Enforce authorized_keys from restrictions
ci / test (push) Has been cancelled
ci / remote-bench (push) Has been cancelled

This commit is contained in:
DuProcess
2026-06-13 22:07:04 -04:00
parent 0575cf678f
commit af5e9f7956
4 changed files with 221 additions and 21 deletions
+14 -3
View File
@@ -406,13 +406,23 @@ async fn handle_native_user_auth(
if pending.client.requested_mode == "doctor" {
let check = {
let locked = state.lock().expect("server state poisoned");
verify_native_user_auth_from_config(
if let Err(err) = verify_native_user_auth_from_config(
&locked.config,
&pending.client,
&pending.server,
&req.auth,
Some(peer.ip()),
)
.context("verify native user auth")?;
.context("verify native user auth")
{
return send_reject_to_client(
socket,
peer,
packet.header.conn_id,
&format!("{err:#}"),
)
.await;
}
NativeAuthCheckOkBody {
requested_user: pending.client.requested_user.clone(),
native_auth_enabled: locked.config.native_auth,
@@ -453,6 +463,7 @@ async fn handle_native_user_auth(
&pending.client,
&pending.server,
&req.auth,
Some(peer.ip()),
)
.context("verify native user auth")
.and_then(|_| {
@@ -539,7 +550,7 @@ async fn handle_native_user_auth(
) = match attached {
Ok(attached) => attached,
Err(err) => {
return send_reject_to_client(socket, peer, packet.header.conn_id, &err.to_string())
return send_reject_to_client(socket, peer, packet.header.conn_id, &format!("{err:#}"))
.await;
}
};