/**
* @param bar
* @throws InvalidMessageException
*/
protected void constructMessage(ByteArrayReader bar) throws InvalidMessageException {
try {
hostKey = bar.readBinaryString();
f = bar.readBigInteger();
signature = bar.readBinaryString();
} catch (IOException ioe) {
throw new InvalidMessageException("Error reading message data: " + ioe.getMessage());
}
}
/**
* @param bar
* @throws InvalidMessageException
*/
protected void constructMessage(ByteArrayReader bar) throws InvalidMessageException {
try {
if (bar.available() > 0) {
requestData = new byte[bar.available()];
bar.read(requestData);
}
} catch (IOException ioe) {
throw new InvalidMessageException("Invalid message data");
}
}
public void testReadInt() {
byte[] data = {0x01, 0x01, 0x01, 0x01};
ByteArrayReader reader = new ByteArrayReader(data);
try {
assertEquals("failed to retrieve integer.", 16843009, reader.readInt());
} catch (IOException e) {
e.printStackTrace();
fail("failed to retrieve integer.");
}
}
/**
* @param authentication
* @param msg
* @return
* @throws IOException
*/
public int authenticate(AuthenticationProtocolServer authentication, SshMsgUserAuthRequest msg)
throws IOException {
NativeAuthenticationProvider authImpl = NativeAuthenticationProvider.getInstance();
if (authImpl == null) {
log.error("Cannot perfrom authentication witout native authentication provider");
return AuthenticationProtocolState.FAILED;
}
ByteArrayReader bar = new ByteArrayReader(msg.getRequestData());
boolean changepwd = ((bar.read() == 0) ? false : true);
String password = bar.readString();
String newpassword = null;
if (changepwd) {
newpassword = bar.readString();
try {
if (!authImpl.changePassword(msg.getUsername(), password, newpassword)) {
return AuthenticationProtocolState.FAILED;
}
if (authImpl.logonUser(msg.getUsername(), newpassword)) {
return AuthenticationProtocolState.COMPLETE;
} else {
return AuthenticationProtocolState.FAILED;
}
} catch (PasswordChangeException ex1) {
return AuthenticationProtocolState.FAILED;
}
} else {
try {
if (authImpl.logonUser(msg.getUsername(), password)) {
log.info(msg.getUsername() + " has passed password authentication");
return AuthenticationProtocolState.COMPLETE;
} else {
log.info(msg.getUsername() + " has failed password authentication");
return AuthenticationProtocolState.FAILED;
}
} catch (PasswordChangeException ex) {
SshMsgUserAuthPwdChangeReq reply =
new SshMsgUserAuthPwdChangeReq(
msg.getUsername() + " is required to change password", "");
authentication.sendMessage(reply);
return AuthenticationProtocolState.READY;
}
}
}
/**
* @param bar
* @throws InvalidMessageException
*/
protected void constructMessage(ByteArrayReader bar) throws InvalidMessageException {
try {
cookie = new byte[16];
bar.read(cookie);
supportedKex = loadListFromString(bar.readString());
supportedPK = loadListFromString(bar.readString());
supportedEncryptCS = loadListFromString(bar.readString());
supportedEncryptSC = loadListFromString(bar.readString());
supportedMacCS = loadListFromString(bar.readString());
supportedMacSC = loadListFromString(bar.readString());
supportedCompCS = loadListFromString(bar.readString());
supportedCompSC = loadListFromString(bar.readString());
supportedLangCS = loadListFromString(bar.readString());
supportedLangSC = loadListFromString(bar.readString());
firstKexFollows = (bar.read() == 0) ? false : true;
} catch (IOException ioe) {
throw new InvalidMessageException("Error reading message data: " + ioe.getMessage());
}
}
/**
* @param bar
* @throws java.io.IOException
* @throws com.sshtools.j2ssh.transport.InvalidMessageException DOCUMENT ME!
*/
public void constructMessage(ByteArrayReader bar)
throws java.io.IOException, com.sshtools.j2ssh.transport.InvalidMessageException {
id = bar.readUINT32();
path = bar.readString();
attrs = new FileAttributes(bar);
}
public void authenticate(AuthenticationProtocolClient authenticationprotocolclient, String s)
throws IOException, TerminatedStateException {
try {
logger.finest("Registering gss-ssh return messages.");
authenticationprotocolclient.registerMessage(
com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiResponse.class, 60);
authenticationprotocolclient.registerMessage(
com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiToken.class, 61);
authenticationprotocolclient.registerMessage(
com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiError.class, 64);
authenticationprotocolclient.registerMessage(
com.sshtools.j2ssh.authentication.SshMsgUserauthGssapiErrtok.class, 65);
logger.finest("Sending gssapi user auth request.");
ByteArrayWriter bytearraywriter = new ByteArrayWriter();
bytearraywriter.writeUINT32(new UnsignedInteger32(1L));
byte abyte0[] = GSSConstants.MECH_OID.getDER();
bytearraywriter.writeBinaryString(abyte0);
logger.finest("Username:"******"gssapi", bytearraywriter.toByteArray());
authenticationprotocolclient.sendMessage(sshmsguserauthrequest);
logger.finest("Receiving user auth response:");
SshMsgUserauthGssapiResponse sshmsguserauthgssapiresponse =
(SshMsgUserauthGssapiResponse) authenticationprotocolclient.readMessage(60);
ByteArrayReader bytearrayreader =
new ByteArrayReader(sshmsguserauthgssapiresponse.getRequestData());
byte abyte1[] = bytearrayreader.readBinaryString();
if (logger.isLoggable(Level.FINEST)) {
logger.log(Level.FINEST, "Mechanism requested: " + GSSConstants.MECH_OID);
logger.log(Level.FINEST, "Mechanism selected: " + new Oid(abyte1));
logger.log(Level.FINEST, "Verify that selected mechanism is GSSAPI.");
}
if (!GSSConstants.MECH_OID.equals(new Oid(abyte1))) {
logger.warning("Mechanism do not match!");
throw new IOException("Mechanism do not match!");
}
logger.finest("Creating GSS context base on grid credentials.");
GlobusGSSManagerImpl globusgssmanagerimpl = new GlobusGSSManagerImpl();
HostAuthorization gssAuth = new HostAuthorization(null);
GSSName targetName = gssAuth.getExpectedName(null, hostname);
GSSContext gsscontext =
globusgssmanagerimpl.createContext(
targetName, new Oid(abyte1), gsscredential, GSSCredential.INDEFINITE_LIFETIME - 1);
gsscontext.requestCredDeleg(true);
gsscontext.requestMutualAuth(true);
gsscontext.requestReplayDet(true);
gsscontext.requestSequenceDet(true);
// MOD
// gsscontext.requestConf(false);
gsscontext.requestConf(true);
Object type = GSIConstants.DELEGATION_TYPE_LIMITED;
gsscontext.requestCredDeleg(false);
((ExtendedGSSContext) gsscontext).setOption(GSSConstants.DELEGATION_TYPE, type);
logger.finest("Starting GSS token exchange.");
byte abyte2[] = new byte[0];
do {
if (gsscontext.isEstablished()) break;
byte abyte3[] = gsscontext.initSecContext(abyte2, 0, abyte2.length);
if (abyte3 != null) {
ByteArrayWriter bytearraywriter1 = new ByteArrayWriter();
bytearraywriter1.writeBinaryString(abyte3);
SshMsgUserauthGssapiToken sshmsguserauthgssapitoken =
new SshMsgUserauthGssapiToken(bytearraywriter1.toByteArray());
authenticationprotocolclient.sendMessage(sshmsguserauthgssapitoken);
}
if (!gsscontext.isEstablished()) {
SshMsgUserauthGssapiToken sshmsguserauthgssapitoken1 =
(SshMsgUserauthGssapiToken) authenticationprotocolclient.readMessage(61);
ByteArrayReader bytearrayreader1 =
new ByteArrayReader(sshmsguserauthgssapitoken1.getRequestData());
abyte2 = bytearrayreader1.readBinaryString();
}
} while (true);
logger.log(Level.FINEST, "Sending gssapi exchange complete.");
SshMsgUserauthGssapiExchangeComplete sshmsguserauthgssapiexchangecomplete =
new SshMsgUserauthGssapiExchangeComplete();
authenticationprotocolclient.sendMessage(sshmsguserauthgssapiexchangecomplete);
if (logger.isLoggable(Level.FINEST)) {
logger.log(
Level.FINEST,
"Context established.\nInitiator : "
+ gsscontext.getSrcName()
+ "\nAcceptor : "
+ gsscontext.getTargName()
+ "\nLifetime : "
+ gsscontext.getLifetime()
+ "\nIntegrity : "
+ gsscontext.getIntegState()
+ "\nConfidentiality : "
+ gsscontext.getConfState()
+ "\nAnonymity : "
+ gsscontext.getAnonymityState());
}
} catch (Throwable t) {
logger.log(Level.WARNING, "Got Exception: ", t);
throw new TerminatedStateException(AuthenticationProtocolState.FAILED);
}
}
