Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1341)

Side by Side Diff: ssh/server.go

Issue 14641044: code review 14641044: go.crypto/ssh: put version exchange in function (Closed)
Patch Set: diff -r bb19605bfacc https://code.google.com/p/go.crypto Created 10 years, 5 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2011 The Go Authors. All rights reserved. 1 // Copyright 2011 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 package ssh 5 package ssh
6 6
7 import ( 7 import (
8 "bytes" 8 "bytes"
9 "crypto/rand" 9 "crypto/rand"
10 "encoding/binary" 10 "encoding/binary"
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after
114 cachedPubKeys []cachedPubKey 114 cachedPubKeys []cachedPubKey
115 115
116 // User holds the successfully authenticated user name. 116 // User holds the successfully authenticated user name.
117 // It is empty if no authentication is used. It is populated before 117 // It is empty if no authentication is used. It is populated before
118 // any authentication callback is called and not assigned to after that. 118 // any authentication callback is called and not assigned to after that.
119 User string 119 User string
120 120
121 // ClientVersion is the client's version, populated after 121 // ClientVersion is the client's version, populated after
122 // Handshake is called. It should not be modified. 122 // Handshake is called. It should not be modified.
123 ClientVersion []byte 123 ClientVersion []byte
124
125 // Our version.
126 serverVersion []byte
124 } 127 }
125 128
126 // Server returns a new SSH server connection 129 // Server returns a new SSH server connection
127 // using c as the underlying transport. 130 // using c as the underlying transport.
128 func Server(c net.Conn, config *ServerConfig) *ServerConn { 131 func Server(c net.Conn, config *ServerConfig) *ServerConn {
129 return &ServerConn{ 132 return &ServerConn{
130 transport: newTransport(c, config.rand(), false /* not client */ ), 133 transport: newTransport(c, config.rand(), false /* not client */ ),
131 channels: make(map[uint32]*serverChan), 134 channels: make(map[uint32]*serverChan),
132 config: config, 135 config: config,
133 } 136 }
134 } 137 }
135 138
136 // signAndMarshal signs the data with the appropriate algorithm, 139 // signAndMarshal signs the data with the appropriate algorithm,
137 // and serializes the result in SSH wire format. 140 // and serializes the result in SSH wire format.
138 func signAndMarshal(k Signer, rand io.Reader, data []byte) ([]byte, error) { 141 func signAndMarshal(k Signer, rand io.Reader, data []byte) ([]byte, error) {
139 sig, err := k.Sign(rand, data) 142 sig, err := k.Sign(rand, data)
140 if err != nil { 143 if err != nil {
141 return nil, err 144 return nil, err
142 } 145 }
143 146
144 return serializeSignature(k.PublicKey().PrivateKeyAlgo(), sig), nil 147 return serializeSignature(k.PublicKey().PrivateKeyAlgo(), sig), nil
145 } 148 }
146 149
147 // serverVersion is the fixed identification string that Server will use.
148 var serverVersion = []byte("SSH-2.0-Go\r\n")
149
150 // Handshake performs an SSH transport and client authentication on the given Se rverConn. 150 // Handshake performs an SSH transport and client authentication on the given Se rverConn.
151 func (s *ServerConn) Handshake() (err error) { 151 func (s *ServerConn) Handshake() (err error) {
dfc 2013/10/14 00:32:28 remove the named return value
hanwen-google 2013/10/14 06:41:44 Done.
152 » if _, err = s.Write(serverVersion); err != nil { 152 » s.serverVersion, s.ClientVersion, err = exchangeVersions(s.transport.Con n, "")
dfc 2013/10/14 00:32:28 ..., err :=
dfc 2013/10/14 00:32:28 not sure about passing "" here
hanwen-google 2013/10/14 06:41:44 Done.
hanwen-google 2013/10/14 06:41:44 if we make it a []byte, we could pass nil :-) add
153 » » return 153 » if err != nil {
154 » }
155 » if err := s.Flush(); err != nil {
156 return err 154 return err
157 } 155 }
158
159 s.ClientVersion, err = readVersion(s)
160 if err != nil {
161 return
162 }
163 if err = s.clientInitHandshake(nil, nil); err != nil { 156 if err = s.clientInitHandshake(nil, nil); err != nil {
dfc 2013/10/14 00:32:28 scope err, err :=
hanwen-google 2013/10/14 06:41:44 Done.
164 » » return 157 » » return err
165 } 158 }
166 159
167 var packet []byte 160 var packet []byte
168 if packet, err = s.readPacket(); err != nil { 161 if packet, err = s.readPacket(); err != nil {
169 » » return 162 » » return err
170 } 163 }
171 var serviceRequest serviceRequestMsg 164 var serviceRequest serviceRequestMsg
172 if err = unmarshal(&serviceRequest, packet, msgServiceRequest); err != n il { 165 if err = unmarshal(&serviceRequest, packet, msgServiceRequest); err != n il {
dfc 2013/10/14 00:32:28 if err :=
hanwen-google 2013/10/14 06:41:44 Done.
173 » » return 166 » » return err
174 } 167 }
175 if serviceRequest.Service != serviceUserAuth { 168 if serviceRequest.Service != serviceUserAuth {
176 return errors.New("ssh: requested service '" + serviceRequest.Se rvice + "' before authenticating") 169 return errors.New("ssh: requested service '" + serviceRequest.Se rvice + "' before authenticating")
177 } 170 }
178 serviceAccept := serviceAcceptMsg{ 171 serviceAccept := serviceAcceptMsg{
179 Service: serviceUserAuth, 172 Service: serviceUserAuth,
180 } 173 }
181 if err = s.writePacket(marshal(msgServiceAccept, serviceAccept)); err != nil { 174 if err = s.writePacket(marshal(msgServiceAccept, serviceAccept)); err != nil {
182 » » return 175 » » return err
183 } 176 }
184 177
185 if err = s.authenticate(s.transport.sessionID); err != nil { 178 if err = s.authenticate(s.transport.sessionID); err != nil {
186 » » return 179 » » return err
187 } 180 }
188 » return 181 » return err
189 } 182 }
190 183
191 func (s *ServerConn) clientInitHandshake(clientKexInit *kexInitMsg, clientKexIni tPacket []byte) (err error) { 184 func (s *ServerConn) clientInitHandshake(clientKexInit *kexInitMsg, clientKexIni tPacket []byte) (err error) {
192 serverKexInit := kexInitMsg{ 185 serverKexInit := kexInitMsg{
193 KexAlgos: s.config.Crypto.kexes(), 186 KexAlgos: s.config.Crypto.kexes(),
194 CiphersClientServer: s.config.Crypto.ciphers(), 187 CiphersClientServer: s.config.Crypto.ciphers(),
195 CiphersServerClient: s.config.Crypto.ciphers(), 188 CiphersServerClient: s.config.Crypto.ciphers(),
196 MACsClientServer: s.config.Crypto.macs(), 189 MACsClientServer: s.config.Crypto.macs(),
197 MACsServerClient: s.config.Crypto.macs(), 190 MACsServerClient: s.config.Crypto.macs(),
198 CompressionClientServer: supportedCompressions, 191 CompressionClientServer: supportedCompressions,
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after
237 hostKey = k 230 hostKey = k
238 } 231 }
239 } 232 }
240 233
241 kex, ok := kexAlgoMap[algs.kex] 234 kex, ok := kexAlgoMap[algs.kex]
242 if !ok { 235 if !ok {
243 return fmt.Errorf("ssh: unexpected key exchange algorithm %v", a lgs.kex) 236 return fmt.Errorf("ssh: unexpected key exchange algorithm %v", a lgs.kex)
244 } 237 }
245 238
246 magics := handshakeMagics{ 239 magics := handshakeMagics{
247 » » serverVersion: serverVersion[:len(serverVersion)-2], 240 » » serverVersion: s.serverVersion,
dfc 2013/10/14 00:32:28 nice
248 clientVersion: s.ClientVersion, 241 clientVersion: s.ClientVersion,
249 serverKexInit: marshal(msgKexInit, serverKexInit), 242 serverKexInit: marshal(msgKexInit, serverKexInit),
250 clientKexInit: clientKexInitPacket, 243 clientKexInit: clientKexInitPacket,
251 } 244 }
252 result, err := kex.Server(s, s.config.rand(), &magics, hostKey) 245 result, err := kex.Server(s, s.config.rand(), &magics, hostKey)
253 if err != nil { 246 if err != nil {
254 return err 247 return err
255 } 248 }
256 249
257 if err = s.transport.prepareKeyChange(algs, result); err != nil { 250 if err = s.transport.prepareKeyChange(algs, result); err != nil {
(...skipping 421 matching lines...) Expand 10 before | Expand all | Expand 10 after
679 func Listen(network, addr string, config *ServerConfig) (*Listener, error) { 672 func Listen(network, addr string, config *ServerConfig) (*Listener, error) {
680 l, err := net.Listen(network, addr) 673 l, err := net.Listen(network, addr)
681 if err != nil { 674 if err != nil {
682 return nil, err 675 return nil, err
683 } 676 }
684 return &Listener{ 677 return &Listener{
685 l, 678 l,
686 config, 679 config,
687 }, nil 680 }, nil
688 } 681 }
OLDNEW

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b