Ayman Bagabas created
server/backend/sqlite/user.go | 1 -
server/daemon.go | 5 +++++
server/ssh.go | 7 ++++++-
3 files changed, 11 insertions(+), 2 deletions(-)
@@ -101,7 +101,6 @@ func (d *SqliteBackend) AccessLevel(repo string, username string) backend.Access
return backend.ReadOnlyAccess
}
- // If the repository doesn't exist, the user has read/write access.
if user != nil {
// If the repository doesn't exist, the user has read/write access.
if anon > backend.ReadWriteAccess {
@@ -221,6 +221,11 @@ func (d *GitDaemon) handleClient(conn net.Conn) {
return
}
+ if !d.cfg.Backend.AllowKeyless() {
+ fatal(c, ErrNotAuthed)
+ return
+ }
+
name := utils.SanitizeRepo(string(opts[0]))
logger.Debugf("git: connect %s %s %s", c.RemoteAddr(), cmd, name)
defer logger.Debugf("git: disconnect %s %s %s", c.RemoteAddr(), cmd, name)
@@ -137,10 +137,15 @@ func (s *SSHServer) Shutdown(ctx context.Context) error {
// PublicKeyAuthHandler handles public key authentication.
func (s *SSHServer) PublicKeyHandler(ctx ssh.Context, pk ssh.PublicKey) (allowed bool) {
+ if pk == nil {
+ return s.cfg.Backend.AllowKeyless()
+ }
+
ak := backend.MarshalAuthorizedKey(pk)
defer func() {
publicKeyCounter.WithLabelValues(ak, ctx.User(), strconv.FormatBool(allowed)).Inc()
}()
+
for _, k := range s.cfg.InitialAdminKeys {
if k == ak {
allowed = true
@@ -156,7 +161,7 @@ func (s *SSHServer) PublicKeyHandler(ctx ssh.Context, pk ssh.PublicKey) (allowed
// KeyboardInteractiveHandler handles keyboard interactive authentication.
func (s *SSHServer) KeyboardInteractiveHandler(ctx ssh.Context, _ gossh.KeyboardInteractiveChallenge) bool {
- ac := s.cfg.Backend.AllowKeyless() && s.PublicKeyHandler(ctx, nil)
+ ac := s.cfg.Backend.AllowKeyless()
keyboardInteractiveCounter.WithLabelValues(ctx.User(), strconv.FormatBool(ac)).Inc()
return ac
}