UserAuthGSSAPIWithMIC


1   /* -*-mode:java; c-basic-offset:2; indent-tabs-mode:nil -*- */
2   /*
3   Copyright(c)2004,2005,2006 ymnk, JCraft,Inc. All rights reserved.
4   
5   Redistribution and use in source and binary forms, with or without
6   modification, are permitted provided that the following conditions are met:
7   
8     1. Redistributions of source code must retain the above copyright notice,
9        this list of conditions and the following disclaimer.
10  
11    2. Redistributions in binary form must reproduce the above copyright 
12       notice, this list of conditions and the following disclaimer in 
13       the documentation and/or other materials provided with the distribution.
14  
15    3. The names of the authors may not be used to endorse or promote products
16       derived from this software without specific prior written permission.
17  
18  THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
19  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
20  FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
21  INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
22  INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES(INCLUDING, BUT NOT
23  LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
24  OR PROFITS; OR BUSINESS INTERRUPTION)HOWEVER CAUSED AND ON ANY THEORY OF
25  LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT(INCLUDING
26  NEGLIGENCE OR OTHERWISE)ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
27  EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28  */
29  
30  package com.jcraft.jsch;
31  
32  public class UserAuthGSSAPIWithMIC extends UserAuth {
33    private static final int SSH_MSG_USERAUTH_GSSAPI_RESPONSE=         60;
34    private static final int SSH_MSG_USERAUTH_GSSAPI_TOKEN=            61;
35    private static final int SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE=63;
36    private static final int SSH_MSG_USERAUTH_GSSAPI_ERROR=            64;
37    private static final int SSH_MSG_USERAUTH_GSSAPI_ERRTOK=           65;
38    private static final int SSH_MSG_USERAUTH_GSSAPI_MIC=              66;
39  
40    private static final byte[][] supported_oid={
41      // OID 1.2.840.113554.1.2.2 in DER
42      {(byte)0x6,(byte)0x9,(byte)0x2a,(byte)0x86,(byte)0x48,
43       (byte)0x86,(byte)0xf7,(byte)0x12,(byte)0x1,(byte)0x2,
44       (byte)0x2}
45    };
46  
47    private static final String  [] supported_method={
48      "gssapi-with-mic.krb5"
49    };
50  
51    public boolean start(Session session, UserInfo userinfo)throws Exception  {
52      this.userinfo=userinfo;
53      Packet  packet=session.packet;
54      Buffer  buf=session.buf;
55      final String   username=session.username;
56  
57      byte[] _username=Util.str2byte(username);
58  
59      packet.reset();
60  
61      // byte            SSH_MSG_USERAUTH_REQUEST(50)
62      // string          user name(in ISO-10646 UTF-8 encoding)
63      // string          service name(in US-ASCII)
64      // string          "gssapi"(US-ASCII)
65      // uint32          n, the number of OIDs client supports
66      // string[n]       mechanism OIDS
67      buf.putByte((byte)SSH_MSG_USERAUTH_REQUEST);
68      buf.putString(_username);
69      buf.putString("ssh-connection".getBytes());
70      buf.putString("gssapi-with-mic".getBytes());
71      buf.putInt(supported_oid.length);
72      for(int i=0; i<supported_oid.length; i++){
73        buf.putString(supported_oid[i]);
74      }
75      session.write(packet);
76  
77      String   method=null;
78      while(true){
79        buf=session.read(buf);
80  
81        if(buf.buffer[5]==SSH_MSG_USERAUTH_FAILURE){
82          return false;
83        }
84  
85        if(buf.buffer[5]==SSH_MSG_USERAUTH_GSSAPI_RESPONSE){
86          buf.getInt(); buf.getByte(); buf.getByte();
87          byte[] message=buf.getString();
88  
89          for(int i=0; i<supported_oid.length; i++){
90            if(Util.array_equals(message, supported_oid[i])){
91              method=supported_method[i];
92              break;
93            }
94          }
95  
96          if(method==null){
97            return false;
98          }
99  
100         break; // success
101       }
102 
103       if(buf.buffer[5]==SSH_MSG_USERAUTH_BANNER){
104         buf.getInt(); buf.getByte(); buf.getByte();
105         byte[] _message=buf.getString();
106         byte[] lang=buf.getString();
107         String   message=Util.byte2str(_message);
108         if(userinfo!=null){
109           userinfo.showMessage(message);
110         }
111         continue;
112       }
113       return false;
114     }
115 
116     GSSContext context=null;
117     try{
118       Class   c=Class.forName(session.getConfig(method));
119       context=(GSSContext)(c.newInstance());
120     }
121     catch(Exception   e){ 
122       return false;
123     }
124 
125     try{
126       context.create(username, session.host);
127     }
128     catch(JSchException e){
129       return false;
130     }
131 
132     byte[] token=new byte[0];
133 
134     while(!context.isEstablished()){
135       try{
136         token=context.init(token, 0, token.length);
137       }
138       catch(JSchException e){
139         // TODO
140         // ERRTOK should be sent?
141         // byte        SSH_MSG_USERAUTH_GSSAPI_ERRTOK
142         // string      error token
143         return false;
144       }
145 
146       if(token!=null){
147         packet.reset();
148         buf.putByte((byte)SSH_MSG_USERAUTH_GSSAPI_TOKEN);
149         buf.putString(token);
150         session.write(packet);
151       }
152 
153       if(!context.isEstablished()){
154         buf=session.read(buf);
155 
156         if(buf.buffer[5]==SSH_MSG_USERAUTH_GSSAPI_ERROR){
157           // uint32    major_status
158           // uint32    minor_status
159           // string    message
160           // string    language tag
161 
162           buf=session.read(buf);
163           //return false;
164         }
165         else if(buf.buffer[5]==SSH_MSG_USERAUTH_GSSAPI_ERRTOK){
166           // string error token
167 
168           buf=session.read(buf);
169           //return false;
170         }
171 
172         if(buf.buffer[5]==SSH_MSG_USERAUTH_FAILURE){
173           return false;
174         }
175 
176         buf.getInt(); buf.getByte(); buf.getByte();
177         token=buf.getString();
178       }
179     }
180 
181     Buffer mbuf=new Buffer();
182     // string    session identifier
183     // byte      SSH_MSG_USERAUTH_REQUEST
184     // string    user name
185     // string    service
186     // string    "gssapi-with-mic"
187     mbuf.putString(session.getSessionId());
188     mbuf.putByte((byte)SSH_MSG_USERAUTH_REQUEST);
189     mbuf.putString(_username);
190     mbuf.putString("ssh-connection".getBytes());
191     mbuf.putString("gssapi-with-mic".getBytes());
192 
193     byte[] mic=context.getMIC(mbuf.buffer, 0, mbuf.getLength());
194 
195     if(mic==null){
196       return false;
197     }
198 
199     packet.reset();
200     buf.putByte((byte)SSH_MSG_USERAUTH_GSSAPI_MIC);
201     buf.putString(mic);
202     session.write(packet);
203 
204     context.dispose();
205 
206     buf=session.read(buf);
207     if(buf.buffer[5]==SSH_MSG_USERAUTH_SUCCESS){
208       return true;
209     }
210     if(buf.buffer[5]==SSH_MSG_USERAUTH_FAILURE){
211       buf.getInt(); buf.getByte(); buf.getByte(); 
212       byte[] foo=buf.getString();
213       int partial_success=buf.getByte();
214       //System.err.println(new String(foo)+
215       //         " partial_success:"+(partial_success!=0));
216       if(partial_success!=0){
217         throw new JSchPartialAuthException(new String  (foo));
218       }
219     }
220     return false;
221   }
222 }
223 
224 
225
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags