build: Increase version numbers.

WSAPoll uses different constanst values as the POSIX implementation,
what else ...

CMakeLists.txt

@@ -8,11 +8,18 @@ set(APPLICATION_NAME ${PROJECT_NAME})
 
 set(APPLICATION_VERSION_MAJOR "0")
 set(APPLICATION_VERSION_MINOR "4")
-set(APPLICATION_VERSION_PATCH "2")
+set(APPLICATION_VERSION_PATCH "5")
 
-set(APPLICATION_VERSION "${APPLICATION_VERSION_MAJOR}${APPLICATION_VERSION_MINOR}${APPLICATION_VERSION_PATCH}")
+set(APPLICATION_VERSION "${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINOR}.${APPLICATION_VERSION_PATCH}")
 
-set(LIBRARY_VERSION "4.0.2")
+# SOVERSION scheme: CURRENT.AGE.REVISION
+#   If there was an incompatible interface change:
+#     Increment CURRENT. Set AGE and REVISION to 0
+#   If there was a compatible interface change:
+#     Increment AGE. Set REVISION to 0
+#   If the source code was changed, but there were no interface changes:
+#     Increment REVISION.
+set(LIBRARY_VERSION "4.1.2")
 set(LIBRARY_SOVERSION "4")
 
 # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked
@@ -45,12 +52,12 @@ if (WITH_GCRYPT)
   endif (NOT GCRYPT_FOUND)
 else (WITH_GCRYPT)
   find_package(OpenSSL)
-  if (NOT CRYPTO_FOUND)
+  if (NOT OPENSSL_FOUND)
     find_package(GCrypt)
     if (NOT GCRYPT_FOUND)
       message(FATAL_ERROR "Could not find OpenSSL or GCrypt")
     endif (NOT GCRYPT_FOUND)
-  endif (NOT CRYPTO_FOUND)
+  endif (NOT OPENSSL_FOUND)
 endif(WITH_GCRYPT)
 
 # config.h checks
@@ -65,7 +72,7 @@ add_subdirectory(libssh)
 # build samples
 include_directories(${CMAKE_SOURCE_DIR}/include)
 
-if (UNIX AND NOT WIN32)
+if (CMAKE_SYSTEM_NAME STREQUAL "Linux")
   add_subdirectory(examples)
+endif (CMAKE_SYSTEM_NAME STREQUAL "Linux")
 
-endif (UNIX AND NOT WIN32)

CPackConfig.cmake

@@ -13,7 +13,7 @@ set(CPACK_RESOURCE_FILE_LICENSE "${CMAKE_SOURCE_DIR}/COPYING")
 ### versions
 set(CPACK_PACKAGE_VERSION_MAJOR "0")
 set(CPACK_PACKAGE_VERSION_MINOR "4")
-set(CPACK_PACKAGE_VERSION_PATCH "2")
+set(CPACK_PACKAGE_VERSION_PATCH "5")
 set(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}")
 
 

ChangeLog

@@ -1,6 +1,41 @@
 ChangeLog
 ==========
 
+version 0.4.5 (released 2010-07-13)
+  * Added option to bind a client to an ip address.
+  * Fixed the ssh socket polling function.
+  * Fixed Windows related bugs in bsd_poll().
+  * Fixed serveral build warnings.
+
+version 0.4.4 (released 2010-06-01)
+  * Fixed a bug in the expand function for escape sequences.
+  * Fixed a bug in the tilde expand function.
+  * Fixed a bug in setting the options.
+
+version 0.4.3 (released 2010-05-18)
+  * Added global/keepalive responses.
+  * Added runtime detection of WSAPoll().
+  * Added a select(2) based poll-emulation if poll(2) is not available.
+  * Added a function to expand an escaped string.
+  * Added a function to expand the tilde from a path.
+  * Added a proxycommand support.
+  * Added ssh_privatekey_type public function
+  * Added the possibility to define _OPENSSL_DIR and _ZLIB_DIR.
+  * Fixed sftp_chown.
+  * Fixed sftp_rename on protocol version 3.
+  * Fixed a blocking bug in channel_poll.
+  * Fixed config parsing wich has overwritten user specified values.
+  * Fixed hashed [host]:port format in knownhosts
+  * Fixed Windows build.
+  * Fixed doublefree happening after a negociation error.
+  * Fixed aes*-ctr with <= OpenSSL 0.9.7b.
+  * Fixed some documentation.
+  * Fixed exec example which has broken read usage.
+  * Fixed broken algorithm choice for server.
+  * Fixed a typo that we don't export all symbols.
+  * Removed the unneeded dependency to doxygen.
+  * Build examples only on the Linux plattform.
+
 version 0.4.2 (released 2010-03-15)
   * Added owner and group information in sftp attributes.
   * Added missing SSH_OPTIONS_FD option.

ConfigureChecks.cmake

@@ -1,4 +1,5 @@
 include(CheckIncludeFile)
+include(CheckIncludeFiles)
 include(CheckSymbolExists)
 include(CheckFunctionExists)
 include(CheckLibraryExists)
@@ -16,25 +17,40 @@ set(SYSCONFDIR ${SYSCONF_INSTALL_DIR})
 set(BINARYDIR ${CMAKE_BINARY_DIR})
 set(SOURCEDIR ${CMAKE_SOURCE_DIR})
 
-if(CMAKE_COMPILER_IS_GNUC)
+if(CMAKE_COMPILER_IS_GNUCC)
 check_c_compiler_flag("-fvisibility=hidden" WITH_VISIBILITY_HIDDEN)
-endif(CMAKE_COMPILER_IS_GNUC)
+endif(CMAKE_COMPILER_IS_GNUCC)
 
 # HEADER FILES
 check_include_file(argp.h HAVE_ARGP_H)
 check_include_file(pty.h HAVE_PTY_H)
 check_include_file(terminos.h HAVE_TERMIOS_H)
 if (WIN32)
-  check_include_file(wspiapi.h HAVE_WSPIAPI_H)
+  check_include_files("winsock2.h;ws2tcpip.h;wspiapi.h" HAVE_WSPIAPI_H)
   if (NOT HAVE_WSPIAPI_H)
-    message(STATUS "WARNING: Without wspiapi.h, this build will only work on Windows XP and newer versions")
+    message(STATUS "WARNING: Without wspiapi.h (or dependencies), this build will only work on Windows XP and newer versions")
   endif (NOT HAVE_WSPIAPI_H)
-  check_include_file(ws2tcpip.h HAVE_WS2TCPIP_H)
+  check_include_files("winsock2.h;ws2tcpip.h" HAVE_WS2TCPIP_H)
+  if (NOT HAVE_WS2TCPIP_H)
+    message(ERROR "WARNING: Does not have ws2tcpip.h or winsock2.h")
+  endif (NOT HAVE_WS2TCPIP_H)
   if (HAVE_WSPIAPI_H OR HAVE_WS2TCPIP_H)
     set(HAVE_GETADDRINFO TRUE)
     set(HAVE_GETHOSTBYNAME TRUE)
   endif (HAVE_WSPIAPI_H OR HAVE_WS2TCPIP_H)
 
+  check_function_exists(vsnprintf HAVE_VSNPRINTF)
+  if(NOT HAVE_VSNPRINTF)
+      check_function_exists(_vsnprintf_s HAVE__VSNPRINTF_S)
+      check_function_exists(_vsnprintf HAVE__VSNPRINTF)
+  endif(NOT HAVE_VSNPRINTF)
+  check_function_exists(snprintf HAVE_SNPRINTF)
+  if(NOT HAVE_SNPRINTF)
+      check_function_exists(_snprintf HAVE__SNPRINTF)
+      check_function_exists(_snprintf_s HAVE__SNPRINTF_S)
+  endif(NOT HAVE_SNPRINTF)
+  check_function_exists(strncpy HAVE_STRNCPY)
+
   set(HAVE_SELECT TRUE)
 endif (WIN32)
 
@@ -82,9 +98,9 @@ endif (UNIX)
 set(LIBSSH_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} CACHE INTERNAL "libssh required system libraries")
 
 # LIBRARIES
-if (CRYPTO_FOUND)
+if (OPENSSL_FOUND)
   set(HAVE_LIBCRYPTO 1)
-endif (CRYPTO_FOUND)
+endif (OPENSSL_FOUND)
 
 if (GCRYPT_FOUND)
   set(HAVE_LIBGCRYPT 1)

cmake/Modules/FindOpenSSL.cmake

@@ -34,6 +34,7 @@ else (OPENSSL_LIBRARIES AND OPENSSL_INCLUDE_DIRS)
     NAMES
       openssl/ssl.h
     PATHS
+      ${_OPENSSL_DIR}/include
       ${_OPENSSL_INCLUDEDIR}
       /usr/include
       /usr/local/include
@@ -49,6 +50,7 @@ else (OPENSSL_LIBRARIES AND OPENSSL_INCLUDE_DIRS)
       ssl
       libssl
     PATHS
+      ${_OPENSSL_DIR}/lib
       ${_OPENSSL_LIBDIR}
       /usr/lib
       /usr/local/lib
@@ -64,6 +66,7 @@ else (OPENSSL_LIBRARIES AND OPENSSL_INCLUDE_DIRS)
     NAMES
       ssleay32
     PATHS
+      ${_OPENSSL_DIR}/lib
       ${_OPENSSL_LIBDIR}
       /usr/lib
       /usr/local/lib
@@ -79,6 +82,7 @@ else (OPENSSL_LIBRARIES AND OPENSSL_INCLUDE_DIRS)
     NAMES
       ssleay32MD
     PATHS
+      ${_OPENSSL_DIR}/lib
       ${_OPENSSL_LIBDIR}
       /usr/lib
       /usr/local/lib
@@ -99,6 +103,7 @@ else (OPENSSL_LIBRARIES AND OPENSSL_INCLUDE_DIRS)
       libeay
       libeay32
     PATHS
+      ${_OPENSSL_DIR}/lib
       ${_OPENSSL_LIBDIR}
       /lib
       /usr/lib

cmake/Modules/FindZLIB.cmake

@@ -23,6 +23,7 @@ else (ZLIB_LIBRARIES AND ZLIB_INCLUDE_DIRS)
     NAMES
       zlib.h
     PATHS
+      ${_ZLIB_DIR}/include
       /usr/include
       /usr/local/include
       /opt/local/include
@@ -36,6 +37,7 @@ else (ZLIB_LIBRARIES AND ZLIB_INCLUDE_DIRS)
       zlib
       zlib1
     PATHS
+      ${_ZLIB_DIR}/lib
       /usr/lib
       /usr/local/lib
       /opt/local/lib

cmake/Modules/UseDoxygen.cmake

@@ -1,127 +1,100 @@
-# -helper macro to add a "doc" target with CMake build system. 
-# and configure doxy.config.in to doxy.config
+# - Run Doxygen
 #
-# target "doc" allows building the documentation with doxygen/dot on WIN32 and Linux
-# Creates .chm windows help file if MS HTML help workshop 
-# (available from http://msdn.microsoft.com/workshop/author/htmlhelp)
-# is installed with its DLLs in PATH.
+# Adds a doxygen target that runs doxygen to generate the html
+# and optionally the LaTeX API documentation.
+# The doxygen target is added to the doc target as dependency.
+# i.e.: the API documentation is built with:
+#  make doc
+#
+# USAGE: INCLUDE IN PROJECT
+#
+#  set(CMAKE_MODULE_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+#  include(UseDoxygen)
+# Add the Doxyfile.in and UseDoxygen.cmake files to the projects source directory.
 #
 #
-# Please note, that the tools, e.g.:
-# doxygen, dot, latex, dvips, makeindex, gswin32, etc.
-# must be in path.
+# Variables you may define are:
+#  DOXYFILE_OUTPUT_DIR - Path where the Doxygen output is stored. Defaults to "doc".
 #
-# Note about Visual Studio Projects: 
-# MSVS has its own path environment which may differ from the shell.
-# See "Menu Tools/Options/Projects/VC++ Directories" in VS 7.1
+#  DOXYFILE_LATEX_DIR - Directory where the Doxygen LaTeX output is stored. Defaults to "latex".
+#
+#  DOXYFILE_HTML_DIR - Directory where the Doxygen html output is stored. Defaults to "html".
 #
-# author Jan Woetzel 2004-2006
-# www.mip.informatik.uni-kiel.de/~jw
 
+#
+#  Copyright (c) 2009-2010 Tobias Rautenkranz <tobias@rautenkranz.ch>
+#  Copyright (c) 2010      Andreas Schneider <mail@cynapses.org>
+#
+#  Redistribution and use is allowed according to the terms of the New
+#  BSD license.
+#  For details see the accompanying COPYING-CMAKE-SCRIPTS file.
+#
 
-FIND_PACKAGE(Doxygen)
+macro(usedoxygen_set_default name value)
+    if(NOT DEFINED "${name}")
+        set("${name}" "${value}")
+    endif()
+endmacro()
 
-IF (DOXYGEN_FOUND)
+find_package(Doxygen)
 
-  # click+jump in Emacs and Visual Studio (for doxy.config) (jw)
-  IF    (CMAKE_BUILD_TOOL MATCHES "(msdev|devenv)")
-    SET(DOXY_WARN_FORMAT "\"$file($line) : $text \"")
-  ELSE  (CMAKE_BUILD_TOOL MATCHES "(msdev|devenv)")
-    SET(DOXY_WARN_FORMAT "\"$file:$line: $text \"")
-  ENDIF (CMAKE_BUILD_TOOL MATCHES "(msdev|devenv)")
+if(DOXYGEN_FOUND)
+    find_file(DOXYFILE_IN
+        NAMES
+            doxy.config.in
+        PATHS
+            ${CMAKE_CURRENT_SOURCE_DIR}
+            ${CMAKE_ROOT}/Modules/
+        NO_DEFAULT_PATH)
+    include(FindPackageHandleStandardArgs)
+    find_package_handle_standard_args(DOXYFILE_IN DEFAULT_MSG "DOXYFILE_IN")
+endif()
 
-  # we need latex for doxygen because of the formulas
-  FIND_PACKAGE(LATEX)
-  IF    (NOT LATEX_COMPILER)
-    MESSAGE(STATUS "latex command LATEX_COMPILER not found but usually required. You will probably get warnings and user inetraction on doxy run.")
-  ENDIF (NOT LATEX_COMPILER)
-  IF    (NOT MAKEINDEX_COMPILER)
-    MESSAGE(STATUS "makeindex command MAKEINDEX_COMPILER not found but usually required.")
-  ENDIF (NOT MAKEINDEX_COMPILER)
-  IF    (NOT DVIPS_CONVERTER)
-    MESSAGE(STATUS "dvips command DVIPS_CONVERTER not found but usually required.")
-  ENDIF (NOT DVIPS_CONVERTER)
-  FIND_PROGRAM(DOXYGEN_DOT_EXECUTABLE_PATH NAMES dot)
-  IF (DOXYGEN_DOT_EXECUTABLE_PATH)
-    SET(DOXYGEN_DOT_FOUND "YES")
-  ENDIF (DOXYGEN_DOT_EXECUTABLE_PATH)
+if(DOXYGEN_FOUND AND DOXYFILE_IN_FOUND)
+    add_custom_target(doxygen ${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/doxy.config)
 
-  IF   (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/doxy.config.in")
-    MESSAGE(STATUS "Generate ${CMAKE_CURRENT_BINARY_DIR}/doxy.config from doxy.config.in")
-    CONFIGURE_FILE(${CMAKE_CURRENT_SOURCE_DIR}/doxy.config.in 
-      ${CMAKE_CURRENT_BINARY_DIR}/doxy.config
-      @ONLY )
-    # use (configured) doxy.config from (out of place) BUILD tree:
-    SET(DOXY_CONFIG "${CMAKE_CURRENT_BINARY_DIR}/doxy.config")
-  ELSE (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/doxy.config.in")
-    # use static hand-edited doxy.config from SOURCE tree:
-    SET(DOXY_CONFIG "${CMAKE_CURRENT_SOURCE_DIR}/doxy.config")
-    IF   (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/doxy.config")
-      MESSAGE(STATUS "WARNING: using existing ${CMAKE_CURRENT_SOURCE_DIR}/doxy.config instead of configuring from doxy.config.in file.")
-    ELSE (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/doxy.config")
-      IF   (EXISTS "${CMAKE_MODULE_PATH}/doxy.config.in")
-        # using template doxy.config.in
-        MESSAGE(STATUS "Generate ${CMAKE_CURRENT_BINARY_DIR}/doxy.config from doxy.config.in")
-        CONFIGURE_FILE(${CMAKE_MODULE_PATH}/doxy.config.in 
-          ${CMAKE_CURRENT_BINARY_DIR}/doxy.config
-          @ONLY )
-        SET(DOXY_CONFIG "${CMAKE_CURRENT_BINARY_DIR}/doxy.config")
-      ELSE (EXISTS "${CMAKE_MODULE_PATH}/doxy.config.in")
-        # failed completely...
-        MESSAGE(SEND_ERROR "Please create ${CMAKE_CURRENT_SOURCE_DIR}/doxy.config.in (or doxy.config as fallback)")
-      ENDIF(EXISTS "${CMAKE_MODULE_PATH}/doxy.config.in")
+    usedoxygen_set_default(DOXYFILE_OUTPUT_DIR "${CMAKE_CURRENT_BINARY_DIR}")
+    usedoxygen_set_default(DOXYFILE_HTML_DIR "html")
 
-    ENDIF(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/doxy.config")
-  ENDIF(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/doxy.config.in")
+    set_property(DIRECTORY APPEND PROPERTY
+            ADDITIONAL_MAKE_CLEAN_FILES "${DOXYFILE_OUTPUT_DIR}/${DOXYFILE_HTML_DIR}")
 
-  ADD_CUSTOM_TARGET(doc ${DOXYGEN_EXECUTABLE} ${DOXY_CONFIG} DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/doxy.config)
+    set(DOXYFILE_LATEX FALSE)
+    set(DOXYFILE_PDFLATEX FALSE)
+    set(DOXYFILE_DOT FALSE)
 
-  # create a windows help .chm file using hhc.exe
-  # HTMLHelp DLL must be in path!
-  # fallback: use hhw.exe interactively
-  IF    (WIN32)
-    FIND_PACKAGE(HTMLHelp)
-    IF   (HTML_HELP_COMPILER)      
-      SET (TMP "${CMAKE_CURRENT_BINARY_DIR}\\doc\\html\\index.hhp")
-      STRING(REGEX REPLACE "[/]" "\\\\" HHP_FILE ${TMP} )
-      # MESSAGE(SEND_ERROR "DBG  HHP_FILE=${HHP_FILE}")
-      ADD_CUSTOM_TARGET(winhelp ${HTML_HELP_COMPILER} ${HHP_FILE})
-      ADD_DEPENDENCIES (winhelp doc)
-     
-      IF (NOT TARGET_DOC_SKIP_INSTALL)
-      # install windows help?
-      # determine useful name for output file 
-      # should be project and version unique to allow installing 
-      # multiple projects into one global directory      
-      IF   (EXISTS "${PROJECT_BINARY_DIR}/doc/html/index.chm")
-        IF   (PROJECT_NAME)
-          SET(OUT "${PROJECT_NAME}")
-        ELSE (PROJECT_NAME)
-          SET(OUT "Documentation") # default
-        ENDIF(PROJECT_NAME)
-        IF   (${PROJECT_NAME}_VERSION_MAJOR)
-          SET(OUT "${OUT}-${${PROJECT_NAME}_VERSION_MAJOR}")
-          IF   (${PROJECT_NAME}_VERSION_MINOR)
-            SET(OUT  "${OUT}.${${PROJECT_NAME}_VERSION_MINOR}")
-            IF   (${PROJECT_NAME}_VERSION_PATCH)
-              SET(OUT "${OUT}.${${PROJECT_NAME}_VERSION_PATCH}")      
-            ENDIF(${PROJECT_NAME}_VERSION_PATCH)
-          ENDIF(${PROJECT_NAME}_VERSION_MINOR)
-        ENDIF(${PROJECT_NAME}_VERSION_MAJOR)
-        # keep suffix
-        SET(OUT  "${OUT}.chm")
-        
-        #MESSAGE("DBG ${PROJECT_BINARY_DIR}/doc/html/index.chm \n${OUT}")
-        # create target used by install and package commands 
-        INSTALL(FILES "${PROJECT_BINARY_DIR}/doc/html/index.chm"
-          DESTINATION "doc"
-          RENAME "${OUT}"
-        )
-      ENDIF(EXISTS "${PROJECT_BINARY_DIR}/doc/html/index.chm")
-      ENDIF(NOT TARGET_DOC_SKIP_INSTALL)
+    find_package(LATEX)
+    if(LATEX_COMPILER AND MAKEINDEX_COMPILER)
+        set(DOXYFILE_LATEX TRUE)
+        usedoxygen_set_default(DOXYFILE_LATEX_DIR "latex")
 
-    ENDIF(HTML_HELP_COMPILER)
-    # MESSAGE(SEND_ERROR "HTML_HELP_COMPILER=${HTML_HELP_COMPILER}")
-  ENDIF (WIN32) 
-ENDIF(DOXYGEN_FOUND)
+        set_property(DIRECTORY APPEND PROPERTY
+                ADDITIONAL_MAKE_CLEAN_FILES
+                "${DOXYFILE_OUTPUT_DIR}/${DOXYFILE_LATEX_DIR}")
 
+        if(PDFLATEX_COMPILER)
+            set(DOXYFILE_PDFLATEX TRUE)
+        endif()
+        if(DOXYGEN_DOT_EXECUTABLE)
+            set(DOXYFILE_DOT TRUE)
+        endif()
+
+        add_custom_command(TARGET doxygen
+            POST_BUILD
+            COMMAND ${CMAKE_MAKE_PROGRAM}
+            WORKING_DIRECTORY "${DOXYFILE_OUTPUT_DIR}/${DOXYFILE_LATEX_DIR}")
+    endif()
+
+    configure_file(${DOXYFILE_IN} ${CMAKE_CURRENT_BINARY_DIR}/doxy.config ESCAPE_QUOTES IMMEDIATE @ONLY)
+    if (EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/doxy.trac.in)
+        configure_file(${CMAKE_CURRENT_SOURCE_DIR}/doxy.trac.in ${CMAKE_CURRENT_BINARY_DIR}/doxy.trac ESCAPE_QUOTES IMMEDIATE @ONLY)
+        add_custom_target(doxygen-trac ${DOXYGEN_EXECUTABLE} ${CMAKE_CURRENT_BINARY_DIR}/doxy.trac)
+    endif()
+
+    get_target_property(DOC_TARGET doc TYPE)
+    if(NOT DOC_TARGET)
+        add_custom_target(doc)
+    endif()
+
+    add_dependencies(doc doxygen)
+endif()

config.h.cmake

@@ -37,6 +37,28 @@
 
 /*************************** FUNCTIONS ***************************/
 
+/* Define to 1 if you have the `vsnprintf' function. */
+#cmakedefine HAVE_VSNPRINTF
+
+/* Define to 1 if you have the `_vsnprintf' function. */
+#cmakedefine HAVE__VSNPRINTF
+
+/* Define to 1 if you have the `_vsnprintf_s' function. */
+#cmakedefine HAVE__VSNPRINTF_S
+
+/* Define to 1 if you have the `snprintf' function. */
+#cmakedefine HAVE_SNPRINTF
+
+/* Define to 1 if you have the `_snprintf' function. */
+#cmakedefine HAVE__SNPRINTF
+
+/* Define to 1 if you have the `_snprintf_s' function. */
+#cmakedefine HAVE__SNPRINTF_S
+
+
+/* Define to 1 if you have the `strncpy' function. */
+#cmakedefine HAVE_STRNCPY
+
 /* Define to 1 if you have the `cfmakeraw' function. */
 #cmakedefine HAVE_CFMAKERAW 1
 

doc/TracFooter.html

@@ -0,0 +1 @@
+<!-- Doxygen TracFooter -->

doc/TracHeader.html

@@ -0,0 +1,4 @@
+<!-- Doxygen TracHeader -->
+<style>@import url(/chrome/site/doxygen.css);</style>
+<style>@import url(/chrome/site/tabs.css);</style>
+<!-- /Doxygen TracHeader -->

doc/doxy.config.in

@@ -918,7 +918,7 @@ FORMULA_FONTSIZE       = 10
 # If the GENERATE_LATEX tag is set to YES (the default) Doxygen will 
 # generate Latex output.
 
-GENERATE_LATEX         = NO
+GENERATE_LATEX         = @DOXYFILE_LATEX@
 
 # The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. 
 # If a relative path is entered the value of OUTPUT_DIRECTORY will be 

examples/exec.c

@@ -7,7 +7,7 @@
 int main(void) {
   ssh_session session;
   ssh_channel channel;
-  ssh_buffer buf;
+  char buf[4096];
   int rc;
 
   session = connect_ssh("localhost", NULL, 0);
@@ -38,24 +38,14 @@ int main(void) {
     return 1;
   }
 
-
-  if (channel_is_open(channel)) {
-    while (channel_poll(channel, 0) >= 0) {
-      buf = buffer_new();
-      rc = channel_read_buffer(channel, buf, 0, 0);
-      if (rc < 0) {
-        buffer_free(buf);
-        channel_close(channel);
-        ssh_disconnect(session);
-        ssh_finalize();
-        return 1;
+  do {
+    if (channel_is_open(channel)) {
+      rc = channel_read(channel, buf, sizeof(buf), 0);
+      if(rc > 0){
+        fwrite(buf,1,rc,stdout);
       }
-
-      printf("%s\n", (char *) buffer_get(buf));
-
-      buffer_free(buf);
     }
-  }
+  } while(rc > 0);
 
   channel_send_eof(channel);
   channel_close(channel);

examples/sample.c

@@ -46,6 +46,8 @@ struct termios terminal;
 char *pcap_file=NULL;
 #endif
 
+char *proxycommand;
+
 static int auth_callback(const char *prompt, char *buf, size_t len,
     int echo, int verify, void *userdata) {
   char *answer = NULL;
@@ -95,6 +97,9 @@ static void usage(){
     "  -r : use RSA to verify host public key\n"
 #ifdef WITH_PCAP
     "  -P file : create a pcap debugging file\n"
+#endif
+#ifndef _WIN32
+    "  -T proxycommand : command to execute as a socket proxy\n"
 #endif
     		,
     ssh_version(0));
@@ -106,12 +111,17 @@ static int opts(int argc, char **argv){
 //    for(i=0;i<argc;i++)
 //        printf("%d : %s\n",i,argv[i]);
     /* insert your own arguments here */
-    while((i=getopt(argc,argv,"P:"))!=-1){
+    while((i=getopt(argc,argv,"T:P:"))!=-1){
         switch(i){
 #ifdef WITH_PCAP
         	case 'P':
         		pcap_file=optarg;
         		break;
+#endif
+#ifndef _WIN32
+          case 'T':
+            proxycommand=optarg;
+            break;
 #endif
             default:
                 fprintf(stderr,"unknown option %c\n",optopt);
@@ -432,7 +442,10 @@ static int client(ssh_session session){
       return -1;
   if (ssh_options_set(session, SSH_OPTIONS_HOST ,host) < 0)
     return -1;
-
+  if (proxycommand != NULL){
+    if(ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, proxycommand))
+      return -1;
+  }
   ssh_options_parse_config(session, NULL);
 
   if(ssh_connect(session)){

include/libssh/libssh.h

@@ -79,7 +79,7 @@
 /* libssh version */
 #define LIBSSH_VERSION_MAJOR  0
 #define LIBSSH_VERSION_MINOR  4
-#define LIBSSH_VERSION_MICRO  2
+#define LIBSSH_VERSION_MICRO  5
 
 #define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \
                                            LIBSSH_VERSION_MINOR, \
@@ -119,10 +119,16 @@ typedef struct ssh_string_struct* ssh_string;
 
 /* Socket type */
 #ifdef _WIN32
-#define socket_t SOCKET
-#else
+#ifndef socket_t
+typedef SOCKET socket_t;
+#endif /* socket_t */
+#else /* _WIN32 */
+#ifndef socket_t
 typedef int socket_t;
 #endif
+#endif /* _WIN32 */
+
+#define SSH_INVALID_SOCKET ((socket_t) -1)
 
 /* the offsets of methods */
 enum ssh_kex_types_e {
@@ -231,7 +237,7 @@ enum {
 	/** Only rare and noteworthy events
 	 */
 	SSH_LOG_RARE,
-	/** High level protocol informations
+	/** High level protocol information
 	 */
 	SSH_LOG_PROTOCOL,
 	/** Lower level protocol infomations, packet level
@@ -264,7 +270,9 @@ enum ssh_options_e {
   SSH_OPTIONS_CIPHERS_C_S,
   SSH_OPTIONS_CIPHERS_S_C,
   SSH_OPTIONS_COMPRESSION_C_S,
-  SSH_OPTIONS_COMPRESSION_S_C
+  SSH_OPTIONS_COMPRESSION_S_C,
+  SSH_OPTIONS_PROXYCOMMAND,
+  SSH_OPTIONS_BINDADDR
 };
 
 enum {
@@ -388,6 +396,9 @@ LIBSSH_API int ssh_pcap_file_close(ssh_pcap_file pcap);
 LIBSSH_API void ssh_pcap_file_free(ssh_pcap_file pcap);
 LIBSSH_API ssh_pcap_file ssh_pcap_file_new(void);
 LIBSSH_API int ssh_pcap_file_open(ssh_pcap_file pcap, const char *filename);
+
+LIBSSH_API int ssh_privatekey_type(ssh_private_key privatekey);
+
 LIBSSH_API void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len);
 LIBSSH_API int ssh_scp_accept_request(ssh_scp scp);
 LIBSSH_API int ssh_scp_close(ssh_scp scp);

include/libssh/misc.h

@@ -28,6 +28,9 @@ char *ssh_get_user_home_dir(void);
 char *ssh_get_local_username(ssh_session session);
 int ssh_file_readaccess_ok(const char *file);
 
+char *ssh_path_expand_tilde(const char *d);
+char *ssh_path_expand_escape(ssh_session session, const char *s);
+
 /* macro for byte ordering */
 uint64_t ntohll(uint64_t);
 #define htonll(x) ntohll(x)
@@ -50,6 +53,7 @@ struct ssh_iterator *ssh_list_get_iterator(const struct ssh_list *list);
 int ssh_list_append(struct ssh_list *list, const void *data);
 int ssh_list_prepend(struct ssh_list *list, const void *data);
 void ssh_list_remove(struct ssh_list *list, struct ssh_iterator *iterator);
+char *ssh_hostport(const char *host, int port);
 
 const void *_ssh_list_pop_head(struct ssh_list *list);
 

include/libssh/poll.h

@@ -38,9 +38,48 @@ typedef struct ssh_pollfd_struct {
   short revents;    /* returned events */
 } ssh_pollfd_t;
 
+typedef unsigned long int nfds_t;
+
+#ifdef _WIN32
+
+#ifndef POLLRDNORM
+#define POLLRDNORM  0x0100
+#endif
+#ifndef POLLRDBAND
+#define POLLRDBAND  0x0200
+#endif
+#ifndef POLLIN
+#define POLLIN      (POLLRDNORM | POLLRDBAND)
+#endif
+#ifndef POLLPRI
+#define POLLPRI     0x0400
+#endif
+
+#ifndef POLLWRNORM
+#define POLLWRNORM  0x0010
+#endif
+#ifndef POLLOUT
+#define POLLOUT     (POLLWRNORM)
+#endif
+#ifndef POLLWRBAND
+#define POLLWRBAND  0x0020
+#endif
+
+#ifndef POLLERR
+#define POLLERR     0x0001
+#endif
+#ifndef POLLHUP
+#define POLLHUP     0x0002
+#endif
+#ifndef POLLNVAL
+#define POLLNVAL    0x0004
+#endif
+
+#else /* _WIN32 */
+
 /* poll.c */
 #ifndef POLLIN
-# define POLLIN    0x001  /* There is data to read.  */
+#define POLLIN    0x001  /* There is data to read.  */
 #endif
 #ifndef POLLPRI
 #define POLLPRI   0x002  /* There is urgent data to read.  */
@@ -59,9 +98,23 @@ typedef struct ssh_pollfd_struct {
 #define POLLNVAL  0x020  /* Invalid polling request.  */
 #endif
 
-typedef unsigned long int nfds_t;
+#ifndef POLLRDNORM
+#define POLLRDNORM  0x040 /* mapped to read fds_set */
+#endif
+#ifndef POLLRDBAND
+#define POLLRDBAND  0x080 /* mapped to exception fds_set */
+#endif
+#ifndef POLLWRNORM
+#define POLLWRNORM  0x100 /* mapped to write fds_set */
+#endif
+#ifndef POLLWRBAND
+#define POLLWRBAND  0x200 /* mapped to write fds_set */
+#endif
+
+#endif /* WIN32 */
 #endif /* HAVE_POLL */
 
+void ssh_poll_init(void);
 int ssh_poll(ssh_pollfd_t *fds, nfds_t nfds, int timeout);
 typedef struct ssh_poll_ctx_struct *ssh_poll_ctx;
 typedef struct ssh_poll_handle_struct *ssh_poll_handle;
@@ -77,7 +130,7 @@ typedef struct ssh_poll_handle_struct *ssh_poll_handle;
  * @return              0 on success, < 0 if you removed the poll object from
  *                      it's poll context.
  */
-typedef int (*ssh_poll_callback)(ssh_poll_handle p, int fd, int revents,
+typedef int (*ssh_poll_callback)(ssh_poll_handle p, socket_t fd, int revents,
     void *userdata);
 
 

include/libssh/priv.h

@@ -33,17 +33,56 @@
 #include "config.h"
 
 #ifdef _MSC_VER
-#define snprintf _snprintf
+
 /** Imitate define of inttypes.h */
 #define PRIdS "Id"
+
 #define strcasecmp _stricmp
 #define strncasecmp _strnicmp
 #define strtoull _strtoui64
 #define isblank(ch) ((ch) == ' ' || (ch) == '\t' || (ch) == '\n' || (ch) == '\r')
+
+#if _MSC_VER >= 1400
+#define strdup _strdup
+#endif
+#define usleep(X) Sleep(((X)+1000)/1000)
+
+#undef strtok_r
+#define strtok_r strtok_s
+
+#ifndef HAVE_SNPRINTF
+#ifdef HAVE__SNPRINTF_S
+#define snprintf(d, n, ...) _snprintf_s((d), (n), _TRUNCATE, __VA_ARGS__)
 #else
+#ifdef HAVE__SNPRINTF
+#define snprintf _snprintf
+#else 
+#error "no snprintf compatible function found"
+#endif /* HAVE__SNPRINTF */
+#endif /* HAVE__SNPRINTF_S */
+#endif /* HAVE_SNPRINTF */
+
+#ifndef HAVE_VSNPRINTF
+#ifdef HAVE__VSNPRINTF_S
+#define vsnprintf(s, n, f, v) _vsnprintf_s((s), (n), _TRUNCATE, (f), (v))
+#else
+#ifdef HAVE__VSNPRINTF
+#define vsnprintf _vsnprintf
+#else /* HAVE_VSNPRINTF */
+#error "No vsnprintf compatible function found"
+#endif /* HAVE__VSNPRINTF */
+#endif /* HAVE__VSNPRINTF_S */
+#endif /* HAVE_VSNPRINTF */
+
+#ifndef HAVE_STRNCPY
+#define strncpy(d, s, n) strncpy_s((d), (n), (s), _TRUNCATE)
+#endif
+#else /* _MSC_VER */
+
 #include <unistd.h>
 #define PRIdS "zd"
-#endif
+
+#endif /* _MSC_VER */
 
 #include "libssh/libssh.h"
 #include "libssh/callbacks.h"
@@ -222,8 +261,8 @@ int gettimeofday(struct timeval *__p, void *__t);
 
 /* options.c  */
 
-char *dir_expand_dup(ssh_session session, const char *value, int allowsshdir);
 int ssh_options_set_algo(ssh_session session, int algo, const char *list);
+int ssh_options_apply(ssh_session session);
 
 /** Free memory space */
 #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); x=NULL;} } while(0)

include/libssh/server.h

@@ -61,9 +61,13 @@ LIBSSH_API ssh_bind ssh_bind_new(void);
 /**
  * @brief Set the opitons for the current SSH server bind.
  *
- * @param  ssh_bind     The ssh server bind to use.
+ * @param  sshbind     The ssh server bind to use.
  *
- * @param  options      The option structure to set.
+ * @param  type        The option type to set.
+ *
+ * @param  value       The option value to set.
+ *
+ * @return 0 on success, < 0 on error.
  */
 LIBSSH_API int ssh_bind_options_set(ssh_bind sshbind,
     enum ssh_bind_options_e type, const void *value);

include/libssh/session.h

@@ -102,7 +102,7 @@ struct ssh_session_struct {
 #endif
     char *username;
     char *host;
-    char *bindaddr; /* TODO: check if needed */
+    char *bindaddr; /* bind the client to an ip addr */
     char *xbanner; /* TODO: looks like it is not needed */
     struct ssh_list *identity;
     char *sshdir;
@@ -114,8 +114,9 @@ struct ssh_session_struct {
     socket_t fd;
     int ssh2;
     int ssh1;
+    char *ProxyCommand;
 };
 
 int ssh_handle_packets(ssh_session session);
-
+void ssh_global_request_handle(ssh_session session);
 #endif /* SESSION_H_ */

include/libssh/socket.h

@@ -38,7 +38,7 @@ int ssh_socket_read(struct socket *s, void *buffer, int len);
 int ssh_socket_write(struct socket *s,const void *buffer, int len);
 int ssh_socket_is_open(struct socket *s);
 int ssh_socket_fd_isset(struct socket *s, fd_set *set);
-void ssh_socket_fd_set(struct socket *s, fd_set *set, int *fd_max);
+void ssh_socket_fd_set(struct socket *s, fd_set *set, socket_t *max_fd);
 int ssh_socket_completeread(struct socket *s, void *buffer, uint32_t len);
 int ssh_socket_completewrite(struct socket *s, const void *buffer, uint32_t len);
 int ssh_socket_wait_for_data(struct socket *s, ssh_session session, uint32_t len);
@@ -52,4 +52,10 @@ int ssh_socket_get_status(struct socket *s);
 int ssh_socket_data_available(struct socket *s);
 int ssh_socket_data_writable(struct socket *s);
 
+#ifndef _WIN32
+void ssh_execute_command(const char *command, socket_t in, socket_t out);
+socket_t ssh_socket_connect_proxycommand(ssh_session session,
+    const char *command);
+#endif
+
 #endif /* SOCKET_H_ */

include/libssh/wrapper.h

@@ -70,6 +70,11 @@ typedef HMAC_CTX* HMACCTX;
 #define MD5_DIGEST_LEN MD5_DIGEST_LENGTH
 
 #include <openssl/bn.h>
+#include <openssl/opensslv.h>
+#define OPENSSL_0_9_7b 0x0090702fL
+#if (OPENSSL_VERSION_NUMBER <= OPENSSL_0_9_7b)
+#define BROKEN_AES_CTR
+#endif
 typedef BIGNUM*  bignum;
 typedef BN_CTX* bignum_CTX;
 

libssh/CMakeLists.txt

@@ -43,7 +43,7 @@ if (HAVE_LIBSOCKET)
   )
 endif (HAVE_LIBSOCKET)
 
-if (CRYPTO_LIBRARY)
+if (OPENSSL_LIBRARIES)
   set(LIBSSH_PRIVATE_INCLUDE_DIRS
     ${LIBSSH_PRIVATE_INCLUDE_DIRS}
     ${OPENSSL_INCLUDE_DIRS}
@@ -51,9 +51,9 @@ if (CRYPTO_LIBRARY)
 
   set(LIBSSH_LINK_LIBRARIES
     ${LIBSSH_LINK_LIBRARIES}
-    ${CRYPTO_LIBRARY}
+    ${OPENSSL_LIBRARIES}
   )
-endif (CRYPTO_LIBRARY)
+endif (OPENSSL_LIBRARIES)
 
 if (GCRYPT_LIBRARY)
   set(LIBSSH_PRIVATE_INCLUDE_DIRS

libssh/agent.c

@@ -41,7 +41,6 @@
 #include <string.h>
 #include <stdio.h>
 
-#include <poll.h>
 #include <unistd.h>
 
 #ifndef _WIN32
@@ -54,6 +53,7 @@
 #include "libssh/buffer.h"
 #include "libssh/session.h"
 #include "libssh/keys.h"
+#include "libssh/poll.h"
 
 /* macro to check for "agent failure" message */
 #define agent_failed(x) \
@@ -85,8 +85,8 @@ static size_t atomicio(struct socket *s, void *buf, size_t n, int do_read) {
   char *b = buf;
   size_t pos = 0;
   ssize_t res;
-  struct pollfd pfd;
-  int fd = ssh_socket_get_fd(s);
+  ssh_pollfd_t pfd;
+  socket_t fd = ssh_socket_get_fd(s);
 
   pfd.fd = fd;
   pfd.events = do_read ? POLLIN : POLLOUT;
@@ -107,7 +107,7 @@ static size_t atomicio(struct socket *s, void *buf, size_t n, int do_read) {
 #else
         if (errno == EAGAIN) {
 #endif
-          (void) poll(&pfd, 1, -1);
+          (void) ssh_poll(&pfd, 1, -1);
           continue;
         }
         return 0;

libssh/auth.c

@@ -225,7 +225,7 @@ int ssh_userauth_none(ssh_session session, const char *username) {
 
   if (username == NULL) {
     if (session->username == NULL) {
-      if (ssh_options_set(session, SSH_OPTIONS_USER, NULL) < 0) {
+      if (ssh_options_apply(session) < 0) {
         leave_function();
         return rc;
       }
@@ -331,7 +331,7 @@ int ssh_userauth_offer_pubkey(ssh_session session, const char *username,
 
   if (username == NULL) {
     if (session->username == NULL) {
-      if (ssh_options_set(session, SSH_OPTIONS_USER, NULL) < 0) {
+      if (ssh_options_apply(session) < 0) {
         leave_function();
         return rc;
       }
@@ -443,7 +443,7 @@ int ssh_userauth_pubkey(ssh_session session, const char *username,
 
   if (username == NULL) {
     if (session->username == NULL) {
-      if (ssh_options_set(session, SSH_OPTIONS_USER, NULL) < 0) {
+      if (ssh_options_apply(session) < 0) {
         leave_function();
         return rc;
       }
@@ -561,7 +561,7 @@ int ssh_userauth_agent_pubkey(ssh_session session, const char *username,
 
   if (username == NULL) {
     if (session->username == NULL) {
-      if (ssh_options_set(session, SSH_OPTIONS_USER, NULL) < 0) {
+      if (ssh_options_apply(session) < 0) {
         leave_function();
         return rc;
       }
@@ -688,7 +688,7 @@ int ssh_userauth_password(ssh_session session, const char *username,
 
   if (username == NULL) {
     if (session->username == NULL) {
-      if (ssh_options_set(session, SSH_OPTIONS_USER, NULL) < 0) {
+      if (ssh_options_apply(session) < 0) {
         leave_function();
         return rc;
       }
@@ -777,7 +777,6 @@ error:
  *
  * @see ssh_userauth_kbdint()
  * @see ssh_userauth_password()
- * @see ssh_options_set()
  */
 int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
   struct ssh_iterator *it;
@@ -860,16 +859,14 @@ int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
   } /* if agent is running */
 #endif
 
+
   for (it = ssh_list_get_iterator(session->identity);
        it != NULL;
        it = it->next) {
-    char *privkey_file = NULL;
+    const char *privkey_file = it->data;
     int privkey_open = 0;
 
-    privkey_file = dir_expand_dup(session, it->data, 1);
-    if (privkey_file == NULL) {
-      continue;
-    }
+    privkey = NULL;
 
     ssh_log(session, SSH_LOG_PROTOCOL, "Trying to read privatekey %s", privkey_file);
 
@@ -883,7 +880,6 @@ int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
         ssh_log(session, SSH_LOG_RARE,
           "Reading private key %s failed (bad passphrase ?)",
           privkey_file);
-        SAFE_FREE(privkey_file);
         leave_function();
         return SSH_AUTH_ERROR;
       }
@@ -891,7 +887,6 @@ int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
 
       pubkey = publickey_from_privatekey(privkey);
       if (pubkey == NULL) {
-        SAFE_FREE(privkey_file);
         privatekey_free(privkey);
         ssh_set_error_oom(session);
         leave_function();
@@ -902,7 +897,6 @@ int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
       type = pubkey->type;
       publickey_free(pubkey);
       if (pubkey_string == NULL) {
-        SAFE_FREE(privkey_file);
         ssh_set_error_oom(session);
         leave_function();
         return SSH_AUTH_ERROR;
@@ -911,7 +905,6 @@ int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
       len = strlen(privkey_file) + 5;
       publickey_file = malloc(len);
       if (publickey_file == NULL) {
-        SAFE_FREE(privkey_file);
         ssh_set_error_oom(session);
         leave_function();
         return SSH_AUTH_ERROR;
@@ -924,13 +917,11 @@ int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
       }
       SAFE_FREE(publickey_file);
     } else if (rc < 0) {
-      SAFE_FREE(privkey_file);
       continue;
     }
 
     rc = ssh_userauth_offer_pubkey(session, NULL, type, pubkey_string);
     if (rc == SSH_AUTH_ERROR){
-      SAFE_FREE(privkey_file);
       string_free(pubkey_string);
       ssh_log(session, SSH_LOG_RARE, "Publickey authentication error");
       leave_function();
@@ -938,7 +929,6 @@ int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
     } else {
       if (rc != SSH_AUTH_SUCCESS){
         ssh_log(session, SSH_LOG_PROTOCOL, "Publickey refused by server");
-        SAFE_FREE(privkey_file);
         string_free(pubkey_string);
         continue;
       }
@@ -953,7 +943,6 @@ int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
         ssh_log(session, SSH_LOG_RARE,
             "Reading private key %s failed (bad passphrase ?)",
             privkey_file);
-        SAFE_FREE(privkey_file);
         string_free(pubkey_string);
         continue; /* continue the loop with other pubkey */
       }
@@ -961,7 +950,6 @@ int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
 
     rc = ssh_userauth_pubkey(session, NULL, pubkey_string, privkey);
     if (rc == SSH_AUTH_ERROR) {
-      SAFE_FREE(privkey_file);
       string_free(pubkey_string);
       privatekey_free(privkey);
       leave_function();
@@ -970,7 +958,6 @@ int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
       if (rc != SSH_AUTH_SUCCESS){
         ssh_log(session, SSH_LOG_FUNCTIONS,
             "The server accepted the public key but refused the signature");
-        SAFE_FREE(privkey_file);
         string_free(pubkey_string);
         privatekey_free(privkey);
         continue;
@@ -980,7 +967,6 @@ int ssh_userauth_autopubkey(ssh_session session, const char *passphrase) {
     /* auth success */
     ssh_log(session, SSH_LOG_PROTOCOL,
         "Successfully authenticated using %s", privkey_file);
-    SAFE_FREE(privkey_file);
     string_free(pubkey_string);
     privatekey_free(privkey);
 
@@ -1349,7 +1335,7 @@ int ssh_userauth_kbdint(ssh_session session, const char *user,
     /* first time we call. we must ask for a challenge */
     if (user == NULL) {
       if ((user = session->username) == NULL) {
-        if (ssh_options_set(session, SSH_OPTIONS_USER, NULL) < 0) {
+        if (ssh_options_apply(session) < 0) {
           leave_function();
           return SSH_AUTH_ERROR;
         } else {
@@ -1381,7 +1367,7 @@ int ssh_userauth_kbdint(ssh_session session, const char *user,
 
   /*
    * If we are at this point, it ss because session->kbdint exists.
-   * It means the user has set some informations there we need to send
+   * It means the user has set some information there we need to send
    * the server and then we need to ack the status (new questions or ok
    * pass in).
    */

libssh/channels.c

@@ -575,7 +575,7 @@ static void channel_rcv_request(ssh_session session) {
 
 /*
  * channel_handle() is called by packet_wait(), for example when there is
- * channel informations to handle.
+ * channel information to handle.
  */
 void channel_handle(ssh_session session, int type){
   enter_function();
@@ -1818,7 +1818,7 @@ int channel_read_buffer(ssh_channel channel, ssh_buffer buffer, uint32_t count,
   }
 
   if (count == 0) {
-    /* write the ful buffer informations */
+    /* write the ful buffer information */
     if (buffer_add_data(buffer, buffer_get_rest(stdbuf),
           buffer_get_rest_len(stdbuf)) < 0) {
       leave_function();
@@ -2007,9 +2007,10 @@ int channel_poll(ssh_channel channel, int is_stderr){
     stdbuf = channel->stderr_buffer;
   }
 
-  while (buffer_get_rest_len(stdbuf) == 0 && channel->remote_eof == 0) {
-    if (ssh_handle_packets(channel->session) <= 0) {
-      break;
+  if (buffer_get_rest_len(stdbuf) == 0 && channel->remote_eof == 0) {
+    if (ssh_handle_packets(channel->session) == SSH_ERROR) {
+      leave_function();
+      return SSH_ERROR;
     }
   }
 
@@ -2159,7 +2160,7 @@ int channel_select(ssh_channel *readchans, ssh_channel *writechans,
   fd_set rset;
   fd_set wset;
   fd_set eset;
-  int fdmax = -1;
+  socket_t max_fd = SSH_INVALID_SOCKET;
   int rc;
   int i;
 
@@ -2227,24 +2228,24 @@ int channel_select(ssh_channel *readchans, ssh_channel *writechans,
 
     for (i = 0; readchans[i] != NULL; i++) {
       if (!ssh_socket_fd_isset(readchans[i]->session->socket, &rset)) {
-        ssh_socket_fd_set(readchans[i]->session->socket, &rset, &fdmax);
+        ssh_socket_fd_set(readchans[i]->session->socket, &rset, &max_fd);
       }
     }
 
     for (i = 0; writechans[i] != NULL; i++) {
       if (!ssh_socket_fd_isset(writechans[i]->session->socket, &wset)) {
-        ssh_socket_fd_set(writechans[i]->session->socket, &wset, &fdmax);
+        ssh_socket_fd_set(writechans[i]->session->socket, &wset, &max_fd);
       }
     }
 
     for (i = 0; exceptchans[i] != NULL; i++) {
       if (!ssh_socket_fd_isset(exceptchans[i]->session->socket, &eset)) {
-        ssh_socket_fd_set(exceptchans[i]->session->socket, &eset, &fdmax);
+        ssh_socket_fd_set(exceptchans[i]->session->socket, &eset, &max_fd);
       }
     }
 
     /* Here we go */
-    rc = select(fdmax, &rset, &wset, &eset, timeout);
+    rc = select(max_fd, &rset, &wset, &eset, timeout);
     /* Leave if select was interrupted */
     if (rc == EINTR) {
       SAFE_FREE(rchans);

libssh/channels1.c

@@ -26,6 +26,9 @@
 #include <stdlib.h>
 #include <unistd.h>
 #include <stdio.h>
+#ifndef _WIN32
+#include <arpa/inet.h>
+#endif
 #include "libssh/priv.h"
 #include "libssh/ssh1.h"
 #include "libssh/buffer.h"

libssh/client.c

@@ -296,6 +296,7 @@ static int dh_handshake(ssh_session session) {
         goto error;
       }
       session->dh_server_signature = signature;
+      signature=NULL; /* ownership changed */
       if (dh_build_k(session) < 0) {
         ssh_set_error(session, SSH_FATAL, "Cannot build k number");
         rc = SSH_ERROR;
@@ -400,10 +401,6 @@ error:
     string_burn(f);
     string_free(f);
   }
-  if(pubkey != NULL){
-    string_burn(pubkey);
-    string_free(pubkey);
-  }
   if(signature != NULL){
     string_burn(signature);
     string_free(signature);
@@ -484,7 +481,8 @@ int ssh_service_request(ssh_session session, const char *service) {
 int ssh_connect(ssh_session session) {
   int ssh1 = 0;
   int ssh2 = 0;
-  int fd = -1;
+  socket_t fd = SSH_INVALID_SOCKET;
+  int ret;
 
   if (session == NULL) {
     ssh_set_error(session, SSH_FATAL, "Invalid session pointer");
@@ -500,18 +498,31 @@ int ssh_connect(ssh_session session) {
     leave_function();
     return SSH_ERROR;
   }
-  if (session->fd == -1 && session->host == NULL) {
+  if (session->fd == SSH_INVALID_SOCKET && session->host == NULL &&
+      session->ProxyCommand == NULL) {
     ssh_set_error(session, SSH_FATAL, "Hostname required");
     leave_function();
     return SSH_ERROR;
   }
-  if (session->fd != -1) {
+
+  ret = ssh_options_apply(session);
+  if (ret < 0) {
+      ssh_set_error(session, SSH_FATAL, "Couldn't apply options");
+      leave_function();
+      return SSH_ERROR;
+  }
+
+  if (session->fd != SSH_INVALID_SOCKET) {
     fd = session->fd;
+#ifndef _WIN32
+  } else if (session->ProxyCommand != NULL) {
+    fd=ssh_socket_connect_proxycommand(session, session->ProxyCommand);
+#endif
   } else {
     fd = ssh_connect_host(session, session->host, session->bindaddr,
         session->port, session->timeout, session->timeout_usec);
   }
-  if (fd < 0) {
+  if (fd == SSH_INVALID_SOCKET) {
     leave_function();
     return SSH_ERROR;
   }
@@ -699,7 +710,7 @@ error:
 const char *ssh_copyright(void) {
     return SSH_STRINGIFY(LIBSSH_VERSION) " (c) 2003-2008 Aris Adamantiadis "
     "(aris@0xbadc0de.be) Distributed under the LGPL, please refer to COPYING"
-    "file for informations about your rights";
+    "file for information about your rights";
 }
 /** @} */
 /* vim: set ts=2 sw=2 et cindent: */

libssh/config.c

@@ -38,7 +38,8 @@ enum ssh_config_opcode_e {
   SOC_CIPHERS,
   SOC_COMPRESSION,
   SOC_TIMEOUT,
-  SOC_PROTOCOL
+  SOC_PROTOCOL,
+  SOC_PROXYCOMMAND
 };
 
 struct ssh_config_keyword_table_s {
@@ -56,6 +57,7 @@ static struct ssh_config_keyword_table_s ssh_config_keyword_table[] = {
   { "compression", SOC_COMPRESSION },
   { "connecttimeout", SOC_TIMEOUT },
   { "protocol", SOC_PROTOCOL },
+  { "proxycommand", SOC_PROXYCOMMAND },
   { NULL, SOC_UNSUPPORTED }
 };
 
@@ -197,21 +199,25 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
       }
       break;
     case SOC_PORT:
-      p = ssh_config_get_str(&s, NULL);
-      if (p && *parsing) {
-        ssh_options_set(session, SSH_OPTIONS_PORT_STR, p);
+      if (session->port == 22) {
+          p = ssh_config_get_str(&s, NULL);
+          if (p && *parsing) {
+              ssh_options_set(session, SSH_OPTIONS_PORT_STR, p);
+          }
       }
       break;
     case SOC_USERNAME:
-      p = ssh_config_get_str(&s, NULL);
-      if (p && *parsing) {
-        ssh_options_set(session, SSH_OPTIONS_USER, p);
+      if (session->username == NULL) {
+          p = ssh_config_get_str(&s, NULL);
+          if (p && *parsing) {
+            ssh_options_set(session, SSH_OPTIONS_USER, p);
+         }
       }
       break;
     case SOC_IDENTITY:
       p = ssh_config_get_str(&s, NULL);
       if (p && *parsing) {
-        ssh_options_set(session, SSH_OPTIONS_IDENTITY, p);
+        ssh_options_set(session, SSH_OPTIONS_ADD_IDENTITY, p);
       }
       break;
     case SOC_CIPHERS:
@@ -270,11 +276,19 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
         ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &i);
       }
       break;
+    case SOC_PROXYCOMMAND:
+      p = ssh_config_get_str(&s, NULL);
+      if (p && *parsing) {
+        ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, p);
+      }
+      break;
     case SOC_UNSUPPORTED:
-      fprintf(stderr, "Unsupported option: %s, line: %d\n", keyword, count);
+      ssh_log(session, SSH_LOG_RARE, "Unsupported option: %s, line: %d\n",
+              keyword, count);
       break;
     default:
-      fprintf(stderr, "ERROR - unimplemented opcode: %d\n", opcode);
+      ssh_set_error(session, SSH_FATAL, "ERROR - unimplemented opcode: %d\n",
+              opcode);
       SAFE_FREE(x);
       return -1;
       break;

libssh/connect.c

@@ -390,6 +390,7 @@ int ssh_select(ssh_channel *channels, ssh_channel *outchannels, socket_t maxfd,
     fd_set *readfds, struct timeval *timeout) {
   struct timeval zerotime;
   fd_set localset, localset2;
+  socket_t f;
   int rep;
   int set;
   int i;
@@ -430,8 +431,8 @@ int ssh_select(ssh_channel *channels, ssh_channel *outchannels, socket_t maxfd,
 
   /* Look into the localset for active fd */
   set = 0;
-  for (i = 0; (i < maxfd) && !set; i++) {
-    if (FD_ISSET(i, &localset)) {
+  for (f = 0; (f < maxfd) && !set; f++) {
+    if (FD_ISSET(f, &localset)) {
       set = 1;
     }
   }
@@ -493,9 +494,9 @@ int ssh_select(ssh_channel *channels, ssh_channel *outchannels, socket_t maxfd,
   outchannels[j] = NULL;
 
   FD_ZERO(&localset2);
-  for (i = 0; i < maxfd; i++) {
-    if (FD_ISSET(i, readfds) && FD_ISSET(i, &localset)) {
-      FD_SET(i, &localset2);
+  for (f = 0; f < maxfd; f++) {
+    if (FD_ISSET(f, readfds) && FD_ISSET(i, &localset)) {
+      FD_SET(f, &localset2);
     }
   }
 

libssh/kex.c

@@ -40,6 +40,7 @@
 #include "libssh/wrapper.h"
 #include "libssh/keys.h"
 #include "libssh/dh.h"
+#include "libssh/string.h"
 
 #ifdef HAVE_LIBGCRYPT
 #define BLOWFISH "blowfish-cbc,"
@@ -52,10 +53,15 @@
 #define BLOWFISH ""
 #endif
 #ifdef HAVE_OPENSSL_AES_H
+#ifdef BROKEN_AES_CTR
+#define AES "aes256-cbc,aes192-cbc,aes128-cbc,"
+#else
 #define AES "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,"
+#endif /* BROKEN_AES_CTR */
 #else
 #define AES ""
 #endif
+
 #define DES "3des-cbc"
 #endif
 
@@ -194,48 +200,48 @@ char **space_tokenize(const char *chain){
     return tokens;
 }
 
-/* find_matching gets 2 parameters : a list of available objects (in_d), separated by colons,*/
-/* and a list of prefered objects (what_d) */
+/* find_matching gets 2 parameters : a list of available objects (available_d), separated by colons,*/
+/* and a list of preferred objects (preferred_d) */
 /* it will return a strduped pointer on the first prefered object found in the available objects list */
 
-char *ssh_find_matching(const char *in_d, const char *what_d){
-    char ** tok_in, **tok_what;
-    int i_in, i_what;
+char *ssh_find_matching(const char *available_d, const char *preferred_d){
+    char ** tok_available, **tok_preferred;
+    int i_avail, i_pref;
     char *ret;
 
-    if ((in_d == NULL) || (what_d == NULL)) {
+    if ((available_d == NULL) || (preferred_d == NULL)) {
       return NULL; /* don't deal with null args */
     }
 
-    tok_in = tokenize(in_d);
-    if (tok_in == NULL) {
+    tok_available = tokenize(available_d);
+    if (tok_available == NULL) {
       return NULL;
     }
 
-    tok_what = tokenize(what_d);
-    if (tok_what == NULL) {
-      SAFE_FREE(tok_in[0]);
-      SAFE_FREE(tok_in);
+    tok_preferred = tokenize(preferred_d);
+    if (tok_preferred == NULL) {
+      SAFE_FREE(tok_available[0]);
+      SAFE_FREE(tok_available);
     }
 
-    for(i_what=0; tok_what[i_what] ; ++i_what){
-      for(i_in=0; tok_in[i_in]; ++i_in){
-        if(!strcmp(tok_in[i_in],tok_what[i_what])){
+    for(i_pref=0; tok_preferred[i_pref] ; ++i_pref){
+      for(i_avail=0; tok_available[i_avail]; ++i_avail){
+        if(!strcmp(tok_available[i_avail],tok_preferred[i_pref])){
           /* match */
-          ret=strdup(tok_in[i_in]);
+          ret=strdup(tok_available[i_avail]);
           /* free the tokens */
-          free(tok_in[0]);
-          free(tok_what[0]);
-          free(tok_in);
-          free(tok_what);
+          free(tok_available[0]);
+          free(tok_preferred[0]);
+          free(tok_available);
+          free(tok_preferred);
           return ret;
         }
       }
     }
-    free(tok_in[0]);
-    free(tok_what[0]);
-    free(tok_in);
-    free(tok_what);
+    free(tok_available[0]);
+    free(tok_preferred[0]);
+    free(tok_available);
+    free(tok_preferred);
     return NULL;
 }
 
@@ -487,8 +493,8 @@ static int build_session_id1(ssh_session session, ssh_string servern,
   }
 
 #ifdef DEBUG_CRYPTO
-  ssh_print_hexa("host modulus",hostn->string,string_len(hostn));
-  ssh_print_hexa("server modulus",servern->string,string_len(servern));
+  ssh_print_hexa("host modulus",string_data(hostn),string_len(hostn));
+  ssh_print_hexa("server modulus",string_data(servern),string_len(servern));
 #endif
   md5_update(md5,string_data(hostn),string_len(hostn));
   md5_update(md5,string_data(servern),string_len(servern));

libssh/keyfiles.c

@@ -677,7 +677,7 @@ ssh_private_key privatekey_from_file(ssh_session session, const char *filename,
   switch (type) {
     case TYPE_DSS:
       if (passphrase == NULL) {
-        if (session->callbacks->auth_function) {
+        if (session->callbacks && session->callbacks->auth_function) {
           auth_cb = session->callbacks->auth_function;
           auth_ud = session->callbacks->userdata;
 
@@ -780,6 +780,20 @@ ssh_private_key privatekey_from_file(ssh_session session, const char *filename,
   return privkey;
 }
 
+/**
+ * @brief returns the type of a private key
+ * @param privatekey[in] the private key handle
+ * @returns one of TYPE_RSA,TYPE_DSS,TYPE_RSA1
+ * @returns 0 if the type is unknown
+ * @see privatekey_from_file
+ * @see ssh_userauth_offer_pubkey
+ */
+int ssh_privatekey_type(ssh_private_key privatekey){
+  if (privatekey==NULL)
+    return 0;
+  return privatekey->type;
+}
+
 /* same that privatekey_from_file() but without any passphrase things. */
 ssh_private_key _privatekey_from_file(void *session, const char *filename,
     int type) {
@@ -1063,7 +1077,7 @@ int ssh_try_publickey_from_file(ssh_session session, const char *keyfile,
   }
 
   if (session->sshdir == NULL) {
-    if (ssh_options_set(session, SSH_OPTIONS_SSH_DIR, NULL) < 0) {
+    if (ssh_options_apply(session) < 0) {
       return -1;
     }
   }
@@ -1116,8 +1130,6 @@ int ssh_try_publickey_from_file(ssh_session session, const char *keyfile,
 
 ssh_string try_publickey_from_file(ssh_session session, struct ssh_keys_struct keytab,
     char **privkeyfile, int *type) {
-  char *public;
-  char *private;
   const char *priv;
   const char *pub;
   char *new;
@@ -1133,26 +1145,20 @@ ssh_string try_publickey_from_file(ssh_session session, struct ssh_keys_struct k
   }
 
   if (session->sshdir == NULL) {
-    if (ssh_options_set(session, SSH_OPTIONS_SSH_DIR, NULL) < 0) {
+    if (ssh_options_apply(session) < 0) {
       return NULL;
     }
   }
 
-  /* are them readable ? */
-  public=dir_expand_dup(session,pub,1);
-  private=dir_expand_dup(session,priv,1);
-  //snprintf(public, sizeof(public), "%s/%s", session->sshdir, pub);
-  //snprintf(private, sizeof(private), "%s/%s", session->sshdir, priv);
-
-  ssh_log(session, SSH_LOG_PACKET, "Trying to open publickey %s", public);
-  if (!ssh_file_readaccess_ok(public)) {
-    ssh_log(session, SSH_LOG_PACKET, "Failed to open publickey %s", public);
+  ssh_log(session, SSH_LOG_PACKET, "Trying to open publickey %s", pub);
+  if (!ssh_file_readaccess_ok(pub)) {
+    ssh_log(session, SSH_LOG_PACKET, "Failed to open publickey %s", pub);
     goto error;
   }
 
-  ssh_log(session, SSH_LOG_PACKET, "Trying to open privatekey %s", private);
-  if (!ssh_file_readaccess_ok(private)) {
-    ssh_log(session, SSH_LOG_PACKET, "Failed to open privatekey %s", private);
+  ssh_log(session, SSH_LOG_PACKET, "Trying to open privatekey %s", priv);
+  if (!ssh_file_readaccess_ok(priv)) {
+    ssh_log(session, SSH_LOG_PACKET, "Failed to open privatekey %s", priv);
     goto error;
   }
 
@@ -1162,26 +1168,24 @@ ssh_string try_publickey_from_file(ssh_session session, struct ssh_keys_struct k
    * We are sure both the private and public key file is readable. We return
    * the public as a string, and the private filename as an argument
    */
-  pubkey = publickey_from_file(session, public, type);
+  pubkey = publickey_from_file(session, pub, type);
   if (pubkey == NULL) {
     ssh_log(session, SSH_LOG_PACKET,
         "Wasn't able to open public key file %s: %s",
-        public,
+        pub,
         ssh_get_error(session));
     goto error;
   }
 
-  new = realloc(*privkeyfile, strlen(private) + 1);
+  new = realloc(*privkeyfile, strlen(priv) + 1);
   if (new == NULL) {
     string_free(pubkey);
     goto error;
   }
 
-  strcpy(new, private);
+  strcpy(new, priv);
   *privkeyfile = new;
 error:
-  SAFE_FREE(public);
-  SAFE_FREE(private);
   return pubkey;
 }
 
@@ -1546,7 +1550,6 @@ static int match_hashed_host(ssh_session session, const char *host,
  *                                   if host key is accepted\n
  *         SSH_SERVER_ERROR:         Some error happened
  *
- * \see ssh_options_set()
  * \see ssh_get_pubkey_hash()
  *
  * \bug There is no current way to remove or modify an entry into the known
@@ -1556,6 +1559,7 @@ int ssh_is_server_known(ssh_session session) {
   FILE *file = NULL;
   char **tokens;
   char *host;
+  char *hostport;
   const char *type;
   int match;
   int ret = SSH_SERVER_NOT_KNOWN;
@@ -1563,7 +1567,7 @@ int ssh_is_server_known(ssh_session session) {
   enter_function();
 
   if (session->knownhosts == NULL) {
-    if (ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, NULL) < 0) {
+    if (ssh_options_apply(session) < 0) {
       ssh_set_error(session, SSH_REQUEST_DENIED,
           "Can't find a known_hosts file");
       leave_function();
@@ -1579,8 +1583,11 @@ int ssh_is_server_known(ssh_session session) {
   }
 
   host = lowercase(session->host);
-  if (host == NULL) {
-    ssh_set_error(session, SSH_FATAL, "Not enough space!");
+  hostport = ssh_hostport(host,session->port);
+  if (host == NULL || hostport == NULL) {
+    ssh_set_error_oom(session);
+    SAFE_FREE(host);
+    SAFE_FREE(hostport);
     leave_function();
     return SSH_SERVER_ERROR;
   }
@@ -1594,10 +1601,15 @@ int ssh_is_server_known(ssh_session session) {
       break;
     }
     match = match_hashed_host(session, host, tokens[0]);
+    if (match == 0){
+    	match = match_hostname(hostport, tokens[0], strlen(tokens[0]));
+    }
     if (match == 0) {
       match = match_hostname(host, tokens[0], strlen(tokens[0]));
     }
-
+    if (match == 0) {
+      match = match_hashed_host(session, hostport, tokens[0]);
+    }
     if (match) {
       /* We got a match. Now check the key type */
       if (strcmp(session->current_crypto->server_pubkey_type, type) != 0) {
@@ -1628,6 +1640,7 @@ int ssh_is_server_known(ssh_session session) {
   } while (1);
 
   SAFE_FREE(host);
+  SAFE_FREE(hostport);
   if (file != NULL) {
     fclose(file);
   }
@@ -1637,10 +1650,15 @@ int ssh_is_server_known(ssh_session session) {
   return ret;
 }
 
-/** You generaly use it when ssh_is_server_known() answered SSH_SERVER_NOT_KNOWN
- * \brief write the current server as known in the known hosts file. This will create the known hosts file if it does not exist.
- * \param session ssh session
- * \return 0 on success, -1 on error
+/**
+ * @brief Write the current server as known in the known hosts file.
+ *
+ * This will create the known hosts file if it does not exist. You generaly use
+ * it when ssh_is_server_known() answered SSH_SERVER_NOT_KNOWN.
+ *
+ * @param[in]  session  The ssh session to use.
+ *
+ * @return              SSH_OK on success, SSH_ERROR on error.
  */
 int ssh_write_knownhost(ssh_session session) {
   ssh_string pubkey = session->current_crypto->server_pubkey;
@@ -1648,19 +1666,30 @@ int ssh_write_knownhost(ssh_session session) {
   char buffer[4096] = {0};
   FILE *file;
   char *dir;
+  char *host;
+  char *hostport;
   size_t len = 0;
 
-  if (session->knownhosts == NULL) {
-    if (ssh_options_set(session, SSH_OPTIONS_KNOWNHOSTS, NULL) < 0) {
-      ssh_set_error(session, SSH_FATAL, "Can't find a known_hosts file");
-      return -1;
-    }
-  }
-
   if (session->host == NULL) {
     ssh_set_error(session, SSH_FATAL,
-        "Cannot write host in known hosts if the hostname is unknown");
-    return -1;
+        "Can't write host in known hosts if the hostname isn't known");
+    return SSH_ERROR;
+  }
+
+  host = lowercase(session->host);
+  /* If using a nonstandard port, save the host in the [host]:port format */
+  if(session->port != 22){
+    hostport = ssh_hostport(host,session->port);
+    SAFE_FREE(host);
+    host=hostport;
+    hostport=NULL;
+  }
+
+  if (session->knownhosts == NULL) {
+    if (ssh_options_apply(session) < 0) {
+      ssh_set_error(session, SSH_FATAL, "Can't find a known_hosts file");
+      return -1;
+    }
   }
 
   /* Check if ~/.ssh exists and create it if not */
@@ -1684,6 +1713,7 @@ int ssh_write_knownhost(ssh_session session) {
     ssh_set_error(session, SSH_FATAL,
         "Couldn't open known_hosts file %s for appending: %s",
         session->knownhosts, strerror(errno));
+    SAFE_FREE(host);
     return -1;
   }
 
@@ -1703,6 +1733,7 @@ int ssh_write_knownhost(ssh_session session) {
     key = publickey_from_string(session, pubkey);
     if (key == NULL) {
       fclose(file);
+      SAFE_FREE(host);
       return -1;
     }
 
@@ -1711,6 +1742,7 @@ int ssh_write_knownhost(ssh_session session) {
     if (sexp == NULL) {
       publickey_free(key);
       fclose(file);
+      SAFE_FREE(host);
       return -1;
     }
     e = gcry_sexp_nth_mpi(sexp, 1, GCRYMPI_FMT_USG);
@@ -1718,6 +1750,7 @@ int ssh_write_knownhost(ssh_session session) {
     if (e == NULL) {
       publickey_free(key);
       fclose(file);
+      SAFE_FREE(host);
       return -1;
     }
 
@@ -1726,6 +1759,7 @@ int ssh_write_knownhost(ssh_session session) {
       publickey_free(key);
       bignum_free(e);
       fclose(file);
+      SAFE_FREE(host);
       return -1;
     }
     n = gcry_sexp_nth_mpi(sexp, 1, GCRYMPI_FMT_USG);
@@ -1734,6 +1768,7 @@ int ssh_write_knownhost(ssh_session session) {
       publickey_free(key);
       bignum_free(e);
       fclose(file);
+      SAFE_FREE(host);
       return -1;
     }
 
@@ -1758,12 +1793,13 @@ int ssh_write_knownhost(ssh_session session) {
 #endif
       publickey_free(key);
       fclose(file);
+      SAFE_FREE(host);
       return -1;
     }
 
     snprintf(buffer, sizeof(buffer),
         "%s %d %s %s\n",
-        session->host,
+        host,
         rsa_size << 3,
         e_string,
         n_string);
@@ -1783,18 +1819,19 @@ int ssh_write_knownhost(ssh_session session) {
     pubkey_64 = bin_to_base64(pubkey->string, string_len(pubkey));
     if (pubkey_64 == NULL) {
       fclose(file);
+      SAFE_FREE(host);
       return -1;
     }
 
     snprintf(buffer, sizeof(buffer),
         "%s %s %s\n",
-        session->host,
+        host,
         session->current_crypto->server_pubkey_type,
         pubkey_64);
 
     SAFE_FREE(pubkey_64);
   }
-
+  SAFE_FREE(host);
   len = strlen(buffer);
   if (fwrite(buffer, len, 1, file) != 1 || ferror(file)) {
     fclose(file);

libssh/keys.c

@@ -36,6 +36,7 @@
 #include "libssh/keys.h"
 #include "libssh/dh.h"
 #include "libssh/messages.h"
+#include "libssh/string.h"
 
 /** \addtogroup ssh_auth
  * @{
@@ -130,9 +131,9 @@ ssh_public_key publickey_make_dss(ssh_session session, ssh_buffer buffer) {
 #endif /* HAVE_LIBCRYPTO */
 
 #ifdef DEBUG_CRYPTO
-  ssh_print_hexa("p", p->string, string_len(p));
-  ssh_print_hexa("q", q->string, string_len(q));
-  ssh_print_hexa("g", g->string, string_len(g));
+  ssh_print_hexa("p", string_data(p), string_len(p));
+  ssh_print_hexa("q", string_data(q), string_len(q));
+  ssh_print_hexa("g", string_data(g), string_len(g));
 #endif
 
   string_burn(p);
@@ -206,8 +207,8 @@ ssh_public_key publickey_make_rsa(ssh_session session, ssh_buffer buffer,
 #endif
 
 #ifdef DEBUG_CRYPTO
-  ssh_print_hexa("e", e->string, string_len(e));
-  ssh_print_hexa("n", n->string, string_len(n));
+  ssh_print_hexa("e", string_data(e), string_len(e));
+  ssh_print_hexa("n", string_data(n), string_len(n));
 #endif
 
   string_burn(e);
@@ -974,8 +975,8 @@ SIGNATURE *signature_from_string(ssh_session session, ssh_string signature,
 #endif
 
 #ifdef DEBUG_CRYPTO
-      ssh_print_hexa("r", rs->string, 20);
-      ssh_print_hexa("s", rs->string + 20, 20);
+      ssh_print_hexa("r", string_data(rs), 20);
+      ssh_print_hexa("s", (const unsigned char *)string_data(rs) + 20, 20);
 #endif
       string_free(rs);
 
@@ -1024,7 +1025,7 @@ SIGNATURE *signature_from_string(ssh_session session, ssh_string signature,
 
 #ifdef DEBUG_CRYPTO
       ssh_log(session, SSH_LOG_FUNCTIONS, "len e: %d", len);
-      ssh_print_hexa("RSA signature", e->string, len);
+      ssh_print_hexa("RSA signature", string_data(e), len);
 #endif
 
 #ifdef HAVE_LIBGCRYPT

libssh/misc.c

@@ -35,6 +35,7 @@
 #ifdef _WIN32
 #define _WIN32_IE 0x0501 //SHGetSpecialFolderPath
 #include <winsock2.h> // Must be the first to include
+#include <ws2tcpip.h>
 #include <shlobj.h>
 #include <direct.h>
 #else
@@ -46,6 +47,7 @@
 
 #include "libssh/priv.h"
 #include "libssh/misc.h"
+#include "libssh/session.h"
 
 #ifdef HAVE_LIBGCRYPT
 #define GCRYPT_STRING "/gnutls"
@@ -145,6 +147,20 @@ int ssh_file_readaccess_ok(const char *file) {
 }
 #endif
 
+char *ssh_hostport(const char *host, int port){
+	char *dest;
+	size_t len;
+	if(host==NULL)
+		return NULL;
+	/* 3 for []:, 5 for 65536 and 1 for nul */
+	len=strlen(host) + 3 + 5 + 1;
+	dest=malloc(len);
+	if(dest==NULL)
+		return NULL;
+	snprintf(dest,len,"[%s]:%d",host,port);
+	return dest;
+}
+
 uint64_t ntohll(uint64_t a) {
 #ifdef WORDS_BIGENDIAN
   return a;
@@ -478,5 +494,155 @@ int ssh_mkdir(const char *pathname, mode_t mode) {
   return r;
 }
 
-/** @} */
-/* vim: set ts=2 sw=2 et cindent: */
+/**
+ * @brief Expand a directory starting with a tilde '~'
+ *
+ * @param[in]  session  The ssh session to use.
+ *
+ * @param[in]  d        The directory to expand.
+ *
+ * @return              The expanded directory, NULL on error.
+ */
+char *ssh_path_expand_tilde(const char *d) {
+    char *h, *r;
+    const char *p;
+    size_t ld;
+    size_t lh = 0;
+
+    if (d[0] != '~') {
+        return strdup(d);
+    }
+    d++;
+
+    /* handle ~user/path */
+    p = strchr(d, '/');
+    if (p != NULL && p > d) {
+#ifdef _WIN32
+        return strdup(d);
+#else
+        struct passwd *pw;
+        size_t s = p - d;
+        char u[128];
+
+        if (s > sizeof(u)) {
+            return NULL;
+        }
+        memcpy(u, d, s);
+        u[s] = '\0';
+        pw = getpwnam(u);
+        if (pw == NULL) {
+            return NULL;
+        }
+        ld = strlen(p);
+        h = strdup(pw->pw_dir);
+#endif
+    } else {
+        ld = strlen(d);
+        p = (char *) d;
+        h = ssh_get_user_home_dir();
+    }
+    if (h == NULL) {
+        return NULL;
+    }
+    lh = strlen(h);
+
+    r = malloc(ld + lh + 1);
+    if (r == NULL) {
+        return NULL;
+    }
+
+    if (lh > 0) {
+        memcpy(r, h, lh);
+    }
+    memcpy(r + lh, p, ld + 1);
+
+    return r;
+}
+
+char *ssh_path_expand_escape(ssh_session session, const char *s) {
+#define MAX_BUF_SIZE 4096
+    char host[NI_MAXHOST];
+    char buf[MAX_BUF_SIZE];
+    char *r, *x = NULL;
+    const char *p;
+    size_t i, l;
+
+    if (strlen(s) > MAX_BUF_SIZE) {
+        ssh_set_error(session, SSH_FATAL, "string to expand too long");
+        return NULL;
+    }
+
+    r = ssh_path_expand_tilde(s);
+    if (r == NULL) {
+        ssh_set_error_oom(session);
+        return NULL;
+    }
+
+    p = r;
+    buf[0] = '\0';
+
+    for (i = 0; *p != '\0'; p++) {
+        if (*p != '%') {
+            buf[i] = *p;
+            i++;
+            if (i > MAX_BUF_SIZE) {
+                return NULL;
+            }
+            buf[i] = '\0';
+            continue;
+        }
+
+        p++;
+        if (*p == '\0') {
+            break;
+        }
+
+        switch (*p) {
+            case 'd':
+                x = strdup(session->sshdir);
+                break;
+            case 'u':
+                x = ssh_get_local_username(session);
+                break;
+            case 'l':
+                if (gethostname(host, sizeof(host) == 0)) {
+                    x = strdup(host);
+                }
+                break;
+            case 'h':
+                x = strdup(session->host);
+                break;
+            case 'r':
+                x = strdup(session->username);
+                break;
+            default:
+                ssh_set_error(session, SSH_FATAL,
+                        "Wrong escape sequence detected");
+                return NULL;
+        }
+
+        if (x == NULL) {
+            ssh_set_error_oom(session);
+            return NULL;
+        }
+
+        i += strlen(x);
+        if (i > MAX_BUF_SIZE) {
+            ssh_set_error(session, SSH_FATAL,
+                    "String too long");
+            return NULL;
+        }
+        l = strlen(buf);
+        strcat(buf + l, x);
+        buf[i] = '\0';
+        SAFE_FREE(x);
+    }
+
+    free(r);
+    return strdup(buf);
+#undef MAX_BUF_SIZE
+}
+
+/* @} */
+
+/* vim: set ts=4 sw=4 et cindent: */

libssh/options.c

@@ -162,58 +162,6 @@ int ssh_options_set_algo(ssh_session session, int algo,
   return 0;
 }
 
-char *dir_expand_dup(ssh_session session, const char *value, int allowsshdir) {
-	char *new;
-
-	if (value[0] == '~' && value[1] == '/') {
-		char *homedir = ssh_get_user_home_dir();
-    size_t lv, lh;
-
-    if (homedir == NULL) {
-      return NULL;
-    }
-    lv = strlen(value + 1);
-    lh = strlen(homedir);
-
-		new = malloc(lv + lh + 1);
-		if (new == NULL) {
-      ssh_set_error_oom(session);
-      SAFE_FREE(homedir);
-			return NULL;
-    }
-		memcpy(new, homedir, lh);
-    SAFE_FREE(homedir);
-		memcpy(new + lh, value + 1, lv + 1);
-		return new;
-	}
-	if (allowsshdir && strncmp(value, "SSH_DIR/", 8) == 0) {
-		size_t lv, ls;
-		if (session->sshdir == NULL) {
-			if (ssh_options_set(session, SSH_OPTIONS_SSH_DIR, NULL) < 0)
-				return NULL;
-		}
-
-		value += 7;
-		lv = strlen(value);
-		ls = strlen(session->sshdir);
-
-		new = malloc(lv + ls + 1);
-		if (new == NULL) {
-      ssh_set_error_oom(session);
-			return NULL;
-    }
-		memcpy(new, session->sshdir, ls);
-		memcpy(new + ls, value, lv + 1);
-		return new;
-	}
-  new = strdup(value);
-  if (new == NULL) {
-    ssh_set_error_oom(session);
-    return NULL;
-  }
-  return new;
-}
-
 /**
  * @brief This function can set all possible ssh options.
  *
@@ -239,6 +187,9 @@ char *dir_expand_dup(ssh_session session, const char *value, int allowsshdir) {
  *                        set the hostname as the hostname is used as a key in
  *                        the known_host mechanism.
  *
+ *                      - SSH_OPTIONS_BINDADDR:
+ *                        The address to bind the client to (string).
+ *
  *                      - SSH_OPTIONS_USER:
  *                        The username for authentication (string).\n
  *                        \n
@@ -362,6 +313,10 @@ char *dir_expand_dup(ssh_session session, const char *value, int allowsshdir) {
  *                        Set the compression to use for server to client
  *                        communication (string, "none" or "zlib").
  *
+ *                      - SSH_OPTIONS_PROXYCOMMAND:
+ *                        Set the command to be executed in order to connect to
+ *                        server.
+ *
  * @param  value        The value to set. This is a generic pointer and the
  *                      datatype which is used should be set according to the
  *                      type set.
@@ -445,6 +400,18 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
         session->fd = *x & 0xffff;
       }
       break;
+    case SSH_OPTIONS_BINDADDR:
+      if (value == NULL) {
+        ssh_set_error_invalid(session, __FUNCTION__);
+        return -1;
+      }
+      q = strdup(value);
+      if (q == NULL) {
+          return -1;
+      }
+      SAFE_FREE(session->bindaddr);
+      session->bindaddr = q;
+      break;
     case SSH_OPTIONS_USER:
       SAFE_FREE(session->username);
       if (value == NULL) { /* set default username */
@@ -464,15 +431,14 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
     case SSH_OPTIONS_SSH_DIR:
       if (value == NULL) {
         SAFE_FREE(session->sshdir);
-	/* TODO: why ~/.ssh/ instead of ~/.ssh ? */
 
-        session->sshdir = dir_expand_dup(session, "~/.ssh/", 0);
+        session->sshdir = ssh_path_expand_tilde("~/.ssh/");
         if (session->sshdir == NULL) {
           return -1;
         }
       } else {
         SAFE_FREE(session->sshdir);
-        session->sshdir = dir_expand_dup(session, value, 0);
+        session->sshdir = ssh_path_expand_tilde(value);
         if (session->sshdir == NULL) {
           return -1;
         }
@@ -484,27 +450,28 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
         ssh_set_error_invalid(session, __FUNCTION__);
         return -1;
       }
-      q = dir_expand_dup(session, value, 1);
+      q = strdup(value);
       if (q == NULL) {
-        return -1;
+          return -1;
       }
       rc = ssh_list_prepend(session->identity, q);
       if (rc < 0) {
-        SAFE_FREE(q);
         return -1;
       }
       break;
     case SSH_OPTIONS_KNOWNHOSTS:
       if (value == NULL) {
         SAFE_FREE(session->knownhosts);
-        session->knownhosts = dir_expand_dup(session,
-            "SSH_DIR/known_hosts", 1);
+        if (session->sshdir == NULL) {
+            return -1;
+        }
+        session->knownhosts = ssh_path_expand_escape(session, "%d/known_hosts");
         if (session->knownhosts == NULL) {
           return -1;
         }
       } else {
         SAFE_FREE(session->knownhosts);
-        session->knownhosts = dir_expand_dup(session, value, 1);
+        session->knownhosts = strdup(value);
         if (session->knownhosts == NULL) {
           return -1;
         }
@@ -612,8 +579,21 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
           return -1;
       }
       break;
+    case SSH_OPTIONS_PROXYCOMMAND:
+      if (value == NULL) {
+        ssh_set_error_invalid(session, __FUNCTION__);
+        return -1;
+      } else {
+        SAFE_FREE(session->ProxyCommand);
+        q = strdup(value);
+        if (q == NULL) {
+            return -1;
+        }
+        session->ProxyCommand = q;
+      }
+      break;
     default:
-      ssh_set_error(session, SSH_REQUEST_DENIED, "Unkown ssh option %d", type);
+      ssh_set_error(session, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
       return -1;
     break;
   }
@@ -827,7 +807,7 @@ int ssh_bind_options_set(ssh_bind sshbind, enum ssh_bind_options_e type,
       }
       break;
     default:
-      ssh_set_error(sshbind, SSH_REQUEST_DENIED, "Unkown ssh option %d", type);
+      ssh_set_error(sshbind, SSH_REQUEST_DENIED, "Unknown ssh option %d", type);
       return -1;
     break;
   }
@@ -1050,19 +1030,91 @@ int ssh_options_parse_config(ssh_session session, const char *filename) {
     return -1;
   }
 
+  if (session->sshdir == NULL) {
+      r = ssh_options_set(session, SSH_OPTIONS_SSH_DIR, NULL);
+      if (r < 0) {
+          ssh_set_error_oom(session);
+          return -1;
+      }
+  }
+
   /* set default filename */
   if (filename == NULL) {
-    expanded_filename = dir_expand_dup(session, "SSH_DIR/config", 1);
+    expanded_filename = ssh_path_expand_escape(session, "%d/config");
   } else {
-    expanded_filename = dir_expand_dup(session, filename, 1);
+    expanded_filename = ssh_path_expand_escape(session, filename);
   }
-  if (expanded_filename == NULL)
+  if (expanded_filename == NULL) {
     return -1;
+  }
 
   r = ssh_config_parse_file(session, expanded_filename);
+  if (r < 0) {
+      goto out;
+  }
+  if (filename == NULL) {
+      r = ssh_config_parse_file(session, "/etc/ssh/ssh_config");
+  }
+
+out:
   free(expanded_filename);
   return r;
 }
 
-/** @} */
-/* vim: set ts=2 sw=2 et cindent: */
+int ssh_options_apply(ssh_session session) {
+    struct ssh_iterator *it;
+    char *tmp;
+    int rc;
+
+    if (session->sshdir == NULL) {
+        rc = ssh_options_set(session, SSH_OPTIONS_SSH_DIR, NULL);
+        if (rc < 0) {
+            return -1;
+        }
+    }
+
+    if (session->username == NULL) {
+        rc = ssh_options_set(session, SSH_OPTIONS_USER, NULL);
+        if (rc < 0) {
+            return -1;
+        }
+    }
+
+    if (session->knownhosts == NULL) {
+        tmp = ssh_path_expand_escape(session, "%d/known_hosts");
+    } else {
+        tmp = ssh_path_expand_escape(session, session->knownhosts);
+    }
+    if (tmp == NULL) {
+        return -1;
+    }
+    free(session->knownhosts);
+    session->knownhosts = tmp;
+
+    if (session->ProxyCommand != NULL) {
+        tmp = ssh_path_expand_escape(session, session->ProxyCommand);
+        if (tmp == NULL) {
+            return -1;
+        }
+        free(session->ProxyCommand);
+        session->ProxyCommand = tmp;
+    }
+
+    for (it = ssh_list_get_iterator(session->identity);
+         it != NULL;
+         it = it->next) {
+        char *id = (char *) it->data;
+        tmp = ssh_path_expand_escape(session, id);
+        if (tmp == NULL) {
+            return -1;
+        }
+        free(id);
+        it->data = tmp;
+    }
+
+    return 0;
+}
+
+/* @} */
+
+/* vim: set ts=4 sw=4 et cindent: */

libssh/packet.c

@@ -693,6 +693,9 @@ void packet_parse(ssh_session session) {
       case SSH2_MSG_CHANNEL_OPEN:
         message_handle(session,type);
         return;
+      case SSH2_MSG_GLOBAL_REQUEST:
+        ssh_global_request_handle(session);
+        return;
       default:
         ssh_log(session, SSH_LOG_RARE, "Received unhandled packet %d", type);
     }
@@ -779,6 +782,7 @@ static int packet_wait2(ssh_session session, int type, int blocking) {
         ssh_log(session, SSH_LOG_PACKET, "received disconnect packet");
         leave_function();
         return SSH_ERROR;
+      case SSH2_MSG_GLOBAL_REQUEST:
       case SSH2_MSG_CHANNEL_WINDOW_ADJUST:
       case SSH2_MSG_CHANNEL_DATA:
       case SSH2_MSG_CHANNEL_EXTENDED_DATA:

libssh/pcap.c

@@ -30,7 +30,9 @@
 #ifdef WITH_PCAP
 
 #include <stdio.h>
-#ifndef _WIN32
+#ifdef _WIN32
+#include <ws2tcpip.h>
+#else
 #include <sys/time.h>
 #include <sys/socket.h>
 #endif
@@ -91,7 +93,7 @@ struct ssh_pcap_context_struct {
 	ssh_session session;
 	ssh_pcap_file file;
 	int connected;
-	/* All of these informations are useful to generate
+	/* All of these information are useful to generate
 	 * the dummy IP and TCP packets
 	 */
 	uint32_t ipsource;

libssh/poll.c

@@ -3,6 +3,7 @@
  *
  * This file is part of the SSH Library
  *
+ * Copyright (c) 2009-2010 by Andreas Schneider <mail@cynapses.org>
  * Copyright (c) 2003-2009 by Aris Adamantiadis
  * Copyright (c) 2009 Aleksandar Kanchev
  *
@@ -24,8 +25,6 @@
  * vim: ts=2 sw=2 et cindent
  */
 
-/* This code is based on glib's gpoll */
-
 #include "config.h"
 
 #include <errno.h>
@@ -60,177 +59,185 @@ struct ssh_poll_ctx_struct {
 #ifdef HAVE_POLL
 #include <poll.h>
 
+void ssh_poll_init(void) {
+    return;
+}
+
 int ssh_poll(ssh_pollfd_t *fds, nfds_t nfds, int timeout) {
   return poll((struct pollfd *) fds, nfds, timeout);
 }
 
 #else /* HAVE_POLL */
+
+#include <sys/types.h>
+
+typedef int (*poll_fn)(ssh_pollfd_t *, nfds_t, int);
+static poll_fn win_poll;
+
 #ifdef _WIN32
-
-#if 0
-/* defined(_WIN32_WINNT) && (_WIN32_WINNT >= 0x0600) */
-
-#include <winsock2.h>
-
-int ssh_poll(ssh_pollfd_t *fds, nfds_t nfds, int timeout) {
-  return WSAPoll(fds, nfds, timeout);
-}
-
-#else /* _WIN32_WINNT */
-
 #ifndef STRICT
 #define STRICT
-#endif
+#endif /* STRICT */
 
-#include <stdio.h>
+#include <time.h>
 #include <windows.h>
-#include <errno.h>
+#include <winsock2.h>
 
-static int poll_rest (HANDLE *handles, int nhandles,
-    ssh_pollfd_t *fds, nfds_t nfds, int timeout) {
-  DWORD ready;
-  ssh_pollfd_t *f;
-  int recursed_result;
+#define WS2_LIBRARY "ws2_32.dll"
+static HINSTANCE hlib;
 
-  if (nhandles == 0) {
-    /* No handles to wait for, just the timeout */
-    if (timeout == INFINITE) {
-      ready = WAIT_FAILED;
-    } else {
-      SleepEx(timeout, 1);
-      ready = WAIT_TIMEOUT;
-    }
-  } else {
-    /* Wait for just handles */
-    ready = WaitForMultipleObjectsEx(nhandles, handles, FALSE, timeout, TRUE);
-#if 0
-    if (ready == WAIT_FAILED)  {
-      fprintf(stderr, "WaitForMultipleObjectsEx failed: %d\n", GetLastError());
-    }
-#endif
-  }
+#else /* _WIN32 */
+#include <sys/select.h>
+#include <sys/socket.h>
+#include <unistd.h>
+#include <sys/time.h>
+#endif /* _WIN32 */
 
-  if (ready == WAIT_FAILED) {
-    return -1;
-  } else if (ready == WAIT_TIMEOUT || ready == WAIT_IO_COMPLETION) {
-    return 0;
-  } else if (ready >= WAIT_OBJECT_0 && ready < WAIT_OBJECT_0 + nhandles) {
-    for (f = fds; f < &fds[nfds]; f++) {
-      if ((HANDLE) f->fd == handles[ready - WAIT_OBJECT_0]) {
-        f->revents = f->events;
-      }
-    }
 
-    /*
-     * If no timeout and polling several handles, recurse to poll
-     * the rest of them.
-     */
-    if (timeout == 0 && nhandles > 1) {
-      /* Remove the handle that fired */
-      int i;
-      if (ready < nhandles - 1) {
-        for (i = ready - WAIT_OBJECT_0 + 1; i < nhandles; i++) {
-          handles[i-1] = handles[i];
-        }
-      }
-      nhandles--;
-      recursed_result = poll_rest(handles, nhandles, fds, nfds, 0);
-      if (recursed_result < 0) {
-        return -1;
-      }
-      return recursed_result + 1;
-    }
-    return 1;
-  }
-
-  return 0;
-}
-
-int ssh_poll(ssh_pollfd_t *fds, nfds_t nfds, int timeout) {
-  HANDLE handles[MAXIMUM_WAIT_OBJECTS];
-  ssh_pollfd_t *f;
-  int nhandles = 0;
-  int rc = -1;
+/*
+ * This is a poll(2)-emulation using select for systems not providing a native
+ * poll implementation.
+ *
+ * Keep in mind that select is terribly inefficient. The interface is simply not
+ * meant to be used with maximum descriptor value greater, say, 32 or so.  With
+ * a value as high as 1024 on Linux you'll pay dearly in every single call.
+ * poll() will be orders of magnitude faster.
+ */
+static int bsd_poll(ssh_pollfd_t *fds, nfds_t nfds, int timeout) {
+  fd_set readfds, writefds, exceptfds;
+  struct timeval tv, *ptv;
+  socket_t max_fd;
+  int rc;
+  nfds_t i;
 
   if (fds == NULL) {
-    errno = EFAULT;
-    return -1;
+      errno = EFAULT;
+      return -1;
   }
 
-  if (nfds >= MAXIMUM_WAIT_OBJECTS) {
-    errno = EINVAL;
-    return -1;
-  }
+  FD_ZERO (&readfds);
+  FD_ZERO (&writefds);
+  FD_ZERO (&exceptfds);
 
-  for (f = fds; f < &fds[nfds]; f++) {
-    if (f->fd > 0) {
-      int i;
-
-      /*
-       * Don't add the same handle several times into the array, as
-       * docs say that is not allowed, even if it actually does seem
-       * to work.
-       */
-      for (i = 0; i < nhandles; i++) {
-        if (handles[i] == (HANDLE) f->fd) {
-          break;
-        }
+  /* compute fd_sets and find largest descriptor */
+  for (rc = -1, max_fd = 0, i = 0; i < nfds; i++) {
+      if (fds[i].fd == SSH_INVALID_SOCKET) {
+          continue;
       }
-
-      if (i == nhandles) {
-        if (nhandles == MAXIMUM_WAIT_OBJECTS) {
+#ifndef _WIN32
+      if (fds[i].fd >= FD_SETSIZE) {
+          rc = -1;
           break;
-        } else {
-          handles[nhandles++] = (HANDLE) f->fd;
-        }
       }
-    }
+#endif
+
+      if (fds[i].events & (POLLIN | POLLRDNORM)) {
+          FD_SET (fds[i].fd, &readfds);
+      }
+      if (fds[i].events & (POLLOUT | POLLWRNORM | POLLWRBAND)) {
+          FD_SET (fds[i].fd, &writefds);
+      }
+      if (fds[i].events & (POLLPRI | POLLRDBAND)) {
+          FD_SET (fds[i].fd, &exceptfds);
+      }
+      if (fds[i].fd > max_fd &&
+          (fds[i].events & (POLLIN | POLLOUT | POLLPRI |
+                            POLLRDNORM | POLLRDBAND |
+                            POLLWRNORM | POLLWRBAND))) {
+          max_fd = fds[i].fd;
+          rc = 0;
+      }
   }
 
-  if (timeout == -1) {
-    timeout = INFINITE;
+  if (max_fd == SSH_INVALID_SOCKET || rc == -1) {
+      errno = EINVAL;
+      return -1;
   }
 
-  if (nhandles > 1) {
-    /*
-     * First check if one or several of them are immediately
-     * available.
-     */
-    rc = poll_rest(handles, nhandles, fds, nfds, 0);
-
-    /*
-     * If not, and we have a significant timeout, poll again with
-     * timeout then. Note that this will return indication for only
-     * one event, or only for messages. We ignore timeouts less than
-     * ten milliseconds as they are mostly pointless on Windows, the
-     * MsgWaitForMultipleObjectsEx() call will timeout right away
-     * anyway.
-     */
-    if (rc == 0 && (timeout == INFINITE || timeout >= 10)) {
-      rc = poll_rest(handles, nhandles, fds, nfds, timeout);
-    }
+  if (timeout < 0) {
+      ptv = NULL;
   } else {
-    /*
-     * Just polling for one thing, so no need to check first if
-     * available immediately
-     */
-    rc = poll_rest(handles, nhandles, fds, nfds, timeout);
+      ptv = &tv;
+      if (timeout == 0) {
+          tv.tv_sec = 0;
+          tv.tv_usec = 0;
+      } else {
+          tv.tv_sec = timeout / 1000;
+          tv.tv_usec = (timeout % 1000) * 1000;
+      }
   }
 
+  rc = select (max_fd + 1, &readfds, &writefds, &exceptfds, ptv);
   if (rc < 0) {
-    for (f = fds; f < &fds[nfds]; f++) {
-      f->revents = 0;
-    }
-    errno = EBADF;
+      return -1;
   }
 
+  for (rc = 0, i = 0; i < nfds; i++)
+    if (fds[i].fd >= 0) {
+        fds[i].revents = 0;
+
+        if (FD_ISSET(fds[i].fd, &readfds)) {
+            int save_errno = errno;
+            char data[64] = {0};
+            int ret;
+
+            /* support for POLLHUP */
+            ret = recv(fds[i].fd, data, 64, MSG_PEEK);
+#ifdef _WIN32
+            if ((ret == -1) &&
+                (errno == WSAESHUTDOWN || errno == WSAECONNRESET ||
+                 errno == WSAECONNABORTED || errno == WSAENETRESET)) {
+#else
+            if ((ret == -1) &&
+                (errno == ESHUTDOWN || errno == ECONNRESET ||
+                 errno == ECONNABORTED || errno == ENETRESET)) {
+#endif
+                fds[i].revents |= POLLHUP;
+            } else {
+                fds[i].revents |= fds[i].events & (POLLIN | POLLRDNORM);
+            }
+
+            errno = save_errno;
+        }
+        if (FD_ISSET(fds[i].fd, &writefds)) {
+            fds[i].revents |= fds[i].events & (POLLOUT | POLLWRNORM | POLLWRBAND);
+        }
+
+        if (FD_ISSET(fds[i].fd, &exceptfds)) {
+            fds[i].revents |= fds[i].events & (POLLPRI | POLLRDBAND);
+        }
+
+        if (fds[i].revents & ~POLLHUP) {
+          rc++;
+        }
+    } else {
+        fds[i].revents = POLLNVAL;
+    }
+
   return rc;
 }
 
-#endif /* _WIN32_WINNT */
+void ssh_poll_init(void) {
+    poll_fn wsa_poll = NULL;
 
+#ifdef _WIN32
+    hlib = LoadLibrary(WS2_LIBRARY);
+    if (hlib != NULL) {
+        wsa_poll = (poll_fn) GetProcAddress(hlib, "WSAPoll");
+    }
 #endif /* _WIN32 */
 
+    if (wsa_poll == NULL) {
+        win_poll = bsd_poll;
+    } else {
+        win_poll = wsa_poll;
+    }
+}
+
+int ssh_poll(ssh_pollfd_t *fds, nfds_t nfds, int timeout) {
+    return win_poll(fds, nfds, timeout);
+}
+
 #endif /* HAVE_POLL */
 
 /**
@@ -403,7 +410,7 @@ void ssh_poll_ctx_free(ssh_poll_ctx ctx) {
     used = ctx->polls_used;
     for (i = 0; i < used; ) {
       ssh_poll_handle p = ctx->pollptrs[i];
-      int fd = ctx->pollfds[i].fd;
+      socket_t fd = ctx->pollfds[i].fd;
 
       /* force poll object removal */
       if (p->cb(p, fd, POLLERR, p->cb_data) < 0) {
@@ -451,7 +458,7 @@ static int ssh_poll_ctx_resize(ssh_poll_ctx ctx, size_t new_size) {
  * @return              0 on success, < 0 on error
  */
 int ssh_poll_ctx_add(ssh_poll_ctx ctx, ssh_poll_handle p) {
-  int fd;
+  socket_t fd;
 
   if (p->ctx != NULL) {
     /* already attached to a context */
@@ -530,7 +537,7 @@ int ssh_poll_ctx_dopoll(ssh_poll_ctx ctx, int timeout) {
         i++;
       } else {
         ssh_poll_handle p = ctx->pollptrs[i];
-        int fd = ctx->pollfds[i].fd;
+        socket_t fd = ctx->pollfds[i].fd;
         int revents = ctx->pollfds[i].revents;
 
         if (p->cb(p, fd, revents, p->cb_data) < 0) {

libssh/server.c

@@ -129,7 +129,7 @@ ssh_bind ssh_bind_new(void) {
     return NULL;
   }
   ZERO_STRUCTP(ptr);
-  ptr->bindfd = -1;
+  ptr->bindfd = SSH_INVALID_SOCKET;
   ptr->bindport= 22;
   ptr->log_verbosity = 0;
 
@@ -138,7 +138,7 @@ ssh_bind ssh_bind_new(void) {
 
 int ssh_bind_listen(ssh_bind sshbind) {
   const char *host;
-  int fd;
+  socket_t fd;
 
   if (ssh_init() < 0) {
     return -1;
@@ -185,10 +185,10 @@ void ssh_bind_fd_toaccept(ssh_bind sshbind) {
 int ssh_bind_accept(ssh_bind sshbind, ssh_session session) {
   ssh_private_key dsa = NULL;
   ssh_private_key rsa = NULL;
-  int fd = -1;
+  socket_t fd = SSH_INVALID_SOCKET;
   int i;
 
-  if (sshbind->bindfd < 0) {
+  if (sshbind->bindfd == SSH_INVALID_SOCKET) {
     ssh_set_error(sshbind, SSH_FATAL,
         "Can't accept new clients on a not bound socket.");
     return SSH_ERROR;
@@ -219,7 +219,7 @@ int ssh_bind_accept(ssh_bind sshbind, ssh_session session) {
   }
 
   fd = accept(sshbind->bindfd, NULL, NULL);
-  if (fd < 0) {
+  if (fd == SSH_INVALID_SOCKET) {
     ssh_set_error(sshbind, SSH_FATAL,
         "Accepting a new connection: %s",
         strerror(errno));
@@ -284,7 +284,7 @@ void ssh_bind_free(ssh_bind sshbind){
     close(sshbind->bindfd);
 #endif
   }
-  sshbind->bindfd = -1;
+  sshbind->bindfd = SSH_INVALID_SOCKET;
 
   /* options */
   SAFE_FREE(sshbind->banner);

libssh/session.c

@@ -32,7 +32,8 @@
 #include "libssh/packet.h"
 #include "libssh/session.h"
 #include "libssh/misc.h"
-
+#include "libssh/ssh2.h"
+#include "libssh/buffer.h"
 #define FIRST_CHANNEL 42 // why not ? it helps to find bugs.
 
 /** \defgroup ssh_session SSH Session
@@ -103,7 +104,7 @@ ssh_session ssh_new(void) {
       goto err;
     }
 
-    id = strdup("SSH_DIR/id_rsa");
+    id = strdup("%d/id_rsa");
     if (id == NULL) {
       goto err;
     }
@@ -112,7 +113,7 @@ ssh_session ssh_new(void) {
       goto err;
     }
 
-    id = strdup("SSH_DIR/id_dsa");
+    id = strdup("%d/id_dsa");
     if (id == NULL) {
       goto err;
     }
@@ -121,7 +122,7 @@ ssh_session ssh_new(void) {
       goto err;
     }
 
-    id = strdup("SSH_DIR/identity");
+    id = strdup("%d/identity");
     if (id == NULL) {
       goto err;
     }
@@ -213,6 +214,7 @@ void ssh_free(ssh_session session) {
   SAFE_FREE(session->host);
   SAFE_FREE(session->sshdir);
   SAFE_FREE(session->knownhosts);
+  SAFE_FREE(session->ProxyCommand);
 
   for (i = 0; i < 10; i++) {
     if (session->wanted_methods[i]) {
@@ -408,5 +410,32 @@ int ssh_get_version(ssh_session session) {
   return session->version;
 }
 
+
+/**
+ * @internal
+ * @handle a SSH_MSG_GLOBAL_REQUEST packet
+ * @param session the SSH session
+ */
+void ssh_global_request_handle(ssh_session session){
+  ssh_string type;
+  char *type_c;
+  uint32_t needreply;
+  type=buffer_get_ssh_string(session->in_buffer);
+  buffer_get_u32(session->in_buffer,&needreply);
+  if(type==NULL)
+    return;
+  type_c=string_to_char(type);
+  if(!type_c)
+    return;
+  ssh_log(session, SSH_LOG_PROTOCOL,
+      "Received SSH_GLOBAL_REQUEST %s (wantreply=%d)",type_c,needreply);
+  SAFE_FREE(type_c);
+  string_free(type);
+  if(needreply != 0){
+    buffer_add_u8(session->out_buffer,SSH2_MSG_REQUEST_FAILURE);
+    packet_send(session);
+  }
+}
+
 /** @} */
 /* vim: set ts=2 sw=2 et cindent: */

libssh/sftp.c

@@ -29,6 +29,7 @@
 #include <fcntl.h>
 #include <stdlib.h>
 #include <string.h>
+#include <stdio.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 
@@ -2340,8 +2341,9 @@ int sftp_rename(sftp_session sftp, const char *original, const char *newname) {
   if (buffer_add_u32(buffer, id) < 0 ||
       buffer_add_ssh_string(buffer, oldpath) < 0 ||
       buffer_add_ssh_string(buffer, newpath) < 0 ||
-      /* POSIX rename atomically replaces newpath, we should do the same */
-      buffer_add_u32(buffer, SSH_FXF_RENAME_OVERWRITE) < 0) {
+      /* POSIX rename atomically replaces newpath, we should do the same
+       * only available on >=v4 */
+      sftp->version>=4 ? (buffer_add_u32(buffer, SSH_FXF_RENAME_OVERWRITE) < 0):0) {
     ssh_set_error_oom(sftp->session);
     buffer_free(buffer);
     string_free(oldpath);
@@ -2483,7 +2485,8 @@ int sftp_chown(sftp_session sftp, const char *file, uid_t owner, gid_t group) {
 
   attr.uid = owner;
   attr.gid = group;
-  attr.flags = SSH_FILEXFER_ATTR_OWNERGROUP;
+
+  attr.flags = SSH_FILEXFER_ATTR_UIDGID;
 
   return sftp_setstat(sftp, file, &attr);
 }

libssh/socket.c

@@ -27,11 +27,13 @@
 #include <stdio.h>
 #ifdef _WIN32
 #include <winsock2.h>
+#include <ws2tcpip.h>
 #else
 #include <fcntl.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/un.h>
+extern char **environ;
 #endif
 #include "libssh/priv.h"
 #include "libssh/socket.h"
@@ -39,6 +41,7 @@
 #include "libssh/poll.h"
 #include "libssh/session.h"
 
+
 /** \defgroup ssh_socket SSH Sockets
  * \addtogroup ssh_socket
  * @{
@@ -68,7 +71,10 @@ int ssh_socket_init(void) {
   if (WSAStartup(MAKEWORD(2, 0), &wsaData) != 0) {
     return -1;
   }
+
 #endif
+  ssh_poll_init();
+
   return 0;
 }
 /*
@@ -82,7 +88,7 @@ struct socket *ssh_socket_new(ssh_session session) {
   if (s == NULL) {
     return NULL;
   }
-  s->fd = -1;
+  s->fd = SSH_INVALID_SOCKET;
   s->last_errno = -1;
   s->session = session;
   s->in_buffer = buffer_new();
@@ -124,20 +130,20 @@ int ssh_socket_unix(struct socket *s, const char *path) {
   snprintf(sunaddr.sun_path, sizeof(sunaddr.sun_path), "%s", path);
 
   s->fd = socket(AF_UNIX, SOCK_STREAM, 0);
-  if (s->fd < 0) {
+  if (s->fd == SSH_INVALID_SOCKET) {
     return -1;
   }
 
   if (fcntl(s->fd, F_SETFD, 1) == -1) {
     close(s->fd);
-    s->fd = -1;
+    s->fd = SSH_INVALID_SOCKET;
     return -1;
   }
 
   if (connect(s->fd, (struct sockaddr *) &sunaddr,
         sizeof(sunaddr)) < 0) {
     close(s->fd);
-    s->fd = -1;
+    s->fd = SSH_INVALID_SOCKET;
     return -1;
   }
 
@@ -157,7 +163,7 @@ void ssh_socket_close(struct socket *s){
     close(s->fd);
     s->last_errno = errno;
 #endif
-    s->fd=-1;
+    s->fd = SSH_INVALID_SOCKET;
   }
 }
 
@@ -179,7 +185,7 @@ socket_t ssh_socket_get_fd(struct socket *s) {
  * \brief returns nonzero if the socket is open
  */
 int ssh_socket_is_open(struct socket *s) {
-  return s->fd != -1;
+  return s->fd != SSH_INVALID_SOCKET;
 }
 
 /* \internal
@@ -237,22 +243,22 @@ static int ssh_socket_unbuffered_write(struct socket *s, const void *buffer,
  * \brief returns nonzero if the current socket is in the fd_set
  */
 int ssh_socket_fd_isset(struct socket *s, fd_set *set) {
-  if(s->fd == -1) {
+  if(s->fd == SSH_INVALID_SOCKET) {
     return 0;
   }
   return FD_ISSET(s->fd,set);
 }
 
 /* \internal
- * \brief sets the current fd in a fd_set and updates the fd_max
+ * \brief sets the current fd in a fd_set and updates the max_fd
  */
 
-void ssh_socket_fd_set(struct socket *s, fd_set *set, int *fd_max) {
-  if (s->fd == -1)
+void ssh_socket_fd_set(struct socket *s, fd_set *set, socket_t *max_fd) {
+  if (s->fd == SSH_INVALID_SOCKET)
     return;
   FD_SET(s->fd,set);
-  if (s->fd >= *fd_max) {
-    *fd_max = s->fd + 1;
+  if (s->fd >= 0 && s->fd != SSH_INVALID_SOCKET) {
+    *max_fd = s->fd + 1;
   }
 }
 
@@ -435,7 +441,7 @@ int ssh_socket_wait_for_data(struct socket *s, ssh_session session, uint32_t len
     if (ssh_socket_is_open(session->socket)) {
       r = ssh_socket_unbuffered_read(session->socket, buffer, sizeof(buffer));
     } else {
-      r =- 1;
+      r = -1;
     }
 
     if (r <= 0) {
@@ -482,13 +488,15 @@ int ssh_socket_poll(struct socket *s, int *writeable, int *except) {
   if (!s->data_to_write) {
     fd->events |= POLLOUT;
   }
-
-  /* Make the call, and listen for errors */
-  rc = ssh_poll(fd, 1, 0);
-  if (rc < 0) {
-    ssh_set_error(session, SSH_FATAL, "poll(): %s", strerror(errno));
-    leave_function();
-    return -1;
+  /* do not do poll if fd->events is empty, we already know the response */
+  if(fd->events != 0){
+  	/* Make the call, and listen for errors */
+  	rc = ssh_poll(fd, 1, 0);
+  	if (rc < 0) {
+  		ssh_set_error(session, SSH_FATAL, "poll(): %s", strerror(errno));
+  		leave_function();
+  		return -1;
+  	}
   }
 
   if (!s->data_to_read) {
@@ -542,7 +550,7 @@ int ssh_socket_nonblocking_flush(struct socket *s) {
           buffer_get_rest_len(s->out_buffer));
     } else {
       /* write failed */
-      w =- 1;
+      w = -1;
     }
 
     if (w < 0) {
@@ -658,6 +666,54 @@ int ssh_socket_get_status(struct socket *s) {
   return r;
 }
 
+#ifndef _WIN32
+/**
+ * @internal
+ * @brief executes a command and redirect input and outputs
+ * @param command command to execute
+ * @param in input file descriptor
+ * @param out output file descriptor
+ */
+void ssh_execute_command(const char *command, socket_t in, socket_t out){
+  const char *args[]={"/bin/sh","-c",command,NULL};
+  /* redirect in and out to stdin, stdout and stderr */
+  dup2(in, 0);
+  dup2(out,1);
+  dup2(out,2);
+  close(in);
+  close(out);
+  execve(args[0],(char * const *)args,(char * const *)environ);
+  exit(1);
+}
+
+/**
+ * @internal
+ * @brief Open a socket on a ProxyCommand
+ * This call will always be nonblocking.
+ * @param s    socket to connect.
+ * @param command Command to execute.
+ * @returns SSH_OK socket is being connected.
+ * @returns SSH_ERROR error while executing the command.
+ */
+
+socket_t ssh_socket_connect_proxycommand(ssh_session session,
+    const char *command){
+  socket_t fd[2];
+  int pid;
+  enter_function();
+  socketpair(AF_UNIX,SOCK_STREAM,0,fd);
+  pid = fork();
+  if(pid == 0){
+    ssh_execute_command(command,fd[1],fd[1]);
+  }
+  close(fd[1]);
+  ssh_log(session,SSH_LOG_PROTOCOL,"ProxyCommand connection pipe: [%d,%d]",fd[0],fd[1]);
+  return fd[0];
+}
+
+#endif /* _WIN32 */
+
+
 /** @}
  */
 /* vim: set ts=2 sw=2 et cindent: */

libssh/wrapper.c

@@ -614,6 +614,11 @@ static void aes_decrypt(struct crypto_struct *cipher, void *in, void *out,
   AES_cbc_encrypt(in, out, len, cipher->key, IV, AES_DECRYPT);
 }
 
+#ifndef BROKEN_AES_CTR
+/* OpenSSL until 0.9.7c has a broken AES_ctr128_encrypt implementation which
+ * increments the counter from 2^64 instead of 1. It's better not to use it
+ */
+
 /** @internal
  * @brief encrypts/decrypts data with stream cipher AES_ctr128. 128 bits is actually
  * the size of the CTR counter and incidentally the blocksize, but not the keysize.
@@ -631,6 +636,7 @@ static void aes_ctr128_encrypt(struct crypto_struct *cipher, void *in, void *out
    */
   AES_ctr128_encrypt(in, out, len, cipher->key, IV, tmp_buffer, &num);
 }
+#endif /* BROKEN_AES_CTR */
 #endif /* HAS_AES */
 
 #ifdef HAS_DES
@@ -722,6 +728,7 @@ static struct crypto_struct ssh_ciphertab[] = {
   },
 #endif /* HAS_BLOWFISH */
 #ifdef HAS_AES
+#ifndef BROKEN_AES_CTR
   {
     "aes128-ctr",
     16,
@@ -755,6 +762,7 @@ static struct crypto_struct ssh_ciphertab[] = {
     aes_ctr128_encrypt,
     aes_ctr128_encrypt
   },
+#endif /* BROKEN_AES_CTR */
   {
     "aes128-cbc",
     16,
@@ -1001,7 +1009,8 @@ int crypt_set_algorithms_server(ssh_session session){
     /* out */
     server = session->server_kex.methods[SSH_CRYPT_S_C];
     client = session->client_kex.methods[SSH_CRYPT_S_C];
-    match = ssh_find_matching(client, server);
+    /* That's the client algorithms that are more important */
+    match = ssh_find_matching(server,client);
 
     if(!match){
         ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no matching algorithm function found for %s",server);
@@ -1030,7 +1039,7 @@ int crypt_set_algorithms_server(ssh_session session){
     /* in */
     client=session->client_kex.methods[SSH_CRYPT_C_S];
     server=session->server_kex.methods[SSH_CRYPT_S_C];
-    match=ssh_find_matching(client,server);
+    match=ssh_find_matching(server,client);
     if(!match){
         ssh_set_error(session,SSH_FATAL,"Crypt_set_algorithms_server : no matching algorithm function found for %s",server);
         free(match);
@@ -1058,7 +1067,7 @@ int crypt_set_algorithms_server(ssh_session session){
     /* compression */
     client=session->client_kex.methods[SSH_CRYPT_C_S];
     server=session->server_kex.methods[SSH_CRYPT_C_S];
-    match=ssh_find_matching(client,server);
+    match=ssh_find_matching(server,client);
     if(match && !strcmp(match,"zlib")){
         ssh_log(session,SSH_LOG_PACKET,"enabling C->S compression");
         session->next_crypto->do_compress_in=1;
@@ -1067,7 +1076,7 @@ int crypt_set_algorithms_server(ssh_session session){
 
     client=session->client_kex.methods[SSH_CRYPT_S_C];
     server=session->server_kex.methods[SSH_CRYPT_S_C];
-    match=ssh_find_matching(client,server);
+    match=ssh_find_matching(server,client);
     if(match && !strcmp(match,"zlib")){
         ssh_log(session,SSH_LOG_PACKET,"enabling S->C compression\n");
         session->next_crypto->do_compress_out=1;
@@ -1076,7 +1085,7 @@ int crypt_set_algorithms_server(ssh_session session){
 
     server=session->server_kex.methods[SSH_HOSTKEYS];
     client=session->client_kex.methods[SSH_HOSTKEYS];
-    match=ssh_find_matching(client,server);
+    match=ssh_find_matching(server,client);
     if(match && !strcmp(match,"ssh-dss"))
         session->hostkeys=TYPE_DSS;
     else if(match && !strcmp(match,"ssh-rsa"))