Proposed Bug Fix: Sunset-user-auth-none-fix

[jubeormk1]

Find fix at src/conn.rs:L413-421

There was a problem at the user authentication step, since a None or Unknown method were not handled. That made the test at event::ServFirstAuth fail in any course of action:

• allow
• deny
• drop

In all those cases the runner expected having completed a an authentication method such as password or PubKey.

In the proposed fix this is handled by sending a failed request when a None or Unknown AuthMethod are received. That message will include the available authentication methods as it was already arranged in the library.

[mkj]

Specifics of auth handling should be in servauth.rs, not the dispatch loop here.

A "None" authmethod is allowed to return success - for example if you want to allow login without any password, and drop to some kind of restricted shell. The picow demo does that currently https://github.com/mkj/sunset/blob/main/embassy/demos/common/src/server.rs#L175

Is your code handling it the same way?

I will run a rustfmt pass over the repo - will make these diffs easier to read.

[mkj]

Ah I think I see the failure you mean, will figure what's going on.

[2025-05-29T10:49:46.394257879Z DEBUG sunset::runner] prev event ServEvent(FirstAuth)

thread 'main' panicked at src/runner.rs:652:9:
assertion failed: matches!(prev_event, DispatchEvent::ServEvent(ServEventId::PasswordAuth)) ||
    matches!(prev_event,
        DispatchEvent::ServEvent(ServEventId::PubkeyAuth { .. }))
stack backtrace:
...
   2: core::panicking::panic
             at /rustc/17067e9ac6d7ecb70e50f92c1944e545188d2359/library/core/src/panicking.rs:145:5
   3: sunset::runner::Runner::resume_servauth
             at /home/matt/own/sunset/src/runner.rs:652:9
   4: sunset::event::ServFirstAuth::allow
             at /home/matt/own/sunset/src/event.rs:416:9
   5: sunset_demo_embassy_common::server::ServerApp::handle_firstauth
             at /home/matt/own/sunset/embassy/demos/common/src/server.rs:164:20
   6: sunset_demo_embassy_common::server::ServerApp::handle_event

[jubeormk1]

As you will find out, you need that your prev_event is a password or a Public key auth event. However that is not the case on a None auth.

If you want to allow that, provided that the server is configured as no password required I suppose that you can have that checked. However that would be a global no password auth.

Would it be better to add a field to check each user valid authentication?

Do you have time to think about it or shall I give it a go?

Apologies for clippy formatting the file. Next time will be clearer.

[mkj]

I'm happy to have a look at it. I wonder if the debug assertion is spurious, will try and remember what the intent was.

[mkj]

I've made a change, FirstAuth should have been allowed by that assertion too. a622398
I guess I haven't tested non-release builds for a while! Does that fix the problem you see?

[jubeormk1]

Yes it does fix it. I will use the demo std to explore more the crate so thanks for that!