crypto/ssh: keep user in ConnMetadata if NoClientAuth is used
The current behaviour of the crypto/ssh server implementation is to remove the username from ConnMetadata if the connection is done without authentication (NoClientAuth). This appears to be a bug. This behaviour is different from other SSH server implementations like for example Paramiko (Python) which keeps the username. Additionally RFC4252 (https://www.ietf.org/rfc/rfc4252.txt) section 5 states the username has to be included in every USERAUTH message. Change-Id: I27fa50db92eb535e90fe088453faa6f2a76ee31f Reviewed-on: https://go-review.googlesource.com/27612 Reviewed-by: Han-Wen Nienhuys <hanwen@google.com> Run-TryBot: Han-Wen Nienhuys <hanwen@google.com> TryBot-Result: Gobot Gobot <gobot@golang.org>
This commit is contained in:
Sven Blumenstein
Han-Wen Nienhuys
Родитель
b35ccbc95a
Коммит
986d331358
|
|
@ -441,3 +441,32 @@ func ExampleRetryableAuthMethod(t *testing.T) {
|
||||||
t.Fatalf("unable to dial remote side: %s", err)
|
t.Fatalf("unable to dial remote side: %s", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Test if username is received on server side when NoClientAuth is used
|
||||||
|
func TestClientAuthNone(t *testing.T) {
|
||||||
|
user := "testuser"
|
||||||
|
serverConfig := &ServerConfig{
|
||||||
|
NoClientAuth: true,
|
||||||
|
}
|
||||||
|
serverConfig.AddHostKey(testSigners["rsa"])
|
||||||
|
|
||||||
|
clientConfig := &ClientConfig{
|
||||||
|
User: user,
|
||||||
|
}
|
||||||
|
|
||||||
|
c1, c2, err := netPipe()
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("netPipe: %v", err)
|
||||||
|
}
|
||||||
|
defer c1.Close()
|
||||||
|
defer c2.Close()
|
||||||
|
|
||||||
|
go NewClientConn(c2, "", clientConfig)
|
||||||
|
serverConn, err := newServer(c1, serverConfig)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal("newServer: %v", err)
|
||||||
|
}
|
||||||
|
if serverConn.User() != user {
|
||||||
|
t.Fatalf("server: got %q, want %q", serverConn.User(), user)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,6 @@ func (e *OpenChannelError) Error() string {
|
||||||
// ConnMetadata holds metadata for the connection.
|
// ConnMetadata holds metadata for the connection.
|
||||||
type ConnMetadata interface {
|
type ConnMetadata interface {
|
||||||
// User returns the user ID for this connection.
|
// User returns the user ID for this connection.
|
||||||
// It is empty if no authentication is used.
|
|
||||||
User() string
|
User() string
|
||||||
|
|
||||||
// SessionID returns the sesson hash, also denoted by H.
|
// SessionID returns the sesson hash, also denoted by H.
|
||||||
|
|
|
||||||
|
|
@ -284,7 +284,6 @@ userAuthLoop:
|
||||||
switch userAuthReq.Method {
|
switch userAuthReq.Method {
|
||||||
case "none":
|
case "none":
|
||||||
if config.NoClientAuth {
|
if config.NoClientAuth {
|
||||||
s.user = ""
|
|
||||||
authErr = nil
|
authErr = nil
|
||||||
}
|
}
|
||||||
case "password":
|
case "password":
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче