diff options
| -rw-r--r-- | tools/plink/cmdline.c | 124 | ||||
| -rw-r--r-- | tools/plink/ldisc.c | 2 | ||||
| -rw-r--r-- | tools/plink/logging.c | 13 | ||||
| -rw-r--r-- | tools/plink/putty.h | 21 | ||||
| -rw-r--r-- | tools/plink/puttyps.h | 4 | ||||
| -rw-r--r-- | tools/plink/settings.c | 27 | ||||
| -rw-r--r-- | tools/plink/ssh.c | 240 | ||||
| -rw-r--r-- | tools/plink/ssh.h | 14 | ||||
| -rw-r--r-- | tools/plink/sshaes.c | 16 | ||||
| -rw-r--r-- | tools/plink/sshgss.h | 294 | ||||
| -rw-r--r-- | tools/plink/sshrand.c | 5 | ||||
| -rw-r--r-- | tools/plink/sshsh512.c | 16 | ||||
| -rw-r--r-- | tools/plink/version.c | 4 | ||||
| -rw-r--r-- | tools/plink/wingss.c | 800 | ||||
| -rw-r--r-- | tools/plink/winhelp.h | 4 | ||||
| -rw-r--r-- | tools/plink/winmisc.c | 86 | ||||
| -rw-r--r-- | tools/plink/winnet.c | 171 | ||||
| -rw-r--r-- | tools/plink/winplink.c | 12 | ||||
| -rw-r--r-- | tools/plink/winproxy.c | 2 | ||||
| -rw-r--r-- | tools/plink/winstore.c | 23 | ||||
| -rw-r--r-- | tools/plink/winstuff.h | 58 | 
21 files changed, 1298 insertions, 638 deletions
| diff --git a/tools/plink/cmdline.c b/tools/plink/cmdline.c index f3a0e22f1..6492132f1 100644 --- a/tools/plink/cmdline.c +++ b/tools/plink/cmdline.c @@ -56,20 +56,30 @@ static void cmdline_save_param(char *p, char *value, int pri)      saves[pri].nsaved++;
  }
 +static char *cmdline_password = NULL;
 +
  void cmdline_cleanup(void)
  {
      int pri;
 -    for (pri = 0; pri < NPRIORITIES; pri++)
 +    if (cmdline_password) {
 +	memset(cmdline_password, 0, strlen(cmdline_password));
 +	sfree(cmdline_password);
 +	cmdline_password = NULL;
 +    }
 +    
 +    for (pri = 0; pri < NPRIORITIES; pri++) {
  	sfree(saves[pri].params);
 +	saves[pri].params = NULL;
 +	saves[pri].savesize = 0;
 +	saves[pri].nsaved = 0;
 +    }
  }
  #define SAVEABLE(pri) do { \
      if (need_save) { cmdline_save_param(p, value, pri); return ret; } \
  } while (0)
 -static char *cmdline_password = NULL;
 -
  /*
   * Similar interface to get_userpass_input(), except that here a -1
   * return means that we aren't capable of processing the prompt and
 @@ -99,6 +109,8 @@ int cmdline_get_passwd_input(prompts_t *p, unsigned char *in, int inlen) {  	    p->prompts[0]->result_len);
      p->prompts[0]->result[p->prompts[0]->result_len-1] = '\0';
      memset(cmdline_password, 0, strlen(cmdline_password));
 +    sfree(cmdline_password);
 +    cmdline_password = NULL;
      tried_once = 1;
      return 1;
 @@ -192,6 +204,16 @@ int cmdline_process_param(char *p, char *value, int need_save, Config *cfg)  	SAVEABLE(0);
  	default_protocol = cfg->protocol = PROT_RAW;
      }
 +    if (!strcmp(p, "-serial")) {
 +	RETURN(1);
 +	/* Serial is not NONNETWORK in an odd sense of the word */
 +	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
 +	SAVEABLE(0);
 +	default_protocol = cfg->protocol = PROT_SERIAL;
 +	/* The host parameter will already be loaded into cfg->host, so copy it across */
 +	strncpy(cfg->serline, cfg->host, sizeof(cfg->serline) - 1);
 +	cfg->serline[sizeof(cfg->serline) - 1] = '\0';
 +    }
      if (!strcmp(p, "-v")) {
  	RETURN(1);
  	flags |= FLAG_VERBOSE;
 @@ -312,6 +334,7 @@ int cmdline_process_param(char *p, char *value, int need_save, Config *cfg)  	cfg->remote_cmd_ptr = command;
  	cfg->remote_cmd_ptr2 = NULL;
  	cfg->nopty = TRUE;      /* command => no terminal */
 +	fclose(fp);
      }
      if (!strcmp(p, "-P")) {
  	RETURN(2);
 @@ -435,7 +458,100 @@ int cmdline_process_param(char *p, char *value, int need_save, Config *cfg)  	SAVEABLE(1);
  	cfg->addressfamily = ADDRTYPE_IPV6;
      }
 -
 +    if (!strcmp(p, "-sercfg")) {
 +	char* nextitem;
 +	RETURN(2);
 +	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
 +	SAVEABLE(1);
 +	if (cfg->protocol != PROT_SERIAL)
 +	    cmdline_error("the -sercfg option can only be used with the "
 +			  "serial protocol");
 +	/* Value[0] contains one or more , separated values, like 19200,8,n,1,X */
 +	nextitem = value;
 +	while (nextitem[0] != '\0') {
 +	    int length, skip;
 +	    char *end = strchr(nextitem, ',');
 +	    if (!end) {
 +		length = strlen(nextitem);
 +		skip = 0;
 +	    } else {
 +		length = end - nextitem;
 +		nextitem[length] = '\0';
 +		skip = 1;
 +	    }
 +	    if (length == 1) {
 +		switch (*nextitem) {
 +		  case '1':
 +		    cfg->serstopbits = 2;
 +		    break;
 +		  case '2':
 +		    cfg->serstopbits = 4;
 +		    break;
 +
 +		  case '5':
 +		    cfg->serdatabits = 5;
 +		    break;
 +		  case '6':
 +		    cfg->serdatabits = 6;
 +		    break;
 +		  case '7':
 +		    cfg->serdatabits = 7;
 +		    break;
 +		  case '8':
 +		    cfg->serdatabits = 8;
 +		    break;
 +		  case '9':
 +		    cfg->serdatabits = 9;
 +		    break;
 +
 +		  case 'n':
 +		    cfg->serparity = SER_PAR_NONE;
 +		    break;
 +		  case 'o':
 +		    cfg->serparity = SER_PAR_ODD;
 +		    break;
 +		  case 'e':
 +		    cfg->serparity = SER_PAR_EVEN;
 +		    break;
 +		  case 'm':
 +		    cfg->serparity = SER_PAR_MARK;
 +		    break;
 +		  case 's':
 +		    cfg->serparity = SER_PAR_SPACE;
 +		    break;
 +
 +		  case 'N':
 +		    cfg->serflow = SER_FLOW_NONE;
 +		    break;
 +		  case 'X':
 +		    cfg->serflow = SER_FLOW_XONXOFF;
 +		    break;
 +		  case 'R':
 +		    cfg->serflow = SER_FLOW_RTSCTS;
 +		    break;
 +		  case 'D':
 +		    cfg->serflow = SER_FLOW_DSRDTR;
 +		    break;
 +
 +		  default:
 +		    cmdline_error("Unrecognised suboption \"-sercfg %c\"",
 +				  *nextitem);
 +		}
 +	    } else if (length == 3 && !strncmp(nextitem,"1.5",3)) {
 +		/* Messy special case */
 +		cfg->serstopbits = 3;
 +	    } else {
 +		int serspeed = atoi(nextitem);
 +		if (serspeed != 0) {
 +		    cfg->serspeed = serspeed;
 +		} else {
 +		    cmdline_error("Unrecognised suboption \"-sercfg %s\"",
 +				  nextitem);
 +		}
 +	    }
 +	    nextitem += length + skip;
 +	}
 +    }
      return ret;			       /* unrecognised */
  }
 diff --git a/tools/plink/ldisc.c b/tools/plink/ldisc.c index 20fa3c568..119a02acb 100644 --- a/tools/plink/ldisc.c +++ b/tools/plink/ldisc.c @@ -147,7 +147,7 @@ void ldisc_send(void *handle, char *buf, int len, int interactive)      if (EDITING) {
  	while (len--) {
  	    int c;
 -	    c = *buf++ + keyflag;
 +	    c = (unsigned char)(*buf++) + keyflag;
  	    if (!interactive && c == '\r')
  		c += KCTRL('@');
  	    switch (ldisc->quotenext ? ' ' : c) {
 diff --git a/tools/plink/logging.c b/tools/plink/logging.c index 6b8eaa7c5..4c7aa918c 100644 --- a/tools/plink/logging.c +++ b/tools/plink/logging.c @@ -43,7 +43,13 @@ static void logwrite(struct LogContext *ctx, void *data, int len)  	bufchain_add(&ctx->queue, data, len);
      } else if (ctx->state == L_OPEN) {
  	assert(ctx->lgfp);
 -	fwrite(data, 1, len, ctx->lgfp);
 +	if (fwrite(data, 1, len, ctx->lgfp) < len) {
 +	    logfclose(ctx);
 +	    ctx->state = L_ERROR;
 +	    /* Log state is L_ERROR so this won't cause a loop */
 +	    logevent(ctx->frontend,
 +		     "Disabled writing session log due to error while writing");
 +	}
      }				       /* else L_ERROR, so ignore the write */
  }
 @@ -101,8 +107,9 @@ static void logfopen_callback(void *handle, int mode)      }
      event = dupprintf("%s session log (%s mode) to file: %s",
 -		      (mode == 0 ? "Disabled writing" :
 -                       mode == 1 ? "Appending" : "Writing new"),
 +		      ctx->state == L_ERROR ?
 +		      (mode == 0 ? "Disabled writing" : "Error writing") :
 +		      (mode == 1 ? "Appending" : "Writing new"),
  		      (ctx->cfg.logtype == LGTYP_ASCII ? "ASCII" :
  		       ctx->cfg.logtype == LGTYP_DEBUG ? "raw" :
  		       ctx->cfg.logtype == LGTYP_PACKETS ? "SSH packets" :
 diff --git a/tools/plink/putty.h b/tools/plink/putty.h index 1fff1e74f..ac2701133 100644 --- a/tools/plink/putty.h +++ b/tools/plink/putty.h @@ -348,6 +348,19 @@ enum {      SER_FLOW_NONE, SER_FLOW_XONXOFF, SER_FLOW_RTSCTS, SER_FLOW_DSRDTR
  };
 +/*
 + * Tables of string <-> enum value mappings used in settings.c.
 + * Defined here so that backends can export their GSS library tables
 + * to the cross-platform settings code.
 + */
 +struct keyval { char *s; int v; };
 +
 +#ifndef NO_GSSAPI
 +extern const int ngsslibs;
 +extern const char *const gsslibnames[];/* for displaying in configuration */
 +extern const struct keyval gsslibkeywords[];   /* for storing by settings.c */
 +#endif
 +
  extern const char *const ttymodes[];
  enum {
 @@ -461,6 +474,8 @@ struct config_tag {      int try_ki_auth;
      int try_gssapi_auth;               /* attempt gssapi auth */
      int gssapifwd;                     /* forward tgt via gss */
 +    int ssh_gsslist[4];		       /* preference order for local GSS libs */
 +    Filename ssh_gss_custom;
      int ssh_subsys;		       /* run a subsystem rather than a command */
      int ssh_subsys2;		       /* fallback to go with remote_cmd_ptr2 */
      int ssh_no_shell;		       /* avoid running a shell */
 @@ -592,7 +607,8 @@ struct config_tag {      /* SSH bug compatibility modes */
      int sshbug_ignore1, sshbug_plainpw1, sshbug_rsa1,
  	sshbug_hmac2, sshbug_derivekey2, sshbug_rsapad2,
 -	sshbug_pksessid2, sshbug_rekey2, sshbug_maxpkt2;
 +	sshbug_pksessid2, sshbug_rekey2, sshbug_maxpkt2,
 +	sshbug_ignore2;
      /*
       * ssh_simple means that we promise never to open any channel other
       * than the main one, which means it can safely use a very large
 @@ -825,6 +841,7 @@ void term_free(Terminal *);  void term_size(Terminal *, int, int, int);
  void term_paint(Terminal *, Context, int, int, int, int, int);
  void term_scroll(Terminal *, int, int);
 +void term_scroll_to_selection(Terminal *, int);
  void term_pwron(Terminal *, int);
  void term_clrsb(Terminal *);
  void term_mouse(Terminal *, Mouse_Button, Mouse_Button, Mouse_Action,
 @@ -854,6 +871,8 @@ char *term_get_ttymode(Terminal *term, const char *mode);  int term_get_userpass_input(Terminal *term, prompts_t *p,
  			    unsigned char *in, int inlen);
 +int format_arrow_key(char *buf, Terminal *term, int xkey, int ctrl);
 +
  /*
   * Exports from logging.c.
   */
 diff --git a/tools/plink/puttyps.h b/tools/plink/puttyps.h index e7d280814..454f6055a 100644 --- a/tools/plink/puttyps.h +++ b/tools/plink/puttyps.h @@ -9,10 +9,6 @@  #include "winstuff.h"
 -#elif defined(macintosh)
 -
 -#include "macstuff.h"
 -
  #elif defined(MACOSX)
  #include "osx.h"
 diff --git a/tools/plink/settings.c b/tools/plink/settings.c index 31d4e1fff..bd6b97495 100644 --- a/tools/plink/settings.c +++ b/tools/plink/settings.c @@ -8,11 +8,6 @@  #include "putty.h"
  #include "storage.h"
 -/*
 - * Tables of string <-> enum value mappings
 - */
 -struct keyval { char *s; int v; };
 -
  /* The cipher order given here is the default order. */
  static const struct keyval ciphernames[] = {
      { "aes",	    CIPHER_AES },
 @@ -84,9 +79,13 @@ int get_remote_username(Config *cfg, char *user, size_t len)  	if (cfg->username_from_env) {
  	    /* Use local username. */
  	    char *luser = get_username();
 -	    strncpy(user, luser, len);
 -	    user[len-1] = '\0';
 -	    sfree(luser);
 +	    if (luser) {
 +		strncpy(user, luser, len);
 +		user[len-1] = '\0';
 +		sfree(luser);
 +	    } else {
 +		*user = '\0';
 +	    }
  	} else {
  	    *user = '\0';
  	}
 @@ -352,6 +351,11 @@ void save_open_settings(void *sesskey, Config *cfg)      write_setting_i(sesskey, "AuthTIS", cfg->try_tis_auth);
      write_setting_i(sesskey, "AuthKI", cfg->try_ki_auth);
      write_setting_i(sesskey, "AuthGSSAPI", cfg->try_gssapi_auth);
 +#ifndef NO_GSSAPI
 +    wprefs(sesskey, "GSSLibs", gsslibkeywords, ngsslibs,
 +	   cfg->ssh_gsslist);
 +    write_setting_filename(sesskey, "GSSCustom", cfg->ssh_gss_custom);
 +#endif
      write_setting_i(sesskey, "SshNoShell", cfg->ssh_no_shell);
      write_setting_i(sesskey, "SshProt", cfg->sshprot);
      write_setting_s(sesskey, "LogHost", cfg->loghost);
 @@ -473,6 +477,7 @@ void save_open_settings(void *sesskey, Config *cfg)      write_setting_i(sesskey, "BugIgnore1", 2-cfg->sshbug_ignore1);
      write_setting_i(sesskey, "BugPlainPW1", 2-cfg->sshbug_plainpw1);
      write_setting_i(sesskey, "BugRSA1", 2-cfg->sshbug_rsa1);
 +    write_setting_i(sesskey, "BugIgnore2", 2-cfg->sshbug_ignore2);
      write_setting_i(sesskey, "BugHMAC2", 2-cfg->sshbug_hmac2);
      write_setting_i(sesskey, "BugDeriveKey2", 2-cfg->sshbug_derivekey2);
      write_setting_i(sesskey, "BugRSAPad2", 2-cfg->sshbug_rsapad2);
 @@ -640,6 +645,11 @@ void load_open_settings(void *sesskey, Config *cfg)      gppi(sesskey, "AuthTIS", 0, &cfg->try_tis_auth);
      gppi(sesskey, "AuthKI", 1, &cfg->try_ki_auth);
      gppi(sesskey, "AuthGSSAPI", 1, &cfg->try_gssapi_auth);
 +#ifndef NO_GSSAPI
 +    gprefs(sesskey, "GSSLibs", "\0",
 +	   gsslibkeywords, ngsslibs, cfg->ssh_gsslist);
 +    gppfile(sesskey, "GSSCustom", &cfg->ssh_gss_custom);
 +#endif
      gppi(sesskey, "SshNoShell", 0, &cfg->ssh_no_shell);
      gppfile(sesskey, "PublicKeyFile", &cfg->keyfile);
      gpps(sesskey, "RemoteCommand", "", cfg->remote_cmd,
 @@ -813,6 +823,7 @@ void load_open_settings(void *sesskey, Config *cfg)      gppi(sesskey, "BugIgnore1", 0, &i); cfg->sshbug_ignore1 = 2-i;
      gppi(sesskey, "BugPlainPW1", 0, &i); cfg->sshbug_plainpw1 = 2-i;
      gppi(sesskey, "BugRSA1", 0, &i); cfg->sshbug_rsa1 = 2-i;
 +    gppi(sesskey, "BugIgnore2", 0, &i); cfg->sshbug_ignore2 = 2-i;
      {
  	int i;
  	gppi(sesskey, "BugHMAC2", 0, &i); cfg->sshbug_hmac2 = 2-i;
 diff --git a/tools/plink/ssh.c b/tools/plink/ssh.c index 89c0433ca..7c9b929de 100644 --- a/tools/plink/ssh.c +++ b/tools/plink/ssh.c @@ -13,6 +13,7 @@  #include "tree234.h"
  #include "ssh.h"
  #ifndef NO_GSSAPI
 +#include "sshgssc.h"
  #include "sshgss.h"
  #endif
 @@ -194,6 +195,7 @@ static const char *const ssh2_disconnect_reasons[] = {  #define BUG_SSH2_REKEY                           64
  #define BUG_SSH2_PK_SESSIONID                   128
  #define BUG_SSH2_MAXPKT				256
 +#define BUG_CHOKES_ON_SSH2_IGNORE               512
  /*
   * Codes for terminal modes.
 @@ -588,6 +590,17 @@ struct ssh_channel {       * A channel is completely finished with when all four bits are set.
       */
      int closes;
 +
 +    /*
 +     * This flag indicates that a close is pending on the outgoing
 +     * side of the channel: that is, wherever we're getting the data
 +     * for this channel has sent us some data followed by EOF. We
 +     * can't actually close the channel until we've finished sending
 +     * the data, so we set this flag instead to remind us to
 +     * initiate the closing process once our buffer is clear.
 +     */
 +    int pending_close;
 +
      /*
       * True if this channel is causing the underlying connection to be
       * throttled.
 @@ -928,6 +941,13 @@ struct ssh_tag {       * Fully qualified host name, which we need if doing GSSAPI.
       */
      char *fullhostname;
 +
 +#ifndef NO_GSSAPI
 +    /*
 +     * GSSAPI libraries for this session.
 +     */
 +    struct ssh_gss_liblist *gsslibs;
 +#endif
  };
  #define logevent(s) logevent(ssh->frontend, s)
 @@ -2011,7 +2031,8 @@ static void ssh2_pkt_defer_noqueue(Ssh ssh, struct Packet *pkt, int noignore)  {
      int len;
      if (ssh->cscipher != NULL && (ssh->cscipher->flags & SSH_CIPHER_IS_CBC) &&
 -	ssh->deferred_len == 0 && !noignore) {
 +	ssh->deferred_len == 0 && !noignore &&
 +	!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
  	/*
  	 * Interpose an SSH_MSG_IGNORE to ensure that user data don't
  	 * get encrypted with a known IV.
 @@ -2141,7 +2162,8 @@ static void ssh2_pkt_send_with_padding(Ssh ssh, struct Packet *pkt,  	 * unavailable, we don't do this trick at all, because we
  	 * gain nothing by it.)
  	 */
 -	if (ssh->cscipher) {
 +	if (ssh->cscipher &&
 +	    !(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
  	    int stringlen, i;
  	    stringlen = (256 - ssh->deferred_len);
 @@ -2508,6 +2530,15 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)  	ssh->remote_bugs |= BUG_SSH2_MAXPKT;
  	logevent("We believe remote version ignores SSH-2 maximum packet size");
      }
 +
 +    if (ssh->cfg.sshbug_ignore2 == FORCE_ON) {
 +	/*
 +	 * Servers that don't support SSH2_MSG_IGNORE. Currently,
 +	 * none detected automatically.
 +	 */
 +	ssh->remote_bugs |= BUG_CHOKES_ON_SSH2_IGNORE;
 +	logevent("We believe remote version has SSH-2 ignore bug");
 +    }
  }
  /*
 @@ -2853,6 +2884,8 @@ static int ssh_do_close(Ssh ssh, int notify_exit)  	    del234(ssh->portfwds, pf); /* moving next one to index 0 */
  	    free_portfwd(pf);
  	}
 +	freetree234(ssh->portfwds);
 +	ssh->portfwds = NULL;
      }
      return ret;
 @@ -4138,7 +4171,7 @@ void sshfwd_close(struct ssh_channel *c)      if (ssh->state == SSH_STATE_CLOSED)
  	return;
 -    if (c && !c->closes) {
 +    if (!c->closes) {
  	/*
  	 * If halfopen is true, we have sent
  	 * CHANNEL_OPEN for this channel, but it hasn't even been
 @@ -4150,14 +4183,42 @@ void sshfwd_close(struct ssh_channel *c)  	    if (ssh->version == 1) {
  		send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
  			    PKT_END);
 +		c->closes = 1;		       /* sent MSG_CLOSE */
  	    } else {
 -		struct Packet *pktout;
 -		pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
 -		ssh2_pkt_adduint32(pktout, c->remoteid);
 -		ssh2_pkt_send(ssh, pktout);
 +		int bytes_to_send = bufchain_size(&c->v.v2.outbuffer);
 +		if (bytes_to_send > 0) {
 +		    /*
 +		     * If we still have unsent data in our outgoing
 +		     * buffer for this channel, we can't actually
 +		     * initiate a close operation yet or that data
 +		     * will be lost. Instead, set the pending_close
 +		     * flag so that when we do clear the buffer
 +		     * we'll start closing the channel.
 +		     */
 +		    char logmsg[160] = {'\0'};
 +		    sprintf(
 +			    logmsg,
 +			    "Forwarded port pending to be closed : "
 +			    "%d bytes remaining",
 +			    bytes_to_send);
 +		    logevent(logmsg);
 +
 +		    c->pending_close = TRUE;
 +		} else {
 +		    /*
 +		     * No locally buffered data, so we can send the
 +		     * close message immediately.
 +		     */
 +		    struct Packet *pktout;
 +		    pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
 +		    ssh2_pkt_adduint32(pktout, c->remoteid);
 +		    ssh2_pkt_send(ssh, pktout);
 +		    c->closes = 1;		       /* sent MSG_CLOSE */
 +		    logevent("Nothing left to send, closing channel");
 +		}
  	    }
  	}
 -	c->closes = 1;		       /* sent MSG_CLOSE */
 +
  	if (c->type == CHAN_X11) {
  	    c->u.x11.s = NULL;
  	    logevent("Forwarded X11 connection terminated");
 @@ -4296,6 +4357,7 @@ static void ssh_rportfwd_succfail(Ssh ssh, struct Packet *pktin, void *ctx)  	rpf = del234(ssh->rportfwds, pf);
  	assert(rpf == pf);
 +	pf->pfrec->remote = NULL;
  	free_rportfwd(pf);
      }
  }
 @@ -4427,12 +4489,19 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)  	    epfrec = add234(ssh->portfwds, pfrec);
  	    if (epfrec != pfrec) {
 +		if (epfrec->status == DESTROY) {
 +		    /*
 +		     * We already have a port forwarding up and running
 +		     * with precisely these parameters. Hence, no need
 +		     * to do anything; simply re-tag the existing one
 +		     * as KEEP.
 +		     */
 +		    epfrec->status = KEEP;
 +		}
  		/*
 -		 * We already have a port forwarding with precisely
 -		 * these parameters. Hence, no need to do anything;
 -		 * simply tag the existing one as KEEP.
 +		 * Anything else indicates that there was a duplicate
 +		 * in our input, which we'll silently ignore.
  		 */
 -		epfrec->status = KEEP;
  		free_portfwd(pfrec);
  	    } else {
  		pfrec->status = CREATE;
 @@ -4465,6 +4534,8 @@ static void ssh_setup_portfwd(Ssh ssh, const Config *cfg)  	    logeventf(ssh, "Cancelling %s", message);
  	    sfree(message);
 +	    /* epf->remote or epf->local may be NULL if setting up a
 +	     * forwarding failed. */
  	    if (epf->remote) {
  		struct ssh_rportfwd *rpf = epf->remote;
  		struct Packet *pktout;
 @@ -4674,6 +4745,7 @@ static void ssh1_smsg_x11_open(Ssh ssh, struct Packet *pktin)  	    c->halfopen = FALSE;
  	    c->localid = alloc_channel_id(ssh);
  	    c->closes = 0;
 +	    c->pending_close = FALSE;
  	    c->throttling_conn = 0;
  	    c->type = CHAN_X11;	/* identify channel type */
  	    add234(ssh->channels, c);
 @@ -4703,6 +4775,7 @@ static void ssh1_smsg_agent_open(Ssh ssh, struct Packet *pktin)  	c->halfopen = FALSE;
  	c->localid = alloc_channel_id(ssh);
  	c->closes = 0;
 +	c->pending_close = FALSE;
  	c->throttling_conn = 0;
  	c->type = CHAN_AGENT;	/* identify channel type */
  	c->u.a.lensofar = 0;
 @@ -4757,6 +4830,7 @@ static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin)  	    c->halfopen = FALSE;
  	    c->localid = alloc_channel_id(ssh);
  	    c->closes = 0;
 +	    c->pending_close = FALSE;
  	    c->throttling_conn = 0;
  	    c->type = CHAN_SOCKDATA;	/* identify channel type */
  	    add234(ssh->channels, c);
 @@ -6323,7 +6397,7 @@ static int ssh2_try_send(struct ssh_channel *c)      return bufchain_size(&c->v.v2.outbuffer);
  }
 -static void ssh2_try_send_and_unthrottle(struct ssh_channel *c)
 +static void ssh2_try_send_and_unthrottle(Ssh ssh, struct ssh_channel *c)
  {
      int bufsize;
      if (c->closes)
 @@ -6347,6 +6421,19 @@ static void ssh2_try_send_and_unthrottle(struct ssh_channel *c)  	    break;
  	}
      }
 +
 +    /*
 +     * If we've emptied the channel's output buffer and there's a
 +     * pending close event, start the channel-closing procedure.
 +     */
 +    if (c->pending_close && bufchain_size(&c->v.v2.outbuffer) == 0) {
 +	struct Packet *pktout;
 +	pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
 +	ssh2_pkt_adduint32(pktout, c->remoteid);
 +	ssh2_pkt_send(ssh, pktout);
 +	c->closes = 1;
 +	c->pending_close = FALSE;
 +    }
  }
  /*
 @@ -6357,6 +6444,7 @@ static void ssh2_channel_init(struct ssh_channel *c)      Ssh ssh = c->ssh;
      c->localid = alloc_channel_id(ssh);
      c->closes = 0;
 +    c->pending_close = FALSE;
      c->throttling_conn = FALSE;
      c->v.v2.locwindow = c->v.v2.locmaxwin = c->v.v2.remlocwin =
  	ssh->cfg.ssh_simple ? OUR_V2_BIGWIN : OUR_V2_WINSIZE;
 @@ -6540,7 +6628,7 @@ static void ssh2_msg_channel_window_adjust(Ssh ssh, struct Packet *pktin)  	return;
      if (!c->closes) {
  	c->v.v2.remwindow += ssh_pkt_getuint32(pktin);
 -	ssh2_try_send_and_unthrottle(c);
 +	ssh2_try_send_and_unthrottle(ssh, c);
      }
  }
 @@ -6661,11 +6749,13 @@ static void ssh2_msg_channel_eof(Ssh ssh, struct Packet *pktin)  	 * wrap up and close the channel ourselves.
  	 */
  	x11_close(c->u.x11.s);
 +	c->u.x11.s = NULL;
  	sshfwd_close(c);
      } else if (c->type == CHAN_AGENT) {
  	sshfwd_close(c);
      } else if (c->type == CHAN_SOCKDATA) {
  	pfd_close(c->u.pfd.s);
 +	c->u.pfd.s = NULL;
  	sshfwd_close(c);
      }
  }
 @@ -7186,6 +7276,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  	int num_env, env_left, env_ok;
  	struct Packet *pktout;
  #ifndef NO_GSSAPI
 +	struct ssh_gss_library *gsslib;
  	Ssh_gss_ctx gss_ctx;
  	Ssh_gss_buf gss_buf;
  	Ssh_gss_buf gss_rcvtok, gss_sndtok;
 @@ -7454,6 +7545,9 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  	}
  	while (1) {
 +	    char *methods = NULL;
 +	    int methlen = 0;
 +
  	    /*
  	     * Wait for the result of the last authentication request.
  	     */
 @@ -7503,8 +7597,6 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  	     * helpfully try next.
  	     */
  	    if (pktin->type == SSH2_MSG_USERAUTH_FAILURE) {
 -		char *methods;
 -		int methlen;
  		ssh_pkt_getstring(pktin, &methods, &methlen);
  		if (!ssh2_pkt_getbool(pktin)) {
  		    /*
 @@ -7560,10 +7652,12 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  		    in_commasep_string("password", methods, methlen);
  		s->can_keyb_inter = ssh->cfg.try_ki_auth &&
  		    in_commasep_string("keyboard-interactive", methods, methlen);
 -#ifndef NO_GSSAPI		
 +#ifndef NO_GSSAPI
 +		if (!ssh->gsslibs)
 +		    ssh->gsslibs = ssh_gss_setup(&ssh->cfg);
  		s->can_gssapi = ssh->cfg.try_gssapi_auth &&
 -		  in_commasep_string("gssapi-with-mic", methods, methlen) &&
 -		  ssh_gss_init();
 +		    in_commasep_string("gssapi-with-mic", methods, methlen) &&
 +		    ssh->gsslibs->nlibraries > 0;
  #endif
  	    }
 @@ -7906,6 +8000,35 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  		s->gotit = TRUE;
  		ssh->pkt_actx = SSH2_PKTCTX_GSSAPI;
 +		/*
 +		 * Pick the highest GSS library on the preference
 +		 * list.
 +		 */
 +		{
 +		    int i, j;
 +		    s->gsslib = NULL;
 +		    for (i = 0; i < ngsslibs; i++) {
 +			int want_id = ssh->cfg.ssh_gsslist[i];
 +			for (j = 0; j < ssh->gsslibs->nlibraries; j++)
 +			    if (ssh->gsslibs->libraries[j].id == want_id) {
 +				s->gsslib = &ssh->gsslibs->libraries[j];
 +				goto got_gsslib;   /* double break */
 +			    }
 +		    }
 +		    got_gsslib:
 +		    /*
 +		     * We always expect to have found something in
 +		     * the above loop: we only came here if there
 +		     * was at least one viable GSS library, and the
 +		     * preference list should always mention
 +		     * everything and only change the order.
 +		     */
 +		    assert(s->gsslib);
 +		}
 +
 +		if (s->gsslib->gsslogmsg)
 +		    logevent(s->gsslib->gsslogmsg);
 +
  		/* Sending USERAUTH_REQUEST with "gssapi-with-mic" method */
  		s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_REQUEST);
  		ssh2_pkt_addstring(s->pktout, s->username);
 @@ -7913,7 +8036,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  		ssh2_pkt_addstring(s->pktout, "gssapi-with-mic");
  		/* add mechanism info */
 -		ssh_gss_indicate_mech(&s->gss_buf);
 +		s->gsslib->indicate_mech(s->gsslib, &s->gss_buf);
  		/* number of GSSAPI mechanisms */
  		ssh2_pkt_adduint32(s->pktout,1);
 @@ -7949,8 +8072,9 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  		}
  		/* now start running */
 -		s->gss_stat = ssh_gss_import_name(ssh->fullhostname,
 -						  &s->gss_srv_name);
 +		s->gss_stat = s->gsslib->import_name(s->gsslib,
 +						     ssh->fullhostname,
 +						     &s->gss_srv_name);
  		if (s->gss_stat != SSH_GSS_OK) {
  		    if (s->gss_stat == SSH_GSS_BAD_HOST_NAME)
  			logevent("GSSAPI import name failed - Bad service name");
 @@ -7960,11 +8084,11 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  		}
  		/* fetch TGT into GSS engine */
 -		s->gss_stat = ssh_gss_acquire_cred(&s->gss_ctx);
 +		s->gss_stat = s->gsslib->acquire_cred(s->gsslib, &s->gss_ctx);
  		if (s->gss_stat != SSH_GSS_OK) {
  		    logevent("GSSAPI authentication failed to get credentials");
 -		    ssh_gss_release_name(&s->gss_srv_name);
 +		    s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
  		    continue;
  		}
 @@ -7974,17 +8098,20 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  		/* now enter the loop */
  		do {
 -		    s->gss_stat = ssh_gss_init_sec_context(&s->gss_ctx,
 -							   s->gss_srv_name,
 -							   ssh->cfg.gssapifwd,
 -							   &s->gss_rcvtok,
 -							   &s->gss_sndtok);
 +		    s->gss_stat = s->gsslib->init_sec_context
 +			(s->gsslib,
 +			 &s->gss_ctx,
 +			 s->gss_srv_name,
 +			 ssh->cfg.gssapifwd,
 +			 &s->gss_rcvtok,
 +			 &s->gss_sndtok);
  		    if (s->gss_stat!=SSH_GSS_S_COMPLETE &&
  			s->gss_stat!=SSH_GSS_S_CONTINUE_NEEDED) {
  			logevent("GSSAPI authentication initialisation failed");
 -			if (ssh_gss_display_status(s->gss_ctx,&s->gss_buf) == SSH_GSS_OK) {
 +			if (s->gsslib->display_status(s->gsslib, s->gss_ctx,
 +						      &s->gss_buf) == SSH_GSS_OK) {
  			    logevent(s->gss_buf.value);
  			    sfree(s->gss_buf.value);
  			}
 @@ -8001,7 +8128,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  			ssh_pkt_addstring_start(s->pktout);
  			ssh_pkt_addstring_data(s->pktout,s->gss_sndtok.value,s->gss_sndtok.length);
  			ssh2_pkt_send(ssh, s->pktout);
 -			ssh_gss_free_tok(&s->gss_sndtok);
 +			s->gsslib->free_tok(s->gsslib, &s->gss_sndtok);
  		    }
  		    if (s->gss_stat == SSH_GSS_S_CONTINUE_NEEDED) {
 @@ -8018,8 +8145,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  		} while (s-> gss_stat == SSH_GSS_S_CONTINUE_NEEDED);
  		if (s->gss_stat != SSH_GSS_OK) {
 -		    ssh_gss_release_name(&s->gss_srv_name);
 -		    ssh_gss_release_cred(&s->gss_ctx);
 +		    s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
 +		    s->gsslib->release_cred(s->gsslib, &s->gss_ctx);
  		    continue;
  		}
  		logevent("GSSAPI authentication loop finished OK");
 @@ -8038,17 +8165,17 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  		s->gss_buf.value = (char *)s->pktout->data + micoffset;
  		s->gss_buf.length = s->pktout->length - micoffset;
 -		ssh_gss_get_mic(s->gss_ctx, &s->gss_buf, &mic);
 +		s->gsslib->get_mic(s->gsslib, s->gss_ctx, &s->gss_buf, &mic);
  		s->pktout = ssh2_pkt_init(SSH2_MSG_USERAUTH_GSSAPI_MIC);
  		ssh_pkt_addstring_start(s->pktout);
  		ssh_pkt_addstring_data(s->pktout, mic.value, mic.length);
  		ssh2_pkt_send(ssh, s->pktout);
 -		ssh_gss_free_mic(&mic);
 +		s->gsslib->free_mic(s->gsslib, &mic);
  		s->gotit = FALSE;
 -		ssh_gss_release_name(&s->gss_srv_name);
 -		ssh_gss_release_cred(&s->gss_ctx);
 +		s->gsslib->release_name(s->gsslib, &s->gss_srv_name);
 +		s->gsslib->release_cred(s->gsslib, &s->gss_ctx);
  		continue;
  #endif
  	    } else if (s->can_keyb_inter && !s->kbd_inter_refused) {
 @@ -8434,11 +8561,16 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  		sfree(s->password);
  	    } else {
 +		char *str = dupprintf("No supported authentication methods available"
 +				      " (server sent: %.*s)",
 +				      methlen, methods);
 -		ssh_disconnect(ssh, NULL,
 +		ssh_disconnect(ssh, str,
  			       "No supported authentication methods available",
  			       SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE,
  			       FALSE);
 +		sfree(str);
 +
  		crStopV;
  	    }
 @@ -8877,7 +9009,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen,  	     * Try to send data on all channels if we can.
  	     */
  	    for (i = 0; NULL != (c = index234(ssh->channels, i)); i++)
 -		ssh2_try_send_and_unthrottle(c);
 +		ssh2_try_send_and_unthrottle(ssh, c);
  	}
      }
 @@ -9159,6 +9291,10 @@ static const char *ssh_init(void *frontend_handle, void **backend_handle,      ssh->max_data_size = parse_blocksize(ssh->cfg.ssh_rekey_data);
      ssh->kex_in_progress = FALSE;
 +#ifndef NO_GSSAPI
 +    ssh->gsslibs = NULL;
 +#endif
 +
      p = connect_to_host(ssh, host, port, realhost, nodelay, keepalive);
      if (p != NULL)
  	return p;
 @@ -9231,7 +9367,7 @@ static void ssh_free(void *handle)      if (ssh->rportfwds) {
  	while ((pf = delpos234(ssh->rportfwds, 0)) != NULL)
 -	    sfree(pf);
 +	    free_rportfwd(pf);
  	freetree234(ssh->rportfwds);
  	ssh->rportfwds = NULL;
      }
 @@ -9255,6 +9391,10 @@ static void ssh_free(void *handle)      if (ssh->pinger)
  	pinger_free(ssh->pinger);
      bufchain_clear(&ssh->queued_incoming_data);
 +#ifndef NO_GSSAPI
 +    if (ssh->gsslibs)
 +	ssh_gss_cleanup(ssh->gsslibs);
 +#endif
      sfree(ssh);
      random_unref();
 @@ -9415,8 +9555,10 @@ static const struct telnet_special *ssh_get_specials(void *handle)      static const struct telnet_special ssh1_ignore_special[] = {
  	{"IGNORE message", TS_NOP}
      };
 -    static const struct telnet_special ssh2_transport_specials[] = {
 +    static const struct telnet_special ssh2_ignore_special[] = {
  	{"IGNORE message", TS_NOP},
 +    };
 +    static const struct telnet_special ssh2_rekey_special[] = {
  	{"Repeat key exchange", TS_REKEY},
      };
      static const struct telnet_special ssh2_session_specials[] = {
 @@ -9441,7 +9583,8 @@ static const struct telnet_special *ssh_get_specials(void *handle)  	{NULL, TS_EXITMENU}
      };
      /* XXX review this length for any changes: */
 -    static struct telnet_special ssh_specials[lenof(ssh2_transport_specials) +
 +    static struct telnet_special ssh_specials[lenof(ssh2_ignore_special) +
 +					      lenof(ssh2_rekey_special) +
  					      lenof(ssh2_session_specials) +
  					      lenof(specials_end)];
      Ssh ssh = (Ssh) handle;
 @@ -9460,7 +9603,10 @@ static const struct telnet_special *ssh_get_specials(void *handle)  	if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
  	    ADD_SPECIALS(ssh1_ignore_special);
      } else if (ssh->version == 2) {
 -	ADD_SPECIALS(ssh2_transport_specials);
 +	if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE))
 +	    ADD_SPECIALS(ssh2_ignore_special);
 +	if (!(ssh->remote_bugs & BUG_SSH2_REKEY))
 +	    ADD_SPECIALS(ssh2_rekey_special);
  	if (ssh->mainchan)
  	    ADD_SPECIALS(ssh2_session_specials);
      } /* else we're not ready yet */
 @@ -9510,9 +9656,11 @@ static void ssh_special(void *handle, Telnet_Special code)  	    if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE))
  		send_packet(ssh, SSH1_MSG_IGNORE, PKT_STR, "", PKT_END);
  	} else {
 -	    pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);
 -	    ssh2_pkt_addstring_start(pktout);
 -	    ssh2_pkt_send_noqueue(ssh, pktout);
 +	    if (!(ssh->remote_bugs & BUG_CHOKES_ON_SSH2_IGNORE)) {
 +		pktout = ssh2_pkt_init(SSH2_MSG_IGNORE);
 +		ssh2_pkt_addstring_start(pktout);
 +		ssh2_pkt_send_noqueue(ssh, pktout);
 +	    }
  	}
      } else if (code == TS_REKEY) {
  	if (!ssh->kex_in_progress && ssh->version == 2) {
 diff --git a/tools/plink/ssh.h b/tools/plink/ssh.h index 814939c2b..86c402965 100644 --- a/tools/plink/ssh.h +++ b/tools/plink/ssh.h @@ -71,8 +71,12 @@ unsigned char *rsa_public_blob(struct RSAKey *key, int *len);  int rsa_public_blob_len(void *data, int maxlen);
  void freersakey(struct RSAKey *key);
 -typedef unsigned int word32;
 +#ifndef PUTTY_UINT32_DEFINED
 +/* This makes assumptions about the int type. */
  typedef unsigned int uint32;
 +#define PUTTY_UINT32_DEFINED
 +#endif
 +typedef uint32 word32;
  unsigned long crc32_compute(const void *s, size_t len);
  unsigned long crc32_update(unsigned long crc_input, const void *s, size_t len);
 @@ -290,6 +294,14 @@ extern const struct ssh_mac ssh_hmac_sha1_buggy;  extern const struct ssh_mac ssh_hmac_sha1_96;
  extern const struct ssh_mac ssh_hmac_sha1_96_buggy;
 +void *aes_make_context(void);
 +void aes_free_context(void *handle);
 +void aes128_key(void *handle, unsigned char *key);
 +void aes192_key(void *handle, unsigned char *key);
 +void aes256_key(void *handle, unsigned char *key);
 +void aes_iv(void *handle, unsigned char *iv);
 +void aes_ssh2_encrypt_blk(void *handle, unsigned char *blk, int len);
 +void aes_ssh2_decrypt_blk(void *handle, unsigned char *blk, int len);
  /*
   * PuTTY version number formatted as an SSH version string. 
 diff --git a/tools/plink/sshaes.c b/tools/plink/sshaes.c index 089e6c5d8..7684cd949 100644 --- a/tools/plink/sshaes.c +++ b/tools/plink/sshaes.c @@ -1097,35 +1097,35 @@ static void aes_sdctr(unsigned char *blk, int len, AESContext *ctx)      memcpy(ctx->iv, iv, sizeof(iv));
  }
 -static void *aes_make_context(void)
 +void *aes_make_context(void)
  {
      return snew(AESContext);
  }
 -static void aes_free_context(void *handle)
 +void aes_free_context(void *handle)
  {
      sfree(handle);
  }
 -static void aes128_key(void *handle, unsigned char *key)
 +void aes128_key(void *handle, unsigned char *key)
  {
      AESContext *ctx = (AESContext *)handle;
      aes_setup(ctx, 16, key, 16);
  }
 -static void aes192_key(void *handle, unsigned char *key)
 +void aes192_key(void *handle, unsigned char *key)
  {
      AESContext *ctx = (AESContext *)handle;
      aes_setup(ctx, 16, key, 24);
  }
 -static void aes256_key(void *handle, unsigned char *key)
 +void aes256_key(void *handle, unsigned char *key)
  {
      AESContext *ctx = (AESContext *)handle;
      aes_setup(ctx, 16, key, 32);
  }
 -static void aes_iv(void *handle, unsigned char *iv)
 +void aes_iv(void *handle, unsigned char *iv)
  {
      AESContext *ctx = (AESContext *)handle;
      int i;
 @@ -1133,13 +1133,13 @@ static void aes_iv(void *handle, unsigned char *iv)  	ctx->iv[i] = GET_32BIT_MSB_FIRST(iv + 4 * i);
  }
 -static void aes_ssh2_encrypt_blk(void *handle, unsigned char *blk, int len)
 +void aes_ssh2_encrypt_blk(void *handle, unsigned char *blk, int len)
  {
      AESContext *ctx = (AESContext *)handle;
      aes_encrypt_cbc(blk, len, ctx);
  }
 -static void aes_ssh2_decrypt_blk(void *handle, unsigned char *blk, int len)
 +void aes_ssh2_decrypt_blk(void *handle, unsigned char *blk, int len)
  {
      AESContext *ctx = (AESContext *)handle;
      aes_decrypt_cbc(blk, len, ctx);
 diff --git a/tools/plink/sshgss.h b/tools/plink/sshgss.h index 2115cb124..5d8fca1b7 100644 --- a/tools/plink/sshgss.h +++ b/tools/plink/sshgss.h @@ -1,106 +1,188 @@ -#include "puttyps.h" - -#define SSH2_GSS_OIDTYPE 0x06 -typedef void *Ssh_gss_ctx; - -typedef enum Ssh_gss_stat { -    SSH_GSS_OK = 0, -    SSH_GSS_S_CONTINUE_NEEDED, -    SSH_GSS_NO_MEM, -    SSH_GSS_BAD_HOST_NAME, -    SSH_GSS_FAILURE -} Ssh_gss_stat; - -#define SSH_GSS_S_COMPLETE SSH_GSS_OK - -#define SSH_GSS_CLEAR_BUF(buf) do {		\ -    (*buf).length = 0;				\ -    (*buf).value = NULL;				\ -} while (0) - -/* Functions, provided by either wingss.c or uxgss.c */ - -/* - * Do startup-time initialisation for using GSSAPI. (On Windows, - * for instance, this dynamically loads the GSSAPI DLL and - * retrieves some function pointers.) - * - * Return value is 1 on success, or 0 if initialisation failed. - * - * May be called multiple times (since the most convenient place - * to call it _from_ is the ssh.c setup code), and will harmlessly - * return success if already initialised. - */ -int ssh_gss_init(void); - -/* - * Fills in buf with a string describing the GSSAPI mechanism in - * use. buf->data is not dynamically allocated. - */ -Ssh_gss_stat ssh_gss_indicate_mech(Ssh_gss_buf *buf); - -/* - * Converts a name such as a hostname into a GSSAPI internal form, - * which is placed in "out". The result should be freed by - * ssh_gss_release_name(). - */ -Ssh_gss_stat ssh_gss_import_name(char *in, Ssh_gss_name *out); - -/* - * Frees the contents of an Ssh_gss_name structure filled in by - * ssh_gss_import_name(). - */ -Ssh_gss_stat ssh_gss_release_name(Ssh_gss_name *name); - -/* - * The main GSSAPI security context setup function. The "out" - * parameter will need to be freed by ssh_gss_free_tok. - */ -Ssh_gss_stat ssh_gss_init_sec_context(Ssh_gss_ctx *ctx, Ssh_gss_name name, int delegate, -				      Ssh_gss_buf *in, Ssh_gss_buf *out); - -/* - * Frees the contents of an Ssh_gss_buf filled in by - * ssh_gss_init_sec_context(). Do not accidentally call this on - * something filled in by ssh_gss_get_mic() (which requires a - * different free function) or something filled in by any other - * way. - */ -Ssh_gss_stat ssh_gss_free_tok(Ssh_gss_buf *); - -/* - * Acquires the credentials to perform authentication in the first - * place. Needs to be freed by ssh_gss_release_cred(). - */ -Ssh_gss_stat ssh_gss_acquire_cred(Ssh_gss_ctx *); - -/* - * Frees the contents of an Ssh_gss_ctx filled in by - * ssh_gss_acquire_cred(). - */ -Ssh_gss_stat ssh_gss_release_cred(Ssh_gss_ctx *); - -/* - * Gets a MIC for some input data. "out" needs to be freed by - * ssh_gss_free_mic(). - */ -Ssh_gss_stat ssh_gss_get_mic(Ssh_gss_ctx ctx, Ssh_gss_buf *in, -			     Ssh_gss_buf *out); - -/* - * Frees the contents of an Ssh_gss_buf filled in by - * ssh_gss_get_mic(). Do not accidentally call this on something - * filled in by ssh_gss_init_sec_context() (which requires a - * different free function) or something filled in by any other - * way. - */ -Ssh_gss_stat ssh_gss_free_mic(Ssh_gss_buf *); - -/* - * Return an error message after authentication failed. The - * message string is returned in "buf", with buf->len giving the - * number of characters of printable message text and buf->data - * containing one more character which is a trailing NUL. - * buf->data should be manually freed by the caller.  - */ -Ssh_gss_stat ssh_gss_display_status(Ssh_gss_ctx, Ssh_gss_buf *buf); +#ifndef PUTTY_SSHGSS_H
 +#define PUTTY_SSHGSS_H
 +#include "putty.h"
 +#include "pgssapi.h"
 +
 +#ifndef NO_GSSAPI
 +
 +#define SSH2_GSS_OIDTYPE 0x06
 +typedef void *Ssh_gss_ctx;
 +
 +typedef enum Ssh_gss_stat {
 +    SSH_GSS_OK = 0,
 +    SSH_GSS_S_CONTINUE_NEEDED,
 +    SSH_GSS_NO_MEM,
 +    SSH_GSS_BAD_HOST_NAME,
 +    SSH_GSS_FAILURE
 +} Ssh_gss_stat;
 +
 +#define SSH_GSS_S_COMPLETE SSH_GSS_OK
 +
 +#define SSH_GSS_CLEAR_BUF(buf) do {		\
 +    (*buf).length = 0;				\
 +    (*buf).value = NULL;				\
 +} while (0)
 +
 +typedef gss_buffer_desc Ssh_gss_buf;
 +typedef gss_name_t Ssh_gss_name;
 +
 +/* Functions, provided by either wingss.c or sshgssc.c */
 +
 +struct ssh_gss_library;
 +
 +/*
 + * Prepare a collection of GSSAPI libraries for use in a single SSH
 + * connection. Returns a structure containing a list of libraries,
 + * with their ids (see struct ssh_gss_library below) filled in so
 + * that the client can go through them in the SSH user's preferred
 + * order.
 + *
 + * Must always return non-NULL. (Even if no libraries are available,
 + * it must return an empty structure.)
 + *
 + * The free function cleans up the structure, and its associated
 + * libraries (if any).
 + */
 +struct ssh_gss_liblist {
 +    struct ssh_gss_library *libraries;
 +    int nlibraries;
 +};
 +struct ssh_gss_liblist *ssh_gss_setup(const Config *cfg);
 +void ssh_gss_cleanup(struct ssh_gss_liblist *list);
 +
 +/*
 + * Fills in buf with a string describing the GSSAPI mechanism in
 + * use. buf->data is not dynamically allocated.
 + */
 +typedef Ssh_gss_stat (*t_ssh_gss_indicate_mech)(struct ssh_gss_library *lib,
 +						Ssh_gss_buf *buf);
 +
 +/*
 + * Converts a name such as a hostname into a GSSAPI internal form,
 + * which is placed in "out". The result should be freed by
 + * ssh_gss_release_name().
 + */
 +typedef Ssh_gss_stat (*t_ssh_gss_import_name)(struct ssh_gss_library *lib,
 +					      char *in, Ssh_gss_name *out);
 +
 +/*
 + * Frees the contents of an Ssh_gss_name structure filled in by
 + * ssh_gss_import_name().
 + */
 +typedef Ssh_gss_stat (*t_ssh_gss_release_name)(struct ssh_gss_library *lib,
 +					       Ssh_gss_name *name);
 +
 +/*
 + * The main GSSAPI security context setup function. The "out"
 + * parameter will need to be freed by ssh_gss_free_tok.
 + */
 +typedef Ssh_gss_stat (*t_ssh_gss_init_sec_context)
 +    (struct ssh_gss_library *lib,
 +     Ssh_gss_ctx *ctx, Ssh_gss_name name, int delegate,
 +     Ssh_gss_buf *in, Ssh_gss_buf *out);
 +
 +/*
 + * Frees the contents of an Ssh_gss_buf filled in by
 + * ssh_gss_init_sec_context(). Do not accidentally call this on
 + * something filled in by ssh_gss_get_mic() (which requires a
 + * different free function) or something filled in by any other
 + * way.
 + */
 +typedef Ssh_gss_stat (*t_ssh_gss_free_tok)(struct ssh_gss_library *lib,
 +					   Ssh_gss_buf *);
 +
 +/*
 + * Acquires the credentials to perform authentication in the first
 + * place. Needs to be freed by ssh_gss_release_cred().
 + */
 +typedef Ssh_gss_stat (*t_ssh_gss_acquire_cred)(struct ssh_gss_library *lib,
 +					       Ssh_gss_ctx *);
 +
 +/*
 + * Frees the contents of an Ssh_gss_ctx filled in by
 + * ssh_gss_acquire_cred().
 + */
 +typedef Ssh_gss_stat (*t_ssh_gss_release_cred)(struct ssh_gss_library *lib,
 +					       Ssh_gss_ctx *);
 +
 +/*
 + * Gets a MIC for some input data. "out" needs to be freed by
 + * ssh_gss_free_mic().
 + */
 +typedef Ssh_gss_stat (*t_ssh_gss_get_mic)(struct ssh_gss_library *lib,
 +					  Ssh_gss_ctx ctx, Ssh_gss_buf *in,
 +                 Ssh_gss_buf *out);
 +
 +/*
 + * Frees the contents of an Ssh_gss_buf filled in by
 + * ssh_gss_get_mic(). Do not accidentally call this on something
 + * filled in by ssh_gss_init_sec_context() (which requires a
 + * different free function) or something filled in by any other
 + * way.
 + */
 +typedef Ssh_gss_stat (*t_ssh_gss_free_mic)(struct ssh_gss_library *lib,
 +					   Ssh_gss_buf *);
 +
 +/*
 + * Return an error message after authentication failed. The
 + * message string is returned in "buf", with buf->len giving the
 + * number of characters of printable message text and buf->data
 + * containing one more character which is a trailing NUL.
 + * buf->data should be manually freed by the caller. 
 + */
 +typedef Ssh_gss_stat (*t_ssh_gss_display_status)(struct ssh_gss_library *lib,
 +						 Ssh_gss_ctx, Ssh_gss_buf *buf);
 +
 +struct ssh_gss_library {
 +    /*
 +     * Identifying number in the enumeration used by the
 +     * configuration code to specify a preference order.
 +     */
 +    int id;
 +
 +    /*
 +     * Filled in at initialisation time, if there's anything
 +     * interesting to say about how GSSAPI was initialised (e.g.
 +     * which of a number of alternative libraries was used).
 +     */
 +    const char *gsslogmsg;
 +
 +    /*
 +     * Function pointers implementing the SSH wrapper layer on top
 +     * of GSSAPI. (Defined in sshgssc, typically, though Windows
 +     * provides an alternative layer to sit on top of the annoyingly
 +     * different SSPI.)
 +     */
 +    t_ssh_gss_indicate_mech indicate_mech;
 +    t_ssh_gss_import_name import_name;
 +    t_ssh_gss_release_name release_name;
 +    t_ssh_gss_init_sec_context init_sec_context;
 +    t_ssh_gss_free_tok free_tok;
 +    t_ssh_gss_acquire_cred acquire_cred;
 +    t_ssh_gss_release_cred release_cred;
 +    t_ssh_gss_get_mic get_mic;
 +    t_ssh_gss_free_mic free_mic;
 +    t_ssh_gss_display_status display_status;
 +
 +    /*
 +     * Additional data for the wrapper layers.
 +     */
 +    union {
 +	struct gssapi_functions gssapi;
 +	/*
 +	 * The SSPI wrappers don't need to store their Windows API
 +	 * function pointers in this structure, because there can't
 +	 * be more than one set of them available.
 +	 */
 +    } u;
 +
 +    /*
 +     * Wrapper layers will often also need to store a library handle
 +     * of some sort for cleanup time.
 +     */
 +    void *handle;
 +};
 +
 +#endif /* NO_GSSAPI */
 +
 +#endif /*PUTTY_SSHGSS_H*/
 diff --git a/tools/plink/sshrand.c b/tools/plink/sshrand.c index 57ccc1393..91d9b3772 100644 --- a/tools/plink/sshrand.c +++ b/tools/plink/sshrand.c @@ -4,6 +4,7 @@  #include "putty.h"
  #include "ssh.h"
 +#include <assert.h>
  /* Collect environmental noise every 5 minutes */
  #define NOISE_REGULAR_INTERVAL (5*60*TICKSPERSEC)
 @@ -225,6 +226,10 @@ void random_ref(void)  void random_unref(void)
  {
      random_active--;
 +    assert(random_active >= 0);
 +    if (random_active) return;
 +
 +    expire_timer_context(&pool);
  }
  int random_byte(void)
 diff --git a/tools/plink/sshsh512.c b/tools/plink/sshsh512.c index c025ffd17..bdb126fcf 100644 --- a/tools/plink/sshsh512.c +++ b/tools/plink/sshsh512.c @@ -13,14 +13,14 @@   * overlap destination with one source, but the others can't.
   */
  #define add(r,x,y) ( r.lo = y.lo + x.lo, \
 -		     r.hi = y.hi + x.hi + (r.lo < y.lo) )
 -#define rorB(r,x,y) ( r.lo = (x.hi >> ((y)-32)) | (x.lo << (64-(y))), \
 -		      r.hi = (x.lo >> ((y)-32)) | (x.hi << (64-(y))) )
 -#define rorL(r,x,y) ( r.lo = (x.lo >> (y)) | (x.hi << (32-(y))), \
 -		      r.hi = (x.hi >> (y)) | (x.lo << (32-(y))) )
 -#define shrB(r,x,y) ( r.lo = x.hi >> ((y)-32), r.hi = 0 )
 -#define shrL(r,x,y) ( r.lo = (x.lo >> (y)) | (x.hi << (32-(y))), \
 -		      r.hi = x.hi >> (y) )
 +		     r.hi = y.hi + x.hi + ((uint32)r.lo < (uint32)y.lo) )
 +#define rorB(r,x,y) ( r.lo = ((uint32)x.hi >> ((y)-32)) | ((uint32)x.lo << (64-(y))), \
 +		      r.hi = ((uint32)x.lo >> ((y)-32)) | ((uint32)x.hi << (64-(y))) )
 +#define rorL(r,x,y) ( r.lo = ((uint32)x.lo >> (y)) | ((uint32)x.hi << (32-(y))), \
 +		      r.hi = ((uint32)x.hi >> (y)) | ((uint32)x.lo << (32-(y))) )
 +#define shrB(r,x,y) ( r.lo = (uint32)x.hi >> ((y)-32), r.hi = 0 )
 +#define shrL(r,x,y) ( r.lo = ((uint32)x.lo >> (y)) | ((uint32)x.hi << (32-(y))), \
 +		      r.hi = (uint32)x.hi >> (y) )
  #define and(r,x,y) ( r.lo = x.lo & y.lo, r.hi = x.hi & y.hi )
  #define xor(r,x,y) ( r.lo = x.lo ^ y.lo, r.hi = x.hi ^ y.hi )
  #define not(r,x) ( r.lo = ~x.lo, r.hi = ~x.hi )
 diff --git a/tools/plink/version.c b/tools/plink/version.c index c0d28b884..483495771 100644 --- a/tools/plink/version.c +++ b/tools/plink/version.c @@ -5,6 +5,8 @@  #define STR1(x) #x
  #define STR(x) STR1(x)
 +#define SVN_REV 9025
 +
  #if defined SNAPSHOT
  #if defined SVN_REV
 @@ -25,7 +27,7 @@ char sshver[] = "PuTTY-Release-" STR(RELEASE);  #elif defined SVN_REV
 -char ver[] = "Custom build r" STR(SVN_REV);
 +char ver[] = "Custom build r" STR(SVN_REV) ", " __DATE__ " " __TIME__;
  char sshver[] = "PuTTY-Custom-r" STR(SVN_REV);
  #else
 diff --git a/tools/plink/wingss.c b/tools/plink/wingss.c index 742106e88..4efad5d58 100644 --- a/tools/plink/wingss.c +++ b/tools/plink/wingss.c @@ -1,322 +1,478 @@ -#ifndef NO_GSSAPI - -#include "putty.h" - -#define SECURITY_WIN32 -#include <security.h> - -#include "sshgss.h" -#include "misc.h" - -#define NOTHING -#define DECL_SSPI_FUNCTION(linkage, rettype, name, params)	\ -  typedef rettype (WINAPI *t_##name) params;			\ -  linkage t_##name p_##name -#define GET_SSPI_FUNCTION(module, name)					\ -  p_##name = module ? (t_##name) GetProcAddress(module, #name) : NULL - -DECL_SSPI_FUNCTION(static, SECURITY_STATUS, -		   AcquireCredentialsHandleA, -		   (SEC_CHAR *, SEC_CHAR *, ULONG, PLUID, -		    PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp)); -DECL_SSPI_FUNCTION(static, SECURITY_STATUS, -		   InitializeSecurityContextA, -		   (PCredHandle, PCtxtHandle, SEC_CHAR *, ULONG, ULONG, -		   ULONG, PSecBufferDesc, ULONG, PCtxtHandle, -		    PSecBufferDesc, PULONG, PTimeStamp)); -DECL_SSPI_FUNCTION(static, SECURITY_STATUS, -		   FreeContextBuffer, -		   (PVOID)); -DECL_SSPI_FUNCTION(static, SECURITY_STATUS, -		   FreeCredentialsHandle, -		   (PCredHandle)); -DECL_SSPI_FUNCTION(static, SECURITY_STATUS, -		   DeleteSecurityContext, -		   (PCtxtHandle)); -DECL_SSPI_FUNCTION(static, SECURITY_STATUS, -		   QueryContextAttributesA, -		   (PCtxtHandle, ULONG, PVOID)); -DECL_SSPI_FUNCTION(static, SECURITY_STATUS, -		   MakeSignature, -		   (PCtxtHandle, ULONG, PSecBufferDesc, ULONG)); - -static HMODULE security_module = NULL; - -typedef struct winSsh_gss_ctx { -    unsigned long maj_stat; -    unsigned long min_stat; -    CredHandle cred_handle; -    CtxtHandle context; -    PCtxtHandle context_handle; -    TimeStamp expiry; -} winSsh_gss_ctx; - - -const Ssh_gss_buf gss_mech_krb5={9,"\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"}; - -int ssh_gss_init(void) -{ -    if (security_module) -	return 1;		       /* already initialised */ - -    security_module = LoadLibrary("secur32.dll"); -    if (security_module) { -	GET_SSPI_FUNCTION(security_module, AcquireCredentialsHandleA); -	GET_SSPI_FUNCTION(security_module, InitializeSecurityContextA); -	GET_SSPI_FUNCTION(security_module, FreeContextBuffer); -	GET_SSPI_FUNCTION(security_module, FreeCredentialsHandle); -	GET_SSPI_FUNCTION(security_module, DeleteSecurityContext); -	GET_SSPI_FUNCTION(security_module, QueryContextAttributesA); -	GET_SSPI_FUNCTION(security_module, MakeSignature); -	return 1; -    } -    return 0; -} - -Ssh_gss_stat ssh_gss_indicate_mech(Ssh_gss_buf *mech) -{ -    *mech = gss_mech_krb5; -    return SSH_GSS_OK; -} - - -Ssh_gss_stat ssh_gss_import_name(char *host, Ssh_gss_name *srv_name) -{ -    char *pStr; - -    /* Check hostname */ -    if (host == NULL) return SSH_GSS_FAILURE; -     -    /* copy it into form host/FQDN */ -    pStr = dupcat("host/", host, NULL); - -    *srv_name = (Ssh_gss_name) pStr; - -    return SSH_GSS_OK; -} - -Ssh_gss_stat ssh_gss_acquire_cred(Ssh_gss_ctx *ctx) -{ -    winSsh_gss_ctx *winctx = snew(winSsh_gss_ctx); -    memset(winctx, 0, sizeof(winSsh_gss_ctx)); - -    /* prepare our "wrapper" structure */ -    winctx->maj_stat =  winctx->min_stat = SEC_E_OK; -    winctx->context_handle = NULL; - -    /* Specifying no principal name here means use the credentials of -       the current logged-in user */ - -    winctx->maj_stat = p_AcquireCredentialsHandleA(NULL, -						   "Kerberos", -						   SECPKG_CRED_OUTBOUND, -						   NULL, -						   NULL, -						   NULL, -						   NULL, -						   &winctx->cred_handle, -						   &winctx->expiry); - -    if (winctx->maj_stat != SEC_E_OK) return SSH_GSS_FAILURE; -     -    *ctx = (Ssh_gss_ctx) winctx; -    return SSH_GSS_OK; -} - - -Ssh_gss_stat ssh_gss_init_sec_context(Ssh_gss_ctx *ctx, -				      Ssh_gss_name srv_name, -				      int to_deleg, -				      Ssh_gss_buf *recv_tok, -				      Ssh_gss_buf *send_tok) -{ -    winSsh_gss_ctx *winctx = (winSsh_gss_ctx *) *ctx; -    SecBuffer wsend_tok = {send_tok->length,SECBUFFER_TOKEN,send_tok->value}; -    SecBuffer wrecv_tok = {recv_tok->length,SECBUFFER_TOKEN,recv_tok->value}; -    SecBufferDesc output_desc={SECBUFFER_VERSION,1,&wsend_tok}; -    SecBufferDesc input_desc ={SECBUFFER_VERSION,1,&wrecv_tok}; -    unsigned long flags=ISC_REQ_MUTUAL_AUTH|ISC_REQ_REPLAY_DETECT| -	ISC_REQ_CONFIDENTIALITY|ISC_REQ_ALLOCATE_MEMORY; -    unsigned long ret_flags=0; -     -    /* check if we have to delegate ... */ -    if (to_deleg) flags |= ISC_REQ_DELEGATE; -    winctx->maj_stat = p_InitializeSecurityContextA(&winctx->cred_handle, -						    winctx->context_handle, -						    (char*) srv_name, -						    flags, -						    0,          /* reserved */ -						    SECURITY_NATIVE_DREP, -						    &input_desc, -						    0,          /* reserved */ -						    &winctx->context, -						    &output_desc, -						    &ret_flags, -						    &winctx->expiry); -   -    /* prepare for the next round */ -    winctx->context_handle = &winctx->context; -    send_tok->value = wsend_tok.pvBuffer; -    send_tok->length = wsend_tok.cbBuffer; -   -    /* check & return our status */ -    if (winctx->maj_stat==SEC_E_OK) return SSH_GSS_S_COMPLETE; -    if (winctx->maj_stat==SEC_I_CONTINUE_NEEDED) return SSH_GSS_S_CONTINUE_NEEDED; -     -    return SSH_GSS_FAILURE; -} - -Ssh_gss_stat ssh_gss_free_tok(Ssh_gss_buf *send_tok) -{ -    /* check input */ -    if (send_tok == NULL) return SSH_GSS_FAILURE; - -    /* free Windows buffer */ -    p_FreeContextBuffer(send_tok->value); -    SSH_GSS_CLEAR_BUF(send_tok); -     -    return SSH_GSS_OK; -} - -Ssh_gss_stat ssh_gss_release_cred(Ssh_gss_ctx *ctx) -{ -    winSsh_gss_ctx *winctx= (winSsh_gss_ctx *) *ctx; - -    /* check input */ -    if (winctx == NULL) return SSH_GSS_FAILURE; - -    /* free Windows data */ -    p_FreeCredentialsHandle(&winctx->cred_handle); -    p_DeleteSecurityContext(&winctx->context); - -    /* delete our "wrapper" structure */ -    sfree(winctx); -    *ctx = (Ssh_gss_ctx) NULL; - -    return SSH_GSS_OK; -} - - -Ssh_gss_stat ssh_gss_release_name(Ssh_gss_name *srv_name) -{ -    char *pStr= (char *) *srv_name; - -    if (pStr == NULL) return SSH_GSS_FAILURE; -    sfree(pStr); -    *srv_name = (Ssh_gss_name) NULL; - -    return SSH_GSS_OK; -} - -Ssh_gss_stat ssh_gss_display_status(Ssh_gss_ctx ctx, Ssh_gss_buf *buf) -{ -    winSsh_gss_ctx *winctx = (winSsh_gss_ctx *) ctx; -    char *msg; - -    if (winctx == NULL) return SSH_GSS_FAILURE; - -    /* decode the error code */ -    switch (winctx->maj_stat) { -      case SEC_E_OK: msg="SSPI status OK"; break; -      case SEC_E_INVALID_HANDLE: msg="The handle passed to the function" -	    " is invalid."; -	break; -      case SEC_E_TARGET_UNKNOWN: msg="The target was not recognized."; break; -      case SEC_E_LOGON_DENIED: msg="The logon failed."; break; -      case SEC_E_INTERNAL_ERROR: msg="The Local Security Authority cannot" -	    " be contacted."; -	break; -      case SEC_E_NO_CREDENTIALS: msg="No credentials are available in the" -	    " security package."; -	break; -      case SEC_E_NO_AUTHENTICATING_AUTHORITY: -	msg="No authority could be contacted for authentication." -	    "The domain name of the authenticating party could be wrong," -	    " the domain could be unreachable, or there might have been" -	    " a trust relationship failure."; -	break; -      case SEC_E_INSUFFICIENT_MEMORY: -	msg="One or more of the SecBufferDesc structures passed as" -	    " an OUT parameter has a buffer that is too small."; -	break; -      case SEC_E_INVALID_TOKEN: -	msg="The error is due to a malformed input token, such as a" -	    " token corrupted in transit, a token" -	    " of incorrect size, or a token passed into the wrong" -	    " security package. Passing a token to" -	    " the wrong package can happen if client and server did not" -	    " negotiate the proper security package."; -	break; -      default: -	msg = "Internal SSPI error"; -	break; -    } - -    buf->value = dupstr(msg); -    buf->length = strlen(buf->value); -     -    return SSH_GSS_OK; -} - -Ssh_gss_stat ssh_gss_get_mic(Ssh_gss_ctx ctx, Ssh_gss_buf *buf, -			     Ssh_gss_buf *hash) -{ -    winSsh_gss_ctx *winctx= (winSsh_gss_ctx *) ctx; -    SecPkgContext_Sizes ContextSizes; -    SecBufferDesc InputBufferDescriptor; -    SecBuffer InputSecurityToken[2]; - -    if (winctx == NULL) return SSH_GSS_FAILURE; -   -    winctx->maj_stat = 0; - -    memset(&ContextSizes, 0, sizeof(ContextSizes)); - -    winctx->maj_stat = p_QueryContextAttributesA(&winctx->context, -						 SECPKG_ATTR_SIZES, -						 &ContextSizes); -     -    if (winctx->maj_stat != SEC_E_OK || -	ContextSizes.cbMaxSignature == 0) -	return winctx->maj_stat; - -    InputBufferDescriptor.cBuffers = 2; -    InputBufferDescriptor.pBuffers = InputSecurityToken; -    InputBufferDescriptor.ulVersion = SECBUFFER_VERSION; -    InputSecurityToken[0].BufferType = SECBUFFER_DATA; -    InputSecurityToken[0].cbBuffer = buf->length; -    InputSecurityToken[0].pvBuffer = buf->value; -    InputSecurityToken[1].BufferType = SECBUFFER_TOKEN; -    InputSecurityToken[1].cbBuffer = ContextSizes.cbMaxSignature; -    InputSecurityToken[1].pvBuffer = snewn(ContextSizes.cbMaxSignature, char); - -    winctx->maj_stat = p_MakeSignature(&winctx->context, -				       0, -				       &InputBufferDescriptor, -				       0); - -    if (winctx->maj_stat == SEC_E_OK) { -	hash->length = InputSecurityToken[1].cbBuffer; -	hash->value = InputSecurityToken[1].pvBuffer; -    } - -    return winctx->maj_stat; -} - -Ssh_gss_stat ssh_gss_free_mic(Ssh_gss_buf *hash) -{ -    sfree(hash->value); -    return SSH_GSS_OK; -} - -#else - -/* Dummy function so this source file defines something if NO_GSSAPI -   is defined. */ - -int ssh_gss_init(void) -{ -    return 0; -} - -#endif +#ifndef NO_GSSAPI
 +
 +#include "putty.h"
 +
 +#include <security.h>
 +
 +#include "pgssapi.h"
 +#include "sshgss.h"
 +#include "sshgssc.h"
 +
 +#include "misc.h"
 +
 +/* Windows code to set up the GSSAPI library list. */
 +
 +const int ngsslibs = 3;
 +const char *const gsslibnames[3] = {
 +    "MIT Kerberos GSSAPI32.DLL",
 +    "Microsoft SSPI SECUR32.DLL",
 +    "User-specified GSSAPI DLL",
 +};
 +const struct keyval gsslibkeywords[] = {
 +    { "gssapi32", 0 },
 +    { "sspi", 1 },
 +    { "custom", 2 },
 +};
 +
 +DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
 +		      AcquireCredentialsHandleA,
 +		      (SEC_CHAR *, SEC_CHAR *, ULONG, PLUID,
 +		       PVOID, SEC_GET_KEY_FN, PVOID, PCredHandle, PTimeStamp));
 +DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
 +		      InitializeSecurityContextA,
 +		      (PCredHandle, PCtxtHandle, SEC_CHAR *, ULONG, ULONG,
 +		       ULONG, PSecBufferDesc, ULONG, PCtxtHandle,
 +		       PSecBufferDesc, PULONG, PTimeStamp));
 +DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
 +		      FreeContextBuffer,
 +		      (PVOID));
 +DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
 +		      FreeCredentialsHandle,
 +		      (PCredHandle));
 +DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
 +		      DeleteSecurityContext,
 +		      (PCtxtHandle));
 +DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
 +		      QueryContextAttributesA,
 +		      (PCtxtHandle, ULONG, PVOID));
 +DECL_WINDOWS_FUNCTION(static, SECURITY_STATUS,
 +		      MakeSignature,
 +		      (PCtxtHandle, ULONG, PSecBufferDesc, ULONG));
 +
 +typedef struct winSsh_gss_ctx {
 +    unsigned long maj_stat;
 +    unsigned long min_stat;
 +    CredHandle cred_handle;
 +    CtxtHandle context;
 +    PCtxtHandle context_handle;
 +    TimeStamp expiry;
 +} winSsh_gss_ctx;
 +
 +
 +const Ssh_gss_buf gss_mech_krb5={9,"\x2A\x86\x48\x86\xF7\x12\x01\x02\x02"};
 +
 +const char *gsslogmsg = NULL;
 +
 +static void ssh_sspi_bind_fns(struct ssh_gss_library *lib);
 +
 +struct ssh_gss_liblist *ssh_gss_setup(const Config *cfg)
 +{
 +    HMODULE module;
 +    HKEY regkey;
 +    struct ssh_gss_liblist *list = snew(struct ssh_gss_liblist);
 +
 +    list->libraries = snewn(3, struct ssh_gss_library);
 +    list->nlibraries = 0;
 +
 +    /* MIT Kerberos GSSAPI implementation */
 +    /* TODO: For 64-bit builds, check for gssapi64.dll */
 +    module = NULL;
 +    if (RegOpenKey(HKEY_LOCAL_MACHINE, "SOFTWARE\\MIT\\Kerberos", ®key)
 +	== ERROR_SUCCESS) {
 +	DWORD type, size;
 +	LONG ret;
 +	char *buffer;
 +
 +	/* Find out the string length */
 +        ret = RegQueryValueEx(regkey, "InstallDir", NULL, &type, NULL, &size);
 +
 +	if (ret == ERROR_SUCCESS && type == REG_SZ) {
 +	    buffer = snewn(size + 20, char);
 +	    ret = RegQueryValueEx(regkey, "InstallDir", NULL,
 +				  &type, buffer, &size);
 +	    if (ret == ERROR_SUCCESS && type == REG_SZ) {
 +		strcat(buffer, "\\bin\\gssapi32.dll");
 +		module = LoadLibrary(buffer);
 +	    }
 +	    sfree(buffer);
 +	}
 +	RegCloseKey(regkey);
 +    }
 +    if (module) {
 +	struct ssh_gss_library *lib =
 +	    &list->libraries[list->nlibraries++];
 +
 +	lib->id = 0;
 +	lib->gsslogmsg = "Using GSSAPI from GSSAPI32.DLL";
 +	lib->handle = (void *)module;
 +
 +#define BIND_GSS_FN(name) \
 +    lib->u.gssapi.name = (t_gss_##name) GetProcAddress(module, "gss_" #name)
 +
 +        BIND_GSS_FN(delete_sec_context);
 +        BIND_GSS_FN(display_status);
 +        BIND_GSS_FN(get_mic);
 +        BIND_GSS_FN(import_name);
 +        BIND_GSS_FN(init_sec_context);
 +        BIND_GSS_FN(release_buffer);
 +        BIND_GSS_FN(release_cred);
 +        BIND_GSS_FN(release_name);
 +
 +#undef BIND_GSS_FN
 +
 +        ssh_gssapi_bind_fns(lib);
 +    }
 +
 +    /* Microsoft SSPI Implementation */
 +    module = load_system32_dll("secur32.dll");
 +    if (module) {
 +	struct ssh_gss_library *lib =
 +	    &list->libraries[list->nlibraries++];
 +
 +	lib->id = 1;
 +	lib->gsslogmsg = "Using SSPI from SECUR32.DLL";
 +	lib->handle = (void *)module;
 +
 +	GET_WINDOWS_FUNCTION(module, AcquireCredentialsHandleA);
 +	GET_WINDOWS_FUNCTION(module, InitializeSecurityContextA);
 +	GET_WINDOWS_FUNCTION(module, FreeContextBuffer);
 +	GET_WINDOWS_FUNCTION(module, FreeCredentialsHandle);
 +	GET_WINDOWS_FUNCTION(module, DeleteSecurityContext);
 +	GET_WINDOWS_FUNCTION(module, QueryContextAttributesA);
 +	GET_WINDOWS_FUNCTION(module, MakeSignature);
 +
 +	ssh_sspi_bind_fns(lib);
 +    }
 +
 +    /*
 +     * Custom GSSAPI DLL.
 +     */
 +    module = NULL;
 +    if (cfg->ssh_gss_custom.path[0]) {
 +	module = LoadLibrary(cfg->ssh_gss_custom.path);
 +    }
 +    if (module) {
 +	struct ssh_gss_library *lib =
 +	    &list->libraries[list->nlibraries++];
 +
 +	lib->id = 2;
 +	lib->gsslogmsg = dupprintf("Using GSSAPI from user-specified"
 +				   " library '%s'", cfg->ssh_gss_custom.path);
 +	lib->handle = (void *)module;
 +
 +#define BIND_GSS_FN(name) \
 +    lib->u.gssapi.name = (t_gss_##name) GetProcAddress(module, "gss_" #name)
 +
 +        BIND_GSS_FN(delete_sec_context);
 +        BIND_GSS_FN(display_status);
 +        BIND_GSS_FN(get_mic);
 +        BIND_GSS_FN(import_name);
 +        BIND_GSS_FN(init_sec_context);
 +        BIND_GSS_FN(release_buffer);
 +        BIND_GSS_FN(release_cred);
 +        BIND_GSS_FN(release_name);
 +
 +#undef BIND_GSS_FN
 +
 +        ssh_gssapi_bind_fns(lib);
 +    }
 +
 +
 +    return list;
 +}
 +
 +void ssh_gss_cleanup(struct ssh_gss_liblist *list)
 +{
 +    int i;
 +
 +    /*
 +     * LoadLibrary and FreeLibrary are defined to employ reference
 +     * counting in the case where the same library is repeatedly
 +     * loaded, so even in a multiple-sessions-per-process context
 +     * (not that we currently expect ever to have such a thing on
 +     * Windows) it's safe to naively FreeLibrary everything here
 +     * without worrying about destroying it under the feet of
 +     * another SSH instance still using it.
 +     */
 +    for (i = 0; i < list->nlibraries; i++) {
 +	FreeLibrary((HMODULE)list->libraries[i].handle);
 +	if (list->libraries[i].id == 2) {
 +	    /* The 'custom' id involves a dynamically allocated message.
 +	     * Note that we must cast away the 'const' to free it. */
 +	    sfree((char *)list->libraries[i].gsslogmsg);
 +	}
 +    }
 +    sfree(list->libraries);
 +    sfree(list);
 +}
 +
 +static Ssh_gss_stat ssh_sspi_indicate_mech(struct ssh_gss_library *lib,
 +					   Ssh_gss_buf *mech)
 +{
 +    *mech = gss_mech_krb5;
 +    return SSH_GSS_OK;
 +}
 +
 +
 +static Ssh_gss_stat ssh_sspi_import_name(struct ssh_gss_library *lib,
 +					 char *host, Ssh_gss_name *srv_name)
 +{
 +    char *pStr;
 +
 +    /* Check hostname */
 +    if (host == NULL) return SSH_GSS_FAILURE;
 +    
 +    /* copy it into form host/FQDN */
 +    pStr = dupcat("host/", host, NULL);
 +
 +    *srv_name = (Ssh_gss_name) pStr;
 +
 +    return SSH_GSS_OK;
 +}
 +
 +static Ssh_gss_stat ssh_sspi_acquire_cred(struct ssh_gss_library *lib,
 +					  Ssh_gss_ctx *ctx)
 +{
 +    winSsh_gss_ctx *winctx = snew(winSsh_gss_ctx);
 +    memset(winctx, 0, sizeof(winSsh_gss_ctx));
 +
 +    /* prepare our "wrapper" structure */
 +    winctx->maj_stat =  winctx->min_stat = SEC_E_OK;
 +    winctx->context_handle = NULL;
 +
 +    /* Specifying no principal name here means use the credentials of
 +       the current logged-in user */
 +
 +    winctx->maj_stat = p_AcquireCredentialsHandleA(NULL,
 +						   "Kerberos",
 +						   SECPKG_CRED_OUTBOUND,
 +						   NULL,
 +						   NULL,
 +						   NULL,
 +						   NULL,
 +						   &winctx->cred_handle,
 +						   &winctx->expiry);
 +
 +    if (winctx->maj_stat != SEC_E_OK) return SSH_GSS_FAILURE;
 +    
 +    *ctx = (Ssh_gss_ctx) winctx;
 +    return SSH_GSS_OK;
 +}
 +
 +
 +static Ssh_gss_stat ssh_sspi_init_sec_context(struct ssh_gss_library *lib,
 +					      Ssh_gss_ctx *ctx,
 +					      Ssh_gss_name srv_name,
 +					      int to_deleg,
 +					      Ssh_gss_buf *recv_tok,
 +					      Ssh_gss_buf *send_tok)
 +{
 +    winSsh_gss_ctx *winctx = (winSsh_gss_ctx *) *ctx;
 +    SecBuffer wsend_tok = {send_tok->length,SECBUFFER_TOKEN,send_tok->value};
 +    SecBuffer wrecv_tok = {recv_tok->length,SECBUFFER_TOKEN,recv_tok->value};
 +    SecBufferDesc output_desc={SECBUFFER_VERSION,1,&wsend_tok};
 +    SecBufferDesc input_desc ={SECBUFFER_VERSION,1,&wrecv_tok};
 +    unsigned long flags=ISC_REQ_MUTUAL_AUTH|ISC_REQ_REPLAY_DETECT|
 +	ISC_REQ_CONFIDENTIALITY|ISC_REQ_ALLOCATE_MEMORY;
 +    unsigned long ret_flags=0;
 +    
 +    /* check if we have to delegate ... */
 +    if (to_deleg) flags |= ISC_REQ_DELEGATE;
 +    winctx->maj_stat = p_InitializeSecurityContextA(&winctx->cred_handle,
 +						    winctx->context_handle,
 +						    (char*) srv_name,
 +						    flags,
 +						    0,          /* reserved */
 +						    SECURITY_NATIVE_DREP,
 +						    &input_desc,
 +						    0,          /* reserved */
 +						    &winctx->context,
 +						    &output_desc,
 +						    &ret_flags,
 +						    &winctx->expiry);
 +  
 +    /* prepare for the next round */
 +    winctx->context_handle = &winctx->context;
 +    send_tok->value = wsend_tok.pvBuffer;
 +    send_tok->length = wsend_tok.cbBuffer;
 +  
 +    /* check & return our status */
 +    if (winctx->maj_stat==SEC_E_OK) return SSH_GSS_S_COMPLETE;
 +    if (winctx->maj_stat==SEC_I_CONTINUE_NEEDED) return SSH_GSS_S_CONTINUE_NEEDED;
 +    
 +    return SSH_GSS_FAILURE;
 +}
 +
 +static Ssh_gss_stat ssh_sspi_free_tok(struct ssh_gss_library *lib,
 +				      Ssh_gss_buf *send_tok)
 +{
 +    /* check input */
 +    if (send_tok == NULL) return SSH_GSS_FAILURE;
 +
 +    /* free Windows buffer */
 +    p_FreeContextBuffer(send_tok->value);
 +    SSH_GSS_CLEAR_BUF(send_tok);
 +    
 +    return SSH_GSS_OK;
 +}
 +
 +static Ssh_gss_stat ssh_sspi_release_cred(struct ssh_gss_library *lib,
 +					  Ssh_gss_ctx *ctx)
 +{
 +    winSsh_gss_ctx *winctx= (winSsh_gss_ctx *) *ctx;
 +
 +    /* check input */
 +    if (winctx == NULL) return SSH_GSS_FAILURE;
 +
 +    /* free Windows data */
 +    p_FreeCredentialsHandle(&winctx->cred_handle);
 +    p_DeleteSecurityContext(&winctx->context);
 +
 +    /* delete our "wrapper" structure */
 +    sfree(winctx);
 +    *ctx = (Ssh_gss_ctx) NULL;
 +
 +    return SSH_GSS_OK;
 +}
 +
 +
 +static Ssh_gss_stat ssh_sspi_release_name(struct ssh_gss_library *lib,
 +					  Ssh_gss_name *srv_name)
 +{
 +    char *pStr= (char *) *srv_name;
 +
 +    if (pStr == NULL) return SSH_GSS_FAILURE;
 +    sfree(pStr);
 +    *srv_name = (Ssh_gss_name) NULL;
 +
 +    return SSH_GSS_OK;
 +}
 +
 +static Ssh_gss_stat ssh_sspi_display_status(struct ssh_gss_library *lib,
 +					    Ssh_gss_ctx ctx, Ssh_gss_buf *buf)
 +{
 +    winSsh_gss_ctx *winctx = (winSsh_gss_ctx *) ctx;
 +    char *msg;
 +
 +    if (winctx == NULL) return SSH_GSS_FAILURE;
 +
 +    /* decode the error code */
 +    switch (winctx->maj_stat) {
 +      case SEC_E_OK: msg="SSPI status OK"; break;
 +      case SEC_E_INVALID_HANDLE: msg="The handle passed to the function"
 +	    " is invalid.";
 +	break;
 +      case SEC_E_TARGET_UNKNOWN: msg="The target was not recognized."; break;
 +      case SEC_E_LOGON_DENIED: msg="The logon failed."; break;
 +      case SEC_E_INTERNAL_ERROR: msg="The Local Security Authority cannot"
 +	    " be contacted.";
 +	break;
 +      case SEC_E_NO_CREDENTIALS: msg="No credentials are available in the"
 +	    " security package.";
 +	break;
 +      case SEC_E_NO_AUTHENTICATING_AUTHORITY:
 +	msg="No authority could be contacted for authentication."
 +	    "The domain name of the authenticating party could be wrong,"
 +	    " the domain could be unreachable, or there might have been"
 +	    " a trust relationship failure.";
 +	break;
 +      case SEC_E_INSUFFICIENT_MEMORY:
 +	msg="One or more of the SecBufferDesc structures passed as"
 +	    " an OUT parameter has a buffer that is too small.";
 +	break;
 +      case SEC_E_INVALID_TOKEN:
 +	msg="The error is due to a malformed input token, such as a"
 +	    " token corrupted in transit, a token"
 +	    " of incorrect size, or a token passed into the wrong"
 +	    " security package. Passing a token to"
 +	    " the wrong package can happen if client and server did not"
 +	    " negotiate the proper security package.";
 +	break;
 +      default:
 +	msg = "Internal SSPI error";
 +	break;
 +    }
 +
 +    buf->value = dupstr(msg);
 +    buf->length = strlen(buf->value);
 +    
 +    return SSH_GSS_OK;
 +}
 +
 +static Ssh_gss_stat ssh_sspi_get_mic(struct ssh_gss_library *lib,
 +				     Ssh_gss_ctx ctx, Ssh_gss_buf *buf,
 +				     Ssh_gss_buf *hash)
 +{
 +    winSsh_gss_ctx *winctx= (winSsh_gss_ctx *) ctx;
 +    SecPkgContext_Sizes ContextSizes;
 +    SecBufferDesc InputBufferDescriptor;
 +    SecBuffer InputSecurityToken[2];
 +
 +    if (winctx == NULL) return SSH_GSS_FAILURE;
 +  
 +    winctx->maj_stat = 0;
 +
 +    memset(&ContextSizes, 0, sizeof(ContextSizes));
 +
 +    winctx->maj_stat = p_QueryContextAttributesA(&winctx->context,
 +						 SECPKG_ATTR_SIZES,
 +						 &ContextSizes);
 +    
 +    if (winctx->maj_stat != SEC_E_OK ||
 +	ContextSizes.cbMaxSignature == 0)
 +	return winctx->maj_stat;
 +
 +    InputBufferDescriptor.cBuffers = 2;
 +    InputBufferDescriptor.pBuffers = InputSecurityToken;
 +    InputBufferDescriptor.ulVersion = SECBUFFER_VERSION;
 +    InputSecurityToken[0].BufferType = SECBUFFER_DATA;
 +    InputSecurityToken[0].cbBuffer = buf->length;
 +    InputSecurityToken[0].pvBuffer = buf->value;
 +    InputSecurityToken[1].BufferType = SECBUFFER_TOKEN;
 +    InputSecurityToken[1].cbBuffer = ContextSizes.cbMaxSignature;
 +    InputSecurityToken[1].pvBuffer = snewn(ContextSizes.cbMaxSignature, char);
 +
 +    winctx->maj_stat = p_MakeSignature(&winctx->context,
 +				       0,
 +				       &InputBufferDescriptor,
 +				       0);
 +
 +    if (winctx->maj_stat == SEC_E_OK) {
 +	hash->length = InputSecurityToken[1].cbBuffer;
 +	hash->value = InputSecurityToken[1].pvBuffer;
 +    }
 +
 +    return winctx->maj_stat;
 +}
 +
 +static Ssh_gss_stat ssh_sspi_free_mic(struct ssh_gss_library *lib,
 +				      Ssh_gss_buf *hash)
 +{
 +    sfree(hash->value);
 +    return SSH_GSS_OK;
 +}
 +
 +static void ssh_sspi_bind_fns(struct ssh_gss_library *lib)
 +{
 +    lib->indicate_mech = ssh_sspi_indicate_mech;
 +    lib->import_name = ssh_sspi_import_name;
 +    lib->release_name = ssh_sspi_release_name;
 +    lib->init_sec_context = ssh_sspi_init_sec_context;
 +    lib->free_tok = ssh_sspi_free_tok;
 +    lib->acquire_cred = ssh_sspi_acquire_cred;
 +    lib->release_cred = ssh_sspi_release_cred;
 +    lib->get_mic = ssh_sspi_get_mic;
 +    lib->free_mic = ssh_sspi_free_mic;
 +    lib->display_status = ssh_sspi_display_status;
 +}
 +
 +#else
 +
 +/* Dummy function so this source file defines something if NO_GSSAPI
 +   is defined. */
 +
 +void ssh_gss_init(void)
 +{
 +}
 +
 +#endif
 diff --git a/tools/plink/winhelp.h b/tools/plink/winhelp.h index 95cfaba15..9ee140fef 100644 --- a/tools/plink/winhelp.h +++ b/tools/plink/winhelp.h @@ -108,6 +108,9 @@  #define WINHELP_CTX_ssh_auth_pageant "ssh.auth.pageant:config-ssh-tryagent"
  #define WINHELP_CTX_ssh_auth_tis "ssh.auth.tis:config-ssh-tis"
  #define WINHELP_CTX_ssh_auth_ki "ssh.auth.ki:config-ssh-ki"
 +#define WINHELP_CTX_ssh_gssapi "ssh.auth.gssapi:config-ssh-auth-gssapi"
 +#define WINHELP_CTX_ssh_gssapi_delegation "ssh.auth.gssapi.delegation:config-ssh-auth-gssapi-delegation"
 +#define WINHELP_CTX_ssh_gssapi_libraries "ssh.auth.gssapi.libraries:config-ssh-auth-gssapi-libraries"
  #define WINHELP_CTX_selection_buttons "selection.buttons:config-mouse"
  #define WINHELP_CTX_selection_shiftdrag "selection.shiftdrag:config-mouseshift"
  #define WINHELP_CTX_selection_rect "selection.rect:config-rectselect"
 @@ -133,6 +136,7 @@  #define WINHELP_CTX_ssh_bugs_ignore1 "ssh.bugs.ignore1:config-ssh-bug-ignore1"
  #define WINHELP_CTX_ssh_bugs_plainpw1 "ssh.bugs.plainpw1:config-ssh-bug-plainpw1"
  #define WINHELP_CTX_ssh_bugs_rsa1 "ssh.bugs.rsa1:config-ssh-bug-rsa1"
 +#define WINHELP_CTX_ssh_bugs_ignore2 "ssh.bugs.ignore2:config-ssh-bug-ignore2"
  #define WINHELP_CTX_ssh_bugs_hmac2 "ssh.bugs.hmac2:config-ssh-bug-hmac2"
  #define WINHELP_CTX_ssh_bugs_derivekey2 "ssh.bugs.derivekey2:config-ssh-bug-derivekey2"
  #define WINHELP_CTX_ssh_bugs_rsapad2 "ssh.bugs.rsapad2:config-ssh-bug-sig"
 diff --git a/tools/plink/winmisc.c b/tools/plink/winmisc.c index 8ffbe77a1..e70e77efa 100644 --- a/tools/plink/winmisc.c +++ b/tools/plink/winmisc.c @@ -5,6 +5,7 @@  #include <stdio.h>
  #include <stdlib.h>
  #include "putty.h"
 +#include <security.h>
  OSVERSIONINFO osVersion;
 @@ -40,21 +41,61 @@ char *get_username(void)  {
      DWORD namelen;
      char *user;
 +    int got_username = FALSE;
 +    DECL_WINDOWS_FUNCTION(static, BOOLEAN, GetUserNameExA,
 +			  (EXTENDED_NAME_FORMAT, LPSTR, PULONG));
 +
 +    {
 +	static int tried_usernameex = FALSE;
 +	if (!tried_usernameex) {
 +	    /* Not available on Win9x, so load dynamically */
 +	    HMODULE secur32 = load_system32_dll("secur32.dll");
 +	    GET_WINDOWS_FUNCTION(secur32, GetUserNameExA);
 +	    tried_usernameex = TRUE;
 +	}
 +    }
 -    namelen = 0;
 -    if (GetUserName(NULL, &namelen) == FALSE) {
 +    if (p_GetUserNameExA) {
  	/*
 -	 * Apparently this doesn't work at least on Windows XP SP2.
 -	 * Thus assume a maximum of 256. It will fail again if it
 -	 * doesn't fit.
 +	 * If available, use the principal -- this avoids the problem
 +	 * that the local username is case-insensitive but Kerberos
 +	 * usernames are case-sensitive.
  	 */
 -	namelen = 256;
 +
 +	/* Get the length */
 +	namelen = 0;
 +	(void) p_GetUserNameExA(NameUserPrincipal, NULL, &namelen);
 +
 +	user = snewn(namelen, char);
 +	got_username = p_GetUserNameExA(NameUserPrincipal, user, &namelen);
 +	if (got_username) {
 +	    char *p = strchr(user, '@');
 +	    if (p) *p = 0;
 +	} else {
 +	    sfree(user);
 +	}
      }
 -    user = snewn(namelen, char);
 -    GetUserName(user, &namelen);
 +    if (!got_username) {
 +	/* Fall back to local user name */
 +	namelen = 0;
 +	if (GetUserName(NULL, &namelen) == FALSE) {
 +	    /*
 +	     * Apparently this doesn't work at least on Windows XP SP2.
 +	     * Thus assume a maximum of 256. It will fail again if it
 +	     * doesn't fit.
 +	     */
 +	    namelen = 256;
 +	}
 +
 +	user = snewn(namelen, char);
 +	got_username = GetUserName(user, &namelen);
 +	if (!got_username) {
 +	    sfree(user);
 +	}
 +    }
 -    return user;
 +    return got_username ? user : NULL;
  }
  BOOL init_winver(void)
 @@ -64,6 +105,33 @@ BOOL init_winver(void)      return GetVersionEx ( (OSVERSIONINFO *) &osVersion);
  }
 +HMODULE load_system32_dll(const char *libname)
 +{
 +    /*
 +     * Wrapper function to load a DLL out of c:\windows\system32
 +     * without going through the full DLL search path. (Hence no
 +     * attack is possible by placing a substitute DLL earlier on that
 +     * path.)
 +     */
 +    static char *sysdir = NULL;
 +    char *fullpath;
 +    HMODULE ret;
 +
 +    if (!sysdir) {
 +	int size = 0, len;
 +	do {
 +	    size = 3*size/2 + 512;
 +	    sysdir = sresize(sysdir, size, char);
 +	    len = GetSystemDirectory(sysdir, size);
 +	} while (len >= size);
 +    }
 +
 +    fullpath = dupcat(sysdir, "\\", libname, NULL);
 +    ret = LoadLibrary(fullpath);
 +    sfree(fullpath);
 +    return ret;
 +}
 +
  #ifdef DEBUG
  static FILE *debug_fp = NULL;
  static HANDLE debug_hdl = INVALID_HANDLE_VALUE;
 diff --git a/tools/plink/winnet.c b/tools/plink/winnet.c index 59f3774e0..8da79dbe7 100644 --- a/tools/plink/winnet.c +++ b/tools/plink/winnet.c @@ -144,67 +144,51 @@ static int cmpforsearch(void *av, void *bv)      return 0;
  }
 -#define NOTHING
 -#define DECL_WINSOCK_FUNCTION(linkage, rettype, name, params) \
 -    typedef rettype (WINAPI *t_##name) params; \
 -    linkage t_##name p_##name
 -#define GET_WINSOCK_FUNCTION(module, name) \
 -    p_##name = module ? (t_##name) GetProcAddress(module, #name) : NULL
 -
 -DECL_WINSOCK_FUNCTION(NOTHING, int, WSAAsyncSelect,
 -		      (SOCKET, HWND, u_int, long));
 -DECL_WINSOCK_FUNCTION(NOTHING, int, WSAEventSelect, (SOCKET, WSAEVENT, long));
 -DECL_WINSOCK_FUNCTION(NOTHING, int, select,
 -		      (int, fd_set FAR *, fd_set FAR *,
 -		       fd_set FAR *, const struct timeval FAR *));
 -DECL_WINSOCK_FUNCTION(NOTHING, int, WSAGetLastError, (void));
 -DECL_WINSOCK_FUNCTION(NOTHING, int, WSAEnumNetworkEvents,
 -		      (SOCKET, WSAEVENT, LPWSANETWORKEVENTS));
 -DECL_WINSOCK_FUNCTION(static, int, WSAStartup, (WORD, LPWSADATA));
 -DECL_WINSOCK_FUNCTION(static, int, WSACleanup, (void));
 -DECL_WINSOCK_FUNCTION(static, int, closesocket, (SOCKET));
 -DECL_WINSOCK_FUNCTION(static, u_long, ntohl, (u_long));
 -DECL_WINSOCK_FUNCTION(static, u_long, htonl, (u_long));
 -DECL_WINSOCK_FUNCTION(static, u_short, htons, (u_short));
 -DECL_WINSOCK_FUNCTION(static, u_short, ntohs, (u_short));
 -DECL_WINSOCK_FUNCTION(static, int, gethostname, (char *, int));
 -DECL_WINSOCK_FUNCTION(static, struct hostent FAR *, gethostbyname,
 +DECL_WINDOWS_FUNCTION(static, int, WSAStartup, (WORD, LPWSADATA));
 +DECL_WINDOWS_FUNCTION(static, int, WSACleanup, (void));
 +DECL_WINDOWS_FUNCTION(static, int, closesocket, (SOCKET));
 +DECL_WINDOWS_FUNCTION(static, u_long, ntohl, (u_long));
 +DECL_WINDOWS_FUNCTION(static, u_long, htonl, (u_long));
 +DECL_WINDOWS_FUNCTION(static, u_short, htons, (u_short));
 +DECL_WINDOWS_FUNCTION(static, u_short, ntohs, (u_short));
 +DECL_WINDOWS_FUNCTION(static, int, gethostname, (char *, int));
 +DECL_WINDOWS_FUNCTION(static, struct hostent FAR *, gethostbyname,
  		      (const char FAR *));
 -DECL_WINSOCK_FUNCTION(static, struct servent FAR *, getservbyname,
 +DECL_WINDOWS_FUNCTION(static, struct servent FAR *, getservbyname,
  		      (const char FAR *, const char FAR *));
 -DECL_WINSOCK_FUNCTION(static, unsigned long, inet_addr, (const char FAR *));
 -DECL_WINSOCK_FUNCTION(static, char FAR *, inet_ntoa, (struct in_addr));
 -DECL_WINSOCK_FUNCTION(static, int, connect,
 +DECL_WINDOWS_FUNCTION(static, unsigned long, inet_addr, (const char FAR *));
 +DECL_WINDOWS_FUNCTION(static, char FAR *, inet_ntoa, (struct in_addr));
 +DECL_WINDOWS_FUNCTION(static, int, connect,
  		      (SOCKET, const struct sockaddr FAR *, int));
 -DECL_WINSOCK_FUNCTION(static, int, bind,
 +DECL_WINDOWS_FUNCTION(static, int, bind,
  		      (SOCKET, const struct sockaddr FAR *, int));
 -DECL_WINSOCK_FUNCTION(static, int, setsockopt,
 +DECL_WINDOWS_FUNCTION(static, int, setsockopt,
  		      (SOCKET, int, int, const char FAR *, int));
 -DECL_WINSOCK_FUNCTION(static, SOCKET, socket, (int, int, int));
 -DECL_WINSOCK_FUNCTION(static, int, listen, (SOCKET, int));
 -DECL_WINSOCK_FUNCTION(static, int, send, (SOCKET, const char FAR *, int, int));
 -DECL_WINSOCK_FUNCTION(static, int, ioctlsocket,
 +DECL_WINDOWS_FUNCTION(static, SOCKET, socket, (int, int, int));
 +DECL_WINDOWS_FUNCTION(static, int, listen, (SOCKET, int));
 +DECL_WINDOWS_FUNCTION(static, int, send, (SOCKET, const char FAR *, int, int));
 +DECL_WINDOWS_FUNCTION(static, int, ioctlsocket,
  		      (SOCKET, long, u_long FAR *));
 -DECL_WINSOCK_FUNCTION(static, SOCKET, accept,
 +DECL_WINDOWS_FUNCTION(static, SOCKET, accept,
  		      (SOCKET, struct sockaddr FAR *, int FAR *));
 -DECL_WINSOCK_FUNCTION(static, int, recv, (SOCKET, char FAR *, int, int));
 -DECL_WINSOCK_FUNCTION(static, int, WSAIoctl,
 +DECL_WINDOWS_FUNCTION(static, int, recv, (SOCKET, char FAR *, int, int));
 +DECL_WINDOWS_FUNCTION(static, int, WSAIoctl,
  		      (SOCKET, DWORD, LPVOID, DWORD, LPVOID, DWORD,
  		       LPDWORD, LPWSAOVERLAPPED,
  		       LPWSAOVERLAPPED_COMPLETION_ROUTINE));
  #ifndef NO_IPV6
 -DECL_WINSOCK_FUNCTION(static, int, getaddrinfo,
 +DECL_WINDOWS_FUNCTION(static, int, getaddrinfo,
  		      (const char *nodename, const char *servname,
  		       const struct addrinfo *hints, struct addrinfo **res));
 -DECL_WINSOCK_FUNCTION(static, void, freeaddrinfo, (struct addrinfo *res));
 -DECL_WINSOCK_FUNCTION(static, int, getnameinfo,
 +DECL_WINDOWS_FUNCTION(static, void, freeaddrinfo, (struct addrinfo *res));
 +DECL_WINDOWS_FUNCTION(static, int, getnameinfo,
  		      (const struct sockaddr FAR * sa, socklen_t salen,
  		       char FAR * host, size_t hostlen, char FAR * serv,
  		       size_t servlen, int flags));
 -DECL_WINSOCK_FUNCTION(static, char *, gai_strerror, (int ecode));
 -DECL_WINSOCK_FUNCTION(static, int, WSAAddressToStringA,
 +DECL_WINDOWS_FUNCTION(static, char *, gai_strerror, (int ecode));
 +DECL_WINDOWS_FUNCTION(static, int, WSAAddressToStringA,
  		      (LPSOCKADDR, DWORD, LPWSAPROTOCOL_INFO,
 -		       LPTSTR, LPDWORD));
 +		       LPSTR, LPDWORD));
  #endif
  static HMODULE winsock_module = NULL;
 @@ -243,9 +227,9 @@ void sk_init(void)  #ifndef NO_IPV6
      winsock2_module =
  #endif
 -        winsock_module = LoadLibrary("WS2_32.DLL");
 +        winsock_module = load_system32_dll("ws2_32.dll");
      if (!winsock_module) {
 -	winsock_module = LoadLibrary("WSOCK32.DLL");
 +	winsock_module = load_system32_dll("wsock32.dll");
      }
      if (!winsock_module)
  	fatalbox("Unable to load any WinSock library");
 @@ -256,61 +240,61 @@ void sk_init(void)  #ifdef NET_SETUP_DIAGNOSTICS
  	logevent(NULL, "Native WinSock IPv6 support detected");
  #endif
 -	GET_WINSOCK_FUNCTION(winsock_module, getaddrinfo);
 -	GET_WINSOCK_FUNCTION(winsock_module, freeaddrinfo);
 -	GET_WINSOCK_FUNCTION(winsock_module, getnameinfo);
 -	GET_WINSOCK_FUNCTION(winsock_module, gai_strerror);
 +	GET_WINDOWS_FUNCTION(winsock_module, getaddrinfo);
 +	GET_WINDOWS_FUNCTION(winsock_module, freeaddrinfo);
 +	GET_WINDOWS_FUNCTION(winsock_module, getnameinfo);
 +	GET_WINDOWS_FUNCTION(winsock_module, gai_strerror);
      } else {
  	/* Fall back to wship6.dll for Windows 2000 */
 -	wship6_module = LoadLibrary("wship6.dll");
 +	wship6_module = load_system32_dll("wship6.dll");
  	if (wship6_module) {
  #ifdef NET_SETUP_DIAGNOSTICS
  	    logevent(NULL, "WSH IPv6 support detected");
  #endif
 -	    GET_WINSOCK_FUNCTION(wship6_module, getaddrinfo);
 -	    GET_WINSOCK_FUNCTION(wship6_module, freeaddrinfo);
 -	    GET_WINSOCK_FUNCTION(wship6_module, getnameinfo);
 -	    GET_WINSOCK_FUNCTION(wship6_module, gai_strerror);
 +	    GET_WINDOWS_FUNCTION(wship6_module, getaddrinfo);
 +	    GET_WINDOWS_FUNCTION(wship6_module, freeaddrinfo);
 +	    GET_WINDOWS_FUNCTION(wship6_module, getnameinfo);
 +	    GET_WINDOWS_FUNCTION(wship6_module, gai_strerror);
  	} else {
  #ifdef NET_SETUP_DIAGNOSTICS
  	    logevent(NULL, "No IPv6 support detected");
  #endif
  	}
      }
 -    GET_WINSOCK_FUNCTION(winsock2_module, WSAAddressToStringA);
 +    GET_WINDOWS_FUNCTION(winsock2_module, WSAAddressToStringA);
  #else
  #ifdef NET_SETUP_DIAGNOSTICS
      logevent(NULL, "PuTTY was built without IPv6 support");
  #endif
  #endif
 -    GET_WINSOCK_FUNCTION(winsock_module, WSAAsyncSelect);
 -    GET_WINSOCK_FUNCTION(winsock_module, WSAEventSelect);
 -    GET_WINSOCK_FUNCTION(winsock_module, select);
 -    GET_WINSOCK_FUNCTION(winsock_module, WSAGetLastError);
 -    GET_WINSOCK_FUNCTION(winsock_module, WSAEnumNetworkEvents);
 -    GET_WINSOCK_FUNCTION(winsock_module, WSAStartup);
 -    GET_WINSOCK_FUNCTION(winsock_module, WSACleanup);
 -    GET_WINSOCK_FUNCTION(winsock_module, closesocket);
 -    GET_WINSOCK_FUNCTION(winsock_module, ntohl);
 -    GET_WINSOCK_FUNCTION(winsock_module, htonl);
 -    GET_WINSOCK_FUNCTION(winsock_module, htons);
 -    GET_WINSOCK_FUNCTION(winsock_module, ntohs);
 -    GET_WINSOCK_FUNCTION(winsock_module, gethostname);
 -    GET_WINSOCK_FUNCTION(winsock_module, gethostbyname);
 -    GET_WINSOCK_FUNCTION(winsock_module, getservbyname);
 -    GET_WINSOCK_FUNCTION(winsock_module, inet_addr);
 -    GET_WINSOCK_FUNCTION(winsock_module, inet_ntoa);
 -    GET_WINSOCK_FUNCTION(winsock_module, connect);
 -    GET_WINSOCK_FUNCTION(winsock_module, bind);
 -    GET_WINSOCK_FUNCTION(winsock_module, setsockopt);
 -    GET_WINSOCK_FUNCTION(winsock_module, socket);
 -    GET_WINSOCK_FUNCTION(winsock_module, listen);
 -    GET_WINSOCK_FUNCTION(winsock_module, send);
 -    GET_WINSOCK_FUNCTION(winsock_module, ioctlsocket);
 -    GET_WINSOCK_FUNCTION(winsock_module, accept);
 -    GET_WINSOCK_FUNCTION(winsock_module, recv);
 -    GET_WINSOCK_FUNCTION(winsock_module, WSAIoctl);
 +    GET_WINDOWS_FUNCTION(winsock_module, WSAAsyncSelect);
 +    GET_WINDOWS_FUNCTION(winsock_module, WSAEventSelect);
 +    GET_WINDOWS_FUNCTION(winsock_module, select);
 +    GET_WINDOWS_FUNCTION(winsock_module, WSAGetLastError);
 +    GET_WINDOWS_FUNCTION(winsock_module, WSAEnumNetworkEvents);
 +    GET_WINDOWS_FUNCTION(winsock_module, WSAStartup);
 +    GET_WINDOWS_FUNCTION(winsock_module, WSACleanup);
 +    GET_WINDOWS_FUNCTION(winsock_module, closesocket);
 +    GET_WINDOWS_FUNCTION(winsock_module, ntohl);
 +    GET_WINDOWS_FUNCTION(winsock_module, htonl);
 +    GET_WINDOWS_FUNCTION(winsock_module, htons);
 +    GET_WINDOWS_FUNCTION(winsock_module, ntohs);
 +    GET_WINDOWS_FUNCTION(winsock_module, gethostname);
 +    GET_WINDOWS_FUNCTION(winsock_module, gethostbyname);
 +    GET_WINDOWS_FUNCTION(winsock_module, getservbyname);
 +    GET_WINDOWS_FUNCTION(winsock_module, inet_addr);
 +    GET_WINDOWS_FUNCTION(winsock_module, inet_ntoa);
 +    GET_WINDOWS_FUNCTION(winsock_module, connect);
 +    GET_WINDOWS_FUNCTION(winsock_module, bind);
 +    GET_WINDOWS_FUNCTION(winsock_module, setsockopt);
 +    GET_WINDOWS_FUNCTION(winsock_module, socket);
 +    GET_WINDOWS_FUNCTION(winsock_module, listen);
 +    GET_WINDOWS_FUNCTION(winsock_module, send);
 +    GET_WINDOWS_FUNCTION(winsock_module, ioctlsocket);
 +    GET_WINDOWS_FUNCTION(winsock_module, accept);
 +    GET_WINDOWS_FUNCTION(winsock_module, recv);
 +    GET_WINDOWS_FUNCTION(winsock_module, WSAIoctl);
      /* Try to get the best WinSock version we can get */
      if (!sk_startup(2,2) &&
 @@ -335,7 +319,8 @@ void sk_cleanup(void)  	sktree = NULL;
      }
 -    p_WSACleanup();
 +    if (p_WSACleanup)
 +	p_WSACleanup();
      if (winsock_module)
  	FreeLibrary(winsock_module);
  #ifndef NO_IPV6
 @@ -428,10 +413,8 @@ SockAddr sk_namelookup(const char *host, char **canonicalname,  {
      SockAddr ret = snew(struct SockAddr_tag);
      unsigned long a;
 -    struct hostent *h = NULL;
      char realhost[8192];
      int hint_family;
 -    int err;
      /* Default to IPv4. */
      hint_family = (address_family == ADDRTYPE_IPV4 ? AF_INET :
 @@ -451,6 +434,8 @@ SockAddr sk_namelookup(const char *host, char **canonicalname,      *realhost = '\0';
      if ((a = p_inet_addr(host)) == (unsigned long) INADDR_NONE) {
 +	struct hostent *h = NULL;
 +	int err;
  #ifndef NO_IPV6
  	/*
  	 * Use getaddrinfo when it's available
 @@ -583,11 +568,19 @@ void sk_getaddr(SockAddr addr, char *buf, int buflen)  #ifndef NO_IPV6
      if (step.ai) {
 +	int err = 0;
  	if (p_WSAAddressToStringA) {
 -	    p_WSAAddressToStringA(step.ai->ai_addr, step.ai->ai_addrlen,
 -				  NULL, buf, &buflen);
 +	    DWORD dwbuflen = buflen;
 +	    err = p_WSAAddressToStringA(step.ai->ai_addr, step.ai->ai_addrlen,
 +					NULL, buf, &dwbuflen);
  	} else
 -	    strncpy(buf, "IPv6", buflen);
 +	    err = -1;
 +	if (err) {
 +	    strncpy(buf, addr->hostname, buflen);
 +	    if (!buf[0])
 +		strncpy(buf, "<unknown>", buflen);
 +	    buf[buflen-1] = '\0';
 +	}
      } else
  #endif
      if (SOCKADDR_FAMILY(addr, step) == AF_INET) {
 diff --git a/tools/plink/winplink.c b/tools/plink/winplink.c index 525b1a212..7af9e1b4f 100644 --- a/tools/plink/winplink.c +++ b/tools/plink/winplink.c @@ -166,7 +166,7 @@ static void usage(void)      printf("  -pgpfp    print PGP key fingerprints and exit\n");
      printf("  -v        show verbose messages\n");
      printf("  -load sessname  Load settings from saved session\n");
 -    printf("  -ssh -telnet -rlogin -raw\n");
 +    printf("  -ssh -telnet -rlogin -raw -serial\n");
      printf("            force use of a particular protocol\n");
      printf("  -P port   connect to specified port\n");
      printf("  -l user   connect with specified username\n");
 @@ -193,6 +193,8 @@ static void usage(void)      printf("  -N        don't start a shell/command (SSH-2 only)\n");
      printf("  -nc host:port\n");
      printf("            open tunnel in place of session (SSH-2 only)\n");
 +    printf("  -sercfg configuration-string (e.g. 19200,8,n,1,X)\n");
 +    printf("            Specify the serial configuration (serial only)\n");
      exit(1);
  }
 @@ -279,6 +281,7 @@ int main(int argc, char **argv)      int skcount, sksize;
      int exitcode;
      int errors;
 +    int got_host = FALSE;
      int use_subsystem = 0;
      long now, next;
 @@ -341,7 +344,7 @@ int main(int argc, char **argv)  		errors = 1;
  	    }
  	} else if (*p) {
 -	    if (!cfg_launchable(&cfg)) {
 +	    if (!cfg_launchable(&cfg) || !(got_host || loaded_session)) {
  		char *q = p;
  		/*
  		 * If the hostname starts with "telnet:", set the
 @@ -367,6 +370,7 @@ int main(int argc, char **argv)  			cfg.port = -1;
  		    strncpy(cfg.host, q, sizeof(cfg.host) - 1);
  		    cfg.host[sizeof(cfg.host) - 1] = '\0';
 +		    got_host = TRUE;
  		} else {
  		    char *r, *user, *host;
  		    /*
 @@ -415,8 +419,10 @@ int main(int argc, char **argv)  			    strncpy(cfg.host, host, sizeof(cfg.host) - 1);
  			    cfg.host[sizeof(cfg.host) - 1] = '\0';
  			    cfg.port = default_port;
 +			    got_host = TRUE;
  			} else {
  			    cfg = cfg2;
 +			    loaded_session = TRUE;
  			}
  		    }
 @@ -463,7 +469,7 @@ int main(int argc, char **argv)      if (errors)
  	return 1;
 -    if (!cfg_launchable(&cfg)) {
 +    if (!cfg_launchable(&cfg) || !(got_host || loaded_session)) {
  	usage();
      }
 diff --git a/tools/plink/winproxy.c b/tools/plink/winproxy.c index 45998e400..4da4d2e01 100644 --- a/tools/plink/winproxy.c +++ b/tools/plink/winproxy.c @@ -199,6 +199,8 @@ Socket platform_new_connection(SockAddr addr, char *hostname,  		  CREATE_NO_WINDOW | NORMAL_PRIORITY_CLASS,
  		  NULL, NULL, &si, &pi);
 +    sfree(cmd);
 +
      CloseHandle(cmd_from_us);
      CloseHandle(cmd_to_us);
 diff --git a/tools/plink/winstore.c b/tools/plink/winstore.c index b1b3d3a66..f7dd98965 100644 --- a/tools/plink/winstore.c +++ b/tools/plink/winstore.c @@ -23,9 +23,8 @@ static const char hex[16] = "0123456789ABCDEF";  static int tried_shgetfolderpath = FALSE;
  static HMODULE shell32_module = NULL;
 -typedef HRESULT (WINAPI *p_SHGetFolderPath_t)
 -    (HWND, int, HANDLE, DWORD, LPTSTR);
 -static p_SHGetFolderPath_t p_SHGetFolderPath = NULL;
 +DECL_WINDOWS_FUNCTION(static, HRESULT, SHGetFolderPathA, 
 +		      (HWND, int, HANDLE, DWORD, LPSTR));
  static void mungestr(const char *in, char *out)
  {
 @@ -498,22 +497,20 @@ static HANDLE access_random_seed(int action)  	 * on older versions of Windows if we cared enough.
  	 * However, the invocation below requires IE5+ anyway,
  	 * so stuff that. */
 -	shell32_module = LoadLibrary("SHELL32.DLL");
 -	if (shell32_module) {
 -	    p_SHGetFolderPath = (p_SHGetFolderPath_t)
 -		GetProcAddress(shell32_module, "SHGetFolderPathA");
 -	}
 +	shell32_module = load_system32_dll("shell32.dll");
 +	GET_WINDOWS_FUNCTION(shell32_module, SHGetFolderPathA);
 +	tried_shgetfolderpath = TRUE;
      }
 -    if (p_SHGetFolderPath) {
 -	if (SUCCEEDED(p_SHGetFolderPath(NULL, CSIDL_LOCAL_APPDATA,
 -					NULL, SHGFP_TYPE_CURRENT, seedpath))) {
 +    if (p_SHGetFolderPathA) {
 +	if (SUCCEEDED(p_SHGetFolderPathA(NULL, CSIDL_LOCAL_APPDATA,
 +					 NULL, SHGFP_TYPE_CURRENT, seedpath))) {
  	    strcat(seedpath, "\\PUTTY.RND");
  	    if (try_random_seed(seedpath, action, &rethandle))
  		return rethandle;
  	}
 -	if (SUCCEEDED(p_SHGetFolderPath(NULL, CSIDL_APPDATA,
 -					NULL, SHGFP_TYPE_CURRENT, seedpath))) {
 +	if (SUCCEEDED(p_SHGetFolderPathA(NULL, CSIDL_APPDATA,
 +					 NULL, SHGFP_TYPE_CURRENT, seedpath))) {
  	    strcat(seedpath, "\\PUTTY.RND");
  	    if (try_random_seed(seedpath, action, &rethandle))
  		return rethandle;
 diff --git a/tools/plink/winstuff.h b/tools/plink/winstuff.h index 09a515a62..eeceea17a 100644 --- a/tools/plink/winstuff.h +++ b/tools/plink/winstuff.h @@ -74,6 +74,33 @@ struct FontSpec {  #define DF_END 0x0001
  /*
 + * Dynamically linked functions. These come in two flavours:
 + *
 + *  - GET_WINDOWS_FUNCTION does not expose "name" to the preprocessor,
 + *    so will always dynamically link against exactly what is specified
 + *    in "name". If you're not sure, use this one.
 + *
 + *  - GET_WINDOWS_FUNCTION_PP allows "name" to be redirected via
 + *    preprocessor definitions like "#define foo bar"; this is principally
 + *    intended for the ANSI/Unicode DoSomething/DoSomethingA/DoSomethingW.
 + *    If your function has an argument of type "LPTSTR" or similar, this
 + *    is the variant to use.
 + *    (However, it can't always be used, as it trips over more complicated
 + *    macro trickery such as the WspiapiGetAddrInfo wrapper for getaddrinfo.)
 + *
 + * (DECL_WINDOWS_FUNCTION works with both these variants.)
 + */
 +#define DECL_WINDOWS_FUNCTION(linkage, rettype, name, params) \
 +    typedef rettype (WINAPI *t_##name) params; \
 +    linkage t_##name p_##name
 +#define STR1(x) #x
 +#define STR(x) STR1(x)
 +#define GET_WINDOWS_FUNCTION_PP(module, name) \
 +    p_##name = module ? (t_##name) GetProcAddress(module, STR(name)) : NULL
 +#define GET_WINDOWS_FUNCTION(module, name) \
 +    p_##name = module ? (t_##name) GetProcAddress(module, #name) : NULL
 +
 +/*
   * Global variables. Most modules declare these `extern', but
   * window.c will do `#define PUTTY_DO_GLOBALS' before including this
   * module, and so will get them properly defined.
 @@ -111,17 +138,23 @@ typedef struct terminal_tag Terminal;  typedef HDC Context;
 +typedef unsigned int uint32; /* int is 32-bits on Win32 and Win64. */
 +#define PUTTY_UINT32_DEFINED
 +
  #ifndef NO_GSSAPI
  /*
   * GSS-API stuff
   */
 +#define GSS_CC CALLBACK
 +/*
  typedef struct Ssh_gss_buf {
 -    int length;
 +    size_t length;
      char *value;
  } Ssh_gss_buf;
  #define SSH_GSS_EMPTY_BUF (Ssh_gss_buf) {0,NULL}
  typedef void *Ssh_gss_name;
 +*/
  #endif
  /*
 @@ -189,6 +222,8 @@ GLOBAL void *logctx;  			      "All Files (*.*)\0*\0\0\0")
  #define FILTER_WAVE_FILES ("Wave Files (*.wav)\0*.WAV\0" \
  			       "All Files (*.*)\0*\0\0\0")
 +#define FILTER_DYNLIB_FILES ("Dynamic Library Files (*.dll)\0*.dll\0" \
 +				 "All Files (*.*)\0*\0\0\0")
  /*
   * On some versions of Windows, it has been known for WM_TIMER to
 @@ -205,16 +240,16 @@ GLOBAL void *logctx;   * that module must be exported from it as function pointers. So
   * here they are.
   */
 -extern int (WINAPI *p_WSAAsyncSelect)
 -    (SOCKET s, HWND hWnd, u_int wMsg, long lEvent);
 -extern int (WINAPI *p_WSAEventSelect)
 -    (SOCKET s, WSAEVENT hEventObject, long lNetworkEvents);
 -extern int (WINAPI *p_select)
 -    (int nfds, fd_set FAR * readfds, fd_set FAR * writefds,
 -     fd_set FAR *exceptfds, const struct timeval FAR * timeout);
 -extern int (WINAPI *p_WSAGetLastError)(void);
 -extern int (WINAPI *p_WSAEnumNetworkEvents)
 -    (SOCKET s, WSAEVENT hEventObject, LPWSANETWORKEVENTS lpNetworkEvents);
 +DECL_WINDOWS_FUNCTION(GLOBAL, int, WSAAsyncSelect,
 +		      (SOCKET, HWND, u_int, long));
 +DECL_WINDOWS_FUNCTION(GLOBAL, int, WSAEventSelect,
 +		      (SOCKET, WSAEVENT, long));
 +DECL_WINDOWS_FUNCTION(GLOBAL, int, select,
 +		      (int, fd_set FAR *, fd_set FAR *,
 +		       fd_set FAR *, const struct timeval FAR *));
 +DECL_WINDOWS_FUNCTION(GLOBAL, int, WSAGetLastError, (void));
 +DECL_WINDOWS_FUNCTION(GLOBAL, int, WSAEnumNetworkEvents,
 +		      (SOCKET, WSAEVENT, LPWSANETWORKEVENTS));
  extern int socket_writable(SOCKET skt);
 @@ -413,6 +448,7 @@ void show_help(HWND hwnd);   */
  extern OSVERSIONINFO osVersion;
  BOOL init_winver(void);
 +HMODULE load_system32_dll(const char *libname);
  /*
   * Exports from sizetip.c.
 | 
