Left: | ||
Right: |
LEFT | RIGHT |
---|---|
1 // Copyright 2011 The Go Authors. All rights reserved. | 1 // Copyright 2011 The Go Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style | 2 // Use of this source code is governed by a BSD-style |
3 // license that can be found in the LICENSE file. | 3 // license that can be found in the LICENSE file. |
4 | 4 |
5 package ssh | 5 package ssh |
6 | 6 |
7 import ( | 7 import ( |
8 "bytes" | 8 "bytes" |
9 "crypto" | 9 "crypto" |
10 "crypto/dsa" | 10 "crypto/dsa" |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
105 return nil | 105 return nil |
106 } | 106 } |
107 | 107 |
108 // password implements the ClientPassword interface | 108 // password implements the ClientPassword interface |
109 type password string | 109 type password string |
110 | 110 |
111 func (p password) Password(user string) (string, error) { | 111 func (p password) Password(user string) (string, error) { |
112 return string(p), nil | 112 return string(p), nil |
113 } | 113 } |
114 | 114 |
115 type challengeResponse map[string]string | 115 type keyboardInteractive map[string]string |
116 | 116 |
117 func (cr *challengeResponse) Challenge(user string, instruction string, | 117 func (cr *keyboardInteractive) Challenge(user string, instruction string, questi ons []string, echos []bool) ([]string, error) { |
118 » questions []string, echos []bool) (answers []string, err error) { | 118 » var answers []string |
dfc
2013/06/06 12:04:42
same as previous file. As you are not using a nake
hanwen-google
2013/06/06 13:33:07
Done.
| |
119 for _, q := range questions { | 119 for _, q := range questions { |
120 answers = append(answers, (*cr)[q]) | 120 answers = append(answers, (*cr)[q]) |
121 } | 121 } |
122 return answers, nil | 122 return answers, nil |
123 } | 123 } |
124 | 124 |
125 // reused internally by tests | 125 // reused internally by tests |
126 var ( | 126 var ( |
127 rsakey *rsa.PrivateKey | 127 rsakey *rsa.PrivateKey |
128 dsakey *dsa.PrivateKey | 128 dsakey *dsa.PrivateKey |
129 clientKeychain = new(keychain) | 129 clientKeychain = new(keychain) |
130 clientPassword = password("tiger") | 130 clientPassword = password("tiger") |
131 serverConfig = &ServerConfig{ | 131 serverConfig = &ServerConfig{ |
132 PasswordCallback: func(conn *ServerConn, user, pass string) bool { | 132 PasswordCallback: func(conn *ServerConn, user, pass string) bool { |
133 return user == "testuser" && pass == string(clientPasswo rd) | 133 return user == "testuser" && pass == string(clientPasswo rd) |
134 }, | 134 }, |
135 PublicKeyCallback: func(conn *ServerConn, user, algo string, pub key []byte) bool { | 135 PublicKeyCallback: func(conn *ServerConn, user, algo string, pub key []byte) bool { |
136 key := &clientKeychain.keys[0].(*rsa.PrivateKey).PublicK ey | 136 key := &clientKeychain.keys[0].(*rsa.PrivateKey).PublicK ey |
137 expected := []byte(serializePublickey(key)) | 137 expected := []byte(serializePublickey(key)) |
138 algoname := algoName(key) | 138 algoname := algoName(key) |
139 return user == "testuser" && algo == algoname && bytes.E qual(pubkey, expected) | 139 return user == "testuser" && algo == algoname && bytes.E qual(pubkey, expected) |
140 }, | 140 }, |
141 » » ChallengeResponseCallback: func(conn *ServerConn, user string, c lient ClientChallengeResponse) bool { | 141 » » KeyboardInteractiveCallback: func(conn *ServerConn, user string, client ClientKeyboardInteractive) bool { |
142 ans, err := client.Challenge("user", | 142 ans, err := client.Challenge("user", |
143 "instruction", | 143 "instruction", |
144 []string{"question1", "question2"}, | 144 []string{"question1", "question2"}, |
145 []bool{true, true}) | 145 []bool{true, true}) |
146 if err != nil { | 146 if err != nil { |
147 return false | 147 return false |
148 } | 148 } |
149 ok := user == "testuser" && ans[0] == "answer1" && ans[1 ] == "answer2" | 149 ok := user == "testuser" && ans[0] == "answer1" && ans[1 ] == "answer2" |
150 » » » client.Challenge("user", "thank you for your cooperation ", nil, nil) | 150 » » » client.Challenge("user", "motd", nil, nil) |
dfc
2013/06/06 12:04:42
Is this a standard response message ?
hanwen-google
2013/06/06 13:33:07
no, I was drinking a beer when writing this :)
an
| |
151 return ok | 151 return ok |
152 }, | 152 }, |
153 } | 153 } |
154 ) | 154 ) |
155 | 155 |
156 func init() { | 156 func init() { |
157 if err := serverConfig.SetRSAPrivateKey([]byte(testServerPrivateKey)); e rr != nil { | 157 if err := serverConfig.SetRSAPrivateKey([]byte(testServerPrivateKey)); e rr != nil { |
158 panic("unable to set private key: " + err.Error()) | 158 panic("unable to set private key: " + err.Error()) |
159 } | 159 } |
160 | 160 |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
236 }, | 236 }, |
237 } | 237 } |
238 | 238 |
239 c, err := Dial("tcp", newMockAuthServer(t), config) | 239 c, err := Dial("tcp", newMockAuthServer(t), config) |
240 if err != nil { | 240 if err != nil { |
241 t.Fatalf("unable to dial remote side: %s", err) | 241 t.Fatalf("unable to dial remote side: %s", err) |
242 } | 242 } |
243 c.Close() | 243 c.Close() |
244 } | 244 } |
245 | 245 |
246 func TestClientAuthChallengeResponse(t *testing.T) { | 246 func TestClientAuthKeyboardInteractive(t *testing.T) { |
247 » answers := challengeResponse(map[string]string{ | 247 » answers := keyboardInteractive(map[string]string{ |
248 "question1": "answer1", | 248 "question1": "answer1", |
249 "question2": "answer2", | 249 "question2": "answer2", |
250 }) | 250 }) |
251 config := &ClientConfig{ | 251 config := &ClientConfig{ |
252 User: "testuser", | 252 User: "testuser", |
253 Auth: []ClientAuth{ | 253 Auth: []ClientAuth{ |
254 » » » ClientAuthChallengeResponse(&answers), | 254 » » » ClientAuthKeyboardInteractive(&answers), |
255 }, | 255 }, |
256 } | 256 } |
257 | 257 |
258 c, err := Dial("tcp", newMockAuthServer(t), config) | 258 c, err := Dial("tcp", newMockAuthServer(t), config) |
259 if err != nil { | 259 if err != nil { |
260 t.Fatalf("unable to dial remote side: %s", err) | 260 t.Fatalf("unable to dial remote side: %s", err) |
261 } | 261 } |
262 c.Close() | 262 c.Close() |
263 } | 263 } |
264 | 264 |
265 func TestClientAuthWrongChallengeResponse(t *testing.T) { | 265 func TestClientAuthWrongKeyboardInteractive(t *testing.T) { |
266 » answers := challengeResponse(map[string]string{ | 266 » answers := keyboardInteractive(map[string]string{ |
267 "question1": "answer1", | 267 "question1": "answer1", |
268 "question2": "WRONG", | 268 "question2": "WRONG", |
269 }) | 269 }) |
270 config := &ClientConfig{ | 270 config := &ClientConfig{ |
271 User: "testuser", | 271 User: "testuser", |
272 Auth: []ClientAuth{ | 272 Auth: []ClientAuth{ |
273 » » » ClientAuthChallengeResponse(&answers), | 273 » » » ClientAuthKeyboardInteractive(&answers), |
274 }, | 274 }, |
275 } | 275 } |
276 | 276 |
277 c, err := Dial("tcp", newMockAuthServer(t), config) | 277 c, err := Dial("tcp", newMockAuthServer(t), config) |
278 if err == nil { | 278 if err == nil { |
279 c.Close() | 279 c.Close() |
280 » » t.Fatalf("wrong answers should not have authenticated with Chall engeResponse") | 280 » » t.Fatalf("wrong answers should not have authenticated with Keybo ardInteractive") |
281 } | 281 } |
282 } | 282 } |
283 | 283 |
284 // the mock server will only authenticate ssh-rsa keys | 284 // the mock server will only authenticate ssh-rsa keys |
285 func TestClientAuthInvalidPublickey(t *testing.T) { | 285 func TestClientAuthInvalidPublickey(t *testing.T) { |
286 kc := new(keychain) | 286 kc := new(keychain) |
287 kc.keys = append(kc.keys, dsakey) | 287 kc.keys = append(kc.keys, dsakey) |
288 config := &ClientConfig{ | 288 config := &ClientConfig{ |
289 User: "testuser", | 289 User: "testuser", |
290 Auth: []ClientAuth{ | 290 Auth: []ClientAuth{ |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
349 Crypto: CryptoConfig{ | 349 Crypto: CryptoConfig{ |
350 Ciphers: []string{"aes128-cbc"}, // not currently suppor ted | 350 Ciphers: []string{"aes128-cbc"}, // not currently suppor ted |
351 }, | 351 }, |
352 } | 352 } |
353 c, err := Dial("tcp", newMockAuthServer(t), config) | 353 c, err := Dial("tcp", newMockAuthServer(t), config) |
354 if err == nil { | 354 if err == nil { |
355 t.Errorf("expected no ciphers in common") | 355 t.Errorf("expected no ciphers in common") |
356 c.Close() | 356 c.Close() |
357 } | 357 } |
358 } | 358 } |
LEFT | RIGHT |