From e719a9ef6f1cab28c075cb733d2f864dbe0b5c9b Mon Sep 17 00:00:00 2001 From: Matt Johnston <matt@ucc.asn.au> Date: Thu, 17 May 2012 20:52:57 +0800 Subject: [PATCH] - Only request "none" cipher after auth has succeeded --HG-- branch : insecure-nocrypto --- cli-auth.c | 12 ++---------- cli-session.c | 15 +++++++++++++++ common-algo.c | 35 ++++++++++++++++++++++++++++++++++- options.h | 4 ---- session.h | 3 +++ 5 files changed, 54 insertions(+), 15 deletions(-) diff --git a/cli-auth.c b/cli-auth.c index 97c12d8e..321cbf30 100644 --- a/cli-auth.c +++ b/cli-auth.c @@ -257,13 +257,9 @@ void cli_auth_try() { #endif #ifdef ENABLE_CLI_INTERACT_AUTH -#if defined(DROPBEAR_NONE_CIPHER) && !defined(ALLOW_NONE_PASSWORD_AUTH) if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); - } - else -#endif - if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) { + } else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) { if (cli_ses.auth_interact_failed) { finished = 0; } else { @@ -275,13 +271,9 @@ void cli_auth_try() { #endif #ifdef ENABLE_CLI_PASSWORD_AUTH -#if defined(DROPBEAR_NONE_CIPHER) && !defined(ALLOW_NONE_PASSWORD_AUTH) if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); - } - else -#endif - if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { + } else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { cli_auth_password(); finished = 1; cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; diff --git a/cli-session.c b/cli-session.c index 566dd2ad..e58fdbde 100644 --- a/cli-session.c +++ b/cli-session.c @@ -133,6 +133,13 @@ static void cli_session_init() { cli_ses.lastprivkey = NULL; cli_ses.lastauthtype = 0; +#ifdef DROPBEAR_NONE_CIPHER + cli_ses.cipher_none_after_auth = get_algo_usable(sshciphers, "none"); + set_algo_usable(sshciphers, "none", 0); +#else + cli_ses.cipher_none_after_auth = 0; +#endif + /* For printing "remote host closed" for the user */ ses.remoteclosed = cli_remoteclosed; ses.buf_match_algo = cli_buf_match_algo; @@ -207,6 +214,14 @@ static void cli_sessionloop() { case USERAUTH_SUCCESS_RCVD: +#ifdef DROPBEAR_NONE_CIPHER + if (cli_ses.cipher_none_after_auth) + { + set_algo_usable(sshciphers, "none", 1); + send_msg_kexinit(); + } +#endif + if (cli_opts.backgrounded) { int devnull; /* keeping stdin open steals input from the terminal and diff --git a/common-algo.c b/common-algo.c index 0e1a64cb..8c1ee04f 100644 --- a/common-algo.c +++ b/common-algo.c @@ -301,6 +301,38 @@ void buf_put_algolist(buffer * buf, algo_type localalgos[]) { buf_free(algolist); } +#ifdef DROPBEAR_NONE_CIPHER + +void +set_algo_usable(algo_type algos[], const char * algo_name, int usable) +{ + algo_type *a; + for (a = algos; a->name != NULL; a++) + { + if (strcmp(a->name, algo_name) == 0) + { + a->usable = usable; + return; + } + } +} + +int +get_algo_usable(algo_type algos[], const char * algo_name) +{ + algo_type *a; + for (a = algos; a->name != NULL; a++) + { + if (strcmp(a->name, algo_name) == 0) + { + return a->usable; + } + } + return 0; +} + +#endif // DROPBEAR_NONE_CIPHER + #ifdef ENABLE_USER_ALGO_LIST char * @@ -367,7 +399,8 @@ check_user_algos(const char* user_algo_list, algo_type * algos, { *c = '\0'; try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret); - last_name = c++; + c++; + last_name = c; } } try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret); diff --git a/options.h b/options.h index e3cdcf3a..8cccb3c4 100644 --- a/options.h +++ b/options.h @@ -106,10 +106,6 @@ much traffic. */ * the only safe auth method is public key. */ #define DROPBEAR_NONE_CIPHER -/* Define this to allow password authentication even when no encryption - * is being used. This can be unsafe */ -#define ALLOW_NONE_PASSWORD_AUTH - /* Message Integrity - at least one required. * Protocol RFC requires sha1 and recommends sha1-96. * sha1-96 is of use for slow links as it has a smaller overhead. diff --git a/session.h b/session.h index 941dcb9a..e9695fe0 100644 --- a/session.h +++ b/session.h @@ -269,6 +269,9 @@ struct clientsession { int interact_request_received; /* flag whether we've received an info request from the server for interactive auth.*/ + + int cipher_none_after_auth; /* Set to 1 if the user requested "none" + auth */ #endif sign_key *lastprivkey; -- GitLab