mir/libreoffice
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ucb: webdav-curl: only allow system credentials for auth once

Browse Source 
... and in any case abort authentication after 10 failed attempts.

Apparently some PasswordContainer can turn this into an infinite loop.

Change-Id: Ib2333b371a770999e8407ce7e1af21512aadb70d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/132974
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
This commit is contained in:
Michael Stahl
2022-04-13 16:50:30 +02:00
parent 1aced94715
commit 2bc4d1d22f
1 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
ucb/source/ucp/webdav-curl/CurlSession.cxx
View File

@@ -1221,6 +1221,8 @@ auto CurlProcessor::ProcessRequest(
} }
} }
bool isRetry(false); bool isRetry(false);
int nAuthRequests(0);
int nAuthRequestsProxy(0);
// libcurl does not have an authentication callback so handle auth // libcurl does not have an authentication callback so handle auth
// related status codes and requesting credentials via this loop // related status codes and requesting credentials via this loop
@@ -1363,8 +1365,16 @@ auto CurlProcessor::ProcessRequest(
case SC_UNAUTHORIZED: case SC_UNAUTHORIZED:
case SC_PROXY_AUTHENTICATION_REQUIRED: case SC_PROXY_AUTHENTICATION_REQUIRED:
{ {
if (pEnv && pEnv->m_xAuthListener) auto& rnAuthRequests(statusCode == SC_UNAUTHORIZED ? nAuthRequests
: nAuthRequestsProxy);
if (rnAuthRequests == 10)
{ {
SAL_INFO("ucb.ucp.webdav.curl", "aborting authentication after "
<< rnAuthRequests << " attempts");
}
else if (pEnv && pEnv->m_xAuthListener)
{
++rnAuthRequests;
::std::optional<OUString> const oRealm(ExtractRealm( ::std::optional<OUString> const oRealm(ExtractRealm(
headers, statusCode == SC_UNAUTHORIZED ? "WWW-Authenticate" headers, statusCode == SC_UNAUTHORIZED ? "WWW-Authenticate"
: "Proxy-Authenticate")); : "Proxy-Authenticate"));
@@ -1381,7 +1391,13 @@ auto CurlProcessor::ProcessRequest(
&authAvail); &authAvail);
assert(rc == CURLE_OK); assert(rc == CURLE_OK);
(void)rc; (void)rc;
bool const isSystemCredSupported((authAvail & authSystem) != 0); // only allow SystemCredentials once - the
// PasswordContainer may have stored it in the
// Config (TrySystemCredentialsFirst or
// AuthenticateUsingSystemCredentials) and then it
// will always force its use no matter how hopeless
bool const isSystemCredSupported((authAvail & authSystem) != 0
&& rnAuthRequests == 0);
// Ask user via XInteractionHandler. // Ask user via XInteractionHandler.
// Warning: This likely runs an event loop which may // Warning: This likely runs an event loop which may