Bump for release

Watch out for bad KEX_INIT guesses and burn packets if necessary.

LICENSE

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,

Makefile.in

@@ -7,7 +7,7 @@ incldir = @prefix@/include
 distdir = @top_srcdir@/dist
 
 CC = @CC@
-CFLAGS = -c @CFLAGS@ -Iinclude/ -Wall -g
+CFLAGS = -c @CFLAGS@ -Iinclude/ -Wall
 LIBS = -lssh2 -Lsrc/
 INSTALL = @INSTALL@
 VERSION=@PACKAGE_VERSION@
@@ -18,9 +18,10 @@ all:
 		(cd $$dir && $(MAKE) all) \
 		|| case "$(MFLAGS)" in *k*) fail=yes;; *) exit 1;; esac; \
 	done && test -z "$$fail"
+sample:
 	$(CC) -o ssh2_sample.o ssh2_sample.c $(CFLAGS)
 	$(CC) -o ssh2_sample ssh2_sample.o $(LIBS)
-install:
+install: all
 	$(top_srcdir)/mkinstalldirs $(DESTDIR)$(incldir)
 	$(top_srcdir)/mkinstalldirs $(DESTDIR)$(libdir)
 	@for dir in ${subdirs}; do \
@@ -29,6 +30,7 @@ install:
 	done && test -z "$$fail"
 	$(INSTALL) -m 644 include/libssh2.h $(DESTDIR)$(incldir)/
 	$(INSTALL) -m 644 include/libssh2_sftp.h $(DESTDIR)$(incldir)/
+	$(INSTALL) -m 644 include/libssh2_publickey.h $(DESTDIR)$(incldir)/
 clean:
 	@for dir in ${subdirs}; do \
 		(cd $$dir && $(MAKE) clean) \
@@ -46,7 +48,7 @@ dist:
 		$(DISTLIB)/mkinstalldirs $(DISTLIB)/install-sh $(DISTLIB)/config.sub $(DISTLIB)/config.guess \
 		$(DISTLIB)/src/*.c $(DISTLIB)/src/Makefile.in \
 		$(DISTLIB)/include/libssh2.h $(DISTLIB)/include/libssh2_priv.h $(DISTLIB)/include/libssh2_sftp.h \
-		$(DISTLIB)/include/libssh2_config.h.in \
+		$(DISTLIB)/include/libssh2_publickey.h $(DISTLIB)/include/libssh2_config.h.in \
 		$(DISTLIB)/win32/config.mk $(DISTLIB)/win32/libssh2_config.h $(DISTLIB)/win32/rules.mk \
 		$(DISTLIB)/win32/libssh2.dsp $(DISTLIB)/win32/libssh2.dsw $(DISTLIB)/win32/ssh2_sample.dsp
 	rm -f $(DISTLIB)
@@ -59,6 +61,7 @@ dist_nmake:
 		$(DISTLIB)/NMakefile $(DISTLIB)/ssh2_sample.c $(DISTLIB)/src/*.c \
 		$(DISTLIB)/LICENSE $(DISTLIB)/README $(DISTLIB)/TODO $(DISTLIB)/INSTALL \
 		$(DISTLIB)/include/libssh2.h $(DISTLIB)/include/libssh2_priv.h $(DISTLIB)/include/libssh2_sftp.h \
+		$(DISTLIB)/include/libssh2_publickey.h \
 		$(DISTLIB)/win32/config.mk $(DISTLIB)/win32/libssh2_config.h $(DISTLIB)/win32/rules.mk
 	rm -f $(DISTLIB)
 

README

@@ -1,6 +1,52 @@
 libssh2 - SSH2 library
 ======================
 
+Version 0.14
+------------
+
+  Plug leaks in EVP cipher init/shutdown. (Selcuk Gueney)
+
+  Allow socket_fd == 0 in libssh2_session_startup(). (puudeli)
+
+  Swap ordering of packet_add/packet-inspection to avoid inspect after free. (Selcuk)
+
+  Swap KEX_INIT ordering, send our KEX_INIT first.
+
+  Add check for oportunistic KEX_INIT packets.  Burn bad guess if necessary.
+
+  Fix OpenSSL detection using pkg-config. (Dan Casey)
+
+Version 0.13
+------------
+
+  Fixed channel not being marked closed when CHANNEL_CLOSE package cannot be sent. (David Robins)
+
+  Fixed payload packet allocation bug when invalid packet length received. (David Robins)
+
+  Fixed `make install' target for MacOSX.
+
+  Add terminating NULL character to readlink()/realpath() results.
+
+  BugFix#1436593: Apply build options for HPUX targets.
+
+Version 0.12
+------------
+
+  Added support for publickey subsytem (not the same as publickey auth).
+
+  Fix x11_req.  Multiple packet_len issues and error handling logic.
+    (Thanks Simon Hart)
+
+  Fix generation of 'e' portion of Diffie-Hellman keyset.
+	Use appropriate order for BN_rand() rather than fixed group1-specific value.
+
+  Re-fixed libssh2_sftp_rename_ex()
+    Transport had right packet_len, but sftp layer still had extra 4 bytes.
+
+  Fixed build with newer OpenSSL headers.
+
+  Added extern "C" declarations to libssh2_sftp.h for C++ compatability.
+
 Version 0.11
 ------------
 

configure.in

@@ -1,8 +1,11 @@
 # AC_PREREQ(2.57)
-AC_INIT(libssh2,0.11,sarag@libssh2.org)
+AC_INIT(libssh2,0.14,sarag@libssh2.org)
 AC_CONFIG_SRCDIR([src])
 AC_CONFIG_HEADER([include/libssh2_config.h])
 
+# Default to the same as CC
+LDCC="\$(CC)"
+
 # Check for the OS.
 AC_CANONICAL_HOST
 case "$host" in
@@ -16,6 +19,11 @@ case "$host" in
 	SHLIB_LDFLAGS="-dynamiclib -flat_namespace"
 	CFLAGS="$CFLAGS -DLIBSSH2_DARWIN"
 	;;
+    *hpux*)
+    SHLIB_SUFFIX_NAME="sl"
+    SHLIB_LDFLAGS="-b +vnocompatwarnings -L/lib/pa20_64"
+	LDCC="ld"
+    ;;
     *)
     SHLIB_SUFFIX_NAME="so"
     SHLIB_LDFLAGS="-shared"
@@ -31,6 +39,7 @@ AC_CHECK_LIB(m, ceil, [ SHLIB_LDFLAGS="$SHLIB_LDFLAGS -lm" ])
 
 AC_SUBST(SHLIB_SUFFIX_NAME)
 AC_SUBST(SHLIB_LDFLAGS)
+AC_SUBST(LDCC)
 AC_SUBST(LIBS)
 
 AC_PROG_CC
@@ -55,15 +64,18 @@ if test "$LIBSSH2_OPENSSL_DIR" = "no" || test "$LIBSSH2_OPENSSL_DIR" = "yes"; th
 fi
 
 found_openssl=no
+pkgcfg_openssl=no
 unset OPENSSL_INCDIR
-unset OPENSSL_LIBDIR
+unset OPENSSL_INCLINE
+unset OPENSSL_LIBLINE
 
 AC_MSG_CHECKING([for OpenSSL])
 
 # Explicit path given, use it rather than pkg-config
 if test ! -z "$LIBSSH2_OPENSSL_DIR"; then
   found_openssl=yes
-  OPENSSL_LIBDIR=$LIBSSH2_OPENSSL_DIR/lib
+  OPENSSL_LIBLINE="-L$LIBSSH2_OPENSSL_DIR/lib -lcrypto"
+  OPENSSL_INCLINE="-I$LIBSSH2_OPENSSL_DIR/include"
   OPENSSL_INCDIR=$LIBSSH2_OPENSSL_DIR/include
   AC_MSG_RESULT([Using explicit path $LIBSSH2_OPENSSL_DIR])
 fi
@@ -71,8 +83,9 @@ fi
 # If pkg-config is found try using it
 if test "$found_openssl" = "no" && test -x "$PKG_CONFIG" && $PKG_CONFIG --exists openssl; then
   found_openssl=yes
-  OPENSSL_LIBDIR=`$PKG_CONFIG --libs openssl`
-  OPENSSL_INCDIR=`$PKG_CONFIG --variable=includedir openssl`
+  pkgcfg_openssl=yes
+  OPENSSL_LIBLINE=`$PKG_CONFIG --libs openssl`
+  OPENSSL_INCLINE=`$PKG_CONFIG --variable=includedir openssl`
   AC_MSG_RESULT([Using paths from pkg-config])
 fi
 
@@ -82,39 +95,43 @@ if test "$found_openssl" = "no"; then
 
   for i in $OPENSSL_SEARCH_PATH; do
     if test -r $i/include/openssl/evp.h; then
+      OPENSSL_INCLINE="-I$i/include"
       OPENSSL_INCDIR=$i/include
     fi
     if test -r $i/include/openssl/hmac.h; then
+      OPENSSL_INCLINE="-I$i/include"
       OPENSSL_INCDIR=$i/include
     fi
     if test -r $i/lib/libcrypto.a -o -r $i/lib/libcrypto.$SHLIB_SUFFIX_NAME; then
-      OPENSSL_LIBDIR=$i/lib
+      OPENSSL_LIBLINE="-L$i/lib -lcrypto"
     fi
-    test -n "$OPENSSL_INCDIR" && test -n "$OPENSSL_LIBDIR" && break
+    test -n "$OPENSSL_INCLINE" && test -n "$OPENSSL_LIBLINE" && break
   done
 
-  if test -z "$OPENSSL_INCDIR"; then
+  if test -z "$OPENSSL_INCLINE"; then
     AC_MSG_ERROR([Cannot find OpenSSL's <evp.h> or <hmac.h>])
   fi
 
-  if test -z "$OPENSSL_LIBDIR"; then
+  if test -z "$OPENSSL_LIBLINE"; then
     AC_MSG_ERROR([Cannot find OpenSSL's libcrypto])
   fi
 
-  AC_MSG_RESULT([$OPENSSL_INCDIR $OPENSSL_LIBDIR])
+  AC_MSG_RESULT([$OPENSSL_INCLINE $OPENSSL_LIBLINE])
 fi
 
 #
 # Confirm required OpenSSL libs
 #
-if test ! -r $OPENSSL_INCDIR/openssl/bn.h || test ! -r $OPENSSL_INCDIR/openssl/evp.h || \
-   test ! -r $OPENSSL_INCDIR/openssl/hmac.h || test ! -r $OPENSSL_INCDIR/openssl/pem.h || \
-   test ! -r $OPENSSL_INCDIR/openssl/sha.h; then
-     AC_MSG_ERROR([Missing one or more of <openssl/bn.h>, <openssl/evp.h>, <openssl/hmac.h>, <openssl/pem.h>, <openssl/sha.h>])
+if test ! "$pkgcfg_openssl" = "yes"; then
+  if test ! -r $OPENSSL_INCDIR/openssl/bn.h || test ! -r $OPENSSL_INCDIR/openssl/evp.h || \
+     test ! -r $OPENSSL_INCDIR/openssl/hmac.h || test ! -r $OPENSSL_INCDIR/openssl/pem.h || \
+     test ! -r $OPENSSL_INCDIR/openssl/sha.h; then
+       AC_MSG_ERROR([Missing one or more of <openssl/bn.h>, <openssl/evp.h>, <openssl/hmac.h>, <openssl/pem.h>, <openssl/sha.h>])
+  fi
 fi
 
-CFLAGS="$CFLAGS -I$OPENSSL_INCDIR"
-LDFLAGS="$LDFLAGS -L$OPENSSL_LIBDIR -lcrypto"
+CFLAGS="$CFLAGS $OPENSSL_INCLINE"
+LDFLAGS="$LDFLAGS $OPENSSL_LIBLINE"
 
 #
 # zlib
@@ -191,6 +208,9 @@ AC_ARG_ENABLE(debug-scp,
 AC_ARG_ENABLE(debug-sftp,
 	AC_HELP_STRING([--enable-debug-sftp],[Output sftp subsystem debugging info to stderr]),
 	[AC_DEFINE(LIBSSH2_DEBUG_SFTP, 1, [Output sftp subsystem debugging info to stderr])])
+AC_ARG_ENABLE(debug-publickey,
+	AC_HELP_STRING([--enable-debug-publickey],[Output publickey subsystem debugging info to stderr]),
+	[AC_DEFINE(LIBSSH2_DEBUG_PUBLICKEY, 1, [Output publickey subsystem debugging info to stderr])])
 AC_ARG_ENABLE(debug-errors,
 	AC_HELP_STRING([--enable-debug-errors],[Output failure events to stderr]),
 	[AC_DEFINE(LIBSSH2_DEBUG_ERRORS, 1, [Output failure events to stderr])])
@@ -203,6 +223,7 @@ AC_ARG_ENABLE(debug-all,
 		AC_DEFINE(LIBSSH2_DEBUG_CONNECTION, 1, [Output connection layer debugging info to stderr])
 		AC_DEFINE(LIBSSH2_DEBUG_SCP, 1, [Output scp subsystem debugging info to stderr])
 		AC_DEFINE(LIBSSH2_DEBUG_SFTP, 1, [Output sftp subsystem debugging info to stderr])
+		AC_DEFINE(LIBSSH2_DEBUG_PUBLICKEY, 1, [Output publickey subsystem debugging info to stderr])
 		AC_DEFINE(LIBSSH2_DEBUG_ERRORS, 1, [Output failure events to stderr])
 	])
 

include/libssh2.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -71,8 +71,8 @@ typedef unsigned long long libssh2_uint64_t;
 typedef long long libssh2_int64_t;
 #endif
 
-#define LIBSSH2_VERSION								"0.11"
-#define LIBSSH2_APINO								200507041839
+#define LIBSSH2_VERSION								"0.14"
+#define LIBSSH2_APINO								200507211326
 
 /* Part of every banner, user specified or not */
 #define LIBSSH2_SSH_BANNER							"SSH-2.0-libssh2_" LIBSSH2_VERSION
@@ -253,6 +253,7 @@ typedef struct _LIBSSH2_POLLFD {
 #define LIBSSH2_ERROR_METHOD_NOT_SUPPORTED		-33
 #define LIBSSH2_ERROR_INVAL						-34
 #define LIBSSH2_ERROR_INVALID_POLL_TYPE			-35
+#define LIBSSH2_ERROR_PUBLICKEY_PROTOCOL		-36
 
 /* Session API */
 LIBSSH2_API LIBSSH2_SESSION *libssh2_session_init_ex(LIBSSH2_ALLOC_FUNC((*my_alloc)), LIBSSH2_FREE_FUNC((*my_free)), LIBSSH2_REALLOC_FUNC((*my_realloc)), void *abstract);

include/libssh2_config.h.in

@@ -63,6 +63,9 @@
 /* Output Key Exchange debugging info to stderr */
 #undef LIBSSH2_DEBUG_KEX
 
+/* Output publickey subsystem debugging info to stderr */
+#undef LIBSSH2_DEBUG_PUBLICKEY
+
 /* Output scp subsystem debugging info to stderr */
 #undef LIBSSH2_DEBUG_SCP
 

include/libssh2_priv.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -46,9 +46,19 @@
 #include <sys/socket.h>
 #endif
 #include <openssl/evp.h>
+#ifndef OPENSSL_NO_SHA
+#include <openssl/sha.h>
+#endif
+#ifndef OPENSSL_NO_MD5
+#include <openssl/md5.h>
+#endif
+
+#ifdef __hpux
+# define inline 
+#endif
 
 #define LIBSSH2_ALLOC(session, count)								session->alloc((count), &(session)->abstract)
-#define LIBSSH2_REALLOC(session, ptr, count)						session->realloc((ptr), (count), &(session)->abstract)
+#define LIBSSH2_REALLOC(session, ptr, count)						((ptr) ? session->realloc((ptr), (count), &(session)->abstract) : session->alloc((count), &(session)->abstract))
 #define LIBSSH2_FREE(session, ptr)									session->free((ptr), &(session)->abstract)
 
 #define LIBSSH2_IGNORE(session, data, datalen)						session->ssh_msg_ignore((session), (data), (datalen), &(session)->abstract)
@@ -189,6 +199,7 @@ struct _LIBSSH2_SESSION {
 
 	/* Agreed Key Exchange Method */
 	LIBSSH2_KEX_METHOD *kex;
+	int burn_optimistic_kexinit:1;
 
 	unsigned char *session_id;
 	unsigned long session_id_len;
@@ -332,6 +343,7 @@ struct _LIBSSH2_MAC_METHOD {
 #define LIBSSH2_DBG_SCP							5
 #define LIBSSH2_DBG_SFTP						6
 #define LIBSSH2_DBG_ERROR						7
+#define LIBSSH2_DBG_PUBLICKEY					8
 
 void _libssh2_debug(LIBSSH2_SESSION *session, int context, const char *format, ...);
 
@@ -451,6 +463,7 @@ int libssh2_packet_require_ex(LIBSSH2_SESSION *session, unsigned char packet_typ
 int libssh2_packet_requirev_ex(LIBSSH2_SESSION *session, unsigned char *packet_types, unsigned char **data, unsigned long *data_len, unsigned long match_ofs, const unsigned char *match_buf, unsigned long match_len);
 #define libssh2_packet_requirev(session, packet_types, data, data_len)			\
 		libssh2_packet_requirev_ex((session), (packet_types), (data), (data_len), 0, NULL, 0)
+int libssh2_packet_burn(LIBSSH2_SESSION *session);
 int libssh2_packet_write(LIBSSH2_SESSION *session, unsigned char *data, unsigned long data_len);
 int libssh2_kex_exchange(LIBSSH2_SESSION *session, int reexchange);
 unsigned long libssh2_channel_nextid(LIBSSH2_SESSION *session);

include/libssh2_publickey.h

@@ -0,0 +1,101 @@
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+/* Note: This include file is only needed for using the
+ * publickey SUBSYSTEM which is not the same as publickey
+ * authentication.  For authentication you only need libssh2.h
+ *
+ * For more information on the publickey subsystem,
+ * refer to IETF draft: secsh-publickey
+ */
+
+#ifndef LIBSSH2_PUBLICKEY_H
+#define LIBSSH2_PUBLICKEY_H	1
+
+typedef struct _LIBSSH2_PUBLICKEY				LIBSSH2_PUBLICKEY;
+
+typedef struct _libssh2_publickey_attribute {
+	char *name;
+	unsigned long name_len;
+	char *value;
+	unsigned long value_len;
+	char mandatory;
+} libssh2_publickey_attribute;
+
+typedef struct _libssh2_publickey_list {
+	unsigned char *packet; /* For freeing */
+
+	unsigned char *name;
+	unsigned long name_len;
+	unsigned char *blob;
+	unsigned long blob_len;
+	unsigned long num_attrs;
+	libssh2_publickey_attribute *attrs; /* free me */
+} libssh2_publickey_list;
+
+/* Generally use the first macro here, but if both name and value are string literals, you can use _fast() to take advantage of preprocessing */
+#define libssh2_publickey_attribute(name, value, mandatory) 		{ (name), strlen(name), (value), strlen(value), (mandatory) },
+#define libssh2_publickey_attribute_fast(name, value, mandatory)	{ (name), sizeof(name) - 1, (value), sizeof(value) - 1, (mandatory) },
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Publickey Subsystem */
+LIBSSH2_API LIBSSH2_PUBLICKEY *libssh2_publickey_init(LIBSSH2_SESSION *session);
+
+LIBSSH2_API int libssh2_publickey_add_ex(LIBSSH2_PUBLICKEY *pkey, const unsigned char *name, unsigned long name_len,
+															const unsigned char *blob, unsigned long blob_len, char overwrite,
+															unsigned long num_attrs, libssh2_publickey_attribute attrs[]);
+#define libssh2_publickey_add(pkey, name, blob, blob_len, overwrite, num_attrs, attrs) \
+		libssh2_publickey_add_ex((pkey), (name), strlen(name), (blob), (blob_len), (overwrite), (num_attrs), (attrs))
+
+LIBSSH2_API int libssh2_publickey_remove_ex(LIBSSH2_PUBLICKEY *pkey, const unsigned char *name, unsigned long name_len,
+															const unsigned char *blob, unsigned long blob_len);
+#define libssh2_publickey_remove(pkey, name, blob, blob_len) \
+		libssh2_publickey_remove_ex((pkey), (name), strlen(name), (blob), (blob_len))
+
+LIBSSH2_API int libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY *pkey, unsigned long *num_keys, libssh2_publickey_list **pkey_list);
+LIBSSH2_API void libssh2_publickey_list_free(LIBSSH2_PUBLICKEY *pkey, libssh2_publickey_list *pkey_list);
+
+LIBSSH2_API void libssh2_publickey_shutdown(LIBSSH2_PUBLICKEY *pkey);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* ndef: LIBSSH2_PUBLICKEY_H */

include/libssh2_sftp.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -38,6 +38,10 @@
 #ifndef LIBSSH2_SFTP_H
 #define LIBSSH2_SFTP_H 1
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* Note: Version 6 was documented at the time of writing
  * However it was marked as "DO NOT IMPLEMENT" due to pending changes
  *
@@ -187,4 +191,8 @@ LIBSSH2_API int libssh2_sftp_symlink_ex(LIBSSH2_SFTP *sftp, const char *path, in
 #define libssh2_sftp_readlink(sftp, path, target, maxlen)	libssh2_sftp_symlink_ex((sftp), (path), strlen(path), (target), (maxlen), LIBSSH2_SFTP_READLINK)
 #define libssh2_sftp_realpath(sftp, path, target, maxlen)	libssh2_sftp_symlink_ex((sftp), (path), strlen(path), (target), (maxlen), LIBSSH2_SFTP_REALPATH)
 
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
 #endif /* LIBSSH2_SFTP_H */

src/Makefile.in

@@ -1,4 +1,4 @@
-OBJECTS = channel.o comp.o crypt.o hostkey.o kex.o mac.o misc.o packet.o scp.o session.o sftp.o userauth.o
+OBJECTS = channel.o comp.o crypt.o hostkey.o kex.o mac.o misc.o packet.o publickey.o scp.o session.o sftp.o userauth.o
 
 top_srcdir = @top_srcdir@
 prefix = @prefix@
@@ -7,8 +7,10 @@ libdir = @exec_prefix@/lib
 incldir = @prefix@/include
 
 CC = @CC@
-CFLAGS = -c @CFLAGS@ -Wall -g -I../include/ -fPIC
+LDCC = @LDCC@
+CFLAGS = -c @CFLAGS@ -Wall -I../include/ -fPIC
 LDFLAGS = @LDFLAGS@
+SHLIB_LDFLAGS = @SHLIB_LDFLAGS@
 LIBS = @LIBS@
 INSTALL = @INSTALL@
 
@@ -36,6 +38,9 @@ misc.o: misc.c
 packet.o: packet.c
 	$(CC) -o packet.o packet.c $(CFLAGS) $(LIBS)
 
+publickey.o: publickey.c
+	$(CC) -o publickey.o publickey.c $(CFLAGS) $(LIBS)
+
 scp.o: scp.c
 	$(CC) -o scp.o scp.c $(CFLAGS) $(LIBS)
 
@@ -51,7 +56,7 @@ userauth.o: userauth.c
 all: libssh2.@SHLIB_SUFFIX_NAME@
 
 libssh2.@SHLIB_SUFFIX_NAME@: $(OBJECTS)
-	$(CC) -o libssh2.@SHLIB_SUFFIX_NAME@ $(SHLIB_LDFLAGS) $(OBJECTS) $(LIBS) $(LDFLAGS) @SHLIB_LDFLAGS@
+	$(LDCC) -o libssh2.@SHLIB_SUFFIX_NAME@ $(SHLIB_LDFLAGS) $(OBJECTS) $(LIBS) $(LDFLAGS)
 libssh2.a: $(OBJECTS)
 	rm -f libssh2.a
 	ar q libssh2.a $(OBJECTS)

src/channel.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -598,8 +598,8 @@ LIBSSH2_API int libssh2_channel_x11_req_ex(LIBSSH2_CHANNEL *channel, int single_
 	unsigned long data_len;
 	unsigned long proto_len = auth_proto ? strlen(auth_proto) : (sizeof("MIT-MAGIC-COOKIE-1") - 1);
 	unsigned long cookie_len = auth_cookie ? strlen(auth_cookie) : LIBSSH2_X11_RANDOM_COOKIE_LEN;
-	unsigned long packet_len = proto_len + cookie_len + 41; /*  packet_type(1) + channel(4) + x11_req_len(4) + "x11-req"(7) + want_reply(1) +
-																single_cnx(4) + proto_len(4) + cookie_len(4) + screen_num(4) */
+	unsigned long packet_len = proto_len + cookie_len + 30; /*  packet_type(1) + channel(4) + x11_req_len(4) + "x11-req"(7) + want_reply(1) +
+																single_cnx(1) + proto_len(4) + cookie_len(4) + screen_num(4) */
 
 #ifdef LIBSSH2_DEBUG_CONNECTION
 	_libssh2_debug(session, LIBSSH2_DBG_CONN, "Requesting x11-req for channel %lu/%lu: single=%d proto=%s cookie=%s screen=%d",
@@ -626,7 +626,7 @@ LIBSSH2_API int libssh2_channel_x11_req_ex(LIBSSH2_CHANNEL *channel, int single_
 	memcpy(s, auth_proto ? auth_proto : "MIT-MAGIC-COOKIE-1", proto_len);
 																s += proto_len;
 
-	libssh2_htonu32(s, cookie_len);
+	libssh2_htonu32(s, cookie_len);								s += 4;
 	if (auth_cookie) {
 		memcpy(s, auth_cookie, cookie_len);
 	} else {
@@ -643,14 +643,19 @@ LIBSSH2_API int libssh2_channel_x11_req_ex(LIBSSH2_CHANNEL *channel, int single_
 	libssh2_htonu32(s, screen_number);							s += 4;
 
 	if (libssh2_packet_write(session, packet, packet_len)) {
-		libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send pty-request packet", 0);
+		libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send x11-req packet", 0);
 		LIBSSH2_FREE(session, packet);
 		return -1;
 	}
 	LIBSSH2_FREE(session, packet);
 
 	libssh2_htonu32(local_channel, channel->local.id);
+
 	if (libssh2_packet_requirev_ex(session, reply_codes, &data, &data_len, 1, local_channel, 4)) {
+		return -1;
+	}
+
+	if (data[0] == SSH_MSG_CHANNEL_SUCCESS) {
 		LIBSSH2_FREE(session, data);
 		return 0;
 	}
@@ -1099,6 +1104,7 @@ LIBSSH2_API int libssh2_channel_close(LIBSSH2_CHANNEL *channel)
 	if (channel->close_cb) {
 		LIBSSH2_CHANNEL_CLOSE(session, channel);
 	}
+	channel->local.close = 1;
 
 	packet[0] = SSH_MSG_CHANNEL_CLOSE;
 	libssh2_htonu32(packet + 1, channel->remote.id);
@@ -1106,7 +1112,6 @@ LIBSSH2_API int libssh2_channel_close(LIBSSH2_CHANNEL *channel)
 		libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send close-channel request", 0);
 		return -1;
 	}
-	channel->local.close = 1;
 
 	/* TODO: Wait up to a timeout value for a CHANNEL_CLOSE to come back, to avoid the problem alluded to in channel_nextid */
 

src/comp.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,

src/crypt.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,

src/hostkey.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,

src/kex.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -68,7 +68,7 @@
 /* {{{ libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange
  * Diffie Hellman Key Exchange, Group Agnostic
  */
-static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session, BIGNUM *g, BIGNUM *p,
+static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session, BIGNUM *g, BIGNUM *p, int group_order,
 																		unsigned char packet_type_init, unsigned char packet_type_reply,
 																		unsigned char *midhash, unsigned long midhash_len)
 {
@@ -85,7 +85,7 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
 	SHA_CTX exchange_hash;
 
 	/* Generate x and e */
-	BN_rand(x, 128, 0, -1);
+	BN_rand(x, group_order, 0, -1);
 	BN_mod_exp(e, g, x, p, ctx);
 
 	/* Send KEX init */
@@ -118,6 +118,26 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
 		goto clean_exit;
 	}
 
+	if (session->burn_optimistic_kexinit) {
+		/* The first KEX packet to come along will be the guess initially sent by the server
+		 * That guess turned out to be wrong so we need to silently ignore it */
+		int burn_type;
+#ifdef LIBSSH2_DEBUG_KEX
+	_libssh2_debug(session, LIBSSH2_DBG_KEX, "Waiting for badly guessed KEX packet (to be ignored)");
+#endif
+		burn_type = libssh2_packet_burn(session);
+		if (burn_type <= 0) {
+			/* Failed to receive a packet */
+			ret = -1;
+			goto clean_exit;
+		}
+		session->burn_optimistic_kexinit = 0;
+
+#ifdef LIBSSH2_DEBUG_KEX
+	_libssh2_debug(session, LIBSSH2_DBG_KEX, "Burnt packet of type: %02x", (unsigned int)burn_type);
+#endif
+	}
+
 	/* Wait for KEX reply */
 	if (libssh2_packet_require(session, packet_type_reply, &s_packet, &s_packet_len)) {
 		libssh2_error(session, LIBSSH2_ERROR_TIMEOUT, "Timed out waiting for KEX reply", 0);
@@ -314,6 +334,7 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
 	/* Calculate IV/Secret/Key for each direction */
 	if (session->local.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP) {
 		if (session->local.crypt_abstract) {
+			EVP_CIPHER_CTX_cleanup(session->local.crypt_abstract);
 			LIBSSH2_FREE(session, session->local.crypt_abstract);
 			session->local.crypt_abstract = NULL;
 		}
@@ -342,6 +363,7 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
 				ret = -1;
 				goto clean_exit;
 			}
+			EVP_CIPHER_CTX_init(ctx);
 			EVP_CipherInit(ctx, cipher, secret, iv, 1);
 			session->local.crypt_abstract = ctx;
 			free_iv = 1;
@@ -366,6 +388,7 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
 
 	if (session->remote.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP) {
 		if (session->remote.crypt_abstract) {
+			EVP_CIPHER_CTX_cleanup(session->remote.crypt_abstract);
 			LIBSSH2_FREE(session, session->remote.crypt_abstract);
 			session->remote.crypt_abstract = NULL;
 		}
@@ -394,6 +417,7 @@ static int libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_S
 				ret = -1;
 				goto clean_exit;
 			}
+			EVP_CIPHER_CTX_init(ctx);
 			EVP_CipherInit(ctx, cipher, secret, iv, 0);
 			session->remote.crypt_abstract = ctx;
 			free_iv = 1;
@@ -518,7 +542,7 @@ static int libssh2_kex_method_diffie_hellman_group1_sha1_key_exchange(LIBSSH2_SE
 #ifdef LIBSSH2_DEBUG_KEX
 	_libssh2_debug(session, LIBSSH2_DBG_KEX, "Initiating Diffie-Hellman Group1 Key Exchange");
 #endif
-	ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, SSH_MSG_KEXDH_INIT, SSH_MSG_KEXDH_REPLY, NULL, 0);
+	ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, 128, SSH_MSG_KEXDH_INIT, SSH_MSG_KEXDH_REPLY, NULL, 0);
 
 	BN_clear_free(p);
 	BN_clear_free(g);
@@ -577,7 +601,7 @@ static int libssh2_kex_method_diffie_hellman_group14_sha1_key_exchange(LIBSSH2_S
 #ifdef LIBSSH2_DEBUG_KEX
 	_libssh2_debug(session, LIBSSH2_DBG_KEX, "Initiating Diffie-Hellman Group14 Key Exchange");
 #endif
-	ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, SSH_MSG_KEXDH_INIT, SSH_MSG_KEXDH_REPLY, NULL, 0);
+	ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, 256, SSH_MSG_KEXDH_INIT, SSH_MSG_KEXDH_REPLY, NULL, 0);
 
 	BN_clear_free(p);
 	BN_clear_free(g);
@@ -593,7 +617,7 @@ static int libssh2_kex_method_diffie_hellman_group14_sha1_key_exchange(LIBSSH2_S
 static int libssh2_kex_method_diffie_hellman_group_exchange_sha1_key_exchange(LIBSSH2_SESSION *session)
 {
 	unsigned char request[13], *s, *data;
-	unsigned long data_len, len, request_len;
+	unsigned long data_len, p_len, g_len, request_len;
 	BIGNUM *p = BN_new();
 	BIGNUM *g = BN_new();
 	int ret;
@@ -630,13 +654,13 @@ static int libssh2_kex_method_diffie_hellman_group_exchange_sha1_key_exchange(LI
 	}
 
 	s = data + 1;
-	len = libssh2_ntohu32(s);						s += 4;
-	BN_bin2bn(s, len, p);							s += len;
+	p_len = libssh2_ntohu32(s);						s += 4;
+	BN_bin2bn(s, p_len, p);							s += p_len;
 
-	len = libssh2_ntohu32(s);						s += 4;
-	BN_bin2bn(s, len, g);							s += len;
+	g_len = libssh2_ntohu32(s);						s += 4;
+	BN_bin2bn(s, g_len, g);							s += g_len;
 
-	ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, SSH_MSG_KEX_DH_GEX_INIT, SSH_MSG_KEX_DH_GEX_REPLY, data + 1, data_len - 1);
+	ret = libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, g, p, p_len, SSH_MSG_KEX_DH_GEX_INIT, SSH_MSG_KEX_DH_GEX_REPLY, data + 1, data_len - 1);
 
 	LIBSSH2_FREE(session, data);
 
@@ -963,9 +987,9 @@ static int libssh2_kex_agree_kex_hostkey(LIBSSH2_SESSION *session, unsigned char
 		s = session->kex_prefs;
 
 		while (s && *s) {
-			unsigned char *p = strchr(s, ',');
+			unsigned char *q, *p = strchr(s, ',');
 			int method_len = (p ? (p - s) : strlen(s));
-			if (libssh2_kex_agree_instr(kex, kex_len, s, method_len)) {
+			if ((q = libssh2_kex_agree_instr(kex, kex_len, s, method_len))) {
 				LIBSSH2_KEX_METHOD *method = (LIBSSH2_KEX_METHOD*)libssh2_get_method_by_name(s, method_len, (LIBSSH2_COMMON_METHOD**)kexp);
 
 				if (!method) {
@@ -978,6 +1002,12 @@ static int libssh2_kex_agree_kex_hostkey(LIBSSH2_SESSION *session, unsigned char
 				 */
 				if (libssh2_kex_agree_hostkey(session, method->flags, hostkey, hostkey_len) == 0) {
 					session->kex = method;
+					if (session->burn_optimistic_kexinit && (kex == q)) {
+						/* Server sent an optimistic packet,
+						 * and client agrees with preference
+						 * cancel burning the first KEX_INIT packet that comes in */
+						session->burn_optimistic_kexinit = 0;
+					}
 					return 0;
 				}
 			}
@@ -995,6 +1025,12 @@ static int libssh2_kex_agree_kex_hostkey(LIBSSH2_SESSION *session, unsigned char
 			 */
 			if (libssh2_kex_agree_hostkey(session, (*kexp)->flags, hostkey, hostkey_len) == 0) {
 				session->kex = *kexp;
+				if (session->burn_optimistic_kexinit && (kex == s)) {
+					/* Server sent an optimistic packet,
+					 * and client agrees with preference
+					 * cancel burning the first KEX_INIT packet that comes in */
+					session->burn_optimistic_kexinit = 0;
+				}
 				return 0;
 			}
 		}
@@ -1170,6 +1206,12 @@ static int libssh2_kex_agree_methods(LIBSSH2_SESSION *session, unsigned char *da
 	lang_cs_len		= libssh2_ntohu32(s);		lang_cs		= s + 4;		s += 4 + lang_cs_len;
 	lang_sc_len		= libssh2_ntohu32(s);		lang_sc		= s + 4;		s += 4 + lang_sc_len;
 
+	/* If the server sent an optimistic packet, assume that it guessed wrong.
+	 * If the guess is determined to be right (by libssh2_kex_agree_kex_hostkey)
+	 * This flag will be reset to zero so that it's not ignored */
+	session->burn_optimistic_kexinit = *(s++);
+	/* Next uint32 in packet is all zeros (reserved) */
+
 	if (libssh2_kex_agree_kex_hostkey(session, kex, kex_len, hostkey, hostkey_len)) {
 		return -1;
 	}
@@ -1244,7 +1286,23 @@ int libssh2_kex_exchange(LIBSSH2_SESSION *session, int reexchange) /* session->f
 	}
 
 	if (!session->kex || !session->hostkey) {
+		/* Preserve in case of failure */
+		unsigned char *oldlocal = session->local.kexinit;
+		unsigned long oldlocal_len = session->local.kexinit_len;
+
+		session->local.kexinit = NULL;
+		if (libssh2_kexinit(session)) {
+			session->local.kexinit = oldlocal;
+			session->local.kexinit_len = oldlocal_len;
+			return -1;
+		}
+
 		if (libssh2_packet_require(session, SSH_MSG_KEXINIT, &data, &data_len)) {
+			if (session->local.kexinit) {
+				LIBSSH2_FREE(session, session->local.kexinit);
+			}
+			session->local.kexinit = oldlocal;
+			session->local.kexinit_len = oldlocal_len;
 			return -1;
 		}
 
@@ -1254,10 +1312,6 @@ int libssh2_kex_exchange(LIBSSH2_SESSION *session, int reexchange) /* session->f
 		session->remote.kexinit = data;
 		session->remote.kexinit_len = data_len;
 
-		if (libssh2_kexinit(session)) {
-			return -1;
-		}
-
 		if (libssh2_kex_agree_methods(session, data, data_len)) {
 			return -1;
 		}

src/mac.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,

src/misc.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -179,9 +179,18 @@ void _libssh2_debug(LIBSSH2_SESSION *session, int context, const char *format, .
 	char buffer[1536];
 	int len;
 	va_list vargs;
-	char *contexts[8] = { "Unknown", "Transport", "Key Exhange", "Userauth", "Connection", "scp", "SFTP", "Failure Event" };
+	char *contexts[9] = {	"Unknown",
+							"Transport",
+							"Key Exhange",
+							"Userauth",
+							"Connection",
+							"scp",
+							"SFTP Subsystem",
+							"Failure Event",
+							"Publickey Subsystem",
+						 };
 
-	if (context < 1 || context > 6) {
+	if (context < 1 || context > 8) {
 		context = 0;
 	}
 

src/packet.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -640,9 +640,9 @@ static int libssh2_blocking_read(LIBSSH2_SESSION *session, unsigned char *buf, s
 #ifdef WIN32
 			switch (WSAGetLastError()) {
 				case WSAEWOULDBLOCK:	errno = EAGAIN;		break;
+				case WSAENOTSOCK:		errno = EBADF;		break;
 				case WSAENOTCONN:
-				case WSAENOTSOCK:
-				case WSAECONNABORTED:	errno = EBADF;		break;
+				case WSAECONNABORTED:	errno = ENOTCONN;	break;
 				case WSAEINTR:			errno = EINTR;		break;
 			}
 #endif
@@ -680,7 +680,7 @@ static int libssh2_blocking_read(LIBSSH2_SESSION *session, unsigned char *buf, s
 			if (errno == EINTR) {
 				continue;
 			}
-			if ((errno == EBADF) || (errno == EIO)) {
+			if ((errno == EBADF) || (errno == EIO) || (errno == ENOTCONN)) {
 				session->socket_state = LIBSSH2_SOCKET_DISCONNECTED;
 			}
 			return -1;
@@ -862,9 +862,9 @@ int libssh2_packet_read(LIBSSH2_SESSION *session, int should_block)
 			}
 		}
 
+		packet_type = payload[0];
 		libssh2_packet_add(session, payload, payload_len, macstate);
 
-		packet_type = payload[0];
 	} else { /* No cipher active */
 		unsigned char *payload;
 		unsigned char buf[24];
@@ -893,6 +893,10 @@ int libssh2_packet_read(LIBSSH2_SESSION *session, int should_block)
 
 		payload_len = packet_length - padding_length - 1; /* padding_length(1) */
 		payload = LIBSSH2_ALLOC(session, payload_len);
+		if (!payload) {
+			libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate memory for copy of plaintext data", 0);
+			return -1;
+		}
 
 		if (libssh2_blocking_read(session, payload, payload_len) < payload_len) {
 			return (session->socket_state == LIBSSH2_SOCKET_DISCONNECTED) ? 0 : -1;
@@ -907,11 +911,11 @@ int libssh2_packet_read(LIBSSH2_SESSION *session, int should_block)
 				break;
 		}
 
+		packet_type = payload[0];
+
 		/* MACs don't exist in non-encrypted mode */
 		libssh2_packet_add(session, payload, payload_len, LIBSSH2_MAC_CONFIRMED);
 		session->remote.seqno++;
-
-		packet_type = payload[0];
 	}
 	return packet_type;
 }
@@ -936,7 +940,7 @@ int libssh2_packet_ask_ex(LIBSSH2_SESSION *session, unsigned char packet_type, u
 	while (packet) {
 		if (packet->data[0] == packet_type &&
 			(packet->data_len >= (match_ofs + match_len)) &&
-			(!match_buf || (strncmp(packet->data + match_ofs, match_buf, match_len) == 0))) {
+			(!match_buf || (memcmp(packet->data + match_ofs, match_buf, match_len) == 0))) {
 			*data = packet->data;
 			*data_len = packet->data_len;
 
@@ -1013,6 +1017,48 @@ int libssh2_packet_require_ex(LIBSSH2_SESSION *session, unsigned char packet_typ
 }
 /* }}} */
 
+/* {{{ libssh2_packet_burn
+ * Loops libssh2_packet_read() until any packet is available and promptly discards it
+ * Used during KEX exchange to discard badly guessed KEX_INIT packets
+ */
+int libssh2_packet_burn(LIBSSH2_SESSION *session)
+{
+	unsigned char *data;
+	unsigned long data_len;
+	char all_packets[255];
+	int i;
+	for(i = 1; i < 256; i++) all_packets[i - 1] = i;
+
+	if (libssh2_packet_askv_ex(session, all_packets, &data, &data_len, 0, NULL, 0, 0) == 0) {
+		i = data[0];
+		/* A packet was available in the packet brigade, burn it */
+		LIBSSH2_FREE(session, data);
+		return i;
+	}
+
+#ifdef LIBSSH2_DEBUG_TRANSPORT
+	_libssh2_debug(session, LIBSSH2_DBG_TRANS, "Blocking until packet becomes available to burn");
+#endif
+	while (session->socket_state == LIBSSH2_SOCKET_CONNECTED) {
+		int ret = libssh2_packet_read(session, 1);
+		if (ret < 0) {
+			return -1;
+		}
+		if (ret == 0) continue;
+
+		/* Be lazy, let packet_ask pull it out of the brigade */
+		if (0 == libssh2_packet_ask_ex(session, ret, &data, &data_len, 0, NULL, 0, 0)) {
+			/* Smoke 'em if you got 'em */
+			LIBSSH2_FREE(session, data);
+			return ret;
+		}
+	}
+
+	/* Only reached if the socket died */
+	return -1;
+}
+/* }}} */
+
 /* {{{ libssh2_packet_requirev
  * Loops libssh2_packet_read() until one of a list of packet types requested is available
  * SSH_DISCONNECT or a SOCKET_DISCONNECTED will cause a bailout

src/publickey.c

@@ -0,0 +1,728 @@
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+#include "libssh2_priv.h"
+#include "libssh2_publickey.h"
+
+struct _LIBSSH2_PUBLICKEY {
+	LIBSSH2_CHANNEL *channel;
+	unsigned long version;
+};
+
+#define LIBSSH2_PUBLICKEY_VERSION				2
+
+/* Numericised response codes -- Not IETF standard, just a local representation */
+#define LIBSSH2_PUBLICKEY_RESPONSE_STATUS		0
+#define LIBSSH2_PUBLICKEY_RESPONSE_VERSION		1
+#define LIBSSH2_PUBLICKEY_RESPONSE_PUBLICKEY	2
+
+typedef struct _LIBSSH2_PUBLICKEY_CODE_LIST {
+	int code;
+	char *name;
+	int name_len;
+} LIBSSH2_PUBLICKEY_CODE_LIST;
+
+static LIBSSH2_PUBLICKEY_CODE_LIST libssh2_publickey_response_codes[] = {
+	{ LIBSSH2_PUBLICKEY_RESPONSE_STATUS, "status", sizeof("status") - 1 },
+	{ LIBSSH2_PUBLICKEY_RESPONSE_VERSION, "version", sizeof("version") - 1 },
+	{ LIBSSH2_PUBLICKEY_RESPONSE_PUBLICKEY, "publickey", sizeof("publickey") - 1 },
+	{ 0, NULL, 0 }
+};
+
+/* PUBLICKEY status codes -- IETF defined */
+#define LIBSSH2_PUBLICKEY_SUCCESS				0
+#define LIBSSH2_PUBLICKEY_ACCESS_DENIED			1
+#define LIBSSH2_PUBLICKEY_STORAGE_EXCEEDED		2
+#define LIBSSH2_PUBLICKEY_VERSION_NOT_SUPPORTED	3
+#define LIBSSH2_PUBLICKEY_KEY_NOT_FOUND			4
+#define LIBSSH2_PUBLICKEY_KEY_NOT_SUPPORTED		5
+#define LIBSSH2_PUBLICKEY_KEY_ALREADY_PRESENT	6
+#define LIBSSH2_PUBLICKEY_GENERAL_FAILURE		7
+#define LIBSSH2_PUBLICKEY_REQUEST_NOT_SUPPORTED	8
+
+#define LIBSSH2_PUBLICKEY_STATUS_CODE_MAX		8
+
+static LIBSSH2_PUBLICKEY_CODE_LIST libssh2_publickey_status_codes[] = {
+	{ LIBSSH2_PUBLICKEY_SUCCESS,				"success",					sizeof("success") - 1 },
+	{ LIBSSH2_PUBLICKEY_ACCESS_DENIED,			"access denied",			sizeof("access denied") - 1 },
+	{ LIBSSH2_PUBLICKEY_STORAGE_EXCEEDED,		"storage exceeded",			sizeof("storage exceeded") - 1 },
+	{ LIBSSH2_PUBLICKEY_VERSION_NOT_SUPPORTED,	"version not supported",	sizeof("version not supported") - 1 },
+	{ LIBSSH2_PUBLICKEY_KEY_NOT_FOUND,			"key not found",			sizeof("key not found") - 1 },
+	{ LIBSSH2_PUBLICKEY_KEY_NOT_SUPPORTED,		"key not supported",		sizeof("key not supported") - 1 },
+	{ LIBSSH2_PUBLICKEY_KEY_ALREADY_PRESENT,	"key already present",		sizeof("key already present") - 1 },
+	{ LIBSSH2_PUBLICKEY_GENERAL_FAILURE,		"general failure",			sizeof("general failure") - 1 },
+	{ LIBSSH2_PUBLICKEY_REQUEST_NOT_SUPPORTED,	"request not supported",	sizeof("request not supported") - 1 },
+	{ 0, NULL, 0 }
+};
+
+/* {{{ libssh2_publickey_status_error
+ * Format an error message from a status code
+ */
+#define LIBSSH2_PUBLICKEY_STATUS_TEXT_START		"Publickey Subsystem Error: \""
+#define LIBSSH2_PUBLICKEY_STATUS_TEXT_MID		"\" Server Resports: \""
+#define LIBSSH2_PUBLICKEY_STATUS_TEXT_END		"\""
+static void libssh2_publickey_status_error(LIBSSH2_PUBLICKEY *pkey, LIBSSH2_SESSION *session, int status, unsigned char *message, int message_len)
+{
+	char *status_text;
+	int status_text_len;
+	char *m, *s;
+	int m_len;
+
+	/* GENERAL_FAILURE got remapped between version 1 and 2 */
+	if (status == 6 && pkey && pkey->version == 1) {
+		status = 7;
+	}
+
+	if (status < 0 || status > LIBSSH2_PUBLICKEY_STATUS_CODE_MAX) {
+		status_text = "unknown";
+		status_text_len = sizeof("unknown") - 1;
+	} else {
+		status_text = libssh2_publickey_status_codes[status].name;
+		status_text_len = libssh2_publickey_status_codes[status].name_len;
+	}
+
+	m_len = (sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_START) - 1) + status_text_len + 
+			(sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_MID) - 1) + message_len +
+			(sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_END) - 1);
+	m = LIBSSH2_ALLOC(session, m_len + 1);
+	if (!m) {
+		libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate memory for status message", 0);
+		return;
+	}
+	s = m;
+	memcpy(s, LIBSSH2_PUBLICKEY_STATUS_TEXT_START, sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_START) - 1);
+															s += sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_START) - 1;
+	memcpy(s, status_text, status_text_len);				s += status_text_len;
+	memcpy(s, LIBSSH2_PUBLICKEY_STATUS_TEXT_MID, sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_MID) - 1);
+															s += sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_MID) - 1;
+	memcpy(s, message, message_len);						s += message_len;
+	memcpy(s, LIBSSH2_PUBLICKEY_STATUS_TEXT_END, sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_END) - 1);
+															s += sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_END);
+	libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, m, 1);
+}
+/* }}} */
+
+/* {{{ libssh2_publickey_packet_receive
+ * Read a packet from the subsystem
+ */
+static int libssh2_publickey_packet_receive(LIBSSH2_PUBLICKEY *pkey, unsigned char **data, unsigned long *data_len)
+{
+	LIBSSH2_CHANNEL *channel = pkey->channel;
+	LIBSSH2_SESSION *session = channel->session;
+	unsigned char buffer[4];
+	unsigned long packet_len;
+	unsigned char *packet;
+
+	if (libssh2_channel_read(channel, buffer, 4) != 4) {
+		libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, "Invalid response from publickey subsystem", 0);
+		return -1;
+	}
+
+	packet_len = libssh2_ntohu32(buffer);
+	packet = LIBSSH2_ALLOC(session, packet_len);
+	if (!packet) {
+		libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate publickey response buffer", 0);
+		return -1;
+	}
+
+	if (libssh2_channel_read(channel, packet, packet_len) != packet_len) {
+		libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, "Timeout waiting for publickey subsystem response packet", 0);
+		LIBSSH2_FREE(session, packet);
+		return -1;
+	}
+
+	*data = packet;
+	*data_len = packet_len;
+
+	return 0;
+}
+/* }}} */
+
+/* {{{ libssh2_publickey_response_id
+ * Translate a string response name to a numeric code
+ * Data will be incremented by 4 + response_len on success only
+ */
+static int libssh2_publickey_response_id(unsigned char **pdata, int data_len)
+{
+	unsigned long response_len;
+	unsigned char *data = *pdata;
+	LIBSSH2_PUBLICKEY_CODE_LIST *codes = libssh2_publickey_response_codes;
+
+	if (data_len < 4) {
+		/* Malformed response */
+		return -1;
+	}
+	response_len = libssh2_ntohu32(data);			data += 4;			data_len -= 4;
+	if (data_len < response_len) {
+		/* Malformed response */
+		return -1;
+	}
+
+	while (codes->name) {
+		if (codes->name_len == response_len &&
+			strncmp(codes->name, data, response_len) == 0) {
+			*pdata = data + response_len;
+			return codes->code;
+		}
+		codes++;
+	}
+
+	return -1;
+}
+/* }}} */
+
+/* {{{ libssh2_publickey_response_success
+ * Generic helper routine to wait for success response and nothing else
+ */
+static int libssh2_publickey_response_success(LIBSSH2_PUBLICKEY *pkey)
+{
+	LIBSSH2_SESSION *session = pkey->channel->session;
+	unsigned char *data, *s;
+	unsigned long data_len, response;
+
+	while (1) {
+		if (libssh2_publickey_packet_receive(pkey, &data, &data_len)) {
+			libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, "Timeout waiting for response from publickey subsystem", 0);
+			return -1;
+		}
+
+		s = data;
+		if ((response = libssh2_publickey_response_id(&s, data_len)) < 0) {
+			libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, "Invalid publickey subsystem response code", 0);
+			LIBSSH2_FREE(session, data);
+			return -1;
+		}
+
+		switch (response) {
+			case LIBSSH2_PUBLICKEY_RESPONSE_STATUS:
+			/* Error, or processing complete */
+			{
+				unsigned long status, descr_len, lang_len;
+				unsigned char *descr, *lang;
+				
+				status = libssh2_ntohu32(s);					s += 4;
+				descr_len = libssh2_ntohu32(s);					s += 4;
+				descr = s;										s += descr_len;
+				lang_len = libssh2_ntohu32(s);					s += 4;
+				lang = s;										s += lang_len;
+
+				if (s > data + data_len) {
+					libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, "Malformed publickey subsystem packet", 0);
+					LIBSSH2_FREE(session, data);
+					return -1;
+				}
+
+				if (status == LIBSSH2_PUBLICKEY_SUCCESS) {
+					LIBSSH2_FREE(session, data);
+					return 0;
+				}
+
+				libssh2_publickey_status_error(pkey, session, status, descr, descr_len);
+				LIBSSH2_FREE(session, data);
+				return -1;
+			}
+			default:
+				/* Unknown/Unexpected */
+				libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, "Unexpected publickey subsystem response, ignoring", 0);
+				LIBSSH2_FREE(session, data);
+				data = NULL;
+		}
+	}
+	/* never reached, but include `return` to silence compiler warnings */
+	return -1;
+}
+/* }}} */
+
+
+/* *****************
+   * Publickey API *
+   ***************** */
+
+/* {{{ libssh2_publickey_init
+ * Startup the publickey subsystem
+ */
+LIBSSH2_API LIBSSH2_PUBLICKEY *libssh2_publickey_init(LIBSSH2_SESSION *session)
+{
+	LIBSSH2_PUBLICKEY *pkey = NULL;
+	LIBSSH2_CHANNEL *channel = NULL;
+	unsigned char buffer[19];
+	/*	packet_len(4) + 
+		version_len(4) + 
+		"version"(7) + 
+		version_num(4) */
+	unsigned char *s, *data = NULL;
+	unsigned long data_len;
+	int response;
+
+#ifdef LIBSSH2_DEBUG_PUBLICKEY
+	_libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Initializing publickey subsystem");
+#endif
+
+	channel = libssh2_channel_open_session(session);
+	if (!channel) {
+		libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE, "Unable to startup channel", 0);
+		goto err_exit;
+	}
+	if (libssh2_channel_subsystem(channel, "publickey")) {
+		libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE, "Unable to request publickey subsystem", 0);
+		goto err_exit;
+	}
+
+	libssh2_channel_set_blocking(channel, 1);
+	libssh2_channel_handle_extended_data(channel, LIBSSH2_CHANNEL_EXTENDED_DATA_IGNORE);
+
+	pkey = LIBSSH2_ALLOC(session, sizeof(LIBSSH2_PUBLICKEY));
+	if (!pkey) {
+		libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate a new publickey structure", 0);
+		goto err_exit;
+	}
+	pkey->channel = channel;
+	pkey->version = 0;
+
+	s = buffer;
+	libssh2_htonu32(s, 4 + (sizeof("version") - 1) + 4);	s += 4;
+	libssh2_htonu32(s, sizeof("version") - 1);				s += 4;
+	memcpy(s, "version", sizeof("version") - 1);			s += sizeof("version") - 1;
+	libssh2_htonu32(s, LIBSSH2_PUBLICKEY_VERSION);			s += 4;
+
+#ifdef LIBSSH2_DEBUG_PUBLICKEY
+	_libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Sending publickey version packet advertising version %d support", (int)LIBSSH2_PUBLICKEY_VERSION);
+#endif
+    if ((s - buffer) != libssh2_channel_write(channel, buffer, (s - buffer))) {
+        libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send publickey version packet", 0);
+		goto err_exit;
+    }
+
+	while (1) {
+		if (libssh2_publickey_packet_receive(pkey, &data, &data_len)) {
+			libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, "Timeout waiting for response from publickey subsystem", 0);
+			goto err_exit;
+		}
+
+		s = data;
+		if ((response = libssh2_publickey_response_id(&s, data_len)) < 0) {
+			libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, "Invalid publickey subsystem response code", 0);
+			goto err_exit;
+		}
+
+		switch (response) {
+			case LIBSSH2_PUBLICKEY_RESPONSE_STATUS:
+			/* Error */
+			{
+				unsigned long status, descr_len, lang_len;
+				unsigned char *descr, *lang;
+				
+				status = libssh2_ntohu32(s);					s += 4;
+				descr_len = libssh2_ntohu32(s);					s += 4;
+				descr = s;										s += descr_len;
+				lang_len = libssh2_ntohu32(s);					s += 4;
+				lang = s;										s += lang_len;
+
+				if (s > data + data_len) {
+					libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, "Malformed publickey subsystem packet", 0);
+					goto err_exit;
+				}
+
+				libssh2_publickey_status_error(NULL, session, status, descr, descr_len);
+				goto err_exit;
+			}
+			case LIBSSH2_PUBLICKEY_RESPONSE_VERSION:
+				/* What we want */
+				pkey->version = libssh2_ntohu32(s);
+				if (pkey->version > LIBSSH2_PUBLICKEY_VERSION) {
+#ifdef LIBSSH2_DEBUG_PUBLICKEY
+					_libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Truncating remote publickey version from %lu", pkey->version);
+#endif
+					pkey->version = LIBSSH2_PUBLICKEY_VERSION;
+				}
+#ifdef LIBSSH2_DEBUG_PUBLICKEY
+				_libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Enabling publickey subsystem version %lu", pkey->version);
+#endif
+				LIBSSH2_FREE(session, data);
+				return pkey;
+			default:
+				/* Unknown/Unexpected */
+				libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, "Unexpected publickey subsystem response, ignoring", 0);
+				LIBSSH2_FREE(session, data);
+				data = NULL;
+		}
+	}
+
+	/* Never reached except by direct goto */
+ err_exit:
+	if (channel) {
+		libssh2_channel_close(channel);
+	}
+	if (pkey) {
+		LIBSSH2_FREE(session, pkey);
+	}
+	if (data) {
+		LIBSSH2_FREE(session, data);
+	}
+	return NULL;
+}
+/* }}} */
+
+/* {{{ libssh2_publickey_add_ex
+ * Add a new public key entry
+ */
+LIBSSH2_API int libssh2_publickey_add_ex(LIBSSH2_PUBLICKEY *pkey, const unsigned char *name, unsigned long name_len,
+															const unsigned char *blob, unsigned long blob_len, char overwrite,
+															unsigned long num_attrs, libssh2_publickey_attribute attrs[])
+{
+	LIBSSH2_CHANNEL *channel = pkey->channel;
+	LIBSSH2_SESSION *session = channel->session;
+	unsigned char *packet = NULL, *s;
+	unsigned long i, packet_len = 19 + name_len + blob_len;
+	unsigned char *comment = NULL;
+	unsigned long comment_len = 0;
+	/*	packet_len(4) +
+		add_len(4) +
+		"add"(3) +
+		name_len(4) +
+		{name}
+		blob_len(4) +
+		{blob} */
+
+#ifdef LIBSSH2_DEBUG_PUBLICKEY
+	_libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Adding %s pubickey", name);
+#endif
+
+	if (pkey->version == 1) {
+		for(i = 0; i < num_attrs; i++) {
+			/* Search for a comment attribute */
+			if (attrs[i].name_len == (sizeof("comment") - 1) &&
+				strncmp(attrs[i].name, "comment", sizeof("comment") - 1) == 0) {
+				comment = attrs[i].value;
+				comment_len = attrs[i].value_len;
+				break;
+			}
+		}
+		packet_len += 4 + comment_len;
+	} else {
+		packet_len += 5; /* overwrite(1) + attribute_count(4) */
+		for(i = 0; i < num_attrs; i++) {
+			packet_len += 9 + attrs[i].name_len + attrs[i].value_len;
+			/* name_len(4) + value_len(4) + mandatory(1) */
+		}
+	}
+
+	packet = LIBSSH2_ALLOC(session, packet_len);
+	if (!packet) {
+		libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate memory for publickey \"add\" packet", 0);
+		return -1;
+	}
+
+	s = packet;
+	libssh2_htonu32(s, packet_len - 4);						s += 4;
+	libssh2_htonu32(s, sizeof("add") - 1);					s += 4;
+	memcpy(s, "add", sizeof("add") - 1);					s += sizeof("add") - 1;
+	if (pkey->version == 1) {
+		libssh2_htonu32(s, comment_len);					s += 4;
+		if (comment) {
+			memcpy(s, comment, comment_len);				s += comment_len;
+		}
+
+		libssh2_htonu32(s, name_len);						s += 4;
+		memcpy(s, name, name_len);							s += name_len;
+		libssh2_htonu32(s, blob_len);						s += 4;
+		memcpy(s, blob, blob_len);							s += blob_len;
+	} else {
+		/* Version == 2 */
+
+		libssh2_htonu32(s, name_len);						s += 4;
+		memcpy(s, name, name_len);							s += name_len;
+		libssh2_htonu32(s, blob_len);						s += 4;
+		memcpy(s, blob, blob_len);							s += blob_len;
+		*(s++) = overwrite ? 0xFF : 0;
+		libssh2_htonu32(s, num_attrs);						s += 4;
+		for(i = 0; i < num_attrs; i++) {
+			libssh2_htonu32(s, attrs[i].name_len);			s += 4;
+			memcpy(s, attrs[i].name, attrs[i].name_len);	s += attrs[i].name_len;
+			libssh2_htonu32(s, attrs[i].value_len);			s += 4;
+			memcpy(s, attrs[i].value, attrs[i].value_len);	s += attrs[i].value_len;
+			*(s++) = attrs[i].mandatory ? 0xFF : 0;
+		}
+	}
+
+#ifdef LIBSSH2_DEBUG_PUBLICKEY
+	_libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Sending publickey \"add\" packet: type=%s blob_len=%ld num_attrs=%ld", name, blob_len, num_attrs);
+#endif
+    if ((s - packet) != libssh2_channel_write(channel, packet, (s - packet))) {
+        libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send publickey add packet", 0);
+		LIBSSH2_FREE(session, packet);
+		return -1;
+    }
+	LIBSSH2_FREE(session, packet);
+	packet = NULL;
+
+	return libssh2_publickey_response_success(pkey);
+}
+/* }}} */
+
+/* {{{ libssh2_publickey_remove_ex
+ * Remove an existing publickey so that authentication can no longer be performed using it
+ */
+LIBSSH2_API int libssh2_publickey_remove_ex(LIBSSH2_PUBLICKEY *pkey, const unsigned char *name, unsigned long name_len,
+                                                            const unsigned char *blob, unsigned long blob_len)
+{
+	LIBSSH2_CHANNEL *channel = pkey->channel;
+	LIBSSH2_SESSION *session = channel->session;
+	unsigned char *s, *packet = NULL;
+	unsigned long packet_len = 22 + name_len + blob_len;
+	/*	packet_len(4) + 
+		remove_len(4) +
+		"remove"(6) +
+		name_len(4) +
+		{name}
+		blob_len(4) +
+		{blob} */
+
+	packet = LIBSSH2_ALLOC(session, packet_len);
+	if (!packet) {
+		libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate memory for publickey \"remove\" packet", 0);
+		return -1;
+	}
+
+	s = packet;
+	libssh2_htonu32(s, packet_len - 4);							s += 4;
+	libssh2_htonu32(s, sizeof("remove") - 1);					s += 4;
+	memcpy(s, "remove", sizeof("remove") - 1);					s += sizeof("remove") - 1;
+	libssh2_htonu32(s, name_len);								s += 4;
+	memcpy(s, name, name_len);									s += name_len;
+	libssh2_htonu32(s, blob_len);								s += 4;
+	memcpy(s, blob, blob_len);									s += blob_len;
+
+#ifdef LIBSSH2_DEBUG_PUBLICKEY
+	_libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Sending publickey \"remove\" packet: type=%s blob_len=%ld", name, blob_len);
+#endif
+    if ((s - packet) != libssh2_channel_write(channel, packet, (s - packet))) {
+        libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send publickey remove packet", 0);
+		LIBSSH2_FREE(session, packet);
+		return -1;
+    }
+	LIBSSH2_FREE(session, packet);
+	packet = NULL;
+
+	return libssh2_publickey_response_success(pkey);
+}
+/* }}} */
+
+/* {{{ libssh2_publickey_list_fetch
+ * Fetch a list of supported public key from a server
+ */
+LIBSSH2_API int libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY *pkey, unsigned long *num_keys, libssh2_publickey_list **pkey_list)
+{
+	LIBSSH2_CHANNEL *channel = pkey->channel;
+	LIBSSH2_SESSION *session = channel->session;
+	libssh2_publickey_list *list = NULL;
+	unsigned char *s, buffer[12], *data = NULL;
+	unsigned long buffer_len = 12, keys = 0, max_keys = 0, data_len, i, response;
+	/*	packet_len(4) + 
+		list_len(4) +
+		"list"(4) */
+
+	s = buffer;
+	libssh2_htonu32(s, buffer_len - 4);							s += 4;
+	libssh2_htonu32(s, sizeof("list") - 1);						s += 4;
+	memcpy(s, "list", sizeof("list") - 1);						s += sizeof("list") - 1;
+
+#ifdef LIBSSH2_DEBUG_PUBLICKEY
+	_libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Sending publickey \"list\" packet");
+#endif
+    if ((s - buffer) != libssh2_channel_write(channel, buffer, (s - buffer))) {
+        libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send publickey list packet", 0);
+		return -1;
+    }
+
+	while (1) {
+		if (libssh2_publickey_packet_receive(pkey, &data, &data_len)) {
+			libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, "Timeout waiting for response from publickey subsystem", 0);
+			goto err_exit;
+		}
+
+		s = data;
+		if ((response = libssh2_publickey_response_id(&s, data_len)) < 0) {
+			libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, "Invalid publickey subsystem response code", 0);
+			goto err_exit;
+		}
+
+		switch (response) {
+			case LIBSSH2_PUBLICKEY_RESPONSE_STATUS:
+			/* Error, or processing complete */
+			{
+				unsigned long status, descr_len, lang_len;
+				unsigned char *descr, *lang;
+				
+				status = libssh2_ntohu32(s);					s += 4;
+				descr_len = libssh2_ntohu32(s);					s += 4;
+				descr = s;										s += descr_len;
+				lang_len = libssh2_ntohu32(s);					s += 4;
+				lang = s;										s += lang_len;
+
+				if (s > data + data_len) {
+					libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, "Malformed publickey subsystem packet", 0);
+					goto err_exit;
+				}
+
+				if (status == LIBSSH2_PUBLICKEY_SUCCESS) {
+					LIBSSH2_FREE(session, data);
+					*pkey_list = list;
+					*num_keys = keys;
+					return 0;
+				}
+
+				libssh2_publickey_status_error(pkey, session, status, descr, descr_len);
+				goto err_exit;
+			}
+			case LIBSSH2_PUBLICKEY_RESPONSE_PUBLICKEY:
+				/* What we want */
+				if (keys >= max_keys) {
+					/* Grow the key list if necessary */
+					max_keys += 8;
+					list = LIBSSH2_REALLOC(session, list, (max_keys + 1) * sizeof(libssh2_publickey_list));
+					if (!list) {
+						libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate memory for publickey list", 0);
+						goto err_exit;
+					}
+				}
+				if (pkey->version == 1) {
+					unsigned long comment_len;
+
+					comment_len = libssh2_ntohu32(s);								s += 4;
+					if (comment_len) {
+						list[keys].num_attrs = 1;
+						list[keys].attrs = LIBSSH2_ALLOC(session, sizeof(libssh2_publickey_attribute));
+						if (!list[keys].attrs) {
+							libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate memory for publickey attributes", 0);
+							goto err_exit;
+						}
+						list[keys].attrs[0].name = "comment";
+						list[keys].attrs[0].name_len = sizeof("comment") - 1;
+						list[keys].attrs[0].value = s;
+						list[keys].attrs[0].value_len = comment_len;
+						list[keys].attrs[0].mandatory = 0;
+
+						s += comment_len;
+					} else {
+						list[keys].num_attrs = 0;
+						list[keys].attrs = NULL;
+					}
+					list[keys].name_len = libssh2_ntohu32(s);						s += 4;
+					list[keys].name = s;											s += list[keys].name_len;
+					list[keys].blob_len = libssh2_ntohu32(s);						s += 4;
+					list[keys].blob = s;											s += list[keys].blob_len;
+				} else {
+					/* Version == 2 */
+					list[keys].name_len = libssh2_ntohu32(s);						s += 4;
+					list[keys].name = s;											s += list[keys].name_len;
+					list[keys].blob_len = libssh2_ntohu32(s);						s += 4;
+					list[keys].blob = s;											s += list[keys].blob_len;
+					list[keys].num_attrs = libssh2_ntohu32(s);						s += 4;
+					if (list[keys].num_attrs) {
+						list[keys].attrs = LIBSSH2_ALLOC(session, list[keys].num_attrs * sizeof(libssh2_publickey_attribute));
+						if (!list[keys].attrs) {
+							libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate memory for publickey attributes", 0);
+							goto err_exit;
+						}
+						for(i = 0; i < list[keys].num_attrs; i++) {
+							list[keys].attrs[i].name_len = libssh2_ntohu32(s);			s += 4;
+							list[keys].attrs[i].name = s;								s += list[keys].attrs[i].name_len;
+							list[keys].attrs[i].value_len = libssh2_ntohu32(s);			s += 4;
+							list[keys].attrs[i].value = s;								s += list[keys].attrs[i].value_len;
+							list[keys].attrs[i].mandatory = 0;	/* actually an ignored value */
+						}
+					} else {
+						list[keys].attrs = NULL;
+					}
+				}
+				list[keys].packet = data; /* To be FREEd in libssh2_publickey_list_free() */
+				keys++;
+
+				list[keys].packet = NULL; /* Terminate the list */
+				data = NULL;
+				break;
+			default:
+				/* Unknown/Unexpected */
+				libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, "Unexpected publickey subsystem response, ignoring", 0);
+				LIBSSH2_FREE(session, data);
+		}
+	}
+
+	/* Only reached via explicit goto */
+ err_exit:
+	if (data) {
+		LIBSSH2_FREE(session, data);
+	}
+	if (list) {
+		libssh2_publickey_list_free(pkey, list);
+	}
+	return -1;
+}
+/* }}} */
+
+/* {{{ libssh2_publickey_list_free
+ * Free a previously fetched list of public keys
+ */
+LIBSSH2_API void libssh2_publickey_list_free(LIBSSH2_PUBLICKEY *pkey, libssh2_publickey_list *pkey_list)
+{
+	LIBSSH2_SESSION *session = pkey->channel->session;
+	libssh2_publickey_list *p = pkey_list;
+
+	while (p->packet) {
+		if (p->attrs) {
+			LIBSSH2_FREE(session, p->attrs);
+		}
+		LIBSSH2_FREE(session, p->packet);
+		p++;
+	}
+
+	LIBSSH2_FREE(session, pkey_list);
+}
+/* }}} */
+
+/* {{{ libssh2_publickey_shutdown
+ * Shutdown the publickey subsystem
+ */
+LIBSSH2_API void libssh2_publickey_shutdown(LIBSSH2_PUBLICKEY *pkey)
+{
+	LIBSSH2_SESSION *session = pkey->channel->session;
+
+	libssh2_channel_free(pkey->channel);
+	LIBSSH2_FREE(session, pkey);
+}
+/* }}} */

src/scp.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,

src/session.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -103,9 +103,28 @@ static int libssh2_banner_receive(LIBSSH2_SESSION *session)
 
 		ret = recv(session->socket_fd, &c, 1, LIBSSH2_SOCKET_RECV_FLAGS(session));
 
-		if ((ret < 0) && (ret != EAGAIN)) {
-			/* Some kinda error, but don't break for non-blocking issues */
-			return 1;
+		if (ret < 0) {
+#ifdef WIN32
+			switch (WSAGetLastError()) {
+				case WSAEWOULDBLOCK:
+					errno = EAGAIN;
+					break;
+				case WSAENOTSOCK:
+					errno = EBADF;
+					break;
+				case WSAENOTCONN:
+				case WSAECONNABORTED:
+					errno = ENOTCONN;
+					break;
+				case WSAEINTR:
+					errno = EINTR;
+					break;
+			}
+#endif /* WIN32 */
+			if (errno != EAGAIN) {
+				/* Some kinda error, but don't break for non-blocking issues */
+				return 1;
+			}
 		}
 
 		if (ret <= 0) continue;
@@ -298,9 +317,9 @@ LIBSSH2_API int libssh2_session_startup(LIBSSH2_SESSION *session, int socket)
 #ifdef LIBSSH2_DEBUG_TRANSPORT
 	_libssh2_debug(session, LIBSSH2_DBG_TRANS, "session_startup for socket %d", socket);
 #endif
-	if (socket <= 0) {
+	if (socket < 0) {
 		/* Did we forget something? */
-		libssh2_error(session, LIBSSH2_ERROR_SOCKET_NONE, "No socket provided", 0);
+		libssh2_error(session, LIBSSH2_ERROR_SOCKET_NONE, "Bad socket provided", 0);
 		return LIBSSH2_ERROR_SOCKET_NONE;
 	}
 	session->socket_fd = socket;
@@ -394,6 +413,7 @@ LIBSSH2_API void libssh2_session_free(LIBSSH2_SESSION *session)
 		if (session->local.crypt) {
 			if (session->local.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP) {
 				if (session->local.crypt_abstract) {
+					EVP_CIPHER_CTX_cleanup(session->local.crypt_abstract);
 					LIBSSH2_FREE(session, session->local.crypt_abstract);
 					session->local.crypt_abstract = NULL;
 				}
@@ -415,6 +435,7 @@ LIBSSH2_API void libssh2_session_free(LIBSSH2_SESSION *session)
 		if (session->remote.crypt) {
 			if (session->remote.crypt->flags & LIBSSH2_CRYPT_METHOD_FLAG_EVP) {
 				if (session->remote.crypt_abstract) {
+					EVP_CIPHER_CTX_cleanup(session->remote.crypt_abstract);
 					LIBSSH2_FREE(session, session->remote.crypt_abstract);
 					session->remote.crypt_abstract = NULL;
 				}

src/sftp.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -569,7 +569,7 @@ LIBSSH2_API LIBSSH2_SFTP_HANDLE *libssh2_sftp_open_ex(LIBSSH2_SFTP *sftp, char *
 
 	s = packet = LIBSSH2_ALLOC(session, packet_len);
 	if (!packet) {
-		libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate memory for FXP_REMOVE packet", 0);
+		libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Unable to allocate memory for FXP_OPEN or FXP_OPENDIR packet", 0);
 		return NULL;
 	}
 	/* Filetype in SFTP 3 and earlier */
@@ -590,7 +590,7 @@ LIBSSH2_API LIBSSH2_SFTP_HANDLE *libssh2_sftp_open_ex(LIBSSH2_SFTP *sftp, char *
 	_libssh2_debug(session, LIBSSH2_DBG_SFTP, "Sending %s open request", (open_type == LIBSSH2_SFTP_OPENFILE) ? "file" : "directory");
 #endif
 	if (packet_len != libssh2_channel_write(channel, packet, packet_len)) {
-		libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send FXP_REMOVE command", 0);
+		libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send FXP_OPEN or FXP_OPENDIR command", 0);
 		LIBSSH2_FREE(session, packet);
 		return NULL;
 	}
@@ -1113,8 +1113,9 @@ LIBSSH2_API int libssh2_sftp_rename_ex(LIBSSH2_SFTP *sftp,  char *source_filenam
 	LIBSSH2_CHANNEL *channel = sftp->channel;
 	LIBSSH2_SESSION *session = channel->session;
 	unsigned long data_len, retcode = -1, request_id;
-	unsigned long packet_len = source_filename_len + dest_filename_len + 21; /* packet_len(4) + packet_type(1) + request_id(4) + 
-																				source_filename_len(4) + dest_filename_len(4) + flags(4) */
+	unsigned long packet_len = source_filename_len + dest_filename_len + 17 + (sftp->version >= 5 ? 4 : 0);
+																			 /* packet_len(4) + packet_type(1) + request_id(4) + 
+																				source_filename_len(4) + dest_filename_len(4) + flags(4){SFTP5+) */
 	unsigned char *packet, *s, *data;
 
 	if (sftp->version < 2) {
@@ -1145,7 +1146,7 @@ LIBSSH2_API int libssh2_sftp_rename_ex(LIBSSH2_SFTP *sftp,  char *source_filenam
 	}
 
 	if (packet_len != libssh2_channel_write(channel, packet, s - packet)) {
-		libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send FXP_REMOVE command", 0);
+		libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send FXP_RENAME command", 0);
 		LIBSSH2_FREE(session, packet);
 		return -1;
 	}
@@ -1216,7 +1217,7 @@ LIBSSH2_API int libssh2_sftp_mkdir_ex(LIBSSH2_SFTP *sftp, char *path, int path_l
 	s += libssh2_sftp_attr2bin(s, &attrs);
 
 	if (packet_len != libssh2_channel_write(channel, packet, packet_len)) {
-		libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send FXP_REMOVE command", 0);
+		libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send FXP_MKDIR command", 0);
 		LIBSSH2_FREE(session, packet);
 		return -1;
 	}
@@ -1268,7 +1269,7 @@ LIBSSH2_API int libssh2_sftp_rmdir_ex(LIBSSH2_SFTP *sftp, char *path, int path_l
 	memcpy(s, path, path_len);							s += path_len;
 
 	if (packet_len != libssh2_channel_write(channel, packet, packet_len)) {
-		libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send FXP_REMOVE command", 0);
+		libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, "Unable to send FXP_MKDIR command", 0);
 		LIBSSH2_FREE(session, packet);
 		return -1;
 	}
@@ -1451,10 +1452,11 @@ LIBSSH2_API int libssh2_sftp_symlink_ex(LIBSSH2_SFTP *sftp, const char *path, in
 	}
 
 	link_len = libssh2_ntohu32(data + 9);
-	if (link_len > target_len) {
-		link_len = target_len;
+	if (link_len >= target_len) {
+		link_len = target_len - 1;
 	}
 	memcpy(target, data + 13, link_len);
+	target[link_len] = 0;
 	LIBSSH2_FREE(session, data);
 
 	return link_len;

src/userauth.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2004-2005, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,