added option to disable trivial auth methods (#128)

* added option to disable trivial auth methods

* rename argument to match with other ssh clients

* fixed trivial auth detection for pubkeys

8 files changed, 16 insertions, 1 deletions

diff --git a/cli-auth.c b/cli-auth.c
index 5fcacc3..5179230 100644
--- a/cli-auth.c
+++ b/cli-auth.c
@@ -261,6 +261,9 @@ void recv_msg_userauth_success() {
 	if DROPBEAR_CLI_IMMEDIATE_AUTH is set */
 
 	TRACE(("received msg_userauth_success"))
+	if (cli_opts.disable_trivial_auth && cli_ses.is_trivial_auth) {
+		dropbear_exit("trivial authentication not allowed");
+	}
 	/* Note: in delayed-zlib mode, setting authdone here 
 	 * will enable compression in the transport layer */
 	ses.authstate.authdone = 1;
diff --git a/cli-authinteract.c b/cli-authinteract.c
index e1cc9a1..f7128ee 100644
--- a/cli-authinteract.c
+++ b/cli-authinteract.c
@@ -114,6 +114,7 @@ void recv_msg_userauth_info_request() {
 	m_free(instruction);
 
 	for (i = 0; i < num_prompts; i++) {
+		cli_ses.is_trivial_auth = 0;
 		unsigned int response_len = 0;
 		prompt = buf_getstring(ses.payload, NULL);
 		cleantext(prompt);
diff --git a/cli-authpasswd.c b/cli-authpasswd.c
index 00fdd8b..a24d43e 100644
--- a/cli-authpasswd.c
+++ b/cli-authpasswd.c
@@ -155,7 +155,7 @@ void cli_auth_password() {
 
 	encrypt_packet();
 	m_burn(password, strlen(password));
-
+	cli_ses.is_trivial_auth = 0;
 	TRACE(("leave cli_auth_password"))
 }
 #endif	/* DROPBEAR_CLI_PASSWORD_AUTH */
diff --git a/cli-authpubkey.c b/cli-authpubkey.c
index 28c54fa..c0da77f 100644
--- a/cli-authpubkey.c
+++ b/cli-authpubkey.c
@@ -176,6 +176,7 @@ static void send_msg_userauth_pubkey(sign_key *key, enum signature_type sigtype,
 		buf_putbytes(sigbuf, ses.writepayload->data, ses.writepayload->len);
 		cli_buf_put_sign(ses.writepayload, key, sigtype, sigbuf);
 		buf_free(sigbuf); /* Nothing confidential in the buffer */
+		cli_ses.is_trivial_auth = 0;
 	}
 
 	encrypt_packet();
diff --git a/cli-runopts.c b/cli-runopts.c
index 3654b9a..255b47e 100644
--- a/cli-runopts.c
+++ b/cli-runopts.c
@@ -152,6 +152,7 @@ void cli_getopts(int argc, char ** argv) {
 #if DROPBEAR_CLI_ANYTCPFWD
 	cli_opts.exit_on_fwd_failure = 0;
 #endif
+	cli_opts.disable_trivial_auth = 0;
 #if DROPBEAR_CLI_LOCALTCPFWD
 	cli_opts.localfwds = list_new();
 	opts.listen_fwd_all = 0;
@@ -889,6 +890,7 @@ static void add_extendedopt(const char* origstr) {
 #if DROPBEAR_CLI_ANYTCPFWD
 			"\tExitOnForwardFailure\n"
 #endif
+			"\tDisableTrivialAuth\n"
 #ifndef DISABLE_SYSLOG
 			"\tUseSyslog\n"
 #endif
@@ -916,5 +918,10 @@ static void add_extendedopt(const char* origstr) {
 		return;
 	}
 
+	if (match_extendedopt(&optstr, "DisableTrivialAuth") == DROPBEAR_SUCCESS) {
+		cli_opts.disable_trivial_auth = parse_flag_value(optstr);
+		return;
+	}
+
 	dropbear_log(LOG_WARNING, "Ignoring unknown configuration option '%s'", origstr);
 }
diff --git a/cli-session.c b/cli-session.c
index 699286d..eee760e 100644
--- a/cli-session.c
+++ b/cli-session.c
@@ -165,6 +165,7 @@ static void cli_session_init(pid_t proxy_cmd_pid) {
 	/* Auth */
 	cli_ses.lastprivkey = NULL;
 	cli_ses.lastauthtype = 0;
+	cli_ses.is_trivial_auth = 1;
 
 	/* For printing "remote host closed" for the user */
 	ses.remoteclosed = cli_remoteclosed;
diff --git a/runopts.h b/runopts.h
index f2ae8c6..af60877 100644
--- a/runopts.h
+++ b/runopts.h
@@ -161,6 +161,7 @@ typedef struct cli_runopts {
 #if DROPBEAR_CLI_ANYTCPFWD
 	int exit_on_fwd_failure;
 #endif
+	int disable_trivial_auth;
 #if DROPBEAR_CLI_REMOTETCPFWD
 	m_list * remotefwds;
 #endif
diff --git a/session.h b/session.h
index fb5b8cb..6706592 100644
--- a/session.h
+++ b/session.h
@@ -316,6 +316,7 @@ struct clientsession {
 
 	int lastauthtype; /* either AUTH_TYPE_PUBKEY or AUTH_TYPE_PASSWORD,
 						 for the last type of auth we tried */
+	int is_trivial_auth;
 	int ignore_next_auth_response;
 #if DROPBEAR_CLI_INTERACT_AUTH
 	int auth_interact_failed; /* flag whether interactive auth can still