aboutsummaryrefslogtreecommitdiff
path: root/src/auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/auth.c')
-rw-r--r--src/auth.c44
1 files changed, 27 insertions, 17 deletions
diff --git a/src/auth.c b/src/auth.c
index 97b6a6e1..41b76aa6 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -85,6 +85,8 @@ static int ssh_auth_response_termination(void *user) {
case SSH_AUTH_STATE_GSSAPI_REQUEST_SENT:
case SSH_AUTH_STATE_GSSAPI_TOKEN:
case SSH_AUTH_STATE_GSSAPI_MIC_SENT:
+ case SSH_AUTH_STATE_PUBKEY_AUTH_SENT:
+ case SSH_AUTH_STATE_PUBKEY_OFFER_SENT:
return 0;
default:
return 1;
@@ -167,6 +169,8 @@ static int ssh_userauth_get_response(ssh_session session) {
case SSH_AUTH_STATE_GSSAPI_REQUEST_SENT:
case SSH_AUTH_STATE_GSSAPI_TOKEN:
case SSH_AUTH_STATE_GSSAPI_MIC_SENT:
+ case SSH_AUTH_STATE_PUBKEY_OFFER_SENT:
+ case SSH_AUTH_STATE_PUBKEY_AUTH_SENT:
case SSH_AUTH_STATE_NONE:
/* not reached */
rc = SSH_AUTH_ERROR;
@@ -312,24 +316,30 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_success) {
SSH_PACKET_CALLBACK(ssh_packet_userauth_pk_ok) {
int rc;
- SSH_LOG(SSH_LOG_TRACE, "Received SSH_USERAUTH_PK_OK/INFO_REQUEST/GSSAPI_RESPONSE");
-
- if (session->auth.state == SSH_AUTH_STATE_KBDINT_SENT) {
- /* Assuming we are in keyboard-interactive context */
SSH_LOG(SSH_LOG_TRACE,
- "keyboard-interactive context, assuming SSH_USERAUTH_INFO_REQUEST");
- rc = ssh_packet_userauth_info_request(session,type,packet,user);
+ "Received SSH_USERAUTH_PK_OK/INFO_REQUEST/GSSAPI_RESPONSE");
+
+ if (session->auth.state == SSH_AUTH_STATE_KBDINT_SENT) {
+ /* Assuming we are in keyboard-interactive context */
+ SSH_LOG(SSH_LOG_TRACE,
+ "keyboard-interactive context, "
+ "assuming SSH_USERAUTH_INFO_REQUEST");
+ rc = ssh_packet_userauth_info_request(session,type,packet,user);
#ifdef WITH_GSSAPI
- } else if (session->auth.state == SSH_AUTH_STATE_GSSAPI_REQUEST_SENT) {
- rc = ssh_packet_userauth_gssapi_response(session, type, packet, user);
+ } else if (session->auth.state == SSH_AUTH_STATE_GSSAPI_REQUEST_SENT) {
+ rc = ssh_packet_userauth_gssapi_response(session, type, packet, user);
#endif
- } else {
- session->auth.state = SSH_AUTH_STATE_PK_OK;
- SSH_LOG(SSH_LOG_TRACE, "Assuming SSH_USERAUTH_PK_OK");
- rc = SSH_PACKET_USED;
- }
+ } else if (session->auth.state == SSH_AUTH_STATE_PUBKEY_OFFER_SENT) {
+ session->auth.state = SSH_AUTH_STATE_PK_OK;
+ SSH_LOG(SSH_LOG_TRACE, "Assuming SSH_USERAUTH_PK_OK");
+ rc = SSH_PACKET_USED;
+ } else {
+ session->auth.state = SSH_AUTH_STATE_ERROR;
+ SSH_LOG(SSH_LOG_TRACE, "SSH_USERAUTH_PK_OK received in wrong state");
+ rc = SSH_PACKET_USED;
+ }
- return rc;
+ return rc;
}
/**
@@ -553,7 +563,7 @@ int ssh_userauth_try_publickey(ssh_session session,
ssh_string_free(pubkey_s);
session->auth.current_method = SSH_AUTH_METHOD_PUBLICKEY;
- session->auth.state = SSH_AUTH_STATE_NONE;
+ session->auth.state = SSH_AUTH_STATE_PUBKEY_OFFER_SENT;
session->pending_call_state = SSH_PENDING_CALL_AUTH_OFFER_PUBKEY;
rc = ssh_packet_send(session);
if (rc == SSH_ERROR) {
@@ -701,7 +711,7 @@ int ssh_userauth_publickey(ssh_session session,
}
session->auth.current_method = SSH_AUTH_METHOD_PUBLICKEY;
- session->auth.state = SSH_AUTH_STATE_NONE;
+ session->auth.state = SSH_AUTH_STATE_PUBKEY_AUTH_SENT;
session->pending_call_state = SSH_PENDING_CALL_AUTH_PUBKEY;
rc = ssh_packet_send(session);
if (rc == SSH_ERROR) {
@@ -797,7 +807,7 @@ static int ssh_userauth_agent_publickey(ssh_session session,
}
session->auth.current_method = SSH_AUTH_METHOD_PUBLICKEY;
- session->auth.state = SSH_AUTH_STATE_NONE;
+ session->auth.state = SSH_AUTH_STATE_PUBKEY_AUTH_SENT;
session->pending_call_state = SSH_PENDING_CALL_AUTH_AGENT;
rc = ssh_packet_send(session);
if (rc == SSH_ERROR) {