Left: | ||
Right: |
OLD | NEW |
---|---|
1 // Copyright 2011 The Go Authors. All rights reserved. | 1 // Copyright 2011 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 package ssh | 5 package ssh |
6 | 6 |
7 import ( | 7 import ( |
8 "bytes" | 8 "bytes" |
9 "crypto/rand" | 9 "crypto/rand" |
10 "encoding/binary" | 10 "encoding/binary" |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
114 cachedPubKeys []cachedPubKey | 114 cachedPubKeys []cachedPubKey |
115 | 115 |
116 // User holds the successfully authenticated user name. | 116 // User holds the successfully authenticated user name. |
117 // It is empty if no authentication is used. It is populated before | 117 // It is empty if no authentication is used. It is populated before |
118 // any authentication callback is called and not assigned to after that. | 118 // any authentication callback is called and not assigned to after that. |
119 User string | 119 User string |
120 | 120 |
121 // ClientVersion is the client's version, populated after | 121 // ClientVersion is the client's version, populated after |
122 // Handshake is called. It should not be modified. | 122 // Handshake is called. It should not be modified. |
123 ClientVersion []byte | 123 ClientVersion []byte |
124 | |
125 // Our version. | |
126 serverVersion []byte | |
124 } | 127 } |
125 | 128 |
126 // Server returns a new SSH server connection | 129 // Server returns a new SSH server connection |
127 // using c as the underlying transport. | 130 // using c as the underlying transport. |
128 func Server(c net.Conn, config *ServerConfig) *ServerConn { | 131 func Server(c net.Conn, config *ServerConfig) *ServerConn { |
129 return &ServerConn{ | 132 return &ServerConn{ |
130 transport: newTransport(c, config.rand(), false /* not client */ ), | 133 transport: newTransport(c, config.rand(), false /* not client */ ), |
131 channels: make(map[uint32]*serverChan), | 134 channels: make(map[uint32]*serverChan), |
132 config: config, | 135 config: config, |
133 } | 136 } |
134 } | 137 } |
135 | 138 |
136 // signAndMarshal signs the data with the appropriate algorithm, | 139 // signAndMarshal signs the data with the appropriate algorithm, |
137 // and serializes the result in SSH wire format. | 140 // and serializes the result in SSH wire format. |
138 func signAndMarshal(k Signer, rand io.Reader, data []byte) ([]byte, error) { | 141 func signAndMarshal(k Signer, rand io.Reader, data []byte) ([]byte, error) { |
139 sig, err := k.Sign(rand, data) | 142 sig, err := k.Sign(rand, data) |
140 if err != nil { | 143 if err != nil { |
141 return nil, err | 144 return nil, err |
142 } | 145 } |
143 | 146 |
144 return serializeSignature(k.PublicKey().PrivateKeyAlgo(), sig), nil | 147 return serializeSignature(k.PublicKey().PrivateKeyAlgo(), sig), nil |
145 } | 148 } |
146 | 149 |
147 // serverVersion is the fixed identification string that Server will use. | |
148 var serverVersion = []byte("SSH-2.0-Go\r\n") | |
149 | |
150 // Handshake performs an SSH transport and client authentication on the given Se rverConn. | 150 // Handshake performs an SSH transport and client authentication on the given Se rverConn. |
151 func (s *ServerConn) Handshake() (err error) { | 151 func (s *ServerConn) Handshake() (err error) { |
dfc
2013/10/14 00:32:28
remove the named return value
hanwen-google
2013/10/14 06:41:44
Done.
| |
152 » if _, err = s.Write(serverVersion); err != nil { | 152 » s.serverVersion, s.ClientVersion, err = exchangeVersions(s.transport.Con n, "") |
dfc
2013/10/14 00:32:28
..., err :=
dfc
2013/10/14 00:32:28
not sure about passing "" here
hanwen-google
2013/10/14 06:41:44
Done.
hanwen-google
2013/10/14 06:41:44
if we make it a []byte, we could pass nil :-)
add
| |
153 » » return | 153 » if err != nil { |
154 » } | |
155 » if err := s.Flush(); err != nil { | |
156 return err | 154 return err |
157 } | 155 } |
158 | |
159 s.ClientVersion, err = readVersion(s) | |
160 if err != nil { | |
161 return | |
162 } | |
163 if err = s.clientInitHandshake(nil, nil); err != nil { | 156 if err = s.clientInitHandshake(nil, nil); err != nil { |
dfc
2013/10/14 00:32:28
scope err, err :=
hanwen-google
2013/10/14 06:41:44
Done.
| |
164 » » return | 157 » » return err |
165 } | 158 } |
166 | 159 |
167 var packet []byte | 160 var packet []byte |
168 if packet, err = s.readPacket(); err != nil { | 161 if packet, err = s.readPacket(); err != nil { |
169 » » return | 162 » » return err |
170 } | 163 } |
171 var serviceRequest serviceRequestMsg | 164 var serviceRequest serviceRequestMsg |
172 if err = unmarshal(&serviceRequest, packet, msgServiceRequest); err != n il { | 165 if err = unmarshal(&serviceRequest, packet, msgServiceRequest); err != n il { |
dfc
2013/10/14 00:32:28
if err :=
hanwen-google
2013/10/14 06:41:44
Done.
| |
173 » » return | 166 » » return err |
174 } | 167 } |
175 if serviceRequest.Service != serviceUserAuth { | 168 if serviceRequest.Service != serviceUserAuth { |
176 return errors.New("ssh: requested service '" + serviceRequest.Se rvice + "' before authenticating") | 169 return errors.New("ssh: requested service '" + serviceRequest.Se rvice + "' before authenticating") |
177 } | 170 } |
178 serviceAccept := serviceAcceptMsg{ | 171 serviceAccept := serviceAcceptMsg{ |
179 Service: serviceUserAuth, | 172 Service: serviceUserAuth, |
180 } | 173 } |
181 if err = s.writePacket(marshal(msgServiceAccept, serviceAccept)); err != nil { | 174 if err = s.writePacket(marshal(msgServiceAccept, serviceAccept)); err != nil { |
182 » » return | 175 » » return err |
183 } | 176 } |
184 | 177 |
185 if err = s.authenticate(s.transport.sessionID); err != nil { | 178 if err = s.authenticate(s.transport.sessionID); err != nil { |
186 » » return | 179 » » return err |
187 } | 180 } |
188 » return | 181 » return err |
189 } | 182 } |
190 | 183 |
191 func (s *ServerConn) clientInitHandshake(clientKexInit *kexInitMsg, clientKexIni tPacket []byte) (err error) { | 184 func (s *ServerConn) clientInitHandshake(clientKexInit *kexInitMsg, clientKexIni tPacket []byte) (err error) { |
192 serverKexInit := kexInitMsg{ | 185 serverKexInit := kexInitMsg{ |
193 KexAlgos: s.config.Crypto.kexes(), | 186 KexAlgos: s.config.Crypto.kexes(), |
194 CiphersClientServer: s.config.Crypto.ciphers(), | 187 CiphersClientServer: s.config.Crypto.ciphers(), |
195 CiphersServerClient: s.config.Crypto.ciphers(), | 188 CiphersServerClient: s.config.Crypto.ciphers(), |
196 MACsClientServer: s.config.Crypto.macs(), | 189 MACsClientServer: s.config.Crypto.macs(), |
197 MACsServerClient: s.config.Crypto.macs(), | 190 MACsServerClient: s.config.Crypto.macs(), |
198 CompressionClientServer: supportedCompressions, | 191 CompressionClientServer: supportedCompressions, |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
237 hostKey = k | 230 hostKey = k |
238 } | 231 } |
239 } | 232 } |
240 | 233 |
241 kex, ok := kexAlgoMap[algs.kex] | 234 kex, ok := kexAlgoMap[algs.kex] |
242 if !ok { | 235 if !ok { |
243 return fmt.Errorf("ssh: unexpected key exchange algorithm %v", a lgs.kex) | 236 return fmt.Errorf("ssh: unexpected key exchange algorithm %v", a lgs.kex) |
244 } | 237 } |
245 | 238 |
246 magics := handshakeMagics{ | 239 magics := handshakeMagics{ |
247 » » serverVersion: serverVersion[:len(serverVersion)-2], | 240 » » serverVersion: s.serverVersion, |
dfc
2013/10/14 00:32:28
nice
| |
248 clientVersion: s.ClientVersion, | 241 clientVersion: s.ClientVersion, |
249 serverKexInit: marshal(msgKexInit, serverKexInit), | 242 serverKexInit: marshal(msgKexInit, serverKexInit), |
250 clientKexInit: clientKexInitPacket, | 243 clientKexInit: clientKexInitPacket, |
251 } | 244 } |
252 result, err := kex.Server(s, s.config.rand(), &magics, hostKey) | 245 result, err := kex.Server(s, s.config.rand(), &magics, hostKey) |
253 if err != nil { | 246 if err != nil { |
254 return err | 247 return err |
255 } | 248 } |
256 | 249 |
257 if err = s.transport.prepareKeyChange(algs, result); err != nil { | 250 if err = s.transport.prepareKeyChange(algs, result); err != nil { |
(...skipping 421 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
679 func Listen(network, addr string, config *ServerConfig) (*Listener, error) { | 672 func Listen(network, addr string, config *ServerConfig) (*Listener, error) { |
680 l, err := net.Listen(network, addr) | 673 l, err := net.Listen(network, addr) |
681 if err != nil { | 674 if err != nil { |
682 return nil, err | 675 return nil, err |
683 } | 676 } |
684 return &Listener{ | 677 return &Listener{ |
685 l, | 678 l, |
686 config, | 679 config, |
687 }, nil | 680 }, nil |
688 } | 681 } |
OLD | NEW |