add ssh relaxed auth mode

5 files changed, 27 insertions, 0 deletions

diff --git a/cmd/dserver/main.go b/cmd/dserver/main.go
index d889dc9..07f5270 100644
--- a/cmd/dserver/main.go
+++ b/cmd/dserver/main.go
@@ -34,6 +34,7 @@ func main() {
 
 	flag.BoolVar(&debugEnable, "debug", false, "Activate debug messages")
 	flag.BoolVar(&displayVersion, "version", false, "Display version")
+	flag.BoolVar(&config.ServerRelaxedAuthEnable, "relaxedAuth", false, "Enable relaxced SSH auth mode (don't use in production!)")
 	flag.BoolVar(&noColor, "noColor", false, "Disable ANSII terminal colors")
 	flag.IntVar(&pprof, "pprof", -1, "Start PProf server this port")
 	flag.IntVar(&shutdownAfter, "shutdownAfter", 0, "Automatically shutdown after so many seconds")
@@ -67,6 +68,10 @@ func main() {
 
 	logger.Start(ctx, logger.Modes{Server: true, Debug: debugEnable || config.Common.DebugEnable})
 
+	if config.ServerRelaxedAuthEnable {
+		logger.Fatal("SSH relaxed-auth mode enabled")
+	}
+
 	if pprof > -1 {
 		// For debugging purposes only
 		pprofArgs := fmt.Sprintf("0.0.0.0:%d", pprof)
diff --git a/internal/config/server.go b/internal/config/server.go
index 83ff45f..db12cec 100644
--- a/internal/config/server.go
+++ b/internal/config/server.go
@@ -61,6 +61,8 @@ type ServerConfig struct {
 	Continuous []Continuous `json:",omitempty"`
 }
 
+var ServerRelaxedAuthEnable bool
+
 // Create a new default server configuration.
 func newDefaultServerConfig() *ServerConfig {
 	defaultPermissions := []string{"^/.*"}
diff --git a/internal/io/logger/logger.go b/internal/io/logger/logger.go
index bfe4b29..6ba9f9a 100644
--- a/internal/io/logger/logger.go
+++ b/internal/io/logger/logger.go
@@ -147,6 +147,15 @@ func Error(args ...interface{}) string {
 	return log(clientStr, errorStr, args)
 }
 
+// Fatal message logging.
+func Fatal(args ...interface{}) string {
+	if Mode.Server {
+		return log(serverStr, fatalStr, args)
+	}
+
+	return log(clientStr, fatalStr, args)
+}
+
 // FatalExit logs an error and exists the process.
 func FatalExit(args ...interface{}) {
 	what := clientStr
diff --git a/internal/server/server.go b/internal/server/server.go
index 693c48d..a446738 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -244,6 +244,12 @@ func (s *Server) handleRequests(ctx context.Context, sshConn gossh.Conn, in <-ch
 // Callback for SSH authentication.
 func (s *Server) Callback(c gossh.ConnMetadata, authPayload []byte) (*gossh.Permissions, error) {
 	user := user.New(c.User(), c.RemoteAddr().String())
+
+	if config.ServerRelaxedAuthEnable {
+		logger.Fatal(user, "Granting permissions via relaxed-auth")
+		return nil, nil
+	}
+
 	authInfo := string(authPayload)
 
 	splitted := strings.Split(c.RemoteAddr().String(), ":")
diff --git a/internal/ssh/server/publickeycallback.go b/internal/ssh/server/publickeycallback.go
index b9c79a1..e81f019 100644
--- a/internal/ssh/server/publickeycallback.go
+++ b/internal/ssh/server/publickeycallback.go
@@ -23,6 +23,11 @@ func PublicKeyCallback(c gossh.ConnMetadata, offeredPubKey gossh.PublicKey) (*go
 		return nil, fmt.Errorf("Unable to get current working directory|%s|", err.Error())
 	}
 
+	if config.ServerRelaxedAuthEnable {
+		logger.Fatal(user, "Granting permissions via relaxed-auth")
+		return nil, nil
+	}
+
 	authorizedKeysFile := fmt.Sprintf("%s/%s/%s.authorized_keys", cwd, config.Common.CacheDir, user.Name)
 	if _, err := os.Stat(authorizedKeysFile); os.IsNotExist(err) {
 		user, err := osUser.Lookup(user.Name)