hoelee/cloudflared
1
0
Fork 0
mirror of https://github.com/cloudflare/cloudflared.git synced 2025-07-27 18:19:57 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

AUTH-2030: Support both authorized_key and short lived cert authentication simultaniously without specifiying at start time

Browse Source
This commit is contained in:
Michael Borkenstein
2019-08-29 15:36:45 -05:00
parent cf314ddb58
commit 7abbe91d41
5 changed files with 34 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
sshserver/sshserver_unix.go
View File

@@ -28,7 +28,7 @@ type SSHServer struct {
getUserFunc func(string) (*User, error)
}
func New(logger *logrus.Logger, address string, shutdownC chan struct{}, shortLivedCertAuth bool, idleTimeout, maxTimeout time.Duration) (*SSHServer, error) {
func New(logger *logrus.Logger, address string, shutdownC chan struct{}, idleTimeout, maxTimeout time.Duration) (*SSHServer, error) {
currentUser, err := user.Current()
if err != nil {
return nil, err
@@ -48,17 +48,7 @@ func New(logger *logrus.Logger, address string, shutdownC chan struct{}, shortLi
return nil, err
}
if shortLivedCertAuth {
caCert, err := getCACert()
if err != nil {
return nil, err
}
sshServer.caCert = caCert
sshServer.PublicKeyHandler = sshServer.shortLivedCertHandler
} else {
sshServer.PublicKeyHandler = sshServer.authorizedKeyHandler
}
sshServer.configureAuthentication()
return &sshServer, nil
}
@@ -111,6 +101,7 @@ func (s *SSHServer) connectionHandler(session ssh.Session) {
return
}
// Supplementary groups are not explicitly specified. They seem to be inherited by default.
cmd.SysProcAttr = &syscall.SysProcAttr{Credential: &syscall.Credential{Uid: uidInt, Gid: gidInt}}
cmd.Env = append(cmd.Env, fmt.Sprintf("TERM=%s", ptyReq.Term))
cmd.Env = append(cmd.Env, fmt.Sprintf("USER=%s", sshUser.Username))