server: fix pubkey reply for key probes

Per RFC 4252, it is required to send back only one of either
SSH_MSG_USERAUTH_PK_OK or SSH_MSG_USERAUTH_FAILURE for public
key probes.

Update the handling of 'auth_pubkey_function' to send back PK_OK
instead of SSH_MSG_USERAUTH_SUCCESS for the case that the state
of the message at hand is SSH_PUBLICKEY_STATE_NONE.

With this change, it is now possible to process an initial key probe
and then subsequent signature validation using the server callbacks.

Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

1 files changed, 9 insertions, 1 deletions

diff --git a/src/messages.c b/src/messages.c
index 73f39974..c8e0e094 100644
--- a/src/messages.c
+++ b/src/messages.c
@@ -120,10 +120,18 @@ static int ssh_execute_server_request(ssh_session session, ssh_message msg)
                        msg->auth_request.username, msg->auth_request.pubkey,
                        msg->auth_request.signature_state,
                        session->server_callbacks->userdata);
-               if (rc == SSH_AUTH_SUCCESS || rc == SSH_AUTH_PARTIAL){
+               if (msg->auth_request.signature_state != SSH_PUBLICKEY_STATE_NONE) {
+                 if (rc == SSH_AUTH_SUCCESS || rc == SSH_AUTH_PARTIAL) {
                    ssh_message_auth_reply_success(msg, rc == SSH_AUTH_PARTIAL);
+                 } else {
+                   ssh_message_reply_default(msg);
+                 }
                } else {
+                 if (rc == SSH_AUTH_SUCCESS) {
+                   ssh_message_auth_reply_pk_ok_simple(msg);
+                 } else {
                    ssh_message_reply_default(msg);
+                 }
                }
 
                return SSH_OK;