From 5a43f759640de37f1ef57d142bd258d3fba1ca4e Mon Sep 17 00:00:00 2001
From: Fabio <507164+falemagn@users.noreply.github.com>
Date: Fri, 21 Jul 2023 09:22:55 +0200
Subject: [PATCH] Asynchronous user authentication.

---
 src/internal.c  | 49 ++++++++++++++++++++++++++++++++++++-------------
 src/ssh.c       |  2 +-
 wolfssh/error.h |  3 ++-
 wolfssh/ssh.h   |  3 ++-
 4 files changed, 41 insertions(+), 16 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 2cb19060a..c157fc1cf 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -418,6 +418,9 @@ const char* GetErrorString(int err)
         case WS_MATCH_UA_KEY_ID_E:
             return "unable to match user auth key type";
 
+        case WS_AUTH_PENDING:
+            return "userauth is still pending (callback would block)";
+
         default:
             return "Unknown error code";
     }
@@ -4951,6 +4954,10 @@ static int DoUserAuthRequestNone(WOLFSSH* ssh, WS_UserAuthData* authData,
                 ret = WS_USER_AUTH_E;
                 #endif
             }
+            else if (ret == WOLFSSH_USERAUTH_WOULD_BLOCK) {
+                WLOG(WS_LOG_DEBUG, "DUARN: userauth callback would block");
+                ret = WS_AUTH_PENDING;
+            }
             else {
                 WLOG(WS_LOG_DEBUG, "DUARN: none check failed, retry");
                 ret = SendUserAuthFailure(ssh, 0);
@@ -5033,6 +5040,10 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
                 ret = WS_USER_AUTH_E;
                 #endif
             }
+            else if (ret == WOLFSSH_USERAUTH_WOULD_BLOCK) {
+                WLOG(WS_LOG_DEBUG, "DUARPW: userauth callback would block");
+                ret = WS_AUTH_PENDING;
+            }
             else {
                 WLOG(WS_LOG_DEBUG, "DUARPW: password check failed, retry");
                 ret = SendUserAuthFailure(ssh, 0);
@@ -5838,6 +5849,7 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
             ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_PUBLICKEY,
                                        authData, ssh->userAuthCtx);
             WLOG(WS_LOG_DEBUG, "DUARPK: callback result = %d", ret);
+
         #ifdef DEBUG_WOLFSSH
             switch (ret) {
                 case WOLFSSH_USERAUTH_INVALID_PUBLICKEY:
@@ -5848,7 +5860,6 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
                     WLOG(WS_LOG_DEBUG, "DUARPK: public key user rejected");
                     break;
 
-
                 case WOLFSSH_USERAUTH_FAILURE:
                     WLOG(WS_LOG_DEBUG, "DUARPK: public key general failure");
                     break;
@@ -5861,16 +5872,25 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
                     WLOG(WS_LOG_DEBUG, "DUARPK: public key rejected");
                     break;
 
+                case WOLFSSH_USERAUTH_WOULD_BLOCK:
+                    WLOG(WS_LOG_DEBUG, "DUARPK: userauth callback would block");
+                    break;
+
                 default:
                     WLOG(WS_LOG_DEBUG,
                         "Unexpected return value from Auth callback");
             }
         #endif
 
-            if (ret != WOLFSSH_USERAUTH_SUCCESS) {
-                authFailure = 1;
+            if (ret == WOLFSSH_USERAUTH_WOULD_BLOCK) {
+                ret = WS_AUTH_PENDING;
+            }
+            else {
+                if (ret != WOLFSSH_USERAUTH_SUCCESS)
+                    authFailure = 1;
+                    
+                ret = WS_SUCCESS;
             }
-            ret = WS_SUCCESS;
         }
         else {
             WLOG(WS_LOG_DEBUG, "DUARPK: no userauth callback set");
@@ -7228,17 +7248,20 @@ static int DoPacket(WOLFSSH* ssh)
             ret = SendUnimplemented(ssh);
     }
 
-    if (payloadSz > 0) {
-        idx += payloadIdx;
-        if (idx + padSz > len) {
-            WLOG(WS_LOG_DEBUG, "Not enough data in buffer for pad.");
-            ret = WS_BUFFER_E;
+    /* if the auth is still pending, don't discard the packet data */
+    if (ret != WS_AUTH_PENDING) {
+        if (payloadSz > 0) {
+            idx += payloadIdx;
+            if (idx + padSz > len) {
+                WLOG(WS_LOG_DEBUG, "Not enough data in buffer for pad.");
+                ret = WS_BUFFER_E;
+            }
         }
-    }
 
-    idx += padSz;
-    ssh->inputBuffer.idx = idx;
-    ssh->peerSeq++;
+        idx += padSz;
+        ssh->inputBuffer.idx = idx;
+        ssh->peerSeq++;
+    }
 
     return ret;
 }
diff --git a/src/ssh.c b/src/ssh.c
index b94debaef..fc034463c 100644
--- a/src/ssh.c
+++ b/src/ssh.c
@@ -400,7 +400,7 @@ int wolfSSH_accept(WOLFSSH* ssh)
         return WS_BAD_ARGUMENT;
 
     /* clear want read/writes for retry */
-    if (ssh->error == WS_WANT_READ || ssh->error == WS_WANT_WRITE)
+    if (ssh->error == WS_WANT_READ || ssh->error == WS_WANT_WRITE || ssh->error == WS_AUTH_PENDING)
         ssh->error = 0;
 
     if (ssh->error != 0) {
diff --git a/wolfssh/error.h b/wolfssh/error.h
index d964b7ac3..092844d30 100644
--- a/wolfssh/error.h
+++ b/wolfssh/error.h
@@ -128,8 +128,9 @@ enum WS_ErrorCodes {
     WS_CERT_KEY_SIZE_E      = -1087, /* Key size error */
     WS_CTX_KEY_COUNT_E      = -1088, /* Adding too many private keys */
     WS_MATCH_UA_KEY_ID_E    = -1089, /* Match user auth key key fail */
+    WS_AUTH_PENDING         = -1090, /* User authentication still pending */
     
-    WS_LAST_E               = -1089  /* Update this to indicate last error */
+    WS_LAST_E               = -1090  /* Update this to indicate last error */
 };
 
 
diff --git a/wolfssh/ssh.h b/wolfssh/ssh.h
index 5dce49fc8..bdca739c5 100644
--- a/wolfssh/ssh.h
+++ b/wolfssh/ssh.h
@@ -318,7 +318,8 @@ enum WS_UserAuthResults
     WOLFSSH_USERAUTH_INVALID_USER,
     WOLFSSH_USERAUTH_INVALID_PASSWORD,
     WOLFSSH_USERAUTH_REJECTED,
-    WOLFSSH_USERAUTH_INVALID_PUBLICKEY
+    WOLFSSH_USERAUTH_INVALID_PUBLICKEY,
+    WOLFSSH_USERAUTH_WOULD_BLOCK
 };
 
 enum WS_DisconnectReasonCodes {