diff options
| author | Thomas Wolf <twolf@apache.org> | 2024-05-06 19:32:12 +0200 |
|---|---|---|
| committer | Thomas Wolf <twolf@apache.org> | 2024-05-13 20:25:11 +0200 |
| commit | 28c3ae1728866bcdb2fb88b61683e3132c7f8ff5 (patch) | |
| tree | 229852f169bbedf02238634d68e07fe65cc42a83 | |
| parent | c1f95130c554580afc1d6090d30b3946b578714e (diff) | |
| download | jgit-28c3ae1728866bcdb2fb88b61683e3132c7f8ff5.tar.gz jgit-28c3ae1728866bcdb2fb88b61683e3132c7f8ff5.zip | |
sshd: fix IdentiesOnly if SSH agent is enabled and has keys
Commit a44b9e8bf changed the logic so that we try to read a public key
from the file given first, and only then try the file with the ".pub"
extension. Unfortunately the exception handling was not sufficient to
correctly deal with the given file containing a private key.
Apache MINA SSHD may throw a StreamCorruptedException when one tries
to read a public key from a file containing a private key. Handle
this exception in addition to GeneralSecurityException, and change
the order of exception handlers because StreamCorruptedException is
an IOException.
Bug: jgit-53
Change-Id: I7dddc2c11aa75d7663f7fe41652df612bf8c88cd
Signed-off-by: Thomas Wolf <twolf@apache.org>
| -rw-r--r-- | org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java index b0b1028daa..6aace4753a 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPublicKeyAuthentication.java @@ -17,6 +17,7 @@ import static org.eclipse.jgit.transport.SshConstants.PUBKEY_ACCEPTED_ALGORITHMS import java.io.File; import java.io.IOException; +import java.io.StreamCorruptedException; import java.net.URISyntaxException; import java.nio.file.Files; import java.nio.file.InvalidPathException; @@ -355,20 +356,20 @@ public class JGitPublicKeyAuthentication extends UserAuthPublicKey { // only warn about non-existing files in case the key file is // not derived if (!isDerived) { - log.warn("{}", //$NON-NLS-1$ + log.warn(LOG_FORMAT, format(SshdText.get().cannotReadPublicKey, keyFile)); } - } catch (InvalidPathException | IOException e) { - log.warn("{}", //$NON-NLS-1$ - format(SshdText.get().cannotReadPublicKey, keyFile), e); - } catch (GeneralSecurityException e) { + } catch (GeneralSecurityException | StreamCorruptedException e) { // ignore in case this is not a derived key path, as in most // cases this specifies a private key if (isDerived) { - log.warn("{}", //$NON-NLS-1$ + log.warn(LOG_FORMAT, format(SshdText.get().cannotReadPublicKey, keyFile), e); } + } catch (InvalidPathException | IOException e) { + log.warn(LOG_FORMAT, + format(SshdText.get().cannotReadPublicKey, keyFile), e); } return null; } |