authUser is responsible for validating the ssh user / password combination
(c ssh.ConnMetadata, password []byte)
| 197 | |
| 198 | // authUser is responsible for validating the ssh user / password combination |
| 199 | func (s *Server) authUser(c ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) { |
| 200 | // check if user authentication is enabled and if not, allow all |
| 201 | if s.users.Len() == 0 { |
| 202 | return nil, nil |
| 203 | } |
| 204 | // check the user exists and has matching password |
| 205 | n := c.User() |
| 206 | user, found := s.users.Get(n) |
| 207 | if !found || user.Pass != string(password) { |
| 208 | s.Debugf("Login failed for user: %s", n) |
| 209 | return nil, errors.New("Invalid authentication for username: %s") |
| 210 | } |
| 211 | // insert the user session map |
| 212 | // TODO this should probably have a lock on it given the map isn't thread-safe |
| 213 | s.sessions.Set(string(c.SessionID()), user) |
| 214 | return nil, nil |
| 215 | } |
| 216 | |
| 217 | // AddUser adds a new user into the server user index |
| 218 | func (s *Server) AddUser(user, pass string, addrs ...string) error { |