| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This resolves issue #380
Signed-off-by: Alex Kent Hajnal <software@alephnull.net>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
|
|
|
| |
The libssh defines those flags as unsigned. Technically ssh_auth_list()
still returns int, but its guranteed to be bitset of those flags.
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Also:
- do not translate auth methods names as the names appear in config
files verbatim
- libssh actually doesn't supports hostbased auth, so exclude it from
bitset of supported
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
|
|
|
| |
Consider publickey auth canceled only if user canceled it for each of
the prompted keys.
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case the server is set up for multi-factor authentication we could
be have to query several things from the user like password, a key
passphrase, their mother's maiden name etc. It doesn't make a big
difference during an initial connection, but it butchers the
reconnection process: it can retrieve the answer of the user to the
first question (e.g. their password), but it fails to retrieve the
second one (e.g. the key passphrase). So the user would be forced to
reenter the answer for the second question upon each reconnection.
The reason for this is the passwdserver's desig (see DESIGN [1]):
Each query for AuthInfo with the openPassDlg() has an secNr number
associated with it. If it's smaller than the one of the one stored for
the privious request, than the one from the cache will be returned
automagically, if it's bigger the dialog will be prompted to the user.
Each call to openPassDlg() advances s_seqNr to the last value reported
by the passwdserver. So the first call will return the cached value and
subsequent calls will actually display the dialog to the user (assuming
authentication with the cached data failed).
But in case of multi-factor auth we have to query user for several
independent values. And we want to try to retrieve each one of those
from the cache. So we have to get a bit hacky and manually manipulate
the SlaveBase::s_seqNr value.
[1]: https://mirror.git.trinitydesktop.org/gitea/TDE/tdelibs/src/branch/master/tdeio/kpasswdserver/DESIGN
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
|
|
|
| |
This could be useful in case the destructor will be called before
openConnection()
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
We should always pass to the openPassDlg() exactly the same username
otherwise it may result in incorrect caching of passwords especially in
case if the username is changed by the user.
Also don't allow username change in case it was passed to setHost()
(i.e. it was specified in the URL like e.g. sftp://username@host/).
In such a case after changing it'd be impossible to properly cache it.
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
|
|
|
|
|
| |
- Move authentication methods into separate functions so it would be
easier to correctly handle error after those and select which should
be called in which order.
- A lot of minor improvements along the way
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
This will help kpasswdserver not to confuse different user's answers to
different questions.
Also avoid passing/returning TDE::AuthInfo for kb-interactive auth as it
isn't really necessary when we don't manually caching passwords anymore.
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
|
|
|
| |
All password caching we need actually already autmagically
done by openPassDlg().
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
|
|
|
|
| |
There were a couple of missing closeConnection() calls after connection
errors. The probably haven't caused any major bugs, but use scope guards
to be on the safe side.
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
| |
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
|
|
| |
As it allocated via malloc() rather than new.
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several enhancements to public key authentication and some other stuff:
- Fix passphrase entry for encrypted keys (was either hanging up or
segfaulting)
- Use scope guard idiom for cleanup calls for more reliable cleanup in
case of errors
- Add normal prompt for public key's passphrase entry dialog
- Correctly differentiate passphrase to password when cached (yes they
are getting cached regardless of keepPassword, at least for some
duration of time)
- Centrilize AuthInfo initialization and some rejig of it
kbd-interactive authentification
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
|
|
|
|
| |
This is a partial fix to the sftp ioslave. Subsequent commits will fix
other issues.
Closes: https://mirror.git.trinitydesktop.org/gitea/TDE/tdebase/issues/443
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
|
|
| |
QIODevice with TQ* version
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
|
|
| |
merging of tqtinterface with tqt3.
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Denis Kozadaev <denis@dilos.org>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
|
|
| |
removable drives and CD/DVD disks.
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
|
| |
Signed-off-by: Mavridis Philippe <mavridisf@gmail.com>
Signed-off-by: Slávek Banko <slavek.banko@axis.cz>
|
|
|
|
|
|
|
|
|
|
|
| |
For details see PR #279.
Portions of code borrowed from KDE5 SFTP ioslave:
Source: https://invent.kde.org/network/kio-extras/-/blob/master/sftp/kio_sftp.cpp
Licence: LGPLv2 or later
Signed-off-by: Mavridis Philippe <mavridisf@gmail.com>
|
|
|
|
|
|
|
|
|
| |
Source: https://github.com/sandsmark/kde2-kio-sftp-kde4
Licence: GPLv2 or later
This resolves issue #276.
Signed-off-by: Mavridis Philippe <mavridisf@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
"Only store password in KWallet if the user asked for it"
https://invent.kde.org/network/kio-extras/-/commit/d813cef3cecdec9af1532a40d677a203ff979145
Author: David Faure
Licence: GPLv2
This mitigates CVE-2020-12755.
Signed-off-by: Mavridis Philippe <mavridisf@gmail.com>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
|
|
|
|
| |
mount/unmout/lock/unlock/ejct media devices.
This ensures a consistent media device status also with complex
partition structures and LUKS encryption.
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|
|
|
|
| |
Signed-off-by: Michele Calgaro <michele.calgaro@yahoo.it>
|