Add support for keyboard-interactive auth using userAuthCb

devin-ai-integration[bot] · LinuxJedi · devin-ai-integration[bot] · commit 0927043b19c6 · 2025-05-14T09:54:52.000Z
Co-Authored-By: andrew@wolfssl.com &lt;andrew@wolfssl.com&gt;
diff --git a/src/internal.c b/src/internal.c
@@ -13349,8 +13349,31 @@ int SendUserAuthKeyboardRequest(WOLFSSH* ssh, WS_UserAuthData* authData)
     }
 
     if (ret == WS_SUCCESS) {
-        ret = ssh->ctx->keyboardAuthCb(&authData->sf.keyboard,
-                                       ssh->keyboardAuthCtx);
+        /* Set responseCount to 0 to indicate this is a prompt setup call */
+        authData->sf.keyboard.responseCount = 0;
+        
+        /* First try using userAuthCb if it's set */
+        if (ssh->ctx->userAuthCb != NULL) {
+            WLOG(WS_LOG_DEBUG, "SUAKR: Calling userAuthCb for prompt setup");
+            ret = ssh->ctx->userAuthCb(WOLFSSH_USERAUTH_KEYBOARD,
+                                      authData, ssh->userAuthCtx);
+            
+            /* If userAuthCb doesn't return SUCCESS_ANOTHER, fall back to keyboardAuthCb */
+            if (ret != WOLFSSH_USERAUTH_SUCCESS_ANOTHER) {
+                WLOG(WS_LOG_DEBUG, "SUAKR: userAuthCb didn't return SUCCESS_ANOTHER, falling back");
+                ret = ssh->ctx->keyboardAuthCb(&authData->sf.keyboard,
+                                             ssh->keyboardAuthCtx);
+            }
+            else {
+                WLOG(WS_LOG_DEBUG, "SUAKR: userAuthCb returned SUCCESS_ANOTHER, proceeding");
+                ret = WS_SUCCESS;
+            }
+        }
+        else {
+            /* Fall back to keyboardAuthCb if userAuthCb is not set */
+            ret = ssh->ctx->keyboardAuthCb(&authData->sf.keyboard,
+                                         ssh->keyboardAuthCtx);
+        }
     }
 
     if (authData->sf.keyboard.promptCount > 0 &&
diff --git a/wolfssh/ssh.h b/wolfssh/ssh.h
@@ -360,6 +360,13 @@ typedef struct WS_UserAuthData {
     } sf;
 } WS_UserAuthData;
 
+/* User Authentication callback
+ * For keyboard-interactive authentication:
+ * - When responseCount is 0, the callback is being called to set up prompts
+ *   Return WOLFSSH_USERAUTH_SUCCESS_ANOTHER to proceed with sending prompts
+ * - When responseCount > 0, the callback is being called to validate responses
+ *   Return WOLFSSH_USERAUTH_SUCCESS_ANOTHER to request more prompts
+ */
 typedef int (*WS_CallbackUserAuth)(byte, WS_UserAuthData*, void*);
 WOLFSSH_API void wolfSSH_SetUserAuth(WOLFSSH_CTX*, WS_CallbackUserAuth);
 typedef int (*WS_CallbackUserAuthTypes)(WOLFSSH* ssh, void* ctx);
