diff options
| author | Dave Heller <hellerda@us.ibm.com> | 2017-10-12 12:51:34 -0400 |
|---|---|---|
| committer | Dave Heller <hellerda@us.ibm.com> | 2017-10-15 12:28:04 -0400 |
| commit | 28a0e0cd238a2ef9383f6cbb37aced034aa92881 (patch) | |
| tree | bee2df394a5166a1c85e61815a5e72c58b839c81 /src | |
| parent | 150657872f176a12059fc969a9b3b8c3b907ade5 (diff) | |
| download | sb-signing-framework-28a0e0cd238a2ef9383f6cbb37aced034aa92881.tar.gz sb-signing-framework-28a0e0cd238a2ef9383f6cbb37aced034aa92881.zip | |
Support PW entry retries for encrypted sshkey for sf_client
This adds support for password entry retries for signframework client, in case
the user fat-fingers the password entry (to unlock the encrypted sshkey). It
only patches the sendFileToServer() function, since this seems to be the first
and only point where the user is actually prompted. The number of retries is
configable by a defined macro in the code.
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/client/pscp_sftp.c | 50 |
1 files changed, 44 insertions, 6 deletions
diff --git a/src/client/pscp_sftp.c b/src/client/pscp_sftp.c index aede734..564cc44 100644 --- a/src/client/pscp_sftp.c +++ b/src/client/pscp_sftp.c @@ -28,6 +28,7 @@ #define PSCP_PKEY_PASSPHRASE_MAX 256 #define PSCP_SFTP_MAX_POLLING_ATTEMPTS 10 #define PSCP_SFTP_POLLING_DURATION 5 +#define PSCP_SSHKEY_GETPW_MAX_RETRIES 2 struct pscp_sftp_session { @@ -105,14 +106,51 @@ struct pscp_sftp_session* startSftpSession(const char * sftp_url, const char * } if(status == CURLE_OK) { - char passphrase[PSCP_PKEY_PASSPHRASE_MAX]; - bzero(passphrase, PSCP_PKEY_PASSPHRASE_MAX); - status = GetPassword(passphrase, PSCP_PKEY_PASSPHRASE_MAX, verbose); - if(status == 0) - { + status = curl_easy_setopt(sftp->curl, CURLOPT_URL, sftp_url); + } + if(status == CURLE_OK) + { + status = curl_easy_setopt(sftp->curl, CURLOPT_CONNECT_ONLY, 1L); + } + if(status == CURLE_OK) + { + int retry = 0; + while(retry <= PSCP_SSHKEY_GETPW_MAX_RETRIES) { + + char passphrase[PSCP_PKEY_PASSPHRASE_MAX]; + bzero(passphrase, PSCP_PKEY_PASSPHRASE_MAX); + + status = GetPassword(passphrase, PSCP_PKEY_PASSPHRASE_MAX, verbose); + if(status != 0) + { + fprintf(stderr, "ERROR: unable to get password, error: %d\n", status); + bzero(passphrase, PSCP_PKEY_PASSPHRASE_MAX); + break; + } status = curl_easy_setopt(sftp->curl, CURLOPT_KEYPASSWD, passphrase); + bzero(passphrase, PSCP_PKEY_PASSPHRASE_MAX); + if(status != CURLE_OK) + { + fprintf(stderr, "ERROR: unable to set CURLOPT_KEYPASSWD, curl error: %d\n", status); + break; + } + status = curl_easy_perform(sftp->curl); + if(status == 0) + { + status = curl_easy_setopt(sftp->curl, CURLOPT_CONNECT_ONLY, 0L); + break; + } + if(status != CURLE_LOGIN_DENIED) + { + fprintf(stderr, "ERROR: unable to establish session with %s\n", sftp->url); + break; + } + retry++; + } + if(status == CURLE_LOGIN_DENIED) + { + fprintf(stderr, "ERROR: unable to connect to %s with provided credentials\n", sftp->url); } - bzero(passphrase, PSCP_PKEY_PASSPHRASE_MAX); } if(status != 0 && sftp) |
