- Only request "none" cipher after auth has succeeded

--HG--
branch : insecure-nocrypto

cli-auth.c

@@ -257,13 +257,9 @@ void cli_auth_try() {
 #endif
 
 #ifdef ENABLE_CLI_INTERACT_AUTH
-#if defined(DROPBEAR_NONE_CIPHER) && !defined(ALLOW_NONE_PASSWORD_AUTH)
 	if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
 		fprintf(stderr, "Sorry, I won't let you use interactive auth unencrypted.\n");
-	}
+	} else if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
-	else 
-#endif
-	if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
 		if (cli_ses.auth_interact_failed) {
 			finished = 0;
 		} else {
@@ -275,13 +271,9 @@ void cli_auth_try() {
 #endif
 
 #ifdef ENABLE_CLI_PASSWORD_AUTH
-#if defined(DROPBEAR_NONE_CIPHER) && !defined(ALLOW_NONE_PASSWORD_AUTH)
 	if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
 		fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
-	}
+	} else if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
-	else 
-#endif
-	if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
 		cli_auth_password();
 		finished = 1;
 		cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;

cli-session.c

@@ -133,6 +133,13 @@ static void cli_session_init() {
 	cli_ses.lastprivkey = NULL;
 	cli_ses.lastauthtype = 0;
 
+#ifdef DROPBEAR_NONE_CIPHER
+	cli_ses.cipher_none_after_auth = get_algo_usable(sshciphers, "none");
+	set_algo_usable(sshciphers, "none", 0);
+#else
+	cli_ses.cipher_none_after_auth = 0;
+#endif
+
 	/* For printing "remote host closed" for the user */
 	ses.remoteclosed = cli_remoteclosed;
 	ses.buf_match_algo = cli_buf_match_algo;
@@ -207,6 +214,14 @@ static void cli_sessionloop() {
 
 		case USERAUTH_SUCCESS_RCVD:
 
+#ifdef DROPBEAR_NONE_CIPHER
+			if (cli_ses.cipher_none_after_auth)
+			{
+				set_algo_usable(sshciphers, "none", 1);
+				send_msg_kexinit();
+			}
+#endif
+
 			if (cli_opts.backgrounded) {
 				int devnull;
 				/* keeping stdin open steals input from the terminal and

common-algo.c

@@ -301,6 +301,38 @@ void buf_put_algolist(buffer * buf, algo_type localalgos[]) {
 	buf_free(algolist);
 }
 
+#ifdef DROPBEAR_NONE_CIPHER
+
+void
+set_algo_usable(algo_type algos[], const char * algo_name, int usable)
+{
+	algo_type *a;
+	for (a = algos; a->name != NULL; a++)
+	{
+		if (strcmp(a->name, algo_name) == 0)
+		{
+			a->usable = usable;
+			return;
+		}
+	}
+}
+
+int
+get_algo_usable(algo_type algos[], const char * algo_name)
+{
+	algo_type *a;
+	for (a = algos; a->name != NULL; a++)
+	{
+		if (strcmp(a->name, algo_name) == 0)
+		{
+			return a->usable;
+		}
+	}
+	return 0;
+}
+
+#endif // DROPBEAR_NONE_CIPHER
+
 #ifdef ENABLE_USER_ALGO_LIST
 
 char *
@@ -367,7 +399,8 @@ check_user_algos(const char* user_algo_list, algo_type * algos,
 		{
 			*c = '\0';
 			try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);
-			last_name = c++;
+			c++;
+			last_name = c;
 		}
 	}
 	try_add_algo(last_name, algos, algo_desc, new_algos, &num_ret);

options.h

@@ -106,10 +106,6 @@ much traffic. */
  * the only safe auth method is public key. */
 #define DROPBEAR_NONE_CIPHER
 
-/* Define this to allow password authentication even when no encryption
- * is being used. This can be unsafe */
-#define ALLOW_NONE_PASSWORD_AUTH
-
 /* Message Integrity - at least one required.
  * Protocol RFC requires sha1 and recommends sha1-96.
  * sha1-96 is of use for slow links as it has a smaller overhead.

session.h

@@ -269,6 +269,9 @@ struct clientsession {
 	int interact_request_received; /* flag whether we've received an 
 									  info request from the server for
 									  interactive auth.*/
+
+	int cipher_none_after_auth; /* Set to 1 if the user requested "none"
+								   auth */
 #endif
 	sign_key *lastprivkey;