From 9f005a07e0d31d45e6656d241bb5c0f2efd4bc94 Mon Sep 17 00:00:00 2001
From: Tugdual Saunier <tugdual.saunier@gmail.com>
Date: Thu, 21 Sep 2017 10:41:56 -0700
Subject: ssh: add support for banners

According to RFC 4252 section 5.4, the banner is sent between the
ssh-connection request and responding to user authentication.

Original support for server sending banner by joshua stein <jcs@jcs.org>

Fixes golang/go#19567

Change-Id: I729b3c8e5fd2c0068609d1590b61e92f40d87ea4
Reviewed-on: https://go-review.googlesource.com/71790
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
---
 ssh/server.go | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'ssh/server.go')

diff --git a/ssh/server.go b/ssh/server.go
index 8a78b7c..148d2cb 100644
--- a/ssh/server.go
+++ b/ssh/server.go
@@ -95,6 +95,10 @@ type ServerConfig struct {
 	// Note that RFC 4253 section 4.2 requires that this string start with
 	// "SSH-2.0-".
 	ServerVersion string
+
+	// BannerCallback, if present, is called and the return string is sent to
+	// the client after key exchange completed but before authentication.
+	BannerCallback func(conn ConnMetadata) string
 }
 
 // AddHostKey adds a private key as a host key. If an existing host
@@ -343,6 +347,19 @@ userAuthLoop:
 		}
 
 		s.user = userAuthReq.User
+
+		if authFailures == 0 && config.BannerCallback != nil {
+			msg := config.BannerCallback(s)
+			if msg != "" {
+				bannerMsg := &userAuthBannerMsg{
+					Message: msg,
+				}
+				if err := s.transport.writePacket(Marshal(bannerMsg)); err != nil {
+					return nil, err
+				}
+			}
+		}
+
 		perms = nil
 		authErr := errors.New("no auth passed yet")
 
-- 
cgit v1.3