WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #242 from JacobBarthelmeh/auth 

updates to auth callback
pull/244/head
John Safranek 2020-02-18 14:29:22 -08:00 committed by GitHub
parent 7bd642fa82 67851e5c10
commit 52183c3018
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 60 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
examples/sftpclient/sftpclient.c
View File

@ -442,6 +442,31 @@ static int wsUserAuth(byte authType,
{ {
int ret = WOLFSSH_USERAUTH_INVALID_AUTHTYPE; int ret = WOLFSSH_USERAUTH_INVALID_AUTHTYPE;
#ifdef DEBUG_WOLFSSH
/* inspect supported types from server */
printf("Server supports ");
if (authData->type & WOLFSSH_USERAUTH_PASSWORD) {
printf("password authentication");
}
if (authData->type & WOLFSSH_USERAUTH_PUBLICKEY) {
printf(" and public key authentication");
}
printf("\n");
printf("wolfSSH requesting to use type %d\n", authType);
#endif
/* We know hansel has a key, wait for request of public key */
if (authData->type & WOLFSSH_USERAUTH_PUBLICKEY &&
authData->username != NULL &&
authData->usernameSz > 0 &&
XSTRNCMP((char*)authData->username, "hansel",
authData->usernameSz) == 0) {
if (authType == WOLFSSH_USERAUTH_PASSWORD) {
printf("rejecting password type with hansel in favor of pub key\n");
return WOLFSSH_USERAUTH_FAILURE;
}
}
if (authType == WOLFSSH_USERAUTH_PASSWORD) { if (authType == WOLFSSH_USERAUTH_PASSWORD) {
const char* defaultPassword = (const char*)ctx; const char* defaultPassword = (const char*)ctx;
word32 passwordSz; word32 passwordSz;

56
src/internal.c
View File

@ -3817,6 +3817,7 @@ static int DoUserAuthFailure(WOLFSSH* ssh,
byte authList[3]; /* Should only ever be password, publickey, hostname */ byte authList[3]; /* Should only ever be password, publickey, hostname */
word32 authListSz = 3; word32 authListSz = 3;
byte partialSuccess; byte partialSuccess;
byte authType = 0;
int ret = WS_SUCCESS; int ret = WS_SUCCESS;
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthFailure()"); WLOG(WS_LOG_DEBUG, "Entering DoUserAuthFailure()");
@ -3835,35 +3836,32 @@ static int DoUserAuthFailure(WOLFSSH* ssh,
/* check authList to see if authId is there */ /* check authList to see if authId is there */
for (i = 0; i < authListSz; i++) { for (i = 0; i < authListSz; i++) {
if (ssh->authId == authList[i]) { word32 j;
ret = SendUserAuthRequest(ssh, ssh->authId, 0); for (j = 0; j < sizeof(ssh->supportedAuth); j++) {
break; if (authList[i] == ssh->supportedAuth[j]) {
switch(authList[i]) {
case ID_USERAUTH_PASSWORD:
authType |= WOLFSSH_USERAUTH_PASSWORD;
break;
case ID_USERAUTH_PUBLICKEY:
authType |= WOLFSSH_USERAUTH_PUBLICKEY;
break;
default:
break;
}
}
} }
} }
/* the auth type attempted was not in the list */ /* the auth type attempted was not in the list */
if (ret == WS_SUCCESS && i >= authListSz) { if (authType == 0) {
WLOG(WS_LOG_DEBUG, "Auth ID %d did not match any in peers list", WLOG(WS_LOG_DEBUG, "Did not match any auth IDs in peers list");
ssh->authId);
ret = WS_USER_AUTH_E; ret = WS_USER_AUTH_E;
} }
}
/* check if should attempt next auth type */ if (ret == WS_SUCCESS) {
if (ret != WS_SUCCESS) { ret = SendUserAuthRequest(ssh, authType, 0);
/* get the current index of the auth type */
for (i =0; i < sizeof(ssh->supportedAuth); i++) {
if (ssh->authId == ssh->supportedAuth[i]) {
break;
}
}
if (i + 1 < sizeof(ssh->supportedAuth)) {
ssh->authId = ssh->supportedAuth[i + 1];
if (ssh->authId != ID_NONE) {
ret = WC_CHANGE_AUTH_E; /* retry with supported auth type */
}
}
}
} }
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthFailure(), ret = %d", ret); WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthFailure(), ret = %d", ret);
@ -7464,21 +7462,31 @@ int SendUserAuthRequest(WOLFSSH* ssh, byte authId, int addSig)
authData.username = (const byte*)ssh->userName; authData.username = (const byte*)ssh->userName;
authData.usernameSz = ssh->userNameSz; authData.usernameSz = ssh->userNameSz;
if (authId == ID_USERAUTH_PASSWORD) { if (authId & WOLFSSH_USERAUTH_PASSWORD) {
ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PASSWORD, ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PASSWORD,
&authData, ssh->userAuthCtx); &authData, ssh->userAuthCtx);
if (ret != WOLFSSH_USERAUTH_SUCCESS) { if (ret != WOLFSSH_USERAUTH_SUCCESS) {
WLOG(WS_LOG_DEBUG, "SUAR: Couldn't get password"); WLOG(WS_LOG_DEBUG, "SUAR: Couldn't get password");
ret = WS_FATAL_ERROR; ret = WS_FATAL_ERROR;
} }
else {
WLOG(WS_LOG_DEBUG, "SUAR: Callback successful password");
authData.type = authId = ID_USERAUTH_PASSWORD;
}
} }
else if (authId == ID_USERAUTH_PUBLICKEY) {
/* fall into public key case if password case was not successful */
if ((ret == WS_FATAL_ERROR) && (authId & WOLFSSH_USERAUTH_PUBLICKEY)) {
ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY, ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY,
&authData, ssh->userAuthCtx); &authData, ssh->userAuthCtx);
if (ret != WOLFSSH_USERAUTH_SUCCESS) { if (ret != WOLFSSH_USERAUTH_SUCCESS) {
WLOG(WS_LOG_DEBUG, "SUAR: Couldn't get key"); WLOG(WS_LOG_DEBUG, "SUAR: Couldn't get key");
ret = WS_FATAL_ERROR; ret = WS_FATAL_ERROR;
} }
else {
WLOG(WS_LOG_DEBUG, "SUAR: Callback successful public key");
authData.type = authId = ID_USERAUTH_PUBLICKEY;
}
} }
} }
else { else {

5
src/ssh.c
View File

@ -750,11 +750,6 @@ int wolfSSH_connect(WOLFSSH* ssh)
if (DoReceive(ssh) < WS_SUCCESS) { if (DoReceive(ssh) < WS_SUCCESS) {
WLOG(WS_LOG_DEBUG, connectError, WLOG(WS_LOG_DEBUG, connectError,
"CLIENT_USERAUTH_SENT", ssh->error); "CLIENT_USERAUTH_SENT", ssh->error);
if (ssh->error == WC_CHANGE_AUTH_E) {
/* retry with supported auth type */
ssh->error = WS_SUCCESS;
continue;
}
return WS_FATAL_ERROR; return WS_FATAL_ERROR;
} }
} }

7
wolfssh/ssh.h
View File

@ -238,10 +238,9 @@ enum WS_FormatTypes {
}; };
enum WS_UserAuthTypes { /* bit map */
WOLFSSH_USERAUTH_PASSWORD, #define WOLFSSH_USERAUTH_PASSWORD 0x01
WOLFSSH_USERAUTH_PUBLICKEY #define WOLFSSH_USERAUTH_PUBLICKEY 0x02
};
enum WS_UserAuthResults enum WS_UserAuthResults
{ {