Mercurial > 510Connectbot
diff src/ch/ethz/ssh2/auth/AuthenticationManager.java @ 308:42b15aaa7ac7 ganymed
merge
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Wed, 30 Jul 2014 14:21:50 -0700 |
parents | 071eccdff8ea |
children | 5afb8c1a54b9 |
line wrap: on
line diff
--- a/src/ch/ethz/ssh2/auth/AuthenticationManager.java Wed Jul 30 13:38:04 2014 -0700 +++ b/src/ch/ethz/ssh2/auth/AuthenticationManager.java Wed Jul 30 14:21:50 2014 -0700 @@ -49,14 +49,14 @@ private ClientTransportManager tm; private final BlockingQueue<byte[]> packets - = new ArrayBlockingQueue<byte[]>(5); + = new ArrayBlockingQueue<byte[]>(5); private boolean connectionClosed = false; private String banner; private Set<String> remainingMethods - = new HashSet<String>(); + = new HashSet<String>(); private boolean isPartialSuccess = false; @@ -68,22 +68,24 @@ } private byte[] deQueue() throws IOException { - if(connectionClosed) { + if (connectionClosed) { throw tm.getReasonClosedCause(); } + // Wait for packet try { return packets.take(); } - catch(InterruptedException e) { + catch (InterruptedException e) { throw new InterruptedIOException(e.getMessage()); } } byte[] getNextMessage() throws IOException { - while(true) { + while (true) { byte[] message = deQueue(); - switch(message[0]) { + + switch (message[0]) { case Packets.SSH_MSG_USERAUTH_BANNER: // The server may send an SSH_MSG_USERAUTH_BANNER message at any // time after this authentication protocol starts and before @@ -91,6 +93,7 @@ PacketUserauthBanner sb = new PacketUserauthBanner(message); banner = sb.getBanner(); break; + default: return message; } @@ -111,61 +114,63 @@ } private boolean initialize(String user) throws IOException { - if(initDone == false) { + if (initDone == false) { tm.registerMessageHandler(this, 0, 255); - PacketServiceRequest sr = new PacketServiceRequest("ssh-userauth"); tm.sendMessage(sr.getPayload()); - final PacketServiceAccept accept = new PacketServiceAccept(this.getNextMessage()); - PacketUserauthRequestNone auth = new PacketUserauthRequestNone("ssh-connection", user); tm.sendMessage(auth.getPayload()); - byte[] message = this.getNextMessage(); initDone = true; - switch(message[0]) { + + switch (message[0]) { case Packets.SSH_MSG_USERAUTH_SUCCESS: authenticated = true; tm.removeMessageHandler(this); return true; + case Packets.SSH_MSG_USERAUTH_FAILURE: PacketUserauthFailure puf = new PacketUserauthFailure(message); remainingMethods = puf.getAuthThatCanContinue(); isPartialSuccess = puf.isPartialSuccess(); return false; } + throw new PacketTypeException(message[0]); } + return authenticated; } public boolean authenticatePublicKey(String user, AgentProxy proxy) throws IOException { initialize(user); + boolean success; - boolean success; - for(AgentIdentity identity : proxy.getIdentities()) { + for (AgentIdentity identity : proxy.getIdentities()) { success = authenticatePublicKey(user, identity); - if(success) { + + if (success) { return true; } } + return false; } private boolean authenticatePublicKey(String user, AgentIdentity identity) throws IOException { - if(!remainingMethods.contains("publickey")) { + if (!remainingMethods.contains("publickey")) { throw new IOException("Authentication method not supported"); } byte[] pubKeyBlob = identity.getPublicKeyBlob(); - if(pubKeyBlob == null) { + + if (pubKeyBlob == null) { return false; } TypesWriter tw = new TypesWriter(); byte[] H = tm.getSessionIdentifier(); - tw.writeString(H, 0, H.length); tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST); tw.writeString(user); @@ -174,29 +179,27 @@ tw.writeBoolean(true); tw.writeString(identity.getAlgName()); tw.writeString(pubKeyBlob, 0, pubKeyBlob.length); - byte[] msg = tw.getBytes(); byte[] response = identity.sign(msg); - PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey( - "ssh-connection", user, identity.getAlgName(), pubKeyBlob, response); + "ssh-connection", user, identity.getAlgName(), pubKeyBlob, response); tm.sendMessage(ua.getPayload()); - byte[] message = getNextMessage(); final int type = message[0]; - switch(type) { + + switch (type) { case Packets.SSH_MSG_USERAUTH_SUCCESS: authenticated = true; tm.removeMessageHandler(this); return true; + case Packets.SSH_MSG_USERAUTH_FAILURE: PacketUserauthFailure puf = new PacketUserauthFailure(message); - remainingMethods = puf.getAuthThatCanContinue(); isPartialSuccess = puf.isPartialSuccess(); - return false; } + throw new PacketTypeException(type); } @@ -209,22 +212,19 @@ public boolean authenticatePublicKey(String user, KeyPair pair, SecureRandom rnd) throws IOException { PrivateKey key = pair.getPrivate(); + try { initialize(user); - if(!remainingMethods.contains("publickey")) { + if (!remainingMethods.contains("publickey")) { throw new IOException("Authentication method publickey not supported by the server at this stage."); } if (key instanceof DSAPrivateKey) { DSAPrivateKey pk = (DSAPrivateKey) key; - byte[] pk_enc = DSASHA1Verify.encodeSSHDSAPublicKey((DSAPublicKey) pair.getPublic()); - TypesWriter tw = new TypesWriter(); - byte[] H = tm.getSessionIdentifier(); - tw.writeString(H, 0, H.length); tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST); tw.writeString(user); @@ -233,26 +233,19 @@ tw.writeBoolean(true); tw.writeString("ssh-dss"); tw.writeString(pk_enc, 0, pk_enc.length); - byte[] msg = tw.getBytes(); - byte[] ds = DSASHA1Verify.generateSignature(msg, pk, rnd); - byte[] ds_enc = DSASHA1Verify.encodeSSHDSASignature(ds); - PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey("ssh-connection", user, "ssh-dss", pk_enc, ds_enc); tm.sendMessage(ua.getPayload()); } - else if(key instanceof RSAPrivateKey) { + else if (key instanceof RSAPrivateKey) { RSAPrivateKey pk = (RSAPrivateKey) key; - byte[] pk_enc = RSASHA1Verify.encodeSSHRSAPublicKey((RSAPublicKey) pair.getPublic()); - TypesWriter tw = new TypesWriter(); { byte[] H = tm.getSessionIdentifier(); - tw.writeString(H, 0, H.length); tw.writeByte(Packets.SSH_MSG_USERAUTH_REQUEST); tw.writeString(user); @@ -262,13 +255,9 @@ tw.writeString("ssh-rsa"); tw.writeString(pk_enc, 0, pk_enc.length); } - byte[] msg = tw.getBytes(); - byte[] ds = RSASHA1Verify.generateSignature(msg, pk); - byte[] rsa_sig_enc = RSASHA1Verify.encodeSSHRSASignature(ds); - PacketUserauthRequestPublicKey ua = new PacketUserauthRequestPublicKey("ssh-connection", user, "ssh-rsa", pk_enc, rsa_sig_enc); tm.sendMessage(ua.getPayload()); @@ -300,24 +289,26 @@ else { throw new IOException("Unknown private key type returned by the PEM decoder."); } + byte[] message = getNextMessage(); final int type = message[0]; - switch(type) { + + switch (type) { case Packets.SSH_MSG_USERAUTH_SUCCESS: authenticated = true; tm.removeMessageHandler(this); return true; + case Packets.SSH_MSG_USERAUTH_FAILURE: PacketUserauthFailure puf = new PacketUserauthFailure(message); - remainingMethods = puf.getAuthThatCanContinue(); isPartialSuccess = puf.isPartialSuccess(); - return false; } + throw new PacketTypeException(type); } - catch(IOException e) { + catch (IOException e) { tm.close(e); throw e; } @@ -328,7 +319,7 @@ initialize(user); return authenticated; } - catch(IOException e) { + catch (IOException e) { tm.close(e); throw e; } @@ -338,29 +329,31 @@ try { initialize(user); - if(!remainingMethods.contains("password")) { + if (!remainingMethods.contains("password")) { throw new IOException("Authentication method not supported"); } PacketUserauthRequestPassword ua = new PacketUserauthRequestPassword("ssh-connection", user, pass); tm.sendMessage(ua.getPayload()); - byte[] message = getNextMessage(); final int type = message[0]; - switch(type) { + + switch (type) { case Packets.SSH_MSG_USERAUTH_SUCCESS: authenticated = true; tm.removeMessageHandler(this); return true; + case Packets.SSH_MSG_USERAUTH_FAILURE: PacketUserauthFailure puf = new PacketUserauthFailure(message); remainingMethods = puf.getAuthThatCanContinue(); isPartialSuccess = puf.isPartialSuccess(); return false; } + throw new PacketTypeException(type); } - catch(IOException e) { + catch (IOException e) { tm.close(e); throw e; } @@ -370,49 +363,52 @@ try { initialize(user); - if(!remainingMethods.contains("keyboard-interactive")) { + if (!remainingMethods.contains("keyboard-interactive")) { throw new IOException( - "Authentication method keyboard-interactive not supported by the server at this stage."); + "Authentication method keyboard-interactive not supported by the server at this stage."); } PacketUserauthRequestInteractive ua = new PacketUserauthRequestInteractive("ssh-connection", user, submethods); - tm.sendMessage(ua.getPayload()); - while(true) { + while (true) { byte[] message = getNextMessage(); final int type = message[0]; - switch(type) { + + switch (type) { case Packets.SSH_MSG_USERAUTH_SUCCESS: authenticated = true; tm.removeMessageHandler(this); return true; + case Packets.SSH_MSG_USERAUTH_FAILURE: PacketUserauthFailure puf = new PacketUserauthFailure(message); - remainingMethods = puf.getAuthThatCanContinue(); isPartialSuccess = puf.isPartialSuccess(); + return false; - return false; case Packets.SSH_MSG_USERAUTH_INFO_REQUEST: PacketUserauthInfoRequest info = new PacketUserauthInfoRequest(message); String[] responses; + try { responses = cb.replyToChallenge(info.getName(), info.getInstruction(), info.getNumPrompts(), - info.getPrompt(), info.getEcho()); + info.getPrompt(), info.getEcho()); } - catch(Exception e) { + catch (Exception e) { throw new IOException("Exception in callback.", e); } + PacketUserauthInfoResponse puir = new PacketUserauthInfoResponse(responses); tm.sendMessage(puir.getPayload()); continue; } + throw new PacketTypeException(type); } } - catch(IOException e) { + catch (IOException e) { tm.close(e); throw e; }