diff options
author | Florian Zschocke <fzs@users.noreply.github.com> | 2019-11-10 17:56:56 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-11-10 17:56:56 +0100 |
commit | 4d7311ba9f65869b39c4e117ab6d45f7a6eb4adc (patch) | |
tree | d5200dd4a6f58dd00155fdbbaf8cda1d92df27fd | |
parent | 5784b125b676d5d19897c66144552afedc92c655 (diff) | |
parent | bca2cd21d1798eadbeef0a055f7d5bc8df78a846 (diff) | |
download | gitblit-4d7311ba9f65869b39c4e117ab6d45f7a6eb4adc.tar.gz gitblit-4d7311ba9f65869b39c4e117ab6d45f7a6eb4adc.zip |
Merge pull request #1322 from fzs/sshd_update
Update dependencies MINA to 2.0.21 and SSHD to 1.2.0
Update SSHD to fix an issue with hmac-sha2-512. This resolves problems with clients that prefer SHA-512 over SHA-256.
This also updates the dependency on SLF4J to the latest version, as the updated dependency on MINA did also bring in higher SLF4J versions.
-rw-r--r-- | .classpath | 8 | ||||
-rw-r--r-- | build.moxie | 6 | ||||
-rw-r--r-- | gitblit.iml | 24 | ||||
-rw-r--r-- | src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java | 4 | ||||
-rw-r--r-- | src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java | 2 | ||||
-rw-r--r-- | src/main/java/com/gitblit/transport/ssh/SshDaemon.java | 4 | ||||
-rw-r--r-- | src/main/java/com/gitblit/transport/ssh/SshDaemonClient.java | 2 | ||||
-rw-r--r-- | src/main/java/com/gitblit/transport/ssh/SshServerSessionFactory.java | 10 | ||||
-rw-r--r-- | src/test/java/com/gitblit/tests/SshDaemonTest.java | 5 | ||||
-rw-r--r-- | src/test/java/com/gitblit/tests/SshUnitTest.java | 26 |
10 files changed, 56 insertions, 35 deletions
@@ -13,8 +13,8 @@ <classpathentry kind="lib" path="ext/guice-servlet-4.0-gb2.jar" sourcepath="ext/src/guice-servlet-4.0-gb2.jar" /> <classpathentry kind="lib" path="ext/annotations-12.0.jar" sourcepath="ext/src/annotations-12.0.jar" /> <classpathentry kind="lib" path="ext/log4j-1.2.17.jar" sourcepath="ext/src/log4j-1.2.17.jar" /> - <classpathentry kind="lib" path="ext/slf4j-api-1.7.12.jar" sourcepath="ext/src/slf4j-api-1.7.12.jar" /> - <classpathentry kind="lib" path="ext/slf4j-log4j12-1.7.12.jar" sourcepath="ext/src/slf4j-log4j12-1.7.12.jar" /> + <classpathentry kind="lib" path="ext/slf4j-api-1.7.29.jar" sourcepath="ext/src/slf4j-api-1.7.29.jar" /> + <classpathentry kind="lib" path="ext/slf4j-log4j12-1.7.29.jar" sourcepath="ext/src/slf4j-log4j12-1.7.29.jar" /> <classpathentry kind="lib" path="ext/javax.mail-1.5.1.jar" sourcepath="ext/src/javax.mail-1.5.1.jar" /> <classpathentry kind="lib" path="ext/javax.servlet-api-3.1.0.jar" sourcepath="ext/src/javax.servlet-api-3.1.0.jar" /> <classpathentry kind="lib" path="ext/jetty-all-9.2.13.v20150730.jar" sourcepath="ext/src/jetty-all-9.2.13.v20150730.jar" /> @@ -54,8 +54,8 @@ <classpathentry kind="lib" path="ext/bcprov-jdk15on-1.57.jar" sourcepath="ext/src/bcprov-jdk15on-1.57.jar" /> <classpathentry kind="lib" path="ext/bcmail-jdk15on-1.57.jar" sourcepath="ext/src/bcmail-jdk15on-1.57.jar" /> <classpathentry kind="lib" path="ext/bcpkix-jdk15on-1.57.jar" sourcepath="ext/src/bcpkix-jdk15on-1.57.jar" /> - <classpathentry kind="lib" path="ext/sshd-core-1.0.0.jar" sourcepath="ext/src/sshd-core-1.0.0.jar" /> - <classpathentry kind="lib" path="ext/mina-core-2.0.9.jar" sourcepath="ext/src/mina-core-2.0.9.jar" /> + <classpathentry kind="lib" path="ext/sshd-core-1.2.0.jar" sourcepath="ext/src/sshd-core-1.2.0.jar" /> + <classpathentry kind="lib" path="ext/mina-core-2.0.21.jar" sourcepath="ext/src/mina-core-2.0.21.jar" /> <classpathentry kind="lib" path="ext/rome-0.9.jar" sourcepath="ext/src/rome-0.9.jar" /> <classpathentry kind="lib" path="ext/jdom-1.0.jar" sourcepath="ext/src/jdom-1.0.jar" /> <classpathentry kind="lib" path="ext/gson-2.3.1.jar" sourcepath="ext/src/gson-2.3.1.jar" /> diff --git a/build.moxie b/build.moxie index b8dc3efc..ece12a15 100644 --- a/build.moxie +++ b/build.moxie @@ -104,7 +104,7 @@ repositories: central, eclipse-snapshots, eclipse, gitblit # Convenience properties for dependencies properties: { jetty.version : 9.2.13.v20150730 - slf4j.version : 1.7.12 + slf4j.version : 1.7.29 wicket.version : 1.4.22 lucene.version : 5.5.2 jgit.version : 4.1.1.201511131810-r @@ -112,8 +112,8 @@ properties: { bouncycastle.version : 1.57 selenium.version : 2.28.0 wikitext.version : 1.4 - sshd.version: 1.0.0 - mina.version: 2.0.9 + sshd.version: 1.2.0 + mina.version: 2.0.21 guice.version : 4.0 # Gitblit maintains a fork of guice-servlet guice-servlet.version : 4.0-gb2 diff --git a/gitblit.iml b/gitblit.iml index b82a27b1..74e8cae7 100644 --- a/gitblit.iml +++ b/gitblit.iml @@ -92,24 +92,24 @@ </library> </orderEntry> <orderEntry type="module-library"> - <library name="slf4j-api-1.7.12.jar"> + <library name="slf4j-api-1.7.29.jar"> <CLASSES> - <root url="jar://$MODULE_DIR$/ext/slf4j-api-1.7.12.jar!/" /> + <root url="jar://$MODULE_DIR$/ext/slf4j-api-1.7.29.jar!/" /> </CLASSES> <JAVADOC /> <SOURCES> - <root url="jar://$MODULE_DIR$/ext/src/slf4j-api-1.7.12.jar!/" /> + <root url="jar://$MODULE_DIR$/ext/src/slf4j-api-1.7.29.jar!/" /> </SOURCES> </library> </orderEntry> <orderEntry type="module-library"> - <library name="slf4j-log4j12-1.7.12.jar"> + <library name="slf4j-log4j12-1.7.29.jar"> <CLASSES> - <root url="jar://$MODULE_DIR$/ext/slf4j-log4j12-1.7.12.jar!/" /> + <root url="jar://$MODULE_DIR$/ext/slf4j-log4j12-1.7.29.jar!/" /> </CLASSES> <JAVADOC /> <SOURCES> - <root url="jar://$MODULE_DIR$/ext/src/slf4j-log4j12-1.7.12.jar!/" /> + <root url="jar://$MODULE_DIR$/ext/src/slf4j-log4j12-1.7.29.jar!/" /> </SOURCES> </library> </orderEntry> @@ -541,24 +541,24 @@ </library> </orderEntry> <orderEntry type="module-library"> - <library name="sshd-core-1.0.0.jar"> + <library name="sshd-core-1.2.0.jar"> <CLASSES> - <root url="jar://$MODULE_DIR$/ext/sshd-core-1.0.0.jar!/" /> + <root url="jar://$MODULE_DIR$/ext/sshd-core-1.2.0.jar!/" /> </CLASSES> <JAVADOC /> <SOURCES> - <root url="jar://$MODULE_DIR$/ext/src/sshd-core-1.0.0.jar!/" /> + <root url="jar://$MODULE_DIR$/ext/src/sshd-core-1.2.0.jar!/" /> </SOURCES> </library> </orderEntry> <orderEntry type="module-library"> - <library name="mina-core-2.0.9.jar"> + <library name="mina-core-2.0.21.jar"> <CLASSES> - <root url="jar://$MODULE_DIR$/ext/mina-core-2.0.9.jar!/" /> + <root url="jar://$MODULE_DIR$/ext/mina-core-2.0.21.jar!/" /> </CLASSES> <JAVADOC /> <SOURCES> - <root url="jar://$MODULE_DIR$/ext/src/mina-core-2.0.9.jar!/" /> + <root url="jar://$MODULE_DIR$/ext/src/mina-core-2.0.21.jar!/" /> </SOURCES> </library> </orderEntry> diff --git a/src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java b/src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java index c62c4dee..9b494027 100644 --- a/src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java +++ b/src/main/java/com/gitblit/transport/ssh/LdapKeyManager.java @@ -26,9 +26,9 @@ import java.util.TreeMap; import java.util.regex.Matcher; import java.util.regex.Pattern; +import org.apache.sshd.common.config.keys.AuthorizedKeyEntry; import org.apache.sshd.common.config.keys.KeyUtils; import org.apache.sshd.common.util.GenericUtils; -import org.apache.sshd.server.config.keys.AuthorizedKeyEntry; import com.gitblit.IStoredSettings; import com.gitblit.Keys; @@ -212,7 +212,7 @@ public class LdapKeyManager extends IPublicKeyManager { List<SshKey> keyList = new ArrayList<>(authorizedKeys.size()); for (GbAuthorizedKeyEntry keyEntry : authorizedKeys) { try { - SshKey key = new SshKey(keyEntry.resolvePublicKey()); + SshKey key = new SshKey(keyEntry.resolvePublicKey(null)); key.setComment(keyEntry.getComment()); setKeyPermissions(key, keyEntry); keyList.add(key); diff --git a/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java b/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java index 29f7750d..f2176cb0 100644 --- a/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java +++ b/src/main/java/com/gitblit/transport/ssh/NonForwardingFilter.java @@ -15,8 +15,8 @@ */ package com.gitblit.transport.ssh; -import org.apache.sshd.common.SshdSocketAddress; import org.apache.sshd.common.session.Session; +import org.apache.sshd.common.util.net.SshdSocketAddress; import org.apache.sshd.server.forward.ForwardingFilter; public class NonForwardingFilter implements ForwardingFilter { diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java index 5a053781..63fa51dd 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshDaemon.java +++ b/src/main/java/com/gitblit/transport/ssh/SshDaemon.java @@ -31,7 +31,7 @@ import org.apache.sshd.common.io.mina.MinaServiceFactoryFactory; import org.apache.sshd.common.io.nio2.Nio2ServiceFactoryFactory; import org.apache.sshd.common.util.SecurityUtils; import org.apache.sshd.server.SshServer; -import org.apache.sshd.server.auth.CachingPublicKeyAuthenticator; +import org.apache.sshd.server.auth.pubkey.CachingPublicKeyAuthenticator; import org.bouncycastle.openssl.PEMWriter; import org.eclipse.jgit.internal.JGitText; import org.slf4j.Logger; @@ -158,7 +158,7 @@ public class SshDaemon { log.info("SSH: adding GSSAPI authentication method."); } - sshd.setSessionFactory(new SshServerSessionFactory()); + sshd.setSessionFactory(new SshServerSessionFactory(sshd)); sshd.setFileSystemFactory(new DisabledFilesystemFactory()); sshd.setTcpipForwardingFilter(new NonForwardingFilter()); sshd.setCommandFactory(new SshCommandFactory(gitblit, workQueue)); diff --git a/src/main/java/com/gitblit/transport/ssh/SshDaemonClient.java b/src/main/java/com/gitblit/transport/ssh/SshDaemonClient.java index af25251b..7024a9a9 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshDaemonClient.java +++ b/src/main/java/com/gitblit/transport/ssh/SshDaemonClient.java @@ -17,7 +17,7 @@ package com.gitblit.transport.ssh; import java.net.SocketAddress; -import org.apache.sshd.common.session.Session.AttributeKey; +import org.apache.sshd.common.AttributeStore.AttributeKey; import com.gitblit.models.UserModel; diff --git a/src/main/java/com/gitblit/transport/ssh/SshServerSessionFactory.java b/src/main/java/com/gitblit/transport/ssh/SshServerSessionFactory.java index bc67cec0..fb85781a 100644 --- a/src/main/java/com/gitblit/transport/ssh/SshServerSessionFactory.java +++ b/src/main/java/com/gitblit/transport/ssh/SshServerSessionFactory.java @@ -22,7 +22,8 @@ import org.apache.sshd.common.future.CloseFuture; import org.apache.sshd.common.future.SshFutureListener; import org.apache.sshd.common.io.IoSession; import org.apache.sshd.common.io.mina.MinaSession; -import org.apache.sshd.common.session.AbstractSession; +import org.apache.sshd.server.ServerFactoryManager; +import org.apache.sshd.server.session.ServerSessionImpl; import org.apache.sshd.server.session.SessionFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -36,11 +37,12 @@ public class SshServerSessionFactory extends SessionFactory { private final Logger log = LoggerFactory.getLogger(getClass()); - public SshServerSessionFactory() { + public SshServerSessionFactory(ServerFactoryManager server) { + super(server); } @Override - protected AbstractSession createSession(final IoSession io) throws Exception { + protected ServerSessionImpl createSession(final IoSession io) throws Exception { log.info("creating ssh session from {}", io.getRemoteAddress()); if (io instanceof MinaSession) { @@ -66,7 +68,7 @@ public class SshServerSessionFactory extends SessionFactory { } @Override - protected AbstractSession doCreateSession(IoSession ioSession) throws Exception { + protected ServerSessionImpl doCreateSession(IoSession ioSession) throws Exception { return new SshServerSession(getServer(), ioSession); } } diff --git a/src/test/java/com/gitblit/tests/SshDaemonTest.java b/src/test/java/com/gitblit/tests/SshDaemonTest.java index c5deb7d5..c7d06198 100644 --- a/src/test/java/com/gitblit/tests/SshDaemonTest.java +++ b/src/test/java/com/gitblit/tests/SshDaemonTest.java @@ -44,9 +44,9 @@ public class SshDaemonTest extends SshUnitTest { @Test public void testPublicKeyAuthentication() throws Exception { SshClient client = getClient(); - ClientSession session = client.connect(username, "localhost", GitBlitSuite.sshPort).await().getSession(); + ClientSession session = client.connect(username, "localhost", GitBlitSuite.sshPort).verify().getSession(); session.addPublicKeyIdentity(rwKeyPair); - assertTrue(session.auth().await().isSuccess()); + assertTrue(session.auth().await()); } @Test @@ -64,6 +64,7 @@ public class SshDaemonTest extends SshUnitTest { // set clone restriction RepositoryModel model = repositories().getRepositoryModel("ticgit.git"); + assertNotNull("Could not get repository modle for ticgit.git", model); model.accessRestriction = AccessRestrictionType.CLONE; model.authorizationControl = AuthorizationControl.NAMED; repositories().updateRepositoryModel(model.name, model, false); diff --git a/src/test/java/com/gitblit/tests/SshUnitTest.java b/src/test/java/com/gitblit/tests/SshUnitTest.java index 27b4ec73..075ab43a 100644 --- a/src/test/java/com/gitblit/tests/SshUnitTest.java +++ b/src/test/java/com/gitblit/tests/SshUnitTest.java @@ -21,15 +21,21 @@ import java.io.IOException; import java.io.OutputStreamWriter; import java.io.Writer; import java.net.SocketAddress; +import java.security.GeneralSecurityException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PublicKey; +import java.util.EnumSet; import java.util.concurrent.atomic.AtomicBoolean; -import org.apache.sshd.client.ServerKeyVerifier; import org.apache.sshd.client.SshClient; import org.apache.sshd.client.channel.ClientChannel; +import org.apache.sshd.client.channel.ClientChannelEvent; +import org.apache.sshd.client.config.keys.ClientIdentityLoader; +import org.apache.sshd.client.future.AuthFuture; +import org.apache.sshd.client.keyverifier.ServerKeyVerifier; import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.config.keys.FilePasswordProvider; import org.apache.sshd.common.util.SecurityUtils; import org.junit.After; import org.junit.AfterClass; @@ -96,6 +102,16 @@ public abstract class SshUnitTest extends GitblitUnitTest { protected SshClient getClient() { SshClient client = SshClient.setUpDefaultClient(); + client.setClientIdentityLoader(new ClientIdentityLoader() { // Ignore the files under ~/.ssh + @Override + public boolean isValidLocation(String location) throws IOException { + return true; + } + @Override + public KeyPair loadClientIdentity(String location, FilePasswordProvider provider) throws IOException, GeneralSecurityException { + return null; + } + }); client.setServerKeyVerifier(new ServerKeyVerifier() { @Override public boolean verifyServerKey(ClientSession sshClientSession, SocketAddress remoteAddress, PublicKey serverKey) { @@ -112,9 +128,11 @@ public abstract class SshUnitTest extends GitblitUnitTest { protected String testSshCommand(String cmd, String stdin) throws IOException, InterruptedException { SshClient client = getClient(); - ClientSession session = client.connect(username, "localhost", GitBlitSuite.sshPort).await().getSession(); + ClientSession session = client.connect(username, "localhost", GitBlitSuite.sshPort).verify().getSession(); session.addPublicKeyIdentity(rwKeyPair); - assertTrue(session.auth().await().isSuccess()); + AuthFuture authFuture = session.auth(); + assertTrue(authFuture.await()); + assertTrue(authFuture.isSuccess()); ClientChannel channel = session.createChannel(ClientChannel.CHANNEL_EXEC, cmd); ByteArrayOutputStream baos = new ByteArrayOutputStream(); @@ -131,7 +149,7 @@ public abstract class SshUnitTest extends GitblitUnitTest { channel.setErr(err); channel.open(); - channel.waitFor(ClientChannel.CLOSED, 0); + channel.waitFor(EnumSet.of(ClientChannelEvent.CLOSED, ClientChannelEvent.EOF), 0); String result = out.toString().trim(); channel.close(false); |