summaryrefslogtreecommitdiffstats
path: root/tdeioslave/sftp/tdeio_sftp.h
diff options
context:
space:
mode:
authorAlexander Golubev <[email protected]>2024-01-23 18:13:43 +0300
committerTDE Gitea <[email protected]>2024-03-04 11:04:11 +0000
commit2756ae762fefc3fe86463174866674a987856d89 (patch)
tree67d9e61e66cd23b6e6a43339674c4210db5e0625 /tdeioslave/sftp/tdeio_sftp.h
parentd316ff14bdcc6c7e402276cba2a15c1ac8bb5278 (diff)
downloadtdebase-2756ae762fefc3fe86463174866674a987856d89.tar.gz
tdebase-2756ae762fefc3fe86463174866674a987856d89.zip
tdeioslave/sftp: even bigger authentication overhaul
- Move authentication methods into separate functions so it would be easier to correctly handle error after those and select which should be called in which order. - A lot of minor improvements along the way Signed-off-by: Alexander Golubev <[email protected]>
Diffstat (limited to 'tdeioslave/sftp/tdeio_sftp.h')
-rw-r--r--tdeioslave/sftp/tdeio_sftp.h49
1 files changed, 40 insertions, 9 deletions
diff --git a/tdeioslave/sftp/tdeio_sftp.h b/tdeioslave/sftp/tdeio_sftp.h
index 065ef7cda..66a348e68 100644
--- a/tdeioslave/sftp/tdeio_sftp.h
+++ b/tdeioslave/sftp/tdeio_sftp.h
@@ -96,10 +96,18 @@ public:
void log_callback(ssh_session session, int priority, const char *message,
void *userdata);
+ // Callbacks for SSHAuthMethod-derived strategies
+ int authenticatePublicKey();
+ int authenticateKeyboardInteractive(bool noPaswordQuery = false);
+ int authenticatePassword(bool noPaswordQuery = false);
+
+ /** Some extra authentication failure reasons intended to use alongside was declared in libssh */
+ enum extra_ssh_auth_e {
+ SSH_AUTH_CANCELED=128, //< user canceled password entry dialog
+ SSH_AUTH_NEED_RECONNECT //< it is required to reinitialize connection from scratch
+ };
private: // Private variables
- void statMime(const KURL &url);
- void closeFile();
/** True if ioslave is connected to sftp server. */
bool mConnected;
@@ -118,8 +126,9 @@ private: // Private variables
/** Username to use when connecting */
TQString mUsername;
- /** User's password. Note: the password would be set only if it was passed to
- * setHost() or received from cache */
+ /** User's password. Note: the password would be set only if it was somehow cached: passed to
+ * setHost(), received from passwdserver's cache or was entered by user before reconnection
+ */
TQString mPassword;
/** The open file */
@@ -142,19 +151,26 @@ private: // Private variables
/** Some data needed to interact with auth_callback() */
struct {
- /** true if callback was called */
- bool wasCalled;
- /** true if user canceled password entry dialog */
- bool wasCanceled;
/** List of keys user was already prompted to enter the passphrase for.
* Note: Under most sane circumstances the list shouldn't go beyond size=2,
* so no fancy containers here
*/
TQStringList attemptedKeys;
+ /** true if callback was called */
+ bool wasCalled;
+ /** true if user canceled password entry dialog */
+ bool wasCanceled;
} mPubKeyAuthData;
+ /** true if the password dialog was prompted to the user at leas once */
+ bool mPasswordWasPrompted = false;
+
private: // private methods
- int authenticateKeyboardInteractive();
+ void statMime(const KURL &url);
+ void closeFile();
+
+ /** @returns username used by libssh during the connection */
+ TQString sshUsername();
/** A small helper function to construct auth info skeleton for the protocol */
TDEIO::AuthInfo authInfo();
@@ -170,4 +186,19 @@ private: // private methods
TQString canonicalizePath(const TQString &path);
};
+/** A base class for ssh authentication methods. */
+class SSHAuthMethod {
+public:
+ /** libssh's flag for he method */
+ virtual int flag() = 0;
+ /** The user-friendly (probably translated) name of the method */
+ virtual TQString name() = 0;
+ /** Actually do perform the auth process */
+ virtual int authenticate(sftpProtocol *ioslave) const = 0;
+ /** Creates a copy of derived class */
+ virtual SSHAuthMethod* clone() = 0;
+
+ virtual ~SSHAuthMethod() {};
+};
+
#endif