annotate src/ch/ethz/ssh2/auth/ServerAuthenticationManager.java @ 313:1d400fd78e4a ganymed

add ecdsa key support everywhere
author Carl Byington <carl@five-ten-sg.com>
date Wed, 30 Jul 2014 16:19:33 -0700
parents 071eccdff8ea
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
1
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
2 package ch.ethz.ssh2.auth;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
3
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
4 import java.io.IOException;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
5 import java.util.Arrays;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
6 import java.util.HashSet;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
7 import java.util.Set;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
8
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
9 import ch.ethz.ssh2.AuthenticationResult;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
10 import ch.ethz.ssh2.PacketTypeException;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
11 import ch.ethz.ssh2.ServerAuthenticationCallback;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
12 import ch.ethz.ssh2.channel.ChannelManager;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
13 import ch.ethz.ssh2.packets.PacketServiceAccept;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
14 import ch.ethz.ssh2.packets.PacketServiceRequest;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
15 import ch.ethz.ssh2.packets.PacketUserauthBanner;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
16 import ch.ethz.ssh2.packets.PacketUserauthFailure;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
17 import ch.ethz.ssh2.packets.PacketUserauthSuccess;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
18 import ch.ethz.ssh2.packets.Packets;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
19 import ch.ethz.ssh2.packets.TypesReader;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
20 import ch.ethz.ssh2.server.ServerConnectionState;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
21 import ch.ethz.ssh2.transport.MessageHandler;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
22
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
23 public class ServerAuthenticationManager implements MessageHandler {
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
24 private final ServerConnectionState state;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
25
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
26 public ServerAuthenticationManager(ServerConnectionState state) {
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
27 this.state = state;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
28 state.tm.registerMessageHandler(this, 0, 255);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
29 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
30
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
31 private void sendresult(AuthenticationResult result) throws IOException {
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
32 if (AuthenticationResult.SUCCESS == result) {
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
33 PacketUserauthSuccess pus = new PacketUserauthSuccess();
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
34 state.tm.sendAsynchronousMessage(pus.getPayload());
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
35 state.tm.removeMessageHandler(this);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
36 state.tm.registerMessageHandler(this, 50, 79);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
37 state.cm = new ChannelManager(state);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
38 state.flag_auth_completed = true;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
39 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
40 else {
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
41 Set<String> remaining_methods = new HashSet<String>();
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
42
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
43 if (state.cb_auth != null) {
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
44 remaining_methods.addAll(Arrays.asList(
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
45 state.cb_auth.getRemainingAuthMethods(state.conn)));
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
46 }
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
47
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
48 PacketUserauthFailure puf = new PacketUserauthFailure(remaining_methods,
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
49 AuthenticationResult.PARTIAL_SUCCESS == result);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
50 state.tm.sendAsynchronousMessage(puf.getPayload());
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
51 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
52 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
53
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
54 public void handleFailure(final IOException failure) {
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
55 //
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
56 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
57
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
58 public void handleMessage(byte[] msg) throws IOException {
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
59 /* Ignore all authentication messages after successful auth */
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
60 if (state.flag_auth_completed) {
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
61 return;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
62 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
63
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
64 if (!state.flag_auth_serviceRequested) {
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
65 /* Must be PacketServiceRequest */
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
66 PacketServiceRequest psr = new PacketServiceRequest(msg);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
67
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
68 if (!"ssh-userauth".equals(psr.getServiceName())) {
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
69 throw new IOException("SSH protocol error, expected ssh-userauth service request");
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
70 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
71
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
72 PacketServiceAccept psa = new PacketServiceAccept("ssh-userauth");
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
73 state.tm.sendAsynchronousMessage(psa.getPayload());
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
74 String banner = state.cb_auth.initAuthentication(state.conn);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
75
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
76 if (banner != null) {
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
77 PacketUserauthBanner pub = new PacketUserauthBanner(banner);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
78 state.tm.sendAsynchronousMessage(pub.getPayload());
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
79 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
80
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
81 state.flag_auth_serviceRequested = true;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
82 return;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
83 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
84
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
85 ServerAuthenticationCallback cb = state.cb_auth;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
86 TypesReader tr = new TypesReader(msg);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
87 int packet_type = tr.readByte();
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
88
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
89 if (packet_type == Packets.SSH_MSG_USERAUTH_REQUEST) {
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
90 String username = tr.readString("UTF-8");
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
91 String service = tr.readString();
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
92 String method = tr.readString();
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
93
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
94 if (!"ssh-connection".equals(service)) {
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
95 sendresult(AuthenticationResult.FAILURE);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
96 return;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
97 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
98
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
99 if ("none".equals(method)) {
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
100 if (cb != null) {
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
101 sendresult(cb.authenticateWithNone(state.conn, username));
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
102 return;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
103 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
104 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
105
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
106 if ("password".equals(method)) {
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
107 boolean flag_change_pass = tr.readBoolean();
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
108
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
109 if (flag_change_pass) {
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
110 sendresult(AuthenticationResult.FAILURE);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
111 return;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
112 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
113
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
114 String password = tr.readString("UTF-8");
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
115
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
116 if (cb != null) {
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
117 sendresult(cb.authenticateWithPassword(state.conn, username, password));
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
118 return;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
119 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
120 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
121
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
122 sendresult(AuthenticationResult.FAILURE);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
123 return;
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
124 }
307
071eccdff8ea fix java formatting
Carl Byington <carl@five-ten-sg.com>
parents: 305
diff changeset
125
273
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
126 throw new PacketTypeException(packet_type);
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
127 }
91a31873c42a start conversion from trilead to ganymed
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
128 }