ssh: fix error variable naming convention, add docs

Follow up to CL 96336

Change-Id: I038f3901919c5136273e5df051bc6e958082f830
Reviewed-on: https://go-review.googlesource.com/96415
Reviewed-by: Han-Wen Nienhuys <hanwen@google.com>
Run-TryBot: Han-Wen Nienhuys <hanwen@google.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>

ssh/client_auth_test.go

@@ -614,8 +614,8 @@ func TestClientAuthErrorList(t *testing.T) {
 	for i, e := range authErrs.Errors {
 		switch i {
 		case 0:
-			if e != NoAuthError {
-				t.Fatalf("errors: got error %v, want NoAuthError", e)
+			if e != ErrNoAuth {
+				t.Fatalf("errors: got error %v, want ErrNoAuth", e)
 			}
 		case 1:
 			if e != publicKeyErr {

ssh/server.go

@@ -166,6 +166,9 @@ type ServerConn struct {
 // unsuccessful, it closes the connection and returns an error.  The
 // Request and NewChannel channels must be serviced, or the connection
 // will hang.
+//
+// The returned error may be of type *ServerAuthError for
+// authentication errors.
 func NewServerConn(c net.Conn, config *ServerConfig) (*ServerConn, <-chan NewChannel, <-chan *Request, error) {
 	fullConf := *config
 	fullConf.SetDefaults()
@@ -292,12 +295,13 @@ func checkSourceAddress(addr net.Addr, sourceAddrs string) error {
 	return fmt.Errorf("ssh: remote address %v is not allowed because of source-address restriction", addr)
 }
 
-// ServerAuthError implements the error interface. It appends any authentication
-// errors that may occur, and is returned if all of the authentication methods
-// provided by the user failed to authenticate.
+// ServerAuthError represents server authentication errors and is
+// sometimes returned by NewServerConn. It appends any authentication
+// errors that may occur, and is returned if all of the authentication
+// methods provided by the user failed to authenticate.
 type ServerAuthError struct {
 	// Errors contains authentication errors returned by the authentication
-	// callback methods. The first entry typically is NoAuthError.
+	// callback methods. The first entry is typically ErrNoAuth.
 	Errors []error
 }
 
@@ -309,11 +313,12 @@ func (l ServerAuthError) Error() string {
 	return "[" + strings.Join(errs, ", ") + "]"
 }
 
-// NoAuthError is the unique error that is returned if no
+// ErrNoAuth is the error value returned if no
 // authentication method has been passed yet. This happens as a normal
 // part of the authentication loop, since the client first tries
 // 'none' authentication to discover available methods.
-var NoAuthError = errors.New("ssh: no auth passed yet")
+// It is returned in ServerAuthError.Errors from NewServerConn.
+var ErrNoAuth = errors.New("ssh: no auth passed yet")
 
 func (s *connection) serverAuthenticate(config *ServerConfig) (*Permissions, error) {
 	sessionID := s.transport.getSessionID()
@@ -369,7 +374,7 @@ userAuthLoop:
 		}
 
 		perms = nil
-		authErr := NoAuthError
+		authErr := ErrNoAuth
 
 		switch userAuthReq.Method {
 		case "none":