Handle SSH_MSG_USERAUTH_FAILURE for password and kbd-int authentication
Neither libssh2_userauth_password_ex() nor libssh2_userauth_keyboard_interactive_ex() would return a login failure error if the server responded with a SSH_MSG_USERAUTH_FAILURE, instead you would see whatever previous error had occurred, typically LIBSSH2_ERROR_EAGAIN. This patch changes error code -18 to LIBSSH2_ERROR_AUTHENTICATION_FAILED and makes LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED an alias for LIBSSH2_ERROR_AUTHENTICATION_FAILED. In addition, new logic in userauth_password() properly handles SSH_MSG_USERAUTH_FAILURE and both this function and userauth_keyboard_interactive() now properly return LIBSSH2_ERROR_AUTHENTICATION_FAILED.
Этот коммит содержится в:
Dave McCaldon
Peter Stuge
родитель
7d71f92a9c
Коммит
8f102b8f56
@ -39,5 +39,7 @@ LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
|
|||||||
|
|
||||||
\fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket.
|
\fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket.
|
||||||
|
|
||||||
|
\fLIBSSH2_ERROR_AUTHENTICATION_FAILED\fP - failed, invalid username/password or public/private key.
|
||||||
|
|
||||||
.SH SEE ALSO
|
.SH SEE ALSO
|
||||||
.BR libssh2_session_init_ex(3)
|
.BR libssh2_session_init_ex(3)
|
||||||
|
|||||||
@ -46,5 +46,7 @@ LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
|
|||||||
|
|
||||||
\fILIBSSH2_ERROR_PASSWORD_EXPIRED\fP -
|
\fILIBSSH2_ERROR_PASSWORD_EXPIRED\fP -
|
||||||
|
|
||||||
|
\fLIBSSH2_ERROR_AUTHENTICATION_FAILED\fP - failed, invalid username/password or public/private key.
|
||||||
|
|
||||||
.SH SEE ALSO
|
.SH SEE ALSO
|
||||||
.BR libssh2_session_init_ex(3)
|
.BR libssh2_session_init_ex(3)
|
||||||
|
|||||||
@ -40,7 +40,7 @@ LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se.
|
|||||||
|
|
||||||
\fILIBSSH2_ERROR_SOCKET_TIMEOUT\fP -
|
\fILIBSSH2_ERROR_SOCKET_TIMEOUT\fP -
|
||||||
|
|
||||||
\fILIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED\fP - >The username/public key
|
\fILIBSSH2_ERROR_AUTHENTICATION_FAILED\fP - >The username/public key
|
||||||
combination was invalid.
|
combination was invalid.
|
||||||
|
|
||||||
\fILIBSSH2_ERROR_PUBLICKEY_UNVERIFIED\fP - The username/public key
|
\fILIBSSH2_ERROR_PUBLICKEY_UNVERIFIED\fP - The username/public key
|
||||||
|
|||||||
@ -341,7 +341,8 @@ typedef struct _LIBSSH2_POLLFD {
|
|||||||
#define LIBSSH2_ERROR_PASSWORD_EXPIRED -15
|
#define LIBSSH2_ERROR_PASSWORD_EXPIRED -15
|
||||||
#define LIBSSH2_ERROR_FILE -16
|
#define LIBSSH2_ERROR_FILE -16
|
||||||
#define LIBSSH2_ERROR_METHOD_NONE -17
|
#define LIBSSH2_ERROR_METHOD_NONE -17
|
||||||
#define LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED -18
|
#define LIBSSH2_ERROR_AUTHENTICATION_FAILED -18
|
||||||
|
#define LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED LIBSSH2_ERROR_AUTHENTICATION_FAILED
|
||||||
#define LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED -19
|
#define LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED -19
|
||||||
#define LIBSSH2_ERROR_CHANNEL_OUTOFORDER -20
|
#define LIBSSH2_ERROR_CHANNEL_OUTOFORDER -20
|
||||||
#define LIBSSH2_ERROR_CHANNEL_FAILURE -21
|
#define LIBSSH2_ERROR_CHANNEL_FAILURE -21
|
||||||
|
|||||||
@ -310,6 +310,17 @@ userauth_password(LIBSSH2_SESSION *session, const char *username,
|
|||||||
session->state |= LIBSSH2_STATE_AUTHENTICATED;
|
session->state |= LIBSSH2_STATE_AUTHENTICATED;
|
||||||
session->userauth_pswd_state = libssh2_NB_state_idle;
|
session->userauth_pswd_state = libssh2_NB_state_idle;
|
||||||
return 0;
|
return 0;
|
||||||
|
} else if (session->userauth_pswd_data[0] == SSH_MSG_USERAUTH_FAILURE) {
|
||||||
|
_libssh2_debug(session, LIBSSH2_TRACE_AUTH,
|
||||||
|
"Password authentication failed");
|
||||||
|
LIBSSH2_FREE(session, session->userauth_pswd_data);
|
||||||
|
session->userauth_pswd_data = NULL;
|
||||||
|
session->userauth_pswd_state = libssh2_NB_state_idle;
|
||||||
|
libssh2_error(session,
|
||||||
|
LIBSSH2_ERROR_AUTHENTICATION_FAILED,
|
||||||
|
"Authentication failed (username/password)",
|
||||||
|
0);
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
session->userauth_pswd_newpw = NULL;
|
session->userauth_pswd_newpw = NULL;
|
||||||
@ -1100,7 +1111,7 @@ userauth_publickey(LIBSSH2_SESSION *session,
|
|||||||
session->userauth_pblc_packet = NULL;
|
session->userauth_pblc_packet = NULL;
|
||||||
LIBSSH2_FREE(session, session->userauth_pblc_method);
|
LIBSSH2_FREE(session, session->userauth_pblc_method);
|
||||||
session->userauth_pblc_method = NULL;
|
session->userauth_pblc_method = NULL;
|
||||||
libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED,
|
libssh2_error(session, LIBSSH2_ERROR_AUTHENTICATION_FAILED,
|
||||||
"Username/PublicKey combination invalid", 0);
|
"Username/PublicKey combination invalid", 0);
|
||||||
session->userauth_pblc_state = libssh2_NB_state_idle;
|
session->userauth_pblc_state = libssh2_NB_state_idle;
|
||||||
return -1;
|
return -1;
|
||||||
@ -1473,9 +1484,15 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (session->userauth_kybd_data[0] == SSH_MSG_USERAUTH_FAILURE) {
|
if (session->userauth_kybd_data[0] == SSH_MSG_USERAUTH_FAILURE) {
|
||||||
|
_libssh2_debug(session, LIBSSH2_TRACE_AUTH,
|
||||||
|
"Keyboard-interactive authentication failed");
|
||||||
LIBSSH2_FREE(session, session->userauth_kybd_data);
|
LIBSSH2_FREE(session, session->userauth_kybd_data);
|
||||||
session->userauth_kybd_data = NULL;
|
session->userauth_kybd_data = NULL;
|
||||||
session->userauth_kybd_state = libssh2_NB_state_idle;
|
session->userauth_kybd_state = libssh2_NB_state_idle;
|
||||||
|
libssh2_error(session,
|
||||||
|
LIBSSH2_ERROR_AUTHENTICATION_FAILED,
|
||||||
|
"Authentication failed (keyboard-interactive)",
|
||||||
|
0);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Загрузка…
x
Ссылка в новой задаче
Block a user