changeset 685:5af8993f7529 insecure-nocrypto

Add ALLOW_NONE_PASSWORD_AUTH option
author Matt Johnston <matt@ucc.asn.au>
date Thu, 17 May 2012 08:33:11 +0800
parents c37857676924
children 983a817f8e41
files cli-auth.c options.h
diffstat 2 files changed, 13 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/cli-auth.c	Thu May 17 08:09:19 2012 +0800
+++ b/cli-auth.c	Thu May 17 08:33:11 2012 +0800
@@ -257,10 +257,13 @@
 #endif
 
 #ifdef ENABLE_CLI_INTERACT_AUTH
+#if defined(DROPBEAR_NONE_CIPHER) && !defined(ALLOW_NONE_PASSWORD_AUTH)
 	if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
 		fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
 	}
-	else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
+	else 
+#endif
+	if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
 		if (cli_ses.auth_interact_failed) {
 			finished = 0;
 		} else {
@@ -272,10 +275,13 @@
 #endif
 
 #ifdef ENABLE_CLI_PASSWORD_AUTH
+#if defined(DROPBEAR_NONE_CIPHER) && !defined(ALLOW_NONE_PASSWORD_AUTH)
 	if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
 		fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
 	}
-	else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
+	else 
+#endif
+	if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
 		cli_auth_password();
 		finished = 1;
 		cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
--- a/options.h	Thu May 17 08:09:19 2012 +0800
+++ b/options.h	Thu May 17 08:33:11 2012 +0800
@@ -103,15 +103,13 @@
 /* You can compile with no encryption if you want. In some circumstances
  * this could be safe security-wise, though make sure you know what
  * you're doing. Anyone can see everything that goes over the wire, so
- * the only safe auth method is public key. You'll have to disable all other
- * ciphers above in the client if you want to use this, or implement cipher
- * prioritisation in cli-runopts.
- *
- * The best way to do things is probably make normal compile of dropbear with
- * all ciphers including "none" as the server, then recompile a special
- * "dbclient-insecure" client. */
+ * the only safe auth method is public key. */
 #define DROPBEAR_NONE_CIPHER
 
+/* Define this to allow password authentication even when no encryption
+ * is being used. This can be unsafe */
+#define ALLOW_NONE_PASSWORD_AUTH
+
 /* Message Integrity - at least one required.
  * Protocol RFC requires sha1 and recommends sha1-96.
  * sha1-96 is of use for slow links as it has a smaller overhead.