diff options
-rw-r--r-- | lib/ssh/src/ssh.hrl | 6 | ||||
-rw-r--r-- | lib/ssh/src/ssh_auth.erl | 36 | ||||
-rw-r--r-- | lib/ssh/src/ssh_connection_handler.erl | 6 |
3 files changed, 26 insertions, 22 deletions
diff --git a/lib/ssh/src/ssh.hrl b/lib/ssh/src/ssh.hrl index 94154c8a96..a02c87505d 100644 --- a/lib/ssh/src/ssh.hrl +++ b/lib/ssh/src/ssh.hrl @@ -128,8 +128,10 @@ user, service, userauth_quiet_mode, % boolean() - userauth_supported_methods , % - userauth_methods, + userauth_supported_methods, % string() eg "keyboard-interactive,password" + userauth_methods, % list( string() ) eg ["keyboard-interactive", "password"] + kb_tries_left = 0, % integer(), num tries left for "keyboard-interactive" + kb_data, userauth_preference, available_host_keys, authenticated = false diff --git a/lib/ssh/src/ssh_auth.erl b/lib/ssh/src/ssh_auth.erl index 5610be5878..585bf89539 100644 --- a/lib/ssh/src/ssh_auth.erl +++ b/lib/ssh/src/ssh_auth.erl @@ -249,8 +249,10 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, method = "keyboard-interactive", data = _}, _, #ssh{opts = Opts, + kb_tries_left = KbTriesLeft, userauth_supported_methods = Methods} = Ssh) -> - case proplists:get_value(max_kb_tries, Opts, 0) of +io:format('KbTriesLeft ~p~n',[KbTriesLeft]), + case KbTriesLeft of N when N<1 -> {not_authorized, {User, {authmethod, "keyboard-interactive"}}, ssh_transport:ssh_packet( @@ -298,7 +300,7 @@ handle_userauth_request(#ssh_msg_userauth_request{user = User, }, {not_authorized, {User, undefined}, ssh_transport:ssh_packet(Msg, Ssh#ssh{user = User, - opts = [{kb_userauth_info_msg,Msg}|Opts] + kb_data = Msg })} end; @@ -327,35 +329,37 @@ handle_userauth_info_request( handle_userauth_info_response(#ssh_msg_userauth_info_response{num_responses = 1, data = <<?UINT32(Sz), Password:Sz/binary>>}, - #ssh{opts = Opts0, + #ssh{opts = Opts, + kb_tries_left = KbTriesLeft0, + kb_data = InfoMsg, user = User, userauth_supported_methods = Methods} = Ssh) -> - NumTriesLeft = proplists:get_value(max_kb_tries, Opts0, 0) - 1, - Opts = lists:keydelete(max_kb_tries,1,Opts0), + KbTriesLeft = KbTriesLeft0 - 1, case check_password(User, unicode:characters_to_list(Password), Opts) of true -> {authorized, User, ssh_transport:ssh_packet(#ssh_msg_userauth_success{}, Ssh)}; - false when NumTriesLeft > 0 -> + false when KbTriesLeft > 0 -> UserAuthInfoMsg = - (proplists:get_value(kb_userauth_info_msg,Opts)) - #ssh_msg_userauth_info_request{name = "", - instruction = - lists:concat( - ["Bad user or password, try again. ", - integer_to_list(NumTriesLeft), - " tries left."]) - }, + InfoMsg#ssh_msg_userauth_info_request{ + name = "", + instruction = + lists:concat( + ["Bad user or password, try again. ", + integer_to_list(KbTriesLeft), + " tries left."]) + }, {not_authorized, {User, undefined}, ssh_transport:ssh_packet(UserAuthInfoMsg, - Ssh#ssh{opts = [{max_kb_tries,NumTriesLeft}|Opts]})}; + Ssh#ssh{kb_tries_left = KbTriesLeft})}; false -> {not_authorized, {User, {error,"Bad user or password"}}, ssh_transport:ssh_packet(#ssh_msg_userauth_failure{ authentications = Methods, partial_success = false}, - Ssh#ssh{opts = lists:keydelete(kb_userauth_info_msg,1,Opts)} + Ssh#ssh{kb_data = undefined, + kb_tries_left = 0} )} end; diff --git a/lib/ssh/src/ssh_connection_handler.erl b/lib/ssh/src/ssh_connection_handler.erl index 9bd49c5c05..d8bf66d2a8 100644 --- a/lib/ssh/src/ssh_connection_handler.erl +++ b/lib/ssh/src/ssh_connection_handler.erl @@ -1164,12 +1164,10 @@ init_ssh(server = Role, Vsn, Version, Options, Socket) -> s_version = Version, key_cb = KeyCb, io_cb = proplists:get_value(io_cb, Options, ssh_io), - opts = case lists:member("keyboard-interactive",AuthMethodsAsList) of - true -> [{max_kb_tries,3}|Options]; - false -> Options - end, + opts = Options, userauth_supported_methods = AuthMethods, userauth_methods = AuthMethodsAsList, + kb_tries_left = 3, peer = {undefined, PeerAddr}, available_host_keys = supported_host_keys(Role, KeyCb, Options) }. |