From e1491b8ec67e0e24b93a7b2997172d57b23a933c Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Thu, 29 Jul 2004 02:19:03 +0000
Subject: [PATCH] set the isserver flag (oops) fix password auth for the server

--HG--
extra : convert_revision : 234eb604aabaef9ed0dd496ff8db8ecc212ca18c
---
 cli-auth.c       | 25 ++-----------------------
 cli-authpasswd.c |  5 +++--
 cli-session.c    |  3 ++-
 common-kex.c     | 11 ++++++-----
 svr-auth.c       |  7 ++++++-
 svr-session.c    |  2 ++
 6 files changed, 21 insertions(+), 32 deletions(-)

diff --git a/cli-auth.c b/cli-auth.c
index d222d7e..3759ff5 100644
--- a/cli-auth.c
+++ b/cli-auth.c
@@ -13,27 +13,6 @@ void cli_authinitialise() {
 }
 
 
-void cli_get_user() {
-
-	uid_t uid;
-	struct passwd *pw; 
-
-	TRACE(("enter cli_get_user"));
-	if (cli_opts.username != NULL) {
-		ses.authstate.username = cli_opts.username;
-	} else {
-		uid = getuid();
-		
-		pw = getpwuid(uid);
-		if (pw == NULL || pw->pw_name == NULL) {
-			dropbear_exit("Couldn't find username for current user");
-		}
-
-		ses.authstate.username = m_strdup(pw->pw_name);
-	}
-	TRACE(("leave cli_get_user: %s", ses.authstate.username));
-}
-
 /* Send a "none" auth request to get available methods */
 void cli_auth_getmethods() {
 
@@ -42,8 +21,8 @@ void cli_auth_getmethods() {
 	CHECKCLEARTOWRITE();
 
 	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
-	buf_putstring(ses.writepayload, ses.authstate.username,
-			strlen(ses.authstate.username));
+	buf_putstring(ses.writepayload, cli_opts.username, 
+			strlen(cli_opts.username));
 	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, 
 			SSH_SERVICE_CONNECTION_LEN);
 	buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
diff --git a/cli-authpasswd.c b/cli-authpasswd.c
index 6185334..c04d240 100644
--- a/cli-authpasswd.c
+++ b/cli-authpasswd.c
@@ -3,6 +3,7 @@
 #include "dbutil.h"
 #include "session.h"
 #include "ssh.h"
+#include "runopts.h"
 
 int cli_auth_password() {
 
@@ -14,8 +15,8 @@ int cli_auth_password() {
 
 	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
 
-	buf_putstring(ses.writepayload, ses.authstate.username,
-			strlen(ses.authstate.username));
+	buf_putstring(ses.writepayload, cli_opts.username,
+			strlen(cli_opts.username));
 
 	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, 
 			SSH_SERVICE_CONNECTION_LEN);
diff --git a/cli-session.c b/cli-session.c
index 2ae2719..c999aed 100644
--- a/cli-session.c
+++ b/cli-session.c
@@ -83,6 +83,8 @@ static void cli_session_init() {
 
 	/* packet handlers */
 	ses.packettypes = cli_packettypes;
+
+	ses.isserver = 0;
 }
 
 /* This function drives the progress of the session - it initiates KEX,
@@ -136,7 +138,6 @@ static void cli_sessionloop() {
 
 		/* userauth code */
 		case SERVICE_AUTH_ACCEPT_RCVD:
-			cli_get_user();
 			cli_auth_getmethods();
 			cli_ses.state = USERAUTH_METHODS_SENT;
 			TRACE(("leave cli_sessionloop: sent userauth methods req"));
diff --git a/common-kex.c b/common-kex.c
index 07b221b..49cbfa4 100644
--- a/common-kex.c
+++ b/common-kex.c
@@ -55,7 +55,7 @@ const unsigned char dh_p_val[] = {
 const int DH_G_VAL = 2;
 
 static void kexinitialise();
-static void gen_new_keys();
+void gen_new_keys();
 #ifndef DISABLE_ZLIB
 static void gen_new_zstreams();
 #endif
@@ -253,7 +253,7 @@ static void hashkeys(unsigned char *out, int outlen,
  * taken into use after both sides have sent a newkeys message */
 
 /* Originally from kex.c, generalized for cli/svr mode --mihnea */
-static void gen_new_keys() {
+void gen_new_keys() {
 
 	unsigned char C2S_IV[MAX_IV_LEN];
 	unsigned char C2S_key[MAX_KEY_LEN];
@@ -276,9 +276,6 @@ static void gen_new_keys() {
 	sha1_process(&hs, ses.hash, SHA1_HASH_SIZE);
 	m_burn(ses.hash, SHA1_HASH_SIZE);
 
-	hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A');
-	hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B');
-
 	if (IS_DROPBEAR_CLIENT) {
 	    trans_IV	= C2S_IV;
 	    recv_IV		= S2C_IV;
@@ -299,6 +296,8 @@ static void gen_new_keys() {
 		macrecvletter = 'E';
 	}
 
+	hashkeys(C2S_IV, SHA1_HASH_SIZE, &hs, 'A');
+	hashkeys(S2C_IV, SHA1_HASH_SIZE, &hs, 'B');
 	hashkeys(C2S_key, C2S_keysize, &hs, 'C');
 	hashkeys(S2C_key, S2C_keysize, &hs, 'D');
 
@@ -580,6 +579,8 @@ void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them,
 	sha1_process(&hs, buf_getptr(ses.kexhashbuf, ses.kexhashbuf->len),
 			ses.kexhashbuf->len);
 	sha1_done(&hs, ses.hash);
+
+	buf_burn(ses.kexhashbuf);
 	buf_free(ses.kexhashbuf);
 	ses.kexhashbuf = NULL;
 	
diff --git a/svr-auth.c b/svr-auth.c
index 0f0ef67..db1d6a4 100644
--- a/svr-auth.c
+++ b/svr-auth.c
@@ -58,7 +58,7 @@ static void authclear() {
 	ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
 #endif
 #ifdef DROPBEAR_PASSWORD_AUTH
-	if (svr_opts.noauthpass) {
+	if (!svr_opts.noauthpass) {
 		ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
 	}
 #endif
@@ -100,6 +100,7 @@ void recv_msg_userauth_request() {
 
 	/* ignore packets if auth is already done */
 	if (ses.authstate.authdone == 1) {
+		TRACE(("leave recv_msg_userauth_request: authdone already"));
 		return;
 	}
 
@@ -129,6 +130,7 @@ void recv_msg_userauth_request() {
 	if (methodlen == AUTH_METHOD_NONE_LEN &&
 			strncmp(methodname, AUTH_METHOD_NONE,
 				AUTH_METHOD_NONE_LEN) == 0) {
+		TRACE(("recv_msg_userauth_request: 'none' request"));
 		send_msg_userauth_failure(0, 0);
 		goto out;
 	}
@@ -305,6 +307,9 @@ void send_msg_userauth_failure(int partial, int incrfail) {
 	buf_putbyte(ses.writepayload, partial ? 1 : 0);
 	encrypt_packet();
 
+	TRACE(("auth fail: methods %d, '%s'", ses.authstate.authtypes,
+				buf_getptr(typebuf, typebuf->len)));
+
 	if (incrfail) {
 		usleep(300000); /* XXX improve this */
 		ses.authstate.failcount++;
diff --git a/svr-session.c b/svr-session.c
index 80c622a..c9aed49 100644
--- a/svr-session.c
+++ b/svr-session.c
@@ -96,6 +96,8 @@ void svr_session(int sock, int childpipe, char* remotehost) {
 	ses.packettypes = svr_packettypes;
 	ses.buf_match_algo = svr_buf_match_algo;
 
+	ses.isserver = 1;
+
 	/* We're ready to go now */
 	sessinitdone = 1;