fixing RSA public key user auth, failover to password

2016-06-24 14:23:16 -06:00 · 2016-06-24 14:23:16 -06:00 · 4dc3c56a88
parent a1e07e3161
commit 4dc3c56a88
4 changed files with 23 additions and 12 deletions
--- a/examples/echoserver/echoserver.c
+++ b/examples/echoserver/echoserver.c
@ -542,16 +542,22 @@ static int wsUserAuth(uint8_t authType,
    map = list->head;

    while (map != NULL) {
-        if (authData->type == map->type &&
-            authData->usernameSz == map->usernameSz &&
+        if (authData->usernameSz == map->usernameSz &&
            memcmp(authData->username, map->username, map->usernameSz) == 0) {
-            if (memcmp(map->p, authHash, SHA256_DIGEST_SIZE) != 0) {
-                return (authType == WOLFSSH_USERAUTH_PASSWORD ?
+
+            if (authData->type == map->type) {
+                if (memcmp(map->p, authHash, SHA256_DIGEST_SIZE) == 0) {
+                    return WOLFSSH_USERAUTH_SUCCESS;
+                }
+                else {
+                    return (authType == WOLFSSH_USERAUTH_PASSWORD ?
                            WOLFSSH_USERAUTH_INVALID_PASSWORD :
                            WOLFSSH_USERAUTH_INVALID_PUBLICKEY);
+                }
+            }
+            else {
+                return WOLFSSH_USERAUTH_INVALID_AUTHTYPE;
            }
-
-            return WOLFSSH_USERAUTH_SUCCESS;
        }
        map = map->next;
    }
--- a/src/internal.c
+++ b/src/internal.c
@ -1491,6 +1491,7 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,

    WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestPublicKey()");

+    DumpOctetString(buf + begin, len - begin);
    authData->type = WOLFSSH_USERAUTH_PUBLICKEY;
    GetBoolean(&pk->hasSignature, buf, len, &begin);
    GetUint32(&pk->publicKeyTypeSz, buf, len, &begin);
@ -1510,6 +1511,8 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
        pk->signatureSz = 0;
    }

+    *idx = begin;
+
    if (ssh->ctx->userAuthCb != NULL) {
        WLOG(WS_LOG_DEBUG, "DUARPK: Calling the userauth callback");
        ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY,
@ -1518,10 +1521,12 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
        if (ret != WOLFSSH_USERAUTH_SUCCESS) {
            switch (ret) {
                case WOLFSSH_USERAUTH_INVALID_USER:
-                    SendDisconnect(ssh, WOLFSSH_DISCONNECT_ILLEGAL_USER_NAME);
-                    break;
+                    return SendDisconnect(ssh,
+                                          WOLFSSH_DISCONNECT_ILLEGAL_USER_NAME);
                default:
-                    SendUserAuthFailure(ssh, 0);
+                    return SendUserAuthFailure(ssh, 0);
+                    /* XXX Need to tell User Auth layer to disallow
+                     * public key user auth */
            }
        }
    }
@ -1594,8 +1599,6 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
        }
    }

-    *idx = begin;
-
    return ret;
 }

--- a/wolfssh/internal.h
+++ b/wolfssh/internal.h
@ -348,7 +348,8 @@ enum WS_MessageIds {
    MSGID_USERAUTH_FAILURE = 51,
    MSGID_USERAUTH_SUCCESS = 52,
    MSGID_USERAUTH_BANNER  = 53,
-    MSGID_USERAUTH_PK_OK   = 60,
+    MSGID_USERAUTH_PK_OK   = 60, /* Public Key OK */
+    MSGID_USERAUTH_PW_CHRQ = 60, /* Password Change Request */

    MSGID_CHANNEL_OPEN      = 90,
    MSGID_CHANNEL_OPEN_CONF = 91,
--- a/wolfssh/ssh.h
+++ b/wolfssh/ssh.h
@ -151,6 +151,7 @@ enum WS_UserAuthTypes {
 enum WS_UserAuthResults {
    WOLFSSH_USERAUTH_SUCCESS,
    WOLFSSH_USERAUTH_FAILURE,
+    WOLFSSH_USERAUTH_INVALID_AUTHTYPE,
    WOLFSSH_USERAUTH_INVALID_USER,
    WOLFSSH_USERAUTH_INVALID_PASSWORD,
    WOLFSSH_USERAUTH_INVALID_PUBLICKEY