]> Joshua Wise's Git repositories - dumload.git/blob - src/com/jcraft/jsch/UserAuthGSSAPIWithMIC.java
A few icon tweaks
[dumload.git] / src / com / jcraft / jsch / UserAuthGSSAPIWithMIC.java
1 /* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
2 /*
3 Copyright (c) 2006-2010 ymnk, JCraft,Inc. All rights reserved.
4
5 Redistribution and use in source and binary forms, with or without
6 modification, are permitted provided that the following conditions are met:
7
8   1. Redistributions of source code must retain the above copyright notice,
9      this list of conditions and the following disclaimer.
10
11   2. Redistributions in binary form must reproduce the above copyright 
12      notice, this list of conditions and the following disclaimer in 
13      the documentation and/or other materials provided with the distribution.
14
15   3. The names of the authors may not be used to endorse or promote products
16      derived from this software without specific prior written permission.
17
18 THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
19 INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
20 FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
21 INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
22 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES(INCLUDING, BUT NOT
23 LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
24 OR PROFITS; OR BUSINESS INTERRUPTION)HOWEVER CAUSED AND ON ANY THEORY OF
25 LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT(INCLUDING
26 NEGLIGENCE OR OTHERWISE)ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
27 EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 package com.jcraft.jsch;
31
32 public class UserAuthGSSAPIWithMIC extends UserAuth {
33   private static final int SSH_MSG_USERAUTH_GSSAPI_RESPONSE=         60;
34   private static final int SSH_MSG_USERAUTH_GSSAPI_TOKEN=            61;
35   private static final int SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE=63;
36   private static final int SSH_MSG_USERAUTH_GSSAPI_ERROR=            64;
37   private static final int SSH_MSG_USERAUTH_GSSAPI_ERRTOK=           65;
38   private static final int SSH_MSG_USERAUTH_GSSAPI_MIC=              66;
39
40   private static final byte[][] supported_oid={
41     // OID 1.2.840.113554.1.2.2 in DER
42     {(byte)0x6,(byte)0x9,(byte)0x2a,(byte)0x86,(byte)0x48,
43      (byte)0x86,(byte)0xf7,(byte)0x12,(byte)0x1,(byte)0x2,
44      (byte)0x2}
45   };
46
47   private static final String[] supported_method={
48     "gssapi-with-mic.krb5"
49   };
50
51   public boolean start(Session session)throws Exception{
52     super.start(session);
53
54     byte[] _username=Util.str2byte(username);
55
56     packet.reset();
57
58     // byte            SSH_MSG_USERAUTH_REQUEST(50)
59     // string          user name(in ISO-10646 UTF-8 encoding)
60     // string          service name(in US-ASCII)
61     // string          "gssapi"(US-ASCII)
62     // uint32          n, the number of OIDs client supports
63     // string[n]       mechanism OIDS
64     buf.putByte((byte)SSH_MSG_USERAUTH_REQUEST);
65     buf.putString(_username);
66     buf.putString(Util.str2byte("ssh-connection"));
67     buf.putString(Util.str2byte("gssapi-with-mic"));
68     buf.putInt(supported_oid.length);
69     for(int i=0; i<supported_oid.length; i++){
70       buf.putString(supported_oid[i]);
71     }
72     session.write(packet);
73
74     String method=null;
75     int command;
76     while(true){
77       buf=session.read(buf);
78       command=buf.getCommand()&0xff;
79
80       if(command==SSH_MSG_USERAUTH_FAILURE){
81         return false;
82       }
83       
84       if(command==SSH_MSG_USERAUTH_GSSAPI_RESPONSE){
85         buf.getInt(); buf.getByte(); buf.getByte();
86         byte[] message=buf.getString();
87
88         for(int i=0; i<supported_oid.length; i++){
89           if(Util.array_equals(message, supported_oid[i])){
90             method=supported_method[i];
91             break;
92           }
93         }
94
95         if(method==null){
96           return false;
97         }
98
99         break; // success
100       }
101
102       if(command==SSH_MSG_USERAUTH_BANNER){
103         buf.getInt(); buf.getByte(); buf.getByte();
104         byte[] _message=buf.getString();
105         byte[] lang=buf.getString();
106         String message=Util.byte2str(_message);
107         if(userinfo!=null){
108           userinfo.showMessage(message);
109         }
110         continue;
111       }
112       return false;
113     }
114
115     GSSContext context=null;
116     try{
117       Class c=Class.forName(session.getConfig(method));
118       context=(GSSContext)(c.newInstance());
119     }
120     catch(Exception e){ 
121       return false;
122     }
123
124     try{
125       context.create(username, session.host);
126     }
127     catch(JSchException e){
128       return false;
129     }
130
131     byte[] token=new byte[0];
132
133     while(!context.isEstablished()){
134       try{
135         token=context.init(token, 0, token.length);
136       }
137       catch(JSchException e){
138         // TODO
139         // ERRTOK should be sent?
140         // byte        SSH_MSG_USERAUTH_GSSAPI_ERRTOK
141         // string      error token
142         return false;
143       }
144
145       if(token!=null){
146         packet.reset();
147         buf.putByte((byte)SSH_MSG_USERAUTH_GSSAPI_TOKEN);
148         buf.putString(token);
149         session.write(packet);
150       }
151
152       if(!context.isEstablished()){
153         buf=session.read(buf);
154         command=buf.getCommand()&0xff;
155         if(command==SSH_MSG_USERAUTH_GSSAPI_ERROR){
156           // uint32    major_status
157           // uint32    minor_status
158           // string    message
159           // string    language tag
160
161           buf=session.read(buf);
162           command=buf.getCommand()&0xff;
163           //return false;
164         }
165         else if(command==SSH_MSG_USERAUTH_GSSAPI_ERRTOK){
166           // string error token
167
168           buf=session.read(buf);
169           command=buf.getCommand()&0xff;
170           //return false;
171         }
172
173         if(command==SSH_MSG_USERAUTH_FAILURE){
174           return false;
175         }
176
177         buf.getInt(); buf.getByte(); buf.getByte();
178         token=buf.getString();
179       }
180     }
181
182     Buffer mbuf=new Buffer();
183     // string    session identifier
184     // byte      SSH_MSG_USERAUTH_REQUEST
185     // string    user name
186     // string    service
187     // string    "gssapi-with-mic"
188     mbuf.putString(session.getSessionId());
189     mbuf.putByte((byte)SSH_MSG_USERAUTH_REQUEST);
190     mbuf.putString(_username);
191     mbuf.putString(Util.str2byte("ssh-connection"));
192     mbuf.putString(Util.str2byte("gssapi-with-mic"));
193
194     byte[] mic=context.getMIC(mbuf.buffer, 0, mbuf.getLength());
195
196     if(mic==null){
197       return false;
198     }
199
200     packet.reset();
201     buf.putByte((byte)SSH_MSG_USERAUTH_GSSAPI_MIC);
202     buf.putString(mic);
203     session.write(packet);
204
205     context.dispose();
206
207     buf=session.read(buf);
208     command=buf.getCommand()&0xff;
209
210     if(command==SSH_MSG_USERAUTH_SUCCESS){
211       return true;
212     }
213     else if(command==SSH_MSG_USERAUTH_FAILURE){
214       buf.getInt(); buf.getByte(); buf.getByte(); 
215       byte[] foo=buf.getString();
216       int partial_success=buf.getByte();
217       //System.err.println(new String(foo)+
218       //                 " partial_success:"+(partial_success!=0));
219       if(partial_success!=0){
220         throw new JSchPartialAuthException(Util.byte2str(foo));
221       }
222     }
223     return false;
224   }
225 }
226
227
This page took 0.039084 seconds and 4 git commands to generate.