Skip to content

Commit 6ea3f5c

Browse files
dgarskedgarske
authored
Merge pull request wolfSSL#837 from JacobBarthelmeh/auth
adjust behavior when getting WOLFSSH_USERAUTH_REJECTED return from ca…
2 parents 01e7777 + 54e9f7f commit 6ea3f5c

File tree

1 file changed

+15
-3
lines changed

1 file changed

+15
-3
lines changed

src/internal.c

Lines changed: 15 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6420,7 +6420,7 @@ static int DoUserAuthInfoResponse(WOLFSSH* ssh,
64206420
WS_UserAuthData authData;
64216421
WS_UserAuthData_Keyboard* kb = NULL;
64226422
int ret = WS_SUCCESS;
6423-
int authFailure = 0;
6423+
int authFailure = 0, authRejected = 0;
64246424
byte partialSuccess = 0;
64256425
word32 entry;
64266426
word32 allocatedCount = 0;
@@ -6519,6 +6519,7 @@ static int DoUserAuthInfoResponse(WOLFSSH* ssh,
65196519
#ifndef NO_FAILURE_ON_REJECTED
65206520
authFailure = 1;
65216521
#endif
6522+
authRejected = 1;
65226523
ret = WS_USER_AUTH_E;
65236524
}
65246525
else if (ret == WOLFSSH_USERAUTH_WOULD_BLOCK) {
@@ -6548,6 +6549,9 @@ static int DoUserAuthInfoResponse(WOLFSSH* ssh,
65486549

65496550
if (authFailure || partialSuccess) {
65506551
ret = SendUserAuthFailure(ssh, partialSuccess);
6552+
if (ret == WS_SUCCESS && authRejected) {
6553+
ret = WS_USER_AUTH_E;
6554+
}
65516555
}
65526556
else if (ret == WOLFSSH_USERAUTH_SUCCESS_ANOTHER) {
65536557
ret = SendUserAuthKeyboardRequest(ssh, &authData);
@@ -6569,7 +6573,7 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
65696573
word32 begin;
65706574
WS_UserAuthData_Password* pw = NULL;
65716575
int ret = WS_SUCCESS;
6572-
int authFailure = 0;
6576+
int authFailure = 0, authRejected = 0;
65736577
byte partialSuccess = 0;
65746578

65756579
WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestPassword()");
@@ -6626,6 +6630,7 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
66266630
#ifndef NO_FAILURE_ON_REJECTED
66276631
authFailure = 1;
66286632
#endif
6633+
authRejected = 1;
66296634
ret = WS_USER_AUTH_E;
66306635
}
66316636
else if (ret == WOLFSSH_USERAUTH_WOULD_BLOCK) {
@@ -6649,6 +6654,9 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
66496654

66506655
if (authFailure || partialSuccess) {
66516656
ret = SendUserAuthFailure(ssh, partialSuccess);
6657+
if (ret == WS_SUCCESS && authRejected) {
6658+
ret = WS_USER_AUTH_E;
6659+
}
66526660
}
66536661
else if (ret == WS_SUCCESS) {
66546662
ssh->clientState = CLIENT_USERAUTH_DONE;
@@ -7421,7 +7429,7 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
74217429
word32 sigBlobSz = 0;
74227430
word32 begin;
74237431
int ret = WS_SUCCESS;
7424-
int authFailure = 0;
7432+
int authFailure = 0, authRejected = 0;
74257433
int partialSuccess = 0;
74267434
byte hasSig = 0;
74277435
byte pkTypeId = ID_NONE;
@@ -7589,6 +7597,7 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
75897597
#ifndef NO_FAILURE_ON_REJECTED
75907598
authFailure = 1;
75917599
#endif
7600+
authRejected = 1;
75927601
ret = WS_USER_AUTH_E;
75937602
}
75947603
else {
@@ -7745,6 +7754,9 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
77457754

77467755
if (authFailure) {
77477756
ret = SendUserAuthFailure(ssh, 0);
7757+
if (ret == WS_SUCCESS && authRejected) {
7758+
ret = WS_USER_AUTH_E;
7759+
}
77487760
}
77497761
else if (partialSuccess && hasSig) {
77507762
ret = SendUserAuthFailure(ssh, 1);

0 commit comments

Comments
 (0)