From ee73349644fdf2a3a2ac122d7f930f84b00bcdba Mon Sep 17 00:00:00 2001
From: Alexander Golubev <fatzer2@gmail.com>
Date: Sun, 28 Jan 2024 23:25:58 +0300
Subject: [PATCH] tdeioslave/sftp: cache passwords in case they were passed to
 setHost()

Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
---
 tdeioslave/sftp/tdeio_sftp.cpp | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/tdeioslave/sftp/tdeio_sftp.cpp b/tdeioslave/sftp/tdeio_sftp.cpp
index 39788cfd7..c31708e35 100644
--- a/tdeioslave/sftp/tdeio_sftp.cpp
+++ b/tdeioslave/sftp/tdeio_sftp.cpp
@@ -341,6 +341,9 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) {
 
   bool retryDenied = false; // a flag to avoid infinite looping
 
+  TQString cachablePassword;
+  PasswordPurger cachePurger(cachablePassword);
+
   while (1) {
     int n = 0;
     int i = 0;
@@ -407,6 +410,7 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) {
           if (noPaswordQuery) { // if we have a cached password we might use it
             kdDebug(TDEIO_SFTP_DB) << "Using cached password" << endl;
             answer = mPassword;
+            cachablePassword = mPassword;
             purgeString(mPassword); // if we used up password purge it
           } else {
             infoKbdInt.prompt = i18n("Please enter your password.");
@@ -485,6 +489,15 @@ int sftpProtocol::authenticateKeyboardInteractive(bool noPaswordQuery) {
     } // for each ssh_userauth_kbdint_getprompt()
   } // while (1)
 
+  if (!mPasswordWasPrompted && !cachablePassword.isEmpty() && (rc == SSH_AUTH_SUCCESS || rc == SSH_AUTH_PARTIAL)) {
+    // if the password was never prompted, it was never cached, so we should cache it manually
+    TDEIO::AuthInfo info = authInfo();
+    info.password = cachablePassword;
+    info.keepPassword = false;
+    cacheAuthentication(info);
+    purgeString(info.password);
+  }
+
   return rc;
 }
 
@@ -495,15 +508,14 @@ int sftpProtocol::authenticatePassword(bool noPaswordQuery) {
   info.keepPassword = true;
   info.prompt = i18n("Please enter your username and password.");
 
+  PasswordPurger pPurger(info.password);
+
   int rc;
   do {
     TQString errMsg;
-    TQString password;
-
-    PasswordPurger pPurger(password);
 
     if(noPaswordQuery) { // on the first try use cached password
-      password = mPassword;
+      info.password = mPassword;
       purgeString(mPassword);
     } else {
       if (mPasswordWasPrompted) {
@@ -518,8 +530,6 @@ int sftpProtocol::authenticatePassword(bool noPaswordQuery) {
         return sftpProtocol::SSH_AUTH_CANCELED;
       }
 
-      password = info.password;
-
       TQString sshUser=sshUsername();
       if (info.username != sshUser) {
         kdDebug(TDEIO_SFTP_DB) << "Username changed from " << sshUser
@@ -532,9 +542,15 @@ int sftpProtocol::authenticatePassword(bool noPaswordQuery) {
       }
     }
 
-    rc = ssh_userauth_password(mSession, NULL, password.utf8().data());
+    rc = ssh_userauth_password(mSession, NULL, info.password.utf8().data());
 
   } while (rc == SSH_AUTH_DENIED && !noPaswordQuery);
+
+  if (!mPasswordWasPrompted && (rc == SSH_AUTH_SUCCESS || rc == SSH_AUTH_PARTIAL)) {
+    // if the password was never prompted, it was never cached, so we should cache it manually
+    info.keepPassword = false;
+    cacheAuthentication(info);
+  }
   return rc;
 }