diff options
| author | Thomas Wolf <thomas.wolf@paranor.ch> | 2018-10-03 08:27:40 +0200 |
|---|---|---|
| committer | Matthias Sohn <matthias.sohn@sap.com> | 2018-11-13 10:49:26 -0800 |
| commit | 63a87b398ff67584069ab8cf6a17824f009a7102 (patch) | |
| tree | 506c959ef56fde40ebe2c8e10d79e05a0a9eb0eb | |
| parent | 8001f4c1fe441ec2eb7416851e933e9dc347abd7 (diff) | |
| download | jgit-63a87b398ff67584069ab8cf6a17824f009a7102.tar.gz jgit-63a87b398ff67584069ab8cf6a17824f009a7102.zip | |
Apache MINA sshd client: respect NumberOfPasswordPrompts
Set the internal property on the session as defined in the ssh config.
Note that NumberOfPasswordPrompts in openssh applies independently to
both user logins in keyboard-interactive authentication _and_ to
passphrases for identity files (encrypted keys). Apache MINA sshd uses
the setting only for keyboard-interactive authentication, but not for
identity file passphrase prompts. For identity files, it asks exactly
once. This has been reported as issue SSHD-850 upstream.[1]
[1] https://issues.apache.org/jira/browse/SSHD-850
Bug: 520927
Change-Id: I390ffe9e1c52b96d3e8e28fd8edbdc73dde9edb4
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
3 files changed, 23 insertions, 0 deletions
diff --git a/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties b/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties index 963e3d95fa..0dc8ecc9a6 100644 --- a/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties +++ b/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties @@ -1,6 +1,7 @@ authenticationCanceled=Authentication canceled: no password closeListenerFailed=Ssh session close listener failed configInvalidPath=Invalid path in ssh config key {0}: {1} +configInvalidPositive=Ssh config entry {0} must be a strictly positive number but is ''{1}'' ftpCloseFailed=Closing the SFTP channel failed gssapiFailure=GSS-API error for mechanism OID {0} gssapiInitFailure=GSS-API initialization failure for mechanism {0} diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java index 2d8a6361ca..36e4486232 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java @@ -43,6 +43,7 @@ package org.eclipse.jgit.internal.transport.sshd; import static java.text.MessageFormat.format; +import static org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile.positive; import java.io.IOException; import java.net.InetSocketAddress; @@ -183,6 +184,9 @@ public class JGitSshClient extends SshClient { if (session.getCredentialsProvider() == null) { session.setCredentialsProvider(getCredentialsProvider()); } + int numberOfPasswordPrompts = getNumberOfPasswordPrompts(hostConfig); + session.getProperties().put(PASSWORD_PROMPTS, + Integer.valueOf(numberOfPasswordPrompts)); FileKeyPairProvider ourConfiguredKeysProvider = null; List<Path> identities = hostConfig.getIdentities().stream() .map(s -> { @@ -213,6 +217,23 @@ public class JGitSshClient extends SshClient { return session; } + private int getNumberOfPasswordPrompts(HostConfigEntry hostConfig) { + String prompts = hostConfig + .getProperty(SshConstants.NUMBER_OF_PASSWORD_PROMPTS); + if (prompts != null) { + prompts = prompts.trim(); + int value = positive(prompts); + if (value > 0) { + return value; + } + log.warn(format(SshdText.get().configInvalidPositive, + SshConstants.NUMBER_OF_PASSWORD_PROMPTS, prompts)); + } + // Default for NumberOfPasswordPrompts according to + // https://man.openbsd.org/ssh_config + return 3; + } + /** * Set a cache for loaded keys. Newly discovered keys will be added when * IdentityFile host entries from the ssh config file are used during diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java index 75f8842361..865a8ebaa2 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java @@ -21,6 +21,7 @@ public final class SshdText extends TranslationBundle { /***/ public String authenticationCanceled; /***/ public String closeListenerFailed; /***/ public String configInvalidPath; + /***/ public String configInvalidPositive; /***/ public String ftpCloseFailed; /***/ public String gssapiFailure; /***/ public String gssapiInitFailure; |