summaryrefslogtreecommitdiffstats
path: root/org.eclipse.jgit.junit.ssh
diff options
context:
space:
mode:
authorThomas Wolf <thomas.wolf@paranor.ch>2018-11-16 17:00:25 +0100
committerMatthias Sohn <matthias.sohn@sap.com>2018-11-17 07:28:08 -0800
commit00b235f0b86769ec6781a8114cd741f3cba08de5 (patch)
tree32066a6319b5b43b521abb162be76cce492ef161 /org.eclipse.jgit.junit.ssh
parent1316d43e51d4f687e2b0cc32665495e7bc18c9f9 (diff)
downloadjgit-00b235f0b86769ec6781a8114cd741f3cba08de5.tar.gz
jgit-00b235f0b86769ec6781a8114cd741f3cba08de5.zip
Apache MINA sshd client: test & fix password authentication
Add tests for password and keyboard-interactive authentication. Implement password authentication; the default provided by sshd is non-interactive, which is not useful for JGit. Make sure the CredentialsProvider gets reset on successive password retrieval attempts. Otherwise it might always return the same non- accepted password from a secure storage. (That one was discovered by actually trying this via EGit; the JGit tests don't catch this.) Change the default order of authentication mechanisms to prefer password over keyboard-interactive. This is a mitigation for upstream bug SSHD-866.[1] Also include a fix for upstream bug SSHD-867.[2] [1] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-866 [2] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-867 Bug: 520927 Change-Id: I423e548f06d3b51531016cf08938c8bd7acaa2a9 Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.junit.ssh')
-rw-r--r--org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF4
-rw-r--r--org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java34
2 files changed, 35 insertions, 3 deletions
diff --git a/org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF b/org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF
index b4a3f58901..0a087c9a6d 100644
--- a/org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF
+++ b/org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF
@@ -22,10 +22,12 @@ Import-Package: org.apache.sshd.common;version="[2.0.0,2.1.0)",
org.apache.sshd.server;version="[2.0.0,2.1.0)",
org.apache.sshd.server.auth;version="[2.0.0,2.1.0)",
org.apache.sshd.server.auth.gss;version="[2.0.0,2.1.0)",
+ org.apache.sshd.server.auth.keyboard;version="[2.0.0,2.1.0)",
+ org.apache.sshd.server.auth.password;version="[2.0.0,2.1.0)",
org.apache.sshd.server.command;version="[2.0.0,2.1.0)",
org.apache.sshd.server.session;version="[2.0.0,2.1.0)",
org.apache.sshd.server.shell;version="[2.0.0,2.1.0)",
- org.apache.sshd.server.subsystem;version="2.0.0",
+ org.apache.sshd.server.subsystem;version="[2.0.0,2.1.0)",
org.apache.sshd.server.subsystem.sftp;version="[2.0.0,2.1.0)",
org.eclipse.jgit.annotations;version="[5.2.0,5.3.0)",
org.eclipse.jgit.lib;version="[5.2.0,5.3.0)",
diff --git a/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java b/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
index 0683dbb52e..f5af2e5ce1 100644
--- a/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
+++ b/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java
@@ -54,6 +54,7 @@ import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
+import java.util.Locale;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
@@ -72,6 +73,7 @@ import org.apache.sshd.server.auth.UserAuth;
import org.apache.sshd.server.auth.gss.GSSAuthenticator;
import org.apache.sshd.server.auth.gss.UserAuthGSS;
import org.apache.sshd.server.auth.gss.UserAuthGSSFactory;
+import org.apache.sshd.server.auth.keyboard.DefaultKeyboardInteractiveAuthenticator;
import org.apache.sshd.server.command.AbstractCommandSupport;
import org.apache.sshd.server.command.Command;
import org.apache.sshd.server.session.ServerSession;
@@ -184,14 +186,18 @@ public class SshTestGitServer {
private List<NamedFactory<UserAuth>> getAuthFactories() {
List<NamedFactory<UserAuth>> authentications = new ArrayList<>();
- authentications.add(
- ServerAuthenticationManager.DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY);
authentications.add(new UserAuthGSSFactory() {
@Override
public UserAuth create() {
return new FakeUserAuthGSS();
}
});
+ authentications.add(
+ ServerAuthenticationManager.DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY);
+ authentications.add(
+ ServerAuthenticationManager.DEFAULT_USER_AUTH_KB_INTERACTIVE_FACTORY);
+ authentications.add(
+ ServerAuthenticationManager.DEFAULT_USER_AUTH_PASSWORD_FACTORY);
return authentications;
}
@@ -281,6 +287,30 @@ public class SshTestGitServer {
}
/**
+ * Enable password authentication. The server will accept the test user's
+ * name, converted to all upper-case, as password.
+ */
+ public void enablePasswordAuthentication() {
+ server.setPasswordAuthenticator((user, pwd, session) -> {
+ return testUser.equals(user)
+ && testUser.toUpperCase(Locale.ROOT).equals(pwd);
+ });
+ }
+
+ /**
+ * Enable keyboard-interactive authentication. The server will accept the
+ * test user's name, converted to all upper-case, as password.
+ */
+ public void enableKeyboardInteractiveAuthentication() {
+ server.setPasswordAuthenticator((user, pwd, session) -> {
+ return testUser.equals(user)
+ && testUser.toUpperCase(Locale.ROOT).equals(pwd);
+ });
+ server.setKeyboardInteractiveAuthenticator(
+ DefaultKeyboardInteractiveAuthenticator.INSTANCE);
+ }
+
+ /**
* Starts the test server, listening on a random port.
*
* @return the port the server listens on; test clients should connect to