summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Stahl <michael.stahl@allotropia.de>2022-04-13 16:50:30 +0200
committerMichael Stahl <michael.stahl@allotropia.de>2022-04-14 12:15:44 +0200
commitd98aa6397dce8c3ad27cee7faaeb3048c5933b75 (patch)
tree9e7679aa7b3661374af1b79fb24c3c3049fbb8a5
parent444d52aa0acaf1f9dd40bf8efb6f029b9b9d1131 (diff)
ucb: webdav-curl: only allow system credentials for auth oncecib-6.4-7
... and in any case abort authentication after 10 failed attempts. Apparently some PasswordContainer can turn this into an infinite loop. Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132974 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> (cherry picked from commit 2bc4d1d22fdbd9d97c66bb53762b4b4bf7b61b47) ucb: webdav-curl: oops, increment after checking Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132982 Reviewed-by: Michael Stahl <michael.stahl@allotropia.de> Tested-by: Jenkins (cherry picked from commit ab65a74998b498ff49c15db87fc14a9afa89d8bf) Change-Id: Ib2333b371a770999e8407ce7e1af21512aadb70d Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132867 Tested-by: Jenkins Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de> (cherry picked from commit 6b54e6a8e64233de63b826211b81a8ed6767483f)
-rw-r--r--ucb/source/ucp/webdav-curl/CurlSession.cxx20
1 files changed, 18 insertions, 2 deletions
diff --git a/ucb/source/ucp/webdav-curl/CurlSession.cxx b/ucb/source/ucp/webdav-curl/CurlSession.cxx
index bddefa1ad117..dbc2e45cd3eb 100644
--- a/ucb/source/ucp/webdav-curl/CurlSession.cxx
+++ b/ucb/source/ucp/webdav-curl/CurlSession.cxx
@@ -1222,6 +1222,8 @@ auto CurlProcessor::ProcessRequest(
}
}
bool isRetry(false);
+ int nAuthRequests(0);
+ int nAuthRequestsProxy(0);
// libcurl does not have an authentication callback so handle auth
// related status codes and requesting credentials via this loop
@@ -1364,7 +1366,14 @@ auto CurlProcessor::ProcessRequest(
case SC_UNAUTHORIZED:
case SC_PROXY_AUTHENTICATION_REQUIRED:
{
- if (pEnv && pEnv->m_xAuthListener)
+ auto& rnAuthRequests(statusCode == SC_UNAUTHORIZED ? nAuthRequests
+ : nAuthRequestsProxy);
+ if (rnAuthRequests == 10)
+ {
+ SAL_INFO("ucb.ucp.webdav.curl", "aborting authentication after "
+ << rnAuthRequests << " attempts");
+ }
+ else if (pEnv && pEnv->m_xAuthListener)
{
::std::optional<OUString> const oRealm(ExtractRealm(
headers, statusCode == SC_UNAUTHORIZED ? "WWW-Authenticate"
@@ -1382,7 +1391,14 @@ auto CurlProcessor::ProcessRequest(
&authAvail);
assert(rc == CURLE_OK);
(void)rc;
- bool const isSystemCredSupported((authAvail & authSystem) != 0);
+ // only allow SystemCredentials once - the
+ // PasswordContainer may have stored it in the
+ // Config (TrySystemCredentialsFirst or
+ // AuthenticateUsingSystemCredentials) and then it
+ // will always force its use no matter how hopeless
+ bool const isSystemCredSupported((authAvail & authSystem) != 0
+ && rnAuthRequests == 0);
+ ++rnAuthRequests;
// Ask user via XInteractionHandler.
// Warning: This likely runs an event loop which may