WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

fixing RSA public key user auth, failover to password

pull/9/head
John Safranek 2016-06-24 14:23:16 -06:00
parent a1e07e3161
commit 4dc3c56a88
4 changed files with 23 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
examples/echoserver/echoserver.c
View File

@ -542,16 +542,22 @@ static int wsUserAuth(uint8_t authType,
map = list->head; map = list->head;
while (map != NULL) { while (map != NULL) {
if (authData->type == map->type && if (authData->usernameSz == map->usernameSz &&
authData->usernameSz == map->usernameSz &&
memcmp(authData->username, map->username, map->usernameSz) == 0) { memcmp(authData->username, map->username, map->usernameSz) == 0) {
if (memcmp(map->p, authHash, SHA256_DIGEST_SIZE) != 0) {
if (authData->type == map->type) {
if (memcmp(map->p, authHash, SHA256_DIGEST_SIZE) == 0) {
return WOLFSSH_USERAUTH_SUCCESS;
}
else {
return (authType == WOLFSSH_USERAUTH_PASSWORD ? return (authType == WOLFSSH_USERAUTH_PASSWORD ?
WOLFSSH_USERAUTH_INVALID_PASSWORD : WOLFSSH_USERAUTH_INVALID_PASSWORD :
WOLFSSH_USERAUTH_INVALID_PUBLICKEY); WOLFSSH_USERAUTH_INVALID_PUBLICKEY);
} }
}
return WOLFSSH_USERAUTH_SUCCESS; else {
return WOLFSSH_USERAUTH_INVALID_AUTHTYPE;
}
} }
map = map->next; map = map->next;
} }

13
src/internal.c
View File

@ -1491,6 +1491,7 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestPublicKey()"); WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestPublicKey()");
DumpOctetString(buf + begin, len - begin);
authData->type = WOLFSSH_USERAUTH_PUBLICKEY; authData->type = WOLFSSH_USERAUTH_PUBLICKEY;
GetBoolean(&pk->hasSignature, buf, len, &begin); GetBoolean(&pk->hasSignature, buf, len, &begin);
GetUint32(&pk->publicKeyTypeSz, buf, len, &begin); GetUint32(&pk->publicKeyTypeSz, buf, len, &begin);
@ -1510,6 +1511,8 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
pk->signatureSz = 0; pk->signatureSz = 0;
} }
*idx = begin;
if (ssh->ctx->userAuthCb != NULL) { if (ssh->ctx->userAuthCb != NULL) {
WLOG(WS_LOG_DEBUG, "DUARPK: Calling the userauth callback"); WLOG(WS_LOG_DEBUG, "DUARPK: Calling the userauth callback");
ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY, ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY,
@ -1518,10 +1521,12 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
if (ret != WOLFSSH_USERAUTH_SUCCESS) { if (ret != WOLFSSH_USERAUTH_SUCCESS) {
switch (ret) { switch (ret) {
case WOLFSSH_USERAUTH_INVALID_USER: case WOLFSSH_USERAUTH_INVALID_USER:
SendDisconnect(ssh, WOLFSSH_DISCONNECT_ILLEGAL_USER_NAME); return SendDisconnect(ssh,
break; WOLFSSH_DISCONNECT_ILLEGAL_USER_NAME);
default: default:
SendUserAuthFailure(ssh, 0); return SendUserAuthFailure(ssh, 0);
/* XXX Need to tell User Auth layer to disallow
* public key user auth */
} }
} }
} }
@ -1594,8 +1599,6 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
} }
} }
*idx = begin;
return ret; return ret;
} }

3
wolfssh/internal.h
View File

@ -348,7 +348,8 @@ enum WS_MessageIds {
MSGID_USERAUTH_FAILURE = 51, MSGID_USERAUTH_FAILURE = 51,
MSGID_USERAUTH_SUCCESS = 52, MSGID_USERAUTH_SUCCESS = 52,
MSGID_USERAUTH_BANNER = 53, MSGID_USERAUTH_BANNER = 53,
MSGID_USERAUTH_PK_OK = 60, MSGID_USERAUTH_PK_OK = 60, /* Public Key OK */
MSGID_USERAUTH_PW_CHRQ = 60, /* Password Change Request */
MSGID_CHANNEL_OPEN = 90, MSGID_CHANNEL_OPEN = 90,
MSGID_CHANNEL_OPEN_CONF = 91, MSGID_CHANNEL_OPEN_CONF = 91,

1
wolfssh/ssh.h
View File

@ -151,6 +151,7 @@ enum WS_UserAuthTypes {
enum WS_UserAuthResults { enum WS_UserAuthResults {
WOLFSSH_USERAUTH_SUCCESS, WOLFSSH_USERAUTH_SUCCESS,
WOLFSSH_USERAUTH_FAILURE, WOLFSSH_USERAUTH_FAILURE,
WOLFSSH_USERAUTH_INVALID_AUTHTYPE,
WOLFSSH_USERAUTH_INVALID_USER, WOLFSSH_USERAUTH_INVALID_USER,
WOLFSSH_USERAUTH_INVALID_PASSWORD, WOLFSSH_USERAUTH_INVALID_PASSWORD,
WOLFSSH_USERAUTH_INVALID_PUBLICKEY WOLFSSH_USERAUTH_INVALID_PUBLICKEY