cli-runopts.c: add PasswordAuthentication option

src/cli-auth.c

@@ -245,7 +245,7 @@ void recv_msg_userauth_failure() {
 			}
 #endif
 #if DROPBEAR_CLI_PASSWORD_AUTH
-			if (strncmp(AUTH_METHOD_PASSWORD, tok,
+			if (cli_opts.password_authentication && strncmp(AUTH_METHOD_PASSWORD, tok,
 				AUTH_METHOD_PASSWORD_LEN) == 0) {
 				ses.authstate.authtypes |= AUTH_TYPE_PASSWORD;
 			}
@@ -311,7 +311,7 @@ int cli_auth_try() {
 #endif
 
 #if DROPBEAR_CLI_PASSWORD_AUTH
-	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
+	if (!finished && cli_opts.password_authentication && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
 		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
 			fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
 		} else {

src/cli-runopts.c

@@ -154,6 +154,7 @@ void cli_getopts(int argc, char ** argv) {
 	cli_opts.exit_on_fwd_failure = 0;
 #endif
 	cli_opts.disable_trivial_auth = 0;
+	cli_opts.password_authentication = 1;
 #if DROPBEAR_CLI_LOCALTCPFWD
 	cli_opts.localfwds = list_new();
 	opts.listen_fwd_all = 0;
@@ -902,6 +903,7 @@ static void add_extendedopt(const char* origstr) {
 #if DROPBEAR_CLI_PUBKEY_AUTH
 			"\tIdentityFile\n"
 #endif
+			"\tPasswordAuthentication\n"
 			"\tPort\n"
 #if DROPBEAR_CLI_PROXYCMD
 			"\tProxyCommand\n"
@@ -953,6 +955,13 @@ static void add_extendedopt(const char* origstr) {
 	}
 #endif
 
+#if DROPBEAR_CLI_PASSWORD_AUTH
+	if (match_extendedopt(&optstr, "PasswordAuthentication") == DROPBEAR_SUCCESS) {
+		cli_opts.password_authentication = parse_flag_value(optstr);
+		return;
+	}
+#endif
+
 	if (match_extendedopt(&optstr, "Port") == DROPBEAR_SUCCESS) {
 		cli_opts.remoteport = optstr;
 		return;

src/runopts.h

@@ -170,6 +170,7 @@ typedef struct cli_runopts {
 	int exit_on_fwd_failure;
 #endif
 	int disable_trivial_auth;
+	int password_authentication;
 #if DROPBEAR_CLI_REMOTETCPFWD
 	m_list * remotefwds;
 #endif