Version 1.2.3 (February 3, 2010)

when building out of source tree, we provide -I$(top_builddir)/example
since the libssh2_config.h gets generated in that dir

.cvsusers

@@ -1,11 +0,0 @@
-jas4711:Simon Josefsson <simon@josefsson.org>
-bagder:Daniel Stenberg
-sarag:Sara Golemon <pollita@libssh2.org>
-gusarov:Mikhail Gusarov <dottedmag@dottedmag.net>
-wez:Wez Furlong
-edink:Edink Kadribasic
-jehousley: James Housley
-gknauf: Guenter Knauf
-dfandrich: Dan Fandrich
-yangtse: Yang Tse
-thomaspu: Paul Thomas

.gitattribute

@@ -0,0 +1,2 @@
+win32/msvcproj.head -crlf
+win32/msvcproj.foot -crlf

.gitignore

@@ -26,3 +26,9 @@ ssh2_sample
 libssh2-*.tar.gz
 INSTALL
 install-sh
+*.o
+*.lo
+*.la
+mkinstalldirs
+tags
+libssh2.pc

AUTHORS

@@ -1,15 +1,47 @@
-* Sara Golemon: Author / Project Manager
+ libssh2 is the result of many friendly people. This list is an attempt to
+ mention all contributors. If we've missed anyone, tell us!
 
-* Daniel Stenberg: Co-maintainer
+ This list of names is a-z sorted.
 
-* James Housleys: Nonblocking conversion
-
-* Simon Josefsson: libgcrypt support
-
-* Mikhail Gusarov: Keyboard Interactive Authentication
-
-* Wez Furlong & Edink Kadribasic: Windows Port
-
-* Dan Fandrich: bug fixes, cleanups
-
-* Guenter Knauf: win32 work and more
+Adam Gobiowski
+Alexander Holyapin
+Alexander Lamaison
+Ben Kibbey
+Bjorn Stenborg
+Carlo Bramini
+Dan Casey
+Dan Fandrich
+Daniel Stenberg
+David J Sullivan
+David Robins
+Edink Kadribasic
+Erik Brossler
+Francois Dupoux
+Guenter Knauf
+Heiner Steven
+James Housleys
+Jean-Louis Charton
+Jussi Mononen
+Mark McPherson
+Markus Moeller
+Mike Protts
+Mikhail Gusarov
+Neil Gierman
+Olivier Hervieu
+Paul Veldkamp
+Peter O'Gorman
+Peter Stuge
+Romain Bondue
+Sara Golemon
+Satish Mittal
+Sean Peterson
+Selcuk Gueney
+Simon Hart
+Simon Josefsson
+Steven Ayre
+Steven Van Ingelgem
+Tor Arntsen
+Vincent Jaulin
+Vlad Grachov
+Wez Furlong
+Yang Tse

COPYING

@@ -1,5 +1,7 @@
 /* Copyright (c) 2004-2007 Sara Golemon <sarag@libssh2.org>
- * Copyright (C) 2006-2007 The Written Word, Inc.
+ * Copyright (c) 2006-2007 The Written Word, Inc.
+ * Copyright (c) 2009 Daniel Stenberg
+ * Copyright (C) 2008, 2009 Simon Josefsson
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,

HACKING

@@ -9,24 +9,5 @@ libssh2 source code style guide:
          go_nuts();
      }
 
- - write both braces on the else line:
-
-     if (banana) {
-         go_nuts();
-     } else {
-         stay_calm();
-     }
-
- - use braces even for single-statement blocks
- 
  - keep source lines shorter than 80 columns
-
-------------
-
- Older libssh2 code that still hasn't quite transitioned to the above
- mentioned style, used a different style:
-
- - indented with tabs (only)
-
- - no line length limits
-
+ - See libssh2-style.el for how to achieve this within Emacs

Makefile.am

@@ -1,5 +1,10 @@
+AUTOMAKE_OPTIONS = foreign nostdinc
+
 SUBDIRS = src example tests docs
 
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = libssh2.pc
+
 include_HEADERS =			\
 	include/libssh2.h		\
 	include/libssh2_publickey.h	\
@@ -11,20 +16,25 @@ NETWAREFILES =  nw/keepscreen.c \
  nw/nwlib.c \
  nw/test/Makefile.netware
 
-WIN32FILES = win32/libssh2_dll.dsp win32/libssh2.dsw win32/Makefile.win32      \
-win32/config.mk win32/Makefile win32/test/Makefile.win32 win32/libssh2_lib.dsp \
-win32/libssh2_config.h win32/tests.dsp win32/rules.mk
+DSP = win32/libssh2.dsp
+VCPROJ = win32/libssh2.vcproj
+
+DISTCLEANFILES = $(DSP)
+
+WIN32FILES = win32/Makefile.win32 win32/libssh2.dsw     \
+win32/config.mk win32/Makefile win32/test/Makefile.win32 \
+win32/libssh2_config.h win32/tests.dsp win32/rules.mk $(DSP) \
+win32/msvcproj.head win32/msvcproj.foot
 
 EXTRA_DIST = $(WIN32FILES) buildconf $(NETWAREFILES) get_ver.awk HACKING \
- maketgz NMakefile TODO
+ maketgz NMakefile TODO RELEASE-NOTES libssh2.pc.in
 
 ACLOCAL_AMFLAGS = -I m4
 
 .PHONY: ChangeLog
 ChangeLog:
-	if test -f .cvsusers; then \
-	  cvs2cl --utc --fsf --FSF --usermap .cvsusers -I ChangeLog -I .cvs; \
-	fi
+	echo "see NEWS" > ./ChangeLog
+DISTCLEANFILES += ChangeLog
 
 dist-hook:
 	rm -rf $(top_builddir)/tests/log
@@ -57,3 +67,62 @@ gen-coverage:
 		--title "$(PACKAGE_NAME)"
 
 coverage: init-coverage build-coverage gen-coverage
+
+# DSP/VCPROJ generation adapted from libcurl
+# Makefile.inc provides the CSOURCES and HHEADERS defines
+include Makefile.inc
+
+WIN32SOURCES = $(CSOURCES)
+WIN32HEADERS = $(HHEADERS) libssh2_config.h
+
+$(DSP): win32/msvcproj.head win32/msvcproj.foot Makefile.am
+	echo "creating $(DSP)"
+	@( (cat $(srcdir)/win32/msvcproj.head; \
+	echo "# Begin Group \"Source Files\""; \
+	echo ""; \
+	echo "# PROP Default_Filter \"cpp;c;cxx\""; \
+	win32_srcs='$(WIN32SOURCES)'; \
+	sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
+	for file in $$sorted_srcs; do \
+		echo "# Begin Source File"; \
+		echo ""; \
+		echo "SOURCE=..\\src\\"$$file; \
+		echo "# End Source File"; \
+	done; \
+	echo "# End Group"; \
+	echo "# Begin Group \"Header Files\""; \
+	echo ""; \
+	echo "# PROP Default_Filter \"h;hpp;hxx\""; \
+	win32_hdrs='$(WIN32HEADERS)'; \
+	sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
+	for file in $$sorted_hdrs; do \
+		echo "# Begin Source File"; \
+		echo ""; \
+		if [ "$$file" == "libssh2_config.h" ]; \
+		then \
+			echo "SOURCE=.\\"$$file; \
+		else \
+			echo "SOURCE=..\\src\\"$$file; \
+		fi; \
+		echo "# End Source File"; \
+	done; \
+	echo "# End Group"; \
+	cat $(srcdir)/win32/msvcproj.foot) | \
+	awk '{printf("%s\r\n", gensub("\r", "", "g"))}' > $@ )
+
+$(VCPROJ): win32/vc8proj.head win32/vc8proj.foot Makefile.am
+	echo "creating $(VCPROJ)"
+	@( (cat $(srcdir)/vc8proj.head; \
+	win32_srcs='$(WIN32SOURCES)'; \
+	sorted_srcs=`for file in $$win32_srcs; do echo $$file; done | sort`; \
+	for file in $$sorted_srcs; do \
+		echo "<File RelativePath=\""..\src\$$file"\"></File>"; \
+	done; \
+	echo "</Filter><Filter	Name=\"Header Files\">"; \
+	win32_hdrs='$(WIN32HEADERS)'; \
+	sorted_hdrs=`for file in $$win32_hdrs; do echo $$file; done | sort`; \
+	for file in $$sorted_hdrs; do \
+		echo "<File RelativePath=\""..\src\$$file"\"></File>"; \
+	done; \
+	cat $(srcdir)/vc8proj.foot) | \
+	awk '{printf("%s\r\n", gensub("\r", "", "g"))}' > $@ )

Makefile.inc

@@ -0,0 +1,5 @@
+CSOURCES = channel.c comp.c crypt.c hostkey.c kex.c mac.c misc.c \
+ packet.c publickey.c scp.c session.c sftp.c userauth.c transport.c \
+ version.c knownhost.c agent.c openssl.c libgcrypt.c pem.c
+
+HHEADERS = libssh2_priv.h openssl.h libgcrypt.h transport.h channel.h comp.h mac.h misc.h

NEWS

@@ -1,3 +1,151 @@
+Version 1.2.3 (February 3, 2010)
+
+ o Added libssh2_trace_sethandler()
+ o Added the direct_tcpip.c example
+ o Fixed memory leak in userauth_publickey
+ o Added support for authentication via SSH-Agent.  By Daiki Ueno.
+
+ o Respond to unknown SSH_MSG_GLOBAL_REQUEST/SSH_MSG_CHANNEL_REQUEST
+   with SSH_MSG_REQUEST_FAILURE/SSH_MSG_CHANNEL_FAILURE in order to
+   make (at least) OpenSSH server keepalive work.  Before OpenSSH
+   servers (configured with a positive ClientAliveInterval) would
+   terminate connections against libssh2 clients because libssh2 did
+   not respond properly to the request.  By Simon Josefsson.
+
+Version 1.2.2 (November 16, 2009)
+
+* This release includes the following changes:
+
+  o Fix crash when server sends an invalid SSH_MSG_IGNORE message.
+    Reported by Bob Alexander <balexander@expressor-software.com> in
+    <http://thread.gmane.org/gmane.network.ssh.libssh2.devel/2530>.
+    By Simon Josefsson.
+
+  o Support for the "aes128-ctr", "aes192-ctr", "aes256-ctr" ciphers
+    as per RFC 4344 for libgcrypt and OpenSSL.  They are now the
+    preferred ciphers.  By Simon Josefsson.
+
+  o Support for the "arcfour128" cipher as per RFC 4345 for libgcrypt
+    and OpenSSL.  It is preferred over the normal "arcfour" cipher
+    which is somewhat broken.  By Simon Josefsson.
+
+  o Add support for GCC visibility features.  By Cristian Rodr<64>guez.
+
+  o Fix libssh2_channel_forward_accept.  By Juzna.
+
+  o Generate Win32 files correctly.   By Peter Stuge.
+
+  o Fix permission issue in ssh2 self test.  By Dan Fandrich.
+
+  o Use memmove instead of memcpy in one place which copies
+    overlapping memory areas.
+
+  o Cleanup hard coding of cipher modes in libgcrypt backend.  By Simon.
+
+  o Added man page for libssh2_knownhost_free.  By Daniel.
+
+Version 1.2.1 (September 28, 2009)
+
+* This release includes the following changes:
+
+  o generate and install libssh2.pc
+
+  ... and the following bugfixes:
+
+  o proper return codes returned from several functions
+  o return EAGAIN internal cleanup
+  o added knownhost.c to windows makefiles
+  o pass private-key to OpenSSL as a filename with BIO_new_file().
+  o make libssh2_scp_send/recv do blocking mode correctly
+  o libssh2_channel_wait_closed() could hang
+  o libssh2_channel_read_ex() must return 0 when closed
+  o added gettimeofday() function for win32 for the debug trace outputs
+  o transport layer bug causing invalid -39 (LIBSSH2_ERROR_BAD_USE) errors
+  o scp examples now loop correctly over libssh2_channel_write()
+
+* (August 29 2009) Daniel Stenberg:
+
+ - I fixed all code to use the recently added dedicated linked list functions
+   instead of doing the same stuff spread out all over.
+
+ - I also fixed a few cases where local variables where used to keep memory
+   but was used to keep state for re-invokes due to non-blocking situations
+   which would lead to segfaults.
+
+Version 1.2 (August 10, 2009)
+-----------------------------
+
+* (August 02 2009) Alexander Lamaison:
+
+ - changed _libssh2_rsa_new_private and _libssh2_rsa_new_private so that they
+   no longer use the OpenSSL functions that take a FILE* argument.  Passing
+   CRT-created objects across a DLL boundary causes crashes on Windows of the
+   DLL and the client aren't linked to the exact same verison of the CRT. Now
+   we pass the keys as strings to avoid this issue.
+
+* (May 29 2009) Daniel Stenberg:
+
+ - Updated the knownhost API and there are now 9 functions, and all of them
+   have man pages. The libssh2.h now defines HAVE_LIBSSH2_KNOWNHOST_API to
+   ease things for applications to check for the correct release before trying
+   to use it.
+
+* (May 23 2009) Daniel Stenberg:
+
+ - Anonymous bug report #2795816 revealed that doing subsequent
+   libssh2_sftp_init() calls on the same session failed.
+
+* (May 20 2009) Daniel Stenberg:
+
+  - made libssh2_sftp_write() properly deal with huge/any sized input buffers.
+
+  - fixed libssh2_channel_write_ex() to return the correct return code, and
+    deal with sending off huge buffers better
+
+* (May 7 2009) Daniel Stenberg:
+
+  - linked list code. I got a bit tired of the fact that we don't have any
+    generic linked-list functions within libssh2 so I wrote up the first embryo
+    for one that I use for this new functionality. The plan would then be to
+    move all existing code that uses linked lists to use this new set.
+
+  - base64 encode. I had to add a base64 encoding function which was missing
+    in the code base so it helps to "bloat" my patch.
+
+  - The knownhost API is currently:
+
+    _init() - init a bundle of known hosts
+    _add()  - add a known host
+    _del()  - delete a known host
+    _free() - free an entire bundle of known hosts
+    _check() - check if a host+key is present in the bundle
+
+    The convenience function:
+
+    _parsefile() - reads a ~/.ssh/known_hosts file and add all entries to the
+                   given bundle
+
+   - there's no docs other than some comments in the code/headers yet
+
+  - the patch includes changes to example/simple/ssh2_exec.c that makes use of
+    a few of these functions. Using that I've verified that the functions in
+    fact can verify my localhost's key agains my ~/.ssh/known_hosts file
+
+* (Apr 30 2009) Daniel Stenberg:
+
+  Markus posted a bug report about a bad 0-return from libssh2_channel_read:
+  http://libssh2.haxx.se/mail/libssh2-devel-archive-2009-04/0076.shtml
+
+  And it was indeed a bad loop that terminated too early due to a receveived
+  close packet.
+
+* (Apr 14 2009) Daniel Stenberg:
+
+  libssh2_poll() and libssh2_poll_channel_read() are now considered and
+  documented deprecated and they will be removed at next soname bump. It also
+  saves us from fixing some rather quirky bugs in libssh2_poll()...
+
+
 Version 1.1 (April 2, 2009)
 ---------------------------
 

NMakefile

@@ -1,6 +1,6 @@
 !include "win32/config.mk"
 
-# SUBDIRS=src example\simple
+# SUBDIRS=src example
 SUBDIRS=src
 
 all-sub:

README

@@ -6,7 +6,7 @@ the revised BSD license.
 
 Web site: http://www.libssh2.org/
 
-Mailing list: https://lists.sourceforge.net/lists/listinfo/libssh2-devel
+Mailing list: http://cool.haxx.se/mailman/listinfo/libssh2-devel
 
 Generic installation instructions are in INSTALL.  Some ./configure
 options deserve additional comments:

RELEASE-NOTES

@@ -0,0 +1,27 @@
+libssh2 1.2.3
+
+This release includes the following changes:
+
+ o ssh-agent support with the new libssh2_agent_* functions
+ o Added libssh2_trace_sethandler()
+ o Added the direct_tcpip.c and ssh2_agent.c examples
+
+This release includes the following bugfixes:
+
+ o Fixed memory leak in userauth_publickey
+ o Fixed publickey authentication regression
+ o Silenced several compiler warnings
+ o avoid returning data to memory already freed
+ o transport layer fix for bogus -39 (LIBSSH2_ERROR_BAD_USE) errors
+ o Fixed padding in ssh-dss signature blob encoding
+ o Fixed direction blocking flag problems
+ o Fixed memory leak in sftp_fstat()
+
+This release would not have looked like this without help, code, reports and
+advice from friends like these:
+
+ Simon Josefsson, Peter Stuge, Daiki Ueno, Dave McCaldon,
+ Alexander Lamaison
+ 
+
+        Thanks! (and sorry if I forgot to mention someone)

TODO

@@ -1,19 +1,14 @@
 Things TODO
 ===========
 
-* Add one of the missing man pages:
+* make sure the windowing code adapts better to slow situations so that it
+  doesn't then use as much memory as today
 
-  libssh2_channel_receive_window_adjust
-  libssh2_channel_request_pty_size_ex
-  libssh2_channel_window_read_ex
-  libssh2_channel_window_write_ex
-  libssh2_publickey_add_ex
-  libssh2_publickey_init
-  libssh2_publickey_list_fetch
-  libssh2_publickey_list_free
-  libssh2_publickey_remove_ex
-  libssh2_publickey_shutdown
-  libssh2_userauth_hostbased_fromfile_ex
+* Introduce a 'libssh2_socket_t' type for sockets in internal code
+
+* Provide a libssh2_scp_send() API for files larger than 4GB (32bit size)
+
+* Add more info to the man pages.
 
 * Decrease the number of mallocs. Everywhere.
 
@@ -21,8 +16,9 @@ Things TODO
 
 * Extend the test suite to actually test lots of aspects of libssh2
 
-* libssh2_channel_receive_window_adjust() can return EAGAIN while documented
-  to return the window as an "unsigned long".
+* Fix all compiler warnings (some can't be done without API changes)
+
+* Expose error messages sent by the server
 
 At next SONAME bump
 ===================
@@ -30,9 +26,19 @@ At next SONAME bump
 * stop using #defined macros as part of the official API. The macros should
   either be turned into real functions or discarded from the API.
 
+* fix the parts of the API where object pointers and function pointers are
+  mixed like libssh2_session_callback_set()
+
 * remove the following functions from the API/ABI
 
   libssh2_base64_decode()
   libssh2_session_flag()
   libssh2_channel_handle_extended_data()
   libssh2_channel_receive_window_adjust()
+  libssh2_poll()
+  libssh2_poll_channel_read()
+
+* Rename a few function:
+
+  libssh2_hostkey_hash => libssh2_session_hostkey_hash
+  libssh2_banner_set => libssh2_session_banner_set

acinclude.m4

@@ -288,3 +288,97 @@ dnl end of non-blocking try-compile test
     AC_MSG_WARN([non-block sockets disabled])
   fi
 ])
+
+dnl CURL_CHECK_NEED_REENTRANT_SYSTEM
+dnl -------------------------------------------------
+dnl Checks if the preprocessor _REENTRANT definition
+dnl must be unconditionally done for this platform.
+dnl Internal macro for CURL_CONFIGURE_REENTRANT.
+
+AC_DEFUN([CURL_CHECK_NEED_REENTRANT_SYSTEM], [
+  case $host in
+    *-*-solaris* | *-*-hpux*)
+      tmp_need_reentrant="yes"
+      ;;
+    *)
+      tmp_need_reentrant="no"
+      ;;
+  esac
+])
+
+
+dnl CURL_CONFIGURE_FROM_NOW_ON_WITH_REENTRANT
+dnl -------------------------------------------------
+dnl This macro ensures that configuration tests done
+dnl after this will execute with preprocessor symbol
+dnl _REENTRANT defined. This macro also ensures that
+dnl the generated config file defines NEED_REENTRANT
+dnl and that in turn setup.h will define _REENTRANT.
+dnl Internal macro for CURL_CONFIGURE_REENTRANT.
+
+AC_DEFUN([CURL_CONFIGURE_FROM_NOW_ON_WITH_REENTRANT], [
+AC_DEFINE(NEED_REENTRANT, 1,
+  [Define to 1 if _REENTRANT preprocessor symbol must be defined.])
+cat >>confdefs.h <<_EOF
+#ifndef _REENTRANT
+#  define _REENTRANT
+#endif
+_EOF
+])
+
+
+dnl CURL_CONFIGURE_REENTRANT
+dnl -------------------------------------------------
+dnl This first checks if the preprocessor _REENTRANT
+dnl symbol is already defined. If it isn't currently
+dnl defined a set of checks are performed to verify
+dnl if its definition is required to make visible to
+dnl the compiler a set of *_r functions. Finally, if
+dnl _REENTRANT is already defined or needed it takes
+dnl care of making adjustments necessary to ensure
+dnl that it is defined equally for further configure
+dnl tests and generated config file.
+
+AC_DEFUN([CURL_CONFIGURE_REENTRANT], [
+  AC_PREREQ([2.50])dnl
+  #
+  AC_MSG_CHECKING([if _REENTRANT is already defined])
+  AC_COMPILE_IFELSE([
+    AC_LANG_PROGRAM([[
+    ]],[[
+#ifdef _REENTRANT
+      int dummy=1;
+#else
+      force compilation error
+#endif
+    ]])
+  ],[
+    AC_MSG_RESULT([yes])
+    tmp_reentrant_initially_defined="yes"
+  ],[
+    AC_MSG_RESULT([no])
+    tmp_reentrant_initially_defined="no"
+  ])
+  #
+  if test "$tmp_reentrant_initially_defined" = "no"; then
+    AC_MSG_CHECKING([if _REENTRANT is actually needed])
+    CURL_CHECK_NEED_REENTRANT_SYSTEM
+
+    if test "$tmp_need_reentrant" = "yes"; then
+      AC_MSG_RESULT([yes])
+    else
+      AC_MSG_RESULT([no])
+    fi
+  fi
+  #
+  AC_MSG_CHECKING([if _REENTRANT is onwards defined])
+  if test "$tmp_reentrant_initially_defined" = "yes" ||
+    test "$tmp_need_reentrant" = "yes"; then
+    CURL_CONFIGURE_FROM_NOW_ON_WITH_REENTRANT
+    AC_MSG_RESULT([yes])
+  else
+    AC_MSG_RESULT([no])
+  fi
+  #
+])
+

buildconf

@@ -1,11 +1,27 @@
 #!/bin/sh
 
-${LIBTOOLIZE:-libtoolize} --copy --automake --force
+LIBTOOLIZE="libtoolize"
+
+if [ "x`which $LIBTOOLIZE`" == "x" ];
+then
+  LIBTOOLIZE="glibtoolize";
+fi
+
+if [ "x`which $LIBTOOLIZE`" == "x" ];
+then
+  echo "Neither libtoolize nor glibtoolize could be found!";
+  exit 1
+fi
+
+
+
+
+${LIBTOOLIZE} --copy --automake --force
 ${ACLOCAL:-aclocal} -I m4 $ACLOCAL_FLAGS
 ${AUTOHEADER:-autoheader}
 # copy the private libssh2_config.h.in to the examples dir so that
 # it can be included without pointing the include path to the private
 # source dir
-cp src/libssh2_config.h.in example/simple/config.h.in
+cp src/libssh2_config.h.in example/libssh2_config.h.in
 ${AUTOCONF:-autoconf}
 ${AUTOMAKE:-automake} --add-missing --copy

configure.ac

@@ -1,8 +1,8 @@
 # AC_PREREQ(2.57)
-AC_INIT(libssh2, [-], libssh2-devel@lists.sourceforge.net)
+AC_INIT(libssh2, [-], libssh2-devel@cool.haxx.se)
 AC_CONFIG_MACRO_DIR([m4])
 AC_CONFIG_SRCDIR([src])
-AC_CONFIG_HEADER([src/libssh2_config.h])
+AM_CONFIG_HEADER([src/libssh2_config.h example/libssh2_config.h])
 AM_MAINTAINER_MODE
 
 dnl SED is needed by some of the tools
@@ -50,6 +50,10 @@ AC_CHECK_TYPE(long long,
       [Define to 1 if the compiler supports the 'long long' data type.])]
    longlong="yes"
 )
+
+dnl Our configure and build reentrant settings
+CURL_CONFIGURE_REENTRANT
+
 # Some systems (Solaris?) have socket() in -lsocket.
 AC_SEARCH_LIBS(socket, socket)
 
@@ -158,11 +162,51 @@ AC_HELP_STRING([--disable-debug],[Disable debug options]),
        AC_MSG_RESULT(no)
 )
 
+dnl ************************************************************
+dnl Enable hiding of internal symbols in library to reduce its size and
+dnl speed dynamic linking of applications.  This currently is only supported
+dnl on gcc >= 4.0 and SunPro C.
+dnl
+AC_MSG_CHECKING([whether to enable hidden symbols in the library])
+AC_ARG_ENABLE(hidden-symbols,
+AC_HELP_STRING([--enable-hidden-symbols],[Hide internal symbols in library])
+AC_HELP_STRING([--disable-hidden-symbols],[Leave all symbols with default visibility in library]),
+[ case "$enableval" in
+  no)
+       AC_MSG_RESULT(no)
+       ;;
+  *)
+       AC_MSG_CHECKING([whether $CC supports it])
+       if test "$GCC" = yes ; then
+         if $CC --help --verbose 2>&1 | grep fvisibility= > /dev/null ; then
+           AC_MSG_RESULT(yes)
+           AC_DEFINE(LIBSSH2_API, [__attribute__ ((visibility ("default")))], [to make a symbol visible])
+           CFLAGS="$CFLAGS -fvisibility=hidden"
+         else
+            AC_MSG_RESULT(no)
+          fi
+
+       else
+         dnl Test for SunPro cc
+         if $CC 2>&1 | grep flags >/dev/null && $CC -flags | grep xldscope= >/dev/null ; then
+           AC_MSG_RESULT(yes)
+           AC_DEFINE(LIBSSH2_API, [__global], [to make a symbol visible])
+           CFLAGS="$CFLAGS -xldscope=hidden"
+         else
+           AC_MSG_RESULT(no)
+         fi
+       fi
+       ;;
+  esac ],
+       AC_MSG_RESULT(no)
+)
+
 # Checks for header files.
 # AC_HEADER_STDC
 AC_CHECK_HEADERS([errno.h fcntl.h stdio.h stdlib.h unistd.h sys/uio.h])
 AC_CHECK_HEADERS([sys/select.h sys/socket.h sys/ioctl.h sys/time.h])
 AC_CHECK_HEADERS([arpa/inet.h netinet/in.h])
+AC_CHECK_HEADERS([sys/un.h])
 
 case $host in
   *-*-cygwin* | *-*-cegcc*)
@@ -209,6 +253,6 @@ AC_CONFIG_FILES([Makefile
                  src/Makefile
                  tests/Makefile
                  example/Makefile
-                 example/simple/Makefile
-                 docs/Makefile])
+                 docs/Makefile
+                 libssh2.pc])
 AC_OUTPUT

docs/Makefile.am

@@ -3,7 +3,15 @@
 EXTRA_DIST = template.3
 
 dist_man_MANS = \
+	libssh2_agent_connect.3 \
+	libssh2_agent_disconnect.3 \
+	libssh2_agent_free.3 \
+	libssh2_agent_get_identity.3 \
+	libssh2_agent_init.3 \
+	libssh2_agent_list_identities.3 \
+	libssh2_agent_userauth.3 \
 	libssh2_banner_set.3 \
+	libssh2_base64_decode.3 \
 	libssh2_channel_close.3 \
 	libssh2_channel_direct_tcpip_ex.3 \
 	libssh2_channel_eof.3 \
@@ -21,23 +29,48 @@ dist_man_MANS = \
 	libssh2_channel_receive_window_adjust.3 \
 	libssh2_channel_receive_window_adjust2.3 \
 	libssh2_channel_request_pty_ex.3 \
+	libssh2_channel_request_pty_size_ex.3 \
 	libssh2_channel_send_eof.3 \
 	libssh2_channel_set_blocking.3 \
 	libssh2_channel_setenv_ex.3 \
-	libssh2_channel_wait_eof.3 \
 	libssh2_channel_wait_closed.3 \
+	libssh2_channel_wait_eof.3 \
 	libssh2_channel_window_read_ex.3 \
 	libssh2_channel_window_write_ex.3 \
 	libssh2_channel_write_ex.3 \
 	libssh2_channel_x11_req_ex.3 \
+	libssh2_free_host_entry.3 \
+	libssh2_host_entry_match.3 \
 	libssh2_hostkey_hash.3 \
+	libssh2_knownhost_add.3 \
+	libssh2_knownhost_check.3 \
+	libssh2_knownhost_del.3 \
+	libssh2_knownhost_get.3 \
+	libssh2_knownhost_init.3 \
+	libssh2_knownhost_free.3 \
+	libssh2_knownhost_readfile.3 \
+	libssh2_knownhost_readline.3 \
+	libssh2_knownhost_writefile.3 \
+	libssh2_knownhost_writeline.3 \
+	libssh2_new_host_entry.3 \
+	libssh2_poll.3 \
+	libssh2_poll_channel_read.3 \
+	libssh2_publickey_add_ex.3 \
+	libssh2_publickey_init.3 \
+	libssh2_publickey_list_fetch.3 \
+	libssh2_publickey_list_free.3 \
+	libssh2_publickey_remove_ex.3 \
+	libssh2_publickey_shutdown.3 \
 	libssh2_scp_recv.3 \
 	libssh2_scp_send_ex.3 \
 	libssh2_session_abstract.3 \
 	libssh2_session_block_directions.3 \
 	libssh2_session_callback_set.3 \
-	libssh2_session_free.3 \
 	libssh2_session_disconnect_ex.3 \
+	libssh2_session_flag.3 \
+	libssh2_session_free.3 \
+	libssh2_session_get_blocking.3 \
+	libssh2_session_hostkey.3 \
 	libssh2_session_init_ex.3 \
 	libssh2_session_last_errno.3 \
 	libssh2_session_last_error.3 \
@@ -45,14 +78,12 @@ dist_man_MANS = \
 	libssh2_session_methods.3 \
 	libssh2_session_set_blocking.3 \
 	libssh2_session_startup.3 \
-	libssh2_poll.3 \
-	libssh2_poll_channel_read.3 \
 	libssh2_sftp_close_handle.3 \
 	libssh2_sftp_fstat_ex.3 \
-	libssh2_sftp_last_error.3 \
 	libssh2_sftp_init.3 \
-	libssh2_sftp_open_ex.3 \
+	libssh2_sftp_last_error.3 \
 	libssh2_sftp_mkdir_ex.3 \
+	libssh2_sftp_open_ex.3 \
 	libssh2_sftp_read.3 \
 	libssh2_sftp_readdir_ex.3 \
 	libssh2_sftp_rename_ex.3 \
@@ -65,24 +96,12 @@ dist_man_MANS = \
 	libssh2_sftp_tell64.3 \
 	libssh2_sftp_unlink_ex.3 \
 	libssh2_sftp_write.3 \
+	libssh2_trace.3 \
+	libssh2_trace_sethandler.3 \
 	libssh2_userauth_authenticated.3 \
+	libssh2_userauth_hostbased_fromfile_ex.3 \
 	libssh2_userauth_keyboard_interactive_ex.3 \
 	libssh2_userauth_list.3 \
 	libssh2_userauth_password_ex.3 \
 	libssh2_userauth_publickey_fromfile_ex.3 \
-	libssh2_base64_decode.3 \
-	libssh2_trace.3 \
 	libssh2_version.3
-	libssh2_channel_request_pty_size_ex.3 \
-	libssh2_free_host_entry.3 \
-	libssh2_host_entry_match.3 \
-	libssh2_new_host_entry.3 \
-	libssh2_publickey_add_ex.3 \
-	libssh2_publickey_init.3 \
-	libssh2_publickey_list_fetch.3 \
-	libssh2_publickey_list_free.3 \
-	libssh2_publickey_remove_ex.3 \
-	libssh2_publickey_shutdown.3 \
-	libssh2_session_flag.3 \
-	libssh2_session_get_blocking.3 \
-	libssh2_userauth_hostbased_fromfile_ex.3

docs/libssh2_agent_connect.3

@@ -0,0 +1,23 @@
+.\"
+.\" Copyright (c) 2009 by Daiki Ueno
+.\"
+.TH libssh2_agent_connect 3 "23 Dec 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_agent_connect - connect to an ssh-agent
+.SH SYNOPSIS
+#include <libssh2.h>
+
+int libssh2_agent_connect(LIBSSH2_AGENT *agent);
+.SH DESCRIPTION
+Connect to an ssh-agent running on the system.
+
+Call \fBlibssh2_agent_disconnect(3)\fP to close the connection after
+you're doing using it.
+.SH RETURN VALUE
+Returns 0 if succeeded, or a negative value for error.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_agent_init(3)
+.BR libssh2_agent_disconnect(3)
+

docs/libssh2_agent_disconnect.3

@@ -0,0 +1,20 @@
+.\"
+.\" Copyright (c) 2009 by Daiki Ueno
+.\"
+.TH libssh2_agent_disconnect 3 "23 Dec 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_agent_disconnect - close a connection to an ssh-agent
+.SH SYNOPSIS
+#include <libssh2.h>
+
+int libssh2_agent_disconnect(LIBSSH2_AGENT *agent);
+.SH DESCRIPTION
+Close a connection to an ssh-agent.
+
+.SH RETURN VALUE
+Returns 0 if succeeded, or a negative value for error.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_agent_connect(3)
+.BR libssh2_agent_free(3)

docs/libssh2_agent_free.3

@@ -0,0 +1,20 @@
+.\"
+.\" Copyright (c) 2009 by Daiki Ueno
+.\"
+.TH libssh2_agent_free 3 "28 May 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_agent_free - free an ssh-agent handle
+.SH SYNOPSIS
+#include <libssh2.h>
+
+void libssh2_agent_free(LIBSSH2_AGENT *agent);
+.SH DESCRIPTION
+Free an ssh-agent handle.  This function also frees the internal
+collection of public keys.
+.SH RETURN VALUE
+None.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_agent_init(3)
+.BR libssh2_agent_disconnect(3)

docs/libssh2_agent_get_identity.3

@@ -0,0 +1,34 @@
+.\"
+.\" Copyright (c) 2009 by Daiki Ueno
+.\"
+.TH libssh2_agent_get_identity 3 "23 Dec 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_agent_get_identity - get a public key off the collection of public keys managed by ssh-agent
+.SH SYNOPSIS
+#include <libssh2.h>
+
+int libssh2_agent_get_identity(LIBSSH2_AGENT *agent,
+                               struct libssh2_agent_publickey **store,
+                               struct libssh2_agent_publickey *prev);
+.SH DESCRIPTION
+\fIlibssh2_agent_get_identity(3)\fP allows an application to iterate
+over all public keys in the collection managed by ssh-agent.
+
+\fIstore\fP should point to a pointer that gets filled in to point to the
+public key data.
+
+\fIprev\fP is a pointer to a previous 'struct libssh2_agent_publickey'
+as returned by a previous invoke of this function, or NULL to get the
+first entry in the internal collection.
+.SH RETURN VALUE
+Returns 0 if everything is fine and information about a host was stored in
+the \fIstore\fP struct.
+
+Returns 1 if it reached the end of public keys.
+
+Returns negative values for error
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_agent_list_identities(3)
+.BR libssh2_agent_userauth(3)

docs/libssh2_agent_init.3

@@ -0,0 +1,26 @@
+.\"
+.\" Copyright (c) 2009 by Daiki Ueno
+.\"
+.TH libssh2_agent_init 3 "23 Dec 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_agent_init - init an ssh-agent handle
+.SH SYNOPSIS
+#include <libssh2.h>
+
+LIBSSH2_AGENT *libssh2_agent_init(LIBSSH2_SESSION *session);
+.SH DESCRIPTION
+Init an ssh-agent handle. Returns the handle to an internal
+representation of an ssh-agent connection.  After the successful
+initialization, an application can call \fBlibssh2_agent_connect(3)\fP
+to connect to a running ssh-agent.
+
+Call \fBlibssh2_agent_free(3)\fP to free the handle again after you're
+doing using it.
+.SH RETURN VALUE
+Returns a handle pointer or NULL if something went wrong. The returned handle
+is used as input to all other ssh-agent related functions libssh2 provides.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_agent_connect(3)
+.BR libssh2_agent_free(3)

docs/libssh2_agent_list_identities.3

@@ -0,0 +1,24 @@
+.\"
+.\" Copyright (c) 2009 by Daiki Ueno
+.\"
+.TH libssh2_agent_list_identities 3 "23 Dec 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_agent_list_identities - request an ssh-agent to list of public keys.
+.SH SYNOPSIS
+#include <libssh2.h>
+
+int libssh2_agent_list_identities(LIBSSH2_AGENT *agent);
+.SH DESCRIPTION
+Request an ssh-agent to list of public keys, and stores them in the
+internal collection of the handle.  Call
+\fIlibssh2_agent_get_identity(3)\fP to get a public key off the
+collection.
+
+.SH RETURN VALUE
+Returns 0 if succeeded, or a negative value for error.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_agent_connect(3)
+.BR libssh2_agent_get_identity(3)
+

docs/libssh2_agent_userauth.3

@@ -0,0 +1,29 @@
+.\"
+.\" Copyright (c) 2009 by Daiki Ueno
+.\"
+.TH libssh2_agent_userauth 3 "23 Dec 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_agent_userauth - authenticate a session with a public key, with the help of ssh-agent
+.SH SYNOPSIS
+#include <libssh2.h>
+
+int libssh2_agent_userauth(LIBSSH2_AGENT *agent,
+                           const char *username,
+                           struct libssh2_agent_publickey *identity);
+.SH DESCRIPTION
+\fIagent\fP - ssh-agent handle as returned by 
+.BR libssh2_agent_init(3)
+
+\fIusername\fP - Remote user name to authenticate as.
+
+\fIidentity\fP - Public key to authenticate with, as returned by 
+.BR libssh2_agent_get_identity(3)
+
+Attempt public key authentication with the help of ssh-agent.
+.SH RETURN VALUE
+Returns 0 if succeeded, or a negative value for error.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_agent_init(3)
+.BR libssh2_agent_get_identity(3)

docs/libssh2_channel_direct_tcpip_ex.3

@@ -13,16 +13,16 @@ LIBSSH2_CHANNEL *
 libssh2_channel_direct_tcpip(LIBSSH2_SESSION *session, const char *host, int port);
 
 .SH DESCRIPTION
-/fIsession/fP - Session instance as returned by 
+\fIsession\fP - Session instance as returned by 
 .BR libssh2_session_init_ex(3)
 
-/fIhost/fP - Third party host to connect to using the SSH host as a proxy.
+\fIhost\fP - Third party host to connect to using the SSH host as a proxy.
 
-/fIport/fP - Port on third party host to connect to.
+\fIport\fP - Port on third party host to connect to.
 
-/fIshost/fP - Host to tell the SSH server the connection originated on.
+\fIshost\fP - Host to tell the SSH server the connection originated on.
 
-/fIsport/fP - Port to tell the SSH server the connection originated from.
+\fIsport\fP - Port to tell the SSH server the connection originated from.
 
 Tunnel a TCP/IP connection through the SSH transport via the remote host to 
 a third party. Communication from the client to the SSH server remains 

docs/libssh2_channel_forward_cancel.3

@@ -10,7 +10,7 @@ int
 libssh2_channel_forward_cancel(LIBSSH2_LISTENER *listener);
 
 .SH DESCRIPTION
-/fIlistener/fP - Forwarding listener instance as returned by 
+\fIlistener\fP - Forwarding listener instance as returned by 
 .BR libssh2_channel_forward_listen_ex(3)
 
 Instruct the remote host to stop listening for new connections on a previously requested host/port.

docs/libssh2_channel_read_ex.3

@@ -35,6 +35,9 @@ macros.
 Actual number of bytes read or negative on failure. It returns
 LIBSSH2_ERROR_EAGAIN when it would otherwise block. While
 LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
+
+Note that a return value of zero (0) can in fact be a legitimate value and
+only signals that no payload data was read. It is not an error.
 .SH ERRORS
 \fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket.
 

docs/libssh2_knownhost_add.3

@@ -0,0 +1,58 @@
+
+.\" Copyright (c) 2009 by Daniel Stenberg
+.\"
+.TH libssh2_knownhost_add 3 "28 May 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_knownhost_add - add a known host
+.SH SYNOPSIS
+#include <libssh2.h>
+
+int libssh2_knownhost_add(LIBSSH2_KNOWNHOSTS *hosts,
+                          char *host, char *salt,
+                          char *key, size_t keylen,
+                          int typemask,
+                          struct libssh2_knownhost **store);
+.SH DESCRIPTION
+Adds a known host to the collection of known hosts identified by the 'hosts'
+handle.
+
+\fIhost\fP is a pointer the host name in plain text or hashed. If hashed, it
+must be provided base64 encoded. The host name can be the IP numerical address
+of the host or the full name.
+
+\fIsalt\P is a pointer to the salt used for the host hashing, if the host is
+provided hashed. If the host is provided in plain text, salt has no meaning.
+The salt has to be provided base64 encoded with a trailing zero byte.
+
+\fIkey\fP is a pointer to the key for the given host.
+
+\fIkeylen\fP is the total size in bytes of the key pointed to by the \fIkey\fP
+argument
+
+\fItypemask\fP is a bitmask that specifies format and info about the data
+passed to this function. Specificly, it details what format the host name is,
+what format the key is and what key type it is.
+
+The host name is given as one of the following types:
+LIBSSH2_KNOWNHOST_TYPE_PLAIN, LIBSSH2_KNOWNHOST_TYPE_SHA1 or
+LIBSSH2_KNOWNHOST_TYPE_CUSTOM.
+
+The key is encoded using one of the following encodings:
+LIBSSH2_KNOWNHOST_KEYENC_RAW or LIBSSH2_KNOWNHOST_KEYENC_BASE64.
+
+The key is using one of these algorithms:
+LIBSSH2_KNOWNHOST_KEY_RSA1, LIBSSH2_KNOWNHOST_KEY_SSHRSA or
+LIBSSH2_KNOWNHOST_KEY_SSHDSS.
+
+\fIstore\fP should point to a pointer that gets filled in to point to the
+known host data after the addition. NULL can be passed if you don't care about
+this pointer.
+.SH RETURN VALUE
+Returns a regular libssh2 error code, where negative values are error codes
+and 0 indicates success.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_knownhost_init(3)
+.BR libssh2_knownhost_free(3)
+.BR libssh2_knownhost_check(3)

docs/libssh2_knownhost_check.3

@@ -0,0 +1,57 @@
+.\"
+.\" Copyright (c) 2009 by Daniel Stenberg
+.\"
+.TH libssh2_knownhost_check 3 "28 May 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_knownhost_check - check a host+key against the list of known hosts
+.SH SYNOPSIS
+#include <libssh2.h>
+
+int libssh2_knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
+                            char *host, char *key, size_t keylen,
+                            int typemask,
+                            struct libssh2_knownhost **knownhost);
+.SH DESCRIPTION
+Checks a host and its associated key against the collection of known hosts,
+and returns info back about the (partially) matched entry.
+
+\fIhost\fP is a pointer the host name in plain text. The host name can be the
+IP numerical address of the host or the full name.
+
+\fIkey\fP is a pointer to the key for the given host.
+
+\fIkeylen\fP is the total size in bytes of the key pointed to by the \fIkey\fP
+argument
+
+\fItypemask\fP is a bitmask that specifies format and info about the data
+passed to this function. Specificly, it details what format the host name is,
+what format the key is and what key type it is.
+
+The host name is given as one of the following types:
+LIBSSH2_KNOWNHOST_TYPE_PLAIN or LIBSSH2_KNOWNHOST_TYPE_CUSTOM.
+
+The key is encoded using one of the following encodings:
+LIBSSH2_KNOWNHOST_KEYENC_RAW or LIBSSH2_KNOWNHOST_KEYENC_BASE64.
+
+\fIknownhost\fP if set to non-NULL, it must be a pointer to a 'struct
+libssh2_knownhost' pointer that gets filled in to point to info about a known
+host that matches or partially matches.
+.SH RETURN VALUE
+\fIlibssh2_knownhost_check(3)\fP returns info about how well the provided
+host + key pair matched one of the entries in the list of known hosts.
+
+LIBSSH2_KNOWNHOST_CHECK_FAILURE - something prevented the check to be made
+
+LIBSSH2_KNOWNHOST_CHECK_NOTFOUND - no host match was found
+
+LIBSSH2_KNOWNHOST_CHECK_MATCH - hosts and keys match.
+
+LIBSSH2_KNOWNHOST_CHECK_MISMATCH - host was found, but the keys didn't match!
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH EXAMPLE
+See the ssh2_exec.c example as provided in the tarball.
+.SH SEE ALSO
+.BR libssh2_knownhost_init(3)
+.BR libssh2_knownhost_free(3)
+.BR libssh2_knownhost_add(3)

docs/libssh2_knownhost_del.3

@@ -0,0 +1,26 @@
+.\"
+.\" Copyright (c) 2009 by Daniel Stenberg
+.\"
+.TH libssh2_knownhost_del 3 "28 May 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_knownhost_del - delete a known host entry
+.SH SYNOPSIS
+#include <libssh2.h>
+
+int libssh2_knownhost_del(LIBSSH2_KNOWNHOSTS *hosts,
+                          struct libssh2_knownhost *entry);
+.SH DESCRIPTION
+Delete a known host entry from the collection of known hosts.
+
+\fIentry\fP is a pointer to a struct that you can extract with
+\fIlibssh2_knownhost_check(3)\fP or \fIlibssh2_knownhost_get(3)\fP.
+.SH RETURN VALUE
+Returns a regular libssh2 error code, where negative values are error codes
+and 0 indicates success.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_knownhost_init(3)
+.BR libssh2_knownhost_free(3)
+.BR libssh2_knownhost_add(3)
+.BR libssh2_knownhost_check(3)

docs/libssh2_knownhost_free.3

@@ -0,0 +1,20 @@
+.\"
+.\" Copyright (c) 2009 by Daniel Stenberg
+.\"
+.TH libssh2_knownhost_free 3 "28 May 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_knownhost_free - free a collection of known hosts
+.SH SYNOPSIS
+#include <libssh2.h>
+
+void libssh2_knownhost_free(LIBSSH2_KNOWNHOSTS *hosts);
+.SH DESCRIPTION
+Free a collection of known hosts.
+.SH RETURN VALUE
+None.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_knownhost_init(3)
+.BR libssh2_knownhost_add(3)
+.BR libssh2_knownhost_check(3)

docs/libssh2_knownhost_get.3

@@ -0,0 +1,35 @@
+.\"
+.\" Copyright (c) 2009 by Daniel Stenberg
+.\"
+.TH libssh2_knownhost_get 3 "28 May 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_knownhost_get - get a known host off the collection of known hosts
+.SH SYNOPSIS
+#include <libssh2.h>
+
+int libssh2_knownhost_get(LIBSSH2_KNOWNHOSTS *hosts,
+                          struct libssh2_knownhost **store,
+                          struct libssh2_knownhost *prev):
+.SH DESCRIPTION
+\fIlibssh2_knownhost_get(3)\fP allows an application to iterate over all known
+hosts in the collection.
+
+\fIstore\fP should point to a pointer that gets filled in to point to the
+known host data.
+
+\fIprev\fP is a pointer to a previous 'struct libssh2_knownhost' as returned
+by a previous invoke of this function, or NULL to get the first entry in the
+internal collection.
+.SH RETURN VALUE
+Returns 0 if everything is fine and information about a host was stored in
+the \fIstore\fP struct.
+
+Returns 1 if it reached the end of hosts.
+
+Returns negative values for error
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_knownhost_readfile(3)
+.BR libssh2_knownhost_writefile(3)
+.BR libssh2_knownhost_add(3)

docs/libssh2_knownhost_init.3

@@ -0,0 +1,25 @@
+.\"
+.\" Copyright (c) 2009 by Daniel Stenberg
+.\"
+.TH libssh2_knownhost_init 3 "28 May 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_knownhost_init - init a collection of known hosts
+.SH SYNOPSIS
+#include <libssh2.h>
+
+LIBSSH2_KNOWNHOSTS *libssh2_knownhost_init(LIBSSH2_SESSION *session);
+.SH DESCRIPTION
+Init a collection of known hosts for this session. Returns the handle to an
+internal representation of a known host collection.
+
+Call \fBlibssh2_knownhost_free(3)\fP to free the collection again after you're
+doing using it.
+.SH RETURN VALUE
+Returns a handle pointer or NULL if something went wrong. The returned handle
+is used as input to all other known host related functions libssh2 provides.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_knownhost_free(3)
+.BR libssh2_knownhost_add(3)
+.BR libssh2_knownhost_check(3)

docs/libssh2_knownhost_readfile.3

@@ -0,0 +1,29 @@
+.\"
+.\" Copyright (c) 2009 by Daniel Stenberg
+.\"
+.TH libssh2_knownhost_readfile 3 "28 May 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_knownhost_readfile - parse a file of known hosts
+.SH SYNOPSIS
+#include <libssh2.h>
+
+int libssh2_knownhost_readfile(LIBSSH2_KNOWNHOSTS *hosts,
+                               const char *filename, int type);
+.SH DESCRIPTION
+Reads a collection of known hosts from a specified file and adds them to the
+collection of known hosts.
+
+\fIfilename\fP specifies which file to read
+
+\fItype\fP specifies what file type it is, and
+\fILIBSSH2_KNOWNHOST_FILE_OPENSSH\fP is the only currently supported
+format. This file is normally found named ~/.ssh/known_hosts
+.SH RETURN VALUE
+Returns a regular libssh2 error code, where negative values are error codes
+and 0 indicates success.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_knownhost_init(3)
+.BR libssh2_knownhost_free(3)
+.BR libssh2_knownhost_check(3)

docs/libssh2_knownhost_readline.3

@@ -0,0 +1,30 @@
+.\"
+.\" Copyright (c) 2009 by Daniel Stenberg
+.\"
+.TH libssh2_knownhost_readline 3 "28 May 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_knownhost_readline - read a known host line
+.SH SYNOPSIS
+#include <libssh2.h>
+
+int libssh2_knownhost_readline(LIBSSH2_KNOWNHOSTS *hosts,
+                               const char *line, size_t len, int type):
+.SH DESCRIPTION
+Tell libssh2 to read a buffer as it if is a line from a known hosts file.
+
+\fIline\fP points to the start of the line
+
+\fIlen\fP is the length of the line in bytes
+
+\fItype\fP specifies what file type it is, and
+\fILIBSSH2_KNOWNHOST_FILE_OPENSSH\fP is the only currently supported
+format. This file is normally found named ~/.ssh/known_hosts
+.SH RETURN VALUE
+Returns a regular libssh2 error code, where negative values are error codes
+and 0 indicates success.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_knownhost_get(3)
+.BR libssh2_knownhost_writeline(3)
+.BR libssh2_knownhost_readfile(3)

docs/libssh2_knownhost_writefile.3

@@ -0,0 +1,29 @@
+.\"
+.\" Copyright (c) 2009 by Daniel Stenberg
+.\"
+.TH libssh2_knownhost_writefile 3 "28 May 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_knownhost_writefile - write a collection of known hosts to a file
+.SH SYNOPSIS
+#include <libssh2.h>
+
+int libssh2_knownhost_writefile(LIBSSH2_KNOWNHOSTS *hosts,
+                                const char *filename, int type);
+.SH DESCRIPTION
+Writes all the known hosts to the specified file using the specified file
+format.
+
+\fIfilename\fP specifies what filename to create
+
+\fItype\fP specifies what file type it is, and
+\fILIBSSH2_KNOWNHOST_FILE_OPENSSH\fP is the only currently supported
+format.
+.SH RETURN VALUE
+Returns a regular libssh2 error code, where negative values are error codes
+and 0 indicates success.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_knownhost_readfile(3)
+.BR libssh2_knownhost_add(3)
+

docs/libssh2_knownhost_writeline.3

@@ -0,0 +1,46 @@
+.\"
+.\" Copyright (c) 2009 by Daniel Stenberg
+.\"
+.TH libssh2_knownhost_writeline 3 "28 May 2009" "libssh2 1.2" "libssh2 manual"
+.SH NAME
+libssh2_knownhost_writeline - convert a known host to a line for storage
+.SH SYNOPSIS
+#include <libssh2.h>
+
+libssh2_knownhost_writeline(LIBSSH2_KNOWNHOSTS *hosts,
+                            struct libssh2_knownhost *known,
+                            char *buffer, size_t buflen,
+                            size_t *outlen,
+                            int type);
+.SH DESCRIPTION
+Converts a single known host to a single line of output for storage, using
+the 'type' output format.
+
+\fIknown\fP identifies which particular known host
+
+\fIbuffer\fP points to an allocated buffer
+
+\fIbuflen\fP is the size of the \fIbuffer\fP. See RETURN VALUE about the size.
+
+\fIoutlen\fP must be a pointer to a size_t variable that will get the output
+length of the stored data chunk. The number does not included the trailing
+zero!
+
+\fItype\fP specifies what file type it is, and
+\fILIBSSH2_KNOWNHOST_FILE_OPENSSH\fP is the only currently supported
+format.
+.SH RETURN VALUE
+Returns a regular libssh2 error code, where negative values are error codes
+and 0 indicates success.
+
+If the provided buffer is deemed too small to fit the data libssh2 wants to
+store in it, LIBSSH2_ERROR_BUFFER_TOO_SMALL will be returned. The application
+is then adviced to call the function again with a larger buffer. The
+\fIoutlen\fP size will then hold the requested size.
+.SH AVAILABILITY
+Added in libssh2 1.2
+.SH SEE ALSO
+.BR libssh2_knownhost_get(3)
+.BR libssh2_knownhost_readline(3)
+.BR libssh2_knownhost_writefile(3)
+

docs/libssh2_poll.3

@@ -1,4 +1,4 @@
-.\" $Id: libssh2_poll.3,v 1.3 2007/06/13 12:51:11 jehousley Exp $
+.\" $Id: libssh2_poll.3,v 1.4 2009/04/14 21:38:36 bagder Exp $
 .\"
 .TH libssh2_poll 3 "14 Dec 2006" "libssh2 0.15" "libssh2 manual"
 .SH NAME
@@ -8,6 +8,8 @@ libssh2_poll - poll for activity on a socket, channel or listener
 
 int libssh2_poll(LIBSSH2_POLLFD *fds, unsigned int nfds, long timeout);
 .SH DESCRIPTION
+This function is deprecated. Do note use.
+
 Poll for activity on a socket, channel, listener, or any combination of these
 three types. The calling semantics for this function generally match
 \fIpoll(2)\fP however the structure of fds is somewhat more complex in order

docs/libssh2_poll_channel_read.3

@@ -1,4 +1,4 @@
-.\" $Id: libssh2_poll_channel_read.3,v 1.2 2007/06/13 12:51:11 jehousley Exp $
+.\" $Id: libssh2_poll_channel_read.3,v 1.3 2009/04/14 21:38:36 bagder Exp $
 .\"
 .TH libssh2_poll_channel_read 3 "14 Dec 2006" "libssh2 0.15" "libssh2 manual"
 .SH NAME
@@ -8,6 +8,8 @@ libssh2_poll_channel_read - check if data is available
 
 int libssh2_poll_channel_read(LIBSSH2_CHANNEL *channel, int extended);
 .SH DESCRIPTION
+This function is deprecated. Do note use.
+
 \fIlibssh2_poll_channel_read(3)\fP checks to see if data is available in the
 \fIchannel\fP's read buffer. No attempt is made with this method to see if
 packets are available to be processed. For full polling support, use

docs/libssh2_scp_recv.3

@@ -13,7 +13,8 @@ libssh2_scp_recv(LIBSSH2_SESSION *session, const char *path, struct stat *sb);
 \fIsession\fP - Session instance as returned by 
 .BR libssh2_session_init_ex(3)
 
-\fIpath\fP - Full path and filename of file to transfer
+\fIpath\fP - Full path and filename of file to transfer. That is the remote
+file name.
 
 \fIsb\fP - Populated with remote file's size, mode, mtime, and atime
 

docs/libssh2_scp_send_ex.3

@@ -12,7 +12,8 @@ libssh2_scp_send_ex(LIBSSH2_SESSION *session, const char *path, int mode, size_t
 \fIsession\fP - Session instance as returned by 
 .BR libssh2_session_init_ex(3)
 
-\fIpath\fP - Full path and filename of file to transfer
+\fIpath\fP - Full path and filename of file to transfer to. That is the remote
+file name.
 
 \fImode\fP - File access mode to create file with
 

docs/libssh2_session_hostkey.3

@@ -0,0 +1,23 @@
+.\" $Id: session_hostkey.3,v 1.4 2007/06/13 16:41:33 jehousley Exp $
+.\"
+.TH libssh2_session_hostkey 3 "1 Jun 2007" "libssh2 0.15" "libssh2 manual"
+.SH NAME
+libssh2_session_hostkey - get the remote key
+.SH SYNOPSIS
+#include <libssh2.h>
+
+const char *libssh2_session_hostkey(LIBSSH2_SESSION *session,
+                                    size_t *len, int *type);
+.SH DESCRIPTION
+Returns a pointer to the current host key, the value \fIlen\fP points to will
+get the length of the key.
+
+The value \fItype\fP points to the type of hostkey which is one of:
+LIBSSH2_HOSTKEY_TYPE_RSA, LIBSSH2_HOSTKEY_TYPE_DSS, or
+LIBSSH2_HOSTKEY_TYPE_UNKNOWN.
+
+.SH RETURN VALUE
+A pointer, or NULL if something went wrong.
+.SH SEE ALSO
+.BR libssh2_knownhost_check(3)
+.BR libssh2_knownhost_add(3)

docs/libssh2_sftp_close_handle.3

@@ -20,14 +20,10 @@ libssh2_sftp_closedir(LIBSSH2_SFTP_HANDLE *handle);
 \fIhandle\fP - SFTP File Handle as returned by \fBlibssh2_sftp_open_ex(3)\fP
 or \fBlibssh2_sftp_opendir(3)\fP (which is a macro).
 
-Close an active LIBSSH2_SFTP_HANDLE. Because files and directories 
-share the same underlying storage mechanism these methods may be used 
-interchangably. It is recommended that 
-.BR libssh2_sftp_closedir()
-be used for files and that 
-.BR libssh2_sftp_closedir()
-be used for directories so that future changes in the library may cause
-minimal disruption. Both are macros for \fBlibssh2_sftp_close_handle\fP.
+Close an active LIBSSH2_SFTP_HANDLE. Because files and directories share the
+same underlying storage mechanism these methods may be used
+interchangably. \fBlibssh2_sftp_close(3)\fP and \fBlibssh2_sftp_closedir(3)\fP
+are macros for \fBlibssh2_sftp_close_handle(3)\fP.
 
 .SH RETURN VALUE
 Return 0 on success or negative on failure.  It returns

docs/libssh2_sftp_write.3

@@ -11,21 +11,26 @@ ssize_t
 libssh2_sftp_write(LIBSSH2_SFTP_HANDLE *handle, const char *buffer, size_t count);
 
 .SH DESCRIPTION
-\fIhandle\fP - SFTP File Handle as returned by 
-.BR libssh2_sftp_open_ex(3)
+\fIhandle\fP - SFTP file handle as returned by \fIlibssh2_sftp_open_ex(3)\fP.
 
-\fIbuffer\fP - Pre-initialized data buffer to write to the LIBSSH2_SFTP_HANDLE.
+\fIbuffer\fP - points to the data to send off
 
-\fIcount\fP - Number of bytes from buffer to write. Note that it may not 
-be possible to write all bytes as requested.
-
-Write a block of data to a LIBSSH2_SFTP_HANDLE. This method is modeled after the POSIX write() function and uses the same calling semantics.
+\fIcount\fP - Number of bytes from 'buffer' to write. Note that it may not be
+possible to write all bytes as requested.
 
+\fBlibssh2_sftp_write(3)\fP writes a block of data to the SFTP server. This
+method is modeled after the POSIX write() function and uses the same calling
+semantics.
 .SH RETURN VALUE
-Actual number of bytes written or negative on failure.  It returns
-LIBSSH2_ERROR_EAGAIN when it would otherwise block. While
-LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
+Actual number of bytes written or negative on failure.
 
+If used in non-blocking mode, it returns LIBSSH2_ERROR_EAGAIN when it would
+otherwise block. While LIBSSH2_ERROR_EAGAIN is a negative number, it isn't
+really a failure per se.
+
+If this function returns 0 (zero) it should not be considered an error, but
+simply that there was no error but yet no payload data got sent to the other
+end.
 .SH ERRORS
 \fILIBSSH2_ERROR_ALLOC\fP -  An internal memory allocation call failed.
 
@@ -36,6 +41,5 @@ LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
 \fILIBSSH2_ERROR_SFTP_PROTOCOL\fP - An invalid SFTP protocol response was 
 received on the socket, or an SFTP operation caused an errorcode to 
 be returned by the server.
-
 .SH SEE ALSO
 .BR libssh2_sftp_open_ex(3)

docs/libssh2_trace.3

@@ -6,16 +6,18 @@ libssh2_trace - enable debug info from inside libssh2
 .SH SYNOPSIS
 #include <libssh2.h>
 
-void libssh2_trace(int bitmask);
+void libssh2_trace(LIBSSH2_SESSION *session, int bitmask);
 
 .SH DESCRIPTION
 This is a function present in the library that can be used to get debug info
 from within libssh2 when it is running. Helpful when trying to trace or debug
-behaviors. This function has no effect unless libssh2 was built to support
-this option, and a typical "release build" might not.
+behaviors. Note that this function has no effect unless libssh2 was built to
+support tracing! It is usually disabled in release builds.
 
-\fBbitmask\fP can be set to none, one or more of these bits:
+\fBbitmask\fP can be set to the logical OR of none, one or more of these:
 .RS
+.IP LIBSSH2_TRACE_SOCKET
+Socket low-level debugging
 .IP LIBSSH2_TRACE_TRANS
 Transport layer debugging
 .IP LIBSSH2_TRACE_KEX

docs/libssh2_trace_sethandler.3

@@ -0,0 +1,30 @@
+.\" $Id: libssh2_trace_sethandler.3,v 1.1 2008/12/26 07:46:45 bagder Exp $
+.\"
+.TH libssh2_trace_sethandler 3 "15 Jan 2010" "libssh2 1.2.3" "libssh2 manual"
+.SH NAME
+libssh2_trace_sethandler - set a trace output handler
+.SH SYNOPSIS
+.nf
+#include <libssh2.h>
+
+typedef void (*libssh2_trace_handler_func)(LIBSSH2_SESSION *session,
+                                           void* context,
+                                           const char *data,
+                                           size_t length);
+
+int libssh2_trace_sethandler(LIBSSH2_SESSION *session,
+                             void* context,
+                             libssh2_trace_handler_func callback);
+.SH DESCRIPTION
+libssh2_trace_sethandler installs a trace output handler for your application.
+By default, when tracing has been switched on via a call to libssh2_trace(),
+all output is written to stderr.  By calling this method and passing a
+function pointer that matches the libssh2_trace_handler_func prototype,
+libssh2 will call back as it generates trace output.  This can be used to
+capture the trace output and put it into a log file or diagnostic window.
+This function has no effect unless libssh2 was built to support this option,
+and a typical "release build" might not.
+
+\fBcontext\fP can be used to pass arbitrary user defined data back into the callback when invoked.
+.SH AVAILABILITY
+Added in libssh2 version 1.2.3

docs/libssh2_userauth_keyboard_interactive_ex.3

@@ -39,5 +39,7 @@ LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
 
 \fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket.
 
+\fLIBSSH2_ERROR_AUTHENTICATION_FAILED\fP -  failed, invalid username/password or public/private key.
+
 .SH SEE ALSO
 .BR libssh2_session_init_ex(3)

docs/libssh2_userauth_password_ex.3

@@ -46,5 +46,7 @@ LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
 
 \fILIBSSH2_ERROR_PASSWORD_EXPIRED\fP - 
 
+\fLIBSSH2_ERROR_AUTHENTICATION_FAILED\fP -  failed, invalid username/password or public/private key.
+
 .SH SEE ALSO
 .BR libssh2_session_init_ex(3)

docs/libssh2_userauth_publickey_fromfile_ex.3

@@ -40,12 +40,11 @@ LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
 
 \fILIBSSH2_ERROR_SOCKET_TIMEOUT\fP - 
 
-\fILIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED\fP - >The username/public key 
+\fILIBSSH2_ERROR_PUBLICKEY_UNVERIFIED\fP - The username/public key
 combination was invalid.
 
-\fILIBSSH2_ERROR_PUBLICKEY_UNVERIFIED\fP - The username/public key 
-combination was invalid, or the signature for the supplied public 
-key was invalid.
+\fILIBSSH2_ERROR_AUTHENTICATION_FAILED\fP - Authentication using the supplied
+public key was not accepted.
 
 .SH SEE ALSO
 .BR libssh2_session_init_ex(3)

example/.cvsignore

@@ -1,2 +0,0 @@
-Makefile
-Makefile.in

example/.gitignore

@@ -1,9 +1,8 @@
 Makefile
 Makefile.in
-.deps
-.libs
 *.gcno
 *.gcda
+direct_tcpip
 scp
 scp_nonblock
 scp_write
@@ -18,4 +17,9 @@ sftp_mkdir
 sftp_mkdir_nonblock
 sftp_write
 sftp_write_nonblock
-
+config.h.in
+ssh2_exec
+ssh2_agent
+libssh2_config.h
+libssh2_config.h.in
+stamp-h2

example/Makefile.am

@@ -1,2 +1,16 @@
 AUTOMAKE_OPTIONS = foreign nostdinc
-SUBDIRS = simple
+
+EXTRA_DIST = libssh2_config.h.in
+
+# samples
+noinst_PROGRAMS = direct_tcpip ssh2 \
+		scp scp_nonblock \
+		scp_write scp_write_nonblock \
+		sftp sftp_nonblock \
+		sftp_write sftp_write_nonblock \
+		sftp_mkdir sftp_mkdir_nonblock \
+		sftp_RW_nonblock \
+		sftpdir sftpdir_nonblock ssh2_exec ssh2_agent
+
+AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/example
+LDADD = $(top_builddir)/src/libssh2.la

example/direct_tcpip.c

@@ -0,0 +1,271 @@
+#include <libssh2.h>
+
+#ifdef WIN32
+#include <windows.h>
+#include <winsock2.h>
+#include <ws2tcpip.h>
+#else
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <sys/time.h>
+#endif
+
+#include <fcntl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/types.h>
+
+const char *keyfile1 = "/home/username/.ssh/id_rsa.pub";
+const char *keyfile2 = "/home/username/.ssh/id_rsa";
+const char *username = "username";
+const char *password = "";
+
+const char *server_ip = "127.0.0.1";
+
+const char *local_listenip = "127.0.0.1";
+unsigned int local_listenport = 2222;
+
+const char *remote_desthost = "localhost"; /* resolved by the server */
+unsigned int remote_destport = 22;
+
+enum {
+    AUTH_NONE = 0,
+    AUTH_PASSWORD,
+    AUTH_PUBLICKEY
+};
+
+int main(int argc, char *argv[])
+{
+    int rc, sock = -1, listensock = -1, forwardsock = -1, i, auth = AUTH_NONE;
+    struct sockaddr_in sin;
+    socklen_t sinlen;
+    const char *fingerprint;
+    char *userauthlist;
+    LIBSSH2_SESSION *session;
+    LIBSSH2_CHANNEL *channel = NULL;
+    const char *shost;
+    unsigned int sport;
+    fd_set fds;
+    struct timeval tv;
+    ssize_t len, wr;
+    char buf[16384];
+
+#ifdef WIN32
+    char sockopt;
+    WSADATA wsadata;
+
+    WSAStartup(MAKEWORD(2,0), &wsadata);
+#else
+    int sockopt;
+#endif
+
+    if (argc > 1)
+        server_ip = argv[1];
+    if (argc > 2)
+        username = argv[2];
+    if (argc > 3)
+        password = argv[3];
+    if (argc > 4)
+        local_listenip = argv[4];
+    if (argc > 5)
+        local_listenport = atoi(argv[5]);
+    if (argc > 6)
+        remote_desthost = argv[6];
+    if (argc > 7)
+        remote_destport = atoi(argv[7]);
+
+    /* Connect to SSH server */
+    sock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+    sin.sin_family = AF_INET;
+    if (INADDR_NONE == (sin.sin_addr.s_addr = inet_addr(server_ip))) {
+        perror("inet_addr");
+        return -1;
+    }
+    sin.sin_port = htons(22);
+    if (connect(sock, (struct sockaddr*)(&sin),
+                sizeof(struct sockaddr_in)) != 0) {
+        fprintf(stderr, "failed to connect!\n");
+        return -1;
+    }
+
+    /* Create a session instance */
+    session = libssh2_session_init();
+    if(!session) {
+        fprintf(stderr, "Could not initialize SSH session!\n");
+        return -1;
+    }
+
+    /* ... start it up. This will trade welcome banners, exchange keys,
+     * and setup crypto, compression, and MAC layers
+     */
+    rc = libssh2_session_startup(session, sock);
+    if(rc) {
+        fprintf(stderr, "Error when starting up SSH session: %d\n", rc);
+        return -1;
+    }
+
+    /* At this point we havn't yet authenticated.  The first thing to do
+     * is check the hostkey's fingerprint against our known hosts Your app
+     * may have it hard coded, may go to a file, may present it to the
+     * user, that's your call
+     */
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
+    fprintf(stderr, "Fingerprint: ");
+    for(i = 0; i < 20; i++)
+        fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]);
+    fprintf(stderr, "\n");
+
+    /* check what authentication methods are available */
+    userauthlist = libssh2_userauth_list(session, username, strlen(username));
+    printf("Authentication methods: %s\n", userauthlist);
+    if (strstr(userauthlist, "password"))
+        auth |= AUTH_PASSWORD;
+    if (strstr(userauthlist, "publickey"))
+        auth |= AUTH_PUBLICKEY;
+
+    /* check for options */
+    if(argc > 8) {
+        if ((auth & AUTH_PASSWORD) && !strcasecmp(argv[8], "-p"))
+            auth = AUTH_PASSWORD;
+        if ((auth & AUTH_PUBLICKEY) && !strcasecmp(argv[8], "-k"))
+            auth = AUTH_PUBLICKEY;
+    }
+
+    if (auth & AUTH_PASSWORD) {
+        if (libssh2_userauth_password(session, username, password)) {
+            fprintf(stderr, "Authentication by password failed.\n");
+            goto shutdown;
+        }
+    } else if (auth & AUTH_PUBLICKEY) {
+        if (libssh2_userauth_publickey_fromfile(session, username, keyfile1, keyfile2, password)) {
+            printf("\tAuthentication by public key failed!\n");
+            goto shutdown;
+        }
+        printf("\tAuthentication by public key succeeded.\n");
+    } else {
+        printf("No supported authentication methods found!\n");
+        goto shutdown;
+    }
+
+    listensock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
+    sin.sin_family = AF_INET;
+    sin.sin_port = htons(local_listenport);
+    if (INADDR_NONE == (sin.sin_addr.s_addr = inet_addr(local_listenip))) {
+        perror("inet_addr");
+        goto shutdown;
+    }
+    sockopt = 1;
+    setsockopt(listensock, SOL_SOCKET, SO_REUSEADDR, &sockopt, sizeof(sockopt));
+    sinlen=sizeof(sin);
+    if (-1 == bind(listensock, (struct sockaddr *)&sin, sinlen)) {
+        perror("bind");
+        goto shutdown;
+    }
+    if (-1 == listen(listensock, 2)) {
+        perror("listen");
+        goto shutdown;
+    }
+
+    printf("Waiting for TCP connection on %s:%d...\n",
+        inet_ntoa(sin.sin_addr), ntohs(sin.sin_port));
+
+    forwardsock = accept(listensock, (struct sockaddr *)&sin, &sinlen);
+    if (-1 == forwardsock) {
+        perror("accept");
+        goto shutdown;
+    }
+
+    shost = inet_ntoa(sin.sin_addr);
+    sport = ntohs(sin.sin_port);
+
+    printf("Forwarding connection from %s:%d here to remote %s:%d\n", shost,
+        sport, remote_desthost, remote_destport);
+
+    channel = libssh2_channel_direct_tcpip_ex(session, remote_desthost,
+        remote_destport, shost, sport);
+    if (!channel) {
+        fprintf(stderr, "Could not open the direct-tcpip channel!\n");
+        fprintf(stderr, "(Note that this can be a problem at the server! Please review the server logs.)\n");
+        goto shutdown;
+    }
+
+    /* Must use non-blocking IO hereafter due to the current libssh2 API */
+    libssh2_session_set_blocking(session, 0);
+
+    while (1) {
+        FD_ZERO(&fds);
+        FD_SET(forwardsock, &fds);
+        tv.tv_sec = 0;
+        tv.tv_usec = 100000;
+        rc = select(forwardsock + 1, &fds, NULL, NULL, &tv);
+        if (-1 == rc) {
+            perror("select");
+            goto shutdown;
+        }
+        if (rc && FD_ISSET(forwardsock, &fds)) {
+            len = recv(forwardsock, buf, sizeof(buf), 0);
+            if (len < 0) {
+                perror("read");
+                goto shutdown;
+            } else if (0 == len) {
+                printf("The client at %s:%d disconnected!\n", shost, sport);
+                goto shutdown;
+            }
+            wr = 0;
+            do {
+                i = libssh2_channel_write(channel, buf, len);
+                if (i < 0) {
+                    fprintf(stderr, "libssh2_channel_write: %d\n", i);
+                    goto shutdown;
+                }
+                wr += i;
+            } while(i > 0 && wr < len);
+        }
+        while (1) {
+            len = libssh2_channel_read(channel, buf, sizeof(buf));
+            if (LIBSSH2_ERROR_EAGAIN == len)
+                break;
+            else if (len < 0) {
+                fprintf(stderr, "libssh2_channel_read: %d", (int)len);
+                goto shutdown;
+            }
+            wr = 0;
+            while (wr < len) {
+                i = send(forwardsock, buf + wr, len - wr, 0);
+                if (i <= 0) {
+                    perror("write");
+                    goto shutdown;
+                }
+                wr += i;
+            }
+            if (libssh2_channel_eof(channel)) {
+                printf("The server at %s:%d disconnected!\n",
+                    remote_desthost, remote_destport);
+                goto shutdown;
+            }
+        }
+    }
+
+shutdown:
+#ifdef WIN32
+    closesocket(forwardsock);
+    closesocket(listensock);
+#else
+    close(forwardsock);
+    close(listensock);
+#endif
+    if (channel)
+        libssh2_channel_free(channel);
+    libssh2_session_disconnect(session, "Client disconnecting normally");
+    libssh2_session_free(session);
+
+#ifdef WIN32
+    closesocket(sock);
+#else
+    close(sock);
+#endif
+    return 0;
+}

example/scp.c

@@ -1,5 +1,5 @@
 /*
- * $Id: scp.c,v 1.11 2008/11/10 16:48:41 bagder Exp $
+ * $Id: scp.c,v 1.12 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample showing how to do a simple SCP transfer.
  */
@@ -10,12 +10,12 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
 #ifdef HAVE_SYS_SOCKET_H
 # include <sys/socket.h>
 #endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -103,9 +103,9 @@ int main(int argc, char *argv[])
      * may have it hard coded, may go to a file, may present it to the
      * user, that's your call
      */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     fprintf(stderr, "Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]);
     }
     fprintf(stderr, "\n");
@@ -164,10 +164,8 @@ int main(int argc, char *argv[])
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
     fprintf(stderr, "all done\n");

example/scp_nonblock.c

@@ -1,5 +1,5 @@
 /*
- * $Id: scp_nonblock.c,v 1.15 2009/03/25 22:52:32 bagder Exp $
+ * $Id: scp_nonblock.c,v 1.16 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample showing how to do SCP transfers in a non-blocking manner.
  *
@@ -15,11 +15,14 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
+#ifdef HAVE_SYS_SOCKET_H
+# include <sys/socket.h>
+#endif
 #ifdef HAVE_NETINET_IN_H
 # include <netinet/in.h>
 #endif
-#ifdef HAVE_SYS_SOCKET_H
-# include <sys/socket.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
 #endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
@@ -132,23 +135,6 @@ int main(int argc, char *argv[])
         return -1;
     }
 
-    /* We set the socket non-blocking. We do it after the connect just to
-        simplify the example code. */
-#ifdef F_SETFL
-    /* FIXME: this can/should be done in a more portable manner */
-    rc = fcntl(sock, F_GETFL, 0);
-    fcntl(sock, F_SETFL, rc | O_NONBLOCK);
-#elif defined(HAVE_IOCTLSOCKET)
-    ioctlsocket(sock, FIONBIO, &flag);
-#else
-#ifdef WIN32
-    u_long mode = 1;
-    ioctlsocket (sock, FIONBIO, &mode);
-#else
-#error "add support for setting the socket non-blocking here"
-#endif
-#endif
-
     /* Create a session instance */
     session = libssh2_session_init();
     if (!session)
@@ -174,9 +160,9 @@ int main(int argc, char *argv[])
         * may have it hard coded, may go to a file, may present it to the
         * user, that's your call
         */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     fprintf(stderr, "Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]);
     }
     fprintf(stderr, "\n");
@@ -276,10 +262,8 @@ shutdown:
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
     fprintf(stderr, "all done\n");

example/scp_write.c

@@ -1,5 +1,5 @@
 /*
- * $Id: scp_write.c,v 1.6 2008/11/10 16:48:41 bagder Exp $
+ * $Id: scp_write.c,v 1.7 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample showing how to do a simple SCP transfer.
  */
@@ -10,12 +10,12 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
 #ifdef HAVE_SYS_SOCKET_H
 # include <sys/socket.h>
 #endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -47,7 +47,7 @@ int main(int argc, char *argv[])
     FILE *local;
     int rc;
     char mem[1024];
-    size_t nread;
+    size_t nread, sent;
     char *ptr;
     struct stat fileinfo;
 
@@ -118,9 +118,9 @@ int main(int argc, char *argv[])
      * may have it hard coded, may go to a file, may present it to the
      * user, that's your call
      */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     fprintf(stderr, "Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]);
     }
     fprintf(stderr, "\n");
@@ -142,8 +142,8 @@ int main(int argc, char *argv[])
         }
     }
 
-    /* Request a file via SCP */
-    channel = libssh2_scp_send(session, scppath, 0x1FF & fileinfo.st_mode,
+    /* Send a file via scp. The mode parameter must only have permissions! */
+    channel = libssh2_scp_send(session, scppath, fileinfo.st_mode & 0777,
                                (unsigned long)fileinfo.st_size);
 
     if (!channel) {
@@ -159,13 +159,20 @@ int main(int argc, char *argv[])
             break;
         }
         ptr = mem;
+        sent = 0;
 
         do {
-            /* write data in a loop until we block */
+            /* write the same data over and over, until error or completion */
             rc = libssh2_channel_write(channel, ptr, nread);
-            ptr += rc;
-            nread -= nread;
-        } while (rc > 0);
+            if (rc < 0) {
+                fprintf(stderr, "ERROR %d\n", rc);
+            } else {
+                /* rc indicates how many bytes were written this time */
+                sent += rc;
+            }
+        } while (rc > 0 && sent < nread);
+        ptr += sent;
+        nread -= sent;
     } while (1);
 
     fprintf(stderr, "Sending EOF\n");
@@ -186,10 +193,8 @@ int main(int argc, char *argv[])
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
     fprintf(stderr, "all done\n");

example/scp_write_nonblock.c

@@ -1,5 +1,5 @@
 /*
- * $Id: scp_write_nonblock.c,v 1.9 2008/11/10 16:48:41 bagder Exp $
+ * $Id: scp_write_nonblock.c,v 1.10 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample showing how to do a simple SCP transfer.
  */
@@ -11,12 +11,12 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
 #ifdef HAVE_SYS_SOCKET_H
 # include <sys/socket.h>
 #endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -51,7 +51,7 @@ int main(int argc, char *argv[])
     long flag = 1;
 #endif
     char mem[1024];
-    size_t nread;
+    size_t nread, sent;
     char *ptr;
     struct stat fileinfo;
 
@@ -102,23 +102,6 @@ int main(int argc, char *argv[])
         return -1;
     }
 
-    /* We set the socket non-blocking. We do it after the connect just to
-        simplify the example code. */
-#ifdef F_SETFL
-    /* FIXME: this can/should be done in a more portable manner */
-    rc = fcntl(sock, F_GETFL, 0);
-    fcntl(sock, F_SETFL, rc | O_NONBLOCK);
-#elif defined(HAVE_IOCTLSOCKET)
-    ioctlsocket(sock, FIONBIO, &flag);
-#else
-#ifdef WIN32
-    u_long mode = 1;
-    ioctlsocket (sock, FIONBIO, &mode);
-#else
-#error "add support for setting the socket non-blocking here"
-#endif
-#endif
-
     /* Create a session instance
      */
     session = libssh2_session_init();
@@ -143,9 +126,9 @@ int main(int argc, char *argv[])
      * may have it hard coded, may go to a file, may present it to the
      * user, that's your call
      */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     fprintf(stderr, "Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]);
     }
     fprintf(stderr, "\n");
@@ -170,9 +153,9 @@ int main(int argc, char *argv[])
         }
     }
 
-    /* Request a file via SCP */
+    /* Send a file via scp. The mode parameter must only have permissions! */
     do {
-        channel = libssh2_scp_send(session, scppath, 0x1FF & fileinfo.st_mode,
+        channel = libssh2_scp_send(session, scppath, fileinfo.st_mode & 0777,
                                    (unsigned long)fileinfo.st_size);
 
         if ((!channel) && (libssh2_session_last_errno(session) !=
@@ -193,17 +176,22 @@ int main(int argc, char *argv[])
             break;
         }
         ptr = mem;
+        sent = 0;
 
         do {
-            /* write data in a loop until we block */
-            while ((rc = libssh2_channel_write(channel, ptr, nread)) ==
-                   LIBSSH2_ERROR_EAGAIN);
-            if (rc < 0) {
+            /* write the same data over and over, until error or completion */
+            rc = libssh2_channel_write(channel, ptr, nread);
+            if (LIBSSH2_ERROR_EAGAIN == rc) { /* must loop around */
+                continue;
+            } else if (rc < 0) {
                 fprintf(stderr, "ERROR %d\n", rc);
+            } else {
+                /* rc indicates how many bytes were written this time */
+                sent += rc;
             }
-            ptr += rc;
-            nread -= rc;
-        } while (nread > 0);
+        } while (rc > 0 && sent < nread);
+        ptr += sent;
+        nread -= sent;
     } while (1);
 
     fprintf(stderr, "Sending EOF\n");
@@ -225,10 +213,8 @@ int main(int argc, char *argv[])
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
     fprintf(stderr, "all done\n");

example/sftp.c

@@ -1,5 +1,5 @@
 /*
- * $Id: sftp.c,v 1.16 2009/03/31 12:20:36 bagder Exp $
+ * $Id: sftp.c,v 1.17 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample showing how to do SFTP transfers.
  *
@@ -16,12 +16,12 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
 #ifdef HAVE_SYS_SOCKET_H
 # include <sys/socket.h>
 #endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -136,9 +136,9 @@ int main(int argc, char *argv[])
      * may have it hard coded, may go to a file, may present it to the
      * user, that's your call
      */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     fprintf(stderr, "Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]);
     }
     fprintf(stderr, "\n");
@@ -236,10 +236,8 @@ int main(int argc, char *argv[])
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
     fprintf(stderr, "all done\n");

example/sftp_RW_nonblock.c

@@ -1,5 +1,5 @@
 /*
- * $Id: sftp_RW_nonblock.c,v 1.12 2008/11/10 16:48:41 bagder Exp $
+ * $Id: sftp_RW_nonblock.c,v 1.13 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample showing how to do SFTP transfers in a non-blocking manner.
  *
@@ -16,11 +16,14 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
+#ifdef HAVE_SYS_SOCKET_H
+# include <sys/socket.h>
+#endif
 #ifdef HAVE_NETINET_IN_H
 # include <netinet/in.h>
 #endif
-#ifdef HAVE_SYS_SOCKET_H
-# include <sys/socket.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
 #endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
@@ -84,23 +87,6 @@ int main(int argc, char *argv[])
         return -1;
     }
 
-    /* We set the socket non-blocking. We do it after the connect just to
-       simplify the example code. */
-#ifdef F_SETFL
-    /* FIXME: this can/should be done in a more portable manner */
-    rc = fcntl(sock, F_GETFL, 0);
-    fcntl(sock, F_SETFL, rc | O_NONBLOCK);
-#elif defined(HAVE_IOCTLSOCKET)
-    ioctlsocket(sock, FIONBIO, &flag);
-#else
-#ifdef WIN32
-    u_long mode = 1;
-    ioctlsocket (sock, FIONBIO, &mode);
-#else
-#error "add support for setting the socket non-blocking here"
-#endif
-#endif
-
     /* Create a session instance
      */
     session = libssh2_session_init();
@@ -123,9 +109,9 @@ int main(int argc, char *argv[])
      * may have it hard coded, may go to a file, may present it to the
      * user, that's your call
      */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     printf("Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         printf("%02X ", (unsigned char)fingerprint[i]);
     }
     printf("\n");
@@ -293,10 +279,8 @@ int main(int argc, char *argv[])
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
     printf("all done\n");

example/sftp_mkdir.c

@@ -1,5 +1,5 @@
 /*
- * $Id: sftp_mkdir.c,v 1.8 2008/11/10 16:48:41 bagder Exp $
+ * $Id: sftp_mkdir.c,v 1.9 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample showing how to do SFTP mkdir
  *
@@ -16,12 +16,12 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
 #ifdef HAVE_SYS_SOCKET_H
 # include <sys/socket.h>
 #endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -105,9 +105,9 @@ int main(int argc, char *argv[])
      * may have it hard coded, may go to a file, may present it to the
      * user, that's your call
      */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     printf("Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         printf("%02X ", (unsigned char)fingerprint[i]);
     }
     printf("\n");
@@ -155,10 +155,8 @@ int main(int argc, char *argv[])
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
 printf("all done\n");

example/sftp_mkdir_nonblock.c

@@ -1,5 +1,5 @@
 /*
- * $Id: sftp_mkdir_nonblock.c,v 1.11 2008/11/10 16:48:41 bagder Exp $
+ * $Id: sftp_mkdir_nonblock.c,v 1.12 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample showing how to do SFTP non-blocking mkdir.
  *
@@ -16,12 +16,12 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
 #ifdef HAVE_SYS_SOCKET_H
 # include <sys/socket.h>
 #endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -88,23 +88,6 @@ int main(int argc, char *argv[])
         return -1;
     }
 
-    /* We set the socket non-blocking. We do it after the connect just to
-       simplify the example code. */
-#ifdef F_SETFL
-    /* FIXME: this can/should be done in a more portable manner */
-    rc = fcntl(sock, F_GETFL, 0);
-    fcntl(sock, F_SETFL, rc | O_NONBLOCK);
-#elif defined(HAVE_IOCTLSOCKET)
-    ioctlsocket(sock, FIONBIO, &flag);
-#else
-#ifdef WIN32
-    u_long mode = 1;
-    ioctlsocket (sock, FIONBIO, &mode);
-#else
-#error "add support for setting the socket non-blocking here"
-#endif
-#endif
-
     /* Create a session instance
      */
     session = libssh2_session_init();
@@ -125,9 +108,9 @@ int main(int argc, char *argv[])
      * may have it hard coded, may go to a file, may present it to the
      * user, that's your call
      */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     printf("Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         printf("%02X ", (unsigned char)fingerprint[i]);
     }
     printf("\n");
@@ -178,10 +161,8 @@ int main(int argc, char *argv[])
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
 printf("all done\n");

example/sftp_nonblock.c

@@ -1,5 +1,5 @@
 /*
- * $Id: sftp_nonblock.c,v 1.17 2009/03/13 22:14:47 bagder Exp $
+ * $Id: sftp_nonblock.c,v 1.18 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample showing how to do SFTP non-blocking transfers.
  *
@@ -16,11 +16,14 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
+#ifdef HAVE_SYS_SOCKET_H
+# include <sys/socket.h>
+#endif
 #ifdef HAVE_NETINET_IN_H
 # include <netinet/in.h>
 #endif
-#ifdef HAVE_SYS_SOCKET_H
-# include <sys/socket.h>
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
 #endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
@@ -133,23 +136,6 @@ int main(int argc, char *argv[])
         return -1;
     }
 
-    /* We set the socket non-blocking. We do it after the connect just to
-        simplify the example code. */
-#ifdef F_SETFL
-    /* FIXME: this can/should be done in a more portable manner */
-    rc = fcntl(sock, F_GETFL, 0);
-    fcntl(sock, F_SETFL, rc | O_NONBLOCK);
-#elif defined(HAVE_IOCTLSOCKET)
-    ioctlsocket(sock, FIONBIO, &flag);
-#else
-#ifdef WIN32
-    u_long mode = 1;
-    ioctlsocket (sock, FIONBIO, &mode);
-#else
-#error "add support for setting the socket non-blocking here"
-#endif
-#endif
-
     /* Create a session instance */
     session = libssh2_session_init();
     if (!session)
@@ -175,9 +161,9 @@ int main(int argc, char *argv[])
         * may have it hard coded, may go to a file, may present it to the
         * user, that's your call
         */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     fprintf(stderr, "Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]);
     }
     fprintf(stderr, "\n");
@@ -278,10 +264,8 @@ shutdown:
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
     fprintf(stderr, "all done\n");

example/sftp_write.c

@@ -1,5 +1,5 @@
 /*
- * $Id: sftp_write.c,v 1.10 2009/03/31 12:20:36 bagder Exp $
+ * $Id: sftp_write.c,v 1.11 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample showing how to do SFTP write transfers.
  *
@@ -16,12 +16,12 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
 #ifdef HAVE_SYS_SOCKET_H
 # include <sys/socket.h>
 #endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -123,9 +123,9 @@ int main(int argc, char *argv[])
      * may have it hard coded, may go to a file, may present it to the
      * user, that's your call
      */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     printf("Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         printf("%02X ", (unsigned char)fingerprint[i]);
     }
     printf("\n");
@@ -195,10 +195,8 @@ int main(int argc, char *argv[])
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
 printf("all done\n");

example/sftp_write_nonblock.c

@@ -1,5 +1,5 @@
 /*
- * $Id: sftp_write_nonblock.c,v 1.13 2009/03/31 12:20:36 bagder Exp $
+ * $Id: sftp_write_nonblock.c,v 1.14 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample showing how to do SFTP non-blocking write transfers.
  *
@@ -16,12 +16,12 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
 #ifdef HAVE_SYS_SOCKET_H
 # include <sys/socket.h>
 #endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -103,23 +103,6 @@ int main(int argc, char *argv[])
         return -1;
     }
 
-    /* We set the socket non-blocking. We do it after the connect just to
-        simplify the example code. */
-#ifdef F_SETFL
-    /* FIXME: this can/should be done in a more portable manner */
-    rc = fcntl(sock, F_GETFL, 0);
-    fcntl(sock, F_SETFL, rc | O_NONBLOCK);
-#elif defined(HAVE_IOCTLSOCKET)
-    ioctlsocket(sock, FIONBIO, &flag);
-#else
-#ifdef WIN32
-    u_long mode = 1;
-    ioctlsocket (sock, FIONBIO, &mode);
-#else
-#error "add support for setting the socket non-blocking here"
-#endif
-#endif
-
     /* Create a session instance
         */
     session = libssh2_session_init();
@@ -139,14 +122,14 @@ int main(int argc, char *argv[])
         return -1;
     }
 
-    /* At this point we havn't yet authenticated.  The first thing to do
-        * is check the hostkey's fingerprint against our known hosts Your app
-        * may have it hard coded, may go to a file, may present it to the
-        * user, that's your call
+    /* At this point we havn't yet authenticated.  The first thing to do is
+     * check the hostkey's fingerprint against our known hosts Your app may
+     * have it hard coded, may go to a file, may present it to the user,
+     * that's your call
      */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     printf("Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         printf("%02X ", (unsigned char)fingerprint[i]);
     }
     printf("\n");
@@ -224,10 +207,8 @@ shutdown:
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
     printf("all done\n");

example/sftpdir.c

@@ -1,5 +1,5 @@
 /*
- * $Id: sftpdir.c,v 1.10 2008/11/10 16:48:41 bagder Exp $
+ * $Id: sftpdir.c,v 1.11 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample doing an SFTP directory listing.
  *
@@ -16,12 +16,12 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
 #ifdef HAVE_SYS_SOCKET_H
 # include <sys/socket.h>
 #endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -105,9 +105,9 @@ int main(int argc, char *argv[])
      * may have it hard coded, may go to a file, may present it to the
      * user, that's your call
      */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     printf("Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         printf("%02X ", (unsigned char)fingerprint[i]);
     }
     printf("\n");
@@ -207,10 +207,8 @@ int main(int argc, char *argv[])
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
 printf("all done\n");

example/sftpdir_nonblock.c

@@ -1,5 +1,5 @@
 /*
- * $Id: sftpdir_nonblock.c,v 1.12 2008/11/10 16:48:41 bagder Exp $
+ * $Id: sftpdir_nonblock.c,v 1.13 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample doing an SFTP directory listing.
  *
@@ -16,12 +16,12 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
 #ifdef HAVE_SYS_SOCKET_H
 # include <sys/socket.h>
 #endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -88,23 +88,6 @@ int main(int argc, char *argv[])
         return -1;
     }
 
-    /* We set the socket non-blocking. We do it after the connect just to
-       simplify the example code. */
-#ifdef F_SETFL
-    /* FIXME: this can/should be done in a more portable manner */
-    rc = fcntl(sock, F_GETFL, 0);
-    fcntl(sock, F_SETFL, rc | O_NONBLOCK);
-#elif defined(HAVE_IOCTLSOCKET)
-    ioctlsocket(sock, FIONBIO, &flag);
-#else
-#ifdef WIN32
-    u_long mode = 1;
-    ioctlsocket (sock, FIONBIO, &mode);
-#else
-#error "add support for setting the socket non-blocking here"
-#endif
-#endif
-
     /* Create a session instance
      */
     session = libssh2_session_init();
@@ -128,9 +111,9 @@ int main(int argc, char *argv[])
      * may have it hard coded, may go to a file, may present it to the
      * user, that's your call
      */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     printf("Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         printf("%02X ", (unsigned char)fingerprint[i]);
     }
     printf("\n");
@@ -236,10 +219,8 @@ int main(int argc, char *argv[])
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
     printf("all done\n");

example/simple/Makefile.am

@@ -1,16 +0,0 @@
-AUTOMAKE_OPTIONS = foreign nostdinc
-
-# samples
-noinst_PROGRAMS = ssh2 \
-		scp scp_nonblock \
-		scp_write scp_write_nonblock \
-		sftp sftp_nonblock \
-		sftp_write sftp_write_nonblock \
-		sftp_mkdir sftp_mkdir_nonblock \
-		sftp_RW_nonblock \
-		sftpdir sftpdir_nonblock
-
-# the examples need the $(top_builddir)/src since when building outside of the
-# source dir they still need to reach the libssh2_config.h header
-AM_CPPFLAGS = -I$(top_srcdir)/src -I$(top_srcdir)/include -I$(top_builddir)/src
-LDADD = $(top_builddir)/src/libssh2.la

example/ssh2.c

@@ -1,5 +1,5 @@
 /*
- * $Id: ssh2.c,v 1.18 2008/11/10 16:48:41 bagder Exp $
+ * $Id: ssh2.c,v 1.19 2009/04/28 10:35:30 bagder Exp $
  *
  * Sample showing how to do SSH2 connect.
  *
@@ -19,12 +19,12 @@
 #ifdef HAVE_WINSOCK2_H
 # include <winsock2.h>
 #endif
-#ifdef HAVE_NETINET_IN_H
-# include <netinet/in.h>
-#endif
 #ifdef HAVE_SYS_SOCKET_H
 # include <sys/socket.h>
 #endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
 # ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -46,7 +46,8 @@ const char *password="password";
 
 
 static void kbd_callback(const char *name, int name_len,
-             const char *instruction, int instruction_len, int num_prompts,
+                         const char *instruction, int instruction_len,
+                         int num_prompts,
                          const LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts,
                          LIBSSH2_USERAUTH_KBDINT_RESPONSE *responses,
                          void **abstract)
@@ -92,13 +93,11 @@ int main(int argc, char *argv[])
         password = argv[3];
     }
 
-    /* Ultra basic "connect to port 22 on localhost"
-     * Your code is responsible for creating the socket establishing the connection
+    /* Ultra basic "connect to port 22 on localhost".  Your code is
+     * responsible for creating the socket establishing the connection
      */
     sock = socket(AF_INET, SOCK_STREAM, 0);
-#ifndef WIN32
-    fcntl(sock, F_SETFL, 0);
-#endif
+
     sin.sin_family = AF_INET;
     sin.sin_port = htons(22);
     sin.sin_addr.s_addr = hostaddr;
@@ -108,8 +107,8 @@ int main(int argc, char *argv[])
         return -1;
     }
 
-    /* Create a session instance and start it up
-     * This will trade welcome banners, exchange keys, and setup crypto, compression, and MAC layers
+    /* Create a session instance and start it up. This will trade welcome
+     * banners, exchange keys, and setup crypto, compression, and MAC layers
      */
     session = libssh2_session_init();
     if (libssh2_session_startup(session, sock)) {
@@ -117,13 +116,14 @@ int main(int argc, char *argv[])
         return -1;
     }
 
-    /* At this point we havn't authenticated,
-     * The first thing to do is check the hostkey's fingerprint against our known hosts
-     * Your app may have it hard coded, may go to a file, may present it to the user, that's your call
+    /* At this point we havn't authenticated. The first thing to do is check
+     * the hostkey's fingerprint against our known hosts Your app may have it
+     * hard coded, may go to a file, may present it to the user, that's your
+     * call
      */
-    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_MD5);
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
     printf("Fingerprint: ");
-    for(i = 0; i < 16; i++) {
+    for(i = 0; i < 20; i++) {
         printf("%02X ", (unsigned char)fingerprint[i]);
     }
     printf("\n");
@@ -164,7 +164,8 @@ int main(int argc, char *argv[])
         }
     } else if (auth_pw & 2) {
         /* Or via keyboard-interactive */
-        if (libssh2_userauth_keyboard_interactive(session, username, &kbd_callback) ) {
+        if (libssh2_userauth_keyboard_interactive(session, username,
+                                                  &kbd_callback) ) {
             printf("\tAuthentication by keyboard-interactive failed!\n");
             goto shutdown;
         } else {
@@ -172,7 +173,8 @@ int main(int argc, char *argv[])
         }
     } else if (auth_pw & 4) {
         /* Or by public key */
-        if (libssh2_userauth_publickey_fromfile(session, username, keyfile1, keyfile2, password)) {
+        if (libssh2_userauth_publickey_fromfile(session, username, keyfile1,
+                                                keyfile2, password)) {
             printf("\tAuthentication by public key failed!\n");
             goto shutdown;
         } else {
@@ -235,14 +237,13 @@ int main(int argc, char *argv[])
 
   shutdown:
 
-    libssh2_session_disconnect(session, "Normal Shutdown, Thank you for playing");
+    libssh2_session_disconnect(session,
+                               "Normal Shutdown, Thank you for playing");
     libssh2_session_free(session);
 
 #ifdef WIN32
-    Sleep(1000);
     closesocket(sock);
 #else
-    sleep(1);
     close(sock);
 #endif
     printf("all done!\n");

example/ssh2_agent.c

@@ -0,0 +1,229 @@
+/*
+ * Sample showing how to do SSH2 connect using ssh-agent.
+ *
+ * The sample code has default values for host name, user name:
+ *
+ * "ssh2_agent host user"
+ */
+
+#include "libssh2_config.h"
+#include <libssh2.h>
+#include <libssh2_sftp.h>
+
+#ifdef HAVE_WINDOWS_H
+# include <windows.h>
+#endif
+#ifdef HAVE_WINSOCK2_H
+# include <winsock2.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+# include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
+# ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+# ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#include <sys/types.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+
+const char *username="username";
+
+int main(int argc, char *argv[])
+{
+    unsigned long hostaddr;
+    int sock = -1, i, j, rc;
+    struct sockaddr_in sin;
+    const char *fingerprint;
+    char *userauthlist;
+    LIBSSH2_SESSION *session;
+    LIBSSH2_CHANNEL *channel;
+    LIBSSH2_AGENT *agent = NULL;
+    struct libssh2_agent_publickey *identity, *prev_identity = NULL;
+#ifdef WIN32
+    WSADATA wsadata;
+
+    WSAStartup(MAKEWORD(2,0), &wsadata);
+#endif
+
+    if (argc > 1) {
+        hostaddr = inet_addr(argv[1]);
+    } else {
+        hostaddr = htonl(0x7F000001);
+    }
+
+    if(argc > 2) {
+        username = argv[2];
+    }
+
+    /* Ultra basic "connect to port 22 on localhost".  Your code is
+     * responsible for creating the socket establishing the connection
+     */
+    sock = socket(AF_INET, SOCK_STREAM, 0);
+    if (sock == -1) {
+        fprintf(stderr, "failed to create socket!\n");
+        rc = 1;
+        goto shutdown;
+    }
+
+    sin.sin_family = AF_INET;
+    sin.sin_port = htons(22);
+    sin.sin_addr.s_addr = hostaddr;
+    if (connect(sock, (struct sockaddr*)(&sin),
+                sizeof(struct sockaddr_in)) != 0) {
+        fprintf(stderr, "failed to connect!\n");
+        goto shutdown;
+    }
+
+    /* Create a session instance and start it up. This will trade welcome
+     * banners, exchange keys, and setup crypto, compression, and MAC layers
+     */
+    session = libssh2_session_init();
+    if (libssh2_session_startup(session, sock)) {
+        fprintf(stderr, "Failure establishing SSH session\n");
+        return 1;
+    }
+
+    /* check what authentication methods are available */
+    userauthlist = libssh2_userauth_list(session, username, strlen(username));
+    printf("Authentication methods: %s\n", userauthlist);
+    if (strstr(userauthlist, "publickey") == NULL) {
+        fprintf(stderr, "\"publickey\" authentication is not supported\n");
+        goto shutdown;
+    }
+
+    /* Connect to the ssh-agent */
+    agent = libssh2_agent_init(session);
+    if (!agent) {
+        fprintf(stderr, "Failure initializing ssh-agent support\n");
+        rc = 1;
+        goto shutdown;
+    }
+    if (libssh2_agent_connect(agent)) {
+        fprintf(stderr, "Failure connecting to ssh-agent\n");
+        rc = 1;
+        goto shutdown;
+    }
+    if (libssh2_agent_list_identities(agent)) {
+        fprintf(stderr, "Failure requesting identities to ssh-agent\n");
+        rc = 1;
+        goto shutdown;
+    }
+    while (1) {
+        rc = libssh2_agent_get_identity(agent, &identity, prev_identity);
+        if (rc == 1)
+            break;
+        if (rc < 0) {
+            fprintf(stderr,
+                    "Failure obtaining identity from ssh-agent support\n");
+            rc = 1;
+            goto shutdown;
+        }
+        if (libssh2_agent_userauth(agent, username, identity)) {
+            printf("\tAuthentication with username %s and "
+                   "public key %s failed!\n",
+                   username, identity->comment);
+        } else {
+            printf("\tAuthentication with username %s and "
+                   "public key %s succeeded!\n",
+                   username, identity->comment);
+            break;
+        }
+	prev_identity = identity;
+    }
+    if (rc) {
+        fprintf(stderr, "Couldn't continue authentication\n");
+        goto shutdown;
+    }
+
+    /* At this point we havn't authenticated. The first thing to do is check
+     * the hostkey's fingerprint against our known hosts Your app may have it
+     * hard coded, may go to a file, may present it to the user, that's your
+     * call
+     */
+    fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1);
+    printf("Fingerprint: ");
+    for(i = 0; i < 20; i++) {
+        printf("%02X ", (unsigned char)fingerprint[i]);
+    }
+    printf("\n");
+
+    /* Request a shell */
+    if (!(channel = libssh2_channel_open_session(session))) {
+        fprintf(stderr, "Unable to open a session\n");
+        goto shutdown;
+    }
+
+    /* Some environment variables may be set,
+     * It's up to the server which ones it'll allow though
+     */
+    libssh2_channel_setenv(channel, "FOO", "bar");
+
+    /* Request a terminal with 'vanilla' terminal emulation
+     * See /etc/termcap for more options
+     */
+    if (libssh2_channel_request_pty(channel, "vanilla")) {
+        fprintf(stderr, "Failed requesting pty\n");
+        goto skip_shell;
+    }
+
+    /* Open a SHELL on that pty */
+    if (libssh2_channel_shell(channel)) {
+        fprintf(stderr, "Unable to request shell on allocated pty\n");
+        goto shutdown;
+    }
+
+    /* At this point the shell can be interacted with using
+     * libssh2_channel_read()
+     * libssh2_channel_read_stderr()
+     * libssh2_channel_write()
+     * libssh2_channel_write_stderr()
+     *
+     * Blocking mode may be (en|dis)abled with: libssh2_channel_set_blocking()
+     * If the server send EOF, libssh2_channel_eof() will return non-0
+     * To send EOF to the server use: libssh2_channel_send_eof()
+     * A channel can be closed with: libssh2_channel_close()
+     * A channel can be freed with: libssh2_channel_free()
+     */
+
+  skip_shell:
+    if (channel) {
+        libssh2_channel_free(channel);
+        channel = NULL;
+    }
+
+    /* Other channel types are supported via:
+     * libssh2_scp_send()
+     * libssh2_scp_recv()
+     * libssh2_channel_direct_tcpip()
+     */
+
+  shutdown:
+
+    libssh2_agent_disconnect(agent);
+    libssh2_agent_free(agent);
+
+    libssh2_session_disconnect(session,
+                               "Normal Shutdown, Thank you for playing");
+    libssh2_session_free(session);
+
+    if (sock != -1) {
+#ifdef WIN32
+        closesocket(sock);
+#else
+        close(sock);
+#endif
+    }
+
+    printf("all done!\n");
+    return rc;
+}

example/ssh2_exec.c

@@ -0,0 +1,294 @@
+/*
+ * $Id: ssh2_exec.c,v 1.4 2009/05/07 20:30:22 bagder Exp $
+ *
+ * Sample showing how to use libssh2 to execute a command remotely.
+ *
+ * The sample code has fixed values for host name, user name, password
+ * and command to run.
+ *
+ * Run it like this:
+ *
+ * $ ./ssh2_exec 127.0.0.1 user password "uptime"
+ *
+ */
+
+#include "libssh2_config.h"
+#include <libssh2.h>
+
+#ifdef HAVE_WINSOCK2_H
+# include <winsock2.h>
+#endif
+#ifdef HAVE_SYS_SOCKET_H
+# include <sys/socket.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+# include <netinet/in.h>
+#endif
+#ifdef HAVE_SYS_SELECT_H
+# include <sys/select.h>
+#endif
+# ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+# include <arpa/inet.h>
+#endif
+
+#include <sys/time.h>
+#include <sys/types.h>
+#include <stdlib.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <ctype.h>
+
+static int waitsocket(int socket_fd, LIBSSH2_SESSION *session)
+{
+    struct timeval timeout;
+    int rc;
+    fd_set fd;
+    fd_set *writefd = NULL;
+    fd_set *readfd = NULL;
+    int dir;
+
+    timeout.tv_sec = 10;
+    timeout.tv_usec = 0;
+
+    FD_ZERO(&fd);
+
+    FD_SET(socket_fd, &fd);
+
+    /* now make sure we wait in the correct direction */
+    dir = libssh2_session_block_directions(session);
+
+    if(dir & LIBSSH2_SESSION_BLOCK_INBOUND)
+        readfd = &fd;
+
+    if(dir & LIBSSH2_SESSION_BLOCK_OUTBOUND)
+        writefd = &fd;
+
+    rc = select(socket_fd + 1, readfd, writefd, NULL, &timeout);
+
+    return rc;
+}
+
+int main(int argc, char *argv[])
+{
+    const char *hostname = "127.0.0.1";
+    const char *commandline = "uptime";
+    const char *username    = "user";
+    const char *password    = "password";
+    unsigned long hostaddr;
+    int sock;
+    struct sockaddr_in sin;
+    const char *fingerprint;
+    LIBSSH2_SESSION *session;
+    LIBSSH2_CHANNEL *channel;
+    int rc;
+    int exitcode;
+    int bytecount = 0;
+    size_t len;
+    LIBSSH2_KNOWNHOSTS *nh;
+    int type;
+
+#ifdef WIN32
+    WSADATA wsadata;
+    WSAStartup(MAKEWORD(2,0), &wsadata);
+#endif
+    if (argc > 1)
+        /* must be ip address only */
+        hostname = argv[1];
+
+    if (argc > 2) {
+        username = argv[2];
+    }
+    if (argc > 3) {
+        password = argv[3];
+    }
+    if (argc > 4) {
+        commandline = argv[4];
+    }
+
+    hostaddr = inet_addr(hostname);
+
+    /* Ultra basic "connect to port 22 on localhost"
+     * Your code is responsible for creating the socket establishing the
+     * connection
+     */
+    sock = socket(AF_INET, SOCK_STREAM, 0);
+
+    sin.sin_family = AF_INET;
+    sin.sin_port = htons(22);
+    sin.sin_addr.s_addr = hostaddr;
+    if (connect(sock, (struct sockaddr*)(&sin),
+                sizeof(struct sockaddr_in)) != 0) {
+        fprintf(stderr, "failed to connect!\n");
+        return -1;
+    }
+
+    /* Create a session instance */
+    session = libssh2_session_init();
+    if (!session)
+        return -1;
+
+    /* tell libssh2 we want it all done non-blocking */
+    libssh2_session_set_blocking(session, 0);
+
+    /* ... start it up. This will trade welcome banners, exchange keys,
+     * and setup crypto, compression, and MAC layers
+     */
+    while ((rc = libssh2_session_startup(session, sock)) ==
+           LIBSSH2_ERROR_EAGAIN);
+    if (rc) {
+        fprintf(stderr, "Failure establishing SSH session: %d\n", rc);
+        return -1;
+    }
+
+    nh = libssh2_knownhost_init(session);
+    if(!nh) {
+        /* eeek, do cleanup here */
+        return 2;
+    }
+
+    /* read all hosts from here */
+    libssh2_knownhost_readfile(nh, "known_hosts",
+                               LIBSSH2_KNOWNHOST_FILE_OPENSSH);
+
+    /* store all known hosts to here */
+    libssh2_knownhost_writefile(nh, "dumpfile",
+                                LIBSSH2_KNOWNHOST_FILE_OPENSSH);
+
+    fingerprint = libssh2_session_hostkey(session, &len, &type);
+    if(fingerprint) {
+        struct libssh2_knownhost *host;
+        int check = libssh2_knownhost_check(nh, (char *)hostname,
+                                            (char *)fingerprint, len,
+                                            LIBSSH2_KNOWNHOST_TYPE_PLAIN|
+                                            LIBSSH2_KNOWNHOST_KEYENC_RAW,
+                                            &host);
+
+        fprintf(stderr, "Host check: %d, key: %s\n", check,
+                (check <= LIBSSH2_KNOWNHOST_CHECK_MISMATCH)?
+                host->key:"<none>");
+
+        /*****
+         * At this point, we could verify that 'check' tells us the key is
+         * fine or bail out.
+         *****/
+    }
+    else {
+        /* eeek, do cleanup here */
+        return 3;
+    }
+    libssh2_knownhost_free(nh);
+
+    if ( strlen(password) != 0 ) {
+        /* We could authenticate via password */
+        while ((rc = libssh2_userauth_password(session, username, password)) ==
+               LIBSSH2_ERROR_EAGAIN);
+        if (rc) {
+            fprintf(stderr, "Authentication by password failed.\n");
+            goto shutdown;
+        }
+    }
+    else {
+        /* Or by public key */
+        while ((rc = libssh2_userauth_publickey_fromfile(session, username,
+                                                         "/home/user/"
+                                                         ".ssh/id_rsa.pub",
+                                                         "/home/user/"
+                                                         ".ssh/id_rsa",
+                                                         password)) ==
+               LIBSSH2_ERROR_EAGAIN);
+        if (rc) {
+            fprintf(stderr, "\tAuthentication by public key failed\n");
+            goto shutdown;
+        }
+    }
+
+#if 0
+    libssh2_trace(session, ~0 );
+#endif
+
+    /* Exec non-blocking on the remove host */
+    while( (channel = libssh2_channel_open_session(session)) == NULL &&
+           libssh2_session_last_error(session,NULL,NULL,0) ==
+           LIBSSH2_ERROR_EAGAIN )
+    {
+        waitsocket(sock, session);
+    }
+    if( channel == NULL )
+    {
+        fprintf(stderr,"Error\n");
+        exit( 1 );
+    }
+    while( (rc = libssh2_channel_exec(channel, commandline)) ==
+           LIBSSH2_ERROR_EAGAIN )
+    {
+        waitsocket(sock, session);
+    }
+    if( rc != 0 )
+    {
+        fprintf(stderr,"Error\n");
+        exit( 1 );
+    }
+    for( ;; )
+    {
+        /* loop until we block */
+        int rc;
+        do
+        {
+            char buffer[0x4000];
+            rc = libssh2_channel_read( channel, buffer, sizeof(buffer) );
+            if( rc > 0 )
+            {
+                int i;
+                bytecount += rc;
+                fprintf(stderr, "We read:\n");
+                for( i=0; i < rc; ++i )
+                    fputc( buffer[i], stderr);
+                fprintf(stderr, "\n");
+            }
+            else {
+                fprintf(stderr, "libssh2_channel_read returned %d\n", rc);
+            }
+        }
+        while( rc > 0 );
+
+        /* this is due to blocking that would occur otherwise so we loop on
+           this condition */
+        if( rc == LIBSSH2_ERROR_EAGAIN )
+        {
+            waitsocket(sock, session);
+        }
+        else
+            break;
+    }
+    exitcode = 127;
+    while( (rc = libssh2_channel_close(channel)) == LIBSSH2_ERROR_EAGAIN )
+        waitsocket(sock, session);
+
+    if( rc == 0 )
+    {
+        exitcode = libssh2_channel_get_exit_status( channel );
+    }
+    printf("\nEXIT: %d bytecount: %d\n", exitcode, bytecount);
+
+    libssh2_channel_free(channel);
+    channel = NULL;
+
+shutdown:
+
+    libssh2_session_disconnect(session,
+                               "Normal Shutdown, Thank you for playing");
+    libssh2_session_free(session);
+
+#ifdef WIN32
+    closesocket(sock);
+#else
+    close(sock);
+#endif
+    fprintf(stderr, "all done\n");
+    return 0;
+}
+

example/x11.c

@@ -0,0 +1,433 @@
+/*
+ *
+ * Sample showing how to makes SSH2 with X11 Forwarding works.
+ *
+ * Usage :
+ * "ssh2 host user password [DEBUG]"
+ */
+
+#include <string.h>
+#include <sys/ioctl.h>
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/un.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <stdlib.h>
+#include <termios.h>
+
+#include <libssh2.h>
+
+#define _PATH_UNIX_X "/tmp/.X11-unix/X%d"
+
+/*
+ * Chained list that contains channels and associated X11 socket for each X11
+ * connections
+ */
+struct chan_X11_list {
+    LIBSSH2_CHANNEL  *chan;
+    int               sock;
+    struct chan_X11_list *next;
+};
+
+struct chan_X11_list * gp_x11_chan = NULL;
+struct termios         _saved_tio;
+
+/*
+ * Utility function to remove a Node of the chained list
+ */
+static void remove_node(struct chan_X11_list *elem)
+{
+    struct chan_X11_list *current_node = NULL;
+
+    current_node = gp_x11_chan;
+
+    if (gp_x11_chan == elem) {
+        /* Removing the only one element in the list */
+        free(gp_x11_chan);
+        gp_x11_chan = NULL;
+    }
+
+    while( current_node->next != NULL) {
+        if (current_node->next ==elem) {
+            current_node->next = current_node->next->next;
+            current_node = current_node->next;
+            free(current_node);
+            break;
+        }
+    }
+}
+
+
+static void session_shutdown(LIBSSH2_SESSION *session)
+{
+    libssh2_session_disconnect(session,
+                                "Session Shutdown, Thank you for playing");
+    libssh2_session_free(session);
+}
+
+static int _raw_mode(void)
+{
+    int rc;
+    struct termios tio;
+
+    rc = tcgetattr(fileno(stdin), &tio);
+    if (rc != -1) {
+        _saved_tio = tio;
+        cfmakeraw(&tio);
+        rc = tcsetattr(fileno(stdin), TCSADRAIN, &tio);
+    }
+    return rc;
+}
+
+static int _normal_mode(void)
+{
+    int rc;
+    rc = tcsetattr(fileno(stdin), TCSADRAIN, &_saved_tio);
+    return rc;
+}
+
+/*
+ * CallBack to initialize the forwarding.
+ * Save the channel to loop on it, save the X11 forwarded socket to send
+ * and receive info from our X server.
+ */
+static void x11_callback(LIBSSH2_SESSION *session, LIBSSH2_CHANNEL *channel,
+                         char *shost, int sport, void **abstract)
+{
+    const char * display      = NULL;
+    char * ptr          = NULL;
+    char * temp_buff    = NULL;
+    int   display_port = 0;
+    int   sock         = 0;
+    int   rc           = 0;
+    struct sockaddr_un addr;
+    struct chan_X11_list *new;
+    struct chan_X11_list *chan_iter;
+
+    /*
+     * Connect to the display
+     * Inspired by x11_connect_display in openssh
+     */
+    display = getenv("DISPLAY");
+    if ( display != NULL) {
+        if (strncmp( display, "unix:", 5) == 0 ||
+            display[0] == ':') {
+            /* Connect to the local unix domain */
+            ptr = strrchr(display, ':');
+            temp_buff = (char *) calloc(strlen(ptr+1), sizeof(char));
+            memcpy(temp_buff, ptr+1, strlen(ptr+1));
+            display_port = atoi(temp_buff);
+
+            sock = socket(AF_UNIX,SOCK_STREAM, 0);
+            if (sock <0)
+                return;
+            memset(&addr, 0, sizeof(addr));
+            addr.sun_family = AF_UNIX;
+            snprintf(addr.sun_path, sizeof(addr.sun_path),
+                     _PATH_UNIX_X, display_port);
+            rc = connect(sock, (struct sockaddr *) &addr, sizeof(addr));
+
+            if (rc != -1){
+                /* Connection Successfull */
+                if (gp_x11_chan == NULL) {
+                    /* Calloc ensure that gp_X11_chan is full of 0 */
+                    gp_x11_chan = (struct chan_X11_list *)
+                        calloc(1, sizeof(struct chan_X11_list));
+                    gp_x11_chan->sock = sock;
+                    gp_x11_chan->chan = channel;
+                    gp_x11_chan->next = NULL;
+                }
+                else {
+                    chan_iter = gp_x11_chan;
+                    while (chan_iter->next != NULL)
+                        chan_iter = chan_iter->next;
+                    /* Create the new Node */
+                    new = (struct chan_X11_list *)
+                        malloc(sizeof(struct chan_X11_list));
+                    new->sock = sock;
+                    new->chan = channel;
+                    new->next = NULL;
+                    chan_iter->next = new;
+                }
+            }
+            else
+                close(sock);
+        }
+    }
+    return;
+}
+
+/*
+ * Send and receive Data for the X11 channel.
+ * If the connection is closed, returns -1, 0 either.
+ */
+static int x11_send_receive(LIBSSH2_CHANNEL *channel, int sock)
+{
+    char * buf          = NULL;
+    int    bufsize      = 8192;
+    int    rc           = 0;
+    int    nfds         = 1;
+    LIBSSH2_POLLFD  *fds      = NULL;
+    fd_set set;
+    struct timeval timeval_out;
+    timeval_out.tv_sec = 0;
+    timeval_out.tv_usec = 0;
+
+
+    FD_ZERO(&set);
+    FD_SET(sock,&set);
+
+    if ((buf = calloc (bufsize, sizeof(char))) == NULL)
+        return 0;
+
+    if ((fds = malloc (sizeof (LIBSSH2_POLLFD))) == NULL) {
+        free(buf);
+        return 0;
+    }
+
+    fds[0].type = LIBSSH2_POLLFD_CHANNEL;
+    fds[0].fd.channel = channel;
+    fds[0].events = LIBSSH2_POLLFD_POLLIN;
+    fds[0].revents = LIBSSH2_POLLFD_POLLIN;
+
+    rc = libssh2_poll(fds, nfds, 0);
+    if (rc >0) {
+        rc = libssh2_channel_read(channel, buf,sizeof(buf));
+        rc = write(sock, buf, rc);
+    }
+
+    rc = select(sock+1,&set,NULL,NULL,&timeval_out);
+    if (rc > 0) {
+        memset((void *)buf,0,bufsize);
+
+        /* Data in sock*/
+        rc = read(sock, buf,sizeof(buf));
+        if (rc > 0)
+            rc = libssh2_channel_write(channel,buf, rc);
+        else
+            return -1;
+    }
+
+    free(fds);
+    free(buf);
+    if (libssh2_channel_eof (channel) == 1) {
+        return -1;
+    }
+    return 0;
+}
+
+/*
+ * Main, more than inspired by ssh2.c by Bagder
+ */
+int
+main (int argc, char *argv[])
+{
+    unsigned long hostaddr = 0;
+    int sock = 0;
+    int rc = 0;
+    struct sockaddr_in sin;
+    LIBSSH2_SESSION *session;
+    LIBSSH2_CHANNEL *channel;
+    char *username = NULL;
+    char *password = NULL;
+    size_t bufsiz = 8193;
+    char *buf = NULL;
+    int set_debug_on = 0;
+    int nfds = 1;
+    LIBSSH2_POLLFD *fds = NULL;
+
+    /* Chan List struct */
+    struct chan_X11_list *current_node = NULL;
+
+    /* Struct winsize for term size */
+    struct winsize w_size;
+    struct winsize w_size_bck;
+
+    /* For select on stdin */
+    fd_set set;
+    struct timeval timeval_out;
+    timeval_out.tv_sec = 0;
+    timeval_out.tv_usec = 10;
+
+
+    if (argc > 3) {
+      hostaddr = inet_addr(argv[1]);
+      username = argv[2];
+      password = argv[3];
+    }
+    else {
+        fprintf(stderr, "Usage: %s destination username password",
+                argv[0]);
+        return -1;
+    }
+
+    if (argc > 4) {
+        set_debug_on = 1;
+        fprintf (stderr, "DEBUG is ON: %d\n", set_debug_on);
+    }
+
+    sock = socket (AF_INET, SOCK_STREAM, 0);
+
+    sin.sin_family = AF_INET;
+    sin.sin_port = htons (22);
+    sin.sin_addr.s_addr = hostaddr;
+
+    rc = connect(sock, (struct sockaddr *) &sin,
+                 sizeof(struct sockaddr_in));
+    if (rc != 0) {
+        fprintf (stderr, "Failed to established connection!\n");
+        return -1;
+    }
+    /* Open a session */
+    session = libssh2_session_init ();
+    rc      = libssh2_session_startup (session, sock);
+    if (rc != 0) {
+        fprintf(stderr, "Failed Start the SSH session\n");
+        return -1;
+    }
+
+    if (set_debug_on == 1)
+        libssh2_trace(session, LIBSSH2_TRACE_CONN);
+
+    /* Set X11 Callback */
+    libssh2_session_callback_set(session, LIBSSH2_CALLBACK_X11,
+                                 (void *)x11_callback);
+
+    /* Authenticate via password */
+    rc = libssh2_userauth_password(session, username, password);
+    if (rc != 0) {
+        fprintf(stderr, "Failed to authenticate\n");
+        session_shutdown(session);
+        close(sock);
+        return -1;
+    }
+
+    /* Open a channel */
+    channel  = libssh2_channel_open_session(session);
+    if ( channel == NULL ) {
+        fprintf(stderr, "Failed to open a new channel\n");
+        session_shutdown(session);
+        close(sock);
+        return -1;
+    }
+
+
+    /* Request a PTY */
+    rc = libssh2_channel_request_pty( channel, "xterm");
+    if (rc != 0) {
+        fprintf(stderr, "Failed to request a pty\n");
+        session_shutdown(session);
+        close(sock);
+        return -1;
+    }
+
+    /* Request X11 */
+    rc = libssh2_channel_x11_req(channel,0);
+    if(rc!=0) {
+        fprintf(stderr, "Failed to request X11 forwarding\n");
+        session_shutdown(session);
+        close(sock);
+        return -1;
+    }
+
+    /* Request a shell */
+    rc = libssh2_channel_shell(channel);
+    if (rc!=0) {
+        fprintf(stderr, "Failed to open a shell\n");
+        session_shutdown(session);
+        close(sock);
+        return -1;
+    }
+
+    rc = _raw_mode();
+    if (rc != 0) {
+        fprintf(stderr, "Failed to entered in raw mode\n");
+        session_shutdown(session);
+        close(sock);
+        return -1;
+    }
+
+    while (1) {
+
+        FD_ZERO(&set);
+        FD_SET(fileno(stdin),&set);
+
+        /* Search if a resize pty has to be send */
+        ioctl(fileno(stdin), TIOCGWINSZ, &w_size);
+        if ((w_size.ws_row != w_size_bck.ws_row) ||
+            (w_size.ws_col != w_size_bck.ws_col))   {
+            w_size_bck = w_size;
+
+            libssh2_channel_request_pty_size(channel,
+                                             w_size.ws_col,
+                                             w_size.ws_row);
+        }
+
+        if ((buf = calloc (bufsiz, sizeof(char))) == NULL)
+            break;
+
+        if ((fds = malloc (sizeof (LIBSSH2_POLLFD))) == NULL) {
+            free(buf);
+            break;
+        }
+
+        fds[0].type = LIBSSH2_POLLFD_CHANNEL;
+        fds[0].fd.channel = channel;
+        fds[0].events = LIBSSH2_POLLFD_POLLIN;
+        fds[0].revents = LIBSSH2_POLLFD_POLLIN;
+
+        rc = libssh2_poll(fds, nfds, 0);
+        if (rc >0) {
+            rc = libssh2_channel_read(channel, buf,sizeof(buf));
+            fprintf(stdout, "%s", buf);
+            fflush(stdout);
+        }
+
+        /* Looping on X clients */
+        if (gp_x11_chan != NULL) {
+            current_node = gp_x11_chan;
+        }
+        else
+            current_node = NULL;
+
+        while (current_node != NULL) {
+            rc = x11_send_receive(current_node->chan, current_node->sock);
+            if (rc == -1){
+                shutdown(current_node->sock,SHUT_RDWR);
+                close(current_node->sock);
+                remove_node(current_node);
+
+            }
+            current_node = current_node->next;
+        }
+
+
+        rc = select(fileno(stdin)+1,&set,NULL,NULL,&timeval_out);
+        if (rc > 0) {
+            /* Data in stdin*/
+            rc = read(fileno(stdin), buf,1);
+            if (rc > 0)
+                libssh2_channel_write(channel,buf, sizeof(buf));
+        }
+
+        free (fds);
+        free (buf);
+
+        if (libssh2_channel_eof (channel) == 1) {
+          break;
+        }
+    }
+
+    if (channel) {
+      libssh2_channel_free (channel);
+      channel = NULL;
+    }
+    _normal_mode();
+    return 0;
+}

include/libssh2.h

@@ -1,4 +1,5 @@
-/* Copyright (c) 2004-2008, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2004-2009, Sara Golemon <sarag@libssh2.org>
+ * Copyright (c) 2009 by Daniel Stenberg
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -83,17 +84,17 @@ typedef unsigned long long libssh2_uint64_t;
 typedef long long libssh2_int64_t;
 #endif
 
-/* We use underscore instead of dash when appending CVS in dev versions just
+/* We use underscore instead of dash when appending DEV in dev versions just
    to make the BANNER define (used by src/session.c) be a valid SSH
    banner. Release versions have no appended strings and may of course not
    have dashes either. */
-#define LIBSSH2_VERSION                             "1.1_CVS"
+#define LIBSSH2_VERSION                             "1.2.2_DEV"
 
 /* The numeric version number is also available "in parts" by using these
    defines: */
 #define LIBSSH2_VERSION_MAJOR                       1
-#define LIBSSH2_VERSION_MINOR                       1
-#define LIBSSH2_VERSION_PATCH                       0
+#define LIBSSH2_VERSION_MINOR                       2
+#define LIBSSH2_VERSION_PATCH                       2
 
 /* This is the numeric version of the libssh2 version number, meant for easier
    parsing and comparions by programs. The LIBSSH2_VERSION_NUM define will
@@ -110,18 +111,18 @@ typedef long long libssh2_int64_t;
    and it is always a greater number in a more recent release. It makes
    comparisons with greater than and less than work.
 */
-#define LIBSSH2_VERSION_NUM                         0x010100
+#define LIBSSH2_VERSION_NUM                         0x010202
 
 /*
  * This is the date and time when the full source package was created. The
- * timestamp is not stored in CVS, as the timestamp is properly set in the
- * tarballs by the maketgz script.
+ * timestamp is not stored in the source code repo, as the timestamp is
+ * properly set in the tarballs by the maketgz script.
  *
  * The format of the date should follow this template:
  *
  * "Mon Feb 12 11:35:33 UTC 2007"
  */
-#define LIBSSH2_TIMESTAMP "CVS"
+#define LIBSSH2_TIMESTAMP "DEV"
 
 /* Part of every banner, user specified or not */
 #define LIBSSH2_SSH_BANNER                  "SSH-2.0-libssh2_" LIBSSH2_VERSION
@@ -177,6 +178,11 @@ typedef struct _LIBSSH2_USERAUTH_KBDINT_RESPONSE
     unsigned int length;
 } LIBSSH2_USERAUTH_KBDINT_RESPONSE;
 
+/* 'publickey' authentication callback */
+#define LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC(name) \
+  int name(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len, \
+           const unsigned char *data, size_t data_len, void **abstract)
+
 /* 'keyboard-interactive' authentication callback */
 #define LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC(name_) \
  void name_(const char* name, int name_len, const char* instruction, \
@@ -240,6 +246,8 @@ typedef struct _LIBSSH2_USERAUTH_KBDINT_RESPONSE
 typedef struct _LIBSSH2_SESSION                     LIBSSH2_SESSION;
 typedef struct _LIBSSH2_CHANNEL                     LIBSSH2_CHANNEL;
 typedef struct _LIBSSH2_LISTENER                    LIBSSH2_LISTENER;
+typedef struct _LIBSSH2_KNOWNHOSTS                  LIBSSH2_KNOWNHOSTS;
+typedef struct _LIBSSH2_AGENT                       LIBSSH2_AGENT;
 
 typedef struct _LIBSSH2_POLLFD {
     unsigned char type; /* LIBSSH2_POLLFD_* below */
@@ -292,6 +300,11 @@ typedef struct _LIBSSH2_POLLFD {
 #define LIBSSH2_HOSTKEY_HASH_MD5                            1
 #define LIBSSH2_HOSTKEY_HASH_SHA1                           2
 
+/* Hostkey Types */
+#define LIBSSH2_HOSTKEY_TYPE_UNKNOWN			    0
+#define LIBSSH2_HOSTKEY_TYPE_RSA			    1
+#define LIBSSH2_HOSTKEY_TYPE_DSS			    2
+
 /* Disconnect Codes (defined by SSH protocol) */
 #define SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT          1
 #define SSH_DISCONNECT_PROTOCOL_ERROR                       2
@@ -328,7 +341,8 @@ typedef struct _LIBSSH2_POLLFD {
 #define LIBSSH2_ERROR_PASSWORD_EXPIRED          -15
 #define LIBSSH2_ERROR_FILE                      -16
 #define LIBSSH2_ERROR_METHOD_NONE               -17
-#define LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED    -18
+#define LIBSSH2_ERROR_AUTHENTICATION_FAILED     -18
+#define LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED    LIBSSH2_ERROR_AUTHENTICATION_FAILED
 #define LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED      -19
 #define LIBSSH2_ERROR_CHANNEL_OUTOFORDER        -20
 #define LIBSSH2_ERROR_CHANNEL_FAILURE           -21
@@ -348,6 +362,11 @@ typedef struct _LIBSSH2_POLLFD {
 #define LIBSSH2_ERROR_INVALID_POLL_TYPE         -35
 #define LIBSSH2_ERROR_PUBLICKEY_PROTOCOL        -36
 #define LIBSSH2_ERROR_EAGAIN                    -37
+#define LIBSSH2_ERROR_BUFFER_TOO_SMALL          -38
+#define LIBSSH2_ERROR_BAD_USE                   -39
+#define LIBSSH2_ERROR_COMPRESS                  -40
+#define LIBSSH2_ERROR_OUT_OF_BOUNDARY           -41
+#define LIBSSH2_ERROR_AGENT_PROTOCOL            -42
 
 /* Session API */
 LIBSSH2_API LIBSSH2_SESSION *
@@ -377,6 +396,9 @@ LIBSSH2_API int libssh2_session_free(LIBSSH2_SESSION *session);
 LIBSSH2_API const char *libssh2_hostkey_hash(LIBSSH2_SESSION *session,
                                              int hash_type);
 
+LIBSSH2_API const char *libssh2_session_hostkey(LIBSSH2_SESSION *session,
+                                                size_t *len, int *type);
+
 LIBSSH2_API int libssh2_session_method_pref(LIBSSH2_SESSION *session,
                                             int method_type,
                                             const char *prefs);
@@ -422,6 +444,14 @@ libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION *session,
                                          strlen(username), (publickey), \
                                          (privatekey), (passphrase))
 
+LIBSSH2_API int
+libssh2_userauth_publickey(LIBSSH2_SESSION *session,
+                           const char *username,
+                           const unsigned char *pubkeydata,
+                           size_t pubkeydata_len,
+                           LIBSSH2_USERAUTH_PUBLICKEY_SIGN_FUNC((*sign_callback)),
+                           void **abstract);
+
 LIBSSH2_API int
 libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION *session,
                                        const char *username,
@@ -663,6 +693,285 @@ LIBSSH2_API int libssh2_base64_decode(LIBSSH2_SESSION *session, char **dest,
 LIBSSH2_API
 const char *libssh2_version(int req_version_num);
 
+#define HAVE_LIBSSH2_KNOWNHOST_API 0x010101 /* since 1.1.1 */
+#define HAVE_LIBSSH2_VERSION_API   0x010100 /* libssh2_version since 1.1 */
+
+struct libssh2_knownhost {
+    unsigned int magic;  /* magic stored by the library */
+    void *node; /* handle to the internal representation of this host */
+    char *name; /* this is NULL if no plain text host name exists */
+    char *key;  /* key in base64/printable format */
+    int typemask;
+};
+
+/*
+ * libssh2_knownhost_init
+ *
+ * Init a collection of known hosts. Returns the pointer to a collection.
+ *
+ */
+LIBSSH2_API LIBSSH2_KNOWNHOSTS *
+libssh2_knownhost_init(LIBSSH2_SESSION *session);
+
+/*
+ * libssh2_knownhost_add
+ *
+ * Add a host and its associated key to the collection of known hosts.
+ *
+ * The 'type' argument specifies on what format the given host is:
+ *
+ * plain  - ascii "hostname.domain.tld"
+ * sha1   - SHA1(<salt> <host>) base64-encoded!
+ * custom - another hash
+ *
+ * If 'sha1' is selected as type, the salt must be provided to the salt
+ * argument. This too base64 encoded.
+ *
+ * The SHA-1 hash is what OpenSSH can be told to use in known_hosts files.  If
+ * a custom type is used, salt is ignored and you must provide the host
+ * pre-hashed when checking for it in the libssh2_knownhost_check() function.
+ *
+ */
+
+/* host format (2 bits) */
+#define LIBSSH2_KNOWNHOST_TYPE_MASK    0xffff
+#define LIBSSH2_KNOWNHOST_TYPE_PLAIN   1
+#define LIBSSH2_KNOWNHOST_TYPE_SHA1    2 /* always base64 encoded */
+#define LIBSSH2_KNOWNHOST_TYPE_CUSTOM  3
+
+/* key format (2 bits) */
+#define LIBSSH2_KNOWNHOST_KEYENC_MASK     (3<<16)
+#define LIBSSH2_KNOWNHOST_KEYENC_RAW      (1<<16)
+#define LIBSSH2_KNOWNHOST_KEYENC_BASE64   (2<<16)
+
+/* type of key (2 bits) */
+#define LIBSSH2_KNOWNHOST_KEY_MASK     (3<<18)
+#define LIBSSH2_KNOWNHOST_KEY_SHIFT    18
+#define LIBSSH2_KNOWNHOST_KEY_RSA1     (1<<18)
+#define LIBSSH2_KNOWNHOST_KEY_SSHRSA   (2<<18)
+#define LIBSSH2_KNOWNHOST_KEY_SSHDSS   (3<<18)
+
+LIBSSH2_API int
+libssh2_knownhost_add(LIBSSH2_KNOWNHOSTS *hosts,
+                      const char *host,
+                      const char *salt,
+                      const char *key, size_t keylen, int typemask,
+                      struct libssh2_knownhost **store);
+
+/*
+ * libssh2_knownhost_check
+ *
+ * Check a host and its associated key against the collection of known hosts.
+ *
+ * The type is the type/format of the given host name.
+ *
+ * plain  - ascii "hostname.domain.tld"
+ * custom - prehashed base64 encoded. Note that this cannot use any salts.
+ *
+ *
+ * 'knownhost' may be set to NULL if you don't care about that info.
+ *
+ * Returns:
+ *
+ * LIBSSH2_KNOWNHOST_CHECK_* values, see below
+ *
+ */
+
+#define LIBSSH2_KNOWNHOST_CHECK_MATCH    0
+#define LIBSSH2_KNOWNHOST_CHECK_MISMATCH 1
+#define LIBSSH2_KNOWNHOST_CHECK_NOTFOUND 2
+#define LIBSSH2_KNOWNHOST_CHECK_FAILURE  3
+
+LIBSSH2_API int
+libssh2_knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
+                        const char *host, const char *key, size_t keylen,
+                        int typemask,
+                        struct libssh2_knownhost **knownhost);
+
+/*
+ * libssh2_knownhost_del
+ *
+ * Remove a host from the collection of known hosts. The 'entry' struct is
+ * retrieved by a call to libssh2_knownhost_check().
+ *
+ */
+LIBSSH2_API int
+libssh2_knownhost_del(LIBSSH2_KNOWNHOSTS *hosts,
+                      struct libssh2_knownhost *entry);
+
+/*
+ * libssh2_knownhost_free
+ *
+ * Free an entire collection of known hosts.
+ *
+ */
+LIBSSH2_API void
+libssh2_knownhost_free(LIBSSH2_KNOWNHOSTS *hosts);
+
+/*
+ * libssh2_knownhost_readline()
+ *
+ * Pass in a line of a file of 'type'. It makes libssh2 read this line.
+ *
+ * LIBSSH2_KNOWNHOST_FILE_OPENSSH is the only supported type.
+ *
+ */
+LIBSSH2_API int
+libssh2_knownhost_readline(LIBSSH2_KNOWNHOSTS *hosts,
+                           const char *line, size_t len, int type);
+
+/*
+ * libssh2_knownhost_readfile
+ *
+ * Add hosts+key pairs from a given file.
+ *
+ * Returns a negative value for error or number of successfully added hosts.
+ *
+ * This implementation currently only knows one 'type' (openssh), all others
+ * are reserved for future use.
+ */
+
+#define LIBSSH2_KNOWNHOST_FILE_OPENSSH 1
+
+LIBSSH2_API int
+libssh2_knownhost_readfile(LIBSSH2_KNOWNHOSTS *hosts,
+                           const char *filename, int type);
+
+/*
+ * libssh2_knownhost_writeline()
+ *
+ * Ask libssh2 to convert a known host to an output line for storage.
+ *
+ * Note that this function returns LIBSSH2_ERROR_BUFFER_TOO_SMALL if the given
+ * output buffer is too small to hold the desired output.
+ *
+ * This implementation currently only knows one 'type' (openssh), all others
+ * are reserved for future use.
+ *
+ */
+LIBSSH2_API int
+libssh2_knownhost_writeline(LIBSSH2_KNOWNHOSTS *hosts,
+                            struct libssh2_knownhost *known,
+                            char *buffer, size_t buflen,
+                            size_t *outlen, /* the amount of written data */
+                            int type);
+
+/*
+ * libssh2_knownhost_writefile
+ *
+ * Write hosts+key pairs to a given file.
+ *
+ * This implementation currently only knows one 'type' (openssh), all others
+ * are reserved for future use.
+ */
+
+LIBSSH2_API int
+libssh2_knownhost_writefile(LIBSSH2_KNOWNHOSTS *hosts,
+                            const char *filename, int type);
+
+/*
+ * libssh2_knownhost_get()
+ *
+ * Traverse the internal list of known hosts. Pass NULL to 'prev' to get
+ * the first one. Or pass a poiner to the previously returned one to get the
+ * next.
+ *
+ * Returns:
+ * 0 if a fine host was stored in 'store'
+ * 1 if end of hosts
+ * [negative] on errors
+ */
+LIBSSH2_API int
+libssh2_knownhost_get(LIBSSH2_KNOWNHOSTS *hosts,
+                      struct libssh2_knownhost **store,
+                      struct libssh2_knownhost *prev);
+
+#define HAVE_LIBSSH2_AGENT_API 0x010202 /* since 1.2.2 */
+
+struct libssh2_agent_publickey {
+    unsigned int magic;              /* magic stored by the library */
+    void *node;	    /* handle to the internal representation of key */
+    unsigned char *blob;           /* public key blob */
+    size_t blob_len;               /* length of the public key blob */
+    char *comment;                 /* comment in printable format */
+};
+
+/*
+ * libssh2_agent_init
+ *
+ * Init an ssh-agent handle. Returns the pointer to the handle.
+ *
+ */
+LIBSSH2_API LIBSSH2_AGENT *
+libssh2_agent_init(LIBSSH2_SESSION *session);
+
+/*
+ * libssh2_agent_connect()
+ *
+ * Connect to an ssh-agent.
+ *
+ * Returns 0 if succeeded, or a negative value for error.
+ */
+LIBSSH2_API int
+libssh2_agent_connect(LIBSSH2_AGENT *agent);
+
+/*
+ * libssh2_agent_list_identities()
+ *
+ * Request an ssh-agent to list identities.
+ *
+ * Returns 0 if succeeded, or a negative value for error.
+ */
+LIBSSH2_API int
+libssh2_agent_list_identities(LIBSSH2_AGENT *agent);
+
+/*
+ * libssh2_agent_get_identity()
+ *
+ * Traverse the internal list of public keys. Pass NULL to 'prev' to get
+ * the first one. Or pass a poiner to the previously returned one to get the
+ * next.
+ *
+ * Returns:
+ * 0 if a fine public key was stored in 'store'
+ * 1 if end of public keys
+ * [negative] on errors
+ */
+LIBSSH2_API int
+libssh2_agent_get_identity(LIBSSH2_AGENT *agent,
+			   struct libssh2_agent_publickey **store,
+			   struct libssh2_agent_publickey *prev);
+
+/*
+ * libssh2_agent_userauth()
+ *
+ * Do publickey user authentication with the help of ssh-agent.
+ *
+ * Returns 0 if succeeded, or a negative value for error.
+ */
+LIBSSH2_API int
+libssh2_agent_userauth(LIBSSH2_AGENT *agent,
+		       const char *username,
+		       struct libssh2_agent_publickey *identity);
+
+/*
+ * libssh2_agent_disconnect()
+ *
+ * Close a connection to an ssh-agent.
+ *
+ * Returns 0 if succeeded, or a negative value for error.
+ */
+LIBSSH2_API int
+libssh2_agent_disconnect(LIBSSH2_AGENT *agent);
+
+/*
+ * libssh2_agent_free()
+ *
+ * Free an ssh-agent handle.  This function also frees the internal
+ * collection of public keys.
+ */
+LIBSSH2_API void
+libssh2_agent_free(LIBSSH2_AGENT *agent);
 
 /* NOTE NOTE NOTE
    libssh2_trace() has no function in builds that aren't built with debug
@@ -677,6 +986,15 @@ LIBSSH2_API int libssh2_trace(LIBSSH2_SESSION *session, int bitmask);
 #define LIBSSH2_TRACE_SFTP  (1<<6)
 #define LIBSSH2_TRACE_ERROR (1<<7)
 #define LIBSSH2_TRACE_PUBLICKEY (1<<8)
+#define LIBSSH2_TRACE_SOCKET (1<<9)
+
+typedef void (*libssh2_trace_handler_func)(LIBSSH2_SESSION*,
+                                           void*,
+                                           const char *,
+                                           size_t);
+LIBSSH2_API int libssh2_trace_sethandler(LIBSSH2_SESSION *session,
+                                         void* context,
+                                         libssh2_trace_handler_func callback);
 
 #ifdef __cplusplus
 } /* extern "C" */

include/libssh2_publickey.h

@@ -46,6 +46,8 @@
 #ifndef LIBSSH2_PUBLICKEY_H
 #define LIBSSH2_PUBLICKEY_H 1
 
+#include "libssh2.h"
+
 typedef struct _LIBSSH2_PUBLICKEY               LIBSSH2_PUBLICKEY;
 
 typedef struct _libssh2_publickey_attribute {

include/libssh2_sftp.h

@@ -38,6 +38,8 @@
 #ifndef LIBSSH2_SFTP_H
 #define LIBSSH2_SFTP_H 1
 
+#include "libssh2.h"
+
 #ifndef WIN32
 #include <unistd.h>
 #endif

libssh2.pc.in

@@ -0,0 +1,16 @@
+###########################################################################
+# libssh2 installation details
+###########################################################################
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: libssh2
+URL: http://www.libssh2.org/
+Description: Library for SSH based connunication
+Version: @VERSION@
+Libs: -L${libdir} -lssh2 @LDFLAGS@ @LIBS@
+Libs.private: @LIBS@
+Cflags: -I${includedir}

nw/Makefile.netware

@@ -5,7 +5,7 @@
 ##
 ## Comments to: Guenter Knauf <eflash@gmx.net>
 ##
-## $Id: Makefile.netware,v 1.13 2009/03/06 07:25:37 gknauf Exp $
+## $Id: Makefile.netware,v 1.14 2009/04/09 03:13:51 gknauf Exp $
 #
 #########################################################################
 
@@ -21,7 +21,7 @@ endif
 
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../openssl-0.9.8j
+OPENSSL_PATH = ../../openssl-0.9.8k
 endif
 
 # Edit the path below to point to your Distribution folder.
@@ -76,7 +76,7 @@ ifdef METROWERKS
 	MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support/Metrowerks Support
 	CC = mwccnlm
 else
-	CC = gcc
+	CC = $(CROSSPREFIX)gcc
 endif
 CP	= cp -afv
 # RM	= rm -f
@@ -96,7 +96,7 @@ LIBARCH_L = $(shell $(AWK) 'BEGIN {print tolower(ARGV[1])}' $(LIBARCH))
 -include $(OBJDIR)/version.inc
 
 # Global flags for all compilers
-CFLAGS	= $(OPT) -D$(DB) -DNETWARE -nostdinc
+CFLAGS	+= $(OPT) -D$(DB) -DNETWARE -nostdinc
 #CFLAGS	+= -DHAVE_CONFIG_H
 
 ifeq ($(CC),mwccnlm)
@@ -119,12 +119,12 @@ else
 	CFLAGS += -align 1
 endif
 else
-LD	= nlmconv
+LD	= $(CROSSPREFIX)nlmconv
 LDFLAGS	= -T
-AR	= ar
+AR	= $(CROSSPREFIX)ar
 ARFLAGS	= -cq
 LIBEXT	= a
-RANLIB	= ranlib
+RANLIB	= $(CROSSPREFIX)ranlib
 CFLAGS	+= -fno-builtin -fpcc-struct-return -fno-strict-aliasing
 CFLAGS	+= -Wall # -pedantic
 #CFLAGS	+= -Wno-pointer-sign
@@ -184,8 +184,7 @@ ifdef XDCOPT
 	XDCDATA = $(OBJDIR)/$(TARGET).xdc
 endif
 
-ifeq ($(findstring linux,$(OSTYPE)),linux)
-#-include $(NDKBASE)/nlmconv/ncpfs.inc
+ifeq ($(findstring /sh,$(SHELL)),/sh)
 DL	= '
 DS	= /
 else
@@ -194,24 +193,10 @@ endif
 
 vpath %.c . ../src
 
-OBJECTS = \
-	channel.o \
-	comp.o \
-	crypt.o \
-	hostkey.o \
-	kex.o \
-	mac.o \
-	misc.o \
-	openssl.o \
-	packet.o \
-	pem.o \
-	publickey.o \
-	scp.o \
-	session.o \
-	sftp.o \
-	transport.o \
-	userauth.o
+# include Makefile.inc to get CSOURCES define
+include ../Makefile.inc
 
+OBJECTS := $(patsubst %.c,%.o,$(CSOURCES))
 ifeq ($(LIBARCH),CLIB)
 # CLIB lacks of snprint() function - here's a replacement:
 # http://www.ijs.si/software/snprintf/
@@ -220,7 +205,6 @@ vpath %.c $(SNPRINTF)
 endif
 
 OBJS	:= $(addprefix $(OBJDIR)/,$(OBJECTS))
-
 OBJL	= $(OBJS) $(OBJDIR)/nwlib.o $(LDLIBS)
 
 all: lib nlm
@@ -382,6 +366,8 @@ ifeq ($(LIBARCH),CLIB)
 	@echo $(DL)#define HAVE_STRICMP 1$(DL) >> $@
 	@echo $(DL)#define socklen_t int$(DL) >> $@
 	@echo $(DL)#define sleep(s) delay(1000 * s)$(DL) >> $@
+	@echo $(DL)#define strcasecmp stricmp$(DL) >> $@
+	@echo $(DL)#define strncasecmp strnicmp$(DL) >> $@
 else
 	@echo $(DL)#define OS "i586-pc-libc-NetWare"$(DL) >> $@
 	@echo $(DL)#define HAVE_DLFCN_H 1$(DL) >> $@
@@ -508,6 +494,7 @@ endif
 	@echo $(DL)  libssh2_channel_eof,$(DL) >> $@
 	@echo $(DL)  libssh2_channel_flush_ex,$(DL) >> $@
 	@echo $(DL)  libssh2_channel_free,$(DL) >> $@
+	@echo $(DL)  libssh2_channel_get_exit_status,$(DL) >> $@
 	@echo $(DL)  libssh2_channel_open_ex,$(DL) >> $@
 	@echo $(DL)  libssh2_channel_process_startup,$(DL) >> $@
 	@echo $(DL)  libssh2_channel_read_ex,$(DL) >> $@
@@ -521,11 +508,18 @@ endif
 	@echo $(DL)  libssh2_hostkey_hash,$(DL) >> $@
 	@echo $(DL)  libssh2_scp_recv,$(DL) >> $@
 	@echo $(DL)  libssh2_scp_send_ex,$(DL) >> $@
+	@echo $(DL)  libssh2_knownhost_add,$(DL) >> $@
+	@echo $(DL)  libssh2_knownhost_check,$(DL) >> $@
+	@echo $(DL)  libssh2_knownhost_free,$(DL) >> $@
+	@echo $(DL)  libssh2_knownhost_init,$(DL) >> $@
+	@echo $(DL)  libssh2_knownhost_readfile,$(DL) >> $@
+	@echo $(DL)  libssh2_knownhost_writefile,$(DL) >> $@
 	@echo $(DL)  libssh2_session_abstract,$(DL) >> $@
 	@echo $(DL)  libssh2_session_block_directions,$(DL) >> $@
 	@echo $(DL)  libssh2_session_callback_set,$(DL) >> $@
 	@echo $(DL)  libssh2_session_disconnect_ex,$(DL) >> $@
 	@echo $(DL)  libssh2_session_free,$(DL) >> $@
+	@echo $(DL)  libssh2_session_hostkey,$(DL) >> $@
 	@echo $(DL)  libssh2_session_init_ex,$(DL) >> $@
 	@echo $(DL)  libssh2_session_last_errno,$(DL) >> $@
 	@echo $(DL)  libssh2_session_last_error,$(DL) >> $@

nw/test/Makefile.netware

@@ -5,7 +5,7 @@
 ##
 ## Comments to: Guenter Knauf <eflash@gmx.net>
 ##
-## $Id: Makefile.netware,v 1.9 2009/03/06 07:25:37 gknauf Exp $
+## $Id: Makefile.netware,v 1.10 2009/04/09 03:13:52 gknauf Exp $
 #
 #########################################################################
 
@@ -21,15 +21,15 @@ endif
 
 # Edit the path below to point to the base of your OpenSSL package.
 ifndef OPENSSL_PATH
-OPENSSL_PATH = ../../../openssl-0.9.8j
+OPENSSL_PATH = ../../../openssl-0.9.8k
 endif
 
 # Edit the var below to enable static linking of libssh2 and libz
 LINK_STATIC = 1
 
 # Edit the vars below to change NLM target settings.
-SAMPLES	= ../../example/simple
-TARGETS	:= $(patsubst $(SAMPLES)/%.c,%.nlm,$(strip $(wildcard $(SAMPLES)/*.c)))
+SAMPLES	= ../../example
+TARGETS := $(filter-out x11.nlm,$(patsubst $(SAMPLES)/%.c,%.nlm,$(strip $(wildcard $(SAMPLES)/*.c))))
 VERSION	= $(LIBSSH2_VERSION)
 COPYR	= Copyright (c) 2004-2009, Sara Golemon <sarag@libssh2.org>
 WWWURL	= http://www.libssh2.org/
@@ -70,7 +70,7 @@ ifdef METROWERKS
 	MWCW_PATH = $(subst \,/,$(METROWERKS))/Novell Support/Metrowerks Support
 	CC = mwccnlm
 else
-	CC = gcc
+	CC = $(CROSSPREFIX)gcc
 endif
 CP	= cp -afv
 # RM	= rm -f
@@ -89,7 +89,7 @@ LIBARCH_L = $(shell $(AWK) 'BEGIN {print tolower(ARGV[1])}' $(LIBARCH))
 -include $(OBJDIR)/version.inc
 
 # Global flags for all compilers
-CFLAGS	= $(OPT) -D$(DB) -DNETWARE -nostdinc
+CFLAGS	+= $(OPT) -D$(DB) -DNETWARE -nostdinc
 
 ifeq ($(CC),mwccnlm)
 LD	= mwldnlm
@@ -116,12 +116,15 @@ LDFLAGS	= -T
 AR	= ar
 ARFLAGS	= -cq
 LIBEXT	= a
-CFLAGS	+= -fno-builtin -fpack-struct -fpcc-struct-return -fno-strict-aliasing
-CFLAGS	+= -Wall,no-unused # -pedantic
+CFLAGS	+= -fno-builtin -fpcc-struct-return -fno-strict-aliasing
+CFLAGS	+= -Wall # -pedantic
 ifeq ($(LIBARCH),LIBC)
 	PRELUDE = $(SDK_LIBC)/imports/libcpre.gcc.o
 else
-	PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
+	# PRELUDE = $(SDK_CLIB)/imports/clibpre.gcc.o
+        # to avoid the __init_* / __deinit_* whoes dont use prelude from NDK
+        # http://www.gknw.net/development/mk_nlm/gcc_pre.zip
+        PRELUDE = $(NDK_ROOT)/pre/prelude.o
 	CFLAGS += -include $(NDKBASE)/nlmconv/genlm.h
 endif
 endif
@@ -131,10 +134,17 @@ SDK_CLIB = $(NDK_ROOT)/nwsdk
 SDK_LIBC = $(NDK_ROOT)/libc
 SNPRINTF = $(NDKBASE)/snprintf
 
-INCLUDES = -I. -I../../include
+INCLUDES = -I.. -I../../include
 
 LDLIBS =
  
+ifdef LINK_STATIC
+	LDLIBS += ../libssh2.$(LIBEXT)
+else
+	IMPORTS += @../libssh2.imp
+	MODULES += libssh2.nlm
+endif
+
 INCLUDES += -I$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L) -I$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)/openssl
 LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/ssl.$(LIBEXT)
 LDLIBS += $(OPENSSL_PATH)/out_nw_$(LIBARCH_L)/crypto.$(LIBEXT)
@@ -150,13 +160,6 @@ else
 endif
 endif
 
-ifdef LINK_STATIC
-	LDLIBS += ../libssh2.$(LIBEXT)
-else
-	IMPORTS += @../libssh2.imp
-	MODULES += libssh2.nlm
-endif
-
 ifeq ($(LIBARCH),LIBC)
 	INCLUDES += -I$(SDK_LIBC)/include
 	# INCLUDES += -I$(SDK_LIBC)/include/nks
@@ -177,8 +180,11 @@ ifeq ($(MTSAFE),NO)
 	XDCOPT = -u
 endif
 
-ifeq ($(findstring linux,$(OSTYPE)),linux)
+ifeq ($(findstring /sh,$(SHELL)),/sh)
 DL      = '
+DS      = /
+else
+DS      = \\
 endif
 
 vpath %.c $(SAMPLES)
@@ -188,7 +194,7 @@ vpath %.c $(SAMPLES)
 
 all: prebuild $(TARGETS) 
 
-prebuild: $(OBJDIR) $(OBJDIR)/version.inc config.h
+prebuild: $(OBJDIR) $(OBJDIR)/version.inc
 
 $(OBJDIR)/%.o: %.c
 #	@echo Compiling $<
@@ -276,7 +282,7 @@ ifdef IMPORTS
 	@echo $(DL)import $(IMPORTS)$(DL) >> $@
 endif
 ifeq ($(LD),nlmconv)
-	@echo $(DL)input $(<:.def=.o)$(DL) >> $@
+	@echo $(DL)input $(@:.def=.o)$(DL) >> $@
 	@echo $(DL)input $(PRELUDE)$(DL) >> $@
 ifdef LDLIBS
 	@echo $(DL)input $(LDLIBS)$(DL) >> $@
@@ -284,7 +290,7 @@ endif
 	@echo $(DL)output $(notdir $(@:.def=.nlm))$(DL) >> $@
 endif
 
-config.h: Makefile.netware
+ssh2_config.h: Makefile.netware
 	@echo Creating $@
 	@echo $(DL)/* $@ for NetWare target.$(DL) > $@
 	@echo $(DL)** Do not edit this file - it is created by make!$(DL) >> $@

src/.cvsignore

@@ -1,20 +0,0 @@
-.deps
-.libs
-*.lib
-*.pdb
-*.dll
-*.exe
-*.obj
-*.gcno
-*.gcda
-.*.swp
-Debug
-Release
-*.exp
-Makefile
-Makefile.in
-*.lo
-libssh2.la
-libssh2_config.h
-libssh2_config.h.in
-stamp-h1

src/.gitignore

@@ -0,0 +1,3 @@
+libssh2_config.h
+libssh2_config.h.in
+stamp-h1

src/Makefile.am

@@ -1,15 +1,10 @@
-# $Id: Makefile.am,v 1.19 2009/03/26 22:25:23 bagder Exp $
+# $Id: Makefile.am,v 1.21 2009/05/07 17:21:56 bagder Exp $
 AUTOMAKE_OPTIONS = foreign nostdinc
 
-libssh2_la_SOURCES = channel.c comp.c crypt.c hostkey.c kex.c mac.c misc.c     \
-packet.c publickey.c scp.c session.c sftp.c userauth.c libssh2_priv.h	       \
-openssl.h libgcrypt.h transport.c version.c transport.h channel.h comp.h mac.h
+# Makefile.inc provides the CSOURCES and HHEADERS defines
+include ../Makefile.inc
 
-if LIBGCRYPT
-libssh2_la_SOURCES += libgcrypt.c pem.c
-else
-libssh2_la_SOURCES += openssl.c
-endif
+libssh2_la_SOURCES = $(CSOURCES) $(HHEADERS)
 
 EXTRA_DIST = libssh2_config.h.in NMakefile
 

src/agent.c

@@ -0,0 +1,759 @@
+/*
+ * Copyright (c) 2009 by Daiki Ueno
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+#include "libssh2_priv.h"
+#include "misc.h"
+#include <errno.h>
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#else
+/* Use the existence of sys/un.h as a test if Unix domain socket is
+   supported.  winsock*.h define PF_UNIX/AF_UNIX but do not actually
+   support them. */
+#undef PF_UNIX
+#endif
+
+/* Requests from client to agent for protocol 1 key operations */
+#define SSH_AGENTC_REQUEST_RSA_IDENTITIES 1
+#define SSH_AGENTC_RSA_CHALLENGE 3
+#define SSH_AGENTC_ADD_RSA_IDENTITY 7
+#define SSH_AGENTC_REMOVE_RSA_IDENTITY 8
+#define SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9
+#define SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 24
+
+/* Requests from client to agent for protocol 2 key operations */
+#define SSH2_AGENTC_REQUEST_IDENTITIES 11
+#define SSH2_AGENTC_SIGN_REQUEST 13
+#define SSH2_AGENTC_ADD_IDENTITY 17
+#define SSH2_AGENTC_REMOVE_IDENTITY 18
+#define SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19
+#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
+
+/* Key-type independent requests from client to agent */
+#define SSH_AGENTC_ADD_SMARTCARD_KEY 20
+#define SSH_AGENTC_REMOVE_SMARTCARD_KEY 21
+#define SSH_AGENTC_LOCK 22
+#define SSH_AGENTC_UNLOCK 23
+#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
+
+/* Generic replies from agent to client */
+#define SSH_AGENT_FAILURE 5
+#define SSH_AGENT_SUCCESS 6
+
+/* Replies from agent to client for protocol 1 key operations */
+#define SSH_AGENT_RSA_IDENTITIES_ANSWER 2
+#define SSH_AGENT_RSA_RESPONSE 4
+
+/* Replies from agent to client for protocol 2 key operations */
+#define SSH2_AGENT_IDENTITIES_ANSWER 12
+#define SSH2_AGENT_SIGN_RESPONSE 14
+
+/* Key constraint identifiers */
+#define SSH_AGENT_CONSTRAIN_LIFETIME 1
+#define SSH_AGENT_CONSTRAIN_CONFIRM 2
+
+/* non-blocking mode on agent connection is not yet implemented, but
+   for future use. */
+typedef enum {
+    agent_NB_state_init = 0,
+    agent_NB_state_request_created,
+    agent_NB_state_request_length_sent,
+    agent_NB_state_request_sent,
+    agent_NB_state_response_length_received,
+    agent_NB_state_response_received
+} agent_nonblocking_states;
+
+typedef struct agent_transaction_ctx {
+    unsigned char *request;
+    size_t request_len;
+    unsigned char *response;
+    size_t response_len;
+    agent_nonblocking_states state;
+} *agent_transaction_ctx_t;
+
+typedef int (*agent_connect_func)(LIBSSH2_AGENT *agent);
+typedef int (*agent_transact_func)(LIBSSH2_AGENT *agent,
+                                   agent_transaction_ctx_t transctx);
+typedef int (*agent_disconnect_func)(LIBSSH2_AGENT *agent);
+
+struct agent_publickey {
+    struct list_node node;
+
+    /* this is the struct we expose externally */
+    struct libssh2_agent_publickey external;
+};
+
+struct agent_ops {
+    agent_connect_func connect;
+    agent_transact_func transact;
+    agent_disconnect_func disconnect;
+};
+
+struct _LIBSSH2_AGENT
+{
+    LIBSSH2_SESSION *session;  /* the session this "belongs to" */
+
+    libssh2_socket_t fd;
+
+    struct agent_ops *ops;
+
+    struct agent_transaction_ctx transctx;
+    struct agent_publickey *identity;
+    struct list_head head;              /* list of public keys */
+};
+
+#ifdef PF_UNIX
+static int
+agent_connect_unix(LIBSSH2_AGENT *agent)
+{
+    const char *path;
+    struct sockaddr_un sun;
+
+    path = getenv("SSH_AUTH_SOCK");
+    if (!path) {
+        return -1;
+    }
+
+    agent->fd = socket(PF_UNIX, SOCK_STREAM, 0);
+    if (agent->fd < 0) {
+        return -1;
+    }
+
+    sun.sun_family = AF_UNIX;
+    strncpy (sun.sun_path, path, sizeof sun.sun_path);
+    if (connect(agent->fd, (struct sockaddr*)(&sun), sizeof sun) != 0) {
+        close (agent->fd);
+        return -1;
+    }
+
+    return 0;
+}
+
+static int
+agent_transact_unix(LIBSSH2_AGENT *agent, agent_transaction_ctx_t transctx)
+{
+    unsigned char buf[4], *s;
+    int rc;
+
+    /* Send the length of the request */
+    if (transctx->state == agent_NB_state_request_created) {
+        _libssh2_htonu32(buf, transctx->request_len);
+        rc = send(agent->fd, buf, sizeof buf, 0);
+        if (rc < 0) {
+            if (errno == EAGAIN)
+                return LIBSSH2_ERROR_EAGAIN;
+            return -1;
+        }
+        transctx->state = agent_NB_state_request_length_sent;
+    }
+
+    /* Send the request body */
+    if (transctx->state == agent_NB_state_request_length_sent) {
+        rc = send(agent->fd, transctx->request,
+                  transctx->request_len, 0);
+        if (rc < 0) {
+            if (errno == EAGAIN)
+                return LIBSSH2_ERROR_EAGAIN;
+            return -1;
+        }
+        transctx->state = agent_NB_state_request_sent;
+    }
+
+    /* Receive the length of a response */
+    if (transctx->state == agent_NB_state_request_sent) {
+        rc = recv(agent->fd, buf, sizeof buf, 0);
+        if (rc < 0) {
+            if (errno == EAGAIN)
+                return LIBSSH2_ERROR_EAGAIN;
+            return -1;
+        }
+        transctx->response_len = _libssh2_ntohu32(buf);
+        s = transctx->response = LIBSSH2_ALLOC(agent->session,
+                                                  transctx->response_len);
+        if (!transctx->response) {
+            return LIBSSH2_ERROR_ALLOC;
+        }
+        transctx->state = agent_NB_state_response_length_received;
+    }
+
+    /* Receive the response body */
+    if (transctx->state == agent_NB_state_response_length_received) {
+        rc = recv(agent->fd, transctx->response, transctx->response_len, 0);
+        if (rc < 0) {
+            if (errno == EAGAIN)
+                return LIBSSH2_ERROR_EAGAIN;
+            return -1;
+        }
+        transctx->state = agent_NB_state_response_received;
+    }
+
+    return 0;
+}
+
+static int
+agent_disconnect_unix(LIBSSH2_AGENT *agent)
+{
+    return close(agent->fd);
+}
+
+struct agent_ops agent_ops_unix = {
+    agent_connect_unix,
+    agent_transact_unix,
+    agent_disconnect_unix
+};
+#endif  /* PF_UNIX */
+
+#ifdef WIN32
+/* Code to talk to Pageant was taken from PuTTY.
+ *
+ * Portions copyright Robert de Bath, Joris van Rantwijk, Delian
+ * Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas
+ * Barry, Justin Bradford, Ben Harris, Malcolm Smith, Ahmad Khalifa,
+ * Markus Kuhn, Colin Watson, and CORE SDI S.A.
+ */
+#define PAGEANT_COPYDATA_ID 0x804e50ba   /* random goop */
+#define PAGEANT_MAX_MSGLEN  8192
+
+static int
+agent_connect_pageant(LIBSSH2_AGENT *agent)
+{
+    HWND hwnd;
+    hwnd = FindWindow("Pageant", "Pageant");
+    if (!hwnd)
+	return -1;
+    agent->fd = 0;         /* Mark as the connection has been established */
+    return 0;
+}
+
+static int
+agent_transact_pageant(LIBSSH2_AGENT *agent, agent_transaction_ctx_t transctx)
+{
+    HWND hwnd;
+    char mapname[23];
+    HANDLE filemap;
+    unsigned char *p;
+    int id;
+    COPYDATASTRUCT cds;
+
+    if (!transctx || 4 + transctx->request_len > PAGEANT_MAX_MSGLEN) {
+        return LIBSSH2_ERROR_INVAL;
+    }
+    hwnd = FindWindow("Pageant", "Pageant");
+    if (!hwnd) {
+	return -1;
+    }
+    sprintf(mapname, "PageantRequest%08x", (unsigned)GetCurrentThreadId());
+    filemap = CreateFileMapping(INVALID_HANDLE_VALUE, NULL, PAGE_READWRITE,
+				0, PAGEANT_MAX_MSGLEN, mapname);
+    if (filemap == NULL || filemap == INVALID_HANDLE_VALUE) {
+	return -1;
+    }
+    p = MapViewOfFile(filemap, FILE_MAP_WRITE, 0, 0, 0);
+    _libssh2_htonu32(p, transctx->request_len);
+    memcpy(p + 4, transctx->request, transctx->request_len);
+    cds.dwData = PAGEANT_COPYDATA_ID;
+    cds.cbData = 1 + strlen(mapname);
+    cds.lpData = mapname;
+
+    id = SendMessage(hwnd, WM_COPYDATA, (WPARAM) NULL, (LPARAM) &cds);
+    if (id > 0) {
+	transctx->response_len = _libssh2_ntohu32(p);
+        if (transctx->response_len > PAGEANT_MAX_MSGLEN) {
+            UnmapViewOfFile(p);
+            CloseHandle(filemap);
+            return LIBSSH2_ERROR_AGENT_PROTOCOL;
+        }
+	transctx->response = LIBSSH2_ALLOC(agent->session,
+                                           transctx->response_len);
+	if (!transctx->response) {
+            UnmapViewOfFile(p);
+            CloseHandle(filemap);
+            return LIBSSH2_ERROR_ALLOC;
+        }
+        memcpy(transctx->response, p + 4, transctx->response_len);
+    }
+
+    UnmapViewOfFile(p);
+    CloseHandle(filemap);
+    return 0;
+}
+
+static int
+agent_disconnect_pageant(LIBSSH2_AGENT *agent)
+{
+    agent->fd = INVALID_SOCKET;
+    return 0;
+}
+
+struct agent_ops agent_ops_pageant = {
+    agent_connect_pageant,
+    agent_transact_pageant,
+    agent_disconnect_pageant
+};
+#endif  /* WIN32 */
+
+static struct {
+    const char *name;
+    struct agent_ops *ops;
+} supported_backends[] = {
+#ifdef WIN32
+    {"Pageant", &agent_ops_pageant},
+#endif  /* WIN32 */
+#ifdef PF_UNIX
+    {"Unix", &agent_ops_unix},
+#endif  /* PF_UNIX */
+    {NULL}
+};
+
+static int
+agent_sign(LIBSSH2_SESSION *session, unsigned char **sig, size_t *sig_len,
+           const unsigned char *data, size_t data_len, void **abstract)
+{
+    LIBSSH2_AGENT *agent = (LIBSSH2_AGENT *) (*abstract);
+    agent_transaction_ctx_t transctx = &agent->transctx;
+    struct agent_publickey *identity = agent->identity;
+    ssize_t len = 1 + 4 + identity->external.blob_len + 4 + data_len + 4;
+    ssize_t method_len;
+    unsigned char *s;
+    int rc;
+
+    /* Create a request to sign the data */
+    if (transctx->state == agent_NB_state_init) {
+        s = transctx->request = LIBSSH2_ALLOC(session, len);
+        if (!transctx->request) {
+            return LIBSSH2_ERROR_ALLOC;
+        }
+
+        *s++ = SSH2_AGENTC_SIGN_REQUEST;
+        /* key blob */
+        _libssh2_htonu32(s, identity->external.blob_len);
+        s += 4;
+         memcpy(s, identity->external.blob, identity->external.blob_len);
+        s += identity->external.blob_len;
+        /* data */
+        _libssh2_htonu32(s, data_len);
+        s += 4;
+        memcpy(s, data, data_len);
+        s += data_len;
+        /* flags */
+        _libssh2_htonu32(s, 0);
+        s += 4;
+        transctx->request_len = s - transctx->request;
+        transctx->state = agent_NB_state_request_created;
+    }
+
+    /* Make sure to be re-called as a result of EAGAIN. */
+    if (*transctx->request != SSH2_AGENTC_SIGN_REQUEST) {
+        return LIBSSH2_ERROR_BAD_USE;
+    }
+
+    rc = agent->ops->transact(agent, transctx);
+    if (rc) {
+        goto error;
+    }
+    LIBSSH2_FREE(session, transctx->request);
+    transctx->request = NULL;
+
+    len = transctx->response_len;
+    s = transctx->response;
+    len--;
+    if (len < 0) {
+        rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+        goto error;
+    }
+    if (*s != SSH2_AGENT_SIGN_RESPONSE) {
+        rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+        goto error;
+    }
+    s++;
+
+    /* Skip the entire length of the signature */
+    len -= 4;
+    if (len < 0) {
+        rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+        goto error;
+    }
+    s += 4;
+
+    /* Skip signing method */
+    len -= 4;
+    if (len < 0) {
+        rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+        goto error;
+    }
+    method_len = _libssh2_ntohu32(s);
+    s += 4;
+    len -= method_len;
+    if (len < 0) {
+        rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+        goto error;
+    }
+    s += method_len;
+
+    /* Read the signature */
+    len -= 4;
+    if (len < 0) {
+        rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+        goto error;
+    }
+    *sig_len = _libssh2_ntohu32(s);
+    s += 4;
+    len -= *sig_len;
+    if (len < 0) {
+        rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+        goto error;
+    }
+
+    *sig = LIBSSH2_ALLOC(session, *sig_len);
+    if (!*sig) {
+        rc = LIBSSH2_ERROR_ALLOC;
+        goto error;
+    }
+    memcpy(*sig, s, *sig_len);
+
+  error:
+    LIBSSH2_FREE(session, transctx->request);
+    transctx->request = NULL;
+
+    LIBSSH2_FREE(session, transctx->response);
+    transctx->response = NULL;
+
+    return rc;
+}
+
+static int
+agent_list_identities(LIBSSH2_AGENT *agent)
+{
+    agent_transaction_ctx_t transctx = &agent->transctx;
+    ssize_t len, num_identities;
+    unsigned char *s;
+    int rc;
+
+    /* Create a request to list identities */
+    if (transctx->state == agent_NB_state_init) {
+      unsigned char c = SSH2_AGENTC_REQUEST_IDENTITIES;
+      transctx->request = &c;
+      transctx->request_len = 1;
+      transctx->state = agent_NB_state_request_created;
+    }
+
+    /* Make sure to be re-called as a result of EAGAIN. */
+    if (*transctx->request != SSH2_AGENTC_REQUEST_IDENTITIES) {
+        return LIBSSH2_ERROR_BAD_USE;
+    }
+
+    rc = agent->ops->transact(agent, transctx);
+    if (rc) {
+        goto error;
+    }
+    transctx->request = NULL;
+
+    len = transctx->response_len;
+    s = transctx->response;
+    len--;
+    if (len < 0) {
+        rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+        goto error;
+    }
+    if (*s != SSH2_AGENT_IDENTITIES_ANSWER) {
+        rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+        goto error;
+    }
+    s++;
+
+    /* Read the length of identities */
+    len -= 4;
+    if (len < 0) {
+        rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+        goto error;
+    }
+    num_identities = _libssh2_ntohu32(s);
+    s += 4;
+
+    while (num_identities--) {
+        struct agent_publickey *identity;
+        ssize_t comment_len;
+
+        identity = LIBSSH2_ALLOC(agent->session, sizeof *identity);
+        if (!identity) {
+            rc = LIBSSH2_ERROR_ALLOC;
+            goto error;
+        }
+
+        /* Read the length of the blob */
+        len -= 4;
+        if (len < 0) {
+            rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+            goto error;
+        }
+        identity->external.blob_len = _libssh2_ntohu32(s);
+        s += 4;
+
+        /* Read the blob */
+        len -= identity->external.blob_len;
+        if (len < 0) {
+            rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+            goto error;
+        }
+        identity->external.blob = LIBSSH2_ALLOC(agent->session,
+                                                identity->external.blob_len);
+        if (!identity->external.blob) {
+            rc = LIBSSH2_ERROR_ALLOC;
+            goto error;
+        }
+        memcpy(identity->external.blob, s, identity->external.blob_len);
+        s += identity->external.blob_len;
+
+        /* Read the length of the comment */
+        len -= 4;
+        if (len < 0) {
+            rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+            goto error;
+        }
+        comment_len = _libssh2_ntohu32(s);
+        s += 4;
+
+        /* Read the comment */
+        len -= comment_len;
+        if (len < 0) {
+            rc = LIBSSH2_ERROR_AGENT_PROTOCOL;
+            goto error;
+        }
+        identity->external.comment = LIBSSH2_ALLOC(agent->session,
+                                                   comment_len + 1);
+        if (!identity->external.comment) {
+            rc = LIBSSH2_ERROR_ALLOC;
+            goto error;
+        }
+        identity->external.comment[comment_len] = '\0';
+        memcpy(identity->external.comment, s, comment_len);
+        s += comment_len;
+
+        _libssh2_list_add(&agent->head, &identity->node);
+    }
+ error:
+    LIBSSH2_FREE(agent->session, transctx->response);
+    transctx->response = NULL;
+
+    return rc;
+}
+
+static void
+agent_free_identities(LIBSSH2_AGENT *agent) {
+    struct agent_publickey *node;
+    struct agent_publickey *next;
+
+    for (node = _libssh2_list_first(&agent->head); node; node = next) {
+        next = _libssh2_list_next(&node->node);
+        LIBSSH2_FREE(agent->session, node->external.blob);
+        LIBSSH2_FREE(agent->session, node->external.comment);
+        LIBSSH2_FREE(agent->session, node);
+    }
+    _libssh2_list_init(&agent->head);
+}
+
+#define AGENT_PUBLICKEY_MAGIC 0x3bdefed2
+/*
+ * agent_publickey_to_external()
+ *
+ * Copies data from the internal to the external representation struct.
+ *
+ */
+static struct libssh2_agent_publickey *
+agent_publickey_to_external(struct agent_publickey *node)
+{
+    struct libssh2_agent_publickey *ext = &node->external;
+
+    ext->magic = AGENT_PUBLICKEY_MAGIC;
+    ext->node = node;
+
+    return ext;
+}
+
+/*
+ * libssh2_agent_init
+ *
+ * Init an ssh-agent handle. Returns the pointer to the handle.
+ *
+ */
+LIBSSH2_API LIBSSH2_AGENT *
+libssh2_agent_init(LIBSSH2_SESSION *session)
+{
+    LIBSSH2_AGENT *agent;
+
+    agent = LIBSSH2_ALLOC(session, sizeof *agent);
+    if (!agent) {
+        libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+                      "Unable to allocate space for agent connection", 0);
+        return NULL;
+    }
+    memset(agent, 0, sizeof *agent);
+    agent->session = session;
+    _libssh2_list_init(&agent->head);
+
+    return agent;
+}
+
+/*
+ * libssh2_agent_connect()
+ *
+ * Connect to an ssh-agent.
+ *
+ * Returns 0 if succeeded, or a negative value for error.
+ */
+LIBSSH2_API int
+libssh2_agent_connect(LIBSSH2_AGENT *agent)
+{
+    int i, rc = -1;
+    for (i = 0; supported_backends[i].name; i++) {
+        agent->ops = supported_backends[i].ops;
+        rc = agent->ops->connect(agent);
+        if (!rc)
+            return 0;
+    }
+    return rc;
+}
+
+/*
+ * libssh2_agent_list_identities()
+ *
+ * Request ssh-agent to list identities.
+ *
+ * Returns 0 if succeeded, or a negative value for error.
+ */
+LIBSSH2_API int
+libssh2_agent_list_identities(LIBSSH2_AGENT *agent)
+{
+    memset(&agent->transctx, 0, sizeof agent->transctx);
+    /* Abondon the last fetched identities */
+    agent_free_identities(agent);
+    return agent_list_identities(agent);
+}
+
+/*
+ * libssh2_agent_get_identity()
+ *
+ * Traverse the internal list of public keys. Pass NULL to 'prev' to get
+ * the first one. Or pass a poiner to the previously returned one to get the
+ * next.
+ *
+ * Returns:
+ * 0 if a fine public key was stored in 'store'
+ * 1 if end of public keys
+ * [negative] on errors
+ */
+LIBSSH2_API int
+libssh2_agent_get_identity(LIBSSH2_AGENT *agent,
+                           struct libssh2_agent_publickey **ext,
+                           struct libssh2_agent_publickey *oprev)
+{
+    struct agent_publickey *node;
+    if (oprev && oprev->node) {
+        /* we have a starting point */
+        struct agent_publickey *prev = oprev->node;
+
+        /* get the next node in the list */
+        node = _libssh2_list_next(&prev->node);
+    }
+    else
+        node = _libssh2_list_first(&agent->head);
+
+    if (!node)
+        /* no (more) node */
+        return 1;
+
+    *ext = agent_publickey_to_external(node);
+
+    return 0;
+}
+
+/*
+ * libssh2_agent_userauth()
+ *
+ * Do publickey user authentication with the help of ssh-agent.
+ *
+ * Returns 0 if succeeded, or a negative value for error.
+ */
+LIBSSH2_API int
+libssh2_agent_userauth(LIBSSH2_AGENT *agent,
+                       const char *username,
+                       struct libssh2_agent_publickey *identity)
+{
+    void *abstract = agent;
+
+    if (agent->session->userauth_pblc_state == libssh2_NB_state_idle) {
+        memset(&agent->transctx, 0, sizeof agent->transctx);
+        agent->identity = identity->node;
+    }
+    return libssh2_userauth_publickey(agent->session, username,
+				      identity->blob,
+				      identity->blob_len,
+				      agent_sign,
+				      &abstract);
+}
+
+/*
+ * libssh2_agent_disconnect()
+ *
+ * Close a connection to an ssh-agent.
+ *
+ * Returns 0 if succeeded, or a negative value for error.
+ */
+LIBSSH2_API int
+libssh2_agent_disconnect(LIBSSH2_AGENT *agent)
+{
+    if (agent->ops && agent->fd != INVALID_SOCKET)
+        return agent->ops->disconnect(agent);
+    return 0;
+}
+
+/*
+ * libssh2_agent_free()
+ *
+ * Free an ssh-agent handle.  This function also frees the internal
+ * collection of public keys.
+ */
+LIBSSH2_API void
+libssh2_agent_free(LIBSSH2_AGENT *agent) {
+    /* Allow connection freeing when the socket has lost its connection */
+    if (agent->fd != INVALID_SOCKET) {
+        libssh2_agent_disconnect(agent);
+    }
+    agent_free_identities(agent);
+    LIBSSH2_FREE(agent->session, agent);
+}

src/channel.h

@@ -104,5 +104,17 @@ _libssh2_channel_process_startup(LIBSSH2_CHANNEL *channel,
                                  const char *request, unsigned int request_len,
                                  const char *message, unsigned int message_len);
 
+
+/*
+ * _libssh2_channel_read
+ *
+ * Read data from a channel
+ *
+ * It is important to not return 0 until the currently read channel is
+ * complete. If we read stuff from the wire but it was no payload data to fill
+ * in the buffer with, we MUST make sure to return PACKET_EAGAIN.
+ */
+ssize_t _libssh2_channel_read(LIBSSH2_CHANNEL *channel, int stream_id,
+                              char *buf, size_t buflen);
 #endif /* __LIBSSH2_CHANNEL_H */
 

src/crypt.c

@@ -1,4 +1,5 @@
-/* Copyright (c) 2004-2007, Sara Golemon <sarag@libssh2.org>
+/* Copyright (c) 2009 Simon Josefsson <simon@josefsson.org>
+ * Copyright (c) 2004-2007, Sara Golemon <sarag@libssh2.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -114,6 +115,44 @@ crypt_dtor(LIBSSH2_SESSION * session, void **abstract)
     return 0;
 }
 
+#if LIBSSH2_AES_CTR
+static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_ctr = {
+    "aes128-ctr",
+    16,                         /* blocksize */
+    16,                         /* initial value length */
+    16,                         /* secret length -- 16*8 == 128bit */
+    0,                          /* flags */
+    &crypt_init,
+    &crypt_encrypt,
+    &crypt_dtor,
+    _libssh2_cipher_aes128ctr
+};
+
+static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_ctr = {
+    "aes192-ctr",
+    16,                         /* blocksize */
+    16,                         /* initial value length */
+    24,                         /* secret length -- 24*8 == 192bit */
+    0,                          /* flags */
+    &crypt_init,
+    &crypt_encrypt,
+    &crypt_dtor,
+    _libssh2_cipher_aes192ctr
+};
+
+static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_ctr = {
+    "aes256-ctr",
+    16,                         /* blocksize */
+    16,                         /* initial value length */
+    32,                         /* secret length -- 32*8 == 256bit */
+    0,                          /* flags */
+    &crypt_init,
+    &crypt_encrypt,
+    &crypt_dtor,
+    _libssh2_cipher_aes256ctr
+};
+#endif
+
 #if LIBSSH2_AES
 static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_cbc = {
     "aes128-cbc",
@@ -192,6 +231,40 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_arcfour = {
     &crypt_dtor,
     _libssh2_cipher_arcfour
 };
+
+static int
+crypt_init_arcfour128(LIBSSH2_SESSION * session,
+                      const LIBSSH2_CRYPT_METHOD * method,
+                      unsigned char *iv, int *free_iv,
+                      unsigned char *secret, int *free_secret,
+                      int encrypt, void **abstract)
+{
+    int rc;
+
+    rc = crypt_init (session, method, iv, free_iv, secret, free_secret,
+		     encrypt, abstract);
+    if (rc == 0) {
+	struct crypt_ctx *cctx = *(struct crypt_ctx **) abstract;
+	unsigned char block[8];
+	size_t discard = 1536;
+	for (; discard; discard -= 8)
+	    _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block);
+    }
+
+    return rc;
+}
+
+static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_arcfour128 = {
+    "arcfour128",
+    8,                          /* blocksize */
+    8,                          /* initial value length */
+    16,                         /* secret length */
+    0,                          /* flags */
+    &crypt_init_arcfour128,
+    &crypt_encrypt,
+    &crypt_dtor,
+    _libssh2_cipher_arcfour
+};
 #endif /* LIBSSH2_RC4 */
 
 #if LIBSSH2_CAST
@@ -223,6 +296,11 @@ static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = {
 #endif
 
 static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
+#if LIBSSH2_AES_CTR
+  &libssh2_crypt_method_aes128_ctr,
+  &libssh2_crypt_method_aes192_ctr,
+  &libssh2_crypt_method_aes256_ctr,
+#endif /* LIBSSH2_AES */
 #if LIBSSH2_AES
     &libssh2_crypt_method_aes256_cbc,
     &libssh2_crypt_method_rijndael_cbc_lysator_liu_se,  /* == aes256-cbc */
@@ -233,6 +311,7 @@ static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = {
     &libssh2_crypt_method_blowfish_cbc,
 #endif /* LIBSSH2_BLOWFISH */
 #if LIBSSH2_RC4
+    &libssh2_crypt_method_arcfour128,
     &libssh2_crypt_method_arcfour,
 #endif /* LIBSSH2_RC4 */
 #if LIBSSH2_CAST

src/hostkey.c

@@ -1,4 +1,5 @@
 /* Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
+ * Copyright (c) 2009 by Daniel Stenberg
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -36,6 +37,7 @@
  */
 
 #include "libssh2_priv.h"
+#include "misc.h"
 
 /* Needed for struct iovec on some platforms */
 #ifdef HAVE_SYS_UIO_H
@@ -112,7 +114,6 @@ hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION * session,
                                void **abstract)
 {
     libssh2_rsa_ctx *rsactx;
-    FILE *fp;
     int ret;
 
     if (*abstract) {
@@ -120,13 +121,7 @@ hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION * session,
         *abstract = NULL;
     }
 
-    fp = fopen(privkeyfile, "r");
-    if (!fp) {
-        return -1;
-    }
-
-    ret = _libssh2_rsa_new_private(&rsactx, session, fp, passphrase);
-    fclose(fp);
+    ret = _libssh2_rsa_new_private(&rsactx, session, privkeyfile, passphrase);
     if (ret) {
         return -1;
     }
@@ -294,7 +289,6 @@ hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION * session,
                                void **abstract)
 {
     libssh2_dsa_ctx *dsactx;
-    FILE *fp;
     int ret;
 
     if (*abstract) {
@@ -302,13 +296,7 @@ hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION * session,
         *abstract = NULL;
     }
 
-    fp = fopen(privkeyfile, "r");
-    if (!fp) {
-        return -1;
-    }
-
-    ret = _libssh2_dsa_new_private(&dsactx, session, fp, passphrase);
-    fclose(fp);
+    ret = _libssh2_dsa_new_private(&dsactx, session, privkeyfile, passphrase);
     if (ret) {
         return -1;
     }
@@ -453,3 +441,47 @@ libssh2_hostkey_hash(LIBSSH2_SESSION * session, int hash_type)
         return NULL;
     }
 }
+
+static int hostkey_type(const unsigned char *hostkey, size_t len)
+{
+    const unsigned char rsa[] = {
+        0, 0, 0, 0x07, 's', 's', 'h', '-', 'r', 's', 'a'
+    };
+    const unsigned char dss[] = {
+        0, 0, 0, 0x07, 's', 's', 'h', '-', 'd', 's', 's'
+    };
+
+    if (len < 11)
+        return LIBSSH2_HOSTKEY_TYPE_UNKNOWN;
+
+    if (!memcmp(rsa, hostkey, 11))
+        return LIBSSH2_HOSTKEY_TYPE_RSA;
+
+    if (!memcmp(dss, hostkey, 11))
+        return LIBSSH2_HOSTKEY_TYPE_DSS;
+
+    return LIBSSH2_HOSTKEY_TYPE_UNKNOWN;
+}
+
+/*
+ * libssh2_session_hostkey()
+ *
+ * Returns the server key and length.
+ *
+ */
+LIBSSH2_API const char *
+libssh2_session_hostkey(LIBSSH2_SESSION *session, size_t *len, int *type)
+{
+    if(session->server_hostkey_len) {
+        if(len)
+            *len = session->server_hostkey_len;
+        if (type)
+            *type = hostkey_type(session->server_hostkey,
+                                 session->server_hostkey_len);
+        return (char *) session->server_hostkey;
+    }
+    if(len)
+        *len = 0;
+    return NULL;
+}
+

src/kex.c

@@ -69,22 +69,20 @@
         }                                                                   \
 }
 
-/* kex_method_diffie_hellman_groupGP_sha1_key_exchange
+/*
+ * diffie_hellman_sha1
+ *
  * Diffie Hellman Key Exchange, Group Agnostic
  */
-static int
-kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
+static int diffie_hellman_sha1(LIBSSH2_SESSION *session,
                                _libssh2_bn *g,
                                _libssh2_bn *p,
                                int group_order,
-                                                    unsigned char
-                                                    packet_type_init,
-                                                    unsigned char
-                                                    packet_type_reply,
+                               unsigned char packet_type_init,
+                               unsigned char packet_type_reply,
                                unsigned char *midhash,
                                unsigned long midhash_len,
-                                                    kmdhgGPsha1kex_state_t
-                                                    * exchange_state)
+                               kmdhgGPsha1kex_state_t *exchange_state)
 {
     int ret = 0;
     int rc;
@@ -122,7 +120,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
         if (!exchange_state->e_packet) {
             libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Out of memory error",
                           0);
-            ret = -1;
+            ret = LIBSSH2_ERROR_ALLOC;
             goto clean_exit;
         }
         exchange_state->e_packet[0] = packet_type_init;
@@ -137,7 +135,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                                exchange_state->e_packet + 6);
         }
 
-        _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sending KEX packet %d",
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sending KEX packet %d",
                        (int) packet_type_init);
         exchange_state->state = libssh2_NB_state_created;
     }
@@ -146,11 +144,11 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
         rc = _libssh2_transport_write(session, exchange_state->e_packet,
                                       exchange_state->e_packet_len);
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         } else if (rc) {
-            libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
+            libssh2_error(session, rc,
                           "Unable to send KEX init message", 0);
-            ret = -1;
+            ret = rc;
             goto clean_exit;
         }
         exchange_state->state = libssh2_NB_state_sent;
@@ -163,20 +161,20 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
              * need to silently ignore it */
             int burn_type;
 
-            _libssh2_debug(session, LIBSSH2_DBG_KEX,
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX,
                            "Waiting for badly guessed KEX packet (to be ignored)");
             burn_type =
                 _libssh2_packet_burn(session, &exchange_state->burn_state);
             if (burn_type == PACKET_EAGAIN) {
-                return PACKET_EAGAIN;
+                return burn_type;
             } else if (burn_type <= 0) {
                 /* Failed to receive a packet */
-                ret = -1;
+                ret = burn_type;
                 goto clean_exit;
             }
             session->burn_optimistic_kexinit = 0;
 
-            _libssh2_debug(session, LIBSSH2_DBG_KEX,
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX,
                            "Burnt packet of type: %02x",
                            (unsigned int) burn_type);
         }
@@ -191,12 +189,12 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                                      &exchange_state->s_packet_len, 0, NULL,
                                      0, &exchange_state->req_state);
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         }
         if (rc) {
             libssh2_error(session, LIBSSH2_ERROR_TIMEOUT,
                           "Timed out waiting for KEX reply", 0);
-            ret = -1;
+            ret = rc;
             goto clean_exit;
         }
 
@@ -211,7 +209,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
             libssh2_error(session, LIBSSH2_ERROR_ALLOC,
                           "Unable to allocate memory for a copy of the host key",
                           0);
-            ret = -1;
+            ret = LIBSSH2_ERROR_ALLOC;
             goto clean_exit;
         }
         memcpy(session->server_hostkey, exchange_state->s,
@@ -235,7 +233,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                 snprintf(fprint, 4, "%02x:", session->server_hostkey_md5[i]);
             }
             *(--fprint) = '\0';
-            _libssh2_debug(session, LIBSSH2_DBG_KEX,
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX,
                            "Server's MD5 Fingerprint: %s", fingerprint);
         }
 #endif /* LIBSSH2DEBUG */
@@ -258,17 +256,17 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                 snprintf(fprint, 4, "%02x:", session->server_hostkey_sha1[i]);
             }
             *(--fprint) = '\0';
-            _libssh2_debug(session, LIBSSH2_DBG_KEX,
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX,
                            "Server's SHA1 Fingerprint: %s", fingerprint);
         }
 #endif /* LIBSSH2DEBUG */
 
-        if (session->hostkey->
-            init(session, session->server_hostkey, session->server_hostkey_len,
+        if (session->hostkey->init(session, session->server_hostkey,
+                                   session->server_hostkey_len,
                                    &session->server_hostkey_abstract)) {
             libssh2_error(session, LIBSSH2_ERROR_HOSTKEY_INIT,
                           "Unable to initialize hostkey importer", 0);
-            ret = -1;
+            ret = LIBSSH2_ERROR_HOSTKEY_INIT;
             goto clean_exit;
         }
 
@@ -296,7 +294,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
         if (!exchange_state->k_value) {
             libssh2_error(session, LIBSSH2_ERROR_ALLOC,
                           "Unable to allocate buffer for K", 0);
-            ret = -1;
+            ret = LIBSSH2_ERROR_ALLOC;
             goto clean_exit;
         }
         _libssh2_htonu32(exchange_state->k_value,
@@ -412,7 +410,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
             goto clean_exit;
         }
 
-        _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sending NEWKEYS message");
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sending NEWKEYS message");
         exchange_state->c = SSH_MSG_NEWKEYS;
 
         exchange_state->state = libssh2_NB_state_sent2;
@@ -421,11 +419,10 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
     if (exchange_state->state == libssh2_NB_state_sent2) {
         rc = _libssh2_transport_write(session, &exchange_state->c, 1);
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         } else if (rc) {
-            libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
-                          "Unable to send NEWKEYS message", 0);
-            ret = -1;
+            libssh2_error(session, rc, "Unable to send NEWKEYS message", 0);
+            ret = rc;
             goto clean_exit;
         }
 
@@ -438,17 +435,16 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                                      &exchange_state->tmp_len, 0, NULL, 0,
                                      &exchange_state->req_state);
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         } else if (rc) {
-            libssh2_error(session, LIBSSH2_ERROR_TIMEOUT,
-                          "Timed out waiting for NEWKEYS", 0);
-            ret = -1;
+            libssh2_error(session, rc, "Timed out waiting for NEWKEYS", 0);
+            ret = rc;
             goto clean_exit;
         }
         /* The first key exchange has been performed,
            switch to active crypt/comp/mac mode */
         session->state |= LIBSSH2_STATE_NEWKEYS;
-        _libssh2_debug(session, LIBSSH2_DBG_KEX, "Received NEWKEYS message");
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Received NEWKEYS message");
 
         /* This will actually end up being just packet_type(1)
            for this packet type anyway */
@@ -457,13 +453,15 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
         if (!session->session_id) {
             session->session_id = LIBSSH2_ALLOC(session, SHA_DIGEST_LENGTH);
             if (!session->session_id) {
-                ret = -1;
+                libssh2_error(session, LIBSSH2_ERROR_ALLOC,
+                              "Unable to allocate buffer for SHA digest", 0);
+                ret = LIBSSH2_ERROR_ALLOC;
                 goto clean_exit;
             }
             memcpy(session->session_id, exchange_state->h_sig_comp,
                    SHA_DIGEST_LENGTH);
             session->session_id_len = SHA_DIGEST_LENGTH;
-            _libssh2_debug(session, LIBSSH2_DBG_KEX, "session_id calculated");
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX, "session_id calculated");
         }
 
         /* Cleanup any existing cipher */
@@ -489,7 +487,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                                                         secret_len, "C");
             if (!secret) {
                 LIBSSH2_FREE(session, iv);
-                ret = -1;
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
                 goto clean_exit;
             }
             if (session->local.crypt->
@@ -497,7 +495,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                      &free_secret, 1, &session->local.crypt_abstract)) {
                 LIBSSH2_FREE(session, iv);
                 LIBSSH2_FREE(session, secret);
-                ret = -1;
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
                 goto clean_exit;
             }
 
@@ -511,7 +509,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                 LIBSSH2_FREE(session, secret);
             }
         }
-        _libssh2_debug(session, LIBSSH2_DBG_KEX,
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
                        "Client to Server IV and Key calculated");
 
         if (session->remote.crypt->dtor) {
@@ -528,7 +526,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                                                         session->remote.crypt->
                                                         iv_len, "B");
             if (!iv) {
-                ret = -1;
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
                 goto clean_exit;
             }
             LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(secret,
@@ -536,7 +534,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                                                         secret_len, "D");
             if (!secret) {
                 LIBSSH2_FREE(session, iv);
-                ret = -1;
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
                 goto clean_exit;
             }
             if (session->remote.crypt->
@@ -544,7 +542,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                      &free_secret, 0, &session->remote.crypt_abstract)) {
                 LIBSSH2_FREE(session, iv);
                 LIBSSH2_FREE(session, secret);
-                ret = -1;
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
                 goto clean_exit;
             }
 
@@ -558,7 +556,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                 LIBSSH2_FREE(session, secret);
             }
         }
-        _libssh2_debug(session, LIBSSH2_DBG_KEX,
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
                        "Server to Client IV and Key calculated");
 
         if (session->local.mac->dtor) {
@@ -573,7 +571,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                                                         session->local.mac->
                                                         key_len, "E");
             if (!key) {
-                ret = -1;
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
                 goto clean_exit;
             }
             session->local.mac->init(session, key, &free_key,
@@ -584,7 +582,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                 LIBSSH2_FREE(session, key);
             }
         }
-        _libssh2_debug(session, LIBSSH2_DBG_KEX,
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
                        "Client to Server HMAC Key calculated");
 
         if (session->remote.mac->dtor) {
@@ -599,7 +597,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                                                         session->remote.mac->
                                                         key_len, "F");
             if (!key) {
-                ret = -1;
+                ret = LIBSSH2_ERROR_KEX_FAILURE;
                 goto clean_exit;
             }
             session->remote.mac->init(session, key, &free_key,
@@ -610,7 +608,7 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
                 LIBSSH2_FREE(session, key);
             }
         }
-        _libssh2_debug(session, LIBSSH2_DBG_KEX,
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
                        "Server to Client HMAC Key calculated");
     }
 
@@ -641,11 +639,6 @@ kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION *session,
         exchange_state->k_value = NULL;
     }
 
-    if (session->server_hostkey) {
-        LIBSSH2_FREE(session, session->server_hostkey);
-        session->server_hostkey = NULL;
-    }
-
     exchange_state->state = libssh2_NB_state_idle;
 
     return ret;
@@ -691,23 +684,16 @@ kex_method_diffie_hellman_group1_sha1_key_exchange(LIBSSH2_SESSION *session,
         _libssh2_bn_set_word(key_state->g, 2);
         _libssh2_bn_from_bin(key_state->p, 128, p_value);
 
-        _libssh2_debug(session, LIBSSH2_DBG_KEX,
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
                        "Initiating Diffie-Hellman Group1 Key Exchange");
 
         key_state->state = libssh2_NB_state_created;
     }
-
-    ret =
-        kex_method_diffie_hellman_groupGP_sha1_key_exchange(session,
-                                                            key_state->g,
-                                                            key_state->p, 128,
-                                                            SSH_MSG_KEXDH_INIT,
-                                                            SSH_MSG_KEXDH_REPLY,
-                                                            NULL, 0,
-                                                            &key_state->
-                                                            exchange_state);
+    ret = diffie_hellman_sha1(session, key_state->g, key_state->p, 128,
+                              SSH_MSG_KEXDH_INIT, SSH_MSG_KEXDH_REPLY,
+                              NULL, 0, &key_state->exchange_state);
     if (ret == PACKET_EAGAIN) {
-        return PACKET_EAGAIN;
+        return ret;
     }
 
     _libssh2_bn_free(key_state->p);
@@ -774,23 +760,16 @@ kex_method_diffie_hellman_group14_sha1_key_exchange(LIBSSH2_SESSION *session,
         _libssh2_bn_set_word(key_state->g, 2);
         _libssh2_bn_from_bin(key_state->p, 256, p_value);
 
-        _libssh2_debug(session, LIBSSH2_DBG_KEX,
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
                        "Initiating Diffie-Hellman Group14 Key Exchange");
 
         key_state->state = libssh2_NB_state_created;
     }
-    ret =
-        kex_method_diffie_hellman_groupGP_sha1_key_exchange(session,
-                                                            key_state->g,
-                                                            key_state->p,
-                                                            256,
-                                                            SSH_MSG_KEXDH_INIT,
-                                                            SSH_MSG_KEXDH_REPLY,
-                                                            NULL, 0,
-                                                            &key_state->
-                                                            exchange_state);
+    ret = diffie_hellman_sha1(session, key_state->g, key_state->p,
+                              256, SSH_MSG_KEXDH_INIT, SSH_MSG_KEXDH_REPLY,
+                              NULL, 0, &key_state->exchange_state);
     if (ret == PACKET_EAGAIN) {
-        return PACKET_EAGAIN;
+        return ret;
     }
 
     key_state->state = libssh2_NB_state_idle;
@@ -827,13 +806,13 @@ kex_method_diffie_hellman_group_exchange_sha1_key_exchange
         _libssh2_htonu32(key_state->request + 5, LIBSSH2_DH_GEX_OPTGROUP);
         _libssh2_htonu32(key_state->request + 9, LIBSSH2_DH_GEX_MAXGROUP);
         key_state->request_len = 13;
-        _libssh2_debug(session, LIBSSH2_DBG_KEX,
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
                        "Initiating Diffie-Hellman Group-Exchange (New Method)");
 #else
         key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST_OLD;
         _libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_OPTGROUP);
         key_state->request_len = 5;
-        _libssh2_debug(session, LIBSSH2_DBG_KEX,
+        _libssh2_debug(session, LIBSSH2_TRACE_KEX,
                        "Initiating Diffie-Hellman Group-Exchange (Old Method)");
 #endif
 
@@ -844,11 +823,11 @@ kex_method_diffie_hellman_group_exchange_sha1_key_exchange
         rc = _libssh2_transport_write(session, key_state->request,
                                    key_state->request_len);
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         } else if (rc) {
-            libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
+            libssh2_error(session, rc,
                           "Unable to send Group Exchange Request", 0);
-            ret = -1;
+            ret = rc;
             goto dh_gex_clean_exit;
         }
 
@@ -860,11 +839,11 @@ kex_method_diffie_hellman_group_exchange_sha1_key_exchange
                                      &key_state->data, &key_state->data_len,
                                      0, NULL, 0, &key_state->req_state);
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         } else if (rc) {
-            libssh2_error(session, LIBSSH2_ERROR_TIMEOUT,
+            libssh2_error(session, rc,
                           "Timeout waiting for GEX_GROUP reply", 0);
-            ret = -1;
+            ret = rc;
             goto dh_gex_clean_exit;
         }
 
@@ -883,14 +862,14 @@ kex_method_diffie_hellman_group_exchange_sha1_key_exchange
         _libssh2_bn_from_bin(key_state->g, g_len, s);
         s += g_len;
 
-        ret =
-            kex_method_diffie_hellman_groupGP_sha1_key_exchange
-            (session, key_state->g, key_state->p, p_len,
-             SSH_MSG_KEX_DH_GEX_INIT, SSH_MSG_KEX_DH_GEX_REPLY,
-             key_state->data + 1, key_state->data_len - 1,
+        ret = diffie_hellman_sha1(session, key_state->g, key_state->p, p_len,
+                                  SSH_MSG_KEX_DH_GEX_INIT,
+                                  SSH_MSG_KEX_DH_GEX_REPLY,
+                                  key_state->data + 1,
+                                  key_state->data_len - 1,
                                   &key_state->exchange_state);
         if (ret == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return ret;
         }
 
         LIBSSH2_FREE(session, key_state->data);
@@ -1061,7 +1040,7 @@ static int kexinit(LIBSSH2_SESSION * session)
         if (!data) {
             libssh2_error(session, LIBSSH2_ERROR_ALLOC,
                           "Unable to allocate memory", 0);
-            return -1;
+            return LIBSSH2_ERROR_ALLOC;
         }
 
         *(s++) = SSH_MSG_KEXINIT;
@@ -1111,25 +1090,25 @@ static int kexinit(LIBSSH2_SESSION * session)
             /* Funnily enough, they'll all "appear" to be '\0' terminated */
             unsigned char *p = data + 21;       /* type(1) + cookie(16) + len(4) */
 
-            _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent KEX: %s", p);
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sent KEX: %s", p);
             p += kex_len + 4;
-            _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent HOSTKEY: %s", p);
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sent HOSTKEY: %s", p);
             p += hostkey_len + 4;
-            _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent CRYPT_CS: %s", p);
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sent CRYPT_CS: %s", p);
             p += crypt_cs_len + 4;
-            _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent CRYPT_SC: %s", p);
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sent CRYPT_SC: %s", p);
             p += crypt_sc_len + 4;
-            _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent MAC_CS: %s", p);
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sent MAC_CS: %s", p);
             p += mac_cs_len + 4;
-            _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent MAC_SC: %s", p);
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sent MAC_SC: %s", p);
             p += mac_sc_len + 4;
-            _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent COMP_CS: %s", p);
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sent COMP_CS: %s", p);
             p += comp_cs_len + 4;
-            _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent COMP_SC: %s", p);
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sent COMP_SC: %s", p);
             p += comp_sc_len + 4;
-            _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent LANG_CS: %s", p);
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sent LANG_CS: %s", p);
             p += lang_cs_len + 4;
-            _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent LANG_SC: %s", p);
+            _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Sent LANG_SC: %s", p);
             p += lang_sc_len + 4;
         }
 #endif /* LIBSSH2DEBUG */
@@ -1144,14 +1123,14 @@ static int kexinit(LIBSSH2_SESSION * session)
     if (rc == PACKET_EAGAIN) {
         session->kexinit_data = data;
         session->kexinit_data_len = data_len;
-        return PACKET_EAGAIN;
+        return rc;
     }
     else if (rc) {
         LIBSSH2_FREE(session, data);
-        libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
+        libssh2_error(session, rc,
                       "Unable to send KEXINIT packet to remote host", 0);
         session->kexinit_state = libssh2_NB_state_idle;
-        return -1;
+        return rc;
     }
 
     if (session->local.kexinit) {
@@ -1628,24 +1607,24 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data,
         return -1;
     }
 
-    _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on KEX method: %s",
+    _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Agreed on KEX method: %s",
                    session->kex->name);
-    _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on HOSTKEY method: %s",
+    _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Agreed on HOSTKEY method: %s",
                    session->hostkey->name);
-    _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on CRYPT_CS method: %s",
+    _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Agreed on CRYPT_CS method: %s",
                    session->local.crypt->name);
-    _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on CRYPT_SC method: %s",
+    _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Agreed on CRYPT_SC method: %s",
                    session->remote.crypt->name);
-    _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on MAC_CS method: %s",
+    _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Agreed on MAC_CS method: %s",
                    session->local.mac->name);
-    _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on MAC_SC method: %s",
+    _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Agreed on MAC_SC method: %s",
                    session->remote.mac->name);
-    _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on COMP_CS method: %s",
+    _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Agreed on COMP_CS method: %s",
                    session->local.comp->name);
-    _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on COMP_SC method: %s",
+    _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Agreed on COMP_SC method: %s",
                    session->remote.comp->name);
-    _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on LANG_CS method:");      /* None yet */
-    _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on LANG_SC method:");      /* None yet */
+    _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Agreed on LANG_CS method:");      /* None yet */
+    _libssh2_debug(session, LIBSSH2_TRACE_KEX, "Agreed on LANG_SC method:");      /* None yet */
 
     /* Initialize compression layer */
     if (session->local.comp && session->local.comp->init &&
@@ -1667,6 +1646,8 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data,
 /* libssh2_kex_exchange
  * Exchange keys
  * Returns 0 on success, non-zero on failure
+ *
+ * Returns some errors without libssh2_error()
  */
 int
 libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange,
@@ -1709,7 +1690,7 @@ libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange,
             retcode = kexinit(session);
             if (retcode == PACKET_EAGAIN) {
                 session->state &= ~LIBSSH2_STATE_KEX_ACTIVE;
-                return PACKET_EAGAIN;
+                return retcode;
             } else if (retcode) {
                 session->local.kexinit = key_state->oldlocal;
                 session->local.kexinit_len = key_state->oldlocal_len;
@@ -1730,7 +1711,7 @@ libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange,
                                         &key_state->req_state);
             if (retcode == PACKET_EAGAIN) {
                 session->state &= ~LIBSSH2_STATE_KEX_ACTIVE;
-                return PACKET_EAGAIN;
+                return retcode;
             }
             else if (retcode) {
                 if (session->local.kexinit) {
@@ -1751,9 +1732,8 @@ libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange,
             session->remote.kexinit_len = key_state->data_len;
 
             if (kex_agree_methods(session, key_state->data,
-                                  key_state->data_len)) {
-                rc = -1;
-            }
+                                  key_state->data_len))
+                rc = LIBSSH2_ERROR_KEX_FAILURE;
 
             key_state->state = libssh2_NB_state_sent2;
         }
@@ -1763,16 +1743,15 @@ libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange,
 
     if (rc == 0) {
         if (key_state->state == libssh2_NB_state_sent2) {
-            retcode =
-                session->kex->exchange_keys(session,
+            retcode = session->kex->exchange_keys(session,
                                                   &key_state->key_state_low);
             if (retcode == PACKET_EAGAIN) {
                 session->state &= ~LIBSSH2_STATE_KEX_ACTIVE;
-                return PACKET_EAGAIN;
+                return retcode;
             } else if (retcode) {
                 libssh2_error(session, LIBSSH2_ERROR_KEY_EXCHANGE_FAILURE,
                               "Unrecoverable error exchanging keys", 0);
-                rc = -1;
+                rc = retcode;
             }
         }
     }

src/knownhost.c

@@ -0,0 +1,843 @@
+/*
+ * Copyright (c) 2009 by Daniel Stenberg
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+#include "libssh2_priv.h"
+#include "misc.h"
+
+struct known_host {
+    struct list_node node;
+    char *name;      /* points to the name or the hash (allocated) */
+    size_t name_len; /* needed for hashed data */
+    int typemask;    /* plain, sha1, custom, ... */
+    char *salt;      /* points to binary salt (allocated) */
+    size_t salt_len; /* size of salt */
+    char *key;       /* the (allocated) associated key. This is kept base64
+                        encoded in memory. */
+
+    /* this is the struct we expose externally */
+    struct libssh2_knownhost external;
+};
+
+struct _LIBSSH2_KNOWNHOSTS
+{
+    LIBSSH2_SESSION *session;  /* the session this "belongs to" */
+    struct list_head head;
+};
+
+static void free_host(LIBSSH2_SESSION *session, struct known_host *entry)
+{
+    if(entry) {
+        if(entry->key)
+            LIBSSH2_FREE(session, entry->key);
+        if(entry->salt)
+            LIBSSH2_FREE(session, entry->salt);
+        if(entry->name)
+            LIBSSH2_FREE(session, entry->name);
+        LIBSSH2_FREE(session, entry);
+    }
+}
+
+/*
+ * libssh2_knownhost_init
+ *
+ * Init a collection of known hosts. Returns the pointer to a collection.
+ *
+ */
+LIBSSH2_API LIBSSH2_KNOWNHOSTS *
+libssh2_knownhost_init(LIBSSH2_SESSION *session)
+{
+    LIBSSH2_KNOWNHOSTS *knh =
+        LIBSSH2_ALLOC(session, sizeof(struct _LIBSSH2_KNOWNHOSTS));
+
+    if(!knh)
+        return NULL;
+
+    knh->session = session;
+
+    _libssh2_list_init(&knh->head);
+
+    return knh;
+}
+
+#define KNOWNHOST_MAGIC 0xdeadcafe
+/*
+ * knownhost_to_external()
+ *
+ * Copies data from the internal to the external representation struct.
+ *
+ */
+static struct libssh2_knownhost *knownhost_to_external(struct known_host *node)
+{
+    struct libssh2_knownhost *ext = &node->external;
+
+    ext->magic = KNOWNHOST_MAGIC;
+    ext->node = node;
+    ext->name = ((node->typemask & LIBSSH2_KNOWNHOST_TYPE_MASK) ==
+                 LIBSSH2_KNOWNHOST_TYPE_PLAIN)? node->name:NULL;
+    ext->key = node->key;
+    ext->typemask = node->typemask;
+
+    return ext;
+}
+
+/*
+ * libssh2_knownhost_add
+ *
+ * Add a host and its associated key to the collection of known hosts.
+ *
+ * The 'type' argument specifies on what format the given host and keys are:
+ *
+ * plain  - ascii "hostname.domain.tld"
+ * sha1   - SHA1(<salt> <host>) base64-encoded!
+ * custom - another hash
+ *
+ * If 'sha1' is selected as type, the salt must be provided to the salt
+ * argument. This too base64 encoded.
+ *
+ * The SHA-1 hash is what OpenSSH can be told to use in known_hosts files.  If
+ * a custom type is used, salt is ignored and you must provide the host
+ * pre-hashed when checking for it in the libssh2_knownhost_check() function.
+ *
+ */
+
+LIBSSH2_API int
+libssh2_knownhost_add(LIBSSH2_KNOWNHOSTS *hosts,
+                      const char *host, const char *salt,
+                      const char *key, size_t keylen,
+                      int typemask, struct libssh2_knownhost **store)
+{
+    struct known_host *entry =
+        LIBSSH2_ALLOC(hosts->session, sizeof(struct known_host));
+    size_t hostlen = strlen(host);
+    int rc = LIBSSH2_ERROR_ALLOC;
+    char *ptr;
+    unsigned int ptrlen;
+
+    if(!entry)
+        return rc;
+
+    if(!(typemask & LIBSSH2_KNOWNHOST_KEY_MASK))
+        /* make sure we have a key type set */
+        return LIBSSH2_ERROR_INVAL;
+
+    memset(entry, 0, sizeof(struct known_host));
+
+    entry->typemask = typemask;
+
+    switch(entry->typemask  & LIBSSH2_KNOWNHOST_TYPE_MASK) {
+    case LIBSSH2_KNOWNHOST_TYPE_PLAIN:
+    case LIBSSH2_KNOWNHOST_TYPE_CUSTOM:
+        entry->name = LIBSSH2_ALLOC(hosts->session, hostlen+1);
+        if(!entry)
+            goto error;
+        memcpy(entry->name, host, hostlen+1);
+        break;
+    case LIBSSH2_KNOWNHOST_TYPE_SHA1:
+        rc = libssh2_base64_decode(hosts->session, &ptr, &ptrlen,
+                                   host, hostlen);
+        if(rc)
+            goto error;
+        entry->name = ptr;
+        entry->name_len = ptrlen;
+
+        rc = libssh2_base64_decode(hosts->session, &ptr, &ptrlen,
+                                   salt, strlen(salt));
+        if(rc)
+            goto error;
+        entry->salt = ptr;
+        entry->salt_len = ptrlen;
+        break;
+    default:
+        rc = LIBSSH2_ERROR_METHOD_NOT_SUPPORTED;
+        goto error;
+    }
+
+    if(typemask & LIBSSH2_KNOWNHOST_KEYENC_BASE64) {
+        /* the provided key is base64 encoded already */
+        if(!keylen)
+            keylen = strlen(key);
+        entry->key = LIBSSH2_ALLOC(hosts->session, keylen+1);
+        if(!entry)
+            goto error;
+        memcpy(entry->key, key, keylen+1);
+        entry->key[keylen]=0; /* force a terminating zero trailer */
+    }
+    else {
+        /* key is raw, we base64 encode it and store it as such */
+        size_t nlen = _libssh2_base64_encode(hosts->session, key, keylen,
+                                             &ptr);
+        if(!nlen)
+            goto error;
+
+        entry->key = ptr;
+    }
+
+    /* add this new host to the big list of known hosts */
+    _libssh2_list_add(&hosts->head, &entry->node);
+
+    if(store)
+        *store = knownhost_to_external(entry);
+
+    return LIBSSH2_ERROR_NONE;
+  error:
+    free_host(hosts->session, entry);
+    return rc;
+}
+
+/*
+ * libssh2_knownhost_check
+ *
+ * Check a host and its associated key against the collection of known hosts.
+ *
+ * The typemask is the type/format of the given host name and key
+ *
+ * plain  - ascii "hostname.domain.tld"
+ * sha1   - NOT SUPPORTED AS INPUT
+ * custom - prehashed base64 encoded. Note that this cannot use any salts.
+ *
+ * Returns:
+ *
+ * LIBSSH2_KNOWNHOST_CHECK_FAILURE
+ * LIBSSH2_KNOWNHOST_CHECK_NOTFOUND
+ * LIBSSH2_KNOWNHOST_CHECK_MATCH
+ * LIBSSH2_KNOWNHOST_CHECK_MISMATCH
+ */
+LIBSSH2_API int
+libssh2_knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
+                        const char *host, const char *key, size_t keylen,
+                        int typemask,
+                        struct libssh2_knownhost **ext)
+{
+    struct known_host *node = _libssh2_list_first(&hosts->head);
+    struct known_host *badkey = NULL;
+    int type = typemask & LIBSSH2_KNOWNHOST_TYPE_MASK;
+    char *keyalloc = NULL;
+    int rc = LIBSSH2_KNOWNHOST_CHECK_NOTFOUND;
+
+    if(type == LIBSSH2_KNOWNHOST_TYPE_SHA1)
+        /* we can't work with a sha1 as given input */
+        return LIBSSH2_KNOWNHOST_CHECK_MISMATCH;
+
+    if(!(typemask & LIBSSH2_KNOWNHOST_KEYENC_BASE64)) {
+        /* we got a raw key input, convert it to base64 for the checks below */
+        size_t nlen = _libssh2_base64_encode(hosts->session, key, keylen,
+                                             &keyalloc);
+        if(!nlen)
+            return LIBSSH2_KNOWNHOST_CHECK_FAILURE;
+
+        /* make the key point to this */
+        key = keyalloc;
+        keylen = nlen;
+    }
+
+    while (node) {
+        int match = 0;
+        switch(node->typemask & LIBSSH2_KNOWNHOST_TYPE_MASK) {
+        case LIBSSH2_KNOWNHOST_TYPE_PLAIN:
+            if(type == LIBSSH2_KNOWNHOST_TYPE_PLAIN)
+                match = !strcmp(host, node->name);
+            break;
+        case LIBSSH2_KNOWNHOST_TYPE_CUSTOM:
+            if(type == LIBSSH2_KNOWNHOST_TYPE_CUSTOM)
+                match = !strcmp(host, node->name);
+            break;
+        case LIBSSH2_KNOWNHOST_TYPE_SHA1:
+            if(type == LIBSSH2_KNOWNHOST_TYPE_PLAIN) {
+                /* when we have the sha1 version stored, we can use a plain
+                   input to produce a hash to compare with the stored hash.
+                */
+                libssh2_hmac_ctx ctx;
+                unsigned char hash[SHA_DIGEST_LENGTH];
+
+                if(SHA_DIGEST_LENGTH != node->name_len) {
+                    /* the name hash length must be the sha1 size or
+                       we can't match it */
+                    break;
+                }
+                libssh2_hmac_sha1_init(&ctx, node->salt, node->salt_len);
+                libssh2_hmac_update(ctx, (unsigned char *)host, strlen(host));
+                libssh2_hmac_final(ctx, hash);
+                libssh2_hmac_cleanup(&ctx);
+
+                if(!memcmp(hash, node->name, SHA_DIGEST_LENGTH))
+                    /* this is a node we're interested in */
+                    match = 1;
+            }
+            break;
+        default: /* unsupported type */
+            break;
+        }
+        if(match) {
+            /* host name match, now compare the keys */
+            if(!strcmp(key, node->key)) {
+                /* they match! */
+                *ext = knownhost_to_external(node);
+                badkey = NULL;
+                rc = LIBSSH2_KNOWNHOST_CHECK_MATCH;
+                break;
+            }
+            else {
+                /* remember the first node that had a host match but a failed
+                   key match since we continue our search from here */
+                if(!badkey)
+                    badkey = node;
+            }
+        }
+        node= _libssh2_list_next(&node->node);
+    }
+
+    if(badkey) {
+        /* key mismatch */
+        *ext = knownhost_to_external(badkey);
+        rc = LIBSSH2_KNOWNHOST_CHECK_MISMATCH;
+    }
+
+    if(keyalloc)
+        LIBSSH2_FREE(hosts->session, keyalloc);
+
+    return rc;
+}
+
+/*
+ * libssh2_knownhost_del
+ *
+ * Remove a host from the collection of known hosts.
+ *
+ */
+LIBSSH2_API int
+libssh2_knownhost_del(LIBSSH2_KNOWNHOSTS *hosts,
+                      struct libssh2_knownhost *entry)
+{
+    struct known_host *node;
+    if(!entry || (entry->magic != KNOWNHOST_MAGIC))
+        /* check that this was retrieved the right way or get out */
+        return LIBSSH2_ERROR_INVAL;
+
+    /* get the internal node pointer */
+    node = entry->node;
+
+    /* unlink from the list of all hosts */
+    _libssh2_list_remove(&node->node);
+
+    /* free all resources */
+    free_host(hosts->session, node);
+
+    /* clear the struct now since this host entry has been removed! */
+    memset(entry, 0, sizeof(struct libssh2_knownhost));
+
+    return 0;
+}
+
+/*
+ * libssh2_knownhost_free
+ *
+ * Free an entire collection of known hosts.
+ *
+ */
+LIBSSH2_API void
+libssh2_knownhost_free(LIBSSH2_KNOWNHOSTS *hosts)
+{
+    struct known_host *node;
+    struct known_host *next;
+
+    for(node = _libssh2_list_first(&hosts->head); node; node = next) {
+        next = _libssh2_list_next(&node->node);
+        free_host(hosts->session, node);
+    }
+    LIBSSH2_FREE(hosts->session, hosts);
+}
+
+/*
+ * hostline()
+ *
+ * Parse a single known_host line pre-split into host and key.
+ *
+ */
+static int hostline(LIBSSH2_KNOWNHOSTS *hosts,
+                    const char *host, size_t hostlen,
+                    const char *key, size_t keylen)
+{
+    const char *p;
+    const char *orig = host;
+    const char *salt = NULL;
+    int rc;
+    int type = LIBSSH2_KNOWNHOST_TYPE_PLAIN;
+    const char *sep = NULL;
+    size_t seplen = 0;
+    char saltbuf[32];
+    char hostbuf[256];
+
+    /* Figure out host format */
+    if((hostlen >2) && memcmp(host, "|1|", 3)) {
+        /* old style plain text: [name][,][ip-address]
+
+           for the sake of simplicity, we add them as two hosts with the same
+           key
+         */
+        size_t scan = hostlen;
+
+        while(scan && (*host != ',')) {
+            host++;
+            scan--;
+        }
+
+        if(scan) {
+            sep = host+1;
+            seplen = scan-1;
+            hostlen -= scan; /* deduct what's left to scan from the first
+                                host name */
+        }
+        else
+            host = orig;
+    }
+    else {
+        /* |1|[salt]|[hash] */
+        type = LIBSSH2_KNOWNHOST_TYPE_SHA1;
+
+        salt = &host[3]; /* skip the magic marker */
+        hostlen -= 3;    /* deduct the marker */
+
+        /* this is where the salt starts, find the end of it */
+        for(p = salt; *p && (*p != '|'); p++)
+            ;
+
+        if(*p=='|') {
+            const char *hash = NULL;
+            size_t saltlen = p - salt;
+            if(saltlen >= (sizeof(saltbuf)-1))
+                return LIBSSH2_ERROR_METHOD_NOT_SUPPORTED; /* weird length */
+
+            memcpy(saltbuf, salt, saltlen);
+            saltbuf[saltlen] = 0; /* zero terminate */
+            salt = saltbuf; /* point to the stack based buffer */
+
+            hash = p+1; /* the host hash is after the separator */
+
+            /* now make the host point to the hash */
+            host = hash;
+            hostlen -= saltlen+1; /* deduct the salt and separator */
+        }
+        else
+            return 0;
+    }
+
+    /* make some checks that the lenghts seem sensible */
+    if((keylen < 20) ||
+       (seplen >= sizeof(hostbuf)-1) ||
+       (hostlen >= sizeof(hostbuf)-1))
+        return LIBSSH2_ERROR_METHOD_NOT_SUPPORTED;
+
+    switch(key[0]) {
+    case '0': case '1': case '2': case '3': case '4':
+    case '5': case '6': case '7': case '8': case '9':
+        type |= LIBSSH2_KNOWNHOST_KEY_RSA1;
+
+        /* Note that the old-style keys (RSA1) aren't truly base64, but we
+         * claim it is for now since we can get away with strcmp()ing the
+         * entire anything anyway! We need to check and fix these to make them
+         * work properly.
+         */
+        break;
+
+    case 's': /* ssh-dss or ssh-rsa */
+        if(!strncmp(key, "ssh-dss", 7))
+            type |= LIBSSH2_KNOWNHOST_KEY_SSHDSS;
+        else if(!strncmp(key, "ssh-rsa", 7))
+            type |= LIBSSH2_KNOWNHOST_KEY_SSHRSA;
+        else
+            return LIBSSH2_ERROR_METHOD_NOT_SUPPORTED; /* unknown key type */
+
+        key += 7;
+        keylen -= 7;
+
+        /* skip whitespaces */
+        while((*key ==' ') || (*key == '\t')) {
+            key++;
+            keylen--;
+        }
+        break;
+
+    default: /* unknown key format */
+        return LIBSSH2_ERROR_METHOD_NOT_SUPPORTED;
+    }
+
+    if(sep) {
+        /* The second host after the comma, add this first. Copy it to the
+           temp buffer and zero terminate */
+        memcpy(hostbuf, sep, seplen);
+        hostbuf[seplen]=0;
+
+        rc = libssh2_knownhost_add(hosts, hostbuf, salt, key, keylen,
+                                   type | LIBSSH2_KNOWNHOST_KEYENC_BASE64,
+                                   NULL);
+        if(rc)
+            return rc;
+    }
+
+    if (!salt)
+        host = orig;
+    memcpy(hostbuf, host, hostlen);
+    hostbuf[hostlen]=0;
+
+    rc = libssh2_knownhost_add(hosts, hostbuf, salt, key, keylen,
+                               type | LIBSSH2_KNOWNHOST_KEYENC_BASE64,
+                               NULL);
+    return rc;
+}
+
+/*
+ * libssh2_knownhost_readline()
+ *
+ * Pass in a line of a file of 'type'.
+ *
+ * LIBSSH2_KNOWNHOST_FILE_OPENSSH is the only supported type.
+ *
+ * OpenSSH line format:
+ *
+ * <host> <key>
+ *
+ * Where the two parts can be created like:
+ *
+ * <host> can be either
+ * <name> or <hash>
+ *
+ * <name> consists of
+ * [name,address] or just [name] or just [address]
+ *
+ * <hash> consists of
+ * |1|<salt>|hash
+ *
+ * <key> can be one of:
+ * [RSA bits] [e] [n as a decimal number]
+ * 'ssh-dss' [base64-encoded-key]
+ * 'ssh-rsa' [base64-encoded-key]
+ *
+ */
+LIBSSH2_API int
+libssh2_knownhost_readline(LIBSSH2_KNOWNHOSTS *hosts,
+                           const char *line, size_t len, int type)
+{
+    const char *cp;
+    const char *hostp;
+    const char *keyp;
+    size_t hostlen;
+    size_t keylen;
+    int rc;
+
+    if(type != LIBSSH2_KNOWNHOST_FILE_OPENSSH)
+        return LIBSSH2_ERROR_METHOD_NOT_SUPPORTED;
+
+    cp = line;
+
+    /* skip leading whitespaces */
+    while(len && ((*cp==' ') || (*cp == '\t'))) {
+        cp++;
+        len--;
+    }
+
+    if(!len || !*cp || (*cp == '#') || (*cp == '\n'))
+        /* comment or empty line */
+        return LIBSSH2_ERROR_NONE;
+
+    /* the host part starts here */
+    hostp = cp;
+
+    /* move over the host to the separator */
+    while(len && *cp && (*cp!=' ') && (*cp != '\t')) {
+        cp++;
+        len--;
+    }
+
+    hostlen = cp - hostp;
+
+    /* the key starts after the whitespaces */
+    while(len && *cp && ((*cp==' ') || (*cp == '\t'))) {
+        cp++;
+        len--;
+    }
+
+    if(!*cp || !len)
+        /* illegal line */
+        return LIBSSH2_ERROR_METHOD_NOT_SUPPORTED;
+
+    keyp = cp; /* the key starts here */
+    keylen = len;
+
+    /* check if the line (key) ends with a newline and if so kill it */
+    while(len && *cp && (*cp != '\n')) {
+        cp++;
+        len--;
+    }
+
+    /* zero terminate where the newline is */
+    if(*cp == '\n')
+        keylen--; /* don't include this in the count */
+
+    /* deal with this one host+key line */
+    rc = hostline(hosts, hostp, hostlen, keyp, keylen);
+    if(rc)
+        return rc; /* failed */
+
+    return LIBSSH2_ERROR_NONE; /* success */
+}
+
+/*
+ * libssh2_knownhost_readfile
+ *
+ * Read hosts+key pairs from a given file.
+ *
+ * Returns a negative value for error or number of successfully added hosts.
+ *
+ */
+
+LIBSSH2_API int
+libssh2_knownhost_readfile(LIBSSH2_KNOWNHOSTS *hosts,
+                           const char *filename, int type)
+{
+    FILE *file;
+    int num = 0;
+    char buf[2048];
+
+    if(type != LIBSSH2_KNOWNHOST_FILE_OPENSSH)
+        return LIBSSH2_ERROR_METHOD_NOT_SUPPORTED;
+
+    file = fopen(filename, "r");
+    if(file) {
+        while(fgets(buf, sizeof(buf), file)) {
+            if(libssh2_knownhost_readline(hosts, buf, strlen(buf), type))
+                break;
+            num++;
+        }
+        fclose(file);
+    }
+    else
+        return LIBSSH2_ERROR_FILE;
+    return num;
+}
+
+/*
+ * knownhost_writeline()
+ *
+ * Ask libssh2 to convert a known host to an output line for storage.
+ *
+ * Note that this function returns LIBSSH2_ERROR_BUFFER_TOO_SMALL if the given
+ * output buffer is too small to hold the desired output. The 'outlen' field
+ * will then contain the size libssh2 wanted to store, which then is the
+ * smallest sufficient buffer it would require.
+ *
+ */
+static int
+knownhost_writeline(LIBSSH2_KNOWNHOSTS *hosts,
+                    struct known_host *node,
+                    char *buf, size_t buflen,
+                    size_t *outlen, int type)
+{
+    int rc = LIBSSH2_ERROR_NONE;
+    int tindex;
+    const char *keytypes[4]={
+        "", /* not used */
+        "", /* this type has no name in the file */
+        " ssh-rsa",
+        " ssh-dss"
+    };
+    const char *keytype;
+    size_t nlen;
+
+    /* we only support this single file type for now, bail out on all other
+       attempts */
+    if(type != LIBSSH2_KNOWNHOST_FILE_OPENSSH)
+        return LIBSSH2_ERROR_METHOD_NOT_SUPPORTED;
+
+    tindex = (node->typemask & LIBSSH2_KNOWNHOST_KEY_MASK) >>
+        LIBSSH2_KNOWNHOST_KEY_SHIFT;
+
+    /* set the string used in the file */
+    keytype = keytypes[tindex];
+
+    if((node->typemask & LIBSSH2_KNOWNHOST_TYPE_MASK) ==
+       LIBSSH2_KNOWNHOST_TYPE_SHA1) {
+        char *namealloc;
+        char *saltalloc;
+        nlen = _libssh2_base64_encode(hosts->session, node->name,
+                                      node->name_len, &namealloc);
+        if(!nlen)
+            return LIBSSH2_ERROR_ALLOC;
+
+        nlen = _libssh2_base64_encode(hosts->session,
+                                      node->salt, node->salt_len,
+                                      &saltalloc);
+        if(!nlen) {
+            free(namealloc);
+            return LIBSSH2_ERROR_ALLOC;
+        }
+
+        nlen = strlen(saltalloc) + strlen(namealloc) + strlen(keytype) +
+            strlen(node->key) + 7; /* |1| + | + ' ' + \n + \0 = 7 */
+
+        if(nlen <= buflen)
+            sprintf(buf, "|1|%s|%s%s %s\n", saltalloc, namealloc, keytype,
+                    node->key);
+        else
+            rc = LIBSSH2_ERROR_BUFFER_TOO_SMALL;
+
+        free(namealloc);
+        free(saltalloc);
+    }
+    else {
+        nlen = strlen(node->name) + strlen(keytype) + strlen(node->key) + 3;
+        /* ' ' + '\n' + \0 = 3 */
+        if(nlen <= buflen)
+            /* these types have the plain name */
+            sprintf(buf, "%s%s %s\n", node->name, keytype, node->key);
+        else
+            rc = LIBSSH2_ERROR_BUFFER_TOO_SMALL;
+    }
+
+    /* we report the full length of the data with the trailing zero excluded */
+    *outlen = nlen-1;
+
+    return rc;
+}
+
+/*
+ * libssh2_knownhost_writeline()
+ *
+ * Ask libssh2 to convert a known host to an output line for storage.
+ *
+ * Note that this function returns LIBSSH2_ERROR_BUFFER_TOO_SMALL if the given
+ * output buffer is too small to hold the desired output.
+ */
+LIBSSH2_API int
+libssh2_knownhost_writeline(LIBSSH2_KNOWNHOSTS *hosts,
+                            struct libssh2_knownhost *known,
+                            char *buffer, size_t buflen,
+                            size_t *outlen, /* the amount of written data */
+                            int type)
+{
+    struct known_host *node;
+
+    if(known->magic != KNOWNHOST_MAGIC)
+        return LIBSSH2_ERROR_INVAL;
+
+    node = known->node;
+
+    return knownhost_writeline(hosts, node, buffer, buflen, outlen, type);
+}
+
+/*
+ * libssh2_knownhost_writefile()
+ *
+ * Write hosts+key pairs to the given file.
+ */
+LIBSSH2_API int
+libssh2_knownhost_writefile(LIBSSH2_KNOWNHOSTS *hosts,
+                           const char *filename, int type)
+{
+    struct known_host *node;
+    FILE *file;
+    int rc = LIBSSH2_ERROR_NONE;
+    char buffer[2048];
+
+    /* we only support this single file type for now, bail out on all other
+       attempts */
+    if(type != LIBSSH2_KNOWNHOST_FILE_OPENSSH)
+        return LIBSSH2_ERROR_METHOD_NOT_SUPPORTED;
+
+    file = fopen(filename, "w");
+    if(!file)
+        return LIBSSH2_ERROR_FILE;
+
+    for(node = _libssh2_list_first(&hosts->head);
+        node;
+        node= _libssh2_list_next(&node->node) ) {
+        size_t wrote;
+        size_t nwrote;
+        rc = knownhost_writeline(hosts, node, buffer, sizeof(buffer), &wrote,
+                                 type);
+        if(rc)
+            break;
+
+        nwrote = fwrite(buffer, 1, wrote, file);
+        if(nwrote != wrote) {
+            /* failed to write the whole thing, bail out */
+            rc = LIBSSH2_ERROR_FILE;
+            break;
+        }
+    }
+    fclose(file);
+
+    return rc;
+}
+
+
+/*
+ * libssh2_knownhost_get()
+ *
+ * Traverse the internal list of known hosts. Pass NULL to 'prev' to get
+ * the first one.
+ *
+ * Returns:
+ * 0 if a fine host was stored in 'store'
+ * 1 if end of hosts
+ * [negative] on errors
+ */
+LIBSSH2_API int
+libssh2_knownhost_get(LIBSSH2_KNOWNHOSTS *hosts,
+                      struct libssh2_knownhost **ext,
+                      struct libssh2_knownhost *oprev)
+{
+    struct known_host *node;
+    if(oprev && oprev->node) {
+        /* we have a starting point */
+        struct known_host *prev = oprev->node;
+
+        /* get the next node in the list */
+        node = _libssh2_list_next(&prev->node);
+
+    }
+    else
+        node = _libssh2_list_first(&hosts->head);
+
+    if(!node)
+        /* no (more) node */
+        return 1;
+
+    *ext = knownhost_to_external(node);
+
+    return 0;
+}

src/libgcrypt.c

@@ -1,5 +1,5 @@
-/* Copyright (C) 2006, 2007, The Written Word, Inc.
- * Copyright (C) 2008, Simon Josefsson
+/* Copyright (C) 2008, 2009, Simon Josefsson
+ * Copyright (C) 2006, 2007, The Written Word, Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -37,6 +37,9 @@
  */
 
 #include "libssh2_priv.h"
+
+#ifdef LIBSSH2_LIBGCRYPT /* compile only if we build with libgcrypt */
+
 #include <string.h>
 
 int
@@ -149,8 +152,9 @@ _libssh2_dsa_new(libssh2_dsa_ctx ** dsactx,
 int
 _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
                          LIBSSH2_SESSION * session,
-                         FILE * fp, unsigned const char *passphrase)
+                         const char *filename, unsigned const char *passphrase)
 {
+    FILE *fp;
     unsigned char *data, *save_data;
     unsigned int datalen;
     int ret;
@@ -159,10 +163,16 @@ _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
 
     (void) passphrase;
 
+    fp = fopen(filename, "r");
+    if (!fp) {
+        return -1;
+    }
+
     ret = _libssh2_pem_parse(session,
                              "-----BEGIN RSA PRIVATE KEY-----",
                              "-----END RSA PRIVATE KEY-----",
                              fp, &data, &datalen);
+    fclose(fp);
     if (ret) {
         return -1;
     }
@@ -244,8 +254,9 @@ _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
 int
 _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
                          LIBSSH2_SESSION * session,
-                         FILE * fp, unsigned const char *passphrase)
+                         const char *filename, unsigned const char *passphrase)
 {
+    FILE *fp;
     unsigned char *data, *save_data;
     unsigned int datalen;
     int ret;
@@ -254,10 +265,16 @@ _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
 
     (void) passphrase;
 
+    fp = fopen(filename, "r");
+    if (!fp) {
+        return -1;
+    }
+
     ret = _libssh2_pem_parse(session,
                              "-----BEGIN DSA PRIVATE KEY-----",
                              "-----END DSA PRIVATE KEY-----",
                              fp, &data, &datalen);
+    fclose(fp);
     if (ret) {
         return -1;
     }
@@ -407,61 +424,54 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
         return -1;
     }
 
+    memset(sig, 0, 40);
+
 /* Extract R. */
 
     data = gcry_sexp_find_token(sig_sexp, "r", 0);
-    if (!data) {
-        ret = -1;
-        goto out;
-    }
+    if (!data)
+        goto err;
 
     tmp = gcry_sexp_nth_data(data, 1, &size);
-    if (!tmp) {
-        ret = -1;
-        goto out;
-    }
+    if (!tmp)
+        goto err;
 
     if (tmp[0] == '\0') {
         tmp++;
         size--;
     }
 
-    if (size != 20) {
-        ret = -1;
-        goto out;
-    }
+    if (size < 1 || size > 20)
+        goto err;
 
-    memcpy(sig, tmp, 20);
+    memcpy(sig + (20 - size), tmp, size);
 
     gcry_sexp_release(data);
 
 /* Extract S. */
 
     data = gcry_sexp_find_token(sig_sexp, "s", 0);
-    if (!data) {
-        ret = -1;
-        goto out;
-    }
+    if (!data)
+        goto err;
 
     tmp = gcry_sexp_nth_data(data, 1, &size);
-    if (!tmp) {
-        ret = -1;
-        goto out;
-    }
+    if (!tmp)
+        goto err;
 
     if (tmp[0] == '\0') {
         tmp++;
         size--;
     }
 
-    if (size != 20) {
-        ret = -1;
+    if (size < 1 || size > 20)
+        goto err;
+
+    memcpy(sig + 20 + (20 - size), tmp, size);
     goto out;
-    }
 
-    memcpy(sig + 20, tmp, 20);
+  err:
+    ret = -1;
 
-    ret = 0;
   out:
     if (sig_sexp) {
         gcry_sexp_release(sig_sexp);
@@ -507,16 +517,14 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h,
                      _libssh2_cipher_type(algo),
                      unsigned char *iv, unsigned char *secret, int encrypt)
 {
-    int mode = 0, ret;
-    int keylen = gcry_cipher_get_algo_keylen(algo);
+    int ret;
+    int cipher = _libssh2_gcry_cipher (algo);
+    int mode = _libssh2_gcry_mode (algo);
+    int keylen = gcry_cipher_get_algo_keylen(cipher);
 
     (void) encrypt;
 
-    if (algo != GCRY_CIPHER_ARCFOUR) {
-        mode = GCRY_CIPHER_MODE_CBC;
-    }
-
-    ret = gcry_cipher_open(h, algo, mode, 0);
+    ret = gcry_cipher_open(h, cipher, mode, 0);
     if (ret) {
         return -1;
     }
@@ -527,8 +535,11 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h,
         return -1;
     }
 
-    if (algo != GCRY_CIPHER_ARCFOUR) {
-        int blklen = gcry_cipher_get_algo_blklen(algo);
+    if (mode != GCRY_CIPHER_MODE_STREAM) {
+        int blklen = gcry_cipher_get_algo_blklen(cipher);
+	if (mode == GCRY_CIPHER_MODE_CTR)
+	  ret = gcry_cipher_setctr(*h, iv, blklen);
+	else
 	  ret = gcry_cipher_setiv(*h, iv, blklen);
 	if (ret) {
             gcry_cipher_close(*h);
@@ -544,8 +555,10 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
                       _libssh2_cipher_type(algo),
                       int encrypt, unsigned char *block)
 {
-    size_t blklen = gcry_cipher_get_algo_blklen(algo);
+    int cipher = _libssh2_gcry_cipher (algo);
+    size_t blklen = gcry_cipher_get_algo_blklen(cipher);
     int ret;
+
     if (blklen == 1) {
 /* Hack for arcfour. */
         blklen = 8;
@@ -558,3 +571,5 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
     }
     return ret;
 }
+
+#endif /* LIBSSH2_LIBGCRYPT */

src/libgcrypt.h

@@ -1,5 +1,6 @@
-/* Copyright (C) 2006, 2007, The Written Word, Inc.
- * Copyright (C) 2008, Simon Josefsson
+/*
+ * Copyright (C) 2008, 2009 Simon Josefsson
+ * Copyright (C) 2006, 2007, The Written Word, Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -43,6 +44,7 @@
 #define LIBSSH2_HMAC_RIPEMD 1
 
 #define LIBSSH2_AES 1
+#define LIBSSH2_AES_CTR 1
 #define LIBSSH2_BLOWFISH 1
 #define LIBSSH2_RC4 1
 #define LIBSSH2_CAST 1
@@ -112,7 +114,8 @@ int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
                      const unsigned char *coeffdata, unsigned long coefflen);
 int _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
                              LIBSSH2_SESSION * session,
-                             FILE * fp, unsigned const char *passphrase);
+                             const char *filename,
+                             unsigned const char *passphrase);
 int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsa,
                              const unsigned char *sig,
                              unsigned long sig_len,
@@ -140,7 +143,8 @@ int _libssh2_dsa_new(libssh2_dsa_ctx ** dsa,
                      const unsigned char *x, unsigned long x_len);
 int _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
                              LIBSSH2_SESSION * session,
-                             FILE * fp, unsigned const char *passphrase);
+                             const char *filename,
+                             unsigned const char *passphrase);
 int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsa,
                              const unsigned char *sig,
                              const unsigned char *m, unsigned long m_len);
@@ -153,13 +157,30 @@ int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
 #define _libssh2_cipher_type(name) int name
 #define _libssh2_cipher_ctx gcry_cipher_hd_t
 
-#define _libssh2_cipher_aes256 GCRY_CIPHER_AES256
-#define _libssh2_cipher_aes192 GCRY_CIPHER_AES192
-#define _libssh2_cipher_aes128 GCRY_CIPHER_AES128
-#define _libssh2_cipher_blowfish GCRY_CIPHER_BLOWFISH
-#define _libssh2_cipher_arcfour GCRY_CIPHER_ARCFOUR
-#define _libssh2_cipher_cast5 GCRY_CIPHER_CAST5
-#define _libssh2_cipher_3des GCRY_CIPHER_3DES
+#define _libssh2_gcry_ciphermode(c,m) ((c << 8) | m)
+#define _libssh2_gcry_cipher(c) (c >> 8)
+#define _libssh2_gcry_mode(m) (m & 0xFF)
+
+#define _libssh2_cipher_aes256ctr		\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CTR)
+#define _libssh2_cipher_aes192ctr		\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CTR)
+#define _libssh2_cipher_aes128ctr					\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CTR)
+#define _libssh2_cipher_aes256						\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC)
+#define _libssh2_cipher_aes192			\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC)
+#define _libssh2_cipher_aes128			\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC)
+#define _libssh2_cipher_blowfish		\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC)
+#define _libssh2_cipher_arcfour			\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM)
+#define _libssh2_cipher_cast5			\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CBC)
+#define _libssh2_cipher_3des			\
+  _libssh2_gcry_ciphermode(GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC)
 
 int _libssh2_cipher_init(_libssh2_cipher_ctx * h,
                          _libssh2_cipher_type(algo),

src/libssh2_priv.h

@@ -1,5 +1,6 @@
 /* Copyright (c) 2004-2008, Sara Golemon <sarag@libssh2.org>
  * Copyright (c) 2009 by Daniel Stenberg
+ * Copyright (c) 2010 Simon Josefsson
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -39,6 +40,12 @@
 #ifndef LIBSSH2_PRIV_H
 #define LIBSSH2_PRIV_H 1
 
+#ifdef _WIN32
+  #ifndef _CRT_SECURE_NO_DEPRECATE
+    #define _CRT_SECURE_NO_DEPRECATE 1
+  #endif /* _CRT_SECURE_NO_DEPRECATE */
+#endif /* WIN32 */
+
 #define LIBSSH2_LIBRARY
 #include "libssh2_config.h"
 
@@ -79,6 +86,7 @@
 #include "libssh2.h"
 #include "libssh2_publickey.h"
 #include "libssh2_sftp.h"
+#include "misc.h" /* for the linked list stuff */
 
 #ifndef FALSE
 #define FALSE 0
@@ -90,10 +98,9 @@
 /* Provide iovec / writev on WIN32 platform. */
 #ifdef WIN32
 
-/* same as WSABUF */
 struct iovec {
-    u_long iov_len;
-    char *iov_base;
+    size_t iov_len;
+    void * iov_base;
 };
 
 #define inline __inline
@@ -143,6 +150,13 @@ static inline int writev(int sock, struct iovec *iov, int nvecs)
 
 #endif
 
+#ifdef WIN32
+typedef SOCKET libssh2_socket_t;
+#else /* !WIN32 */
+typedef int libssh2_socket_t;
+#define INVALID_SOCKET -1
+#endif /* WIN32 */
+
 /* RFC4253 section 6.1 Maximum Packet Length says:
  *
  * "All implementations MUST be able to process packets with
@@ -181,10 +195,6 @@ typedef struct _LIBSSH2_CRYPT_METHOD LIBSSH2_CRYPT_METHOD;
 typedef struct _LIBSSH2_COMP_METHOD LIBSSH2_COMP_METHOD;
 
 typedef struct _LIBSSH2_PACKET LIBSSH2_PACKET;
-typedef struct _LIBSSH2_PACKET_BRIGADE LIBSSH2_PACKET_BRIGADE;
-typedef struct _LIBSSH2_CHANNEL_BRIGADE LIBSSH2_CHANNEL_BRIGADE;
-
-typedef int libssh2pack_t;
 
 typedef enum
 {
@@ -201,7 +211,9 @@ typedef enum
     libssh2_NB_state_sent7,
     libssh2_NB_state_jump1,
     libssh2_NB_state_jump2,
-    libssh2_NB_state_jump3
+    libssh2_NB_state_jump3,
+    libssh2_NB_state_jump4,
+    libssh2_NB_state_jump5
 } libssh2_nonblocking_states;
 
 typedef struct packet_require_state_t
@@ -282,6 +294,7 @@ typedef struct packet_queue_listener_state_t
     uint32_t sport;
     uint32_t host_len;
     uint32_t shost_len;
+    LIBSSH2_CHANNEL *channel;
 } packet_queue_listener_state_t;
 
 #define X11FwdUnAvil "X11 Forward Unavailable"
@@ -296,10 +309,13 @@ typedef struct packet_x11_open_state_t
     uint32_t packet_size;
     uint32_t sport;
     uint32_t shost_len;
+    LIBSSH2_CHANNEL *channel;
 } packet_x11_open_state_t;
 
 struct _LIBSSH2_PACKET
 {
+    struct list_node node; /* linked list header */
+
     unsigned char type;
 
     /* Unencrypted Payload (no type byte, no padding, just the facts ma'am) */
@@ -312,15 +328,6 @@ struct _LIBSSH2_PACKET
 
     /* Can the message be confirmed? */
     int mac;
-
-    LIBSSH2_PACKET_BRIGADE *brigade;
-
-    LIBSSH2_PACKET *next, *prev;
-};
-
-struct _LIBSSH2_PACKET_BRIGADE
-{
-    LIBSSH2_PACKET *head, *tail;
 };
 
 typedef struct _libssh2_channel_data
@@ -337,6 +344,8 @@ typedef struct _libssh2_channel_data
 
 struct _LIBSSH2_CHANNEL
 {
+    struct list_node node;
+
     unsigned char *channel_type;
     unsigned channel_type_len;
 
@@ -349,8 +358,6 @@ struct _LIBSSH2_CHANNEL
 
     LIBSSH2_SESSION *session;
 
-    LIBSSH2_CHANNEL *next, *prev;
-
     void *abstract;
       LIBSSH2_CHANNEL_CLOSE_FUNC((*close_cb));
 
@@ -393,8 +400,6 @@ struct _LIBSSH2_CHANNEL
 
     /* State variables used in libssh2_channel_read_ex() */
     libssh2_nonblocking_states read_state;
-    LIBSSH2_PACKET *read_packet;
-    LIBSSH2_PACKET *read_next;
 
     uint32_t read_local_id;
 
@@ -423,24 +428,21 @@ struct _LIBSSH2_CHANNEL
     libssh2_nonblocking_states extData2_state;
 };
 
-struct _LIBSSH2_CHANNEL_BRIGADE
-{
-    LIBSSH2_CHANNEL *head, *tail;
-};
-
 struct _LIBSSH2_LISTENER
 {
+    struct list_node node; /* linked list header */
+
     LIBSSH2_SESSION *session;
 
     char *host;
     int port;
 
-    LIBSSH2_CHANNEL *queue;
+    /* a list of CHANNELs for this listener */
+    struct list_head queue;
+
     int queue_size;
     int queue_maxsize;
 
-    LIBSSH2_LISTENER *prev, *next;
-
     /* State variables used in libssh2_channel_forward_cancel() */
     libssh2_nonblocking_states chanFwdCncl_state;
     unsigned char *chanFwdCncl_data;
@@ -541,8 +543,9 @@ struct _LIBSSH2_PUBLICKEY
 
 struct _LIBSSH2_SFTP_HANDLE
 {
+    struct list_node node;
+
     LIBSSH2_SFTP *sftp;
-    LIBSSH2_SFTP_HANDLE *prev, *next;
 
     /* This is a pre-allocated buffer used for sending SFTP requests as the
        whole thing might not get sent in one go. This buffer is used for read,
@@ -580,9 +583,10 @@ struct _LIBSSH2_SFTP
 
     unsigned long request_id, version;
 
-    LIBSSH2_PACKET_BRIGADE packets;
+    struct list_head packets;
 
-    LIBSSH2_SFTP_HANDLE *handles;
+    /* a list of _LIBSSH2_SFTP_HANDLE structs */
+    struct list_head sftp_handles;
 
     unsigned long last_errno;
 
@@ -707,18 +711,19 @@ struct _LIBSSH2_SESSION
     /* (local as source of data -- packet_write ) */
     libssh2_endpoint_data local;
 
-    /* Inbound Data buffer -- Sometimes the packet that comes in isn't the
+    /* Inbound Data linked list -- Sometimes the packet that comes in isn't the
        packet we're ready for */
-    LIBSSH2_PACKET_BRIGADE packets;
+    struct list_head packets;
 
     /* Active connection channels */
-    LIBSSH2_CHANNEL_BRIGADE channels;
+    struct list_head channels;
+
     unsigned long next_channel;
 
-    LIBSSH2_LISTENER *listeners;
+    struct list_head listeners; /* list of LIBSSH2_LISTENER structs */
 
     /* Actual I/O socket */
-    int socket_fd;
+    libssh2_socket_t socket_fd;
     int socket_state;
     int socket_block_directions;
     int socket_prev_blockstate; /* stores the state of the socket blockiness
@@ -734,6 +739,8 @@ struct _LIBSSH2_SESSION
     struct transportpacket packet;
 #ifdef LIBSSH2DEBUG
     int showmask;               /* what debug/trace messages to display */
+    libssh2_trace_handler_func tracehandler; /* callback to display trace messages */
+    void* tracehandler_context; /* context for the trace handler */
 #endif
 
     /* State variables used in libssh2_banner_send() */
@@ -805,7 +812,7 @@ struct _LIBSSH2_SESSION
     unsigned char *userauth_pblc_b;
     packet_requirev_state_t userauth_pblc_packet_requirev_state;
 
-    /* State variables used in llibssh2_userauth_keyboard_interactive_ex() */
+    /* State variables used in libssh2_userauth_keyboard_interactive_ex() */
     libssh2_nonblocking_states userauth_kybd_state;
     unsigned char *userauth_kybd_data;
     unsigned long userauth_kybd_data_len;
@@ -854,7 +861,6 @@ struct _LIBSSH2_SESSION
 
     /* State variables used in libssh2_packet_add() */
     libssh2_nonblocking_states packAdd_state;
-    LIBSSH2_PACKET *packAdd_packet;
     LIBSSH2_CHANNEL *packAdd_channel;
     unsigned long packAdd_data_head;
     key_exchange_state_t packAdd_key_state;
@@ -865,7 +871,7 @@ struct _LIBSSH2_SESSION
     libssh2_nonblocking_states fullpacket_state;
     int fullpacket_macstate;
     int fullpacket_payload_len;
-    libssh2pack_t fullpacket_packet_type;
+    int fullpacket_packet_type;
 
     /* State variables used in libssh2_sftp_init() */
     libssh2_nonblocking_states sftpInit_state;
@@ -881,7 +887,7 @@ struct _LIBSSH2_SESSION
     unsigned char scpRecv_response[LIBSSH2_SCP_RESPONSE_BUFLEN];
     unsigned long scpRecv_response_len;
     long scpRecv_mode;
-#if defined(HAVE_LONGLONG) && defined(strtoll)
+#if defined(HAVE_LONGLONG) && defined(HAVE_STRTOLL)
     /* we have the type and we can parse such numbers */
     long long scpRecv_size;
 #define scpsize_strtol strtoll
@@ -922,7 +928,10 @@ struct _LIBSSH2_SESSION
 #define LIBSSH2_SOCKET_RECV_FLAGS(session)      0
 #endif
 
-/* libssh2 extensible ssh api, ultimately I'd like to allow loading additional methods via .so/.dll */
+/* --------- */
+
+/* libssh2 extensible ssh api, ultimately I'd like to allow loading additional
+   methods via .so/.dll */
 
 struct _LIBSSH2_KEX_METHOD
 {
@@ -1011,23 +1020,12 @@ struct _LIBSSH2_MAC_METHOD
     int (*dtor) (LIBSSH2_SESSION * session, void **abstract);
 };
 
-#define LIBSSH2_DBG_TRANS   1
-#define LIBSSH2_DBG_KEX     2
-#define LIBSSH2_DBG_AUTH    3
-#define LIBSSH2_DBG_CONN    4
-#define LIBSSH2_DBG_SCP     5
-#define LIBSSH2_DBG_SFTP    6
-#define LIBSSH2_DBG_ERROR   7
-#define LIBSSH2_DBG_PUBLICKEY   8
 #ifdef LIBSSH2DEBUG
 void _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format,
                     ...);
 #else
-#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)
-/* C99 style */
-#define _libssh2_debug(x,y,z, __VA_ARGS__) do {} while (0)
-#elif defined(__GNUC__)
-/* GNU style */
+#if (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L)) || defined(__GNUC__)
+/* C99 supported and also by older GCC */
 #define _libssh2_debug(x,y,z,...) do {} while (0)
 #else
 /* no gcc and not C99, do static and hopefully inline */
@@ -1048,7 +1046,7 @@ _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, ...)
     session->err_msglen = strlen(errmsg); \
     session->err_should_free = should_free; \
     session->err_code = errcode; \
-    _libssh2_debug(session, LIBSSH2_DBG_ERROR, "%d - %s", session->err_code, session->err_msg); \
+    _libssh2_debug(session, LIBSSH2_TRACE_ERROR, "%d - %s", session->err_code, session->err_msg); \
 }
 
 #else /* ! LIBSSH2DEBUG */
@@ -1139,8 +1137,8 @@ libssh2_uint64_t _libssh2_ntohu64(const unsigned char *buf);
 void _libssh2_htonu32(unsigned char *buf, unsigned int val);
 
 #ifdef WIN32
-ssize_t _libssh2_recv(int socket, void *buffer, size_t length, int flags);
-ssize_t _libssh2_send(int socket, const void *buffer, size_t length, int flags);
+ssize_t _libssh2_recv(libssh2_socket_t socket, void *buffer, size_t length, int flags);
+ssize_t _libssh2_send(libssh2_socket_t socket, const void *buffer, size_t length, int flags);
 #else
 #define _libssh2_recv(a,b,c,d) recv(a,b,c,d)
 #define _libssh2_send(a,b,c,d) send(a,b,c,d)
@@ -1152,20 +1150,21 @@ ssize_t _libssh2_send(int socket, const void *buffer, size_t length, int flags);
 int _libssh2_wait_socket(LIBSSH2_SESSION *session);
 
 
-/* CAUTION: some of these error codes are returned in the public API and is
-   there known with other #defined names from the public header file. They
-   should not be changed. */
+/* These started out as private return codes for the transport layer, but was
+   converted to using the library-wide return codes to easy propagation of the
+   error reasons all over etc without risking mixups. The PACKET_* names are
+   left only to reduce the impact of changing the code all over.*/
 
-#define PACKET_TIMEOUT  -7
-#define PACKET_BADUSE   -6
-#define PACKET_COMPRESS -5
-#define PACKET_TOOBIG   -4
-#define PACKET_ENOMEM   -3
+#define PACKET_TIMEOUT  LIBSSH2_ERROR_TIMEOUT
+#define PACKET_BADUSE   LIBSSH2_ERROR_BAD_USE
+#define PACKET_COMPRESS LIBSSH2_ERROR_COMPRESS
+#define PACKET_TOOBIG   LIBSSH2_ERROR_OUT_OF_BOUNDARY
+#define PACKET_ENOMEM   LIBSSH2_ERROR_ALLOC
 #define PACKET_EAGAIN   LIBSSH2_ERROR_EAGAIN
-#define PACKET_FAIL     -1
-#define PACKET_NONE      0
+#define PACKET_FAIL     LIBSSH2_ERROR_SOCKET_NONE
+#define PACKET_NONE     LIBSSH2_ERROR_NONE
 
-libssh2pack_t _libssh2_packet_read(LIBSSH2_SESSION * session);
+int _libssh2_packet_read(LIBSSH2_SESSION * session);
 
 int _libssh2_packet_ask(LIBSSH2_SESSION * session, unsigned char packet_type,
                         unsigned char **data, unsigned long *data_len,
@@ -1270,4 +1269,7 @@ int _libssh2_pem_decode_integer(unsigned char **data, unsigned int *datalen,
     } while(1)
 
 
+#define ARRAY_SIZE(a) (sizeof ((a)) / sizeof ((a)[0]))
+
+
 #endif /* LIBSSH2_H */

src/mac.c

@@ -167,6 +167,7 @@ static const LIBSSH2_MAC_METHOD mac_method_hmac_sha1_96 = {
     mac_method_common_dtor,
 };
 
+#if LIBSSH2_MD5
 /* mac_method_hmac_md5_hash
  * Calculate hash using full md5 value
  */
@@ -235,6 +236,7 @@ static const LIBSSH2_MAC_METHOD mac_method_hmac_md5_96 = {
     mac_method_hmac_md5_96_hash,
     mac_method_common_dtor,
 };
+#endif /* LIBSSH2_MD5 */
 
 #if LIBSSH2_HMAC_RIPEMD
 /* mac_method_hmac_ripemd160_hash
@@ -291,8 +293,10 @@ static const LIBSSH2_MAC_METHOD mac_method_hmac_ripemd160_openssh_com = {
 static const LIBSSH2_MAC_METHOD *mac_methods[] = {
     &mac_method_hmac_sha1,
     &mac_method_hmac_sha1_96,
+#if LIBSSH2_MD5
     &mac_method_hmac_md5,
     &mac_method_hmac_md5_96,
+#endif
 #if LIBSSH2_HMAC_RIPEMD
     &mac_method_hmac_ripemd160,
     &mac_method_hmac_ripemd160_openssh_com,

src/misc.c

@@ -37,6 +37,8 @@
  */
 
 #include "libssh2_priv.h"
+#include "misc.h"
+
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -76,7 +78,7 @@ static int wsa2errno(void)
  * to set errno
  */
 ssize_t
-_libssh2_recv(int socket, void *buffer, size_t length, int flags)
+_libssh2_recv(libssh2_socket_t socket, void *buffer, size_t length, int flags)
 {
     ssize_t rc = recv(socket, buffer, length, flags);
 #ifdef WIN32
@@ -95,7 +97,7 @@ _libssh2_recv(int socket, void *buffer, size_t length, int flags)
  * to set errno
  */
 ssize_t
-_libssh2_send(int socket, const void *buffer, size_t length, int flags)
+_libssh2_send(libssh2_socket_t socket, const void *buffer, size_t length, int flags)
 {
     ssize_t rc = send(socket, buffer, length, flags);
 #ifdef WIN32
@@ -222,6 +224,86 @@ libssh2_base64_decode(LIBSSH2_SESSION * session, char **data,
     return 0;
 }
 
+/* ---- Base64 Encoding/Decoding Table --- */
+static const char table64[]=
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/*
+ * _libssh2_base64_encode()
+ *
+ * Returns the length of the newly created base64 string. The third argument
+ * is a pointer to an allocated area holding the base64 data. If something
+ * went wrong, 0 is returned.
+ *
+ */
+size_t _libssh2_base64_encode(LIBSSH2_SESSION *session,
+                              const char *inp, size_t insize, char **outptr)
+{
+  unsigned char ibuf[3];
+  unsigned char obuf[4];
+  int i;
+  int inputparts;
+  char *output;
+  char *base64data;
+  const char *indata = inp;
+
+  *outptr = NULL; /* set to NULL in case of failure before we reach the end */
+
+  if(0 == insize)
+    insize = strlen(indata);
+
+  base64data = output = LIBSSH2_ALLOC(session, insize*4/3+4);
+  if(NULL == output)
+    return 0;
+
+  while(insize > 0) {
+    for (i = inputparts = 0; i < 3; i++) {
+      if(insize > 0) {
+        inputparts++;
+        ibuf[i] = *indata;
+        indata++;
+        insize--;
+      }
+      else
+        ibuf[i] = 0;
+    }
+
+    obuf[0] = (unsigned char)  ((ibuf[0] & 0xFC) >> 2);
+    obuf[1] = (unsigned char) (((ibuf[0] & 0x03) << 4) | \
+                               ((ibuf[1] & 0xF0) >> 4));
+    obuf[2] = (unsigned char) (((ibuf[1] & 0x0F) << 2) | \
+                               ((ibuf[2] & 0xC0) >> 6));
+    obuf[3] = (unsigned char)   (ibuf[2] & 0x3F);
+
+    switch(inputparts) {
+    case 1: /* only one byte read */
+      snprintf(output, 5, "%c%c==",
+               table64[obuf[0]],
+               table64[obuf[1]]);
+      break;
+    case 2: /* two bytes read */
+      snprintf(output, 5, "%c%c%c=",
+               table64[obuf[0]],
+               table64[obuf[1]],
+               table64[obuf[2]]);
+      break;
+    default:
+      snprintf(output, 5, "%c%c%c%c",
+               table64[obuf[0]],
+               table64[obuf[1]],
+               table64[obuf[2]],
+               table64[obuf[3]] );
+      break;
+    }
+    output += 4;
+  }
+  *output=0;
+  *outptr = base64data; /* make it return the actual data memory */
+
+  return strlen(base64data); /* return the length of the new data */
+}
+/* ---- End of Base64 Encoding ---- */
+
 #ifdef LIBSSH2DEBUG
 LIBSSH2_API int
 libssh2_trace(LIBSSH2_SESSION * session, int bitmask)
@@ -230,6 +312,14 @@ libssh2_trace(LIBSSH2_SESSION * session, int bitmask)
     return 0;
 }
 
+LIBSSH2_API int
+libssh2_trace_sethandler(LIBSSH2_SESSION *session, void* handler_context, libssh2_trace_handler_func callback)
+{
+    session->tracehandler = callback;
+    session->tracehandler_context = handler_context;
+    return 0;
+}
+
 void
 _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, ...)
 {
@@ -238,7 +328,7 @@ _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, ...)
     va_list vargs;
     struct timeval now;
     static int firstsec;
-    static const char *const contexts[9] = {
+    static const char *const contexts[] = {
         "Unknown",
         "Transport",
         "Key Ex",
@@ -248,15 +338,24 @@ _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, ...)
         "SFTP",
         "Failure Event",
         "Publickey",
+        "Socket",
     };
+    const char* contexttext = contexts[0];
+    unsigned int contextindex;
 
-    if (context < 1 || context > 8) {
-        context = 0;
-    }
-    if (!(session->showmask & (1 << context))) {
+    if (!(session->showmask & context)) {
         /* no such output asked for */
         return;
     }
+
+    /* Find the first matching context string for this message */
+    for (contextindex = 0; contextindex < ARRAY_SIZE(contexts); contextindex++) {
+        if ((context & (1 << contextindex)) != 0) {
+            contexttext = contexts[contextindex];
+            break;
+        }
+    }
+
     gettimeofday(&now, NULL);
     if(!firstsec) {
         firstsec = now.tv_sec;
@@ -264,14 +363,18 @@ _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, ...)
     now.tv_sec -= firstsec;
 
     len = snprintf(buffer, sizeof(buffer), "[libssh2] %d.%06d %s: ",
-                   (int)now.tv_sec, (int)now.tv_usec, contexts[context]);
+                   (int)now.tv_sec, (int)now.tv_usec, contexttext);
 
     va_start(vargs, format);
     len += vsnprintf(buffer + len, 1535 - len, format, vargs);
     buffer[len] = '\n';
     va_end(vargs);
-    write(2, buffer, len + 1);
 
+    if (session->tracehandler) {
+        (session->tracehandler)(session, session->tracehandler_context, buffer, len + 1);
+    } else {
+        write(2, buffer, len + 1);
+    }
 }
 
 #else
@@ -282,4 +385,156 @@ libssh2_trace(LIBSSH2_SESSION * session, int bitmask)
     (void) bitmask;
     return 0;
 }
+
+LIBSSH2_API int
+libssh2_trace_sethandler(LIBSSH2_SESSION *session, void* handler_context, libssh2_trace_handler_func callback)
+{
+    (void) session;
+    (void) handler_context;
+    (void) callback;
+    return 0;
+}
+#endif
+
+/* init the list head */
+void _libssh2_list_init(struct list_head *head)
+{
+    head->first = head->last = NULL;
+}
+
+/* add a node to the list */
+void _libssh2_list_add(struct list_head *head,
+                       struct list_node *entry)
+{
+    /* store a pointer to the head */
+    entry->head = head;
+
+    /* we add this entry at the "top" so it has no next */
+    entry->next = NULL;
+
+    /* make our prev point to what the head thinks is last */
+    entry->prev = head->last;
+
+    /* and make head's last be us now */
+    head->last = entry;
+
+    /* make sure our 'prev' node points to us next */
+    if(entry->prev)
+        entry->prev->next = entry;
+    else
+        head->first = entry;
+}
+
+/* return the "first" node in the list this head points to */
+void *_libssh2_list_first(struct list_head *head)
+{
+    return head->first;
+}
+
+/* return the next node in the list */
+void *_libssh2_list_next(struct list_node *node)
+{
+    return node->next;
+}
+
+/* return the prev node in the list */
+void *_libssh2_list_prev(struct list_node *node)
+{
+    return node->prev;
+}
+
+/* remove this node from the list */
+void _libssh2_list_remove(struct list_node *entry)
+{
+    if(entry->prev)
+        entry->prev->next = entry->next;
+    else
+        entry->head->first = entry->next;
+
+    if(entry->next)
+        entry->next->prev = entry->prev;
+    else
+        entry->head->last = entry->prev;
+}
+
+#if 0
+/* insert a node before the given 'after' entry */
+void _libssh2_list_insert(struct list_node *after, /* insert before this */
+                          struct list_node *entry)
+{
+    /* 'after' is next to 'entry' */
+    bentry->next = after;
+
+    /* entry's prev is then made to be the prev after current has */
+    entry->prev = after->prev;
+
+    /* the node that is now before 'entry' was previously before 'after'
+       and must be made to point to 'entry' correctly */
+    if(entry->prev)
+        entry->prev->next = entry;
+    else
+      /* there was no node before this, so we make sure we point the head
+         pointer to this node */
+      after->head->first = entry;
+
+    /* after's prev entry points back to entry */
+    after->prev = entry;
+
+    /* after's next entry is still the same as before */
+
+    /* entry's head is the same as after's */
+    entry->head = after->head;
+}
+
+#endif
+
+
+
+#ifdef WIN32
+/*
+ * gettimeofday
+ * Implementation according to:
+ * The Open Group Base Specifications Issue 6
+ * IEEE Std 1003.1, 2004 Edition
+ */
+  
+/*
+ *  THIS SOFTWARE IS NOT COPYRIGHTED
+ *
+ *  This source code is offered for use in the public domain. You may
+ *  use, modify or distribute it freely.
+ *
+ *  This code is distributed in the hope that it will be useful but
+ *  WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
+ *  DISCLAIMED. This includes but is not limited to warranties of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ *  Contributed by:
+ *  Danny Smith <dannysmith@users.sourceforge.net>
+ */
+
+/* Offset between 1/1/1601 and 1/1/1970 in 100 nanosec units */
+#define _W32_FT_OFFSET (116444736000000000ULL)
+
+
+int __cdecl gettimeofday(struct timeval *tp,
+                         void *tzp)
+ {
+  union {
+    unsigned long long ns100; /*time since 1 Jan 1601 in 100ns units */
+    FILETIME ft;
+  }  _now;
+
+  if(tp)
+    {
+      GetSystemTimeAsFileTime (&_now.ft);
+      tp->tv_usec=(long)((_now.ns100 / 10ULL) % 1000000ULL );
+      tp->tv_sec= (long)((_now.ns100 - _W32_FT_OFFSET) / 10000000ULL);
+    }
+  /* Always return 0 as per Open Group Base Specifications Issue 6.
+     Do not set errno on error.  */
+  return 0;
+}
+
+
 #endif

src/misc.h

@@ -0,0 +1,72 @@
+#ifndef __LIBSSH2_MISC_H
+#define __LIBSSH2_MISC_H
+/* Copyright (c) 2009 by Daniel Stenberg
+ *
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms,
+ * with or without modification, are permitted provided
+ * that the following conditions are met:
+ *
+ *   Redistributions of source code must retain the above
+ *   copyright notice, this list of conditions and the
+ *   following disclaimer.
+ *
+ *   Redistributions in binary form must reproduce the above
+ *   copyright notice, this list of conditions and the following
+ *   disclaimer in the documentation and/or other materials
+ *   provided with the distribution.
+ *
+ *   Neither the name of the copyright holder nor the names
+ *   of any other contributors may be used to endorse or
+ *   promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
+ * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
+ * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
+ * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+struct list_head {
+    struct list_node *last;
+    struct list_node *first;
+};
+
+struct list_node {
+    struct list_node *next;
+    struct list_node *prev;
+    struct list_head *head;
+};
+
+void _libssh2_list_init(struct list_head *head);
+
+/* add a node last in the list */
+void _libssh2_list_add(struct list_head *head,
+                       struct list_node *entry);
+
+/* return the "first" node in the list this head points to */
+void *_libssh2_list_first(struct list_head *head);
+
+/* return the next node in the list */
+void *_libssh2_list_next(struct list_node *node);
+
+/* return the prev node in the list */
+void *_libssh2_list_prev(struct list_node *node);
+
+/* remove this node from the list */
+void _libssh2_list_remove(struct list_node *entry);
+
+size_t _libssh2_base64_encode(struct _LIBSSH2_SESSION *session,
+                              const char *inp, size_t insize, char **outptr);
+#endif /* _LIBSSH2_MISC_H */

src/openssl.c

@@ -1,7 +1,9 @@
-/* Copyright (C) 2006, 2007 The Written Word, Inc.  All rights reserved.
- * Author: Simon Josefsson
+/* Copyright (C) 2009 Simon Josefsson
+ * Copyright (C) 2006, 2007 The Written Word, Inc.  All rights reserved.
  * Copyright (c) 2004-2006, Sara Golemon <sarag@libssh2.org>
  *
+ * Author: Simon Josefsson
+ *
  * Redistribution and use in source and binary forms,
  * with or without modification, are permitted provided
  * that the following conditions are met:
@@ -37,6 +39,9 @@
  */
 
 #include "libssh2_priv.h"
+
+#ifndef LIBSSH2_LIBGCRYPT /* compile only if we build with OpenSSL */
+
 #include <string.h>
 
 #ifndef EVP_MAX_BLOCK_LENGTH
@@ -194,6 +199,108 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
     return ret == 1 ? 0 : 1;
 }
 
+#include <openssl/aes.h>
+
+typedef struct
+{
+    AES_KEY       key;
+    unsigned char ctr[AES_BLOCK_SIZE];
+} aes_ctr_ctx;
+
+static int
+aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+	     const unsigned char *iv, int enc) /* init key */
+{
+    aes_ctr_ctx *c = malloc(sizeof(*c));
+    (void) enc;
+
+    if (c == NULL)
+	return 0;
+
+    AES_set_encrypt_key(key, 8 * ctx->key_len, &c->key);
+    memcpy(c->ctr, iv, AES_BLOCK_SIZE);
+
+    EVP_CIPHER_CTX_set_app_data(ctx, c);
+
+    return 1;
+}
+
+static int
+aes_ctr_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+		  const unsigned char *in,
+		  unsigned int inl) /* encrypt/decrypt data */
+{
+    aes_ctr_ctx *c = EVP_CIPHER_CTX_get_app_data(ctx);
+    unsigned char b1[AES_BLOCK_SIZE];
+    size_t i;
+
+    if (inl != 16) /* libssh2 only ever encrypt one block */
+	return 0;
+
+/*
+  To encrypt a packet P=P1||P2||...||Pn (where P1, P2, ..., Pn are each
+  blocks of length L), the encryptor first encrypts <X> with <cipher>
+  to obtain a block B1.  The block B1 is then XORed with P1 to generate
+  the ciphertext block C1.  The counter X is then incremented
+*/
+
+    AES_encrypt(c->ctr, b1, &c->key);
+
+    for (i = 0; i < 16; i++)
+	*out++ = *in++ ^ b1[i];
+
+    i = 15;
+    while (c->ctr[i]++ == 0xFF) {
+	if (i == 0)
+	    break;
+	i--;
+    }
+
+    return 1;
+}
+
+static int
+aes_ctr_cleanup(EVP_CIPHER_CTX *ctx) /* cleanup ctx */
+{
+    free(EVP_CIPHER_CTX_get_app_data(ctx));
+    return 1;
+}
+
+static const EVP_CIPHER *
+make_ctr_evp (size_t keylen)
+{
+    static EVP_CIPHER aes_ctr_cipher;
+
+    memset(&aes_ctr_cipher, 0, sizeof(aes_ctr_cipher));
+
+    aes_ctr_cipher.block_size = 16;
+    aes_ctr_cipher.key_len = keylen;
+    aes_ctr_cipher.iv_len = 16;
+    aes_ctr_cipher.init = aes_ctr_init;
+    aes_ctr_cipher.do_cipher = aes_ctr_do_cipher;
+    aes_ctr_cipher.cleanup = aes_ctr_cleanup;
+
+    return &aes_ctr_cipher;
+}
+
+const EVP_CIPHER *
+_libssh2_EVP_aes_128_ctr(void)
+{
+    return make_ctr_evp (16);
+}
+
+const EVP_CIPHER *
+_libssh2_EVP_aes_192_ctr(void)
+{
+    return make_ctr_evp (24);
+}
+
+const EVP_CIPHER *
+_libssh2_EVP_aes_256_ctr(void)
+{
+    return make_ctr_evp (32);
+}
+
 /* TODO: Optionally call a passphrase callback specified by the
  * calling program
  */
@@ -212,12 +319,40 @@ passphrase_cb(char *buf, int size, int rwflag, char *passphrase)
     return passphrase_len;
 }
 
+typedef void * (*pem_read_bio_func)(BIO *, void **, pem_password_cb *,
+                                    void * u);
+
+static int
+read_private_key_from_file(void ** key_ctx,
+                           pem_read_bio_func read_private_key,
+                           const char * filename,
+                           unsigned const char *passphrase)
+{
+    BIO * bp;
+
+    *key_ctx = NULL;
+
+    bp = BIO_new_file(filename, "r");
+    if (!bp) {
+        return -1;
+    }
+
+    *key_ctx = read_private_key(bp, NULL, (pem_password_cb *) passphrase_cb,
+                                (void *) passphrase);
+
+    BIO_free(bp);
+    return (*key_ctx) ? 0 : -1;
+}
+
 int
 _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
                          LIBSSH2_SESSION * session,
-                         FILE * fp, unsigned const char *passphrase)
+                         const char *filename, unsigned const char *passphrase)
 {
+    pem_read_bio_func read_rsa =
+        (pem_read_bio_func) &PEM_read_bio_RSAPrivateKey;
     (void) session;
+
     if (!EVP_get_cipherbyname("des")) {
 /* If this cipher isn't loaded it's a pretty good indication that none are.
  * I have *NO DOUBT* that there's a better way to deal with this ($#&%#$(%$#(
@@ -225,20 +360,20 @@ _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
  */
         OpenSSL_add_all_ciphers();
     }
-    *rsa = PEM_read_RSAPrivateKey(fp, NULL, (void *) passphrase_cb,
-                                  (void *) passphrase);
-    if (!*rsa) {
-        return -1;
-    }
-    return 0;
+
+    return read_private_key_from_file((void **) rsa, read_rsa,
+                                      filename, passphrase);
 }
 
 int
 _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
                          LIBSSH2_SESSION * session,
-                         FILE * fp, unsigned const char *passphrase)
+                         const char *filename, unsigned const char *passphrase)
 {
+    pem_read_bio_func read_dsa =
+        (pem_read_bio_func) &PEM_read_bio_DSAPrivateKey;
     (void) session;
+
     if (!EVP_get_cipherbyname("des")) {
 /* If this cipher isn't loaded it's a pretty good indication that none are.
  * I have *NO DOUBT* that there's a better way to deal with this ($#&%#$(%$#(
@@ -246,12 +381,9 @@ _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
  */
         OpenSSL_add_all_ciphers();
     }
-    *dsa = PEM_read_DSAPrivateKey(fp, NULL, (void *) passphrase_cb,
-                                  (void *) passphrase);
-    if (!*dsa) {
-        return -1;
-    }
-    return 0;
+
+    return read_private_key_from_file((void **) dsa, read_dsa,
+                                      filename, passphrase);
 }
 
 int
@@ -291,7 +423,7 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
                        unsigned long hash_len, unsigned char *signature)
 {
     DSA_SIG *sig;
-    int r_len, s_len, rs_pad;
+    int r_len, s_len;
     (void) hash_len;
 
     sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx);
@@ -300,17 +432,24 @@ _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
     }
 
     r_len = BN_num_bytes(sig->r);
+    if (r_len < 1 || r_len > 20) {
+        DSA_SIG_free(sig);
+        return -1;
+    }
     s_len = BN_num_bytes(sig->s);
-    rs_pad = (2 * SHA_DIGEST_LENGTH) - (r_len + s_len);
-    if (rs_pad < 0) {
+    if (s_len < 1 || s_len > 20) {
         DSA_SIG_free(sig);
         return -1;
     }
 
-    BN_bn2bin(sig->r, signature + rs_pad);
-    BN_bn2bin(sig->s, signature + rs_pad + r_len);
+    memset(signature, 0, 40);
+
+    BN_bn2bin(sig->r, signature + (20 - r_len));
+    BN_bn2bin(sig->s, signature + 20 + (20 - s_len));
 
     DSA_SIG_free(sig);
 
     return 0;
 }
+
+#endif /* !LIBSSH2_LIBGCRYPT */

src/openssl.h

@@ -1,4 +1,6 @@
-/* Copyright (C) 2006, 2007 The Written Word, Inc.  All rights reserved.
+/* Copyright (C) 2009 Simon Josefsson
+ * Copyright (C) 2006, 2007 The Written Word, Inc.  All rights reserved.
+ *
  * Author: Simon Josefsson
  *
  * Redistribution and use in source and binary forms,
@@ -71,6 +73,7 @@
 #endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES)
+# define LIBSSH2_AES_CTR 1
 # define LIBSSH2_AES 1
 #else
 # define LIBSSH2_AES 0
@@ -148,7 +151,8 @@ int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa,
                      const unsigned char *coeffdata, unsigned long coefflen);
 int _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa,
                              LIBSSH2_SESSION * session,
-                             FILE * fp, unsigned const char *passphrase);
+                             const char *filename,
+                             unsigned const char *passphrase);
 int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsa,
                              const unsigned char *sig,
                              unsigned long sig_len,
@@ -176,7 +180,8 @@ int _libssh2_dsa_new(libssh2_dsa_ctx ** dsa,
                      const unsigned char *x, unsigned long x_len);
 int _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa,
                              LIBSSH2_SESSION * session,
-                             FILE * fp, unsigned const char *passphrase);
+                             const char *filename,
+                             unsigned const char *passphrase);
 int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx,
                              const unsigned char *sig,
                              const unsigned char *m, unsigned long m_len);
@@ -192,6 +197,9 @@ int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx,
 #define _libssh2_cipher_aes256 EVP_aes_256_cbc
 #define _libssh2_cipher_aes192 EVP_aes_192_cbc
 #define _libssh2_cipher_aes128 EVP_aes_128_cbc
+#define _libssh2_cipher_aes128ctr _libssh2_EVP_aes_128_ctr
+#define _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr
+#define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr
 #define _libssh2_cipher_blowfish EVP_bf_cbc
 #define _libssh2_cipher_arcfour EVP_rc4
 #define _libssh2_cipher_cast5 EVP_cast5_cbc
@@ -221,3 +229,7 @@ int _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
 #define _libssh2_bn_bytes(bn) BN_num_bytes(bn)
 #define _libssh2_bn_bits(bn) BN_num_bits(bn)
 #define _libssh2_bn_free(bn) BN_clear_free(bn)
+
+const EVP_CIPHER *_libssh2_EVP_aes_128_ctr(void);
+const EVP_CIPHER *_libssh2_EVP_aes_192_ctr(void);
+const EVP_CIPHER *_libssh2_EVP_aes_256_ctr(void);

src/packet.c

@@ -1,5 +1,6 @@
 /* Copyright (c) 2004-2007, Sara Golemon <sarag@libssh2.org>
  * Copyright (c) 2009 by Daniel Stenberg
+ * Copyright (c) 2010 Simon Josefsson
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms,
@@ -60,6 +61,7 @@
 #include <sys/types.h>
 
 #include "transport.h"
+#include "channel.h"
 
 /*
  * libssh2_packet_queue_listener
@@ -78,7 +80,7 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data,
     /* 17 = packet_type(1) + channel(4) + reason(4) + descr(4) + lang(4) */
     unsigned long packet_len = 17 + (sizeof(FwdNotReq) - 1);
     unsigned char *p;
-    LIBSSH2_LISTENER *listen = session->listeners;
+    LIBSSH2_LISTENER *listen = _libssh2_list_first(&session->listeners);
     char failure_code = 1;      /* SSH_OPEN_ADMINISTRATIVELY_PROHIBITED */
     int rc;
 
@@ -107,7 +109,7 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data,
         listen_state->sport = _libssh2_ntohu32(s);
         s += 4;
 
-        _libssh2_debug(session, LIBSSH2_DBG_CONN,
+        _libssh2_debug(session, LIBSSH2_TRACE_CONN,
                        "Remote received connection from %s:%ld to %s:%ld",
                        listen_state->shost, listen_state->sport,
                        listen_state->host, listen_state->port);
@@ -119,19 +121,18 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data,
         while (listen) {
             if ((listen->port == (int) listen_state->port) &&
                 (strlen(listen->host) == listen_state->host_len) &&
-                (memcmp
-                 (listen->host, listen_state->host,
+                (memcmp (listen->host, listen_state->host,
                          listen_state->host_len) == 0)) {
                 /* This is our listener */
-                LIBSSH2_CHANNEL *channel, *last_queued = listen->queue;
+                LIBSSH2_CHANNEL *channel = NULL;
+                listen_state->channel = NULL;
 
-                last_queued = listen->queue;
                 if (listen_state->state == libssh2_NB_state_allocated) {
                     if (listen->queue_maxsize &&
                         (listen->queue_maxsize <= listen->queue_size)) {
                         /* Queue is full */
                         failure_code = 4;       /* SSH_OPEN_RESOURCE_SHORTAGE */
-                        _libssh2_debug(session, LIBSSH2_DBG_CONN,
+                        _libssh2_debug(session, LIBSSH2_TRACE_CONN,
                                        "Listener queue full, ignoring");
                         listen_state->state = libssh2_NB_state_sent;
                         break;
@@ -146,6 +147,8 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data,
                         listen_state->state = libssh2_NB_state_sent;
                         break;
                     }
+                    listen_state->channel = channel;
+
                     memset(channel, 0, sizeof(LIBSSH2_CHANNEL));
 
                     channel->session = session;
@@ -181,7 +184,7 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data,
                         listen_state->initial_window_size;
                     channel->local.packet_size = listen_state->packet_size;
 
-                    _libssh2_debug(session, LIBSSH2_DBG_CONN,
+                    _libssh2_debug(session, LIBSSH2_TRACE_CONN,
                                    "Connection queued: channel %lu/%lu win %lu/%lu packet %lu/%lu",
                                    channel->local.id, channel->remote.id,
                                    channel->local.window_size,
@@ -206,31 +209,19 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data,
                 if (listen_state->state == libssh2_NB_state_created) {
                     rc = _libssh2_transport_write(session, listen_state->packet,
                                                   17);
-                    if (rc == PACKET_EAGAIN) {
-                        return PACKET_EAGAIN;
-                    } else if (rc) {
-                        libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
-                                      "Unable to send channel open confirmation",
-                                      0);
+                    if (rc == PACKET_EAGAIN)
+                        return rc;
+                    else if (rc) {
+                        libssh2_error(session, rc,
+                                      "Unable to send channel "
+                                      "open confirmation", 0);
                         listen_state->state = libssh2_NB_state_idle;
-                        return -1;
+                        return rc;
                     }
 
                     /* Link the channel into the end of the queue list */
-
-                    if (!last_queued) {
-                        listen->queue = channel;
-                        listen_state->state = libssh2_NB_state_idle;
-                        return 0;
-                    }
-
-                    while (last_queued->next) {
-                        last_queued = last_queued->next;
-                    }
-
-                    last_queued->next = channel;
-                    channel->prev = last_queued;
-
+                    _libssh2_list_add(&listen->queue,
+                                      &listen_state->channel->node);
                     listen->queue_size++;
 
                     listen_state->state = libssh2_NB_state_idle;
@@ -238,14 +229,13 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data,
                 }
             }
 
-            listen = listen->next;
+            listen = _libssh2_list_next(&listen->node);
         }
 
         listen_state->state = libssh2_NB_state_sent;
     }
 
     /* We're not listening to you */
-    {
     p = listen_state->packet;
     *(p++) = SSH_MSG_CHANNEL_OPEN_FAILURE;
     _libssh2_htonu32(p, listen_state->sender_channel);
@@ -261,17 +251,15 @@ packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data,
     rc = _libssh2_transport_write(session, listen_state->packet,
                                   packet_len);
     if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+        return rc;
     } else if (rc) {
-            libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
-                          "Unable to send open failure", 0);
+        libssh2_error(session, rc, "Unable to send open failure", 0);
         listen_state->state = libssh2_NB_state_idle;
-            return -1;
+        return rc;
     }
     listen_state->state = libssh2_NB_state_idle;
     return 0;
 }
-}
 
 /*
  * packet_x11_open
@@ -288,7 +276,7 @@ packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data,
     /* 17 = packet_type(1) + channel(4) + reason(4) + descr(4) + lang(4) */
     unsigned long packet_len = 17 + (sizeof(X11FwdUnAvil) - 1);
     unsigned char *p;
-    LIBSSH2_CHANNEL *channel;
+    LIBSSH2_CHANNEL *channel = x11open_state->channel;
     int rc;
 
     (void) datalen;
@@ -307,7 +295,7 @@ packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data,
         x11open_state->sport = _libssh2_ntohu32(s);
         s += 4;
 
-        _libssh2_debug(session, LIBSSH2_DBG_CONN,
+        _libssh2_debug(session, LIBSSH2_TRACE_CONN,
                        "X11 Connection Received from %s:%ld on channel %lu",
                        x11open_state->shost, x11open_state->sport,
                        x11open_state->sender_channel);
@@ -355,7 +343,7 @@ packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data,
             channel->local.window_size = x11open_state->initial_window_size;
             channel->local.packet_size = x11open_state->packet_size;
 
-            _libssh2_debug(session, LIBSSH2_DBG_CONN,
+            _libssh2_debug(session, LIBSSH2_TRACE_CONN,
                            "X11 Connection established: channel %lu/%lu win %lu/%lu packet %lu/%lu",
                            channel->local.id, channel->remote.id,
                            channel->local.window_size,
@@ -379,7 +367,7 @@ packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data,
         if (x11open_state->state == libssh2_NB_state_created) {
             rc = _libssh2_transport_write(session, x11open_state->packet, 17);
             if (rc == PACKET_EAGAIN) {
-                return PACKET_EAGAIN;
+                return rc;
             } else if (rc) {
                 libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
                               "Unable to send channel open confirmation", 0);
@@ -388,15 +376,7 @@ packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data,
             }
 
             /* Link the channel into the session */
-            if (session->channels.tail) {
-                session->channels.tail->next = channel;
-                channel->prev = session->channels.tail;
-            } else {
-                session->channels.head = channel;
-                channel->prev = NULL;
-            }
-            channel->next = NULL;
-            session->channels.tail = channel;
+            _libssh2_list_add(&session->channels, &channel->node);
 
             /*
              * Pass control to the callback, they may turn right around and
@@ -427,12 +407,11 @@ packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data,
 
     rc = _libssh2_transport_write(session, x11open_state->packet, packet_len);
     if (rc == PACKET_EAGAIN) {
-        return PACKET_EAGAIN;
+        return rc;
     } else if (rc) {
-        libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
-                      "Unable to send open failure", 0);
+        libssh2_error(session, rc, "Unable to send open failure", 0);
         x11open_state->state = libssh2_NB_state_idle;
-        return -1;
+        return rc;
     }
     x11open_state->state = libssh2_NB_state_idle;
     return 0;
@@ -442,7 +421,10 @@ packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data,
  * _libssh2_packet_add
  *
  * Create a new packet and attach it to the brigade. Called from the transport
- * layer when it as received a packet.
+ * layer when it has received a packet.
+ *
+ * The input pointer 'data' is pointing to allocated data that this function
+ * is asked to deal with so on failure OR success, it must be freed fine.
  */
 int
 _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
@@ -465,12 +447,12 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
         memset(&session->packAdd_x11open_state, 0,
                sizeof(session->packAdd_x11open_state));
 
-        _libssh2_debug(session, LIBSSH2_DBG_TRANS,
+        _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
                        "Packet type %d received, length=%d",
                        (int) data[0], (int) datalen);
         if (macstate == LIBSSH2_MAC_INVALID) {
-            if (session->macerror) {
-                if (LIBSSH2_MACERROR(session, (char *) data, datalen) == 0) {
+            if (session->macerror &&
+                LIBSSH2_MACERROR(session, (char *) data, datalen) == 0) {
                 /* Calling app has given the OK, Process it anyway */
                 macstate = LIBSSH2_MAC_CONFIRMED;
             } else {
@@ -484,20 +466,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                                        "", 0);
                 }
                 LIBSSH2_FREE(session, data);
-                    return -1;
-                }
-            } else {
-                libssh2_error(session, LIBSSH2_ERROR_INVALID_MAC,
-                              "Invalid Message Authentication Code received",
-                              0);
-                if (session->ssh_msg_disconnect) {
-                    LIBSSH2_DISCONNECT(session, SSH_DISCONNECT_MAC_ERROR,
-                                       "Invalid MAC received",
-                                       sizeof("Invalid MAC received") - 1,
-                                       "", 0);
-                }
-                LIBSSH2_FREE(session, data);
-                return -1;
+                return LIBSSH2_ERROR_INVALID_MAC;
             }
         }
 
@@ -515,8 +484,16 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
         goto libssh2_packet_add_jump_point2;
     } else if (session->packAdd_state == libssh2_NB_state_jump3) {
         goto libssh2_packet_add_jump_point3;
+    } else if (session->packAdd_state == libssh2_NB_state_jump4) {
+        goto libssh2_packet_add_jump_point4;
+    } else if (session->packAdd_state == libssh2_NB_state_jump5) {
+        goto libssh2_packet_add_jump_point5;
     }
 
+/* FIXME: I've noticed that DATA is accessed without proper
+ * out-of-bounds checking (i.e., DATALEN) in many places
+ * below. --simon */
+
     if (session->packAdd_state == libssh2_NB_state_allocated) {
         /* A couple exceptions to the packet adding rule: */
         switch (data[0]) {
@@ -544,7 +521,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                 message[message_len] = '\0';
                 language = (char *) data + 9 + message_len + 3;
                 if (language_len) {
-                    memcpy(language, language + 1, language_len);
+                    memmove(language, language + 1, language_len);
                 }
                 language[language_len] = '\0';
 
@@ -552,27 +529,32 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                     LIBSSH2_DISCONNECT(session, reason, message,
                                        message_len, language, language_len);
                 }
-                _libssh2_debug(session, LIBSSH2_DBG_TRANS,
+                _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
                                "Disconnect(%d): %s(%s)", reason,
                                message, language);
                 LIBSSH2_FREE(session, data);
                 session->socket_state = LIBSSH2_SOCKET_DISCONNECTED;
                 session->packAdd_state = libssh2_NB_state_idle;
-                return -1;
+                libssh2_error(session, LIBSSH2_ERROR_SOCKET_DISCONNECT,
+                              "socket disconnect", 0);
+                return LIBSSH2_ERROR_SOCKET_DISCONNECT;
             }
             break;
 
         case SSH_MSG_IGNORE:
-            /* As with disconnect, back it up one and add a trailing NULL */
-            memcpy(data + 4, data + 5, datalen - 5);
+            if (datalen >= 5) {
+                /* Back it up one and add a trailing NULL */
+                memmove(data, data + 1, datalen - 1);
                 data[datalen] = '\0';
                 if (session->ssh_msg_ignore) {
-                LIBSSH2_IGNORE(session, (char *) data + 4, datalen - 5);
+                    LIBSSH2_IGNORE(session, (char *) data + 4, datalen - 1);
+                }
+            } else if (session->ssh_msg_ignore) {
+                LIBSSH2_IGNORE(session, "", 0);
             }
             LIBSSH2_FREE(session, data);
             session->packAdd_state = libssh2_NB_state_idle;
             return 0;
-            break;
 
         case SSH_MSG_DEBUG:
             {
@@ -598,7 +580,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                 message[message_len] = '\0';
                 language = (char *) data + 6 + message_len + 3;
                 if (language_len) {
-                    memcpy(language, language + 1, language_len);
+                    memmove(language, language + 1, language_len);
                 }
                 language[language_len] = '\0';
 
@@ -610,7 +592,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                  * _libssh2_debug will actually truncate this for us so
                  * that it's not an inordinate about of data
                  */
-                _libssh2_debug(session, LIBSSH2_DBG_TRANS,
+                _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
                                "Debug Packet: %s", message);
                 LIBSSH2_FREE(session, data);
                 session->packAdd_state = libssh2_NB_state_idle;
@@ -618,6 +600,30 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
             }
             break;
 
+        case SSH_MSG_GLOBAL_REQUEST:
+        {
+            uint32_t strlen = _libssh2_ntohu32(data + 1);
+            unsigned char want_reply = data[5 + strlen];
+
+            _libssh2_debug(session,
+                           LIBSSH2_TRACE_CONN,
+                           "Received global request type %.*s (wr %X)",
+                           strlen, data + 5, want_reply);
+
+            if (want_reply) {
+              libssh2_packet_add_jump_point5:
+                session->packAdd_state = libssh2_NB_state_jump5;
+                data[0] = SSH_MSG_REQUEST_FAILURE;
+                rc = _libssh2_transport_write(session, data, 1);
+                if (rc == PACKET_EAGAIN)
+                    return rc;
+                LIBSSH2_FREE(session, data);
+                session->packAdd_state = libssh2_NB_state_idle;
+                return 0;
+            }
+        }
+        break;
+
         case SSH_MSG_CHANNEL_EXTENDED_DATA:
             /* streamid(4) */
             session->packAdd_data_head += 4;
@@ -643,7 +649,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                     stream_id = _libssh2_ntohu32(data + 5);
                 }
 
-                _libssh2_debug(session, LIBSSH2_DBG_CONN,
+                _libssh2_debug(session, LIBSSH2_TRACE_CONN,
                                "%d bytes packet_add() for %lu/%lu/%lu",
                                (int) (datalen - session->packAdd_data_head),
                                session->packAdd_channel->local.id,
@@ -657,21 +663,19 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                 /* Pretend we didn't receive this */
                 LIBSSH2_FREE(session, data);
 
-                _libssh2_debug(session, LIBSSH2_DBG_CONN,
+                _libssh2_debug(session, LIBSSH2_TRACE_CONN,
                                "Ignoring extended data and refunding %d bytes",
                                (int) (datalen - 13));
                 /* Adjust the window based on the block we just freed */
               libssh2_packet_add_jump_point1:
                 session->packAdd_state = libssh2_NB_state_jump1;
-                rc = libssh2_channel_receive_window_adjust(session->
+                rc = _libssh2_channel_receive_window_adjust(session->
                                                             packAdd_channel,
                                                             datalen - 13,
-                                                           0);
-                if (rc == PACKET_EAGAIN) {
-                    session->socket_block_directions =
-                        LIBSSH2_SESSION_BLOCK_OUTBOUND;
-                    return PACKET_EAGAIN;
-                }
+                                                            0, NULL);
+                if (rc == PACKET_EAGAIN)
+                    return rc;
+
                 session->packAdd_state = libssh2_NB_state_idle;
                 return 0;
             }
@@ -731,7 +735,6 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
             break;
 
         case SSH_MSG_CHANNEL_EOF:
-            {
             session->packAdd_channel =
                 _libssh2_channel_locate(session, _libssh2_ntohu32(data + 1));
 
@@ -743,7 +746,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
             }
 
             _libssh2_debug(session,
-                               LIBSSH2_DBG_CONN,
+                           LIBSSH2_TRACE_CONN,
                            "EOF received for channel %lu/%lu",
                            session->packAdd_channel->local.id,
                            session->packAdd_channel->remote.id);
@@ -752,24 +755,30 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
             LIBSSH2_FREE(session, data);
             session->packAdd_state = libssh2_NB_state_idle;
             return 0;
-            }
-            break;
 
         case SSH_MSG_CHANNEL_REQUEST:
         {
-                if (_libssh2_ntohu32(data + 5) == sizeof("exit-status") - 1
+            uint32_t channel = _libssh2_ntohu32(data + 1);
+            uint32_t strlen = _libssh2_ntohu32(data + 5);
+            unsigned char want_reply = data[9 + strlen];
+
+            _libssh2_debug(session,
+                           LIBSSH2_TRACE_CONN,
+                           "Channel %d received request type %.*s (wr %X)",
+                           channel, strlen, data + 9, want_reply);
+
+            if (strlen == sizeof("exit-status") - 1
                 && !memcmp("exit-status", data + 9,
                            sizeof("exit-status") - 1)) {
 
                 /* we've got "exit-status" packet. Set the session value */
                 session->packAdd_channel =
-                        _libssh2_channel_locate(session,
-                                                _libssh2_ntohu32(data + 1));
+                    _libssh2_channel_locate(session, channel);
 
                 if (session->packAdd_channel) {
                     session->packAdd_channel->exit_status =
                         _libssh2_ntohu32(data + 9 + sizeof("exit-status"));
-                        _libssh2_debug(session, LIBSSH2_DBG_CONN,
+                    _libssh2_debug(session, LIBSSH2_TRACE_CONN,
                                    "Exit status %lu received for channel %lu/%lu",
                                    session->packAdd_channel->exit_status,
                                    session->packAdd_channel->local.id,
@@ -780,11 +789,22 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                 session->packAdd_state = libssh2_NB_state_idle;
                 return 0;
             }
+
+            if (want_reply) {
+              libssh2_packet_add_jump_point4:
+                session->packAdd_state = libssh2_NB_state_jump4;
+                data[0] = SSH_MSG_CHANNEL_FAILURE;
+                rc = _libssh2_transport_write(session, data, 5);
+                if (rc == PACKET_EAGAIN)
+                    return rc;
+                LIBSSH2_FREE(session, data);
+                session->packAdd_state = libssh2_NB_state_idle;
+                return 0;
             }
             break;
+       }
 
         case SSH_MSG_CHANNEL_CLOSE:
-            {
             session->packAdd_channel =
                 _libssh2_channel_locate(session, _libssh2_ntohu32(data + 1));
 
@@ -794,38 +814,31 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                 session->packAdd_state = libssh2_NB_state_idle;
                 return 0;
             }
-                _libssh2_debug(session, LIBSSH2_DBG_CONN,
+            _libssh2_debug(session, LIBSSH2_TRACE_CONN,
                            "Close received for channel %lu/%lu",
                            session->packAdd_channel->local.id,
                            session->packAdd_channel->remote.id);
 
             session->packAdd_channel->remote.close = 1;
             session->packAdd_channel->remote.eof = 1;
-                /* TODO: Add a callback for this */
 
             LIBSSH2_FREE(session, data);
             session->packAdd_state = libssh2_NB_state_idle;
             return 0;
-            }
-            break;
 
         case SSH_MSG_CHANNEL_OPEN:
             if ((datalen >= (sizeof("forwarded-tcpip") + 4)) &&
                 ((sizeof("forwarded-tcpip") - 1) == _libssh2_ntohu32(data + 1))
                 &&
-                (memcmp
-                 (data + 5, "forwarded-tcpip",
+                (memcmp(data + 5, "forwarded-tcpip",
                         sizeof("forwarded-tcpip") - 1) == 0)) {
 
               libssh2_packet_add_jump_point2:
                 session->packAdd_state = libssh2_NB_state_jump2;
                 rc = packet_queue_listener(session, data, datalen,
                                            &session->packAdd_Qlstn_state);
-                if (rc == PACKET_EAGAIN) {
-                    session->socket_block_directions =
-                        LIBSSH2_SESSION_BLOCK_OUTBOUND;
-                    return PACKET_EAGAIN;
-                }
+                if (rc == PACKET_EAGAIN)
+                    return rc;
 
                 LIBSSH2_FREE(session, data);
                 session->packAdd_state = libssh2_NB_state_idle;
@@ -839,11 +852,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                 session->packAdd_state = libssh2_NB_state_jump3;
                 rc = packet_x11_open(session, data, datalen,
                                      &session->packAdd_x11open_state);
-                if (rc == PACKET_EAGAIN) {
-                    session->socket_block_directions =
-                        LIBSSH2_SESSION_BLOCK_OUTBOUND;
-                    return PACKET_EAGAIN;
-                }
+                if (rc == PACKET_EAGAIN)
+                    return rc;
 
                 LIBSSH2_FREE(session, data);
                 session->packAdd_state = libssh2_NB_state_idle;
@@ -861,7 +871,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
                 if (session->packAdd_channel && bytestoadd) {
                     session->packAdd_channel->local.window_size += bytestoadd;
                 }
-                _libssh2_debug(session, LIBSSH2_DBG_CONN,
+                _libssh2_debug(session, LIBSSH2_TRACE_CONN,
                                "Window adjust received for channel %lu/%lu, adding %lu bytes, new window_size=%lu",
                                session->packAdd_channel->local.id,
                                session->packAdd_channel->remote.id,
@@ -879,33 +889,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
     }
 
     if (session->packAdd_state == libssh2_NB_state_sent) {
-        session->packAdd_packet =
+        LIBSSH2_PACKET *packAdd_packet;
+        packAdd_packet =
           LIBSSH2_ALLOC(session, sizeof(LIBSSH2_PACKET));
-        if (!session->packAdd_packet) {
+        if (!packAdd_packet) {
             _libssh2_debug(session, LIBSSH2_ERROR_ALLOC,
                            "Unable to allocate memory for LIBSSH2_PACKET");
-            LIBSSH2_FREE(session, data);
             session->packAdd_state = libssh2_NB_state_idle;
             return -1;
         }
-        memset(session->packAdd_packet, 0, sizeof(LIBSSH2_PACKET));
+        memset(packAdd_packet, 0, sizeof(LIBSSH2_PACKET));
 
-        session->packAdd_packet->data = data;
-        session->packAdd_packet->data_len = datalen;
-        session->packAdd_packet->data_head = session->packAdd_data_head;
-        session->packAdd_packet->mac = macstate;
-        session->packAdd_packet->brigade = &session->packets;
-        session->packAdd_packet->next = NULL;
+        packAdd_packet->data = data;
+        packAdd_packet->data_len = datalen;
+        packAdd_packet->data_head = session->packAdd_data_head;
+        packAdd_packet->mac = macstate;
 
-        if (session->packets.tail) {
-            session->packAdd_packet->prev = session->packets.tail;
-            session->packAdd_packet->prev->next = session->packAdd_packet;
-            session->packets.tail = session->packAdd_packet;
-        } else {
-            session->packets.head = session->packAdd_packet;
-            session->packets.tail = session->packAdd_packet;
-            session->packAdd_packet->prev = NULL;
-        }
+        _libssh2_list_add(&session->packets, &packAdd_packet->node);
 
         session->packAdd_state = libssh2_NB_state_sent1;
     }
@@ -919,7 +919,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
              * Well, it's already in the brigade,
              * let's just call back into ourselves
              */
-            _libssh2_debug(session, LIBSSH2_DBG_TRANS, "Renegotiating Keys");
+            _libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Renegotiating Keys");
 
             session->packAdd_state = libssh2_NB_state_sent2;
         }
@@ -948,7 +948,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
          */
         rc = libssh2_kex_exchange(session, 1, &session->startup_key_state);
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         }
     }
 
@@ -968,9 +968,9 @@ _libssh2_packet_ask(LIBSSH2_SESSION * session, unsigned char packet_type,
                     unsigned long match_ofs, const unsigned char *match_buf,
                     unsigned long match_len)
 {
-    LIBSSH2_PACKET *packet = session->packets.head;
+    LIBSSH2_PACKET *packet = _libssh2_list_first(&session->packets);
 
-    _libssh2_debug(session, LIBSSH2_DBG_TRANS,
+    _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
                    "Looking for packet of type: %d", (int) packet_type);
 
     while (packet) {
@@ -982,24 +982,14 @@ _libssh2_packet_ask(LIBSSH2_SESSION * session, unsigned char packet_type,
             *data = packet->data;
             *data_len = packet->data_len;
 
-            /* unlink struct */
-            if (packet->prev) {
-                packet->prev->next = packet->next;
-            } else {
-                session->packets.head = packet->next;
-            }
-
-            if (packet->next) {
-                packet->next->prev = packet->prev;
-            } else {
-                session->packets.tail = packet->prev;
-            }
+            /* unlink struct from session->packets */
+            _libssh2_list_remove(&packet->node);
 
             LIBSSH2_FREE(session, packet);
 
             return 0;
         }
-        packet = packet->next;
+        packet = _libssh2_list_next(&packet->node);
     }
     return -1;
 }
@@ -1060,13 +1050,10 @@ _libssh2_packet_require(LIBSSH2_SESSION * session, unsigned char packet_type,
     }
 
     while (session->socket_state == LIBSSH2_SOCKET_CONNECTED) {
-        libssh2pack_t ret = _libssh2_transport_read(session);
-        if (ret == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
-        } else if (ret == 0) {
-            /* There is no data, return that. TODO: is this really correct? */
-            return PACKET_EAGAIN;
-        } else if (ret < 0) {
+        int ret = _libssh2_transport_read(session);
+        if (ret == PACKET_EAGAIN)
+            return ret;
+        else if (ret < 0) {
             state->start = 0;
             /* an error which is not just because of blocking */
             return ret;
@@ -1078,17 +1065,18 @@ _libssh2_packet_require(LIBSSH2_SESSION * session, unsigned char packet_type,
             return ret;
         } else if (ret == 0) {
             /* nothing available, wait until data arrives or we time out */
-            long left = LIBSSH2_READ_TIMEOUT - (time(NULL) - state->start);
+            long left = LIBSSH2_READ_TIMEOUT - (long)(time(NULL) - state->start);
 
             if (left <= 0) {
                 state->start = 0;
                 return PACKET_TIMEOUT;
             }
+            return -1; /* no packet available yet */
         }
     }
 
     /* Only reached if the socket died */
-    return -1;
+    return LIBSSH2_ERROR_SOCKET_DISCONNECT;
 }
 
 /*
@@ -1121,14 +1109,15 @@ _libssh2_packet_burn(LIBSSH2_SESSION * session,
             return i;
         }
 
-        _libssh2_debug(session, LIBSSH2_DBG_TRANS,
+        _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
                        "Blocking until packet becomes available to burn");
         *state = libssh2_NB_state_created;
     }
 
     while (session->socket_state == LIBSSH2_SOCKET_CONNECTED) {
-        if ((ret = _libssh2_transport_read(session)) == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+        ret = _libssh2_transport_read(session);
+        if (ret == PACKET_EAGAIN) {
+            return ret;
         } else if (ret < 0) {
             *state = libssh2_NB_state_idle;
             return ret;
@@ -1148,7 +1137,7 @@ _libssh2_packet_burn(LIBSSH2_SESSION * session,
     }
 
     /* Only reached if the socket died */
-    return -1;
+    return LIBSSH2_ERROR_SOCKET_DISCONNECT;
 }
 
 /*
@@ -1187,14 +1176,14 @@ _libssh2_packet_requirev(LIBSSH2_SESSION * session,
             return ret;
         }
         if (ret <= 0) {
-            long left = LIBSSH2_READ_TIMEOUT - (time(NULL) - state->start);
+            long left = LIBSSH2_READ_TIMEOUT - (long)(time(NULL) - state->start);
 
             if (left <= 0) {
                 state->start = 0;
                 return PACKET_TIMEOUT;
             }
             else if (ret == PACKET_EAGAIN) {
-                return PACKET_EAGAIN;
+                return ret;
             }
         }
 
@@ -1208,6 +1197,6 @@ _libssh2_packet_requirev(LIBSSH2_SESSION * session,
 
     /* Only reached if the socket died */
     state->start = 0;
-    return -1;
+    return LIBSSH2_ERROR_SOCKET_DISCONNECT;
 }
 

src/pem.c

@@ -38,6 +38,8 @@
 
 #include "libssh2_priv.h"
 
+#ifdef LIBSSH2_LIBGCRYPT /* compile only if we build with libgcrypt */
+
 static int
 readline(char *line, int line_size, FILE * fp)
 {
@@ -207,3 +209,5 @@ _libssh2_pem_decode_integer(unsigned char **data, unsigned int *datalen,
 
     return 0;
 }
+
+#endif /* LIBSSH2_LIBGCRYPT */

src/publickey.c

@@ -37,6 +37,7 @@
 
 #include "libssh2_priv.h"
 #include "libssh2_publickey.h"
+#include "channel.h"
 
 #define LIBSSH2_PUBLICKEY_VERSION               2
 
@@ -168,9 +169,9 @@ publickey_packet_receive(LIBSSH2_PUBLICKEY * pkey,
     int rc;
 
     if (pkey->receive_state == libssh2_NB_state_idle) {
-        rc = libssh2_channel_read_ex(channel, 0, (char *) buffer, 4);
+        rc = _libssh2_channel_read(channel, 0, (char *) buffer, 4);
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         } else if (rc != 4) {
             libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL,
                           "Invalid response from publickey subsystem", 0);
@@ -190,10 +191,10 @@ publickey_packet_receive(LIBSSH2_PUBLICKEY * pkey,
     }
 
     if (pkey->receive_state == libssh2_NB_state_sent) {
-        rc = libssh2_channel_read_ex(channel, 0, (char *) pkey->receive_packet,
+        rc = _libssh2_channel_read(channel, 0, (char *) pkey->receive_packet,
                                    pkey->receive_packet_len);
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         } else if (rc != (int)pkey->receive_packet_len) {
             libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT,
                           "Timeout waiting for publickey subsystem response packet",
@@ -265,7 +266,7 @@ publickey_response_success(LIBSSH2_PUBLICKEY * pkey)
     while (1) {
         rc = publickey_packet_receive(pkey, &data, &data_len);
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         } else if (rc) {
             libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT,
                           "Timeout waiting for response from publickey subsystem",
@@ -352,7 +353,7 @@ libssh2_publickey_init(LIBSSH2_SESSION * session)
         session->pkeyInit_pkey = NULL;
         session->pkeyInit_channel = NULL;
 
-        _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY,
+        _libssh2_debug(session, LIBSSH2_TRACE_PUBLICKEY,
                        "Initializing publickey subsystem");
 
         session->pkeyInit_state = libssh2_NB_state_allocated;
@@ -433,7 +434,7 @@ libssh2_publickey_init(LIBSSH2_SESSION * session)
         _libssh2_htonu32(s, LIBSSH2_PUBLICKEY_VERSION);
         s += 4;
 
-        _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY,
+        _libssh2_debug(session, LIBSSH2_TRACE_PUBLICKEY,
                        "Sending publickey version packet advertising version %d support",
                        (int) LIBSSH2_PUBLICKEY_VERSION);
 
@@ -441,7 +442,7 @@ libssh2_publickey_init(LIBSSH2_SESSION * session)
     }
 
     if (session->pkeyInit_state == libssh2_NB_state_sent2) {
-        rc = libssh2_channel_write_ex(session->pkeyInit_channel, 0,
+        rc = _libssh2_channel_write(session->pkeyInit_channel, 0,
                                     (char *) buffer, (s - buffer));
         if (rc == PACKET_EAGAIN) {
             libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
@@ -518,13 +519,13 @@ libssh2_publickey_init(LIBSSH2_SESSION * session)
                 session->pkeyInit_pkey->version = _libssh2_ntohu32(s);
                 if (session->pkeyInit_pkey->version >
                     LIBSSH2_PUBLICKEY_VERSION) {
-                    _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY,
+                    _libssh2_debug(session, LIBSSH2_TRACE_PUBLICKEY,
                                    "Truncating remote publickey version from %lu",
                                    session->pkeyInit_pkey->version);
                     session->pkeyInit_pkey->version =
                         LIBSSH2_PUBLICKEY_VERSION;
                 }
-                _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY,
+                _libssh2_debug(session, LIBSSH2_TRACE_PUBLICKEY,
                                "Enabling publickey subsystem version %lu",
                                session->pkeyInit_pkey->version);
                 LIBSSH2_FREE(session, session->pkeyInit_data);
@@ -589,7 +590,7 @@ libssh2_publickey_add_ex(LIBSSH2_PUBLICKEY * pkey, const unsigned char *name,
     if (pkey->add_state == libssh2_NB_state_idle) {
         pkey->add_packet = NULL;
 
-        _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Adding %s publickey",
+        _libssh2_debug(session, LIBSSH2_TRACE_PUBLICKEY, "Adding %s publickey",
                        name);
 
         if (pkey->version == 1) {
@@ -670,7 +671,7 @@ libssh2_publickey_add_ex(LIBSSH2_PUBLICKEY * pkey, const unsigned char *name,
             }
         }
 
-        _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY,
+        _libssh2_debug(session, LIBSSH2_TRACE_PUBLICKEY,
                        "Sending publickey \"add\" packet: type=%s blob_len=%ld num_attrs=%ld",
                        name, blob_len, num_attrs);
 
@@ -678,10 +679,10 @@ libssh2_publickey_add_ex(LIBSSH2_PUBLICKEY * pkey, const unsigned char *name,
     }
 
     if (pkey->add_state == libssh2_NB_state_created) {
-        rc = libssh2_channel_write_ex(channel, 0, (char *) pkey->add_packet,
+        rc = _libssh2_channel_write(channel, 0, (char *) pkey->add_packet,
                                     (pkey->add_s - pkey->add_packet));
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         } else if ((pkey->add_s - pkey->add_packet) != rc) {
             libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
                           "Unable to send publickey add packet", 0);
@@ -697,7 +698,7 @@ libssh2_publickey_add_ex(LIBSSH2_PUBLICKEY * pkey, const unsigned char *name,
 
     rc = publickey_response_success(pkey);
     if (rc == PACKET_EAGAIN) {
-        return PACKET_EAGAIN;
+        return rc;
     }
 
     pkey->add_state = libssh2_NB_state_idle;
@@ -746,7 +747,7 @@ libssh2_publickey_remove_ex(LIBSSH2_PUBLICKEY * pkey,
         memcpy(pkey->remove_s, blob, blob_len);
         pkey->remove_s += blob_len;
 
-        _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY,
+        _libssh2_debug(session, LIBSSH2_TRACE_PUBLICKEY,
                        "Sending publickey \"remove\" packet: type=%s blob_len=%ld",
                        name, blob_len);
 
@@ -754,10 +755,10 @@ libssh2_publickey_remove_ex(LIBSSH2_PUBLICKEY * pkey,
     }
 
     if (pkey->remove_state == libssh2_NB_state_created) {
-        rc = libssh2_channel_write_ex(channel, 0, (char *) pkey->remove_packet,
+        rc = _libssh2_channel_write(channel, 0, (char *) pkey->remove_packet,
                                     (pkey->remove_s - pkey->remove_packet));
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         } else if ((pkey->remove_s - pkey->remove_packet) != rc) {
             libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
                           "Unable to send publickey remove packet", 0);
@@ -774,7 +775,7 @@ libssh2_publickey_remove_ex(LIBSSH2_PUBLICKEY * pkey,
 
     rc = publickey_response_success(pkey);
     if (rc == PACKET_EAGAIN) {
-        return PACKET_EAGAIN;
+        return rc;
     }
 
     pkey->remove_state = libssh2_NB_state_idle;
@@ -808,19 +809,19 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys,
         memcpy(pkey->listFetch_s, "list", sizeof("list") - 1);
         pkey->listFetch_s += sizeof("list") - 1;
 
-        _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY,
+        _libssh2_debug(session, LIBSSH2_TRACE_PUBLICKEY,
                        "Sending publickey \"list\" packet");
 
         pkey->listFetch_state = libssh2_NB_state_created;
     }
 
     if (pkey->listFetch_state == libssh2_NB_state_created) {
-        rc = libssh2_channel_write_ex(channel, 0,
+        rc = _libssh2_channel_write(channel, 0,
                                     (char *) pkey->listFetch_buffer,
                                     (pkey->listFetch_s -
                                      pkey->listFetch_buffer));
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         } else if ((pkey->listFetch_s - pkey->listFetch_buffer) != rc) {
             libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
                           "Unable to send publickey list packet", 0);
@@ -835,7 +836,7 @@ libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys,
         rc = publickey_packet_receive(pkey, &pkey->listFetch_data,
                                       &pkey->listFetch_data_len);
         if (rc == PACKET_EAGAIN) {
-            return PACKET_EAGAIN;
+            return rc;
         } else if (rc) {
             libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT,
                           "Timeout waiting for response from publickey subsystem",
@@ -1040,6 +1041,7 @@ LIBSSH2_API int
 libssh2_publickey_shutdown(LIBSSH2_PUBLICKEY * pkey)
 {
     LIBSSH2_SESSION *session = pkey->channel->session;
+    int rc;
 
     /*
      * Make sure all memory used in the state variables are free
@@ -1061,9 +1063,9 @@ libssh2_publickey_shutdown(LIBSSH2_PUBLICKEY * pkey)
         pkey->listFetch_data = NULL;
     }
 
-    if (libssh2_channel_free(pkey->channel) == PACKET_EAGAIN) {
-        return PACKET_EAGAIN;
-    }
+    rc = libssh2_channel_free(pkey->channel);
+    if (rc == PACKET_EAGAIN)
+        return rc;
 
     LIBSSH2_FREE(session, pkey);
     return 0;