go.crypto/ssh: in {Server,Client}Conn, read session ID from

transport layer.

R=agl, dave
CC=golang-dev
https://golang.org/cl/15870044

ssh/client.go

@@ -152,7 +152,7 @@ func (c *ClientConn) handshake() error {
 	if packet[0] != msgNewKeys {
 		return UnexpectedMessageError{msgNewKeys, packet[0]}
 	}
-	return c.authenticate(result.H)
+	return c.authenticate()
 }
 
 // Verify the host key obtained in the key exchange.

ssh/client_auth.go

@@ -12,7 +12,7 @@ import (
 )
 
 // authenticate authenticates with the remote server. See RFC 4252.
-func (c *ClientConn) authenticate(session []byte) error {
+func (c *ClientConn) authenticate() error {
 	// initiate user auth session
 	if err := c.transport.writePacket(marshal(msgServiceRequest, serviceRequestMsg{serviceUserAuth})); err != nil {
 		return err
@@ -29,7 +29,7 @@ func (c *ClientConn) authenticate(session []byte) error {
 	// then any untried methods suggested by the server.
 	tried, remain := make(map[string]bool), make(map[string]bool)
 	for auth := ClientAuth(new(noneAuth)); auth != nil; {
-		ok, methods, err := auth.auth(session, c.config.User, c.transport, c.config.rand())
+		ok, methods, err := auth.auth(c.transport.sessionID, c.config.User, c.transport, c.config.rand())
 		if err != nil {
 			return err
 		}

ssh/server.go

@@ -186,7 +186,7 @@ func (s *ServerConn) Handshake() error {
 		return err
 	}
 
-	if err := s.authenticate(s.transport.sessionID); err != nil {
+	if err := s.authenticate(); err != nil {
 		return err
 	}
 	return err
@@ -310,7 +310,7 @@ func (s *ServerConn) testPubKey(user, algo string, pubKey []byte) bool {
 	return result
 }
 
-func (s *ServerConn) authenticate(H []byte) error {
+func (s *ServerConn) authenticate() error {
 	var userAuthReq userAuthRequestMsg
 	var err error
 	var packet []byte
@@ -409,7 +409,7 @@ userAuthLoop:
 				if !isAcceptableAlgo(algo) || !isAcceptableAlgo(sig.Format) || pubAlgoToPrivAlgo(algo) != sig.Format {
 					break
 				}
-				signedData := buildDataSignedForAuth(H, userAuthReq, algoBytes, pubKey)
+				signedData := buildDataSignedForAuth(s.transport.sessionID, userAuthReq, algoBytes, pubKey)
 				key, _, ok := ParsePublicKey(pubKey)
 				if !ok {
 					return ParseError{msgUserAuthRequest}