/**
* this method is called if a user attempts password authentication
* it determines whether password authentication is possible.
* if it isnt, but keyboard interactive is possible, it authenticates using that instead
*/
private SSHAuthentication checkForPasswordOverKBI(SSHAuthentication auth)
{
bool kbiAuthenticationPossible = false;
for (int i = 0; i < authenticationMethods.Length; i++)
{
if (authenticationMethods[i].Equals("password"))
{
//password authentication is possible so return auth unchanged
return(auth);
}
else
{
if ((authenticationMethods[i].Equals("keyboard-interactive")))
{
//if none of the subsequent methods are password then have option to use kbi instead
kbiAuthenticationPossible = true;
}
}
}
//password is not possible, so attempt kbi
if (kbiAuthenticationPossible)
{
//create KBIAuthentication instance
KBIAuthentication kbi = new KBIAuthentication();
//set the username that the user entered
kbi.Username = ((PasswordAuthentication)auth).Username;
//set request handler, that sets the password the user entered as response to any prompts
KBIRequestHandlerWhenUserUsingPasswordAuthentication handler = new KBIRequestHandlerWhenUserUsingPasswordAuthentication((PasswordAuthentication)auth);
kbi.InteractivePrompt += new ShowAuthenticationPrompts(handler.showPrompts);
return(kbi);
}
//neither password nor kbi is possible so return auth unchanged so that the normal error message is returned
return(auth);
}
/// <summary>
/// Authenticate the user. Once connected call to authenticate the user. When a connection is made
/// no other operations can be performed until the user has been authenticated.
/// </summary>
/// <param name="auth"></param>
/// <returns></returns>
public AuthenticationResult Authenticate(SSHAuthentication auth)
{
VerifyConnection(false);
if (auth.Username == null)
{
auth.Username = username;
}
//if authentication method is Password authentication then check if password is available else attempt kbi if its available
if (auth is PasswordAuthentication || auth is SSH2PasswordAuthentication)
{
auth = checkForPasswordOverKBI(auth);
}
AuthenticationResult result = AuthenticationResult.FAILED;
if ((auth is PasswordAuthentication) &&
!(auth is SSH2PasswordAuthentication))
{
SSH2PasswordAuthentication pwd = new SSH2PasswordAuthentication();
pwd.Username = auth.Username;
pwd.Password = ((PasswordAuthentication)auth).Password;
result = authentication.Authenticate(pwd,
ConnectionProtocol.SERVICE_NAME);
}
else if (auth is SSH2AuthenticationClient)
{
result = authentication.Authenticate((SSH2AuthenticationClient)auth,
ConnectionProtocol.SERVICE_NAME);
}
else if (auth is PublicKeyAuthentication &&
!(auth is SSH2PublicKeyAuthentication))
{
SSH2PublicKeyAuthentication pk = new SSH2PublicKeyAuthentication(((PublicKeyAuthentication)auth).KeyPair);
pk.Username = ((PublicKeyAuthentication)auth).Username;
pk.VerifyOnly = ((PublicKeyAuthentication)auth).VerifyOnly;
result = authentication.Authenticate(pk,
ConnectionProtocol.SERVICE_NAME);
}
else if (auth is SSH2PublicKeyAuthentication)
{
result = authentication.Authenticate((SSH2AuthenticationClient)auth,
ConnectionProtocol.SERVICE_NAME);
}
else
{
throw new SSHException("Invalid authentication client",
SSHException.BAD_API_USAGE);
}
if (result == AuthenticationResult.COMPLETE)
{
FireEvent(SSHState.AUTHENTICATED);
this.auth = auth;
}
return(result);
}
