Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-08 07:10:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

allow to require two-factor auth for users

Browse Source 
Fixes #721

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2022-03-06 16:57:13 +01:00
parent df828b6021
commit d8de0faef5
21 changed files with 683 additions and 240 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
sftpd/server.go
View File

@@ -632,11 +632,16 @@ func loginUser(user *dataprovider.User, loginMethod, publicKey string, conn ssh.
return nil, fmt.Errorf("too many open sessions: %v", activeSessions)
}
}
if !user.IsLoginMethodAllowed(loginMethod, conn.PartialSuccessMethods()) {
if !user.IsLoginMethodAllowed(loginMethod, common.ProtocolSSH, conn.PartialSuccessMethods()) {
logger.Info(logSender, connectionID, "cannot login user %#v, login method %#v is not allowed",
user.Username, loginMethod)
return nil, fmt.Errorf("login method %#v is not allowed for user %#v", loginMethod, user.Username)
}
if user.MustSetSecondFactorForProtocol(common.ProtocolSSH) {
logger.Info(logSender, connectionID, "cannot login user %#v, second factor authentication is not set",
user.Username)
return nil, fmt.Errorf("second factor authentication is not set for user %#v", user.Username)
}
remoteAddr := conn.RemoteAddr().String()
if !user.IsLoginFromAddrAllowed(remoteAddr) {
logger.Info(logSender, connectionID, "cannot login user %#v, remote address is not allowed: %v",
@@ -649,7 +654,7 @@ func loginUser(user *dataprovider.User, loginMethod, publicKey string, conn ssh.
logger.Warn(logSender, connectionID, "error serializing user info: %v, authentication rejected", err)
return nil, err
}
if len(publicKey) > 0 {
if publicKey != "" {
loginMethod = fmt.Sprintf("%v: %v", loginMethod, publicKey)
}
p := &ssh.Permissions{}