CVE-2018-10933: Introduce SSH_AUTH_STATE_PASSWORD_AUTH_SENT

The introduced auth state allows to identify when authentication using
password was tried.

Fixes T101

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

include/libssh/auth.h

@@ -80,6 +80,8 @@ enum ssh_auth_state_e {
   SSH_AUTH_STATE_PUBKEY_OFFER_SENT,
   /** We have sent pubkey and signature expecting to be authenticated */
   SSH_AUTH_STATE_PUBKEY_AUTH_SENT,
+  /** We have sent a password expecting to be authenticated */
+  SSH_AUTH_STATE_PASSWORD_AUTH_SENT,
 };
 
 /** @internal

src/auth.c

@@ -87,6 +87,7 @@ static int ssh_auth_response_termination(void *user) {
         case SSH_AUTH_STATE_GSSAPI_MIC_SENT:
         case SSH_AUTH_STATE_PUBKEY_AUTH_SENT:
         case SSH_AUTH_STATE_PUBKEY_OFFER_SENT:
+        case SSH_AUTH_STATE_PASSWORD_AUTH_SENT:
             return 0;
         default:
             return 1;
@@ -171,6 +172,7 @@ static int ssh_userauth_get_response(ssh_session session) {
         case SSH_AUTH_STATE_GSSAPI_MIC_SENT:
         case SSH_AUTH_STATE_PUBKEY_OFFER_SENT:
         case SSH_AUTH_STATE_PUBKEY_AUTH_SENT:
+        case SSH_AUTH_STATE_PASSWORD_AUTH_SENT:
         case SSH_AUTH_STATE_NONE:
             /* not reached */
             rc = SSH_AUTH_ERROR;
@@ -1268,7 +1270,7 @@ int ssh_userauth_password(ssh_session session,
     }
 
     session->auth.current_method = SSH_AUTH_METHOD_PASSWORD;
-    session->auth.state = SSH_AUTH_STATE_NONE;
+    session->auth.state = SSH_AUTH_STATE_PASSWORD_AUTH_SENT;
     session->pending_call_state = SSH_PENDING_CALL_AUTH_PASSWORD;
     rc = ssh_packet_send(session);
     if (rc == SSH_ERROR) {