// OID 1.2.840.113554.1.2.2 in DER /// <exception cref="System.Exception"></exception> public override bool Start(Session session) { base.Start(session); byte[] _username = Util.Str2byte(username); packet.Reset(); // byte SSH_MSG_USERAUTH_REQUEST(50) // string user name(in ISO-10646 UTF-8 encoding) // string service name(in US-ASCII) // string "gssapi"(US-ASCII) // uint32 n, the number of OIDs client supports // string[n] mechanism OIDS buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); buf.PutString(_username); buf.PutString(Util.Str2byte("ssh-connection")); buf.PutString(Util.Str2byte("gssapi-with-mic")); buf.PutInt(supported_oid.Length); for (int i = 0; i < supported_oid.Length; i++) { buf.PutString(supported_oid[i]); } session.Write(packet); string method = null; int command; while (true) { buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_FAILURE) { return false; } if (command == SSH_MSG_USERAUTH_GSSAPI_RESPONSE) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] message = buf.GetString(); for (int i_1 = 0; i_1 < supported_oid.Length; i_1++) { if (Util.Array_equals(message, supported_oid[i_1])) { method = supported_method[i_1]; break; } } if (method == null) { return false; } break; } // success if (command == SSH_MSG_USERAUTH_BANNER) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] _message = buf.GetString(); byte[] lang = buf.GetString(); string message = Util.Byte2str(_message); if (userinfo != null) { userinfo.ShowMessage(message); } continue; } return false; } NSch.GSSContext context = null; try { Type c = Sharpen.Runtime.GetType(session.GetConfig(method)); context = (NSch.GSSContext)(System.Activator.CreateInstance(c)); } catch (Exception) { return false; } try { context.Create(username, session.host); } catch (JSchException) { return false; } byte[] token = new byte[0]; while (!context.IsEstablished()) { try { token = context.Init(token, 0, token.Length); } catch (JSchException) { // TODO // ERRTOK should be sent? // byte SSH_MSG_USERAUTH_GSSAPI_ERRTOK // string error token return false; } if (token != null) { packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_GSSAPI_TOKEN)); buf.PutString(token); session.Write(packet); } if (!context.IsEstablished()) { buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_GSSAPI_ERROR) { // uint32 major_status // uint32 minor_status // string message // string language tag buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); } else { //return false; if (command == SSH_MSG_USERAUTH_GSSAPI_ERRTOK) { // string error token buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); } } //return false; if (command == SSH_MSG_USERAUTH_FAILURE) { return false; } buf.GetInt(); buf.GetByte(); buf.GetByte(); token = buf.GetString(); } } Buffer mbuf = new Buffer(); // string session identifier // byte SSH_MSG_USERAUTH_REQUEST // string user name // string service // string "gssapi-with-mic" mbuf.PutString(session.GetSessionId()); mbuf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); mbuf.PutString(_username); mbuf.PutString(Util.Str2byte("ssh-connection")); mbuf.PutString(Util.Str2byte("gssapi-with-mic")); byte[] mic = context.GetMIC(mbuf.buffer, 0, mbuf.GetLength()); if (mic == null) { return false; } packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_GSSAPI_MIC)); buf.PutString(mic); session.Write(packet); context.Dispose(); buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_SUCCESS) { return true; } else { if (command == SSH_MSG_USERAUTH_FAILURE) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] foo = buf.GetString(); int partial_success = buf.GetByte(); //System.err.println(new String(foo)+ // " partial_success:"+(partial_success!=0)); if (partial_success != 0) { throw new JSchPartialAuthException(Util.Byte2str(foo)); } } } return false; }
// static int min=512; // static int preferred=1024; // static int max=2000; // com.jcraft.jsch.DH dh; //private byte[] f; /// <exception cref="System.Exception"></exception> public override void Init(Session session, byte[] V_S, byte[] V_C, byte[] I_S, byte [] I_C) { this.session = session; this.V_S = V_S; this.V_C = V_C; this.I_S = I_S; this.I_C = I_C; try { Type c = Sharpen.Runtime.GetType(session.GetConfig("sha-1")); sha = (HASH)(System.Activator.CreateInstance(c)); sha.Init(); } catch (Exception e) { System.Console.Error.WriteLine(e); } buf = new Buffer(); packet = new Packet(buf); try { Type c = Sharpen.Runtime.GetType(session.GetConfig("dh")); dh = (NSch.DH)(System.Activator.CreateInstance(c)); dh.Init(); } catch (Exception e) { // System.err.println(e); throw; } packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_KEX_DH_GEX_REQUEST)); buf.PutInt(min); buf.PutInt(preferred); buf.PutInt(max); session.Write(packet); if (JSch.GetLogger().IsEnabled(Logger.INFO)) { JSch.GetLogger().Log(Logger.INFO, "SSH_MSG_KEX_DH_GEX_REQUEST(" + min + "<" + preferred + "<" + max + ") sent"); JSch.GetLogger().Log(Logger.INFO, "expecting SSH_MSG_KEX_DH_GEX_GROUP"); } state = SSH_MSG_KEX_DH_GEX_GROUP; }
/// <exception cref="System.Exception"></exception> public override void Init(Session session, byte[] V_S, byte[] V_C, byte[] I_S, byte [] I_C) { throw new NotSupportedException (); // The crypto for this method is unusably slow this.session = session; this.V_S = V_S; this.V_C = V_C; this.I_S = I_S; this.I_C = I_C; try { Type c = Sharpen.Runtime.GetType(session.GetConfig("sha-1")); sha = (HASH)(System.Activator.CreateInstance(c)); sha.Init(); } catch (Exception ex) { System.Console.Error.WriteLine(e); } buf = new Buffer(); packet = new Packet(buf); try { Type c = Sharpen.Runtime.GetType(session.GetConfig("dh")); dh = (NSch.DH)(System.Activator.CreateInstance(c)); dh.Init(); } catch (Exception ex) { //System.err.println(e); throw; } dh.SetP(p); dh.SetG(g); // The client responds with: // byte SSH_MSG_KEXDH_INIT(30) // mpint e <- g^x mod p // x is a random number (1 < x < (p-1)/2) e = dh.GetE(); packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_KEXDH_INIT)); buf.PutMPInt(e); if (V_S == null) { // This is a really ugly hack for Session.checkKexes ;-( return; } session.Write(packet); if (JSch.GetLogger().IsEnabled(Logger.INFO)) { JSch.GetLogger().Log(Logger.INFO, "SSH_MSG_KEXDH_INIT sent"); JSch.GetLogger().Log(Logger.INFO, "expecting SSH_MSG_KEXDH_REPLY"); } state = SSH_MSG_KEXDH_REPLY; }