diff options
author | Thomas Wolf <thomas.wolf@paranor.ch> | 2018-11-16 17:00:25 +0100 |
---|---|---|
committer | Matthias Sohn <matthias.sohn@sap.com> | 2018-11-17 07:28:08 -0800 |
commit | 00b235f0b86769ec6781a8114cd741f3cba08de5 (patch) | |
tree | 32066a6319b5b43b521abb162be76cce492ef161 /org.eclipse.jgit.junit.ssh | |
parent | 1316d43e51d4f687e2b0cc32665495e7bc18c9f9 (diff) | |
download | jgit-00b235f0b86769ec6781a8114cd741f3cba08de5.tar.gz jgit-00b235f0b86769ec6781a8114cd741f3cba08de5.zip |
Apache MINA sshd client: test & fix password authentication
Add tests for password and keyboard-interactive authentication.
Implement password authentication; the default provided by sshd
is non-interactive, which is not useful for JGit.
Make sure the CredentialsProvider gets reset on successive password
retrieval attempts. Otherwise it might always return the same non-
accepted password from a secure storage. (That one was discovered
by actually trying this via EGit; the JGit tests don't catch this.)
Change the default order of authentication mechanisms to prefer
password over keyboard-interactive. This is a mitigation for upstream
bug SSHD-866.[1]
Also include a fix for upstream bug SSHD-867.[2]
[1] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-866
[2] https://issues.apache.org/jira/projects/SSHD/issues/SSHD-867
Bug: 520927
Change-Id: I423e548f06d3b51531016cf08938c8bd7acaa2a9
Signed-off-by: Thomas Wolf <thomas.wolf@paranor.ch>
Diffstat (limited to 'org.eclipse.jgit.junit.ssh')
-rw-r--r-- | org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF | 4 | ||||
-rw-r--r-- | org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java | 34 |
2 files changed, 35 insertions, 3 deletions
diff --git a/org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF b/org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF index b4a3f58901..0a087c9a6d 100644 --- a/org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF +++ b/org.eclipse.jgit.junit.ssh/META-INF/MANIFEST.MF @@ -22,10 +22,12 @@ Import-Package: org.apache.sshd.common;version="[2.0.0,2.1.0)", org.apache.sshd.server;version="[2.0.0,2.1.0)", org.apache.sshd.server.auth;version="[2.0.0,2.1.0)", org.apache.sshd.server.auth.gss;version="[2.0.0,2.1.0)", + org.apache.sshd.server.auth.keyboard;version="[2.0.0,2.1.0)", + org.apache.sshd.server.auth.password;version="[2.0.0,2.1.0)", org.apache.sshd.server.command;version="[2.0.0,2.1.0)", org.apache.sshd.server.session;version="[2.0.0,2.1.0)", org.apache.sshd.server.shell;version="[2.0.0,2.1.0)", - org.apache.sshd.server.subsystem;version="2.0.0", + org.apache.sshd.server.subsystem;version="[2.0.0,2.1.0)", org.apache.sshd.server.subsystem.sftp;version="[2.0.0,2.1.0)", org.eclipse.jgit.annotations;version="[5.2.0,5.3.0)", org.eclipse.jgit.lib;version="[5.2.0,5.3.0)", diff --git a/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java b/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java index 0683dbb52e..f5af2e5ce1 100644 --- a/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java +++ b/org.eclipse.jgit.junit.ssh/src/org/eclipse/jgit/junit/ssh/SshTestGitServer.java @@ -54,6 +54,7 @@ import java.text.MessageFormat; import java.util.ArrayList; import java.util.Collections; import java.util.List; +import java.util.Locale; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; @@ -72,6 +73,7 @@ import org.apache.sshd.server.auth.UserAuth; import org.apache.sshd.server.auth.gss.GSSAuthenticator; import org.apache.sshd.server.auth.gss.UserAuthGSS; import org.apache.sshd.server.auth.gss.UserAuthGSSFactory; +import org.apache.sshd.server.auth.keyboard.DefaultKeyboardInteractiveAuthenticator; import org.apache.sshd.server.command.AbstractCommandSupport; import org.apache.sshd.server.command.Command; import org.apache.sshd.server.session.ServerSession; @@ -184,14 +186,18 @@ public class SshTestGitServer { private List<NamedFactory<UserAuth>> getAuthFactories() { List<NamedFactory<UserAuth>> authentications = new ArrayList<>(); - authentications.add( - ServerAuthenticationManager.DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY); authentications.add(new UserAuthGSSFactory() { @Override public UserAuth create() { return new FakeUserAuthGSS(); } }); + authentications.add( + ServerAuthenticationManager.DEFAULT_USER_AUTH_PUBLIC_KEY_FACTORY); + authentications.add( + ServerAuthenticationManager.DEFAULT_USER_AUTH_KB_INTERACTIVE_FACTORY); + authentications.add( + ServerAuthenticationManager.DEFAULT_USER_AUTH_PASSWORD_FACTORY); return authentications; } @@ -281,6 +287,30 @@ public class SshTestGitServer { } /** + * Enable password authentication. The server will accept the test user's + * name, converted to all upper-case, as password. + */ + public void enablePasswordAuthentication() { + server.setPasswordAuthenticator((user, pwd, session) -> { + return testUser.equals(user) + && testUser.toUpperCase(Locale.ROOT).equals(pwd); + }); + } + + /** + * Enable keyboard-interactive authentication. The server will accept the + * test user's name, converted to all upper-case, as password. + */ + public void enableKeyboardInteractiveAuthentication() { + server.setPasswordAuthenticator((user, pwd, session) -> { + return testUser.equals(user) + && testUser.toUpperCase(Locale.ROOT).equals(pwd); + }); + server.setKeyboardInteractiveAuthenticator( + DefaultKeyboardInteractiveAuthenticator.INSTANCE); + } + + /** * Starts the test server, listening on a random port. * * @return the port the server listens on; test clients should connect to |