Skip to content

Add support for keyboard-interactive auth via userAuthCb #803

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
devin-ai-integration wants to merge 6 commits into from
Closed

Add support for keyboard-interactive auth via userAuthCb #803

devin-ai-integration wants to merge 6 commits into from

Conversation

@devin-ai-integration
Copy link
Contributor

@devin-ai-integration devin-ai-integration bot commented May 14, 2025

Add support for keyboard-interactive auth via userAuthCb

This PR adds support for keyboard-interactive authentication using the userAuthCb callback, while preserving backward compatibility with the existing wolfSSH_SetKeyboardAuthPrompts method.

Changes

  1. Modified the SendUserAuthKeyboardRequest function to:

    • Set responseCount to 0 when calling userAuthCb for prompt setup
    • Check for WOLFSSH_USERAUTH_SUCCESS_ANOTHER return value to proceed with sending prompts
    • Fall back to the existing keyboardAuthCb method if userAuthCb is not set or doesn't return SUCCESS_ANOTHER

  2. Added documentation to wolfssh/ssh.h explaining the new keyboard-interactive authentication flow

  3. Created tests in tests/auth.c to verify both authentication methods:

    • Added a useUserAuthCb flag to control which authentication method to test
    • Created test functions to verify basic and multi-round authentication via userAuthCb
    • Modified the server setup to conditionally use either authentication method

How It Works

When a keyboard-interactive authentication request is received:

  1. The userAuthCb is called with responseCount set to 0
  2. If the callback returns WOLFSSH_USERAUTH_SUCCESS_ANOTHER, the code proceeds with sending prompts
  3. If the callback returns any other value or is not set, it falls back to the existing keyboardAuthCb method

This implementation preserves backward compatibility while adding the requested functionality.

Testing

Added tests to verify both authentication methods work correctly.

Link to Devin run: https://app.devin.ai/sessions/55433dc32bf946d397bcc854e1cbf66f
Requested by: andrew@wolfssl.com

devin-ai-integration bot and others added 2 commits May 14, 2025 09:54
@devin-ai-integration @LinuxJedi
Add support for keyboard-interactive auth using userAuthCb
0927043 
Co-Authored-By: andrew@wolfssl.com <andrew@wolfssl.com>
@devin-ai-integration @LinuxJedi
Add tests for keyboard-interactive auth via userAuthCb
45b6ef7 
Co-Authored-By: andrew@wolfssl.com <andrew@wolfssl.com>
@devin-ai-integration
Copy link
Contributor Author

devin-ai-integration bot commented May 14, 2025

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

@wolfSSL-Bot
Copy link

wolfSSL-Bot commented May 14, 2025

Can one of the admins verify this patch?

devin-ai-integration bot and others added 4 commits May 14, 2025 10:16
@devin-ai-integration @LinuxJedi
Fix endless loop in keyboard-interactive auth test
4cc1aa5 
Co-Authored-By: andrew@wolfssl.com <andrew@wolfssl.com>
@devin-ai-integration @LinuxJedi
Fix handling of empty prompts in keyboard-interactive auth test
727a0c8 
Co-Authored-By: andrew@wolfssl.com <andrew@wolfssl.com>
@devin-ai-integration @LinuxJedi
Add clarifying comment for empty prompts handling
63db9f1 
Co-Authored-By: andrew@wolfssl.com <andrew@wolfssl.com>
@devin-ai-integration @LinuxJedi
Fix memory management in serverKeyboardCallback for empty prompts
c5c52ee 
Co-Authored-By: andrew@wolfssl.com <andrew@wolfssl.com>
@LinuxJedi LinuxJedi closed this May 14, 2025
@ejohnstown ejohnstown deleted the devin/1747216582-keyboard-interactive-auth branch June 12, 2025 18:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wolfSSL-Bot @LinuxJedi