Page MenuHomePhabricator

SSH_AUTH_PARTIAL not handled properly
Closed, ResolvedPublic

Description

It appears that SSH_AUTH_PARTIAL is not properly handled. This seems to be needed:

diff --git a/src/auth.c b/src/auth.c
index abfb594..9480552 100644
--- a/src/auth.c
+++ b/src/auth.c
@@ -846,6 +846,12 @@ int ssh_userauth_agent(ssh_session session,
                 ssh_agent_state_free (session->agent_state);
                 session->agent_state = NULL;
                 return rc;
+            } else if (rc == SSH_AUTH_PARTIAL) {
+                SSH_LOG(SSH_LOG_INFO,
+                        "Server accepted public key but requires more authentication");
+                ssh_agent_state_free (session->agent_state);
+                session->agent_state = NULL;
+                return SSH_AUTH_PARTIAL;
             } else if (rc != SSH_AUTH_SUCCESS) {
                 SSH_LOG(SSH_LOG_INFO,
                         "Server accepted public key but refused the signature");
@@ -943,7 +949,7 @@ int ssh_userauth_publickey_auto(ssh_session session,
 #ifndef _WIN32
         /* Try authentication with ssh-agent first */
         rc = ssh_userauth_agent(session, username);
-        if (rc == SSH_AUTH_SUCCESS || rc == SSH_AUTH_AGAIN) {
+        if (rc == SSH_AUTH_SUCCESS || rc == SSH_AUTH_AGAIN || rc == SSH_AUTH_PARTIAL) {
             return rc;
         }
 #endif

I'm afraid that after testing this out a bit, I'm not sure it's correct. I'm worried about freeing the state with SSH_AUTH_PARTIAL as I think we continue to use the state. I'm not really sure though.