Add failure condition on auth max retry and time out.

mwiede · Aug 19, 2024 · a1e8e5a · a1e8e5a
1 parent 141c444
commit a1e8e5a
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 20 deletions.
diff --git a/src/main/java/com/jcraft/jsch/JSch.java b/src/main/java/com/jcraft/jsch/JSch.java
@@ -60,12 +60,6 @@ public class JSch {
         "[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1"));
     config.put("compression.s2c", Util.getSystemProperty("jsch.compression", "none"));
     config.put("compression.c2s", Util.getSystemProperty("jsch.compression", "none"));
-    // Do not ask re-entering password after the first failure. Useful when authenticating with a
-    // script that uses the same password every time. Set true to activate.
-    config.put("user_auth_keyboard_interactive_single_attempt",
-        Util.getSystemProperty("jsch.user_auth_keyboard_interactive_single_attempt", "false"));
-    config.put("user_auth_single_attempt",
-        Util.getSystemProperty("jsch.user_auth_single_attempt", "false"));
 
     config.put("lang.s2c", Util.getSystemProperty("jsch.lang", ""));
     config.put("lang.c2s", Util.getSystemProperty("jsch.lang", ""));

diff --git a/src/main/java/com/jcraft/jsch/Session.java b/src/main/java/com/jcraft/jsch/Session.java
@@ -3205,8 +3205,6 @@ private void applyConfig() throws JSchException {
     checkConfig(config, "try_additional_pubkey_algorithms");
     checkConfig(config, "enable_auth_none");
     checkConfig(config, "use_sftp_write_flush_workaround");
-    checkConfig(config, "user_auth_single_attempt");
-    checkConfig(config, "user_auth_keyboard_interactive_single_attempt");
 
     checkConfig(config, "cipher.c2s");
     checkConfig(config, "cipher.s2c");

diff --git a/src/main/java/com/jcraft/jsch/UserAuthKeyboardInteractive.java b/src/main/java/com/jcraft/jsch/UserAuthKeyboardInteractive.java
@@ -73,15 +73,11 @@ public boolean start(Session session) throws Exception {
 
       boolean firsttime = true;
       final long timeout = System.currentTimeMillis() + session.getTimeout();
-      final int auth_failures_initial = session.auth_failures;
       loop: while (true) {
         if (session.getTimeout() > 0 && System.currentTimeMillis() > timeout) {
           throw new JSchAuthCancelException("keyboard-interactive");
         }
-        // Do not ask re-entering password after the first failure. Useful when authenticating with
-        // a script that uses the same password every time.
-        if (Boolean.parseBoolean(session.getConfig("user_auth_keyboard_interactive_single_attempt"))
-            && session.auth_failures > auth_failures_initial) {
+        if (session.auth_failures >= session.max_auth_tries) {
           return false;
         }
 

diff --git a/src/main/java/com/jcraft/jsch/UserAuthPassword.java b/src/main/java/com/jcraft/jsch/UserAuthPassword.java
@@ -162,13 +162,6 @@ public boolean start(Session session) throws Exception {
               throw new JSchPartialAuthException(Util.byte2str(foo));
             }
             session.auth_failures++;
-
-            // Do not ask re-entering password after the first failure. Useful when authenticating
-            // with a script that uses the same password every time.
-            if (Boolean.parseBoolean(session.getConfig("user_auth_single_attempt"))) {
-              return false;
-            }
-
             break;
           } else {
             // System.err.println("USERAUTH fail ("+buf.getCommand()+")");