summaryrefslogtreecommitdiff
path: root/internal/server/server.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/server/server.go')
-rw-r--r--internal/server/server.go12
1 files changed, 10 insertions, 2 deletions
diff --git a/internal/server/server.go b/internal/server/server.go
index a8f541b..d1cd57d 100644
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -124,7 +124,12 @@ func (s *Server) handleConnection(ctx context.Context, conn net.Conn) {
}
func (s *Server) handleChannel(ctx context.Context, sshConn gossh.Conn, newChannel gossh.NewChannel) {
- user := user.New(sshConn.User(), sshConn.RemoteAddr().String())
+ user, err := user.New(sshConn.User(), sshConn.RemoteAddr().String())
+ if err != nil {
+ dlog.Server.Error(user, err)
+ newChannel.Reject(gossh.Prohibited, err.Error())
+ return
+ }
dlog.Server.Info(user, "Invoking channel handler")
if newChannel.ChannelType() != "session" {
@@ -213,7 +218,10 @@ func (s *Server) handleRequests(ctx context.Context, sshConn gossh.Conn, in <-ch
// Callback for SSH authentication.
func (s *Server) Callback(c gossh.ConnMetadata, authPayload []byte) (*gossh.Permissions, error) {
- user := user.New(c.User(), c.RemoteAddr().String())
+ user, err := user.New(c.User(), c.RemoteAddr().String())
+ if err != nil {
+ return nil, err
+ }
if config.ServerRelaxedAuthEnable {
dlog.Server.Fatal(user, "Granting permissions via relaxed-auth")
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-09 01:41:26 +0000