1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
#--
# =============================================================================
# Copyright (c) 2004,2005 Jamis Buck (jamis@37signals.com)
# All rights reserved.
#
# This source file is distributed as part of the Net::SSH Secure Shell Client
# library for Ruby. This file (and the library as a whole) may be used only as
# allowed by either the BSD license, or the Ruby license (or, by association
# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
# distribution for the texts of these licenses.
# -----------------------------------------------------------------------------
# net-ssh website : http://net-ssh.rubyforge.org
# project website: http://rubyforge.org/projects/net-ssh
# =============================================================================
#++
require 'net/ssh/errors'
require 'net/ssh/userauth/constants'
module Net
module SSH
module UserAuth
module Methods
# Implements the host-based SSH authentication method.
class HostBased
include Net::SSH::UserAuth::Constants
# The messenger to use to send and receive messages.
attr_writer :messenger
# The session-id of the current SSH session.
attr_writer :session_id
# The hostname to report to the server.
attr_writer :hostname
# Create a new
def initialize( buffers )
@buffers = buffers
end
# Attempts to perform host-based authorization of the user. The data
# hash must contain a <tt>:key_manager</tt> key or the call will
# fail.
def authenticate( next_service, username, data={} )
key_manager = data[:key_manager] or return false
key_manager.host_identities.each do |identity|
return true if authenticate_with( identity, next_service,
username, key_manager )
end
return false
ensure
key_manager.finish if key_manager
end
# Attempts to perform host-based authentication of the user, using
# the given host identity (key).
def authenticate_with( identity, next_service, username, key_manager )
client_username = ENV['USER'] || username
req = build_request identity, next_service, username,
@hostname+".", client_username
sig_data = @buffers.writer
sig_data.write_string @session_id
sig_data.write req
sig = key_manager.sign( identity, sig_data.to_s )
message = @buffers.writer
message.write req
message.write_string sig
@messenger.send_message message
message = @messenger.wait_for_message
case message.message_type
when USERAUTH_SUCCESS
return true
when USERAUTH_FAILURE
return false
else
raise Net::SSH::Exception,
"unexpected server response to USERAUTH_REQUEST: " +
message.inspect
end
end
private :authenticate_with
# Build the "core" hostbased request string.
def build_request( identity, next_service, username, hostname,
client_username )
# begin
buf = @buffers.writer
buf.write_byte USERAUTH_REQUEST
buf.write_string username
buf.write_string next_service
buf.write_string "hostbased"
buf.write_string identity.ssh_type
blob = @buffers.writer
blob.write_key identity
buf.write_string blob.to_s
buf.write_string hostname
buf.write_string client_username
return buf.to_s
end
end
end
end
end
end
|
