From f8f0b8815ca821ad6764149a915122f8b2f0bf8b Mon Sep 17 00:00:00 2001 From: Alexander Golubev Date: Sun, 28 Jan 2024 16:20:48 +0300 Subject: tdeioslave/sftp: prevent infinite looping in kb-interactive auth Signed-off-by: Alexander Golubev --- tdeioslave/sftp/tdeio_sftp.cpp | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'tdeioslave') diff --git a/tdeioslave/sftp/tdeio_sftp.cpp b/tdeioslave/sftp/tdeio_sftp.cpp index 3fb611f58..39788cfd7 100644 --- a/tdeioslave/sftp/tdeio_sftp.cpp +++ b/tdeioslave/sftp/tdeio_sftp.cpp @@ -339,6 +339,8 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) { kdDebug(TDEIO_SFTP_DB) << "Entering keyboard interactive function" << endl; + bool retryDenied = false; // a flag to avoid infinite looping + while (1) { int n = 0; int i = 0; @@ -347,6 +349,11 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) { if (rc == SSH_AUTH_DENIED) { // do nothing kdDebug(TDEIO_SFTP_DB) << "kb-interactive auth was denied; retrying again" << endl; + if (retryDenied) { + continue; + } else { + break; + } } else if (rc != SSH_AUTH_INFO) { kdDebug(TDEIO_SFTP_DB) << "Finishing kb-interactive auth rc=" << rc << " ssh_err=" << ssh_get_error_code(mSession) @@ -360,6 +367,11 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) { instruction = TQString::fromUtf8(ssh_userauth_kbdint_getinstruction(mSession)); n = ssh_userauth_kbdint_getnprompts(mSession); + if (n>0) { + // If there is at least one prompt we will want to retry auth if we fail + retryDenied = true; + } + kdDebug(TDEIO_SFTP_DB) << "name=" << name << " instruction=" << instruction << " prompts:" << n << endl; -- cgit v1.2.1