changeset 686:983a817f8e41 insecure-nocrypto

- Only request "none" cipher after auth has succeeded
author Matt Johnston <matt@ucc.asn.au>
date Thu, 17 May 2012 20:52:57 +0800
parents 5af8993f7529
children 91dd8328a3ff
files cli-auth.c cli-session.c common-algo.c options.h session.h
diffstat 5 files changed, 54 insertions(+), 15 deletions(-) [+]
line wrap: on
line diff
--- a/cli-auth.c	Thu May 17 08:33:11 2012 +0800
+++ b/cli-auth.c	Thu May 17 20:52:57 2012 +0800
@@ -257,13 +257,9 @@
 #endif
 
 #ifdef ENABLE_CLI_INTERACT_AUTH
-#if defined(DROPBEAR_NONE_CIPHER) && !defined(ALLOW_NONE_PASSWORD_AUTH)
 	if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
 		fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
-	}
-	else 
-#endif
-	if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
+	} else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
 		if (cli_ses.auth_interact_failed) {
 			finished = 0;
 		} else {
@@ -275,13 +271,9 @@
 #endif
 
 #ifdef ENABLE_CLI_PASSWORD_AUTH
-#if defined(DROPBEAR_NONE_CIPHER) && !defined(ALLOW_NONE_PASSWORD_AUTH)
 	if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
 		fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
-	}
-	else 
-#endif
-	if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
+	} else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
 		cli_auth_password();
 		finished = 1;
 		cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
--- a/cli-session.c	Thu May 17 08:33:11 2012 +0800
+++ b/cli-session.c	Thu May 17 20:52:57 2012 +0800
@@ -133,6 +133,13 @@
 	cli_ses.lastprivkey = NULL;
 	cli_ses.lastauthtype = 0;
 
+#ifdef DROPBEAR_NONE_CIPHER
+	cli_ses.cipher_none_after_auth = get_algo_usable(sshciphers, "none");
+	set_algo_usable(sshciphers, "none", 0);
+#else
+	cli_ses.cipher_none_after_auth = 0;
+#endif
+
 	/* For printing "remote host closed" for the user */
 	ses.remoteclosed = cli_remoteclosed;
 	ses.buf_match_algo = cli_buf_match_algo;
@@ -207,6 +214,14 @@
 
 		case USERAUTH_SUCCESS_RCVD:
 
+#ifdef DROPBEAR_NONE_CIPHER
+			if (cli_ses.cipher_none_after_auth)
+			{
+				set_algo_usable(sshciphers, "none", 1);
+				send_msg_kexinit();
+			}
+#endif
+
 			if (cli_opts.backgrounded) {
 				int devnull;
 				/* keeping stdin open steals input from the terminal and
--- a/common-algo.c	Thu May 17 08:33:11 2012 +0800
+++ b/common-algo.c	Thu May 17 20:52:57 2012 +0800
@@ -301,6 +301,38 @@
 	buf_free(algolist);
 }
 
+#ifdef DROPBEAR_NONE_CIPHER
+
+void
+set_algo_usable(algo_type algos[], const char * algo_name, int usable)
+{
+	algo_type *a;
+	for (a = algos; a->name != NULL; a++)
+	{
+		if (strcmp(a->name, algo_name) == 0)
+		{
+			a->usable = usable;
+			return;
+		}
+	}
+}
+
+int
+get_algo_usable(algo_type algos[], const char * algo_name)
+{
+	algo_type *a;
+	for (a = algos; a->name != NULL; a++)
+	{
+		if (strcmp(a->name, algo_name) == 0)
+		{
+			return a->usable;
+		}
+	}
+	return 0;
+}
+
+#endif // DROPBEAR_NONE_CIPHER
+
 #ifdef ENABLE_USER_ALGO_LIST
 
 char *
@@ -367,7 +399,8 @@
 		{
 			*c = '\0';
 			try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);
-			last_name = c++;
+			c++;
+			last_name = c;
 		}
 	}
 	try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);
--- a/options.h	Thu May 17 08:33:11 2012 +0800
+++ b/options.h	Thu May 17 20:52:57 2012 +0800
@@ -106,10 +106,6 @@
  * the only safe auth method is public key. */
 #define DROPBEAR_NONE_CIPHER
 
-/* Define this to allow password authentication even when no encryption
- * is being used. This can be unsafe */
-#define ALLOW_NONE_PASSWORD_AUTH
-
 /* Message Integrity - at least one required.
  * Protocol RFC requires sha1 and recommends sha1-96.
  * sha1-96 is of use for slow links as it has a smaller overhead.
--- a/session.h	Thu May 17 08:33:11 2012 +0800
+++ b/session.h	Thu May 17 20:52:57 2012 +0800
@@ -269,6 +269,9 @@
 	int interact_request_received; /* flag whether we've received an 
 									  info request from the server for
 									  interactive auth.*/
+
+	int cipher_none_after_auth; /* Set to 1 if the user requested "none"
+								   auth */
 #endif
 	sign_key *lastprivkey;