From c5ae0c2aa71a0950c6cf99c35146a3b4684fb167 Mon Sep 17 00:00:00 2001 From: Alexander Golubev Date: Tue, 23 Jan 2024 18:13:43 +0300 Subject: tdeioslave/sftp: even bigger authentication overhaul - Move authentication methods into separate functions so it would be easier to correctly handle error after those and select which should be called in which order. - A lot of minor improvements along the way Signed-off-by: Alexander Golubev (cherry picked from commit 2756ae762fefc3fe86463174866674a987856d89) --- tdeioslave/sftp/tdeio_sftp.h | 49 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 9 deletions(-) (limited to 'tdeioslave/sftp/tdeio_sftp.h') diff --git a/tdeioslave/sftp/tdeio_sftp.h b/tdeioslave/sftp/tdeio_sftp.h index 065ef7cda..66a348e68 100644 --- a/tdeioslave/sftp/tdeio_sftp.h +++ b/tdeioslave/sftp/tdeio_sftp.h @@ -96,10 +96,18 @@ public: void log_callback(ssh_session session, int priority, const char *message, void *userdata); + // Callbacks for SSHAuthMethod-derived strategies + int authenticatePublicKey(); + int authenticateKeyboardInteractive(bool noPaswordQuery = false); + int authenticatePassword(bool noPaswordQuery = false); + + /** Some extra authentication failure reasons intended to use alongside was declared in libssh */ + enum extra_ssh_auth_e { + SSH_AUTH_CANCELED=128, //< user canceled password entry dialog + SSH_AUTH_NEED_RECONNECT //< it is required to reinitialize connection from scratch + }; private: // Private variables - void statMime(const KURL &url); - void closeFile(); /** True if ioslave is connected to sftp server. */ bool mConnected; @@ -118,8 +126,9 @@ private: // Private variables /** Username to use when connecting */ TQString mUsername; - /** User's password. Note: the password would be set only if it was passed to - * setHost() or received from cache */ + /** User's password. Note: the password would be set only if it was somehow cached: passed to + * setHost(), received from passwdserver's cache or was entered by user before reconnection + */ TQString mPassword; /** The open file */ @@ -142,19 +151,26 @@ private: // Private variables /** Some data needed to interact with auth_callback() */ struct { - /** true if callback was called */ - bool wasCalled; - /** true if user canceled password entry dialog */ - bool wasCanceled; /** List of keys user was already prompted to enter the passphrase for. * Note: Under most sane circumstances the list shouldn't go beyond size=2, * so no fancy containers here */ TQStringList attemptedKeys; + /** true if callback was called */ + bool wasCalled; + /** true if user canceled password entry dialog */ + bool wasCanceled; } mPubKeyAuthData; + /** true if the password dialog was prompted to the user at leas once */ + bool mPasswordWasPrompted = false; + private: // private methods - int authenticateKeyboardInteractive(); + void statMime(const KURL &url); + void closeFile(); + + /** @returns username used by libssh during the connection */ + TQString sshUsername(); /** A small helper function to construct auth info skeleton for the protocol */ TDEIO::AuthInfo authInfo(); @@ -170,4 +186,19 @@ private: // private methods TQString canonicalizePath(const TQString &path); }; +/** A base class for ssh authentication methods. */ +class SSHAuthMethod { +public: + /** libssh's flag for he method */ + virtual int flag() = 0; + /** The user-friendly (probably translated) name of the method */ + virtual TQString name() = 0; + /** Actually do perform the auth process */ + virtual int authenticate(sftpProtocol *ioslave) const = 0; + /** Creates a copy of derived class */ + virtual SSHAuthMethod* clone() = 0; + + virtual ~SSHAuthMethod() {}; +}; + #endif -- cgit v1.2.1