You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mina.apache.org by lg...@apache.org on 2016/01/21 07:06:46 UTC
mina-sshd git commit: Corrected format of hostbased authentication
signature
Repository: mina-sshd
Updated Branches:
refs/heads/master ed3eba3ff -> 56cc5356f
Corrected format of hostbased authentication signature
Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo
Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/56cc5356
Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/56cc5356
Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/56cc5356
Branch: refs/heads/master
Commit: 56cc5356fd3b1e20810d138f32fb288ecd009863
Parents: ed3eba3
Author: Lyor Goldstein <lg...@vmware.com>
Authored: Thu Jan 21 08:06:36 2016 +0200
Committer: Lyor Goldstein <lg...@vmware.com>
Committed: Thu Jan 21 08:06:36 2016 +0200
----------------------------------------------------------------------
.../auth/hostbased/UserAuthHostBased.java | 65 ++++++++++++--------
.../sshd/common/auth/AuthenticationTest.java | 2 +-
2 files changed, 41 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/56cc5356/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java b/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java
index 28f2781..1b793a4 100644
--- a/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java
+++ b/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java
@@ -93,9 +93,10 @@ public class UserAuthHostBased extends AbstractUserAuth implements SignatureFact
@Override
protected boolean sendAuthDataRequest(ClientSession session, String service) throws Exception {
+ String name = getName();
if ((keys == null) || (!keys.hasNext())) {
if (log.isDebugEnabled()) {
- log.debug("sendAuthDataRequest({})[{}] no more keys to send", session, service);
+ log.debug("sendAuthDataRequest({})[{}][{}] no more keys to send", session, service, name);
}
return false;
@@ -106,8 +107,8 @@ public class UserAuthHostBased extends AbstractUserAuth implements SignatureFact
PublicKey pub = kp.getPublic();
String keyType = KeyUtils.getKeyType(pub);
if (log.isTraceEnabled()) {
- log.trace("sendAuthDataRequest({})[{}] current key details: type={}, fingerprint={}",
- session, service, keyType, KeyUtils.getFingerPrint(pub));
+ log.trace("sendAuthDataRequest({})[{}][{}] current key details: type={}, fingerprint={}",
+ session, service, name, keyType, KeyUtils.getFingerPrint(pub));
}
Collection<NamedFactory<Signature>> factories =
@@ -125,8 +126,8 @@ public class UserAuthHostBased extends AbstractUserAuth implements SignatureFact
String clientUsername = resolveClientUsername();
String clientHostname = resolveClientHostname();
if (log.isDebugEnabled()) {
- log.debug("sendAuthDataRequest({})[{}] client={}@{}",
- session, service, clientUsername, clientHostname);
+ log.debug("sendAuthDataRequest({})[{}][{}] client={}@{}",
+ session, service, name, clientUsername, clientHostname);
}
Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST,
@@ -144,39 +145,53 @@ public class UserAuthHostBased extends AbstractUserAuth implements SignatureFact
}
}
byte[] keyBytes = buffer.getCompactData();
+ verifier.initSigner(kp.getPrivate());
- buffer.clear();
- buffer.putBytes(id);
- buffer.putByte(SshConstants.SSH_MSG_USERAUTH_REQUEST);
+ buffer = session.prepareBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST, buffer);
buffer.putString(username);
- buffer.putString(getService());
- buffer.putString(getName());
+ buffer.putString(service);
+ buffer.putString(name);
buffer.putString(keyType);
buffer.putBytes(keyBytes);
buffer.putString(clientHostname);
buffer.putString(clientUsername);
+ appendSignature(session, service, name, username, keyType, pub, keyBytes, clientHostname, clientUsername, verifier, buffer);
+ session.writePacket(buffer);
+ return true;
+ }
- verifier.initSigner(kp.getPrivate());
- verifier.update(buffer.array(), buffer.rpos(), buffer.available());
+ protected void appendSignature(ClientSession session, String service, String name, String username,
+ String keyType, PublicKey key, byte[] keyBytes,
+ String clientHostname, String clientUsername,
+ Signature verifier, Buffer buffer) throws Exception {
+ byte[] id = session.getSessionId();
+ Buffer bs = new ByteArrayBuffer(id.length + username.length() + service.length() + name.length()
+ + keyType.length() + keyBytes.length
+ + clientHostname.length() + clientUsername.length()
+ + ByteArrayBuffer.DEFAULT_SIZE + Long.SIZE, false);
+ bs.putBytes(id);
+ bs.putByte(SshConstants.SSH_MSG_USERAUTH_REQUEST);
+ bs.putString(username);
+ bs.putString(service);
+ bs.putString(name);
+ bs.putString(keyType);
+ bs.putBytes(keyBytes);
+ bs.putString(clientHostname);
+ bs.putString(clientUsername);
+
+ verifier.update(bs.array(), bs.rpos(), bs.available());
byte[] signature = verifier.sign();
if (log.isTraceEnabled()) {
- log.trace("sendAuthDataRequest({})[{}] type={}, fingerprint={}, client={}@{}: signature={}",
- session, service, keyType, KeyUtils.getFingerPrint(pub),
+ log.trace("appendSignature({})[{}][{}] type={}, fingerprint={}, client={}@{}: signature={}",
+ session, service, name, keyType, KeyUtils.getFingerPrint(key),
clientUsername, clientHostname, BufferUtils.printHex(signature));
}
- buffer = session.prepareBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST, buffer);
- buffer.putString(username);
- buffer.putString(getService());
- buffer.putString(getName());
- buffer.putString(keyType);
- buffer.putBytes(keyBytes);
- buffer.putString(clientHostname);
- buffer.putString(clientUsername);
- buffer.putBytes(signature);
+ bs.clear();
- session.writePacket(buffer);
- return true;
+ bs.putString(keyType);
+ bs.putBytes(signature);
+ buffer.putBytes(bs.array(), bs.rpos(), bs.available());
}
@Override
http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/56cc5356/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java
----------------------------------------------------------------------
diff --git a/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java b/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java
index b58072a..41ed1b9 100644
--- a/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java
+++ b/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java
@@ -657,7 +657,7 @@ public class AuthenticationTest extends BaseTestSupport {
}
}
- @Test
+ @Test // see SSHD-620
public void testHostBasedAuthentication() throws Exception {
final String CLIENT_USERNAME = getClass().getSimpleName();
final String CLIENT_HOSTNAME = SshdSocketAddress.toAddressString(SshdSocketAddress.getFirstExternalNetwork4Address());