Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Asynchronous user authentication. #541

Closed
wants to merge 3 commits into from
Closed

Asynchronous user authentication. #541

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2be9edb
Asynchronous user authentication.
falemagn Jul 21, 2023
ece378f
Added missing comma.
falemagn Oct 20, 2023
6695a0b
In DoUserAuthRequestPassword() do not set ssh->clientState to CLIENT_…
falemagn Nov 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 39 additions & 15 deletions src/internal.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -430,6 +430,9 @@ const char* GetErrorString(int err)
case WS_KEY_FORMAT_E:
return "key format wrong error";

case WS_AUTH_PENDING:
return "userauth is still pending (callback would block)";

default:
return "Unknown error code";
}
Expand Down Expand Up @@ -5344,6 +5347,10 @@ static int DoUserAuthRequestNone(WOLFSSH* ssh, WS_UserAuthData* authData,
ret = WS_USER_AUTH_E;
#endif
}
else if (ret == WOLFSSH_USERAUTH_WOULD_BLOCK) {
WLOG(WS_LOG_DEBUG, "DUARN: userauth callback would block");
ret = WS_AUTH_PENDING;
}
else {
WLOG(WS_LOG_DEBUG, "DUARN: none check failed, retry");
ret = SendUserAuthFailure(ssh, 0);
Expand Down Expand Up @@ -5429,6 +5436,10 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
#endif
ret = WS_USER_AUTH_E;
}
else if (ret == WOLFSSH_USERAUTH_WOULD_BLOCK) {
WLOG(WS_LOG_DEBUG, "DUARPW: userauth callback would block");
ret = WS_AUTH_PENDING;
}
else {
WLOG(WS_LOG_DEBUG, "DUARPW: password check failed, retry");
authFailure = 1;
Expand All @@ -5447,7 +5458,7 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
if (authFailure || partialSuccess) {
ret = SendUserAuthFailure(ssh, partialSuccess);
}
else {
else if (ret == WS_SUCCESS) {
ssh->clientState = CLIENT_USERAUTH_DONE;
}

Expand Down Expand Up @@ -6241,6 +6252,7 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY,
authData, ssh->userAuthCtx);
WLOG(WS_LOG_DEBUG, "DUARPK: callback result = %d", ret);

#ifdef DEBUG_WOLFSSH
switch (ret) {
case WOLFSSH_USERAUTH_SUCCESS:
Expand Down Expand Up @@ -6270,20 +6282,29 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
case WOLFSSH_USERAUTH_PARTIAL_SUCCESS:
WLOG(WS_LOG_DEBUG, "DUARPK: user auth partial success");
break;

case WOLFSSH_USERAUTH_WOULD_BLOCK:
WLOG(WS_LOG_DEBUG, "DUARPK: userauth callback would block");
break;

default:
WLOG(WS_LOG_DEBUG,
"Unexpected return value from Auth callback");
}
#endif

if (ret == WOLFSSH_USERAUTH_PARTIAL_SUCCESS) {
partialSuccess = 1;
if (ret == WOLFSSH_USERAUTH_WOULD_BLOCK) {
ret = WS_AUTH_PENDING;
}
else if (ret != WOLFSSH_USERAUTH_SUCCESS) {
authFailure = 1;
else {
if (ret == WOLFSSH_USERAUTH_PARTIAL_SUCCESS) {
partialSuccess = 1;
}
else if (ret != WOLFSSH_USERAUTH_SUCCESS) {
authFailure = 1;
}
ret = WS_SUCCESS;
}
ret = WS_SUCCESS;
}
else {
WLOG(WS_LOG_DEBUG, "DUARPK: no userauth callback set");
Expand Down Expand Up @@ -7685,17 +7706,20 @@ static int DoPacket(WOLFSSH* ssh)
ret = SendUnimplemented(ssh);
}

if (payloadSz > 0) {
idx += payloadIdx;
if (idx + padSz > len) {
WLOG(WS_LOG_DEBUG, "Not enough data in buffer for pad.");
ret = WS_BUFFER_E;
/* if the auth is still pending, don't discard the packet data */
if (ret != WS_AUTH_PENDING) {
if (payloadSz > 0) {
idx += payloadIdx;
if (idx + padSz > len) {
WLOG(WS_LOG_DEBUG, "Not enough data in buffer for pad.");
ret = WS_BUFFER_E;
}
}
}

idx += padSz;
ssh->inputBuffer.idx = idx;
ssh->peerSeq++;
idx += padSz;
ssh->inputBuffer.idx = idx;
ssh->peerSeq++;
}

return ret;
}
Expand Down
2 changes: 1 addition & 1 deletion src/ssh.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -408,7 +408,7 @@ int wolfSSH_accept(WOLFSSH* ssh)
return WS_BAD_ARGUMENT;

/* clear want read/writes for retry */
if (ssh->error == WS_WANT_READ || ssh->error == WS_WANT_WRITE)
if (ssh->error == WS_WANT_READ || ssh->error == WS_WANT_WRITE || ssh->error == WS_AUTH_PENDING)
ssh->error = 0;

if (ssh->error != 0) {
Expand Down
3 changes: 2 additions & 1 deletion wolfssh/error.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,8 +131,9 @@ enum WS_ErrorCodes {
WS_KEY_AUTH_MAGIC_E = -1090, /* OpenSSH key auth magic check fail */
WS_KEY_CHECK_VAL_E = -1091, /* OpenSSH key check value fail */
WS_KEY_FORMAT_E = -1092, /* OpenSSH key format fail */
WS_AUTH_PENDING = -1093, /* User authentication still pending */

WS_LAST_E = -1092 /* Update this to indicate last error */
WS_LAST_E = -1093 /* Update this to indicate last error */
};


Expand Down
3 changes: 2 additions & 1 deletion wolfssh/ssh.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -329,7 +329,8 @@ enum WS_UserAuthResults
WOLFSSH_USERAUTH_INVALID_PASSWORD,
WOLFSSH_USERAUTH_REJECTED,
WOLFSSH_USERAUTH_INVALID_PUBLICKEY,
WOLFSSH_USERAUTH_PARTIAL_SUCCESS
WOLFSSH_USERAUTH_PARTIAL_SUCCESS,
WOLFSSH_USERAUTH_WOULD_BLOCK
};

enum WS_DisconnectReasonCodes {
Expand Down
Loading