mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 01:43:23 +00:00
virNetLibsshAuthenticatePassword: Use virAuthAskPassword instead of virAuthGetPasswordPath
virAuthGetPasswordPath can return the same password over and over if it's configured in the config. We rather want to try that only the first time and then ask the user instead. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
This commit is contained in:
parent
88fde18644
commit
616e79c065
@ -500,6 +500,7 @@ virNetLibsshAuthenticatePrivkey(virNetLibsshSession *sess,
|
|||||||
static int
|
static int
|
||||||
virNetLibsshAuthenticatePassword(virNetLibsshSession *sess)
|
virNetLibsshAuthenticatePassword(virNetLibsshSession *sess)
|
||||||
{
|
{
|
||||||
|
g_autofree char *password = NULL;
|
||||||
const char *errmsg;
|
const char *errmsg;
|
||||||
int rc = SSH_AUTH_ERROR;
|
int rc = SSH_AUTH_ERROR;
|
||||||
|
|
||||||
@ -513,19 +514,34 @@ virNetLibsshAuthenticatePassword(virNetLibsshSession *sess)
|
|||||||
return SSH_AUTH_ERROR;
|
return SSH_AUTH_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* first try to get password from config */
|
||||||
|
if (virAuthGetCredential("ssh", sess->hostname, "password", sess->authPath,
|
||||||
|
&password) < 0)
|
||||||
|
return SSH_AUTH_ERROR;
|
||||||
|
|
||||||
|
if (password) {
|
||||||
|
rc = ssh_userauth_password(sess->session, NULL, password);
|
||||||
|
virSecureEraseString(password);
|
||||||
|
|
||||||
|
if (rc == 0)
|
||||||
|
return SSH_AUTH_SUCCESS;
|
||||||
|
else if (rc != SSH_AUTH_DENIED)
|
||||||
|
goto error;
|
||||||
|
}
|
||||||
|
|
||||||
/* Try the authenticating the set amount of times. The server breaks the
|
/* Try the authenticating the set amount of times. The server breaks the
|
||||||
* connection if maximum number of bad auth tries is exceeded */
|
* connection if maximum number of bad auth tries is exceeded */
|
||||||
while (true) {
|
while (true) {
|
||||||
g_autofree char *password = NULL;
|
g_autoptr(virConnectCredential) cred = NULL;
|
||||||
|
g_autofree char *prompt = NULL;
|
||||||
|
|
||||||
if (!(password = virAuthGetPasswordPath(sess->authPath, sess->cred,
|
prompt = g_strdup_printf(_("Enter %s's password for %s"),
|
||||||
"ssh", sess->username,
|
sess->username, sess->hostname);
|
||||||
sess->hostname)))
|
|
||||||
|
if (!(cred = virAuthAskCredential(sess->cred, prompt, false)))
|
||||||
return SSH_AUTH_ERROR;
|
return SSH_AUTH_ERROR;
|
||||||
|
|
||||||
/* tunnelled password authentication */
|
rc = ssh_userauth_password(sess->session, NULL, cred->result);
|
||||||
rc = ssh_userauth_password(sess->session, NULL, password);
|
|
||||||
virSecureEraseString(password);
|
|
||||||
|
|
||||||
if (rc == 0)
|
if (rc == 0)
|
||||||
return SSH_AUTH_SUCCESS;
|
return SSH_AUTH_SUCCESS;
|
||||||
@ -533,7 +549,7 @@ virNetLibsshAuthenticatePassword(virNetLibsshSession *sess)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* error path */
|
error:
|
||||||
errmsg = ssh_get_error(sess->session);
|
errmsg = ssh_get_error(sess->session);
|
||||||
virReportError(VIR_ERR_AUTH_FAILED,
|
virReportError(VIR_ERR_AUTH_FAILED,
|
||||||
_("authentication failed: %s"), errmsg);
|
_("authentication failed: %s"), errmsg);
|
||||||
|
Loading…
Reference in New Issue
Block a user