summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Golubev <[email protected]>2024-01-28 23:25:58 +0300
committerTDE Gitea <[email protected]>2024-03-04 11:04:11 +0000
commitee73349644fdf2a3a2ac122d7f930f84b00bcdba (patch)
treee111996e3d3497fc68c4d09c3eb1d1d28fae3cec
parentf8f0b8815ca821ad6764149a915122f8b2f0bf8b (diff)
downloadtdebase-ee73349644fdf2a3a2ac122d7f930f84b00bcdba.tar.gz
tdebase-ee73349644fdf2a3a2ac122d7f930f84b00bcdba.zip
tdeioslave/sftp: cache passwords in case they were passed to setHost()
Signed-off-by: Alexander Golubev <[email protected]>
-rw-r--r--tdeioslave/sftp/tdeio_sftp.cpp30
1 files changed, 23 insertions, 7 deletions
diff --git a/tdeioslave/sftp/tdeio_sftp.cpp b/tdeioslave/sftp/tdeio_sftp.cpp
index 39788cfd7..c31708e35 100644
--- a/tdeioslave/sftp/tdeio_sftp.cpp
+++ b/tdeioslave/sftp/tdeio_sftp.cpp
@@ -341,6 +341,9 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) {
bool retryDenied = false; // a flag to avoid infinite looping
+ TQString cachablePassword;
+ PasswordPurger cachePurger(cachablePassword);
+
while (1) {
int n = 0;
int i = 0;
@@ -407,6 +410,7 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) {
if (noPaswordQuery) { // if we have a cached password we might use it
kdDebug(TDEIO_SFTP_DB) << "Using cached password" << endl;
answer = mPassword;
+ cachablePassword = mPassword;
purgeString(mPassword); // if we used up password purge it
} else {
infoKbdInt.prompt = i18n("Please enter your password.");
@@ -485,6 +489,15 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) {
} // for each ssh_userauth_kbdint_getprompt()
} // while (1)
+ if (!mPasswordWasPrompted && !cachablePassword.isEmpty() && (rc == SSH_AUTH_SUCCESS || rc == SSH_AUTH_PARTIAL)) {
+ // if the password was never prompted, it was never cached, so we should cache it manually
+ TDEIO::AuthInfo info = authInfo();
+ info.password = cachablePassword;
+ info.keepPassword = false;
+ cacheAuthentication(info);
+ purgeString(info.password);
+ }
+
return rc;
}
@@ -495,15 +508,14 @@ int sftpProtocol::authenticatePassword(bool noPaswordQuery) {
info.keepPassword = true;
info.prompt = i18n("Please enter your username and password.");
+ PasswordPurger pPurger(info.password);
+
int rc;
do {
TQString errMsg;
- TQString password;
-
- PasswordPurger pPurger(password);
if(noPaswordQuery) { // on the first try use cached password
- password = mPassword;
+ info.password = mPassword;
purgeString(mPassword);
} else {
if (mPasswordWasPrompted) {
@@ -518,8 +530,6 @@ int sftpProtocol::authenticatePassword(bool noPaswordQuery) {
return sftpProtocol::SSH_AUTH_CANCELED;
}
- password = info.password;
-
TQString sshUser=sshUsername();
if (info.username != sshUser) {
kdDebug(TDEIO_SFTP_DB) << "Username changed from " << sshUser
@@ -532,9 +542,15 @@ int sftpProtocol::authenticatePassword(bool noPaswordQuery) {
}
}
- rc = ssh_userauth_password(mSession, NULL, password.utf8().data());
+ rc = ssh_userauth_password(mSession, NULL, info.password.utf8().data());
} while (rc == SSH_AUTH_DENIED && !noPaswordQuery);
+
+ if (!mPasswordWasPrompted && (rc == SSH_AUTH_SUCCESS || rc == SSH_AUTH_PARTIAL)) {
+ // if the password was never prompted, it was never cached, so we should cache it manually
+ info.keepPassword = false;
+ cacheAuthentication(info);
+ }
return rc;
}