/** * @param authentication * @param msg * @return * @throws IOException */ public int authenticate(AuthenticationProtocolServer authentication, SshMsgUserAuthRequest msg) throws IOException { NativeAuthenticationProvider authImpl = NativeAuthenticationProvider.getInstance(); if (authImpl == null) { log.error("Cannot perfrom authentication witout native authentication provider"); return AuthenticationProtocolState.FAILED; } ByteArrayReader bar = new ByteArrayReader(msg.getRequestData()); boolean changepwd = ((bar.read() == 0) ? false : true); String password = bar.readString(); String newpassword = null; if (changepwd) { newpassword = bar.readString(); try { if (!authImpl.changePassword(msg.getUsername(), password, newpassword)) { return AuthenticationProtocolState.FAILED; } if (authImpl.logonUser(msg.getUsername(), newpassword)) { return AuthenticationProtocolState.COMPLETE; } else { return AuthenticationProtocolState.FAILED; } } catch (PasswordChangeException ex1) { return AuthenticationProtocolState.FAILED; } } else { try { if (authImpl.logonUser(msg.getUsername(), password)) { log.info(msg.getUsername() + " has passed password authentication"); return AuthenticationProtocolState.COMPLETE; } else { log.info(msg.getUsername() + " has failed password authentication"); return AuthenticationProtocolState.FAILED; } } catch (PasswordChangeException ex) { SshMsgUserAuthPwdChangeReq reply = new SshMsgUserAuthPwdChangeReq( msg.getUsername() + " is required to change password", ""); authentication.sendMessage(reply); return AuthenticationProtocolState.READY; } } }
private SshPublicKey getAuthorizedKey(String username, String algorithm, byte[] encoded) throws IOException { NativeAuthenticationProvider provider = NativeAuthenticationProvider.getInstance(); String userHome = provider.getHomeDirectory(username); // , nativeSettings); if (userHome == null) { log.warn("There is no home directory for " + username + " is available"); } // Replace '\' with '/' because when we use it in String.replaceAll // for some reason it removes them? if (userHome != null) { userHome = userHome.replace('\\', '/'); } ServerConfiguration config = (ServerConfiguration) ConfigurationLoader.getConfiguration(ServerConfiguration.class); String authorizationFile; String userConfigDir = config.getUserConfigDirectory(); // First replace any '\' with '/' (Becasue replaceAll removes them!) userConfigDir = userConfigDir.replace('\\', '/'); // Replace any home directory tokens if ((userConfigDir.indexOf("%D") > -1) && (userHome == null)) { throw new IOException( "<UserConfigDirectory> requires home directory, but none available for " + username); } int idx = 0; while ((idx = userConfigDir.indexOf("%D", idx + 1)) > -1) { StringBuffer buf = new StringBuffer(userConfigDir); buf = buf.replace(idx, idx + 1, userHome); userConfigDir = buf.toString(); } idx = 0; while ((idx = userConfigDir.indexOf("%U", idx + 1)) > -1) { StringBuffer buf = new StringBuffer(userConfigDir); buf = buf.replace(idx, idx + 1, username); userConfigDir = buf.toString(); } // Replace the '/' with File.seperator and trim userConfigDir = userConfigDir.replace('/', File.separatorChar).trim(); if (!userConfigDir.endsWith(File.separator)) { userConfigDir += File.separator; } authorizationFile = userConfigDir + config.getAuthorizationFile(); // Load the authorization file File file = new File(authorizationFile); if (!file.exists()) { log.info("authorizationFile: " + authorizationFile + " does not exist."); throw new IOException("authorizationFile: " + authorizationFile + " does not exist."); } FileInputStream in = new FileInputStream(file); Authorization keys; try { keys = new Authorization(in); } catch (Exception e) { throw new AuthenticationProtocolException( "Failed to load authorized keys file " + authorizationFile); } // SshPublicKey key = SshPublicKeyFile.parse(encoded); Iterator it = keys.getAuthorizedKeys().iterator(); SshKeyPair pair = SshKeyPairFactory.newInstance(algorithm); SshPublicKey authorizedKey = null; SshPublicKey key = pair.decodePublicKey(encoded); boolean valid = false; String keyfile; while (it.hasNext()) { keyfile = (String) it.next(); // Look for the file in the user config dir first file = new File(userConfigDir + keyfile); // If it does not exist then look absolute if (!file.exists()) { file = new File(keyfile); } if (file.exists()) { // Try to open the public key in the default file format // otherwise attempt the supported key formats SshPublicKeyFile pkf = SshPublicKeyFile.parse(file); authorizedKey = pkf.toPublicKey(); if (authorizedKey.equals(key)) { return authorizedKey; } } else { log.info("Failed attempt to load key file " + keyfile); } } throw new IOException(""); }