@Override public Boolean doAuth(Buffer buffer, boolean init) throws Exception { ValidateUtils.checkTrue(init, "Instance not initialized"); boolean hasSig = buffer.getBoolean(); String alg = buffer.getString(); int oldLim = buffer.wpos(); int oldPos = buffer.rpos(); int len = buffer.getInt(); buffer.wpos(buffer.rpos() + len); PublicKey key = buffer.getRawPublicKey(); ServerFactoryManager manager = session.getFactoryManager(); Signature verif = ValidateUtils.checkNotNull( NamedFactory.Utils.create(manager.getSignatureFactories(), alg), "No verifier located for algorithm=%s", alg); verif.initVerifier(key); buffer.wpos(oldLim); byte[] sig = hasSig ? buffer.getBytes() : null; PublickeyAuthenticator authenticator = ValidateUtils.checkNotNull( manager.getPublickeyAuthenticator(), "No PublickeyAuthenticator configured"); if (!authenticator.authenticate(username, key, session)) { return Boolean.FALSE; } if (!hasSig) { Buffer buf = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_PK_OK); buf.putString(alg); buf.putRawBytes(buffer.array(), oldPos, 4 + len); session.writePacket(buf); return null; } else { Buffer buf = new ByteArrayBuffer(); buf.putBytes(session.getKex().getH()); buf.putByte(SshConstants.SSH_MSG_USERAUTH_REQUEST); buf.putString(username); buf.putString(service); buf.putString(UserAuthPublicKeyFactory.NAME); buf.putBoolean(true); buf.putString(alg); buffer.rpos(oldPos); buffer.wpos(oldPos + 4 + len); buf.putBuffer(buffer); verif.update(buf.array(), buf.rpos(), buf.available()); if (!verif.verify(sig)) { throw new Exception("Key verification failed"); } return Boolean.TRUE; } }
protected void sendHeartBeat() { String request = FactoryManagerUtils.getStringProperty( session, ClientFactoryManager.HEARTBEAT_REQUEST, ClientFactoryManager.DEFAULT_KEEP_ALIVE_HEARTBEAT_STRING); try { Buffer buf = session.createBuffer(SshConstants.SSH_MSG_GLOBAL_REQUEST); buf.putString(request); buf.putBoolean(false); session.writePacket(buf); } catch (IOException e) { log.info("Error sending keepalive message=" + request, e); } }
@Override public synchronized SshdSocketAddress startRemotePortForwarding( SshdSocketAddress remote, SshdSocketAddress local) throws IOException { ValidateUtils.checkNotNull(local, "Local address is null"); ValidateUtils.checkNotNull(remote, "Remote address is null"); Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_GLOBAL_REQUEST); buffer.putString("tcpip-forward"); buffer.putBoolean(true); buffer.putString(remote.getHostName()); buffer.putInt(remote.getPort()); Buffer result = session.request(buffer); if (result == null) { throw new SshException("Tcpip forwarding request denied by server"); } int port = (remote.getPort() == 0) ? result.getInt() : remote.getPort(); // TODO: Is it really safe to only store the local address after the request ? SshdSocketAddress prev; synchronized (remoteToLocal) { prev = remoteToLocal.put(port, local); } if (prev != null) { throw new IOException( "Multiple remote port forwarding bindings on port=" + port + ": current=" + remote + ", previous=" + prev); } SshdSocketAddress bound = new SshdSocketAddress(remote.getHostName(), port); if (log.isDebugEnabled()) { log.debug("startRemotePortForwarding(" + remote + " -> " + local + "): " + bound); } return bound; }
@Override public synchronized void stopRemotePortForwarding(SshdSocketAddress remote) throws IOException { SshdSocketAddress bound; synchronized (remoteToLocal) { bound = remoteToLocal.remove(remote.getPort()); } if (bound != null) { if (log.isDebugEnabled()) { log.debug("stopRemotePortForwarding(" + remote + ") cancel forwarding to " + bound); } Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_GLOBAL_REQUEST); buffer.putString("cancel-tcpip-forward"); buffer.putBoolean(false); buffer.putString(remote.getHostName()); buffer.putInt(remote.getPort()); session.writePacket(buffer); } else { if (log.isDebugEnabled()) { log.debug("stopRemotePortForwarding(" + remote + ") no binding found"); } } }