# HG changeset patch # User Matt Johnston # Date 1364900044 -28800 # Node ID 0b854ab003334b2cd7e675617c4a330c96afa8db # Parent 73b6e5d8801baf9cff58bee89c6236c174ba83f8# Parent 619b1ed837fd54a48e65ec2120997748919d6f47 merge diff -r 73b6e5d8801b -r 0b854ab00333 auth.h --- a/auth.h Tue Apr 02 18:53:18 2013 +0800 +++ b/auth.h Tue Apr 02 18:54:04 2013 +0800 @@ -67,7 +67,7 @@ void recv_msg_userauth_info_request(); void cli_get_user(); void cli_auth_getmethods(); -void cli_auth_try(); +int cli_auth_try(); void recv_msg_userauth_banner(); void cli_pubkeyfail(); void cli_auth_password(); diff -r 73b6e5d8801b -r 0b854ab00333 cli-auth.c --- a/cli-auth.c Tue Apr 02 18:53:18 2013 +0800 +++ b/cli-auth.c Tue Apr 02 18:54:04 2013 +0800 @@ -42,9 +42,15 @@ void cli_auth_getmethods() { TRACE(("enter cli_auth_getmethods")) #ifdef CLI_IMMEDIATE_AUTH - ses.authstate.authtypes = AUTH_TYPE_PUBKEY | AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT; - cli_auth_try(); -#else + ses.authstate.authtypes = AUTH_TYPE_PUBKEY; + if (getenv(DROPBEAR_PASSWORD_ENV)) { + ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT; + } + if (cli_auth_try() == DROPBEAR_SUCCESS) { + TRACE(("skipped initial none auth query")) + return; + } +#endif CHECKCLEARTOWRITE(); buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST); buf_putstring(ses.writepayload, cli_opts.username, @@ -54,7 +60,6 @@ buf_putstring(ses.writepayload, "none", 4); /* 'none' method */ encrypt_packet(); -#endif TRACE(("leave cli_auth_getmethods")) } @@ -241,7 +246,7 @@ #endif } -void cli_auth_try() { +int cli_auth_try() { int finished = 0; TRACE(("enter cli_auth_try")) @@ -258,36 +263,39 @@ #endif #ifdef ENABLE_CLI_PASSWORD_AUTH - if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { - fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); - } else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) { - cli_auth_password(); - finished = 1; - cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; + if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) { + if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { + fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n"); + } else { + cli_auth_password(); + finished = 1; + cli_ses.lastauthtype = AUTH_TYPE_PASSWORD; + } } #endif #ifdef ENABLE_CLI_INTERACT_AUTH - if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { - fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); - } else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) { - if (cli_ses.auth_interact_failed) { - finished = 0; + if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) { + if (ses.keys->trans.algo_crypt->cipherdesc == NULL) { + fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n"); } else { - cli_auth_interactive(); - cli_ses.lastauthtype = AUTH_TYPE_INTERACT; - finished = 1; + if (!cli_ses.auth_interact_failed) { + cli_auth_interactive(); + cli_ses.lastauthtype = AUTH_TYPE_INTERACT; + finished = 1; + } } } #endif TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype)) - if (!finished) { - dropbear_exit("No auth methods could be used."); + if (finished) { + TRACE(("leave cli_auth_try success")) + return DROPBEAR_SUCCESS; } - - TRACE(("leave cli_auth_try")) + TRACE(("leave cli_auth_try failure")) + return DROPBEAR_FAILURE; } /* A helper for getpass() that exits if the user cancels. The returned diff -r 73b6e5d8801b -r 0b854ab00333 cli-session.c --- a/cli-session.c Tue Apr 02 18:53:18 2013 +0800 +++ b/cli-session.c Tue Apr 02 18:54:04 2013 +0800 @@ -221,7 +221,9 @@ return; case USERAUTH_FAIL_RCVD: - cli_auth_try(); + if (cli_auth_try() == DROPBEAR_FAILURE) { + dropbear_exit("No auth methods could be used."); + } cli_ses.state = USERAUTH_REQ_SENT; TRACE(("leave cli_sessionloop: cli_auth_try")) return;