Skip to content
Snippets Groups Projects
Commit 479c00be authored by Deucе's avatar Deucе :ok_hand_tone4:
Browse files

Fix issue when third SSH authentication attempt succeeds 

Because the session is activated on the *next* time through the
loop, if the third attempt to authenticate (including public key)
fails, it would leave the session inactive and fail to log in with
a confusing error about an obsolete cryptlib.

On success, decrement ssh_failed to ensure another pass through
the loop.

Also, add more debug logging around the auth so you can clearly
see each failure, and log client_socket each time so it's clearly
grouped.
parent 101247e5
Branches
Tags
No related merge requests found
Pipeline #6058 passed
Stage: build
Stage: test
Show whitespace changes
Inline Side-by-side
Showing
with 13 additions and 4 deletions
src/sbbs3/answer.cpp
+ 13
4
View file @ 479c00be
...@@ -270,12 +270,14 @@ bool sbbs_t::answer() ...@@ -270,12 +270,14 @@ bool sbbs_t::answer()
} }
else { else {
SetEvent(ssh_active); SetEvent(ssh_active);
lprintf(LOG_DEBUG, "%04d SSH SSH_ANYAUTH allowed presented credential", client_socket);
} }
} }
} }
else { else {
activate_ssh = true; activate_ssh = true;
SetEvent(ssh_active); SetEvent(ssh_active);
lprintf(LOG_DEBUG, "%04d SSH SSH_ANYAUTH allowed with no credential", client_socket);
} }
} }
else { else {
...@@ -309,7 +311,7 @@ bool sbbs_t::answer() ...@@ -309,7 +311,7 @@ bool sbbs_t::answer()
free_crypt_attrstr(pubkey); free_crypt_attrstr(pubkey);
pubkey = get_binary_crypt_attribute(ssh_session, CRYPT_SESSINFO_PUBLICKEY, &pubkeysz); pubkey = get_binary_crypt_attribute(ssh_session, CRYPT_SESSINFO_PUBLICKEY, &pubkeysz);
} }
lprintf(LOG_DEBUG,"SSH login: '%s'", rlogin_name); lprintf(LOG_DEBUG,"%04d SSH login: '%s'", client_socket, rlogin_name);
} }
else { else {
rlogin_name[0] = 0; rlogin_name[0] = 0;
...@@ -322,12 +324,19 @@ bool sbbs_t::answer() ...@@ -322,12 +324,19 @@ bool sbbs_t::answer()
if (check_pubkey(&cfg, useron.number, pubkey, pubkeysz)) { if (check_pubkey(&cfg, useron.number, pubkey, pubkeysz)) {
SAFECOPY(rlogin_pass, tmp); SAFECOPY(rlogin_pass, tmp);
activate_ssh = set_authresponse(true); activate_ssh = set_authresponse(true);
lprintf(LOG_DEBUG, "%04d SSH Public key authentication successful", client_socket);
ssh_failed--;
}
else {
lprintf(LOG_DEBUG, "%04d SSH Public key authentication failed", client_socket);
} }
} }
else { else {
if (stricmp(tmp, useron.pass) == 0) { if (stricmp(tmp, useron.pass) == 0) {
SAFECOPY(rlogin_pass, tmp); SAFECOPY(rlogin_pass, tmp);
activate_ssh = set_authresponse(true); activate_ssh = set_authresponse(true);
lprintf(LOG_DEBUG, "%04d SSH password authentication successful", client_socket);
ssh_failed--;
} }
else if(ssh_failed) { else if(ssh_failed) {
if(cfg.sys_misc&SM_ECHO_PW) if(cfg.sys_misc&SM_ECHO_PW)
...@@ -343,14 +352,14 @@ bool sbbs_t::answer() ...@@ -343,14 +352,14 @@ bool sbbs_t::answer()
} }
} }
else { else {
lprintf(LOG_NOTICE, "SSH failed to read user data for %s", rlogin_name); lprintf(LOG_NOTICE, "%04d SSH failed to read user data for %s", client_socket, rlogin_name);
} }
} }
else { else {
if(cfg.sys_misc&SM_ECHO_PW) if(cfg.sys_misc&SM_ECHO_PW)
lprintf(LOG_NOTICE, "SSH !UNKNOWN USER: '%s' (password: %s)", rlogin_name, truncsp(tmp)); lprintf(LOG_NOTICE, "%04d SSH !UNKNOWN USER: '%s' (password: %s)", client_socket, rlogin_name, truncsp(tmp));
else else
lprintf(LOG_NOTICE, "SSH !UNKNOWN USER: '%s'", rlogin_name); lprintf(LOG_NOTICE, "%04d SSH !UNKNOWN USER: '%s'", client_socket, rlogin_name);
badlogin(rlogin_name, tmp); badlogin(rlogin_name, tmp);
// Enable SSH so we can create a new user... // Enable SSH so we can create a new user...
activate_ssh = set_authresponse(true); activate_ssh = set_authresponse(true);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment