In case the server is set up for multi-factor authentication we could
be have to query several things from the user like password, a key
passphrase, their mother's maiden name etc. It doesn't make a big
difference during an initial connection, but it butchers the
reconnection process: it can retrieve the answer of the user to the
first question (e.g. their password), but it fails to retrieve the
second one (e.g. the key passphrase). So the user would be forced to
reenter the answer for the second question upon each reconnection.
The reason for this is the passwdserver's desig (see DESIGN [1]):
Each query for AuthInfo with the openPassDlg() has an secNr number
associated with it. If it's smaller than the one of the one stored for
the privious request, than the one from the cache will be returned
automagically, if it's bigger the dialog will be prompted to the user.
Each call to openPassDlg() advances s_seqNr to the last value reported
by the passwdserver. So the first call will return the cached value and
subsequent calls will actually display the dialog to the user (assuming
authentication with the cached data failed).
But in case of multi-factor auth we have to query user for several
independent values. And we want to try to retrieve each one of those
from the cache. So we have to get a bit hacky and manually manipulate
the SlaveBase::s_seqNr value.
[1]: https://mirror.git.trinitydesktop.org/gitea/TDE/tdelibs/src/branch/master/tdeio/kpasswdserver/DESIGN
Signed-off-by: Alexander Golubev <fatzer2@gmail.com>
(cherry picked from commit 95b18e6338
)
pull/478/head
parent
fae96a29fb
commit
ef56a87ffe
Loading…
Reference in new issue