From 7c7d315121d8a5d93de50dcb7ba179c7103b8ce2 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Tue, 27 May 2025 10:49:28 -0600 Subject: [PATCH] remove keyboard auth callback and use generic auth callback --- examples/echoserver/echoserver.c | 59 +++++++++++++++++++++----------- src/internal.c | 19 +++++----- src/ssh.c | 17 --------- wolfssh/internal.h | 3 -- wolfssh/ssh.h | 8 +---- 5 files changed, 49 insertions(+), 57 deletions(-) diff --git a/examples/echoserver/echoserver.c b/examples/echoserver/echoserver.c index 0219d058..f52bb360 100644 --- a/examples/echoserver/echoserver.c +++ b/examples/echoserver/echoserver.c @@ -1709,7 +1709,7 @@ static void StrListFree(StrList* list) } -/* Map user names to passwords */ +/* Map user names to passwords and keyboard auth prompts */ /* Use arrays for username and p. The password or public key can * be hashed and the hash stored here. Then I won't need the type. */ typedef struct PwMap { @@ -1717,6 +1717,9 @@ typedef struct PwMap { byte username[32]; word32 usernameSz; byte p[WC_SHA256_DIGEST_SIZE]; +#ifdef WOLFSSH_KEYBOARD_INTERACTIVE + WS_UserAuthData_Keyboard* keyboard; +#endif struct PwMap* next; } PwMap; @@ -1752,6 +1755,24 @@ static PwMap* PwMapNew(PwMapList* list, byte type, const byte* username, } +#ifdef WOLFSSH_KEYBOARD_INTERACTIVE +/* Create new node for list of auths, adding keyboard auth prompts */ +static PwMap* PwMapKeyboardNew(PwMapList* list, byte type, const byte* username, + word32 usernameSz, const byte* p, word32 pSz, + WS_UserAuthData_Keyboard* keyboard) +{ + PwMap* map; + + map = PwMapNew(list, type, username, usernameSz, p, pSz); + if (map) { + map->keyboard = keyboard; + } + + return map; +} +#endif + + static void PwMapListDelete(PwMapList* list) { if (list != NULL) { @@ -2013,7 +2034,8 @@ static int LoadPasswdList(StrList* strList, PwMapList* mapList) return count; } #ifdef WOLFSSH_KEYBOARD_INTERACTIVE -static int LoadKeyboardList(StrList* strList, PwMapList* mapList) +static int LoadKeyboardList(StrList* strList, PwMapList* mapList, + WS_UserAuthData_Keyboard* kbAuthData) { char names[256]; char* passwd; @@ -2026,9 +2048,10 @@ static int LoadKeyboardList(StrList* strList, PwMapList* mapList) *passwd = 0; passwd++; - PwMapNew(mapList, WOLFSSH_USERAUTH_KEYBOARD, + PwMapKeyboardNew(mapList, WOLFSSH_USERAUTH_KEYBOARD, (byte*)names, (word32)WSTRLEN(names), - (byte*)passwd, (word32)WSTRLEN(passwd)); + (byte*)passwd, (word32)WSTRLEN(passwd), + kbAuthData); } else { fprintf(stderr, "Ignoring password: %s\n", names); @@ -2192,6 +2215,7 @@ static int wsUserAuth(byte authType, #endif #ifdef WOLFSSH_KEYBOARD_INTERACTIVE authType != WOLFSSH_USERAUTH_KEYBOARD && + authType != WOLFSSH_USERAUTH_KEYBOARD_SETUP && #endif authType != WOLFSSH_USERAUTH_PUBLICKEY) { @@ -2315,6 +2339,14 @@ static int wsUserAuth(byte authType, } #ifdef WOLFSSH_KEYBOARD_INTERACTIVE else if (authData->type == WOLFSSH_USERAUTH_KEYBOARD) { + if (authType == WOLFSSH_USERAUTH_KEYBOARD_SETUP) { + /* setup the keyboard auth prompts */ + WMEMCPY(&authData->sf.keyboard, map->keyboard, + sizeof(WS_UserAuthData_Keyboard)); + return WS_SUCCESS; + } + + /* do keyboard auth prompts */ if (WMEMCMP(map->p, authHash, WC_SHA256_DIGEST_SIZE) == 0) { return WOLFSSH_USERAUTH_SUCCESS; } @@ -2338,15 +2370,6 @@ static int wsUserAuth(byte authType, return WOLFSSH_USERAUTH_INVALID_USER; } -#ifdef WOLFSSH_KEYBOARD_INTERACTIVE -static int keyboardCallback(WS_UserAuthData_Keyboard *kbAuth, void *ctx) -{ - WS_UserAuthData_Keyboard *kbAuthData = (WS_UserAuthData_Keyboard*) ctx; - WMEMCPY(kbAuth, kbAuthData, sizeof(WS_UserAuthData_Keyboard)); - - return WS_SUCCESS; -} -#endif #ifdef WOLFSSH_SFTP /* @@ -2800,9 +2823,6 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args) #ifdef WOLFSSH_KEYBOARD_INTERACTIVE if (keyboardList) { - LoadKeyboardList(keyboardList, &pwMapList); - StrListFree(keyboardList); - keyboardList = NULL; kbAuthData.promptCount = 1; kbAuthData.promptName = NULL; kbAuthData.promptNameSz = 0; @@ -2825,7 +2845,9 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args) ES_ERROR("Error allocating promptEcho"); } kbAuthData.promptEcho[0] = 0; - wolfSSH_SetKeyboardAuthPrompts(ctx, keyboardCallback); + LoadKeyboardList(keyboardList, &pwMapList, &kbAuthData); + StrListFree(keyboardList); + keyboardList = NULL; } #endif @@ -3035,9 +3057,6 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args) #endif wolfSSH_SetUserAuthCtx(ssh, &pwMapList); wolfSSH_SetKeyingCompletionCbCtx(ssh, (void*)ssh); - #ifdef WOLFSSH_KEYBOARD_INTERACTIVE - wolfSSH_SetKeyboardAuthCtx(ssh, &kbAuthData); - #endif /* Use the session object for its own highwater callback ctx */ if (defaultHighwater > 0) { diff --git a/src/internal.c b/src/internal.c index 60f802ce..2cfce115 100644 --- a/src/internal.c +++ b/src/internal.c @@ -877,9 +877,6 @@ WOLFSSH_CTX* CtxInit(WOLFSSH_CTX* ctx, byte side, void* heap) ctx->algoListCipher = cannedEncAlgoNames; ctx->algoListMac = cannedMacAlgoNames; ctx->algoListKeyAccepted = cannedKeyAlgoNames; -#ifdef WOLFSSH_KEYBOARD_INTERACTIVE - ctx->keyboardAuthCb = NULL; -#endif count = (word32)(sizeof(ctx->privateKey) / sizeof(ctx->privateKey[0])); @@ -13369,19 +13366,22 @@ int SendUserAuthKeyboardRequest(WOLFSSH* ssh, WS_UserAuthData* authData) WLOG(WS_LOG_DEBUG, "Entering SendUserAuthKeyboardRequest()"); - if (ssh == NULL || authData == NULL) { ret = WS_BAD_ARGUMENT; } - if (ssh->ctx->keyboardAuthCb == NULL) { + if (ssh->ctx->userAuthCb == NULL) { WLOG(WS_LOG_DEBUG, "SendUserAuthKeyboardRequest called with no Cb set"); ret = WS_BAD_USAGE; } if (ret == WS_SUCCESS) { - ret = ssh->ctx->keyboardAuthCb(&authData->sf.keyboard, - ssh->keyboardAuthCtx); + authData->type = WOLFSSH_USERAUTH_KEYBOARD; + ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_KEYBOARD_SETUP, authData, + ssh->userAuthCtx); + if (ret == WOLFSSH_USERAUTH_SUCCESS) { + ret = WS_SUCCESS; + } } if (authData->sf.keyboard.promptCount > 0 && @@ -14946,6 +14946,7 @@ int SendUserAuthRequest(WOLFSSH* ssh, byte authType, int addSig) WMEMSET(keySig_ptr, 0, sizeof(WS_KeySignature)); keySig_ptr->keySigId = ID_NONE; keySig_ptr->heap = ssh->ctx->heap; + #ifdef WOLFSSH_KEYBOARD_INTERACTIVE /* Callback happens later for keyboard auth */ if (authType & WOLFSSH_USERAUTH_KEYBOARD) { @@ -15117,9 +15118,7 @@ static int GetAllowedAuth(WOLFSSH* ssh, char* authStr) typeAllowed |= WOLFSSH_USERAUTH_PASSWORD; #ifdef WOLFSSH_KEYBOARD_INTERACTIVE - if (ssh->ctx->keyboardAuthCb != NULL) { - typeAllowed |= WOLFSSH_USERAUTH_KEYBOARD; - } + typeAllowed |= WOLFSSH_USERAUTH_KEYBOARD; #endif #if !defined(WOLFSSH_NO_RSA) || !defined(WOLFSSH_NO_ECDSA) typeAllowed |= WOLFSSH_USERAUTH_PUBLICKEY; diff --git a/src/ssh.c b/src/ssh.c index 6d2012ad..25523d03 100644 --- a/src/ssh.c +++ b/src/ssh.c @@ -1338,23 +1338,6 @@ int wolfSSH_SendDisconnect(WOLFSSH *ssh, word32 reason) return SendDisconnect(ssh, reason); } -#ifdef WOLFSSH_KEYBOARD_INTERACTIVE -void wolfSSH_SetKeyboardAuthPrompts(WOLFSSH_CTX* ctx, - WS_CallbackKeyboardAuthPrompts cb) -{ - if (ctx != NULL) { - ctx->keyboardAuthCb = cb; - } -} - -void wolfSSH_SetKeyboardAuthCtx(WOLFSSH* ssh, void* keyboardAuthCtx) -{ - if (ssh != NULL) { - ssh->keyboardAuthCtx = keyboardAuthCtx; - } -} -#endif - void wolfSSH_SetUserAuth(WOLFSSH_CTX* ctx, WS_CallbackUserAuth cb) { if (ctx != NULL) { diff --git a/wolfssh/internal.h b/wolfssh/internal.h index 1b60139a..7f341d4d 100644 --- a/wolfssh/internal.h +++ b/wolfssh/internal.h @@ -529,9 +529,6 @@ struct WOLFSSH_CTX { WS_CallbackUserAuth userAuthCb; /* User Authentication Callback */ WS_CallbackUserAuthTypes userAuthTypesCb; /* Authentication Types Allowed */ WS_CallbackUserAuthResult userAuthResultCb; /* User Authentication Result */ -#ifdef WOLFSSH_KEYBOARD_INTERACTIVE - WS_CallbackKeyboardAuthPrompts keyboardAuthCb; /* Keyboard auth prompts */ -#endif WS_CallbackHighwater highwaterCb; /* Data Highwater Mark Callback */ WS_CallbackGlobalReq globalReqCb; /* Global Request Callback */ WS_CallbackReqSuccess reqSuccessCb; /* Global Request Success Callback */ diff --git a/wolfssh/ssh.h b/wolfssh/ssh.h index 9a49b440..fb2324ab 100644 --- a/wolfssh/ssh.h +++ b/wolfssh/ssh.h @@ -368,13 +368,6 @@ WOLFSSH_API void wolfSSH_SetUserAuthTypes(WOLFSSH_CTX*, WOLFSSH_API void wolfSSH_SetUserAuthCtx(WOLFSSH*, void*); WOLFSSH_API void* wolfSSH_GetUserAuthCtx(WOLFSSH*); -#ifdef WOLFSSH_KEYBOARD_INTERACTIVE -typedef int (*WS_CallbackKeyboardAuthPrompts)(WS_UserAuthData_Keyboard*, void*); -WOLFSSH_API void wolfSSH_SetKeyboardAuthPrompts(WOLFSSH_CTX*, - WS_CallbackKeyboardAuthPrompts); -WOLFSSH_API void wolfSSH_SetKeyboardAuthCtx(WOLFSSH*, void*); -#endif - typedef int (*WS_CallbackUserAuthResult)(byte result, WS_UserAuthData* authData, void* userAuthResultCtx); WOLFSSH_API void wolfSSH_SetUserAuthResult(WOLFSSH_CTX* ctx, @@ -474,6 +467,7 @@ enum WS_FormatTypes { #define WOLFSSH_USERAUTH_PUBLICKEY 0x02 #define WOLFSSH_USERAUTH_KEYBOARD 0x04 #define WOLFSSH_USERAUTH_NONE 0x08 +#define WOLFSSH_USERAUTH_KEYBOARD_SETUP 0x10 enum WS_UserAuthResults {