Skip to content

Commit

Permalink
keyboard interactive auth: respect hook disabled setting
Browse files Browse the repository at this point in the history 
Signed-off-by: Nicola Murino <[email protected]>
  • Loading branch information
@drakkan
drakkan committed Nov 18, 2023
1 parent 5d9cda9 commit a132a21
Showing 1 changed file with 16 additions and 13 deletions.
29 changes: 16 additions & 13 deletions internal/dataprovider/dataprovider.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3742,18 +3742,25 @@ func executeKeyboardInteractiveProgram(user *User, authHook string, client ssh.K
}

func doKeyboardInteractiveAuth(user *User, authHook string, client ssh.KeyboardInteractiveChallenge, ip, protocol string) (User, error) {
if err := user.LoadAndApplyGroupSettings(); err != nil {
return *user, err
}
var authResult int
var err error
if plugin.Handler.HasAuthScope(plugin.AuthScopeKeyboardInteractive) {
authResult, err = executeKeyboardInteractivePlugin(user, client, ip, protocol)
if authResult == 1 && err == nil {
authResult, err = checkKeyboardInteractiveSecondFactor(user, client, protocol)
}
} else if authHook != "" {
if strings.HasPrefix(authHook, "http") {
authResult, err = executeKeyboardInteractiveHTTPHook(user, authHook, client, ip, protocol)
if !user.Filters.Hooks.ExternalAuthDisabled {
if plugin.Handler.HasAuthScope(plugin.AuthScopeKeyboardInteractive) {
authResult, err = executeKeyboardInteractivePlugin(user, client, ip, protocol)
if authResult == 1 && err == nil {
authResult, err = checkKeyboardInteractiveSecondFactor(user, client, protocol)
}
} else if authHook != "" {
if strings.HasPrefix(authHook, "http") {
authResult, err = executeKeyboardInteractiveHTTPHook(user, authHook, client, ip, protocol)
} else {
authResult, err = executeKeyboardInteractiveProgram(user, authHook, client, ip, protocol)
}
} else {
authResult, err = executeKeyboardInteractiveProgram(user, authHook, client, ip, protocol)
authResult, err = doBuiltinKeyboardInteractiveAuth(user, client, ip, protocol)
}
} else {
authResult, err = doBuiltinKeyboardInteractiveAuth(user, client, ip, protocol)
Expand All @@ -3764,10 +3771,6 @@ func doKeyboardInteractiveAuth(user *User, authHook string, client ssh.KeyboardI
if authResult != 1 {
return *user, fmt.Errorf("keyboard interactive auth failed, result: %v", authResult)
}
err = user.LoadAndApplyGroupSettings()
if err != nil {
return *user, err
}
err = user.CheckLoginConditions()
if err != nil {
return *user, err
Expand Down

0 comments on commit a132a21

Please sign in to comment.