Auth Type None

1. Added a compile time option to allow None as an authentication type, mainly
for testing.
2. Added a couple updates for VxWorks builds.

examples/echoserver/echoserver.c

@@ -583,11 +583,13 @@ static PwMap* PwMapNew(PwMapList* list, byte type, const byte* username,
         map->username[usernameSz] = 0;
         map->usernameSz = usernameSz;
 
-        wc_InitSha256(&sha);
+        if (type != WOLFSSH_USERAUTH_NONE) {
-        c32toa(pSz, flatSz);
+            wc_InitSha256(&sha);
-        wc_Sha256Update(&sha, flatSz, sizeof(flatSz));
+            c32toa(pSz, flatSz);
-        wc_Sha256Update(&sha, p, pSz);
+            wc_Sha256Update(&sha, flatSz, sizeof(flatSz));
-        wc_Sha256Final(&sha, map->p);
+            wc_Sha256Update(&sha, p, pSz);
+            wc_Sha256Final(&sha, map->p);
+        }
 
         map->next = list->head;
         list->head = map;
@@ -640,6 +642,45 @@ static const char samplePublicKeyRsaBuffer[] =
     "biE57dK6BrH5iZwVLTQKux31uCJLPhiktI3iLbdlGZEctJkTasfVSsUizwVIyRjhVKmbdI"
     "RGwkU38D043AR1h0mUoGCPIKuqcFMf gretel\n";
 
+static const char sampleNoneBuffer[] =
+    "holmes\n"
+    "watson\n";
+
+
+static int LoadNoneBuffer(byte* buf, word32 bufSz, PwMapList* list)
+{
+    char* str = (char*)buf;
+    char* username;
+
+    /* Each line of none list is in the format
+     *     username\n
+     * This function modifies the passed-in buffer. */
+
+    if (list == NULL)
+        return -1;
+
+    if (buf == NULL || bufSz == 0)
+        return 0;
+
+    while (*str != 0) {
+        username = str;
+        str = strchr(username, '\n');
+        if (str == NULL) {
+            return -1;
+        }
+        *str = 0;
+        str++;
+        if (PwMapNew(list, WOLFSSH_USERAUTH_NONE,
+                     (byte*)username, (word32)strlen(username),
+                     NULL, 0) == NULL ) {
+
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
 
 static int LoadPasswordBuffer(byte* buf, word32 bufSz, PwMapList* list)
 {
@@ -762,6 +803,9 @@ static int wsUserAuth(byte authType,
     }
 
     if (authType != WOLFSSH_USERAUTH_PASSWORD &&
+#ifdef WOLFSSH_ALLOW_USERAUTH_NONE
+        authType != WOLFSSH_USERAUTH_NONE &&
+#endif
         authType != WOLFSSH_USERAUTH_PUBLICKEY) {
 
         return WOLFSSH_USERAUTH_FAILURE;
@@ -794,7 +838,36 @@ static int wsUserAuth(byte authType,
 
     while (map != NULL) {
         if (authData->usernameSz == map->usernameSz &&
-            memcmp(authData->username, map->username, map->usernameSz) == 0) {
+            memcmp(authData->username, map->username, map->usernameSz) == 0 &&
+            authData->type == map->type) {
+
+            if (authData->type == WOLFSSH_USERAUTH_PUBLICKEY) {
+                if (memcmp(map->p, authHash, WC_SHA256_DIGEST_SIZE) == 0) {
+                    return WOLFSSH_USERAUTH_SUCCESS;
+                }
+                else {
+                   return WOLFSSH_USERAUTH_INVALID_PUBLICKEY;
+                }
+            }
+            else if (authData->type == WOLFSSH_USERAUTH_PASSWORD) {
+                if (memcmp(map->p, authHash, WC_SHA256_DIGEST_SIZE) == 0) {
+                    return WOLFSSH_USERAUTH_SUCCESS;
+                }
+                else {
+                    passwdRetry--;
+                    return (passwdRetry > 0) ?
+                        WOLFSSH_USERAUTH_INVALID_PASSWORD :
+                        WOLFSSH_USERAUTH_REJECTED;
+                 }
+            }
+#ifdef WOLFSSH_ALLOW_USERAUTH_NONE
+            else if (authData->type == WOLFSSH_USERAUTH_NONE) {
+                return WOLFSSH_USERAUTH_SUCCESS;
+            }
+#endif /* WOLFSSH_ALLOW_USERAUTH_NONE */
+            else {
+                 return WOLFSSH_USERAUTH_INVALID_AUTHTYPE;
+            }
 
             if (authData->type == map->type) {
                 if (memcmp(map->p, authHash, WC_SHA256_DIGEST_SIZE) == 0) {
@@ -975,6 +1048,11 @@ THREAD_RETURN WOLFSSH_THREAD echoserver_test(void* args)
         memcpy(buf, bufName, bufSz);
         buf[bufSz] = 0;
         LoadPublicKeyBuffer(buf, bufSz, &pwMapList);
+
+        bufSz = (word32)strlen(sampleNoneBuffer);
+        memcpy(buf, sampleNoneBuffer, bufSz);
+        buf[bufSz] = 0;
+        LoadNoneBuffer(buf, bufSz, &pwMapList);
     }
 #ifdef WOLFSSL_NUCLEUS
     {

src/internal.c

@@ -3354,6 +3354,62 @@ static int DoServiceAccept(WOLFSSH* ssh,
 }
 
 
+#ifdef WOLFSSH_ALLOW_USERAUTH_NONE
+/* Utility for DoUserAuthRequest() */
+static int DoUserAuthRequestNone(WOLFSSH* ssh, WS_UserAuthData* authData,
+                                     byte* buf, word32 len, word32* idx)
+{
+    int ret = WS_SUCCESS;
+    WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestNone()");
+
+    (void)len;
+
+    if (ssh == NULL || authData == NULL ||
+        buf == NULL || idx == NULL) {
+
+        ret = WS_BAD_ARGUMENT;
+    }
+
+    if (ret == WS_SUCCESS) {
+        authData->type = WOLFSSH_USERAUTH_NONE;
+        if (ssh->ctx->userAuthCb != NULL) {
+            WLOG(WS_LOG_DEBUG, "DUARN: Calling the userauth callback");
+            ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_NONE,
+                                       authData, ssh->userAuthCtx);
+            if (ret == WOLFSSH_USERAUTH_SUCCESS) {
+                WLOG(WS_LOG_DEBUG, "DUARN: none check successful");
+                ssh->clientState = CLIENT_USERAUTH_DONE;
+                ret = WS_SUCCESS;
+            }
+            else if (ret == WOLFSSH_USERAUTH_REJECTED) {
+                WLOG(WS_LOG_DEBUG, "DUARN: password rejected");
+                #ifndef NO_FAILURE_ON_REJECTED
+                ret = SendUserAuthFailure(ssh, 0);
+                if (ret == WS_SUCCESS)
+                    ret = WS_USER_AUTH_E;
+                #else
+                ret = WS_USER_AUTH_E;
+                #endif
+            }
+            else {
+                WLOG(WS_LOG_DEBUG, "DUARN: none check failed, retry");
+                ret = SendUserAuthFailure(ssh, 0);
+            }
+        }
+        else {
+            WLOG(WS_LOG_DEBUG, "DUARN: No user auth callback");
+            ret = SendUserAuthFailure(ssh, 0);
+            if (ret == WS_SUCCESS)
+                ret = WS_FATAL_ERROR;
+        }
+    }
+
+    WLOG(WS_LOG_DEBUG, "Leaving DoUserAuthRequestNone(), ret = %d", ret);
+    return ret;
+}
+#endif
+
+
 /* Utility for DoUserAuthRequest() */
 static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
                                      byte* buf, word32 len, word32* idx)
@@ -3918,7 +3974,7 @@ static int DoUserAuthRequest(WOLFSSH* ssh,
         }
 #ifdef WOLFSSH_ALLOW_USERAUTH_NONE
         else if (authNameId == ID_NONE) {
-            ssh->clientState = CLIENT_USERAUTH_DONE;
+            ret = DoUserAuthRequestNone(ssh, &authData, buf, len, &begin);
         }
 #endif
         else {

wolfssh/ssh.h

@@ -242,6 +242,7 @@ enum WS_FormatTypes {
 /* bit map */
 #define WOLFSSH_USERAUTH_PASSWORD  0x01
 #define WOLFSSH_USERAUTH_PUBLICKEY 0x02
+#define WOLFSSH_USERAUTH_NONE      0x04
 
 enum WS_UserAuthResults
 {

wolfssh/test.h

@@ -49,6 +49,8 @@
     #include <selectLib.h>
     #include <sys/types.h>
     #include <netinet/in.h>
+    #include <netinet/tcp.h>
+    #include <ipcom_sock.h>
     #include <fcntl.h>
     #include <sys/time.h>
     #include <netdb.h>
@@ -376,7 +378,7 @@ static INLINE void build_addr(SOCKADDR_IN_T* addr, const char* peer,
             NU_HOSTENT h;
             entry = &h;
             NU_Get_Host_By_Name((char*)peer, entry);
-            #else
+        #else
             struct hostent* entry = gethostbyname(peer);
         #endif