Skip to content

adjust behavior when getting WOLFSSH_USERAUTH_REJECTED return from ca… #837

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dgarske merged 1 commit into from
Oct 2, 2025
Merged

adjust behavior when getting WOLFSSH_USERAUTH_REJECTED return from ca… #837

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 15 additions & 3 deletions src/internal.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6420,7 +6420,7 @@ static int DoUserAuthInfoResponse(WOLFSSH* ssh,
WS_UserAuthData authData;
WS_UserAuthData_Keyboard* kb = NULL;
int ret = WS_SUCCESS;
int authFailure = 0;
int authFailure = 0, authRejected = 0;
byte partialSuccess = 0;
word32 entry;
word32 allocatedCount = 0;
Expand Down Expand Up @@ -6519,6 +6519,7 @@ static int DoUserAuthInfoResponse(WOLFSSH* ssh,
#ifndef NO_FAILURE_ON_REJECTED
authFailure = 1;
#endif
authRejected = 1;
ret = WS_USER_AUTH_E;
}
else if (ret == WOLFSSH_USERAUTH_WOULD_BLOCK) {
Expand Down Expand Up @@ -6548,6 +6549,9 @@ static int DoUserAuthInfoResponse(WOLFSSH* ssh,

if (authFailure || partialSuccess) {
ret = SendUserAuthFailure(ssh, partialSuccess);
if (ret == WS_SUCCESS && authRejected) {
ret = WS_USER_AUTH_E;
}
}
else if (ret == WOLFSSH_USERAUTH_SUCCESS_ANOTHER) {
ret = SendUserAuthKeyboardRequest(ssh, &authData);
Expand All @@ -6569,7 +6573,7 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
word32 begin;
WS_UserAuthData_Password* pw = NULL;
int ret = WS_SUCCESS;
int authFailure = 0;
int authFailure = 0, authRejected = 0;
byte partialSuccess = 0;

WLOG(WS_LOG_DEBUG, "Entering DoUserAuthRequestPassword()");
Expand Down Expand Up @@ -6626,6 +6630,7 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,
#ifndef NO_FAILURE_ON_REJECTED
authFailure = 1;
#endif
authRejected = 1;
ret = WS_USER_AUTH_E;
}
else if (ret == WOLFSSH_USERAUTH_WOULD_BLOCK) {
Expand All @@ -6649,6 +6654,9 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData,

if (authFailure || partialSuccess) {
ret = SendUserAuthFailure(ssh, partialSuccess);
if (ret == WS_SUCCESS && authRejected) {
ret = WS_USER_AUTH_E;
}
}
else if (ret == WS_SUCCESS) {
ssh->clientState = CLIENT_USERAUTH_DONE;
Expand Down Expand Up @@ -7421,7 +7429,7 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
word32 sigBlobSz = 0;
word32 begin;
int ret = WS_SUCCESS;
int authFailure = 0;
int authFailure = 0, authRejected = 0;
int partialSuccess = 0;
byte hasSig = 0;
byte pkTypeId = ID_NONE;
Expand Down Expand Up @@ -7589,6 +7597,7 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,
#ifndef NO_FAILURE_ON_REJECTED
authFailure = 1;
#endif
authRejected = 1;
ret = WS_USER_AUTH_E;
}
else {
Expand Down Expand Up @@ -7745,6 +7754,9 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData,

if (authFailure) {
ret = SendUserAuthFailure(ssh, 0);
if (ret == WS_SUCCESS && authRejected) {
ret = WS_USER_AUTH_E;
}
}
else if (partialSuccess && hasSig) {
ret = SendUserAuthFailure(ssh, 1);
Expand Down
Loading