crypto/ssh: keep user in ConnMetadata if NoClientAuth is used

The current behaviour of the crypto/ssh server implementation is to
remove the username from ConnMetadata if the connection is done without
authentication (NoClientAuth). This appears to be a bug.

This behaviour is different from other SSH server implementations like
for example Paramiko (Python) which keeps the username.

Additionally RFC4252 (https://www.ietf.org/rfc/rfc4252.txt) section
5 states the username has to be included in every USERAUTH message.

Change-Id: I27fa50db92eb535e90fe088453faa6f2a76ee31f
Reviewed-on: https://go-review.googlesource.com/27612
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

ssh/client_auth_test.go

@@ -441,3 +441,32 @@ func ExampleRetryableAuthMethod(t *testing.T) {
 		t.Fatalf("unable to dial remote side: %s", err)
 	}
 }
+
+// Test if username is received on server side when NoClientAuth is used
+func TestClientAuthNone(t *testing.T) {
+	user := "testuser"
+	serverConfig := &ServerConfig{
+		NoClientAuth: true,
+	}
+	serverConfig.AddHostKey(testSigners["rsa"])
+
+	clientConfig := &ClientConfig{
+		User: user,
+	}
+
+	c1, c2, err := netPipe()
+	if err != nil {
+		t.Fatalf("netPipe: %v", err)
+	}
+	defer c1.Close()
+	defer c2.Close()
+
+	go NewClientConn(c2, "", clientConfig)
+	serverConn, err := newServer(c1, serverConfig)
+	if err != nil {
+		t.Fatal("newServer: %v", err)
+	}
+	if serverConn.User() != user {
+		t.Fatalf("server: got %q, want %q", serverConn.User(), user)
+	}
+}

ssh/connection.go

@@ -23,7 +23,6 @@ func (e *OpenChannelError) Error() string {
 // ConnMetadata holds metadata for the connection.
 type ConnMetadata interface {
 	// User returns the user ID for this connection.
-	// It is empty if no authentication is used.
 	User() string
 
 	// SessionID returns the sesson hash, also denoted by H.

ssh/server.go

@@ -284,7 +284,6 @@ userAuthLoop:
 		switch userAuthReq.Method {
 		case "none":
 			if config.NoClientAuth {
-				s.user = ""
 				authErr = nil
 			}
 		case "password":