Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Asynchronous user authentication. #541

Conversation

falemagn
Copy link
Contributor

@falemagn falemagn commented Jul 21, 2023

This patch makes it possible to do asynchronous user authentication, by returning WOLFSSH_USERAUTH_WOULD_BLOCK from the authentication callback.

@wolfSSL-Bot
Copy link

Can one of the admins verify this patch?

@falemagn falemagn force-pushed the d533d44_Asynchronous_user_authentication branch from 16136a9 to 0ca42de Compare July 21, 2023 09:57
@JacobBarthelmeh JacobBarthelmeh self-assigned this Jul 21, 2023
@JacobBarthelmeh
Copy link
Contributor

ok to test

Copy link
Contributor

@JacobBarthelmeh JacobBarthelmeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this idea, having async with user authentication callback. Have been testing with this change. Adding a simple :

--- a/examples/client/common.c
+++ b/examples/client/common.c
@@ -433,6 +433,7 @@ int ClientPublicKeyCheck(const byte* pubKey, word32 pubKeySz, void* ctx)
 }
 
 
+static int count = 0;
 int ClientUserAuth(byte authType,
                       WS_UserAuthData* authData,
                       void* ctx)
@@ -453,6 +454,11 @@ int ClientUserAuth(byte authType,
     printf("wolfSSH requesting to use type %d\n", authType);
 #endif
 
+    if (count++ < 2) {
+        printf("returning auth blocking authRype = %d\n", authType);
+        return WOLFSSH_USERAUTH_WOULD_BLOCK;
+    }
+
     /* Wait for request of public key on names known to have one */

And the server side is still cycling through the available auth types without going back to the first case that returned WOLFSSH_USERAUTH_WOULD_BLOCK.

$ sudo ./apps/wolfsshd/wolfsshd -D -f ./sshd_config -h ./keys/server-key.pem


$ ./examples/client/client -u jak -h 127.0.0.1 -t
returning auth blocking authRype = 1
returning auth blocking authRype = 2
wolfSSH error: Couldn't connect SSH stream.

@falemagn
Copy link
Contributor Author

falemagn commented Aug 21, 2023

@JacobBarthelmeh the functionality has only been tested server-side. To make use of it, one needs to return WOLFSSH_USERAUTH_WOULD_BLOCK and then at a later time trigger a new read from the socket. Since the auth request doesn't get discarded when returning WOLFSH_USERAUTH_WOULD_BLOCK, the auth callback gets then invoked with the same request again.

@falemagn falemagn force-pushed the d533d44_Asynchronous_user_authentication branch from 0ca42de to 5a43f75 Compare August 24, 2023 13:15
@falemagn falemagn force-pushed the d533d44_Asynchronous_user_authentication branch from 5a43f75 to 80bd1f7 Compare October 20, 2023 07:34
@falemagn falemagn marked this pull request as draft October 20, 2023 07:50
@falemagn falemagn marked this pull request as ready for review October 20, 2023 07:50
@ejohnstown
Copy link
Contributor

Superseded by PR #695.

@ejohnstown ejohnstown closed this Jun 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants