Enforce authorized_keys from restrictions
This commit is contained in:
+14
-3
@@ -406,13 +406,23 @@ async fn handle_native_user_auth(
|
||||
if pending.client.requested_mode == "doctor" {
|
||||
let check = {
|
||||
let locked = state.lock().expect("server state poisoned");
|
||||
verify_native_user_auth_from_config(
|
||||
if let Err(err) = verify_native_user_auth_from_config(
|
||||
&locked.config,
|
||||
&pending.client,
|
||||
&pending.server,
|
||||
&req.auth,
|
||||
Some(peer.ip()),
|
||||
)
|
||||
.context("verify native user auth")?;
|
||||
.context("verify native user auth")
|
||||
{
|
||||
return send_reject_to_client(
|
||||
socket,
|
||||
peer,
|
||||
packet.header.conn_id,
|
||||
&format!("{err:#}"),
|
||||
)
|
||||
.await;
|
||||
}
|
||||
NativeAuthCheckOkBody {
|
||||
requested_user: pending.client.requested_user.clone(),
|
||||
native_auth_enabled: locked.config.native_auth,
|
||||
@@ -453,6 +463,7 @@ async fn handle_native_user_auth(
|
||||
&pending.client,
|
||||
&pending.server,
|
||||
&req.auth,
|
||||
Some(peer.ip()),
|
||||
)
|
||||
.context("verify native user auth")
|
||||
.and_then(|_| {
|
||||
@@ -539,7 +550,7 @@ async fn handle_native_user_auth(
|
||||
) = match attached {
|
||||
Ok(attached) => attached,
|
||||
Err(err) => {
|
||||
return send_reject_to_client(socket, peer, packet.header.conn_id, &err.to_string())
|
||||
return send_reject_to_client(socket, peer, packet.header.conn_id, &format!("{err:#}"))
|
||||
.await;
|
||||
}
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user