/// <exception cref="NSch.JSchException"></exception>
public virtual void Create(string user, string host)
{
try
{
// RFC 1964
Oid krb5 = new Oid("1.2.840.113554.1.2.2");
// Kerberos Principal Name Form
Oid principalName = new Oid("1.2.840.113554.1.2.2.1");
GSSManager mgr = GSSManager.GetInstance();
GSSCredential crd = null;
string cname = host;
try
{
cname = Sharpen.Extensions.GetAddressByName(cname).ToString();
}
catch (UnknownHostException)
{
}
GSSName _host = mgr.CreateName("host/" + cname, principalName);
context = mgr.CreateContext(_host, krb5, crd, Sharpen.GSSContext.DEFAULT_LIFETIME
);
// RFC4462 3.4. GSS-API Session
//
// When calling GSS_Init_sec_context(), the client MUST set
// integ_req_flag to "true" to request that per-message integrity
// protection be supported for this context. In addition,
// deleg_req_flag MAY be set to "true" to request access delegation, if
// requested by the user.
//
// Since the user authentication process by its nature authenticates
// only the client, the setting of mutual_req_flag is not needed for
// this process. This flag SHOULD be set to "false".
// TODO: OpenSSH's sshd does accepts 'false' for mutual_req_flag
//context.requestMutualAuth(false);
context.RequestMutualAuth(true);
context.RequestConf(true);
context.RequestInteg(true);
// for MIC
context.RequestCredDeleg(true);
context.RequestAnonymity(false);
return;
}
catch (GSSException ex)
{
throw new JSchException(ex.ToString());
}
}
/// <exception cref="NSch.JSchException"></exception>
public virtual void Create(string user, string host)
{
try
{
// RFC 1964
Oid krb5 = new Oid("1.2.840.113554.1.2.2");
// Kerberos Principal Name Form
Oid principalName = new Oid("1.2.840.113554.1.2.2.1");
GSSManager mgr = GSSManager.GetInstance();
GSSCredential crd = null;
string cname = host;
try
{
cname = Sharpen.Extensions.GetAddressByName(cname).ToString();
}
catch (UnknownHostException)
{
}
GSSName _host = mgr.CreateName("host/" + cname, principalName);
context = mgr.CreateContext(_host, krb5, crd, Sharpen.GSSContext.DEFAULT_LIFETIME
);
// RFC4462 3.4. GSS-API Session
//
// When calling GSS_Init_sec_context(), the client MUST set
// integ_req_flag to "true" to request that per-message integrity
// protection be supported for this context. In addition,
// deleg_req_flag MAY be set to "true" to request access delegation, if
// requested by the user.
//
// Since the user authentication process by its nature authenticates
// only the client, the setting of mutual_req_flag is not needed for
// this process. This flag SHOULD be set to "false".
// TODO: OpenSSH's sshd does accepts 'false' for mutual_req_flag
//context.requestMutualAuth(false);
context.RequestMutualAuth(true);
context.RequestConf(true);
context.RequestInteg(true);
// for MIC
context.RequestCredDeleg(true);
context.RequestAnonymity(false);
return;
}
catch (GSSException ex)
{
throw new JSchException(ex.ToString());
}
}
/// <exception cref="Sharpen.GSSException"></exception>
protected internal virtual byte[] GenerateGSSToken(byte[] input, Oid oid, string
authServer)
{
byte[] token = input;
if (token == null)
{
token = new byte[0];
}
GSSManager manager = GetManager();
GSSName serverName = manager.CreateName("HTTP@" + authServer, GSSName.NtHostbasedService
);
Sharpen.GSSContext gssContext = manager.CreateContext(serverName.Canonicalize(oid
), oid, null, Sharpen.GSSContext.DefaultLifetime);
gssContext.RequestMutualAuth(true);
gssContext.RequestCredDeleg(true);
return(gssContext.InitSecContext(token, 0, token.Length));
}
