summaryrefslogtreecommitdiffhomepage
path: root/tempfork
diff options
context:
space:
mode:
Diffstat (limited to 'tempfork')
-rw-r--r--tempfork/gliderlabs/ssh/agent.go2
-rw-r--r--tempfork/gliderlabs/ssh/context.go3
-rw-r--r--tempfork/gliderlabs/ssh/options.go2
-rw-r--r--tempfork/gliderlabs/ssh/options_test.go2
-rw-r--r--tempfork/gliderlabs/ssh/server.go112
-rw-r--r--tempfork/gliderlabs/ssh/session.go2
-rw-r--r--tempfork/gliderlabs/ssh/session_test.go2
-rw-r--r--tempfork/gliderlabs/ssh/ssh.go4
-rw-r--r--tempfork/gliderlabs/ssh/tcpip.go2
-rw-r--r--tempfork/gliderlabs/ssh/tcpip_test.go2
-rw-r--r--tempfork/gliderlabs/ssh/util.go2
-rw-r--r--tempfork/gliderlabs/ssh/wrap.go2
12 files changed, 94 insertions, 43 deletions
diff --git a/tempfork/gliderlabs/ssh/agent.go b/tempfork/gliderlabs/ssh/agent.go
index 86a5bce7f..99e84c1e5 100644
--- a/tempfork/gliderlabs/ssh/agent.go
+++ b/tempfork/gliderlabs/ssh/agent.go
@@ -7,7 +7,7 @@ import (
"path"
"sync"
- gossh "github.com/tailscale/golang-x-crypto/ssh"
+ gossh "golang.org/x/crypto/ssh"
)
const (
diff --git a/tempfork/gliderlabs/ssh/context.go b/tempfork/gliderlabs/ssh/context.go
index d43de6f09..782e88924 100644
--- a/tempfork/gliderlabs/ssh/context.go
+++ b/tempfork/gliderlabs/ssh/context.go
@@ -6,7 +6,7 @@ import (
"net"
"sync"
- gossh "github.com/tailscale/golang-x-crypto/ssh"
+ gossh "golang.org/x/crypto/ssh"
)
// contextKey is a value for use with context.WithValue. It's used as
@@ -121,7 +121,6 @@ func applyConnMetadata(ctx Context, conn gossh.ConnMetadata) {
ctx.SetValue(ContextKeyUser, conn.User())
ctx.SetValue(ContextKeyLocalAddr, conn.LocalAddr())
ctx.SetValue(ContextKeyRemoteAddr, conn.RemoteAddr())
- ctx.SetValue(ContextKeySendAuthBanner, conn.SendAuthBanner)
}
func (ctx *sshContext) SetValue(key, value interface{}) {
diff --git a/tempfork/gliderlabs/ssh/options.go b/tempfork/gliderlabs/ssh/options.go
index aa87a4f39..29c8ef141 100644
--- a/tempfork/gliderlabs/ssh/options.go
+++ b/tempfork/gliderlabs/ssh/options.go
@@ -3,7 +3,7 @@ package ssh
import (
"os"
- gossh "github.com/tailscale/golang-x-crypto/ssh"
+ gossh "golang.org/x/crypto/ssh"
)
// PasswordAuth returns a functional option that sets PasswordHandler on the server.
diff --git a/tempfork/gliderlabs/ssh/options_test.go b/tempfork/gliderlabs/ssh/options_test.go
index 7cf6f376c..47342b0f6 100644
--- a/tempfork/gliderlabs/ssh/options_test.go
+++ b/tempfork/gliderlabs/ssh/options_test.go
@@ -8,7 +8,7 @@ import (
"sync/atomic"
"testing"
- gossh "github.com/tailscale/golang-x-crypto/ssh"
+ gossh "golang.org/x/crypto/ssh"
)
func newTestSessionWithOptions(t *testing.T, srv *Server, cfg *gossh.ClientConfig, options ...Option) (*gossh.Session, *gossh.Client, func()) {
diff --git a/tempfork/gliderlabs/ssh/server.go b/tempfork/gliderlabs/ssh/server.go
index 1086a72ca..fa96dbfad 100644
--- a/tempfork/gliderlabs/ssh/server.go
+++ b/tempfork/gliderlabs/ssh/server.go
@@ -8,7 +8,7 @@ import (
"sync"
"time"
- gossh "github.com/tailscale/golang-x-crypto/ssh"
+ gossh "golang.org/x/crypto/ssh"
)
// ErrServerClosed is returned by the Server's Serve, ListenAndServe,
@@ -134,45 +134,97 @@ func (srv *Server) config(ctx Context) *gossh.ServerConfig {
config.ServerVersion = "SSH-2.0-" + srv.Version
}
if srv.PasswordHandler != nil {
- config.PasswordCallback = func(conn gossh.ConnMetadata, password []byte) (*gossh.Permissions, error) {
- applyConnMetadata(ctx, conn)
- if ok := srv.PasswordHandler(ctx, string(password)); !ok {
- return ctx.Permissions().Permissions, fmt.Errorf("permission denied")
- }
- return ctx.Permissions().Permissions, nil
- }
+ config.PasswordCallback = passwordCallback(ctx, srv.PasswordHandler)
}
if srv.PublicKeyHandler != nil {
- config.PublicKeyCallback = func(conn gossh.ConnMetadata, key gossh.PublicKey) (*gossh.Permissions, error) {
- applyConnMetadata(ctx, conn)
- if err := srv.PublicKeyHandler(ctx, key); err != nil {
- return ctx.Permissions().Permissions, err
- }
- ctx.SetValue(ContextKeyPublicKey, key)
- return ctx.Permissions().Permissions, nil
- }
+ config.PublicKeyCallback = publicKeyCallback(ctx, srv.PublicKeyHandler)
}
if srv.KeyboardInteractiveHandler != nil {
- config.KeyboardInteractiveCallback = func(conn gossh.ConnMetadata, challenger gossh.KeyboardInteractiveChallenge) (*gossh.Permissions, error) {
- applyConnMetadata(ctx, conn)
- if ok := srv.KeyboardInteractiveHandler(ctx, challenger); !ok {
- return ctx.Permissions().Permissions, fmt.Errorf("permission denied")
- }
- return ctx.Permissions().Permissions, nil
- }
+ config.KeyboardInteractiveCallback = keyboardInteractiveCallback(ctx, srv.KeyboardInteractiveHandler)
}
if srv.NoClientAuthHandler != nil {
- config.NoClientAuthCallback = func(conn gossh.ConnMetadata) (*gossh.Permissions, error) {
- applyConnMetadata(ctx, conn)
- if err := srv.NoClientAuthHandler(ctx); err != nil {
- return ctx.Permissions().Permissions, err
- }
- return ctx.Permissions().Permissions, nil
- }
+ config.NoClientAuthCallback = noClientAuthCallback(ctx, srv.NoClientAuthHandler)
+ }
+ config.PreAuthConnCallback = func(pac gossh.ServerPreAuthConn) {
+ ctx.SetValue(ContextKeySendAuthBanner, pac.SendAuthBanner)
}
return config
}
+func passwordCallback(ctx Context, h PasswordHandler) func(gossh.ConnMetadata, []byte) (*gossh.Permissions, error) {
+ return func(conn gossh.ConnMetadata, password []byte) (*gossh.Permissions, error) {
+ applyConnMetadata(ctx, conn)
+ if ok := h(ctx, string(password)); !ok {
+ return ctx.Permissions().Permissions, fmt.Errorf("permission denied")
+ }
+ return ctx.Permissions().Permissions, nil
+ }
+}
+
+func publicKeyCallback(ctx Context, h PublicKeyHandler) func(gossh.ConnMetadata, gossh.PublicKey) (*gossh.Permissions, error) {
+ return func(conn gossh.ConnMetadata, key gossh.PublicKey) (*gossh.Permissions, error) {
+ applyConnMetadata(ctx, conn)
+ if err := h(ctx, key); err != nil {
+ return ctx.Permissions().Permissions, adaptPartialSuccessError(err)
+ }
+ ctx.SetValue(ContextKeyPublicKey, key)
+ return ctx.Permissions().Permissions, nil
+ }
+}
+
+func keyboardInteractiveCallback(ctx Context, h KeyboardInteractiveHandler) func(conn gossh.ConnMetadata, client gossh.KeyboardInteractiveChallenge) (*gossh.Permissions, error) {
+ return func(conn gossh.ConnMetadata, challenger gossh.KeyboardInteractiveChallenge) (*gossh.Permissions, error) {
+ applyConnMetadata(ctx, conn)
+ if ok := h(ctx, challenger); !ok {
+ return ctx.Permissions().Permissions, fmt.Errorf("permission denied")
+ }
+ return ctx.Permissions().Permissions, nil
+ }
+}
+
+func noClientAuthCallback(ctx Context, h NoClientAuthHandler) func(gossh.ConnMetadata) (*gossh.Permissions, error) {
+ return func(conn gossh.ConnMetadata) (*gossh.Permissions, error) {
+ applyConnMetadata(ctx, conn)
+ if err := h(ctx); err != nil {
+ return ctx.Permissions().Permissions, adaptPartialSuccessError(err)
+ }
+ return ctx.Permissions().Permissions, nil
+ }
+}
+
+func adaptPartialSuccessError(err error) error {
+ fmt.Printf("Adapt? error %q of type %T\n", err, err)
+ if err == nil {
+ return nil
+ }
+ pse := &PartialSuccessError{}
+ if errors.As(err, &pse) {
+ adapted := &gossh.PartialSuccessError{}
+ if pse.PasswordHandler != nil {
+ adapted.Next.PasswordCallback = passwordCallback(pse.Context, pse.PasswordHandler)
+ }
+ if pse.PublicKeyHandler != nil {
+ adapted.Next.PublicKeyCallback = publicKeyCallback(pse.Context, pse.PublicKeyHandler)
+ }
+ if pse.KeyboardInteractiveHandler != nil {
+ adapted.Next.KeyboardInteractiveCallback = keyboardInteractiveCallback(pse.Context, pse.KeyboardInteractiveHandler)
+ }
+ return adapted
+ }
+ return err
+}
+
+type PartialSuccessError struct {
+ Context Context
+ PasswordHandler PasswordHandler
+ PublicKeyHandler PublicKeyHandler
+ KeyboardInteractiveHandler KeyboardInteractiveHandler
+}
+
+func (p *PartialSuccessError) Error() string {
+ return "ssh: authenticated with partial success"
+}
+
// Handle sets the Handler for the server.
func (srv *Server) Handle(fn Handler) {
srv.mu.Lock()
diff --git a/tempfork/gliderlabs/ssh/session.go b/tempfork/gliderlabs/ssh/session.go
index 0a4a21e53..a7a9a3eeb 100644
--- a/tempfork/gliderlabs/ssh/session.go
+++ b/tempfork/gliderlabs/ssh/session.go
@@ -9,7 +9,7 @@ import (
"sync"
"github.com/anmitsu/go-shlex"
- gossh "github.com/tailscale/golang-x-crypto/ssh"
+ gossh "golang.org/x/crypto/ssh"
)
// Session provides access to information about an SSH session and methods
diff --git a/tempfork/gliderlabs/ssh/session_test.go b/tempfork/gliderlabs/ssh/session_test.go
index a60be5ec1..fe61a9d96 100644
--- a/tempfork/gliderlabs/ssh/session_test.go
+++ b/tempfork/gliderlabs/ssh/session_test.go
@@ -9,7 +9,7 @@ import (
"net"
"testing"
- gossh "github.com/tailscale/golang-x-crypto/ssh"
+ gossh "golang.org/x/crypto/ssh"
)
func (srv *Server) serveOnce(l net.Listener) error {
diff --git a/tempfork/gliderlabs/ssh/ssh.go b/tempfork/gliderlabs/ssh/ssh.go
index 644cb257d..54bd31ec2 100644
--- a/tempfork/gliderlabs/ssh/ssh.go
+++ b/tempfork/gliderlabs/ssh/ssh.go
@@ -4,7 +4,7 @@ import (
"crypto/subtle"
"net"
- gossh "github.com/tailscale/golang-x-crypto/ssh"
+ gossh "golang.org/x/crypto/ssh"
)
type Signal string
@@ -105,7 +105,7 @@ type Pty struct {
// requested by the client as part of the pty-req. These are outlined as
// part of https://datatracker.ietf.org/doc/html/rfc4254#section-8.
//
- // The opcodes are defined as constants in github.com/tailscale/golang-x-crypto/ssh (VINTR,VQUIT,etc.).
+ // The opcodes are defined as constants in golang.org/x/crypto/ssh (VINTR,VQUIT,etc.).
// Boolean opcodes have values 0 or 1.
Modes gossh.TerminalModes
}
diff --git a/tempfork/gliderlabs/ssh/tcpip.go b/tempfork/gliderlabs/ssh/tcpip.go
index 056a0c734..335fda657 100644
--- a/tempfork/gliderlabs/ssh/tcpip.go
+++ b/tempfork/gliderlabs/ssh/tcpip.go
@@ -7,7 +7,7 @@ import (
"strconv"
"sync"
- gossh "github.com/tailscale/golang-x-crypto/ssh"
+ gossh "golang.org/x/crypto/ssh"
)
const (
diff --git a/tempfork/gliderlabs/ssh/tcpip_test.go b/tempfork/gliderlabs/ssh/tcpip_test.go
index 118b5d53a..b3ba60a9b 100644
--- a/tempfork/gliderlabs/ssh/tcpip_test.go
+++ b/tempfork/gliderlabs/ssh/tcpip_test.go
@@ -10,7 +10,7 @@ import (
"strings"
"testing"
- gossh "github.com/tailscale/golang-x-crypto/ssh"
+ gossh "golang.org/x/crypto/ssh"
)
var sampleServerResponse = []byte("Hello world")
diff --git a/tempfork/gliderlabs/ssh/util.go b/tempfork/gliderlabs/ssh/util.go
index e3b5716a3..3bee06dcd 100644
--- a/tempfork/gliderlabs/ssh/util.go
+++ b/tempfork/gliderlabs/ssh/util.go
@@ -5,7 +5,7 @@ import (
"crypto/rsa"
"encoding/binary"
- "github.com/tailscale/golang-x-crypto/ssh"
+ "golang.org/x/crypto/ssh"
)
func generateSigner() (ssh.Signer, error) {
diff --git a/tempfork/gliderlabs/ssh/wrap.go b/tempfork/gliderlabs/ssh/wrap.go
index 17867d751..d1f2b161e 100644
--- a/tempfork/gliderlabs/ssh/wrap.go
+++ b/tempfork/gliderlabs/ssh/wrap.go
@@ -1,6 +1,6 @@
package ssh
-import gossh "github.com/tailscale/golang-x-crypto/ssh"
+import gossh "golang.org/x/crypto/ssh"
// PublicKey is an abstraction of different types of public keys.
type PublicKey interface {
Copyright © 2025 - 2026 Wayne Cole. WTFPL. Attribution appreciated. No warranty. Not liable for bodily damages.