Partial Authentication success support

Andrew Grafham andrew.grafham at gmail.com
Fri Dec 16 11:39:43 CET 2022


Hi,

I've been having a look at adding support for partial authentication
success - so that we can use libssh2 to connect to a server that requires
both a private key and a password for authentication.This is documented in
RFC 4252, section 5.1 - currently as far as I can see libssh2 doesn't look
at the "partial success" value that gets returned by the server, and just
returns an error that authentication failed.

The way I've done it so far is that I've added a new error code that the
authentication methods can return to indicate that they were partially
successful, and set the last error to the string we get back from the
server, so the calling code knows which authentication method to call next
to continue authenticating.

(I found some discussion about this on this mailing list from 10 years ago
or so, under trac #204 and at the time it sounded like it was tricky to
configure a server in this way, whereas now it's supported by openssh's
"AuthenticationMethods" configuration parameter).

Also, currently my code only works on little endian systems  - does libssh2
support big endian systems? I've added code for parsing the message length
but I'm wondering if there's already code somewhere in the library that
handles this?

Is this something I could submit as a patch to libssh2 or would you prefer
a different design?

Thanks

Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.haxx.se/pipermail/libssh2-devel/attachments/20221216/882ddda2/attachment.htm>


More information about the libssh2-devel mailing list