/// <exception cref="System.Exception"/>
public string Call()
{
GSSManager gssManager = GSSManager.GetInstance();
GSSContext gssContext = null;
try
{
string servicePrincipal = KerberosTestUtils.GetServerPrincipal();
Oid oid = KerberosUtil.GetOidInstance("NT_GSS_KRB5_PRINCIPAL");
GSSName serviceName = gssManager.CreateName(servicePrincipal, oid);
oid = KerberosUtil.GetOidInstance("GSS_KRB5_MECH_OID");
gssContext = gssManager.CreateContext(serviceName, oid, null, GSSContext.
DefaultLifetime);
gssContext.RequestCredDeleg(true);
gssContext.RequestMutualAuth(true);
byte[] inToken = new byte[0];
byte[] outToken = gssContext.InitSecContext(inToken, 0, inToken.Length);
Base64 base64 = new Base64(0);
return(base64.EncodeToString(outToken));
}
finally
{
if (gssContext != null)
{
gssContext.Dispose();
}
}
}
/// <exception cref="NSch.JSchException"></exception>
public virtual void Create(string user, string host)
{
try
{
// RFC 1964
Oid krb5 = new Oid("1.2.840.113554.1.2.2");
// Kerberos Principal Name Form
Oid principalName = new Oid("1.2.840.113554.1.2.2.1");
GSSManager mgr = GSSManager.GetInstance();
GSSCredential crd = null;
string cname = host;
try
{
cname = Sharpen.Extensions.GetAddressByName(cname).ToString();
}
catch (UnknownHostException)
{
}
GSSName _host = mgr.CreateName("host/" + cname, principalName);
context = mgr.CreateContext(_host, krb5, crd, Sharpen.GSSContext.DEFAULT_LIFETIME
);
// RFC4462 3.4. GSS-API Session
//
// When calling GSS_Init_sec_context(), the client MUST set
// integ_req_flag to "true" to request that per-message integrity
// protection be supported for this context. In addition,
// deleg_req_flag MAY be set to "true" to request access delegation, if
// requested by the user.
//
// Since the user authentication process by its nature authenticates
// only the client, the setting of mutual_req_flag is not needed for
// this process. This flag SHOULD be set to "false".
// TODO: OpenSSH's sshd does accepts 'false' for mutual_req_flag
//context.requestMutualAuth(false);
context.RequestMutualAuth(true);
context.RequestConf(true);
context.RequestInteg(true);
// for MIC
context.RequestCredDeleg(true);
context.RequestAnonymity(false);
return;
}
catch (GSSException ex)
{
throw new JSchException(ex.ToString());
}
}
/// <exception cref="System.Exception"/>
public Void Run()
{
GSSContext gssContext = null;
try
{
GSSManager gssManager = GSSManager.GetInstance();
string servicePrincipal = KerberosUtil.GetServicePrincipal("HTTP", this._enclosing
.url.GetHost());
Oid oid = KerberosUtil.GetOidInstance("NT_GSS_KRB5_PRINCIPAL");
GSSName serviceName = gssManager.CreateName(servicePrincipal, oid);
oid = KerberosUtil.GetOidInstance("GSS_KRB5_MECH_OID");
gssContext = gssManager.CreateContext(serviceName, oid, null, GSSContext.
DefaultLifetime);
gssContext.RequestCredDeleg(true);
gssContext.RequestMutualAuth(true);
byte[] inToken = new byte[0];
byte[] outToken;
bool established = false;
while (!established)
{
outToken = gssContext.InitSecContext(inToken, 0, inToken.Length);
if (outToken != null)
{
this._enclosing.SendToken(outToken);
}
if (!gssContext.IsEstablished())
{
inToken = this._enclosing.ReadToken();
}
else
{
established = true;
}
}
}
finally
{
if (gssContext != null)
{
gssContext.Dispose();
gssContext = null;
}
}
return(null);
}
/// <exception cref="Sharpen.GSSException"></exception>
protected internal virtual byte[] GenerateGSSToken(byte[] input, Oid oid, string
authServer)
{
byte[] token = input;
if (token == null)
{
token = new byte[0];
}
GSSManager manager = GetManager();
GSSName serverName = manager.CreateName("HTTP@" + authServer, GSSName.NtHostbasedService
);
Sharpen.GSSContext gssContext = manager.CreateContext(serverName.Canonicalize(oid
), oid, null, Sharpen.GSSContext.DefaultLifetime);
gssContext.RequestMutualAuth(true);
gssContext.RequestCredDeleg(true);
return(gssContext.InitSecContext(token, 0, token.Length));
}
public object run()
{
try
{
Oid krb5Oid = new Oid(_mech);
GSSManager manager = GSSManager.getInstance();
GSSName clientName =
manager.createName(_clientName, GSSName__Finals.NT_USER_NAME);
GSSCredential clientCreds =
manager.createCredential(clientName,
GSSContext__Finals.INDEFINITE_LIFETIME,
krb5Oid,
GSSCredential__Finals.INITIATE_ONLY);
// try {
GSSName serverName = manager.createName(_name, GSSName__Finals.NT_HOSTBASED_SERVICE, krb5Oid);
GSSContext context = manager.createContext(serverName, krb5Oid, clientCreds, GSSContext__Finals.INDEFINITE_LIFETIME);
context.requestMutualAuth(true);
context.requestConf(_encryption);
if (!_encryption || _signing)
{
context.requestInteg(!_encryption || _signing);
}
context.requestCredDeleg(_delegation);
return(context);
// }
// finally {
// // Calling this throws GSSException: Operation unavailable...
// clientCreds.dispose();
// }
}
catch (GSSException e)
{
throw new PrivilegedActionException(e);
}
}
