merge kexguess branch

author: Matt Johnston <matt@ucc.asn.au> 2013-04-03 00:49:24 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2013-04-03 00:49:24 +0800
commit: 41ed7ee8b752fbf9664fe4cccbd7a7cefb413351 (patch)
tree: 22c47b56518176289d11f57eb9257940b86bdb35
parent: 0edb52169005774051a49a7e515e753c1bd2dd76 (diff)
parent: 48070296ce82755b2173c7b9c84ff2b101abc7c0 (diff)
download: dropbear-41ed7ee8b752fbf9664fe4cccbd7a7cefb413351.tar.gz
10 files changed, 63 insertions, 41 deletions
diff --git a/auth.h b/auth.h
index 0fd9c73..df6634e 100644
--- a/auth.h
+++ b/auth.h
@@ -67,7 +67,7 @@ void recv_msg_userauth_pk_ok();
 void recv_msg_userauth_info_request();
 void cli_get_user();
 void cli_auth_getmethods();
-void cli_auth_try();
+int cli_auth_try();
 void recv_msg_userauth_banner();
 void cli_pubkeyfail();
 void cli_auth_password();
diff --git a/cli-auth.c b/cli-auth.c
index 7dc101f..efa9e9b 100644
--- a/cli-auth.c
+++ b/cli-auth.c
@@ -42,9 +42,15 @@ void cli_authinitialise() {
 void cli_auth_getmethods() {
 	TRACE(("enter cli_auth_getmethods"))
 #ifdef CLI_IMMEDIATE_AUTH
-	ses.authstate.authtypes = AUTH_TYPE_PUBKEY | AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
-	cli_auth_try();
-#else
+	ses.authstate.authtypes = AUTH_TYPE_PUBKEY;
+    if (getenv(DROPBEAR_PASSWORD_ENV)) {
+		ses.authstate.authtypes |= AUTH_TYPE_PASSWORD | AUTH_TYPE_INTERACT;
+	}
+	if (cli_auth_try() == DROPBEAR_SUCCESS) {
+		TRACE(("skipped initial none auth query"))
+		return;
+	}
+#endif
 	CHECKCLEARTOWRITE();
 	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
 	buf_putstring(ses.writepayload, cli_opts.username, 
@@ -54,7 +60,6 @@ void cli_auth_getmethods() {
 	buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
 
 	encrypt_packet();
-#endif
 	TRACE(("leave cli_auth_getmethods"))
 }
 
@@ -241,7 +246,7 @@ void recv_msg_userauth_success() {
 #endif
 }
 
-void cli_auth_try() {
+int cli_auth_try() {
 
 	int finished = 0;
 	TRACE(("enter cli_auth_try"))
@@ -257,37 +262,40 @@ void cli_auth_try() {
 	}
 #endif
 
-#ifdef ENABLE_CLI_INTERACT_AUTH
-	if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
-		fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
-	} else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
-		if (cli_ses.auth_interact_failed) {
-			finished = 0;
+#ifdef ENABLE_CLI_PASSWORD_AUTH
+	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
+		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
+			fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
 		} else {
-			cli_auth_interactive();
-			cli_ses.lastauthtype = AUTH_TYPE_INTERACT;
+			cli_auth_password();
 			finished = 1;
+			cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
 		}
 	}
 #endif
 
-#ifdef ENABLE_CLI_PASSWORD_AUTH
-	if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
-		fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
-	} else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
-		cli_auth_password();
-		finished = 1;
-		cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
+#ifdef ENABLE_CLI_INTERACT_AUTH
+	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) {
+		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
+			fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
+		} else {
+			if (!cli_ses.auth_interact_failed) {
+				cli_auth_interactive();
+				cli_ses.lastauthtype = AUTH_TYPE_INTERACT;
+				finished = 1;
+			}
+		}
 	}
 #endif
 
 	TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype))
 
-	if (!finished) {
-		dropbear_exit("No auth methods could be used.");
+	if (finished) {
+		TRACE(("leave cli_auth_try success"))
+		return DROPBEAR_SUCCESS;
 	}
-
-	TRACE(("leave cli_auth_try"))
+	TRACE(("leave cli_auth_try failure"))
+	return DROPBEAR_FAILURE;
 }
 
 /* A helper for getpass() that exits if the user cancels. The returned
diff --git a/cli-main.c b/cli-main.c
index 5f72969..1a8b02e 100644
--- a/cli-main.c
+++ b/cli-main.c
@@ -98,8 +98,7 @@ static void cli_dropbear_exit(int exitcode, const char* format, va_list param) {
 	}
 
 	/* Do the cleanup first, since then the terminal will be reset */
-	cli_session_cleanup();
-	common_session_cleanup();
+	session_cleanup();
 
 	_dropbear_log(LOG_INFO, fmtbuf, param);
 
diff --git a/cli-session.c b/cli-session.c
index 32b7ac7..9d4bcde 100644
--- a/cli-session.c
+++ b/cli-session.c
@@ -42,6 +42,7 @@ static void cli_sessionloop();
 static void cli_session_init();
 static void cli_finished();
 static void recv_msg_service_accept(void);
+static void cli_session_cleanup(void);
 
 struct clientsession cli_ses; /* GLOBAL */
 
@@ -151,6 +152,8 @@ static void cli_session_init() {
 	/* For printing "remote host closed" for the user */
 	ses.remoteclosed = cli_remoteclosed;
 
+	ses.extra_session_cleanup = cli_session_cleanup;
+
 	/* packet handlers */
 	ses.packettypes = cli_packettypes;
 
@@ -232,7 +235,9 @@ static void cli_sessionloop() {
 			return;
 			
 		case USERAUTH_FAIL_RCVD:
-			cli_auth_try();
+			if (cli_auth_try() == DROPBEAR_FAILURE) {
+				dropbear_exit("No auth methods could be used.");
+			}
 			cli_ses.state = USERAUTH_REQ_SENT;
 			TRACE(("leave cli_sessionloop: cli_auth_try"))
 			return;
@@ -303,7 +308,7 @@ static void cli_sessionloop() {
 
 }
 
-void cli_session_cleanup() {
+static void cli_session_cleanup(void) {
 
 	if (!sessinitdone) {
 		return;
@@ -321,8 +326,7 @@ void cli_session_cleanup() {
 
 static void cli_finished() {
 
-	cli_session_cleanup();
-	common_session_cleanup();
+	session_cleanup();
 	fprintf(stderr, "Connection to %s@%s:%s closed.\n", cli_opts.username,
 			cli_opts.remotehost, cli_opts.remoteport);
 	exit(cli_ses.retval);
diff --git a/common-algo.c b/common-algo.c
index c74463c..14c157b 100644
--- a/common-algo.c
+++ b/common-algo.c
@@ -214,8 +214,8 @@ algo_type sshhostkey[] = {
 };
 
 algo_type sshkex[] = {
-	{"diffie-hellman-group14-sha1", DROPBEAR_KEX_DH_GROUP14, NULL, 1, NULL},
 	{"diffie-hellman-group1-sha1", DROPBEAR_KEX_DH_GROUP1, NULL, 1, NULL},
+	{"diffie-hellman-group14-sha1", DROPBEAR_KEX_DH_GROUP14, NULL, 1, NULL},
 #ifdef USE_KEXGUESS2
 	{KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL},
 #endif
diff --git a/common-session.c b/common-session.c
index ec5c9ed..b514796 100644
--- a/common-session.c
+++ b/common-session.c
@@ -234,7 +234,7 @@ void session_loop(void(*loophandler)()) {
 }
 
 /* clean up a session on exit */
-void common_session_cleanup() {
+void session_cleanup() {
 	
 	TRACE(("enter session_cleanup"))
 	
@@ -243,6 +243,10 @@ void common_session_cleanup() {
 		TRACE(("leave session_cleanup: !sessinitdone"))
 		return;
 	}
+
+	if (ses.extra_session_cleanup) {
+		ses.extra_session_cleanup();
+	}
 	
 	m_free(ses.session_id);
 	m_burn(ses.keys, sizeof(struct key_context));
diff --git a/debug.h b/debug.h
index 6899ef5..289c577 100644
--- a/debug.h
+++ b/debug.h
@@ -71,7 +71,7 @@
 
 /* To debug with GDB it is easier to run with no forking of child processes.
    You will need to pass "-F" as well. */
-#define DEBUG_NOFORK
+/* #define DEBUG_NOFORK */
 
 
 /* For testing as non-root on shadowed systems, include the crypt of a password
diff --git a/random.c b/random.c
index 0378e9a..f935e21 100644
--- a/random.c
+++ b/random.c
@@ -157,6 +157,9 @@ static void write_urandom()
 	/* This is opportunistic, don't worry about failure */
 	unsigned char buf[INIT_SEED_SIZE];
 	FILE *f = fopen(DROPBEAR_URANDOM_DEV, "w");
+    if (!f) {
+        return;
+    }
 	genrandom(buf, sizeof(buf));
 	fwrite(buf, sizeof(buf), 1, f);
 	fclose(f);
diff --git a/session.h b/session.h
index 9bbeac4..a76fa99 100644
--- a/session.h
+++ b/session.h
@@ -44,7 +44,7 @@ extern int exitflag;
 
 void common_session_init(int sock_in, int sock_out);
 void session_loop(void(*loophandler)());
-void common_session_cleanup();
+void session_cleanup();
 void send_session_identification();
 void send_msg_ignore();
 
@@ -58,7 +58,6 @@ void svr_dropbear_log(int priority, const char* format, va_list param);
 
 /* Client */
 void cli_session(int sock_in, int sock_out);
-void cli_session_cleanup();
 void cleantext(unsigned char* dirtytext);
 
 /* crypto parameters that are stored individually for transmit and receive */
@@ -175,9 +174,9 @@ struct sshsession {
 	void(*remoteclosed)(); /* A callback to handle closure of the
 									  remote connection */
 
+	void(*extra_session_cleanup)(); /* client or server specific cleanup */
 	void(*send_kex_first_guess)();
 
-
 	struct AuthState authstate; /* Common amongst client and server, since most
 								   struct elements are common */
 
diff --git a/svr-session.c b/svr-session.c
index 6d76939..3a979a1 100644
--- a/svr-session.c
+++ b/svr-session.c
@@ -72,6 +72,13 @@ static const struct ChanType *svr_chantypes[] = {
 	NULL /* Null termination is mandatory. */
 };
 
+static void
+svr_session_cleanup(void)
+{
+	/* free potential public key options */
+	svr_pubkey_options_cleanup();
+}
+
 void svr_session(int sock, int childpipe) {
 	char *host, *port;
 	size_t len;
@@ -103,6 +110,7 @@ void svr_session(int sock, int childpipe) {
 
 	/* set up messages etc */
 	ses.remoteclosed = svr_remoteclosed;
+	ses.extra_session_cleanup = svr_session_cleanup;
 
 	/* packet handlers */
 	ses.packettypes = svr_packettypes;
@@ -159,11 +167,8 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
 	if (svr_ses.server_pid == getpid())
 #endif
 	{
-		/* free potential public key options */
-		svr_pubkey_options_cleanup();
-
 		/* must be after we've done with username etc */
-		common_session_cleanup();
+		session_cleanup();
 	}
 
 	exit(exitcode);
author	Matt Johnston <matt@ucc.asn.au>	2013-04-03 00:49:24 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2013-04-03 00:49:24 +0800
commit	41ed7ee8b752fbf9664fe4cccbd7a7cefb413351 (patch)
tree	22c47b56518176289d11f57eb9257940b86bdb35
parent	0edb52169005774051a49a7e515e753c1bd2dd76 (diff)
parent	48070296ce82755b2173c7b9c84ff2b101abc7c0 (diff)
download	dropbear-41ed7ee8b752fbf9664fe4cccbd7a7cefb413351.tar.gz