 7943d071..9f27e3a9 100644
--- a/ssh.c
+++ b/ssh.c
@@ -235,18 +235,6 @@ extern void pfd_override_throttle(Socket s, int enable);
 #define SSH_MAX_BACKLOG 32768
 #define OUR_V2_WINSIZE 16384
 
-/*
- * Ciphers for SSH2. We miss out single-DES because it isn't
- * supported; also 3DES and Blowfish are both done differently from
- * SSH1. (3DES uses outer chaining; Blowfish has the opposite
- * endianness and different-sized keys.)
- */
-const static struct ssh2_ciphers *ciphers[] = {
-    &ssh2_aes,
-    &ssh2_blowfish,
-    &ssh2_3des,
-};
-
 const static struct ssh_kex *kex_algs[] = {
     &ssh_diffiehellman_gex,
     &ssh_diffiehellman
@@ -1659,7 +1647,7 @@ static void ssh_sent(Plug plug, int bufsize)
  * Also places the canonical host name into `realhost'. It must be
  * freed by the caller.
  */
-static char *connect_to_host(char *host, int port, char **realhost)
+static char *connect_to_host(char *host, int port, char **realhost, int nodelay)
 {
     static struct plug_function_table fn_table = {
 	ssh_closing,
@@ -1716,7 +1704,7 @@ static char *connect_to_host(char *host, int port, char **realhost)
 	sprintf(buf, "Connecting to %.100s port %d", addrbuf, port);
 	logevent(buf);
     }
-    s = sk_new(addr, port, 0, 1, &fn_table_ptr);
+    s = sk_new(addr, port, 0, 1, nodelay, &fn_table_ptr);
     if ((err = sk_socket_error(s)))
 	return err;
 
@@ -3155,6 +3143,7 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
     static int n_preferred_ciphers;
     static const struct ssh2_ciphers *preferred_ciphers[CIPHER_MAX];
     static const struct ssh_compress *preferred_comp;
+    static int cipherstr_started;
     static int first_kex;
 
     crBegin;
@@ -3172,7 +3161,10 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
 	    n_preferred_ciphers++;
 	    break;
 	  case CIPHER_DES:
-	    /* Not supported in SSH2; silently drop */
+	    if (cfg.ssh2_des_cbc) {
+		preferred_ciphers[n_preferred_ciphers] = &ssh2_des;
+		n_preferred_ciphers++;
+	    }
 	    break;
 	  case CIPHER_3DES:
 	    preferred_ciphers[n_preferred_ciphers] = &ssh2_3des;
@@ -3232,24 +3224,28 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
     }
     /* List client->server encryption algorithms. */
     ssh2_pkt_addstring_start();
+    cipherstr_started = 0;
     for (i = 0; i < n_preferred_ciphers; i++) {
 	const struct ssh2_ciphers *c = preferred_ciphers[i];
 	if (!c) continue;	       /* warning flag */
 	for (j = 0; j < c->nciphers; j++) {
-	    ssh2_pkt_addstring_str(c->list[j]->name);
-	    if (i < n_preferred_ciphers || j < c->nciphers - 1)
+	    if (cipherstr_started)
 		ssh2_pkt_addstring_str(",");
+	    ssh2_pkt_addstring_str(c->list[j]->name);
+	    cipherstr_started = 1;
 	}
     }
     /* List server->client encryption algorithms. */
     ssh2_pkt_addstring_start();
+    cipherstr_started = 0;
     for (i = 0; i < n_preferred_ciphers; i++) {
 	const struct ssh2_ciphers *c = preferred_ciphers[i];
 	if (!c) continue; /* warning flag */
 	for (j = 0; j < c->nciphers; j++) {
-	    ssh2_pkt_addstring_str(c->list[j]->name);
-	    if (i < n_preferred_ciphers || j < c->nciphers - 1)
+	    if (cipherstr_started)
 		ssh2_pkt_addstring_str(",");
+	    ssh2_pkt_addstring_str(c->list[j]->name);
+	    cipherstr_started = 1;
 	}
     }
     /* List client->server MAC algorithms. */
@@ -3353,6 +3349,11 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
 	    break;
 	}
     }
+    if (!cscipher_tobe) {
+	bombout(("Couldn't agree a client-to-server cipher (available: %s)", str));
+	crReturn(0);
+    }
+
     ssh2_pkt_getstring(&str, &len);    /* server->client cipher */
     warn = 0;
     for (i = 0; i < n_preferred_ciphers; i++) {
@@ -3373,6 +3374,11 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
 	    break;
 	}
     }
+    if (!sccipher_tobe) {
+	bombout(("Couldn't agree a server-to-client cipher (available: %s)", str));
+	crReturn(0);
+    }
+
     ssh2_pkt_getstring(&str, &len);    /* client->server mac */
     for (i = 0; i < nmacs; i++) {
 	if (in_commasep_string(maclist[i]->name, str, len)) {
@@ -3706,6 +3712,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
      *    the username they will want to be able to get back and
      *    retype it!
      */
+    username[0] = '\0';
     do {
 	static int pos;
 	static char c;
@@ -3714,7 +3721,13 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 	 * Get a username.
 	 */
 	pos = 0;
-	if ((flags & FLAG_INTERACTIVE) && !*cfg.username) {
+	if (*username && !cfg.change_username) {
+	    /*
+	     * We got a username last time round this loop, and
+	     * with change_username turned off we don't try to get
+	     * it again.
+	     */
+	} else if ((flags & FLAG_INTERACTIVE) && !*cfg.username) {
 	    if (ssh_get_line) {
 		if (!ssh_get_line("login as: ",
 				  username, sizeof(username), FALSE)) {
@@ -3901,7 +3914,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 		    in_commasep_string("publickey", methods, methlen);
 		can_passwd =
 		    in_commasep_string("password", methods, methlen);
-		can_keyb_inter = 
+		can_keyb_inter = cfg.try_ki_auth &&
 		    in_commasep_string("keyboard-interactive", methods, methlen);
 	    }
 
@@ -4146,6 +4159,8 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 
 		    ssh2_pkt_getstring(&prompt, &prompt_len);
 		    strncpy(pwprompt, prompt, sizeof(pwprompt));
+		    pwprompt[prompt_len < sizeof(pwprompt) ?
+			     prompt_len : sizeof(pwprompt)-1] = '\0';
 		    need_pw = TRUE;
 
 		    echo = ssh2_pkt_getbool();
@@ -4856,12 +4871,25 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 		 * See if that was the last channel left open.
 		 */
 		if (count234(ssh_channels) == 0) {
+#if 0
+                    /*
+                     * We used to send SSH_MSG_DISCONNECT here,
+                     * because I'd believed that _every_ conforming
+                     * SSH2 connection had to end with a disconnect
+                     * being sent by at least one side; apparently
+                     * I was wrong and it's perfectly OK to
+                     * unceremoniously slam the connection shut
+                     * when you're done, and indeed OpenSSH feels
+                     * this is more polite than sending a
+                     * DISCONNECT. So now we don't.
+                     */
 		    logevent("All channels closed. Disconnecting");
 		    ssh2_pkt_init(SSH2_MSG_DISCONNECT);
 		    ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION);
 		    ssh2_pkt_addstring("All open channels closed");
 		    ssh2_pkt_addstring("en");	/* language tag */
 		    ssh2_pkt_send();
+#endif
 		    ssh_state = SSH_STATE_CLOSED;
 		    crReturnV;
 		}
@@ -5098,7 +5126,7 @@ static void ssh2_protocol(unsigned char *in, int inlen, int ispkt)
  *
  * Returns an error message, or NULL on success.
  */
-static char *ssh_init(char *host, int port, char **realhost)
+static char *ssh_init(char *host, int port, char **realhost, int nodelay)
 {
     char *p;
 
@@ -5114,7 +5142,7 @@ static char *ssh_init(char *host, int port, char **realhost)
     ssh_overall_bufsize = 0;
     ssh_fallback_cmd = 0;
 
-    p = connect_to_host(host, port, realhost);
+    p = connect_to_host(host, port, realhost, nodelay);
     if (p != NULL)
 	return p;