clientAuthenticate authenticates with the remote server. See RFC 4252.
(config *ClientConfig)
| 29 | |
| 30 | // clientAuthenticate authenticates with the remote server. See RFC 4252. |
| 31 | func (c *connection) clientAuthenticate(config *ClientConfig) error { |
| 32 | // initiate user auth session |
| 33 | if err := c.transport.writePacket(Marshal(&serviceRequestMsg{serviceUserAuth})); err != nil { |
| 34 | return err |
| 35 | } |
| 36 | packet, err := c.transport.readPacket() |
| 37 | if err != nil { |
| 38 | return err |
| 39 | } |
| 40 | // The server may choose to send a SSH_MSG_EXT_INFO at this point (if we |
| 41 | // advertised willingness to receive one, which we always do) or not. See |
| 42 | // RFC 8308, Section 2.4. |
| 43 | extensions := make(map[string][]byte) |
| 44 | if len(packet) > 0 && packet[0] == msgExtInfo { |
| 45 | var extInfo extInfoMsg |
| 46 | if err := Unmarshal(packet, &extInfo); err != nil { |
| 47 | return err |
| 48 | } |
| 49 | payload := extInfo.Payload |
| 50 | for i := uint32(0); i < extInfo.NumExtensions; i++ { |
| 51 | name, rest, ok := parseString(payload) |
| 52 | if !ok { |
| 53 | return parseError(msgExtInfo) |
| 54 | } |
| 55 | value, rest, ok := parseString(rest) |
| 56 | if !ok { |
| 57 | return parseError(msgExtInfo) |
| 58 | } |
| 59 | extensions[string(name)] = value |
| 60 | payload = rest |
| 61 | } |
| 62 | packet, err = c.transport.readPacket() |
| 63 | if err != nil { |
| 64 | return err |
| 65 | } |
| 66 | } |
| 67 | var serviceAccept serviceAcceptMsg |
| 68 | if err := Unmarshal(packet, &serviceAccept); err != nil { |
| 69 | return err |
| 70 | } |
| 71 | |
| 72 | // during the authentication phase the client first attempts the "none" method |
| 73 | // then any untried methods suggested by the server. |
| 74 | var tried []string |
| 75 | var lastMethods []string |
| 76 | var partialSuccess []string |
| 77 | |
| 78 | sessionID := c.transport.getSessionID() |
| 79 | for auth := AuthMethod(new(noneAuth)); auth != nil; { |
| 80 | ok, methods, err := auth.auth(sessionID, config.User, c.transport, config.Rand, extensions) |
| 81 | if err != nil { |
| 82 | // On disconnect, return error immediately |
| 83 | if _, isDisconnect := err.(*disconnectMsg); isDisconnect { |
| 84 | return err |
| 85 | } |
| 86 | // We return the error later if there is no other method |
| 87 | // left to try. |
| 88 | ok = authFailure |
no test coverage detected