diff options
author | Alexander Golubev <[email protected]> | 2024-01-28 16:20:48 +0300 |
---|---|---|
committer | TDE Gitea <[email protected]> | 2024-03-04 11:04:11 +0000 |
commit | f8f0b8815ca821ad6764149a915122f8b2f0bf8b (patch) | |
tree | 04b2c6b537e7c48bf14d45e8df606babc5b41554 | |
parent | 21ce69f338efb0636e9eef0e7405825b5dd7c0b0 (diff) | |
download | tdebase-f8f0b8815ca821ad6764149a915122f8b2f0bf8b.tar.gz tdebase-f8f0b8815ca821ad6764149a915122f8b2f0bf8b.zip |
tdeioslave/sftp: prevent infinite looping in kb-interactive auth
Signed-off-by: Alexander Golubev <[email protected]>
-rw-r--r-- | tdeioslave/sftp/tdeio_sftp.cpp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/tdeioslave/sftp/tdeio_sftp.cpp b/tdeioslave/sftp/tdeio_sftp.cpp index 3fb611f58..39788cfd7 100644 --- a/tdeioslave/sftp/tdeio_sftp.cpp +++ b/tdeioslave/sftp/tdeio_sftp.cpp @@ -339,6 +339,8 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) { kdDebug(TDEIO_SFTP_DB) << "Entering keyboard interactive function" << endl; + bool retryDenied = false; // a flag to avoid infinite looping + while (1) { int n = 0; int i = 0; @@ -347,6 +349,11 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) { if (rc == SSH_AUTH_DENIED) { // do nothing kdDebug(TDEIO_SFTP_DB) << "kb-interactive auth was denied; retrying again" << endl; + if (retryDenied) { + continue; + } else { + break; + } } else if (rc != SSH_AUTH_INFO) { kdDebug(TDEIO_SFTP_DB) << "Finishing kb-interactive auth rc=" << rc << " ssh_err=" << ssh_get_error_code(mSession) @@ -360,6 +367,11 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) { instruction = TQString::fromUtf8(ssh_userauth_kbdint_getinstruction(mSession)); n = ssh_userauth_kbdint_getnprompts(mSession); + if (n>0) { + // If there is at least one prompt we will want to retry auth if we fail + retryDenied = true; + } + kdDebug(TDEIO_SFTP_DB) << "name=" << name << " instruction=" << instruction << " prompts:" << n << endl; |