|  | @@ -10,6 +10,7 @@
 | 
	
		
			
				|  |  |  #include <signal.h>
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  #include "putty.h"
 | 
	
		
			
				|  |  | +#include "pageant.h" /* for AGENT_MAX_MSGLEN */
 | 
	
		
			
				|  |  |  #include "tree234.h"
 | 
	
		
			
				|  |  |  #include "storage.h"
 | 
	
		
			
				|  |  |  #include "ssh.h"
 | 
	
	
		
			
				|  | @@ -573,10 +574,8 @@ struct ssh_channel {
 | 
	
		
			
				|  |  |      } v;
 | 
	
		
			
				|  |  |      union {
 | 
	
		
			
				|  |  |  	struct ssh_agent_channel {
 | 
	
		
			
				|  |  | -	    unsigned char *message;
 | 
	
		
			
				|  |  | -	    unsigned char msglen[4];
 | 
	
		
			
				|  |  | -	    unsigned lensofar, totallen;
 | 
	
		
			
				|  |  | -            int outstanding_requests;
 | 
	
		
			
				|  |  | +            bufchain inbuffer;
 | 
	
		
			
				|  |  | +            agent_pending_query *pending;
 | 
	
		
			
				|  |  |  	} a;
 | 
	
		
			
				|  |  |  	struct ssh_x11_channel {
 | 
	
		
			
				|  |  |  	    struct X11Connection *xconn;
 | 
	
	
		
			
				|  | @@ -985,6 +984,13 @@ struct ssh_tag {
 | 
	
		
			
				|  |  |       * with a newly cross-certified host key.
 | 
	
		
			
				|  |  |       */
 | 
	
		
			
				|  |  |      int cross_certifying;
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    /*
 | 
	
		
			
				|  |  | +     * Any asynchronous query to our SSH agent that we might have in
 | 
	
		
			
				|  |  | +     * flight from the main authentication loop. (Queries from
 | 
	
		
			
				|  |  | +     * agent-forwarding channels live in their channel structure.)
 | 
	
		
			
				|  |  | +     */
 | 
	
		
			
				|  |  | +    agent_pending_query *auth_agent_query;
 | 
	
		
			
				|  |  |  };
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  static const char *ssh_pkt_type(Ssh ssh, int type)
 | 
	
	
		
			
				|  | @@ -3789,6 +3795,8 @@ static void ssh_throttle_conn(Ssh ssh, int adjust)
 | 
	
		
			
				|  |  |      }
 | 
	
		
			
				|  |  |  }
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | +static void ssh_agentf_try_forward(struct ssh_channel *c);
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  |  /*
 | 
	
		
			
				|  |  |   * Throttle or unthrottle _all_ local data streams (for when sends
 | 
	
		
			
				|  |  |   * on the SSH connection itself back up).
 | 
	
	
		
			
				|  | @@ -3815,7 +3823,12 @@ static void ssh_throttle_all(Ssh ssh, int enable, int bufsize)
 | 
	
		
			
				|  |  |  	    x11_override_throttle(c->u.x11.xconn, enable);
 | 
	
		
			
				|  |  |  	    break;
 | 
	
		
			
				|  |  |  	  case CHAN_AGENT:
 | 
	
		
			
				|  |  | -	    /* Agent channels require no buffer management. */
 | 
	
		
			
				|  |  | +	    /* Agent forwarding channels are buffer-managed by
 | 
	
		
			
				|  |  | +             * checking ssh->throttled_all in ssh_agentf_try_forward.
 | 
	
		
			
				|  |  | +             * So at the moment we _un_throttle again, we must make an
 | 
	
		
			
				|  |  | +             * attempt to do something. */
 | 
	
		
			
				|  |  | +            if (!enable)
 | 
	
		
			
				|  |  | +                ssh_agentf_try_forward(c);
 | 
	
		
			
				|  |  |  	    break;
 | 
	
		
			
				|  |  |  	  case CHAN_SOCKDATA:
 | 
	
		
			
				|  |  |  	    pfd_override_throttle(c->u.pfd.pf, enable);
 | 
	
	
		
			
				|  | @@ -3828,6 +3841,8 @@ static void ssh_agent_callback(void *sshv, void *reply, int replylen)
 | 
	
		
			
				|  |  |  {
 | 
	
		
			
				|  |  |      Ssh ssh = (Ssh) sshv;
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | +    ssh->auth_agent_query = NULL;
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  |      ssh->agent_response = reply;
 | 
	
		
			
				|  |  |      ssh->agent_response_len = replylen;
 | 
	
		
			
				|  |  |  
 | 
	
	
		
			
				|  | @@ -3855,28 +3870,139 @@ static void ssh_dialog_callback(void *sshv, int ret)
 | 
	
		
			
				|  |  |      ssh_process_queued_incoming_data(ssh);
 | 
	
		
			
				|  |  |  }
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -static void ssh_agentf_callback(void *cv, void *reply, int replylen)
 | 
	
		
			
				|  |  | +static void ssh_agentf_got_response(struct ssh_channel *c,
 | 
	
		
			
				|  |  | +                                    void *reply, int replylen)
 | 
	
		
			
				|  |  |  {
 | 
	
		
			
				|  |  | -    struct ssh_channel *c = (struct ssh_channel *)cv;
 | 
	
		
			
				|  |  | -    const void *sentreply = reply;
 | 
	
		
			
				|  |  | +    c->u.a.pending = NULL;
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | -    c->u.a.outstanding_requests--;
 | 
	
		
			
				|  |  | -    if (!sentreply) {
 | 
	
		
			
				|  |  | -	/* Fake SSH_AGENT_FAILURE. */
 | 
	
		
			
				|  |  | -	sentreply = "\0\0\0\1\5";
 | 
	
		
			
				|  |  | +    assert(!(c->closes & CLOSES_SENT_EOF));
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    if (!reply) {
 | 
	
		
			
				|  |  | +	/* The real agent didn't send any kind of reply at all for
 | 
	
		
			
				|  |  | +         * some reason, so fake an SSH_AGENT_FAILURE. */
 | 
	
		
			
				|  |  | +	reply = "\0\0\0\1\5";
 | 
	
		
			
				|  |  |  	replylen = 5;
 | 
	
		
			
				|  |  |      }
 | 
	
		
			
				|  |  | -    ssh_send_channel_data(c, sentreply, replylen);
 | 
	
		
			
				|  |  | -    if (reply)
 | 
	
		
			
				|  |  | -	sfree(reply);
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    ssh_send_channel_data(c, reply, replylen);
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +static void ssh_agentf_callback(void *cv, void *reply, int replylen);
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +static void ssh_agentf_try_forward(struct ssh_channel *c)
 | 
	
		
			
				|  |  | +{
 | 
	
		
			
				|  |  | +    unsigned datalen, lengthfield, messagelen;
 | 
	
		
			
				|  |  | +    unsigned char *message;
 | 
	
		
			
				|  |  | +    unsigned char msglen[4];
 | 
	
		
			
				|  |  | +    void *reply;
 | 
	
		
			
				|  |  | +    int replylen;
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    /*
 | 
	
		
			
				|  |  | +     * Don't try to parallelise agent requests. Wait for each one to
 | 
	
		
			
				|  |  | +     * return before attempting the next.
 | 
	
		
			
				|  |  | +     */
 | 
	
		
			
				|  |  | +    if (c->u.a.pending)
 | 
	
		
			
				|  |  | +        return;
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    /*
 | 
	
		
			
				|  |  | +     * If the outgoing side of the channel connection is currently
 | 
	
		
			
				|  |  | +     * throttled (for any reason, either that channel's window size or
 | 
	
		
			
				|  |  | +     * the entire SSH connection being throttled), don't submit any
 | 
	
		
			
				|  |  | +     * new forwarded requests to the real agent. This causes the input
 | 
	
		
			
				|  |  | +     * side of the agent forwarding not to be emptied, exerting the
 | 
	
		
			
				|  |  | +     * required back-pressure on the remote client, and encouraging it
 | 
	
		
			
				|  |  | +     * to read our responses before sending too many more requests.
 | 
	
		
			
				|  |  | +     */
 | 
	
		
			
				|  |  | +    if (c->ssh->throttled_all ||
 | 
	
		
			
				|  |  | +        (c->ssh->version == 2 && c->v.v2.remwindow == 0))
 | 
	
		
			
				|  |  | +        return;
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    if (c->closes & CLOSES_SENT_EOF) {
 | 
	
		
			
				|  |  | +        /*
 | 
	
		
			
				|  |  | +         * If we've already sent outgoing EOF, there's nothing we can
 | 
	
		
			
				|  |  | +         * do with incoming data except consume it and throw it away.
 | 
	
		
			
				|  |  | +         */
 | 
	
		
			
				|  |  | +        bufchain_clear(&c->u.a.inbuffer);
 | 
	
		
			
				|  |  | +        return;
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    while (1) {
 | 
	
		
			
				|  |  | +        /*
 | 
	
		
			
				|  |  | +         * Try to extract a complete message from the input buffer.
 | 
	
		
			
				|  |  | +         */
 | 
	
		
			
				|  |  | +        datalen = bufchain_size(&c->u.a.inbuffer);
 | 
	
		
			
				|  |  | +        if (datalen < 4)
 | 
	
		
			
				|  |  | +            break;         /* not even a length field available yet */
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +        bufchain_fetch(&c->u.a.inbuffer, msglen, 4);
 | 
	
		
			
				|  |  | +        lengthfield = GET_32BIT(msglen);
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +        if (lengthfield > AGENT_MAX_MSGLEN) {
 | 
	
		
			
				|  |  | +            /*
 | 
	
		
			
				|  |  | +             * If the remote has sent a message that's just _too_
 | 
	
		
			
				|  |  | +             * long, we should reject it in advance of seeing the rest
 | 
	
		
			
				|  |  | +             * of the incoming message, and also close the connection
 | 
	
		
			
				|  |  | +             * for good measure (which avoids us having to faff about
 | 
	
		
			
				|  |  | +             * with carefully ignoring just the right number of bytes
 | 
	
		
			
				|  |  | +             * from the overlong message).
 | 
	
		
			
				|  |  | +             */
 | 
	
		
			
				|  |  | +            ssh_agentf_got_response(c, NULL, 0);
 | 
	
		
			
				|  |  | +            sshfwd_write_eof(c);
 | 
	
		
			
				|  |  | +            return;
 | 
	
		
			
				|  |  | +        }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +        if (lengthfield > datalen - 4)
 | 
	
		
			
				|  |  | +            break;          /* a whole message is not yet available */
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +        messagelen = lengthfield + 4;
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +        message = snewn(messagelen, unsigned char);
 | 
	
		
			
				|  |  | +        bufchain_fetch(&c->u.a.inbuffer, message, messagelen);
 | 
	
		
			
				|  |  | +        bufchain_consume(&c->u.a.inbuffer, messagelen);
 | 
	
		
			
				|  |  | +        c->u.a.pending = agent_query(
 | 
	
		
			
				|  |  | +            message, messagelen, &reply, &replylen, ssh_agentf_callback, c);
 | 
	
		
			
				|  |  | +        sfree(message);
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +        if (c->u.a.pending)
 | 
	
		
			
				|  |  | +            return;   /* agent_query promised to reply in due course */
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +        /*
 | 
	
		
			
				|  |  | +         * If the agent gave us an answer immediately, pass it
 | 
	
		
			
				|  |  | +         * straight on and go round this loop again.
 | 
	
		
			
				|  |  | +         */
 | 
	
		
			
				|  |  | +        ssh_agentf_got_response(c, reply, replylen);
 | 
	
		
			
				|  |  | +    }
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  |      /*
 | 
	
		
			
				|  |  | -     * If we've already seen an incoming EOF but haven't sent an
 | 
	
		
			
				|  |  | -     * outgoing one, this may be the moment to send it.
 | 
	
		
			
				|  |  | +     * If we get here (i.e. we left the above while loop via 'break'
 | 
	
		
			
				|  |  | +     * rather than 'return'), that means we've determined that the
 | 
	
		
			
				|  |  | +     * input buffer for the agent forwarding connection doesn't
 | 
	
		
			
				|  |  | +     * contain a complete request.
 | 
	
		
			
				|  |  | +     *
 | 
	
		
			
				|  |  | +     * So if there's potentially more data to come, we can return now,
 | 
	
		
			
				|  |  | +     * and wait for the remote client to send it. But if the remote
 | 
	
		
			
				|  |  | +     * has sent EOF, it would be a mistake to do that, because we'd be
 | 
	
		
			
				|  |  | +     * waiting a long time. So this is the moment to check for EOF,
 | 
	
		
			
				|  |  | +     * and respond appropriately.
 | 
	
		
			
				|  |  |       */
 | 
	
		
			
				|  |  | -    if (c->u.a.outstanding_requests == 0 && (c->closes & CLOSES_RCVD_EOF))
 | 
	
		
			
				|  |  | +    if (c->closes & CLOSES_RCVD_EOF)
 | 
	
		
			
				|  |  |          sshfwd_write_eof(c);
 | 
	
		
			
				|  |  |  }
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | +static void ssh_agentf_callback(void *cv, void *reply, int replylen)
 | 
	
		
			
				|  |  | +{
 | 
	
		
			
				|  |  | +    struct ssh_channel *c = (struct ssh_channel *)cv;
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    ssh_agentf_got_response(c, reply, replylen);
 | 
	
		
			
				|  |  | +    sfree(reply);
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    /*
 | 
	
		
			
				|  |  | +     * Now try to extract and send further messages from the channel's
 | 
	
		
			
				|  |  | +     * input-side buffer.
 | 
	
		
			
				|  |  | +     */
 | 
	
		
			
				|  |  | +    ssh_agentf_try_forward(c);
 | 
	
		
			
				|  |  | +}
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  |  /*
 | 
	
		
			
				|  |  |   * Client-initiated disconnection. Send a DISCONNECT if `wire_reason'
 | 
	
		
			
				|  |  |   * non-NULL, otherwise just close the connection. `client_reason' == NULL
 | 
	
	
		
			
				|  | @@ -4379,8 +4505,9 @@ static int do_ssh1_login(Ssh ssh, const unsigned char *in, int inlen,
 | 
	
		
			
				|  |  |  	    /* Request the keys held by the agent. */
 | 
	
		
			
				|  |  |  	    PUT_32BIT(s->request, 1);
 | 
	
		
			
				|  |  |  	    s->request[4] = SSH1_AGENTC_REQUEST_RSA_IDENTITIES;
 | 
	
		
			
				|  |  | -	    if (!agent_query(s->request, 5, &r, &s->responselen,
 | 
	
		
			
				|  |  | -			     ssh_agent_callback, ssh)) {
 | 
	
		
			
				|  |  | +            ssh->auth_agent_query = agent_query(
 | 
	
		
			
				|  |  | +                s->request, 5, &r, &s->responselen, ssh_agent_callback, ssh);
 | 
	
		
			
				|  |  | +	    if (ssh->auth_agent_query) {
 | 
	
		
			
				|  |  |  		do {
 | 
	
		
			
				|  |  |  		    crReturn(0);
 | 
	
		
			
				|  |  |  		    if (pktin) {
 | 
	
	
		
			
				|  | @@ -4485,8 +4612,10 @@ static int do_ssh1_login(Ssh ssh, const unsigned char *in, int inlen,
 | 
	
		
			
				|  |  |  			memcpy(q, s->session_id, 16);
 | 
	
		
			
				|  |  |  			q += 16;
 | 
	
		
			
				|  |  |  			PUT_32BIT(q, 1);	/* response format */
 | 
	
		
			
				|  |  | -			if (!agent_query(agentreq, len + 4, &vret, &retlen,
 | 
	
		
			
				|  |  | -					 ssh_agent_callback, ssh)) {
 | 
	
		
			
				|  |  | +                        ssh->auth_agent_query = agent_query(
 | 
	
		
			
				|  |  | +                            agentreq, len + 4, &vret, &retlen,
 | 
	
		
			
				|  |  | +                            ssh_agent_callback, ssh);
 | 
	
		
			
				|  |  | +			if (ssh->auth_agent_query) {
 | 
	
		
			
				|  |  |  			    sfree(agentreq);
 | 
	
		
			
				|  |  |  			    do {
 | 
	
		
			
				|  |  |  				crReturn(0);
 | 
	
	
		
			
				|  | @@ -5556,9 +5685,8 @@ static void ssh1_smsg_agent_open(Ssh ssh, struct Packet *pktin)
 | 
	
		
			
				|  |  |  	c->remoteid = remoteid;
 | 
	
		
			
				|  |  |  	c->halfopen = FALSE;
 | 
	
		
			
				|  |  |  	c->type = CHAN_AGENT;	/* identify channel type */
 | 
	
		
			
				|  |  | -	c->u.a.lensofar = 0;
 | 
	
		
			
				|  |  | -	c->u.a.message = NULL;
 | 
	
		
			
				|  |  | -	c->u.a.outstanding_requests = 0;
 | 
	
		
			
				|  |  | +	c->u.a.pending = NULL;
 | 
	
		
			
				|  |  | +        bufchain_init(&c->u.a.inbuffer);
 | 
	
		
			
				|  |  |  	send_packet(ssh, SSH1_MSG_CHANNEL_OPEN_CONFIRMATION,
 | 
	
		
			
				|  |  |  		    PKT_INT, c->remoteid, PKT_INT, c->localid,
 | 
	
		
			
				|  |  |  		    PKT_END);
 | 
	
	
		
			
				|  | @@ -5699,40 +5827,18 @@ static void ssh1_msg_channel_close(Ssh ssh, struct Packet *pktin)
 | 
	
		
			
				|  |  |  static int ssh_agent_channel_data(struct ssh_channel *c, char *data,
 | 
	
		
			
				|  |  |  				  int length)
 | 
	
		
			
				|  |  |  {
 | 
	
		
			
				|  |  | -    while (length > 0) {
 | 
	
		
			
				|  |  | -	if (c->u.a.lensofar < 4) {
 | 
	
		
			
				|  |  | -	    unsigned int l = min(4 - c->u.a.lensofar, (unsigned)length);
 | 
	
		
			
				|  |  | -	    memcpy(c->u.a.msglen + c->u.a.lensofar, data, l);
 | 
	
		
			
				|  |  | -	    data += l;
 | 
	
		
			
				|  |  | -	    length -= l;
 | 
	
		
			
				|  |  | -	    c->u.a.lensofar += l;
 | 
	
		
			
				|  |  | -	}
 | 
	
		
			
				|  |  | -	if (c->u.a.lensofar == 4) {
 | 
	
		
			
				|  |  | -	    c->u.a.totallen = 4 + GET_32BIT(c->u.a.msglen);
 | 
	
		
			
				|  |  | -	    c->u.a.message = snewn(c->u.a.totallen, unsigned char);
 | 
	
		
			
				|  |  | -	    memcpy(c->u.a.message, c->u.a.msglen, 4);
 | 
	
		
			
				|  |  | -	}
 | 
	
		
			
				|  |  | -	if (c->u.a.lensofar >= 4 && length > 0) {
 | 
	
		
			
				|  |  | -	    unsigned int l = min(c->u.a.totallen - c->u.a.lensofar,
 | 
	
		
			
				|  |  | -				 (unsigned)length);
 | 
	
		
			
				|  |  | -	    memcpy(c->u.a.message + c->u.a.lensofar, data, l);
 | 
	
		
			
				|  |  | -	    data += l;
 | 
	
		
			
				|  |  | -	    length -= l;
 | 
	
		
			
				|  |  | -	    c->u.a.lensofar += l;
 | 
	
		
			
				|  |  | -	}
 | 
	
		
			
				|  |  | -	if (c->u.a.lensofar == c->u.a.totallen) {
 | 
	
		
			
				|  |  | -	    void *reply;
 | 
	
		
			
				|  |  | -	    int replylen;
 | 
	
		
			
				|  |  | -            c->u.a.outstanding_requests++;
 | 
	
		
			
				|  |  | -	    if (agent_query(c->u.a.message, c->u.a.totallen, &reply, &replylen,
 | 
	
		
			
				|  |  | -			    ssh_agentf_callback, c))
 | 
	
		
			
				|  |  | -		ssh_agentf_callback(c, reply, replylen);
 | 
	
		
			
				|  |  | -	    sfree(c->u.a.message);
 | 
	
		
			
				|  |  | -            c->u.a.message = NULL;
 | 
	
		
			
				|  |  | -	    c->u.a.lensofar = 0;
 | 
	
		
			
				|  |  | -	}
 | 
	
		
			
				|  |  | -    }
 | 
	
		
			
				|  |  | -    return 0;   /* agent channels never back up */
 | 
	
		
			
				|  |  | +    bufchain_add(&c->u.a.inbuffer, data, length);
 | 
	
		
			
				|  |  | +    ssh_agentf_try_forward(c);
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    /*
 | 
	
		
			
				|  |  | +     * We exert back-pressure on an agent forwarding client if and
 | 
	
		
			
				|  |  | +     * only if we're waiting for the response to an asynchronous agent
 | 
	
		
			
				|  |  | +     * request. This prevents the client running out of window while
 | 
	
		
			
				|  |  | +     * receiving the _first_ message, but means that if any message
 | 
	
		
			
				|  |  | +     * takes time to process, the client will be discouraged from
 | 
	
		
			
				|  |  | +     * sending an endless stream of further ones after it.
 | 
	
		
			
				|  |  | +     */
 | 
	
		
			
				|  |  | +    return (c->u.a.pending ? bufchain_size(&c->u.a.inbuffer) : 0);
 | 
	
		
			
				|  |  |  }
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  static int ssh_channel_data(struct ssh_channel *c, int is_stderr,
 | 
	
	
		
			
				|  | @@ -7348,6 +7454,7 @@ static void do_ssh2_transport(Ssh ssh, const void *vin, int inlen,
 | 
	
		
			
				|  |  |          s->fingerprint = ssh2_fingerprint(ssh->hostkey, s->hkey);
 | 
	
		
			
				|  |  |          logevent("Storing additional host key for this host:");
 | 
	
		
			
				|  |  |          logevent(s->fingerprint);
 | 
	
		
			
				|  |  | +        sfree(s->fingerprint);
 | 
	
		
			
				|  |  |          store_host_key(ssh->savedhost, ssh->savedport,
 | 
	
		
			
				|  |  |                         ssh->hostkey->keytype, s->keystr);
 | 
	
		
			
				|  |  |          ssh->cross_certifying = FALSE;
 | 
	
	
		
			
				|  | @@ -7740,8 +7847,9 @@ static void ssh2_try_send_and_unthrottle(Ssh ssh, struct ssh_channel *c)
 | 
	
		
			
				|  |  |  	    x11_unthrottle(c->u.x11.xconn);
 | 
	
		
			
				|  |  |  	    break;
 | 
	
		
			
				|  |  |  	  case CHAN_AGENT:
 | 
	
		
			
				|  |  | -	    /* agent sockets are request/response and need no
 | 
	
		
			
				|  |  | -	     * buffer management */
 | 
	
		
			
				|  |  | +            /* Now that we've successfully sent all the outgoing
 | 
	
		
			
				|  |  | +             * replies we had, try to process more incoming data. */
 | 
	
		
			
				|  |  | +            ssh_agentf_try_forward(c);
 | 
	
		
			
				|  |  |  	    break;
 | 
	
		
			
				|  |  |  	  case CHAN_SOCKDATA:
 | 
	
		
			
				|  |  |  	    pfd_unthrottle(c->u.pfd.pf);
 | 
	
	
		
			
				|  | @@ -8165,7 +8273,10 @@ static void ssh_channel_close_local(struct ssh_channel *c, char const *reason)
 | 
	
		
			
				|  |  |          msg = "Forwarded X11 connection terminated";
 | 
	
		
			
				|  |  |          break;
 | 
	
		
			
				|  |  |        case CHAN_AGENT:
 | 
	
		
			
				|  |  | -        sfree(c->u.a.message);
 | 
	
		
			
				|  |  | +        if (c->u.a.pending)
 | 
	
		
			
				|  |  | +            agent_cancel_query(c->u.a.pending);
 | 
	
		
			
				|  |  | +        bufchain_clear(&c->u.a.inbuffer);
 | 
	
		
			
				|  |  | +	msg = "Agent-forwarding connection closed";
 | 
	
		
			
				|  |  |          break;
 | 
	
		
			
				|  |  |        case CHAN_SOCKDATA:
 | 
	
		
			
				|  |  |          assert(c->u.pfd.pf != NULL);
 | 
	
	
		
			
				|  | @@ -8253,10 +8364,10 @@ static void ssh_channel_got_eof(struct ssh_channel *c)
 | 
	
		
			
				|  |  |  	assert(c->u.x11.xconn != NULL);
 | 
	
		
			
				|  |  |  	x11_send_eof(c->u.x11.xconn);
 | 
	
		
			
				|  |  |      } else if (c->type == CHAN_AGENT) {
 | 
	
		
			
				|  |  | -        if (c->u.a.outstanding_requests == 0) {
 | 
	
		
			
				|  |  | -            /* Manufacture an outgoing EOF in response to the incoming one. */
 | 
	
		
			
				|  |  | -            sshfwd_write_eof(c);
 | 
	
		
			
				|  |  | -        }
 | 
	
		
			
				|  |  | +        /* Just call try_forward, which will respond to the EOF now if
 | 
	
		
			
				|  |  | +         * appropriate, or wait until the queue of outstanding
 | 
	
		
			
				|  |  | +         * requests is dealt with if not */
 | 
	
		
			
				|  |  | +        ssh_agentf_try_forward(c);
 | 
	
		
			
				|  |  |      } else if (c->type == CHAN_SOCKDATA) {
 | 
	
		
			
				|  |  |  	assert(c->u.pfd.pf != NULL);
 | 
	
		
			
				|  |  |  	pfd_send_eof(c->u.pfd.pf);
 | 
	
	
		
			
				|  | @@ -8810,9 +8921,8 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
 | 
	
		
			
				|  |  |  	    error = "Agent forwarding is not enabled";
 | 
	
		
			
				|  |  |  	else {
 | 
	
		
			
				|  |  |  	    c->type = CHAN_AGENT;	/* identify channel type */
 | 
	
		
			
				|  |  | -	    c->u.a.lensofar = 0;
 | 
	
		
			
				|  |  | -            c->u.a.message = NULL;
 | 
	
		
			
				|  |  | -            c->u.a.outstanding_requests = 0;
 | 
	
		
			
				|  |  | +            bufchain_init(&c->u.a.inbuffer);
 | 
	
		
			
				|  |  | +            c->u.a.pending = NULL;
 | 
	
		
			
				|  |  |  	}
 | 
	
		
			
				|  |  |      } else {
 | 
	
		
			
				|  |  |  	error = "Unsupported channel type requested";
 | 
	
	
		
			
				|  | @@ -9324,8 +9434,10 @@ static void do_ssh2_authconn(Ssh ssh, const unsigned char *in, int inlen,
 | 
	
		
			
				|  |  |  	    /* Request the keys held by the agent. */
 | 
	
		
			
				|  |  |  	    PUT_32BIT(s->agent_request, 1);
 | 
	
		
			
				|  |  |  	    s->agent_request[4] = SSH2_AGENTC_REQUEST_IDENTITIES;
 | 
	
		
			
				|  |  | -	    if (!agent_query(s->agent_request, 5, &r, &s->agent_responselen,
 | 
	
		
			
				|  |  | -			     ssh_agent_callback, ssh)) {
 | 
	
		
			
				|  |  | +            ssh->auth_agent_query = agent_query(
 | 
	
		
			
				|  |  | +                s->agent_request, 5, &r, &s->agent_responselen,
 | 
	
		
			
				|  |  | +                ssh_agent_callback, ssh);
 | 
	
		
			
				|  |  | +	    if (ssh->auth_agent_query) {
 | 
	
		
			
				|  |  |  		do {
 | 
	
		
			
				|  |  |  		    crReturnV;
 | 
	
		
			
				|  |  |  		    if (pktin) {
 | 
	
	
		
			
				|  | @@ -9769,9 +9881,10 @@ static void do_ssh2_authconn(Ssh ssh, const unsigned char *in, int inlen,
 | 
	
		
			
				|  |  |  		    s->q += s->pktout->length - 5;
 | 
	
		
			
				|  |  |  		    /* And finally the (zero) flags word. */
 | 
	
		
			
				|  |  |  		    PUT_32BIT(s->q, 0);
 | 
	
		
			
				|  |  | -		    if (!agent_query(s->agentreq, s->len + 4,
 | 
	
		
			
				|  |  | -				     &vret, &s->retlen,
 | 
	
		
			
				|  |  | -				     ssh_agent_callback, ssh)) {
 | 
	
		
			
				|  |  | +                    ssh->auth_agent_query = agent_query(
 | 
	
		
			
				|  |  | +                        s->agentreq, s->len + 4, &vret, &s->retlen,
 | 
	
		
			
				|  |  | +                        ssh_agent_callback, ssh);
 | 
	
		
			
				|  |  | +                    if (ssh->auth_agent_query) {
 | 
	
		
			
				|  |  |  			do {
 | 
	
		
			
				|  |  |  			    crReturnV;
 | 
	
		
			
				|  |  |  			    if (pktin) {
 | 
	
	
		
			
				|  | @@ -11272,6 +11385,8 @@ static const char *ssh_init(void *frontend_handle, void **backend_handle,
 | 
	
		
			
				|  |  |  						      CONF_ssh_rekey_data));
 | 
	
		
			
				|  |  |      ssh->kex_in_progress = FALSE;
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  | +    ssh->auth_agent_query = NULL;
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  |  #ifndef NO_GSSAPI
 | 
	
		
			
				|  |  |      ssh->gsslibs = NULL;
 | 
	
		
			
				|  |  |  #endif
 | 
	
	
		
			
				|  | @@ -11388,6 +11503,10 @@ static void ssh_free(void *handle)
 | 
	
		
			
				|  |  |      bufchain_clear(&ssh->queued_incoming_data);
 | 
	
		
			
				|  |  |      sfree(ssh->username);
 | 
	
		
			
				|  |  |      conf_free(ssh->conf);
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  | +    if (ssh->auth_agent_query)
 | 
	
		
			
				|  |  | +        agent_cancel_query(ssh->auth_agent_query);
 | 
	
		
			
				|  |  | +
 | 
	
		
			
				|  |  |  #ifndef NO_GSSAPI
 | 
	
		
			
				|  |  |      if (ssh->gsslibs)
 | 
	
		
			
				|  |  |  	ssh_gss_cleanup(ssh->gsslibs);
 |