-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Asynchronous user authentication. #541
Asynchronous user authentication. #541
Conversation
Can one of the admins verify this patch? |
16136a9
to
0ca42de
Compare
ok to test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like this idea, having async with user authentication callback. Have been testing with this change. Adding a simple :
--- a/examples/client/common.c
+++ b/examples/client/common.c
@@ -433,6 +433,7 @@ int ClientPublicKeyCheck(const byte* pubKey, word32 pubKeySz, void* ctx)
}
+static int count = 0;
int ClientUserAuth(byte authType,
WS_UserAuthData* authData,
void* ctx)
@@ -453,6 +454,11 @@ int ClientUserAuth(byte authType,
printf("wolfSSH requesting to use type %d\n", authType);
#endif
+ if (count++ < 2) {
+ printf("returning auth blocking authRype = %d\n", authType);
+ return WOLFSSH_USERAUTH_WOULD_BLOCK;
+ }
+
/* Wait for request of public key on names known to have one */
And the server side is still cycling through the available auth types without going back to the first case that returned WOLFSSH_USERAUTH_WOULD_BLOCK.
$ sudo ./apps/wolfsshd/wolfsshd -D -f ./sshd_config -h ./keys/server-key.pem
$ ./examples/client/client -u jak -h 127.0.0.1 -t
returning auth blocking authRype = 1
returning auth blocking authRype = 2
wolfSSH error: Couldn't connect SSH stream.
@JacobBarthelmeh the functionality has only been tested server-side. To make use of it, one needs to return WOLFSSH_USERAUTH_WOULD_BLOCK and then at a later time trigger a new read from the socket. Since the auth request doesn't get discarded when returning WOLFSH_USERAUTH_WOULD_BLOCK, the auth callback gets then invoked with the same request again. |
0ca42de
to
5a43f75
Compare
5a43f75
to
80bd1f7
Compare
…USERAUTH_DONE if ret is not WS_SUCCESS.
ea4bf73
to
6695a0b
Compare
Superseded by PR #695. |
This patch makes it possible to do asynchronous user authentication, by returning WOLFSSH_USERAUTH_WOULD_BLOCK from the authentication callback.