Mercurial > dropbear

changeset 747:077bbe1eb220

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge kexguess branch
author Matt Johnston <matt@ucc.asn.au>
date Wed, 03 Apr 2013 00:49:24 +0800
parents 0b854ab00333 (diff) 465fefc4f6e0 (current diff)
children c8c791c5d83e
files cli-algo.c cli-session.c common-algo.c debug.h session.h svr-algo.c svr-session.c
diffstat 10 files changed, 63 insertions(+), 41 deletions(-) [+]
line wrap: on
line diff
--- a/auth.h	Wed Apr 03 00:43:31 2013 +0800
+++ b/auth.h	Wed Apr 03 00:49:24 2013 +0800
@@ -67,7 +67,7 @@
 void recv_msg_userauth_info_request();
 void cli_get_user();
 void cli_auth_getmethods();
-void cli_auth_try();
+int cli_auth_try();
 void recv_msg_userauth_banner();
 void cli_pubkeyfail();
 void cli_auth_password();
--- a/cli-auth.c	Wed Apr 03 00:43:31 2013 +0800
+++ b/cli-auth.c	Wed Apr 03 00:49:24 2013 +0800
@@ -42,9 +42,15 @@
 void cli_auth_getmethods() {
 	TRACE(("enter cli_auth_getmethods"))
 #ifdef CLI_IMMEDIATE_AUTH
-	ses.authstate.authtypes = AUTH_TYPE_PUBKEY | AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
-	cli_auth_try();
-#else
+	ses.authstate.authtypes = AUTH_TYPE_PUBKEY;
+    if (getenv(DROPBEAR_PASSWORD_ENV)) {
+		ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
+	}
+	if (cli_auth_try() == DROPBEAR_SUCCESS) {
+		TRACE(("skipped initial none auth query"))
+		return;
+	}
+#endif
 	CHECKCLEARTOWRITE();
 	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
 	buf_putstring(ses.writepayload, cli_opts.username, 
@@ -54,7 +60,6 @@
 	buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
 
 	encrypt_packet();
-#endif
 	TRACE(("leave cli_auth_getmethods"))
 }
 
@@ -241,7 +246,7 @@
 #endif
 }
 
-void cli_auth_try() {
+int cli_auth_try() {
 
 	int finished = 0;
 	TRACE(("enter cli_auth_try"))
@@ -257,37 +262,40 @@
 	}
 #endif
 
-#ifdef ENABLE_CLI_INTERACT_AUTH
-	if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
-		fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
-	} else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
-		if (cli_ses.auth_interact_failed) {
-			finished = 0;
+#ifdef ENABLE_CLI_PASSWORD_AUTH
+	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
+		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
+			fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
 		} else {
-			cli_auth_interactive();
-			cli_ses.lastauthtype = AUTH_TYPE_INTERACT;
+			cli_auth_password();
 			finished = 1;
+			cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
 		}
 	}
 #endif
 
-#ifdef ENABLE_CLI_PASSWORD_AUTH
-	if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
-		fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
-	} else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
-		cli_auth_password();
-		finished = 1;
-		cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
+#ifdef ENABLE_CLI_INTERACT_AUTH
+	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) {
+		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
+			fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
+		} else {
+			if (!cli_ses.auth_interact_failed) {
+				cli_auth_interactive();
+				cli_ses.lastauthtype = AUTH_TYPE_INTERACT;
+				finished = 1;
+			}
+		}
 	}
 #endif
 
 	TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype))
 
-	if (!finished) {
-		dropbear_exit("No auth methods could be used.");
+	if (finished) {
+		TRACE(("leave cli_auth_try success"))
+		return DROPBEAR_SUCCESS;
 	}
-
-	TRACE(("leave cli_auth_try"))
+	TRACE(("leave cli_auth_try failure"))
+	return DROPBEAR_FAILURE;
 }
 
 /* A helper for getpass() that exits if the user cancels. The returned
--- a/cli-main.c	Wed Apr 03 00:43:31 2013 +0800
+++ b/cli-main.c	Wed Apr 03 00:49:24 2013 +0800
@@ -98,8 +98,7 @@
 	}
 
 	/* Do the cleanup first, since then the terminal will be reset */
-	cli_session_cleanup();
-	common_session_cleanup();
+	session_cleanup();
 
 	_dropbear_log(LOG_INFO, fmtbuf, param);
 
--- a/cli-session.c	Wed Apr 03 00:43:31 2013 +0800
+++ b/cli-session.c	Wed Apr 03 00:49:24 2013 +0800
@@ -42,6 +42,7 @@
 static void cli_session_init();
 static void cli_finished();
 static void recv_msg_service_accept(void);
+static void cli_session_cleanup(void);
 
 struct clientsession cli_ses; /* GLOBAL */
 
@@ -151,6 +152,8 @@
 	/* For printing "remote host closed" for the user */
 	ses.remoteclosed = cli_remoteclosed;
 
+	ses.extra_session_cleanup = cli_session_cleanup;
+
 	/* packet handlers */
 	ses.packettypes = cli_packettypes;
 
@@ -232,7 +235,9 @@
 			return;
 			
 		case USERAUTH_FAIL_RCVD:
-			cli_auth_try();
+			if (cli_auth_try() == DROPBEAR_FAILURE) {
+				dropbear_exit("No auth methods could be used.");
+			}
 			cli_ses.state = USERAUTH_REQ_SENT;
 			TRACE(("leave cli_sessionloop: cli_auth_try"))
 			return;
@@ -303,7 +308,7 @@
 
 }
 
-void cli_session_cleanup() {
+static void cli_session_cleanup(void) {
 
 	if (!sessinitdone) {
 		return;
@@ -321,8 +326,7 @@
 
 static void cli_finished() {
 
-	cli_session_cleanup();
-	common_session_cleanup();
+	session_cleanup();
 	fprintf(stderr, "Connection to %s@%s:%s closed.\n", cli_opts.username,
 			cli_opts.remotehost, cli_opts.remoteport);
 	exit(cli_ses.retval);
--- a/common-algo.c	Wed Apr 03 00:43:31 2013 +0800
+++ b/common-algo.c	Wed Apr 03 00:49:24 2013 +0800
@@ -214,8 +214,8 @@
 };
 
 algo_type sshkex[] = {
+	{"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1, NULL},
 	{"diffie-hellman-group14-sha1", DROPBEAR_KEX_DH_GROUP14, NULL, 1, NULL},
-	{"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1, NULL},
 #ifdef USE_KEXGUESS2
 	{KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL},
 #endif
--- a/common-session.c	Wed Apr 03 00:43:31 2013 +0800
+++ b/common-session.c	Wed Apr 03 00:49:24 2013 +0800
@@ -234,7 +234,7 @@
 }
 
 /* clean up a session on exit */
-void common_session_cleanup() {
+void session_cleanup() {
 	
 	TRACE(("enter session_cleanup"))
 	
@@ -243,6 +243,10 @@
 		TRACE(("leave session_cleanup: !sessinitdone"))
 		return;
 	}
+
+	if (ses.extra_session_cleanup) {
+		ses.extra_session_cleanup();
+	}
 	
 	m_free(ses.session_id);
 	m_burn(ses.keys, sizeof(struct key_context));
--- a/debug.h	Wed Apr 03 00:43:31 2013 +0800
+++ b/debug.h	Wed Apr 03 00:49:24 2013 +0800
@@ -71,7 +71,7 @@
 
 /* To debug with GDB it is easier to run with no forking of child processes.
    You will need to pass "-F" as well. */
-#define DEBUG_NOFORK
+/* #define DEBUG_NOFORK */
 
 
 /* For testing as non-root on shadowed systems, include the crypt of a password
--- a/random.c	Wed Apr 03 00:43:31 2013 +0800
+++ b/random.c	Wed Apr 03 00:49:24 2013 +0800
@@ -157,6 +157,9 @@
 	/* This is opportunistic, don't worry about failure */
 	unsigned char buf[INIT_SEED_SIZE];
 	FILE *f = fopen(DROPBEAR_URANDOM_DEV, "w");
+    if (!f) {
+        return;
+    }
 	genrandom(buf, sizeof(buf));
 	fwrite(buf, sizeof(buf), 1, f);
 	fclose(f);
--- a/session.h	Wed Apr 03 00:43:31 2013 +0800
+++ b/session.h	Wed Apr 03 00:49:24 2013 +0800
@@ -44,7 +44,7 @@
 
 void common_session_init(int sock_in, int sock_out);
 void session_loop(void(*loophandler)());
-void common_session_cleanup();
+void session_cleanup();
 void send_session_identification();
 void send_msg_ignore();
 
@@ -58,7 +58,6 @@
 
 /* Client */
 void cli_session(int sock_in, int sock_out);
-void cli_session_cleanup();
 void cleantext(unsigned char* dirtytext);
 
 /* crypto parameters that are stored individually for transmit and receive */
@@ -175,9 +174,9 @@
 	void(*remoteclosed)(); /* A callback to handle closure of the
 									  remote connection */
 
+	void(*extra_session_cleanup)(); /* client or server specific cleanup */
 	void(*send_kex_first_guess)();
 
-
 	struct AuthState authstate; /* Common amongst client and server, since most
 								   struct elements are common */
 
--- a/svr-session.c	Wed Apr 03 00:43:31 2013 +0800
+++ b/svr-session.c	Wed Apr 03 00:49:24 2013 +0800
@@ -72,6 +72,13 @@
 	NULL /* Null termination is mandatory. */
 };
 
+static void
+svr_session_cleanup(void)
+{
+	/* free potential public key options */
+	svr_pubkey_options_cleanup();
+}
+
 void svr_session(int sock, int childpipe) {
 	char *host, *port;
 	size_t len;
@@ -103,6 +110,7 @@
 
 	/* set up messages etc */
 	ses.remoteclosed = svr_remoteclosed;
+	ses.extra_session_cleanup = svr_session_cleanup;
 
 	/* packet handlers */
 	ses.packettypes = svr_packettypes;
@@ -159,11 +167,8 @@
 	if (svr_ses.server_pid == getpid())
 #endif
 	{
-		/* free potential public key options */
-		svr_pubkey_options_cleanup();
-
 		/* must be after we've done with username etc */
-		common_session_cleanup();
+		session_cleanup();
 	}
 
 	exit(exitcode);