/// <exception cref="System.Exception"></exception> public override bool Start(Session session) { base.Start(session); ArrayList identities = session.jsch.GetIdentityRepository().GetIdentities(); byte[] passphrase = null; byte[] _username = null; int command; lock (identities) { if (identities.Count <= 0) { return false; } _username = Util.Str2byte(username); for (int i = 0; i < identities.Count; i++) { if (session.auth_failures >= session.max_auth_tries) { return false; } Identity identity = (Identity)(identities[i]); byte[] pubkeyblob = identity.GetPublicKeyBlob(); //System.err.println("UserAuthPublicKey: "+identity+" "+pubkeyblob); if (pubkeyblob != null) { // send // byte SSH_MSG_USERAUTH_REQUEST(50) // string user name // string service name ("ssh-connection") // string "publickey" // boolen FALSE // string plaintext password (ISO-10646 UTF-8) packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); buf.PutString(_username); buf.PutString(Util.Str2byte("ssh-connection")); buf.PutString(Util.Str2byte("publickey")); buf.PutByte(unchecked((byte)0)); buf.PutString(Util.Str2byte(identity.GetAlgName())); buf.PutString(pubkeyblob); session.Write(packet); while (true) { buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_PK_OK) { break; } else { if (command == SSH_MSG_USERAUTH_FAILURE) { break; } else { if (command == SSH_MSG_USERAUTH_BANNER) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] _message = buf.GetString(); byte[] lang = buf.GetString(); string message = Util.Byte2str(_message); if (userinfo != null) { userinfo.ShowMessage(message); } goto loop1_continue; } else { //System.err.println("USERAUTH fail ("+command+")"); //throw new JSchException("USERAUTH fail ("+command+")"); break; } } } loop1_continue: ; } loop1_break: ; if (command != SSH_MSG_USERAUTH_PK_OK) { continue; } } //System.err.println("UserAuthPublicKey: identity.isEncrypted()="+identity.isEncrypted()); int count = 5; while (true) { if ((identity.IsEncrypted() && passphrase == null)) { if (userinfo == null) { throw new JSchException("USERAUTH fail"); } if (identity.IsEncrypted() && !userinfo.PromptPassphrase("Passphrase for " + identity .GetName())) { throw new JSchAuthCancelException("publickey"); } //throw new JSchException("USERAUTH cancel"); //break; string _passphrase = userinfo.GetPassphrase(); if (_passphrase != null) { passphrase = Util.Str2byte(_passphrase); } } if (!identity.IsEncrypted() || passphrase != null) { if (identity.SetPassphrase(passphrase)) { break; } else { throw new System.Exception ("Invalid passphrase supplied for the ssh key"); } } Util.Bzero(passphrase); passphrase = null; count--; if (count == 0) { break; } } Util.Bzero(passphrase); passphrase = null; //System.err.println("UserAuthPublicKey: identity.isEncrypted()="+identity.isEncrypted()); if (identity.IsEncrypted()) { continue; } if (pubkeyblob == null) { pubkeyblob = identity.GetPublicKeyBlob(); } //System.err.println("UserAuthPublicKey: pubkeyblob="+pubkeyblob); if (pubkeyblob == null) { continue; } // send // byte SSH_MSG_USERAUTH_REQUEST(50) // string user name // string service name ("ssh-connection") // string "publickey" // boolen TRUE // string plaintext password (ISO-10646 UTF-8) packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); buf.PutString(_username); buf.PutString(Util.Str2byte("ssh-connection")); buf.PutString(Util.Str2byte("publickey")); buf.PutByte(unchecked((byte)1)); buf.PutString(Util.Str2byte(identity.GetAlgName())); buf.PutString(pubkeyblob); // byte[] tmp=new byte[buf.index-5]; // System.arraycopy(buf.buffer, 5, tmp, 0, tmp.length); // buf.putString(signature); byte[] sid = session.GetSessionId(); int sidlen = sid.Length; byte[] tmp = new byte[4 + sidlen + buf.index - 5]; tmp[0] = unchecked((byte)((int)(((uint)sidlen) >> 24))); tmp[1] = unchecked((byte)((int)(((uint)sidlen) >> 16))); tmp[2] = unchecked((byte)((int)(((uint)sidlen) >> 8))); tmp[3] = unchecked((byte)(sidlen)); System.Array.Copy(sid, 0, tmp, 4, sidlen); System.Array.Copy(buf.buffer, 5, tmp, 4 + sidlen, buf.index - 5); byte[] signature = identity.GetSignature(tmp); if (signature == null) { // for example, too long key length. break; } buf.PutString(signature); session.Write(packet); while (true) { buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_SUCCESS) { return true; } else { if (command == SSH_MSG_USERAUTH_BANNER) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] _message = buf.GetString(); byte[] lang = buf.GetString(); string message = Util.Byte2str(_message); if (userinfo != null) { userinfo.ShowMessage(message); } goto loop2_continue; } else { if (command == SSH_MSG_USERAUTH_FAILURE) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] foo = buf.GetString(); int partial_success = buf.GetByte(); //System.err.println(new String(foo)+ // " partial_success:"+(partial_success!=0)); if (partial_success != 0) { throw new JSchPartialAuthException(Util.Byte2str(foo)); } session.auth_failures++; break; } } } //System.err.println("USERAUTH fail ("+command+")"); //throw new JSchException("USERAUTH fail ("+command+")"); break; loop2_continue: ; } loop2_break: ; } } return false; }
// OID 1.2.840.113554.1.2.2 in DER /// <exception cref="System.Exception"></exception> public override bool Start(Session session) { base.Start(session); byte[] _username = Util.Str2byte(username); packet.Reset(); // byte SSH_MSG_USERAUTH_REQUEST(50) // string user name(in ISO-10646 UTF-8 encoding) // string service name(in US-ASCII) // string "gssapi"(US-ASCII) // uint32 n, the number of OIDs client supports // string[n] mechanism OIDS buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); buf.PutString(_username); buf.PutString(Util.Str2byte("ssh-connection")); buf.PutString(Util.Str2byte("gssapi-with-mic")); buf.PutInt(supported_oid.Length); for (int i = 0; i < supported_oid.Length; i++) { buf.PutString(supported_oid[i]); } session.Write(packet); string method = null; int command; while (true) { buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_FAILURE) { return false; } if (command == SSH_MSG_USERAUTH_GSSAPI_RESPONSE) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] message = buf.GetString(); for (int i_1 = 0; i_1 < supported_oid.Length; i_1++) { if (Util.Array_equals(message, supported_oid[i_1])) { method = supported_method[i_1]; break; } } if (method == null) { return false; } break; } // success if (command == SSH_MSG_USERAUTH_BANNER) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] _message = buf.GetString(); byte[] lang = buf.GetString(); string message = Util.Byte2str(_message); if (userinfo != null) { userinfo.ShowMessage(message); } continue; } return false; } NSch.GSSContext context = null; try { Type c = Sharpen.Runtime.GetType(session.GetConfig(method)); context = (NSch.GSSContext)(System.Activator.CreateInstance(c)); } catch (Exception) { return false; } try { context.Create(username, session.host); } catch (JSchException) { return false; } byte[] token = new byte[0]; while (!context.IsEstablished()) { try { token = context.Init(token, 0, token.Length); } catch (JSchException) { // TODO // ERRTOK should be sent? // byte SSH_MSG_USERAUTH_GSSAPI_ERRTOK // string error token return false; } if (token != null) { packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_GSSAPI_TOKEN)); buf.PutString(token); session.Write(packet); } if (!context.IsEstablished()) { buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_GSSAPI_ERROR) { // uint32 major_status // uint32 minor_status // string message // string language tag buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); } else { //return false; if (command == SSH_MSG_USERAUTH_GSSAPI_ERRTOK) { // string error token buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); } } //return false; if (command == SSH_MSG_USERAUTH_FAILURE) { return false; } buf.GetInt(); buf.GetByte(); buf.GetByte(); token = buf.GetString(); } } Buffer mbuf = new Buffer(); // string session identifier // byte SSH_MSG_USERAUTH_REQUEST // string user name // string service // string "gssapi-with-mic" mbuf.PutString(session.GetSessionId()); mbuf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); mbuf.PutString(_username); mbuf.PutString(Util.Str2byte("ssh-connection")); mbuf.PutString(Util.Str2byte("gssapi-with-mic")); byte[] mic = context.GetMIC(mbuf.buffer, 0, mbuf.GetLength()); if (mic == null) { return false; } packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_GSSAPI_MIC)); buf.PutString(mic); session.Write(packet); context.Dispose(); buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_SUCCESS) { return true; } else { if (command == SSH_MSG_USERAUTH_FAILURE) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] foo = buf.GetString(); int partial_success = buf.GetByte(); //System.err.println(new String(foo)+ // " partial_success:"+(partial_success!=0)); if (partial_success != 0) { throw new JSchPartialAuthException(Util.Byte2str(foo)); } } } return false; }