UserAuthGSSAPIWithMIC.java
Go to the documentation of this file.00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00029
00030 package com.jcraft.jsch;
00031
00061 public class UserAuthGSSAPIWithMIC extends UserAuth {
00062 private static final int SSH_MSG_USERAUTH_GSSAPI_RESPONSE= 60;
00063 private static final int SSH_MSG_USERAUTH_GSSAPI_TOKEN= 61;
00064 private static final int SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE=63;
00065 private static final int SSH_MSG_USERAUTH_GSSAPI_ERROR= 64;
00066 private static final int SSH_MSG_USERAUTH_GSSAPI_ERRTOK= 65;
00067 private static final int SSH_MSG_USERAUTH_GSSAPI_MIC= 66;
00068
00069 private static final byte[][] supported_oid={
00070
00071 {(byte)0x6,(byte)0x9,(byte)0x2a,(byte)0x86,(byte)0x48,
00072 (byte)0x86,(byte)0xf7,(byte)0x12,(byte)0x1,(byte)0x2,
00073 (byte)0x2}
00074 };
00075
00076 private static final String[] supported_method={
00077 "gssapi-with-mic.krb5"
00078 };
00079
00084 public boolean start(Session session)throws Exception{
00085 super.start(session);
00086
00087 byte[] _username=Util.str2byte(username);
00088
00089 packet.reset();
00090
00091
00092
00093
00094
00095
00096
00097 buf.putByte((byte)SSH_MSG_USERAUTH_REQUEST);
00098 buf.putString(_username);
00099 buf.putString(Util.str2byte("ssh-connection"));
00100 buf.putString(Util.str2byte("gssapi-with-mic"));
00101 buf.putInt(supported_oid.length);
00102 for(int i=0; i<supported_oid.length; i++){
00103 buf.putString(supported_oid[i]);
00104 }
00105 session.write(packet);
00106
00107 String method=null;
00108 int command;
00109 while(true){
00110 buf=session.read(buf);
00111 command=buf.getCommand()&0xff;
00112
00113 if(command==SSH_MSG_USERAUTH_FAILURE){
00114 return false;
00115 }
00116
00117 if(command==SSH_MSG_USERAUTH_GSSAPI_RESPONSE){
00118 buf.getInt(); buf.getByte(); buf.getByte();
00119 byte[] message=buf.getString();
00120
00121 for(int i=0; i<supported_oid.length; i++){
00122 if(Util.array_equals(message, supported_oid[i])){
00123 method=supported_method[i];
00124 break;
00125 }
00126 }
00127
00128 if(method==null){
00129 return false;
00130 }
00131
00132 break;
00133 }
00134
00135 if(command==SSH_MSG_USERAUTH_BANNER){
00136 buf.getInt(); buf.getByte(); buf.getByte();
00137 byte[] _message=buf.getString();
00138 byte[] lang=buf.getString();
00139 String message=Util.byte2str(_message);
00140 if(userinfo!=null){
00141 userinfo.showMessage(message);
00142 }
00143 continue;
00144 }
00145 return false;
00146 }
00147
00148 GSSContext context=null;
00149 try{
00150 Class c=Class.forName(session.getConfig(method));
00151 context=(GSSContext)(c.newInstance());
00152 }
00153 catch(Exception e){
00154 return false;
00155 }
00156
00157 try{
00158 context.create(username, session.host);
00159 }
00160 catch(JSchException e){
00161 return false;
00162 }
00163
00164 byte[] token=new byte[0];
00165
00166 while(!context.isEstablished()){
00167 try{
00168 token=context.init(token, 0, token.length);
00169 }
00170 catch(JSchException e){
00171
00172
00173
00174
00175 return false;
00176 }
00177
00178 if(token!=null){
00179 packet.reset();
00180 buf.putByte((byte)SSH_MSG_USERAUTH_GSSAPI_TOKEN);
00181 buf.putString(token);
00182 session.write(packet);
00183 }
00184
00185 if(!context.isEstablished()){
00186 buf=session.read(buf);
00187 command=buf.getCommand()&0xff;
00188 if(command==SSH_MSG_USERAUTH_GSSAPI_ERROR){
00189
00190
00191
00192
00193
00194 buf=session.read(buf);
00195 command=buf.getCommand()&0xff;
00196
00197 }
00198 else if(command==SSH_MSG_USERAUTH_GSSAPI_ERRTOK){
00199
00200
00201 buf=session.read(buf);
00202 command=buf.getCommand()&0xff;
00203
00204 }
00205
00206 if(command==SSH_MSG_USERAUTH_FAILURE){
00207 return false;
00208 }
00209
00210 buf.getInt(); buf.getByte(); buf.getByte();
00211 token=buf.getString();
00212 }
00213 }
00214
00215 Buffer mbuf=new Buffer();
00216
00217
00218
00219
00220
00221 mbuf.putString(session.getSessionId());
00222 mbuf.putByte((byte)SSH_MSG_USERAUTH_REQUEST);
00223 mbuf.putString(_username);
00224 mbuf.putString(Util.str2byte("ssh-connection"));
00225 mbuf.putString(Util.str2byte("gssapi-with-mic"));
00226
00227 byte[] mic=context.getMIC(mbuf.buffer, 0, mbuf.getLength());
00228
00229 if(mic==null){
00230 return false;
00231 }
00232
00233 packet.reset();
00234 buf.putByte((byte)SSH_MSG_USERAUTH_GSSAPI_MIC);
00235 buf.putString(mic);
00236 session.write(packet);
00237
00238 context.dispose();
00239
00240 buf=session.read(buf);
00241 command=buf.getCommand()&0xff;
00242
00243 if(command==SSH_MSG_USERAUTH_SUCCESS){
00244 return true;
00245 }
00246 else if(command==SSH_MSG_USERAUTH_FAILURE){
00247 buf.getInt(); buf.getByte(); buf.getByte();
00248 byte[] foo=buf.getString();
00249 int partial_success=buf.getByte();
00250
00251
00252 if(partial_success!=0){
00253 throw new JSchPartialAuthException(Util.byte2str(foo));
00254 }
00255 }
00256 return false;
00257 }
00258 }
00259
00260