boot v2 progress: disks, ssh, success...
This commit is contained in:
Mikaël Cluseau
58
auth.go
Normal file
58
auth.go
Normal file
@ -0,0 +1,58 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"log"
|
||||
|
||||
"golang.org/x/crypto/ssh"
|
||||
"novit.nc/direktil/initrd/config"
|
||||
)
|
||||
|
||||
var (
|
||||
auths []config.Auth
|
||||
)
|
||||
|
||||
func localAuth() bool {
|
||||
sec := askSecret("password")
|
||||
|
||||
for _, auth := range auths {
|
||||
if auth.Password == "" {
|
||||
continue
|
||||
}
|
||||
|
||||
if config.CheckPassword(auth.Password, sec) {
|
||||
log.Printf("login with auth %q", auth.Name)
|
||||
return true
|
||||
}
|
||||
}
|
||||
|
||||
return false
|
||||
}
|
||||
|
||||
func sshCheckPubkey(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
|
||||
keyBytes := key.Marshal()
|
||||
|
||||
for _, auth := range auths {
|
||||
if auth.SSHKey == "" {
|
||||
continue
|
||||
}
|
||||
|
||||
allowedKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(auth.SSHKey))
|
||||
if err != nil {
|
||||
log.Printf("SSH pubkey for %q invalid: %v", auth.Name, auth.SSHKey)
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if bytes.Equal(allowedKey.Marshal(), keyBytes) {
|
||||
log.Print("ssh: accepting public key for ", auth.Name)
|
||||
return &ssh.Permissions{
|
||||
Extensions: map[string]string{
|
||||
"pubkey-fp": ssh.FingerprintSHA256(key),
|
||||
},
|
||||
}, nil
|
||||
}
|
||||
}
|
||||
|
||||
return nil, errors.New("no matching public key")
|
||||
}
|
||||
Reference in New Issue
Block a user