mirrors
/
jgit
mirror of https://github.com/eclipse/jgit.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 204 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8028 Commits
49 Branches
Tree: f802f06e7f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f802f06e7f'
${ noResults }
jgit/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSession.java

SshdSession.java 16KB
Raw Normal View History

Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
Update EDL 1.0 license headers to new short SPDX compliant format This is the format given by the Eclipse legal doc generator [1]. [1] https://www.eclipse.org/projects/tools/documentation.php?id=technology.jgit Bug: 548298 Change-Id: I8d8cabc998ba1b083e3f0906a8d558d391ffb6c4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
4 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
Update EDL 1.0 license headers to new short SPDX compliant format This is the format given by the Eclipse legal doc generator [1]. [1] https://www.eclipse.org/projects/tools/documentation.php?id=technology.jgit Bug: 548298 Change-Id: I8d8cabc998ba1b083e3f0906a8d558d391ffb6c4 Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
4 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
Client-side protocol V2 support for fetching Make all transports request protocol V2 when fetching. Depending on the transport, set the GIT_PROTOCOL environment variable (file and ssh), pass the Git-Protocol header (http), or set the hidden "\0version=2\0" (git anon). We'll fall back to V0 if the server doesn't reply with a version 2 answer. A user can control which protocol the client requests via the git config protocol.version; if not set, JGit requests protocol V2 for fetching. Pushing always uses protocol V0 still. In the API, there is only a new Transport.openFetch() version that takes a collection of RefSpecs plus additional patterns to construct the Ref prefixes for the "ls-refs" command in protocol V2. If none are given, the server will still advertise all refs, even in protocol V2. BasePackConnection.readAdvertisedRefs() handles falling back to protocol V0. It newly returns true if V0 was used and the advertised refs were read, and false if V2 is used and an explicit "ls-refs" is needed. (This can't be done transparently inside readAdvertisedRefs() because a "stateless RPC" transport like TransportHttp may need to open a new connection for writing.) BasePackFetchConnection implements the changes needed for the protocol V2 "fetch" command (simplified ACK handling, delimiters, section headers). In TransportHttp, change readSmartHeaders() to also recognize the "version 2" packet line as a valid smart server indication. Adapt tests, and run all the HTTP tests not only with both HTTP connection factories (JDK and Apache HttpClient) but also with both protocol V0 and V2. Do the same for the SSH transport tests. Bug: 553083 Change-Id: Ice9866aa78020f5ca8f397cde84dc224bf5d41b4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
Client-side protocol V2 support for fetching Make all transports request protocol V2 when fetching. Depending on the transport, set the GIT_PROTOCOL environment variable (file and ssh), pass the Git-Protocol header (http), or set the hidden "\0version=2\0" (git anon). We'll fall back to V0 if the server doesn't reply with a version 2 answer. A user can control which protocol the client requests via the git config protocol.version; if not set, JGit requests protocol V2 for fetching. Pushing always uses protocol V0 still. In the API, there is only a new Transport.openFetch() version that takes a collection of RefSpecs plus additional patterns to construct the Ref prefixes for the "ls-refs" command in protocol V2. If none are given, the server will still advertise all refs, even in protocol V2. BasePackConnection.readAdvertisedRefs() handles falling back to protocol V0. It newly returns true if V0 was used and the advertised refs were read, and false if V2 is used and an explicit "ls-refs" is needed. (This can't be done transparently inside readAdvertisedRefs() because a "stateless RPC" transport like TransportHttp may need to open a new connection for writing.) BasePackFetchConnection implements the changes needed for the protocol V2 "fetch" command (simplified ACK handling, delimiters, section headers). In TransportHttp, change readSmartHeaders() to also recognize the "version 2" packet line as a valid smart server indication. Adapt tests, and run all the HTTP tests not only with both HTTP connection factories (JDK and Apache HttpClient) but also with both protocol V0 and V2. Do the same for the SSH transport tests. Bug: 553083 Change-Id: Ice9866aa78020f5ca8f397cde84dc224bf5d41b4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
Client-side protocol V2 support for fetching Make all transports request protocol V2 when fetching. Depending on the transport, set the GIT_PROTOCOL environment variable (file and ssh), pass the Git-Protocol header (http), or set the hidden "\0version=2\0" (git anon). We'll fall back to V0 if the server doesn't reply with a version 2 answer. A user can control which protocol the client requests via the git config protocol.version; if not set, JGit requests protocol V2 for fetching. Pushing always uses protocol V0 still. In the API, there is only a new Transport.openFetch() version that takes a collection of RefSpecs plus additional patterns to construct the Ref prefixes for the "ls-refs" command in protocol V2. If none are given, the server will still advertise all refs, even in protocol V2. BasePackConnection.readAdvertisedRefs() handles falling back to protocol V0. It newly returns true if V0 was used and the advertised refs were read, and false if V2 is used and an explicit "ls-refs" is needed. (This can't be done transparently inside readAdvertisedRefs() because a "stateless RPC" transport like TransportHttp may need to open a new connection for writing.) BasePackFetchConnection implements the changes needed for the protocol V2 "fetch" command (simplified ACK handling, delimiters, section headers). In TransportHttp, change readSmartHeaders() to also recognize the "version 2" packet line as a valid smart server indication. Adapt tests, and run all the HTTP tests not only with both HTTP connection factories (JDK and Apache HttpClient) but also with both protocol V0 and V2. Do the same for the SSH transport tests. Bug: 553083 Change-Id: Ice9866aa78020f5ca8f397cde84dc224bf5d41b4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
Client-side protocol V2 support for fetching Make all transports request protocol V2 when fetching. Depending on the transport, set the GIT_PROTOCOL environment variable (file and ssh), pass the Git-Protocol header (http), or set the hidden "\0version=2\0" (git anon). We'll fall back to V0 if the server doesn't reply with a version 2 answer. A user can control which protocol the client requests via the git config protocol.version; if not set, JGit requests protocol V2 for fetching. Pushing always uses protocol V0 still. In the API, there is only a new Transport.openFetch() version that takes a collection of RefSpecs plus additional patterns to construct the Ref prefixes for the "ls-refs" command in protocol V2. If none are given, the server will still advertise all refs, even in protocol V2. BasePackConnection.readAdvertisedRefs() handles falling back to protocol V0. It newly returns true if V0 was used and the advertised refs were read, and false if V2 is used and an explicit "ls-refs" is needed. (This can't be done transparently inside readAdvertisedRefs() because a "stateless RPC" transport like TransportHttp may need to open a new connection for writing.) BasePackFetchConnection implements the changes needed for the protocol V2 "fetch" command (simplified ACK handling, delimiters, section headers). In TransportHttp, change readSmartHeaders() to also recognize the "version 2" packet line as a valid smart server indication. Adapt tests, and run all the HTTP tests not only with both HTTP connection factories (JDK and Apache HttpClient) but also with both protocol V0 and V2. Do the same for the SSH transport tests. Bug: 553083 Change-Id: Ice9866aa78020f5ca8f397cde84dc224bf5d41b4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
sshd: support the ProxyJump ssh config This is useful to access git repositories behind a bastion server (jump host). Add a constant for the config; rewrite the whole connection initiation to parse the value and (recursively) set up the chain of hops. Add tests for a single hop and two different ways to configure a two-hop chain. The connection timeout applies to each hop in the chain individually. Change-Id: Idd25af95aa2ec5367404587e4e530b0663c03665 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
Client-side protocol V2 support for fetching Make all transports request protocol V2 when fetching. Depending on the transport, set the GIT_PROTOCOL environment variable (file and ssh), pass the Git-Protocol header (http), or set the hidden "\0version=2\0" (git anon). We'll fall back to V0 if the server doesn't reply with a version 2 answer. A user can control which protocol the client requests via the git config protocol.version; if not set, JGit requests protocol V2 for fetching. Pushing always uses protocol V0 still. In the API, there is only a new Transport.openFetch() version that takes a collection of RefSpecs plus additional patterns to construct the Ref prefixes for the "ls-refs" command in protocol V2. If none are given, the server will still advertise all refs, even in protocol V2. BasePackConnection.readAdvertisedRefs() handles falling back to protocol V0. It newly returns true if V0 was used and the advertised refs were read, and false if V2 is used and an explicit "ls-refs" is needed. (This can't be done transparently inside readAdvertisedRefs() because a "stateless RPC" transport like TransportHttp may need to open a new connection for writing.) BasePackFetchConnection implements the changes needed for the protocol V2 "fetch" command (simplified ACK handling, delimiters, section headers). In TransportHttp, change readSmartHeaders() to also recognize the "version 2" packet line as a valid smart server indication. Adapt tests, and run all the HTTP tests not only with both HTTP connection factories (JDK and Apache HttpClient) but also with both protocol V0 and V2. Do the same for the SSH transport tests. Bug: 553083 Change-Id: Ice9866aa78020f5ca8f397cde84dc224bf5d41b4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
Client-side protocol V2 support for fetching Make all transports request protocol V2 when fetching. Depending on the transport, set the GIT_PROTOCOL environment variable (file and ssh), pass the Git-Protocol header (http), or set the hidden "\0version=2\0" (git anon). We'll fall back to V0 if the server doesn't reply with a version 2 answer. A user can control which protocol the client requests via the git config protocol.version; if not set, JGit requests protocol V2 for fetching. Pushing always uses protocol V0 still. In the API, there is only a new Transport.openFetch() version that takes a collection of RefSpecs plus additional patterns to construct the Ref prefixes for the "ls-refs" command in protocol V2. If none are given, the server will still advertise all refs, even in protocol V2. BasePackConnection.readAdvertisedRefs() handles falling back to protocol V0. It newly returns true if V0 was used and the advertised refs were read, and false if V2 is used and an explicit "ls-refs" is needed. (This can't be done transparently inside readAdvertisedRefs() because a "stateless RPC" transport like TransportHttp may need to open a new connection for writing.) BasePackFetchConnection implements the changes needed for the protocol V2 "fetch" command (simplified ACK handling, delimiters, section headers). In TransportHttp, change readSmartHeaders() to also recognize the "version 2" packet line as a valid smart server indication. Adapt tests, and run all the HTTP tests not only with both HTTP connection factories (JDK and Apache HttpClient) but also with both protocol V0 and V2. Do the same for the SSH transport tests. Bug: 553083 Change-Id: Ice9866aa78020f5ca8f397cde84dc224bf5d41b4 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch> Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>
3 years ago
Update javadoc for RemoteSession and SshSessionFactory The timeout on RemoteSession.exec() cannot be a timeout for the whole command. It can only be a timeout for setting up the process; after that it's the application's responsibility to implement some timeout for the execution of the command, for instance by calling Process.waitFor(int, TimeUnit) or through other means. Sessions returned by an SshSessionFactory are already connected and authenticated -- they must be, because RemoteSession offers no operations for connecting or authenticating a session. Change the implementation of SshdExecProcess.waitFor() to wait indefinitely. The original implementation used the timeout from RemoteSession.exec() because of that erroneous javadoc. Change-Id: I3c7ede24ab66d4c81f72d178ce5012d383cd826e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
Update javadoc for RemoteSession and SshSessionFactory The timeout on RemoteSession.exec() cannot be a timeout for the whole command. It can only be a timeout for setting up the process; after that it's the application's responsibility to implement some timeout for the execution of the command, for instance by calling Process.waitFor(int, TimeUnit) or through other means. Sessions returned by an SshSessionFactory are already connected and authenticated -- they must be, because RemoteSession offers no operations for connecting or authenticating a session. Change the implementation of SshdExecProcess.waitFor() to wait indefinitely. The original implementation used the timeout from RemoteSession.exec() because of that erroneous javadoc. Change-Id: I3c7ede24ab66d4c81f72d178ce5012d383cd826e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
Update javadoc for RemoteSession and SshSessionFactory The timeout on RemoteSession.exec() cannot be a timeout for the whole command. It can only be a timeout for setting up the process; after that it's the application's responsibility to implement some timeout for the execution of the command, for instance by calling Process.waitFor(int, TimeUnit) or through other means. Sessions returned by an SshSessionFactory are already connected and authenticated -- they must be, because RemoteSession offers no operations for connecting or authenticating a session. Change the implementation of SshdExecProcess.waitFor() to wait indefinitely. The original implementation used the timeout from RemoteSession.exec() because of that erroneous javadoc. Change-Id: I3c7ede24ab66d4c81f72d178ce5012d383cd826e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
Update javadoc for RemoteSession and SshSessionFactory The timeout on RemoteSession.exec() cannot be a timeout for the whole command. It can only be a timeout for setting up the process; after that it's the application's responsibility to implement some timeout for the execution of the command, for instance by calling Process.waitFor(int, TimeUnit) or through other means. Sessions returned by an SshSessionFactory are already connected and authenticated -- they must be, because RemoteSession offers no operations for connecting or authenticating a session. Change the implementation of SshdExecProcess.waitFor() to wait indefinitely. The original implementation used the timeout from RemoteSession.exec() because of that erroneous javadoc. Change-Id: I3c7ede24ab66d4c81f72d178ce5012d383cd826e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
Update javadoc for RemoteSession and SshSessionFactory The timeout on RemoteSession.exec() cannot be a timeout for the whole command. It can only be a timeout for setting up the process; after that it's the application's responsibility to implement some timeout for the execution of the command, for instance by calling Process.waitFor(int, TimeUnit) or through other means. Sessions returned by an SshSessionFactory are already connected and authenticated -- they must be, because RemoteSession offers no operations for connecting or authenticating a session. Change the implementation of SshdExecProcess.waitFor() to wait indefinitely. The original implementation used the timeout from RemoteSession.exec() because of that erroneous javadoc. Change-Id: I3c7ede24ab66d4c81f72d178ce5012d383cd826e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
SshdSession: close channel gracefully Close the channel gracefully to give the server a chance to clean up properly on its side. Bug: 565854 Change-Id: Iedda5af3b97c8321f08f7ce854274cbb30e401de Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
Enable and fix "Statement unnecessarily nested within else clause" warnings Since [1] the gerrit project includes jgit as a submodule, and has this warning enabled, resulting in 100s of warnings in the console. Also enable the warning here, and fix them. At the same time, add missing braces around adjacent and nearby one-line blocks. [1] https://gerrit-review.googlesource.com/c/gerrit/+/227897 Change-Id: I81df3fc7ed6eedf6874ce1a3bedfa727a1897e4c Signed-off-by: David Pursehouse <david.pursehouse@gmail.com>
4 years ago
Apache MINA sshd client Add a new ssh client implementation based on Apach MINA sshd 2.0.0. This implementation uses JGit's own config file parser and host entry resolver. Code inspection of the Apache MINA implementation revealed a few bugs or idiosyncrasies that immediately would re-introduce bugs already fixed in the past in JGit. Apache MINA sshd is not without quirks either, and I had to configure and override more than I had expected. But at least it was all doable in clean ways. Apache MINA boasts support for Bouncy Castle, so in theory this should open the way to using more ssh key algorithms, such as ed25519. The implementation is in a separate bundle and is still not used in the core org.eclipse.jgit bundle. The tests re-use the ssh tests from the core test bundle. Bug: 520927 Change-Id: Ib35e73c35799140fe050d1ff4fb18d0d3596580e Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
5 years ago
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606 
  1. /*

  2.  * Copyright (C) 2018, 2020 Thomas Wolf <thomas.wolf@paranor.ch> and others

  3.  *

  4.  * This program and the accompanying materials are made available under the

  5.  * terms of the Eclipse Distribution License v. 1.0 which is available at

  6.  * https://www.eclipse.org/org/documents/edl-v10.php.

  7.  *

  8.  * SPDX-License-Identifier: BSD-3-Clause

  9.  */

  10. package org.eclipse.jgit.transport.sshd;

  11. 

  12. import static java.text.MessageFormat.format;

  13. import static org.apache.sshd.common.SshConstants.SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE;

  14. 

  15. import java.io.Closeable;

  16. import java.io.IOException;

  17. import java.io.InputStream;

  18. import java.io.OutputStream;

  19. import java.net.URISyntaxException;

  20. import java.time.Duration;

  21. import java.util.ArrayList;

  22. import java.util.Collection;

  23. import java.util.Collections;

  24. import java.util.EnumSet;

  25. import java.util.LinkedList;

  26. import java.util.List;

  27. import java.util.Map;

  28. import java.util.concurrent.CopyOnWriteArrayList;

  29. import java.util.concurrent.TimeUnit;

  30. import java.util.concurrent.atomic.AtomicReference;

  31. import java.util.function.Supplier;

  32. import java.util.regex.Pattern;

  33. 

  34. import org.apache.sshd.client.SshClient;

  35. import org.apache.sshd.client.channel.ChannelExec;

  36. import org.apache.sshd.client.channel.ClientChannelEvent;

  37. import org.apache.sshd.client.config.hosts.HostConfigEntry;

  38. import org.apache.sshd.client.future.ConnectFuture;

  39. import org.apache.sshd.client.session.ClientSession;

  40. import org.apache.sshd.client.session.forward.PortForwardingTracker;

  41. import org.apache.sshd.client.subsystem.sftp.SftpClient;

  42. import org.apache.sshd.client.subsystem.sftp.SftpClient.CloseableHandle;

  43. import org.apache.sshd.client.subsystem.sftp.SftpClient.CopyMode;

  44. import org.apache.sshd.client.subsystem.sftp.SftpClientFactory;

  45. import org.apache.sshd.common.AttributeRepository;

  46. import org.apache.sshd.common.SshException;

  47. import org.apache.sshd.common.future.CloseFuture;

  48. import org.apache.sshd.common.future.SshFutureListener;

  49. import org.apache.sshd.common.subsystem.sftp.SftpException;

  50. import org.apache.sshd.common.util.io.IoUtils;

  51. import org.apache.sshd.common.util.net.SshdSocketAddress;

  52. import org.eclipse.jgit.annotations.NonNull;

  53. import org.eclipse.jgit.errors.TransportException;

  54. import org.eclipse.jgit.internal.transport.sshd.JGitSshClient;

  55. import org.eclipse.jgit.internal.transport.sshd.SshdText;

  56. import org.eclipse.jgit.transport.FtpChannel;

  57. import org.eclipse.jgit.transport.RemoteSession2;

  58. import org.eclipse.jgit.transport.SshConstants;

  59. import org.eclipse.jgit.transport.URIish;

  60. import org.eclipse.jgit.util.StringUtils;

  61. import org.slf4j.Logger;

  62. import org.slf4j.LoggerFactory;

  63. 

  64. /**

  65.  * An implementation of {@link org.eclipse.jgit.transport.RemoteSession

  66.  * RemoteSession} based on Apache MINA sshd.

  67.  *

  68.  * @since 5.2

  69.  */

  70. public class SshdSession implements RemoteSession2 {

  71. 

  72. 	private static final Logger LOG = LoggerFactory

  73. 			.getLogger(SshdSession.class);

  74. 

  75. 	private static final Pattern SHORT_SSH_FORMAT = Pattern

  76. 			.compile("[-\\w.]+(?:@[-\\w.]+)?(?::\\d+)?"); //$NON-NLS-1$

  77. 

  78. 	private static final int MAX_DEPTH = 10;

  79. 

  80. 	private final CopyOnWriteArrayList<SessionCloseListener> listeners = new CopyOnWriteArrayList<>();

  81. 

  82. 	private final URIish uri;

  83. 

  84. 	private SshClient client;

  85. 

  86. 	private ClientSession session;

  87. 

  88. 	SshdSession(URIish uri, Supplier<SshClient> clientFactory) {

  89. 		this.uri = uri;

  90. 		this.client = clientFactory.get();

  91. 	}

  92. 

  93. 	void connect(Duration timeout) throws IOException {

  94. 		if (!client.isStarted()) {

  95. 			client.start();

  96. 		}

  97. 		try {

  98. 			session = connect(uri, Collections.emptyList(),

  99. 					future -> notifyCloseListeners(), timeout, MAX_DEPTH);

  100. 		} catch (IOException e) {

  101. 			disconnect(e);

  102. 			throw e;

  103. 		}

  104. 	}

  105. 

  106. 	private ClientSession connect(URIish target, List<URIish> jumps,

  107. 			SshFutureListener<CloseFuture> listener, Duration timeout,

  108. 			int depth) throws IOException {

  109. 		if (--depth < 0) {

  110. 			throw new IOException(

  111. 					format(SshdText.get().proxyJumpAbort, target));

  112. 		}

  113. 		HostConfigEntry hostConfig = getHostConfig(target.getUser(),

  114. 				target.getHost(), target.getPort());

  115. 		String host = hostConfig.getHostName();

  116. 		int port = hostConfig.getPort();

  117. 		List<URIish> hops = determineHops(jumps, hostConfig, target.getHost());

  118. 		ClientSession resultSession = null;

  119. 		ClientSession proxySession = null;

  120. 		PortForwardingTracker portForward = null;

  121. 		try {

  122. 			if (!hops.isEmpty()) {

  123. 				URIish hop = hops.remove(0);

  124. 				if (LOG.isDebugEnabled()) {

  125. 					LOG.debug("Connecting to jump host {}", hop); //$NON-NLS-1$

  126. 				}

  127. 				proxySession = connect(hop, hops, null, timeout, depth);

  128. 			}

  129. 			AttributeRepository context = null;

  130. 			if (proxySession != null) {

  131. 				SshdSocketAddress remoteAddress = new SshdSocketAddress(host,

  132. 						port);

  133. 				portForward = proxySession.createLocalPortForwardingTracker(

  134. 						SshdSocketAddress.LOCALHOST_ADDRESS, remoteAddress);

  135. 				// We must connect to the locally bound address, not the one

  136. 				// from the host config.

  137. 				context = AttributeRepository.ofKeyValuePair(

  138. 						JGitSshClient.LOCAL_FORWARD_ADDRESS,

  139. 						portForward.getBoundAddress());

  140. 			}

  141. 			resultSession = connect(hostConfig, context, timeout);

  142. 			if (proxySession != null) {

  143. 				final PortForwardingTracker tracker = portForward;

  144. 				final ClientSession pSession = proxySession;

  145. 				resultSession.addCloseFutureListener(future -> {

  146. 					IoUtils.closeQuietly(tracker);

  147. 					String sessionName = pSession.toString();

  148. 					try {

  149. 						pSession.close();

  150. 					} catch (IOException e) {

  151. 						LOG.error(format(

  152. 								SshdText.get().sshProxySessionCloseFailed,

  153. 								sessionName), e);

  154. 					}

  155. 				});

  156. 				portForward = null;

  157. 				proxySession = null;

  158. 			}

  159. 			if (listener != null) {

  160. 				resultSession.addCloseFutureListener(listener);

  161. 			}

  162. 			// Authentication timeout is by default 2 minutes.

  163. 			resultSession.auth().verify(resultSession.getAuthTimeout());

  164. 			return resultSession;

  165. 		} catch (IOException e) {

  166. 			close(portForward, e);

  167. 			close(proxySession, e);

  168. 			close(resultSession, e);

  169. 			if (e instanceof SshException && ((SshException) e)

  170. 					.getDisconnectCode() == SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE) {

  171. 				// Ensure the user gets to know on which URI the authentication

  172. 				// was denied.

  173. 				throw new TransportException(target,

  174. 						format(SshdText.get().loginDenied, host,

  175. 								Integer.toString(port)),

  176. 						e);

  177. 			}

  178. 			throw e;

  179. 		}

  180. 	}

  181. 

  182. 	private ClientSession connect(HostConfigEntry config,

  183. 			AttributeRepository context, Duration timeout)

  184. 			throws IOException {

  185. 		ConnectFuture connected = client.connect(config, context, null);

  186. 		long timeoutMillis = timeout.toMillis();

  187. 		if (timeoutMillis <= 0) {

  188. 			connected = connected.verify();

  189. 		} else {

  190. 			connected = connected.verify(timeoutMillis);

  191. 		}

  192. 		return connected.getSession();

  193. 	}

  194. 

  195. 	private void close(Closeable toClose, Throwable error) {

  196. 		if (toClose != null) {

  197. 			try {

  198. 				toClose.close();

  199. 			} catch (IOException e) {

  200. 				error.addSuppressed(e);

  201. 			}

  202. 		}

  203. 	}

  204. 

  205. 	private HostConfigEntry getHostConfig(String username, String host,

  206. 			int port) throws IOException {

  207. 		HostConfigEntry entry = client.getHostConfigEntryResolver()

  208. 				.resolveEffectiveHost(host, port, null, username, null);

  209. 		if (entry == null) {

  210. 			if (SshdSocketAddress.isIPv6Address(host)) {

  211. 				return new HostConfigEntry("", host, port, username); //$NON-NLS-1$

  212. 			}

  213. 			return new HostConfigEntry(host, host, port, username);

  214. 		}

  215. 		return entry;

  216. 	}

  217. 

  218. 	private List<URIish> determineHops(List<URIish> currentHops,

  219. 			HostConfigEntry hostConfig, String host) throws IOException {

  220. 		if (currentHops.isEmpty()) {

  221. 			String jumpHosts = hostConfig.getProperty(SshConstants.PROXY_JUMP);

  222. 			if (!StringUtils.isEmptyOrNull(jumpHosts)) {

  223. 				try {

  224. 					return parseProxyJump(jumpHosts);

  225. 				} catch (URISyntaxException e) {

  226. 					throw new IOException(

  227. 							format(SshdText.get().configInvalidProxyJump, host,

  228. 									jumpHosts),

  229. 							e);

  230. 				}

  231. 			}

  232. 		}

  233. 		return currentHops;

  234. 	}

  235. 

  236. 	private List<URIish> parseProxyJump(String proxyJump)

  237. 			throws URISyntaxException {

  238. 		String[] hops = proxyJump.split(","); //$NON-NLS-1$

  239. 		List<URIish> result = new LinkedList<>();

  240. 		for (String hop : hops) {

  241. 			// There shouldn't be any whitespace, but let's be lenient

  242. 			hop = hop.trim();

  243. 			if (SHORT_SSH_FORMAT.matcher(hop).matches()) {

  244. 				// URIish doesn't understand the short SSH format

  245. 				// user@host:port, only user@host:path

  246. 				hop = SshConstants.SSH_SCHEME + "://" + hop; //$NON-NLS-1$

  247. 			}

  248. 			URIish to = new URIish(hop);

  249. 			if (!SshConstants.SSH_SCHEME.equalsIgnoreCase(to.getScheme())) {

  250. 				throw new URISyntaxException(hop,

  251. 						SshdText.get().configProxyJumpNotSsh);

  252. 			} else if (!StringUtils.isEmptyOrNull(to.getPath())) {

  253. 				throw new URISyntaxException(hop,

  254. 						SshdText.get().configProxyJumpWithPath);

  255. 			}

  256. 			result.add(to);

  257. 		}

  258. 		return result;

  259. 	}

  260. 

  261. 	/**

  262. 	 * Adds a {@link SessionCloseListener} to this session. Has no effect if the

  263. 	 * given {@code listener} is already registered with this session.

  264. 	 *

  265. 	 * @param listener

  266. 	 *            to add

  267. 	 */

  268. 	public void addCloseListener(@NonNull SessionCloseListener listener) {

  269. 		listeners.addIfAbsent(listener);

  270. 	}

  271. 

  272. 	/**

  273. 	 * Removes the given {@code listener}; has no effect if the listener is not

  274. 	 * currently registered with this session.

  275. 	 *

  276. 	 * @param listener

  277. 	 *            to remove

  278. 	 */

  279. 	public void removeCloseListener(@NonNull SessionCloseListener listener) {

  280. 		listeners.remove(listener);

  281. 	}

  282. 

  283. 	private void notifyCloseListeners() {

  284. 		for (SessionCloseListener l : listeners) {

  285. 			try {

  286. 				l.sessionClosed(this);

  287. 			} catch (RuntimeException e) {

  288. 				LOG.warn(SshdText.get().closeListenerFailed, e);

  289. 			}

  290. 		}

  291. 	}

  292. 

  293. 	@Override

  294. 	public Process exec(String commandName, int timeout) throws IOException {

  295. 		return exec(commandName, Collections.emptyMap(), timeout);

  296. 	}

  297. 

  298. 	@Override

  299. 	public Process exec(String commandName, Map<String, String> environment,

  300. 			int timeout) throws IOException {

  301. 		@SuppressWarnings("resource")

  302. 		ChannelExec exec = session.createExecChannel(commandName, null,

  303. 				environment);

  304. 		if (timeout <= 0) {

  305. 			try {

  306. 				exec.open().verify();

  307. 			} catch (IOException | RuntimeException e) {

  308. 				exec.close(true);

  309. 				throw e;

  310. 			}

  311. 		} else {

  312. 			try {

  313. 				exec.open().verify(TimeUnit.SECONDS.toMillis(timeout));

  314. 			} catch (IOException | RuntimeException e) {

  315. 				exec.close(true);

  316. 				throw new IOException(format(SshdText.get().sshCommandTimeout,

  317. 						commandName, Integer.valueOf(timeout)), e);

  318. 			}

  319. 		}

  320. 		return new SshdExecProcess(exec, commandName);

  321. 	}

  322. 

  323. 	/**

  324. 	 * Obtain an {@link FtpChannel} to perform SFTP operations in this

  325. 	 * {@link SshdSession}.

  326. 	 */

  327. 	@Override

  328. 	@NonNull

  329. 	public FtpChannel getFtpChannel() {

  330. 		return new SshdFtpChannel();

  331. 	}

  332. 

  333. 	@Override

  334. 	public void disconnect() {

  335. 		disconnect(null);

  336. 	}

  337. 

  338. 	private void disconnect(Throwable reason) {

  339. 		try {

  340. 			if (session != null) {

  341. 				session.close();

  342. 				session = null;

  343. 			}

  344. 		} catch (IOException e) {

  345. 			if (reason != null) {

  346. 				reason.addSuppressed(e);

  347. 			} else {

  348. 				LOG.error(SshdText.get().sessionCloseFailed, e);

  349. 			}

  350. 		} finally {

  351. 			client.stop();

  352. 			client = null;

  353. 		}

  354. 	}

  355. 

  356. 	private static class SshdExecProcess extends Process {

  357. 

  358. 		private final ChannelExec channel;

  359. 

  360. 		private final String commandName;

  361. 

  362. 		public SshdExecProcess(ChannelExec channel, String commandName) {

  363. 			this.channel = channel;

  364. 			this.commandName = commandName;

  365. 		}

  366. 

  367. 		@Override

  368. 		public OutputStream getOutputStream() {

  369. 			return channel.getInvertedIn();

  370. 		}

  371. 

  372. 		@Override

  373. 		public InputStream getInputStream() {

  374. 			return channel.getInvertedOut();

  375. 		}

  376. 

  377. 		@Override

  378. 		public InputStream getErrorStream() {

  379. 			return channel.getInvertedErr();

  380. 		}

  381. 

  382. 		@Override

  383. 		public int waitFor() throws InterruptedException {

  384. 			if (waitFor(-1L, TimeUnit.MILLISECONDS)) {

  385. 				return exitValue();

  386. 			}

  387. 			return -1;

  388. 		}

  389. 

  390. 		@Override

  391. 		public boolean waitFor(long timeout, TimeUnit unit)

  392. 				throws InterruptedException {

  393. 			long millis = timeout >= 0 ? unit.toMillis(timeout) : -1L;

  394. 			return channel

  395. 					.waitFor(EnumSet.of(ClientChannelEvent.CLOSED), millis)

  396. 					.contains(ClientChannelEvent.CLOSED);

  397. 		}

  398. 

  399. 		@Override

  400. 		public int exitValue() {

  401. 			Integer exitCode = channel.getExitStatus();

  402. 			if (exitCode == null) {

  403. 				throw new IllegalThreadStateException(

  404. 						format(SshdText.get().sshProcessStillRunning,

  405. 								commandName));

  406. 			}

  407. 			return exitCode.intValue();

  408. 		}

  409. 

  410. 		@Override

  411. 		public void destroy() {

  412. 			if (channel.isOpen()) {

  413. 				channel.close(false);

  414. 			}

  415. 		}

  416. 	}

  417. 

  418. 	/**

  419. 	 * Helper interface like {@link Supplier}, but possibly raising an

  420. 	 * {@link IOException}.

  421. 	 *

  422. 	 * @param <T>

  423. 	 *            return type

  424. 	 */

  425. 	@FunctionalInterface

  426. 	private interface FtpOperation<T> {

  427. 

  428. 		T call() throws IOException;

  429. 

  430. 	}

  431. 

  432. 	private class SshdFtpChannel implements FtpChannel {

  433. 

  434. 		private SftpClient ftp;

  435. 

  436. 		/** Current working directory. */

  437. 		private String cwd = ""; //$NON-NLS-1$

  438. 

  439. 		@Override

  440. 		public void connect(int timeout, TimeUnit unit) throws IOException {

  441. 			if (timeout <= 0) {

  442. 				session.getProperties().put(

  443. 						SftpClient.SFTP_CHANNEL_OPEN_TIMEOUT,

  444. 						Long.valueOf(Long.MAX_VALUE));

  445. 			} else {

  446. 				session.getProperties().put(

  447. 						SftpClient.SFTP_CHANNEL_OPEN_TIMEOUT,

  448. 						Long.valueOf(unit.toMillis(timeout)));

  449. 			}

  450. 			ftp = SftpClientFactory.instance().createSftpClient(session);

  451. 			try {

  452. 				cd(cwd);

  453. 			} catch (IOException e) {

  454. 				ftp.close();

  455. 			}

  456. 		}

  457. 

  458. 		@Override

  459. 		public void disconnect() {

  460. 			try {

  461. 				ftp.close();

  462. 			} catch (IOException e) {

  463. 				LOG.error(SshdText.get().ftpCloseFailed, e);

  464. 			}

  465. 		}

  466. 

  467. 		@Override

  468. 		public boolean isConnected() {

  469. 			return session.isAuthenticated() && ftp.isOpen();

  470. 		}

  471. 

  472. 		private String absolute(String path) {

  473. 			if (path.isEmpty()) {

  474. 				return cwd;

  475. 			}

  476. 			// Note: there is no path injection vulnerability here. If

  477. 			// path has too many ".." components, we rely on the server

  478. 			// catching it and returning an error.

  479. 			if (path.charAt(0) != '/') {

  480. 				if (cwd.charAt(cwd.length() - 1) == '/') {

  481. 					return cwd + path;

  482. 				}

  483. 				return cwd + '/' + path;

  484. 			}

  485. 			return path;

  486. 		}

  487. 

  488. 		private <T> T map(FtpOperation<T> op) throws IOException {

  489. 			try {

  490. 				return op.call();

  491. 			} catch (IOException e) {

  492. 				if (e instanceof SftpException) {

  493. 					throw new FtpChannel.FtpException(e.getLocalizedMessage(),

  494. 							((SftpException) e).getStatus(), e);

  495. 				}

  496. 				throw e;

  497. 			}

  498. 		}

  499. 

  500. 		@Override

  501. 		public void cd(String path) throws IOException {

  502. 			cwd = map(() -> ftp.canonicalPath(absolute(path)));

  503. 			if (cwd.isEmpty()) {

  504. 				cwd += '/';

  505. 			}

  506. 		}

  507. 

  508. 		@Override

  509. 		public String pwd() throws IOException {

  510. 			return cwd;

  511. 		}

  512. 

  513. 		@Override

  514. 		public Collection<DirEntry> ls(String path) throws IOException {

  515. 			return map(() -> {

  516. 				List<DirEntry> result = new ArrayList<>();

  517. 				try (CloseableHandle handle = ftp.openDir(absolute(path))) {

  518. 					AtomicReference<Boolean> atEnd = new AtomicReference<>(

  519. 							Boolean.FALSE);

  520. 					while (!atEnd.get().booleanValue()) {

  521. 						List<SftpClient.DirEntry> chunk = ftp.readDir(handle,

  522. 								atEnd);

  523. 						if (chunk == null) {

  524. 							break;

  525. 						}

  526. 						for (SftpClient.DirEntry remote : chunk) {

  527. 							result.add(new DirEntry() {

  528. 

  529. 								@Override

  530. 								public String getFilename() {

  531. 									return remote.getFilename();

  532. 								}

  533. 

  534. 								@Override

  535. 								public long getModifiedTime() {

  536. 									return remote.getAttributes()

  537. 											.getModifyTime().toMillis();

  538. 								}

  539. 

  540. 								@Override

  541. 								public boolean isDirectory() {

  542. 									return remote.getAttributes().isDirectory();

  543. 								}

  544. 

  545. 							});

  546. 						}

  547. 					}

  548. 				}

  549. 				return result;

  550. 			});

  551. 		}

  552. 

  553. 		@Override

  554. 		public void rmdir(String path) throws IOException {

  555. 			map(() -> {

  556. 				ftp.rmdir(absolute(path));

  557. 				return null;

  558. 			});

  559. 

  560. 		}

  561. 

  562. 		@Override

  563. 		public void mkdir(String path) throws IOException {

  564. 			map(() -> {

  565. 				ftp.mkdir(absolute(path));

  566. 				return null;

  567. 			});

  568. 		}

  569. 

  570. 		@Override

  571. 		public InputStream get(String path) throws IOException {

  572. 			return map(() -> ftp.read(absolute(path)));

  573. 		}

  574. 

  575. 		@Override

  576. 		public OutputStream put(String path) throws IOException {

  577. 			return map(() -> ftp.write(absolute(path)));

  578. 		}

  579. 

  580. 		@Override

  581. 		public void rm(String path) throws IOException {

  582. 			map(() -> {

  583. 				ftp.remove(absolute(path));

  584. 				return null;

  585. 			});

  586. 		}

  587. 

  588. 		@Override

  589. 		public void rename(String from, String to) throws IOException {

  590. 			map(() -> {

  591. 				String src = absolute(from);

  592. 				String dest = absolute(to);

  593. 				try {

  594. 					ftp.rename(src, dest, CopyMode.Atomic, CopyMode.Overwrite);

  595. 				} catch (UnsupportedOperationException e) {

  596. 					// Older server cannot do POSIX rename...

  597. 					if (!src.equals(dest)) {

  598. 						delete(dest);

  599. 						ftp.rename(src, dest);

  600. 					}

  601. 				}

  602. 				return null;

  603. 			});

  604. 		}

  605. 	}

  606. }