diff options
author | Michael Stahl <michael.stahl@allotropia.de> | 2022-04-13 16:50:30 +0200 |
---|---|---|
committer | Michael Stahl <michael.stahl@allotropia.de> | 2022-04-14 12:15:44 +0200 |
commit | d98aa6397dce8c3ad27cee7faaeb3048c5933b75 (patch) | |
tree | 9e7679aa7b3661374af1b79fb24c3c3049fbb8a5 | |
parent | 444d52aa0acaf1f9dd40bf8efb6f029b9b9d1131 (diff) |
ucb: webdav-curl: only allow system credentials for auth oncecib-6.4-7
... and in any case abort authentication after 10 failed attempts.
Apparently some PasswordContainer can turn this into an infinite loop.
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132974
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 2bc4d1d22fdbd9d97c66bb53762b4b4bf7b61b47)
ucb: webdav-curl: oops, increment after checking
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132982
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Tested-by: Jenkins
(cherry picked from commit ab65a74998b498ff49c15db87fc14a9afa89d8bf)
Change-Id: Ib2333b371a770999e8407ce7e1af21512aadb70d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132867
Tested-by: Jenkins
Reviewed-by: Thorsten Behrens <thorsten.behrens@allotropia.de>
(cherry picked from commit 6b54e6a8e64233de63b826211b81a8ed6767483f)
-rw-r--r-- | ucb/source/ucp/webdav-curl/CurlSession.cxx | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/ucb/source/ucp/webdav-curl/CurlSession.cxx b/ucb/source/ucp/webdav-curl/CurlSession.cxx index bddefa1ad117..dbc2e45cd3eb 100644 --- a/ucb/source/ucp/webdav-curl/CurlSession.cxx +++ b/ucb/source/ucp/webdav-curl/CurlSession.cxx @@ -1222,6 +1222,8 @@ auto CurlProcessor::ProcessRequest( } } bool isRetry(false); + int nAuthRequests(0); + int nAuthRequestsProxy(0); // libcurl does not have an authentication callback so handle auth // related status codes and requesting credentials via this loop @@ -1364,7 +1366,14 @@ auto CurlProcessor::ProcessRequest( case SC_UNAUTHORIZED: case SC_PROXY_AUTHENTICATION_REQUIRED: { - if (pEnv && pEnv->m_xAuthListener) + auto& rnAuthRequests(statusCode == SC_UNAUTHORIZED ? nAuthRequests + : nAuthRequestsProxy); + if (rnAuthRequests == 10) + { + SAL_INFO("ucb.ucp.webdav.curl", "aborting authentication after " + << rnAuthRequests << " attempts"); + } + else if (pEnv && pEnv->m_xAuthListener) { ::std::optional<OUString> const oRealm(ExtractRealm( headers, statusCode == SC_UNAUTHORIZED ? "WWW-Authenticate" @@ -1382,7 +1391,14 @@ auto CurlProcessor::ProcessRequest( &authAvail); assert(rc == CURLE_OK); (void)rc; - bool const isSystemCredSupported((authAvail & authSystem) != 0); + // only allow SystemCredentials once - the + // PasswordContainer may have stored it in the + // Config (TrySystemCredentialsFirst or + // AuthenticateUsingSystemCredentials) and then it + // will always force its use no matter how hopeless + bool const isSystemCredSupported((authAvail & authSystem) != 0 + && rnAuthRequests == 0); + ++rnAuthRequests; // Ask user via XInteractionHandler. // Warning: This likely runs an event loop which may |