ssh: Handle "ProxyJump none" from SSH config file

Since OpenSSH 7.8, the ProxyJump directive accepts the value "none"[1]
to override and clear a setting that might otherwise be contributed by
another (wildcard) host entry.

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2869

Change-Id: Ia35e82c6f8c58d5c6b8040cda7a07b220f43fc21
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

3 files changed, 38 insertions, 2 deletions

diff --git a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
index 85626d8ee3..ccaf98ced0 100644
--- a/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
+++ b/org.eclipse.jgit.ssh.apache.test/tst/org/eclipse/jgit/transport/sshd/ApacheSshTest.java
@@ -355,6 +355,21 @@ public class ApacheSshTest extends SshTestBase {
 	}
 
 	@Test
+	public void testJumpHostNone() throws Exception {
+		// Should not try to go through the non-existing proxy
+		cloneWith("ssh://server/doesntmatter", defaultCloneDir, null, //
+				"Host server", //
+				"HostName localhost", //
+				"Port " + testPort, //
+				"User " + TEST_USER, //
+				"IdentityFile " + privateKey1.getAbsolutePath(), //
+				"ProxyJump none", //
+				"", //
+				"Host *", //
+				"ProxyJump " + TEST_USER + "@localhost:1234");
+	}
+
+	@Test
 	public void testJumpHostWrongKeyAtProxy() throws Exception {
 		// Test that we find the proxy server's URI in the exception message
 		SshdSocketAddress[] forwarded = { null };
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSession.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSession.java
index fb7500ffd3..c270b44956 100644
--- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSession.java
+++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSession.java
@@ -219,7 +219,8 @@ public class SshdSession implements RemoteSession2 {
 			HostConfigEntry hostConfig, String host) throws IOException {
 		if (currentHops.isEmpty()) {
 			String jumpHosts = hostConfig.getProperty(SshConstants.PROXY_JUMP);
-			if (!StringUtils.isEmptyOrNull(jumpHosts)) {
+			if (!StringUtils.isEmptyOrNull(jumpHosts)
+					&& !SshConstants.NONE.equals(jumpHosts)) {
 				try {
 					return parseProxyJump(jumpHosts);
 				} catch (URISyntaxException e) {
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java b/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java
index 5cd5b334ab..212a4e46c1 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/transport/SshConstants.java
@@ -191,6 +191,26 @@ public final class SshConstants {
 	/** Flag value. */
 	public static final String FALSE = "false";
 
+	/**
+	 * Property value. Some keys accept a special 'none' value to override and
+	 * clear a setting otherwise contributed by another host entry, for instance
+	 * {@link #PROXY_COMMAND} or {@link #PROXY_JUMP}. Example:
+	 *
+	 * <pre>
+	 * Host bastion.example.org
+	 *   ProxyJump none
+	 *
+	 * Host *.example.org
+	 *   ProxyJump bastion.example.org
+	 * </pre>
+	 * <p>
+	 * OpenSSH supports this since OpenSSH 7.8.
+	 * </p>
+	 *
+	 * @since 6.0
+	 */
+	public static final String NONE = "none";
+
 	// Default identity file names
 
 	/** Name of the default RSA private identity file. */
@@ -202,7 +222,7 @@ public final class SshConstants {
 	/** Name of the default ECDSA private identity file. */
 	public static final String ID_ECDSA = "id_ecdsa";
 
-	/** Name of the default ECDSA private identity file. */
+	/** Name of the default ED25519 private identity file. */
 	public static final String ID_ED25519 = "id_ed25519";
 
 	/** All known default identity file names. */