don't expose error messages from pre-actions and post connect hooks

always return a generic error instead to avoid leaking internal info Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-06 22:30:56 +03:00 · 2023-02-28 18:01:09 +01:00
parent dba088daed
commit fad6af11e5
9 changed files with 32 additions and 27 deletions
--- a/internal/httpd/server.go
+++ b/internal/httpd/server.go
@@ -246,7 +246,7 @@ func (s *httpdServer) handleWebClientLoginPost(w http.ResponseWriter, r *http.Re
 	}

 	if err := common.Config.ExecutePostConnectHook(ipAddr, protocol); err != nil {
-		s.renderClientLoginPage(w, fmt.Sprintf("access denied by post connect hook: %v", err), ipAddr)
+		s.renderClientLoginPage(w, fmt.Sprintf("access denied: %v", err), ipAddr)
 		return
 	}