From 33ecaaac01eff3580d4f2832e541d520d9e116bb Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Mon, 2 May 2016 12:18:06 +0200
Subject: [PATCH] auth1: Fix non-blocking SSHv1 auth

BUG: https://red.libssh.org/issues/232

Thanks to Fengyu Gao.

TODO: Add SSHv1 tests to our testsuite.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/auth1.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/auth1.c b/src/auth1.c
index b61f654b..a9fe58e2 100644
--- a/src/auth1.c
+++ b/src/auth1.c
@@ -23,6 +23,7 @@
 
 #include "config.h"
 
+#include <errno.h>
 #include <string.h>
 #include <stdlib.h>
 
@@ -117,6 +118,7 @@ static int send_username(ssh_session session, const char *username) {
   if (ssh_packet_send(session) == SSH_ERROR) {
     return SSH_AUTH_ERROR;
   }
+  return SSH_AUTH_AGAIN;
 pending:
   rc = wait_auth1_status(session);
   switch (rc){
@@ -161,12 +163,14 @@ int ssh_userauth1_password(ssh_session session, const char *username,
   ssh_string pwd = NULL;
   int rc;
 
+  if (session->pending_call_state == SSH_PENDING_CALL_AUTH_PASSWORD) {
+      goto pending;
+  }
+
   rc = send_username(session, username);
   if (rc != SSH_AUTH_DENIED) {
     return rc;
   }
-  if (session->pending_call_state == SSH_PENDING_CALL_AUTH_PASSWORD)
-      goto pending;
   /* we trick a bit here. A known flaw in SSH1 protocol is that it's
    * easy to guess password sizes.
    * not that sure ...
@@ -219,8 +223,11 @@ int ssh_userauth1_password(ssh_session session, const char *username,
   }
 pending:
   rc = wait_auth1_status(session);
-  if (rc != SSH_AUTH_AGAIN)
-      session->pending_call_state = SSH_PENDING_CALL_NONE;
+  if (rc == SSH_AUTH_ERROR && errno == EAGAIN) {
+    /* Nothing to do */
+  } else if (rc != SSH_AUTH_AGAIN) {
+    session->pending_call_state = SSH_PENDING_CALL_NONE;
+  }
 
   return rc;
 }