Home Explore Help
Register Sign In
Apq
/
sftpgo
mirror of https://github.com/drakkan/sftpgo.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

keyboard interactive auth: respect hook disabled setting

Signed-off-by: Nicola Murino <[email protected]>
Nicola Murino 1 year ago
parent
6439569f36
commit
bfa17314c6
1 changed files with 16 additions and 13 deletions
Split View Show Diff Stats
  1. 16 13
      internal/dataprovider/dataprovider.go

+ 16 - 13
internal/dataprovider/dataprovider.go
View File 

@@ -3735,18 +3735,25 @@ func executeKeyboardInteractiveProgram(user *User, authHook string, client ssh.K
 
 }
 
 
 func doKeyboardInteractiveAuth(user *User, authHook string, client ssh.KeyboardInteractiveChallenge, ip, protocol string) (User, error) {
 
+	if err := user.LoadAndApplyGroupSettings(); err != nil {
 
+		return *user, err
 
+	}
 
 	var authResult int
 
 	var err error
 
-	if plugin.Handler.HasAuthScope(plugin.AuthScopeKeyboardInteractive) {
 
-		authResult, err = executeKeyboardInteractivePlugin(user, client, ip, protocol)
 
-		if authResult == 1 && err == nil {
 
-			authResult, err = checkKeyboardInteractiveSecondFactor(user, client, protocol)
 
-		}
 
-	} else if authHook != "" {
 
-		if strings.HasPrefix(authHook, "http") {
 
-			authResult, err = executeKeyboardInteractiveHTTPHook(user, authHook, client, ip, protocol)
 
+	if !user.Filters.Hooks.ExternalAuthDisabled {
 
+		if plugin.Handler.HasAuthScope(plugin.AuthScopeKeyboardInteractive) {
 
+			authResult, err = executeKeyboardInteractivePlugin(user, client, ip, protocol)
 
+			if authResult == 1 && err == nil {
 
+				authResult, err = checkKeyboardInteractiveSecondFactor(user, client, protocol)
 
+			}
 
+		} else if authHook != "" {
 
+			if strings.HasPrefix(authHook, "http") {
 
+				authResult, err = executeKeyboardInteractiveHTTPHook(user, authHook, client, ip, protocol)
 
+			} else {
 
+				authResult, err = executeKeyboardInteractiveProgram(user, authHook, client, ip, protocol)
 
+			}
 
 		} else {
 
-			authResult, err = executeKeyboardInteractiveProgram(user, authHook, client, ip, protocol)
 
+			authResult, err = doBuiltinKeyboardInteractiveAuth(user, client, ip, protocol)
 
 		}
 
 	} else {
 
 		authResult, err = doBuiltinKeyboardInteractiveAuth(user, client, ip, protocol)
 
@@ -3757,10 +3764,6 @@ func doKeyboardInteractiveAuth(user *User, authHook string, client ssh.KeyboardI
 
 	if authResult != 1 {
 
 		return *user, fmt.Errorf("keyboard interactive auth failed, result: %v", authResult)
 
 	}
 
-	err = user.LoadAndApplyGroupSettings()
 
-	if err != nil {
 
-		return *user, err
 
-	}
 
 	err = user.CheckLoginConditions()
 
 	if err != nil {
 
 		return *user, err