diff options
Diffstat (limited to 'org.eclipse.jgit.ssh.apache')
15 files changed, 800 insertions, 256 deletions
diff --git a/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF b/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF index 1054cec9ee..6a11b18976 100644 --- a/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF +++ b/org.eclipse.jgit.ssh.apache/META-INF/MANIFEST.MF @@ -3,11 +3,12 @@ Bundle-ManifestVersion: 2 Bundle-Name: %Bundle-Name Automatic-Module-Name: org.eclipse.jgit.ssh.apache Bundle-SymbolicName: org.eclipse.jgit.ssh.apache -Bundle-Vendor: %Provider-Name +Bundle-Vendor: %Bundle-Vendor +Bundle-Localization: plugin Bundle-ActivationPolicy: lazy -Bundle-Version: 5.4.4.qualifier +Bundle-Version: 5.5.2.qualifier Bundle-RequiredExecutionEnvironment: JavaSE-1.8 -Export-Package: org.eclipse.jgit.internal.transport.sshd;version="5.4.4";x-internal:=true; +Export-Package: org.eclipse.jgit.internal.transport.sshd;version="5.5.2";x-internal:=true; uses:="org.apache.sshd.client, org.apache.sshd.client.auth, org.apache.sshd.client.auth.keyboard, @@ -22,9 +23,9 @@ Export-Package: org.eclipse.jgit.internal.transport.sshd;version="5.4.4";x-inter org.apache.sshd.common.signature, org.apache.sshd.common.util.buffer, org.eclipse.jgit.transport", - org.eclipse.jgit.internal.transport.sshd.auth;version="5.4.4";x-internal:=true, - org.eclipse.jgit.internal.transport.sshd.proxy;version="5.4.4";x-friends:="org.eclipse.jgit.ssh.apache.test", - org.eclipse.jgit.transport.sshd;version="5.4.4"; + org.eclipse.jgit.internal.transport.sshd.auth;version="5.5.2";x-internal:=true, + org.eclipse.jgit.internal.transport.sshd.proxy;version="5.5.2";x-friends:="org.eclipse.jgit.ssh.apache.test", + org.eclipse.jgit.transport.sshd;version="5.5.2"; uses:="org.eclipse.jgit.transport, org.apache.sshd.client.config.hosts, org.apache.sshd.common.keyprovider, @@ -74,12 +75,12 @@ Import-Package: net.i2p.crypto.eddsa;version="[0.3.0,0.4.0)", org.apache.sshd.common.util.net;version="[2.2.0,2.3.0)", org.apache.sshd.common.util.security;version="[2.2.0,2.3.0)", org.apache.sshd.server.auth;version="[2.2.0,2.3.0)", - org.eclipse.jgit.annotations;version="[5.4.4,5.5.0)", - org.eclipse.jgit.errors;version="[5.4.4,5.5.0)", - org.eclipse.jgit.fnmatch;version="[5.4.4,5.5.0)", - org.eclipse.jgit.internal.storage.file;version="[5.4.4,5.5.0)", - org.eclipse.jgit.internal.transport.ssh;version="[5.4.4,5.5.0)", - org.eclipse.jgit.nls;version="[5.4.4,5.5.0)", - org.eclipse.jgit.transport;version="[5.4.4,5.5.0)", - org.eclipse.jgit.util;version="[5.4.4,5.5.0)", + org.eclipse.jgit.annotations;version="[5.5.2,5.6.0)", + org.eclipse.jgit.errors;version="[5.5.2,5.6.0)", + org.eclipse.jgit.fnmatch;version="[5.5.2,5.6.0)", + org.eclipse.jgit.internal.storage.file;version="[5.5.2,5.6.0)", + org.eclipse.jgit.internal.transport.ssh;version="[5.5.2,5.6.0)", + org.eclipse.jgit.nls;version="[5.5.2,5.6.0)", + org.eclipse.jgit.transport;version="[5.5.2,5.6.0)", + org.eclipse.jgit.util;version="[5.5.2,5.6.0)", org.slf4j;version="[1.7.0,2.0.0)" diff --git a/org.eclipse.jgit.ssh.apache/META-INF/SOURCE-MANIFEST.MF b/org.eclipse.jgit.ssh.apache/META-INF/SOURCE-MANIFEST.MF index 3df5ff0e59..8991b5b608 100644 --- a/org.eclipse.jgit.ssh.apache/META-INF/SOURCE-MANIFEST.MF +++ b/org.eclipse.jgit.ssh.apache/META-INF/SOURCE-MANIFEST.MF @@ -3,5 +3,5 @@ Bundle-ManifestVersion: 2 Bundle-Name: org.eclipse.jgit.ssh.apache - Sources Bundle-SymbolicName: org.eclipse.jgit.ssh.apache.source Bundle-Vendor: Eclipse.org - JGit -Bundle-Version: 5.4.4.qualifier -Eclipse-SourceBundle: org.eclipse.jgit.ssh.apache;version="5.4.4.qualifier";roots="." +Bundle-Version: 5.5.2.qualifier +Eclipse-SourceBundle: org.eclipse.jgit.ssh.apache;version="5.5.2.qualifier";roots="." diff --git a/org.eclipse.jgit.ssh.apache/plugin.properties b/org.eclipse.jgit.ssh.apache/plugin.properties index 8f3540c0f0..8358cc1a78 100644 --- a/org.eclipse.jgit.ssh.apache/plugin.properties +++ b/org.eclipse.jgit.ssh.apache/plugin.properties @@ -1,2 +1,2 @@ -plugin_name=JGit SSH support based on Apache MINA sshd -provider_name=Eclipse JGit +Bundle-Name=JGit SSH support based on Apache MINA sshd +Bundle-Vendor=Eclipse JGit diff --git a/org.eclipse.jgit.ssh.apache/pom.xml b/org.eclipse.jgit.ssh.apache/pom.xml index bb21214908..f412d63fb7 100644 --- a/org.eclipse.jgit.ssh.apache/pom.xml +++ b/org.eclipse.jgit.ssh.apache/pom.xml @@ -50,7 +50,7 @@ <parent> <groupId>org.eclipse.jgit</groupId> <artifactId>org.eclipse.jgit-parent</artifactId> - <version>5.4.4-SNAPSHOT</version> + <version>5.5.2-SNAPSHOT</version> </parent> <artifactId>org.eclipse.jgit.ssh.apache</artifactId> diff --git a/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties b/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties index bdb4a7d0d1..4f85ebe100 100644 --- a/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties +++ b/org.eclipse.jgit.ssh.apache/resources/org/eclipse/jgit/internal/transport/sshd/SshdText.properties @@ -71,6 +71,9 @@ proxySocksPasswordTooLong=Password for proxy {0} must be at most 255 bytes long, proxySocksUnexpectedMessage=Unexpected message received from SOCKS5 proxy {0}; client state {1}: {2} proxySocksUnexpectedVersion=Expected SOCKS version 5, got {0} proxySocksUsernameTooLong=User name for proxy {0} must be at most 255 bytes long, is {1} bytes: {2} +serverIdNotReceived=No server identification received within {0} bytes +serverIdTooLong=Server identification is longer than 255 characters (including line ending): {0} +serverIdWithNul=Server identification contains a NUL character: {0} sessionCloseFailed=Closing the session failed sshClosingDown=Apache MINA sshd session factory is closing down; cannot create new ssh sessions on this factory sshCommandTimeout={0} timed out after {1} seconds while opening the channel diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java index 56f8ade667..1954abc75b 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitClientSession.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch> + * Copyright (C) 2018, 2019 Thomas Wolf <thomas.wolf@paranor.ch> * and other copyright owners as documented in the project's IP log. * * This program and the accompanying materials are made available @@ -46,6 +46,7 @@ import static java.text.MessageFormat.format; import java.io.IOException; import java.net.SocketAddress; +import java.nio.charset.StandardCharsets; import java.security.GeneralSecurityException; import java.security.PublicKey; import java.util.ArrayList; @@ -56,15 +57,16 @@ import java.util.Set; import org.apache.sshd.client.ClientFactoryManager; import org.apache.sshd.client.config.hosts.HostConfigEntry; -import org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair; import org.apache.sshd.client.keyverifier.ServerKeyVerifier; import org.apache.sshd.client.session.ClientSessionImpl; import org.apache.sshd.common.FactoryManager; +import org.apache.sshd.common.PropertyResolverUtils; import org.apache.sshd.common.SshException; import org.apache.sshd.common.config.keys.KeyUtils; import org.apache.sshd.common.io.IoSession; import org.apache.sshd.common.io.IoWriteFuture; import org.apache.sshd.common.util.Readable; +import org.apache.sshd.common.util.buffer.Buffer; import org.eclipse.jgit.errors.InvalidPatternException; import org.eclipse.jgit.fnmatch.FileNameMatcher; import org.eclipse.jgit.internal.transport.sshd.proxy.StatefulProxyConnector; @@ -82,11 +84,20 @@ import org.eclipse.jgit.transport.SshConstants; */ public class JGitClientSession extends ClientSessionImpl { + /** + * Default setting for the maximum number of bytes to read in the initial + * protocol version exchange. 64kb is what OpenSSH < 8.0 read; OpenSSH 8.0 + * changed it to 8Mb, but that seems excessive for the purpose stated in RFC + * 4253. The Apache MINA sshd default in + * {@link FactoryManager#DEFAULT_MAX_IDENTIFICATION_SIZE} is 16kb. + */ + private static final int DEFAULT_MAX_IDENTIFICATION_SIZE = 64 * 1024; + private HostConfigEntry hostConfig; private CredentialsProvider credentialsProvider; - private StatefulProxyConnector proxyHandler; + private volatile StatefulProxyConnector proxyHandler; /** * @param manager @@ -281,11 +292,10 @@ public class JGitClientSession extends ClientSessionImpl { if (verifier instanceof ServerKeyLookup) { SocketAddress remoteAddress = resolvePeerAddress( resolveAttribute(JGitSshClient.ORIGINAL_REMOTE_ADDRESS)); - List<HostEntryPair> allKnownKeys = ((ServerKeyLookup) verifier) + List<PublicKey> allKnownKeys = ((ServerKeyLookup) verifier) .lookup(this, remoteAddress); Set<String> reordered = new LinkedHashSet<>(); - for (HostEntryPair h : allKnownKeys) { - PublicKey key = h.getServerKey(); + for (PublicKey key : allKnownKeys) { if (key != null) { String keyType = KeyUtils.getKeyType(key); if (keyType != null) { @@ -332,4 +342,123 @@ public class JGitClientSession extends ClientSessionImpl { return newNames; } + @Override + protected boolean readIdentification(Buffer buffer) throws IOException { + // Propagate a failure from doReadIdentification. + // TODO: remove for sshd > 2.3.0; its doReadIdentification throws + // StreamCorruptedException instead of IllegalStateException. + try { + return super.readIdentification(buffer); + } catch (IllegalStateException e) { + throw new IOException(e.getLocalizedMessage(), e); + } + } + + /** + * Reads the RFC 4253, section 4.2 protocol version identification. The + * Apache MINA sshd default implementation checks for NUL bytes also in any + * preceding lines, whereas RFC 4253 requires such a check only for the + * actual identification string starting with "SSH-". Likewise, the 255 + * character limit exists only for the identification string, not for the + * preceding lines. CR-LF handling is also relaxed. + * + * @param buffer + * to read from + * @param server + * whether we're an SSH server (should always be {@code false}) + * @return the lines read, with the server identification line last, or + * {@code null} if no identification line was found and more bytes + * are needed + * + * @see <a href="https://tools.ietf.org/html/rfc4253#section-4.2">RFC 4253, + * section 4.2</a> + */ + @Override + protected List<String> doReadIdentification(Buffer buffer, boolean server) { + if (server) { + // Should never happen. No translation; internal bug. + throw new IllegalStateException( + "doReadIdentification of client called with server=true"); //$NON-NLS-1$ + } + int maxIdentSize = PropertyResolverUtils.getIntProperty(this, + FactoryManager.MAX_IDENTIFICATION_SIZE, + DEFAULT_MAX_IDENTIFICATION_SIZE); + int current = buffer.rpos(); + int end = current + buffer.available(); + if (current >= end) { + return null; + } + byte[] raw = buffer.array(); + List<String> ident = new ArrayList<>(); + int start = current; + boolean hasNul = false; + for (int i = current; i < end; i++) { + switch (raw[i]) { + case 0: + hasNul = true; + break; + case '\n': + int eol = 1; + if (i > start && raw[i - 1] == '\r') { + eol++; + } + String line = new String(raw, start, i + 1 - eol - start, + StandardCharsets.UTF_8); + start = i + 1; + if (log.isDebugEnabled()) { + log.debug(format("doReadIdentification({0}) line: ", this) + //$NON-NLS-1$ + escapeControls(line)); + } + ident.add(line); + if (line.startsWith("SSH-")) { //$NON-NLS-1$ + if (hasNul) { + throw new IllegalStateException( + format(SshdText.get().serverIdWithNul, + escapeControls(line))); + } + if (line.length() + eol > 255) { + throw new IllegalStateException( + format(SshdText.get().serverIdTooLong, + escapeControls(line))); + } + buffer.rpos(start); + return ident; + } + // If this were a server, we could throw an exception here: a + // client is not supposed to send any extra lines before its + // identification string. + hasNul = false; + break; + default: + break; + } + if (i - current + 1 >= maxIdentSize) { + String msg = format(SshdText.get().serverIdNotReceived, + Integer.toString(maxIdentSize)); + if (log.isDebugEnabled()) { + log.debug(msg); + log.debug(buffer.toHex()); + } + throw new IllegalStateException(msg); + } + } + // Need more data + return null; + } + + private static String escapeControls(String s) { + StringBuilder b = new StringBuilder(); + int l = s.length(); + for (int i = 0; i < l; i++) { + char ch = s.charAt(i); + if (Character.isISOControl(ch)) { + b.append(ch <= 0xF ? "\\u000" : "\\u00") //$NON-NLS-1$ //$NON-NLS-2$ + .append(Integer.toHexString(ch)); + } else { + b.append(ch); + } + } + return b.toString(); + } + } diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitServerKeyVerifier.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitServerKeyVerifier.java new file mode 100644 index 0000000000..b94515c157 --- /dev/null +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitServerKeyVerifier.java @@ -0,0 +1,190 @@ +/* + * Copyright (C) 2019 Thomas Wolf <thomas.wolf@paranor.ch> + * and other copyright owners as documented in the project's IP log. + * + * This program and the accompanying materials are made available + * under the terms of the Eclipse Distribution License v1.0 which + * accompanies this distribution, is reproduced below, and is + * available at http://www.eclipse.org/org/documents/edl-v10.php + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * - Neither the name of the Eclipse Foundation, Inc. nor the + * names of its contributors may be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +package org.eclipse.jgit.internal.transport.sshd; + +import static org.eclipse.jgit.internal.transport.ssh.OpenSshConfigFile.flag; + +import java.net.InetSocketAddress; +import java.net.SocketAddress; +import java.security.PublicKey; +import java.util.Collections; +import java.util.List; +import java.util.Locale; + +import org.apache.sshd.client.config.hosts.HostConfigEntry; +import org.apache.sshd.client.config.hosts.KnownHostHashValue; +import org.apache.sshd.client.keyverifier.ServerKeyVerifier; +import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.util.net.SshdSocketAddress; +import org.eclipse.jgit.annotations.NonNull; +import org.eclipse.jgit.transport.CredentialsProvider; +import org.eclipse.jgit.transport.SshConstants; +import org.eclipse.jgit.transport.sshd.ServerKeyDatabase; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * A bridge between the {@link ServerKeyVerifier} from Apache MINA sshd and our + * {@link ServerKeyDatabase}. + */ +public class JGitServerKeyVerifier + implements ServerKeyVerifier, ServerKeyLookup { + + private static final Logger LOG = LoggerFactory + .getLogger(JGitServerKeyVerifier.class); + + private final @NonNull ServerKeyDatabase database; + + /** + * Creates a new {@link JGitServerKeyVerifier} using the given + * {@link ServerKeyDatabase}. + * + * @param database + * to use + */ + public JGitServerKeyVerifier(@NonNull ServerKeyDatabase database) { + this.database = database; + } + + @Override + public List<PublicKey> lookup(ClientSession session, + SocketAddress remoteAddress) { + if (!(session instanceof JGitClientSession)) { + LOG.warn("Internal error: wrong session kind: " //$NON-NLS-1$ + + session.getClass().getName()); + return Collections.emptyList(); + } + if (!(remoteAddress instanceof InetSocketAddress)) { + return Collections.emptyList(); + } + SessionConfig config = new SessionConfig((JGitClientSession) session); + SshdSocketAddress connectAddress = SshdSocketAddress + .toSshdSocketAddress(session.getConnectAddress()); + String connect = KnownHostHashValue.createHostPattern( + connectAddress.getHostName(), connectAddress.getPort()); + return database.lookup(connect, (InetSocketAddress) remoteAddress, + config); + } + + @Override + public boolean verifyServerKey(ClientSession session, + SocketAddress remoteAddress, PublicKey serverKey) { + if (!(session instanceof JGitClientSession)) { + LOG.warn("Internal error: wrong session kind: " //$NON-NLS-1$ + + session.getClass().getName()); + return false; + } + if (!(remoteAddress instanceof InetSocketAddress)) { + return false; + } + SessionConfig config = new SessionConfig((JGitClientSession) session); + SshdSocketAddress connectAddress = SshdSocketAddress + .toSshdSocketAddress(session.getConnectAddress()); + String connect = KnownHostHashValue.createHostPattern( + connectAddress.getHostName(), connectAddress.getPort()); + CredentialsProvider provider = ((JGitClientSession) session) + .getCredentialsProvider(); + return database.accept(connect, (InetSocketAddress) remoteAddress, + serverKey, config, provider); + } + + private static class SessionConfig + implements ServerKeyDatabase.Configuration { + + private final JGitClientSession session; + + public SessionConfig(JGitClientSession session) { + this.session = session; + } + + private List<String> get(String key) { + HostConfigEntry entry = session.getHostConfigEntry(); + if (entry instanceof JGitHostConfigEntry) { + // Always true! + return ((JGitHostConfigEntry) entry).getMultiValuedOptions() + .get(key); + } + return Collections.emptyList(); + } + + @Override + public List<String> getUserKnownHostsFiles() { + return get(SshConstants.USER_KNOWN_HOSTS_FILE); + } + + @Override + public List<String> getGlobalKnownHostsFiles() { + return get(SshConstants.GLOBAL_KNOWN_HOSTS_FILE); + } + + @Override + public StrictHostKeyChecking getStrictHostKeyChecking() { + HostConfigEntry entry = session.getHostConfigEntry(); + String value = entry + .getProperty(SshConstants.STRICT_HOST_KEY_CHECKING, "ask"); //$NON-NLS-1$ + switch (value.toLowerCase(Locale.ROOT)) { + case SshConstants.YES: + case SshConstants.ON: + return StrictHostKeyChecking.REQUIRE_MATCH; + case SshConstants.NO: + case SshConstants.OFF: + return StrictHostKeyChecking.ACCEPT_ANY; + case "accept-new": //$NON-NLS-1$ + return StrictHostKeyChecking.ACCEPT_NEW; + default: + return StrictHostKeyChecking.ASK; + } + } + + @Override + public boolean getHashKnownHosts() { + HostConfigEntry entry = session.getHostConfigEntry(); + return flag(entry.getProperty(SshConstants.HASH_KNOWN_HOSTS)); + } + + @Override + public String getUsername() { + return session.getUsername(); + } + } +} diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java index 98e71dfe4b..377eabb00a 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshClient.java @@ -177,6 +177,10 @@ public class JGitSshClient extends SshClient { return remoteAddress; } InetSocketAddress address = (InetSocketAddress) proxy.address(); + if (address.isUnresolved()) { + address = new InetSocketAddress(address.getHostName(), + address.getPort()); + } switch (proxy.type()) { case HTTP: setClientProxyConnector( diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshConfig.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshConfig.java index 6468b3e276..54a2a052a7 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshConfig.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/JGitSshConfig.java @@ -83,7 +83,9 @@ import org.eclipse.jgit.transport.SshConstants; */ public class JGitSshConfig implements HostConfigEntryResolver { - private OpenSshConfigFile configFile; + private final OpenSshConfigFile configFile; + + private final String localUserName; /** * Creates a new {@link OpenSshConfigFile} that will read the config from @@ -92,20 +94,22 @@ public class JGitSshConfig implements HostConfigEntryResolver { * @param home * user's home directory for the purpose of ~ replacement * @param config - * file to load. + * file to load; may be {@code null} if no ssh config file + * handling is desired * @param localUserName * user name of the current user on the local host OS */ - public JGitSshConfig(@NonNull File home, @NonNull File config, + public JGitSshConfig(@NonNull File home, File config, @NonNull String localUserName) { - configFile = new OpenSshConfigFile(home, config, localUserName); + this.localUserName = localUserName; + configFile = config == null ? null : new OpenSshConfigFile(home, config, localUserName); } @Override public HostConfigEntry resolveEffectiveHost(String host, int port, SocketAddress localAddress, String username, AttributeRepository attributes) throws IOException { - HostEntry entry = configFile.lookup(host, port, username); + HostEntry entry = configFile == null ? new HostEntry() : configFile.lookup(host, port, username); JGitHostConfigEntry config = new JGitHostConfigEntry(); // Apache MINA conflates all keys, even multi-valued ones, in one map // and puts multiple values separated by commas in one string. See @@ -131,7 +135,7 @@ public class JGitSshConfig implements HostConfigEntryResolver { String user = username != null && !username.isEmpty() ? username : entry.getValue(SshConstants.USER); if (user == null || user.isEmpty()) { - user = configFile.getLocalUserName(); + user = localUserName; } config.setUsername(user); config.setProperty(SshConstants.USER, user); diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyVerifier.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java index 381f7cfc22..f4849ce4a3 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyVerifier.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/OpenSshServerKeyDatabase.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch> + * Copyright (C) 2018, 2019 Thomas Wolf <thomas.wolf@paranor.ch> * and other copyright owners as documented in the project's IP log. * * This program and the accompanying materials are made available @@ -47,7 +47,6 @@ import static java.text.MessageFormat.format; import java.io.BufferedReader; import java.io.BufferedWriter; -import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.io.OutputStreamWriter; @@ -59,34 +58,39 @@ import java.nio.file.Path; import java.nio.file.Paths; import java.security.GeneralSecurityException; import java.security.PublicKey; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.LinkedList; import java.util.List; -import java.util.Locale; import java.util.Map; +import java.util.TreeSet; import java.util.concurrent.ConcurrentHashMap; import java.util.function.Supplier; -import org.apache.sshd.client.config.hosts.HostConfigEntry; +import org.apache.sshd.client.config.hosts.HostPatternsHolder; +import org.apache.sshd.client.config.hosts.KnownHostDigest; import org.apache.sshd.client.config.hosts.KnownHostEntry; -import org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier; +import org.apache.sshd.client.config.hosts.KnownHostHashValue; import org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair; -import org.apache.sshd.client.keyverifier.ServerKeyVerifier; import org.apache.sshd.client.session.ClientSession; +import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.config.keys.AuthorizedKeyEntry; import org.apache.sshd.common.config.keys.KeyUtils; +import org.apache.sshd.common.config.keys.PublicKeyEntry; import org.apache.sshd.common.config.keys.PublicKeyEntryResolver; import org.apache.sshd.common.digest.BuiltinDigests; +import org.apache.sshd.common.mac.Mac; import org.apache.sshd.common.util.io.ModifiableFileWatcher; import org.apache.sshd.common.util.net.SshdSocketAddress; +import org.eclipse.jgit.annotations.NonNull; import org.eclipse.jgit.internal.storage.file.LockFile; import org.eclipse.jgit.transport.CredentialItem; import org.eclipse.jgit.transport.CredentialsProvider; -import org.eclipse.jgit.transport.SshConstants; import org.eclipse.jgit.transport.URIish; +import org.eclipse.jgit.transport.sshd.ServerKeyDatabase; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -148,14 +152,14 @@ import org.slf4j.LoggerFactory; * @see <a href="http://man.openbsd.org/OpenBSD-current/man5/ssh_config.5">man * ssh-config</a> */ -public class OpenSshServerKeyVerifier - implements ServerKeyVerifier, ServerKeyLookup { +public class OpenSshServerKeyDatabase + implements ServerKeyDatabase { // TODO: GlobalKnownHostsFile? May need some kind of LRU caching; these // files may be large! private static final Logger LOG = LoggerFactory - .getLogger(OpenSshServerKeyVerifier.class); + .getLogger(OpenSshServerKeyDatabase.class); /** Can be used to mark revoked known host lines. */ private static final String MARKER_REVOKED = "revoked"; //$NON-NLS-1$ @@ -166,12 +170,8 @@ public class OpenSshServerKeyVerifier private final List<HostKeyFile> defaultFiles = new ArrayList<>(); - private enum ModifiedKeyHandling { - DENY, ALLOW, ALLOW_AND_STORE - } - /** - * Creates a new {@link OpenSshServerKeyVerifier}. + * Creates a new {@link OpenSshServerKeyDatabase}. * * @param askAboutNewFile * whether to ask the user, if possible, about creating a new @@ -181,7 +181,7 @@ public class OpenSshServerKeyVerifier * empty or {@code null}, in which case no default files are * installed. The files need not exist. */ - public OpenSshServerKeyVerifier(boolean askAboutNewFile, + public OpenSshServerKeyDatabase(boolean askAboutNewFile, List<Path> defaultFiles) { if (defaultFiles != null) { for (Path file : defaultFiles) { @@ -193,38 +193,30 @@ public class OpenSshServerKeyVerifier this.askAboutNewFile = askAboutNewFile; } - private List<HostKeyFile> getFilesToUse(ClientSession session) { + private List<HostKeyFile> getFilesToUse(@NonNull Configuration config) { List<HostKeyFile> filesToUse = defaultFiles; - if (session instanceof JGitClientSession) { - HostConfigEntry entry = ((JGitClientSession) session) - .getHostConfigEntry(); - if (entry instanceof JGitHostConfigEntry) { - // Always true! - List<HostKeyFile> userFiles = addUserHostKeyFiles( - ((JGitHostConfigEntry) entry).getMultiValuedOptions() - .get(SshConstants.USER_KNOWN_HOSTS_FILE)); - if (!userFiles.isEmpty()) { - filesToUse = userFiles; - } - } + List<HostKeyFile> userFiles = addUserHostKeyFiles( + config.getUserKnownHostsFiles()); + if (!userFiles.isEmpty()) { + filesToUse = userFiles; } return filesToUse; } @Override - public List<HostEntryPair> lookup(ClientSession session, - SocketAddress remote) { - List<HostKeyFile> filesToUse = getFilesToUse(session); - HostKeyHelper helper = new HostKeyHelper(); - List<HostEntryPair> result = new ArrayList<>(); - Collection<SshdSocketAddress> candidates = helper - .resolveHostNetworkIdentities(session, remote); + public List<PublicKey> lookup(@NonNull String connectAddress, + @NonNull InetSocketAddress remoteAddress, + @NonNull Configuration config) { + List<HostKeyFile> filesToUse = getFilesToUse(config); + List<PublicKey> result = new ArrayList<>(); + Collection<SshdSocketAddress> candidates = getCandidates( + connectAddress, remoteAddress); for (HostKeyFile file : filesToUse) { for (HostEntryPair current : file.get()) { KnownHostEntry entry = current.getHostEntry(); for (SshdSocketAddress host : candidates) { if (entry.isHostMatch(host.getHostName(), host.getPort())) { - result.add(current); + result.add(current.getServerKey()); break; } } @@ -234,22 +226,23 @@ public class OpenSshServerKeyVerifier } @Override - public boolean verifyServerKey(ClientSession clientSession, - SocketAddress remoteAddress, PublicKey serverKey) { - List<HostKeyFile> filesToUse = getFilesToUse(clientSession); - AskUser ask = new AskUser(); + public boolean accept(@NonNull String connectAddress, + @NonNull InetSocketAddress remoteAddress, + @NonNull PublicKey serverKey, + @NonNull Configuration config, CredentialsProvider provider) { + List<HostKeyFile> filesToUse = getFilesToUse(config); + AskUser ask = new AskUser(config, provider); HostEntryPair[] modified = { null }; Path path = null; - HostKeyHelper helper = new HostKeyHelper(); + Collection<SshdSocketAddress> candidates = getCandidates(connectAddress, + remoteAddress); for (HostKeyFile file : filesToUse) { try { - if (find(clientSession, remoteAddress, serverKey, file.get(), - modified, helper)) { + if (find(candidates, serverKey, file.get(), modified)) { return true; } } catch (RevokedKeyException e) { - ask.revokedKey(clientSession, remoteAddress, serverKey, - file.getPath()); + ask.revokedKey(remoteAddress, serverKey, file.getPath()); return false; } if (path == null && modified[0] != null) { @@ -260,20 +253,19 @@ public class OpenSshServerKeyVerifier } if (modified[0] != null) { // We found an entry, but with a different key - ModifiedKeyHandling toDo = ask.acceptModifiedServerKey( - clientSession, remoteAddress, modified[0].getServerKey(), + AskUser.ModifiedKeyHandling toDo = ask.acceptModifiedServerKey( + remoteAddress, modified[0].getServerKey(), serverKey, path); - if (toDo == ModifiedKeyHandling.ALLOW_AND_STORE) { + if (toDo == AskUser.ModifiedKeyHandling.ALLOW_AND_STORE) { try { - updateModifiedServerKey(clientSession, remoteAddress, - serverKey, modified[0], path, helper); + updateModifiedServerKey(serverKey, modified[0], path); knownHostsFiles.get(path).resetReloadAttributes(); } catch (IOException e) { LOG.warn(format(SshdText.get().knownHostsCouldNotUpdate, path)); } } - if (toDo == ModifiedKeyHandling.DENY) { + if (toDo == AskUser.ModifiedKeyHandling.DENY) { return false; } // TODO: OpenSsh disables password and keyboard-interactive @@ -281,18 +273,20 @@ public class OpenSshServerKeyVerifier // are switched off. (Plus a few other things such as X11 forwarding // that are of no interest to a git client.) return true; - } else if (ask.acceptUnknownKey(clientSession, remoteAddress, - serverKey)) { + } else if (ask.acceptUnknownKey(remoteAddress, serverKey)) { if (!filesToUse.isEmpty()) { HostKeyFile toUpdate = filesToUse.get(0); path = toUpdate.getPath(); try { - updateKnownHostsFile(clientSession, remoteAddress, - serverKey, path, helper); - toUpdate.resetReloadAttributes(); - } catch (IOException e) { + if (Files.exists(path) || !askAboutNewFile + || ask.createNewFile(path)) { + updateKnownHostsFile(candidates, serverKey, path, + config); + toUpdate.resetReloadAttributes(); + } + } catch (Exception e) { LOG.warn(format(SshdText.get().knownHostsCouldNotUpdate, - path)); + path), e); } } return true; @@ -304,12 +298,9 @@ public class OpenSshServerKeyVerifier private static final long serialVersionUID = 1L; } - private boolean find(ClientSession clientSession, - SocketAddress remoteAddress, PublicKey serverKey, - List<HostEntryPair> entries, HostEntryPair[] modified, - HostKeyHelper helper) throws RevokedKeyException { - Collection<SshdSocketAddress> candidates = helper - .resolveHostNetworkIdentities(clientSession, remoteAddress); + private boolean find(Collection<SshdSocketAddress> candidates, + PublicKey serverKey, List<HostEntryPair> entries, + HostEntryPair[] modified) throws RevokedKeyException { for (HostEntryPair current : entries) { KnownHostEntry entry = current.getHostEntry(); for (SshdSocketAddress host : candidates) { @@ -355,33 +346,13 @@ public class OpenSshServerKeyVerifier return userFiles; } - private void updateKnownHostsFile(ClientSession clientSession, - SocketAddress remoteAddress, PublicKey serverKey, Path path, - HostKeyHelper updater) - throws IOException { - KnownHostEntry entry = updater.prepareKnownHostEntry(clientSession, - remoteAddress, serverKey); - if (entry == null) { + private void updateKnownHostsFile(Collection<SshdSocketAddress> candidates, + PublicKey serverKey, Path path, Configuration config) + throws Exception { + String newEntry = createHostKeyLine(candidates, serverKey, config); + if (newEntry == null) { return; } - if (!Files.exists(path)) { - if (askAboutNewFile) { - CredentialsProvider provider = getCredentialsProvider( - clientSession); - if (provider == null) { - // We can't ask, so don't create the file - return; - } - URIish uri = new URIish().setPath(path.toString()); - if (!askUser(provider, uri, // - format(SshdText.get().knownHostsUserAskCreationPrompt, - path), // - format(SshdText.get().knownHostsUserAskCreationMsg, - path))) { - return; - } - } - } LockFile lock = new LockFile(path.toFile()); if (lock.lockForAppend()) { try { @@ -389,7 +360,7 @@ public class OpenSshServerKeyVerifier new OutputStreamWriter(lock.getOutputStream(), UTF_8))) { writer.newLine(); - writer.write(entry.getConfigLine()); + writer.write(newEntry); writer.newLine(); } lock.commit(); @@ -403,15 +374,12 @@ public class OpenSshServerKeyVerifier } } - private void updateModifiedServerKey(ClientSession clientSession, - SocketAddress remoteAddress, PublicKey serverKey, - HostEntryPair entry, Path path, HostKeyHelper helper) + private void updateModifiedServerKey(PublicKey serverKey, + HostEntryPair entry, Path path) throws IOException { KnownHostEntry hostEntry = entry.getHostEntry(); String oldLine = hostEntry.getConfigLine(); - String newLine = helper.prepareModifiedServerKeyLine(clientSession, - remoteAddress, hostEntry, oldLine, entry.getServerKey(), - serverKey); + String newLine = updateHostKeyLine(oldLine, serverKey); if (newLine == null || newLine.isEmpty()) { return; } @@ -454,78 +422,65 @@ public class OpenSshServerKeyVerifier } } - private static CredentialsProvider getCredentialsProvider( - ClientSession session) { - if (session instanceof JGitClientSession) { - return ((JGitClientSession) session).getCredentialsProvider(); - } - return null; - } + private static class AskUser { - private static boolean askUser(CredentialsProvider provider, URIish uri, - String prompt, String... messages) { - List<CredentialItem> items = new ArrayList<>(messages.length + 1); - for (String message : messages) { - items.add(new CredentialItem.InformationalMessage(message)); - } - if (prompt != null) { - CredentialItem.YesNoType answer = new CredentialItem.YesNoType( - prompt); - items.add(answer); - return provider.get(uri, items) && answer.getValue(); - } else { - return provider.get(uri, items); + public enum ModifiedKeyHandling { + DENY, ALLOW, ALLOW_AND_STORE } - } - - private static class AskUser { private enum Check { ASK, DENY, ALLOW; } - @SuppressWarnings("nls") - private Check checkMode(ClientSession session, - SocketAddress remoteAddress, boolean changed) { + private final @NonNull Configuration config; + + private final CredentialsProvider provider; + + public AskUser(@NonNull Configuration config, + CredentialsProvider provider) { + this.config = config; + this.provider = provider; + } + + private static boolean askUser(CredentialsProvider provider, URIish uri, + String prompt, String... messages) { + List<CredentialItem> items = new ArrayList<>(messages.length + 1); + for (String message : messages) { + items.add(new CredentialItem.InformationalMessage(message)); + } + if (prompt != null) { + CredentialItem.YesNoType answer = new CredentialItem.YesNoType( + prompt); + items.add(answer); + return provider.get(uri, items) && answer.getValue(); + } else { + return provider.get(uri, items); + } + } + + private Check checkMode(SocketAddress remoteAddress, boolean changed) { if (!(remoteAddress instanceof InetSocketAddress)) { return Check.DENY; } - if (session instanceof JGitClientSession) { - HostConfigEntry entry = ((JGitClientSession) session) - .getHostConfigEntry(); - String value = entry.getProperty( - SshConstants.STRICT_HOST_KEY_CHECKING, "ask"); - switch (value.toLowerCase(Locale.ROOT)) { - case SshConstants.YES: - case SshConstants.ON: - return Check.DENY; - case SshConstants.NO: - case SshConstants.OFF: - return Check.ALLOW; - case "accept-new": - return changed ? Check.DENY : Check.ALLOW; - default: - break; - } - } - if (getCredentialsProvider(session) == null) { - // This is called only for new, unknown hosts. If we have no way - // to interact with the user, the fallback mode is to deny the - // key. + switch (config.getStrictHostKeyChecking()) { + case REQUIRE_MATCH: return Check.DENY; + case ACCEPT_ANY: + return Check.ALLOW; + case ACCEPT_NEW: + return changed ? Check.DENY : Check.ALLOW; + default: + return provider == null ? Check.DENY : Check.ASK; } - return Check.ASK; } - public void revokedKey(ClientSession clientSession, - SocketAddress remoteAddress, PublicKey serverKey, Path path) { - CredentialsProvider provider = getCredentialsProvider( - clientSession); + public void revokedKey(SocketAddress remoteAddress, PublicKey serverKey, + Path path) { if (provider == null) { return; } InetSocketAddress remote = (InetSocketAddress) remoteAddress; - URIish uri = JGitUserInteraction.toURI(clientSession.getUsername(), + URIish uri = JGitUserInteraction.toURI(config.getUsername(), remote); String sha256 = KeyUtils.getFingerPrint(BuiltinDigests.sha256, serverKey); @@ -539,14 +494,12 @@ public class OpenSshServerKeyVerifier md5, sha256); } - public boolean acceptUnknownKey(ClientSession clientSession, - SocketAddress remoteAddress, PublicKey serverKey) { - Check check = checkMode(clientSession, remoteAddress, false); + public boolean acceptUnknownKey(SocketAddress remoteAddress, + PublicKey serverKey) { + Check check = checkMode(remoteAddress, false); if (check != Check.ASK) { return check == Check.ALLOW; } - CredentialsProvider provider = getCredentialsProvider( - clientSession); InetSocketAddress remote = (InetSocketAddress) remoteAddress; // Ask the user String sha256 = KeyUtils.getFingerPrint(BuiltinDigests.sha256, @@ -554,7 +507,7 @@ public class OpenSshServerKeyVerifier String md5 = KeyUtils.getFingerPrint(BuiltinDigests.md5, serverKey); String keyAlgorithm = serverKey.getAlgorithm(); String remoteHost = remote.getHostString(); - URIish uri = JGitUserInteraction.toURI(clientSession.getUsername(), + URIish uri = JGitUserInteraction.toURI(config.getUsername(), remote); String prompt = SshdText.get().knownHostsUnknownKeyPrompt; return askUser(provider, uri, prompt, // @@ -566,19 +519,17 @@ public class OpenSshServerKeyVerifier } public ModifiedKeyHandling acceptModifiedServerKey( - ClientSession clientSession, - SocketAddress remoteAddress, PublicKey expected, + InetSocketAddress remoteAddress, PublicKey expected, PublicKey actual, Path path) { - Check check = checkMode(clientSession, remoteAddress, true); + Check check = checkMode(remoteAddress, true); if (check == Check.ALLOW) { // Never auto-store on CHECK.ALLOW return ModifiedKeyHandling.ALLOW; } - InetSocketAddress remote = (InetSocketAddress) remoteAddress; String keyAlgorithm = actual.getAlgorithm(); - String remoteHost = remote.getHostString(); - URIish uri = JGitUserInteraction.toURI(clientSession.getUsername(), - remote); + String remoteHost = remoteAddress.getHostString(); + URIish uri = JGitUserInteraction.toURI(config.getUsername(), + remoteAddress); List<String> messages = new ArrayList<>(); String warning = format( SshdText.get().knownHostsModifiedKeyWarning, @@ -589,8 +540,6 @@ public class OpenSshServerKeyVerifier KeyUtils.getFingerPrint(BuiltinDigests.sha256, actual)); messages.addAll(Arrays.asList(warning.split("\n"))); //$NON-NLS-1$ - CredentialsProvider provider = getCredentialsProvider( - clientSession); if (check == Check.DENY) { if (provider != null) { messages.add(format( @@ -618,6 +567,17 @@ public class OpenSshServerKeyVerifier return ModifiedKeyHandling.DENY; } + public boolean createNewFile(Path path) { + if (provider == null) { + // We can't ask, so don't create the file + return false; + } + URIish uri = new URIish().setPath(path.toString()); + return askUser(provider, uri, // + format(SshdText.get().knownHostsUserAskCreationPrompt, + path), // + format(SshdText.get().knownHostsUserAskCreationMsg, path)); + } } private static class HostKeyFile extends ModifiableFileWatcher @@ -694,50 +654,108 @@ public class OpenSshServerKeyVerifier } } - // The stuff below is just a hack to avoid having to copy a lot of code from - // KnownHostsServerKeyVerifier - - private static class HostKeyHelper extends KnownHostsServerKeyVerifier { - - public HostKeyHelper() { - // These two arguments will never be used in any way. - super((c, r, s) -> false, new File(".").toPath()); //$NON-NLS-1$ + private int parsePort(String s) { + try { + return Integer.parseInt(s); + } catch (NumberFormatException e) { + return -1; } + } - @Override - protected KnownHostEntry prepareKnownHostEntry( - ClientSession clientSession, SocketAddress remoteAddress, - PublicKey serverKey) throws IOException { - // Make this method accessible - try { - return super.prepareKnownHostEntry(clientSession, remoteAddress, - serverKey); - } catch (Exception e) { - throw new IOException(e.getMessage(), e); + private SshdSocketAddress toSshdSocketAddress(@NonNull String address) { + String host = null; + int port = 0; + if (HostPatternsHolder.NON_STANDARD_PORT_PATTERN_ENCLOSURE_START_DELIM == address + .charAt(0)) { + int end = address.indexOf( + HostPatternsHolder.NON_STANDARD_PORT_PATTERN_ENCLOSURE_END_DELIM); + if (end <= 1) { + return null; // Invalid } + host = address.substring(1, end); + if (end < address.length() - 1 + && HostPatternsHolder.PORT_VALUE_DELIMITER == address + .charAt(end + 1)) { + port = parsePort(address.substring(end + 2)); + } + } else { + int i = address + .lastIndexOf(HostPatternsHolder.PORT_VALUE_DELIMITER); + if (i > 0) { + port = parsePort(address.substring(i + 1)); + host = address.substring(0, i); + } else { + host = address; + } + } + if (port < 0 || port > 65535) { + return null; } + return new SshdSocketAddress(host, port); + } - @Override - protected String prepareModifiedServerKeyLine( - ClientSession clientSession, SocketAddress remoteAddress, - KnownHostEntry entry, String curLine, PublicKey expected, - PublicKey actual) throws IOException { - // Make this method accessible - try { - return super.prepareModifiedServerKeyLine(clientSession, - remoteAddress, entry, curLine, expected, actual); - } catch (Exception e) { - throw new IOException(e.getMessage(), e); + private Collection<SshdSocketAddress> getCandidates( + @NonNull String connectAddress, + @NonNull InetSocketAddress remoteAddress) { + Collection<SshdSocketAddress> candidates = new TreeSet<>( + SshdSocketAddress.BY_HOST_AND_PORT); + candidates.add(SshdSocketAddress.toSshdSocketAddress(remoteAddress)); + SshdSocketAddress address = toSshdSocketAddress(connectAddress); + if (address != null) { + candidates.add(address); + } + return candidates; + } + + private String createHostKeyLine(Collection<SshdSocketAddress> patterns, + PublicKey key, Configuration config) throws Exception { + StringBuilder result = new StringBuilder(); + if (config.getHashKnownHosts()) { + // SHA1 is the only algorithm for host name hashing known to OpenSSH + // or to Apache MINA sshd. + NamedFactory<Mac> digester = KnownHostDigest.SHA1; + Mac mac = digester.create(); + SecureRandom prng = new SecureRandom(); + byte[] salt = new byte[mac.getDefaultBlockSize()]; + for (SshdSocketAddress address : patterns) { + if (result.length() > 0) { + result.append(','); + } + prng.nextBytes(salt); + KnownHostHashValue.append(result, digester, salt, + KnownHostHashValue.calculateHashValue( + address.getHostName(), address.getPort(), mac, + salt)); + } + } else { + for (SshdSocketAddress address : patterns) { + if (result.length() > 0) { + result.append(','); + } + KnownHostHashValue.appendHostPattern(result, + address.getHostName(), address.getPort()); } } + result.append(' '); + PublicKeyEntry.appendPublicKeyEntry(result, key); + return result.toString(); + } - @Override - protected Collection<SshdSocketAddress> resolveHostNetworkIdentities( - ClientSession clientSession, SocketAddress remoteAddress) { - // Make this method accessible - return super.resolveHostNetworkIdentities(clientSession, - remoteAddress); + private String updateHostKeyLine(String line, PublicKey newKey) + throws IOException { + // Replaces an existing public key by the new key + int pos = line.indexOf(' '); + if (pos > 0 && line.charAt(0) == KnownHostEntry.MARKER_INDICATOR) { + // We're at the end of the marker. Skip ahead to the next blank. + pos = line.indexOf(' ', pos + 1); + } + if (pos < 0) { + // Don't update if bogus format + return null; } + StringBuilder result = new StringBuilder(line.substring(0, pos + 1)); + PublicKeyEntry.appendPublicKeyEntry(result, newKey); + return result.toString(); } } diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/ServerKeyLookup.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/ServerKeyLookup.java index 4f5f497f7f..2baeb28871 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/ServerKeyLookup.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/ServerKeyLookup.java @@ -43,9 +43,9 @@ package org.eclipse.jgit.internal.transport.sshd; import java.net.SocketAddress; +import java.security.PublicKey; import java.util.List; -import org.apache.sshd.client.keyverifier.KnownHostsServerKeyVerifier.HostEntryPair; import org.apache.sshd.client.session.ClientSession; import org.eclipse.jgit.annotations.NonNull; @@ -55,7 +55,7 @@ import org.eclipse.jgit.annotations.NonNull; public interface ServerKeyLookup { /** - * Retrieves all entries for a given remote address. + * Retrieves all public keys known for a given remote. * * @param session * needed to determine the config files if specified in the ssh @@ -65,5 +65,5 @@ public interface ServerKeyLookup { * @return a possibly empty list of entries found, including revoked ones */ @NonNull - List<HostEntryPair> lookup(ClientSession session, SocketAddress remote); + List<PublicKey> lookup(ClientSession session, SocketAddress remote); } diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java index bf432be5a6..f67170e407 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/internal/transport/sshd/SshdText.java @@ -83,6 +83,9 @@ public final class SshdText extends TranslationBundle { /***/ public String proxySocksUnexpectedMessage; /***/ public String proxySocksUnexpectedVersion; /***/ public String proxySocksUsernameTooLong; + /***/ public String serverIdNotReceived; + /***/ public String serverIdTooLong; + /***/ public String serverIdWithNul; /***/ public String sessionCloseFailed; /***/ public String sshClosingDown; /***/ public String sshCommandTimeout; diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/DefaultProxyDataFactory.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/DefaultProxyDataFactory.java index 97e0da0428..66e595c6cc 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/DefaultProxyDataFactory.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/DefaultProxyDataFactory.java @@ -62,8 +62,8 @@ public class DefaultProxyDataFactory implements ProxyDataFactory { public ProxyData get(InetSocketAddress remoteAddress) { try { List<Proxy> proxies = ProxySelector.getDefault() - .select(new URI(Proxy.Type.SOCKS.name(), - "//" + remoteAddress.getHostString(), null)); //$NON-NLS-1$ + .select(new URI( + "socket://" + remoteAddress.getHostString())); //$NON-NLS-1$ ProxyData data = getData(proxies, Proxy.Type.SOCKS); if (data == null) { proxies = ProxySelector.getDefault() diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/ServerKeyDatabase.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/ServerKeyDatabase.java new file mode 100644 index 0000000000..bdfb96d0c7 --- /dev/null +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/ServerKeyDatabase.java @@ -0,0 +1,177 @@ +/* + * Copyright (C) 2019 Thomas Wolf <thomas.wolf@paranor.ch> + * and other copyright owners as documented in the project's IP log. + * + * This program and the accompanying materials are made available + * under the terms of the Eclipse Distribution License v1.0 which + * accompanies this distribution, is reproduced below, and is + * available at http://www.eclipse.org/org/documents/edl-v10.php + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or + * without modification, are permitted provided that the following + * conditions are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials provided + * with the distribution. + * + * - Neither the name of the Eclipse Foundation, Inc. nor the + * names of its contributors may be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +package org.eclipse.jgit.transport.sshd; + +import java.net.InetSocketAddress; +import java.security.PublicKey; +import java.util.List; + +import org.eclipse.jgit.annotations.NonNull; +import org.eclipse.jgit.transport.CredentialsProvider; + +/** + * An interface for a database of known server keys, supporting finding all + * known keys and also deciding whether a server key is to be accepted. + * <p> + * Connection addresses are given as strings of the format + * {@code [hostName]:port} if using a non-standard port (i.e., not port 22), + * otherwise just {@code hostname}. + * </p> + * + * @since 5.5 + */ +public interface ServerKeyDatabase { + + /** + * Retrieves all known host keys for the given addresses. + * + * @param connectAddress + * IP address the session tried to connect to + * @param remoteAddress + * IP address as reported for the remote end point + * @param config + * giving access to potentially interesting configuration + * settings + * @return the list of known keys for the given addresses + */ + @NonNull + List<PublicKey> lookup(@NonNull String connectAddress, + @NonNull InetSocketAddress remoteAddress, + @NonNull Configuration config); + + /** + * Determines whether to accept a received server host key. + * + * @param connectAddress + * IP address the session tried to connect to + * @param remoteAddress + * IP address as reported for the remote end point + * @param serverKey + * received from the remote end + * @param config + * giving access to potentially interesting configuration + * settings + * @param provider + * for interacting with the user, if required; may be + * {@code null} + * @return {@code true} if the serverKey is accepted, {@code false} + * otherwise + */ + boolean accept(@NonNull String connectAddress, + @NonNull InetSocketAddress remoteAddress, + @NonNull PublicKey serverKey, + @NonNull Configuration config, CredentialsProvider provider); + + /** + * A simple provider for ssh config settings related to host key checking. + * An instance is created by the JGit sshd framework and passed into + * {@link ServerKeyDatabase#lookup(String, InetSocketAddress, Configuration)} + * and + * {@link ServerKeyDatabase#accept(String, InetSocketAddress, PublicKey, Configuration, CredentialsProvider)}. + */ + interface Configuration { + + /** + * Retrieves the list of file names from the "UserKnownHostsFile" ssh + * config. + * + * @return the list as configured, with ~ already replaced + */ + List<String> getUserKnownHostsFiles(); + + /** + * Retrieves the list of file names from the "GlobalKnownHostsFile" ssh + * config. + * + * @return the list as configured, with ~ already replaced + */ + List<String> getGlobalKnownHostsFiles(); + + /** + * The possible values for the "StrictHostKeyChecking" ssh config. + */ + enum StrictHostKeyChecking { + /** + * "ask"; default: ask the user whether to accept (and store) a new + * or mismatched key. + */ + ASK, + /** + * "yes", "on": never accept new or mismatched keys. + */ + REQUIRE_MATCH, + /** + * "no", "off": always accept new or mismatched keys. + */ + ACCEPT_ANY, + /** + * "accept-new": accept new keys, but never accept modified keys. + */ + ACCEPT_NEW + } + + /** + * Obtains the value of the "StrictHostKeyChecking" ssh config. + * + * @return the {@link StrictHostKeyChecking} + */ + @NonNull + StrictHostKeyChecking getStrictHostKeyChecking(); + + /** + * Obtains the value of the "HashKnownHosts" ssh config. + * + * @return {@code true} if new entries should be stored with hashed host + * information, {@code false} otherwise + */ + boolean getHashKnownHosts(); + + /** + * Obtains the user name used in the connection attempt. + * + * @return the user name + */ + @NonNull + String getUsername(); + } +} diff --git a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java index 90dc8ca500..3460185d84 100644 --- a/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java +++ b/org.eclipse.jgit.ssh.apache/src/org/eclipse/jgit/transport/sshd/SshdSessionFactory.java @@ -1,5 +1,5 @@ /* - * Copyright (C) 2018, Thomas Wolf <thomas.wolf@paranor.ch> + * Copyright (C) 2018, 2019 Thomas Wolf <thomas.wolf@paranor.ch> * and other copyright owners as documented in the project's IP log. * * This program and the accompanying materials are made available @@ -66,7 +66,6 @@ import org.apache.sshd.client.auth.UserAuth; import org.apache.sshd.client.auth.keyboard.UserAuthKeyboardInteractiveFactory; import org.apache.sshd.client.auth.pubkey.UserAuthPublicKeyFactory; import org.apache.sshd.client.config.hosts.HostConfigEntryResolver; -import org.apache.sshd.client.keyverifier.ServerKeyVerifier; import org.apache.sshd.common.NamedFactory; import org.apache.sshd.common.compression.BuiltinCompressions; import org.apache.sshd.common.config.keys.FilePasswordProvider; @@ -77,10 +76,11 @@ import org.eclipse.jgit.errors.TransportException; import org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider; import org.eclipse.jgit.internal.transport.sshd.GssApiWithMicAuthFactory; import org.eclipse.jgit.internal.transport.sshd.JGitPasswordAuthFactory; +import org.eclipse.jgit.internal.transport.sshd.JGitServerKeyVerifier; import org.eclipse.jgit.internal.transport.sshd.JGitSshClient; import org.eclipse.jgit.internal.transport.sshd.JGitSshConfig; import org.eclipse.jgit.internal.transport.sshd.JGitUserInteraction; -import org.eclipse.jgit.internal.transport.sshd.OpenSshServerKeyVerifier; +import org.eclipse.jgit.internal.transport.sshd.OpenSshServerKeyDatabase; import org.eclipse.jgit.internal.transport.sshd.PasswordProviderWrapper; import org.eclipse.jgit.internal.transport.sshd.SshdText; import org.eclipse.jgit.transport.CredentialsProvider; @@ -104,7 +104,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable { private final Map<Tuple, HostConfigEntryResolver> defaultHostConfigEntryResolver = new ConcurrentHashMap<>(); - private final Map<Tuple, ServerKeyVerifier> defaultServerKeyVerifier = new ConcurrentHashMap<>(); + private final Map<Tuple, ServerKeyDatabase> defaultServerKeyDatabase = new ConcurrentHashMap<>(); private final Map<Tuple, Iterable<KeyPair>> defaultKeys = new ConcurrentHashMap<>(); @@ -226,7 +226,8 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable { .filePasswordProvider( createFilePasswordProvider(passphrases)) .hostConfigEntryResolver(configFile) - .serverKeyVerifier(getServerKeyVerifier(home, sshDir)) + .serverKeyVerifier(new JGitServerKeyVerifier( + getServerKeyDatabase(home, sshDir))) .compressionFactories( new ArrayList<>(BuiltinCompressions.VALUES)) .build(); @@ -360,34 +361,48 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable { @NonNull File homeDir, @NonNull File sshDir) { return defaultHostConfigEntryResolver.computeIfAbsent( new Tuple(new Object[] { homeDir, sshDir }), - t -> new JGitSshConfig(homeDir, - new File(sshDir, SshConstants.CONFIG), + t -> new JGitSshConfig(homeDir, getSshConfig(sshDir), getLocalUserName())); } /** - * Obtain a {@link ServerKeyVerifier} to read known_hosts files and to - * verify server host keys. The default implementation returns a - * {@link ServerKeyVerifier} that recognizes the two openssh standard files - * {@code ~/.ssh/known_hosts} and {@code ~/.ssh/known_hosts2} as well as any - * files configured via the {@code UserKnownHostsFile} option in the ssh - * config file. + * Determines the ssh config file. The default implementation returns + * ~/.ssh/config. If the file does not exist and is created later it will be + * picked up. To not use a config file at all, return {@code null}. + * + * @param sshDir + * representing ~/.ssh/ + * @return the file (need not exist), or {@code null} if no config file + * shall be used + * @since 5.5 + */ + protected File getSshConfig(@NonNull File sshDir) { + return new File(sshDir, SshConstants.CONFIG); + } + + /** + * Obtain a {@link ServerKeyDatabase} to verify server host keys. The + * default implementation returns a {@link ServerKeyDatabase} that + * recognizes the two openssh standard files {@code ~/.ssh/known_hosts} and + * {@code ~/.ssh/known_hosts2} as well as any files configured via the + * {@code UserKnownHostsFile} option in the ssh config file. * * @param homeDir * home directory to use for ~ replacement * @param sshDir * representing ~/.ssh/ - * @return the resolver + * @return the {@link ServerKeyDatabase} + * @since 5.5 */ @NonNull - private ServerKeyVerifier getServerKeyVerifier(@NonNull File homeDir, + protected ServerKeyDatabase getServerKeyDatabase(@NonNull File homeDir, @NonNull File sshDir) { - return defaultServerKeyVerifier.computeIfAbsent( + return defaultServerKeyDatabase.computeIfAbsent( new Tuple(new Object[] { homeDir, sshDir }), - t -> new OpenSshServerKeyVerifier(true, + t -> new OpenSshServerKeyDatabase(true, getDefaultKnownHostsFiles(sshDir))); - } + } /** * Gets the list of default user known hosts files. The default returns * ~/.ssh/known_hosts and ~/.ssh/known_hosts2. The ssh config @@ -540,7 +555,7 @@ public class SshdSessionFactory extends SshSessionFactory implements Closeable { * the ssh config defines {@code PreferredAuthentications} the value from * the ssh config takes precedence. * - * @return a comma-separated list of algorithm names, or {@code null} if + * @return a comma-separated list of mechanism names, or {@code null} if * none */ protected String getDefaultPreferredAuthentications() { |