/// <exception cref="System.Exception"></exception> public override bool Start(Session session) { base.Start(session); ArrayList identities = session.jsch.GetIdentityRepository().GetIdentities(); byte[] passphrase = null; byte[] _username = null; int command; lock (identities) { if (identities.Count <= 0) { return false; } _username = Util.Str2byte(username); for (int i = 0; i < identities.Count; i++) { if (session.auth_failures >= session.max_auth_tries) { return false; } Identity identity = (Identity)(identities[i]); byte[] pubkeyblob = identity.GetPublicKeyBlob(); //System.err.println("UserAuthPublicKey: "+identity+" "+pubkeyblob); if (pubkeyblob != null) { // send // byte SSH_MSG_USERAUTH_REQUEST(50) // string user name // string service name ("ssh-connection") // string "publickey" // boolen FALSE // string plaintext password (ISO-10646 UTF-8) packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); buf.PutString(_username); buf.PutString(Util.Str2byte("ssh-connection")); buf.PutString(Util.Str2byte("publickey")); buf.PutByte(unchecked((byte)0)); buf.PutString(Util.Str2byte(identity.GetAlgName())); buf.PutString(pubkeyblob); session.Write(packet); while (true) { buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_PK_OK) { break; } else { if (command == SSH_MSG_USERAUTH_FAILURE) { break; } else { if (command == SSH_MSG_USERAUTH_BANNER) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] _message = buf.GetString(); byte[] lang = buf.GetString(); string message = Util.Byte2str(_message); if (userinfo != null) { userinfo.ShowMessage(message); } goto loop1_continue; } else { //System.err.println("USERAUTH fail ("+command+")"); //throw new JSchException("USERAUTH fail ("+command+")"); break; } } } loop1_continue: ; } loop1_break: ; if (command != SSH_MSG_USERAUTH_PK_OK) { continue; } } //System.err.println("UserAuthPublicKey: identity.isEncrypted()="+identity.isEncrypted()); int count = 5; while (true) { if ((identity.IsEncrypted() && passphrase == null)) { if (userinfo == null) { throw new JSchException("USERAUTH fail"); } if (identity.IsEncrypted() && !userinfo.PromptPassphrase("Passphrase for " + identity .GetName())) { throw new JSchAuthCancelException("publickey"); } //throw new JSchException("USERAUTH cancel"); //break; string _passphrase = userinfo.GetPassphrase(); if (_passphrase != null) { passphrase = Util.Str2byte(_passphrase); } } if (!identity.IsEncrypted() || passphrase != null) { if (identity.SetPassphrase(passphrase)) { break; } else { throw new System.Exception ("Invalid passphrase supplied for the ssh key"); } } Util.Bzero(passphrase); passphrase = null; count--; if (count == 0) { break; } } Util.Bzero(passphrase); passphrase = null; //System.err.println("UserAuthPublicKey: identity.isEncrypted()="+identity.isEncrypted()); if (identity.IsEncrypted()) { continue; } if (pubkeyblob == null) { pubkeyblob = identity.GetPublicKeyBlob(); } //System.err.println("UserAuthPublicKey: pubkeyblob="+pubkeyblob); if (pubkeyblob == null) { continue; } // send // byte SSH_MSG_USERAUTH_REQUEST(50) // string user name // string service name ("ssh-connection") // string "publickey" // boolen TRUE // string plaintext password (ISO-10646 UTF-8) packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); buf.PutString(_username); buf.PutString(Util.Str2byte("ssh-connection")); buf.PutString(Util.Str2byte("publickey")); buf.PutByte(unchecked((byte)1)); buf.PutString(Util.Str2byte(identity.GetAlgName())); buf.PutString(pubkeyblob); // byte[] tmp=new byte[buf.index-5]; // System.arraycopy(buf.buffer, 5, tmp, 0, tmp.length); // buf.putString(signature); byte[] sid = session.GetSessionId(); int sidlen = sid.Length; byte[] tmp = new byte[4 + sidlen + buf.index - 5]; tmp[0] = unchecked((byte)((int)(((uint)sidlen) >> 24))); tmp[1] = unchecked((byte)((int)(((uint)sidlen) >> 16))); tmp[2] = unchecked((byte)((int)(((uint)sidlen) >> 8))); tmp[3] = unchecked((byte)(sidlen)); System.Array.Copy(sid, 0, tmp, 4, sidlen); System.Array.Copy(buf.buffer, 5, tmp, 4 + sidlen, buf.index - 5); byte[] signature = identity.GetSignature(tmp); if (signature == null) { // for example, too long key length. break; } buf.PutString(signature); session.Write(packet); while (true) { buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_SUCCESS) { return true; } else { if (command == SSH_MSG_USERAUTH_BANNER) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] _message = buf.GetString(); byte[] lang = buf.GetString(); string message = Util.Byte2str(_message); if (userinfo != null) { userinfo.ShowMessage(message); } goto loop2_continue; } else { if (command == SSH_MSG_USERAUTH_FAILURE) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] foo = buf.GetString(); int partial_success = buf.GetByte(); //System.err.println(new String(foo)+ // " partial_success:"+(partial_success!=0)); if (partial_success != 0) { throw new JSchPartialAuthException(Util.Byte2str(foo)); } session.auth_failures++; break; } } } //System.err.println("USERAUTH fail ("+command+")"); //throw new JSchException("USERAUTH fail ("+command+")"); break; loop2_continue: ; } loop2_break: ; } } return false; }
/// <exception cref="System.Exception"></exception> public override bool Start(Session session) { base.Start(session); if (userinfo != null && !(userinfo is UIKeyboardInteractive)) { return false; } string dest = username + "@" + session.host; if (session.port != 22) { dest += (":" + session.port); } byte[] password = session.password; bool cancel = false; byte[] _username = null; _username = Util.Str2byte(username); while (true) { // send // byte SSH_MSG_USERAUTH_REQUEST(50) // string user name (ISO-10646 UTF-8, as defined in [RFC-2279]) // string service name (US-ASCII) "ssh-userauth" ? "ssh-connection" // string "keyboard-interactive" (US-ASCII) // string language tag (as defined in [RFC-3066]) // string submethods (ISO-10646 UTF-8) packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); buf.PutString(_username); buf.PutString(Util.Str2byte("ssh-connection")); //buf.putString("ssh-userauth".getBytes()); buf.PutString(Util.Str2byte("keyboard-interactive")); buf.PutString(Util.empty); buf.PutString(Util.empty); session.Write(packet); bool firsttime = true; while (true) { buf = session.Read(buf); int command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_SUCCESS) { return true; } if (command == SSH_MSG_USERAUTH_BANNER) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] _message = buf.GetString(); byte[] lang = buf.GetString(); string message = Util.Byte2str(_message); if (userinfo != null) { userinfo.ShowMessage(message); } goto loop_continue; } if (command == SSH_MSG_USERAUTH_FAILURE) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] foo = buf.GetString(); int partial_success = buf.GetByte(); // System.err.println(new String(foo)+ // " partial_success:"+(partial_success!=0)); if (partial_success != 0) { throw new JSchPartialAuthException(Util.Byte2str(foo)); } if (firsttime) { return false; } //throw new JSchException("USERAUTH KI is not supported"); //cancel=true; // ?? break; } if (command == SSH_MSG_USERAUTH_INFO_REQUEST) { firsttime = false; buf.GetInt(); buf.GetByte(); buf.GetByte(); string name = Util.Byte2str(buf.GetString()); string instruction = Util.Byte2str(buf.GetString()); string languate_tag = Util.Byte2str(buf.GetString()); int num = buf.GetInt(); string[] prompt = new string[num]; bool[] echo = new bool[num]; for (int i = 0; i < num; i++) { prompt[i] = Util.Byte2str(buf.GetString()); echo[i] = (buf.GetByte() != 0); } byte[][] response = null; if (password != null && prompt.Length == 1 && !echo[0] && prompt[0].ToLower().StartsWith ("password:"******"USERAUTH fail ("+command+")"); return false; loop_continue: ; } loop_break: ; if (cancel) { throw new JSchAuthCancelException("keyboard-interactive"); } } }
/// <exception cref="System.Exception"></exception> public override bool Start(Session session) { base.Start(session); byte[] password = session.password; string dest = username + "@" + session.host; if (session.port != 22) { dest += (":" + session.port); } try { while (true) { if (session.auth_failures >= session.max_auth_tries) { return false; } if (password == null) { if (userinfo == null) { //throw new JSchException("USERAUTH fail"); return false; } if (!userinfo.PromptPassword("Password for " + dest)) { throw new JSchAuthCancelException("password"); } //break; string _password = userinfo.GetPassword(); if (_password == null) { throw new JSchAuthCancelException("password"); } //break; password = Util.Str2byte(_password); } byte[] _username = null; _username = Util.Str2byte(username); // send // byte SSH_MSG_USERAUTH_REQUEST(50) // string user name // string service name ("ssh-connection") // string "password" // boolen FALSE // string plaintext password (ISO-10646 UTF-8) packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); buf.PutString(_username); buf.PutString(Util.Str2byte("ssh-connection")); buf.PutString(Util.Str2byte("password")); buf.PutByte(unchecked((byte)0)); buf.PutString(password); session.Write(packet); while (true) { buf = session.Read(buf); int command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_SUCCESS) { return true; } if (command == SSH_MSG_USERAUTH_BANNER) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] _message = buf.GetString(); byte[] lang = buf.GetString(); string message = Util.Byte2str(_message); if (userinfo != null) { userinfo.ShowMessage(message); } goto loop_continue; } if (command == SSH_MSG_USERAUTH_PASSWD_CHANGEREQ) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] instruction = buf.GetString(); byte[] tag = buf.GetString(); if (userinfo == null || !(userinfo is UIKeyboardInteractive)) { if (userinfo != null) { userinfo.ShowMessage("Password must be changed."); } return false; } UIKeyboardInteractive kbi = (UIKeyboardInteractive)userinfo; string[] response; string name = "Password Change Required"; string[] prompt = new string[] { "New Password: "******"password"); } byte[] newpassword = Util.Str2byte(response[0]); // send // byte SSH_MSG_USERAUTH_REQUEST(50) // string user name // string service name ("ssh-connection") // string "password" // boolen TRUE // string plaintext old password (ISO-10646 UTF-8) // string plaintext new password (ISO-10646 UTF-8) packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); buf.PutString(_username); buf.PutString(Util.Str2byte("ssh-connection")); buf.PutString(Util.Str2byte("password")); buf.PutByte(unchecked((byte)1)); buf.PutString(password); buf.PutString(newpassword); Util.Bzero(newpassword); response = null; session.Write(packet); goto loop_continue; } if (command == SSH_MSG_USERAUTH_FAILURE) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] foo = buf.GetString(); int partial_success = buf.GetByte(); //System.err.println(new String(foo)+ // " partial_success:"+(partial_success!=0)); if (partial_success != 0) { throw new JSchPartialAuthException(Util.Byte2str(foo)); } session.auth_failures++; break; } else { //System.err.println("USERAUTH fail ("+buf.getCommand()+")"); // throw new JSchException("USERAUTH fail ("+buf.getCommand()+")"); return false; } loop_continue: ; } loop_break: ; if (password != null) { Util.Bzero(password); password = null; } } } finally { if (password != null) { Util.Bzero(password); password = null; } } }
// static int min=512; // static int preferred=1024; // static int max=2000; // com.jcraft.jsch.DH dh; //private byte[] f; /// <exception cref="System.Exception"></exception> public override void Init(Session session, byte[] V_S, byte[] V_C, byte[] I_S, byte [] I_C) { this.session = session; this.V_S = V_S; this.V_C = V_C; this.I_S = I_S; this.I_C = I_C; try { Type c = Sharpen.Runtime.GetType(session.GetConfig("sha-1")); sha = (HASH)(System.Activator.CreateInstance(c)); sha.Init(); } catch (Exception e) { System.Console.Error.WriteLine(e); } buf = new Buffer(); packet = new Packet(buf); try { Type c = Sharpen.Runtime.GetType(session.GetConfig("dh")); dh = (NSch.DH)(System.Activator.CreateInstance(c)); dh.Init(); } catch (Exception e) { // System.err.println(e); throw; } packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_KEX_DH_GEX_REQUEST)); buf.PutInt(min); buf.PutInt(preferred); buf.PutInt(max); session.Write(packet); if (JSch.GetLogger().IsEnabled(Logger.INFO)) { JSch.GetLogger().Log(Logger.INFO, "SSH_MSG_KEX_DH_GEX_REQUEST(" + min + "<" + preferred + "<" + max + ") sent"); JSch.GetLogger().Log(Logger.INFO, "expecting SSH_MSG_KEX_DH_GEX_GROUP"); } state = SSH_MSG_KEX_DH_GEX_GROUP; }
// OID 1.2.840.113554.1.2.2 in DER /// <exception cref="System.Exception"></exception> public override bool Start(Session session) { base.Start(session); byte[] _username = Util.Str2byte(username); packet.Reset(); // byte SSH_MSG_USERAUTH_REQUEST(50) // string user name(in ISO-10646 UTF-8 encoding) // string service name(in US-ASCII) // string "gssapi"(US-ASCII) // uint32 n, the number of OIDs client supports // string[n] mechanism OIDS buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); buf.PutString(_username); buf.PutString(Util.Str2byte("ssh-connection")); buf.PutString(Util.Str2byte("gssapi-with-mic")); buf.PutInt(supported_oid.Length); for (int i = 0; i < supported_oid.Length; i++) { buf.PutString(supported_oid[i]); } session.Write(packet); string method = null; int command; while (true) { buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_FAILURE) { return false; } if (command == SSH_MSG_USERAUTH_GSSAPI_RESPONSE) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] message = buf.GetString(); for (int i_1 = 0; i_1 < supported_oid.Length; i_1++) { if (Util.Array_equals(message, supported_oid[i_1])) { method = supported_method[i_1]; break; } } if (method == null) { return false; } break; } // success if (command == SSH_MSG_USERAUTH_BANNER) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] _message = buf.GetString(); byte[] lang = buf.GetString(); string message = Util.Byte2str(_message); if (userinfo != null) { userinfo.ShowMessage(message); } continue; } return false; } NSch.GSSContext context = null; try { Type c = Sharpen.Runtime.GetType(session.GetConfig(method)); context = (NSch.GSSContext)(System.Activator.CreateInstance(c)); } catch (Exception) { return false; } try { context.Create(username, session.host); } catch (JSchException) { return false; } byte[] token = new byte[0]; while (!context.IsEstablished()) { try { token = context.Init(token, 0, token.Length); } catch (JSchException) { // TODO // ERRTOK should be sent? // byte SSH_MSG_USERAUTH_GSSAPI_ERRTOK // string error token return false; } if (token != null) { packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_GSSAPI_TOKEN)); buf.PutString(token); session.Write(packet); } if (!context.IsEstablished()) { buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_GSSAPI_ERROR) { // uint32 major_status // uint32 minor_status // string message // string language tag buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); } else { //return false; if (command == SSH_MSG_USERAUTH_GSSAPI_ERRTOK) { // string error token buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); } } //return false; if (command == SSH_MSG_USERAUTH_FAILURE) { return false; } buf.GetInt(); buf.GetByte(); buf.GetByte(); token = buf.GetString(); } } Buffer mbuf = new Buffer(); // string session identifier // byte SSH_MSG_USERAUTH_REQUEST // string user name // string service // string "gssapi-with-mic" mbuf.PutString(session.GetSessionId()); mbuf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); mbuf.PutString(_username); mbuf.PutString(Util.Str2byte("ssh-connection")); mbuf.PutString(Util.Str2byte("gssapi-with-mic")); byte[] mic = context.GetMIC(mbuf.buffer, 0, mbuf.GetLength()); if (mic == null) { return false; } packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_GSSAPI_MIC)); buf.PutString(mic); session.Write(packet); context.Dispose(); buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_SUCCESS) { return true; } else { if (command == SSH_MSG_USERAUTH_FAILURE) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] foo = buf.GetString(); int partial_success = buf.GetByte(); //System.err.println(new String(foo)+ // " partial_success:"+(partial_success!=0)); if (partial_success != 0) { throw new JSchPartialAuthException(Util.Byte2str(foo)); } } } return false; }
/// <exception cref="System.Exception"></exception> public override bool Start(Session session) { base.Start(session); // send // byte SSH_MSG_SERVICE_REQUEST(5) // string service name "ssh-userauth" packet.Reset(); buf.PutByte(unchecked((byte)Session.SSH_MSG_SERVICE_REQUEST)); buf.PutString(Util.Str2byte("ssh-userauth")); session.Write(packet); if (JSch.GetLogger().IsEnabled(Logger.INFO)) { JSch.GetLogger().Log(Logger.INFO, "SSH_MSG_SERVICE_REQUEST sent"); } // receive // byte SSH_MSG_SERVICE_ACCEPT(6) // string service name buf = session.Read(buf); int command = buf.GetCommand(); bool result = (command == SSH_MSG_SERVICE_ACCEPT); if (JSch.GetLogger().IsEnabled(Logger.INFO)) { JSch.GetLogger().Log(Logger.INFO, "SSH_MSG_SERVICE_ACCEPT received"); } if (!result) { return false; } byte[] _username = null; _username = Util.Str2byte(username); // send // byte SSH_MSG_USERAUTH_REQUEST(50) // string user name // string service name ("ssh-connection") // string "none" packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_USERAUTH_REQUEST)); buf.PutString(_username); buf.PutString(Util.Str2byte("ssh-connection")); buf.PutString(Util.Str2byte("none")); session.Write(packet); while (true) { buf = session.Read(buf); command = buf.GetCommand() & unchecked((int)(0xff)); if (command == SSH_MSG_USERAUTH_SUCCESS) { return true; } if (command == SSH_MSG_USERAUTH_BANNER) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] _message = buf.GetString(); byte[] lang = buf.GetString(); string message = Util.Byte2str(_message); if (userinfo != null) { try { userinfo.ShowMessage(message); } catch (RuntimeException) { } } goto loop_continue; } if (command == SSH_MSG_USERAUTH_FAILURE) { buf.GetInt(); buf.GetByte(); buf.GetByte(); byte[] foo = buf.GetString(); int partial_success = buf.GetByte(); methods = Util.Byte2str(foo); //System.err.println("UserAuthNONE: "+methods+ // " partial_success:"+(partial_success!=0)); // if(partial_success!=0){ // throw new JSchPartialAuthException(new String(foo)); // } break; } else { // System.err.println("USERAUTH fail ("+command+")"); throw new JSchException("USERAUTH fail (" + command + ")"); } loop_continue: ; } loop_break: ; //throw new JSchException("USERAUTH fail"); return false; }
/// <exception cref="System.Exception"></exception> public override void Init(Session session, byte[] V_S, byte[] V_C, byte[] I_S, byte [] I_C) { throw new NotSupportedException (); // The crypto for this method is unusably slow this.session = session; this.V_S = V_S; this.V_C = V_C; this.I_S = I_S; this.I_C = I_C; try { Type c = Sharpen.Runtime.GetType(session.GetConfig("sha-1")); sha = (HASH)(System.Activator.CreateInstance(c)); sha.Init(); } catch (Exception ex) { System.Console.Error.WriteLine(e); } buf = new Buffer(); packet = new Packet(buf); try { Type c = Sharpen.Runtime.GetType(session.GetConfig("dh")); dh = (NSch.DH)(System.Activator.CreateInstance(c)); dh.Init(); } catch (Exception ex) { //System.err.println(e); throw; } dh.SetP(p); dh.SetG(g); // The client responds with: // byte SSH_MSG_KEXDH_INIT(30) // mpint e <- g^x mod p // x is a random number (1 < x < (p-1)/2) e = dh.GetE(); packet.Reset(); buf.PutByte(unchecked((byte)SSH_MSG_KEXDH_INIT)); buf.PutMPInt(e); if (V_S == null) { // This is a really ugly hack for Session.checkKexes ;-( return; } session.Write(packet); if (JSch.GetLogger().IsEnabled(Logger.INFO)) { JSch.GetLogger().Log(Logger.INFO, "SSH_MSG_KEXDH_INIT sent"); JSch.GetLogger().Log(Logger.INFO, "expecting SSH_MSG_KEXDH_REPLY"); } state = SSH_MSG_KEXDH_REPLY; }
internal static void DelPort(Session session, string address_to_bind, int rport) { lock (pool) { object[] foo = null; for (int i = 0; i < pool.Count; i++) { object[] bar = (object[])(pool[i]); if (bar[0] != session) { continue; } if (((int)bar[1]) != rport) { continue; } foo = bar; break; } if (foo == null) { return; } pool.RemoveElement(foo); if (address_to_bind == null) { address_to_bind = (string)foo[4]; } if (address_to_bind == null) { address_to_bind = "0.0.0.0"; } } Buffer buf = new Buffer(100); // ?? Packet packet = new Packet(buf); try { // byte SSH_MSG_GLOBAL_REQUEST 80 // string "cancel-tcpip-forward" // boolean want_reply // string address_to_bind (e.g. "127.0.0.1") // uint32 port number to bind packet.Reset(); buf.PutByte(unchecked((byte)80)); buf.PutString(Util.Str2byte("cancel-tcpip-forward")); buf.PutByte(unchecked((byte)0)); buf.PutString(Util.Str2byte(address_to_bind)); buf.PutInt(rport); session.Write(packet); } catch (Exception) { } }