From cb7a79063e0753b04c35b055a3e7346fffe6cfa4 Mon Sep 17 00:00:00 2001
From: Russ Magee <rmagee@gmail.com>
Date: Wed, 3 Oct 2018 22:31:35 -0700
Subject: [PATCH] Added validation user actually exists on system

---
 hkexauth.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/hkexauth.go b/hkexauth.go
index c5018f6..2fd43a7 100644
--- a/hkexauth.go
+++ b/hkexauth.go
@@ -22,6 +22,15 @@ import (
 	"github.com/jameskeane/bcrypt"
 )
 
+func userExistsOnSystem(who string) bool {
+	_, userErr := user.Lookup(who)
+	if userErr != nil {
+		return false
+	} else {
+		return true
+	}
+}
+
 func AuthUserByPasswd(username string, auth string, fname string) (valid bool, allowedCmds string) {
 	b, e := ioutil.ReadFile(fname)
 	if e != nil {
@@ -66,6 +75,9 @@ func AuthUserByPasswd(username string, auth string, fname string) (valid bool, a
 	r = nil
 	runtime.GC()
 
+	if !userExistsOnSystem(username) {
+		valid = false
+	}
 	return
 }
 
@@ -102,5 +114,8 @@ func AuthUserByToken(username string, connhostname string, auth string) (valid b
 			return true
 		}
 	}
+	if !userExistsOnSystem(username) {
+		valid = false
+	}
 	return
 }