From b2c23288a2b5bb3e0e3a5b2640ad0573c6eef0f8 Mon Sep 17 00:00:00 2001 From: Timo Kokkonen Date: Mon, 25 Aug 2025 00:06:23 -0700 Subject: [PATCH] Fix handling of WOLFSSH_USERAUTH_REJECTED result from authentication callback when NO_FAILURE_ON_REJECTED compile time option is not used. --- src/internal.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/src/internal.c b/src/internal.c index 63f0e1af7..a8de40da1 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6517,9 +6517,12 @@ static int DoUserAuthInfoResponse(WOLFSSH* ssh, else if (ret == WOLFSSH_USERAUTH_REJECTED) { WLOG(WS_LOG_DEBUG, "DUARKB: keyboard rejected"); #ifndef NO_FAILURE_ON_REJECTED - authFailure = 1; - #endif + ret = SendUserAuthFailure(ssh, 0); + if (ret == WS_SUCCESS) + ret = WS_USER_AUTH_E; + #else ret = WS_USER_AUTH_E; + #endif } else if (ret == WOLFSSH_USERAUTH_WOULD_BLOCK) { WLOG(WS_LOG_DEBUG, "DUARKB: keyboard callback would block"); @@ -6624,9 +6627,12 @@ static int DoUserAuthRequestPassword(WOLFSSH* ssh, WS_UserAuthData* authData, else if (ret == WOLFSSH_USERAUTH_REJECTED) { WLOG(WS_LOG_DEBUG, "DUARPW: password rejected"); #ifndef NO_FAILURE_ON_REJECTED - authFailure = 1; - #endif + ret = SendUserAuthFailure(ssh, 0); + if (ret == WS_SUCCESS) + ret = WS_USER_AUTH_E; + #else ret = WS_USER_AUTH_E; + #endif } else if (ret == WOLFSSH_USERAUTH_WOULD_BLOCK) { WLOG(WS_LOG_DEBUG, "DUARPW: userauth callback would block"); @@ -7587,9 +7593,12 @@ static int DoUserAuthRequestPublicKey(WOLFSSH* ssh, WS_UserAuthData* authData, } else if (ret == WOLFSSH_USERAUTH_REJECTED) { #ifndef NO_FAILURE_ON_REJECTED - authFailure = 1; - #endif + ret = SendUserAuthFailure(ssh, 0); + if (ret == WS_SUCCESS) + ret = WS_USER_AUTH_E; + #else ret = WS_USER_AUTH_E; + #endif } else { if (ret == WOLFSSH_USERAUTH_PARTIAL_SUCCESS) {