WolfSSL
/
wolfssh
mirror of https://github.com/wolfSSL/wolfssh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #175 from kojo1/PW_retry 

Password retry out
pull/176/head
John Safranek 2019-07-01 16:46:42 -07:00 committed by GitHub
parent e4c97be319 401fcbd483
commit ff6c167aad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 33 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
examples/echoserver/echoserver.c
View File

@ -391,6 +391,11 @@ static THREAD_RETURN WOLFSSH_THREAD server_worker(void* vArgs)
ret = 0; /* don't break out of loop with version miss match */
printf("Unsupported version error\n");
}
else if (ret == WS_FATAL_ERROR && wolfSSH_get_error(threadCtx->ssh) ==
WS_USER_AUTH_E) {
ret = 0; /* don't break out of loop with user auth error */
printf("User Authentication error\n");
}
if (wolfSSH_shutdown(threadCtx->ssh) != WS_SUCCESS) {
fprintf(stderr, "Error with SSH shutdown.\n");
@ -683,6 +688,8 @@ static int LoadPublicKeyBuffer(byte* buf, word32 bufSz, PwMapList* list)
return 0;
}
#define MAX_PASSWD_RETRY 3
static int passwdRetry = MAX_PASSWD_RETRY;
static int wsUserAuth(byte authType,
WS_UserAuthData* authData,
@ -691,6 +698,7 @@ static int wsUserAuth(byte authType,
PwMapList* list;
PwMap* map;
byte authHash[SHA256_DIGEST_SIZE];
int ret;
if (ctx == NULL) {
fprintf(stderr, "wsUserAuth: ctx not set");
@ -737,9 +745,12 @@ static int wsUserAuth(byte authType,
return WOLFSSH_USERAUTH_SUCCESS;
}
else {
return (authType == WOLFSSH_USERAUTH_PASSWORD ?
WOLFSSH_USERAUTH_INVALID_PASSWORD :
WOLFSSH_USERAUTH_INVALID_PUBLICKEY);
ret = (authType == WOLFSSH_USERAUTH_PASSWORD ?
(--passwdRetry > 0 ?
WOLFSSH_USERAUTH_INVALID_PASSWORD : WOLFSSH_USERAUTH_REJECTED)
: WOLFSSH_USERAUTH_INVALID_PUBLICKEY);
if (passwdRetry == 0)passwdRetry = MAX_PASSWD_RETRY;
return ret;
}
}
else {

13
src/internal.c
View File

@ -272,6 +272,9 @@ const char* GetErrorString(int err)
case WS_EXTDATA:
return "Extended Data available to be read";
case WS_USER_AUTH_E:
return "User authentication error";
default:
return "Unknown error code";
}
@ -3221,14 +3224,22 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
ssh->clientState = CLIENT_USERAUTH_DONE;
ret = WS_SUCCESS;
}
else if (ret == WOLFSSH_USERAUTH_REJECTED) {
WLOG(WS_LOG_DEBUG, "DUARPW: password rejected");
ret = SendUserAuthFailure(ssh, 0);
if (ret == WS_SUCCESS)
ret = WS_USER_AUTH_E;
}
else {
WLOG(WS_LOG_DEBUG, "DUARPW: password check failed");
WLOG(WS_LOG_DEBUG, "DUARPW: password check failed, retry");
ret = SendUserAuthFailure(ssh, 0);
}
}
else {
WLOG(WS_LOG_DEBUG, "DUARPW: No user auth callback");
ret = SendUserAuthFailure(ssh, 0);
if (ret == WS_SUCCESS)
ret = WS_FATAL_ERROR;
}
}

3
wolfssh/error.h
View File

@ -105,8 +105,9 @@ enum WS_ErrorCodes {
WS_CLOSE_FILE_E = -1065, /* Unable to close local file */
WS_PUBKEY_REJECTED_E = -1066, /* Server public key rejected */
WS_EXTDATA = -1067, /* Extended Data available to be read */
WS_USER_AUTH_E = -1068, /* User authentication error */
WS_LAST_E = -1067 /* Update this to indicate last error */
WS_LAST_E = -1068 /* Update this to indicate last error */
};

6
wolfssh/ssh.h
View File

@ -234,17 +234,17 @@ enum WS_UserAuthTypes {
WOLFSSH_USERAUTH_PUBLICKEY
};
enum WS_UserAuthResults {
enum WS_UserAuthResults
{
WOLFSSH_USERAUTH_SUCCESS,
WOLFSSH_USERAUTH_FAILURE,
WOLFSSH_USERAUTH_INVALID_AUTHTYPE,
WOLFSSH_USERAUTH_INVALID_USER,
WOLFSSH_USERAUTH_INVALID_PASSWORD,
WOLFSSH_USERAUTH_REJECTED,
WOLFSSH_USERAUTH_INVALID_PUBLICKEY
};
enum WS_DisconnectReasonCodes {
WOLFSSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT = 1,
WOLFSSH_DISCONNECT_PROTOCOL_ERROR = 2,