TheArchive/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-04-03 23:05:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

ssh/tailssh: simplify matchRule with Reject rules

Browse Source 
Updates #3802

Change-Id: I59fe111eef5ac8abbcbcec922e293712a65a4830
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
This commit is contained in:
Brad Fitzpatrick 2022-04-21 14:58:41 -07:00 committed by Brad Fitzpatrick
parent 31094d557b
commit c994eba763
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ssh/tailssh/tailssh.go
View File

@ -976,7 +976,10 @@ func (c *conn) matchRule(r *tailcfg.SSHRule, pubKey gossh.PublicKey) (a *tailcfg
if c.ruleExpired(r) { if c.ruleExpired(r) {
return nil, "", errRuleExpired return nil, "", errRuleExpired
} }
if !r.Action.Reject || r.SSHUsers != nil { if !r.Action.Reject {
// For all but Reject rules, SSHUsers is required.
// If SSHUsers is nil or empty, mapLocalUser will return an
// empty string anyway.
localUser = mapLocalUser(r.SSHUsers, c.info.sshUser) localUser = mapLocalUser(r.SSHUsers, c.info.sshUser)
if localUser == "" { if localUser == "" {
return nil, "", errUserMatch return nil, "", errUserMatch