summaryrefslogtreecommitdiffstats
path: root/tdeioslave/sftp/tdeio_sftp.cpp
diff options
context:
space:
mode:
authorAlexander Golubev <[email protected]>2024-01-28 16:20:48 +0300
committerMichele Calgaro <[email protected]>2024-03-04 23:34:45 +0900
commit7ae474170942fe8a20e9dddfffef51d17b9cbc35 (patch)
tree012302ae2e6080b6e7992e84dbf9c50a6756a9d3 /tdeioslave/sftp/tdeio_sftp.cpp
parent16ad368674e0053c1752393aa9f5d1521e68f025 (diff)
downloadtdebase-7ae474170942fe8a20e9dddfffef51d17b9cbc35.tar.gz
tdebase-7ae474170942fe8a20e9dddfffef51d17b9cbc35.zip
tdeioslave/sftp: prevent infinite looping in kb-interactive auth
Signed-off-by: Alexander Golubev <[email protected]> (cherry picked from commit f8f0b8815ca821ad6764149a915122f8b2f0bf8b)
Diffstat (limited to 'tdeioslave/sftp/tdeio_sftp.cpp')
-rw-r--r--tdeioslave/sftp/tdeio_sftp.cpp12
1 files changed, 12 insertions, 0 deletions
diff --git a/tdeioslave/sftp/tdeio_sftp.cpp b/tdeioslave/sftp/tdeio_sftp.cpp
index 3fb611f58..39788cfd7 100644
--- a/tdeioslave/sftp/tdeio_sftp.cpp
+++ b/tdeioslave/sftp/tdeio_sftp.cpp
@@ -339,6 +339,8 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) {
kdDebug(TDEIO_SFTP_DB) << "Entering keyboard interactive function" << endl;
+ bool retryDenied = false; // a flag to avoid infinite looping
+
while (1) {
int n = 0;
int i = 0;
@@ -347,6 +349,11 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) {
if (rc == SSH_AUTH_DENIED) { // do nothing
kdDebug(TDEIO_SFTP_DB) << "kb-interactive auth was denied; retrying again" << endl;
+ if (retryDenied) {
+ continue;
+ } else {
+ break;
+ }
} else if (rc != SSH_AUTH_INFO) {
kdDebug(TDEIO_SFTP_DB) << "Finishing kb-interactive auth rc=" << rc
<< " ssh_err=" << ssh_get_error_code(mSession)
@@ -360,6 +367,11 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) {
instruction = TQString::fromUtf8(ssh_userauth_kbdint_getinstruction(mSession));
n = ssh_userauth_kbdint_getnprompts(mSession);
+ if (n>0) {
+ // If there is at least one prompt we will want to retry auth if we fail
+ retryDenied = true;
+ }
+
kdDebug(TDEIO_SFTP_DB) << "name=" << name << " instruction=" << instruction
<< " prompts:" << n << endl;