commit 7910ef3ee50a847edf72d755381699f169d46278
Author: Adam Majer <amajer@suse.de>
Date: Mon Jun 25 15:06:38 2018 +0200
Ticket #3921: Enable keyboard interactive authentication
If SSH server does not support cleartext tunneled password
authentication and only 'keyboard interactive' authentication
instead, then we need to use different authentication
function along with a interactive callback.
Signed-off-by: Adam Majer <amajer@suse.de>
diff --git a/src/vfs/sftpfs/connection.c b/src/vfs/sftpfs/connection.c
index 537159129..a6b7d1b2c 100644
a
|
b
|
sftpfs_open_connection_ssh_key (struct vfs_s_super *super, GError ** mcerror) |
292 | 292 | return ret_value; |
293 | 293 | } |
294 | 294 | |
| 295 | |
| 296 | /** |
| 297 | * Keyboard-interactive password helper for opening connection to host by |
| 298 | * sftpfs_open_connection_ssh_password |
| 299 | * |
| 300 | * Uses global kbi_super (data with existing connection) and kbi_passwd (password) |
| 301 | * |
| 302 | * @param name username |
| 303 | * @param name_len length of @name |
| 304 | * @param instruction unused |
| 305 | * @param instruction_len unused |
| 306 | * @param num_prompts number of possible problems to process |
| 307 | * @param prompts array of prompts to process |
| 308 | * @param responses array of responses, one per prompt |
| 309 | * @param abstract unused |
| 310 | */ |
| 311 | |
| 312 | static const char *kbi_passwd; |
| 313 | static const struct vfs_s_super *kbi_super; |
| 314 | static |
| 315 | LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC (keyboard_interactive_helper) |
| 316 | { |
| 317 | int i; |
| 318 | int len; |
| 319 | |
| 320 | (void) instruction; |
| 321 | (void) instruction_len; |
| 322 | (void) abstract; |
| 323 | |
| 324 | if (!kbi_super || !kbi_passwd) |
| 325 | return; |
| 326 | |
| 327 | if (strncmp (name, kbi_super->path_element->user, name_len) != 0) |
| 328 | return; |
| 329 | |
| 330 | // assume these are password prompts |
| 331 | len = strlen (kbi_passwd); |
| 332 | for (i = 0; i < num_prompts; ++i) |
| 333 | { |
| 334 | if (strncmp (prompts[i].text, "Password: ", prompts[i].length) == 0) |
| 335 | { |
| 336 | responses[i].text = strdup (kbi_passwd); |
| 337 | responses[i].length = len; |
| 338 | } |
| 339 | } |
| 340 | } |
| 341 | |
295 | 342 | /* --------------------------------------------------------------------------------------------- */ |
296 | 343 | /** |
297 | 344 | * Open connection to host using password. |
… |
… |
sftpfs_open_connection_ssh_password (struct vfs_s_super *super, GError ** mcerro |
323 | 370 | LIBSSH2_ERROR_EAGAIN); |
324 | 371 | if (rc == 0) |
325 | 372 | return TRUE; |
| 373 | |
| 374 | kbi_super = super; |
| 375 | kbi_passwd = super->path_element->password; |
| 376 | while ((rc = |
| 377 | libssh2_userauth_keyboard_interactive (sftpfs_super->session, |
| 378 | super->path_element->user, |
| 379 | keyboard_interactive_helper)) == |
| 380 | LIBSSH2_ERROR_EAGAIN); |
| 381 | kbi_super = NULL; |
| 382 | kbi_passwd = NULL; |
| 383 | if (rc == 0) |
| 384 | return TRUE; |
326 | 385 | } |
327 | 386 | |
328 | 387 | p = g_strdup_printf (_("sftp: Enter password for %s "), super->path_element->user); |
… |
… |
sftpfs_open_connection_ssh_password (struct vfs_s_super *super, GError ** mcerro |
337 | 396 | passwd)) == LIBSSH2_ERROR_EAGAIN) |
338 | 397 | ; |
339 | 398 | |
| 399 | if (rc != 0) |
| 400 | { |
| 401 | kbi_super = super; |
| 402 | kbi_passwd = passwd; |
| 403 | while ((rc = |
| 404 | libssh2_userauth_keyboard_interactive (sftpfs_super->session, |
| 405 | super->path_element->user, |
| 406 | keyboard_interactive_helper)) == |
| 407 | LIBSSH2_ERROR_EAGAIN); |
| 408 | kbi_super = NULL; |
| 409 | kbi_passwd = NULL; |
| 410 | } |
| 411 | |
340 | 412 | if (rc == 0) |
341 | 413 | { |
342 | 414 | ret_value = TRUE; |