diff options
| author | Dave Cheney <dave@cheney.net> | 2011-11-13 20:57:15 -0500 |
|---|---|---|
| committer | Adam Langley <agl@golang.org> | 2011-11-13 20:57:15 -0500 |
| commit | 59a92cde3dce85cc091c1134fae1bc08f056c445 (patch) | |
| tree | f0b9c5b09a8c0a16246f6f769f39430562f960f6 /src/pkg/exp/ssh | |
| parent | 3ee171d174e401950d2d508583d090ee1a79e884 (diff) | |
| download | go-59a92cde3dce85cc091c1134fae1bc08f056c445.tar.xz | |
exp/ssh: use ClientConfig.rand() for publickey authentication
Closes TODO from 5373055
R=agl
CC=golang-dev
https://golang.org/cl/5375081
Diffstat (limited to 'src/pkg/exp/ssh')
| -rw-r--r-- | src/pkg/exp/ssh/client_auth.go | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/src/pkg/exp/ssh/client_auth.go b/src/pkg/exp/ssh/client_auth.go index bb43eafff5..25f9e21622 100644 --- a/src/pkg/exp/ssh/client_auth.go +++ b/src/pkg/exp/ssh/client_auth.go @@ -5,7 +5,6 @@ package ssh import ( - "crypto/rand" "errors" "io" ) @@ -28,7 +27,7 @@ func (c *ClientConn) authenticate(session []byte) error { // then any untried methods suggested by the server. tried, remain := make(map[string]bool), make(map[string]bool) for auth := ClientAuth(new(noneAuth)); auth != nil; { - ok, methods, err := auth.auth(session, c.config.User, c.transport) + ok, methods, err := auth.auth(session, c.config.User, c.transport, c.config.rand()) if err != nil { return err } @@ -62,7 +61,7 @@ type ClientAuth interface { // Returns true if authentication is successful. // If authentication is not successful, a []string of alternative // method names is returned. - auth(session []byte, user string, t *transport) (bool, []string, error) + auth(session []byte, user string, t *transport, rand io.Reader) (bool, []string, error) // method returns the RFC 4252 method name. method() string @@ -71,7 +70,7 @@ type ClientAuth interface { // "none" authentication, RFC 4252 section 5.2. type noneAuth int -func (n *noneAuth) auth(session []byte, user string, t *transport) (bool, []string, error) { +func (n *noneAuth) auth(session []byte, user string, t *transport, rand io.Reader) (bool, []string, error) { if err := t.writePacket(marshal(msgUserAuthRequest, userAuthRequestMsg{ User: user, Service: serviceSSH, @@ -104,7 +103,7 @@ type passwordAuth struct { ClientPassword } -func (p *passwordAuth) auth(session []byte, user string, t *transport) (bool, []string, error) { +func (p *passwordAuth) auth(session []byte, user string, t *transport, rand io.Reader) (bool, []string, error) { type passwordAuthMsg struct { User string Service string @@ -174,7 +173,7 @@ type publickeyAuth struct { ClientKeyring } -func (p *publickeyAuth) auth(session []byte, user string, t *transport) (bool, []string, error) { +func (p *publickeyAuth) auth(session []byte, user string, t *transport, rand io.Reader) (bool, []string, error) { type publickeyAuthMsg struct { User string Service string @@ -241,8 +240,7 @@ func (p *publickeyAuth) auth(session []byte, user string, t *transport) (bool, [ for i, key := range validKeys { pubkey := serializePublickey(key) algoname := algoName(key) - // TODO(dfc) use random source from the ClientConfig - sign, err := p.Sign(i, rand.Reader, buildDataSignedForAuth(session, userAuthRequestMsg{ + sign, err := p.Sign(i, rand, buildDataSignedForAuth(session, userAuthRequestMsg{ User: user, Service: serviceSSH, Method: p.method(), |