Apache MINA sshd client: test & fix password authentication

Add tests for password and keyboard-interactive authentication.
Implement password authentication; the default provided by sshd
is non-interactive, which is not useful for JGit.

Make sure the CredentialsProvider gets reset on successive password
retrieval attempts. Otherwise it might always return the same non-
accepted password from a secure storage. (That one was discovered
by actually trying this via EGit; the JGit tests don't catch this.)

Change the default order of authentication mechanisms to prefer
password over keyboard-interactive. This is a mitigation for upstream
bug SSHD-866.[1]

Also include a fix for upstream bug SSHD-867.[2]

[1] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-866
[2] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-867

Bug: 520927
Change-Id: I423e548f06d3b51531016cf08938c8bd7acaa2a9
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>

1 files changed, 32 insertions, 2 deletions

diff --git a/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java b/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
index 0683dbb52e..f5af2e5ce1 100644
--- a/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
+++ b/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
@@ -54,6 +54,7 @@ import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Locale;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 
@@ -72,6 +73,7 @@ import org.apache.sshd.server.auth.UserAuth;
 import org.apache.sshd.server.auth.gss.GSSAuthenticator;
 import org.apache.sshd.server.auth.gss.UserAuthGSS;
 import org.apache.sshd.server.auth.gss.UserAuthGSSFactory;
+import org.apache.sshd.server.auth.keyboard.DefaultKeyboardInteractiveAuthenticator;
 import org.apache.sshd.server.command.AbstractCommandSupport;
 import org.apache.sshd.server.command.Command;
 import org.apache.sshd.server.session.ServerSession;
@@ -184,14 +186,18 @@ public class SshTestGitServer {
 
 	private List<NamedFactory<UserAuth>> getAuthFactories() {
 		List<NamedFactory<UserAuth>> authentications = new ArrayList<>();
-		authentications.add(
-				ServerAuthenticationManager.DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY);
 		authentications.add(new UserAuthGSSFactory() {
 			@Override
 			public UserAuth create() {
 				return new FakeUserAuthGSS();
 			}
 		});
+		authentications.add(
+				ServerAuthenticationManager.DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY);
+		authentications.add(
+				ServerAuthenticationManager.DEFAULT_USER_AUTH_KB_INTERACTIVE_FACTORY);
+		authentications.add(
+				ServerAuthenticationManager.DEFAULT_USER_AUTH_PASSWORD_FACTORY);
 		return authentications;
 	}
 
@@ -281,6 +287,30 @@ public class SshTestGitServer {
 	}
 
 	/**
+	 * Enable password authentication. The server will accept the test user's
+	 * name, converted to all upper-case, as password.
+	 */
+	public void enablePasswordAuthentication() {
+		server.setPasswordAuthenticator((user, pwd, session) -> {
+			return testUser.equals(user)
+					&& testUser.toUpperCase(Locale.ROOT).equals(pwd);
+		});
+	}
+
+	/**
+	 * Enable keyboard-interactive authentication. The server will accept the
+	 * test user's name, converted to all upper-case, as password.
+	 */
+	public void enableKeyboardInteractiveAuthentication() {
+		server.setPasswordAuthenticator((user, pwd, session) -> {
+			return testUser.equals(user)
+					&& testUser.toUpperCase(Locale.ROOT).equals(pwd);
+		});
+		server.setKeyboardInteractiveAuthenticator(
+				DefaultKeyboardInteractiveAuthenticator.INSTANCE);
+	}
+
+	/**
 	 * Starts the test server, listening on a random port.
 	 *
 	 * @return the port the server listens on; test clients should connect to