diff options
| author | Matthias Sohn <matthias.sohn@sap.com> | 2023-05-24 15:50:27 +0200 |
|---|---|---|
| committer | Matthias Sohn <matthias.sohn@sap.com> | 2023-05-24 15:50:27 +0200 |
| commit | f7ba6c2356bcf1b49b3146fd536f49241a7816bd (patch) | |
| tree | d70427e952e65c24cd3670eaad590800bc5baf4e /org.eclipse.jgit.ssh.apache | |
| parent | 05e7e9d5a272c6def063dc62a803a5414df7d4bb (diff) | |
| parent | 590f03b7dc203aadb5606f330a79065a2f81f850 (diff) | |
| download | jgit-f7ba6c2356bcf1b49b3146fd536f49241a7816bd.tar.gz jgit-f7ba6c2356bcf1b49b3146fd536f49241a7816bd.zip | |
Merge branch 'master' into stable-6.6
* master:
GraphObjectIndex: fix search in findGraphPosition
Update to Tycho 4.0.0-SNAPSHOT
PGP sign p2 artefacts
Revert 'Use net.i2p.crypto:eddsa directly from Maven Central'
Update dash license-tool-plugin to 1.0.2
Also add suppressed exception if unchecked exception occurs in finally
Candidate: use "Objects.equals" instead of "=="
Use hamcrest 2.2 directly from Maven Central
Use commons-logging directly from Maven Central
Update jna to 5.13.0
Use bytebuddy directly from Maven Central
Use jna directly from Maven Central
Use net.i2p.crypto:eddsa directly from Maven Central
Use org.tukaani:xz directly from Maven Central
Use args4j directly from Maven Central
Use gson directly from Maven Central
Remove unused $NON-NLS-1$
Remove unused API filters
Switch to Apache MINA sshd 2.10.0
[releng] API filter for PackIndex.DEFAULT_WRITE_REVERSE_INDEX
PackExt: add a #getTmpExtension method
UploadPack: Record negotiation stats on fetchV2 call
RewriteGeneratorTest: Introduce test cases for the RewriteGenerator
PackWriter: write the PackReverseIndex file
Change-Id: I6c7760a32545320862abcdcc8761c9b728e78182
Diffstat (limited to 'org.eclipse.jgit.ssh.apache')
7 files changed, 80 insertions, 166 deletions
diff --git a/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF b/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF index 83859e2eb6..82c83be921 100644 --- a/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF +++ b/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF @@ -35,57 +35,57 @@ Export-Package: org.eclipse.jgit.internal.transport.sshd;version="6.6.0";x-inter org.apache.sshd.client.keyverifier", org.eclipse.jgit.transport.sshd.agent;version="6.6.0" Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)", - org.apache.sshd.agent;version="[2.9.2,2.10.0)", - org.apache.sshd.client;version="[2.9.2,2.10.0)", - org.apache.sshd.client.auth;version="[2.9.2,2.10.0)", - org.apache.sshd.client.auth.keyboard;version="[2.9.2,2.10.0)", - org.apache.sshd.client.auth.password;version="[2.9.2,2.10.0)", - org.apache.sshd.client.auth.pubkey;version="[2.9.2,2.10.0)", - org.apache.sshd.client.channel;version="[2.9.2,2.10.0)", - org.apache.sshd.client.config.hosts;version="[2.9.2,2.10.0)", - org.apache.sshd.client.config.keys;version="[2.9.2,2.10.0)", - org.apache.sshd.client.future;version="[2.9.2,2.10.0)", - org.apache.sshd.client.keyverifier;version="[2.9.2,2.10.0)", - org.apache.sshd.client.session;version="[2.9.2,2.10.0)", - org.apache.sshd.client.session.forward;version="[2.9.2,2.10.0)", - org.apache.sshd.common;version="[2.9.2,2.10.0)", - org.apache.sshd.common.auth;version="[2.9.2,2.10.0)", - org.apache.sshd.common.channel;version="[2.9.2,2.10.0)", - org.apache.sshd.common.compression;version="[2.9.2,2.10.0)", - org.apache.sshd.common.config.keys;version="[2.9.2,2.10.0)", - org.apache.sshd.common.config.keys.loader;version="[2.9.2,2.10.0)", - org.apache.sshd.common.config.keys.loader.openssh.kdf;version="[2.9.2,2.10.0)", - org.apache.sshd.common.config.keys.u2f;version="[2.9.2,2.10.0)", - org.apache.sshd.common.digest;version="[2.9.2,2.10.0)", - org.apache.sshd.common.forward;version="[2.9.2,2.10.0)", - org.apache.sshd.common.future;version="[2.9.2,2.10.0)", - org.apache.sshd.common.helpers;version="[2.9.2,2.10.0)", - org.apache.sshd.common.io;version="[2.9.2,2.10.0)", - org.apache.sshd.common.kex;version="[2.9.2,2.10.0)", - org.apache.sshd.common.kex.extension;version="[2.9.2,2.10.0)", - org.apache.sshd.common.kex.extension.parser;version="[2.9.2,2.10.0)", - org.apache.sshd.common.keyprovider;version="[2.9.2,2.10.0)", - org.apache.sshd.common.mac;version="[2.9.2,2.10.0)", - org.apache.sshd.common.random;version="[2.9.2,2.10.0)", - org.apache.sshd.common.session;version="[2.9.2,2.10.0)", - org.apache.sshd.common.session.helpers;version="[2.9.2,2.10.0)", - org.apache.sshd.common.signature;version="[2.9.2,2.10.0)", - org.apache.sshd.common.util;version="[2.9.2,2.10.0)", - org.apache.sshd.common.util.buffer;version="[2.9.2,2.10.0)", - org.apache.sshd.common.util.buffer.keys;version="[2.9.2,2.10.0)", - org.apache.sshd.common.util.closeable;version="[2.9.2,2.10.0)", - org.apache.sshd.common.util.io;version="[2.9.2,2.10.0)", - org.apache.sshd.common.util.io.der;version="[2.9.2,2.10.0)", - org.apache.sshd.common.util.io.functors;version="[2.9.2,2.10.0)", - org.apache.sshd.common.util.io.resource;version="[2.9.2,2.10.0)", - org.apache.sshd.common.util.logging;version="[2.9.2,2.10.0)", - org.apache.sshd.common.util.net;version="[2.9.2,2.10.0)", - org.apache.sshd.common.util.security;version="[2.9.2,2.10.0)", - org.apache.sshd.core;version="[2.9.2,2.10.0)", - org.apache.sshd.server.auth;version="[2.9.2,2.10.0)", - org.apache.sshd.sftp;version="[2.9.2,2.10.0)", - org.apache.sshd.sftp.client;version="[2.9.2,2.10.0)", - org.apache.sshd.sftp.common;version="[2.9.2,2.10.0)", + org.apache.sshd.agent;version="[2.10.0,2.11.0)", + org.apache.sshd.client;version="[2.10.0,2.11.0)", + org.apache.sshd.client.auth;version="[2.10.0,2.11.0)", + org.apache.sshd.client.auth.keyboard;version="[2.10.0,2.11.0)", + org.apache.sshd.client.auth.password;version="[2.10.0,2.11.0)", + org.apache.sshd.client.auth.pubkey;version="[2.10.0,2.11.0)", + org.apache.sshd.client.channel;version="[2.10.0,2.11.0)", + org.apache.sshd.client.config.hosts;version="[2.10.0,2.11.0)", + org.apache.sshd.client.config.keys;version="[2.10.0,2.11.0)", + org.apache.sshd.client.future;version="[2.10.0,2.11.0)", + org.apache.sshd.client.keyverifier;version="[2.10.0,2.11.0)", + org.apache.sshd.client.session;version="[2.10.0,2.11.0)", + org.apache.sshd.client.session.forward;version="[2.10.0,2.11.0)", + org.apache.sshd.common;version="[2.10.0,2.11.0)", + org.apache.sshd.common.auth;version="[2.10.0,2.11.0)", + org.apache.sshd.common.channel;version="[2.10.0,2.11.0)", + org.apache.sshd.common.compression;version="[2.10.0,2.11.0)", + org.apache.sshd.common.config.keys;version="[2.10.0,2.11.0)", + org.apache.sshd.common.config.keys.loader;version="[2.10.0,2.11.0)", + org.apache.sshd.common.config.keys.loader.openssh.kdf;version="[2.10.0,2.11.0)", + org.apache.sshd.common.config.keys.u2f;version="[2.10.0,2.11.0)", + org.apache.sshd.common.digest;version="[2.10.0,2.11.0)", + org.apache.sshd.common.forward;version="[2.10.0,2.11.0)", + org.apache.sshd.common.future;version="[2.10.0,2.11.0)", + org.apache.sshd.common.helpers;version="[2.10.0,2.11.0)", + org.apache.sshd.common.io;version="[2.10.0,2.11.0)", + org.apache.sshd.common.kex;version="[2.10.0,2.11.0)", + org.apache.sshd.common.kex.extension;version="[2.10.0,2.11.0)", + org.apache.sshd.common.kex.extension.parser;version="[2.10.0,2.11.0)", + org.apache.sshd.common.keyprovider;version="[2.10.0,2.11.0)", + org.apache.sshd.common.mac;version="[2.10.0,2.11.0)", + org.apache.sshd.common.random;version="[2.10.0,2.11.0)", + org.apache.sshd.common.session;version="[2.10.0,2.11.0)", + org.apache.sshd.common.session.helpers;version="[2.10.0,2.11.0)", + org.apache.sshd.common.signature;version="[2.10.0,2.11.0)", + org.apache.sshd.common.util;version="[2.10.0,2.11.0)", + org.apache.sshd.common.util.buffer;version="[2.10.0,2.11.0)", + org.apache.sshd.common.util.buffer.keys;version="[2.10.0,2.11.0)", + org.apache.sshd.common.util.closeable;version="[2.10.0,2.11.0)", + org.apache.sshd.common.util.io;version="[2.10.0,2.11.0)", + org.apache.sshd.common.util.io.der;version="[2.10.0,2.11.0)", + org.apache.sshd.common.util.io.functors;version="[2.10.0,2.11.0)", + org.apache.sshd.common.util.io.resource;version="[2.10.0,2.11.0)", + org.apache.sshd.common.util.logging;version="[2.10.0,2.11.0)", + org.apache.sshd.common.util.net;version="[2.10.0,2.11.0)", + org.apache.sshd.common.util.security;version="[2.10.0,2.11.0)", + org.apache.sshd.core;version="[2.10.0,2.11.0)", + org.apache.sshd.server.auth;version="[2.10.0,2.11.0)", + org.apache.sshd.sftp;version="[2.10.0,2.11.0)", + org.apache.sshd.sftp.client;version="[2.10.0,2.11.0)", + org.apache.sshd.sftp.common;version="[2.10.0,2.11.0)", org.eclipse.jgit.annotations;version="[6.6.0,6.7.0)", org.eclipse.jgit.errors;version="[6.6.0,6.7.0)", org.eclipse.jgit.fnmatch;version="[6.6.0,6.7.0)", diff --git a/org.eclipse.jgit.ssh.apache/pom.xml b/org.eclipse.jgit.ssh.apache/pom.xml index 8a4d6690a7..6b1f08c35f 100644 --- a/org.eclipse.jgit.ssh.apache/pom.xml +++ b/org.eclipse.jgit.ssh.apache/pom.xml @@ -50,6 +50,16 @@ <groupId>org.apache.sshd</groupId> <artifactId>sshd-sftp</artifactId> <version>${apache-sshd-version}</version> + <exclusions> + <exclusion> + <groupId>org.apache.sshd</groupId> + <artifactId>sshd-common</artifactId> + </exclusion> + <exclusion> + <groupId>org.apache.sshd</groupId> + <artifactId>sshd-core</artifactId> + </exclusion> + </exclusions> </dependency> <dependency> diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthFactory.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthFactory.java deleted file mode 100644 index 715f3b8edd..0000000000 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthFactory.java +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch> and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Distribution License v. 1.0 which is available at - * https://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -package org.eclipse.jgit.internal.transport.sshd; - -import java.io.IOException; - -import org.apache.sshd.client.auth.AbstractUserAuthFactory; -import org.apache.sshd.client.auth.password.UserAuthPassword; -import org.apache.sshd.client.auth.password.UserAuthPasswordFactory; -import org.apache.sshd.client.session.ClientSession; - -/** - * A customized {@link UserAuthPasswordFactory} that creates instance of - * {@link JGitPasswordAuthentication}. - */ -public class JGitPasswordAuthFactory extends AbstractUserAuthFactory { - - /** The singleton {@link JGitPasswordAuthFactory}. */ - public static final JGitPasswordAuthFactory INSTANCE = new JGitPasswordAuthFactory(); - - private JGitPasswordAuthFactory() { - super(UserAuthPasswordFactory.NAME); - } - - @Override - public UserAuthPassword createUserAuth(ClientSession session) - throws IOException { - return new JGitPasswordAuthentication(); - } -} diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthentication.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthentication.java deleted file mode 100644 index 33c3c608f6..0000000000 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitPasswordAuthentication.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright (C) 2018, 2022 Thomas Wolf <thomas.wolf@paranor.ch> and others - * - * This program and the accompanying materials are made available under the - * terms of the Eclipse Distribution License v. 1.0 which is available at - * https://www.eclipse.org/org/documents/edl-v10.php. - * - * SPDX-License-Identifier: BSD-3-Clause - */ -package org.eclipse.jgit.internal.transport.sshd; - -import static org.apache.sshd.core.CoreModuleProperties.PASSWORD_PROMPTS; - -import org.apache.sshd.client.auth.password.UserAuthPassword; -import org.apache.sshd.client.session.ClientSession; - -/** - * A password authentication handler that respects the - * {@code NumberOfPasswordPrompts} ssh config. - */ -public class JGitPasswordAuthentication extends UserAuthPassword { - - private int maxAttempts; - - private int attempts; - - @Override - public void init(ClientSession session, String service) throws Exception { - super.init(session, service); - maxAttempts = Math.max(1, - PASSWORD_PROMPTS.getRequired(session).intValue()); - attempts = 0; - } - - @Override - protected String resolveAttemptedPassword(ClientSession session, - String service) throws Exception { - if (++attempts > maxAttempts) { - return null; - } - return super.resolveAttemptedPassword(session, service); - } -} diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java index 72f0bdb6ee..311cf198ae 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java @@ -32,10 +32,8 @@ import java.util.List; import java.util.Map; import java.util.NoSuchElementException; import java.util.Objects; -import java.util.function.Supplier; import java.util.stream.Collectors; -import org.apache.sshd.agent.SshAgentFactory; import org.apache.sshd.client.SshClient; import org.apache.sshd.client.config.hosts.HostConfigEntry; import org.apache.sshd.client.future.ConnectFuture; @@ -107,8 +105,6 @@ public class JGitSshClient extends SshClient { private ProxyDataFactory proxyDatabase; - private Supplier<SshAgentFactory> agentFactorySupplier = () -> null; - @Override protected SessionFactory createSessionFactory() { // Override the parent's default @@ -377,22 +373,6 @@ public class JGitSshClient extends SshClient { return credentialsProvider; } - @Override - public SshAgentFactory getAgentFactory() { - return agentFactorySupplier.get(); - } - - @Override - protected void checkConfig() { - // The super class requires channel factories for agent forwarding if a - // factory for an SSH agent is set. We haven't implemented this yet, and - // we don't do SSH agent forwarding for now. Unfortunately, there is no - // way to bypass this check in the super class except making - // getAgentFactory() return null until after the check. - super.checkConfig(); - agentFactorySupplier = super::getAgentFactory; - } - /** * A {@link SessionFactory} to create our own specialized * {@link JGitClientSession}s. diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/IdentityPasswordProvider.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/IdentityPasswordProvider.java index dd6894b662..807bda89bc 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/IdentityPasswordProvider.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/IdentityPasswordProvider.java @@ -252,22 +252,26 @@ public class IdentityPasswordProvider implements KeyPasswordProvider { protected boolean keyLoaded(URIish uri, State state, char[] password, Exception err) throws IOException, GeneralSecurityException { - if (err == null) { - return false; // Success, don't retry - } else if (err instanceof GeneralSecurityException) { + if (err == null || password == null) { + // Success, or an error before we even asked for a password (could + // also be a non-encrypted key, or a user cancellation): don't + // retry. + return false; + } + if (state != null && state.getCount() < attempts) { + // We asked for a password, and have not yet exhausted the number of + // attempts. Assume the password was incorrect. + return true; + } + // Attempts exhausted + if (err instanceof GeneralSecurityException) { + // Top-level exception with a better exception message. The + // framework would otherwise re-throw 'err'. throw new InvalidKeyException( format(SshdText.get().identityFileCannotDecrypt, uri), err); - } else { - // Unencrypted key (state == null && password == null), or exception - // before having asked for the password (state != null && password - // == null; might also be a user cancellation), or number of - // attempts exhausted. - if (state == null || password == null - || state.getCount() >= attempts) { - return false; - } - return true; } + // I/O error. + return false; } @Override diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java index c792c1889c..7798b80f18 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java @@ -33,6 +33,7 @@ import org.apache.sshd.client.ClientBuilder; import org.apache.sshd.client.SshClient; import org.apache.sshd.client.auth.UserAuthFactory; import org.apache.sshd.client.auth.keyboard.UserAuthKeyboardInteractiveFactory; +import org.apache.sshd.client.auth.password.UserAuthPasswordFactory; import org.apache.sshd.client.config.hosts.HostConfigEntryResolver; import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.compression.BuiltinCompressions; @@ -46,7 +47,6 @@ import org.eclipse.jgit.errors.TransportException; import org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile; import org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider; import org.eclipse.jgit.internal.transport.sshd.GssApiWithMicAuthFactory; -import org.eclipse.jgit.internal.transport.sshd.JGitPasswordAuthFactory; import org.eclipse.jgit.internal.transport.sshd.JGitPublicKeyAuthFactory; import org.eclipse.jgit.internal.transport.sshd.JGitServerKeyVerifier; import org.eclipse.jgit.internal.transport.sshd.JGitSshClient; @@ -607,7 +607,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable { return Collections.unmodifiableList( Arrays.asList(GssApiWithMicAuthFactory.INSTANCE, JGitPublicKeyAuthFactory.FACTORY, - JGitPasswordAuthFactory.INSTANCE, + UserAuthPasswordFactory.INSTANCE, UserAuthKeyboardInteractiveFactory.INSTANCE)); } |