Commit e719a9ef authored by Matt Johnston's avatar Matt Johnston
Browse files

- Only request "none" cipher after auth has succeeded

--HG--
branch : insecure-nocrypto
parent a02d3807
......@@ -257,13 +257,9 @@ void cli_auth_try() {
#endif
#ifdef ENABLE_CLI_INTERACT_AUTH
#if defined(DROPBEAR_NONE_CIPHER) && !defined(ALLOW_NONE_PASSWORD_AUTH)
if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
}
else
#endif
if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
} else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
if (cli_ses.auth_interact_failed) {
finished = 0;
} else {
......@@ -275,13 +271,9 @@ void cli_auth_try() {
#endif
#ifdef ENABLE_CLI_PASSWORD_AUTH
#if defined(DROPBEAR_NONE_CIPHER) && !defined(ALLOW_NONE_PASSWORD_AUTH)
if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
}
else
#endif
if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
} else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
cli_auth_password();
finished = 1;
cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
......
......@@ -133,6 +133,13 @@ static void cli_session_init() {
cli_ses.lastprivkey = NULL;
cli_ses.lastauthtype = 0;
#ifdef DROPBEAR_NONE_CIPHER
cli_ses.cipher_none_after_auth = get_algo_usable(sshciphers, "none");
set_algo_usable(sshciphers, "none", 0);
#else
cli_ses.cipher_none_after_auth = 0;
#endif
/* For printing "remote host closed" for the user */
ses.remoteclosed = cli_remoteclosed;
ses.buf_match_algo = cli_buf_match_algo;
......@@ -207,6 +214,14 @@ static void cli_sessionloop() {
case USERAUTH_SUCCESS_RCVD:
#ifdef DROPBEAR_NONE_CIPHER
if (cli_ses.cipher_none_after_auth)
{
set_algo_usable(sshciphers, "none", 1);
send_msg_kexinit();
}
#endif
if (cli_opts.backgrounded) {
int devnull;
/* keeping stdin open steals input from the terminal and
......
......@@ -301,6 +301,38 @@ void buf_put_algolist(buffer * buf, algo_type localalgos[]) {
buf_free(algolist);
}
#ifdef DROPBEAR_NONE_CIPHER
void
set_algo_usable(algo_type algos[], const char * algo_name, int usable)
{
algo_type *a;
for (a = algos; a->name != NULL; a++)
{
if (strcmp(a->name, algo_name) == 0)
{
a->usable = usable;
return;
}
}
}
int
get_algo_usable(algo_type algos[], const char * algo_name)
{
algo_type *a;
for (a = algos; a->name != NULL; a++)
{
if (strcmp(a->name, algo_name) == 0)
{
return a->usable;
}
}
return 0;
}
#endif // DROPBEAR_NONE_CIPHER
#ifdef ENABLE_USER_ALGO_LIST
char *
......@@ -367,7 +399,8 @@ check_user_algos(const char* user_algo_list, algo_type * algos,
{
*c = '\0';
try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);
last_name = c++;
c++;
last_name = c;
}
}
try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);
......
......@@ -106,10 +106,6 @@ much traffic. */
* the only safe auth method is public key. */
#define DROPBEAR_NONE_CIPHER
/* Define this to allow password authentication even when no encryption
* is being used. This can be unsafe */
#define ALLOW_NONE_PASSWORD_AUTH
/* Message Integrity - at least one required.
* Protocol RFC requires sha1 and recommends sha1-96.
* sha1-96 is of use for slow links as it has a smaller overhead.
......
......@@ -269,6 +269,9 @@ struct clientsession {
int interact_request_received; /* flag whether we've received an
info request from the server for
interactive auth.*/
int cipher_none_after_auth; /* Set to 1 if the user requested "none"
auth */
#endif
sign_key *lastprivkey;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment