[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug in partial key authentication?


On Wednesday, 17 May 2017 22:14:53 CEST Jason Curl wrote:
> Hello,
> 
> I'm working on using libssh on Windows with .NET. I've compiled master using
> MSYS64 and it works quite well (based on the current HEAD on master).
> 
> I get a hang (in an arguably invalid situation), but as it's a hang and
> blocks forever, I think the library should really check if it's in a valid
> state and return an error instead of hanging for ever.
> 
> The pseudo code I'm doing is (it's in C# and would be too complicated
> otherwise)
> * ssh_pki_import_pubkey_file(filename, &pubkey) => returns success
> * ssh_userauth_none(m_Session, null) => returns denied (expected)
> * ssh_userauth_try_publickey(m_Session, null, publicKey) => returns SUCCESS
> 
> Now, normally I would have to call ssh_userauth_publickey(m_Session, null,
> privateKey) and the program works as expected (it connects), but if I don't,
> then:
> * ssh_channel_new(m_Session) => Returns a valid channel handle. I'd expect
> it to fail here instead of pass
> * ssh_channel_open_session(m_Channel) => Blocks forever
> 
> If ssh_userauth_try_publickey returns denied, then the above also fails and
> I get error codes as I'd expect. If I do the right thing and also call
> ssh_userauth_publickey then it also does the right thing.
> 
> So I can ensure my code does the right thing, my question is, shouldn't the
> above case not block anyway?

We already fixed some issues that the code is in the wrong state in the auth 
code. I think there are more cases missing and those should be fixed.

It should be easy to extend our test suite with the case you describe and fix 
it from their.

Could you write the code for it?

tests/client/torture_auth.c

Is what you are looking for.


Thanks,


	Andreas


-- 
Andreas Schneider                   GPG-ID: CC014E3D
www.cryptomilk.org                asn@xxxxxxxxxxxxxx

References:
Bug in partial key authentication?Jason Curl <jason@xxxxxxxxxxxxxxxxxxxxxxxx>
Archive administrator: postmaster@lists.cynapses.org