ssh: send (and rename) keyboard-interactive name field to the client
The server side implementation was not actually populating the
SSH_MSG_USERAUTH_INFO_REQUEST field with the
KeyboardInteractiveChallenge argument, although the client side was
deserializing it and passing it to the KeyboardInteractiveChallenge
callback.
Anyway, the first field of SSH_MSG_USERAUTH_INFO_REQUEST is "name", not
"user". Maybe the confusion was due to the first field of
SSH_MSG_USERAUTH_REQUEST being the user.
RFC 4256, Section 3.3, says this about it
One possibility is to use the name field (possibly
prefixed with the application's name) as the title of a dialog window
in which the prompt(s) are presented.
and examples include "CRYPTOCard Authentication", "Password
Authentication", and "Password Expired".
Co-authored-by: Kevin Wallace <kevin@pentabarf.net>
Change-Id: Ic6ec0dfea2122704603c44f42898a980689a15c9
Reviewed-on: https://go-review.googlesource.com/c/crypto/+/372234
Trust: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/ssh/client_auth.go b/ssh/client_auth.go
index c611aeb..affc01d 100644
--- a/ssh/client_auth.go
+++ b/ssh/client_auth.go
@@ -380,10 +380,10 @@
// disabling echoing (e.g. for passwords), and return all the answers.
// Challenge may be called multiple times in a single session. After
// successful authentication, the server may send a challenge with no
-// questions, for which the user and instruction messages should be
+// questions, for which the name and instruction messages should be
// printed. RFC 4256 section 3.3 details how the UI should behave for
// both CLI and GUI environments.
-type KeyboardInteractiveChallenge func(user, instruction string, questions []string, echos []bool) (answers []string, err error)
+type KeyboardInteractiveChallenge func(name, instruction string, questions []string, echos []bool) (answers []string, err error)
// KeyboardInteractive returns an AuthMethod using a prompt/response
// sequence controlled by the server.
@@ -465,7 +465,7 @@
return authFailure, nil, errors.New("ssh: extra data following keyboard-interactive pairs")
}
- answers, err := cb(msg.User, msg.Instruction, prompts, echos)
+ answers, err := cb(msg.Name, msg.Instruction, prompts, echos)
if err != nil {
return authFailure, nil, err
}
diff --git a/ssh/messages.go b/ssh/messages.go
index ac41a41..62f9330 100644
--- a/ssh/messages.go
+++ b/ssh/messages.go
@@ -180,11 +180,11 @@
const msgUserAuthInfoResponse = 61
type userAuthInfoRequestMsg struct {
- User string `sshtype:"60"`
- Instruction string
- DeprecatedLanguage string
- NumPrompts uint32
- Prompts []byte `ssh:"rest"`
+ Name string `sshtype:"60"`
+ Instruction string
+ Language string
+ NumPrompts uint32
+ Prompts []byte `ssh:"rest"`
}
// See RFC 4254, section 5.1.
diff --git a/ssh/server.go b/ssh/server.go
index d28e1ad..9bb714c 100644
--- a/ssh/server.go
+++ b/ssh/server.go
@@ -695,7 +695,7 @@
*connection
}
-func (c *sshClientKeyboardInteractive) Challenge(user, instruction string, questions []string, echos []bool) (answers []string, err error) {
+func (c *sshClientKeyboardInteractive) Challenge(name, instruction string, questions []string, echos []bool) (answers []string, err error) {
if len(questions) != len(echos) {
return nil, errors.New("ssh: echos and questions must have equal length")
}
@@ -707,6 +707,7 @@
}
if err := c.transport.writePacket(Marshal(&userAuthInfoRequestMsg{
+ Name: name,
Instruction: instruction,
NumPrompts: uint32(len(questions)),
Prompts: prompts,