From 7ecabb25eb0eb94058d8921deeefe2996a6cad2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20S=C3=B6ntgen?= <josef.soentgen@genode-labs.com>
Date: Mon, 6 Jan 2020 11:02:18 +0100
Subject: [PATCH] ssh_terminal: address ambigouity of return values

Replace return values with appropiate bool and document two-staged
publickey authentication. This fixes a bug where wrong authentication
attempts are not properly denied.

Issue #3590.
---
 repos/gems/src/server/ssh_terminal/server.cc | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/repos/gems/src/server/ssh_terminal/server.cc b/repos/gems/src/server/ssh_terminal/server.cc
index 8e3291b87..4b8976ec8 100644
--- a/repos/gems/src/server/ssh_terminal/server.cc
+++ b/repos/gems/src/server/ssh_terminal/server.cc
@@ -545,10 +545,23 @@ bool Ssh::Server::auth_pubkey(ssh_session s, char const *u,
 	}
 	Session &session = *p;
 
+	/*
+	 * In this first state the given pubkey is solely probed.
+	 * Ideally we would check here if the given pubkey is in fact to the
+	 * configured one, i.e., reading a 'authorized_keys' like file and
+	 * check its entries.
+	 *
+	 * For now we simple accept all keys and reject them in the later
+	 * state.
+	 */
 	if (signature_state == SSH_PUBLICKEY_STATE_NONE) {
-		return SSH_AUTH_PARTIAL;
+		return true;
 	}
 
+	/*
+	 * In this second state we check the provided pubkey and if it
+	 * matches allow authentication to proceed.
+	 */
 	if (signature_state == SSH_PUBLICKEY_STATE_VALID) {
 		Genode::Lock::Guard g(_logins.lock());
 		Login const *l = _logins.lookup(u);
@@ -558,13 +571,13 @@ bool Ssh::Server::auth_pubkey(ssh_session s, char const *u,
 				session.auth_sucessful = true;
 				session.adopt(l->user);
 				_log_login(l->user, session, true);
-				return SSH_AUTH_SUCCESS;
+				return true;
 			}
 		}
 	}
 
 	_log_failed(u, session, true);
-	return SSH_AUTH_DENIED;
+	return false;
 }