Update interactive callback.

bhart3 · bhart3 · commit 1bb7cdb55122 · 2018-07-02T15:03:30.000-05:00
diff --git a/src/session_p.h b/src/session_p.h
@@ -174,7 +174,7 @@ struct nc_server_opts {
     void *pubkey_auth_data;
     void (*pubkey_auth_data_free)(void *data);
 
-    int (*interactive_auth_clb)(const struct nc_session *session, const char* password,void *user_data);
+    int (*interactive_auth_clb)(const struct nc_session *session, ssh_message msg, void *user_data);
     void *interactive_auth_data;
     void (*interactive_auth_data_free)(void *data);
 #endif
diff --git a/src/session_server.h b/src/session_server.h
@@ -521,7 +521,7 @@ void nc_server_ssh_set_passwd_auth_clb(int (*passwd_auth_clb)(const struct nc_se
  * @param[in] user_data Optional arbitrary user data that will be passed to \p passwd_auth_clb.
  * @param[in] free_user_data Optional callback that will be called during cleanup to free any \p user_data.
  */
-void ncserver_ssh_set_interactive_auth_clb(int (*interactive_auth_clb)(const struct nc_session *session, const char *password,
+void ncserver_ssh_set_interactive_auth_clb(int (*interactive_auth_clb)(const struct ssh_message msg, const char *password,
                                                               void *user_data),
                                            void *user_data, void (*free_user_data)(void *user_data));
 
diff --git a/src/session_server_ssh.c b/src/session_server_ssh.c
@@ -142,6 +142,25 @@ nc_server_ssh_set_passwd_auth_clb(int (*passwd_auth_clb)(const struct nc_session
     server_opts.passwd_auth_data_free = free_user_data;
 }
 
+API void
+nc_server_ssh_set_interactive_auth_clb(int (*interactive_auth_clb)(const struct nc_session *session, ssh_message msg, void *user_data),
+                                  void *user_data, void (*free_user_data)(void *user_data))
+{
+    server_opts.interactive_auth_clb = interactive_auth_clb;
+    server_opts.interactive_auth_data = user_data;
+    server_opts.interactive_auth_data_free = free_user_data;
+}
+ 
+API void
+nc_server_ssh_set_pubkey_auth_clb(int (*pubkey_auth_clb)(const struct nc_session *session, ssh_key key, void *user_data),
+                                  void *user_data, void (*free_user_data)(void *user_data))
+{
+    server_opts.pubkey_auth_clb = pubkey_auth_clb;
+    server_opts.pubkey_auth_data = user_data;
+    server_opts.pubkey_auth_data_free = free_user_data;
+}
+
+
 API int
 nc_server_ssh_ch_client_add_hostkey(const char *client_name, const char *name, int16_t idx)
 {
@@ -822,41 +841,37 @@ nc_sshcb_auth_kbdint(struct nc_session *session, ssh_message msg)
 {
     int auth_ret = 1;
     char *pass_hash;
-    // Print message for interactive SSH
-    if (!ssh_message_auth_kbdint_is_response(msg)) {
-        const char *prompts[] = {"Password: "};
-        char echo[] = {0};
 
-        ssh_message_auth_interactive_request(msg, "Interactive SSH Authentication", "Type your password:", 1, prompts, echo);
+    if (server_opts.interactive_auth_clb) {
+        auth_ret = server_opts.interactive_auth_clb(session, msg, server_opts.interactive_auth_clb);  
     } else {
-        if (ssh_userauth_kbdint_getnanswers(session->ti.libssh.session) != 1) {// failed session
-            ssh_message_reply_default(msg);
-            return;
-        }
-        // Check the authentication type
-        if (server_opts.interactive_auth_clb)
-        {
-            auth_ret = server_opts.interactive_auth_clb(session, ssh_message_auth_password(msg), server_opts.interactive_auth_clb);  
-        }
-        else {
+        if (!ssh_message_auth_kbdint_is_response(msg)) {
+            const char *prompts[] = {"Password: "};
+            char echo[] = {0};
+
+            ssh_message_auth_interactive_request(msg, "Interactive SSH Authentication", "Type your password:", 1, prompts, echo);
+        } else {
+            if (ssh_userauth_kbdint_getnanswers(session->ti.libssh.session) != 1) {// failed session
+                ssh_message_reply_default(msg);
+                return;
+            }
             pass_hash = auth_password_get_pwd_hash(session->username);// get hashed password
             if (pass_hash) {
                 auth_ret = auth_password_compare_pwd(pass_hash, ssh_userauth_kbdint_getanswer(session->ti.libssh.session, 0));
                 free(pass_hash);// free hashed password
             }
         }
-        // Authenticate message based on outcome
-        if (!auth_ret)
-        {
-            session->flags |= NC_SESSION_SSH_AUTHENTICATED;
-            VRB("User \"%s\" authenticated.", session->username);
-            ssh_message_auth_reply_success(msg, 0);
-        }
-        else {
-            ++session->opts.server.ssh_auth_attempts;
-            VRB("Failed user \"%s\" authentication attempt (#%d).", session->username, session->opts.server.ssh_auth_attempts);
-            ssh_message_reply_default(msg);
-        }
+    }
+
+    /* Authenticate message based on outcome */
+    if (!auth_ret) {
+        session->flags |= NC_SESSION_SSH_AUTHENTICATED;
+        VRB("User \"%s\" authenticated.", session->username);
+        ssh_message_auth_reply_success(msg, 0);
+    } else {
+        ++session->opts.server.ssh_auth_attempts;
+        VRB("Failed user \"%s\" authentication attempt (#%d).", session->username, session->opts.server.ssh_auth_attempts);
+        ssh_message_reply_default(msg);
     }
 }
 
