]> Joshua Wise's Git repositories - dumload.git/blame_incremental - src/com/jcraft/jsch/UserAuthGSSAPIWithMIC.java
Fix port usage and always try to add the generated key
[dumload.git] / src / com / jcraft / jsch / UserAuthGSSAPIWithMIC.java
... / ...
CommitLineData
1/* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
2/*
3Copyright (c) 2006-2010 ymnk, JCraft,Inc. All rights reserved.
4
5Redistribution and use in source and binary forms, with or without
6modification, are permitted provided that the following conditions are met:
7
8 1. Redistributions of source code must retain the above copyright notice,
9 this list of conditions and the following disclaimer.
10
11 2. Redistributions in binary form must reproduce the above copyright
12 notice, this list of conditions and the following disclaimer in
13 the documentation and/or other materials provided with the distribution.
14
15 3. The names of the authors may not be used to endorse or promote products
16 derived from this software without specific prior written permission.
17
18THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
19INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
20FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
21INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
22INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES(INCLUDING, BUT NOT
23LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
24OR PROFITS; OR BUSINESS INTERRUPTION)HOWEVER CAUSED AND ON ANY THEORY OF
25LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT(INCLUDING
26NEGLIGENCE OR OTHERWISE)ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
27EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28*/
29
30package com.jcraft.jsch;
31
32public class UserAuthGSSAPIWithMIC extends UserAuth {
33 private static final int SSH_MSG_USERAUTH_GSSAPI_RESPONSE= 60;
34 private static final int SSH_MSG_USERAUTH_GSSAPI_TOKEN= 61;
35 private static final int SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE=63;
36 private static final int SSH_MSG_USERAUTH_GSSAPI_ERROR= 64;
37 private static final int SSH_MSG_USERAUTH_GSSAPI_ERRTOK= 65;
38 private static final int SSH_MSG_USERAUTH_GSSAPI_MIC= 66;
39
40 private static final byte[][] supported_oid={
41 // OID 1.2.840.113554.1.2.2 in DER
42 {(byte)0x6,(byte)0x9,(byte)0x2a,(byte)0x86,(byte)0x48,
43 (byte)0x86,(byte)0xf7,(byte)0x12,(byte)0x1,(byte)0x2,
44 (byte)0x2}
45 };
46
47 private static final String[] supported_method={
48 "gssapi-with-mic.krb5"
49 };
50
51 public boolean start(Session session)throws Exception{
52 super.start(session);
53
54 byte[] _username=Util.str2byte(username);
55
56 packet.reset();
57
58 // byte SSH_MSG_USERAUTH_REQUEST(50)
59 // string user name(in ISO-10646 UTF-8 encoding)
60 // string service name(in US-ASCII)
61 // string "gssapi"(US-ASCII)
62 // uint32 n, the number of OIDs client supports
63 // string[n] mechanism OIDS
64 buf.putByte((byte)SSH_MSG_USERAUTH_REQUEST);
65 buf.putString(_username);
66 buf.putString(Util.str2byte("ssh-connection"));
67 buf.putString(Util.str2byte("gssapi-with-mic"));
68 buf.putInt(supported_oid.length);
69 for(int i=0; i<supported_oid.length; i++){
70 buf.putString(supported_oid[i]);
71 }
72 session.write(packet);
73
74 String method=null;
75 int command;
76 while(true){
77 buf=session.read(buf);
78 command=buf.getCommand()&0xff;
79
80 if(command==SSH_MSG_USERAUTH_FAILURE){
81 return false;
82 }
83
84 if(command==SSH_MSG_USERAUTH_GSSAPI_RESPONSE){
85 buf.getInt(); buf.getByte(); buf.getByte();
86 byte[] message=buf.getString();
87
88 for(int i=0; i<supported_oid.length; i++){
89 if(Util.array_equals(message, supported_oid[i])){
90 method=supported_method[i];
91 break;
92 }
93 }
94
95 if(method==null){
96 return false;
97 }
98
99 break; // success
100 }
101
102 if(command==SSH_MSG_USERAUTH_BANNER){
103 buf.getInt(); buf.getByte(); buf.getByte();
104 byte[] _message=buf.getString();
105 byte[] lang=buf.getString();
106 String message=Util.byte2str(_message);
107 if(userinfo!=null){
108 userinfo.showMessage(message);
109 }
110 continue;
111 }
112 return false;
113 }
114
115 GSSContext context=null;
116 try{
117 Class c=Class.forName(session.getConfig(method));
118 context=(GSSContext)(c.newInstance());
119 }
120 catch(Exception e){
121 return false;
122 }
123
124 try{
125 context.create(username, session.host);
126 }
127 catch(JSchException e){
128 return false;
129 }
130
131 byte[] token=new byte[0];
132
133 while(!context.isEstablished()){
134 try{
135 token=context.init(token, 0, token.length);
136 }
137 catch(JSchException e){
138 // TODO
139 // ERRTOK should be sent?
140 // byte SSH_MSG_USERAUTH_GSSAPI_ERRTOK
141 // string error token
142 return false;
143 }
144
145 if(token!=null){
146 packet.reset();
147 buf.putByte((byte)SSH_MSG_USERAUTH_GSSAPI_TOKEN);
148 buf.putString(token);
149 session.write(packet);
150 }
151
152 if(!context.isEstablished()){
153 buf=session.read(buf);
154 command=buf.getCommand()&0xff;
155 if(command==SSH_MSG_USERAUTH_GSSAPI_ERROR){
156 // uint32 major_status
157 // uint32 minor_status
158 // string message
159 // string language tag
160
161 buf=session.read(buf);
162 command=buf.getCommand()&0xff;
163 //return false;
164 }
165 else if(command==SSH_MSG_USERAUTH_GSSAPI_ERRTOK){
166 // string error token
167
168 buf=session.read(buf);
169 command=buf.getCommand()&0xff;
170 //return false;
171 }
172
173 if(command==SSH_MSG_USERAUTH_FAILURE){
174 return false;
175 }
176
177 buf.getInt(); buf.getByte(); buf.getByte();
178 token=buf.getString();
179 }
180 }
181
182 Buffer mbuf=new Buffer();
183 // string session identifier
184 // byte SSH_MSG_USERAUTH_REQUEST
185 // string user name
186 // string service
187 // string "gssapi-with-mic"
188 mbuf.putString(session.getSessionId());
189 mbuf.putByte((byte)SSH_MSG_USERAUTH_REQUEST);
190 mbuf.putString(_username);
191 mbuf.putString(Util.str2byte("ssh-connection"));
192 mbuf.putString(Util.str2byte("gssapi-with-mic"));
193
194 byte[] mic=context.getMIC(mbuf.buffer, 0, mbuf.getLength());
195
196 if(mic==null){
197 return false;
198 }
199
200 packet.reset();
201 buf.putByte((byte)SSH_MSG_USERAUTH_GSSAPI_MIC);
202 buf.putString(mic);
203 session.write(packet);
204
205 context.dispose();
206
207 buf=session.read(buf);
208 command=buf.getCommand()&0xff;
209
210 if(command==SSH_MSG_USERAUTH_SUCCESS){
211 return true;
212 }
213 else if(command==SSH_MSG_USERAUTH_FAILURE){
214 buf.getInt(); buf.getByte(); buf.getByte();
215 byte[] foo=buf.getString();
216 int partial_success=buf.getByte();
217 //System.err.println(new String(foo)+
218 // " partial_success:"+(partial_success!=0));
219 if(partial_success!=0){
220 throw new JSchPartialAuthException(Util.byte2str(foo));
221 }
222 }
223 return false;
224 }
225}
226
227
This page took 0.027992 seconds and 4 git commands to generate.