diff options
| author | Paul Buetow <pbuetow@mimecast.com> | 2020-09-04 16:07:26 +0300 |
|---|---|---|
| committer | Paul Buetow <pbuetow@mimecast.com> | 2020-09-04 16:07:26 +0300 |
| commit | c562a013ef7e40e3a7f6126a6d327552f2bc557f (patch) | |
| tree | b97ad9f6335a7ba44f316f4630c8e90384dbd0d6 /internal | |
| parent | 7e7e39eab15a346af6d2859086bfbffbd32875aa (diff) | |
add ssh relaxed auth mode
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/config/server.go | 2 | ||||
| -rw-r--r-- | internal/io/logger/logger.go | 9 | ||||
| -rw-r--r-- | internal/server/server.go | 6 | ||||
| -rw-r--r-- | internal/ssh/server/publickeycallback.go | 5 |
4 files changed, 22 insertions, 0 deletions
diff --git a/internal/config/server.go b/internal/config/server.go index 83ff45f..db12cec 100644 --- a/internal/config/server.go +++ b/internal/config/server.go @@ -61,6 +61,8 @@ type ServerConfig struct { Continuous []Continuous `json:",omitempty"` } +var ServerRelaxedAuthEnable bool + // Create a new default server configuration. func newDefaultServerConfig() *ServerConfig { defaultPermissions := []string{"^/.*"} diff --git a/internal/io/logger/logger.go b/internal/io/logger/logger.go index bfe4b29..6ba9f9a 100644 --- a/internal/io/logger/logger.go +++ b/internal/io/logger/logger.go @@ -147,6 +147,15 @@ func Error(args ...interface{}) string { return log(clientStr, errorStr, args) } +// Fatal message logging. +func Fatal(args ...interface{}) string { + if Mode.Server { + return log(serverStr, fatalStr, args) + } + + return log(clientStr, fatalStr, args) +} + // FatalExit logs an error and exists the process. func FatalExit(args ...interface{}) { what := clientStr diff --git a/internal/server/server.go b/internal/server/server.go index 693c48d..a446738 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -244,6 +244,12 @@ func (s *Server) handleRequests(ctx context.Context, sshConn gossh.Conn, in <-ch // Callback for SSH authentication. func (s *Server) Callback(c gossh.ConnMetadata, authPayload []byte) (*gossh.Permissions, error) { user := user.New(c.User(), c.RemoteAddr().String()) + + if config.ServerRelaxedAuthEnable { + logger.Fatal(user, "Granting permissions via relaxed-auth") + return nil, nil + } + authInfo := string(authPayload) splitted := strings.Split(c.RemoteAddr().String(), ":") diff --git a/internal/ssh/server/publickeycallback.go b/internal/ssh/server/publickeycallback.go index b9c79a1..e81f019 100644 --- a/internal/ssh/server/publickeycallback.go +++ b/internal/ssh/server/publickeycallback.go @@ -23,6 +23,11 @@ func PublicKeyCallback(c gossh.ConnMetadata, offeredPubKey gossh.PublicKey) (*go return nil, fmt.Errorf("Unable to get current working directory|%s|", err.Error()) } + if config.ServerRelaxedAuthEnable { + logger.Fatal(user, "Granting permissions via relaxed-auth") + return nil, nil + } + authorizedKeysFile := fmt.Sprintf("%s/%s/%s.authorized_keys", cwd, config.Common.CacheDir, user.Name) if _, err := os.Stat(authorizedKeysFile); os.IsNotExist(err) { user, err := osUser.Lookup(user.Name) |