org.vngx.jsch.userauth.UserAuthKeyboardInteractive Maven / Gradle / Ivy

Go to download
/*
 * Copyright (c) 2002-2010 Atsuhiko Yamanaka, JCraft,Inc.  All rights reserved.
 * Copyright (c) 2010-2011 Michael Laudati, N1 Concepts LLC.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 * 1. Redistributions of source code must retain the above copyright notice,
 * this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation
 * and/or other materials provided with the distribution.
 *
 * 3. The names of the authors may not be used to endorse or promote products
 * derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
 * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
 * FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL JCRAFT,
 * INC. OR ANY CONTRIBUTORS TO THIS SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
 * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
 * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

package org.vngx.jsch.userauth;

import org.vngx.jsch.Session;
import org.vngx.jsch.UIKeyboardInteractive;
import org.vngx.jsch.Util;

/**
 * Implementation of UserAuth for authenticating an SSH session
 * using an interactive keyboard instance.
 *
 * @author Atsuhiko Yamanaka
 * @author Michael Laudati
 */
public final class UserAuthKeyboardInteractive extends UserAuth {

	/** Password prompt to display to user to ask for password. */
	private String _passwordPrompt;

	@Override
	public boolean authUser(Session session, byte[] password) throws Exception {
		if( !(_userinfo instanceof UIKeyboardInteractive) ) {
			return false;	// Fail if no keyboard interactive interface available
		}
		super.authUser(session, password);
		_passwordPrompt = createPasswordPrompt(session);

		boolean cancel = false;
		while( true ) {
			// send keyboard interactive user auth request
			// byte      SSH_MSG_USERAUTH_REQUEST(50)
			// string    user name (ISO-10646 UTF-8, as defined in [RFC-2279])
			// string    service name (US-ASCII) "ssh-userauth" ? "ssh-connection"
			// string    "keyboard-interactive" (US-ASCII)
			// string    language tag (as defined in [RFC-3066])
			// string    submethods (ISO-10646 UTF-8)
			_packet.reset();
			_buffer.putByte(SSH_MSG_USERAUTH_REQUEST);
			_buffer.putString(session.getUserName());
			_buffer.putString(SSH_CONNECTION);
			_buffer.putString(KEYBOARD_INTERACTIVE);
			_buffer.putString("");
			_buffer.putString("");
			session.write(_packet);

			boolean firstTime = true;
			loop:
			while( true ) {
				switch( session.read(_buffer).getCommand() & 0xff ) {
					case SSH_MSG_USERAUTH_SUCCESS:
						return true;	// User successfully authed with keyboard interactive

					case SSH_MSG_USERAUTH_BANNER:
						userAuthBanner();
						continue loop;	// Display banner message and continue

					case SSH_MSG_USERAUTH_FAILURE:
						userAuthFailure();
						if( firstTime ) {
							return false;
						}
						break loop;

					case SSH_MSG_USERAUTH_INFO_REQUEST:
						firstTime = false;
						_buffer.getInt();
						_buffer.getShort();
						String name = Util.byte2str(_buffer.getString());
						String instruction = Util.byte2str(_buffer.getString());
						_buffer.getString();	// Language tag
						int num = _buffer.getInt();
						String[] prompt = new String[num];
						boolean[] echo = new boolean[num];
						for( int i = 0; i < num; i++ ) {
							prompt[i] = Util.byte2str(_buffer.getString());
							echo[i] = _buffer.getByte() != 0;
						}

						byte[][] response = null;
						if( password != null && prompt.length == 1 && !echo[0] && prompt[0].toLowerCase().startsWith("password:") ) {
							response = new byte[][] { password };
							password = null;
						} else if( num > 0 || (name.length() > 0 || instruction.length() > 0) ) {
							UIKeyboardInteractive kbi = (UIKeyboardInteractive) _userinfo;
							String[] _response = kbi.promptKeyboardInteractive(_passwordPrompt, name, instruction, prompt, echo);
							if( _response != null ) {
								response = new byte[_response.length][];
								for( int i = 0; i < _response.length; i++ ) {
									response[i] = Util.str2byte(_response[i]);
								}
							}
						}

						// byte      SSH_MSG_USERAUTH_INFO_RESPONSE(61)
						// int       num-responses
						// string    response[1] (ISO-10646 UTF-8)
						// ...
						// string    response[num-responses] (ISO-10646 UTF-8)
						_packet.reset();
						_buffer.putByte(SSH_MSG_USERAUTH_INFO_RESPONSE);
						if( num > 0 && (response == null /* cancel */ ||  num != response.length) ) {
							if( response == null ) {
								// working around the bug in OpenSSH ;-<
								_buffer.putInt(num);
								for( int i = 0; i < num; i++ ) {
									_buffer.putString("");
								}
							} else {
								_buffer.putInt(0);
							}
							if( response == null ) {
								cancel = true;
							}
						} else {
							_buffer.putInt(num);
							for( int i = 0; i < num; i++ ) {
								_buffer.putString(response[i]);
								Util.bzero(response[i]);	// Zero password in response
							}
						}
						session.write(_packet);
						continue loop;
				}
				return false;
			}
			if( cancel ) {
				throw new AuthCancelException("UserAuth 'keyboard-interactive' canceled by user");
			}
		}
	}

}