mirror of https://github.com/wolfSSL/wolfssh.git
commit
6827dd6aa3
|
@ -583,11 +583,13 @@ static PwMap* PwMapNew(PwMapList* list, byte type, const byte* username,
|
|||
map->username[usernameSz] = 0;
|
||||
map->usernameSz = usernameSz;
|
||||
|
||||
wc_InitSha256(&sha);
|
||||
c32toa(pSz, flatSz);
|
||||
wc_Sha256Update(&sha, flatSz, sizeof(flatSz));
|
||||
wc_Sha256Update(&sha, p, pSz);
|
||||
wc_Sha256Final(&sha, map->p);
|
||||
if (type != WOLFSSH_USERAUTH_NONE) {
|
||||
wc_InitSha256(&sha);
|
||||
c32toa(pSz, flatSz);
|
||||
wc_Sha256Update(&sha, flatSz, sizeof(flatSz));
|
||||
wc_Sha256Update(&sha, p, pSz);
|
||||
wc_Sha256Final(&sha, map->p);
|
||||
}
|
||||
|
||||
map->next = list->head;
|
||||
list->head = map;
|
||||
|
@ -640,6 +642,45 @@ static const char samplePublicKeyRsaBuffer[] =
|
|||
"biE57dK6BrH5iZwVLTQKux31uCJLPhiktI3iLbdlGZEctJkTasfVSsUizwVIyRjhVKmbdI"
|
||||
"RGwkU38D043AR1h0mUoGCPIKuqcFMf gretel\n";
|
||||
|
||||
static const char sampleNoneBuffer[] =
|
||||
"holmes\n"
|
||||
"watson\n";
|
||||
|
||||
|
||||
static int LoadNoneBuffer(byte* buf, word32 bufSz, PwMapList* list)
|
||||
{
|
||||
char* str = (char*)buf;
|
||||
char* username;
|
||||
|
||||
/* Each line of none list is in the format
|
||||
* username\n
|
||||
* This function modifies the passed-in buffer. */
|
||||
|
||||
if (list == NULL)
|
||||
return -1;
|
||||
|
||||
if (buf == NULL || bufSz == 0)
|
||||
return 0;
|
||||
|
||||
while (*str != 0) {
|
||||
username = str;
|
||||
str = strchr(username, '\n');
|
||||
if (str == NULL) {
|
||||
return -1;
|
||||
}
|
||||
*str = 0;
|
||||
str++;
|
||||
if (PwMapNew(list, WOLFSSH_USERAUTH_NONE,
|
||||
(byte*)username, (word32)strlen(username),
|
||||
NULL, 0) == NULL ) {
|
||||
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
static int LoadPasswordBuffer(byte* buf, word32 bufSz, PwMapList* list)
|
||||
{
|
||||
|
@ -762,6 +803,9 @@ static int wsUserAuth(byte authType,
|
|||
}
|
||||
|
||||
if (authType != WOLFSSH_USERAUTH_PASSWORD &&
|
||||
#ifdef WOLFSSH_ALLOW_USERAUTH_NONE
|
||||
authType != WOLFSSH_USERAUTH_NONE &&
|
||||
#endif
|
||||
authType != WOLFSSH_USERAUTH_PUBLICKEY) {
|
||||
|
||||
return WOLFSSH_USERAUTH_FAILURE;
|
||||
|
@ -794,7 +838,36 @@ static int wsUserAuth(byte authType,
|
|||
|
||||
while (map != NULL) {
|
||||
if (authData->usernameSz == map->usernameSz &&
|
||||
memcmp(authData->username, map->username, map->usernameSz) == 0) {
|
||||
memcmp(authData->username, map->username, map->usernameSz) == 0 &&
|
||||
authData->type == map->type) {
|
||||
|
||||
if (authData->type == WOLFSSH_USERAUTH_PUBLICKEY) {
|
||||
if (memcmp(map->p, authHash, WC_SHA256_DIGEST_SIZE) == 0) {
|
||||
return WOLFSSH_USERAUTH_SUCCESS;
|
||||
}
|
||||
else {
|
||||
return WOLFSSH_USERAUTH_INVALID_PUBLICKEY;
|
||||
}
|
||||
}
|
||||
else if (authData->type == WOLFSSH_USERAUTH_PASSWORD) {
|
||||
if (memcmp(map->p, authHash, WC_SHA256_DIGEST_SIZE) == 0) {
|
||||
return WOLFSSH_USERAUTH_SUCCESS;
|
||||
}
|
||||
else {
|
||||
passwdRetry--;
|
||||
return (passwdRetry > 0) ?
|
||||
WOLFSSH_USERAUTH_INVALID_PASSWORD :
|
||||
WOLFSSH_USERAUTH_REJECTED;
|
||||
}
|
||||
}
|
||||
#ifdef WOLFSSH_ALLOW_USERAUTH_NONE
|
||||
else if (authData->type == WOLFSSH_USERAUTH_NONE) {
|
||||
return WOLFSSH_USERAUTH_SUCCESS;
|
||||
}
|
||||
#endif /* WOLFSSH_ALLOW_USERAUTH_NONE */
|
||||
else {
|
||||
return WOLFSSH_USERAUTH_INVALID_AUTHTYPE;
|
||||
}
|
||||
|
||||
if (authData->type == map->type) {
|
||||
if (memcmp(map->p, authHash, WC_SHA256_DIGEST_SIZE) == 0) {
|
||||
|
@ -975,6 +1048,11 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args)
|
|||
memcpy(buf, bufName, bufSz);
|
||||
buf[bufSz] = 0;
|
||||
LoadPublicKeyBuffer(buf, bufSz, &pwMapList);
|
||||
|
||||
bufSz = (word32)strlen(sampleNoneBuffer);
|
||||
memcpy(buf, sampleNoneBuffer, bufSz);
|
||||
buf[bufSz] = 0;
|
||||
LoadNoneBuffer(buf, bufSz, &pwMapList);
|
||||
}
|
||||
#ifdef WOLFSSL_NUCLEUS
|
||||
{
|
||||
|
|
|
@ -3354,6 +3354,62 @@ static int DoServiceAccept(WOLFSSH* ssh,
|
|||
}
|
||||
|
||||
|
||||
#ifdef WOLFSSH_ALLOW_USERAUTH_NONE
|
||||
/* Utility for DoUserAuthRequest() */
|
||||
static int DoUserAuthRequestNone(WOLFSSH* ssh, WS_UserAuthData* authData,
|
||||
byte* buf, word32 len, word32* idx)
|
||||
{
|
||||
int ret = WS_SUCCESS;
|
||||
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestNone()");
|
||||
|
||||
(void)len;
|
||||
|
||||
if (ssh == NULL || authData == NULL ||
|
||||
buf == NULL || idx == NULL) {
|
||||
|
||||
ret = WS_BAD_ARGUMENT;
|
||||
}
|
||||
|
||||
if (ret == WS_SUCCESS) {
|
||||
authData->type = WOLFSSH_USERAUTH_NONE;
|
||||
if (ssh->ctx->userAuthCb != NULL) {
|
||||
WLOG(WS_LOG_DEBUG, "DUARN: Calling the userauth callback");
|
||||
ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_NONE,
|
||||
authData, ssh->userAuthCtx);
|
||||
if (ret == WOLFSSH_USERAUTH_SUCCESS) {
|
||||
WLOG(WS_LOG_DEBUG, "DUARN: none check successful");
|
||||
ssh->clientState = CLIENT_USERAUTH_DONE;
|
||||
ret = WS_SUCCESS;
|
||||
}
|
||||
else if (ret == WOLFSSH_USERAUTH_REJECTED) {
|
||||
WLOG(WS_LOG_DEBUG, "DUARN: password rejected");
|
||||
#ifndef NO_FAILURE_ON_REJECTED
|
||||
ret = SendUserAuthFailure(ssh, 0);
|
||||
if (ret == WS_SUCCESS)
|
||||
ret = WS_USER_AUTH_E;
|
||||
#else
|
||||
ret = WS_USER_AUTH_E;
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
WLOG(WS_LOG_DEBUG, "DUARN: none check failed, retry");
|
||||
ret = SendUserAuthFailure(ssh, 0);
|
||||
}
|
||||
}
|
||||
else {
|
||||
WLOG(WS_LOG_DEBUG, "DUARN: No user auth callback");
|
||||
ret = SendUserAuthFailure(ssh, 0);
|
||||
if (ret == WS_SUCCESS)
|
||||
ret = WS_FATAL_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthRequestNone(), ret = %d", ret);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
/* Utility for DoUserAuthRequest() */
|
||||
static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
|
||||
byte* buf, word32 len, word32* idx)
|
||||
|
@ -3918,7 +3974,7 @@ static int DoUserAuthRequest(WOLFSSH* ssh,
|
|||
}
|
||||
#ifdef WOLFSSH_ALLOW_USERAUTH_NONE
|
||||
else if (authNameId == ID_NONE) {
|
||||
ssh->clientState = CLIENT_USERAUTH_DONE;
|
||||
ret = DoUserAuthRequestNone(ssh, &authData, buf, len, &begin);
|
||||
}
|
||||
#endif
|
||||
else {
|
||||
|
|
|
@ -242,6 +242,7 @@ enum WS_FormatTypes {
|
|||
/* bit map */
|
||||
#define WOLFSSH_USERAUTH_PASSWORD 0x01
|
||||
#define WOLFSSH_USERAUTH_PUBLICKEY 0x02
|
||||
#define WOLFSSH_USERAUTH_NONE 0x04
|
||||
|
||||
enum WS_UserAuthResults
|
||||
{
|
||||
|
|
|
@ -49,6 +49,8 @@
|
|||
#include <selectLib.h>
|
||||
#include <sys/types.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <ipcom_sock.h>
|
||||
#include <fcntl.h>
|
||||
#include <sys/time.h>
|
||||
#include <netdb.h>
|
||||
|
@ -376,7 +378,7 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
|
|||
NU_HOSTENT h;
|
||||
entry = &h;
|
||||
NU_Get_Host_By_Name((char*)peer, entry);
|
||||
#else
|
||||
#else
|
||||
struct hostent* entry = gethostbyname(peer);
|
||||
#endif
|
||||
|
||||
|
|
Loading…
Reference in New Issue