From c5abdad6aa0d0eaf9df0a7252c32155ef1db9348 Mon Sep 17 00:00:00 2001 From: Antenore Gatta Date: Fri, 8 Jan 2021 16:47:09 +0100 Subject: Implementing simple SSH multi factor authentication. When an SSH server AuthenticationMethods with multiple methods, like public key authentions and password, we receive an SSH_PARTIAL_AUTHENTICATION return code, that was ignored in Remmina. Now Remmina correctly handle this state and pass to the second mechanism. More than 2 mechanism are not supported yet, because Remmina doesn't go behind 3 authentions attempts at the moment (to be fixed). The next step will be to implement keyboard interactive authentication. Signed-off-by: Antenore Gatta --- src/remmina_ssh_plugin.c | 44 +++++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 15 deletions(-) (limited to 'src/remmina_ssh_plugin.c') diff --git a/src/remmina_ssh_plugin.c b/src/remmina_ssh_plugin.c index f52e6bbb2..a9213fbcc 100644 --- a/src/remmina_ssh_plugin.c +++ b/src/remmina_ssh_plugin.c @@ -267,6 +267,7 @@ remmina_plugin_ssh_main_thread(gpointer data) RemminaSSH *ssh; RemminaSSHShell *shell = NULL; gboolean cont = FALSE; + gboolean partial = FALSE; gchar *hostport; gint ret; @@ -309,15 +310,31 @@ remmina_plugin_ssh_main_thread(gpointer data) REMMINA_DEBUG ("tunnel_entrance_host: %s, tunnel_entrance_port: %d", ssh->tunnel_entrance_host, ssh->tunnel_entrance_port); while (1) { - if (!remmina_ssh_init_session(ssh)) { - REMMINA_DEBUG("init session error: %s", ssh->error); - remmina_plugin_service->protocol_plugin_set_error(gp, "%s", ssh->error); - break; + if (!partial) { + if (!remmina_ssh_init_session(ssh)) { + REMMINA_DEBUG("init session error: %s", ssh->error); + remmina_plugin_service->protocol_plugin_set_error(gp, "%s", ssh->error); + break; + } } ret = remmina_ssh_auth_gui(ssh, gp, remminafile); - if (ret != REMMINA_SSH_AUTH_SUCCESS) { - if(ret == REMMINA_SSH_AUTH_RECONNECT) { + switch (ret) { + case REMMINA_SSH_AUTH_SUCCESS: + REMMINA_DEBUG ("Authentication success"); + if (!remmina_ssh_shell_open(shell, (RemminaSSHExitFunc) + remmina_plugin_service->protocol_plugin_signal_connection_closed, gp)) { + remmina_plugin_service->protocol_plugin_set_error(gp, "%s", ssh->error); + break; + } + break; + case REMMINA_SSH_AUTH_PARTIAL: + REMMINA_DEBUG ("Continue with the next auth method"); + partial = TRUE; + continue; + break; + case REMMINA_SSH_AUTH_RECONNECT: + REMMINA_DEBUG ("Reconnecting..."); if (ssh->session) { ssh_disconnect(ssh->session); ssh_free(ssh->session); @@ -325,18 +342,15 @@ remmina_plugin_ssh_main_thread(gpointer data) } g_free(ssh->callback); continue; - } - - if (ret != REMMINA_SSH_AUTH_USERCANCEL) + break; + case REMMINA_SSH_AUTH_USERCANCEL: + REMMINA_DEBUG ("Interrupted by the user"); + break; + default: + REMMINA_DEBUG ("Error during the authentication: %s", ssh->error); remmina_plugin_service->protocol_plugin_set_error(gp, "%s", ssh->error); - break; } - if (!remmina_ssh_shell_open(shell, (RemminaSSHExitFunc) - remmina_plugin_service->protocol_plugin_signal_connection_closed, gp)) { - remmina_plugin_service->protocol_plugin_set_error(gp, "%s", ssh->error); - break; - } cont = TRUE; break; -- cgit v1.2.3