diff options
author | Andreas Schneider <asn@cryptomilk.org> | 2016-05-02 12:18:06 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2016-05-02 12:19:00 +0200 |
commit | 33ecaaac01eff3580d4f2832e541d520d9e116bb (patch) | |
tree | f8d21b55ebfff863b716e5fb5bd51a26a27a9ed2 /src/auth1.c | |
parent | 3c69092cded3a12b4d589bd39302a1aaa36179d6 (diff) | |
download | libssh-33ecaaac01eff3580d4f2832e541d520d9e116bb.tar.gz libssh-33ecaaac01eff3580d4f2832e541d520d9e116bb.tar.xz libssh-33ecaaac01eff3580d4f2832e541d520d9e116bb.zip |
auth1: Fix non-blocking SSHv1 auth
BUG: https://red.libssh.org/issues/232
Thanks to Fengyu Gao.
TODO: Add SSHv1 tests to our testsuite.
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Diffstat (limited to 'src/auth1.c')
-rw-r--r-- | src/auth1.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/src/auth1.c b/src/auth1.c index b61f654b..a9fe58e2 100644 --- a/src/auth1.c +++ b/src/auth1.c @@ -23,6 +23,7 @@ #include "config.h" +#include <errno.h> #include <string.h> #include <stdlib.h> @@ -117,6 +118,7 @@ static int send_username(ssh_session session, const char *username) { if (ssh_packet_send(session) == SSH_ERROR) { return SSH_AUTH_ERROR; } + return SSH_AUTH_AGAIN; pending: rc = wait_auth1_status(session); switch (rc){ @@ -161,12 +163,14 @@ int ssh_userauth1_password(ssh_session session, const char *username, ssh_string pwd = NULL; int rc; + if (session->pending_call_state == SSH_PENDING_CALL_AUTH_PASSWORD) { + goto pending; + } + rc = send_username(session, username); if (rc != SSH_AUTH_DENIED) { return rc; } - if (session->pending_call_state == SSH_PENDING_CALL_AUTH_PASSWORD) - goto pending; /* we trick a bit here. A known flaw in SSH1 protocol is that it's * easy to guess password sizes. * not that sure ... @@ -219,8 +223,11 @@ int ssh_userauth1_password(ssh_session session, const char *username, } pending: rc = wait_auth1_status(session); - if (rc != SSH_AUTH_AGAIN) - session->pending_call_state = SSH_PENDING_CALL_NONE; + if (rc == SSH_AUTH_ERROR && errno == EAGAIN) { + /* Nothing to do */ + } else if (rc != SSH_AUTH_AGAIN) { + session->pending_call_state = SSH_PENDING_CALL_NONE; + } return rc; } |