qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-10-03 07:21:21 -06:00
Code Releases Activity

exp/ssh: use ClientConfig.rand() for publickey authentication

Browse Source 
Closes TODO from 5373055

R=agl
CC=golang-dev
https://golang.org/cl/5375081
This commit is contained in:
Dave Cheney 2011-11-13 20:57:15 -05:00 committed by Adam Langley
parent 3ee171d174
commit 59a92cde3d
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/pkg/exp/ssh/client_auth.go
View File

@ -5,7 +5,6 @@
package ssh package ssh
import ( import (
"crypto/rand"
"errors" "errors"
"io" "io"
) )
@ -28,7 +27,7 @@ func (c *ClientConn) authenticate(session []byte) error {
// then any untried methods suggested by the server. // then any untried methods suggested by the server.
tried, remain := make(map[string]bool), make(map[string]bool) tried, remain := make(map[string]bool), make(map[string]bool)
for auth := ClientAuth(new(noneAuth)); auth != nil; { for auth := ClientAuth(new(noneAuth)); auth != nil; {
ok, methods, err := auth.auth(session, c.config.User, c.transport) ok, methods, err := auth.auth(session, c.config.User, c.transport, c.config.rand())
if err != nil { if err != nil {
return err return err
} }
@ -62,7 +61,7 @@ type ClientAuth interface {
// Returns true if authentication is successful. // Returns true if authentication is successful.
// If authentication is not successful, a []string of alternative // If authentication is not successful, a []string of alternative
// method names is returned. // method names is returned.
auth(session []byte, user string, t *transport) (bool, []string, error) auth(session []byte, user string, t *transport, rand io.Reader) (bool, []string, error)
// method returns the RFC 4252 method name. // method returns the RFC 4252 method name.
method() string method() string
@ -71,7 +70,7 @@ type ClientAuth interface {
// "none" authentication, RFC 4252 section 5.2. // "none" authentication, RFC 4252 section 5.2.
type noneAuth int type noneAuth int
func (n *noneAuth) auth(session []byte, user string, t *transport) (bool, []string, error) { func (n *noneAuth) auth(session []byte, user string, t *transport, rand io.Reader) (bool, []string, error) {
if err := t.writePacket(marshal(msgUserAuthRequest, userAuthRequestMsg{ if err := t.writePacket(marshal(msgUserAuthRequest, userAuthRequestMsg{
User: user, User: user,
Service: serviceSSH, Service: serviceSSH,
@ -104,7 +103,7 @@ type passwordAuth struct {
ClientPassword ClientPassword
} }
func (p *passwordAuth) auth(session []byte, user string, t *transport) (bool, []string, error) { func (p *passwordAuth) auth(session []byte, user string, t *transport, rand io.Reader) (bool, []string, error) {
type passwordAuthMsg struct { type passwordAuthMsg struct {
User string User string
Service string Service string
@ -174,7 +173,7 @@ type publickeyAuth struct {
ClientKeyring ClientKeyring
} }
func (p *publickeyAuth) auth(session []byte, user string, t *transport) (bool, []string, error) { func (p *publickeyAuth) auth(session []byte, user string, t *transport, rand io.Reader) (bool, []string, error) {
type publickeyAuthMsg struct { type publickeyAuthMsg struct {
User string User string
Service string Service string
@ -241,8 +240,7 @@ func (p *publickeyAuth) auth(session []byte, user string, t *transport) (bool, [
for i, key := range validKeys { for i, key := range validKeys {
pubkey := serializePublickey(key) pubkey := serializePublickey(key)
algoname := algoName(key) algoname := algoName(key)
// TODO(dfc) use random source from the ClientConfig sign, err := p.Sign(i, rand, buildDataSignedForAuth(session, userAuthRequestMsg{
sign, err := p.Sign(i, rand.Reader, buildDataSignedForAuth(session, userAuthRequestMsg{
User: user, User: user,
Service: serviceSSH, Service: serviceSSH,
Method: p.method(), Method: p.method(),