#162: libssh2_userauth_password() returns undocument value
------------------------------------------------------------------------------------------------+
Reporter: www.google.com/accounts/o8/id?id=AItOawmzs-3wPv9jSuaL5w4D_yhF_mGYz_Zks6c | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: API | Version: 1.2.4
Keywords: libssh2_userauth_password, libssh2_userauth_password_ex, LIBSSH2_ERROR_SOCKET_NONE | Blocking:
Blockedby: |
------------------------------------------------------------------------------------------------+
I think this is a bug.
when I run the code below (the variable `password' is a wrong password and
`username' is not empty), it outputs "1 - Authentication by password
failed, rc = -1." this means libssh2_userauth_password() returns
LIBSSH2_ERROR_SOCKET_NONE when authentication failed. But,
LIBSSH2_ERROR_SOCKET_NONE is undocument on page
http://www.libssh2.org/libssh2_userauth_password_ex.html ( there is
another error on "Return Value" section on this page ):
{{{
LIBSSH2_ERROR_PASSWORD_EXPIRED -
fLIBSSH2_ERROR_AUTHENTICATION_FAILED - failed, invalid username/password
or public/private key.
}}}
Below is the code ( I modified it from the example ssh2_exec.c )
{{{
if ( password != 0 ) { // the password can be empty
/* We could authenticate via password */
while ((rc = libssh2_userauth_password(session, username,
password)) ==
LIBSSH2_ERROR_EAGAIN);
if ( ( rc == LIBSSH2_ERROR_PASSWORD_EXPIRED || rc ==
LIBSSH2_ERROR_AUTHENTICATION_FAILED ) && ( another_password != 0 ) ) {
// try another password
while ((rc = libssh2_userauth_password(session, username,
another_password)) ==
LIBSSH2_ERROR_EAGAIN);
if ( rc != 0 ) {
// really failed !
fprintf(stderr, "2 - Authentication by password
failed.\n");
goto shutdown;
}
} else if ( rc != 0 ) {
// other error
fprintf(stderr, "1 - Authentication by password failed, rc =
%d.\n", rc);
goto shutdown;
}
}
}}}
Now I change the code above to below. When I run the code below with
'password' is a wrong password, and 'another_password' is a correct
password, it can run as I wish: when the first password authenticates
failed, the second password can authenticates success.
Because the bug is still there, so, when the second password is a wrong
password, 'libssh2_userauth_password(session, username, another_password)'
returns -1 (LIBSSH2_ERROR_SOCKET_NONE) again.
{{{
if ( password != 0 ) { // the password can be empty
/* We could authenticate via password */
while ((rc = libssh2_userauth_password(session, username,
password)) ==
LIBSSH2_ERROR_EAGAIN);
if ( rc < 0 /* undocument errors may occurs here */ ) {
if ( another_password != 0 ) {
// try another password
while ((rc = libssh2_userauth_password(session, username,
another_password)) ==
LIBSSH2_ERROR_EAGAIN);
if ( rc < 0 ) {
// really failed !
fprintf(stderr, "2 - Authentication by password
failed, return code: %d.\n", rc);
goto shutdown;
}
} else {
fprintf(stderr, "1 - Authentication by password failed,
return code: %d.\n", rc);
goto shutdown;
}
}
}
}}}
I'm sorry for my English.
-- Ticket URL: <http://libssh2.stuge.se/ticket/162> libssh2 <http://libssh2.stuge.se/> C library for writing portable SSH2 clients _______________________________________________ libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-develReceived on 2010-02-24