Repository: mina-sshd Updated Branches: refs/heads/master ed3eba3ff -> 56cc5356f
Corrected format of hostbased authentication signature Project: http://git-wip-us.apache.org/repos/asf/mina-sshd/repo Commit: http://git-wip-us.apache.org/repos/asf/mina-sshd/commit/56cc5356 Tree: http://git-wip-us.apache.org/repos/asf/mina-sshd/tree/56cc5356 Diff: http://git-wip-us.apache.org/repos/asf/mina-sshd/diff/56cc5356 Branch: refs/heads/master Commit: 56cc5356fd3b1e20810d138f32fb288ecd009863 Parents: ed3eba3 Author: Lyor Goldstein <[email protected]> Authored: Thu Jan 21 08:06:36 2016 +0200 Committer: Lyor Goldstein <[email protected]> Committed: Thu Jan 21 08:06:36 2016 +0200 ---------------------------------------------------------------------- .../auth/hostbased/UserAuthHostBased.java | 65 ++++++++++++-------- .../sshd/common/auth/AuthenticationTest.java | 2 +- 2 files changed, 41 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/56cc5356/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java b/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java index 28f2781..1b793a4 100644 --- a/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java +++ b/sshd-core/src/main/java/org/apache/sshd/client/auth/hostbased/UserAuthHostBased.java @@ -93,9 +93,10 @@ public class UserAuthHostBased extends AbstractUserAuth implements SignatureFact @Override protected boolean sendAuthDataRequest(ClientSession session, String service) throws Exception { + String name = getName(); if ((keys == null) || (!keys.hasNext())) { if (log.isDebugEnabled()) { - log.debug("sendAuthDataRequest({})[{}] no more keys to send", session, service); + log.debug("sendAuthDataRequest({})[{}][{}] no more keys to send", session, service, name); } return false; @@ -106,8 +107,8 @@ public class UserAuthHostBased extends AbstractUserAuth implements SignatureFact PublicKey pub = kp.getPublic(); String keyType = KeyUtils.getKeyType(pub); if (log.isTraceEnabled()) { - log.trace("sendAuthDataRequest({})[{}] current key details: type={}, fingerprint={}", - session, service, keyType, KeyUtils.getFingerPrint(pub)); + log.trace("sendAuthDataRequest({})[{}][{}] current key details: type={}, fingerprint={}", + session, service, name, keyType, KeyUtils.getFingerPrint(pub)); } Collection<NamedFactory<Signature>> factories = @@ -125,8 +126,8 @@ public class UserAuthHostBased extends AbstractUserAuth implements SignatureFact String clientUsername = resolveClientUsername(); String clientHostname = resolveClientHostname(); if (log.isDebugEnabled()) { - log.debug("sendAuthDataRequest({})[{}] client={}@{}", - session, service, clientUsername, clientHostname); + log.debug("sendAuthDataRequest({})[{}][{}] client={}@{}", + session, service, name, clientUsername, clientHostname); } Buffer buffer = session.createBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST, @@ -144,39 +145,53 @@ public class UserAuthHostBased extends AbstractUserAuth implements SignatureFact } } byte[] keyBytes = buffer.getCompactData(); + verifier.initSigner(kp.getPrivate()); - buffer.clear(); - buffer.putBytes(id); - buffer.putByte(SshConstants.SSH_MSG_USERAUTH_REQUEST); + buffer = session.prepareBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST, buffer); buffer.putString(username); - buffer.putString(getService()); - buffer.putString(getName()); + buffer.putString(service); + buffer.putString(name); buffer.putString(keyType); buffer.putBytes(keyBytes); buffer.putString(clientHostname); buffer.putString(clientUsername); + appendSignature(session, service, name, username, keyType, pub, keyBytes, clientHostname, clientUsername, verifier, buffer); + session.writePacket(buffer); + return true; + } - verifier.initSigner(kp.getPrivate()); - verifier.update(buffer.array(), buffer.rpos(), buffer.available()); + protected void appendSignature(ClientSession session, String service, String name, String username, + String keyType, PublicKey key, byte[] keyBytes, + String clientHostname, String clientUsername, + Signature verifier, Buffer buffer) throws Exception { + byte[] id = session.getSessionId(); + Buffer bs = new ByteArrayBuffer(id.length + username.length() + service.length() + name.length() + + keyType.length() + keyBytes.length + + clientHostname.length() + clientUsername.length() + + ByteArrayBuffer.DEFAULT_SIZE + Long.SIZE, false); + bs.putBytes(id); + bs.putByte(SshConstants.SSH_MSG_USERAUTH_REQUEST); + bs.putString(username); + bs.putString(service); + bs.putString(name); + bs.putString(keyType); + bs.putBytes(keyBytes); + bs.putString(clientHostname); + bs.putString(clientUsername); + + verifier.update(bs.array(), bs.rpos(), bs.available()); byte[] signature = verifier.sign(); if (log.isTraceEnabled()) { - log.trace("sendAuthDataRequest({})[{}] type={}, fingerprint={}, client={}@{}: signature={}", - session, service, keyType, KeyUtils.getFingerPrint(pub), + log.trace("appendSignature({})[{}][{}] type={}, fingerprint={}, client={}@{}: signature={}", + session, service, name, keyType, KeyUtils.getFingerPrint(key), clientUsername, clientHostname, BufferUtils.printHex(signature)); } - buffer = session.prepareBuffer(SshConstants.SSH_MSG_USERAUTH_REQUEST, buffer); - buffer.putString(username); - buffer.putString(getService()); - buffer.putString(getName()); - buffer.putString(keyType); - buffer.putBytes(keyBytes); - buffer.putString(clientHostname); - buffer.putString(clientUsername); - buffer.putBytes(signature); + bs.clear(); - session.writePacket(buffer); - return true; + bs.putString(keyType); + bs.putBytes(signature); + buffer.putBytes(bs.array(), bs.rpos(), bs.available()); } @Override http://git-wip-us.apache.org/repos/asf/mina-sshd/blob/56cc5356/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java ---------------------------------------------------------------------- diff --git a/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java b/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java index b58072a..41ed1b9 100644 --- a/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java +++ b/sshd-core/src/test/java/org/apache/sshd/common/auth/AuthenticationTest.java @@ -657,7 +657,7 @@ public class AuthenticationTest extends BaseTestSupport { } } - @Test + @Test // see SSHD-620 public void testHostBasedAuthentication() throws Exception { final String CLIENT_USERNAME = getClass().getSimpleName(); final String CLIENT_HOSTNAME = SshdSocketAddress.toAddressString(SshdSocketAddress.getFirstExternalNetwork4Address());
