Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssh: Add bannerfun to the server role #9149

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

ssh: Add bannerfun to the server role #9149

wants to merge 2 commits into from

Conversation

alexandrejbr
Copy link
Contributor

bannerfun/1 enables the server to send a SSH_MSG_USERAUTH_BANNER at the beginning of user authentication, immediately after receiving the first SSH_MSG_USERAUTH_BANNER

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 5, 2024
edited
Loading

CT Test Results

    2 files     29 suites   19m 39s ⏱️
  465 tests   461 ✅  4 💤 0 ❌
1 670 runs  1 646 ✅ 24 💤 0 ❌

Results for commit f60efc4.

♻️ This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

// Erlang/OTP Github Action Bot

@alexandrejbr alexandrejbr mentioned this pull request Dec 5, 2024
Closed
@u3s u3s added the team:PS Assigned to OTP team PS label Dec 6, 2024
@u3s u3s self-assigned this Dec 6, 2024
@alexandrejbr alexandrejbr force-pushed the alexandrejbr/ssh-bannerfun branch from 5f14347 to 65d5b9f Compare December 9, 2024 11:28
@alexandrejbr alexandrejbr force-pushed the alexandrejbr/ssh-bannerfun branch from 65d5b9f to c5c7b12 Compare December 20, 2024 13:19
@u3s u3s added the testing currently being tested, tag is used by OTP internal CI label Jan 7, 2025
@u3s u3s added testing currently being tested, tag is used by OTP internal CI and removed testing currently being tested, tag is used by OTP internal CI labels Jan 7, 2025
@alexandrejbr
ssh: Add bannerfun to the server role
fffdce8 
bannerfun/1 enables the server to send a SSH_MSG_USERAUTH_BANNER
at the beginning of user authentication, immediately after receiving
the first SSH_MSG_USERAUTH_BANNER
@alexandrejbr
ssh: bannerfun works with openssh
f60efc4 
Update the existing renegotiation tests to include a bannerfun
so there is a check that the erlang server sending a banner
is compatible with openssh.
@alexandrejbr alexandrejbr force-pushed the alexandrejbr/ssh-bannerfun branch from abe8576 to f60efc4 Compare January 8, 2025 08:09
@alexandrejbr
Copy link
Contributor Author

@u3s I have force pushed to fix the conflict in ssh.hrl. The branch is now rebased with the latest master.

@u3s u3s added testing currently being tested, tag is used by OTP internal CI enhancement and removed testing currently being tested, tag is used by OTP internal CI labels Jan 8, 2025
u3s
u3s reviewed Jan 30, 2025
View reviewed changes
lib/ssh/src/ssh_fsm_userauth_server.erl
@@ -213,3 +215,26 @@ retry_fun(User, Reason, #data{ssh_params = #ssh{opts = Opts,
ok
end.

maybe_send_banner(D0 = #data{ssh_params = #ssh{userauth_banner_sent = false} = Ssh}, User) ->
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe use maybe to simplify code? something like this:

maybe_send_banner(D0 = #data{ssh_params = #ssh{userauth_banner_sent = false} = Ssh}, User) ->
    Opts = Ssh#ssh.opts,
    BannerFun = maps:get(bannerfun, Opts, undefined),
    maybe
        true ?= is_function(BannerFun, 1),
        BannerTxt = BannerFun(User),
        true ?= is_binary(BannerTxt) andalso byte_size(BannerTxt)>0, % Ignore bad banner texts
        Banner = #ssh_msg_userauth_banner{message = BannerText,
                                          language = <<>>},
        D = D0#data{ssh_params = Ssh#ssh{userauth_banner_sent = true}},
        ssh_connection_handler:send_msg(Banner, D)
    else
        _ -> D0
    end;

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I can do that if you want. Other option is to have the default bannerfun being fun(V) -> <<>> end

Then the implementation can be something like this:

maybe_send_banner(D0 = #data{ssh_params = #ssh{userauth_banner_sent = false} = Ssh}, User) ->
    BannerFun = ?GET_OPT(bannerfun, Ssh#ssh.opts),
    case BannerFun(User) of
        BannerText when is_binary(BannerText), byte_size(BannerText) > 0 ->
            Banner = #ssh_msg_userauth_banner{message = BannerText,
                                              language = <<>>},
            D = D0#data{ssh_params = Ssh#ssh{userauth_banner_sent = true}},
            ssh_connection_handler:send_msg(Banner, D);
        _ ->
            D0
    end;
maybe_send_banner(D, _) ->
    D.

Which one do you prefer?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like your proposal more :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@u3s u3s u3s left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@u3s u3s

Labels
enhancement team:PS Assigned to OTP team PS testing currently being tested, tag is used by OTP internal CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@alexandrejbr @u3s