| | | 1 | | using System; |
| | | 2 | | using System.Collections.Generic; |
| | | 3 | | using System.Collections.ObjectModel; |
| | | 4 | | using System.Linq; |
| | | 5 | | using System.Threading; |
| | | 6 | | |
| | | 7 | | using Renci.SshNet.Common; |
| | | 8 | | using Renci.SshNet.Messages; |
| | | 9 | | using Renci.SshNet.Messages.Authentication; |
| | | 10 | | |
| | | 11 | | namespace Renci.SshNet |
| | | 12 | | { |
| | | 13 | | /// <summary> |
| | | 14 | | /// Provides functionality to perform private key authentication. |
| | | 15 | | /// </summary> |
| | | 16 | | public class PrivateKeyAuthenticationMethod : AuthenticationMethod, IDisposable |
| | | 17 | | { |
| | 419 | 18 | | private AuthenticationResult _authenticationResult = AuthenticationResult.Failure; |
| | 419 | 19 | | private EventWaitHandle _authenticationCompleted = new ManualResetEvent(initialState: false); |
| | | 20 | | #pragma warning disable S1450 // Private fields only used as local variables in methods should become local variables |
| | | 21 | | private bool _isSignatureRequired; |
| | | 22 | | #pragma warning restore S1450 // Private fields only used as local variables in methods should become local variables |
| | | 23 | | private bool _isDisposed; |
| | | 24 | | |
| | | 25 | | /// <summary> |
| | | 26 | | /// Gets the name of the authentication method. |
| | | 27 | | /// </summary> |
| | | 28 | | public override string Name |
| | | 29 | | { |
| | 2076 | 30 | | get { return "publickey"; } |
| | | 31 | | } |
| | | 32 | | |
| | | 33 | | /// <summary> |
| | | 34 | | /// Gets the key files used for authentication. |
| | | 35 | | /// </summary> |
| | 1116 | 36 | | public ICollection<IPrivateKeySource> KeyFiles { get; private set; } |
| | | 37 | | |
| | | 38 | | /// <summary> |
| | | 39 | | /// Initializes a new instance of the <see cref="PrivateKeyAuthenticationMethod"/> class. |
| | | 40 | | /// </summary> |
| | | 41 | | /// <param name="username">The username.</param> |
| | | 42 | | /// <param name="keyFiles">The key files.</param> |
| | | 43 | | /// <exception cref="ArgumentException"><paramref name="username"/> is whitespace or <see langword="null"/>.</ex |
| | | 44 | | public PrivateKeyAuthenticationMethod(string username, params IPrivateKeySource[] keyFiles) |
| | 419 | 45 | | : base(username) |
| | 413 | 46 | | { |
| | 413 | 47 | | if (keyFiles is null) |
| | 3 | 48 | | { |
| | 3 | 49 | | throw new ArgumentNullException(nameof(keyFiles)); |
| | | 50 | | } |
| | | 51 | | |
| | 410 | 52 | | KeyFiles = new Collection<IPrivateKeySource>(keyFiles); |
| | 410 | 53 | | } |
| | | 54 | | |
| | | 55 | | /// <summary> |
| | | 56 | | /// Authenticates the specified session. |
| | | 57 | | /// </summary> |
| | | 58 | | /// <param name="session">The session to authenticate.</param> |
| | | 59 | | /// <returns> |
| | | 60 | | /// Result of authentication process. |
| | | 61 | | /// </returns> |
| | | 62 | | public override AuthenticationResult Authenticate(Session session) |
| | 682 | 63 | | { |
| | 682 | 64 | | session.UserAuthenticationSuccessReceived += Session_UserAuthenticationSuccessReceived; |
| | 682 | 65 | | session.UserAuthenticationFailureReceived += Session_UserAuthenticationFailureReceived; |
| | 682 | 66 | | session.UserAuthenticationPublicKeyReceived += Session_UserAuthenticationPublicKeyReceived; |
| | | 67 | | |
| | 682 | 68 | | session.RegisterMessage("SSH_MSG_USERAUTH_PK_OK"); |
| | | 69 | | |
| | 1365 | 70 | | var hostAlgorithms = KeyFiles.SelectMany(x => x.HostKeyAlgorithms).ToList(); |
| | | 71 | | |
| | | 72 | | try |
| | 682 | 73 | | { |
| | 2744 | 74 | | foreach (var hostAlgorithm in hostAlgorithms) |
| | 689 | 75 | | { |
| | 689 | 76 | | _ = _authenticationCompleted.Reset(); |
| | 689 | 77 | | _isSignatureRequired = false; |
| | | 78 | | |
| | 689 | 79 | | var message = new RequestMessagePublicKey(ServiceName.Connection, |
| | 689 | 80 | | Username, |
| | 689 | 81 | | hostAlgorithm.Name, |
| | 689 | 82 | | hostAlgorithm.Data); |
| | | 83 | | |
| | 689 | 84 | | if (hostAlgorithms.Count == 1) |
| | 5 | 85 | | { |
| | | 86 | | // If only one key file provided then send signature for very first request |
| | 5 | 87 | | var signatureData = new SignatureData(message, session.SessionId).GetBytes(); |
| | | 88 | | |
| | 5 | 89 | | message.Signature = hostAlgorithm.Sign(signatureData); |
| | 5 | 90 | | } |
| | | 91 | | |
| | | 92 | | // Send public key authentication request |
| | 689 | 93 | | session.SendMessage(message); |
| | | 94 | | |
| | 689 | 95 | | session.WaitOnHandle(_authenticationCompleted); |
| | | 96 | | |
| | 689 | 97 | | if (_isSignatureRequired) |
| | 675 | 98 | | { |
| | 675 | 99 | | _ = _authenticationCompleted.Reset(); |
| | | 100 | | |
| | 675 | 101 | | var signatureMessage = new RequestMessagePublicKey(ServiceName.Connection, |
| | 675 | 102 | | Username, |
| | 675 | 103 | | hostAlgorithm.Name, |
| | 675 | 104 | | hostAlgorithm.Data); |
| | | 105 | | |
| | 675 | 106 | | var signatureData = new SignatureData(message, session.SessionId).GetBytes(); |
| | | 107 | | |
| | 675 | 108 | | signatureMessage.Signature = hostAlgorithm.Sign(signatureData); |
| | | 109 | | |
| | | 110 | | // Send public key authentication request with signature |
| | 675 | 111 | | session.SendMessage(signatureMessage); |
| | 675 | 112 | | } |
| | | 113 | | |
| | 689 | 114 | | session.WaitOnHandle(_authenticationCompleted); |
| | | 115 | | |
| | 689 | 116 | | if (_authenticationResult is AuthenticationResult.Success or AuthenticationResult.PartialSuccess) |
| | 680 | 117 | | { |
| | 680 | 118 | | break; |
| | | 119 | | } |
| | 9 | 120 | | } |
| | | 121 | | |
| | 682 | 122 | | return _authenticationResult; |
| | | 123 | | } |
| | | 124 | | finally |
| | 682 | 125 | | { |
| | 682 | 126 | | session.UserAuthenticationSuccessReceived -= Session_UserAuthenticationSuccessReceived; |
| | 682 | 127 | | session.UserAuthenticationFailureReceived -= Session_UserAuthenticationFailureReceived; |
| | 682 | 128 | | session.UserAuthenticationPublicKeyReceived -= Session_UserAuthenticationPublicKeyReceived; |
| | 682 | 129 | | session.UnRegisterMessage("SSH_MSG_USERAUTH_PK_OK"); |
| | 682 | 130 | | } |
| | 682 | 131 | | } |
| | | 132 | | |
| | | 133 | | private void Session_UserAuthenticationSuccessReceived(object sender, MessageEventArgs<SuccessMessage> e) |
| | 678 | 134 | | { |
| | 678 | 135 | | _authenticationResult = AuthenticationResult.Success; |
| | | 136 | | |
| | 678 | 137 | | _ = _authenticationCompleted.Set(); |
| | 678 | 138 | | } |
| | | 139 | | |
| | | 140 | | private void Session_UserAuthenticationFailureReceived(object sender, MessageEventArgs<FailureMessage> e) |
| | 11 | 141 | | { |
| | 11 | 142 | | if (e.Message.PartialSuccess) |
| | 2 | 143 | | { |
| | 2 | 144 | | _authenticationResult = AuthenticationResult.PartialSuccess; |
| | 2 | 145 | | } |
| | | 146 | | else |
| | 9 | 147 | | { |
| | 9 | 148 | | _authenticationResult = AuthenticationResult.Failure; |
| | 9 | 149 | | } |
| | | 150 | | |
| | | 151 | | // Copy allowed authentication methods |
| | 11 | 152 | | AllowedAuthentications = e.Message.AllowedAuthentications; |
| | | 153 | | |
| | 11 | 154 | | _ = _authenticationCompleted.Set(); |
| | 11 | 155 | | } |
| | | 156 | | |
| | | 157 | | private void Session_UserAuthenticationPublicKeyReceived(object sender, MessageEventArgs<PublicKeyMessage> e) |
| | 675 | 158 | | { |
| | 675 | 159 | | _isSignatureRequired = true; |
| | 675 | 160 | | _ = _authenticationCompleted.Set(); |
| | 675 | 161 | | } |
| | | 162 | | |
| | | 163 | | /// <summary> |
| | | 164 | | /// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. |
| | | 165 | | /// </summary> |
| | | 166 | | public void Dispose() |
| | 0 | 167 | | { |
| | 0 | 168 | | Dispose(disposing: true); |
| | 0 | 169 | | GC.SuppressFinalize(this); |
| | 0 | 170 | | } |
| | | 171 | | |
| | | 172 | | /// <summary> |
| | | 173 | | /// Releases unmanaged and - optionally - managed resources. |
| | | 174 | | /// </summary> |
| | | 175 | | /// <param name="disposing"><see langword="true"/> to release both managed and unmanaged resources; <see langwor |
| | | 176 | | protected virtual void Dispose(bool disposing) |
| | 419 | 177 | | { |
| | 419 | 178 | | if (_isDisposed) |
| | 0 | 179 | | { |
| | 0 | 180 | | return; |
| | | 181 | | } |
| | | 182 | | |
| | 419 | 183 | | if (disposing) |
| | 0 | 184 | | { |
| | 0 | 185 | | var authenticationCompleted = _authenticationCompleted; |
| | 0 | 186 | | if (authenticationCompleted != null) |
| | 0 | 187 | | { |
| | 0 | 188 | | _authenticationCompleted = null; |
| | 0 | 189 | | authenticationCompleted.Dispose(); |
| | 0 | 190 | | } |
| | | 191 | | |
| | 0 | 192 | | _isDisposed = true; |
| | 0 | 193 | | } |
| | 419 | 194 | | } |
| | | 195 | | |
| | | 196 | | /// <summary> |
| | | 197 | | /// Finalizes an instance of the <see cref="PrivateKeyAuthenticationMethod"/> class. |
| | | 198 | | /// </summary> |
| | | 199 | | ~PrivateKeyAuthenticationMethod() |
| | 838 | 200 | | { |
| | 419 | 201 | | Dispose(disposing: false); |
| | 838 | 202 | | } |
| | | 203 | | |
| | | 204 | | private sealed class SignatureData : SshData |
| | | 205 | | { |
| | | 206 | | private readonly RequestMessagePublicKey _message; |
| | | 207 | | |
| | | 208 | | private readonly byte[] _sessionId; |
| | | 209 | | private readonly byte[] _serviceName; |
| | | 210 | | private readonly byte[] _authenticationMethod; |
| | | 211 | | |
| | | 212 | | protected override int BufferCapacity |
| | | 213 | | { |
| | | 214 | | get |
| | 680 | 215 | | { |
| | 680 | 216 | | var capacity = base.BufferCapacity; |
| | 680 | 217 | | capacity += 4; // SessionId length |
| | 680 | 218 | | capacity += _sessionId.Length; // SessionId |
| | 680 | 219 | | capacity += 1; // Authentication Message Code |
| | 680 | 220 | | capacity += 4; // UserName length |
| | 680 | 221 | | capacity += _message.Username.Length; // UserName |
| | 680 | 222 | | capacity += 4; // ServiceName length |
| | 680 | 223 | | capacity += _serviceName.Length; // ServiceName |
| | 680 | 224 | | capacity += 4; // AuthenticationMethod length |
| | 680 | 225 | | capacity += _authenticationMethod.Length; // AuthenticationMethod |
| | 680 | 226 | | capacity += 1; // TRUE |
| | 680 | 227 | | capacity += 4; // PublicKeyAlgorithmName length |
| | 680 | 228 | | capacity += _message.PublicKeyAlgorithmName.Length; // PublicKeyAlgorithmName |
| | 680 | 229 | | capacity += 4; // PublicKeyData length |
| | 680 | 230 | | capacity += _message.PublicKeyData.Length; // PublicKeyData |
| | 680 | 231 | | return capacity; |
| | 680 | 232 | | } |
| | | 233 | | } |
| | | 234 | | |
| | 680 | 235 | | public SignatureData(RequestMessagePublicKey message, byte[] sessionId) |
| | 680 | 236 | | { |
| | 680 | 237 | | _message = message; |
| | 680 | 238 | | _sessionId = sessionId; |
| | 680 | 239 | | _serviceName = ServiceName.Connection.ToArray(); |
| | 680 | 240 | | _authenticationMethod = Ascii.GetBytes("publickey"); |
| | 680 | 241 | | } |
| | | 242 | | |
| | | 243 | | protected override void LoadData() |
| | 0 | 244 | | { |
| | 0 | 245 | | throw new NotImplementedException(); |
| | | 246 | | } |
| | | 247 | | |
| | | 248 | | protected override void SaveData() |
| | 680 | 249 | | { |
| | 680 | 250 | | WriteBinaryString(_sessionId); |
| | 680 | 251 | | Write((byte) RequestMessage.AuthenticationMessageCode); |
| | 680 | 252 | | WriteBinaryString(_message.Username); |
| | 680 | 253 | | WriteBinaryString(_serviceName); |
| | 680 | 254 | | WriteBinaryString(_authenticationMethod); |
| | 680 | 255 | | Write((byte)1); // TRUE |
| | 680 | 256 | | WriteBinaryString(_message.PublicKeyAlgorithmName); |
| | 680 | 257 | | WriteBinaryString(_message.PublicKeyData); |
| | 680 | 258 | | } |
| | | 259 | | } |
| | | 260 | | } |
| | | 261 | | } |