diff options
| author | Paul Buetow <paul@buetow.org> | 2021-11-06 12:33:19 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2021-11-06 12:33:19 +0200 |
| commit | c8c42aa26861e28e6f22458fffd8db6d9b712d70 (patch) | |
| tree | b70a61237969e212c40e18f9b46f8332c11e0c2c /internal | |
| parent | 3d02a4a917dbdd85c40dbdb0fcac65c82fb7fe5b (diff) | |
Remove insecure and dangerous relaxed auth mode
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/config/server.go | 3 | ||||
| -rw-r--r-- | internal/server/server.go | 5 | ||||
| -rw-r--r-- | internal/ssh/server/publickeycallback.go | 5 | ||||
| -rw-r--r-- | internal/user/server/user.go | 4 |
4 files changed, 0 insertions, 17 deletions
diff --git a/internal/config/server.go b/internal/config/server.go index 8285bdf..e901a7a 100644 --- a/internal/config/server.go +++ b/internal/config/server.go @@ -63,9 +63,6 @@ type ServerConfig struct { Continuous []Continuous `json:",omitempty"` } -// ServerRelaxedAuthEnable should be used for development and testing purposes only. -var ServerRelaxedAuthEnable bool - // Create a new default server configuration. func newDefaultServerConfig() *ServerConfig { defaultPermissions := []string{"^/.*"} diff --git a/internal/server/server.go b/internal/server/server.go index fffa560..c7d7aaa 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -216,11 +216,6 @@ func (s *Server) Callback(c gossh.ConnMetadata, return nil, err } - if config.ServerRelaxedAuthEnable { - dlog.Server.Fatal(user, "Granting permissions via relaxed-auth") - return nil, nil - } - authInfo := string(authPayload) splitted := strings.Split(c.RemoteAddr().String(), ":") remoteIP := splitted[0] diff --git a/internal/ssh/server/publickeycallback.go b/internal/ssh/server/publickeycallback.go index c661419..f7655b4 100644 --- a/internal/ssh/server/publickeycallback.go +++ b/internal/ssh/server/publickeycallback.go @@ -22,12 +22,7 @@ func PublicKeyCallback(c gossh.ConnMetadata, if err != nil { return nil, err } - dlog.Server.Info(user, "Incoming authorization") - if config.ServerRelaxedAuthEnable { - dlog.Server.Fatal(user, "Granting permissions via relaxed-auth") - return nil, nil - } authorizedKeysFile, err := authorizedKeysFile(user) if err != nil { diff --git a/internal/user/server/user.go b/internal/user/server/user.go index aa7f8b1..004bda4 100644 --- a/internal/user/server/user.go +++ b/internal/user/server/user.go @@ -45,10 +45,6 @@ func (u *User) String() string { // HasFilePermission is used to determine whether user is alowed to read a file. func (u *User) HasFilePermission(filePath, permissionType string) (hasPermission bool) { dlog.Server.Debug(u, filePath, permissionType, "Checking config permissions") - if config.ServerRelaxedAuthEnable { - dlog.Server.Fatal(u, filePath, permissionType, "Server releaxed auth enabled") - return true - } if u.Name == config.ScheduleUser || u.Name == config.ContinuousUser { // Background user has same permissions as dtail process itself. return true |