(meta metadata.ConnectionMetadata)
| 64 | } |
| 65 | |
| 66 | func (h *handler) OnNetworkConnection(meta metadata.ConnectionMetadata) ( |
| 67 | sshserver.NetworkConnectionHandler, |
| 68 | metadata.ConnectionMetadata, |
| 69 | error, |
| 70 | ) { |
| 71 | var backend sshserver.NetworkConnectionHandler = nil |
| 72 | var err error |
| 73 | if h.backend != nil { |
| 74 | backend, meta, err = h.backend.OnNetworkConnection(meta) |
| 75 | if err != nil { |
| 76 | return nil, meta, err |
| 77 | } |
| 78 | } |
| 79 | |
| 80 | authHandler := networkConnectionHandler{ |
| 81 | connectionID: meta.ConnectionID, |
| 82 | ip: meta.RemoteAddress.IP, |
| 83 | backend: backend, |
| 84 | behavior: h.behavior, |
| 85 | passwordAuthenticator: h.passwordAuthenticator, |
| 86 | publicKeyAuthenticator: h.publicKeyAuthenticator, |
| 87 | gssapiAuthenticator: h.gssapiAuthenticator, |
| 88 | keyboardInteractiveAuthenticator: h.keyboardInteractiveAuthenticator, |
| 89 | authorizationProvider: h.authorizationProvider, |
| 90 | } |
| 91 | |
| 92 | if h.authorizationProvider != nil { |
| 93 | // We inject the authz handler before the normal authentication handler in the chain as we need the authenticated metadata the handler returns. |
| 94 | // Authentications request will first hit the authz handler which will pass it through to the authHandler, once it returns we can perform authorization. |
| 95 | authzHandler := authzNetworkConnectionHandler{ |
| 96 | connectionID: meta.ConnectionID, |
| 97 | ip: meta.RemoteAddress.IP, |
| 98 | authorizationProvider: h.authorizationProvider, |
| 99 | backend: &authHandler, |
| 100 | } |
| 101 | return &authzHandler, meta, nil |
| 102 | } |
| 103 | return &authHandler, meta, nil |
| 104 | } |
| 105 | |
| 106 | type networkConnectionHandler struct { |
| 107 | backend sshserver.NetworkConnectionHandler |
nothing calls this directly
no test coverage detected