LEFT | RIGHT |
1 // Copyright 2011 The Go Authors. All rights reserved. | 1 // Copyright 2011 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 package ssh | 5 package ssh |
6 | 6 |
7 import ( | 7 import ( |
8 "errors" | 8 "errors" |
9 "fmt" | 9 "fmt" |
10 "io" | 10 "io" |
11 "net" | 11 "net" |
12 ) | 12 ) |
13 | 13 |
14 // authenticate authenticates with the remote server. See RFC 4252. | 14 // authenticate authenticates with the remote server. See RFC 4252. |
15 func (c *ClientConn) authenticate() error { | 15 func (c *ClientConn) authenticate() error { |
16 // initiate user auth session | 16 // initiate user auth session |
17 » if err := c.writePacket(marshal(msgServiceRequest, serviceRequestMsg{ser
viceUserAuth})); err != nil { | 17 » if err := c.transport.writePacket(marshal(msgServiceRequest, serviceRequ
estMsg{serviceUserAuth})); err != nil { |
18 return err | 18 return err |
19 } | 19 } |
20 » packet, err := c.readPacket() | 20 » packet, err := c.transport.readPacket() |
21 if err != nil { | 21 if err != nil { |
22 return err | 22 return err |
23 } | 23 } |
24 var serviceAccept serviceAcceptMsg | 24 var serviceAccept serviceAcceptMsg |
25 if err := unmarshal(&serviceAccept, packet, msgServiceAccept); err != ni
l { | 25 if err := unmarshal(&serviceAccept, packet, msgServiceAccept); err != ni
l { |
26 return err | 26 return err |
27 } | 27 } |
28 | 28 |
29 // during the authentication phase the client first attempts the "none"
method | 29 // during the authentication phase the client first attempts the "none"
method |
30 // then any untried methods suggested by the server. | 30 // then any untried methods suggested by the server. |
31 tried, remain := make(map[string]bool), make(map[string]bool) | 31 tried, remain := make(map[string]bool), make(map[string]bool) |
32 for auth := ClientAuth(new(noneAuth)); auth != nil; { | 32 for auth := ClientAuth(new(noneAuth)); auth != nil; { |
33 » » ok, methods, err := auth.auth(c.handshakeTransport.SessionID(),
c.config.User, c.handshakeTransport, c.config.rand()) | 33 » » ok, methods, err := auth.auth(c.transport.getSessionID(), c.conf
ig.User, c.transport, c.config.rand()) |
34 if err != nil { | 34 if err != nil { |
35 return err | 35 return err |
36 } | 36 } |
37 if ok { | 37 if ok { |
38 // success | 38 // success |
39 return nil | 39 return nil |
40 } | 40 } |
41 tried[auth.method()] = true | 41 tried[auth.method()] = true |
42 delete(remain, auth.method()) | 42 delete(remain, auth.method()) |
43 for _, meth := range methods { | 43 for _, meth := range methods { |
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
214 // methods that may continue if this auth is not successful. | 214 // methods that may continue if this auth is not successful. |
215 var methods []string | 215 var methods []string |
216 for i, key := range validKeys { | 216 for i, key := range validKeys { |
217 pubkey := MarshalPublicKey(key) | 217 pubkey := MarshalPublicKey(key) |
218 algoname := key.PublicKeyAlgo() | 218 algoname := key.PublicKeyAlgo() |
219 data := buildDataSignedForAuth(session, userAuthRequestMsg{ | 219 data := buildDataSignedForAuth(session, userAuthRequestMsg{ |
220 User: user, | 220 User: user, |
221 Service: serviceSSH, | 221 Service: serviceSSH, |
222 Method: p.method(), | 222 Method: p.method(), |
223 }, []byte(algoname), pubkey) | 223 }, []byte(algoname), pubkey) |
224 » » sign, err := p.Sign(i, rand, data) | 224 » » sigBlob, err := p.Sign(i, rand, data) |
225 if err != nil { | 225 if err != nil { |
226 return false, nil, err | 226 return false, nil, err |
227 } | 227 } |
228 // manually wrap the serialized signature in a string | 228 // manually wrap the serialized signature in a string |
229 » » s := serializeSignature(key.PublicKeyAlgo(), sign) | 229 » » s := serializeSignature(key.PublicKeyAlgo(), sigBlob) |
230 sig := make([]byte, stringLength(len(s))) | 230 sig := make([]byte, stringLength(len(s))) |
231 marshalString(sig, s) | 231 marshalString(sig, s) |
232 msg := publickeyAuthMsg{ | 232 msg := publickeyAuthMsg{ |
233 User: user, | 233 User: user, |
234 Service: serviceSSH, | 234 Service: serviceSSH, |
235 Method: p.method(), | 235 Method: p.method(), |
236 HasSig: true, | 236 HasSig: true, |
237 Algoname: algoname, | 237 Algoname: algoname, |
238 Pubkey: string(pubkey), | 238 Pubkey: string(pubkey), |
239 Sig: sig, | 239 Sig: sig, |
(...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
501 p = marshalUint32(p, uint32(len(answers))) | 501 p = marshalUint32(p, uint32(len(answers))) |
502 for _, a := range answers { | 502 for _, a := range answers { |
503 p = marshalString(p, []byte(a)) | 503 p = marshalString(p, []byte(a)) |
504 } | 504 } |
505 | 505 |
506 if err := c.writePacket(serialized); err != nil { | 506 if err := c.writePacket(serialized); err != nil { |
507 return false, nil, err | 507 return false, nil, err |
508 } | 508 } |
509 } | 509 } |
510 } | 510 } |
LEFT | RIGHT |