Updated to revision 9025 of putty

21 files changed, 1298 insertions, 638 deletions

diff --git a/tools/plink/cmdline.c b/tools/plink/cmdline.c
index f3a0e22f1..6492132f1 100644
--- a/tools/plink/cmdline.c
+++ b/tools/plink/cmdline.c
@@ -56,20 +56,30 @@ static void cmdline_save_param(char *p, char *value, int pri)
     saves[pri].nsaved++;

 }

 

+static char *cmdline_password = NULL;

+

 void cmdline_cleanup(void)

 {

     int pri;

 

-    for (pri = 0; pri < NPRIORITIES; pri++)

+    if (cmdline_password) {

+	memset(cmdline_password, 0, strlen(cmdline_password));

+	sfree(cmdline_password);

+	cmdline_password = NULL;

+    }

+    

+    for (pri = 0; pri < NPRIORITIES; pri++) {

 	sfree(saves[pri].params);

+	saves[pri].params = NULL;

+	saves[pri].savesize = 0;

+	saves[pri].nsaved = 0;

+    }

 }

 

 #define SAVEABLE(pri) do { \

     if (need_save) { cmdline_save_param(p, value, pri); return ret; } \

 } while (0)

 

-static char *cmdline_password = NULL;

-

 /*

  * Similar interface to get_userpass_input(), except that here a -1

  * return means that we aren't capable of processing the prompt and

@@ -99,6 +109,8 @@ int cmdline_get_passwd_input(prompts_t *p, unsigned char *in, int inlen) {
 	    p->prompts[0]->result_len);

     p->prompts[0]->result[p->prompts[0]->result_len-1] = '\0';

     memset(cmdline_password, 0, strlen(cmdline_password));

+    sfree(cmdline_password);

+    cmdline_password = NULL;

     tried_once = 1;

     return 1;

 

@@ -192,6 +204,16 @@ int cmdline_process_param(char *p, char *value, int need_save, Config *cfg)
 	SAVEABLE(0);

 	default_protocol = cfg->protocol = PROT_RAW;

     }

+    if (!strcmp(p, "-serial")) {

+	RETURN(1);

+	/* Serial is not NONNETWORK in an odd sense of the word */

+	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);

+	SAVEABLE(0);

+	default_protocol = cfg->protocol = PROT_SERIAL;

+	/* The host parameter will already be loaded into cfg->host, so copy it across */

+	strncpy(cfg->serline, cfg->host, sizeof(cfg->serline) - 1);

+	cfg->serline[sizeof(cfg->serline) - 1] = '\0';

+    }

     if (!strcmp(p, "-v")) {

 	RETURN(1);

 	flags |= FLAG_VERBOSE;

@@ -312,6 +334,7 @@ int cmdline_process_param(char *p, char *value, int need_save, Config *cfg)
 	cfg->remote_cmd_ptr = command;

 	cfg->remote_cmd_ptr2 = NULL;

 	cfg->nopty = TRUE;      /* command => no terminal */

+	fclose(fp);

     }

     if (!strcmp(p, "-P")) {

 	RETURN(2);

@@ -435,7 +458,100 @@ int cmdline_process_param(char *p, char *value, int need_save, Config *cfg)
 	SAVEABLE(1);

 	cfg->addressfamily = ADDRTYPE_IPV6;

     }

-

+    if (!strcmp(p, "-sercfg")) {

+	char* nextitem;

+	RETURN(2);

+	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);

+	SAVEABLE(1);

+	if (cfg->protocol != PROT_SERIAL)

+	    cmdline_error("the -sercfg option can only be used with the "

+			  "serial protocol");

+	/* Value[0] contains one or more , separated values, like 19200,8,n,1,X */

+	nextitem = value;

+	while (nextitem[0] != '\0') {

+	    int length, skip;

+	    char *end = strchr(nextitem, ',');

+	    if (!end) {

+		length = strlen(nextitem);

+		skip = 0;

+	    } else {

+		length = end - nextitem;

+		nextitem[length] = '\0';

+		skip = 1;

+	    }

+	    if (length == 1) {

+		switch (*nextitem) {

+		  case '1':

+		    cfg->serstopbits = 2;

+		    break;

+		  case '2':

+		    cfg->serstopbits = 4;

+		    break;

+

+		  case '5':

+		    cfg->serdatabits = 5;

+		    break;

+		  case '6':

+		    cfg->serdatabits = 6;

+		    break;

+		  case '7':

+		    cfg->serdatabits = 7;

+		    break;

+		  case '8':

+		    cfg->serdatabits = 8;

+		    break;

+		  case '9':

+		    cfg->serdatabits = 9;

+		    break;

+

+		  case 'n':

+		    cfg->serparity = SER_PAR_NONE;

+		    break;

+		  case 'o':

+		    cfg->serparity = SER_PAR_ODD;

+		    break;

+		  case 'e':

+		    cfg->serparity = SER_PAR_EVEN;

+		    break;

+		  case 'm':

+		    cfg->serparity = SER_PAR_MARK;

+		    break;

+		  case 's':

+		    cfg->serparity = SER_PAR_SPACE;

+		    break;

+

+		  case 'N':

+		    cfg->serflow = SER_FLOW_NONE;

+		    break;

+		  case 'X':

+		    cfg->serflow = SER_FLOW_XONXOFF;

+		    break;

+		  case 'R':

+		    cfg->serflow = SER_FLOW_RTSCTS;

+		    break;

+		  case 'D':

+		    cfg->serflow = SER_FLOW_DSRDTR;

+		    break;

+

+		  default:

+		    cmdline_error("Unrecognised suboption \"-sercfg %c\"",

+				  *nextitem);

+		}

+	    } else if (length == 3 && !strncmp(nextitem,"1.5",3)) {

+		/* Messy special case */

+		cfg->serstopbits = 3;

+	    } else {

+		int serspeed = atoi(nextitem);

+		if (serspeed != 0) {

+		    cfg->serspeed = serspeed;

+		} else {

+		    cmdline_error("Unrecognised suboption \"-sercfg %s\"",

+				  nextitem);

+		}

+	    }

+	    nextitem += length + skip;

+	}

+    }

     return ret;			       /* unrecognised */

 }

 

diff --git a/tools/plink/ldisc.c b/tools/plink/ldisc.c
index 20fa3c568..119a02acb 100644
--- a/tools/plink/ldisc.c
+++ b/tools/plink/ldisc.c
@@ -147,7 +147,7 @@ void ldisc_send(void *handle, char *buf, int len, int interactive)
     if (EDITING) {

 	while (len--) {

 	    int c;

-	    c = *buf++ + keyflag;

+	    c = (unsigned char)(*buf++) + keyflag;

 	    if (!interactive && c == '\r')

 		c += KCTRL('@');

 	    switch (ldisc->quotenext ? ' ' : c) {

diff --git a/tools/plink/logging.c b/tools/plink/logging.c
index 6b8eaa7c5..4c7aa918c 100644
--- a/tools/plink/logging.c
+++ b/tools/plink/logging.c
@@ -43,7 +43,13 @@ static void logwrite(struct LogContext *ctx, void *data, int len)
 	bufchain_add(&ctx->queue, data, len);

     } else if (ctx->state == L_OPEN) {

 	assert(ctx->lgfp);

-	fwrite(data, 1, len, ctx->lgfp);

+	if (fwrite(data, 1, len, ctx->lgfp) < len) {

+	    logfclose(ctx);

+	    ctx->state = L_ERROR;

+	    /* Log state is L_ERROR so this won't cause a loop */

+	    logevent(ctx->frontend,

+		     "Disabled writing session log due to error while writing");

+	}

     }				       /* else L_ERROR, so ignore the write */

 }

 

@@ -101,8 +107,9 @@ static void logfopen_callback(void *handle, int mode)
     }

 

     event = dupprintf("%s session log (%s mode) to file: %s",

-		      (mode == 0 ? "Disabled writing" :

-                       mode == 1 ? "Appending" : "Writing new"),

+		      ctx->state == L_ERROR ?

+		      (mode == 0 ? "Disabled writing" : "Error writing") :

+		      (mode == 1 ? "Appending" : "Writing new"),

 		      (ctx->cfg.logtype == LGTYP_ASCII ? "ASCII" :

 		       ctx->cfg.logtype == LGTYP_DEBUG ? "raw" :

 		       ctx->cfg.logtype == LGTYP_PACKETS ? "SSH packets" :

diff --git a/tools/plink/putty.h b/tools/plink/putty.h
index 1fff1e74f..ac2701133 100644
--- a/tools/plink/putty.h
+++ b/tools/plink/putty.h
@@ -348,6 +348,19 @@ enum {
     SER_FLOW_NONE, SER_FLOW_XONXOFF, SER_FLOW_RTSCTS, SER_FLOW_DSRDTR

 };

 

+/*

+ * Tables of string <-> enum value mappings used in settings.c.

+ * Defined here so that backends can export their GSS library tables

+ * to the cross-platform settings code.

+ */

+struct keyval { char *s; int v; };

+

+#ifndef NO_GSSAPI

+extern const int ngsslibs;

+extern const char *const gsslibnames[];/* for displaying in configuration */

+extern const struct keyval gsslibkeywords[];   /* for storing by settings.c */

+#endif

+

 extern const char *const ttymodes[];

 

 enum {

@@ -461,6 +474,8 @@ struct config_tag {
     int try_ki_auth;

     int try_gssapi_auth;               /* attempt gssapi auth */

     int gssapifwd;                     /* forward tgt via gss */

+    int ssh_gsslist[4];		       /* preference order for local GSS libs */

+    Filename ssh_gss_custom;

     int ssh_subsys;		       /* run a subsystem rather than a command */

     int ssh_subsys2;		       /* fallback to go with remote_cmd_ptr2 */

     int ssh_no_shell;		       /* avoid running a shell */

@@ -592,7 +607,8 @@ struct config_tag {
     /* SSH bug compatibility modes */

     int sshbug_ignore1, sshbug_plainpw1, sshbug_rsa1,

 	sshbug_hmac2, sshbug_derivekey2, sshbug_rsapad2,

-	sshbug_pksessid2, sshbug_rekey2, sshbug_maxpkt2;

+	sshbug_pksessid2, sshbug_rekey2, sshbug_maxpkt2,

+	sshbug_ignore2;

     /*

      * ssh_simple means that we promise never to open any channel other

      * than the main one, which means it can safely use a very large

@@ -825,6 +841,7 @@ void term_free(Terminal *);
 void term_size(Terminal *, int, int, int);

 void term_paint(Terminal *, Context, int, int, int, int, int);

 void term_scroll(Terminal *, int, int);

+void term_scroll_to_selection(Terminal *, int);

 void term_pwron(Terminal *, int);

 void term_clrsb(Terminal *);

 void term_mouse(Terminal *, Mouse_Button, Mouse_Button, Mouse_Action,

@@ -854,6 +871,8 @@ char *term_get_ttymode(Terminal *term, const char *mode);
 int term_get_userpass_input(Terminal *term, prompts_t *p,

 			    unsigned char *in, int inlen);

 

+int format_arrow_key(char *buf, Terminal *term, int xkey, int ctrl);

+

 /*

  * Exports from logging.c.

  */

diff --git a/tools/plink/puttyps.h b/tools/plink/puttyps.h
index e7d280814..454f6055a 100644
--- a/tools/plink/puttyps.h
+++ b/tools/plink/puttyps.h
@@ -9,10 +9,6 @@
 

 #include "winstuff.h"

 

-#elif defined(macintosh)

-

-#include "macstuff.h"

-

 #elif defined(MACOSX)

 

 #include "osx.h"

diff --git a/tools/plink/settings.c b/tools/plink/settings.c
index 31d4e1fff..bd6b97495 100644
--- a/tools/plink/settings.c
+++ b/tools/plink/settings.c
@@ -8,11 +8,6 @@
 #include "putty.h"

 #include "storage.h"

 

-/*

- * Tables of string <-> enum value mappings

- */

-struct keyval { char *s; int v; };

-

 /* The cipher order given here is the default order. */

 static const struct keyval ciphernames[] = {

     { "aes",	    CIPHER_AES },

@@ -84,9 +79,13 @@ int get_remote_username(Config *cfg, char *user, size_t len)
 	if (cfg->username_from_env) {

 	    /* Use local username. */

 	    char *luser = get_username();

-	    strncpy(user, luser, len);

-	    user[len-1] = '\0';

-	    sfree(luser);

+	    if (luser) {

+		strncpy(user, luser, len);

+		user[len-1] = '\0';

+		sfree(luser);

+	    } else {

+		*user = '\0';

+	    }

 	} else {

 	    *user = '\0';

 	}

@@ -352,6 +351,11 @@ void save_open_settings(void *sesskey, Config *cfg)
     write_setting_i(sesskey, "AuthTIS", cfg->try_tis_auth);

     write_setting_i(sesskey, "AuthKI", cfg->try_ki_auth);

     write_setting_i(sesskey, "AuthGSSAPI", cfg->try_gssapi_auth);

+#ifndef NO_GSSAPI

+    wprefs(sesskey, "GSSLibs", gsslibkeywords, ngsslibs,

+	   cfg->ssh_gsslist);

+    write_setting_filename(sesskey, "GSSCustom", cfg->ssh_gss_custom);

+#endif

     write_setting_i(sesskey, "SshNoShell", cfg->ssh_no_shell);

     write_setting_i(sesskey, "SshProt", cfg->sshprot);

     write_setting_s(sesskey, "LogHost", cfg->loghost);

@@ -473,6 +477,7 @@ void save_open_settings(void *sesskey, Config *cfg)
     write_setting_i(sesskey, "BugIgnore1", 2-cfg->sshbug_ignore1);

     write_setting_i(sesskey, "BugPlainPW1", 2-cfg->sshbug_plainpw1);

     write_setting_i(sesskey, "BugRSA1", 2-cfg->sshbug_rsa1);

+    write_setting_i(sesskey, "BugIgnore2", 2-cfg->sshbug_ignore2);

     write_setting_i(sesskey, "BugHMAC2", 2-cfg->sshbug_hmac2);

     write_setting_i(sesskey, "BugDeriveKey2", 2-cfg->sshbug_derivekey2);

     write_setting_i(sesskey, "BugRSAPad2", 2-cfg->sshbug_rsapad2);

@@ -640,6 +645,11 @@ void load_open_settings(void *sesskey, Config *cfg)
     gppi(sesskey, "AuthTIS", 0, &cfg->try_tis_auth);

     gppi(sesskey, "AuthKI", 1, &cfg->try_ki_auth);

     gppi(sesskey, "AuthGSSAPI", 1, &cfg->try_gssapi_auth);

+#ifndef NO_GSSAPI

+    gprefs(sesskey, "GSSLibs", "\0",

+	   gsslibkeywords, ngsslibs, cfg->ssh_gsslist);

+    gppfile(sesskey, "GSSCustom", &cfg->ssh_gss_custom);

+#endif

     gppi(sesskey, "SshNoShell", 0, &cfg->ssh_no_shell);

     gppfile(sesskey, "PublicKeyFile", &cfg->keyfile);

     gpps(sesskey, "RemoteCommand", "", cfg->remote_cmd,

@@ -813,6 +823,7 @@ void load_open_settings(void *sesskey, Config *cfg)
     gppi(sesskey, "BugIgnore1", 0, &i); cfg->sshbug_ignore1 = 2-i;

     gppi(sesskey, "BugPlainPW1", 0, &i); cfg->sshbug_plainpw1 = 2-i;

     gppi(sesskey, "BugRSA1", 0, &i); cfg->sshbug_rsa1 = 2-i;

+    gppi(sesskey, "BugIgnore2", 0, &i); cfg->sshbug_ignore2 = 2-i;

     {

 	int i;

 	gppi(sesskey, "BugHMAC2", 0, &i); cfg->sshbug_hmac2 = 2-i;

diff --git a/tools/plink/ssh.c b/tools/plink/ssh.c
index 89c0433ca..7c9b929de 100644
--- a/tools/plink/ssh.c
+++ b/tools/plink/ssh.c
@@ -13,6 +13,7 @@
 #include "tree234.h"

 #include "ssh.h"

 #ifndef NO_GSSAPI

+#include "sshgssc.h"

 #include "sshgss.h"

 #endif

 

@@ -194,6 +195,7 @@ static const char *const ssh2_disconnect_reasons[] = {
 #define BUG_SSH2_REKEY                           64

 #define BUG_SSH2_PK_SESSIONID                   128

 #define BUG_SSH2_MAXPKT				256

+#define BUG_CHOKES_ON_SSH2_IGNORE               512

 

 /*

  * Codes for terminal modes.

@@ -588,6 +590,17 @@ struct ssh_channel {
      * A channel is completely finished with when all four bits are set.

      */

     int closes;

+

+    /*

+     * This flag indicates that a close is pending on the outgoing

+     * side of the channel: that is, wherever we're getting the data

+     * for this channel has sent us some data followed by EOF. We

+     * can't actually close the channel until we've finished sending

+     * the data, so we set this flag instead to remind us to

+     * initiate the closing process once our buffer is clear.

+     */

+    int pending_close;

+

     /*

      * True if this channel is causing the underlying connection to be

      * throttled.

@@ -928,6 +941,13 @@ struct ssh_tag {
      * Fully qualified host name, which we need if doing GSSAPI.

      */

     char *fullhostname;

+

+#ifndef NO_GSSAPI

+    /*

+     * GSSAPI libraries for this session.

+     */

+    struct ssh_gss_liblist *gsslibs;

+#endif

 };

 

 #define logevent(s) logevent(ssh->frontend, s)

@@ -2011,7 +2031,8 @@ static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt, int noignore)
 {

     int len;

     if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC) &&

-	ssh->deferred_len == 0 && !noignore) {

+	ssh->deferred_len == 0 && !noignore &&

+	!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {

 	/*

 	 * Interpose an SSH_MSG_IGNORE to ensure that user data don't

 	 * get encrypted with a known IV.

@@ -2141,7 +2162,8 @@ static void ssh2_pkt_send_with_padding(Ssh ssh, struct Packet *pkt,
 	 * unavailable, we don't do this trick at all, because we

 	 * gain nothing by it.)

 	 */

-	if (ssh->cscipher) {

+	if (ssh->cscipher &&

+	    !(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {

 	    int stringlen, i;

 

 	    stringlen = (256 - ssh->deferred_len);

@@ -2508,6 +2530,15 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	ssh->remote_bugs |= BUG_SSH2_MAXPKT;

 	logevent("We believe remote version ignores SSH-2 maximum packet size");

     }

+

+    if (ssh->cfg.sshbug_ignore2 == FORCE_ON) {

+	/*

+	 * Servers that don't support SSH2_MSG_IGNORE. Currently,

+	 * none detected automatically.

+	 */

+	ssh->remote_bugs |= BUG_CHOKES_ON_SSH2_IGNORE;

+	logevent("We believe remote version has SSH-2 ignore bug");

+    }

 }

 

 /*

@@ -2853,6 +2884,8 @@ static int ssh_do_close(Ssh ssh, int notify_exit)
 	    del234(ssh->portfwds, pf); /* moving next one to index 0 */

 	    free_portfwd(pf);

 	}

+	freetree234(ssh->portfwds);

+	ssh->portfwds = NULL;

     }

 

     return ret;

@@ -4138,7 +4171,7 @@ void sshfwd_close(struct ssh_channel *c)
     if (ssh->state == SSH_STATE_CLOSED)

 	return;

 

-    if (c && !c->closes) {

+    if (!c->closes) {

 	/*

 	 * If halfopen is true, we have sent

 	 * CHANNEL_OPEN for this channel, but it hasn't even been

@@ -4150,14 +4183,42 @@ void sshfwd_close(struct ssh_channel *c)
 	    if (ssh->version == 1) {

 		send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,

 			    PKT_END);

+		c->closes = 1;		       /* sent MSG_CLOSE */

 	    } else {

-		struct Packet *pktout;

-		pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);

-		ssh2_pkt_adduint32(pktout, c->remoteid);

-		ssh2_pkt_send(ssh, pktout);

+		int bytes_to_send = bufchain_size(&c->v.v2.outbuffer);

+		if (bytes_to_send > 0) {

+		    /*

+		     * If we still have unsent data in our outgoing

+		     * buffer for this channel, we can't actually

+		     * initiate a close operation yet or that data

+		     * will be lost. Instead, set the pending_close

+		     * flag so that when we do clear the buffer

+		     * we'll start closing the channel.

+		     */

+		    char logmsg[160] = {'\0'};

+		    sprintf(

+			    logmsg,

+			    "Forwarded port pending to be closed : "

+			    "%d bytes remaining",

+			    bytes_to_send);

+		    logevent(logmsg);

+

+		    c->pending_close = TRUE;

+		} else {

+		    /*

+		     * No locally buffered data, so we can send the

+		     * close message immediately.

+		     */

+		    struct Packet *pktout;

+		    pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);

+		    ssh2_pkt_adduint32(pktout, c->remoteid);

+		    ssh2_pkt_send(ssh, pktout);

+		    c->closes = 1;		       /* sent MSG_CLOSE */

+		    logevent("Nothing left to send, closing channel");

+		}

 	    }

 	}

-	c->closes = 1;		       /* sent MSG_CLOSE */

+

 	if (c->type == CHAN_X11) {

 	    c->u.x11.s = NULL;

 	    logevent("Forwarded X11 connection terminated");

@@ -4296,6 +4357,7 @@ static void ssh_rportfwd_succfail(Ssh ssh, struct Packet *pktin, void *ctx)
 

 	rpf = del234(ssh->rportfwds, pf);

 	assert(rpf == pf);

+	pf->pfrec->remote = NULL;

 	free_rportfwd(pf);

     }

 }

@@ -4427,12 +4489,19 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
 

 	    epfrec = add234(ssh->portfwds, pfrec);

 	    if (epfrec != pfrec) {

+		if (epfrec->status == DESTROY) {

+		    /*

+		     * We already have a port forwarding up and running

+		     * with precisely these parameters. Hence, no need

+		     * to do anything; simply re-tag the existing one

+		     * as KEEP.

+		     */

+		    epfrec->status = KEEP;

+		}

 		/*

-		 * We already have a port forwarding with precisely

-		 * these parameters. Hence, no need to do anything;

-		 * simply tag the existing one as KEEP.

+		 * Anything else indicates that there was a duplicate

+		 * in our input, which we'll silently ignore.

 		 */

-		epfrec->status = KEEP;

 		free_portfwd(pfrec);

 	    } else {

 		pfrec->status = CREATE;

@@ -4465,6 +4534,8 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)
 	    logeventf(ssh, "Cancelling %s", message);

 	    sfree(message);

 

+	    /* epf->remote or epf->local may be NULL if setting up a

+	     * forwarding failed. */

 	    if (epf->remote) {

 		struct ssh_rportfwd *rpf = epf->remote;

 		struct Packet *pktout;

@@ -4674,6 +4745,7 @@ static void ssh1_smsg_x11_open(Ssh ssh, struct Packet *pktin)
 	    c->halfopen = FALSE;

 	    c->localid = alloc_channel_id(ssh);

 	    c->closes = 0;

+	    c->pending_close = FALSE;

 	    c->throttling_conn = 0;

 	    c->type = CHAN_X11;	/* identify channel type */

 	    add234(ssh->channels, c);

@@ -4703,6 +4775,7 @@ static void ssh1_smsg_agent_open(Ssh ssh, struct Packet *pktin)
 	c->halfopen = FALSE;

 	c->localid = alloc_channel_id(ssh);

 	c->closes = 0;

+	c->pending_close = FALSE;

 	c->throttling_conn = 0;

 	c->type = CHAN_AGENT;	/* identify channel type */

 	c->u.a.lensofar = 0;

@@ -4757,6 +4830,7 @@ static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin)
 	    c->halfopen = FALSE;

 	    c->localid = alloc_channel_id(ssh);

 	    c->closes = 0;

+	    c->pending_close = FALSE;

 	    c->throttling_conn = 0;

 	    c->type = CHAN_SOCKDATA;	/* identify channel type */

 	    add234(ssh->channels, c);

@@ -6323,7 +6397,7 @@ static int ssh2_try_send(struct ssh_channel *c)
     return bufchain_size(&c->v.v2.outbuffer);

 }

 

-static void ssh2_try_send_and_unthrottle(struct ssh_channel *c)

+static void ssh2_try_send_and_unthrottle(Ssh ssh, struct ssh_channel *c)

 {

     int bufsize;

     if (c->closes)

@@ -6347,6 +6421,19 @@ static void ssh2_try_send_and_unthrottle(struct ssh_channel *c)
 	    break;

 	}

     }

+

+    /*

+     * If we've emptied the channel's output buffer and there's a

+     * pending close event, start the channel-closing procedure.

+     */

+    if (c->pending_close && bufchain_size(&c->v.v2.outbuffer) == 0) {

+	struct Packet *pktout;

+	pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);

+	ssh2_pkt_adduint32(pktout, c->remoteid);

+	ssh2_pkt_send(ssh, pktout);

+	c->closes = 1;

+	c->pending_close = FALSE;

+    }

 }

 

 /*

@@ -6357,6 +6444,7 @@ static void ssh2_channel_init(struct ssh_channel *c)
     Ssh ssh = c->ssh;

     c->localid = alloc_channel_id(ssh);

     c->closes = 0;

+    c->pending_close = FALSE;

     c->throttling_conn = FALSE;

     c->v.v2.locwindow = c->v.v2.locmaxwin = c->v.v2.remlocwin =

 	ssh->cfg.ssh_simple ? OUR_V2_BIGWIN : OUR_V2_WINSIZE;

@@ -6540,7 +6628,7 @@ static void ssh2_msg_channel_window_adjust(Ssh ssh, struct Packet *pktin)
 	return;

     if (!c->closes) {

 	c->v.v2.remwindow += ssh_pkt_getuint32(pktin);

-	ssh2_try_send_and_unthrottle(c);

+	ssh2_try_send_and_unthrottle(ssh, c);

     }

 }

 

@@ -6661,11 +6749,13 @@ static void ssh2_msg_channel_eof(Ssh ssh, struct Packet *pktin)
 	 * wrap up and close the channel ourselves.

 	 */

 	x11_close(c->u.x11.s);

+	c->u.x11.s = NULL;

 	sshfwd_close(c);

     } else if (c->type == CHAN_AGENT) {

 	sshfwd_close(c);

     } else if (c->type == CHAN_SOCKDATA) {

 	pfd_close(c->u.pfd.s);

+	c->u.pfd.s = NULL;

 	sshfwd_close(c);

     }

 }

@@ -7186,6 +7276,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 	int num_env, env_left, env_ok;

 	struct Packet *pktout;

 #ifndef NO_GSSAPI

+	struct ssh_gss_library *gsslib;

 	Ssh_gss_ctx gss_ctx;

 	Ssh_gss_buf gss_buf;

 	Ssh_gss_buf gss_rcvtok, gss_sndtok;

@@ -7454,6 +7545,9 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 	}

 

 	while (1) {

+	    char *methods = NULL;

+	    int methlen = 0;

+

 	    /*

 	     * Wait for the result of the last authentication request.

 	     */

@@ -7503,8 +7597,6 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 	     * helpfully try next.

 	     */

 	    if (pktin->type == SSH2_MSG_USERAUTH_FAILURE) {

-		char *methods;

-		int methlen;

 		ssh_pkt_getstring(pktin, &methods, &methlen);

 		if (!ssh2_pkt_getbool(pktin)) {

 		    /*

@@ -7560,10 +7652,12 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		    in_commasep_string("password", methods, methlen);

 		s->can_keyb_inter = ssh->cfg.try_ki_auth &&

 		    in_commasep_string("keyboard-interactive", methods, methlen);

-#ifndef NO_GSSAPI		

+#ifndef NO_GSSAPI

+		if (!ssh->gsslibs)

+		    ssh->gsslibs = ssh_gss_setup(&ssh->cfg);

 		s->can_gssapi = ssh->cfg.try_gssapi_auth &&

-		  in_commasep_string("gssapi-with-mic", methods, methlen) &&

-		  ssh_gss_init();

+		    in_commasep_string("gssapi-with-mic", methods, methlen) &&

+		    ssh->gsslibs->nlibraries > 0;

 #endif

 	    }

 

@@ -7906,6 +8000,35 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		s->gotit = TRUE;

 		ssh->pkt_actx = SSH2_PKTCTX_GSSAPI;

 

+		/*

+		 * Pick the highest GSS library on the preference

+		 * list.

+		 */

+		{

+		    int i, j;

+		    s->gsslib = NULL;

+		    for (i = 0; i < ngsslibs; i++) {

+			int want_id = ssh->cfg.ssh_gsslist[i];

+			for (j = 0; j < ssh->gsslibs->nlibraries; j++)

+			    if (ssh->gsslibs->libraries[j].id == want_id) {

+				s->gsslib = &ssh->gsslibs->libraries[j];

+				goto got_gsslib;   /* double break */

+			    }

+		    }

+		    got_gsslib:

+		    /*

+		     * We always expect to have found something in

+		     * the above loop: we only came here if there

+		     * was at least one viable GSS library, and the

+		     * preference list should always mention

+		     * everything and only change the order.

+		     */

+		    assert(s->gsslib);

+		}

+

+		if (s->gsslib->gsslogmsg)

+		    logevent(s->gsslib->gsslogmsg);

+

 		/* Sending USERAUTH_REQUEST with "gssapi-with-mic" method */

 		s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);

 		ssh2_pkt_addstring(s->pktout, s->username);

@@ -7913,7 +8036,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		ssh2_pkt_addstring(s->pktout, "gssapi-with-mic");

 

 		/* add mechanism info */

-		ssh_gss_indicate_mech(&s->gss_buf);

+		s->gsslib->indicate_mech(s->gsslib, &s->gss_buf);

 

 		/* number of GSSAPI mechanisms */

 		ssh2_pkt_adduint32(s->pktout,1);

@@ -7949,8 +8072,9 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		}

 

 		/* now start running */

-		s->gss_stat = ssh_gss_import_name(ssh->fullhostname,

-						  &s->gss_srv_name);

+		s->gss_stat = s->gsslib->import_name(s->gsslib,

+						     ssh->fullhostname,

+						     &s->gss_srv_name);

 		if (s->gss_stat != SSH_GSS_OK) {

 		    if (s->gss_stat == SSH_GSS_BAD_HOST_NAME)

 			logevent("GSSAPI import name failed - Bad service name");

@@ -7960,11 +8084,11 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		}

 

 		/* fetch TGT into GSS engine */

-		s->gss_stat = ssh_gss_acquire_cred(&s->gss_ctx);

+		s->gss_stat = s->gsslib->acquire_cred(s->gsslib, &s->gss_ctx);

 

 		if (s->gss_stat != SSH_GSS_OK) {

 		    logevent("GSSAPI authentication failed to get credentials");

-		    ssh_gss_release_name(&s->gss_srv_name);

+		    s->gsslib->release_name(s->gsslib, &s->gss_srv_name);

 		    continue;

 		}

 

@@ -7974,17 +8098,20 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 

 		/* now enter the loop */

 		do {

-		    s->gss_stat = ssh_gss_init_sec_context(&s->gss_ctx,

-							   s->gss_srv_name,

-							   ssh->cfg.gssapifwd,

-							   &s->gss_rcvtok,

-							   &s->gss_sndtok);

+		    s->gss_stat = s->gsslib->init_sec_context

+			(s->gsslib,

+			 &s->gss_ctx,

+			 s->gss_srv_name,

+			 ssh->cfg.gssapifwd,

+			 &s->gss_rcvtok,

+			 &s->gss_sndtok);

 

 		    if (s->gss_stat!=SSH_GSS_S_COMPLETE &&

 			s->gss_stat!=SSH_GSS_S_CONTINUE_NEEDED) {

 			logevent("GSSAPI authentication initialisation failed");

 

-			if (ssh_gss_display_status(s->gss_ctx,&s->gss_buf) == SSH_GSS_OK) {

+			if (s->gsslib->display_status(s->gsslib, s->gss_ctx,

+						      &s->gss_buf) == SSH_GSS_OK) {

 			    logevent(s->gss_buf.value);

 			    sfree(s->gss_buf.value);

 			}

@@ -8001,7 +8128,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 			ssh_pkt_addstring_start(s->pktout);

 			ssh_pkt_addstring_data(s->pktout,s->gss_sndtok.value,s->gss_sndtok.length);

 			ssh2_pkt_send(ssh, s->pktout);

-			ssh_gss_free_tok(&s->gss_sndtok);

+			s->gsslib->free_tok(s->gsslib, &s->gss_sndtok);

 		    }

 

 		    if (s->gss_stat == SSH_GSS_S_CONTINUE_NEEDED) {

@@ -8018,8 +8145,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		} while (s-> gss_stat == SSH_GSS_S_CONTINUE_NEEDED);

 

 		if (s->gss_stat != SSH_GSS_OK) {

-		    ssh_gss_release_name(&s->gss_srv_name);

-		    ssh_gss_release_cred(&s->gss_ctx);

+		    s->gsslib->release_name(s->gsslib, &s->gss_srv_name);

+		    s->gsslib->release_cred(s->gsslib, &s->gss_ctx);

 		    continue;

 		}

 		logevent("GSSAPI authentication loop finished OK");

@@ -8038,17 +8165,17 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		s->gss_buf.value = (char *)s->pktout->data + micoffset;

 		s->gss_buf.length = s->pktout->length - micoffset;

 

-		ssh_gss_get_mic(s->gss_ctx, &s->gss_buf, &mic);

+		s->gsslib->get_mic(s->gsslib, s->gss_ctx, &s->gss_buf, &mic);

 		s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_MIC);

 		ssh_pkt_addstring_start(s->pktout);

 		ssh_pkt_addstring_data(s->pktout, mic.value, mic.length);

 		ssh2_pkt_send(ssh, s->pktout);

-		ssh_gss_free_mic(&mic);

+		s->gsslib->free_mic(s->gsslib, &mic);

 

 		s->gotit = FALSE;

 

-		ssh_gss_release_name(&s->gss_srv_name);

-		ssh_gss_release_cred(&s->gss_ctx);

+		s->gsslib->release_name(s->gsslib, &s->gss_srv_name);

+		s->gsslib->release_cred(s->gsslib, &s->gss_ctx);

 		continue;

 #endif

 	    } else if (s->can_keyb_inter && !s->kbd_inter_refused) {

@@ -8434,11 +8561,16 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 		sfree(s->password);

 

 	    } else {

+		char *str = dupprintf("No supported authentication methods available"

+				      " (server sent: %.*s)",

+				      methlen, methods);

 

-		ssh_disconnect(ssh, NULL,

+		ssh_disconnect(ssh, str,

 			       "No supported authentication methods available",

 			       SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE,

 			       FALSE);

+		sfree(str);

+

 		crStopV;

 

 	    }

@@ -8877,7 +9009,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,
 	     * Try to send data on all channels if we can.

 	     */

 	    for (i = 0; NULL != (c = index234(ssh->channels, i)); i++)

-		ssh2_try_send_and_unthrottle(c);

+		ssh2_try_send_and_unthrottle(ssh, c);

 	}

     }

 

@@ -9159,6 +9291,10 @@ static const char *ssh_init(void *frontend_handle, void **backend_handle,
     ssh->max_data_size = parse_blocksize(ssh->cfg.ssh_rekey_data);

     ssh->kex_in_progress = FALSE;

 

+#ifndef NO_GSSAPI

+    ssh->gsslibs = NULL;

+#endif

+

     p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);

     if (p != NULL)

 	return p;

@@ -9231,7 +9367,7 @@ static void ssh_free(void *handle)
 

     if (ssh->rportfwds) {

 	while ((pf = delpos234(ssh->rportfwds, 0)) != NULL)

-	    sfree(pf);

+	    free_rportfwd(pf);

 	freetree234(ssh->rportfwds);

 	ssh->rportfwds = NULL;

     }

@@ -9255,6 +9391,10 @@ static void ssh_free(void *handle)
     if (ssh->pinger)

 	pinger_free(ssh->pinger);

     bufchain_clear(&ssh->queued_incoming_data);

+#ifndef NO_GSSAPI

+    if (ssh->gsslibs)

+	ssh_gss_cleanup(ssh->gsslibs);

+#endif

     sfree(ssh);

 

     random_unref();

@@ -9415,8 +9555,10 @@ static const struct telnet_special *ssh_get_specials(void *handle)
     static const struct telnet_special ssh1_ignore_special[] = {

 	{"IGNORE message", TS_NOP}

     };

-    static const struct telnet_special ssh2_transport_specials[] = {

+    static const struct telnet_special ssh2_ignore_special[] = {

 	{"IGNORE message", TS_NOP},

+    };

+    static const struct telnet_special ssh2_rekey_special[] = {

 	{"Repeat key exchange", TS_REKEY},

     };

     static const struct telnet_special ssh2_session_specials[] = {

@@ -9441,7 +9583,8 @@ static const struct telnet_special *ssh_get_specials(void *handle)
 	{NULL, TS_EXITMENU}

     };

     /* XXX review this length for any changes: */

-    static struct telnet_special ssh_specials[lenof(ssh2_transport_specials) +

+    static struct telnet_special ssh_specials[lenof(ssh2_ignore_special) +

+					      lenof(ssh2_rekey_special) +

 					      lenof(ssh2_session_specials) +

 					      lenof(specials_end)];

     Ssh ssh = (Ssh) handle;

@@ -9460,7 +9603,10 @@ static const struct telnet_special *ssh_get_specials(void *handle)
 	if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))

 	    ADD_SPECIALS(ssh1_ignore_special);

     } else if (ssh->version == 2) {

-	ADD_SPECIALS(ssh2_transport_specials);

+	if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE))

+	    ADD_SPECIALS(ssh2_ignore_special);

+	if (!(ssh->remote_bugs & BUG_SSH2_REKEY))

+	    ADD_SPECIALS(ssh2_rekey_special);

 	if (ssh->mainchan)

 	    ADD_SPECIALS(ssh2_session_specials);

     } /* else we're not ready yet */

@@ -9510,9 +9656,11 @@ static void ssh_special(void *handle, Telnet_Special code)
 	    if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))

 		send_packet(ssh, SSH1_MSG_IGNORE, PKT_STR, "", PKT_END);

 	} else {

-	    pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);

-	    ssh2_pkt_addstring_start(pktout);

-	    ssh2_pkt_send_noqueue(ssh, pktout);

+	    if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {

+		pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);

+		ssh2_pkt_addstring_start(pktout);

+		ssh2_pkt_send_noqueue(ssh, pktout);

+	    }

 	}

     } else if (code == TS_REKEY) {

 	if (!ssh->kex_in_progress && ssh->version == 2) {

diff --git a/tools/plink/ssh.h b/tools/plink/ssh.h
index 814939c2b..86c402965 100644
--- a/tools/plink/ssh.h
+++ b/tools/plink/ssh.h
@@ -71,8 +71,12 @@ unsigned char *rsa_public_blob(struct RSAKey *key, int *len);
 int rsa_public_blob_len(void *data, int maxlen);

 void freersakey(struct RSAKey *key);

 

-typedef unsigned int word32;

+#ifndef PUTTY_UINT32_DEFINED

+/* This makes assumptions about the int type. */

 typedef unsigned int uint32;

+#define PUTTY_UINT32_DEFINED

+#endif

+typedef uint32 word32;

 

 unsigned long crc32_compute(const void *s, size_t len);

 unsigned long crc32_update(unsigned long crc_input, const void *s, size_t len);

@@ -290,6 +294,14 @@ extern const struct ssh_mac ssh_hmac_sha1_buggy;
 extern const struct ssh_mac ssh_hmac_sha1_96;

 extern const struct ssh_mac ssh_hmac_sha1_96_buggy;

 

+void *aes_make_context(void);

+void aes_free_context(void *handle);

+void aes128_key(void *handle, unsigned char *key);

+void aes192_key(void *handle, unsigned char *key);

+void aes256_key(void *handle, unsigned char *key);

+void aes_iv(void *handle, unsigned char *iv);

+void aes_ssh2_encrypt_blk(void *handle, unsigned char *blk, int len);

+void aes_ssh2_decrypt_blk(void *handle, unsigned char *blk, int len);

 

 /*

  * PuTTY version number formatted as an SSH version string. 

diff --git a/tools/plink/sshaes.c b/tools/plink/sshaes.c
index 089e6c5d8..7684cd949 100644
--- a/tools/plink/sshaes.c
+++ b/tools/plink/sshaes.c
@@ -1097,35 +1097,35 @@ static void aes_sdctr(unsigned char *blk, int len, AESContext *ctx)
     memcpy(ctx->iv, iv, sizeof(iv));

 }

 

-static void *aes_make_context(void)

+void *aes_make_context(void)

 {

     return snew(AESContext);

 }

 

-static void aes_free_context(void *handle)

+void aes_free_context(void *handle)

 {

     sfree(handle);

 }

 

-static void aes128_key(void *handle, unsigned char *key)

+void aes128_key(void *handle, unsigned char *key)

 {

     AESContext *ctx = (AESContext *)handle;

     aes_setup(ctx, 16, key, 16);

 }

 

-static void aes192_key(void *handle, unsigned char *key)

+void aes192_key(void *handle, unsigned char *key)

 {

     AESContext *ctx = (AESContext *)handle;

     aes_setup(ctx, 16, key, 24);

 }

 

-static void aes256_key(void *handle, unsigned char *key)

+void aes256_key(void *handle, unsigned char *key)

 {

     AESContext *ctx = (AESContext *)handle;

     aes_setup(ctx, 16, key, 32);

 }

 

-static void aes_iv(void *handle, unsigned char *iv)

+void aes_iv(void *handle, unsigned char *iv)

 {

     AESContext *ctx = (AESContext *)handle;

     int i;

@@ -1133,13 +1133,13 @@ static void aes_iv(void *handle, unsigned char *iv)
 	ctx->iv[i] = GET_32BIT_MSB_FIRST(iv + 4 * i);

 }

 

-static void aes_ssh2_encrypt_blk(void *handle, unsigned char *blk, int len)

+void aes_ssh2_encrypt_blk(void *handle, unsigned char *blk, int len)

 {

     AESContext *ctx = (AESContext *)handle;

     aes_encrypt_cbc(blk, len, ctx);

 }

 

-static void aes_ssh2_decrypt_blk(void *handle, unsigned char *blk, int len)

+void aes_ssh2_decrypt_blk(void *handle, unsigned char *blk, int len)

 {

     AESContext *ctx = (AESContext *)handle;

     aes_decrypt_cbc(blk, len, ctx);

diff --git a/tools/plink/sshgss.h b/tools/plink/sshgss.h
index 2115cb124..5d8fca1b7 100644
--- a/tools/plink/sshgss.h
+++ b/tools/plink/sshgss.h
@@ -1,106 +1,188 @@
-#include "puttyps.h"
-
-#define SSH2_GSS_OIDTYPE 0x06
-typedef void *Ssh_gss_ctx;
-
-typedef enum Ssh_gss_stat {
-    SSH_GSS_OK = 0,
-    SSH_GSS_S_CONTINUE_NEEDED,
-    SSH_GSS_NO_MEM,
-    SSH_GSS_BAD_HOST_NAME,
-    SSH_GSS_FAILURE
-} Ssh_gss_stat;
-
-#define SSH_GSS_S_COMPLETE SSH_GSS_OK
-
-#define SSH_GSS_CLEAR_BUF(buf) do {		\
-    (*buf).length = 0;				\
-    (*buf).value = NULL;				\
-} while (0)
-
-/* Functions, provided by either wingss.c or uxgss.c */
-
-/*
- * Do startup-time initialisation for using GSSAPI. (On Windows,
- * for instance, this dynamically loads the GSSAPI DLL and
- * retrieves some function pointers.)
- *
- * Return value is 1 on success, or 0 if initialisation failed.
- *
- * May be called multiple times (since the most convenient place
- * to call it _from_ is the ssh.c setup code), and will harmlessly
- * return success if already initialised.
- */
-int ssh_gss_init(void);
-
-/*
- * Fills in buf with a string describing the GSSAPI mechanism in
- * use. buf->data is not dynamically allocated.
- */
-Ssh_gss_stat ssh_gss_indicate_mech(Ssh_gss_buf *buf);
-
-/*
- * Converts a name such as a hostname into a GSSAPI internal form,
- * which is placed in "out". The result should be freed by
- * ssh_gss_release_name().
- */
-Ssh_gss_stat ssh_gss_import_name(char *in, Ssh_gss_name *out);
-
-/*
- * Frees the contents of an Ssh_gss_name structure filled in by
- * ssh_gss_import_name().
- */
-Ssh_gss_stat ssh_gss_release_name(Ssh_gss_name *name);
-
-/*
- * The main GSSAPI security context setup function. The "out"
- * parameter will need to be freed by ssh_gss_free_tok.
- */
-Ssh_gss_stat ssh_gss_init_sec_context(Ssh_gss_ctx *ctx, Ssh_gss_name name, int delegate,
-				      Ssh_gss_buf *in, Ssh_gss_buf *out);
-
-/*
- * Frees the contents of an Ssh_gss_buf filled in by
- * ssh_gss_init_sec_context(). Do not accidentally call this on
- * something filled in by ssh_gss_get_mic() (which requires a
- * different free function) or something filled in by any other
- * way.
- */
-Ssh_gss_stat ssh_gss_free_tok(Ssh_gss_buf *);
-
-/*
- * Acquires the credentials to perform authentication in the first
- * place. Needs to be freed by ssh_gss_release_cred().
- */
-Ssh_gss_stat ssh_gss_acquire_cred(Ssh_gss_ctx *);
-
-/*
- * Frees the contents of an Ssh_gss_ctx filled in by
- * ssh_gss_acquire_cred().
- */
-Ssh_gss_stat ssh_gss_release_cred(Ssh_gss_ctx *);
-
-/*
- * Gets a MIC for some input data. "out" needs to be freed by
- * ssh_gss_free_mic().
- */
-Ssh_gss_stat ssh_gss_get_mic(Ssh_gss_ctx ctx, Ssh_gss_buf *in,
-			     Ssh_gss_buf *out);
-
-/*
- * Frees the contents of an Ssh_gss_buf filled in by
- * ssh_gss_get_mic(). Do not accidentally call this on something
- * filled in by ssh_gss_init_sec_context() (which requires a
- * different free function) or something filled in by any other
- * way.
- */
-Ssh_gss_stat ssh_gss_free_mic(Ssh_gss_buf *);
-
-/*
- * Return an error message after authentication failed. The
- * message string is returned in "buf", with buf->len giving the
- * number of characters of printable message text and buf->data
- * containing one more character which is a trailing NUL.
- * buf->data should be manually freed by the caller. 
- */
-Ssh_gss_stat ssh_gss_display_status(Ssh_gss_ctx, Ssh_gss_buf *buf);
+#ifndef PUTTY_SSHGSS_H

+#define PUTTY_SSHGSS_H

+#include "putty.h"

+#include "pgssapi.h"

+

+#ifndef NO_GSSAPI

+

+#define SSH2_GSS_OIDTYPE 0x06

+typedef void *Ssh_gss_ctx;

+

+typedef enum Ssh_gss_stat {

+    SSH_GSS_OK = 0,

+    SSH_GSS_S_CONTINUE_NEEDED,

+    SSH_GSS_NO_MEM,

+    SSH_GSS_BAD_HOST_NAME,

+    SSH_GSS_FAILURE

+} Ssh_gss_stat;

+

+#define SSH_GSS_S_COMPLETE SSH_GSS_OK

+

+#define SSH_GSS_CLEAR_BUF(buf) do {		\

+    (*buf).length = 0;				\

+    (*buf).value = NULL;				\

+} while (0)

+

+typedef gss_buffer_desc Ssh_gss_buf;

+typedef gss_name_t Ssh_gss_name;

+

+/* Functions, provided by either wingss.c or sshgssc.c */

+

+struct ssh_gss_library;

+

+/*

+ * Prepare a collection of GSSAPI libraries for use in a single SSH

+ * connection. Returns a structure containing a list of libraries,

+ * with their ids (see struct ssh_gss_library below) filled in so

+ * that the client can go through them in the SSH user's preferred

+ * order.

+ *

+ * Must always return non-NULL. (Even if no libraries are available,

+ * it must return an empty structure.)

+ *

+ * The free function cleans up the structure, and its associated

+ * libraries (if any).

+ */

+struct ssh_gss_liblist {

+    struct ssh_gss_library *libraries;

+    int nlibraries;

+};

+struct ssh_gss_liblist *ssh_gss_setup(const Config *cfg);

+void ssh_gss_cleanup(struct ssh_gss_liblist *list);

+

+/*

+ * Fills in buf with a string describing the GSSAPI mechanism in

+ * use. buf->data is not dynamically allocated.

+ */

+typedef Ssh_gss_stat (*t_ssh_gss_indicate_mech)(struct ssh_gss_library *lib,

+						Ssh_gss_buf *buf);

+

+/*

+ * Converts a name such as a hostname into a GSSAPI internal form,

+ * which is placed in "out". The result should be freed by

+ * ssh_gss_release_name().

+ */

+typedef Ssh_gss_stat (*t_ssh_gss_import_name)(struct ssh_gss_library *lib,

+					      char *in, Ssh_gss_name *out);

+

+/*

+ * Frees the contents of an Ssh_gss_name structure filled in by

+ * ssh_gss_import_name().

+ */

+typedef Ssh_gss_stat (*t_ssh_gss_release_name)(struct ssh_gss_library *lib,

+					       Ssh_gss_name *name);

+

+/*

+ * The main GSSAPI security context setup function. The "out"

+ * parameter will need to be freed by ssh_gss_free_tok.

+ */

+typedef Ssh_gss_stat (*t_ssh_gss_init_sec_context)

+    (struct ssh_gss_library *lib,

+     Ssh_gss_ctx *ctx, Ssh_gss_name name, int delegate,

+     Ssh_gss_buf *in, Ssh_gss_buf *out);

+

+/*

+ * Frees the contents of an Ssh_gss_buf filled in by

+ * ssh_gss_init_sec_context(). Do not accidentally call this on

+ * something filled in by ssh_gss_get_mic() (which requires a

+ * different free function) or something filled in by any other

+ * way.

+ */

+typedef Ssh_gss_stat (*t_ssh_gss_free_tok)(struct ssh_gss_library *lib,

+					   Ssh_gss_buf *);

+

+/*

+ * Acquires the credentials to perform authentication in the first

+ * place. Needs to be freed by ssh_gss_release_cred().

+ */

+typedef Ssh_gss_stat (*t_ssh_gss_acquire_cred)(struct ssh_gss_library *lib,

+					       Ssh_gss_ctx *);

+

+/*

+ * Frees the contents of an Ssh_gss_ctx filled in by

+ * ssh_gss_acquire_cred().

+ */

+typedef Ssh_gss_stat (*t_ssh_gss_release_cred)(struct ssh_gss_library *lib,

+					       Ssh_gss_ctx *);

+

+/*

+ * Gets a MIC for some input data. "out" needs to be freed by

+ * ssh_gss_free_mic().

+ */

+typedef Ssh_gss_stat (*t_ssh_gss_get_mic)(struct ssh_gss_library *lib,

+					  Ssh_gss_ctx ctx, Ssh_gss_buf *in,

+                 Ssh_gss_buf *out);

+

+/*

+ * Frees the contents of an Ssh_gss_buf filled in by

+ * ssh_gss_get_mic(). Do not accidentally call this on something

+ * filled in by ssh_gss_init_sec_context() (which requires a

+ * different free function) or something filled in by any other

+ * way.

+ */

+typedef Ssh_gss_stat (*t_ssh_gss_free_mic)(struct ssh_gss_library *lib,

+					   Ssh_gss_buf *);

+

+/*

+ * Return an error message after authentication failed. The

+ * message string is returned in "buf", with buf->len giving the

+ * number of characters of printable message text and buf->data

+ * containing one more character which is a trailing NUL.

+ * buf->data should be manually freed by the caller. 

+ */

+typedef Ssh_gss_stat (*t_ssh_gss_display_status)(struct ssh_gss_library *lib,

+						 Ssh_gss_ctx, Ssh_gss_buf *buf);

+

+struct ssh_gss_library {

+    /*

+     * Identifying number in the enumeration used by the

+     * configuration code to specify a preference order.

+     */

+    int id;

+

+    /*

+     * Filled in at initialisation time, if there's anything

+     * interesting to say about how GSSAPI was initialised (e.g.

+     * which of a number of alternative libraries was used).

+     */

+    const char *gsslogmsg;

+

+    /*

+     * Function pointers implementing the SSH wrapper layer on top

+     * of GSSAPI. (Defined in sshgssc, typically, though Windows

+     * provides an alternative layer to sit on top of the annoyingly

+     * different SSPI.)

+     */

+    t_ssh_gss_indicate_mech indicate_mech;

+    t_ssh_gss_import_name import_name;

+    t_ssh_gss_release_name release_name;

+    t_ssh_gss_init_sec_context init_sec_context;

+    t_ssh_gss_free_tok free_tok;

+    t_ssh_gss_acquire_cred acquire_cred;

+    t_ssh_gss_release_cred release_cred;

+    t_ssh_gss_get_mic get_mic;

+    t_ssh_gss_free_mic free_mic;

+    t_ssh_gss_display_status display_status;

+

+    /*

+     * Additional data for the wrapper layers.

+     */

+    union {

+	struct gssapi_functions gssapi;

+	/*

+	 * The SSPI wrappers don't need to store their Windows API

+	 * function pointers in this structure, because there can't

+	 * be more than one set of them available.

+	 */

+    } u;

+

+    /*

+     * Wrapper layers will often also need to store a library handle

+     * of some sort for cleanup time.

+     */

+    void *handle;

+};

+

+#endif /* NO_GSSAPI */

+

+#endif /*PUTTY_SSHGSS_H*/

diff --git a/tools/plink/sshrand.c b/tools/plink/sshrand.c
index 57ccc1393..91d9b3772 100644
--- a/tools/plink/sshrand.c
+++ b/tools/plink/sshrand.c
@@ -4,6 +4,7 @@
 

 #include "putty.h"

 #include "ssh.h"

+#include <assert.h>

 

 /* Collect environmental noise every 5 minutes */

 #define NOISE_REGULAR_INTERVAL (5*60*TICKSPERSEC)

@@ -225,6 +226,10 @@ void random_ref(void)
 void random_unref(void)

 {

     random_active--;

+    assert(random_active >= 0);

+    if (random_active) return;

+

+    expire_timer_context(&pool);

 }

 

 int random_byte(void)

diff --git a/tools/plink/sshsh512.c b/tools/plink/sshsh512.c
index c025ffd17..bdb126fcf 100644
--- a/tools/plink/sshsh512.c
+++ b/tools/plink/sshsh512.c
@@ -13,14 +13,14 @@
  * overlap destination with one source, but the others can't.

  */

 #define add(r,x,y) ( r.lo = y.lo + x.lo, \

-		     r.hi = y.hi + x.hi + (r.lo < y.lo) )

-#define rorB(r,x,y) ( r.lo = (x.hi >> ((y)-32)) | (x.lo << (64-(y))), \

-		      r.hi = (x.lo >> ((y)-32)) | (x.hi << (64-(y))) )

-#define rorL(r,x,y) ( r.lo = (x.lo >> (y)) | (x.hi << (32-(y))), \

-		      r.hi = (x.hi >> (y)) | (x.lo << (32-(y))) )

-#define shrB(r,x,y) ( r.lo = x.hi >> ((y)-32), r.hi = 0 )

-#define shrL(r,x,y) ( r.lo = (x.lo >> (y)) | (x.hi << (32-(y))), \

-		      r.hi = x.hi >> (y) )

+		     r.hi = y.hi + x.hi + ((uint32)r.lo < (uint32)y.lo) )

+#define rorB(r,x,y) ( r.lo = ((uint32)x.hi >> ((y)-32)) | ((uint32)x.lo << (64-(y))), \

+		      r.hi = ((uint32)x.lo >> ((y)-32)) | ((uint32)x.hi << (64-(y))) )

+#define rorL(r,x,y) ( r.lo = ((uint32)x.lo >> (y)) | ((uint32)x.hi << (32-(y))), \

+		      r.hi = ((uint32)x.hi >> (y)) | ((uint32)x.lo << (32-(y))) )

+#define shrB(r,x,y) ( r.lo = (uint32)x.hi >> ((y)-32), r.hi = 0 )

+#define shrL(r,x,y) ( r.lo = ((uint32)x.lo >> (y)) | ((uint32)x.hi << (32-(y))), \

+		      r.hi = (uint32)x.hi >> (y) )

 #define and(r,x,y) ( r.lo = x.lo & y.lo, r.hi = x.hi & y.hi )

 #define xor(r,x,y) ( r.lo = x.lo ^ y.lo, r.hi = x.hi ^ y.hi )

 #define not(r,x) ( r.lo = ~x.lo, r.hi = ~x.hi )

diff --git a/tools/plink/version.c b/tools/plink/version.c
index c0d28b884..483495771 100644
--- a/tools/plink/version.c
+++ b/tools/plink/version.c
@@ -5,6 +5,8 @@
 #define STR1(x) #x

 #define STR(x) STR1(x)

 

+#define SVN_REV 9025

+

 #if defined SNAPSHOT

 

 #if defined SVN_REV

@@ -25,7 +27,7 @@ char sshver[] = "PuTTY-Release-" STR(RELEASE);
 

 #elif defined SVN_REV

 

-char ver[] = "Custom build r" STR(SVN_REV);

+char ver[] = "Custom build r" STR(SVN_REV) ", " __DATE__ " " __TIME__;

 char sshver[] = "PuTTY-Custom-r" STR(SVN_REV);

 

 #else

diff --git a/tools/plink/wingss.c b/tools/plink/wingss.c
index 742106e88..4efad5d58 100644
--- a/tools/plink/wingss.c
+++ b/tools/plink/wingss.c
@@ -1,322 +1,478 @@
-#ifndef NO_GSSAPI
-
-#include "putty.h"
-
-#define SECURITY_WIN32
-#include <security.h>
-
-#include "sshgss.h"
-#include "misc.h"
-
-#define NOTHING
-#define DECL_SSPI_FUNCTION(linkage, rettype, name, params)	\
-  typedef rettype (WINAPI *t_##name) params;			\
-  linkage t_##name p_##name
-#define GET_SSPI_FUNCTION(module, name)					\
-  p_##name = module ? (t_##name) GetProcAddress(module, #name) : NULL
-
-DECL_SSPI_FUNCTION(static, SECURITY_STATUS,
-		   AcquireCredentialsHandleA,
-		   (SEC_CHAR *, SEC_CHAR *, ULONG, PLUID,
-		    PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp));
-DECL_SSPI_FUNCTION(static, SECURITY_STATUS,
-		   InitializeSecurityContextA,
-		   (PCredHandle, PCtxtHandle, SEC_CHAR *, ULONG, ULONG,
-		   ULONG, PSecBufferDesc, ULONG, PCtxtHandle,
-		    PSecBufferDesc, PULONG, PTimeStamp));
-DECL_SSPI_FUNCTION(static, SECURITY_STATUS,
-		   FreeContextBuffer,
-		   (PVOID));
-DECL_SSPI_FUNCTION(static, SECURITY_STATUS,
-		   FreeCredentialsHandle,
-		   (PCredHandle));
-DECL_SSPI_FUNCTION(static, SECURITY_STATUS,
-		   DeleteSecurityContext,
-		   (PCtxtHandle));
-DECL_SSPI_FUNCTION(static, SECURITY_STATUS,
-		   QueryContextAttributesA,
-		   (PCtxtHandle, ULONG, PVOID));
-DECL_SSPI_FUNCTION(static, SECURITY_STATUS,
-		   MakeSignature,
-		   (PCtxtHandle, ULONG, PSecBufferDesc, ULONG));
-
-static HMODULE security_module = NULL;
-
-typedef struct winSsh_gss_ctx {
-    unsigned long maj_stat;
-    unsigned long min_stat;
-    CredHandle cred_handle;
-    CtxtHandle context;
-    PCtxtHandle context_handle;
-    TimeStamp expiry;
-} winSsh_gss_ctx;
-
-
-const Ssh_gss_buf gss_mech_krb5={9,"\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"};
-
-int ssh_gss_init(void)
-{
-    if (security_module)
-	return 1;		       /* already initialised */
-
-    security_module = LoadLibrary("secur32.dll");
-    if (security_module) {
-	GET_SSPI_FUNCTION(security_module, AcquireCredentialsHandleA);
-	GET_SSPI_FUNCTION(security_module, InitializeSecurityContextA);
-	GET_SSPI_FUNCTION(security_module, FreeContextBuffer);
-	GET_SSPI_FUNCTION(security_module, FreeCredentialsHandle);
-	GET_SSPI_FUNCTION(security_module, DeleteSecurityContext);
-	GET_SSPI_FUNCTION(security_module, QueryContextAttributesA);
-	GET_SSPI_FUNCTION(security_module, MakeSignature);
-	return 1;
-    }
-    return 0;
-}
-
-Ssh_gss_stat ssh_gss_indicate_mech(Ssh_gss_buf *mech)
-{
-    *mech = gss_mech_krb5;
-    return SSH_GSS_OK;
-}
-
-
-Ssh_gss_stat ssh_gss_import_name(char *host, Ssh_gss_name *srv_name)
-{
-    char *pStr;
-
-    /* Check hostname */
-    if (host == NULL) return SSH_GSS_FAILURE;
-    
-    /* copy it into form host/FQDN */
-    pStr = dupcat("host/", host, NULL);
-
-    *srv_name = (Ssh_gss_name) pStr;
-
-    return SSH_GSS_OK;
-}
-
-Ssh_gss_stat ssh_gss_acquire_cred(Ssh_gss_ctx *ctx)
-{
-    winSsh_gss_ctx *winctx = snew(winSsh_gss_ctx);
-    memset(winctx, 0, sizeof(winSsh_gss_ctx));
-
-    /* prepare our "wrapper" structure */
-    winctx->maj_stat =  winctx->min_stat = SEC_E_OK;
-    winctx->context_handle = NULL;
-
-    /* Specifying no principal name here means use the credentials of
-       the current logged-in user */
-
-    winctx->maj_stat = p_AcquireCredentialsHandleA(NULL,
-						   "Kerberos",
-						   SECPKG_CRED_OUTBOUND,
-						   NULL,
-						   NULL,
-						   NULL,
-						   NULL,
-						   &winctx->cred_handle,
-						   &winctx->expiry);
-
-    if (winctx->maj_stat != SEC_E_OK) return SSH_GSS_FAILURE;
-    
-    *ctx = (Ssh_gss_ctx) winctx;
-    return SSH_GSS_OK;
-}
-
-
-Ssh_gss_stat ssh_gss_init_sec_context(Ssh_gss_ctx *ctx,
-				      Ssh_gss_name srv_name,
-				      int to_deleg,
-				      Ssh_gss_buf *recv_tok,
-				      Ssh_gss_buf *send_tok)
-{
-    winSsh_gss_ctx *winctx = (winSsh_gss_ctx *) *ctx;
-    SecBuffer wsend_tok = {send_tok->length,SECBUFFER_TOKEN,send_tok->value};
-    SecBuffer wrecv_tok = {recv_tok->length,SECBUFFER_TOKEN,recv_tok->value};
-    SecBufferDesc output_desc={SECBUFFER_VERSION,1,&wsend_tok};
-    SecBufferDesc input_desc ={SECBUFFER_VERSION,1,&wrecv_tok};
-    unsigned long flags=ISC_REQ_MUTUAL_AUTH|ISC_REQ_REPLAY_DETECT|
-	ISC_REQ_CONFIDENTIALITY|ISC_REQ_ALLOCATE_MEMORY;
-    unsigned long ret_flags=0;
-    
-    /* check if we have to delegate ... */
-    if (to_deleg) flags |= ISC_REQ_DELEGATE;
-    winctx->maj_stat = p_InitializeSecurityContextA(&winctx->cred_handle,
-						    winctx->context_handle,
-						    (char*) srv_name,
-						    flags,
-						    0,          /* reserved */
-						    SECURITY_NATIVE_DREP,
-						    &input_desc,
-						    0,          /* reserved */
-						    &winctx->context,
-						    &output_desc,
-						    &ret_flags,
-						    &winctx->expiry);
-  
-    /* prepare for the next round */
-    winctx->context_handle = &winctx->context;
-    send_tok->value = wsend_tok.pvBuffer;
-    send_tok->length = wsend_tok.cbBuffer;
-  
-    /* check & return our status */
-    if (winctx->maj_stat==SEC_E_OK) return SSH_GSS_S_COMPLETE;
-    if (winctx->maj_stat==SEC_I_CONTINUE_NEEDED) return SSH_GSS_S_CONTINUE_NEEDED;
-    
-    return SSH_GSS_FAILURE;
-}
-
-Ssh_gss_stat ssh_gss_free_tok(Ssh_gss_buf *send_tok)
-{
-    /* check input */
-    if (send_tok == NULL) return SSH_GSS_FAILURE;
-
-    /* free Windows buffer */
-    p_FreeContextBuffer(send_tok->value);
-    SSH_GSS_CLEAR_BUF(send_tok);
-    
-    return SSH_GSS_OK;
-}
-
-Ssh_gss_stat ssh_gss_release_cred(Ssh_gss_ctx *ctx)
-{
-    winSsh_gss_ctx *winctx= (winSsh_gss_ctx *) *ctx;
-
-    /* check input */
-    if (winctx == NULL) return SSH_GSS_FAILURE;
-
-    /* free Windows data */
-    p_FreeCredentialsHandle(&winctx->cred_handle);
-    p_DeleteSecurityContext(&winctx->context);
-
-    /* delete our "wrapper" structure */
-    sfree(winctx);
-    *ctx = (Ssh_gss_ctx) NULL;
-
-    return SSH_GSS_OK;
-}
-
-
-Ssh_gss_stat ssh_gss_release_name(Ssh_gss_name *srv_name)
-{
-    char *pStr= (char *) *srv_name;
-
-    if (pStr == NULL) return SSH_GSS_FAILURE;
-    sfree(pStr);
-    *srv_name = (Ssh_gss_name) NULL;
-
-    return SSH_GSS_OK;
-}
-
-Ssh_gss_stat ssh_gss_display_status(Ssh_gss_ctx ctx, Ssh_gss_buf *buf)
-{
-    winSsh_gss_ctx *winctx = (winSsh_gss_ctx *) ctx;
-    char *msg;
-
-    if (winctx == NULL) return SSH_GSS_FAILURE;
-
-    /* decode the error code */
-    switch (winctx->maj_stat) {
-      case SEC_E_OK: msg="SSPI status OK"; break;
-      case SEC_E_INVALID_HANDLE: msg="The handle passed to the function"
-	    " is invalid.";
-	break;
-      case SEC_E_TARGET_UNKNOWN: msg="The target was not recognized."; break;
-      case SEC_E_LOGON_DENIED: msg="The logon failed."; break;
-      case SEC_E_INTERNAL_ERROR: msg="The Local Security Authority cannot"
-	    " be contacted.";
-	break;
-      case SEC_E_NO_CREDENTIALS: msg="No credentials are available in the"
-	    " security package.";
-	break;
-      case SEC_E_NO_AUTHENTICATING_AUTHORITY:
-	msg="No authority could be contacted for authentication."
-	    "The domain name of the authenticating party could be wrong,"
-	    " the domain could be unreachable, or there might have been"
-	    " a trust relationship failure.";
-	break;
-      case SEC_E_INSUFFICIENT_MEMORY:
-	msg="One or more of the SecBufferDesc structures passed as"
-	    " an OUT parameter has a buffer that is too small.";
-	break;
-      case SEC_E_INVALID_TOKEN:
-	msg="The error is due to a malformed input token, such as a"
-	    " token corrupted in transit, a token"
-	    " of incorrect size, or a token passed into the wrong"
-	    " security package. Passing a token to"
-	    " the wrong package can happen if client and server did not"
-	    " negotiate the proper security package.";
-	break;
-      default:
-	msg = "Internal SSPI error";
-	break;
-    }
-
-    buf->value = dupstr(msg);
-    buf->length = strlen(buf->value);
-    
-    return SSH_GSS_OK;
-}
-
-Ssh_gss_stat ssh_gss_get_mic(Ssh_gss_ctx ctx, Ssh_gss_buf *buf,
-			     Ssh_gss_buf *hash)
-{
-    winSsh_gss_ctx *winctx= (winSsh_gss_ctx *) ctx;
-    SecPkgContext_Sizes ContextSizes;
-    SecBufferDesc InputBufferDescriptor;
-    SecBuffer InputSecurityToken[2];
-
-    if (winctx == NULL) return SSH_GSS_FAILURE;
-  
-    winctx->maj_stat = 0;
-
-    memset(&ContextSizes, 0, sizeof(ContextSizes));
-
-    winctx->maj_stat = p_QueryContextAttributesA(&winctx->context,
-						 SECPKG_ATTR_SIZES,
-						 &ContextSizes);
-    
-    if (winctx->maj_stat != SEC_E_OK ||
-	ContextSizes.cbMaxSignature == 0)
-	return winctx->maj_stat;
-
-    InputBufferDescriptor.cBuffers = 2;
-    InputBufferDescriptor.pBuffers = InputSecurityToken;
-    InputBufferDescriptor.ulVersion = SECBUFFER_VERSION;
-    InputSecurityToken[0].BufferType = SECBUFFER_DATA;
-    InputSecurityToken[0].cbBuffer = buf->length;
-    InputSecurityToken[0].pvBuffer = buf->value;
-    InputSecurityToken[1].BufferType = SECBUFFER_TOKEN;
-    InputSecurityToken[1].cbBuffer = ContextSizes.cbMaxSignature;
-    InputSecurityToken[1].pvBuffer = snewn(ContextSizes.cbMaxSignature, char);
-
-    winctx->maj_stat = p_MakeSignature(&winctx->context,
-				       0,
-				       &InputBufferDescriptor,
-				       0);
-
-    if (winctx->maj_stat == SEC_E_OK) {
-	hash->length = InputSecurityToken[1].cbBuffer;
-	hash->value = InputSecurityToken[1].pvBuffer;
-    }
-
-    return winctx->maj_stat;
-}
-
-Ssh_gss_stat ssh_gss_free_mic(Ssh_gss_buf *hash)
-{
-    sfree(hash->value);
-    return SSH_GSS_OK;
-}
-
-#else
-
-/* Dummy function so this source file defines something if NO_GSSAPI
-   is defined. */
-
-int ssh_gss_init(void)
-{
-    return 0;
-}
-
-#endif
+#ifndef NO_GSSAPI

+

+#include "putty.h"

+

+#include <security.h>

+

+#include "pgssapi.h"

+#include "sshgss.h"

+#include "sshgssc.h"

+

+#include "misc.h"

+

+/* Windows code to set up the GSSAPI library list. */

+

+const int ngsslibs = 3;

+const char *const gsslibnames[3] = {

+    "MIT Kerberos GSSAPI32.DLL",

+    "Microsoft SSPI SECUR32.DLL",

+    "User-specified GSSAPI DLL",

+};

+const struct keyval gsslibkeywords[] = {

+    { "gssapi32", 0 },

+    { "sspi", 1 },

+    { "custom", 2 },

+};

+

+DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,

+		      AcquireCredentialsHandleA,

+		      (SEC_CHAR *, SEC_CHAR *, ULONG, PLUID,

+		       PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp));

+DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,

+		      InitializeSecurityContextA,

+		      (PCredHandle, PCtxtHandle, SEC_CHAR *, ULONG, ULONG,

+		       ULONG, PSecBufferDesc, ULONG, PCtxtHandle,

+		       PSecBufferDesc, PULONG, PTimeStamp));

+DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,

+		      FreeContextBuffer,

+		      (PVOID));

+DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,

+		      FreeCredentialsHandle,

+		      (PCredHandle));

+DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,

+		      DeleteSecurityContext,

+		      (PCtxtHandle));

+DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,

+		      QueryContextAttributesA,

+		      (PCtxtHandle, ULONG, PVOID));

+DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,

+		      MakeSignature,

+		      (PCtxtHandle, ULONG, PSecBufferDesc, ULONG));

+

+typedef struct winSsh_gss_ctx {

+    unsigned long maj_stat;

+    unsigned long min_stat;

+    CredHandle cred_handle;

+    CtxtHandle context;

+    PCtxtHandle context_handle;

+    TimeStamp expiry;

+} winSsh_gss_ctx;

+

+

+const Ssh_gss_buf gss_mech_krb5={9,"\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"};

+

+const char *gsslogmsg = NULL;

+

+static void ssh_sspi_bind_fns(struct ssh_gss_library *lib);

+

+struct ssh_gss_liblist *ssh_gss_setup(const Config *cfg)

+{

+    HMODULE module;

+    HKEY regkey;

+    struct ssh_gss_liblist *list = snew(struct ssh_gss_liblist);

+

+    list->libraries = snewn(3, struct ssh_gss_library);

+    list->nlibraries = 0;

+

+    /* MIT Kerberos GSSAPI implementation */

+    /* TODO: For 64-bit builds, check for gssapi64.dll */

+    module = NULL;

+    if (RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\MIT\\Kerberos", &regkey)

+	== ERROR_SUCCESS) {

+	DWORD type, size;

+	LONG ret;

+	char *buffer;

+

+	/* Find out the string length */

+        ret = RegQueryValueEx(regkey, "InstallDir", NULL, &type, NULL, &size);

+

+	if (ret == ERROR_SUCCESS && type == REG_SZ) {

+	    buffer = snewn(size + 20, char);

+	    ret = RegQueryValueEx(regkey, "InstallDir", NULL,

+				  &type, buffer, &size);

+	    if (ret == ERROR_SUCCESS && type == REG_SZ) {

+		strcat(buffer, "\\bin\\gssapi32.dll");

+		module = LoadLibrary(buffer);

+	    }

+	    sfree(buffer);

+	}

+	RegCloseKey(regkey);

+    }

+    if (module) {

+	struct ssh_gss_library *lib =

+	    &list->libraries[list->nlibraries++];

+

+	lib->id = 0;

+	lib->gsslogmsg = "Using GSSAPI from GSSAPI32.DLL";

+	lib->handle = (void *)module;

+

+#define BIND_GSS_FN(name) \

+    lib->u.gssapi.name = (t_gss_##name) GetProcAddress(module, "gss_" #name)

+

+        BIND_GSS_FN(delete_sec_context);

+        BIND_GSS_FN(display_status);

+        BIND_GSS_FN(get_mic);

+        BIND_GSS_FN(import_name);

+        BIND_GSS_FN(init_sec_context);

+        BIND_GSS_FN(release_buffer);

+        BIND_GSS_FN(release_cred);

+        BIND_GSS_FN(release_name);

+

+#undef BIND_GSS_FN

+

+        ssh_gssapi_bind_fns(lib);

+    }

+

+    /* Microsoft SSPI Implementation */

+    module = load_system32_dll("secur32.dll");

+    if (module) {

+	struct ssh_gss_library *lib =

+	    &list->libraries[list->nlibraries++];

+

+	lib->id = 1;

+	lib->gsslogmsg = "Using SSPI from SECUR32.DLL";

+	lib->handle = (void *)module;

+

+	GET_WINDOWS_FUNCTION(module, AcquireCredentialsHandleA);

+	GET_WINDOWS_FUNCTION(module, InitializeSecurityContextA);

+	GET_WINDOWS_FUNCTION(module, FreeContextBuffer);

+	GET_WINDOWS_FUNCTION(module, FreeCredentialsHandle);

+	GET_WINDOWS_FUNCTION(module, DeleteSecurityContext);

+	GET_WINDOWS_FUNCTION(module, QueryContextAttributesA);

+	GET_WINDOWS_FUNCTION(module, MakeSignature);

+

+	ssh_sspi_bind_fns(lib);

+    }

+

+    /*

+     * Custom GSSAPI DLL.

+     */

+    module = NULL;

+    if (cfg->ssh_gss_custom.path[0]) {

+	module = LoadLibrary(cfg->ssh_gss_custom.path);

+    }

+    if (module) {

+	struct ssh_gss_library *lib =

+	    &list->libraries[list->nlibraries++];

+

+	lib->id = 2;

+	lib->gsslogmsg = dupprintf("Using GSSAPI from user-specified"

+				   " library '%s'", cfg->ssh_gss_custom.path);

+	lib->handle = (void *)module;

+

+#define BIND_GSS_FN(name) \

+    lib->u.gssapi.name = (t_gss_##name) GetProcAddress(module, "gss_" #name)

+

+        BIND_GSS_FN(delete_sec_context);

+        BIND_GSS_FN(display_status);

+        BIND_GSS_FN(get_mic);

+        BIND_GSS_FN(import_name);

+        BIND_GSS_FN(init_sec_context);

+        BIND_GSS_FN(release_buffer);

+        BIND_GSS_FN(release_cred);

+        BIND_GSS_FN(release_name);

+

+#undef BIND_GSS_FN

+

+        ssh_gssapi_bind_fns(lib);

+    }

+

+

+    return list;

+}

+

+void ssh_gss_cleanup(struct ssh_gss_liblist *list)

+{

+    int i;

+

+    /*

+     * LoadLibrary and FreeLibrary are defined to employ reference

+     * counting in the case where the same library is repeatedly

+     * loaded, so even in a multiple-sessions-per-process context

+     * (not that we currently expect ever to have such a thing on

+     * Windows) it's safe to naively FreeLibrary everything here

+     * without worrying about destroying it under the feet of

+     * another SSH instance still using it.

+     */

+    for (i = 0; i < list->nlibraries; i++) {

+	FreeLibrary((HMODULE)list->libraries[i].handle);

+	if (list->libraries[i].id == 2) {

+	    /* The 'custom' id involves a dynamically allocated message.

+	     * Note that we must cast away the 'const' to free it. */

+	    sfree((char *)list->libraries[i].gsslogmsg);

+	}

+    }

+    sfree(list->libraries);

+    sfree(list);

+}

+

+static Ssh_gss_stat ssh_sspi_indicate_mech(struct ssh_gss_library *lib,

+					   Ssh_gss_buf *mech)

+{

+    *mech = gss_mech_krb5;

+    return SSH_GSS_OK;

+}

+

+

+static Ssh_gss_stat ssh_sspi_import_name(struct ssh_gss_library *lib,

+					 char *host, Ssh_gss_name *srv_name)

+{

+    char *pStr;

+

+    /* Check hostname */

+    if (host == NULL) return SSH_GSS_FAILURE;

+    

+    /* copy it into form host/FQDN */

+    pStr = dupcat("host/", host, NULL);

+

+    *srv_name = (Ssh_gss_name) pStr;

+

+    return SSH_GSS_OK;

+}

+

+static Ssh_gss_stat ssh_sspi_acquire_cred(struct ssh_gss_library *lib,

+					  Ssh_gss_ctx *ctx)

+{

+    winSsh_gss_ctx *winctx = snew(winSsh_gss_ctx);

+    memset(winctx, 0, sizeof(winSsh_gss_ctx));

+

+    /* prepare our "wrapper" structure */

+    winctx->maj_stat =  winctx->min_stat = SEC_E_OK;

+    winctx->context_handle = NULL;

+

+    /* Specifying no principal name here means use the credentials of

+       the current logged-in user */

+

+    winctx->maj_stat = p_AcquireCredentialsHandleA(NULL,

+						   "Kerberos",

+						   SECPKG_CRED_OUTBOUND,

+						   NULL,

+						   NULL,

+						   NULL,

+						   NULL,

+						   &winctx->cred_handle,

+						   &winctx->expiry);

+

+    if (winctx->maj_stat != SEC_E_OK) return SSH_GSS_FAILURE;

+    

+    *ctx = (Ssh_gss_ctx) winctx;

+    return SSH_GSS_OK;

+}

+

+

+static Ssh_gss_stat ssh_sspi_init_sec_context(struct ssh_gss_library *lib,

+					      Ssh_gss_ctx *ctx,

+					      Ssh_gss_name srv_name,

+					      int to_deleg,

+					      Ssh_gss_buf *recv_tok,

+					      Ssh_gss_buf *send_tok)

+{

+    winSsh_gss_ctx *winctx = (winSsh_gss_ctx *) *ctx;

+    SecBuffer wsend_tok = {send_tok->length,SECBUFFER_TOKEN,send_tok->value};

+    SecBuffer wrecv_tok = {recv_tok->length,SECBUFFER_TOKEN,recv_tok->value};

+    SecBufferDesc output_desc={SECBUFFER_VERSION,1,&wsend_tok};

+    SecBufferDesc input_desc ={SECBUFFER_VERSION,1,&wrecv_tok};

+    unsigned long flags=ISC_REQ_MUTUAL_AUTH|ISC_REQ_REPLAY_DETECT|

+	ISC_REQ_CONFIDENTIALITY|ISC_REQ_ALLOCATE_MEMORY;

+    unsigned long ret_flags=0;

+    

+    /* check if we have to delegate ... */

+    if (to_deleg) flags |= ISC_REQ_DELEGATE;

+    winctx->maj_stat = p_InitializeSecurityContextA(&winctx->cred_handle,

+						    winctx->context_handle,

+						    (char*) srv_name,

+						    flags,

+						    0,          /* reserved */

+						    SECURITY_NATIVE_DREP,

+						    &input_desc,

+						    0,          /* reserved */

+						    &winctx->context,

+						    &output_desc,

+						    &ret_flags,

+						    &winctx->expiry);

+  

+    /* prepare for the next round */

+    winctx->context_handle = &winctx->context;

+    send_tok->value = wsend_tok.pvBuffer;

+    send_tok->length = wsend_tok.cbBuffer;

+  

+    /* check & return our status */

+    if (winctx->maj_stat==SEC_E_OK) return SSH_GSS_S_COMPLETE;

+    if (winctx->maj_stat==SEC_I_CONTINUE_NEEDED) return SSH_GSS_S_CONTINUE_NEEDED;

+    

+    return SSH_GSS_FAILURE;

+}

+

+static Ssh_gss_stat ssh_sspi_free_tok(struct ssh_gss_library *lib,

+				      Ssh_gss_buf *send_tok)

+{

+    /* check input */

+    if (send_tok == NULL) return SSH_GSS_FAILURE;

+

+    /* free Windows buffer */

+    p_FreeContextBuffer(send_tok->value);

+    SSH_GSS_CLEAR_BUF(send_tok);

+    

+    return SSH_GSS_OK;

+}

+

+static Ssh_gss_stat ssh_sspi_release_cred(struct ssh_gss_library *lib,

+					  Ssh_gss_ctx *ctx)

+{

+    winSsh_gss_ctx *winctx= (winSsh_gss_ctx *) *ctx;

+

+    /* check input */

+    if (winctx == NULL) return SSH_GSS_FAILURE;

+

+    /* free Windows data */

+    p_FreeCredentialsHandle(&winctx->cred_handle);

+    p_DeleteSecurityContext(&winctx->context);

+

+    /* delete our "wrapper" structure */

+    sfree(winctx);

+    *ctx = (Ssh_gss_ctx) NULL;

+

+    return SSH_GSS_OK;

+}

+

+

+static Ssh_gss_stat ssh_sspi_release_name(struct ssh_gss_library *lib,

+					  Ssh_gss_name *srv_name)

+{

+    char *pStr= (char *) *srv_name;

+

+    if (pStr == NULL) return SSH_GSS_FAILURE;

+    sfree(pStr);

+    *srv_name = (Ssh_gss_name) NULL;

+

+    return SSH_GSS_OK;

+}

+

+static Ssh_gss_stat ssh_sspi_display_status(struct ssh_gss_library *lib,

+					    Ssh_gss_ctx ctx, Ssh_gss_buf *buf)

+{

+    winSsh_gss_ctx *winctx = (winSsh_gss_ctx *) ctx;

+    char *msg;

+

+    if (winctx == NULL) return SSH_GSS_FAILURE;

+

+    /* decode the error code */

+    switch (winctx->maj_stat) {

+      case SEC_E_OK: msg="SSPI status OK"; break;

+      case SEC_E_INVALID_HANDLE: msg="The handle passed to the function"

+	    " is invalid.";

+	break;

+      case SEC_E_TARGET_UNKNOWN: msg="The target was not recognized."; break;

+      case SEC_E_LOGON_DENIED: msg="The logon failed."; break;

+      case SEC_E_INTERNAL_ERROR: msg="The Local Security Authority cannot"

+	    " be contacted.";

+	break;

+      case SEC_E_NO_CREDENTIALS: msg="No credentials are available in the"

+	    " security package.";

+	break;

+      case SEC_E_NO_AUTHENTICATING_AUTHORITY:

+	msg="No authority could be contacted for authentication."

+	    "The domain name of the authenticating party could be wrong,"

+	    " the domain could be unreachable, or there might have been"

+	    " a trust relationship failure.";

+	break;

+      case SEC_E_INSUFFICIENT_MEMORY:

+	msg="One or more of the SecBufferDesc structures passed as"

+	    " an OUT parameter has a buffer that is too small.";

+	break;

+      case SEC_E_INVALID_TOKEN:

+	msg="The error is due to a malformed input token, such as a"

+	    " token corrupted in transit, a token"

+	    " of incorrect size, or a token passed into the wrong"

+	    " security package. Passing a token to"

+	    " the wrong package can happen if client and server did not"

+	    " negotiate the proper security package.";

+	break;

+      default:

+	msg = "Internal SSPI error";

+	break;

+    }

+

+    buf->value = dupstr(msg);

+    buf->length = strlen(buf->value);

+    

+    return SSH_GSS_OK;

+}

+

+static Ssh_gss_stat ssh_sspi_get_mic(struct ssh_gss_library *lib,

+				     Ssh_gss_ctx ctx, Ssh_gss_buf *buf,

+				     Ssh_gss_buf *hash)

+{

+    winSsh_gss_ctx *winctx= (winSsh_gss_ctx *) ctx;

+    SecPkgContext_Sizes ContextSizes;

+    SecBufferDesc InputBufferDescriptor;

+    SecBuffer InputSecurityToken[2];

+

+    if (winctx == NULL) return SSH_GSS_FAILURE;

+  

+    winctx->maj_stat = 0;

+

+    memset(&ContextSizes, 0, sizeof(ContextSizes));

+

+    winctx->maj_stat = p_QueryContextAttributesA(&winctx->context,

+						 SECPKG_ATTR_SIZES,

+						 &ContextSizes);

+    

+    if (winctx->maj_stat != SEC_E_OK ||

+	ContextSizes.cbMaxSignature == 0)

+	return winctx->maj_stat;

+

+    InputBufferDescriptor.cBuffers = 2;

+    InputBufferDescriptor.pBuffers = InputSecurityToken;

+    InputBufferDescriptor.ulVersion = SECBUFFER_VERSION;

+    InputSecurityToken[0].BufferType = SECBUFFER_DATA;

+    InputSecurityToken[0].cbBuffer = buf->length;

+    InputSecurityToken[0].pvBuffer = buf->value;

+    InputSecurityToken[1].BufferType = SECBUFFER_TOKEN;

+    InputSecurityToken[1].cbBuffer = ContextSizes.cbMaxSignature;

+    InputSecurityToken[1].pvBuffer = snewn(ContextSizes.cbMaxSignature, char);

+

+    winctx->maj_stat = p_MakeSignature(&winctx->context,

+				       0,

+				       &InputBufferDescriptor,

+				       0);

+

+    if (winctx->maj_stat == SEC_E_OK) {

+	hash->length = InputSecurityToken[1].cbBuffer;

+	hash->value = InputSecurityToken[1].pvBuffer;

+    }

+

+    return winctx->maj_stat;

+}

+

+static Ssh_gss_stat ssh_sspi_free_mic(struct ssh_gss_library *lib,

+				      Ssh_gss_buf *hash)

+{

+    sfree(hash->value);

+    return SSH_GSS_OK;

+}

+

+static void ssh_sspi_bind_fns(struct ssh_gss_library *lib)

+{

+    lib->indicate_mech = ssh_sspi_indicate_mech;

+    lib->import_name = ssh_sspi_import_name;

+    lib->release_name = ssh_sspi_release_name;

+    lib->init_sec_context = ssh_sspi_init_sec_context;

+    lib->free_tok = ssh_sspi_free_tok;

+    lib->acquire_cred = ssh_sspi_acquire_cred;

+    lib->release_cred = ssh_sspi_release_cred;

+    lib->get_mic = ssh_sspi_get_mic;

+    lib->free_mic = ssh_sspi_free_mic;

+    lib->display_status = ssh_sspi_display_status;

+}

+

+#else

+

+/* Dummy function so this source file defines something if NO_GSSAPI

+   is defined. */

+

+void ssh_gss_init(void)

+{

+}

+

+#endif

diff --git a/tools/plink/winhelp.h b/tools/plink/winhelp.h
index 95cfaba15..9ee140fef 100644
--- a/tools/plink/winhelp.h
+++ b/tools/plink/winhelp.h
@@ -108,6 +108,9 @@
 #define WINHELP_CTX_ssh_auth_pageant "ssh.auth.pageant:config-ssh-tryagent"

 #define WINHELP_CTX_ssh_auth_tis "ssh.auth.tis:config-ssh-tis"

 #define WINHELP_CTX_ssh_auth_ki "ssh.auth.ki:config-ssh-ki"

+#define WINHELP_CTX_ssh_gssapi "ssh.auth.gssapi:config-ssh-auth-gssapi"

+#define WINHELP_CTX_ssh_gssapi_delegation "ssh.auth.gssapi.delegation:config-ssh-auth-gssapi-delegation"

+#define WINHELP_CTX_ssh_gssapi_libraries "ssh.auth.gssapi.libraries:config-ssh-auth-gssapi-libraries"

 #define WINHELP_CTX_selection_buttons "selection.buttons:config-mouse"

 #define WINHELP_CTX_selection_shiftdrag "selection.shiftdrag:config-mouseshift"

 #define WINHELP_CTX_selection_rect "selection.rect:config-rectselect"

@@ -133,6 +136,7 @@
 #define WINHELP_CTX_ssh_bugs_ignore1 "ssh.bugs.ignore1:config-ssh-bug-ignore1"

 #define WINHELP_CTX_ssh_bugs_plainpw1 "ssh.bugs.plainpw1:config-ssh-bug-plainpw1"

 #define WINHELP_CTX_ssh_bugs_rsa1 "ssh.bugs.rsa1:config-ssh-bug-rsa1"

+#define WINHELP_CTX_ssh_bugs_ignore2 "ssh.bugs.ignore2:config-ssh-bug-ignore2"

 #define WINHELP_CTX_ssh_bugs_hmac2 "ssh.bugs.hmac2:config-ssh-bug-hmac2"

 #define WINHELP_CTX_ssh_bugs_derivekey2 "ssh.bugs.derivekey2:config-ssh-bug-derivekey2"

 #define WINHELP_CTX_ssh_bugs_rsapad2 "ssh.bugs.rsapad2:config-ssh-bug-sig"

diff --git a/tools/plink/winmisc.c b/tools/plink/winmisc.c
index 8ffbe77a1..e70e77efa 100644
--- a/tools/plink/winmisc.c
+++ b/tools/plink/winmisc.c
@@ -5,6 +5,7 @@
 #include <stdio.h>

 #include <stdlib.h>

 #include "putty.h"

+#include <security.h>

 

 OSVERSIONINFO osVersion;

 

@@ -40,21 +41,61 @@ char *get_username(void)
 {

     DWORD namelen;

     char *user;

+    int got_username = FALSE;

+    DECL_WINDOWS_FUNCTION(static, BOOLEAN, GetUserNameExA,

+			  (EXTENDED_NAME_FORMAT, LPSTR, PULONG));

+

+    {

+	static int tried_usernameex = FALSE;

+	if (!tried_usernameex) {

+	    /* Not available on Win9x, so load dynamically */

+	    HMODULE secur32 = load_system32_dll("secur32.dll");

+	    GET_WINDOWS_FUNCTION(secur32, GetUserNameExA);

+	    tried_usernameex = TRUE;

+	}

+    }

 

-    namelen = 0;

-    if (GetUserName(NULL, &namelen) == FALSE) {

+    if (p_GetUserNameExA) {

 	/*

-	 * Apparently this doesn't work at least on Windows XP SP2.

-	 * Thus assume a maximum of 256. It will fail again if it

-	 * doesn't fit.

+	 * If available, use the principal -- this avoids the problem

+	 * that the local username is case-insensitive but Kerberos

+	 * usernames are case-sensitive.

 	 */

-	namelen = 256;

+

+	/* Get the length */

+	namelen = 0;

+	(void) p_GetUserNameExA(NameUserPrincipal, NULL, &namelen);

+

+	user = snewn(namelen, char);

+	got_username = p_GetUserNameExA(NameUserPrincipal, user, &namelen);

+	if (got_username) {

+	    char *p = strchr(user, '@');

+	    if (p) *p = 0;

+	} else {

+	    sfree(user);

+	}

     }

 

-    user = snewn(namelen, char);

-    GetUserName(user, &namelen);

+    if (!got_username) {

+	/* Fall back to local user name */

+	namelen = 0;

+	if (GetUserName(NULL, &namelen) == FALSE) {

+	    /*

+	     * Apparently this doesn't work at least on Windows XP SP2.

+	     * Thus assume a maximum of 256. It will fail again if it

+	     * doesn't fit.

+	     */

+	    namelen = 256;

+	}

+

+	user = snewn(namelen, char);

+	got_username = GetUserName(user, &namelen);

+	if (!got_username) {

+	    sfree(user);

+	}

+    }

 

-    return user;

+    return got_username ? user : NULL;

 }

 

 BOOL init_winver(void)

@@ -64,6 +105,33 @@ BOOL init_winver(void)
     return GetVersionEx ( (OSVERSIONINFO *) &osVersion);

 }

 

+HMODULE load_system32_dll(const char *libname)

+{

+    /*

+     * Wrapper function to load a DLL out of c:\windows\system32

+     * without going through the full DLL search path. (Hence no

+     * attack is possible by placing a substitute DLL earlier on that

+     * path.)

+     */

+    static char *sysdir = NULL;

+    char *fullpath;

+    HMODULE ret;

+

+    if (!sysdir) {

+	int size = 0, len;

+	do {

+	    size = 3*size/2 + 512;

+	    sysdir = sresize(sysdir, size, char);

+	    len = GetSystemDirectory(sysdir, size);

+	} while (len >= size);

+    }

+

+    fullpath = dupcat(sysdir, "\\", libname, NULL);

+    ret = LoadLibrary(fullpath);

+    sfree(fullpath);

+    return ret;

+}

+

 #ifdef DEBUG

 static FILE *debug_fp = NULL;

 static HANDLE debug_hdl = INVALID_HANDLE_VALUE;

diff --git a/tools/plink/winnet.c b/tools/plink/winnet.c
index 59f3774e0..8da79dbe7 100644
--- a/tools/plink/winnet.c
+++ b/tools/plink/winnet.c
@@ -144,67 +144,51 @@ static int cmpforsearch(void *av, void *bv)
     return 0;

 }

 

-#define NOTHING

-#define DECL_WINSOCK_FUNCTION(linkage, rettype, name, params) \

-    typedef rettype (WINAPI *t_##name) params; \

-    linkage t_##name p_##name

-#define GET_WINSOCK_FUNCTION(module, name) \

-    p_##name = module ? (t_##name) GetProcAddress(module, #name) : NULL

-

-DECL_WINSOCK_FUNCTION(NOTHING, int, WSAAsyncSelect,

-		      (SOCKET, HWND, u_int, long));

-DECL_WINSOCK_FUNCTION(NOTHING, int, WSAEventSelect, (SOCKET, WSAEVENT, long));

-DECL_WINSOCK_FUNCTION(NOTHING, int, select,

-		      (int, fd_set FAR *, fd_set FAR *,

-		       fd_set FAR *, const struct timeval FAR *));

-DECL_WINSOCK_FUNCTION(NOTHING, int, WSAGetLastError, (void));

-DECL_WINSOCK_FUNCTION(NOTHING, int, WSAEnumNetworkEvents,

-		      (SOCKET, WSAEVENT, LPWSANETWORKEVENTS));

-DECL_WINSOCK_FUNCTION(static, int, WSAStartup, (WORD, LPWSADATA));

-DECL_WINSOCK_FUNCTION(static, int, WSACleanup, (void));

-DECL_WINSOCK_FUNCTION(static, int, closesocket, (SOCKET));

-DECL_WINSOCK_FUNCTION(static, u_long, ntohl, (u_long));

-DECL_WINSOCK_FUNCTION(static, u_long, htonl, (u_long));

-DECL_WINSOCK_FUNCTION(static, u_short, htons, (u_short));

-DECL_WINSOCK_FUNCTION(static, u_short, ntohs, (u_short));

-DECL_WINSOCK_FUNCTION(static, int, gethostname, (char *, int));

-DECL_WINSOCK_FUNCTION(static, struct hostent FAR *, gethostbyname,

+DECL_WINDOWS_FUNCTION(static, int, WSAStartup, (WORD, LPWSADATA));

+DECL_WINDOWS_FUNCTION(static, int, WSACleanup, (void));

+DECL_WINDOWS_FUNCTION(static, int, closesocket, (SOCKET));

+DECL_WINDOWS_FUNCTION(static, u_long, ntohl, (u_long));

+DECL_WINDOWS_FUNCTION(static, u_long, htonl, (u_long));

+DECL_WINDOWS_FUNCTION(static, u_short, htons, (u_short));

+DECL_WINDOWS_FUNCTION(static, u_short, ntohs, (u_short));

+DECL_WINDOWS_FUNCTION(static, int, gethostname, (char *, int));

+DECL_WINDOWS_FUNCTION(static, struct hostent FAR *, gethostbyname,

 		      (const char FAR *));

-DECL_WINSOCK_FUNCTION(static, struct servent FAR *, getservbyname,

+DECL_WINDOWS_FUNCTION(static, struct servent FAR *, getservbyname,

 		      (const char FAR *, const char FAR *));

-DECL_WINSOCK_FUNCTION(static, unsigned long, inet_addr, (const char FAR *));

-DECL_WINSOCK_FUNCTION(static, char FAR *, inet_ntoa, (struct in_addr));

-DECL_WINSOCK_FUNCTION(static, int, connect,

+DECL_WINDOWS_FUNCTION(static, unsigned long, inet_addr, (const char FAR *));

+DECL_WINDOWS_FUNCTION(static, char FAR *, inet_ntoa, (struct in_addr));

+DECL_WINDOWS_FUNCTION(static, int, connect,

 		      (SOCKET, const struct sockaddr FAR *, int));

-DECL_WINSOCK_FUNCTION(static, int, bind,

+DECL_WINDOWS_FUNCTION(static, int, bind,

 		      (SOCKET, const struct sockaddr FAR *, int));

-DECL_WINSOCK_FUNCTION(static, int, setsockopt,

+DECL_WINDOWS_FUNCTION(static, int, setsockopt,

 		      (SOCKET, int, int, const char FAR *, int));

-DECL_WINSOCK_FUNCTION(static, SOCKET, socket, (int, int, int));

-DECL_WINSOCK_FUNCTION(static, int, listen, (SOCKET, int));

-DECL_WINSOCK_FUNCTION(static, int, send, (SOCKET, const char FAR *, int, int));

-DECL_WINSOCK_FUNCTION(static, int, ioctlsocket,

+DECL_WINDOWS_FUNCTION(static, SOCKET, socket, (int, int, int));

+DECL_WINDOWS_FUNCTION(static, int, listen, (SOCKET, int));

+DECL_WINDOWS_FUNCTION(static, int, send, (SOCKET, const char FAR *, int, int));

+DECL_WINDOWS_FUNCTION(static, int, ioctlsocket,

 		      (SOCKET, long, u_long FAR *));

-DECL_WINSOCK_FUNCTION(static, SOCKET, accept,

+DECL_WINDOWS_FUNCTION(static, SOCKET, accept,

 		      (SOCKET, struct sockaddr FAR *, int FAR *));

-DECL_WINSOCK_FUNCTION(static, int, recv, (SOCKET, char FAR *, int, int));

-DECL_WINSOCK_FUNCTION(static, int, WSAIoctl,

+DECL_WINDOWS_FUNCTION(static, int, recv, (SOCKET, char FAR *, int, int));

+DECL_WINDOWS_FUNCTION(static, int, WSAIoctl,

 		      (SOCKET, DWORD, LPVOID, DWORD, LPVOID, DWORD,

 		       LPDWORD, LPWSAOVERLAPPED,

 		       LPWSAOVERLAPPED_COMPLETION_ROUTINE));

 #ifndef NO_IPV6

-DECL_WINSOCK_FUNCTION(static, int, getaddrinfo,

+DECL_WINDOWS_FUNCTION(static, int, getaddrinfo,

 		      (const char *nodename, const char *servname,

 		       const struct addrinfo *hints, struct addrinfo **res));

-DECL_WINSOCK_FUNCTION(static, void, freeaddrinfo, (struct addrinfo *res));

-DECL_WINSOCK_FUNCTION(static, int, getnameinfo,

+DECL_WINDOWS_FUNCTION(static, void, freeaddrinfo, (struct addrinfo *res));

+DECL_WINDOWS_FUNCTION(static, int, getnameinfo,

 		      (const struct sockaddr FAR * sa, socklen_t salen,

 		       char FAR * host, size_t hostlen, char FAR * serv,

 		       size_t servlen, int flags));

-DECL_WINSOCK_FUNCTION(static, char *, gai_strerror, (int ecode));

-DECL_WINSOCK_FUNCTION(static, int, WSAAddressToStringA,

+DECL_WINDOWS_FUNCTION(static, char *, gai_strerror, (int ecode));

+DECL_WINDOWS_FUNCTION(static, int, WSAAddressToStringA,

 		      (LPSOCKADDR, DWORD, LPWSAPROTOCOL_INFO,

-		       LPTSTR, LPDWORD));

+		       LPSTR, LPDWORD));

 #endif

 

 static HMODULE winsock_module = NULL;

@@ -243,9 +227,9 @@ void sk_init(void)
 #ifndef NO_IPV6

     winsock2_module =

 #endif

-        winsock_module = LoadLibrary("WS2_32.DLL");

+        winsock_module = load_system32_dll("ws2_32.dll");

     if (!winsock_module) {

-	winsock_module = LoadLibrary("WSOCK32.DLL");

+	winsock_module = load_system32_dll("wsock32.dll");

     }

     if (!winsock_module)

 	fatalbox("Unable to load any WinSock library");

@@ -256,61 +240,61 @@ void sk_init(void)
 #ifdef NET_SETUP_DIAGNOSTICS

 	logevent(NULL, "Native WinSock IPv6 support detected");

 #endif

-	GET_WINSOCK_FUNCTION(winsock_module, getaddrinfo);

-	GET_WINSOCK_FUNCTION(winsock_module, freeaddrinfo);

-	GET_WINSOCK_FUNCTION(winsock_module, getnameinfo);

-	GET_WINSOCK_FUNCTION(winsock_module, gai_strerror);

+	GET_WINDOWS_FUNCTION(winsock_module, getaddrinfo);

+	GET_WINDOWS_FUNCTION(winsock_module, freeaddrinfo);

+	GET_WINDOWS_FUNCTION(winsock_module, getnameinfo);

+	GET_WINDOWS_FUNCTION(winsock_module, gai_strerror);

     } else {

 	/* Fall back to wship6.dll for Windows 2000 */

-	wship6_module = LoadLibrary("wship6.dll");

+	wship6_module = load_system32_dll("wship6.dll");

 	if (wship6_module) {

 #ifdef NET_SETUP_DIAGNOSTICS

 	    logevent(NULL, "WSH IPv6 support detected");

 #endif

-	    GET_WINSOCK_FUNCTION(wship6_module, getaddrinfo);

-	    GET_WINSOCK_FUNCTION(wship6_module, freeaddrinfo);

-	    GET_WINSOCK_FUNCTION(wship6_module, getnameinfo);

-	    GET_WINSOCK_FUNCTION(wship6_module, gai_strerror);

+	    GET_WINDOWS_FUNCTION(wship6_module, getaddrinfo);

+	    GET_WINDOWS_FUNCTION(wship6_module, freeaddrinfo);

+	    GET_WINDOWS_FUNCTION(wship6_module, getnameinfo);

+	    GET_WINDOWS_FUNCTION(wship6_module, gai_strerror);

 	} else {

 #ifdef NET_SETUP_DIAGNOSTICS

 	    logevent(NULL, "No IPv6 support detected");

 #endif

 	}

     }

-    GET_WINSOCK_FUNCTION(winsock2_module, WSAAddressToStringA);

+    GET_WINDOWS_FUNCTION(winsock2_module, WSAAddressToStringA);

 #else

 #ifdef NET_SETUP_DIAGNOSTICS

     logevent(NULL, "PuTTY was built without IPv6 support");

 #endif

 #endif

 

-    GET_WINSOCK_FUNCTION(winsock_module, WSAAsyncSelect);

-    GET_WINSOCK_FUNCTION(winsock_module, WSAEventSelect);

-    GET_WINSOCK_FUNCTION(winsock_module, select);

-    GET_WINSOCK_FUNCTION(winsock_module, WSAGetLastError);

-    GET_WINSOCK_FUNCTION(winsock_module, WSAEnumNetworkEvents);

-    GET_WINSOCK_FUNCTION(winsock_module, WSAStartup);

-    GET_WINSOCK_FUNCTION(winsock_module, WSACleanup);

-    GET_WINSOCK_FUNCTION(winsock_module, closesocket);

-    GET_WINSOCK_FUNCTION(winsock_module, ntohl);

-    GET_WINSOCK_FUNCTION(winsock_module, htonl);

-    GET_WINSOCK_FUNCTION(winsock_module, htons);

-    GET_WINSOCK_FUNCTION(winsock_module, ntohs);

-    GET_WINSOCK_FUNCTION(winsock_module, gethostname);

-    GET_WINSOCK_FUNCTION(winsock_module, gethostbyname);

-    GET_WINSOCK_FUNCTION(winsock_module, getservbyname);

-    GET_WINSOCK_FUNCTION(winsock_module, inet_addr);

-    GET_WINSOCK_FUNCTION(winsock_module, inet_ntoa);

-    GET_WINSOCK_FUNCTION(winsock_module, connect);

-    GET_WINSOCK_FUNCTION(winsock_module, bind);

-    GET_WINSOCK_FUNCTION(winsock_module, setsockopt);

-    GET_WINSOCK_FUNCTION(winsock_module, socket);

-    GET_WINSOCK_FUNCTION(winsock_module, listen);

-    GET_WINSOCK_FUNCTION(winsock_module, send);

-    GET_WINSOCK_FUNCTION(winsock_module, ioctlsocket);

-    GET_WINSOCK_FUNCTION(winsock_module, accept);

-    GET_WINSOCK_FUNCTION(winsock_module, recv);

-    GET_WINSOCK_FUNCTION(winsock_module, WSAIoctl);

+    GET_WINDOWS_FUNCTION(winsock_module, WSAAsyncSelect);

+    GET_WINDOWS_FUNCTION(winsock_module, WSAEventSelect);

+    GET_WINDOWS_FUNCTION(winsock_module, select);

+    GET_WINDOWS_FUNCTION(winsock_module, WSAGetLastError);

+    GET_WINDOWS_FUNCTION(winsock_module, WSAEnumNetworkEvents);

+    GET_WINDOWS_FUNCTION(winsock_module, WSAStartup);

+    GET_WINDOWS_FUNCTION(winsock_module, WSACleanup);

+    GET_WINDOWS_FUNCTION(winsock_module, closesocket);

+    GET_WINDOWS_FUNCTION(winsock_module, ntohl);

+    GET_WINDOWS_FUNCTION(winsock_module, htonl);

+    GET_WINDOWS_FUNCTION(winsock_module, htons);

+    GET_WINDOWS_FUNCTION(winsock_module, ntohs);

+    GET_WINDOWS_FUNCTION(winsock_module, gethostname);

+    GET_WINDOWS_FUNCTION(winsock_module, gethostbyname);

+    GET_WINDOWS_FUNCTION(winsock_module, getservbyname);

+    GET_WINDOWS_FUNCTION(winsock_module, inet_addr);

+    GET_WINDOWS_FUNCTION(winsock_module, inet_ntoa);

+    GET_WINDOWS_FUNCTION(winsock_module, connect);

+    GET_WINDOWS_FUNCTION(winsock_module, bind);

+    GET_WINDOWS_FUNCTION(winsock_module, setsockopt);

+    GET_WINDOWS_FUNCTION(winsock_module, socket);

+    GET_WINDOWS_FUNCTION(winsock_module, listen);

+    GET_WINDOWS_FUNCTION(winsock_module, send);

+    GET_WINDOWS_FUNCTION(winsock_module, ioctlsocket);

+    GET_WINDOWS_FUNCTION(winsock_module, accept);

+    GET_WINDOWS_FUNCTION(winsock_module, recv);

+    GET_WINDOWS_FUNCTION(winsock_module, WSAIoctl);

 

     /* Try to get the best WinSock version we can get */

     if (!sk_startup(2,2) &&

@@ -335,7 +319,8 @@ void sk_cleanup(void)
 	sktree = NULL;

     }

 

-    p_WSACleanup();

+    if (p_WSACleanup)

+	p_WSACleanup();

     if (winsock_module)

 	FreeLibrary(winsock_module);

 #ifndef NO_IPV6

@@ -428,10 +413,8 @@ SockAddr sk_namelookup(const char *host, char **canonicalname,
 {

     SockAddr ret = snew(struct SockAddr_tag);

     unsigned long a;

-    struct hostent *h = NULL;

     char realhost[8192];

     int hint_family;

-    int err;

 

     /* Default to IPv4. */

     hint_family = (address_family == ADDRTYPE_IPV4 ? AF_INET :

@@ -451,6 +434,8 @@ SockAddr sk_namelookup(const char *host, char **canonicalname,
     *realhost = '\0';

 

     if ((a = p_inet_addr(host)) == (unsigned long) INADDR_NONE) {

+	struct hostent *h = NULL;

+	int err;

 #ifndef NO_IPV6

 	/*

 	 * Use getaddrinfo when it's available

@@ -583,11 +568,19 @@ void sk_getaddr(SockAddr addr, char *buf, int buflen)
 

 #ifndef NO_IPV6

     if (step.ai) {

+	int err = 0;

 	if (p_WSAAddressToStringA) {

-	    p_WSAAddressToStringA(step.ai->ai_addr, step.ai->ai_addrlen,

-				  NULL, buf, &buflen);

+	    DWORD dwbuflen = buflen;

+	    err = p_WSAAddressToStringA(step.ai->ai_addr, step.ai->ai_addrlen,

+					NULL, buf, &dwbuflen);

 	} else

-	    strncpy(buf, "IPv6", buflen);

+	    err = -1;

+	if (err) {

+	    strncpy(buf, addr->hostname, buflen);

+	    if (!buf[0])

+		strncpy(buf, "<unknown>", buflen);

+	    buf[buflen-1] = '\0';

+	}

     } else

 #endif

     if (SOCKADDR_FAMILY(addr, step) == AF_INET) {

diff --git a/tools/plink/winplink.c b/tools/plink/winplink.c
index 525b1a212..7af9e1b4f 100644
--- a/tools/plink/winplink.c
+++ b/tools/plink/winplink.c
@@ -166,7 +166,7 @@ static void usage(void)
     printf("  -pgpfp    print PGP key fingerprints and exit\n");

     printf("  -v        show verbose messages\n");

     printf("  -load sessname  Load settings from saved session\n");

-    printf("  -ssh -telnet -rlogin -raw\n");

+    printf("  -ssh -telnet -rlogin -raw -serial\n");

     printf("            force use of a particular protocol\n");

     printf("  -P port   connect to specified port\n");

     printf("  -l user   connect with specified username\n");

@@ -193,6 +193,8 @@ static void usage(void)
     printf("  -N        don't start a shell/command (SSH-2 only)\n");

     printf("  -nc host:port\n");

     printf("            open tunnel in place of session (SSH-2 only)\n");

+    printf("  -sercfg configuration-string (e.g. 19200,8,n,1,X)\n");

+    printf("            Specify the serial configuration (serial only)\n");

     exit(1);

 }

 

@@ -279,6 +281,7 @@ int main(int argc, char **argv)
     int skcount, sksize;

     int exitcode;

     int errors;

+    int got_host = FALSE;

     int use_subsystem = 0;

     long now, next;

 

@@ -341,7 +344,7 @@ int main(int argc, char **argv)
 		errors = 1;

 	    }

 	} else if (*p) {

-	    if (!cfg_launchable(&cfg)) {

+	    if (!cfg_launchable(&cfg) || !(got_host || loaded_session)) {

 		char *q = p;

 		/*

 		 * If the hostname starts with "telnet:", set the

@@ -367,6 +370,7 @@ int main(int argc, char **argv)
 			cfg.port = -1;

 		    strncpy(cfg.host, q, sizeof(cfg.host) - 1);

 		    cfg.host[sizeof(cfg.host) - 1] = '\0';

+		    got_host = TRUE;

 		} else {

 		    char *r, *user, *host;

 		    /*

@@ -415,8 +419,10 @@ int main(int argc, char **argv)
 			    strncpy(cfg.host, host, sizeof(cfg.host) - 1);

 			    cfg.host[sizeof(cfg.host) - 1] = '\0';

 			    cfg.port = default_port;

+			    got_host = TRUE;

 			} else {

 			    cfg = cfg2;

+			    loaded_session = TRUE;

 			}

 		    }

 

@@ -463,7 +469,7 @@ int main(int argc, char **argv)
     if (errors)

 	return 1;

 

-    if (!cfg_launchable(&cfg)) {

+    if (!cfg_launchable(&cfg) || !(got_host || loaded_session)) {

 	usage();

     }

 

diff --git a/tools/plink/winproxy.c b/tools/plink/winproxy.c
index 45998e400..4da4d2e01 100644
--- a/tools/plink/winproxy.c
+++ b/tools/plink/winproxy.c
@@ -199,6 +199,8 @@ Socket platform_new_connection(SockAddr addr, char *hostname,
 		  CREATE_NO_WINDOW | NORMAL_PRIORITY_CLASS,

 		  NULL, NULL, &si, &pi);

 

+    sfree(cmd);

+

     CloseHandle(cmd_from_us);

     CloseHandle(cmd_to_us);

 

diff --git a/tools/plink/winstore.c b/tools/plink/winstore.c
index b1b3d3a66..f7dd98965 100644
--- a/tools/plink/winstore.c
+++ b/tools/plink/winstore.c
@@ -23,9 +23,8 @@ static const char hex[16] = "0123456789ABCDEF";
 

 static int tried_shgetfolderpath = FALSE;

 static HMODULE shell32_module = NULL;

-typedef HRESULT (WINAPI *p_SHGetFolderPath_t)

-    (HWND, int, HANDLE, DWORD, LPTSTR);

-static p_SHGetFolderPath_t p_SHGetFolderPath = NULL;

+DECL_WINDOWS_FUNCTION(static, HRESULT, SHGetFolderPathA, 

+		      (HWND, int, HANDLE, DWORD, LPSTR));

 

 static void mungestr(const char *in, char *out)

 {

@@ -498,22 +497,20 @@ static HANDLE access_random_seed(int action)
 	 * on older versions of Windows if we cared enough.

 	 * However, the invocation below requires IE5+ anyway,

 	 * so stuff that. */

-	shell32_module = LoadLibrary("SHELL32.DLL");

-	if (shell32_module) {

-	    p_SHGetFolderPath = (p_SHGetFolderPath_t)

-		GetProcAddress(shell32_module, "SHGetFolderPathA");

-	}

+	shell32_module = load_system32_dll("shell32.dll");

+	GET_WINDOWS_FUNCTION(shell32_module, SHGetFolderPathA);

+	tried_shgetfolderpath = TRUE;

     }

-    if (p_SHGetFolderPath) {

-	if (SUCCEEDED(p_SHGetFolderPath(NULL, CSIDL_LOCAL_APPDATA,

-					NULL, SHGFP_TYPE_CURRENT, seedpath))) {

+    if (p_SHGetFolderPathA) {

+	if (SUCCEEDED(p_SHGetFolderPathA(NULL, CSIDL_LOCAL_APPDATA,

+					 NULL, SHGFP_TYPE_CURRENT, seedpath))) {

 	    strcat(seedpath, "\\PUTTY.RND");

 	    if (try_random_seed(seedpath, action, &rethandle))

 		return rethandle;

 	}

 

-	if (SUCCEEDED(p_SHGetFolderPath(NULL, CSIDL_APPDATA,

-					NULL, SHGFP_TYPE_CURRENT, seedpath))) {

+	if (SUCCEEDED(p_SHGetFolderPathA(NULL, CSIDL_APPDATA,

+					 NULL, SHGFP_TYPE_CURRENT, seedpath))) {

 	    strcat(seedpath, "\\PUTTY.RND");

 	    if (try_random_seed(seedpath, action, &rethandle))

 		return rethandle;

diff --git a/tools/plink/winstuff.h b/tools/plink/winstuff.h
index 09a515a62..eeceea17a 100644
--- a/tools/plink/winstuff.h
+++ b/tools/plink/winstuff.h
@@ -74,6 +74,33 @@ struct FontSpec {
 #define DF_END 0x0001

 

 /*

+ * Dynamically linked functions. These come in two flavours:

+ *

+ *  - GET_WINDOWS_FUNCTION does not expose "name" to the preprocessor,

+ *    so will always dynamically link against exactly what is specified

+ *    in "name". If you're not sure, use this one.

+ *

+ *  - GET_WINDOWS_FUNCTION_PP allows "name" to be redirected via

+ *    preprocessor definitions like "#define foo bar"; this is principally

+ *    intended for the ANSI/Unicode DoSomething/DoSomethingA/DoSomethingW.

+ *    If your function has an argument of type "LPTSTR" or similar, this

+ *    is the variant to use.

+ *    (However, it can't always be used, as it trips over more complicated

+ *    macro trickery such as the WspiapiGetAddrInfo wrapper for getaddrinfo.)

+ *

+ * (DECL_WINDOWS_FUNCTION works with both these variants.)

+ */

+#define DECL_WINDOWS_FUNCTION(linkage, rettype, name, params) \

+    typedef rettype (WINAPI *t_##name) params; \

+    linkage t_##name p_##name

+#define STR1(x) #x

+#define STR(x) STR1(x)

+#define GET_WINDOWS_FUNCTION_PP(module, name) \

+    p_##name = module ? (t_##name) GetProcAddress(module, STR(name)) : NULL

+#define GET_WINDOWS_FUNCTION(module, name) \

+    p_##name = module ? (t_##name) GetProcAddress(module, #name) : NULL

+

+/*

  * Global variables. Most modules declare these `extern', but

  * window.c will do `#define PUTTY_DO_GLOBALS' before including this

  * module, and so will get them properly defined.

@@ -111,17 +138,23 @@ typedef struct terminal_tag Terminal;
 

 typedef HDC Context;

 

+typedef unsigned int uint32; /* int is 32-bits on Win32 and Win64. */

+#define PUTTY_UINT32_DEFINED

+

 #ifndef NO_GSSAPI

 /*

  * GSS-API stuff

  */

+#define GSS_CC CALLBACK

+/*

 typedef struct Ssh_gss_buf {

-    int length;

+    size_t length;

     char *value;

 } Ssh_gss_buf;

 

 #define SSH_GSS_EMPTY_BUF (Ssh_gss_buf) {0,NULL}

 typedef void *Ssh_gss_name;

+*/

 #endif

 

 /*

@@ -189,6 +222,8 @@ GLOBAL void *logctx;
 			      "All Files (*.*)\0*\0\0\0")

 #define FILTER_WAVE_FILES ("Wave Files (*.wav)\0*.WAV\0" \

 			       "All Files (*.*)\0*\0\0\0")

+#define FILTER_DYNLIB_FILES ("Dynamic Library Files (*.dll)\0*.dll\0" \

+				 "All Files (*.*)\0*\0\0\0")

 

 /*

  * On some versions of Windows, it has been known for WM_TIMER to

@@ -205,16 +240,16 @@ GLOBAL void *logctx;
  * that module must be exported from it as function pointers. So

  * here they are.

  */

-extern int (WINAPI *p_WSAAsyncSelect)

-    (SOCKET s, HWND hWnd, u_int wMsg, long lEvent);

-extern int (WINAPI *p_WSAEventSelect)

-    (SOCKET s, WSAEVENT hEventObject, long lNetworkEvents);

-extern int (WINAPI *p_select)

-    (int nfds, fd_set FAR * readfds, fd_set FAR * writefds,

-     fd_set FAR *exceptfds, const struct timeval FAR * timeout);

-extern int (WINAPI *p_WSAGetLastError)(void);

-extern int (WINAPI *p_WSAEnumNetworkEvents)

-    (SOCKET s, WSAEVENT hEventObject, LPWSANETWORKEVENTS lpNetworkEvents);

+DECL_WINDOWS_FUNCTION(GLOBAL, int, WSAAsyncSelect,

+		      (SOCKET, HWND, u_int, long));

+DECL_WINDOWS_FUNCTION(GLOBAL, int, WSAEventSelect,

+		      (SOCKET, WSAEVENT, long));

+DECL_WINDOWS_FUNCTION(GLOBAL, int, select,

+		      (int, fd_set FAR *, fd_set FAR *,

+		       fd_set FAR *, const struct timeval FAR *));

+DECL_WINDOWS_FUNCTION(GLOBAL, int, WSAGetLastError, (void));

+DECL_WINDOWS_FUNCTION(GLOBAL, int, WSAEnumNetworkEvents,

+		      (SOCKET, WSAEVENT, LPWSANETWORKEVENTS));

 

 extern int socket_writable(SOCKET skt);

 

@@ -413,6 +448,7 @@ void show_help(HWND hwnd);
  */

 extern OSVERSIONINFO osVersion;

 BOOL init_winver(void);

+HMODULE load_system32_dll(const char *libname);

 

 /*

  * Exports from sizetip.c.