mirror of
https://github.com/warp-tech/warpgate.git
synced 2024-09-20 06:46:17 +08:00
fixed #972 - ssh: only offer available auth methods after a rejected public key offer
This commit is contained in:
parent
630d8e8e3d
commit
daacd55d25
|
@ -29,7 +29,7 @@ pub enum ServerHandlerEvent {
|
|||
PtyRequest(ServerChannelId, PtyRequest, oneshot::Sender<()>),
|
||||
ShellRequest(ServerChannelId, oneshot::Sender<bool>),
|
||||
AuthPublicKey(Secret<String>, PublicKey, oneshot::Sender<Auth>),
|
||||
AuthPublicKeyOffer(Secret<String>, PublicKey, oneshot::Sender<bool>),
|
||||
AuthPublicKeyOffer(Secret<String>, PublicKey, oneshot::Sender<Auth>),
|
||||
AuthPassword(Secret<String>, Secret<String>, oneshot::Sender<Auth>),
|
||||
AuthKeyboardInteractive(
|
||||
Secret<String>,
|
||||
|
@ -192,14 +192,7 @@ impl russh::server::Handler for ServerHandler {
|
|||
tx,
|
||||
))?;
|
||||
|
||||
let result = rx.await.unwrap_or(false);
|
||||
Ok(if result {
|
||||
Auth::Accept
|
||||
} else {
|
||||
Auth::Reject {
|
||||
proceed_with_methods: None,
|
||||
}
|
||||
})
|
||||
Ok(rx.await.unwrap_or(Auth::Reject { proceed_with_methods: None }))
|
||||
}
|
||||
|
||||
async fn auth_publickey(
|
||||
|
|
|
@ -1196,7 +1196,7 @@ impl ServerSession {
|
|||
&mut self,
|
||||
ssh_username: Secret<String>,
|
||||
key: PublicKey,
|
||||
) -> bool {
|
||||
) -> russh::server::Auth {
|
||||
let keys = self._get_public_keys_from_of(key);
|
||||
let selector: AuthSelector = ssh_username.expose_secret().into();
|
||||
|
||||
|
@ -1211,10 +1211,19 @@ impl ServerSession {
|
|||
)
|
||||
.await
|
||||
{
|
||||
return true;
|
||||
return russh::server::Auth::Accept;
|
||||
}
|
||||
}
|
||||
false
|
||||
|
||||
let selector: AuthSelector = ssh_username.expose_secret().into();
|
||||
match self.try_auth(&selector, None).await {
|
||||
Ok(AuthResult::Need(kinds)) => russh::server::Auth::Reject {
|
||||
proceed_with_methods: Some(self.get_remaining_auth_methods(kinds)),
|
||||
},
|
||||
_ => russh::server::Auth::Reject {
|
||||
proceed_with_methods: None,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
async fn _auth_publickey(
|
||||
|
@ -1281,8 +1290,8 @@ impl ServerSession {
|
|||
Ok(AuthResult::Rejected) => russh::server::Auth::Reject {
|
||||
proceed_with_methods: None,
|
||||
},
|
||||
Ok(AuthResult::Need(_)) => russh::server::Auth::Reject {
|
||||
proceed_with_methods: None,
|
||||
Ok(AuthResult::Need(kinds)) => russh::server::Auth::Reject {
|
||||
proceed_with_methods: Some(self.get_remaining_auth_methods(kinds)),
|
||||
},
|
||||
Err(error) => {
|
||||
error!(?error, "Failed to verify credentials");
|
||||
|
|
Loading…
Reference in a new issue