*.DSA
*.DSA/*
*.GID
*.GID/*
*.RES
*.RES/*
*.RSA
*.RSA/*
*.a
*.a/*
*.cnt
*.cnt/*
*.dsp
*.dsp/*
*.dsw
*.dsw/*
*.exe

*.rsp/*
*.td2
*.td2/*
*.tds
*.tds/*
.bmake
.bmake/*
.deps
.deps/*
.svn/*.DSA
.svn/*.DSA/*
.svn/*.GID
.svn/*.GID/*
.svn/*.RES
.svn/*.RES/*
.svn/*.RSA
.svn/*.RSA/*
.svn/*.a
.svn/*.a/*
.svn/*.cnt
.svn/*.cnt/*
.svn/*.dsp
.svn/*.dsp/*
.svn/*.dsw
.svn/*.dsw/*
.svn/*.exe

.svn/*.rsp/*
.svn/*.td2
.svn/*.td2/*
.svn/*.tds
.svn/*.tds/*
.svn/.bmake
.svn/.bmake/*
.svn/.deps
.svn/.deps/*
.svn/MSVC
.svn/MSVC/*
.svn/Makefile
.svn/Makefile.bor
.svn/Makefile.bor/*
.svn/Makefile.cyg
.svn/Makefile.cyg/*
.svn/Makefile.lcc
.svn/Makefile.lcc/*
.svn/Makefile.vc
.svn/Makefile.vc/*
.svn/Makefile/*
.svn/Output
.svn/Output/*
.svn/build.log
.svn/build.log/*
.svn/build.out
.svn/build.out/*
.svn/config.status
.svn/config.status/*
.svn/empty.h
.svn/empty.h/*
.svn/local
.svn/local/*
.svn/pageant
.svn/pageant/*
.svn/plink
.svn/plink/*
.svn/pscp
.svn/pscp/*
.svn/psftp
.svn/psftp/*
.svn/pterm
.svn/pterm/*
.svn/putty
.svn/putty/*
.svn/puttygen
.svn/puttygen/*
.svn/puttytel
.svn/puttytel/*
.svn/stamp-h1
.svn/stamp-h1/*
.svn/uxconfig.h
.svn/uxconfig.h/*
MSVC
MSVC/*
Makefile
Makefile.bor
Makefile.bor/*
Makefile.cyg
Makefile.cyg/*
Makefile.lcc
Makefile.lcc/*
Makefile.vc
Makefile.vc/*
Makefile/*
Output
Output/*
build.log
build.log/*
build.out
build.out/*
charset/sbcsdat.c
charset/sbcsdat.c/*
config.status
config.status/*
contrib/cygtermd/cygtermd.exe
contrib/cygtermd/cygtermd.exe/*
doc/*.1
doc/*.1/*
doc/*.GID
doc/*.GID/*
doc/*.chm

doc/*.info/*
doc/*.log
doc/*.log/*
doc/*.txt
doc/*.txt/*
doc/vstr.but
doc/vstr.but/*
empty.h
empty.h/*
icons/*.c
icons/*.c/*
icons/*.ico
icons/*.ico/*
icons/*.png
icons/*.png/*
icons/*.xpm

pageant/*
plink
plink/*
pscp
pscp/*
psftp
psftp/*
pterm
pterm/*
putty
putty/*
puttygen
puttygen/*
puttytel
puttytel/*
stamp-h1
stamp-h1/*
testdata/bignum.txt
testdata/bignum.txt/*
unix/*.log
unix/*.log/*
unix/.deps
unix/.deps/*
unix/Makefile
unix/Makefile.am
unix/Makefile.am/*
unix/Makefile.gtk
unix/Makefile.gtk/*
unix/Makefile.in
unix/Makefile.in/*
unix/Makefile.local
unix/Makefile.local/*
unix/Makefile.ux
unix/Makefile.ux/*
unix/Makefile/*
unix/aclocal.m4
unix/aclocal.m4/*
unix/autom4te.cache
unix/autom4te.cache/*
unix/compile
unix/compile/*
unix/config.status
unix/config.status/*
unix/configure
unix/configure/*
unix/depcomp
unix/depcomp/*
unix/empty.h
unix/empty.h/*
unix/install-sh
unix/install-sh/*
unix/local
unix/local/*
unix/missing
unix/missing/*
unix/plink
unix/plink/*
unix/pscp
unix/pscp/*
unix/psftp
unix/psftp/*
unix/pterm
unix/pterm/*
unix/putty
unix/putty/*
unix/puttygen
unix/puttygen/*
unix/puttytel
unix/puttytel/*
unix/stamp-h1
unix/stamp-h1/*
unix/uxconfig.h
unix/uxconfig.h/*
unix/uxconfig.in
unix/uxconfig.in/*
uxconfig.h
uxconfig.h/*
windows/*.DSA
windows/*.DSA/*
windows/*.GID
windows/*.GID/*
windows/*.RES
windows/*.RES/*
windows/*.RSA

# -*- sh -*-

# Build script to scan PuTTY with the downloadable Coverity scanner
# and generate a tar file to upload to their open-source scanning
# service.

module putty

# Preparations.
in putty do ./mkfiles.pl
in putty do ./mkauto.sh
in putty/doc do make

# Scan the Unix build, on a 64-bit system to differentiate as much as
# possible from the other scan of the cross-platform files.
delegate covscan64
  in putty do ./configure
  in putty do cov-build --dir cov-int make
  in putty do tar czvf cov-int.tar.gz cov-int
  return putty/cov-int.tar.gz
enddelegate

# Scan the Windows build, by means of building with Winelib (since as
# of 2013-07-22, the Coverity Scan website doesn't offer a 32-bit
# Windows scanner for download).
delegate covscan32wine
  in putty do tar xzvf cov-int.tar.gz
  in putty/windows do cov-build --dir ../cov-int make -f Makefile.cyg CC=winegcc RC=wrc
  in putty do tar czvf cov-int.tar.gz cov-int
  return putty/cov-int.tar.gz
enddelegate

# Provide the revision number as one of the build outputs, to make it
# easy to construct a curl upload command which will annotate it
# appropriately when uploaded.
in putty do echo $(revision) > revision.txt

deliver putty/revision.txt $@
deliver putty/cov-int.tar.gz $@

   is available.

 - After running webupdate, run update-rsync on chiark and verify that
   the rsync mirror package (~/ftp/putty-website-mirror) contains a
   subdirectory for the new version and mentions it in its .htaccess.

 - Announce the release!
    + Construct a release announcement email whose message body is the
    + Mail the announcement to <putty-announce@lists.tartarus.org>.
       * Put a 'Reply-To: putty@projects.tartarus.org' header on the
	 mail so that people don't keep replying to my personal
      announcement written above, and which includes the following
      headers:
       * Reply-To: <putty@projects.tartarus.org>
       * Subject: PuTTY X.YZ is released
    + Mail that release announcement to
	 address.
      <putty-announce@lists.tartarus.org>.
    + Post it to comp.security.ssh.
    + Mention it in <TDHTT> on mono.

 - Relax (slightly).

After the release
-----------------

0.62
0.63

PuTTY-CAC is Copyright 2009-2012 Daniel Risacher
PuTTY-CAC is available under the GPLv2 license.
PuTTY-CAC is a derivative work of PuTTY-SC.

PuTTY-SC is Copyright 2005-2008 Pascal Buchbinder.
PuTTY-SC is available under the GPLv2 license.
PuTTY-SC is a derivative work of PuTTY.

PuTTY is copyright 1997-2011 Simon Tatham.
PuTTY is copyright 1997-2013 Simon Tatham.

Portions copyright Robert de Bath, Joris van Rantwijk, Delian
Delchev, Andreas Schultz, Jeroen Massar, Wez Furlong, Nicolas Barry,
Justin Bradford, Ben Harris, Malcolm Smith, Ahmad Khalifa, Markus
Kuhn, Colin Watson, and CORE SDI S.A.

CAPI support donated by Andrew Prout.

Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation files
(the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:

   MSVC/putty/putty.dsp builds PuTTY itself, MSVC/plink/plink.dsp
   builds Plink, and so on.

 - windows/Makefile.bor is for the Borland C compiler. Type `make -f
   Makefile.bor' while in the `windows' subdirectory to build all
   the PuTTY binaries.

 - windows/Makefile.cyg is for Cygwin / mingw32 installations. Type
 - windows/Makefile.cyg is for Cygwin / MinGW installations. Type
   `make -f Makefile.cyg' while in the `windows' subdirectory to
   build all the PuTTY binaries.

   You'll probably need quite a recent version of the w32api package.
   Note that by default the multiple monitor and HTML Help support are
   excluded from the Cygwin build, since at the time of writing Cygwin
   doesn't include the necessary headers.

toolchains fairly quickly. Please report any problems with the other
toolchains mentioned above.

For building on Unix:

 - unix/configure is for Unix and GTK. If you don't have GTK, you
   should still be able to build the command-line utilities (PSCP,
   PSFTP, Plink, PuTTYgen) using this script. To use it, change
   into the `unix' subdirectory, run `./configure' and then `make'.
   PSFTP, Plink, PuTTYgen) using this script. To use it, change into
   the `unix' subdirectory, run `./configure' and then `make'. Or you
   can do the same in the top-level directory (we provide a little
   wrapper that invokes configure one level down), which is more like
   a normal Unix source archive but doesn't do so well at keeping the
   per-platform stuff in each platform's subdirectory; it's up to you.

   Note that Unix PuTTY has mostly only been tested on Linux so far;
   portability problems such as BSD-style ptys or different header file
   requirements are expected.

 - unix/Makefile.gtk and unix/Makefile.ux are for non-autoconfigured
   builds. These makefiles expect you to change into the `unix'
   subdirectory, then run `make -f Makefile.gtk' or `make -f
   Makefile.ux' respectively. Makefile.gtk builds all the programs but
   relies on Gtk, whereas Makefile.ux builds only the command-line
   utilities and has no Gtk dependence.

 - For the graphical utilities, Gtk+-1.2 and Gtk+-2.0 should both be
   supported.
   supported. If you have both installed, you can manually specify
   which one you want by giving the option '--with-gtk=1' or
   '--with-gtk=2' to the configure script. (2 is the default, of
   course.) In the absence of either, the configure script will
   automatically construct a Makefile which builds only the
   command-line utilities; you can manually create this condition by
   giving configure the option '--without-gtk'.

 - pterm would like to be setuid or setgid, as appropriate, to permit
   it to write records of user logins to /var/run/utmp and
   /var/log/wtmp. (Of course it will not use this privilege for
   anything else, and in particular it will drop all privileges before
   starting up complex subsystems like GTK.) By default the makefile
   will not attempt to add privileges to the pterm executable at 'make
   install' time, but you can ask it to do so by running configure
   with the option '--enable-setuid=USER' or '--enable-setgid=GROUP'.

 - Both Unix Makefiles have an `install' target. Note that by default
   it tries to install `man' pages, which you may need to have built
   using Halibut first -- see below.
 - The Unix Makefiles have an `install' target. Note that by default
   it tries to install `man' pages; if you have fetched the source via
   Subversion then you will need to have built these using Halibut
   first - see below.

 - It's also possible to build the Windows version of PuTTY to run
   on Unix by using Winelib.  To do this, change to the `windows'
   directory and run `make -f Makefile.cyg CC=winegcc RC=wrc'.

All of the Makefiles are generated automatically from the file
`Recipe' by the Perl script `mkfiles.pl'. Additions and corrections
to Recipe and the mkfiles.pl are much more useful than additions and
corrections to the alternative Makefiles themselves.
`Recipe' by the Perl script `mkfiles.pl' (except for the Unix one,
which is generated by the `configure' script; mkfiles.pl only
generates the input to automake). Additions and corrections to Recipe,
mkfiles.pl and/or configure.ac are much more useful than additions and
corrections to the actual Makefiles, Makefile.am or Makefile.in.

The Unix `configure' script and its various requirements are generated
by the shell script `mkauto.sh', which requires GNU Autoconf, GNU
Automake, and Gtk; if you've got the source from Subversion rather
than using one of our source snapshots, you'll need to run this
yourself.
yourself. The input file to Automake is generated by mkfiles.pl along
with all the rest of the makefiles, so you will need to run mkfiles.pl
and then mkauto.sh.

Documentation (in various formats including Windows Help and Unix
`man' pages) is built from the Halibut (`.but') files in the `doc'
subdirectory using `doc/Makefile'. If you aren't using one of our
source snapshots, you'll need to do this yourself. Halibut can be
found at <http://www.chiark.greenend.org.uk/~sgtatham/halibut/>.

!makefile vc windows/Makefile.vc
!makefile vcproj windows/MSVC
!makefile cygwin windows/Makefile.cyg
!makefile borland windows/Makefile.bor
!makefile lcc windows/Makefile.lcc
!makefile gtk unix/Makefile.gtk
!makefile unix unix/Makefile.ux
!makefile ac unix/Makefile.in
!makefile am unix/Makefile.am
!makefile osx macosx/Makefile
!makefile devcppproj windows/DEVCPP
# Source directories.
!srcdir charset/
!srcdir windows/
!srcdir unix/
!srcdir macosx/

#
#  - RCFL=/DASCIICTLS (Windows only)
#      Uses ASCII rather than Unicode to specify the tab control in
#      the resource file. Probably most useful when compiling with
#      Cygnus/mingw32, whose resource compiler may have less of a
#      problem with it.
#
#  - COMPAT=/DNO_SECUREZEROMEMORY (Windows only)
#      Disables PuTTY's use of SecureZeroMemory(), which is missing
#      from some environments' header files.  This is enabled by
#      default in the Cygwin Makefile.
#
#  - XFLAGS=/DTELNET_DEFAULT
#      Causes PuTTY to default to the Telnet protocol (in the absence
#      of Default Settings and so on to the contrary). Normally PuTTY
#      will default to SSH.
#
#  - XFLAGS=/DDEBUG
#      Causes PuTTY to enable internal debugging.

	if test -z "$(VER)" && (cd ..; md5sum -c manifest); then \
		$(CC) $(COMPAT) $(XFLAGS) $(CFLAGS) `cat ../version.def` -c ../version.c; \
	else \
		$(CC) $(COMPAT) $(XFLAGS) $(CFLAGS) $(VER) -c ../version.c; \
	fi
!end
!specialobj gtk version
# In the automake build, we have to do the whole job by supplying
# extra CFLAGS, so we have to put the if statement inside one big
# backtick expression. We also force rebuilding via a -D option that
# makes version.o include empty.h, which we construct ourselves and
# touch whenever any source file is updated.
!cflags am version $(VER) -DINCLUDE_EMPTY_H `if test -z "$(VER)" && (cd $(srcdir)/..; md5sum -c manifest >/dev/null 2>&1); then cat $(srcdir)/../version.def; else echo "$(VER)"; fi`
!begin am
BUILT_SOURCES = empty.h
empty.h: $(allsources)
	echo '/* Empty file touched by automake makefile to force rebuild of version.o */' >$@

!end
!begin >empty.h
/* Empty file touched by automake makefile to force rebuild of version.o */
!end

# Add VER to Windows resource targets, and force them to be rebuilt every
# time, on the assumption that they will contain version information.
!begin vc vars
CFLAGS = $(CFLAGS) /DHAS_GSSAPI /DSECURITY_WIN32
RCFLAGS = $(RCFLAGS) $(VER)
!end
!begin cygwin vars
CFLAGS += -DSECURITY_WIN32
# XXX GNU-ism, but it's probably all right for a Cygwin/MinGW Makefile.
RCFLAGS += $(patsubst -D%,--define %,$(VER))
!end
!begin borland vars
# Borland doesn't support +=. This probably shouldn't work, but seems to.
RCFLAGS = $(RCFLAGS) $(VER)
!end

install-strip:
	$(MAKE) install INSTALL_PROGRAM="$(INSTALL_PROGRAM) -s"
!end
!begin osx vars
CFLAGS += -DMACOSX
!end

# List the man pages for the automake makefile.
!begin am
man1_MANS = ../doc/plink.1 ../doc/pscp.1 ../doc/psftp.1 ../doc/pterm.1 \
            ../doc/putty.1 ../doc/puttygen.1 ../doc/puttytel.1
!end

# In automake, chgrp/chmod pterm after installation, if configured to.
!begin am
if HAVE_SETID_CMD
install-exec-local:
	@SETID_CMD@ $(bindir)/pterm
	chmod @SETID_MODE@ $(bindir)/pterm
endif
!end

# Random symbols.
!begin cygwin vars
# _WIN32_IE is required to expose identifiers that only make sense on
# systems with IE5+ installed, such as some arguments to SHGetFolderPath().
# WINVER etc perform a similar function for FlashWindowEx().
CFLAGS += -D_WIN32_IE=0x0500
CFLAGS += -DWINVER=0x0500 -D_WIN32_WINDOWS=0x0410 -D_WIN32_WINNT=0x0500
!end

# ------------------------------------------------------------
# Definitions of object groups. A group name, followed by an =,
# followed by any number of objects or other already-defined group
# names. A line beginning `+' is assumed to continue the previous
# line.

# Terminal emulator and its (platform-independent) dependencies.
TERMINAL = terminal wcwidth ldiscucs logging tree234 minibidi
         + config dialog
         + config dialog conf

# GUI front end and terminal emulator (putty, puttytel).
GUITERM  = TERMINAL window windlg winctrls sizetip winucs winprint
         + winutils wincfg sercfg winhelp winjump

# Same thing on Unix.
UXTERM   = TERMINAL uxcfg sercfg uxucs uxprint timing
UXTERM   = TERMINAL uxcfg sercfg uxucs uxprint timing callback
GTKTERM  = UXTERM gtkwin gtkcfg gtkdlg gtkfont gtkcols xkeysym
OSXTERM  = UXTERM osxwin osxdlg osxctrls

# Non-SSH back ends (putty, puttytel, plink).
NONSSH   = telnet raw rlogin ldisc pinger

# SSH back end (putty, plink, pscp, psftp).
SSH      = ssh sshcrc sshdes sshmd5 sshrsa sshrand sshsha sshblowf
         + sshdh sshcrcda sshpubk sshzlib sshdss x11fwd portfwd
         + sshaes sshsh256 sshsh512 sshbn wildcard pinger ssharcf
         + sshgssc pgssapi
WINSSH   = SSH winnoise winpgntc wingss
UXSSH    = SSH uxnoise uxagentc uxgss
         + sshgssc pgssapi sshshare
WINSSH   = SSH winnoise winsecur winpgntc wingss winshare winnps winnpc
         + winhsock errsock
UXSSH    = SSH uxnoise uxagentc uxgss uxshare

# SFTP implementation (pscp, psftp).
SFTP     = sftp int64 logging

# Miscellaneous objects appearing in all the network utilities (not
# Pageant or PuTTYgen).
MISC     = timing misc version settings tree234 proxy
MISC     = timing callback misc version settings tree234 proxy conf
WINMISC  = MISC winstore winnet winhandl cmdline windefs winmisc winproxy
         + wintime
         + wintime winhsock errsock
UXMISC   = MISC uxstore uxsel uxnet cmdline uxmisc uxproxy time
OSXMISC  = MISC uxstore uxsel osxsel uxnet uxmisc uxproxy time

# Character set library, for use in pterm.
CHARSET  = sbcsdat slookup sbcs utf8 toucs fromucs xenc mimeenc macenc localenc

# Standard libraries.

# colon, followed by a list of objects. Also in the list may be the
# keywords [G] for Windows GUI app, [C] for Console app, [X] for
# X/GTK Unix app, [U] for command-line Unix app.

putty    : [G] GUITERM NONSSH WINSSH W_BE_ALL WINMISC winx11 putty.res LIBS
puttytel : [G] GUITERM NONSSH W_BE_NOSSH WINMISC puttytel.res nogss LIBS
plink    : [C] winplink wincons NONSSH WINSSH W_BE_ALL logging WINMISC
         + winx11 plink.res winnojmp LIBS
         + winx11 plink.res winnojmp noterm LIBS
pscp     : [C] pscp winsftp wincons WINSSH BE_SSH SFTP wildcard WINMISC
         + pscp.res winnojmp LIBS
psftp    : [C] psftp winsftp wincons WINSSH BE_SSH SFTP wildcard WINMISC
         + psftp.res winnojmp LIBS

pageant  : [G] winpgnt sshrsa sshpubk sshdes sshbn sshmd5 version tree234
         + misc sshaes sshsha winpgntc sshdss sshsh256 sshsh512 winutils
         + winmisc winhelp pageant.res LIBS
         + misc sshaes sshsha winsecur winpgntc sshdss sshsh256 sshsh512
	 + winutils winmisc winhelp conf pageant.res LIBS

puttygen : [G] winpgen sshrsag sshdssg sshprime sshdes sshbn sshmd5 version
         + sshrand winnoise sshsha winstore misc winctrls sshrsa sshdss winmisc
         + sshpubk sshaes sshsh256 sshsh512 import winutils puttygen.res
	 + tree234 notiming winhelp winnojmp LIBS wintime
	 + tree234 notiming winhelp winnojmp conf LIBS wintime

pterm    : [X] GTKTERM uxmisc misc ldisc settings uxpty uxsel BE_NONE uxstore
         + uxsignal CHARSET cmdline uxpterm version time xpmpterm xpmptcfg
	 + nogss
putty    : [X] GTKTERM uxmisc misc ldisc settings uxsel U_BE_ALL uxstore
         + uxsignal CHARSET uxputty NONSSH UXSSH UXMISC ux_x11 xpmputty
         + xpmpucfg
puttytel : [X] GTKTERM uxmisc misc ldisc settings uxsel U_BE_NOSSH
	 + uxstore uxsignal CHARSET uxputty NONSSH UXMISC xpmputty xpmpucfg
	 + nogss

plink    : [U] uxplink uxcons NONSSH UXSSH U_BE_ALL logging UXMISC uxsignal
         + ux_x11
         + ux_x11 noterm

puttygen : [U] cmdgen sshrsag sshdssg sshprime sshdes sshbn sshmd5 version
         + sshrand uxnoise sshsha misc sshrsa sshdss uxcons uxstore uxmisc
         + sshpubk sshaes sshsh256 sshsh512 import puttygen.res time tree234
	 + uxgen notiming
	 + uxgen notiming conf

pscp     : [U] pscp uxsftp uxcons UXSSH BE_SSH SFTP wildcard UXMISC
psftp    : [U] psftp uxsftp uxcons UXSSH BE_SSH SFTP wildcard UXMISC

PuTTY    : [MX] osxmain OSXTERM OSXMISC CHARSET U_BE_ALL NONSSH UXSSH
         + ux_x11 uxpty uxsignal testback putty.icns info.plist

/*
 * Facility for queueing callback functions to be run from the
 * top-level event loop after the current top-level activity finishes.
 */

#include <stddef.h>

#include "putty.h"

struct callback {
    struct callback *next;

    toplevel_callback_fn_t fn;
    void *ctx;
};

struct callback *cbhead = NULL, *cbtail = NULL;

toplevel_callback_notify_fn_t notify_frontend = NULL;
void *frontend = NULL;

void request_callback_notifications(toplevel_callback_notify_fn_t fn,
                                    void *fr)
{
    notify_frontend = fn;
    frontend = fr;
}

void queue_toplevel_callback(toplevel_callback_fn_t fn, void *ctx)
{
    struct callback *cb;

    cb = snew(struct callback);
    cb->fn = fn;
    cb->ctx = ctx;

    /* If the front end has requested notification of pending
     * callbacks, and we didn't already have one queued, let it know
     * we do have one now. */
    if (notify_frontend && !cbhead)
        notify_frontend(frontend);

    if (cbtail)
        cbtail->next = cb;
    else
        cbhead = cb;
    cbtail = cb;
    cb->next = NULL;
}

void run_toplevel_callbacks(void)
{
    if (cbhead) {
        struct callback *cb = cbhead;
        /*
         * Careful ordering here. We call the function _before_
         * advancing cbhead (though, of course, we must free cb
         * _after_ advancing it). This means that if the very last
         * callback schedules another callback, cbhead does not become
         * NULL at any point, and so the frontend notification
         * function won't be needlessly pestered.
         */
        cb->fn(cb->ctx);
        cbhead = cb->next;
        sfree(cb);
        if (!cbhead)
            cbtail = NULL;
    }
}

int toplevel_callback_pending(void)
{
    return cbhead != NULL;
}

/*
 * CAPI: Windows Crypto API support file.
 * Andrew Prout, aprout at ll mit edu
 */

#include <windows.h>
#include <Cryptuiapi.h>
#include "capi.h"
#include "ssh.h"
#define SHA1_BYTES 20

typedef unsigned char		uint8;
typedef  signed  char		sint8;
typedef unsigned short		uint16;
typedef  signed  short		sint16;
//typedef unsigned long		uint32;
typedef  signed  long		sint32;

#pragma comment(lib, "Crypt32.lib")
#pragma comment(lib, "Cryptui.lib")

//#define DebugLog_FileName "c:\\blah\\putty-capi.log"
#ifdef DebugLog_FileName
void AsciiDumpBuffer(FILE* iStream, uint8* buf, uint32 size) {
	uint32 x;
	for (x=0; x<size; x++) {
		if (x && (x % 8) == 0)
			fprintf(iStream, " ");
		if (buf[x] >= 32 && buf[x] <= 126)
			fprintf(iStream, "%hc", buf[x]);
		else
			fprintf(iStream, ".");
	}
}
void HexDumpBuffer(FILE* iStream, uint8* buf, uint32 size, char* newlinepad) {
	uint32 x, tmp;
	if (newlinepad)
		fprintf(iStream, "%s", newlinepad);
	for (x=0; x<size; x++) {
		if (x && (x % 16) == 0) {
			fprintf(iStream, " ");
			AsciiDumpBuffer(iStream, &buf[x-16], 16);
			fprintf(iStream, "\n");
			if (newlinepad)
				fprintf(iStream, "%s", newlinepad);
		}
		else if (x % 16 == 8)
			fprintf(iStream, "- ");
		if ((x % 16) == 0)
			fprintf(iStream, "%4u: ", x);
		fprintf(iStream, "%02X ", buf[x]);
	}
	tmp = 16 - (size%16);
	if (tmp != 16) {
		for (x=0; x<tmp; x++) {
			if (x == 7)
				fprintf(iStream, "  ");
			fprintf(iStream, "   ");
		}
	}
	tmp = size % 16;
	if (tmp == 0)
		tmp = 16;
	fprintf(iStream, " ");
	AsciiDumpBuffer(iStream, &buf[size - tmp], tmp);
	fprintf(iStream, "\n");
}

void debuglog_buffer(void* buf, uint32 size) {
	FILE* f = fopen(DebugLog_FileName, "a+");
	if (f == NULL)
		return;
	HexDumpBuffer(f, (uint8*) buf, size, "");
	fclose(f);
}
void debuglog(char* format, ...) {
	va_list arg_ptr;
	DWORD tmpAllocedSize = 16384;
	DWORD contlen;
	FILE* f;
	char* message;

	va_start(arg_ptr, format);
	message = (char*) malloc(tmpAllocedSize);
	if (!message)
		return;
	_vsnprintf(message, tmpAllocedSize, format, arg_ptr);
	message[tmpAllocedSize-1] = 0;
	contlen = (DWORD) strlen(message);

	f = fopen(DebugLog_FileName, "a+");
	if (f == NULL)
		return;
	fprintf(f, "%s", message);
	fclose(f);
	free(message);
}
#else //#ifdef DebugLog_FileName
	#define debuglog_buffer
	#define debuglog
#endif //#ifdef DebugLog_FileName

#define CAPI_PUT_32BIT(cp, value) { \
        (cp)[0] = (unsigned char)((value) >> 24);       \
        (cp)[1] = (unsigned char)((value) >> 16);       \
        (cp)[2] = (unsigned char)((value) >> 8);        \
        (cp)[3] = (unsigned char)(value); }

#define CAPI_BYTES_USED_IN_INT32(i) \
	(i & 0xFF000000 ? 4 : ( \
		i & 0x00FF0000 ? 3 : ( \
			i & 0x0000FF00 ? 2 : 1 \
		) \
	))

uint8 GetCodeFromHex(const char iHex) {
	if (iHex >= '0' && iHex <= '9') // numbers
		return iHex - 48;
	if (iHex >= 'A' && iHex <= 'F') // uppercase A-F
		return iHex - 55;
	if (iHex >= 'a' && iHex <= 'f') // lowercase a-f
		return iHex - 87;
	return 255;
}

BOOL hextobytes(const char* iHex, uint8* oBytes) {
	uint32 x = 0;
	uint8 val;
	while (iHex[x]) {
		val = GetCodeFromHex(iHex[x]);
		if (val >= 16)
			return FALSE;
		if (x % 2)
			oBytes[x/2] |= val;
		else
			oBytes[x/2] = (val << 4);
		x++;
#ifdef _DEBUG
		if (x > 10000)
			RaiseException(STATUS_BUFFER_OVERFLOW, EXCEPTION_NONCONTINUABLE, 0, 0);
#endif
	}
	return TRUE;
}

struct ssh2_userkey capi_key_ssh2_userkey = { 0, 0, 0 };

struct CAPI_PUBKEY_BIT_BLOB_struct {
	PUBLICKEYSTRUC publickeystruct;
	RSAPUBKEY rsapubkey;
//	BYTE modulus[0];
};

BOOL capi_get_cert_handle(char* certID, PCCERT_CONTEXT* oCertContext) {
	BOOL retval = FALSE;
    PCCERT_CONTEXT pCertContext = NULL, pFindCertContext = NULL;
	HCERTSTORE hStore = NULL;
	CRYPT_HASH_BLOB chb = { 0, NULL };
	DWORD FoundCount = 0, dwStoreType, tmpSize;
	char *LcertID = NULL, *LcertID_StoreType, *LcertID_StoreName, *LcertID_fingerprint;

	if (certID == NULL || oCertContext == NULL) {
		debuglog("capi_get_cert_handle: input parameter is NULL that cannot be\n");
		return FALSE; // no goto cleanup, it'll crash
	}

	if ((LcertID = malloc(strlen(certID) + 1)) == NULL) {
		debuglog("capi_get_cert_handle: malloc for LcertID failed\n");
		goto cleanup;
	}
	strcpy(LcertID, certID);

	LcertID_StoreType = strtok(LcertID, "\\");
	LcertID_StoreName = strtok(NULL, "\\");
	LcertID_fingerprint = strtok(NULL, "\\");
	if (LcertID_StoreType == NULL || LcertID_StoreName == NULL || LcertID_fingerprint == NULL) {
		debuglog("capi_get_cert_handle: strtok(LcertID) failed\n");
		goto cleanup;
	}

	if (strcmp(LcertID_StoreType, "User") == 0)
		dwStoreType = CERT_SYSTEM_STORE_CURRENT_USER;
	else if (strcmp(LcertID_StoreType, "System") == 0)
		dwStoreType = CERT_SYSTEM_STORE_LOCAL_MACHINE;
	else {
		debuglog("capi_get_cert_handle: Unknown store type\n");
		goto cleanup;
	}

	if (strlen(LcertID_fingerprint) != (SHA1_BYTES * 2)) {
		debuglog("capi_get_cert_handle: strlen(LcertID_fingerprint) != (SHA1_BYTES * 2)\n");
		goto cleanup;
	}

	chb.cbData = SHA1_BYTES;
	if ((chb.pbData = (BYTE*) malloc(SHA1_BYTES)) == NULL) {
		debuglog("capi_get_cert_handle: malloc for chb.pbData failed\n");
		goto cleanup;
	}
	if (!hextobytes(LcertID_fingerprint, chb.pbData)) {
		debuglog("capi_get_cert_handle: hextobytes(LcertID_fingerprint) failed\n");
		goto cleanup;
	}

	if((hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0 /*hCryptProv*/, dwStoreType | CERT_STORE_READONLY_FLAG | CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_ENUM_ARCHIVED_FLAG, LcertID_StoreName)) == NULL) {
		debuglog("capi_get_cert_handle: CertOpenStore(%d, %s) failed\n", dwStoreType, LcertID_StoreName);
        goto cleanup;
	}

	while (pFindCertContext = CertFindCertificateInStore(hStore, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_SHA1_HASH, &chb, pFindCertContext)) {
		debuglog("capi_get_cert_handle: found a cert, checking for private key...\n");
		tmpSize = 0;
		if (CertGetCertificateContextProperty(pFindCertContext, CERT_KEY_PROV_INFO_PROP_ID, NULL, &tmpSize)) {
			debuglog("capi_get_cert_handle: got a private key duplicating context...\n");
			if (pCertContext == NULL)
				pCertContext = CertDuplicateCertificateContext(pFindCertContext);
			FoundCount++;
			debuglog("capi_get_cert_handle: All set\n");
		}
		else {
			// no private key, ignore the cert
		}
	}

	if (FoundCount != 1) {
		debuglog("capi_get_cert_handle: FoundCount != 1. FoundCount=%d\n", FoundCount);
		goto cleanup;
	}

	if (strcmp(pCertContext->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_RSA_RSA) != 0) {
		// Not an RSA key? egads, bail out...
		debuglog("capi_get_cert_handle: Not an RSA key?\n");
		debuglog("pCertContext->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId=%s\n", pCertContext->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId);
		goto cleanup;
	}

	*oCertContext = pCertContext;
	pCertContext = NULL; // to avoid the free in cleanup;

	retval = TRUE;
cleanup:
	if (chb.pbData)
		free(chb.pbData);
	chb.pbData = NULL;

	if (LcertID)
		free(LcertID);
	LcertID = NULL;

	if (pCertContext)
		CertFreeCertificateContext(pCertContext);
	pCertContext = NULL;

	return retval;
}

BOOL capi_display_cert_ui(HWND hwnd, char* certID, WCHAR* title) {
	BOOL retval = FALSE;
    PCCERT_CONTEXT pCertContext = NULL;

	if (!capi_get_cert_handle(certID, &pCertContext)) {
		debuglog("capi_display_cert_ui: capi_get_cert_handle failed\n");
		goto cleanup;
	}

	if (!CryptUIDlgViewContext(CERT_STORE_CERTIFICATE_CONTEXT, pCertContext, hwnd, title, 0, NULL)) {
		debuglog("capi_display_cert_ui: CryptUIDlgViewContext failed\n");
		goto cleanup;
	}

	retval = TRUE;

cleanup:
	if (pCertContext)
		CertFreeCertificateContext(pCertContext);
	pCertContext = NULL;

	return retval;
}

BOOL capi_get_pubkey_blob(PCCERT_CONTEXT pCertContext, unsigned char** pubkey, int *blob_len) {
	BOOL retval = FALSE;
	DWORD tmpSize, mbits, mbytes, ebytes;
	int i; // signed, for loop goes to -1
	unsigned char *p = NULL;//, *modu = NULL;
	struct CAPI_PUBKEY_BIT_BLOB_struct* capi_pubkey = NULL;
	Bignum modu = NULL;

	if (pubkey == NULL || blob_len == NULL) {
		debuglog("capi_get_pubkey: input parameter is NULL that cannot be\n");
		return FALSE; // no goto cleanup, it'll crash
	}

	if ((mbits = CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &pCertContext->pCertInfo->SubjectPublicKeyInfo)) == 0) {
		debuglog("capi_get_pubkey: CertGetPublicKeyLength failed\n");
		goto cleanup;
	}
	debuglog("capi_get_pubkey: mbits=%d\n", mbits);

	tmpSize = 0;
	if (!CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, RSA_CSP_PUBLICKEYBLOB, pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData, pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData, 0, NULL, &tmpSize)) {
		debuglog("capi_get_pubkey: CryptDecodeObject[1] failed\n");
		goto cleanup;
	}
	capi_pubkey = malloc(tmpSize);
	if (!CryptDecodeObject(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, RSA_CSP_PUBLICKEYBLOB, pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.pbData, pCertContext->pCertInfo->SubjectPublicKeyInfo.PublicKey.cbData, 0, capi_pubkey, &tmpSize)) {
		debuglog("capi_get_pubkey: CryptDecodeObject[2] failed\n");
		goto cleanup;
	}

	// the below formula for the format is taken from sc.c... I agree with the comments there, it's ugly.

//	ebytes = (ebits/8) + ((ebits % 8) ? 1 : 0);
	ebytes = CAPI_BYTES_USED_IN_INT32(capi_pubkey->rsapubkey.pubexp);
	mbytes = (mbits/8) + ((mbits % 8) ? 1 : 0);

	// offset by sizeof(*capi_pubkey) bytes to the public key...
	//modu = ((unsigned char*) capi_pubkey) + sizeof(*capi_pubkey);
	modu = bignum_from_bytes(((unsigned char*) capi_pubkey) + sizeof(*capi_pubkey), mbytes);

	debuglog("capi_get_pubkey_int: tmpSize=%d, capi_pubkey=:\n", tmpSize);
	debuglog_buffer(capi_pubkey, tmpSize);
	
    *blob_len = 4+7+4+ebytes+4+(1+mbytes); // mbytes has a leading zero
	if ((p = *pubkey = (unsigned char*) malloc(*blob_len)) == NULL) {
		debuglog("capi_get_pubkey: malloc for *pubkey failed\n");
		goto cleanup;
	}

	CAPI_PUT_32BIT(p, 7);
	p += 4;

	memcpy(p, "ssh-rsa", 7);
	p += 7;

	CAPI_PUT_32BIT(p, ebytes);
	p += 4;

	debuglog("capi_get_pubkey_int: ebytes=%d, capi_pubkey->rsapubkey.pubexp=%d (0x%08x), mbytes=%d, modu=:\n", ebytes, capi_pubkey->rsapubkey.pubexp, capi_pubkey->rsapubkey.pubexp, mbytes);
	debuglog_buffer(modu, mbytes);

	for (i=ebytes-1; i>=0; i--)
		*p++ = (unsigned char) ((capi_pubkey->rsapubkey.pubexp & (0xFF << (i*8))) >> (i*8));

	CAPI_PUT_32BIT(p, mbytes + 1); // add room for a leading zero
	p += 4;

	*p++ = 0; // leading zero
	for (i = 0; i < (int) mbytes; i++)
        *p++ = bignum_byte(modu, i);

	retval = TRUE;
cleanup:
	if (modu)
		freebn(modu);

	if (capi_pubkey)
		free(capi_pubkey);
	capi_pubkey = NULL;

	if (!retval) {
		if (pubkey) {
			if (*pubkey)
				free(*pubkey);
			*pubkey = NULL;
		}
		if (blob_len)
			*blob_len = 0;
	}

	return retval;
}

BOOL capi_get_pubkey_int(void *f /*frontend*/, char* certID, unsigned char** pubkey, char **algorithm, int *blob_len, PCCERT_CONTEXT* oCertContext) {
	BOOL retval = FALSE;
	PCCERT_CONTEXT pCertContext = NULL;

	if (certID == NULL || pubkey == NULL || algorithm == NULL || blob_len == NULL) {
		debuglog("capi_get_pubkey: input parameter is NULL that cannot be\n");
		return FALSE; // no goto cleanup, it'll crash
	}
	*pubkey = NULL;
	*algorithm = NULL;
	*blob_len = 0;
	// goto cleanup now OK

	if ((*algorithm = calloc(sizeof(char *), strlen("ssh-rsa")+1)) == NULL) {
		debuglog("capi_get_pubkey: calloc for *algorithm failed\n");
		goto cleanup;
	}
    strcpy(*algorithm, "ssh-rsa");

	if (!capi_get_cert_handle(certID, &pCertContext)) {
		debuglog("capi_get_pubkey: capi_get_cert_handle failed\n");
		goto cleanup;
	}

	if (!capi_get_pubkey_blob(pCertContext, pubkey, blob_len)) {
		debuglog("capi_get_pubkey_int: capi_get_pubkey_blob failed\n");
		goto cleanup;
	}

	if (oCertContext) {
		*oCertContext = pCertContext;
		pCertContext = NULL; // to avoid the free in cleanup;
	}
	retval = TRUE;
cleanup:
	if (!retval) {
		if (pubkey) {
			if (*pubkey)
				free(*pubkey);
			*pubkey = NULL;
		}
		if (algorithm) {
			if (*algorithm)
				free(*algorithm);
			*algorithm = NULL;
		}
		if (blob_len)
			*blob_len = 0;
	}

	return retval;
}
BOOL capi_get_pubkey(void *f, char* certID, unsigned char** pubkey, char **algorithm, int *blob_len) {
	return capi_get_pubkey_int(f, certID, pubkey, algorithm, blob_len, NULL);
}

char *capi_base64key(char *data, int len) {
    int bi, bn;
    char out[4];
    int datalen = len;
    char *buffi = calloc(len + len, sizeof(char *));
    int buffi_pos = 0;
    for(bi=0;bi<(len + len); bi++) buffi[bi] = '\0';
    while (datalen > 0) {
        bn = (datalen < 3 ? datalen : 3);
        base64_encode_atom(data, bn, out);
        data += bn;
        datalen -= bn;
        for (bi = 0; bi < 4; bi++) {
            buffi[buffi_pos] = out[bi];
            buffi_pos++;
        }
    }
    return buffi;
}

char* capi_get_key_string(char* certID) {
	unsigned char *pubkey, *algorithm;
	int pubkey_len;
	char *key64 = NULL, *keystring = NULL;

	if (!capi_get_pubkey(NULL, certID, &pubkey, &algorithm, &pubkey_len)) {
		debuglog("capi_get_key_string: capi_get_pubkey failed\n");
		goto cleanup;
	}
	debuglog("capi_get_key_string: Got pubkey. algorithm=%s. pubkey_len=%d. pubkey=:\n", algorithm, pubkey_len);
	debuglog_buffer(pubkey, pubkey_len);
	if ((key64 = capi_base64key(pubkey, pubkey_len)) == NULL) {
		debuglog("capi_get_key_string: capi_get_pubkey failed\n");
		goto cleanup;
	}
	if ((keystring = calloc(1, strlen("ssh-rsa")+1+strlen(key64)+1+strlen("CAPI:")+strlen(certID) + 1)) == NULL) {
		debuglog("capi_get_key_string: capi_get_pubkey failed\n");
		goto cleanup;
	}
	sprintf(keystring, "ssh-rsa %s CAPI:%s", key64, certID);
cleanup:
	return keystring;
}

BOOL capi_get_key_handle(void *f, char* certID, struct capi_keyhandle_struct** keyhandle) {
	BOOL retval = FALSE;
	struct capi_keyhandle_struct* newkeyhandle = NULL;
	PCCERT_CONTEXT pCertContext = NULL;
	HCRYPTKEY privkey = 0;
	DWORD ckpi_size;
	CRYPT_KEY_PROV_INFO* ckpi = NULL;

	if (certID == NULL || keyhandle == NULL) {
		debuglog("capi_get_pubkey: input parameter is NULL that cannot be\n");
		return FALSE; // no goto cleanup, it'll crash
	}
	*keyhandle = NULL;
	// goto cleanup now OK

	if ((newkeyhandle = calloc(1, sizeof(struct capi_keyhandle_struct))) == NULL)
		goto cleanup;

	if (!capi_get_pubkey_int(f, certID, &newkeyhandle->pubkey, &newkeyhandle->algorithm, &newkeyhandle->pubkey_len, &pCertContext))
		goto cleanup;

	ckpi_size = 0;
	if (!CertGetCertificateContextProperty(pCertContext, CERT_KEY_PROV_INFO_PROP_ID, NULL, &ckpi_size))
		goto cleanup;
	if ((ckpi = (CRYPT_KEY_PROV_INFO*) malloc(ckpi_size)) == NULL)
		goto cleanup;
	if (!CertGetCertificateContextProperty(pCertContext, CERT_KEY_PROV_INFO_PROP_ID, ckpi, &ckpi_size))
		goto cleanup;
	if (ckpi->dwProvType == 0) { // CNG
		// eh, later...
debuglog("capi_get_key_handle: CNG Key, bailing...\n");
		goto cleanup;
	}
	else { // CAPI
		if (!CryptAcquireContextW((HCRYPTPROV*) &newkeyhandle->win_provider, ckpi->pwszContainerName, ckpi->pwszProvName, ckpi->dwProvType, ((ckpi->dwFlags & CRYPT_MACHINE_KEYSET) ? CRYPT_MACHINE_KEYSET : 0) )) {
			debuglog("capi_get_key_handle: Error calling CryptAcquireContext. GetLastError()=%i (0x%08x)\n", GetLastError(), GetLastError());
			goto cleanup;
		}
		newkeyhandle->win_keyspec = ckpi->dwKeySpec;
	}

	*keyhandle = newkeyhandle;
	retval = TRUE;
cleanup:
	if (pCertContext)
		CertFreeCertificateContext(pCertContext);
	pCertContext = NULL;

	if (ckpi)
		free(ckpi);
	ckpi = NULL;

	if (!retval) {
		if (newkeyhandle) {
			if (newkeyhandle->win_provider)
				CryptReleaseContext((HCRYPTPROV) newkeyhandle->win_provider, 0);
			newkeyhandle->win_provider = NULL;

			if (newkeyhandle->pubkey)
				free(newkeyhandle->pubkey);
			newkeyhandle->pubkey = NULL;

			if (newkeyhandle->algorithm)
				free(newkeyhandle->algorithm);
			newkeyhandle->algorithm = NULL;

			free(newkeyhandle);
		}
		newkeyhandle = NULL;
	}

	return retval;
}

unsigned char* capi_sig_certID(char* certID, char *sigdata, int sigdata_len, int *sigblob_len) {
	BOOL success = FALSE;
	unsigned char* retval = NULL, *rawsig = NULL, *p;
	HCRYPTHASH hash = 0;
	DWORD ckpi_size, tmpSize, tmpHashLen, rawsig_len, x;
	Bignum bn = NULL;
	HCRYPTPROV hProv = 0;
	CRYPT_KEY_PROV_INFO* ckpi = NULL;
	PCCERT_CONTEXT pCertContext = NULL;

	debuglog("capi_sig_certID called. sigdata_len=%d\n", sigdata_len);
	debuglog_buffer(sigdata, sigdata_len);

	// Find cert context from certID
	if (!capi_get_cert_handle(certID, &pCertContext)) {
		debuglog("capi_sig: capi_get_cert_handle failed\n");
		goto cleanup;
	}

	// find the key info from the cert and get a handle
	if (!CertGetCertificateContextProperty(pCertContext, CERT_KEY_PROV_INFO_PROP_ID, NULL, &ckpi_size))
		goto cleanup;
	if ((ckpi = (CRYPT_KEY_PROV_INFO*) malloc(ckpi_size)) == NULL)
		goto cleanup;
	if (!CertGetCertificateContextProperty(pCertContext, CERT_KEY_PROV_INFO_PROP_ID, ckpi, &ckpi_size))
		goto cleanup;
	if (ckpi->dwProvType == 0) { // CNG
		// eh, later...
debuglog("capi_sig_certID: CNG Key, bailing...\n");
		goto cleanup;
	}
	else { // CAPI
		if (!CryptAcquireContextW(&hProv, ckpi->pwszContainerName, ckpi->pwszProvName, ckpi->dwProvType, ((ckpi->dwFlags & CRYPT_MACHINE_KEYSET) ? CRYPT_MACHINE_KEYSET : 0) )) {
			debuglog("capi_sig_certID: Error calling CryptAcquireContext. GetLastError()=%i (0x%08x)\n", GetLastError(), GetLastError());
			goto cleanup;
		}
	}

	// create the hash object, set it to SHA-1 and confirm expectations
	if (!CryptCreateHash(hProv, CALG_SHA1, 0, 0, &hash))
		goto cleanup;
	tmpSize = sizeof(tmpHashLen);
	if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &tmpHashLen, &tmpSize, 0))
		goto cleanup;
	if (tmpHashLen != SHA1_BYTES)
		goto cleanup;

	if (!CryptHashData(hash, sigdata, sigdata_len, 0))
		goto cleanup;

	// hash & sign
	rawsig_len = 0;
	if (!CryptSignHash(hash, ckpi->dwKeySpec, NULL, 0, NULL, &rawsig_len))
		goto cleanup;

	rawsig = malloc(rawsig_len);
	if (!CryptSignHash(hash, ckpi->dwKeySpec, NULL, 0, rawsig, &rawsig_len))
		goto cleanup;

	// convert to SSH-style buffer
	bn = bignum_from_bytes(rawsig, rawsig_len);
	tmpSize = (bignum_bitcount(bn) + 7) / 8;
	*sigblob_len = 4 + 7 + 4 + tmpSize;
	if ((p = retval = calloc(1, *sigblob_len)) == NULL)
		goto cleanup;

	CAPI_PUT_32BIT(p, 7);
	p += 4;

	memcpy(p, "ssh-rsa", 7);
	p += 7;

	CAPI_PUT_32BIT(p, tmpSize);
	p += 4;

	for (x = 0; x < tmpSize; x++)
		*p++ = bignum_byte(bn, x);

	success = TRUE;
cleanup:
	if (pCertContext)
		CertFreeCertificateContext(pCertContext);
	pCertContext = NULL;

	if (hProv)
		CryptReleaseContext(hProv, 0);
	hProv = 0;

	if (ckpi)
		free(ckpi);
	ckpi = NULL;

	if (hash)
		CryptDestroyHash(hash);
	hash = 0;

	if (rawsig)
		free(rawsig);
	rawsig = NULL;

	if (bn)
		freebn(bn);
	bn = NULL;

	if (!success) {
		if (retval)
			free(retval);
		retval = NULL;
	}
	return retval;
}

unsigned char* capi_sig(struct capi_keyhandle_struct* keyhandle, char *sigdata, int sigdata_len, int *sigblob_len) {
	BOOL success = FALSE;
	unsigned char* retval = NULL, *rawsig = NULL, *p;
	HCRYPTHASH hash = 0;
	DWORD tmpSize, tmpHashLen, rawsig_len, x;
	Bignum bn = NULL;

	debuglog("capi_sig(keyhandle) called. sigdata_len=%d\n", sigdata_len);
	debuglog_buffer(sigdata, sigdata_len);

	if (!CryptCreateHash((HCRYPTPROV) keyhandle->win_provider, CALG_SHA1, 0, 0, &hash))
		goto cleanup;
	tmpSize = sizeof(tmpHashLen);
	if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &tmpHashLen, &tmpSize, 0))
		goto cleanup;
	if (tmpHashLen != SHA1_BYTES)
		goto cleanup;

	if (!CryptHashData(hash, sigdata, sigdata_len, 0))
		goto cleanup;

	rawsig_len = 0;
	if (!CryptSignHash(hash, keyhandle->win_keyspec, NULL, 0, NULL, &rawsig_len))
		goto cleanup;

	rawsig = malloc(rawsig_len);
	if (!CryptSignHash(hash, keyhandle->win_keyspec, NULL, 0, rawsig, &rawsig_len))
		goto cleanup;

	bn = bignum_from_bytes(rawsig, rawsig_len);
	tmpSize = (bignum_bitcount(bn) + 7) / 8;
	*sigblob_len = 4 + 7 + 4 + tmpSize;
	if ((p = retval = calloc(1, *sigblob_len)) == NULL)
		goto cleanup;

	CAPI_PUT_32BIT(p, 7);
	p += 4;

	memcpy(p, "ssh-rsa", 7);
	p += 7;

	CAPI_PUT_32BIT(p, tmpSize);
	p += 4;

	for (x = 0; x < tmpSize; x++)
		*p++ = bignum_byte(bn, x);

	success = TRUE;
cleanup:
	if (hash)
		CryptDestroyHash(hash);
	hash = 0;

	if (rawsig)
		free(rawsig);
	rawsig = NULL;

	if (bn)
		freebn(bn);
	bn = NULL;

	if (!success) {
		if (retval)
			free(retval);
		retval = NULL;
	}
	return retval;
}

void capi_release_key(struct capi_keyhandle_struct** keyhandle) {
	if (keyhandle) {
		if (*keyhandle) {
			if ((*keyhandle)->win_provider)
				CryptReleaseContext((HCRYPTPROV) (*keyhandle)->win_provider, 0);
			(*keyhandle)->win_provider = NULL;

			if ((*keyhandle)->pubkey)
				free((*keyhandle)->pubkey);
			(*keyhandle)->pubkey = NULL;

			if ((*keyhandle)->algorithm)
				free((*keyhandle)->algorithm);
			(*keyhandle)->algorithm = NULL;

			free(*keyhandle);
		}
		*keyhandle = NULL;
	}
	return;
}

struct CAPI_userkey* Create_CAPI_userkey(const char* certID, PCERT_CONTEXT pCertContext) {
	BOOL success = FALSE;
	struct CAPI_userkey* retval = NULL;
	PCERT_CONTEXT LpCertContext = NULL;

	if (pCertContext == NULL) {
		if (!capi_get_cert_handle(certID, &LpCertContext)) {
			debuglog("Create_CAPI_userkey: capi_get_cert_handle failed\n");
			goto cleanup;
		}
		pCertContext = LpCertContext;
	}

	if ((retval = malloc(sizeof(struct CAPI_userkey))) == NULL) {
		debuglog("Create_CAPI_userkey: malloc for retval failed\n");
		goto cleanup;
	}
	retval->certID = NULL;
	retval->blob = NULL;

	if ((retval->certID = malloc(strlen(certID) + 1)) == NULL) {
		debuglog("Create_CAPI_userkey: malloc for certID failed\n");
		goto cleanup;
	}
	strcpy(retval->certID, certID);

	if (!capi_get_pubkey_blob(pCertContext, &retval->blob, &retval->bloblen)) {
		debuglog("Create_CAPI_userkey: capi_get_pubkey_blob failed\n");
		goto cleanup;
	}

	success = TRUE;
cleanup:
	if (LpCertContext)
		CertFreeCertificateContext(LpCertContext);
	LpCertContext = NULL;

	if (!success) {
		Free_CAPI_userkey(retval);
		retval = NULL;
	}
	return retval;
}
void Free_CAPI_userkey(struct CAPI_userkey* ckey) {
	if (ckey->certID)
		free(ckey->certID);
	ckey->certID = NULL;

	if (ckey->blob)
		free(ckey->blob);
	ckey->blob = NULL;

	free(ckey);
}

char* CAPI_userkey_GetComment(struct CAPI_userkey* ckey) {
	char *retval = NULL;
	
	debuglog("CAPI_userkey_GetComment: called\n");
	if ((retval = malloc(5 + strlen(ckey->certID) + 1)) == NULL) {
		debuglog("CAPI_userkey_GetComment: malloc failed\n");
		return NULL;
	}
	sprintf(retval, "CAPI:%s", ckey->certID);
	return retval;
}

/*
 * CAPI: Windows Crypto API header file.
 * Andrew Prout, aprout at ll mit edu
 */

#ifndef PUTTY_CAPI_H
#define PUTTY_CAPI_H

#ifdef _WINDOWS

struct capi_keyhandle_struct {
	void* win_provider;
	char* algorithm;
	unsigned char* pubkey;
	unsigned int pubkey_len;
	unsigned int win_keyspec;
};

struct CAPI_userkey {
	char			*certID; // StoreType\StoreName\HexSHA1
	unsigned char	*blob;
	int				bloblen;
};
#define CAPI_userkey_Comment_Length(x) (strlen(x->certID) + 5 /* "CAPI:" */)

extern struct ssh2_userkey capi_key_ssh2_userkey;

BOOL capi_get_pubkey(void *f, char* certID, unsigned char** pubkey, char **algorithm, int *blob_len);
BOOL capi_get_key_handle(void *f, char* certID, struct capi_keyhandle_struct** keyhandle);
BOOL capi_display_cert_ui(HWND hwnd, char* certID, WCHAR* title);
//BOOL capi_get_cert_handle(char* certID, PCCERT_CONTEXT* oCertContext);
unsigned char* capi_sig(struct capi_keyhandle_struct* keyhandle, char *sigdata, int sigdata_len, int *sigblob_len);
unsigned char* capi_sig_certID(char* certID, char *sigdata, int sigdata_len, int *sigblob_len);
void capi_release_key(struct capi_keyhandle_struct** keyhandle);
char* capi_get_key_string(char* certID);
char* CAPI_userkey_GetComment(struct CAPI_userkey* ckey);

struct CAPI_userkey* Create_CAPI_userkey(const char* certID, CERT_CONTEXT* pCertContext);
void Free_CAPI_userkey(struct CAPI_userkey* ckey);

#endif //#ifdef _WINDOWS

#endif //#ifndef PUTTY_CAPI_H

    CS_ISO8859_11,
    CS_ISO8859_13,
    CS_ISO8859_14,
    CS_ISO8859_15,
    CS_ISO8859_16,
    CS_CP437,
    CS_CP850,
    CS_CP852,
    CS_CP866,
    CS_CP1250,
    CS_CP1251,
    CS_CP1252,
    CS_CP1253,
    CS_CP1254,
    CS_CP1255,

 * The sequence of `errlen' wide characters pointed to by `errstr'
 * will be used to indicate a conversion error. If `errstr' is
 * NULL, `errlen' will be ignored, and the library will choose
 * something sensible to do on its own. For Unicode, this will be
 * U+FFFD (REPLACEMENT CHARACTER).
 */

int charset_to_unicode(const char **input, int *inlen,
int charset_to_unicode(char **input, int *inlen, wchar_t *output, int outlen,
                       wchar_t *output, int outlen,
		       int charset, charset_state *state,
		       const wchar_t *errstr, int errlen);

/*
 * Routine to convert Unicode to an MB/SB character set.
 * 
 * This routine accepts some number of Unicode characters, updates

 * The sequence of `errlen' characters pointed to by `errstr' will
 * be used to indicate a conversion error. If `errstr' is NULL,
 * `errlen' will be ignored, and the library will choose something
 * sensible to do on its own (which will vary depending on the
 * output charset).
 */

int charset_from_unicode(const wchar_t **input, int *inlen,
int charset_from_unicode(wchar_t **input, int *inlen, char *output, int outlen,
                         char *output, int outlen,
			 int charset, charset_state *state,
			 const char *errstr, int errlen);

/*
 * Convert X11 encoding names to and from our charset identifiers.
 */
const char *charset_to_xenc(int charset);

	    outlen--;
	}
    } else {
	param->stopped = 1;
    }
}

int charset_from_unicode(const wchar_t **input, int *inlen,
int charset_from_unicode(wchar_t **input, int *inlen, char *output, int outlen,
                         char *output, int outlen,
			 int charset, charset_state *state,
			 const char *errstr, int errlen)
{
    charset_spec const *spec = charset_find_spec(charset);
    charset_state localstate;
    struct charset_emit_param param;

static const struct {
    const char *name;
    int charset;
    int return_in_enum;   /* enumeration misses some charsets */
} localencs[] = {
    { "<UNKNOWN>", CS_NONE, 0 },
    { "UTF-8", CS_UTF8, 1 },
    { "ISO-8859-1", CS_ISO8859_1, 1 },
    { "ISO-8859-1 with X11 line drawing", CS_ISO8859_1_X11, 0 },
    { "ISO-8859-2", CS_ISO8859_2, 1 },
    { "ISO-8859-3", CS_ISO8859_3, 1 },
    { "ISO-8859-4", CS_ISO8859_4, 1 },
    { "ISO-8859-5", CS_ISO8859_5, 1 },
    { "ISO-8859-6", CS_ISO8859_6, 1 },
    { "ISO-8859-7", CS_ISO8859_7, 1 },
    { "ISO-8859-8", CS_ISO8859_8, 1 },
    { "ISO-8859-9", CS_ISO8859_9, 1 },
    { "ISO-8859-10", CS_ISO8859_10, 1 },
    { "ISO-8859-11", CS_ISO8859_11, 1 },
    { "ISO-8859-13", CS_ISO8859_13, 1 },
    { "ISO-8859-14", CS_ISO8859_14, 1 },
    { "ISO-8859-15", CS_ISO8859_15, 1 },
    { "ISO-8859-16", CS_ISO8859_16, 1 },
    { "CP437", CS_CP437, 1 },
    { "CP850", CS_CP850, 1 },
    { "CP852", CS_CP852, 1 },
    { "CP866", CS_CP866, 1 },
    { "CP1250", CS_CP1250, 1 },
    { "CP1251", CS_CP1251, 1 },
    { "CP1252", CS_CP1252, 1 },
    { "CP1253", CS_CP1253, 1 },
    { "CP1254", CS_CP1254, 1 },
    { "CP1255", CS_CP1255, 1 },

    { "Mac Cyrillic (old)", CS_MAC_CYRILLIC_OLD, 0 },
    { "Mac Ukraine", CS_MAC_UKRAINE, 1 },
    { "Mac VT100", CS_MAC_VT100, 1 },
    { "Mac VT100 (old)", CS_MAC_VT100_OLD, 0 },
    { "VISCII", CS_VISCII, 1 },
    { "HP ROMAN8", CS_HP_ROMAN8, 1 },
    { "DEC MCS", CS_DEC_MCS, 1 },
    { "UTF-8", CS_UTF8, 1 },
};

const char *charset_to_localenc(int charset)
{
    int i;

    for (i = 0; i < (int)lenof(localencs); i++)

    { "csPC8CodePage437", CS_CP437 },

    { "IBM850", CS_CP850 },
    { "cp850", CS_CP850 },
    { "850", CS_CP850 },
    { "csPC850Multilingual", CS_CP850 },

    { "IBM852", CS_CP852 },
    { "cp852", CS_CP852 },
    { "852", CS_CP852 },
    { "csIBM852", CS_CP852 },

    { "IBM866", CS_CP866 },
    { "cp866", CS_CP866 },
    { "866", CS_CP866 },
    { "csIBM866", CS_CP866 },

    { "windows-1250", CS_CP1250 },

0430 0431 0432 0433 0434 0435 0436 0437 0438 0439 043a 043b 043c 043d 043e 043f
2591 2592 2593 2502 2524 2561 2562 2556 2555 2563 2551 2557 255d 255c 255b 2510
2514 2534 252c 251c 2500 253c 255e 255f 255a 2554 2569 2566 2560 2550 256c 2567
2568 2564 2565 2559 2558 2552 2553 256b 256a 2518 250c 2588 2584 258c 2590 2580
0440 0441 0442 0443 0444 0445 0446 0447 0448 0449 044a 044b 044c 044d 044e 044f
0401 0451 0404 0454 0407 0457 040e 045e 00b0 2219 00b7 221a 2116 00a4 25a0 00a0

  Another old DOS code page, submitted by a user and checked against
  the translation table at
  http://msdn.microsoft.com/en-us/goglobal/cc305161.aspx .

charset CS_CP852
0000 0001 0002 0003 0004 0005 0006 0007 0008 0009 000a 000b 000c 000d 000e 000f
0010 0011 0012 0013 0014 0015 0016 0017 0018 0019 001a 001b 001c 001d 001e 001f
0020 0021 0022 0023 0024 0025 0026 0027 0028 0029 002a 002b 002c 002d 002e 002f
0030 0031 0032 0033 0034 0035 0036 0037 0038 0039 003a 003b 003c 003d 003e 003f
0040 0041 0042 0043 0044 0045 0046 0047 0048 0049 004a 004b 004c 004d 004e 004f
0050 0051 0052 0053 0054 0055 0056 0057 0058 0059 005a 005b 005c 005d 005e 005f
0060 0061 0062 0063 0064 0065 0066 0067 0068 0069 006a 006b 006c 006d 006e 006f
0070 0071 0072 0073 0074 0075 0076 0077 0078 0079 007a 007b 007c 007d 007e 007f
00c7 00fc 00e9 00e2 00e4 016f 0107 00e7 0142 00eb 0150 0151 00ee 0179 00c4 0106
00c9 0139 013a 00f4 00f6 013d 013e 015a 015b 00d6 00dc 0164 0165 0141 00d7 010d
00e1 00ed 00f3 00fa 0104 0105 017d 017e 0118 0119 00ac 017a 010c 015f 00ab 00bb
2591 2592 2593 2502 2524 00c1 00c2 011a 015e 2563 2551 2557 255d 017b 017c 2510
2514 2534 252c 251c 2500 253c 0102 0103 255a 2554 2569 2566 2560 2550 256c 00a4
0111 0110 010e 00cb 010f 0147 00cd 00ce 011b 2518 250c 2588 2584 0162 016e 2580
00d3 00df 00d4 0143 0144 0148 0160 0161 0154 00da 0155 0170 00fd 00dd 0163 00b4
00ad 02dd 02db 02c7 02d8 00a7 00f7 00b8 00b0 00a8 02d9 0171 0158 0159 25a0 00a0

  Here are some Windows code pages, generated by this piece of
  Bourne shell:

  for i in 1250 1251 1252 1253 1254 1255 1256 1257 1258; do
    echo charset CS_CP$i
    gensbcs http://www.unicode.org/Public/MAPPINGS/VENDORS/MICSFT/WINDOWS/CP$i.TXT
    echo

	    outlen--;
	}
    } else {
	param->stopped = 1;
    }
}

int charset_to_unicode(const char **input, int *inlen,
int charset_to_unicode(char **input, int *inlen, wchar_t *output, int outlen,
                       wchar_t *output, int outlen,
		       int charset, charset_state *state,
		       const wchar_t *errstr, int errlen)
{
    charset_spec const *spec = charset_find_spec(charset);
    charset_state localstate;
    struct unicode_emit_param param;

    /*
     * Unofficial encoding names found in the wild.
     */
    { "iso8859-16", CS_ISO8859_16 },
    { "koi8-u", CS_KOI8_U },
    { "ibm-cp437", CS_CP437 },
    { "ibm-cp850", CS_CP850 },
    { "ibm-cp852", CS_CP852 },
    { "ibm-cp866", CS_CP866 },
    { "microsoft-cp1250", CS_CP1250 },
    { "microsoft-cp1251", CS_CP1251 },
    { "microsoft-cp1252", CS_CP1252 },
    { "microsoft-cp1253", CS_CP1253 },
    { "microsoft-cp1254", CS_CP1254 },
    { "microsoft-cp1255", CS_CP1255 },

    fprintf(stderr, "FATAL ERROR: ");
    va_start(ap, p);
    vfprintf(stderr, p, ap);
    va_end(ap);
    fputc('\n', stderr);
    cleanup_exit(1);
}

void nonfatal(char *p, ...)
{
    va_list ap;
    fprintf(stderr, "ERROR: ");
    va_start(ap, p);
    vfprintf(stderr, p, ap);
    va_end(ap);
    fputc('\n', stderr);
}

/*
 * Stubs to let everything else link sensibly.
 */
void log_eventlog(void *handle, const char *event)
{
}
char *x_get_default(const char *key)
{
    return NULL;
}
void sk_cleanup(void)
{
}

void showversion(void)
{
    char *verstr = dupstr(ver);
    verstr[0] = tolower((unsigned char)verstr[0]);
    printf("PuTTYgen %s\n", verstr);
    printf("puttygen: %s\n", ver);
    sfree(verstr);
}

void usage(int standalone)
{
    fprintf(stderr,
	    "Usage: puttygen ( keyfile | -t type [ -b bits ] )\n"
	    "                [ -C comment ] [ -P ] [ -q ]\n"

    return dupstr(buffer);
}

int main(int argc, char **argv)
{
    char *infile = NULL;
    Filename infilename;
    Filename *infilename = NULL, *outfilename = NULL;
    enum { NOKEYGEN, RSA1, RSA2, DSA } keytype = NOKEYGEN;    
    char *outfile = NULL, *outfiletmp = NULL;
    Filename outfilename;
    enum { PRIVATE, PUBLIC, PUBLICO, FP, OPENSSH, SSHCOM } outtype = PRIVATE;
    int bits = 1024;
    int bits = 2048;
    char *comment = NULL, *origcomment = NULL;
    int change_passphrase = FALSE;
    int errs = FALSE, nogo = FALSE;
    int intype = SSH_KEYTYPE_UNOPENABLE;
    int sshver = 0;
    struct ssh2_userkey *ssh2key = NULL;
    struct RSAKey *ssh1key = NULL;

    /*
     * Analyse the type of the input file, in case this affects our
     * course of action.
     */
    if (infile) {
	infilename = filename_from_str(infile);

	intype = key_type(&infilename);
	intype = key_type(infilename);

	switch (intype) {
	    /*
	     * It would be nice here to be able to load _public_
	     * key files, in any of a number of forms, and (a)
	     * convert them to other public key types, (b) print
	     * out their fingerprints. Or, I suppose, for real

	entropy = get_random_data(bits / 8);
	if (!entropy) {
	    fprintf(stderr, "puttygen: failed to collect entropy, "
		    "could not generate key\n");
	    return 1;
	}
	random_add_heavynoise(entropy, bits / 8);
	memset(entropy, 0, bits/8);
	smemclr(entropy, bits/8);
	sfree(entropy);

	if (keytype == DSA) {
	    struct dss_key *dsskey = snew(struct dss_key);
	    dsa_generate(dsskey, bits, progressfn, &prog);
	    ssh2key = snew(struct ssh2_userkey);
	    ssh2key->data = dsskey;

	assert(infile != NULL);

	/*
	 * Find out whether the input key is encrypted.
	 */
	if (intype == SSH_KEYTYPE_SSH1)
	    encrypted = rsakey_encrypted(&infilename, &origcomment);
	    encrypted = rsakey_encrypted(infilename, &origcomment);
	else if (intype == SSH_KEYTYPE_SSH2)
	    encrypted = ssh2_userkey_encrypted(&infilename, &origcomment);
	    encrypted = ssh2_userkey_encrypted(infilename, &origcomment);
	else
	    encrypted = import_encrypted(&infilename, intype, &origcomment);
	    encrypted = import_encrypted(infilename, intype, &origcomment);

	/*
	 * If so, ask for a passphrase.
	 */
	if (encrypted && load_encrypted) {
	    prompts_t *p = new_prompts(NULL);
	    int ret;
	    p->to_server = FALSE;
	    p->name = dupstr("SSH key passphrase");
	    add_prompt(p, dupstr("Enter passphrase to load key: "), FALSE, 512);
	    add_prompt(p, dupstr("Enter passphrase to load key: "), FALSE);
	    ret = console_get_userpass_input(p, NULL, 0);
	    assert(ret >= 0);
	    if (!ret) {
		free_prompts(p);
		perror("puttygen: unable to read passphrase");
		return 1;
	    } else {

	  case SSH_KEYTYPE_SSH1:
	    ssh1key = snew(struct RSAKey);
	    if (!load_encrypted) {
		void *vblob;
		unsigned char *blob;
		int n, l, bloblen;

		ret = rsakey_pubblob(&infilename, &vblob, &bloblen,
		ret = rsakey_pubblob(infilename, &vblob, &bloblen,
				     &origcomment, &error);
		blob = (unsigned char *)vblob;

		n = 4;		       /* skip modulus bits */
		
		l = ssh1_read_bignum(blob + n, bloblen - n,
				     &ssh1key->exponent);
		if (l < 0) {
		    error = "SSH-1 public key blob was too short";
		} else {
		    n += l;
		    l = ssh1_read_bignum(blob + n, bloblen - n,
					 &ssh1key->modulus);
		    if (l < 0) {
			error = "SSH-1 public key blob was too short";
		    } else
			n += l;
		}
		ssh1key->comment = dupstr(origcomment);
		ssh1key->private_exponent = NULL;
		ssh1key->p = NULL;
		ssh1key->q = NULL;
		ssh1key->iqmp = NULL;
	    } else {
		ret = loadrsakey(&infilename, ssh1key, passphrase, &error);
		ret = loadrsakey(infilename, ssh1key, passphrase, &error);
	    }
	    if (ret > 0)
		error = NULL;
	    else if (!error)
		error = "unknown error";
	    break;

	  case SSH_KEYTYPE_SSH2:
	    if (!load_encrypted) {
		ssh2blob = ssh2_userkey_loadpub(&infilename, &ssh2alg,
		ssh2blob = ssh2_userkey_loadpub(infilename, &ssh2alg,
						&ssh2bloblen, NULL, &error);
                if (ssh2blob) {
		ssh2algf = find_pubkey_alg(ssh2alg);
		if (ssh2algf)
		    bits = ssh2algf->pubkey_bits(ssh2blob, ssh2bloblen);
		else
		    bits = -1;
                    ssh2algf = find_pubkey_alg(ssh2alg);
                    if (ssh2algf)
                        bits = ssh2algf->pubkey_bits(ssh2blob, ssh2bloblen);
                    else
                        bits = -1;
                }
	    } else {
		ssh2key = ssh2_load_userkey(&infilename, passphrase, &error);
		ssh2key = ssh2_load_userkey(infilename, passphrase, &error);
	    }
	    if ((ssh2key && ssh2key != SSH2_WRONG_PASSPHRASE) || ssh2blob)
		error = NULL;
	    else if (!error) {
		if (ssh2key == SSH2_WRONG_PASSPHRASE)
		    error = "wrong passphrase";
		else
		    error = "unknown error";
	    }
	    break;

	  case SSH_KEYTYPE_OPENSSH:
	  case SSH_KEYTYPE_SSHCOM:
	    ssh2key = import_ssh2(&infilename, intype, passphrase, &error);
	    ssh2key = import_ssh2(infilename, intype, passphrase, &error);
	    if (ssh2key) {
		if (ssh2key != SSH2_WRONG_PASSPHRASE)
		    error = NULL;
		else
		    error = "wrong passphrase";
	    } else if (!error)
		error = "unknown error";

     */
    if (change_passphrase || keytype != NOKEYGEN) {
	prompts_t *p = new_prompts(NULL);
	int ret;

	p->to_server = FALSE;
	p->name = dupstr("New SSH key passphrase");
	add_prompt(p, dupstr("Enter passphrase to save key: "), FALSE, 512);
	add_prompt(p, dupstr("Re-enter passphrase to verify: "), FALSE, 512);
	add_prompt(p, dupstr("Enter passphrase to save key: "), FALSE);
	add_prompt(p, dupstr("Re-enter passphrase to verify: "), FALSE);
	ret = console_get_userpass_input(p, NULL, 0);
	assert(ret >= 0);
	if (!ret) {
	    free_prompts(p);
	    perror("puttygen: unable to read new passphrase");
	    return 1;
	} else {
	    if (strcmp(p->prompts[0]->result, p->prompts[1]->result)) {
		free_prompts(p);
		fprintf(stderr, "puttygen: passphrases do not match\n");
		return 1;
	    }
	    if (passphrase) {
		memset(passphrase, 0, strlen(passphrase));
		smemclr(passphrase, strlen(passphrase));
		sfree(passphrase);
	    }
	    passphrase = dupstr(p->prompts[0]->result);
	    free_prompts(p);
	    if (!*passphrase) {
		sfree(passphrase);
		passphrase = NULL;

    switch (outtype) {
	int ret;

      case PRIVATE:
	if (sshver == 1) {
	    assert(ssh1key);
	    ret = saversakey(&outfilename, ssh1key, passphrase);
	    ret = saversakey(outfilename, ssh1key, passphrase);
	    if (!ret) {
		fprintf(stderr, "puttygen: unable to save SSH-1 private key\n");
		return 1;
	    }
	} else {
	    assert(ssh2key);
	    ret = ssh2_save_userkey(&outfilename, ssh2key, passphrase);
	    ret = ssh2_save_userkey(outfilename, ssh2key, passphrase);
 	    if (!ret) {
		fprintf(stderr, "puttygen: unable to save SSH-2 private key\n");
		return 1;
	    }
	}
	if (outfiletmp) {
	    if (!move(outfiletmp, outfile))

	}
	break;
	
      case OPENSSH:
      case SSHCOM:
	assert(sshver == 2);
	assert(ssh2key);
	ret = export_ssh2(&outfilename, outtype, ssh2key, passphrase);
	ret = export_ssh2(outfilename, outtype, ssh2key, passphrase);
	if (!ret) {
	    fprintf(stderr, "puttygen: unable to export key\n");
	    return 1;
	}
	if (outfiletmp) {
	    if (!move(outfiletmp, outfile))
		return 1;	       /* rename failed */
	}
	break;
    }

    if (passphrase) {
	memset(passphrase, 0, strlen(passphrase));
	smemclr(passphrase, strlen(passphrase));
	sfree(passphrase);
    }

    if (ssh1key)
	freersakey(ssh1key);
    if (ssh2key) {
	ssh2key->alg->freekey(ssh2key->data);

static char *cmdline_password = NULL;

void cmdline_cleanup(void)
{
    int pri;

    if (cmdline_password) {
	memset(cmdline_password, 0, strlen(cmdline_password));
	smemclr(cmdline_password, strlen(cmdline_password));
	sfree(cmdline_password);
	cmdline_password = NULL;
    }
    
    for (pri = 0; pri < NPRIORITIES; pri++) {
	sfree(saves[pri].params);
	saves[pri].params = NULL;

    /*
     * If we've tried once, return utter failure (no more passwords left
     * to try).
     */
    if (tried_once)
	return 0;

    strncpy(p->prompts[0]->result, cmdline_password,
    prompt_set_result(p->prompts[0], cmdline_password);
	    p->prompts[0]->result_len);
    p->prompts[0]->result[p->prompts[0]->result_len-1] = '\0';
    memset(cmdline_password, 0, strlen(cmdline_password));
    smemclr(cmdline_password, strlen(cmdline_password));
    sfree(cmdline_password);
    cmdline_password = NULL;
    tried_once = 1;
    return 1;

}

/*
 * Here we have a flags word which describes the capabilities of
 * the particular tool on whose behalf we're running. We will
 * refuse certain command-line options if a particular tool
 * inherently can't do anything sensible. For example, the file

#define RETURN(x) do { \
    if ((x) == 2 && !value) return -2; \
    ret = x; \
    if (need_save < 0) return x; \
} while (0)

int cmdline_process_param(char *p, char *value, int need_save, Config *cfg)
int cmdline_process_param(char *p, char *value, int need_save, Conf *conf)
{
    int ret = 0;

    if (!strcmp(p, "-load")) {
	RETURN(2);
	/* This parameter must be processed immediately rather than being
	 * saved. */
	do_defaults(value, cfg);
	do_defaults(value, conf);
	loaded_session = TRUE;
	cmdline_session_name = dupstr(value);
	return 2;
    }
    if (!strcmp(p, "-ssh")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	default_protocol = cfg->protocol = PROT_SSH;
	default_port = cfg->port = 22;
	default_protocol = PROT_SSH;
	default_port = 22;
	conf_set_int(conf, CONF_protocol, default_protocol);
	conf_set_int(conf, CONF_port, default_port);
	return 1;
    }
    if (!strcmp(p, "-telnet")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	default_protocol = cfg->protocol = PROT_TELNET;
	default_port = cfg->port = 23;
	default_protocol = PROT_TELNET;
	default_port = 23;
	conf_set_int(conf, CONF_protocol, default_protocol);
	conf_set_int(conf, CONF_port, default_port);
	return 1;
    }
    if (!strcmp(p, "-rlogin")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	default_protocol = cfg->protocol = PROT_RLOGIN;
	default_port = cfg->port = 513;
	default_protocol = PROT_RLOGIN;
	default_port = 513;
	conf_set_int(conf, CONF_protocol, default_protocol);
	conf_set_int(conf, CONF_port, default_port);
	return 1;
    }
    if (!strcmp(p, "-raw")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	default_protocol = cfg->protocol = PROT_RAW;
	default_protocol = PROT_RAW;
	conf_set_int(conf, CONF_protocol, default_protocol);
    }
    if (!strcmp(p, "-serial")) {
	RETURN(1);
	/* Serial is not NONNETWORK in an odd sense of the word */
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	default_protocol = cfg->protocol = PROT_SERIAL;
	/* The host parameter will already be loaded into cfg->host, so copy it across */
	strncpy(cfg->serline, cfg->host, sizeof(cfg->serline) - 1);
	default_protocol = PROT_SERIAL;
	conf_set_int(conf, CONF_protocol, default_protocol);
	/* The host parameter will already be loaded into CONF_host,
	 * so copy it across */
	conf_set_str(conf, CONF_serline, conf_get_str(conf, CONF_host));
	cfg->serline[sizeof(cfg->serline) - 1] = '\0';
    }
    if (!strcmp(p, "-v")) {
	RETURN(1);
	flags |= FLAG_VERBOSE;
    }
    if (!strcmp(p, "-l")) {
	RETURN(2);
	UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	strncpy(cfg->username, value, sizeof(cfg->username));
	conf_set_str(conf, CONF_username, value);
	cfg->username[sizeof(cfg->username) - 1] = '\0';
    }
    if (!strcmp(p, "-loghost")) {
	RETURN(2);
	UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	strncpy(cfg->loghost, value, sizeof(cfg->loghost));
	conf_set_str(conf, CONF_loghost, value);
	cfg->loghost[sizeof(cfg->loghost) - 1] = '\0';
    }
    if ((!strcmp(p, "-L") || !strcmp(p, "-R") || !strcmp(p, "-D"))) {
	char *fwd, *ptr, *q, *qq;
	char type, *q, *qq, *key, *val;
	int dynamic, i=0;
	RETURN(2);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	dynamic = !strcmp(p, "-D");
	if (strcmp(p, "-D")) {
	fwd = value;
	ptr = cfg->portfwd;
	/* if existing forwards, find end of list */
	while (*ptr) {
	    while (*ptr)
		ptr++;
	    ptr++;
	}
	i = ptr - cfg->portfwd;
	ptr[0] = p[1];  /* insert a 'L', 'R' or 'D' at the start */
	ptr++;
	if (1 + strlen(fwd) + 2 > sizeof(cfg->portfwd) - i) {
	    cmdline_error("out of space for port forwardings");
	    return ret;
	}
	strncpy(ptr, fwd, sizeof(cfg->portfwd) - i - 2);
	if (!dynamic) {
	    /*
             * For -L or -R forwarding types:
             *
	     * We expect _at least_ two colons in this string. The
	     * possible formats are `sourceport:desthost:destport',
	     * or `sourceip:sourceport:desthost:destport' if you're
	     * specifying a particular loopback address. We need to
	     * replace the one between source and dest with a \t;
	     * this means we must find the second-to-last colon in
	     * the string.
	     *
	     * (This looks like a foolish way of doing it given the
	     * existence of strrchr, but it's more efficient than
	     * two strrchrs - not to mention that the second strrchr
	     * would require us to modify the input string!)
	     */

            type = p[1];               /* 'L' or 'R' */

	    q = qq = strchr(ptr, ':');
	    q = qq = strchr(value, ':');
	    while (qq) {
		char *qqq = strchr(qq+1, ':');
		if (qqq)
		    q = qq;
		qq = qqq;
	    }
	    if (q) *q = '\t';	       /* replace second-last colon with \t */
	}
	cfg->portfwd[sizeof(cfg->portfwd) - 1] = '\0';
	cfg->portfwd[sizeof(cfg->portfwd) - 2] = '\0';

	    if (!q) {
		cmdline_error("-%c expects at least two colons in its"
			      " argument", type);
		return ret;
	    }

	    key = dupprintf("%c%.*s", type, (int)(q - value), value);
	    val = dupstr(q+1);
	} else {
            /*
             * Dynamic port forwardings are entered under the same key
             * as if they were local (because they occupy the same
             * port space - a local and a dynamic forwarding on the
             * same local port are mutually exclusive), with the
             * special value "D" (which can be distinguished from
             * anything in the ordinary -L case by containing no
             * colon).
             */
	    key = dupprintf("L%s", value);
	    val = dupstr("D");
	}
	conf_set_str_str(conf, CONF_portfwd, key, val);
	ptr[strlen(ptr)+1] = '\000';    /* append 2nd '\000' */
	sfree(key);
	sfree(val);
    }
    if ((!strcmp(p, "-nc"))) {
	char *host, *portp;

	RETURN(2);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(0);

	host = portp = value;
	portp = strchr(value, ':');
	while (*portp && *portp != ':')
	    portp++;
	if (*portp) {
	if (!portp) {
	    unsigned len = portp - host;
	    if (len >= sizeof(cfg->ssh_nc_host))
		len = sizeof(cfg->ssh_nc_host) - 1;
	    memcpy(cfg->ssh_nc_host, value, len);
	    cfg->ssh_nc_host[len] = '\0';
	    cfg->ssh_nc_port = atoi(portp+1);
	} else {
	    cmdline_error("-nc expects argument of form 'host:port'");
	    return ret;
	}

	host = dupprintf("%.*s", (int)(portp - value), value);
	conf_set_str(conf, CONF_ssh_nc_host, host);
	conf_set_int(conf, CONF_ssh_nc_port, atoi(portp + 1));
        sfree(host);
    }
    if (!strcmp(p, "-m")) {
	char *filename, *command;
	int cmdlen, cmdsize;
	FILE *fp;
	int c, d;

	RETURN(2);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(0);

	filename = value;

	cmdlen = cmdsize = 0;
	command = NULL;
	fp = fopen(filename, "r");
	if (!fp) {
	    cmdline_error("unable to open command "
	    cmdline_error("unable to open command file \"%s\"", filename);
			  "file \"%s\"", filename);
	    return ret;
	}
	do {
	    c = fgetc(fp);
	    d = c;
	    if (c == EOF)
		d = 0;
	    if (cmdlen >= cmdsize) {
		cmdsize = cmdlen + 512;
		command = sresize(command, cmdsize, char);
	    }
	    command[cmdlen++] = d;
	} while (c != EOF);
	fclose(fp);
	cfg->remote_cmd_ptr = command;
	cfg->remote_cmd_ptr2 = NULL;
	cfg->nopty = TRUE;      /* command => no terminal */
	fclose(fp);
	conf_set_str(conf, CONF_remote_cmd, command);
	conf_set_str(conf, CONF_remote_cmd2, "");
	conf_set_int(conf, CONF_nopty, TRUE);   /* command => no terminal */
	sfree(command);
    }
    if (!strcmp(p, "-P")) {
	RETURN(2);
	UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
	SAVEABLE(1);		       /* lower priority than -ssh,-telnet */
	cfg->port = atoi(value);
	conf_set_int(conf, CONF_port, atoi(value));
    }
    if (!strcmp(p, "-pw")) {
	RETURN(2);
	UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
	SAVEABLE(1);
	/* We delay evaluating this until after the protocol is decided,
	 * so that we can warn if it's of no use with the selected protocol */
	if (cfg->protocol != PROT_SSH)
	if (conf_get_int(conf, CONF_protocol) != PROT_SSH)
	    cmdline_error("the -pw option can only be used with the "
			  "SSH protocol");
	else {
	    cmdline_password = dupstr(value);
	    /* Assuming that `value' is directly from argv, make a good faith
	     * attempt to trample it, to stop it showing up in `ps' output
	     * on Unix-like systems. Not guaranteed, of course. */
	    memset(value, 0, strlen(value));
	    smemclr(value, strlen(value));
	}
    }

    if (!strcmp(p, "-agent") || !strcmp(p, "-pagent") ||
	!strcmp(p, "-pageant")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	cfg->tryagent = TRUE;
	conf_set_int(conf, CONF_tryagent, TRUE);
    }
    if (!strcmp(p, "-noagent") || !strcmp(p, "-nopagent") ||
	!strcmp(p, "-nopageant")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	cfg->tryagent = FALSE;
	conf_set_int(conf, CONF_tryagent, FALSE);
    }

    if (!strcmp(p, "-A")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	cfg->agentfwd = 1;
	conf_set_int(conf, CONF_agentfwd, 1);
    }
    if (!strcmp(p, "-a")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	cfg->agentfwd = 0;
	conf_set_int(conf, CONF_agentfwd, 0);
    }

    if (!strcmp(p, "-X")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	cfg->x11_forward = 1;
	conf_set_int(conf, CONF_x11_forward, 1);
    }
    if (!strcmp(p, "-x")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	cfg->x11_forward = 0;
	conf_set_int(conf, CONF_x11_forward, 0);
    }

    if (!strcmp(p, "-t")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(1);	/* lower priority than -m */
	cfg->nopty = 0;
	conf_set_int(conf, CONF_nopty, 0);
    }
    if (!strcmp(p, "-T")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(1);
	cfg->nopty = 1;
	conf_set_int(conf, CONF_nopty, 1);
    }

    if (!strcmp(p, "-N")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	cfg->ssh_no_shell = 1;
	conf_set_int(conf, CONF_ssh_no_shell, 1);
    }

    if (!strcmp(p, "-C")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	cfg->compression = 1;
	conf_set_int(conf, CONF_compression, 1);
    }

    if (!strcmp(p, "-1")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	cfg->sshprot = 0;	       /* ssh protocol 1 only */
	conf_set_int(conf, CONF_sshprot, 0);   /* ssh protocol 1 only */
    }
    if (!strcmp(p, "-2")) {
	RETURN(1);
	UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	cfg->sshprot = 3;	       /* ssh protocol 2 only */
	conf_set_int(conf, CONF_sshprot, 3);   /* ssh protocol 2 only */
    }

    if (!strcmp(p, "-i")) {
	Filename *fn;
	RETURN(2);
	UNAVAILABLE_IN(TOOLTYPE_NONNETWORK);
	SAVEABLE(0);
	cfg->keyfile = filename_from_str(value);
	fn = filename_from_str(value);
	conf_set_filename(conf, CONF_keyfile, fn);
        filename_free(fn);
    }

    if (!strcmp(p, "-4") || !strcmp(p, "-ipv4")) {
	RETURN(1);
	SAVEABLE(1);
	cfg->addressfamily = ADDRTYPE_IPV4;
	conf_set_int(conf, CONF_addressfamily, ADDRTYPE_IPV4);
    }
    if (!strcmp(p, "-6") || !strcmp(p, "-ipv6")) {
	RETURN(1);
	SAVEABLE(1);
	cfg->addressfamily = ADDRTYPE_IPV6;
	conf_set_int(conf, CONF_addressfamily, ADDRTYPE_IPV6);
    }
    if (!strcmp(p, "-sercfg")) {
	char* nextitem;
	RETURN(2);
	UNAVAILABLE_IN(TOOLTYPE_FILETRANSFER | TOOLTYPE_NONNETWORK);
	SAVEABLE(1);
	if (cfg->protocol != PROT_SERIAL)
	if (conf_get_int(conf, CONF_protocol) != PROT_SERIAL)
	    cmdline_error("the -sercfg option can only be used with the "
			  "serial protocol");
	/* Value[0] contains one or more , separated values, like 19200,8,n,1,X */
	nextitem = value;
	while (nextitem[0] != '\0') {
	    int length, skip;
	    char *end = strchr(nextitem, ',');
	    if (!end) {
		length = strlen(nextitem);
		skip = 0;
	    } else {
		length = end - nextitem;
		nextitem[length] = '\0';
		skip = 1;
	    }
	    if (length == 1) {
		switch (*nextitem) {
		  case '1':
		    cfg->serstopbits = 2;
		    break;
		  case '2':
		    cfg->serstopbits = 4;
		    conf_set_int(conf, CONF_serstopbits, 2 * (*nextitem-'0'));
		    break;

		  case '5':
		    cfg->serdatabits = 5;
		    break;
		  case '6':
		    cfg->serdatabits = 6;
		    break;
		  case '7':
		    cfg->serdatabits = 7;
		    break;
		  case '8':
		    cfg->serdatabits = 8;
		    break;
		  case '9':
		    cfg->serdatabits = 9;
		    conf_set_int(conf, CONF_serdatabits, *nextitem-'0');
		    break;

		  case 'n':
		    cfg->serparity = SER_PAR_NONE;
		    conf_set_int(conf, CONF_serparity, SER_PAR_NONE);
		    break;
		  case 'o':
		    cfg->serparity = SER_PAR_ODD;
		    conf_set_int(conf, CONF_serparity, SER_PAR_ODD);
		    break;
		  case 'e':
		    cfg->serparity = SER_PAR_EVEN;
		    conf_set_int(conf, CONF_serparity, SER_PAR_EVEN);
		    break;
		  case 'm':
		    cfg->serparity = SER_PAR_MARK;
		    conf_set_int(conf, CONF_serparity, SER_PAR_MARK);
		    break;
		  case 's':
		    cfg->serparity = SER_PAR_SPACE;
		    conf_set_int(conf, CONF_serparity, SER_PAR_SPACE);
		    break;

		  case 'N':
		    cfg->serflow = SER_FLOW_NONE;
		    conf_set_int(conf, CONF_serflow, SER_FLOW_NONE);
		    break;
		  case 'X':
		    cfg->serflow = SER_FLOW_XONXOFF;
		    conf_set_int(conf, CONF_serflow, SER_FLOW_XONXOFF);
		    break;
		  case 'R':
		    cfg->serflow = SER_FLOW_RTSCTS;
		    conf_set_int(conf, CONF_serflow, SER_FLOW_RTSCTS);
		    break;
		  case 'D':
		    cfg->serflow = SER_FLOW_DSRDTR;
		    conf_set_int(conf, CONF_serflow, SER_FLOW_DSRDTR);
		    break;

		  default:
		    cmdline_error("Unrecognised suboption \"-sercfg %c\"",
				  *nextitem);
		}
	    } else if (length == 3 && !strncmp(nextitem,"1.5",3)) {
		/* Messy special case */
		cfg->serstopbits = 3;
		conf_set_int(conf, CONF_serstopbits, 3);
	    } else {
		int serspeed = atoi(nextitem);
		if (serspeed != 0) {
		    cfg->serspeed = serspeed;
		    conf_set_int(conf, CONF_serspeed, serspeed);
		} else {
		    cmdline_error("Unrecognised suboption \"-sercfg %s\"",
				  nextitem);
		}
	    }
	    nextitem += length + skip;
	}
    }
    return ret;			       /* unrecognised */
}

void cmdline_run_saved(Config *cfg)
void cmdline_run_saved(Conf *conf)
{
    int pri, i;
    for (pri = 0; pri < NPRIORITIES; pri++)
	for (i = 0; i < saves[pri].nsaved; i++)
	    cmdline_process_param(saves[pri].params[i].p,
				  saves[pri].params[i].value, 0, cfg);
				  saves[pri].params[i].value, 0, conf);
}

/*
 * conf.c: implementation of the internal storage format used for
 * the configuration of a PuTTY session.
 */

#include <stdio.h>
#include <stddef.h>
#include <assert.h>

#include "tree234.h"
#include "putty.h"

/*
 * Enumeration of types used in keys and values.
 */
typedef enum { TYPE_NONE, TYPE_INT, TYPE_STR, TYPE_FILENAME, TYPE_FONT } Type;

/*
 * Arrays which allow us to look up the subkey and value types for a
 * given primary key id.
 */
#define CONF_SUBKEYTYPE_DEF(valtype, keytype, keyword) TYPE_ ## keytype,
static int subkeytypes[] = { CONFIG_OPTIONS(CONF_SUBKEYTYPE_DEF) };
#define CONF_VALUETYPE_DEF(valtype, keytype, keyword) TYPE_ ## valtype,
static int valuetypes[] = { CONFIG_OPTIONS(CONF_VALUETYPE_DEF) };

/*
 * Configuration keys are primarily integers (big enum of all the
 * different configurable options); some keys have string-designated
 * subkeys, such as the list of environment variables (subkeys
 * defined by the variable names); some have integer-designated
 * subkeys (wordness, colours, preference lists).
 */
struct key {
    int primary;
    union {
	int i;
	char *s;
    } secondary;
};

struct value {
    union {
	int intval;
	char *stringval;
	Filename *fileval;
	FontSpec *fontval;
    } u;
};

struct conf_entry {
    struct key key;
    struct value value;
};

struct conf_tag {
    tree234 *tree;
};

/*
 * Because 'struct key' is the first element in 'struct conf_entry',
 * it's safe (guaranteed by the C standard) to cast arbitrarily back
 * and forth between the two types. Therefore, we only need one
 * comparison function, which can double as a main sort function for
 * the tree (comparing two conf_entry structures with each other)
 * and a search function (looking up an externally supplied key).
 */
static int conf_cmp(void *av, void *bv)
{
    struct key *a = (struct key *)av;
    struct key *b = (struct key *)bv;

    if (a->primary < b->primary)
	return -1;
    else if (a->primary > b->primary)
	return +1;
    switch (subkeytypes[a->primary]) {
      case TYPE_INT:
	if (a->secondary.i < b->secondary.i)
	    return -1;
	else if (a->secondary.i > b->secondary.i)
	    return +1;
	return 0;
      case TYPE_STR:
	return strcmp(a->secondary.s, b->secondary.s);
      default:
	return 0;
    }
}

/*
 * Free any dynamic data items pointed to by a 'struct key'. We
 * don't free the structure itself, since it's probably part of a
 * larger allocated block.
 */
static void free_key(struct key *key)
{
    if (subkeytypes[key->primary] == TYPE_STR)
	sfree(key->secondary.s);
}

/*
 * Copy a 'struct key' into another one, copying its dynamic data
 * if necessary.
 */
static void copy_key(struct key *to, struct key *from)
{
    to->primary = from->primary;
    switch (subkeytypes[to->primary]) {
      case TYPE_INT:
	to->secondary.i = from->secondary.i;
	break;
      case TYPE_STR:
	to->secondary.s = dupstr(from->secondary.s);
	break;
    }
}

/*
 * Free any dynamic data items pointed to by a 'struct value'. We
 * don't free the value itself, since it's probably part of a larger
 * allocated block.
 */
static void free_value(struct value *val, int type)
{
    if (type == TYPE_STR)
	sfree(val->u.stringval);
    else if (type == TYPE_FILENAME)
	filename_free(val->u.fileval);
    else if (type == TYPE_FONT)
	fontspec_free(val->u.fontval);
}

/*
 * Copy a 'struct value' into another one, copying its dynamic data
 * if necessary.
 */
static void copy_value(struct value *to, struct value *from, int type)
{
    switch (type) {
      case TYPE_INT:
	to->u.intval = from->u.intval;
	break;
      case TYPE_STR:
	to->u.stringval = dupstr(from->u.stringval);
	break;
      case TYPE_FILENAME:
	to->u.fileval = filename_copy(from->u.fileval);
	break;
      case TYPE_FONT:
	to->u.fontval = fontspec_copy(from->u.fontval);
	break;
    }
}

/*
 * Free an entire 'struct conf_entry' and its dynamic data.
 */
static void free_entry(struct conf_entry *entry)
{
    free_key(&entry->key);
    free_value(&entry->value, valuetypes[entry->key.primary]);
    sfree(entry);
}

Conf *conf_new(void)
{
    Conf *conf = snew(struct conf_tag);

    conf->tree = newtree234(conf_cmp);

    return conf;
}

static void conf_clear(Conf *conf)
{
    struct conf_entry *entry;

    while ((entry = delpos234(conf->tree, 0)) != NULL)
	free_entry(entry);
}

void conf_free(Conf *conf)
{
    conf_clear(conf);
    freetree234(conf->tree);
    sfree(conf);
}

static void conf_insert(Conf *conf, struct conf_entry *entry)
{
    struct conf_entry *oldentry = add234(conf->tree, entry);
    if (oldentry && oldentry != entry) {
	del234(conf->tree, oldentry);
	free_entry(oldentry);
	oldentry = add234(conf->tree, entry);
	assert(oldentry == entry);
    }
}

void conf_copy_into(Conf *newconf, Conf *oldconf)
{
    struct conf_entry *entry, *entry2;
    int i;

    conf_clear(newconf);

    for (i = 0; (entry = index234(oldconf->tree, i)) != NULL; i++) {
	entry2 = snew(struct conf_entry);
	copy_key(&entry2->key, &entry->key);
	copy_value(&entry2->value, &entry->value,
		   valuetypes[entry->key.primary]);
	add234(newconf->tree, entry2);
    }
}

Conf *conf_copy(Conf *oldconf)
{
    Conf *newconf = conf_new();

    conf_copy_into(newconf, oldconf);

    return newconf;
}

int conf_get_int(Conf *conf, int primary)
{
    struct key key;
    struct conf_entry *entry;

    assert(subkeytypes[primary] == TYPE_NONE);
    assert(valuetypes[primary] == TYPE_INT);
    key.primary = primary;
    entry = find234(conf->tree, &key, NULL);
    assert(entry);
    return entry->value.u.intval;
}

int conf_get_int_int(Conf *conf, int primary, int secondary)
{
    struct key key;
    struct conf_entry *entry;

    assert(subkeytypes[primary] == TYPE_INT);
    assert(valuetypes[primary] == TYPE_INT);
    key.primary = primary;
    key.secondary.i = secondary;
    entry = find234(conf->tree, &key, NULL);
    assert(entry);
    return entry->value.u.intval;
}

char *conf_get_str(Conf *conf, int primary)
{
    struct key key;
    struct conf_entry *entry;

    assert(subkeytypes[primary] == TYPE_NONE);
    assert(valuetypes[primary] == TYPE_STR);
    key.primary = primary;
    entry = find234(conf->tree, &key, NULL);
    assert(entry);
    return entry->value.u.stringval;
}

char *conf_get_str_str_opt(Conf *conf, int primary, const char *secondary)
{
    struct key key;
    struct conf_entry *entry;

    assert(subkeytypes[primary] == TYPE_STR);
    assert(valuetypes[primary] == TYPE_STR);
    key.primary = primary;
    key.secondary.s = (char *)secondary;
    entry = find234(conf->tree, &key, NULL);
    return entry ? entry->value.u.stringval : NULL;
}

char *conf_get_str_str(Conf *conf, int primary, const char *secondary)
{
    char *ret = conf_get_str_str_opt(conf, primary, secondary);
    assert(ret);
    return ret;
}

char *conf_get_str_strs(Conf *conf, int primary,
		       char *subkeyin, char **subkeyout)
{
    struct key key;
    struct conf_entry *entry;

    assert(subkeytypes[primary] == TYPE_STR);
    assert(valuetypes[primary] == TYPE_STR);
    key.primary = primary;
    if (subkeyin) {
	key.secondary.s = subkeyin;
	entry = findrel234(conf->tree, &key, NULL, REL234_GT);
    } else {
	key.secondary.s = "";
	entry = findrel234(conf->tree, &key, NULL, REL234_GE);
    }
    if (!entry || entry->key.primary != primary)
	return NULL;
    *subkeyout = entry->key.secondary.s;
    return entry->value.u.stringval;
}

char *conf_get_str_nthstrkey(Conf *conf, int primary, int n)
{
    struct key key;
    struct conf_entry *entry;
    int index;

    assert(subkeytypes[primary] == TYPE_STR);
    assert(valuetypes[primary] == TYPE_STR);
    key.primary = primary;
    key.secondary.s = "";
    entry = findrelpos234(conf->tree, &key, NULL, REL234_GE, &index);
    if (!entry || entry->key.primary != primary)
	return NULL;
    entry = index234(conf->tree, index + n);
    if (!entry || entry->key.primary != primary)
	return NULL;
    return entry->key.secondary.s;
}

Filename *conf_get_filename(Conf *conf, int primary)
{
    struct key key;
    struct conf_entry *entry;

    assert(subkeytypes[primary] == TYPE_NONE);
    assert(valuetypes[primary] == TYPE_FILENAME);
    key.primary = primary;
    entry = find234(conf->tree, &key, NULL);
    assert(entry);
    return entry->value.u.fileval;
}

FontSpec *conf_get_fontspec(Conf *conf, int primary)
{
    struct key key;
    struct conf_entry *entry;

    assert(subkeytypes[primary] == TYPE_NONE);
    assert(valuetypes[primary] == TYPE_FONT);
    key.primary = primary;
    entry = find234(conf->tree, &key, NULL);
    assert(entry);
    return entry->value.u.fontval;
}

void conf_set_int(Conf *conf, int primary, int value)
{
    struct conf_entry *entry = snew(struct conf_entry);

    assert(subkeytypes[primary] == TYPE_NONE);
    assert(valuetypes[primary] == TYPE_INT);
    entry->key.primary = primary;
    entry->value.u.intval = value; 
    conf_insert(conf, entry);
}

void conf_set_int_int(Conf *conf, int primary, int secondary, int value)
{
    struct conf_entry *entry = snew(struct conf_entry);

    assert(subkeytypes[primary] == TYPE_INT);
    assert(valuetypes[primary] == TYPE_INT);
    entry->key.primary = primary;
    entry->key.secondary.i = secondary;
    entry->value.u.intval = value;
    conf_insert(conf, entry);
}

void conf_set_str(Conf *conf, int primary, const char *value)
{
    struct conf_entry *entry = snew(struct conf_entry);

    assert(subkeytypes[primary] == TYPE_NONE);
    assert(valuetypes[primary] == TYPE_STR);
    entry->key.primary = primary;
    entry->value.u.stringval = dupstr(value);
    conf_insert(conf, entry);
}

void conf_set_str_str(Conf *conf, int primary, const char *secondary,
		      const char *value)
{
    struct conf_entry *entry = snew(struct conf_entry);

    assert(subkeytypes[primary] == TYPE_STR);
    assert(valuetypes[primary] == TYPE_STR);
    entry->key.primary = primary;
    entry->key.secondary.s = dupstr(secondary);
    entry->value.u.stringval = dupstr(value);
    conf_insert(conf, entry);
}

void conf_del_str_str(Conf *conf, int primary, const char *secondary)
{
    struct key key;
    struct conf_entry *entry;

    assert(subkeytypes[primary] == TYPE_STR);
    assert(valuetypes[primary] == TYPE_STR);
    key.primary = primary;
    key.secondary.s = (char *)secondary;
    entry = find234(conf->tree, &key, NULL);
    if (entry) {
	del234(conf->tree, entry);
	free_entry(entry);
    }
 }

void conf_set_filename(Conf *conf, int primary, const Filename *value)
{
    struct conf_entry *entry = snew(struct conf_entry);

    assert(subkeytypes[primary] == TYPE_NONE);
    assert(valuetypes[primary] == TYPE_FILENAME);
    entry->key.primary = primary;
    entry->value.u.fileval = filename_copy(value);
    conf_insert(conf, entry);
}

void conf_set_fontspec(Conf *conf, int primary, const FontSpec *value)
{
    struct conf_entry *entry = snew(struct conf_entry);

    assert(subkeytypes[primary] == TYPE_NONE);
    assert(valuetypes[primary] == TYPE_FONT);
    entry->key.primary = primary;
    entry->value.u.fontval = fontspec_copy(value);
    conf_insert(conf, entry);
}

int conf_serialised_size(Conf *conf)
{
    int i;
    struct conf_entry *entry;
    int size = 0;

    for (i = 0; (entry = index234(conf->tree, i)) != NULL; i++) {
	size += 4;   /* primary key */
	switch (subkeytypes[entry->key.primary]) {
	  case TYPE_INT:
	    size += 4;
	    break;
	  case TYPE_STR:
	    size += 1 + strlen(entry->key.secondary.s);
	    break;
	}
	switch (valuetypes[entry->key.primary]) {
	  case TYPE_INT:
	    size += 4;
	    break;
	  case TYPE_STR:
	    size += 1 + strlen(entry->value.u.stringval);
	    break;
	  case TYPE_FILENAME:
	    size += filename_serialise(entry->value.u.fileval, NULL);
	    break;
	  case TYPE_FONT:
	    size += fontspec_serialise(entry->value.u.fontval, NULL);
	    break;
	}
    }

    size += 4;			       /* terminator value */

    return size;
}

void conf_serialise(Conf *conf, void *vdata)
{
    unsigned char *data = (unsigned char *)vdata;
    int i, len;
    struct conf_entry *entry;

    for (i = 0; (entry = index234(conf->tree, i)) != NULL; i++) {
	PUT_32BIT_MSB_FIRST(data, entry->key.primary);
	data += 4;

	switch (subkeytypes[entry->key.primary]) {
	  case TYPE_INT:
	    PUT_32BIT_MSB_FIRST(data, entry->key.secondary.i);
	    data += 4;
	    break;
	  case TYPE_STR:
	    len = strlen(entry->key.secondary.s);
	    memcpy(data, entry->key.secondary.s, len);
	    data += len;
	    *data++ = 0;
	    break;
	}
	switch (valuetypes[entry->key.primary]) {
	  case TYPE_INT:
	    PUT_32BIT_MSB_FIRST(data, entry->value.u.intval);
	    data += 4;
	    break;
	  case TYPE_STR:
	    len = strlen(entry->value.u.stringval);
	    memcpy(data, entry->value.u.stringval, len);
	    data += len;
	    *data++ = 0;
	    break;
	  case TYPE_FILENAME:
            data += filename_serialise(entry->value.u.fileval, data);
	    break;
	  case TYPE_FONT:
            data += fontspec_serialise(entry->value.u.fontval, data);
	    break;
	}
    }

    PUT_32BIT_MSB_FIRST(data, 0xFFFFFFFFU);
}

int conf_deserialise(Conf *conf, void *vdata, int maxsize)
{
    unsigned char *data = (unsigned char *)vdata;
    unsigned char *start = data;
    struct conf_entry *entry;
    unsigned primary;
    int used;
    unsigned char *zero;

    while (maxsize >= 4) {
	primary = GET_32BIT_MSB_FIRST(data);
	data += 4, maxsize -= 4;

	if (primary >= N_CONFIG_OPTIONS)
	    break;

	entry = snew(struct conf_entry);
	entry->key.primary = primary;

	switch (subkeytypes[entry->key.primary]) {
	  case TYPE_INT:
	    if (maxsize < 4) {
		sfree(entry);
		goto done;
	    }
	    entry->key.secondary.i = toint(GET_32BIT_MSB_FIRST(data));
	    data += 4, maxsize -= 4;
	    break;
	  case TYPE_STR:
	    zero = memchr(data, 0, maxsize);
	    if (!zero) {
		sfree(entry);
		goto done;
	    }
	    entry->key.secondary.s = dupstr((char *)data);
	    maxsize -= (zero + 1 - data);
	    data = zero + 1;
	    break;
	}

	switch (valuetypes[entry->key.primary]) {
	  case TYPE_INT:
	    if (maxsize < 4) {
		if (subkeytypes[entry->key.primary] == TYPE_STR)
		    sfree(entry->key.secondary.s);
		sfree(entry);
		goto done;
	    }
	    entry->value.u.intval = toint(GET_32BIT_MSB_FIRST(data));
	    data += 4, maxsize -= 4;
	    break;
	  case TYPE_STR:
	    zero = memchr(data, 0, maxsize);
	    if (!zero) {
		if (subkeytypes[entry->key.primary] == TYPE_STR)
		    sfree(entry->key.secondary.s);
		sfree(entry);
		goto done;
	    }
	    entry->value.u.stringval = dupstr((char *)data);
	    maxsize -= (zero + 1 - data);
	    data = zero + 1;
	    break;
	  case TYPE_FILENAME:
            entry->value.u.fileval =
                filename_deserialise(data, maxsize, &used);
            if (!entry->value.u.fileval) {
		if (subkeytypes[entry->key.primary] == TYPE_STR)
		    sfree(entry->key.secondary.s);
		sfree(entry);
		goto done;
	    }
	    data += used;
	    maxsize -= used;
	    break;
	  case TYPE_FONT:
            entry->value.u.fontval =
                fontspec_deserialise(data, maxsize, &used);
            if (!entry->value.u.fontval) {
		if (subkeytypes[entry->key.primary] == TYPE_STR)
		    sfree(entry->key.secondary.s);
		sfree(entry);
		goto done;
	    }
	    data += used;
	    maxsize -= used;
	    break;
	}
	conf_insert(conf, entry);
    }

    done:
    return (int)(data - start);
}

/*
 * config.c - the platform-independent parts of the PuTTY
 * configuration box.
 */

#include <assert.h>
#include <stdlib.h>

#include "putty.h"
#include "dialog.h"
#include "storage.h"

/* PuTTY SC start */
#include "pkcs11.h"
#include "sc.h"
/* PuTTY SC end */

/* PuTTY CAPI start */
#ifdef _WINDOWS
#include "capi.h"
#include <Specstrings.h>
#include <Wincrypt.h>
#include <CryptDlg.h>
#endif
/* PuTTY CAPI end */

#define PRINTER_DISABLED_STRING "None (printing disabled)"

#define HOST_BOX_TITLE "Host Name (or IP address)"
#define PORT_BOX_TITLE "Port"

void conf_radiobutton_handler(union control *ctrl, void *dlg,
			      void *data, int event)
{
    int button;
    Conf *conf = (Conf *)data;

    /*
     * For a standard radio button set, the context parameter gives
     * the primary key (CONF_foo), and the extra data per button
     * gives the value the target field should take if that button
     * is the one selected.
     */
    if (event == EVENT_REFRESH) {
	int val = conf_get_int(conf, ctrl->radio.context.i);
	for (button = 0; button < ctrl->radio.nbuttons; button++)
	    if (val == ctrl->radio.buttondata[button].i)
		break;
	/* We expected that `break' to happen, in all circumstances. */
	assert(button < ctrl->radio.nbuttons);
	dlg_radiobutton_set(ctrl, dlg, button);
    } else if (event == EVENT_VALCHANGE) {
	button = dlg_radiobutton_get(ctrl, dlg);
	assert(button >= 0 && button < ctrl->radio.nbuttons);
	conf_set_int(conf, ctrl->radio.context.i,
		     ctrl->radio.buttondata[button].i);
    }
}

#define CHECKBOX_INVERT (1<<30)
void conf_checkbox_handler(union control *ctrl, void *dlg,
			   void *data, int event)
{
    int key, invert;
    Conf *conf = (Conf *)data;

    /*
     * For a standard checkbox, the context parameter gives the
     * primary key (CONF_foo), optionally ORed with CHECKBOX_INVERT.
     */
    key = ctrl->checkbox.context.i;
    if (key & CHECKBOX_INVERT) {
	key &= ~CHECKBOX_INVERT;
	invert = 1;
    } else
	invert = 0;

    /*
     * C lacks a logical XOR, so the following code uses the idiom
     * (!a ^ !b) to obtain the logical XOR of a and b. (That is, 1
     * iff exactly one of a and b is nonzero, otherwise 0.)
     */

    if (event == EVENT_REFRESH) {
	int val = conf_get_int(conf, key);
	dlg_checkbox_set(ctrl, dlg, (!val ^ !invert));
    } else if (event == EVENT_VALCHANGE) {
	conf_set_int(conf, key, !dlg_checkbox_get(ctrl,dlg) ^ !invert);
    }
}

void conf_editbox_handler(union control *ctrl, void *dlg,
			  void *data, int event)
{
    /*
     * The standard edit-box handler expects the main `context'
     * field to contain the primary key. The secondary `context2'
     * field indicates the type of this field:
     *
     *  - if context2 > 0, the field is a string.
     *  - if context2 == -1, the field is an int and the edit box
     *    is numeric.
     *  - if context2 < -1, the field is an int and the edit box is
     *    _floating_, and (-context2) gives the scale. (E.g. if
     *    context2 == -1000, then typing 1.2 into the box will set
     *    the field to 1200.)
     */
    int key = ctrl->editbox.context.i;
    int length = ctrl->editbox.context2.i;
    Conf *conf = (Conf *)data;

    if (length > 0) {
	if (event == EVENT_REFRESH) {
	    char *field = conf_get_str(conf, key);
	    dlg_editbox_set(ctrl, dlg, field);
	} else if (event == EVENT_VALCHANGE) {
	    char *field = dlg_editbox_get(ctrl, dlg);
	    conf_set_str(conf, key, field);
	    sfree(field);
	}
    } else if (length < 0) {
	if (event == EVENT_REFRESH) {
	    char str[80];
	    int value = conf_get_int(conf, key);
	    if (length == -1)
		sprintf(str, "%d", value);
	    else
		sprintf(str, "%g", (double)value / (double)(-length));
	    dlg_editbox_set(ctrl, dlg, str);
	} else if (event == EVENT_VALCHANGE) {
	    char *str = dlg_editbox_get(ctrl, dlg);
	    if (length == -1)
		conf_set_int(conf, key, atoi(str));
	    else
		conf_set_int(conf, key, (int)((-length) * atof(str)));
	    sfree(str);
	}
    }
}

void conf_filesel_handler(union control *ctrl, void *dlg,
			  void *data, int event)
{
    int key = ctrl->fileselect.context.i;
    Conf *conf = (Conf *)data;

    if (event == EVENT_REFRESH) {
	dlg_filesel_set(ctrl, dlg, conf_get_filename(conf, key));
    } else if (event == EVENT_VALCHANGE) {
	Filename *filename = dlg_filesel_get(ctrl, dlg);
	conf_set_filename(conf, key, filename);
        filename_free(filename);
    }
}

void conf_fontsel_handler(union control *ctrl, void *dlg,
			  void *data, int event)
{
    int key = ctrl->fontselect.context.i;
    Conf *conf = (Conf *)data;

    if (event == EVENT_REFRESH) {
	dlg_fontsel_set(ctrl, dlg, conf_get_fontspec(conf, key));
    } else if (event == EVENT_VALCHANGE) {
	FontSpec *fontspec = dlg_fontsel_get(ctrl, dlg);
	conf_set_fontspec(conf, key, fontspec);
        fontspec_free(fontspec);
    }
}

static void config_host_handler(union control *ctrl, void *dlg,
				void *data, int event)
{
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;

    /*
     * This function works just like the standard edit box handler,
     * only it has to choose the control's label and text from two
     * different places depending on the protocol.
     */
    if (event == EVENT_REFRESH) {
	if (cfg->protocol == PROT_SERIAL) {
	if (conf_get_int(conf, CONF_protocol) == PROT_SERIAL) {
	    /*
	     * This label text is carefully chosen to contain an n,
	     * since that's the shortcut for the host name control.
	     */
	    dlg_label_change(ctrl, dlg, "Serial line");
	    dlg_editbox_set(ctrl, dlg, cfg->serline);
	    dlg_editbox_set(ctrl, dlg, conf_get_str(conf, CONF_serline));
	} else {
	    dlg_label_change(ctrl, dlg, HOST_BOX_TITLE);
	    dlg_editbox_set(ctrl, dlg, cfg->host);
	    dlg_editbox_set(ctrl, dlg, conf_get_str(conf, CONF_host));
	}
    } else if (event == EVENT_VALCHANGE) {
	if (cfg->protocol == PROT_SERIAL)
	    dlg_editbox_get(ctrl, dlg, cfg->serline, lenof(cfg->serline));
	char *s = dlg_editbox_get(ctrl, dlg);
	if (conf_get_int(conf, CONF_protocol) == PROT_SERIAL)
	    conf_set_str(conf, CONF_serline, s);
	else
	    dlg_editbox_get(ctrl, dlg, cfg->host, lenof(cfg->host));
	    conf_set_str(conf, CONF_host, s);
	sfree(s);
    }
}

static void config_port_handler(union control *ctrl, void *dlg,
				void *data, int event)
{
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    char buf[80];

    /*
     * This function works similarly to the standard edit box handler,
     * only it has to choose the control's label and text from two
     * different places depending on the protocol.
     */
    if (event == EVENT_REFRESH) {
	if (cfg->protocol == PROT_SERIAL) {
	if (conf_get_int(conf, CONF_protocol) == PROT_SERIAL) {
	    /*
	     * This label text is carefully chosen to contain a p,
	     * since that's the shortcut for the port control.
	     */
	    dlg_label_change(ctrl, dlg, "Speed");
	    sprintf(buf, "%d", cfg->serspeed);
	    sprintf(buf, "%d", conf_get_int(conf, CONF_serspeed));
	} else {
	    dlg_label_change(ctrl, dlg, PORT_BOX_TITLE);
	    if (cfg->port != 0)
		sprintf(buf, "%d", cfg->port);
	    if (conf_get_int(conf, CONF_port) != 0)
		sprintf(buf, "%d", conf_get_int(conf, CONF_port));
	    else
		/* Display an (invalid) port of 0 as blank */
		buf[0] = '\0';
	}
	dlg_editbox_set(ctrl, dlg, buf);
    } else if (event == EVENT_VALCHANGE) {
	dlg_editbox_get(ctrl, dlg, buf, lenof(buf));
	if (cfg->protocol == PROT_SERIAL)
	    cfg->serspeed = atoi(buf);
	char *s = dlg_editbox_get(ctrl, dlg);
	int i = atoi(s);
	sfree(s);

	if (conf_get_int(conf, CONF_protocol) == PROT_SERIAL)
	    conf_set_int(conf, CONF_serspeed, i);
	else
	    cfg->port = atoi(buf);
	    conf_set_int(conf, CONF_port, i);
    }
}

struct hostport {
    union control *host, *port;
};

/*
 * We export this function so that platform-specific config
 * routines can use it to conveniently identify the protocol radio
 * buttons in order to add to them.
 */
void config_protocolbuttons_handler(union control *ctrl, void *dlg,
				    void *data, int event)
{
    int button;
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    struct hostport *hp = (struct hostport *)ctrl->radio.context.p;

    /*
     * This function works just like the standard radio-button
     * handler, except that it also has to change the setting of
     * the port box, and refresh both host and port boxes when. We
     * expect the context parameter to point at a hostport
     * structure giving the `union control's for both.
     */
    if (event == EVENT_REFRESH) {
	int protocol = conf_get_int(conf, CONF_protocol);
	for (button = 0; button < ctrl->radio.nbuttons; button++)
	    if (cfg->protocol == ctrl->radio.buttondata[button].i)
	    if (protocol == ctrl->radio.buttondata[button].i)
		break;
	/* We expected that `break' to happen, in all circumstances. */
	assert(button < ctrl->radio.nbuttons);
	dlg_radiobutton_set(ctrl, dlg, button);
    } else if (event == EVENT_VALCHANGE) {
	int oldproto = cfg->protocol;
	int oldproto = conf_get_int(conf, CONF_protocol);
	int newproto, port;

	button = dlg_radiobutton_get(ctrl, dlg);
	assert(button >= 0 && button < ctrl->radio.nbuttons);
	cfg->protocol = ctrl->radio.buttondata[button].i;
	if (oldproto != cfg->protocol) {
	newproto = ctrl->radio.buttondata[button].i;
	conf_set_int(conf, CONF_protocol, newproto);

	if (oldproto != newproto) {
	    Backend *ob = backend_from_proto(oldproto);
	    Backend *nb = backend_from_proto(cfg->protocol);
	    Backend *nb = backend_from_proto(newproto);
	    assert(ob);
	    assert(nb);
	    /* Iff the user hasn't changed the port from the old protocol's
	     * default, update it with the new protocol's default.
	     * (This includes a "default" of 0, implying that there is no
	     * sensible default for that protocol; in this case it's
	     * displayed as a blank.)
	     * This helps with the common case of tabbing through the
	     * controls in order and setting a non-default port before
	     * getting to the protocol; we want that non-default port
	     * to be preserved. */
	    port = conf_get_int(conf, CONF_port);
	    if (cfg->port == ob->default_port)
		cfg->port = nb->default_port;
	    if (port == ob->default_port)
		conf_set_int(conf, CONF_port, nb->default_port);
	}
	dlg_refresh(hp->host, dlg);
	dlg_refresh(hp->port, dlg);
    }
}

static void loggingbuttons_handler(union control *ctrl, void *dlg,
				   void *data, int event)
{
    int button;
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    /* This function works just like the standard radio-button handler,
     * but it has to fall back to "no logging" in situations where the
     * configured logging type isn't applicable.
     */
    if (event == EVENT_REFRESH) {
	int logtype = conf_get_int(conf, CONF_logtype);

        for (button = 0; button < ctrl->radio.nbuttons; button++)
            if (cfg->logtype == ctrl->radio.buttondata[button].i)
            if (logtype == ctrl->radio.buttondata[button].i)
	        break;
    
    /* We fell off the end, so we lack the configured logging type */
    if (button == ctrl->radio.nbuttons) {
        button=0;
        cfg->logtype=LGTYP_NONE;
    }
    dlg_radiobutton_set(ctrl, dlg, button);

	/* We fell off the end, so we lack the configured logging type */
	if (button == ctrl->radio.nbuttons) {
	    button = 0;
	    conf_set_int(conf, CONF_logtype, LGTYP_NONE);
	}
	dlg_radiobutton_set(ctrl, dlg, button);
    } else if (event == EVENT_VALCHANGE) {
        button = dlg_radiobutton_get(ctrl, dlg);
        assert(button >= 0 && button < ctrl->radio.nbuttons);
        cfg->logtype = ctrl->radio.buttondata[button].i;
        conf_set_int(conf, CONF_logtype, ctrl->radio.buttondata[button].i);
    }
}

static void numeric_keypad_handler(union control *ctrl, void *dlg,
				   void *data, int event)
{
    int button;
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    /*
     * This function works much like the standard radio button
     * handler, but it has to handle two fields in Config.
     * handler, but it has to handle two fields in Conf.
     */
    if (event == EVENT_REFRESH) {
	if (cfg->nethack_keypad)
	if (conf_get_int(conf, CONF_nethack_keypad))
	    button = 2;
	else if (cfg->app_keypad)
	else if (conf_get_int(conf, CONF_app_keypad))
	    button = 1;
	else
	    button = 0;
	assert(button < ctrl->radio.nbuttons);
	dlg_radiobutton_set(ctrl, dlg, button);
    } else if (event == EVENT_VALCHANGE) {
	button = dlg_radiobutton_get(ctrl, dlg);
	assert(button >= 0 && button < ctrl->radio.nbuttons);
	if (button == 2) {
	    cfg->app_keypad = FALSE;
	    cfg->nethack_keypad = TRUE;
	    conf_set_int(conf, CONF_app_keypad, FALSE);
	    conf_set_int(conf, CONF_nethack_keypad, TRUE);
	} else {
	    cfg->app_keypad = (button != 0);
	    cfg->nethack_keypad = FALSE;
	    conf_set_int(conf, CONF_app_keypad, (button != 0));
	    conf_set_int(conf, CONF_nethack_keypad, FALSE);
	}
    }
}

static void cipherlist_handler(union control *ctrl, void *dlg,
			       void *data, int event)
{
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    if (event == EVENT_REFRESH) {
	int i;

	static const struct { char *s; int c; } ciphers[] = {
	    { "3DES",			CIPHER_3DES },
	    { "Blowfish",		CIPHER_BLOWFISH },
	    { "DES",			CIPHER_DES },
	    { "AES (SSH-2 only)",	CIPHER_AES },
	    { "Arcfour (SSH-2 only)",	CIPHER_ARCFOUR },
	    { "-- warn below here --",	CIPHER_WARN }
	};

	/* Set up the "selected ciphers" box. */
	/* (cipherlist assumed to contain all ciphers) */
	dlg_update_start(ctrl, dlg);
	dlg_listbox_clear(ctrl, dlg);
	for (i = 0; i < CIPHER_MAX; i++) {
	    int c = cfg->ssh_cipherlist[i];
	    int c = conf_get_int_int(conf, CONF_ssh_cipherlist, i);
	    int j;
	    char *cstr = NULL;
	    for (j = 0; j < (sizeof ciphers) / (sizeof ciphers[0]); j++) {
		if (ciphers[j].c == c) {
		    cstr = ciphers[j].s;
		    break;
		}
	    }
	    dlg_listbox_addwithid(ctrl, dlg, cstr, c);
	}
	dlg_update_done(ctrl, dlg);

    } else if (event == EVENT_VALCHANGE) {
	int i;

	/* Update array to match the list box. */
	for (i=0; i < CIPHER_MAX; i++)
	    conf_set_int_int(conf, CONF_ssh_cipherlist, i,
	    cfg->ssh_cipherlist[i] = dlg_listbox_getid(ctrl, dlg, i);
			     dlg_listbox_getid(ctrl, dlg, i));

    }
}

#ifndef NO_GSSAPI
static void gsslist_handler(union control *ctrl, void *dlg,
			    void *data, int event)
{
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    if (event == EVENT_REFRESH) {
	int i;

	dlg_update_start(ctrl, dlg);
	dlg_listbox_clear(ctrl, dlg);
	for (i = 0; i < ngsslibs; i++) {
	    int id = cfg->ssh_gsslist[i];
	    int id = conf_get_int_int(conf, CONF_ssh_gsslist, i);
	    assert(id >= 0 && id < ngsslibs);
	    dlg_listbox_addwithid(ctrl, dlg, gsslibnames[id], id);
	}
	dlg_update_done(ctrl, dlg);

    } else if (event == EVENT_VALCHANGE) {
	int i;

	/* Update array to match the list box. */
	for (i=0; i < ngsslibs; i++)
	    conf_set_int_int(conf, CONF_ssh_gsslist, i,
	    cfg->ssh_gsslist[i] = dlg_listbox_getid(ctrl, dlg, i);
			     dlg_listbox_getid(ctrl, dlg, i));
    }
}
#endif

static void kexlist_handler(union control *ctrl, void *dlg,
			    void *data, int event)
{
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    if (event == EVENT_REFRESH) {
	int i;

	static const struct { char *s; int k; } kexes[] = {
	    { "Diffie-Hellman group 1",		KEX_DHGROUP1 },
	    { "Diffie-Hellman group 14",	KEX_DHGROUP14 },
	    { "Diffie-Hellman group exchange",	KEX_DHGEX },
	    { "RSA-based key exchange", 	KEX_RSA },
	    { "-- warn below here --",		KEX_WARN }
	};

	/* Set up the "kex preference" box. */
	/* (kexlist assumed to contain all algorithms) */
	dlg_update_start(ctrl, dlg);
	dlg_listbox_clear(ctrl, dlg);
	for (i = 0; i < KEX_MAX; i++) {
	    int k = cfg->ssh_kexlist[i];
	    int k = conf_get_int_int(conf, CONF_ssh_kexlist, i);
	    int j;
	    char *kstr = NULL;
	    for (j = 0; j < (sizeof kexes) / (sizeof kexes[0]); j++) {
		if (kexes[j].k == k) {
		    kstr = kexes[j].s;
		    break;
		}
	    }
	    dlg_listbox_addwithid(ctrl, dlg, kstr, k);
	}
	dlg_update_done(ctrl, dlg);

    } else if (event == EVENT_VALCHANGE) {
	int i;

	/* Update array to match the list box. */
	for (i=0; i < KEX_MAX; i++)
	    conf_set_int_int(conf, CONF_ssh_kexlist, i,
	    cfg->ssh_kexlist[i] = dlg_listbox_getid(ctrl, dlg, i);
			     dlg_listbox_getid(ctrl, dlg, i));

    }
}

static void printerbox_handler(union control *ctrl, void *dlg,
			       void *data, int event)
{
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    if (event == EVENT_REFRESH) {
	int nprinters, i;
	printer_enum *pe;
	char *printer;

	dlg_update_start(ctrl, dlg);
	/*
	 * Some backends may wish to disable the drop-down list on
	 * this edit box. Be prepared for this.
	 */
	if (ctrl->editbox.has_list) {
	    dlg_listbox_clear(ctrl, dlg);
	    dlg_listbox_add(ctrl, dlg, PRINTER_DISABLED_STRING);
	    pe = printer_start_enum(&nprinters);
	    for (i = 0; i < nprinters; i++)
		dlg_listbox_add(ctrl, dlg, printer_get_name(pe, i));
	    printer_finish_enum(pe);
	}
	dlg_editbox_set(ctrl, dlg,
			(*cfg->printer ? cfg->printer :
			 PRINTER_DISABLED_STRING));
	printer = conf_get_str(conf, CONF_printer);
	if (!printer)
	    printer = PRINTER_DISABLED_STRING;
	dlg_editbox_set(ctrl, dlg, printer);
	dlg_update_done(ctrl, dlg);
    } else if (event == EVENT_VALCHANGE) {
	dlg_editbox_get(ctrl, dlg, cfg->printer, sizeof(cfg->printer));
	if (!strcmp(cfg->printer, PRINTER_DISABLED_STRING))
	    *cfg->printer = '\0';
	char *printer = dlg_editbox_get(ctrl, dlg);
	if (!strcmp(printer, PRINTER_DISABLED_STRING))
	    printer[0] = '\0';
	conf_set_str(conf, CONF_printer, printer);
	sfree(printer);
    }
}

static void codepage_handler(union control *ctrl, void *dlg,
			     void *data, int event)
{
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    if (event == EVENT_REFRESH) {
	int i;
	const char *cp, *thiscp;
	dlg_update_start(ctrl, dlg);
	thiscp = cp_name(decode_codepage(cfg->line_codepage));
	thiscp = cp_name(decode_codepage(conf_get_str(conf,
						      CONF_line_codepage)));
	dlg_listbox_clear(ctrl, dlg);
	for (i = 0; (cp = cp_enumerate(i)) != NULL; i++)
	    dlg_listbox_add(ctrl, dlg, cp);
	dlg_editbox_set(ctrl, dlg, thiscp);
	strcpy(cfg->line_codepage, thiscp);
	conf_set_str(conf, CONF_line_codepage, thiscp);
	dlg_update_done(ctrl, dlg);
    } else if (event == EVENT_VALCHANGE) {
	dlg_editbox_get(ctrl, dlg, cfg->line_codepage,
	char *codepage = dlg_editbox_get(ctrl, dlg);
			sizeof(cfg->line_codepage));
	strcpy(cfg->line_codepage,
	       cp_name(decode_codepage(cfg->line_codepage)));
	conf_set_str(conf, CONF_line_codepage,
		     cp_name(decode_codepage(codepage)));
	sfree(codepage);
    }
}

static void sshbug_handler(union control *ctrl, void *dlg,
			   void *data, int event)
{
    Conf *conf = (Conf *)data;
    if (event == EVENT_REFRESH) {
        /*
         * We must fetch the previously configured value from the Conf
         * before we start modifying the drop-down list, otherwise the
         * spurious SELCHANGE we trigger in the process will overwrite
         * the value we wanted to keep.
         */
        int oldconf = conf_get_int(conf, ctrl->listbox.context.i);
	dlg_update_start(ctrl, dlg);
	dlg_listbox_clear(ctrl, dlg);
	dlg_listbox_addwithid(ctrl, dlg, "Auto", AUTO);
	dlg_listbox_addwithid(ctrl, dlg, "Off", FORCE_OFF);
	dlg_listbox_addwithid(ctrl, dlg, "On", FORCE_ON);
	switch (*(int *)ATOFFSET(data, ctrl->listbox.context.i)) {
	switch (oldconf) {
	  case AUTO:      dlg_listbox_select(ctrl, dlg, 0); break;
	  case FORCE_OFF: dlg_listbox_select(ctrl, dlg, 1); break;
	  case FORCE_ON:  dlg_listbox_select(ctrl, dlg, 2); break;
	}
	dlg_update_done(ctrl, dlg);
    } else if (event == EVENT_SELCHANGE) {
	int i = dlg_listbox_index(ctrl, dlg);
	if (i < 0)
	    i = AUTO;
	else
	    i = dlg_listbox_getid(ctrl, dlg, i);
	*(int *)ATOFFSET(data, ctrl->listbox.context.i) = i;
	conf_set_int(conf, ctrl->listbox.context.i, i);
    }
}

#define SAVEDSESSION_LEN 2048

struct sessionsaver_data {
    union control *editbox, *listbox, *loadbutton, *savebutton, *delbutton;
    union control *okbutton, *cancelbutton;
    struct sesslist sesslist;
    int midsession;
};

    char *savedsession;     /* the current contents of ssd->editbox */
/* PuTTY SC start */
void *m_label_dlg = NULL;
void *m_cert_dlg = NULL;
void *m_keystring_dlg = NULL;
void *sc_get_label_dialog() {
  return m_label_dlg;
}
};
void *m_label_ctrl = NULL;
void *m_cert_ctrl = NULL;
void *m_keystring_ctrl = NULL;
void *sc_get_label_ctrl() {
  return m_label_ctrl;
}

void sc_cert_handler(union control *ctrl, void *dlg, void *data, int event);
void sc_tokenlabel_handler(union control *ctrl, void *dlg, void *data, int event ) {
  Config *cfg = (Config *)data;
  m_label_dlg = dlg;
  m_label_ctrl = ctrl;

  if(event == EVENT_REFRESH) {
    dlg_update_start(ctrl, dlg);
    dlg_listbox_clear(ctrl, dlg);
    if(filename_is_null(cfg->pkcs11_libfile)) {
      strcpy(cfg->pkcs11_token_label, "");
      dlg_listbox_add(ctrl, dlg, "<E: SELECT LIBRARY FIRST!>");
    } else {
      int i;
      CK_RV  rv = 0;
      HINSTANCE hLib = LoadLibrary((char *)&cfg->pkcs11_libfile);
      CK_C_GetFunctionList pGFL = (CK_RV (*)(CK_FUNCTION_LIST_PTR_PTR))GetProcAddress(hLib, "C_GetFunctionList");
      if (pGFL == NULL) {
        strcpy(cfg->pkcs11_token_label, "");
        dlg_listbox_add(ctrl, dlg, "<E: WRONG LIBRARY!>");
      } else {
        CK_FUNCTION_LIST_PTR fl  = 0;
        rv = pGFL(&fl);
        if(rv != CKR_OK) {
          strcpy(cfg->pkcs11_token_label, "");
          dlg_listbox_add(ctrl, dlg, "<E: ACCESS TO LIBRARY FAILED!>");
        } else {
		  int rv1, rv2;
          unsigned long slot_count = 16;
          CK_SLOT_ID slots[16];
		  rv1 = fl->C_Initialize(0);
		  rv2 = fl->C_GetSlotList(TRUE, slots, &slot_count);
          if((rv1 != CKR_OK) || (rv2 != CKR_OK)) {
            strcpy(cfg->pkcs11_token_label, "");
            dlg_listbox_add(ctrl, dlg, "<E: NO SLOTS FOUND!>");
          } else {
            if(slot_count == 0) {
              strcpy(cfg->pkcs11_token_label, "");
              dlg_listbox_add(ctrl, dlg, "<E: NO TOKEN FOUND!>");
            }
            for(i=0; i<slot_count; i++) {
              CK_TOKEN_INFO token_info;
              CK_SLOT_ID slot = 64;
              slot = slots[i];
              fl->C_GetTokenInfo(slot,&token_info);
              {
                char buf[40];
                int j;
                memset(buf, 0, 40);
                strncpy(buf, token_info.label, 30);
                for(j=29;j>0;j--) {
                  if(buf[j] == ' ') {
                    buf[j] = '\0';
                  } else {
                    break;
                  }
                }
                dlg_listbox_add(ctrl, dlg, buf);
              }
            }
          }
          fl->C_Finalize(0);
        }
      }
      FreeLibrary(hLib);
    }
    dlg_editbox_set(ctrl, dlg, cfg->pkcs11_token_label);
    dlg_update_done(ctrl, dlg);
  } else if (event == EVENT_VALCHANGE) {
    char buf[70];
    dlg_editbox_get(ctrl, dlg, buf,
                    sizeof(buf));
    if(strncmp(buf, "<E: ", 4) != 0){
      strcpy(cfg->pkcs11_token_label, buf);
    }
  }
  if(m_cert_dlg != NULL) {
    sc_cert_handler(m_cert_ctrl, m_cert_dlg, data, EVENT_REFRESH);
  }

}

void sc_keystring_handler(union control *ctrl, void *dlg, void *data, int event ) {
  m_keystring_dlg = dlg;
  m_keystring_ctrl = ctrl;
}

void sc_cert_handler(union control *ctrl, void *dlg, void *data, int event ) {
  Config *cfg = (Config *)data;
  m_cert_dlg = dlg;
  m_cert_ctrl = ctrl;
    
  if(event == EVENT_REFRESH) {
    dlg_update_start(ctrl, dlg);
    dlg_listbox_clear(ctrl, dlg);
    if(cfg->pkcs11_token_label == NULL ||
       strlen(cfg->pkcs11_token_label) == 0) {
      strcpy(cfg->pkcs11_token_label, "");
      dlg_listbox_add(ctrl, dlg, "<E: SELECT TOKEN FIRST!>");
    } else {
      sc_lib *sclib;
      if (cfg->sclib == NULL) { cfg->sclib = calloc(sizeof(sc_lib), 1); }
      sclib = cfg->sclib;
      sc_init_library(NULL, 0, sclib, &cfg->pkcs11_libfile);
      if(sclib->m_fl) {
        CK_SESSION_HANDLE session = sc_get_session(NULL, 0, sclib->m_fl, cfg->pkcs11_token_label);
        if(session) {
          char msg[1024] = "";
          sc_cert_list *pcl;
          sc_cert_list *cl = sc_get_cert_list(sclib, session, msg);
          pcl = cl;
          while(pcl != NULL) {
            char *p_buf;
            p_buf = calloc(1,pcl->cert_attr[0].ulValueLen+1);
            strncpy(p_buf, pcl->cert_attr[0].pValue, pcl->cert_attr[0].ulValueLen);
            dlg_listbox_add(ctrl, dlg, p_buf);
            free(p_buf);
            pcl = pcl->next;
          }
          sc_free_cert_list(cl);
          //          sclib->m_fl->C_CloseSession(session);
        }
        //        sclib->m_fl->C_Finalize(0);
      }
      // free(sclib);
    }
    dlg_editbox_set(ctrl, dlg, cfg->pkcs11_cert_label);
    dlg_update_done(ctrl, dlg);
  } else if (event == EVENT_VALCHANGE) {
    sc_lib *sclib;
    char token_label[70];
    char cert_label[70];
    int blob_len; 
    char *algorithm; /* minor memory leak */
    sclib = cfg->sclib;
    dlg_editbox_get(m_label_ctrl, m_label_dlg, token_label, sizeof(token_label));
    dlg_editbox_get(ctrl, dlg, cert_label, sizeof(cert_label));
    if(strncmp(cert_label, "<E: ", 4) != 0) {
      strcpy(cfg->pkcs11_cert_label, cert_label);
      sc_get_pub(NULL, 0, sclib, token_label, cert_label, &algorithm, &blob_len);
      if (m_keystring_dlg != NULL && sclib && sclib->keystring != NULL) {
        dlg_editbox_set(m_keystring_ctrl, m_keystring_dlg, sclib->keystring);
      }
      if (sclib == NULL) {
        dlg_editbox_set(m_keystring_ctrl, m_keystring_dlg, "no sclib");
      } else
        if (sclib->keystring == NULL) {
          dlg_editbox_set(m_keystring_ctrl, m_keystring_dlg, "no sclib keystring");
        }

    }
  }
}
/* PuTTY SC end */

static void sessionsaver_data_free(void *ssdv)
/* PuTTY CAPI begin */
#ifdef _WINDOWS
struct capi_data {
	union control *certstore_droplist, *certID_text, *cert_browse, *keystring_text;
};

{
void capi_certstore_handler(union control *ctrl, void *dlg, void *data, int event ) {
    Config *cfg = (Config *)data;
    struct capi_data *capid = (struct capi_data *)ctrl->generic.context.p;

    struct sessionsaver_data *ssd = (struct sessionsaver_data *)ssdv;
    if (event == EVENT_REFRESH) {
		if (ctrl == capid->certstore_droplist) {
			dlg_update_start(ctrl, dlg);
			dlg_listbox_clear(ctrl, dlg);
			dlg_listbox_add(ctrl, dlg, "User\\MY (Personal Certificates)");
			dlg_listbox_add(ctrl, dlg, "System\\MY (Personal Certificates)");
			if (strncmp(cfg->capi_certID, "System\\MY", 9) == 0)
				dlg_listbox_select(ctrl, dlg, 1);
			else
				dlg_listbox_select(ctrl, dlg, 0); /* *shrug* */
			dlg_update_done(ctrl, dlg);
		}
    }
}

    sfree(ssd->savedsession);
void capi_certID_handler(union control *ctrl, void *dlg, void *data, int event ) {
    Config *cfg = (Config *)data;
    struct capi_data *capid = (struct capi_data *)ctrl->generic.context.p;
	char* tmpKeystring = NULL;

	if (event == EVENT_REFRESH) {
	    dlg_editbox_set(ctrl, dlg, cfg->capi_certID);
	} else if (event == EVENT_VALCHANGE) {
	    dlg_editbox_get(ctrl, dlg, cfg->capi_certID, sizeof(cfg->capi_certID));
	}

	if (cfg->capi_certID[0]) {
		if ((tmpKeystring = capi_get_key_string(cfg->capi_certID)) != NULL) {
			dlg_editbox_set(capid->keystring_text, dlg, tmpKeystring);
			free(tmpKeystring);
			tmpKeystring = NULL;
		}
	}
}

typedef BOOL (WINAPI *PCertSelectCertificateA)(
__inout  PCERT_SELECT_STRUCT_A pCertSelectInfo
);

void capi_certstore_browse_handler(union control *ctrl, void *dlg, void *data, int event ) {
	Config *cfg = (Config *)data;
	struct capi_data *capid = (struct capi_data *)ctrl->generic.context.p;
	HCERTSTORE hStore = NULL;
	CERT_SELECT_STRUCT_A* css = NULL;
	CERT_CONTEXT** acc = NULL;
	unsigned int tmpSHA1size = 0, dwCertStoreUser;
	unsigned char tmpSHA1[20];
	char tmpSHA1hex[41] = "";
	char tmpCertID[100] = "";
	char* tmpKeystring = NULL;
	HMODULE hCertDlgDLL = NULL;
	PCertSelectCertificateA f_csca = NULL;
	int i;

	if (event == EVENT_ACTION) {
	    i = dlg_listbox_index(capid->certstore_droplist, dlg);
		if (i < 0)
			goto cleanup;

		if ((hCertDlgDLL = LoadLibrary("CryptDlg.dll")) == NULL)
			goto cleanup;
		if ((f_csca = (PCertSelectCertificateA) GetProcAddress(hCertDlgDLL, "CertSelectCertificateA")) == NULL)
			goto cleanup;

		dwCertStoreUser = CERT_SYSTEM_STORE_CURRENT_USER;
		if (i == 1)
			dwCertStoreUser = CERT_SYSTEM_STORE_LOCAL_MACHINE;

		if ((hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0 /*hCryptProv*/, dwCertStoreUser | CERT_STORE_READONLY_FLAG | CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_ENUM_ARCHIVED_FLAG, "MY")) == NULL)
			goto cleanup;

		acc = (CERT_CONTEXT**) malloc(sizeof(CERT_CONTEXT*));
		acc[0] = NULL;
		css = (CERT_SELECT_STRUCT_A*) malloc(sizeof(CERT_SELECT_STRUCT_A));
		memset(css, 0, sizeof(CERT_SELECT_STRUCT_A));
		css->dwSize = sizeof(CERT_SELECT_STRUCT_A);
		css->hwndParent = ((struct dlgparam *) dlg)->hwnd;
		css->hInstance = NULL;
		css->pTemplateName = NULL;
		css->dwFlags = 0;
		css->szTitle = "PuTTY: Select Certificate for CAPI Auth";
		css->cCertStore = 1;
		css->arrayCertStore = &hStore;
		css->szPurposeOid = szOID_PKIX_KP_CLIENT_AUTH;
		css->cCertContext = 1; // count of arrayCertContext indexes allocated
		css->arrayCertContext = acc;

		if (!f_csca(css)) // GetProcAddress(hCertDlgDLL, "CertSelectCertificateA")
			goto cleanup;

		if (css->cCertContext != 1)
			goto cleanup;
		if (acc[0] == NULL)
			goto cleanup;

		tmpSHA1size = sizeof(tmpSHA1);
		if (!CertGetCertificateContextProperty(acc[0], CERT_HASH_PROP_ID, tmpSHA1, &tmpSHA1size))
			memset(tmpSHA1, 0, sizeof(tmpSHA1));
		_snprintf(tmpSHA1hex, sizeof(tmpSHA1hex)-1, "%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X", tmpSHA1[0], tmpSHA1[1], tmpSHA1[2], tmpSHA1[3], tmpSHA1[4], tmpSHA1[5], tmpSHA1[6], tmpSHA1[7], tmpSHA1[8], tmpSHA1[9], tmpSHA1[10], tmpSHA1[11], tmpSHA1[12], tmpSHA1[13], tmpSHA1[14], tmpSHA1[15], tmpSHA1[16], tmpSHA1[17], tmpSHA1[18], tmpSHA1[19]);
		tmpSHA1hex[sizeof(tmpSHA1hex)-1] = '\0';
		_snprintf(tmpCertID, sizeof(tmpCertID)-1, "%s\\%s", i == 1 ? "Machine\\MY" : "User\\MY", tmpSHA1hex);
		tmpCertID[sizeof(tmpCertID)-1] = '\0';
		dlg_editbox_set(capid->certID_text, dlg, tmpCertID);

		strncpy(cfg->capi_certID, tmpCertID, sizeof(cfg->capi_certID));
		cfg->capi_certID[sizeof(cfg->capi_certID)-1] = '\0';

		if ((tmpKeystring = capi_get_key_string(tmpCertID)) != NULL) {
			dlg_editbox_set(capid->keystring_text, dlg, tmpKeystring);
			free(tmpKeystring);
			tmpKeystring = NULL;
		}
	}
cleanup:
	if (hCertDlgDLL) {
		FreeLibrary(hCertDlgDLL);
		f_csca = NULL;
		hCertDlgDLL = NULL;
	}
	if (acc) {
		if (acc[0])
			CertFreeCertificateContext(acc[0]);
		acc[0] = NULL;
		free(acc);
    sfree(ssd);
		acc = NULL;
	}
}

	if (css)
		free(css);
	css = NULL;

	if (hStore)
		CertCloseStore(hStore, 0);
	hStore = NULL;

	return;
}
#endif
/* PuTTY CAPI end */


/* 
 * Helper function to load the session selected in the list box, if
 * any, as this is done in more than one place below. Returns 0 for
 * failure.
 */
static int load_selected_session(struct sessionsaver_data *ssd,
				 char *savedsession,
				 void *dlg, Config *cfg, int *maybe_launch)
				 void *dlg, Conf *conf, int *maybe_launch)
{
    int i = dlg_listbox_index(ssd->listbox, dlg);
    int isdef;
    if (i < 0) {
	dlg_beep(dlg);
	return 0;
    }
    isdef = !strcmp(ssd->sesslist.sessions[i], "Default Settings");
    load_settings(ssd->sesslist.sessions[i], cfg);
    load_settings(ssd->sesslist.sessions[i], conf);
    if (!isdef) {
	strncpy(savedsession, ssd->sesslist.sessions[i],
		SAVEDSESSION_LEN);
	savedsession[SAVEDSESSION_LEN-1] = '\0';
    sfree(ssd->savedsession);
	if (maybe_launch)
	    *maybe_launch = TRUE;
    } else {
	savedsession[0] = '\0';
	if (maybe_launch)
	    *maybe_launch = FALSE;
    ssd->savedsession = dupstr(isdef ? "" : ssd->sesslist.sessions[i]);
    if (maybe_launch)
        *maybe_launch = !isdef;
    }
    dlg_refresh(NULL, dlg);
    /* Restore the selection, which might have been clobbered by
     * changing the value of the edit box. */
    dlg_listbox_select(ssd->listbox, dlg, i);
    return 1;
}

static void sessionsaver_handler(union control *ctrl, void *dlg,
				 void *data, int event)
{
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    struct sessionsaver_data *ssd =
	(struct sessionsaver_data *)ctrl->generic.context.p;
    char *savedsession;

    /*
     * The first time we're called in a new dialog, we must
     * allocate space to store the current contents of the saved
     * session edit box (since it must persist even when we switch
     * panels, but is not part of the Config).
     */
    if (!ssd->editbox) {
        savedsession = NULL;
    } else if (!dlg_get_privdata(ssd->editbox, dlg)) {
	savedsession = (char *)
	    dlg_alloc_privdata(ssd->editbox, dlg, SAVEDSESSION_LEN);
	savedsession[0] = '\0';
    } else {
	savedsession = dlg_get_privdata(ssd->editbox, dlg);
    }

    if (event == EVENT_REFRESH) {
	if (ctrl == ssd->editbox) {
	    dlg_editbox_set(ctrl, dlg, savedsession);
	    dlg_editbox_set(ctrl, dlg, ssd->savedsession);
	} else if (ctrl == ssd->listbox) {
	    int i;
	    dlg_update_start(ctrl, dlg);
	    dlg_listbox_clear(ctrl, dlg);
	    for (i = 0; i < ssd->sesslist.nsessions; i++)
		dlg_listbox_add(ctrl, dlg, ssd->sesslist.sessions[i]);
	    dlg_update_done(ctrl, dlg);
	}
    } else if (event == EVENT_VALCHANGE) {
        int top, bottom, halfway, i;
	if (ctrl == ssd->editbox) {
            sfree(ssd->savedsession);
	    dlg_editbox_get(ctrl, dlg, savedsession,
            ssd->savedsession = dlg_editbox_get(ctrl, dlg);
			    SAVEDSESSION_LEN);
	    top = ssd->sesslist.nsessions;
	    bottom = -1;
	    while (top-bottom > 1) {
	        halfway = (top+bottom)/2;
	        i = strcmp(savedsession, ssd->sesslist.sessions[halfway]);
	        i = strcmp(ssd->savedsession, ssd->sesslist.sessions[halfway]);
	        if (i <= 0 ) {
		    top = halfway;
	        } else {
		    bottom = halfway;
	        }
	    }
	    if (top == ssd->sesslist.nsessions) {

	    /*
	     * The user has double-clicked a session, or hit Load.
	     * We must load the selected session, and then
	     * terminate the configuration dialog _if_ there was a
	     * double-click on the list box _and_ that session
	     * contains a hostname.
	     */
	    if (load_selected_session(ssd, savedsession, dlg, cfg, &mbl) &&
		(mbl && ctrl == ssd->listbox && cfg_launchable(cfg))) {
	    if (load_selected_session(ssd, dlg, conf, &mbl) &&
		(mbl && ctrl == ssd->listbox && conf_launchable(conf))) {
		dlg_end(dlg, 1);       /* it's all over, and succeeded */
	    }
	} else if (ctrl == ssd->savebutton) {
	    int isdef = !strcmp(savedsession, "Default Settings");
	    if (!savedsession[0]) {
	    int isdef = !strcmp(ssd->savedsession, "Default Settings");
	    if (!ssd->savedsession[0]) {
		int i = dlg_listbox_index(ssd->listbox, dlg);
		if (i < 0) {
		    dlg_beep(dlg);
		    return;
		}
		isdef = !strcmp(ssd->sesslist.sessions[i], "Default Settings");
		if (!isdef) {
		    strncpy(savedsession, ssd->sesslist.sessions[i],
                sfree(ssd->savedsession);
			    SAVEDSESSION_LEN);
		    savedsession[SAVEDSESSION_LEN-1] = '\0';
                ssd->savedsession = dupstr(isdef ? "" :
		} else {
		    savedsession[0] = '\0';
		}
                                           ssd->sesslist.sessions[i]);
	    }
	    }
            {
                char *errmsg = save_settings(savedsession, cfg);
                char *errmsg = save_settings(ssd->savedsession, conf);
                if (errmsg) {
                    dlg_error_msg(dlg, errmsg);
                    sfree(errmsg);
                }
            }
	    get_sesslist(&ssd->sesslist, FALSE);
	    get_sesslist(&ssd->sesslist, TRUE);

	     * Annoying special case. If the `Open' button is
	     * pressed while no host name is currently set, _and_
	     * the session list previously had the focus, _and_
	     * there was a session selected in that which had a
	     * valid host name in it, then load it and go.
	     */
	    if (dlg_last_focused(ctrl, dlg) == ssd->listbox &&
		!cfg_launchable(cfg)) {
		Config cfg2;
		!conf_launchable(conf)) {
		Conf *conf2 = conf_new();
		int mbl = FALSE;
		if (!load_selected_session(ssd, savedsession, dlg,
		if (!load_selected_session(ssd, dlg, conf2, &mbl)) {
					   &cfg2, &mbl)) {
		    dlg_beep(dlg);
		    conf_free(conf2);
		    return;
		}
		/* If at this point we have a valid session, go! */
		if (mbl && cfg_launchable(&cfg2)) {
		    *cfg = cfg2;       /* structure copy */
		if (mbl && conf_launchable(conf2)) {
		    conf_copy_into(conf, conf2);
		    cfg->remote_cmd_ptr = NULL;
		    dlg_end(dlg, 1);
		} else
		    dlg_beep(dlg);

		conf_free(conf2);
                return;
	    }

	    /*
	     * Otherwise, do the normal thing: if we have a valid
	     * session, get going.
	     */
	    if (cfg_launchable(cfg)) {
	    if (conf_launchable(conf)) {
		dlg_end(dlg, 1);
	    } else
		dlg_beep(dlg);
	} else if (ctrl == ssd->cancelbutton) {
	    dlg_end(dlg, 0);
	}
    }
}

struct charclass_data {
    union control *listbox, *editbox, *button;
};

static void charclass_handler(union control *ctrl, void *dlg,
			      void *data, int event)
{
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    struct charclass_data *ccd =
	(struct charclass_data *)ctrl->generic.context.p;

    if (event == EVENT_REFRESH) {
	if (ctrl == ccd->listbox) {
	    int i;
	    dlg_update_start(ctrl, dlg);
	    dlg_listbox_clear(ctrl, dlg);
	    for (i = 0; i < 128; i++) {
		char str[100];
		sprintf(str, "%d\t(0x%02X)\t%c\t%d", i, i,
			(i >= 0x21 && i != 0x7F) ? i : ' ', cfg->wordness[i]);
			(i >= 0x21 && i != 0x7F) ? i : ' ',
			conf_get_int_int(conf, CONF_wordness, i));
		dlg_listbox_add(ctrl, dlg, str);
	    }
	    dlg_update_done(ctrl, dlg);
	}
    } else if (event == EVENT_ACTION) {
	if (ctrl == ccd->button) {
	    char str[100];
	    char *str;
	    int i, n;
	    dlg_editbox_get(ccd->editbox, dlg, str, sizeof(str));
	    str = dlg_editbox_get(ccd->editbox, dlg);
	    n = atoi(str);
	    sfree(str);
	    for (i = 0; i < 128; i++) {
		if (dlg_listbox_issel(ccd->listbox, dlg, i))
		    cfg->wordness[i] = n;
		    conf_set_int_int(conf, CONF_wordness, i, n);
	    }
	    dlg_refresh(ccd->listbox, dlg);
	}
    }
}

struct colour_data {

    "ANSI Cyan", "ANSI Cyan Bold",
    "ANSI White", "ANSI White Bold"
};

static void colour_handler(union control *ctrl, void *dlg,
			    void *data, int event)
{
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    struct colour_data *cd =
	(struct colour_data *)ctrl->generic.context.p;
    int update = FALSE, clear = FALSE, r, g, b;

    if (event == EVENT_REFRESH) {
	if (ctrl == cd->listbox) {
	    int i;

	if (ctrl == cd->listbox) {
	    /* The user has selected a colour. Update the RGB text. */
	    int i = dlg_listbox_index(ctrl, dlg);
	    if (i < 0) {
		clear = TRUE;
	    } else {
		clear = FALSE;
		r = cfg->colours[i][0];
		g = cfg->colours[i][1];
		b = cfg->colours[i][2];
		r = conf_get_int_int(conf, CONF_colours, i*3+0);
		g = conf_get_int_int(conf, CONF_colours, i*3+1);
		b = conf_get_int_int(conf, CONF_colours, i*3+2);
	    }
	    update = TRUE;
	}
    } else if (event == EVENT_VALCHANGE) {
	if (ctrl == cd->redit || ctrl == cd->gedit || ctrl == cd->bedit) {
	    /* The user has changed the colour using the edit boxes. */
	    char buf[80];
	    char *str;
	    int i, cval;

	    dlg_editbox_get(ctrl, dlg, buf, lenof(buf));
	    cval = atoi(buf);
	    str = dlg_editbox_get(ctrl, dlg);
	    cval = atoi(str);
	    sfree(str);
	    if (cval > 255) cval = 255;
	    if (cval < 0)   cval = 0;

	    i = dlg_listbox_index(cd->listbox, dlg);
	    if (i >= 0) {
		if (ctrl == cd->redit)
		    cfg->colours[i][0] = cval;
		    conf_set_int_int(conf, CONF_colours, i*3+0, cval);
		else if (ctrl == cd->gedit)
		    cfg->colours[i][1] = cval;
		    conf_set_int_int(conf, CONF_colours, i*3+1, cval);
		else if (ctrl == cd->bedit)
		    cfg->colours[i][2] = cval;
		    conf_set_int_int(conf, CONF_colours, i*3+2, cval);
	    }
	}
    } else if (event == EVENT_ACTION) {
	if (ctrl == cd->button) {
	    int i = dlg_listbox_index(cd->listbox, dlg);
	    if (i < 0) {
		dlg_beep(dlg);
		return;
	    }
	    /*
	     * Start a colour selector, which will send us an
	     * EVENT_CALLBACK when it's finished and allow us to
	     * pick up the results.
	     */
	    dlg_coloursel_start(ctrl, dlg,
				cfg->colours[i][0],
				cfg->colours[i][1],
				cfg->colours[i][2]);
				conf_get_int_int(conf, CONF_colours, i*3+0),
				conf_get_int_int(conf, CONF_colours, i*3+1),
				conf_get_int_int(conf, CONF_colours, i*3+2));
	}
    } else if (event == EVENT_CALLBACK) {
	if (ctrl == cd->button) {
	    int i = dlg_listbox_index(cd->listbox, dlg);
	    /*
	     * Collect the results of the colour selector. Will
	     * return nonzero on success, or zero if the colour
	     * selector did nothing (user hit Cancel, for example).
	     */
	    if (dlg_coloursel_results(ctrl, dlg, &r, &g, &b)) {
		cfg->colours[i][0] = r;
		cfg->colours[i][1] = g;
		cfg->colours[i][2] = b;
		conf_set_int_int(conf, CONF_colours, i*3+0, r);
		conf_set_int_int(conf, CONF_colours, i*3+1, g);
		conf_set_int_int(conf, CONF_colours, i*3+2, b);
		clear = FALSE;
		update = TRUE;
	    }
	}
    }

    if (update) {

    union control *modelist, *valradio, *valbox;
    union control *addbutton, *rembutton, *listbox;
};

static void ttymodes_handler(union control *ctrl, void *dlg,
			     void *data, int event)
{
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    struct ttymodes_data *td =
	(struct ttymodes_data *)ctrl->generic.context.p;

    if (event == EVENT_REFRESH) {
	if (ctrl == td->listbox) {
	    char *p = cfg->ttymodes;
	    char *key, *val;
	    dlg_update_start(ctrl, dlg);
	    dlg_listbox_clear(ctrl, dlg);
	    while (*p) {
		int tabpos = strchr(p, '\t') - p;
		char *disp = dupprintf("%.*s\t%s", tabpos, p,
				       (p[tabpos+1] == 'A') ? "(auto)" :
	    for (val = conf_get_str_strs(conf, CONF_ttymodes, NULL, &key);
		 val != NULL;
		 val = conf_get_str_strs(conf, CONF_ttymodes, key, &key)) {
		char *disp = dupprintf("%s\t%s", key,
				       (val[0] == 'A') ? "(auto)" : val+1);
				       p+tabpos+2);
		dlg_listbox_add(ctrl, dlg, disp);
		p += strlen(p) + 1;
		sfree(disp);
	    }
	    dlg_update_done(ctrl, dlg);
	} else if (ctrl == td->modelist) {
	    int i;
	    dlg_update_start(ctrl, dlg);
	    dlg_listbox_clear(ctrl, dlg);
	    for (i = 0; ttymodes[i]; i++)
		dlg_listbox_add(ctrl, dlg, ttymodes[i]);
	    dlg_listbox_select(ctrl, dlg, 0); /* *shrug* */
	    dlg_update_done(ctrl, dlg);
	} else if (ctrl == td->valradio) {
	    dlg_radiobutton_set(ctrl, dlg, 0);
	}
    } else if (event == EVENT_ACTION) {
	if (ctrl == td->addbutton) {
	    int ind = dlg_listbox_index(td->modelist, dlg);
	    if (ind >= 0) {
		char type = dlg_radiobutton_get(td->valradio, dlg) ? 'V' : 'A';
		int slen, left;
		char *p, str[lenof(cfg->ttymodes)];
		const char *key;
		char *str, *val;
		/* Construct new entry */
		memset(str, 0, lenof(str));
		strncpy(str, ttymodes[ind], lenof(str)-3);
		key = ttymodes[ind];
		slen = strlen(str);
		str[slen] = '\t';
		str[slen+1] = type;
		slen += 2;
		if (type == 'V') {
		    dlg_editbox_get(td->valbox, dlg, str+slen, lenof(str)-slen);
		str = dlg_editbox_get(td->valbox, dlg);
		}
		/* Find end of list, deleting any existing instance */
		p = cfg->ttymodes;
		val = dupprintf("%c%s", type, str);
		left = lenof(cfg->ttymodes);
		while (*p) {
		    int t = strchr(p, '\t') - p;
		    if (t == strlen(ttymodes[ind]) &&
		sfree(str);
		conf_set_str_str(conf, CONF_ttymodes, key, val);
			strncmp(p, ttymodes[ind], t) == 0) {
			memmove(p, p+strlen(p)+1, left - (strlen(p)+1));
			continue;
		sfree(val);
		    }
		    left -= strlen(p) + 1;
		    p    += strlen(p) + 1;
		}
		/* Append new entry */
		memset(p, 0, left);
		strncpy(p, str, left - 2);
		dlg_refresh(td->listbox, dlg);
	    } else
		dlg_beep(dlg);
	} else if (ctrl == td->rembutton) {
	    char *p = cfg->ttymodes;
	    int i = 0, len = lenof(cfg->ttymodes);
	    int i = 0;
	    while (*p) {
		int multisel = dlg_listbox_index(td->listbox, dlg) < 0;
	    char *key, *val;
	    int multisel = dlg_listbox_index(td->listbox, dlg) < 0;
	    for (val = conf_get_str_strs(conf, CONF_ttymodes, NULL, &key);
		 val != NULL;
		 val = conf_get_str_strs(conf, CONF_ttymodes, key, &key)) {
		if (dlg_listbox_issel(td->listbox, dlg, i)) {
		    if (!multisel) {
			/* Populate controls with entry we're about to
			 * delete, for ease of editing.
			 * (If multiple entries were selected, don't
			 * touch the controls.) */
			char *val = strchr(p, '\t');
			if (val) {
			    int ind = 0;
			    val++;
			    while (ttymodes[ind]) {
			int ind = 0;
			val++;
			while (ttymodes[ind]) {
				if (strlen(ttymodes[ind]) == val-p-1 &&
				    !strncmp(ttymodes[ind], p, val-p-1))
				    break;
				ind++;
			    }
			    dlg_listbox_select(td->modelist, dlg, ind);
			    dlg_radiobutton_set(td->valradio, dlg,
						(*val == 'V'));
			    dlg_editbox_set(td->valbox, dlg, val+1);
			}
			    if (!strcmp(ttymodes[ind], key))
				break;
			    ind++;
			}
			dlg_listbox_select(td->modelist, dlg, ind);
			dlg_radiobutton_set(td->valradio, dlg,
					    (*val == 'V'));
			dlg_editbox_set(td->valbox, dlg, val+1);
		    }
		    }
		    memmove(p, p+strlen(p)+1, len - (strlen(p)+1));
		    i++;
		    continue;
		    conf_del_str_str(conf, CONF_ttymodes, key);
		}
		len -= strlen(p) + 1;
		p   += strlen(p) + 1;
		i++;
	    }
	    memset(p, 0, lenof(cfg->ttymodes) - len);
	    dlg_refresh(td->listbox, dlg);
	}
    }
}

struct environ_data {
    union control *varbox, *valbox, *addbutton, *rembutton, *listbox;
};

static void environ_handler(union control *ctrl, void *dlg,
			    void *data, int event)
{
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    struct environ_data *ed =
	(struct environ_data *)ctrl->generic.context.p;

    if (event == EVENT_REFRESH) {
	if (ctrl == ed->listbox) {
	    char *p = cfg->environmt;
	    char *key, *val;
	    dlg_update_start(ctrl, dlg);
	    dlg_listbox_clear(ctrl, dlg);
	    while (*p) {
	    for (val = conf_get_str_strs(conf, CONF_environmt, NULL, &key);
		 val != NULL;
		 val = conf_get_str_strs(conf, CONF_environmt, key, &key)) {
		char *p = dupprintf("%s\t%s", key, val);
		dlg_listbox_add(ctrl, dlg, p);
		p += strlen(p) + 1;
		sfree(p);
	    }
	    dlg_update_done(ctrl, dlg);
	}
    } else if (event == EVENT_ACTION) {
	if (ctrl == ed->addbutton) {
	    char str[sizeof(cfg->environmt)];
	    char *p;
	    dlg_editbox_get(ed->varbox, dlg, str, sizeof(str)-1);
	    if (!*str) {
	    char *key, *val, *str;
	    key = dlg_editbox_get(ed->varbox, dlg);
	    if (!*key) {
		sfree(key);
		dlg_beep(dlg);
		return;
	    }
	    p = str + strlen(str);
	    *p++ = '\t';
	    dlg_editbox_get(ed->valbox, dlg, p, sizeof(str)-1 - (p - str));
	    if (!*p) {
	    val = dlg_editbox_get(ed->valbox, dlg);
	    if (!*val) {
		sfree(key);
		sfree(val);
		dlg_beep(dlg);
		return;
	    }
	    p = cfg->environmt;
	    conf_set_str_str(conf, CONF_environmt, key, val);
	    while (*p) {
		while (*p)
		    p++;
		p++;
	    }
	    if ((p - cfg->environmt) + strlen(str) + 2 <
		sizeof(cfg->environmt)) {
		strcpy(p, str);
	    str = dupcat(key, "\t", val, NULL);
		p[strlen(str) + 1] = '\0';
		dlg_listbox_add(ed->listbox, dlg, str);
		dlg_editbox_set(ed->varbox, dlg, "");
		dlg_editbox_set(ed->valbox, dlg, "");
	    } else {
		dlg_error_msg(dlg, "Environment too big");
	    dlg_editbox_set(ed->varbox, dlg, "");
	    dlg_editbox_set(ed->valbox, dlg, "");
	    sfree(str);
	    sfree(key);
	    sfree(val);
	    dlg_refresh(ed->listbox, dlg);
	    }
	} else if (ctrl == ed->rembutton) {
	    int i = dlg_listbox_index(ed->listbox, dlg);
	    if (i < 0) {
		dlg_beep(dlg);
	    } else {
		char *p, *q, *str;
		char *key, *val;

		dlg_listbox_del(ed->listbox, dlg, i);
		p = cfg->environmt;
		key = conf_get_str_nthstrkey(conf, CONF_environmt, i);
		while (i > 0) {
		    if (!*p)
		if (key) {
			goto disaster;
		    while (*p)
			p++;
		    p++;
		    i--;
		}
		q = p;
		if (!*p)
		    goto disaster;
		/* Populate controls with the entry we're about to delete
		 * for ease of editing */
		str = p;
		    /* Populate controls with the entry we're about to delete
		     * for ease of editing */
		    val = conf_get_str_str(conf, CONF_environmt, key);
		p = strchr(p, '\t');
		if (!p)
		    goto disaster;
		*p = '\0';
		dlg_editbox_set(ed->varbox, dlg, str);
		    dlg_editbox_set(ed->varbox, dlg, key);
		p++;
		str = p;
		dlg_editbox_set(ed->valbox, dlg, str);
		    dlg_editbox_set(ed->valbox, dlg, val);
		p = strchr(p, '\0');
		if (!p)
		    goto disaster;
		p++;
		while (*p) {
		    while (*p)
		    /* And delete it */
			*q++ = *p++;
		    *q++ = *p++;
		    conf_del_str_str(conf, CONF_environmt, key);
		}
		*q = '\0';
		disaster:;
	    }
	    dlg_refresh(ed->listbox, dlg);
	}
    }
}

struct portfwd_data {
    union control *addbutton, *rembutton, *listbox;
    union control *sourcebox, *destbox, *direction;
#ifndef NO_IPV6
    union control *addressfamily;
#endif
};

static void portfwd_handler(union control *ctrl, void *dlg,
			    void *data, int event)
{
    Config *cfg = (Config *)data;
    Conf *conf = (Conf *)data;
    struct portfwd_data *pfd =
	(struct portfwd_data *)ctrl->generic.context.p;

    if (event == EVENT_REFRESH) {
	if (ctrl == pfd->listbox) {
	    char *p = cfg->portfwd;
	    char *key, *val;
	    dlg_update_start(ctrl, dlg);
	    dlg_listbox_clear(ctrl, dlg);
	    for (val = conf_get_str_strs(conf, CONF_portfwd, NULL, &key);
		 val != NULL;
		 val = conf_get_str_strs(conf, CONF_portfwd, key, &key)) {
	    while (*p) {
		char *p;
                if (!strcmp(val, "D")) {
                    char *L;
                    /*
                     * A dynamic forwarding is stored as L12345=D or
                     * 6L12345=D (since it's mutually exclusive with
                     * L12345=anything else), but displayed as D12345
                     * to match the fiction that 'Local', 'Remote' and
                     * 'Dynamic' are three distinct modes and also to
                     * align with OpenSSH's command line option syntax
                     * that people will already be used to. So, for
                     * display purposes, find the L in the key string
                     * and turn it into a D.
                     */
                    p = dupprintf("%s\t", key);
                    L = strchr(p, 'L');
                    if (L) *L = 'D';
                } else
                    p = dupprintf("%s\t%s", key, val);
		dlg_listbox_add(ctrl, dlg, p);
		p += strlen(p) + 1;
		sfree(p);
	    }
	    dlg_update_done(ctrl, dlg);
	} else if (ctrl == pfd->direction) {
	    /*
	     * Default is Local.
	     */
	    dlg_radiobutton_set(ctrl, dlg, 0);
#ifndef NO_IPV6
	} else if (ctrl == pfd->addressfamily) {
	    dlg_radiobutton_set(ctrl, dlg, 0);
#endif
	}
    } else if (event == EVENT_ACTION) {
	if (ctrl == pfd->addbutton) {
	    char str[sizeof(cfg->portfwd)];
	    char *p;
	    char *family, *type, *src, *key, *val;
	    int i, type;
	    int whichbutton;

	    i = 0;
#ifndef NO_IPV6
	    whichbutton = dlg_radiobutton_get(pfd->addressfamily, dlg);
	    if (whichbutton == 1)
		str[i++] = '4';
		family = "4";
	    else if (whichbutton == 2)
		family = "6";
	    else
		str[i++] = '6';
		family = "";
#endif

	    whichbutton = dlg_radiobutton_get(pfd->direction, dlg);
	    if (whichbutton == 0)
		type = 'L';
		type = "L";
	    else if (whichbutton == 1)
		type = 'R';
		type = "R";
	    else
		type = 'D';
		type = "D";
	    str[i++] = type;

	    dlg_editbox_get(pfd->sourcebox, dlg, str+i, sizeof(str) - i);
	    if (!str[i]) {
	    src = dlg_editbox_get(pfd->sourcebox, dlg);
	    if (!*src) {
		dlg_error_msg(dlg, "You need to specify a source port number");
		sfree(src);
		return;
	    }
	    p = str + strlen(str);
	    if (type != 'D') {
	    if (*type != 'D') {
		*p++ = '\t';
		dlg_editbox_get(pfd->destbox, dlg, p,
		val = dlg_editbox_get(pfd->destbox, dlg);
				sizeof(str) - (p - str));
		if (!*p || !strchr(p, ':')) {
		if (!*val || !strchr(val, ':')) {
		    dlg_error_msg(dlg,
				  "You need to specify a destination address\n"
				  "in the form \"host.name:port\"");
		    sfree(src);
		    sfree(val);
		    return;
		}
	    } else
		*p = '\0';
	    p = cfg->portfwd;
	    } else {
                type = "L";
		val = dupstr("D");     /* special case */
	    while (*p) {
		if (strcmp(p,str) == 0) {
		    dlg_error_msg(dlg, "Specified forwarding already exists");
		    break;
		}
            }
		while (*p)
		    p++;
		p++;
	    }

	    if (!*p) {
		if ((p - cfg->portfwd) + strlen(str) + 2 <=
		    sizeof(cfg->portfwd)) {
		    strcpy(p, str);
		    p[strlen(str) + 1] = '\0';
		    dlg_listbox_add(pfd->listbox, dlg, str);
		    dlg_editbox_set(pfd->sourcebox, dlg, "");
	    key = dupcat(family, type, src, NULL);
	    sfree(src);

	    if (conf_get_str_str_opt(conf, CONF_portfwd, key)) {
		dlg_error_msg(dlg, "Specified forwarding already exists");
		    dlg_editbox_set(pfd->destbox, dlg, "");
		} else {
	    } else {
		    dlg_error_msg(dlg, "Too many forwardings");
		}
	    }
		conf_set_str_str(conf, CONF_portfwd, key, val);
	    }

	    sfree(key);
	    sfree(val);
	    dlg_refresh(pfd->listbox, dlg);
	} else if (ctrl == pfd->rembutton) {
	    int i = dlg_listbox_index(pfd->listbox, dlg);
	    if (i < 0)
	    if (i < 0) {
		dlg_beep(dlg);
	    else {
	    } else {
		char *p, *q, *src, *dst;
		char dir;
		char *key, *val, *p;

		dlg_listbox_del(pfd->listbox, dlg, i);
		p = cfg->portfwd;
		key = conf_get_str_nthstrkey(conf, CONF_portfwd, i);
		while (i > 0) {
		    if (!*p)
			goto disaster2;
		    while (*p)
		if (key) {
		    static const char *const afs = "A46";
		    static const char *const dirs = "LRD";
		    char *afp;
		    int dir;
#ifndef NO_IPV6
		    int idx;
			p++;
		    p++;
		    i--;
		}
#endif

		q = p;
		if (!*p)
		    goto disaster2;
		/* Populate the controls with the entry we're about to
		 * delete, for ease of editing. */
		{
		    /* Populate controls with the entry we're about to delete
		     * for ease of editing */
		    p = key;

		    static const char *const afs = "A46";
		    char *afp = strchr(afs, *p);
		    afp = strchr(afs, *p);
#ifndef NO_IPV6
		    int idx = afp ? afp-afs : 0;
		    idx = afp ? afp-afs : 0;
#endif
		    if (afp)
			p++;
#ifndef NO_IPV6
		    dlg_radiobutton_set(pfd->addressfamily, dlg, idx);
#endif
		}
		{

		    dir = *p;

		    static const char *const dirs = "LRD";
		    dir = *p;
                    val = conf_get_str_str(conf, CONF_portfwd, key);
		    if (!strcmp(val, "D")) {
                        dir = 'D';
			val = "";
		    }

		    dlg_radiobutton_set(pfd->direction, dlg,
					strchr(dirs, dir) - dirs);
		}
		p++;
		    p++;
		if (dir != 'D') {
		    src = p;
		    p = strchr(p, '\t');
		    if (!p)
			goto disaster2;
		    *p = '\0';
		    p++;
		    dst = p;
		} else {
		    src = p;
		    dst = "";
		}

		p = strchr(p, '\0');
		if (!p)
		    goto disaster2;
		dlg_editbox_set(pfd->sourcebox, dlg, src);
		dlg_editbox_set(pfd->destbox, dlg, dst);
		    dlg_editbox_set(pfd->sourcebox, dlg, p);
		    dlg_editbox_set(pfd->destbox, dlg, val);
		p++;
		while (*p) {
		    while (*p)
		    /* And delete it */
			*q++ = *p++;
		    *q++ = *p++;
		    conf_del_str_str(conf, CONF_portfwd, key);
		}
		*q = '\0';
		disaster2:;
	    }
	    dlg_refresh(pfd->listbox, dlg);
	}
    }
}

void setup_config_box(struct controlbox *b, int midsession,
		      int protocol, int protcfginfo)
{
    struct controlset *s;
    struct sessionsaver_data *ssd;
    struct charclass_data *ccd;
    struct colour_data *cd;
	/* PuTTY CAPI start */
#ifdef _WINDOWS
	struct capi_data *capid;
#endif
	/* PuTTY CAPI end */
    struct ttymodes_data *td;
    struct environ_data *ed;
    struct portfwd_data *pfd;
    union control *c;
    char *str;

    ssd = (struct sessionsaver_data *)
	ctrl_alloc(b, sizeof(struct sessionsaver_data));
	ctrl_alloc_with_free(b, sizeof(struct sessionsaver_data),
                             sessionsaver_data_free);
    memset(ssd, 0, sizeof(*ssd));
    ssd->savedsession = dupstr("");
    ssd->midsession = midsession;

    /*
     * The standard panel that appears at the bottom of all panels:
     * Open, Cancel, Apply etc.
     */
    s = ctrl_getset(b, "", "", "");