x/crypto/ssh: add ServerConfig.NoClientAuthCallback

[bradfitz]

Currently Go's SSH package doesn't permit a server to conditionally permit auth type "none" at runtime. There's a NoClientAuth bool flag to globally enable it, but you can't decide as a function of the ConnMetaData (username, IPs, etc) whether to permit it.

I propose adding a ServerConfig.NoClientAuthCallback auth hook, with a signature like the existing auth hooks:

        // NoClientAuthCallback, if non-nil, is called when a user
	// attempts to authenticate with auth method "none".
	// NoClientAuth must also be set to true for this be used, or
	// this func is unused.
	NoClientAuthCallback func(ConnMetadata) (*Permissions, error)

I sent https://go-review.googlesource.com/c/crypto/+/395314 which @rolandshoemaker approved, but this is the proposal for the API change.

/cc @maisem

[gopherbot]

Change https://go.dev/cl/395314 mentions this issue: ssh: add ServerConfig.NoClientAuthCallback

[rsc]

/cc @FiloSottile

[rsc]

This proposal has been added to the active column of the proposals project
and will now be reviewed at the weekly proposal review meetings.
— rsc for the proposal review group

[rsc]

/cc @golang/security

[rsc]

Does anyone object to adding this? It is a very small CL and Roland has already +2'ed it.

[rsc]

Based on the discussion above, this proposal seems like a likely accept.
— rsc for the proposal review group

[rsc]

No change in consensus, so accepted. 🎉
This issue now tracks the work of implementing the proposal.
— rsc for the proposal review group