GUAC-1389: Abort correctly if password or keyboard-interactive auth fails (fixes GUAC-1381).
This commit is contained in:
parent
075b7ffba9
commit
7c2766b34b
@ -344,19 +344,48 @@ static int guac_common_ssh_authenticate(guac_common_ssh_session* common_session)
|
|||||||
/* Authenticate with password, if provided */
|
/* Authenticate with password, if provided */
|
||||||
else if (password != NULL) {
|
else if (password != NULL) {
|
||||||
|
|
||||||
/* Authenticate with password */
|
/* Check if password auth is supported on the server */
|
||||||
if (strstr(user_authlist, "password") != NULL) {
|
if (strstr(user_authlist, "password") != NULL) {
|
||||||
guac_client_log(client, GUAC_LOG_DEBUG,
|
|
||||||
"Using password authentication method");
|
/* Attempt password authentication */
|
||||||
return libssh2_userauth_password(session, username, password);
|
if (libssh2_userauth_password(session, username, password)) {
|
||||||
|
|
||||||
|
/* Abort on failure */
|
||||||
|
char* error_message;
|
||||||
|
libssh2_session_last_error(session, &error_message, NULL, 0);
|
||||||
|
guac_client_abort(client,
|
||||||
|
GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
|
||||||
|
"Password authentication failed: %s", error_message);
|
||||||
|
|
||||||
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Authenticate with password via keyboard-interactive auth */
|
/* Password authentication succeeded */
|
||||||
|
return 0;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Check if keyboard-interactive auth is supported on the server */
|
||||||
if (strstr(user_authlist, "keyboard-interactive") != NULL) {
|
if (strstr(user_authlist, "keyboard-interactive") != NULL) {
|
||||||
guac_client_log(client, GUAC_LOG_DEBUG,
|
|
||||||
"Using keyboard-interactive authentication method");
|
/* Attempt keyboard-interactive auth using provided password */
|
||||||
return libssh2_userauth_keyboard_interactive(session, username,
|
if (libssh2_userauth_keyboard_interactive(session, username,
|
||||||
&guac_common_ssh_kbd_callback);
|
&guac_common_ssh_kbd_callback)) {
|
||||||
|
|
||||||
|
/* Abort on failure */
|
||||||
|
char* error_message;
|
||||||
|
libssh2_session_last_error(session, &error_message, NULL, 0);
|
||||||
|
guac_client_abort(client,
|
||||||
|
GUAC_PROTOCOL_STATUS_CLIENT_UNAUTHORIZED,
|
||||||
|
"Keyboard-interactive authentication failed: %s",
|
||||||
|
error_message);
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Keyboard-interactive authentication succeeded */
|
||||||
|
return 0;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* No known authentication types available */
|
/* No known authentication types available */
|
||||||
|
Loading…
Reference in New Issue
Block a user