Fix handling of dynamic challenge when response is not required

In this case, as per management-notes.txt, a CRV1 response with
an empty password should be submitted. Currently we ignore
such "challenges" causing the regular user-auth dialog to be shown
instead.

Fix by displaying the message received from the server. Depending
on user action (OK or CANCEL), a properly formatted reponse with an
empty password is returned or the connection is aborted.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
pull/420/head
Selva Nair 2021-04-22 18:57:30 -04:00
parent 21e09d4603
commit 69e772d681
1 changed files with 13 additions and 7 deletions

View File

@ -642,6 +642,19 @@ GenericPassDialogFunc(HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
{
SetDlgItemTextW(hwndDlg, ID_TXT_DESCRIPTION, wstr);
/* If response is not required show a message box with the challenge
* text and autosubmit an empty password (see management-notes.txt)
*/
if ((param->flags & FLAG_CR_RESPONSE) == 0)
{
wchar_t title[256];
GetWindowTextW(hwndDlg, title, _countof(title));
if (MessageBox(param->c->hwndStatus, wstr, title, MB_OKCANCEL) == IDOK)
SimulateButtonPress(hwndDlg, IDOK);
else
SimulateButtonPress(hwndDlg, IDCANCEL);
}
/* Set password echo on if needed */
if (param->flags & FLAG_CR_ECHO)
SendMessage(GetDlgItem(hwndDlg, ID_EDT_RESPONSE), EM_SETPASSWORDCHAR, 0, 0);
@ -1049,13 +1062,6 @@ OnPassword(connection_t *c, char *msg)
{
chstr += 5; /* beginning of dynamic CR string */
/* Check if a response is required: ie., starts with R or E,R */
if (strncmp (chstr, "R", 1) != 0 && strncmp (chstr, "E,R", 3) != 0)
{
PrintDebug(L"Got dynamic challenge request with no response required: <%S>", chstr);
return;
}
/* Save the string for later processing during next Auth request */
c->dynamic_cr = strdup(chstr);
if (c->dynamic_cr && (chstr = strstr (c->dynamic_cr, "']")) != NULL)