mirror of https://github.com/wolfSSL/wolfssh.git
updates to auth callback
parent
50739b3abe
commit
67851e5c10
|
@ -442,6 +442,31 @@ static int wsUserAuth(byte authType,
|
||||||
{
|
{
|
||||||
int ret = WOLFSSH_USERAUTH_INVALID_AUTHTYPE;
|
int ret = WOLFSSH_USERAUTH_INVALID_AUTHTYPE;
|
||||||
|
|
||||||
|
#ifdef DEBUG_WOLFSSH
|
||||||
|
/* inspect supported types from server */
|
||||||
|
printf("Server supports ");
|
||||||
|
if (authData->type & WOLFSSH_USERAUTH_PASSWORD) {
|
||||||
|
printf("password authentication");
|
||||||
|
}
|
||||||
|
if (authData->type & WOLFSSH_USERAUTH_PUBLICKEY) {
|
||||||
|
printf(" and public key authentication");
|
||||||
|
}
|
||||||
|
printf("\n");
|
||||||
|
printf("wolfSSH requesting to use type %d\n", authType);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* We know hansel has a key, wait for request of public key */
|
||||||
|
if (authData->type & WOLFSSH_USERAUTH_PUBLICKEY &&
|
||||||
|
authData->username != NULL &&
|
||||||
|
authData->usernameSz > 0 &&
|
||||||
|
XSTRNCMP((char*)authData->username, "hansel",
|
||||||
|
authData->usernameSz) == 0) {
|
||||||
|
if (authType == WOLFSSH_USERAUTH_PASSWORD) {
|
||||||
|
printf("rejecting password type with hansel in favor of pub key\n");
|
||||||
|
return WOLFSSH_USERAUTH_FAILURE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (authType == WOLFSSH_USERAUTH_PASSWORD) {
|
if (authType == WOLFSSH_USERAUTH_PASSWORD) {
|
||||||
const char* defaultPassword = (const char*)ctx;
|
const char* defaultPassword = (const char*)ctx;
|
||||||
word32 passwordSz;
|
word32 passwordSz;
|
||||||
|
|
|
@ -3817,6 +3817,7 @@ static int DoUserAuthFailure(WOLFSSH* ssh,
|
||||||
byte authList[3]; /* Should only ever be password, publickey, hostname */
|
byte authList[3]; /* Should only ever be password, publickey, hostname */
|
||||||
word32 authListSz = 3;
|
word32 authListSz = 3;
|
||||||
byte partialSuccess;
|
byte partialSuccess;
|
||||||
|
byte authType = 0;
|
||||||
int ret = WS_SUCCESS;
|
int ret = WS_SUCCESS;
|
||||||
|
|
||||||
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthFailure()");
|
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthFailure()");
|
||||||
|
@ -3835,35 +3836,32 @@ static int DoUserAuthFailure(WOLFSSH* ssh,
|
||||||
|
|
||||||
/* check authList to see if authId is there */
|
/* check authList to see if authId is there */
|
||||||
for (i = 0; i < authListSz; i++) {
|
for (i = 0; i < authListSz; i++) {
|
||||||
if (ssh->authId == authList[i]) {
|
word32 j;
|
||||||
ret = SendUserAuthRequest(ssh, ssh->authId, 0);
|
for (j = 0; j < sizeof(ssh->supportedAuth); j++) {
|
||||||
break;
|
if (authList[i] == ssh->supportedAuth[j]) {
|
||||||
|
switch(authList[i]) {
|
||||||
|
case ID_USERAUTH_PASSWORD:
|
||||||
|
authType |= WOLFSSH_USERAUTH_PASSWORD;
|
||||||
|
break;
|
||||||
|
case ID_USERAUTH_PUBLICKEY:
|
||||||
|
authType |= WOLFSSH_USERAUTH_PUBLICKEY;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* the auth type attempted was not in the list */
|
/* the auth type attempted was not in the list */
|
||||||
if (ret == WS_SUCCESS && i >= authListSz) {
|
if (authType == 0) {
|
||||||
WLOG(WS_LOG_DEBUG, "Auth ID %d did not match any in peers list",
|
WLOG(WS_LOG_DEBUG, "Did not match any auth IDs in peers list");
|
||||||
ssh->authId);
|
|
||||||
ret = WS_USER_AUTH_E;
|
ret = WS_USER_AUTH_E;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/* check if should attempt next auth type */
|
if (ret == WS_SUCCESS) {
|
||||||
if (ret != WS_SUCCESS) {
|
ret = SendUserAuthRequest(ssh, authType, 0);
|
||||||
/* get the current index of the auth type */
|
|
||||||
for (i =0; i < sizeof(ssh->supportedAuth); i++) {
|
|
||||||
if (ssh->authId == ssh->supportedAuth[i]) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (i + 1 < sizeof(ssh->supportedAuth)) {
|
|
||||||
ssh->authId = ssh->supportedAuth[i + 1];
|
|
||||||
if (ssh->authId != ID_NONE) {
|
|
||||||
ret = WC_CHANGE_AUTH_E; /* retry with supported auth type */
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthFailure(), ret = %d", ret);
|
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthFailure(), ret = %d", ret);
|
||||||
|
@ -7428,21 +7426,31 @@ int SendUserAuthRequest(WOLFSSH* ssh, byte authId, int addSig)
|
||||||
authData.username = (const byte*)ssh->userName;
|
authData.username = (const byte*)ssh->userName;
|
||||||
authData.usernameSz = ssh->userNameSz;
|
authData.usernameSz = ssh->userNameSz;
|
||||||
|
|
||||||
if (authId == ID_USERAUTH_PASSWORD) {
|
if (authId & WOLFSSH_USERAUTH_PASSWORD) {
|
||||||
ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PASSWORD,
|
ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PASSWORD,
|
||||||
&authData, ssh->userAuthCtx);
|
&authData, ssh->userAuthCtx);
|
||||||
if (ret != WOLFSSH_USERAUTH_SUCCESS) {
|
if (ret != WOLFSSH_USERAUTH_SUCCESS) {
|
||||||
WLOG(WS_LOG_DEBUG, "SUAR: Couldn't get password");
|
WLOG(WS_LOG_DEBUG, "SUAR: Couldn't get password");
|
||||||
ret = WS_FATAL_ERROR;
|
ret = WS_FATAL_ERROR;
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
WLOG(WS_LOG_DEBUG, "SUAR: Callback successful password");
|
||||||
|
authData.type = authId = ID_USERAUTH_PASSWORD;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else if (authId == ID_USERAUTH_PUBLICKEY) {
|
|
||||||
|
/* fall into public key case if password case was not successful */
|
||||||
|
if ((ret == WS_FATAL_ERROR) && (authId & WOLFSSH_USERAUTH_PUBLICKEY)) {
|
||||||
ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY,
|
ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY,
|
||||||
&authData, ssh->userAuthCtx);
|
&authData, ssh->userAuthCtx);
|
||||||
if (ret != WOLFSSH_USERAUTH_SUCCESS) {
|
if (ret != WOLFSSH_USERAUTH_SUCCESS) {
|
||||||
WLOG(WS_LOG_DEBUG, "SUAR: Couldn't get key");
|
WLOG(WS_LOG_DEBUG, "SUAR: Couldn't get key");
|
||||||
ret = WS_FATAL_ERROR;
|
ret = WS_FATAL_ERROR;
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
WLOG(WS_LOG_DEBUG, "SUAR: Callback successful public key");
|
||||||
|
authData.type = authId = ID_USERAUTH_PUBLICKEY;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
|
|
@ -750,11 +750,6 @@ int wolfSSH_connect(WOLFSSH* ssh)
|
||||||
if (DoReceive(ssh) < WS_SUCCESS) {
|
if (DoReceive(ssh) < WS_SUCCESS) {
|
||||||
WLOG(WS_LOG_DEBUG, connectError,
|
WLOG(WS_LOG_DEBUG, connectError,
|
||||||
"CLIENT_USERAUTH_SENT", ssh->error);
|
"CLIENT_USERAUTH_SENT", ssh->error);
|
||||||
if (ssh->error == WC_CHANGE_AUTH_E) {
|
|
||||||
/* retry with supported auth type */
|
|
||||||
ssh->error = WS_SUCCESS;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
return WS_FATAL_ERROR;
|
return WS_FATAL_ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -238,10 +238,9 @@ enum WS_FormatTypes {
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
enum WS_UserAuthTypes {
|
/* bit map */
|
||||||
WOLFSSH_USERAUTH_PASSWORD,
|
#define WOLFSSH_USERAUTH_PASSWORD 0x01
|
||||||
WOLFSSH_USERAUTH_PUBLICKEY
|
#define WOLFSSH_USERAUTH_PUBLICKEY 0x02
|
||||||
};
|
|
||||||
|
|
||||||
enum WS_UserAuthResults
|
enum WS_UserAuthResults
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue