mirror of https://github.com/wolfSSL/wolfssh.git
Auth Type None
1. Added a compile time option to allow None as an authentication type, mainly for testing. 2. Added a couple updates for VxWorks builds.pull/259/head
parent
9ae1ad1e08
commit
df74449ea1
|
@ -583,11 +583,13 @@ static PwMap* PwMapNew(PwMapList* list, byte type, const byte* username,
|
||||||
map->username[usernameSz] = 0;
|
map->username[usernameSz] = 0;
|
||||||
map->usernameSz = usernameSz;
|
map->usernameSz = usernameSz;
|
||||||
|
|
||||||
wc_InitSha256(&sha);
|
if (type != WOLFSSH_USERAUTH_NONE) {
|
||||||
c32toa(pSz, flatSz);
|
wc_InitSha256(&sha);
|
||||||
wc_Sha256Update(&sha, flatSz, sizeof(flatSz));
|
c32toa(pSz, flatSz);
|
||||||
wc_Sha256Update(&sha, p, pSz);
|
wc_Sha256Update(&sha, flatSz, sizeof(flatSz));
|
||||||
wc_Sha256Final(&sha, map->p);
|
wc_Sha256Update(&sha, p, pSz);
|
||||||
|
wc_Sha256Final(&sha, map->p);
|
||||||
|
}
|
||||||
|
|
||||||
map->next = list->head;
|
map->next = list->head;
|
||||||
list->head = map;
|
list->head = map;
|
||||||
|
@ -640,6 +642,45 @@ static const char samplePublicKeyRsaBuffer[] =
|
||||||
"biE57dK6BrH5iZwVLTQKux31uCJLPhiktI3iLbdlGZEctJkTasfVSsUizwVIyRjhVKmbdI"
|
"biE57dK6BrH5iZwVLTQKux31uCJLPhiktI3iLbdlGZEctJkTasfVSsUizwVIyRjhVKmbdI"
|
||||||
"RGwkU38D043AR1h0mUoGCPIKuqcFMf gretel\n";
|
"RGwkU38D043AR1h0mUoGCPIKuqcFMf gretel\n";
|
||||||
|
|
||||||
|
static const char sampleNoneBuffer[] =
|
||||||
|
"holmes\n"
|
||||||
|
"watson\n";
|
||||||
|
|
||||||
|
|
||||||
|
static int LoadNoneBuffer(byte* buf, word32 bufSz, PwMapList* list)
|
||||||
|
{
|
||||||
|
char* str = (char*)buf;
|
||||||
|
char* username;
|
||||||
|
|
||||||
|
/* Each line of none list is in the format
|
||||||
|
* username\n
|
||||||
|
* This function modifies the passed-in buffer. */
|
||||||
|
|
||||||
|
if (list == NULL)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
if (buf == NULL || bufSz == 0)
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
while (*str != 0) {
|
||||||
|
username = str;
|
||||||
|
str = strchr(username, '\n');
|
||||||
|
if (str == NULL) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
*str = 0;
|
||||||
|
str++;
|
||||||
|
if (PwMapNew(list, WOLFSSH_USERAUTH_NONE,
|
||||||
|
(byte*)username, (word32)strlen(username),
|
||||||
|
NULL, 0) == NULL ) {
|
||||||
|
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static int LoadPasswordBuffer(byte* buf, word32 bufSz, PwMapList* list)
|
static int LoadPasswordBuffer(byte* buf, word32 bufSz, PwMapList* list)
|
||||||
{
|
{
|
||||||
|
@ -762,6 +803,9 @@ static int wsUserAuth(byte authType,
|
||||||
}
|
}
|
||||||
|
|
||||||
if (authType != WOLFSSH_USERAUTH_PASSWORD &&
|
if (authType != WOLFSSH_USERAUTH_PASSWORD &&
|
||||||
|
#ifdef WOLFSSH_ALLOW_USERAUTH_NONE
|
||||||
|
authType != WOLFSSH_USERAUTH_NONE &&
|
||||||
|
#endif
|
||||||
authType != WOLFSSH_USERAUTH_PUBLICKEY) {
|
authType != WOLFSSH_USERAUTH_PUBLICKEY) {
|
||||||
|
|
||||||
return WOLFSSH_USERAUTH_FAILURE;
|
return WOLFSSH_USERAUTH_FAILURE;
|
||||||
|
@ -794,7 +838,36 @@ static int wsUserAuth(byte authType,
|
||||||
|
|
||||||
while (map != NULL) {
|
while (map != NULL) {
|
||||||
if (authData->usernameSz == map->usernameSz &&
|
if (authData->usernameSz == map->usernameSz &&
|
||||||
memcmp(authData->username, map->username, map->usernameSz) == 0) {
|
memcmp(authData->username, map->username, map->usernameSz) == 0 &&
|
||||||
|
authData->type == map->type) {
|
||||||
|
|
||||||
|
if (authData->type == WOLFSSH_USERAUTH_PUBLICKEY) {
|
||||||
|
if (memcmp(map->p, authHash, WC_SHA256_DIGEST_SIZE) == 0) {
|
||||||
|
return WOLFSSH_USERAUTH_SUCCESS;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return WOLFSSH_USERAUTH_INVALID_PUBLICKEY;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if (authData->type == WOLFSSH_USERAUTH_PASSWORD) {
|
||||||
|
if (memcmp(map->p, authHash, WC_SHA256_DIGEST_SIZE) == 0) {
|
||||||
|
return WOLFSSH_USERAUTH_SUCCESS;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
passwdRetry--;
|
||||||
|
return (passwdRetry > 0) ?
|
||||||
|
WOLFSSH_USERAUTH_INVALID_PASSWORD :
|
||||||
|
WOLFSSH_USERAUTH_REJECTED;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#ifdef WOLFSSH_ALLOW_USERAUTH_NONE
|
||||||
|
else if (authData->type == WOLFSSH_USERAUTH_NONE) {
|
||||||
|
return WOLFSSH_USERAUTH_SUCCESS;
|
||||||
|
}
|
||||||
|
#endif /* WOLFSSH_ALLOW_USERAUTH_NONE */
|
||||||
|
else {
|
||||||
|
return WOLFSSH_USERAUTH_INVALID_AUTHTYPE;
|
||||||
|
}
|
||||||
|
|
||||||
if (authData->type == map->type) {
|
if (authData->type == map->type) {
|
||||||
if (memcmp(map->p, authHash, WC_SHA256_DIGEST_SIZE) == 0) {
|
if (memcmp(map->p, authHash, WC_SHA256_DIGEST_SIZE) == 0) {
|
||||||
|
@ -975,6 +1048,11 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args)
|
||||||
memcpy(buf, bufName, bufSz);
|
memcpy(buf, bufName, bufSz);
|
||||||
buf[bufSz] = 0;
|
buf[bufSz] = 0;
|
||||||
LoadPublicKeyBuffer(buf, bufSz, &pwMapList);
|
LoadPublicKeyBuffer(buf, bufSz, &pwMapList);
|
||||||
|
|
||||||
|
bufSz = (word32)strlen(sampleNoneBuffer);
|
||||||
|
memcpy(buf, sampleNoneBuffer, bufSz);
|
||||||
|
buf[bufSz] = 0;
|
||||||
|
LoadNoneBuffer(buf, bufSz, &pwMapList);
|
||||||
}
|
}
|
||||||
#ifdef WOLFSSL_NUCLEUS
|
#ifdef WOLFSSL_NUCLEUS
|
||||||
{
|
{
|
||||||
|
|
|
@ -3354,6 +3354,62 @@ static int DoServiceAccept(WOLFSSH* ssh,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef WOLFSSH_ALLOW_USERAUTH_NONE
|
||||||
|
/* Utility for DoUserAuthRequest() */
|
||||||
|
static int DoUserAuthRequestNone(WOLFSSH* ssh, WS_UserAuthData* authData,
|
||||||
|
byte* buf, word32 len, word32* idx)
|
||||||
|
{
|
||||||
|
int ret = WS_SUCCESS;
|
||||||
|
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestNone()");
|
||||||
|
|
||||||
|
(void)len;
|
||||||
|
|
||||||
|
if (ssh == NULL || authData == NULL ||
|
||||||
|
buf == NULL || idx == NULL) {
|
||||||
|
|
||||||
|
ret = WS_BAD_ARGUMENT;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ret == WS_SUCCESS) {
|
||||||
|
authData->type = WOLFSSH_USERAUTH_NONE;
|
||||||
|
if (ssh->ctx->userAuthCb != NULL) {
|
||||||
|
WLOG(WS_LOG_DEBUG, "DUARN: Calling the userauth callback");
|
||||||
|
ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_NONE,
|
||||||
|
authData, ssh->userAuthCtx);
|
||||||
|
if (ret == WOLFSSH_USERAUTH_SUCCESS) {
|
||||||
|
WLOG(WS_LOG_DEBUG, "DUARN: none check successful");
|
||||||
|
ssh->clientState = CLIENT_USERAUTH_DONE;
|
||||||
|
ret = WS_SUCCESS;
|
||||||
|
}
|
||||||
|
else if (ret == WOLFSSH_USERAUTH_REJECTED) {
|
||||||
|
WLOG(WS_LOG_DEBUG, "DUARN: password rejected");
|
||||||
|
#ifndef NO_FAILURE_ON_REJECTED
|
||||||
|
ret = SendUserAuthFailure(ssh, 0);
|
||||||
|
if (ret == WS_SUCCESS)
|
||||||
|
ret = WS_USER_AUTH_E;
|
||||||
|
#else
|
||||||
|
ret = WS_USER_AUTH_E;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
WLOG(WS_LOG_DEBUG, "DUARN: none check failed, retry");
|
||||||
|
ret = SendUserAuthFailure(ssh, 0);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
WLOG(WS_LOG_DEBUG, "DUARN: No user auth callback");
|
||||||
|
ret = SendUserAuthFailure(ssh, 0);
|
||||||
|
if (ret == WS_SUCCESS)
|
||||||
|
ret = WS_FATAL_ERROR;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthRequestNone(), ret = %d", ret);
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/* Utility for DoUserAuthRequest() */
|
/* Utility for DoUserAuthRequest() */
|
||||||
static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
|
static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
|
||||||
byte* buf, word32 len, word32* idx)
|
byte* buf, word32 len, word32* idx)
|
||||||
|
@ -3918,7 +3974,7 @@ static int DoUserAuthRequest(WOLFSSH* ssh,
|
||||||
}
|
}
|
||||||
#ifdef WOLFSSH_ALLOW_USERAUTH_NONE
|
#ifdef WOLFSSH_ALLOW_USERAUTH_NONE
|
||||||
else if (authNameId == ID_NONE) {
|
else if (authNameId == ID_NONE) {
|
||||||
ssh->clientState = CLIENT_USERAUTH_DONE;
|
ret = DoUserAuthRequestNone(ssh, &authData, buf, len, &begin);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
else {
|
else {
|
||||||
|
|
|
@ -242,6 +242,7 @@ enum WS_FormatTypes {
|
||||||
/* bit map */
|
/* bit map */
|
||||||
#define WOLFSSH_USERAUTH_PASSWORD 0x01
|
#define WOLFSSH_USERAUTH_PASSWORD 0x01
|
||||||
#define WOLFSSH_USERAUTH_PUBLICKEY 0x02
|
#define WOLFSSH_USERAUTH_PUBLICKEY 0x02
|
||||||
|
#define WOLFSSH_USERAUTH_NONE 0x04
|
||||||
|
|
||||||
enum WS_UserAuthResults
|
enum WS_UserAuthResults
|
||||||
{
|
{
|
||||||
|
|
|
@ -49,6 +49,8 @@
|
||||||
#include <selectLib.h>
|
#include <selectLib.h>
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <netinet/in.h>
|
#include <netinet/in.h>
|
||||||
|
#include <netinet/tcp.h>
|
||||||
|
#include <ipcom_sock.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <sys/time.h>
|
#include <sys/time.h>
|
||||||
#include <netdb.h>
|
#include <netdb.h>
|
||||||
|
@ -376,7 +378,7 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
|
||||||
NU_HOSTENT h;
|
NU_HOSTENT h;
|
||||||
entry = &h;
|
entry = &h;
|
||||||
NU_Get_Host_By_Name((char*)peer, entry);
|
NU_Get_Host_By_Name((char*)peer, entry);
|
||||||
#else
|
#else
|
||||||
struct hostent* entry = gethostbyname(peer);
|
struct hostent* entry = gethostbyname(peer);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue