src/com/jcraft/jsch/UserAuthGSSAPIWithMIC.java

   1 /* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
   2 /*
   3 Copyright (c) 2006-2010 ymnk, JCraft,Inc. All rights reserved.
   4
   5 Redistribution and use in source and binary forms, with or without
   6 modification, are permitted provided that the following conditions are met:
   7
   8   1. Redistributions of source code must retain the above copyright notice,
   9      this list of conditions and the following disclaimer.
  10
  11   2. Redistributions in binary form must reproduce the above copyright
  12      notice, this list of conditions and the following disclaimer in
  13      the documentation and/or other materials provided with the distribution.
  14
  15   3. The names of the authors may not be used to endorse or promote products
  16      derived from this software without specific prior written permission.
  17
  18 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
  19 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
  20 FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
  21 INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
  22 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES(INCLUDING, BUT NOT
  23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
  24 OR PROFITS; OR BUSINESS INTERRUPTION)HOWEVER CAUSED AND ON ANY THEORY OF
  25 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT(INCLUDING
  26 NEGLIGENCE OR OTHERWISE)ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
  27 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  28 */
  29
  30 package com.jcraft.jsch;
  31
  32 public class UserAuthGSSAPIWithMIC extends UserAuth {
  33   private static final int SSH_MSG_USERAUTH_GSSAPI_RESPONSE=         60;
  34   private static final int SSH_MSG_USERAUTH_GSSAPI_TOKEN=            61;
  35   private static final int SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE=63;
  36   private static final int SSH_MSG_USERAUTH_GSSAPI_ERROR=            64;
  37   private static final int SSH_MSG_USERAUTH_GSSAPI_ERRTOK=           65;
  38   private static final int SSH_MSG_USERAUTH_GSSAPI_MIC=              66;
  39
  40   private static final byte[][] supported_oid={
  41     // OID 1.2.840.113554.1.2.2 in DER
  42     {(byte)0x6,(byte)0x9,(byte)0x2a,(byte)0x86,(byte)0x48,
  43      (byte)0x86,(byte)0xf7,(byte)0x12,(byte)0x1,(byte)0x2,
  44      (byte)0x2}
  45   };
  46
  47   private static final String[] supported_method={
  48     "gssapi-with-mic.krb5"
  49   };
  50
  51   public boolean start(Session session)throws Exception{
  52     super.start(session);
  53
  54     byte[] _username=Util.str2byte(username);
  55
  56     packet.reset();
  57
  58     // byte            SSH_MSG_USERAUTH_REQUEST(50)
  59     // string          user name(in ISO-10646 UTF-8 encoding)
  60     // string          service name(in US-ASCII)
  61     // string          "gssapi"(US-ASCII)
  62     // uint32          n, the number of OIDs client supports
  63     // string[n]       mechanism OIDS
  64     buf.putByte((byte)SSH_MSG_USERAUTH_REQUEST);
  65     buf.putString(_username);
  66     buf.putString(Util.str2byte("ssh-connection"));
  67     buf.putString(Util.str2byte("gssapi-with-mic"));
  68     buf.putInt(supported_oid.length);
  69     for(int i=0; i<supported_oid.length; i++){
  70       buf.putString(supported_oid[i]);
  71     }
  72     session.write(packet);
  73
  74     String method=null;
  75     int command;
  76     while(true){
  77       buf=session.read(buf);
  78       command=buf.getCommand()&0xff;
  79
  80       if(command==SSH_MSG_USERAUTH_FAILURE){
  81         return false;
  82       }
  83
  84       if(command==SSH_MSG_USERAUTH_GSSAPI_RESPONSE){
  85         buf.getInt(); buf.getByte(); buf.getByte();
  86         byte[] message=buf.getString();
  87
  88         for(int i=0; i<supported_oid.length; i++){
  89           if(Util.array_equals(message, supported_oid[i])){
  90             method=supported_method[i];
  91             break;
  92           }
  93         }
  94
  95         if(method==null){
  96           return false;
  97         }
  98
  99         break; // success
 100       }
 101
 102       if(command==SSH_MSG_USERAUTH_BANNER){
 103         buf.getInt(); buf.getByte(); buf.getByte();
 104         byte[] _message=buf.getString();
 105         byte[] lang=buf.getString();
 106         String message=Util.byte2str(_message);
 107         if(userinfo!=null){
 108           userinfo.showMessage(message);
 109         }
 110         continue;
 111       }
 112       return false;
 113     }
 114
 115     GSSContext context=null;
 116     try{
 117       Class c=Class.forName(session.getConfig(method));
 118       context=(GSSContext)(c.newInstance());
 119     }
 120     catch(Exception e){
 121       return false;
 122     }
 123
 124     try{
 125       context.create(username, session.host);
 126     }
 127     catch(JSchException e){
 128       return false;
 129     }
 130
 131     byte[] token=new byte[0];
 132
 133     while(!context.isEstablished()){
 134       try{
 135         token=context.init(token, 0, token.length);
 136       }
 137       catch(JSchException e){
 138         // TODO
 139         // ERRTOK should be sent?
 140         // byte        SSH_MSG_USERAUTH_GSSAPI_ERRTOK
 141         // string      error token
 142         return false;
 143       }
 144
 145       if(token!=null){
 146         packet.reset();
 147         buf.putByte((byte)SSH_MSG_USERAUTH_GSSAPI_TOKEN);
 148         buf.putString(token);
 149         session.write(packet);
 150       }
 151
 152       if(!context.isEstablished()){
 153         buf=session.read(buf);
 154         command=buf.getCommand()&0xff;
 155         if(command==SSH_MSG_USERAUTH_GSSAPI_ERROR){
 156           // uint32    major_status
 157           // uint32    minor_status
 158           // string    message
 159           // string    language tag
 160
 161           buf=session.read(buf);
 162           command=buf.getCommand()&0xff;
 163           //return false;
 164         }
 165         else if(command==SSH_MSG_USERAUTH_GSSAPI_ERRTOK){
 166           // string error token
 167
 168           buf=session.read(buf);
 169           command=buf.getCommand()&0xff;
 170           //return false;
 171         }
 172
 173         if(command==SSH_MSG_USERAUTH_FAILURE){
 174           return false;
 175         }
 176
 177         buf.getInt(); buf.getByte(); buf.getByte();
 178         token=buf.getString();
 179       }
 180     }
 181
 182     Buffer mbuf=new Buffer();
 183     // string    session identifier
 184     // byte      SSH_MSG_USERAUTH_REQUEST
 185     // string    user name
 186     // string    service
 187     // string    "gssapi-with-mic"
 188     mbuf.putString(session.getSessionId());
 189     mbuf.putByte((byte)SSH_MSG_USERAUTH_REQUEST);
 190     mbuf.putString(_username);
 191     mbuf.putString(Util.str2byte("ssh-connection"));
 192     mbuf.putString(Util.str2byte("gssapi-with-mic"));
 193
 194     byte[] mic=context.getMIC(mbuf.buffer, 0, mbuf.getLength());
 195
 196     if(mic==null){
 197       return false;
 198     }
 199
 200     packet.reset();
 201     buf.putByte((byte)SSH_MSG_USERAUTH_GSSAPI_MIC);
 202     buf.putString(mic);
 203     session.write(packet);
 204
 205     context.dispose();
 206
 207     buf=session.read(buf);
 208     command=buf.getCommand()&0xff;
 209
 210     if(command==SSH_MSG_USERAUTH_SUCCESS){
 211       return true;
 212     }
 213     else if(command==SSH_MSG_USERAUTH_FAILURE){
 214       buf.getInt(); buf.getByte(); buf.getByte();
 215       byte[] foo=buf.getString();
 216       int partial_success=buf.getByte();
 217       //System.err.println(new String(foo)+
 218       //                 " partial_success:"+(partial_success!=0));
 219       if(partial_success!=0){
 220         throw new JSchPartialAuthException(Util.byte2str(foo));
 221       }
 222     }
 223     return false;
 224   }
 225 }
 226
 227