The Nest
Explore
60
Pure-Rust asynchronous SSH library, both client and server

#82 keyboard-interactive authentication breaks after returning Auth::Partial

Opened by w4 on June 25, 2023
w4 on June 25, 2023

There’s two branches where keyboard-interactive can be handled, the first iteration hits EncryptedState::WaitingAuthRequest(_) if buf[0] == msg::USERAUTH_REQUEST which works fine if you return an Auth::Accept or Auth::Reject, but if you return an Auth::Partial, future responses hit the EncryptedState::WaitingAuthRequest(ref mut auth) if buf[0] == msg::USERAUTH_INFO_RESPONSE case, which checks for the impossible condition if let EncryptedState::InitCompression = enc.state.

This check is fine in the first case, because there’s a call to enc.server_read_auth_request which ultimately mutates enc.state if Auth::Accept is returned from Handler::auth_keyboard_interactive. However, this mutation never happens in the second case, so we have to do the mutation ourselves.

w4 on June 25, 2023 
diff --git a/thrussh/src/server/encrypted.rs b/thrussh/src/server/encrypted.rs
index 95a6734..1b85f16 100644
--- a/thrussh/src/server/encrypted.rs
+++ b/thrussh/src/server/encrypted.rs
@@ -160,9 +160,8 @@ impl Session {
                 )
                 .await?
                 {
-                    if let EncryptedState::InitCompression = enc.state {
-                        enc.client_compression.init_decompress(&mut enc.decompress);
-                    }
+                    enc.state = EncryptedState::InitCompression;
+                    enc.client_compression.init_decompress(&mut enc.decompress);
                 }
                 Ok(self)
             }
pmeunier on June 25, 2023

Do you want to send a Pijul patch? We don’t take Git diffs here. If not, I can do it.

w4 on June 25, 2023

I was getting panics when trying to perform any repo-based commands using Pijul using both the version on crates.io and in nixpkgs relating to unsupported ciphers or something. Would appreciate if you could push it up. Thanks!

pmeunier on June 25, 2023

I would very much appreciate a bug report on Pijul as well. What did you do exactly? I’m not aware of any panic in Pijul in the last six months or so.

w4 on June 25, 2023

I’ve opened a discussion here: https://nest.pijul.com/pijul/pijul/discussions/811 - I just pulled the repo and attempted to make changes 🤷‍♂️