Ejemplo n.º 1
0
		/// <exception cref="NSch.JSchException"></exception>
		public virtual void Create(string user, string host)
		{
			try
			{
				// RFC 1964
				Oid krb5 = new Oid("1.2.840.113554.1.2.2");
				// Kerberos Principal Name Form
				Oid principalName = new Oid("1.2.840.113554.1.2.2.1");
				GSSManager mgr = GSSManager.GetInstance();
				GSSCredential crd = null;
				string cname = host;
				try
				{
					cname = Sharpen.Extensions.GetAddressByName(cname).ToString();
				}
				catch (UnknownHostException)
				{
				}
				GSSName _host = mgr.CreateName("host/" + cname, principalName);
				context = mgr.CreateContext(_host, krb5, crd, Sharpen.GSSContext.DEFAULT_LIFETIME
					);
				// RFC4462  3.4.  GSS-API Session
				//
				// When calling GSS_Init_sec_context(), the client MUST set
				// integ_req_flag to "true" to request that per-message integrity
				// protection be supported for this context.  In addition,
				// deleg_req_flag MAY be set to "true" to request access delegation, if
				// requested by the user.
				//
				// Since the user authentication process by its nature authenticates
				// only the client, the setting of mutual_req_flag is not needed for
				// this process.  This flag SHOULD be set to "false".
				// TODO: OpenSSH's sshd does accepts 'false' for mutual_req_flag
				//context.requestMutualAuth(false);
				context.RequestMutualAuth(true);
				context.RequestConf(true);
				context.RequestInteg(true);
				// for MIC
				context.RequestCredDeleg(true);
				context.RequestAnonymity(false);
				return;
			}
			catch (GSSException ex)
			{
				throw new JSchException(ex.ToString());
			}
		}
Ejemplo n.º 2
0
 /// <exception cref="NSch.JSchException"></exception>
 public virtual void Create(string user, string host)
 {
     try
     {
         // RFC 1964
         Oid krb5 = new Oid("1.2.840.113554.1.2.2");
         // Kerberos Principal Name Form
         Oid           principalName = new Oid("1.2.840.113554.1.2.2.1");
         GSSManager    mgr           = GSSManager.GetInstance();
         GSSCredential crd           = null;
         string        cname         = host;
         try
         {
             cname = Sharpen.Extensions.GetAddressByName(cname).ToString();
         }
         catch (UnknownHostException)
         {
         }
         GSSName _host = mgr.CreateName("host/" + cname, principalName);
         context = mgr.CreateContext(_host, krb5, crd, Sharpen.GSSContext.DEFAULT_LIFETIME
                                     );
         // RFC4462  3.4.  GSS-API Session
         //
         // When calling GSS_Init_sec_context(), the client MUST set
         // integ_req_flag to "true" to request that per-message integrity
         // protection be supported for this context.  In addition,
         // deleg_req_flag MAY be set to "true" to request access delegation, if
         // requested by the user.
         //
         // Since the user authentication process by its nature authenticates
         // only the client, the setting of mutual_req_flag is not needed for
         // this process.  This flag SHOULD be set to "false".
         // TODO: OpenSSH's sshd does accepts 'false' for mutual_req_flag
         //context.requestMutualAuth(false);
         context.RequestMutualAuth(true);
         context.RequestConf(true);
         context.RequestInteg(true);
         // for MIC
         context.RequestCredDeleg(true);
         context.RequestAnonymity(false);
         return;
     }
     catch (GSSException ex)
     {
         throw new JSchException(ex.ToString());
     }
 }
Ejemplo n.º 3
0
        /// <exception cref="Sharpen.GSSException"></exception>
        protected internal virtual byte[] GenerateGSSToken(byte[] input, Oid oid, string
                                                           authServer)
        {
            byte[] token = input;
            if (token == null)
            {
                token = new byte[0];
            }
            GSSManager manager    = GetManager();
            GSSName    serverName = manager.CreateName("HTTP@" + authServer, GSSName.NtHostbasedService
                                                       );

            Sharpen.GSSContext gssContext = manager.CreateContext(serverName.Canonicalize(oid
                                                                                          ), oid, null, Sharpen.GSSContext.DefaultLifetime);
            gssContext.RequestMutualAuth(true);
            gssContext.RequestCredDeleg(true);
            return(gssContext.InitSecContext(token, 0, token.Length));
        }